1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

144 Commits

Author SHA1 Message Date
Stefan Metzmacher
c5874b9b68 s3:passdb: add create_builtin_guests()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-03-19 20:30:49 +01:00
Günther Deschner
7575f54a90 s3-passdb: remove some dead prototypes
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-05-10 15:53:20 +02:00
Jeremy Allison
306783d6f5 lib: modules: Change XXX_init interface from XXX_init(void) to XXX_init(TALLOC_CTX *)
Not currently used - no logic changes inside.

This will make it possible to pass down a long-lived talloc
context from the loading function for modules to use instead
of having them internally all use talloc_autofree_context()
which is a hidden global.

Updated all known module interface numbers, and added a
WHATSNEW.

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Böhme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
2017-04-22 01:17:00 +02:00
Michael Adam
8ff3257c4c s3:passdb: move my_sam_name() from passdb to util_name.c
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 01:55:09 +01:00
Alberto Maria Fiaschi
1c9117746b Add --set-nt-hash option to pdbedit to update user password from nt-hash hexstring.
Useful to take in sync password from other repository.
(Modify MASK_USER_GOOD to include new flag  BIT_PWSETNTHASH)

pdbedit -vw show also  password hashes .

Split pdb_set_plaintext_passwd  in two function:
pdb_set_plaintext_passwd and pdb_update_history.
pdb_update_history update password history and is call from
pdb_set_plaintext_passwd.

Signed-off-by: Alberto Maria Fiaschi <alberto.fiaschi@estar.toscana.it>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-11-30 03:49:25 +01:00
Stefan Metzmacher
8e90b93ddc s3:passdb: add optional get_trusteddom_creds() hooks
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-12-18 04:22:05 +01:00
Garming Sam
7979c6cc50 idmap: unify passdb *id_to_sid methods
Instead of passing down gid or uid, a pointer to a unixid is now sent
down. This acts as an in-out variable so that the idmap functions can
correctly receive ID_TYPE_BOTH, filling in cache details correctly
rather than forcing the cache to store ID_TYPE_UID or ID_TYPE_GID.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10720

Change-Id: I11409a0f498e61a3c0a6ae606dd7af1135e6b066
Pair-programmed-with: Andrew Bartlett <abarlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-12-03 04:21:09 +01:00
Stefan Metzmacher
270f7b3441 s3:passdb: add pdb_get_trust_credentials()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
2014-09-27 19:42:37 +02:00
Andrew Bartlett
b359b0c160 passdb: Allow a passdb module to do idmap for everything
This patch seems odd, but the pdb_samba_dsdb module has exactly this
semantics.  That is, the pdb_samba_dsdb is responsible for all IDMAP
values, due to backing on to the idmap.ldb allocator.  This option is
added so we can continue to support the mappings written into that
database even when switching winbindd implementations - the source4/
winbind code would only ask the idmap_ldb code, no matter what the
SID.

Almost all of the behaviour for this is already in winbindd, but we
need this extra flag function so as to avoid (currently intentional)
errors at startup due to not having a per-domain allocation
configured in the smb.conf.

Andrew Bartlett

Change-Id: I6b0d7a1463fe28dfd36715af0285911ecc07585c
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
2014-06-16 00:26:26 +02:00
Christian Ambach
2d2d13ee61 s3:passdb add a gid argument to pdb_create_builtin_alias
make it possible to skip the allocation of a new gid from winbind
by specifying the gid to be used

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:24 +02:00
Christian Ambach
df41835eea s3:passdb expose pdb_create_builtin function
this one first tries to map the principal before
allocating a new gid

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:23 +02:00
Christian Ambach
0ad38d777f s3:passdb add pdb_*_is_responsible_for* functions
allows PDB modules to specify for which special domains they
are responsible when it comes to SID->xid conversion

By default, passdb modules will be responsible for local BUILTIN,
local SAM and Unix Users/Groups

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:19 +02:00
Christian Ambach
9eb67f259f s3:passdb add idmap control functions
make it possible for each backend to specify for which domains
it should be asked for SID->xid mappings

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:19 +02:00
Alexander Bokovoy
5952755755 PASSDB: add support to set and enumerate UPN suffixes associated with our forest
Samba PDC may manage a forest containing DNS domains in addition to the primary one.
Information about them is advertised via netr_DsRGetForestTrustInformation when
trusted_domain_name is NULL, according to MS-NRPC and MS-LSAD, and
via netr_GetForestTrustInformation.

