summaryrefslogtreecommitdiffstats
path: root/source/passdb
Commit message (Collapse)AuthorAgeFilesLines
* Fix bug #6035 - Possible race between fcntl F_SETLKW and alarm delivery.Jeremy Allison2009-01-141-1/+1
| | | | Jeremy.
* Use machine account and machine password from our domain whenSteven Danneman2008-05-231-3/+4
| | | | contacting trusted domains.
* Fix bug 4901Volker Lendecke2008-03-141-3/+8
| | | | Thanks to Laurent Pinchart for bugging me
* Change ldap search filter. This function is also used to search machine ↵Karolin Seeger2008-02-191-3/+3
| | | | | | accounts which may be located in a different ou. Karolin
* Fix for bug #5163 from Laurent Pinchart <pinchart@skynet.be>Jeremy Allison2008-01-021-0/+4
| | | | | Failure to change password in ldap is mapped to NT_STATUS_UNSUCCESSFUL unconditionally. Jeremy.
* Fix another segfault.Michael Adam2007-12-191-1/+3
| | | | Michael
* Pass NULL instead of unneeded &sid: secrets_fetch_trusted_domain_password() ↵Michael Adam2007-12-191-2/+1
| | | | | | checks. Michael
* Rename get_trust_pw() to get_trust_pw_hash().Michael Adam2007-12-191-2/+2
| | | | Michael
* Export logic of get_trust_pw() to new function get_trust_pw_clear().Michael Adam2007-12-191-12/+57
| | | | | | | | | get_trust_pw() just now computes the md4 hash of the result of get_trust_pw_clear() if that was successful. As a last resort, in the non-trusted-domain-situation, get_trust_pw() now tries to directly obtain the hashed version of the password out of secrets.tdb. Michael
* Refactor the lagacy part of secrets_fetch_trust_account_password() outMichael Adam2007-12-191-13/+31
| | | | | | | | into a new function secrets_fetch_trust_account_password_legacy() that does only try to obtain the hashed version of the machine password directly from secrets.tdb. Michael
* Let get_trust_pw() determine the machine_account_name to use.Michael Adam2007-12-191-2/+14
| | | | | | | | | | | | | | | | | Up to now each caller used its own logic. This eliminates code paths where there was a special treatment of the following situation: the domain given is not our workgroup (i.e. our own domain) and we are not a DC (i.e. it is not a typical trusted domain situation). In situation the given domain name was previously used as the machine account name, resulting in an account name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me. get_trust_pw would not have obtained a password in this situation anyways. I hope I have not missed an important point here! Michael
* Remove silly amounts of trailing white spaces.Michael Adam2007-12-191-6/+6
| | | | Michael
* Remove two unneeded functions.Michael Adam2007-12-191-23/+0
| | | | | | | | | secrets_store_trust_account_password() and trust_password_delete() are the write access functions to the SECRETS/$MACHINE.ACC/domain keys in secrets.tdb, the md4 hashed machine passwords. These are not used any more: Current code always writes the clear text password. Michael
* Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames.Michael Adam2007-12-121-14/+32
| | | | | | | | | This is a first patch aimed at fixing bug #4801. It is still incomplete in that winbindd does not walk the the trusted domains to lookup unqualified names here. Apart from that this fix should be pretty much complete. Michael
* [GLUE] Rsync SAMBA_3_0 SVN r25598 in order to create the v3-0-test branch.samba-misc-tags/initial-v3-0-testGerald (Jerry) Carter2007-10-1010-318/+233
|
* r23688: Fix bug #4759 reported by Raul <ismell@ismell.org>.Jeremy Allison2007-10-101-1/+1
| | | | | "N" is not a valid format entry for ber_printf, should be "n" Jeremy.
* r23630: Found out what LSA_LOOKUP_NAMES level 5 means:Günther Deschner2007-10-101-1/+1
| | | | | | only query transitive forest trusts. Guenther
* r23510: Tidy calls to smb_panic by removing trailing newlines. Print theJames Peach2007-10-102-2/+2
| | | | failed expression in SMB_ASSERT.
* r23244: Fix loop with nscd and NSS recusive calls.Gerald Carter2007-10-101-4/+4
| | | | | | | | | | | | | | | | | | | | | | | > Here's the problem I hit: > > getgrnam("foo") -> nscd -> NSS -> winbindd -> > winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() -> > getgrnam("foo") -> nscd -> .... > > This is in the SAMBA_3_0 specifically but in theory could happen > SAMBA_3_0_25 (or 26) for an unknown group. > > The attached patch passes down enough state for the > name_to_sid() call to be able to determine the originating > winbindd cmd that came into the parent. So we can avoid > making more NSS calls if the original call came in trough NSS > so we don't deadlock ? But you should still service > lookupname() calls which are needed for example when > doing the token access checks for a "valid groups" from > smb.conf. > > I've got this in testing now. The problem has shown up with the > DsProvider on OS X and with nscd on SOlaris and Linux.
* r23194: cherry pick two fixes from SAMBA_3_0_26Gerald Carter2007-10-102-6/+10
| | | | | * strptime() failure check * make legcacy sid/uid/gid calls static
* r23192: Remove fallback to looking up group mappings by theGerald Carter2007-10-101-17/+1
| | | | Unix name after discussion with Simo.
