summaryrefslogtreecommitdiffstats
path: root/source3/passdb
Commit message (Collapse)AuthorAgeFilesLines
* passdb: Allow a passdb module to do idmap for everythingAndrew Bartlett2014-06-163-0/+333
| | | | | | | | | | | | | | | | | | | | | This patch seems odd, but the pdb_samba_dsdb module has exactly this semantics. That is, the pdb_samba_dsdb is responsible for all IDMAP values, due to backing on to the idmap.ldb allocator. This option is added so we can continue to support the mappings written into that database even when switching winbindd implementations - the source4/ winbind code would only ask the idmap_ldb code, no matter what the SID. Almost all of the behaviour for this is already in winbindd, but we need this extra flag function so as to avoid (currently intentional) errors at startup due to not having a per-domain allocation configured in the smb.conf. Andrew Bartlett Change-Id: I6b0d7a1463fe28dfd36715af0285911ecc07585c Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
* passdb: Do not routinely clear the global memory returned by ↵Andrew Bartlett2014-06-112-15/+41
| | | | | | | | | | | | get_global_sam_sid() This avoids use-after-free errors and tdb database churn. Andrew Bartlett Change-Id: If7ab2e24556d9dffc7ad22c0489d665dd75a0cab Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
* Fix several talloc stack frames not freedSamuel Cabrero2014-05-301-0/+8
| | | | | | | | | Signed-off-by: Samuel Cabrero <scabrero@zentyal.com> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date(master): Fri May 30 15:29:29 CEST 2014 on sn-devel-104
* s3:passdb: improve a debug message in pdb_default_sid_to_id()Michael Adam2014-05-031-1/+4
| | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:passdb: fix and improve debug message in pdb_default_sid_to_id().Michael Adam2014-05-031-1/+2
| | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3: Always cache idmapping results of pdb backend.Alexander Werth2014-05-032-17/+33
| | | | | | | | | | | And don't cache in the pdb_ldap module on the id_to_sid calls. Signed-off-by: Alexander Werth <alexander.werth@de.ibm.com> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Sat May 3 04:14:05 CEST 2014 on sn-devel-104
* lib-util: rename memdup to smb_memdup and fix all callersBjörn Baumbach2014-04-161-1/+1
| | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Volker Lendecke <vl@samba.org>
* dsdb: Rework samdb_result_acct_flags to use either userAccountControl or ↵Andrew Bartlett2014-04-021-6/+5
| | | | | | | | | | | | | | | | msDS-User-Account-Control-Computed This allows us to avoid the domain lookup in the constructed attribute when not required. By using msDS-User-Account-Control-Computed the lockout and password expiry checks are now handled in the operational ldb module. Andrew Bartlett Change-Id: I6eb94933e4602e2e50c2126062e9dfa83a46191b Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Remove a number of NT_STATUS_HAVE_NO_MEMORY_AND_FREE macros from the codebase.Garming Sam2014-03-051-6/+24
| | | | | | | | | | | Following the current coding guidelines, it is considered bad practice to return from within a macro and change control flow as they look like normal function calls. Change-Id: I133eb5a699757ae57b87d3bd3ebbcf5b556b0268 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* passdb: spare superfluous call to lookup_rids() in lookup_sids()Michael Adam2014-02-251-7/+12
| | | | | | | | | | | | | | If we have no name indexes for a domain, all names were domain names and have been resolved earlier, including the domain name. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463 Change-Id: I5a7a387fa89d2b2bdd465c13b3dca0e18ca0482c Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Feb 25 11:17:18 CET 2014 on sn-devel-104
* s3:passdb: Fix the use of uninitialized scalar variable.Poornima Gurusiddaiah2014-02-241-8/+2
| | | | | | | | Coverity-id: 1107228,1107227 Signed-off-by: Poornima Gurusiddaiah <pgurusid@redhat.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* passdb: Patch memory leak in pdb_ldap.cJose A. Rivera2014-02-211-4/+6
| | | | | | | | | | | | | Moved the call to the talloc autofree function to as early a point as possible. init_ldap_from_sam() already calls smbldap_set_mod(), and there's a chance that the init will fail after having already allocated memory for &mods. Coverity-Id: 1167997 Change-Id: Ic26bfb3c530f90aa885e447b8409deba49708d64 Reviewed-by: Ira Cooper <ira@samba.org> Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> Reviewed-by: Simo Sorce <idra@samba.org>
* param: rename lp function and variable from "renameuser_script" to ↵Garming Sam2014-02-073-4/+4
