summaryrefslogtreecommitdiffstats
path: root/source3/passdb
Commit message (Collapse)AuthorAgeFilesLines
* passdb: Cache output from pdb_[ug]id_to_sidVolker Lendecke2015-01-071-0/+14
| | | | | | | | | | | | | A customer complained that after upgrading to Samba 4.0 fileserver its LDAP server was flooded with uid2sid and gid2sid request for id 0. With 4.0 we do a lot more user-space ACL checking which involves uid2sid/gid2sid. This caches the corresponding results. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Jan 7 12:00:10 CET 2015 on sn-devel-104
* s3:passdb: fix logic in pdb_set_pw_history()Stefan Metzmacher2015-01-051-7/+8
| | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10940 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Jan 5 16:51:30 CET 2015 on sn-devel-104
* s3:pdb_samba_dsdb: use SEC_CHAN_DNS_DOMAIN in ↵Stefan Metzmacher2014-12-191-6/+33
| | | | | | | | | | | | pdb_samba_dsdb_get_trusteddom_creds() If both ends have a dns domain, we can use SEC_CHAN_DNS_DOMAIN in order to match a Windows DC. For kerberos we still need to use MY_NETBIOS_DOMAIN$@REMOTE_REALM. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:pdb_samba_dsdb: add pdb_samba_dsdb_get_trusteddom_credsStefan Metzmacher2014-12-191-1/+225
| | | | | | | | | | We have the password as raw UTF16 blob, which might not be valid utf16, so we need to use cli_credentials_set_utf16_password(). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:passdb: let pdb_get_trust_credentials() try pdb_get_trusteddom_creds() firstStefan Metzmacher2014-12-181-21/+44
| | | | | | | | | | | | | NT_STATUS_NOT_IMPLEMENTED lets it fallback to the old get_trust_pw_clear2() code. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Dec 18 06:46:05 CET 2014 on sn-devel-104
* s3:passdb: add optional get_trusteddom_creds() hooksStefan Metzmacher2014-12-182-0/+330
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* pdb: Increase version number to fix ABIGarming Sam2014-12-031-0/+312
| | | | | | | | | | | | | In the process, we can also rename pdb to avoid conflicts with libpdb. We don't depend directly on pdb to avoid duplicate symbols. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10355 Change-Id: I4df6ba2f4ce35d3718dc4198b527cca46a139efe Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* idmap: unify passdb *id_to_sid methodsGarming Sam2014-12-036-75/+101
| | | | | | | | | | | | | | | Instead of passing down gid or uid, a pointer to a unixid is now sent down. This acts as an in-out variable so that the idmap functions can correctly receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing the cache to store ID_TYPE_UID or ID_TYPE_GID. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10720 Change-Id: I11409a0f498e61a3c0a6ae606dd7af1135e6b066 Pair-programmed-with: Andrew Bartlett <abarlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:passdb: avoid invalid pointer type warnings in pdb_wbc_sam.cStefan Metzmacher2014-11-251-6/+13
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:passdb: always copy the history in pdb_set_plaintext_passwd()Stefan Metzmacher2014-11-251-19/+14
| | | | | | | | We should not write to memory marked as const (returned from pdb_get_pw_history())! Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* pdb_tdb: Avoid a nasty error message with ctdbVolker Lendecke2014-11-111-0/+6
| | | | | | | | | | ctdb gives us 0-sized records for deleted passdb entries Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Tue Nov 11 16:19:37 CET 2014 on sn-devel-104
* pdb_tdb: Fix a TALLOC/SAFE_FREE mixupVolker Lendecke2014-11-111-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* pdb_tdb: don't leak state_path onto talloc tosDavid Disseldorp2014-11-031-2/+8
| | | | | | | Also check for allocation failures. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* account_pol: don't leak state_path onto talloc tosDavid Disseldorp2014-11-031-2/+10
| | | | | | | Also check for allocation failures. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* passdb: Use common code in cli_credentials_set_machine_account_db_ctx()Andrew Bartlett2014-10-171-16/+50
| | | | | | | | | | | | | | | | | | This avoids some duplication in setting the machine account passsword for the domain member and DC case. This does not yet remove the duplication, that requires a bigger restructure of the various routines used here to obtain the machine and domain trust secrets. Also no longer used is the timeout/2 code to not set the previous password. It is now always passed to the caller. Andrew Bartlett Change-Id: Idd5bafedf4cbac30b174955d743ec4128a6902ee Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:passdb: add pdb_get_trust_credentials()Stefan Metzmacher2014-09-273-22/+556
| | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
* passdb: Use talloc_zero_arrayVolker Lendecke2014-09-201-3/+2
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net> Autobuild-User(master): Martin Schwenke <martins@samba.org> Autobuild-Date(master): Sat Sep 20 08:29:31 CEST 2014 on sn-devel-104
