1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Commit Graph

2001 Commits

Author SHA1 Message Date
Stefan Metzmacher
011d849a96 s3:pdb_samba_dsdb: fix calucating of dsdb_flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-27 05:00:16 +02:00
Volker Lendecke
93b982faad lib: Give base64.c its own .h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-04 01:28:23 +02:00
Volker Lendecke
773a16ba86 pdb_ldap: Don't use autofree if "mods" still changes
This will prevent some use-after-free's, potentially it might for example fix
bugzilla 11851. Not directly related, but it's a crash related to ldap-backed
user creation.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-04-22 07:20:17 +02:00
Garming Sam
7b431eba22 build: mark explicit dependencies on pytalloc-util
All subsystems that include pytalloc.h need to link against
pytalloc-util.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Mar 15 07:08:16 CET 2016 on sn-devel-144
2016-03-15 07:08:16 +01:00
Andrew Bartlett
0705aee099 py_passdb: Use pytalloc_BaseObject_PyType_Ready()
This changes py_passdb to use talloc.BaseObject() just like the PIDL output

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:29 +01:00
Andrew Bartlett
e622411c48 pypassdb: Do not use pytalloc_Object directly
This type should not be used directly, it should have been made private
to pytalloc.  This then allows removal of the (PyCFunction) cast

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:29 +01:00
Volker Lendecke
6af7ebf336 passdb: Avoid a "ret == true"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Mar  2 01:04:14 CET 2016 on sn-devel-144
2016-03-02 01:04:14 +01:00
Uri Simchoni
fb4778f4e9 passdb: add linefeed to debug message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11763

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar  1 15:24:35 CET 2016 on sn-devel-144
2016-03-01 15:24:35 +01:00
Aurelien Aptel
f2675909d3 s3/passdb/py_passdb.c: free frame before returning
these talloc frames are freed *after* the return instruction and are
never executed. this fixes potential memory leaks.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Mar  1 12:08:40 CET 2016 on sn-devel-144
2016-03-01 12:08:40 +01:00
Luca Olivetti
5d759bd0d4 pdb: Fix segfault in pdb_ldap for missing gecos
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11530
Signed-off-by: Luca Olivetti <luca@wetron.es>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Feb  5 16:47:00 CET 2016 on sn-devel-144
2016-02-05 16:47:00 +01:00
Michael Adam
2f2b57a648 passdb: change ABI version to 0.25.0 due to removed symbol.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 01:55:09 +01:00
Michael Adam
8ff3257c4c s3:passdb: move my_sam_name() from passdb to util_name.c
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 01:55:09 +01:00
Andrew Bartlett
0e58705a5b python: Remove Python 2.4 support macros
We require Python 2.6

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2016-01-07 23:33:10 +01:00
Garming Sam
93689174ff passdb: Change ABI version to 0.24.2
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-11-30 03:49:25 +01:00
Alberto Maria Fiaschi
1c9117746b Add --set-nt-hash option to pdbedit to update user password from nt-hash hexstring.
Useful to take in sync password from other repository.
(Modify MASK_USER_GOOD to include new flag  BIT_PWSETNTHASH)

pdbedit -vw show also  password hashes .

Split pdb_set_plaintext_passwd  in two function:
pdb_set_plaintext_passwd and pdb_update_history.
pdb_update_history update password history and is call from
pdb_set_plaintext_passwd.

Signed-off-by: Alberto Maria Fiaschi <alberto.fiaschi@estar.toscana.it>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-11-30 03:49:25 +01:00
Jeremy Allison
2f6dc260ad s3: lsa: lookup_name() logic for unqualified (no DOMAIN\ component) names is incorrect.
Change so we only use unqualified name lookup logic if
domain component = "" and LOOKUP_NAME_ISOLATED flag is
passed in.

Remember to search for "NT Authority" *before* going
into unqualified name lookup logic.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2015-10-15 19:56:14 +02:00
Volker Lendecke
e73ccc06ef Rely on /dev/urandom
This removes quite a bit of code. All reasonable systems have /dev/urandom
these days. Linux, Solaris and the BSDs do.  In case we find a system
without /dev/urandom, we will have to go hunting in other libraries.

The main reason for this is speed: On Ubuntu 14.04 doing direct reads from
/dev/urandom is 2-3 times faster than our md4 based code. On virtualized
FreeBSD 10 the difference is even larger.

