summaryrefslogtreecommitdiffstats
path: root/source3/passdb
Commit message (Collapse)AuthorAgeFilesLines
* s3: Fix EnumDomainAliases when no aliases are in LDAPVolker Lendecke2010-06-101-6/+4
| | | | | | | | | | | We used to return NT_STATUS_ACCESS_DENIED, now we just return 0 entries, just like W2k8 does. usrmgr.exe was pretty unhappy with the NT_STATUS_ACCESS_DENIED (cherry picked from commit f66cc827096c53d4d16b8c850c83a3b5664e9725) Fix bug #7262 (Unable to maintain users' groups via UsrMgr). (cherry picked from commit 1439a1d7ff406dd5dce885100349751151c14bf6)
* s3:pdb_ldap: fix bug 7507 - init_sam_from_ldap stores group in sid2uid cacheMichael Adam2010-06-101-1/+1
| | | | | (cherry picked from commit ba809ecb8ab217e4376bf75d2300e146b62b88eb) (cherry picked from commit cc740fb5eb56a0875703753d4a116d2fe33ec186)
* s3: Fix bug 5198 -- parse chfn(1)-change gecos fieldVolker Lendecke2010-03-021-1/+34
| | | | | (cherry picked from commit 2ea2d2a81e0666f478c5daf1469c8447a3096e8e) (cherry picked from commit 52a3ebc3a4ec54a427e54fa331251fd495c3c6aa)
* s3:passdb: only use gid_to_sid() result if the result is a group of our ↵Stefan Metzmacher2010-02-111-4/+16
| | | | | | | | | | | | | | local sam Otherwise retry with pdb_gid_to_sid(). metze (cherry picked from commit 4dc2be2264926fe415e4e40e212f94793c9831d1) Last seven patches address bug #7116 (pdb_ldap performance fixes). (cherry picked from commit 8946a47fcebe57f459c59ee2cb163e15901ff996) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:pdb_ldap: don't search for the users primary group, if we already know itStefan Metzmacher2010-02-111-31/+35
| | | | | | | | metze (cherry picked from commit 6753fb1cf6a834b12b2a9dce3b1a9555390c17be) (cherry picked from commit da7cb9feacc7cb84499c73ef463d187a7b2754e8) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches.Stefan Metzmacher2010-02-111-7/+29
| | | | | | | | | | | | | ldapsam_alias_memberships() does the same LDAP search twice, triggered via add_aliases() from create_local_nt_token(). This happens when no domain aliases are used. metze (cherry picked from commit 49ace81e19de231825216cbf07c7422687131bb6) (cherry picked from commit cb31c1df92b195b3fb80b6e21bfba83b8cd867fd) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:pdb_ldap: try to build the full unix_pw structure with ldapsam:trusted ↵Stefan Metzmacher2010-02-111-5/+85
| | | | | | | | | | | | support And also store the gid_to_sid mappings in the idmap_cache. metze (cherry picked from commit 25038fa85ff69962ca0975f31802218a897aa1ec) (cherry picked from commit 66a48d2226d245c373b744c7edea60b3daa57f0f) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:passdb: speed up pdb_get_group_sid()Stefan Metzmacher2010-02-111-5/+28
| | | | | | | | | | | | | | Use the cached version gid_to_sid() instead of pdb_gid_to_sid(). And also avoid the expensive lookup_sid() call for wellkown domain groups. metze (cherry picked from commit e10d0869567436902c8b8cfb50f8c64148d554cb) (cherry picked from commit b0c8ff971934ef8aa21abece8693807e0a2ca722) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3: Make pdb_copy_sam_account also copy the group sidVolker Lendecke2010-02-111-0/+4
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit b99046fed1bf4a908ed856afb17c3c934c6d305d) (cherry picked from commit a1862c23346959cd0aa77653bf488e0686d14376) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3: shortcut gid_to_sid when "ldapsam:trusted = yes"Stefan Metzmacher2010-02-111-0/+72