* passdb: Avoid use-after-free when setting a plaintext passwordAndrew Bartlett2014-09-081-2/+3
| | | | | | | | | | | | | | The issue here is that pdb_set_plaintext_passwd() re-used the memory from pdb_get_pw_history() as input We need to free this after we copy and set it. Found by AddressSanitizer Andrew Bartlett Change-Id: I4e148e23ccbbe5444c969ff8f91709791c7696bb Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
* passdb: Use sam_get_results_trust() and implement ↵Andrew Bartlett2014-09-011-1/+124
| | | | | | | | | | | | | pdb_samba_dsdb_get_trusteddom_pw We now return the plaintext passwords for trusted domains so winbindd can use them. Change-Id: Ifcd59b0be815d25b73bdbc41db7477895461c7b6 Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
* passdb: fix NT_STATUS_NO_SUCH_GROUPArvid Requate2014-08-251-2/+2
| | | | | | | | | | | | | | | | Share options like "force group" and "valid users = @group1" triggered a NT_STATUS_NO_SUCH_GROUP. While the group was found in the SAM backend, its objectclass was not retrived. This fix also revealed a talloc access after free in the group branch of pdb_samba_dsdb_getgrfilter. [Bug 9570] Access failure for shares with "force group" or "valid users = @group" https://bugzilla.samba.org/show_bug.cgi?id=9570 Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Don't discard result of checking grouptypeRoel van Meer2014-08-231-2/+0
| | | | | | | | | | | | | | The pdb_samba_dsdb_getgrfilter() function first determines the security type of a group and sets map->sid_name_use accordingly. A little later, this variable is set again, undoing the previous work. https://bugzilla.samba.org/show_bug.cgi?id=10777 Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo Sorce <idra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Aug 23 02:48:52 CEST 2014 on sn-devel-104
* passdb: add missing newline to debug message in get_primary_group_sid()Justin Maggard2014-08-091-1/+1
| | | | | | | | | Signed-off-by: Justin Maggard <jmaggard@netgear.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Sat Aug 9 00:44:06 CEST 2014 on sn-devel-104
* lib/util: move memcache.[ch] to the toplevel 'samba-util' libraryStefan Metzmacher2014-07-182-2/+2
| | | | | | | | | | This is generic enough that it could be used in all code. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Jul 18 15:43:33 CEST 2014 on sn-devel-104
* dsdb: Always store and return the userParameters as a array of LE 16-bit valuesAndrew Bartlett2014-07-091-5/+26
| | | | | | | | | | | | | | | This is not allowed to be odd length, as otherwise we can not send it over the SAMR transport correctly. Allocating one byte less memory than required causes malloc() heap corruption and then a crash or lockup of the SAMR server. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10130 Change-Id: I5c0c531c1d660141e07f884a4789ebe11c1716f6 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* secrets: Ensure we store the secureChannelType when written to secrets.ldbAndrew Bartlett2014-07-041-7/+19
| | | | | | | | | This will allow winbindd to know when we are an RODC without needing to dig into sam.ldb. Change-Id: Ibdfa37fe6269305ccc5db42479f4a8db5eea53f3 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
* passdb: Allow a passdb module to do idmap for everythingAndrew Bartlett2014-06-163-0/+333
| | | | | | | | | | | | | | | | | | | | | This patch seems odd, but the pdb_samba_dsdb module has exactly this semantics. That is, the pdb_samba_dsdb is responsible for all IDMAP values, due to backing on to the idmap.ldb allocator. This option is added so we can continue to support the mappings written into that database even when switching winbindd implementations - the source4/ winbind code would only ask the idmap_ldb code, no matter what the SID. Almost all of the behaviour for this is already in winbindd, but we need this extra flag function so as to avoid (currently intentional) errors at startup due to not having a per-domain allocation configured in the smb.conf. Andrew Bartlett Change-Id: I6b0d7a1463fe28dfd36715af0285911ecc07585c Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
* passdb: Do not routinely clear the global memory returned by ↵Andrew Bartlett2014-06-112-15/+41
| | | | | | | | | | | | get_global_sam_sid() This avoids use-after-free errors and tdb database churn. Andrew Bartlett Change-Id: If7ab2e24556d9dffc7ad22c0489d665dd75a0cab Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
* Fix several talloc stack frames not freedSamuel Cabrero2014-05-301-0/+8
| | | | | | | | | Signed-off-by: Samuel Cabrero <scabrero@zentyal.com> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date(master): Fri May 30 15:29:29 CEST 2014 on sn-devel-104
* s3:passdb: improve a debug message in pdb_default_sid_to_id()Michael Adam2014-05-031-1/+4
| | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:passdb: fix and improve debug message in pdb_default_sid_to_id().Michael Adam2014-05-031-1/+2
| | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3: Always cache idmapping results of pdb backend.Alexander Werth2014-05-032-17/+33