My first approach was to use fopen/fread. It was even faster, but less
than twice as fast. So I thought we could save the additional complexity
when having to deal with throwing away buffers when forking and the
additional memory footprint per process.

With this simple generate_random_buffer it will be easier to adapt new
syscalls to get randomness.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 13 04:25:39 CEST 2015 on sn-devel-104
2015-10-13 04:25:38 +02:00
Volker Lendecke
c9d97e3a2e lib: Make sid_linearize take a uint8_t
We marshall into a binary buffer, uint8_t better reflects that.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 27 00:40:58 CEST 2015 on sn-devel-104
2015-08-27 00:40:58 +02:00
Christof Schmitt
487119d741 secrets: Add function to fetch only password change timestamp
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-08-01 10:55:21 +02:00
Justin Maggard
dc99d451bf s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup.
Somewhere along the line, a config line like "valid users = @foo"
broke when "foo" also exists as a user.

user_ok_token() already does the right thing by adding the LOOKUP_NAME_GROUP
flag; but lookup_name() was not respecting that flag, and went ahead and looked
for users anyway.

Regression test to follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320

Signed-off-by: Justin Maggard <jmaggard@netgear.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Marc Muehlfeld <mmuehlfeld@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 28 21:35:58 CEST 2015 on sn-devel-104
2015-07-28 21:35:58 +02:00
Volker Lendecke
da3df2e1bb pdb_tdb: Use fstr_sprintf
Saves 160 bytes of .text

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2015-07-21 19:04:14 +02:00
Stefan Metzmacher
347d54047f s3:pdb_samba_dsdb: make use of dsdb_trust_search_tdo()
dsdb_trust_search_tdo() is almost the same as sam_get_results_trust(),
so we can remove sam_get_results_trust() later.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-07-08 18:38:21 +02:00
Richard Sharpe
12df833563 Convert the few instances of int32 there were to int32_t.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 16 03:09:12 CEST 2015 on sn-devel-104
2015-05-16 03:09:12 +02:00
Richard Sharpe
f893a4a354 Convert all uses of uint32/16/8 to _t in source3/passdb.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-12 01:32:12 +02:00
Günther Deschner
450b7c619f s3-passdb: fix memleak in pdb_default_get_trusted_domain().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2015-04-17 14:12:19 +02:00
Andreas Schneider
cd4442c7ac s3-passdb: Fix 'force user' with winbind default domain
If we set 'winbind use default domain' and specify 'force user = user'
without a domain name we fail to log in. In this case we need to try a
lookup with the domain name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11185

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 31 21:17:23 CEST 2015 on sn-devel-104
2015-03-31 21:17:23 +02:00
Volker Lendecke
de811f14af lib: Remove tdb_compat
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-03-17 11:30:52 +01:00
Volker Lendecke
d699e1db80 lib: Remove "use_ntdb" param from secrets_init_path
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-03-17 11:30:51 +01:00
Volker Lendecke
b08117976d Remove callers of lp_use_ntdb
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-03-17 11:30:51 +01:00
Volker Lendecke
908b1f9634 passdb: Fix the O3 developer build
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Mar 17 11:29:38 CET 2015 on sn-devel-104
2015-03-17 11:29:38 +01:00
Stefan Metzmacher
7391416399 s3:pdb_samba_dsdb: implement pdb_samba_dsdb_set_trusteddom_pw()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-12 17:13:43 +01:00
Stefan Metzmacher
e0a4f438d1 s3:pdb_samba_dsdb: return the domain sid in pdb_samba_dsdb_get_trusteddom_pw()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-12 17:13:43 +01:00
Stefan Metzmacher
2a2cec6f9c s3:pdb_samba_dsdb: return the previous password and the kvno in pdb_samba_dsdb_get_trusteddom_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-12 17:13:43 +01:00
Volker Lendecke
38628b1e32 Fix the O3 developer build
Different gcc versions complain at different places

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar  3 13:14:53 CET 2015 on sn-devel-104
2015-03-03 13:14:53 +01:00
Richard Sharpe
9077fc79d4 Remove an unused function call.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Feb 13 23:29:54 CET 2015 on sn-devel-104
2015-02-13 23:29:53 +01:00
Günther Deschner
37f7a177f0 s3-passdb: lift annoying debug message level.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Feb 13 15:54:18 CET 2015 on sn-devel-104
2015-02-13 15:54:17 +01:00
Petr Viktorin
02980268e8 Remove use of the "staticforward" macro
This macro was used for compatibility with broken compilers.
Since Python 2.3, it is always defined as `static`, and only exists
"for source compatibility with old C extensions".

