summaryrefslogtreecommitdiffstats
path: root/source3/passdb
Commit message (Collapse)AuthorAgeFilesLines
...
* s3-lib: Add grpname to talloc_sub_specified().Andreas Schneider2013-11-212-7/+25
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* build: get rid of source strings from source3/passdb/wscript_buildMichael Adam2013-09-241-9/+4
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* lib: Use "mem_ctx" arg in gencache_getVolker Lendecke2013-09-051-2/+2
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Sep 5 20:09:21 CEST 2013 on sn-devel-104
* lib: Add a "mem_ctx" arg to gencache_get (unused so far)Volker Lendecke2013-09-051-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:passdb/pdb_util make pdb_create_builtin consider whether backend deals ↵Christian Ambach2013-06-211-4/+33
| | | | | | | | | | | | | | | | | | with BUILTIN when creating a BUILTIN group, make the strategy dependent on passdb backend behavior 1. if passdb is responsible for BUILTIN (normal case), call pdb_create_builtin_alias with gid=0 argument so it asks winbindd for a gid to be used 2. if passdb is not responsible, ask for a mapping for the group first and let pdb_create_builtin_alias create the mapping based on the gid that was determined in the mapping request Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Jun 21 12:49:10 CEST 2013 on sn-devel-104
* s3:passdb add a gid argument to pdb_create_builtin_aliasChristian Ambach2013-06-212-2/+2
| | | | | | | | make it possible to skip the allocation of a new gid from winbind by specifying the gid to be used Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:passdb expose pdb_create_builtin functionChristian Ambach2013-06-212-3/+4
| | | | | | | | this one first tries to map the principal before allocating a new gid Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:passdb/pdb_tdb add parameter to control handling of BUILTINChristian Ambach2013-06-211-0/+10
| | | | | | | | | with tdbsam:map builtin, one can control if tdbsam should be used to map entries from BUILTIN or not. By default, they will be mapped (as in older releases) Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:passdb/pdb_ldap remove an unnecessary checkChristian Ambach2013-06-211-4/+0
| | | | | | | | | | | as general passdb code already verifies for which idmap domains the module is responsible, requests for other domains should not come in here any more Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:passdb/pdb_ldap make the module handle well-knownChristian Ambach2013-06-211-0/+7
| | | | | | | overwrite the passdb defaults and let this module handle well-knowns Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:passdb make pdb_sid_to_id honor backend responsibilitiesChristian Ambach2013-06-211-0/+7
| | | | | | | | | only ask passdb backend for mapping if it is responsible Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:passdb/pdb_samba_dsdb make the module handle well-knownChristian Ambach2013-06-211-0/+7
| | | | | | | overwrite the passdb defaults and let this module handle well-knowns Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:passdb add pdb_*_is_responsible_for* functionsChristian Ambach2013-06-212-0/+79
| | | | | | | | | | | | | allows PDB modules to specify for which special domains they are responsible when it comes to SID->xid conversion By default, passdb modules will be responsible for local BUILTIN, local SAM and Unix Users/Groups Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:passdb/samba_dsdb fix some compiler warningsChristian Ambach2013-06-211-2/+2
| | | | | | | about gids and group_sids being potentially uninitialized Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:passdb/samba_dsdb fix a compiler warningChristian Ambach2013-06-211-1/+1
| | | | | | | about discarding const modifier Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* passdb-machine_account_secrets: Remove #if SAMBA_BUILD_ == 4 now we only ↵Andrew Bartlett2013-05-282-10/+0
| | | | | | | | have the waf build Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* pdb_ldap: Do not skip accounts without a sambaAcctFlags valueAndrew Bartlett2013-05-161-4/+4
| | | | | | | | | | | | | We allow this to mean a sambaAcctFlags value of zero in other parts of the code and by allowing these users to show up in a search, we can read and correct them during the classicupgrade, rather than not know they exist at all. Most parts of the code do not look for ACB_NORMAL, which is why these users appear to work. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* PASSDB: add support to set and enumerate UPN suffixes associated with our forestAlexander Bokovoy2013-04-092-0/+38