| | | | | | | | | | | | | | | The normal gid_to_sid behaviour is to call sys_getgrgid() to get the name for the given gid and then call the getsamgrnam passdb method for the resulting name. In the ldapsam:trusted case we can reduce the gid_to_sid operation to one simple search for the gidNumber attribute and only get the sambaSID attribute from the correspoinding LDAP object. This reduces the number of ldap roundtrips for this operation. metze (similar to commit 0fb99386d41241f62312d4bb535976344e5d6492)
* s3: shortcut uid_to_sid when "ldapsam:trusted = yes"Michael Adam2010-02-111-0/+75
| | | | | | | | | | | | | | | | | The normal uid_to_sid behaviour is to call sys_getpwuid() to get the name for the given uid and then call the getsampwnam passdb method for the resulting name. In the ldapsam:trusted case we can reduce the uid_to_sid operation to one simple search for the uidNumber attribute and only get the sambaSID attribute from the correspoinding LDAP object. This reduces the number of ldap roundtrips for this operation. Michael (cherry picked from commit 37dcc8a400ea41fb0a0559c9922cc41ac28ad045) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smbd: also fill the memcache with sid<->id mappings in ldapsam_sid_to_id()Michael Adam2010-02-111-0/+2
| | | | | | | | | not only the persistent idmap cache. Michael (cherry picked from commit ee2565bd461ccfb916c5290c883e5ced3af72141) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smbd: make idmap cache persistent for "ldapsam:trusted".Michael Adam2010-02-111-0/+4
| | | | | | | | | | | | | This stores the mappings found in the idmap cache (which lives inside gencache). This cache is already read in sid_to_Xid() and Xid_to_sid() for ldapsam:trusted, this fills the opposite direction, massively reducing the number of ldap roundtrips across smbd restarts. Michael (cherry picked from commit d5537cbbf931f0bca519371bfd084fb0051acd57) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* Fix large paged searchVolker Lendecke2010-02-111-0/+1
| | | | | | | Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit afb06a8af3c4e86ef9960c8beb19a22f5fd0f3c2) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* =?utf-8?q?=D1=953:ldap:=20search=20for=20account=20policies=20in=20objectcla ↵Björn Jacke2010-02-111-1/+6
| | | | | | | | | | | ss=20sambaDomain,=20not=20* =20(cherry=20picked=20from=20commit=20e5f41591504769b5c7beb5a35bb0f95b33d27a8b)?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:ldap: don't search when no values where found (cherry picked from commit ↵Björn Jacke2010-02-111-1/+1
| | | | | | 70063522065ab3e5a21fb11db0097b808aa11100) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* Fix bug #7072 - Accounts can't be unlocked from ldap.Jeremy Allison2010-02-041-8/+17
| | | | | | | | | | | | | | | Fix suggested by Andy Hanton <andyhanton@gmail.com>. The LOGIN_CACHE struct contains two time_t entries, but was being written to and read from via tdb_pack/tdb_unpack functions using explicit 32-bit int specifiers. This would break on machines with a 64-bit time_t. Use correct int sizes for tdb_pack/tdb_unpack. We have to fix this properly before 2037 :-). Contains fixes from master 627fb85092f728065b6d772c41aeb75018154e86 and 69fd8461b8792f4fee1b61db03953044565492c6. Jeremy.
* Do not segfault in pdb_search_destructor if no real search was startedVolker Lendecke2010-01-271-1/+2
| | | | | | (cherry picked from commit d07464b21fe652e205f5eb2c74d12495bab100ce) Fix bug #7068 (pdb_search api may crash as non-root user).
* s3:pdb_ldap: restore Samba 3.0.x behavior and use the first "uid" value.Stefan Metzmacher2010-01-191-1/+1
| | | | | | | | | | See bug #6157 for more details. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 25806f43ddee7e2653e907eea2c6fcc075960fa1) (cherry picked from commit ac224452b94865db346ed68dc517f84d40e6303c)
* s3:pdb_ldap: Fix large paged search.Volker Lendecke2009-12-101-0/+1
| | | | Fix bug #6981 (Paged Search with DirX LDAP server broken).