Signed-off-by: Petr Viktorin <pviktori@redhat.com>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2015-01-22 10:51:07 +01:00
Volker Lendecke
2ec910dba4 passdb: Cache output from pdb_[ug]id_to_sid
A customer complained that after upgrading to Samba 4.0 fileserver
its LDAP server was flooded with uid2sid and gid2sid request for id
0. With 4.0 we do a lot more user-space ACL checking which involves
uid2sid/gid2sid. This caches the corresponding results.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan  7 12:00:10 CET 2015 on sn-devel-104
2015-01-07 12:00:09 +01:00
Stefan Metzmacher
c594804080 s3:passdb: fix logic in pdb_set_pw_history()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10940

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jan  5 16:51:30 CET 2015 on sn-devel-104
2015-01-05 16:51:30 +01:00
Stefan Metzmacher
05eb7b52cd s3:pdb_samba_dsdb: use SEC_CHAN_DNS_DOMAIN in pdb_samba_dsdb_get_trusteddom_creds()
If both ends have a dns domain, we can use SEC_CHAN_DNS_DOMAIN in order to match
a Windows DC.

For kerberos we still need to use MY_NETBIOS_DOMAIN$@REMOTE_REALM.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-12-19 13:15:13 +01:00
Stefan Metzmacher
7387678ff5 s3:pdb_samba_dsdb: add pdb_samba_dsdb_get_trusteddom_creds
We have the password as raw UTF16 blob, which might not be
valid utf16, so we need to use cli_credentials_set_utf16_password().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-12-19 13:15:13 +01:00
Stefan Metzmacher
12aaafd297 s3:passdb: let pdb_get_trust_credentials() try pdb_get_trusteddom_creds() first
NT_STATUS_NOT_IMPLEMENTED lets it fallback to the old get_trust_pw_clear2()
code.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 18 06:46:05 CET 2014 on sn-devel-104
2014-12-18 06:46:05 +01:00
Stefan Metzmacher
8e90b93ddc s3:passdb: add optional get_trusteddom_creds() hooks
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-12-18 04:22:05 +01:00
Garming Sam
3b76b705f0 pdb: Increase version number to fix ABI
In the process, we can also rename pdb to avoid conflicts with libpdb.

We don't depend directly on pdb to avoid duplicate symbols.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10355
Change-Id: I4df6ba2f4ce35d3718dc4198b527cca46a139efe
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-12-03 04:21:09 +01:00
Garming Sam
7979c6cc50 idmap: unify passdb *id_to_sid methods
Instead of passing down gid or uid, a pointer to a unixid is now sent
down. This acts as an in-out variable so that the idmap functions can
correctly receive ID_TYPE_BOTH, filling in cache details correctly
rather than forcing the cache to store ID_TYPE_UID or ID_TYPE_GID.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10720

Change-Id: I11409a0f498e61a3c0a6ae606dd7af1135e6b066
Pair-programmed-with: Andrew Bartlett <abarlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-12-03 04:21:09 +01:00
Stefan Metzmacher
7ec8401f82 s3:passdb: avoid invalid pointer type warnings in pdb_wbc_sam.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-11-25 07:25:44 +01:00
Stefan Metzmacher
966192ee16 s3:passdb: always copy the history in pdb_set_plaintext_passwd()
We should not write to memory marked as const
(returned from pdb_get_pw_history())!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-11-25 07:25:44 +01:00
Volker Lendecke
c2bda5bfae pdb_tdb: Avoid a nasty error message with ctdb
ctdb gives us 0-sized records for deleted passdb entries

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Nov 11 16:19:37 CET 2014 on sn-devel-104
2014-11-11 16:19:37 +01:00
Volker Lendecke
05f8e03713 pdb_tdb: Fix a TALLOC/SAFE_FREE mixup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-11-11 13:59:05 +01:00
David Disseldorp
6d5b8dd70e pdb_tdb: don't leak state_path onto talloc tos
Also check for allocation failures.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-11-03 23:46:04 +01:00