| | | | | | | | | | | And don't cache in the pdb_ldap module on the id_to_sid calls. Signed-off-by: Alexander Werth <alexander.werth@de.ibm.com> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Sat May 3 04:14:05 CEST 2014 on sn-devel-104
* lib-util: rename memdup to smb_memdup and fix all callersBjörn Baumbach2014-04-161-1/+1
| | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Volker Lendecke <vl@samba.org>
* dsdb: Rework samdb_result_acct_flags to use either userAccountControl or ↵Andrew Bartlett2014-04-021-6/+5
| | | | | | | | | | | | | | | | msDS-User-Account-Control-Computed This allows us to avoid the domain lookup in the constructed attribute when not required. By using msDS-User-Account-Control-Computed the lockout and password expiry checks are now handled in the operational ldb module. Andrew Bartlett Change-Id: I6eb94933e4602e2e50c2126062e9dfa83a46191b Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Remove a number of NT_STATUS_HAVE_NO_MEMORY_AND_FREE macros from the codebase.Garming Sam2014-03-051-6/+24
| | | | | | | | | | | Following the current coding guidelines, it is considered bad practice to return from within a macro and change control flow as they look like normal function calls. Change-Id: I133eb5a699757ae57b87d3bd3ebbcf5b556b0268 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* passdb: spare superfluous call to lookup_rids() in lookup_sids()Michael Adam2014-02-251-7/+12
| | | | | | | | | | | | | | If we have no name indexes for a domain, all names were domain names and have been resolved earlier, including the domain name. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463 Change-Id: I5a7a387fa89d2b2bdd465c13b3dca0e18ca0482c Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Feb 25 11:17:18 CET 2014 on sn-devel-104
* s3:passdb: Fix the use of uninitialized scalar variable.Poornima Gurusiddaiah2014-02-241-8/+2
| | | | | | | | Coverity-id: 1107228,1107227 Signed-off-by: Poornima Gurusiddaiah <pgurusid@redhat.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* passdb: Patch memory leak in pdb_ldap.cJose A. Rivera2014-02-211-4/+6
| | | | | | | | | | | | | Moved the call to the talloc autofree function to as early a point as possible. init_ldap_from_sam() already calls smbldap_set_mod(), and there's a chance that the init will fail after having already allocated memory for &mods. Coverity-Id: 1167997 Change-Id: Ic26bfb3c530f90aa885e447b8409deba49708d64 Reviewed-by: Ira Cooper <ira@samba.org> Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> Reviewed-by: Simo Sorce <idra@samba.org>
* param: rename lp function and variable from "renameuser_script" to ↵Garming Sam2014-02-073-4/+4
| | | | | | | | "rename_user_script" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "deluser_script" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "delete_user_script" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "adduser_script" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "add_user_script" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "addmachine_script" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "add_machine_script" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from 'guestaccount' to 'guest_account'Garming Sam2014-02-073-5/+5
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dbwrap: add a dbwrap_flags argument to db_open()Michael Adam2014-02-073-6/+6
| | | | | | | | | | This is in preparation to support handing flags to backends, in particular activating read only record support for ctdb databases. For a start, this does nothing but adding the parameter, and all databases use DBWRAP_FLAG_NONE. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-lib: Add winbind_lookup_usersids().Andreas Schneider2014-02-051-0/+311
| | | | | | | Pair-Programmed-With: Guenther Deschner <gd@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-passdb: Fix string duplication to pointers.Andreas Schneider2014-01-091-2/+12
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jan 9 22:35:25 CET 2014 on sn-devel-104
* samba:python - Py_RETURN_NONE remove compatibility code for releases < 2.4Matthias Dieter Wallnöfer2014-01-091-4/+0
| | | | | | | | | http://www.python.org/doc//current/c-api/none.html Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date(master): Thu Jan 9 16:27:47 CET 2014 on sn-devel-104
* s3-lib: Add grpname to talloc_sub_specified().Andreas Schneider2013-11-212-7/+25
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* build: get rid of source strings from source3/passdb/wscript_buildMichael Adam2013-09-241-9/+4
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* lib: Use "mem_ctx" arg in gencache_getVolker Lendecke2013-09-051-2/+2
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Sep 5 20:09:21 CEST 2013 on sn-devel-104
* lib: Add a "mem_ctx" arg to gencache_get (unused so far)Volker Lendecke2013-09-051-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
generated by cgit (git 2.34.1) at 2024-09-29 18:15:15 +0000