* s3-pdb_ldap: Fix bug #4296: Clean up group membership while deleting a user.Günther Deschner2009-09-021-0/+46
| | | | | | Note that this only is tried with editposix=yes. Guenther
* Fix bug 5886Volker Lendecke2009-08-311-8/+26
| | | | | | | | | Ok, that's a very long-standing one. I finally got around to install a recent OpenLDAP and test the different variants of setting a NULL password etc. Thanks all for your patience! Volker
* Fix bug #6431 - local groups from 3.0 setups no longer found.Volker Lendecke2009-07-031-8/+8
| | | | | Search for groups without group suffix, group suffix is only used for new entries. (cherry picked from commit 91a8cb851e1919a337310e2c699d8fcf76a55060)
* s3:passdb: fix bug #6509: use gid (not uid) cache in fetch_gid_from_cache().Michael Adam2009-06-271-1/+1
| | | | | | | With the previous code, the cache can never have been hit at all. Michael (cherry picked from commit a4bc5bfa95be242fe1c8e0cd520a8f1e3d2a67f5)
* s3-passdb: fix uninitialized variable in local_password_change().Günther Deschner2009-06-091-1/+1
| | | | Guenther
* s3/passdb: Fix debug message: 'net setmaxrid' does not exist.Karolin Seeger2009-06-061-2/+2
| | | | | | | This is aiming bug #6351. Karolin (cherry picked from commit c94d1cd7b1dc3ff99ae5a1eb9058ed6015fb9749)
* Consolidate user create/delete paths in smbpasswdSimo Sorce2009-06-031-147/+179
| | | | | | | | | | | | | | | This patch changes the way smbpasswd behaves when adding/deleting users. smbpasswd now calls pdb_create_user/pdb_delete_user, this means that if add/delete user scripts are configured then they are used to create or delete unix users as well. If the scripts are not defined the behavioris unchanged. This also allow to use smbpasswd -a/-x with ldapsam:editposix to allow automatic creation/deletion of users. Part 2/2 for bug #6333. Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 64d1b5c4e1efd734176c1ea6e5e564e626128b4f)
* s3: zero an uninitialized arrayMarc VanHeyningen2009-05-271-1/+4
| | | | | | | Invalid pointers were being dereferenced in lookup_sids causing occasional seg faults. Signed-off-by: Tim Prouty <tprouty@samba.org>
* s3: Fallback to the legacy sid_to_(uid|gid) instead of returning NULL.Aravind Srinivasan2009-05-122-26/+4
| | | | | This is very similar to be1dfff02d562e42a7847bd02fed8538630d3f41 (cherry picked from commit 5aefb44bf04becc6b80e7c3bf038d79851c5b0f9)
* Fix the last few format arg missmatches I missed.Jeremy Allison2009-05-121-4/+4
| | | | Jeremy.
* Fix bug 6157Volker Lendecke2009-05-121-1/+1
| | | | | This patch picks the alphabetically smallest one of the multi-value attribute "uid". This fixes a regression against 3.0 and also becomes deterministic.
* Fix a bunch of compiler warnings about wrong format types.Jeremy Allison2009-05-113-10/+10
| | | | | Should make Solaris 10 builds look cleaner. Jeremy.
* s3/ldap: also handle DirX return codesBjörn Jacke2009-05-111-0/+2
|
* s3-ldap: fix more callers of smbldap_dn_talloc() that were passing a NULL ↵Günther Deschner2009-05-052-2/+2
| | | | | | | context. Guenther (cherry picked from commit fee4c99be494b9679c414d6ba1938aa88adeacd3)
* s3-ldapsam: Fix Bug #6313: ldapsam_update_sam_account() crashes while doing ↵Günther Deschner2009-05-051-1/+1
| | | | | | | talloc_free on malloced memory. Guenther (cherry picked from commit 5b37df21f6af52d20ad3a25361b1d7faa51308d1)
* s3:smbldap Remove smbldap_get_dnAndrew Bartlett2009-04-062-29/+18
| | | | | | | This removes one more caller to pull_utf8_allocate() Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 9512640155f3f249e4fd5ad076375592cbd65fc6)
* Allow pdbedit to change a user rid/sid. Based on a fix from Alexander ↵Jeremy Allison2009-04-011-3/+57
| | | | | | Zagrebin <alexz@visp.ru>. Jeremy.