| | | | | | | | "rename_user_script" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "deluser_script" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "delete_user_script" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "adduser_script" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "add_user_script" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "addmachine_script" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "add_machine_script" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from 'guestaccount' to 'guest_account'Garming Sam2014-02-073-5/+5
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dbwrap: add a dbwrap_flags argument to db_open()Michael Adam2014-02-073-6/+6
| | | | | | | | | | This is in preparation to support handing flags to backends, in particular activating read only record support for ctdb databases. For a start, this does nothing but adding the parameter, and all databases use DBWRAP_FLAG_NONE. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-lib: Add winbind_lookup_usersids().Andreas Schneider2014-02-051-0/+311
| | | | | | | Pair-Programmed-With: Guenther Deschner <gd@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-passdb: Fix string duplication to pointers.Andreas Schneider2014-01-091-2/+12
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jan 9 22:35:25 CET 2014 on sn-devel-104
* samba:python - Py_RETURN_NONE remove compatibility code for releases < 2.4Matthias Dieter Wallnöfer2014-01-091-4/+0
| | | | | | | | | http://www.python.org/doc//current/c-api/none.html Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date(master): Thu Jan 9 16:27:47 CET 2014 on sn-devel-104
* s3-lib: Add grpname to talloc_sub_specified().Andreas Schneider2013-11-212-7/+25
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* build: get rid of source strings from source3/passdb/wscript_buildMichael Adam2013-09-241-9/+4
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* lib: Use "mem_ctx" arg in gencache_getVolker Lendecke2013-09-051-2/+2
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Sep 5 20:09:21 CEST 2013 on sn-devel-104
* lib: Add a "mem_ctx" arg to gencache_get (unused so far)Volker Lendecke2013-09-051-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:passdb/pdb_util make pdb_create_builtin consider whether backend deals ↵Christian Ambach2013-06-211-4/+33
| | | | | | | | | | | | | | | | | | with BUILTIN when creating a BUILTIN group, make the strategy dependent on passdb backend behavior 1. if passdb is responsible for BUILTIN (normal case), call pdb_create_builtin_alias with gid=0 argument so it asks winbindd for a gid to be used 2. if passdb is not responsible, ask for a mapping for the group first and let pdb_create_builtin_alias create the mapping based on the gid that was determined in the mapping request Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Jun 21 12:49:10 CEST 2013 on sn-devel-104
* s3:passdb add a gid argument to pdb_create_builtin_aliasChristian Ambach2013-06-212-2/+2
| | | | | | | | make it possible to skip the allocation of a new gid from winbind by specifying the gid to be used Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:passdb expose pdb_create_builtin functionChristian Ambach2013-06-212-3/+4
| | | | | | | | this one first tries to map the principal before allocating a new gid Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:passdb/pdb_tdb add parameter to control handling of BUILTINChristian Ambach2013-06-211-0/+10
| | | | | | | | | with tdbsam:map builtin, one can control if tdbsam should be used to map entries from BUILTIN or not. By default, they will be mapped (as in older releases) Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:passdb/pdb_ldap remove an unnecessary checkChristian Ambach2013-06-211-4/+0
| | | | | | | | | | | as general passdb code already verifies for which idmap domains the module is responsible, requests for other domains should not come in here any more Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:passdb/pdb_ldap make the module handle well-knownChristian Ambach2013-06-211-0/+7
| | | | | | | overwrite the passdb defaults and let this module handle well-knowns Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:passdb make pdb_sid_to_id honor backend responsibilitiesChristian Ambach2013-06-211-0/+7
| | | | | | | | | only ask passdb backend for mapping if it is responsible Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:passdb/pdb_samba_dsdb make the module handle well-knownChristian Ambach2013-06-211-0/+7
| | | | | | | overwrite the passdb defaults and let this module handle well-knowns Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:passdb add pdb_*_is_responsible_for* functionsChristian Ambach2013-06-212-0/+79