* r23051: sid_to_[ug]id fixes for smbdSimo Sorce2007-10-101-12/+26
|
* r23046: Few missing merges from cleaning out the Centeris winbindd tree.Gerald Carter2007-10-101-1/+1
| | | | Nothing of major interest. Will fix a few problems with one way trusts.
* r23005: If we're running on a system where time_t is 8 bytesJeremy Allison2007-10-101-16/+16
| | | | | | | | we have to take care to preserve the "special" values for Windows of 0x80000000 and 0x7FFFFFFF when casting between time_t and uint32. Add conversion functions (and use them). Jeremy.
* r22977: Trim noise by removing redundant WARNING log message thatGerald Carter2007-10-101-4/+0
| | | | | would flood at log level 2. We know when we're using the legacy mapping code anyways since it will log an informative msg.
* r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; andVolker Lendecke2007-10-101-2/+2
| | | | replace all data_blob(NULL, 0) calls.
* r22786: Some cleanup by Karolin Seeger: Remove unused pdb_find_alias, and changeVolker Lendecke2007-10-101-14/+6
| | | | | | return values of some alias-releated pdb functions from BOOL to NTSTATUS Thanks :-)
* r22767: Argl. Typed in 'svn ci' in the wrong branch. Revert.Volker Lendecke2007-10-101-6/+13
|
* r22766: Merge from 3_0:Volker Lendecke2007-10-101-13/+6
| | | | | | | | r22412 | obnox | 2007-04-20 14:23:36 +0200 (Fr, 20 Apr 2007) | 5 lines Add a "deletelocalgroup" subcommand to net sam. Thanks to Karolin Seeger <ks@sernet.de>.
* r22631: Remove the possibility of sid_check_is_domain andJames Peach2007-10-101-2/+1
| | | | sid_check_is_in_our_domain getting out of sync.
* r22613: Fix an uninitialized variable warningVolker Lendecke2007-10-101-1/+1
|
* r22589: Make TALLOC_ARRAY consistent across all uses.Jeremy Allison2007-10-101-9/+27
| | | | Jeremy.
* r22125: Fix a warningVolker Lendecke2007-10-101-1/+1
|
* r22096: become_root_uid_only() is unneeded - it's only used inJeremy Allison2007-10-102-16/+16
| | | | | | messages.c. Refactor to use become_root() instead and make it local to messages.c Jeremy.
* r22066: Ensure that winbind can resolve SIDs in the S-1-22-{1,2}Gerald Carter2007-10-101-1/+21
| | | | domain to a uid.gid using the idmap_passdb backend.
* r22009: change TDB_DATA from char * to unsigned char *Stefan Metzmacher2007-10-104-27/+28
| | | | | | and fix all compiler warnings in the users metze
* r22001: change prototype of dump_data(), so that it takes unsigned char * now,Stefan Metzmacher2007-10-101-1/+1
| | | | | | | | which matches what samba4 has. also fix all the callers to prevent compiler warnings metze
* r21983: make use of tdb_*_bystring() and string_term_tdb_data()Stefan Metzmacher2007-10-101-27/+25
| | | | | | to avoid creating the TDB_DATA struct from strings "by hand" metze
* r21982: make use of tdb_*_bystring() and string_term_tdb_data()Stefan Metzmacher2007-10-101-29/+12
| | | | | | to avoid creating the TDB_DATA struct from strings "by hand" metze
* r21981: as we use tdb_trans_store(), we should also use tdb_trans_delete()Stefan Metzmacher2007-10-101-1/+1
| | | | metze
* r21954: Someone misused a '!' instead of a '~' for a binary NOTJeremy Allison2007-10-101-1/+1
| | | | | command. Jerry, Simo, please check. Jeremy.
* r21881: Make sure we are very specific when testing whether a backand can ↵James Peach2007-10-101-1/+2
| | | | | | | | | handle a particular SID. Make sure that the passdb backend will accept the same set range of local SIDs that the idmap system sends it. Simo, Jerry - this is a 3_0_25 candidate. Can you please review?
* r21853: Fix a valgrind errorVolker Lendecke2007-10-101-0/+5
|
* r21831: Back out r21823 for a while, this is going into a bzr tree first.Volker Lendecke2007-10-101-20/+1
| | | | Volker
* r21823: Let secrets_store_machine_password() also store the account name. ↵Volker Lendecke2007-10-101-1/+20
| | | | | | | | | Not used yet, the next step will be a secrets_fetch_machine_account() function that also pulls the account name to be used in the appropriate places. Volker
* r21819: Wrap all steps in secrets_store_machine_password into one singleVolker Lendecke2007-10-101-12/+50
| | | | | | transaction. Succeed all or store nothing. Volker
* r21818: Remove some unused codeVolker Lendecke2007-10-101-23/+0
|
* r21784: Replace smb_register_idle_event() with event_add_timed(). This fixes ↵Volker Lendecke2007-10-102-3/+22
| | | | | | | | winbind who did not run the idle events to drop ldap connections. Volker
* r21782: Fix a memleakVolker Lendecke2007-10-101-0/+1
|
* r21738: Remove unused file.James Peach2007-10-101-80/+0
|
generated by cgit (git 2.34.1) at 2025-08-28 23:42:32 +0000