| | | | | | | | | | | | | | | | Samba PDC may manage a forest containing DNS domains in addition to the primary one. Information about them is advertised via netr_DsRGetForestTrustInformation when trusted_domain_name is NULL, according to MS-NRPC and MS-LSAD, and via netr_GetForestTrustInformation. This changeset only expands PASSDB API; how suffixes are maintained is left to specific PDB modules. Set function is added so that suffixes could be managed through 'net' and other Samba utilities, if possible. One possible implementation is available for ipasam module in FreeIPA: http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cc56723151c9ebf58d891e85617319d861af14a4 Reviewed-by: Andreas Schneider <asn@samba.org>
* pdb: Fix array overrun by one.Andreas Schneider2013-02-221-3/+4
| | | | Reviewed-by: Alexander Bokovoy <ab@samba.org>
* ntdb: switch between secrets.tdb and secrets.ntdb depending on 'use ntdb'Rusty Russell2013-02-202-5/+5
| | | | | | | | | | | Since we open with dbwrap, it auto-converts old tdbs (which it will rename to secrets.tdb.bak once it's done). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date(master): Wed Feb 20 07:09:19 CET 2013 on sn-devel-104
* Rename pdb_ldap to pdb_ldapsamAndreas Schneider2013-02-065-12/+16
| | | | | | | This patch moves pdb_ldap to pdb_ldapsam unconditionally and makes possible to load ldapsam.so dynamically Reviewed-by: Alexander Bokovoy <ab@samba.org>
* waf: Fix pdb_ldap which cannot be built as a module.Andreas Schneider2013-01-231-2/+4
| | | | | | | | | | | The module has two init functions, pdb_ldap_init() and pdb_ldapsam_init(). As a shared module only one can be found until we create a symlink. Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jan 23 10:51:59 CET 2013 on sn-devel-104
* passdb: Add discard_const_p() to pdb_samba_dsdbAndrew Bartlett2013-01-101-2/+2
| | | | Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:passdb: fix building pdb_ldap as shared moduleMichael Adam2012-12-032-2/+3
| | | | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Dec 3 19:12:29 CET 2012 on sn-devel-104
* s3:passdb: don't look into group mappings in legacy_sid_to_unixid()Michael Adam2012-12-031-28/+1
| | | | | | | The backends (tdbsam and ldapsam) do this. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:passdb:pdb_ldap: treat "Unix User" and "Unix Group" in sid_to_id()Michael Adam2012-12-031-0/+5
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:passdb:pdb_ldap: pre-validate sid with sid_check_object_is_for_passdb()Michael Adam2012-12-031-3/+3
| | | | | | | | | | | instead of sid_check_sid_is_in_our_sam). This allows for builtin sids, wellknown sids and "Unix User" and "Unix Group" domains. This broadens up the check moved here in commit 02e25b2a43ae02205a3412f862a1482d24b70aa4. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:passdb: add sid_check_object_is_for_passdb()Michael Adam2012-12-031-0/+1
| | | | | | | | Variant of sid_check_is_for_passdb() that only checks for objects in the various domains, not for the domain sids themselves. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:passdb: factor pdb_sid_to_id_unix_users_and_groups() out of ↵Michael Adam2012-12-031-16/+32
| | | | | | | | | | pdb_default_sid_to_id() The special treatment of the "Unix User" and "Unix Group" pseudo domains can be reused. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:passdb: don't bail out in pdb_default_sid_to_id() if sid is not in our samMichael Adam2012-12-031-5/+0
| | | | | | | | | | This code treats the own sam, builtin, wellknown, and sids from the "Unix User" and "Unix Group" pseudo-domains. This reverts part of commit 02e25b2a43ae02205a3412f862a1482d24b70aa4. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* build the new sid_check_is_for_passdb() function into passdbMichael Adam2012-12-031-0/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:passdb formatting changesChristian Ambach2012-09-271-7/+7
| | | | fix some trailing whitespace and a typo
* lib/util/charset: We do not use fucntions from wchar.h any moreAndrew Bartlett2012-09-261-1/+0
| | | | | Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Sep 26 02:13:10 CEST 2012 on sn-devel-104
* build: Fix enabled handling for HAVE_LDAP, we need to use bld.CONFIG_SETAndrew Bartlett2012-09-221-1/+1
| | | | | Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Sep 22 09:09:17 CEST 2012 on sn-devel-104
* s3:pdb_ldap remove unused functionChristian Ambach2012-09-221-23/+0
| | | | | Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Sat Sep 22 04:28:37 CEST 2012 on sn-devel-104
* s3: make smbldaphelper subsystem an internal libraryAlexander Bokovoy2012-09-141-7/+0
| | | | | | | | | | | | | | | | | Break pdb_ldap -> smbldaphelper -> pdb -> pdb_ldap loop by making smbldaphelp intentionally underlinked internal library. It means that libsmbldaphelp is not usable unless its user is also linked to libpdb (that is the case for both its users, idmap_ldap and pdb_ldap, already) but gives us a break of the circular dependency in case pdb_ldap statically linked into pdb (default). This should solve case when idmap_ldap and pdb_ldap are dynamically loaded modules Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Fri Sep 14 01:02:21 CEST 2012 on sn-devel-104