* s3-passdb: add smb_create_user().Günther Deschner2009-04-011-0/+59
| | | | | Guenther (cherry picked from commit d0e1ff4aff24ef2f3b3f535ad25ad0573382e1a3)
* s3: fix the fix for bug #6195 - dont let smbd child processes panicMichael Adam2009-04-011-2/+16
| | | | | | | | | | | This patch makes sure the original and temporary TDBs are closed _before_ the rename. Originally, the open TDB was renamed, and so the name passdb.tdb.tmp stayed around in the db context. Hence upon client connect, the smbd children died because reinit_after_fork() calling tdb_reopen_all() would try to reopen passdb.tdb.tmp which existed no longer... Michael
* Fix the problem of 3.0.x passdb databases being versionJeremy Allison2009-03-271-5/+43
| | | | | | | 3 but using a different hash calculation than 3.2.x passwd databases (also version 3). Introduces a minor version number. Jeremy.
* Fix bug #6195 - Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb ↵Jeremy Allison2009-03-271-1/+2
| | | | | | | | | | correctly. For the clustering case. Clustered setups should have only ever used the unsigned version of TDB_DATA in the first place so they can't be in this mess :-). Just do the normal upgrade in the clustered case. Jeremy.
* Fix bug 6097Volker Lendecke2009-03-241-1/+1
| | | | | | | A client sent a SID with authority 0 and 0 sub-authorities. W2k3 replies with NT_STATUS_INVALID_SID, even if other SIDs in the list are valid. Thanks to Pavel <wylda@volny.cz> for the bug report!
* Fix bug #6195 - Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb ↵Jeremy Allison2009-03-181-14/+201
| | | | | | | | | correctly. This is a really nasty one to fix as in order to successfully update the passdb.tdb we must do the equivalent of a tdbbackup to move to the new hash values before we do the upgrade. Jeremy.
* Missing break in conversion function prevents tdb password database update.Alexander Zagrebin2009-03-171-0/+1
|
* s3 pdb_wbc_sam: LookupRids should return sAMAccountName, not NT4 namesDan Sledz2009-03-121-5/+7
| | | | Also fix an incorrect TALLOC_FREE
* Shape up pdb_search a bit by making it a talloc ctx with a destructorVolker Lendecke2009-03-074-57/+46
|
* s3 passdb: Add back some useful debug statementsTim Prouty2009-03-031-18/+24
| | | | Originally removed in be1dfff02d562e42a7847bd02fed8538630d3f41
* It appears that the first time we see a uid/gid that winbind can't map,Dan Sledz2009-03-021-14/+22
| | | | | | | | | | we end up returning the null sid instead of falling back to the legacy code. Next time through the code we'll hit the negative cache and do the right thing, but we still fail the first time. If we fail the winbind id to sid mapping, call the legacy version. This catches the case where we don't have a negative cache entry for the mapping. This is better than returning the NULL sid to the caller.
* Fix an incompatible pointer passed to winbind_get_groupsVolker Lendecke2009-02-251-1/+3
| | | | | | | | | | | | This is the same bug that was fixed in other places of the code a few times already: A C compiler ONLY does automatic type conversions during an assignment. Passing down a pointer to type A to a function taking type B as an argument does NOT do any automatic type conversions. If required, I can dig up the relevant portions of the C standard.
* s3: Rename auth_onefs_wb and pdb_onefs_samDan Sledz2009-02-241-58/+73
| | | | | | | auth_onefs_wb.c -> auth_wbc.c pdb_onefs_sam.c -> pdb_wbc_sam.c No changes to functionality
generated by cgit (git 2.34.1) at 2025-08-28 21:15:12 +0000