| | | | | | | | | | | | | allows PDB modules to specify for which special domains they are responsible when it comes to SID->xid conversion By default, passdb modules will be responsible for local BUILTIN, local SAM and Unix Users/Groups Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:passdb/samba_dsdb fix some compiler warningsChristian Ambach2013-06-211-2/+2
| | | | | | | about gids and group_sids being potentially uninitialized Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:passdb/samba_dsdb fix a compiler warningChristian Ambach2013-06-211-1/+1
| | | | | | | about discarding const modifier Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* passdb-machine_account_secrets: Remove #if SAMBA_BUILD_ == 4 now we only ↵Andrew Bartlett2013-05-282-10/+0
| | | | | | | | have the waf build Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* pdb_ldap: Do not skip accounts without a sambaAcctFlags valueAndrew Bartlett2013-05-161-4/+4
| | | | | | | | | | | | | We allow this to mean a sambaAcctFlags value of zero in other parts of the code and by allowing these users to show up in a search, we can read and correct them during the classicupgrade, rather than not know they exist at all. Most parts of the code do not look for ACB_NORMAL, which is why these users appear to work. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* PASSDB: add support to set and enumerate UPN suffixes associated with our forestAlexander Bokovoy2013-04-092-0/+38
| | | | | | | | | | | | | | | | Samba PDC may manage a forest containing DNS domains in addition to the primary one. Information about them is advertised via netr_DsRGetForestTrustInformation when trusted_domain_name is NULL, according to MS-NRPC and MS-LSAD, and via netr_GetForestTrustInformation. This changeset only expands PASSDB API; how suffixes are maintained is left to specific PDB modules. Set function is added so that suffixes could be managed through 'net' and other Samba utilities, if possible. One possible implementation is available for ipasam module in FreeIPA: http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cc56723151c9ebf58d891e85617319d861af14a4 Reviewed-by: Andreas Schneider <asn@samba.org>
* pdb: Fix array overrun by one.Andreas Schneider2013-02-221-3/+4
| | | | Reviewed-by: Alexander Bokovoy <ab@samba.org>
* ntdb: switch between secrets.tdb and secrets.ntdb depending on 'use ntdb'Rusty Russell2013-02-202-5/+5
| | | | | | | | | | | Since we open with dbwrap, it auto-converts old tdbs (which it will rename to secrets.tdb.bak once it's done). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date(master): Wed Feb 20 07:09:19 CET 2013 on sn-devel-104
* Rename pdb_ldap to pdb_ldapsamAndreas Schneider2013-02-065-12/+16
| | | | | | | This patch moves pdb_ldap to pdb_ldapsam unconditionally and makes possible to load ldapsam.so dynamically Reviewed-by: Alexander Bokovoy <ab@samba.org>
* waf: Fix pdb_ldap which cannot be built as a module.Andreas Schneider2013-01-231-2/+4
| | | | | | | | | | | The module has two init functions, pdb_ldap_init() and pdb_ldapsam_init(). As a shared module only one can be found until we create a symlink. Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jan 23 10:51:59 CET 2013 on sn-devel-104
* passdb: Add discard_const_p() to pdb_samba_dsdbAndrew Bartlett2013-01-101-2/+2
| | | | Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:passdb: fix building pdb_ldap as shared moduleMichael Adam2012-12-032-2/+3
| | | | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Dec 3 19:12:29 CET 2012 on sn-devel-104
* s3:passdb: don't look into group mappings in legacy_sid_to_unixid()Michael Adam2012-12-031-28/+1
| | | | | | | The backends (tdbsam and ldapsam) do this. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:passdb:pdb_ldap: treat "Unix User" and "Unix Group" in sid_to_id()Michael Adam2012-12-031-0/+5
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:passdb:pdb_ldap: pre-validate sid with sid_check_object_is_for_passdb()Michael Adam2012-12-031-3/+3
| | | | | | | | | | | instead of sid_check_sid_is_in_our_sam). This allows for builtin sids, wellknown sids and "Unix User" and "Unix Group" domains. This broadens up the check moved here in commit 02e25b2a43ae02205a3412f862a1482d24b70aa4. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:passdb: add sid_check_object_is_for_passdb()Michael Adam2012-12-031-0/+1
| | | | | | | | Variant of sid_check_is_for_passdb() that only checks for objects in the various domains, not for the domain sids themselves. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:passdb: factor pdb_sid_to_id_unix_users_and_groups() out of ↵Michael Adam2012-12-031-16/+32
| | | | | | | | | | pdb_default_sid_to_id() The special treatment of the "Unix User" and "Unix Group" pseudo domains can be reused. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
generated by cgit (git 2.34.1) at 2024-05-25 20:26:13 +0000