* s3: make ldapsam-related functions a smbldaphelper subsystemAlexander Bokovoy2012-09-131-2/+2
| | | | | | | | | | | | | | | Since these functions are used in pdb_ldap and idmap_ldap, and pdb_ldap might be statically linked to libpdb (default), it is better to keep them as separate subsystem to avoid polluting libpdb namespace. This is first step in refactoring libpdb. Right now I cannot move these functions into proper libsmbldaphelper as it uses more of libpdb-included functions and linking pdb_ldap against libsmbldaphelper library would have created a loop if pdb_ldap is included into libpdb. Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Thu Sep 13 17:36:07 CEST 2012 on sn-devel-104
* s3-pdb: filter out more symbols only used in ldapsam internalsAlexander Bokovoy2012-09-121-1/+0
|
* s3-passdb: update abi_match and ignore more statically linked functionsAlexander Bokovoy2012-09-101-10/+0
| | | | | Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Mon Sep 10 16:14:50 CEST 2012 on sn-devel-104
* s3-smbldap: use smbldap_ prefixed functionsAlexander Bokovoy2012-09-073-44/+44
|
* s3-waf: avoid exporting init symbols from statically linked modulesAlexander Bokovoy2012-09-071-0/+317
| | | | | | | | | | | | | | | WAF builds with and without AD DC affect list of statically linked modules that are added into libpdb. This makes impossible to have ABI for libpdb that does not depend on configured features. By making init functions from statically linked modules to have local scope in shared libraries, we avoid unwarranted ABI changes. Additionally, pdb_samba_dsdb imports IDMAP subsystem of source4/ as it is not a shared library. Making its symbols private as well. Finally, in order to have the filtering of symbols work, libpdb has to be public library.
* s3-passdb: convert pdb_ipa to use secrets wrappersAlexander Bokovoy2012-09-071-4/+4
|
* s3-passdb: convert pdb_ldap to use secrets wrappersAlexander Bokovoy2012-09-071-2/+2
|
* s3-passdb: wrap secrets.tdb accessors used by PDB modulesAlexander Bokovoy2012-09-071-0/+34
| | | | | | | | | PDB modules store domain sid and guid in secrets.tdb to cooperate with other parts of smbd. If PDB module is built outside Samba source code it has to be linked against internal libsecrets. Wrap required secrets_* calls to avoid direct linking. libpdb is linked against libsecrets by itself and this is enough.
* Free protect_ids in secret_store_domain_guid() as the caller of ↵Michele Baldessari2012-09-071-0/+2
| | | | | | | | | fetch_secrets() must free the result in order to not leak memory. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Sep 7 04:11:43 CEST 2012 on sn-devel-104
* Free protect_ids in secret_store_domain_sid() as the caller of ↵Michele Baldessari2012-09-051-0/+2
| | | | | | | | | fetch_secrets() must free the result in order to not leak memory. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Sep 5 22:20:45 CEST 2012 on sn-devel-104
* s3: Fix some nonempty blank linesVolker Lendecke2012-09-041-3/+3
| | | | Signed-off-by: Jeremy Allison <jra@samba.org>
* s3-passdb: Rename pdb_samba4 to samba_dsdb and autoconfigure when we are a AD DCAndrew Bartlett2012-09-042-276/+281
| | | | | | | | | | | | | | | | | | | | | | | | | | The name samba_dsdb is not ideal, but it matches the primary ldb module we use, and more importantly it avoids having '4' in the name. We should slowly avoid using the term samba4 in long-term places like the smb.conf because it is confusing to users given we are shipping Samba 4.0 as an AD DC as well as all the other supported roles (domain member/standalone server/classic DC) Additionally, samba4 will be an odd name when we eventually release Samba 5.0! samba4 remains accepted as an alias to ensure existing smb.conf files load, but to allow changes here in the future, we set the value during the smb.conf load, and not during the provision when we are an AD DC. This simplifies the default smb.conf for the vast majority of our users and reduces the number of things listed in smb.conf files that we later have to work around if we wish to change the name/implementation of the passdb glue module again. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Sep 4 04:45:16 CEST 2012 on sn-devel-104
* s3: Remove a shadowing variable declarationVolker Lendecke2012-09-011-2/+0
|
* s3-passdb: Allow reload of the static passdb from pythonAndrew Bartlett2012-08-282-2/+21
| | | | | | This is then used in provision when the passdb backend is forced. Andrew Bartlett
generated by cgit (git 2.34.1) at 2025-09-01 20:00:27 +0000