This changeset only expands PASSDB API; how suffixes are maintained is left
to specific PDB modules. Set function is added so that suffixes could be
managed through 'net' and other Samba utilities, if possible.

One possible implementation is available for ipasam module in FreeIPA:
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cc56723151c9ebf58d891e85617319d861af14a4

Reviewed-by: Andreas Schneider <asn@samba.org>
2013-04-09 20:29:18 +02:00
Michael Adam
d96aeded61 s3:passdb: factor pdb_sid_to_id_unix_users_and_groups() out of pdb_default_sid_to_id()
The special treatment of the "Unix User" and "Unix Group" pseudo domains
can be reused.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03 08:48:30 +01:00
Alexander Bokovoy
c2e2857db4 s3-passdb: wrap secrets.tdb accessors used by PDB modules
PDB modules store domain sid and guid in secrets.tdb to cooperate
with other parts of smbd. If PDB module is built outside Samba
source code it has to be linked against internal libsecrets.

Wrap required secrets_* calls to avoid direct linking. libpdb
is linked against libsecrets by itself and this is enough.
2012-09-07 12:31:42 +02:00
Alexander Bokovoy
2d9a0d8d0c s3-passdb: add unixid_from_uid/unixid_from_gid/unixid_from_both API
struct unixid is defined in idmap.idl and therefore to use it one
would need generated headers from librpc/gen_ndr. Not all of these
files are installed and available as public headers. Also, they
pull in some support headers which requires them to be available
via specific locations like <librpc/gen_ndr/*> or <libcli/util>.

Instead of pulling the headers to get structure and enum definitions,
introduce three simple helpers to fill in 'struct unixid' based on
the type of id. This is sufficient for PASSDB users and does not
require exposing generated headers or code.
2012-05-23 17:51:50 +03:00
Andrew Bartlett
a6e29f23f0 s3-passdb: Change pdb_sid_to_id() to return struct unixid
This will make it easier to consistantly pass a struct unixid all the way up and
down the idmap stack, and allow ID_TYPE_BOTH to be handled correctly.

Andrew Bartlett

Signed-off-by: Michael Adam <obnox@samba.org>
2012-05-02 12:45:29 +02:00
Andrew Bartlett
4471778d78 s3-passdb: Remove unused sampass->pass_must_change_time
There is no need to call pdb_set_pass_must_change_time() because
nothing ever consults that value.  It is always calculated from the
domain policy.

Also, this means we no longer store the value in LDAP.  The value
would only ever be set when migrating from tdbsam or smbpasswd, not on
password changes, so would become incorrect over time.

Andrew Bartlett
2012-04-19 12:34:33 +02:00
Günther Deschner
ab269deb5e s3-passdb: remove a forward declaration.
Guenther
2012-01-09 10:34:06 +01:00
Jeremy Allison
3ede4ffe96 Fix bug #8561 - Password change settings not fully observed.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 16 00:22:41 CET 2011 on sn-devel-104
2011-11-16 00:22:41 +01:00
Günther Deschner
2330e52cac s3-passdb: use tevent_context in passdb.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Oct 28 13:09:47 CEST 2011 on sn-devel-104
2011-10-28 13:09:47 +02:00
Simo Sorce
605d7d965a pdb-interface: Do not use unid_t here
This interface needs to be publicly available, unid_t here is not really useful
and makes it harder to use it as unid_t is not a public union.

Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Tue Oct 18 20:57:16 CEST 2011 on sn-devel-104
2011-10-18 20:57:16 +02:00
Günther Deschner
876f48ffb1 s3-passdb: remove fstring from pdb_set_user_sid_from_string().
Guenther
2011-10-14 12:07:25 +02:00
Günther Deschner
2a5affffff s3-passdb: add {LM|NT}_HASH_LEN defines in passdb.h.
Guenther
2011-10-14 12:07:24 +02:00
Günther Deschner
d6a1867349 s3-passdb: use uintX_t at least in headers.
Guenther
2011-10-14 12:07:24 +02:00
Günther Deschner
d981ceb464 s3-passdb: move passdb prototypes into passdb.h
Guenther
2011-10-14 12:07:24 +02:00
Günther Deschner
c6964c6b3e s3-passdb: move group mapping headers into passdb.h
Guenther
2011-10-14 12:07:24 +02:00
Simo Sorce
995d156726 s3-group-mapping: Remove fstrings from GROUP_MAP.
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Oct 12 19:28:12 CEST 2011 on sn-devel-104
2011-10-12 19:28:12 +02:00
Simo Sorce
f7419172f0 s3-passdb: Cleanup use of fstring and move to talloc.
Signed-off-by: Andreas Schneider <asn@samba.org>
2011-09-26 18:25:26 +02:00
Sumit Bose
751e7d4d33 s3-pdb_ipa: Add supprted encryption types to struct pdb_trusted_domain
Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31 12:53:36 +02:00
Sumit Bose
4f6de78a12 s3-pdb_ipa: Add posix offset to struct pdb_trusted_domain
Signed-off-by: Günther Deschner <gd@samba.org>
2011-08-31 12:52:52 +02:00
Günther Deschner
f9a5df8929 s3-passdb: add dummy calls to control global (replicated) secrets.
Guenther
2011-07-31 22:37:26 +02:00
Günther Deschner
3253d5ad05 s3-passdb: move some passdb defines to passdb.h
Guenther
2011-03-30 15:14:55 +02:00
Günther Deschner
643b08dd25 s3: include ../librpc/gen_ndr/lsa.h where needed.
Guenther
2011-03-30 01:13:10 +02:00
Günther Deschner
f378f9f144 s3-passdb: add machine_sid.h and lookup_sid.h
Guenther
2011-03-30 01:13:08 +02:00
Günther Deschner
b0773aa61a s3-passdb: move mapping.h into passdb.h, its needed here.
Guenther
2011-03-30 01:13:07 +02:00
Günther Deschner
35c2d8ec1e s3-passdb: move passdb headers to passdb/proto.h.
Guenther
2011-03-30 01:13:07 +02:00
Stefan Metzmacher
d7fa349052 s3:auth: change num_groups to from size_t to uint32_t
This will help with the change from UNIX_USER_TOKEN to security_unix_token

metze
2011-02-22 16:20:11 +11:00
Günther Deschner
0ed46df56a s3-passdb: add PDB_CAP_TRUSTED_DOMAINS_EX.
Guenther
2011-02-17 16:02:20 +01:00
Sumit Bose
d638f4a3b8 s3-lsa: Implement lsaRSetForestTrustInformation
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16 11:44:06 +01:00
Sumit Bose
72de982289 s3-ipasam: add ipasam_get_trusted_domain_by_sid()
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16 11:44:04 +01:00
Sumit Bose
b4dd65d3f9 s3-passdb: add {get,set,del,enum}_trusted_domain calls
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16 11:34:44 +01:00
Volker Lendecke
ead7ffa1a7 s3: Add "code_page" to struct samu 2011-02-15 21:12:22 +01:00
Volker Lendecke
d9d0fef862 s3: Add "country_code" to struct samu 2011-02-15 21:12:22 +01:00
Günther Deschner
65bb6b3524 s3: move some stuff out of smb.h to better locations.
Guenther
2011-02-09 22:51:23 +01:00
Günther Deschner
c136b84f0d s3-secrets: only include secrets.h when needed.
Guenther
2010-08-05 10:12:25 +02:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 10:39:59 +02:00
Andrew Bartlett
a92b653af9 s3:passdb Remove use of uint8 uint16 and uint32 in favour of C99 types
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 10:24:55 +02:00
Günther Deschner
4afdb5a2a7 s3: move BASE_RID to main includes.h (in preparation to separate passdb).
Guenther
2010-05-08 01:45:39 +02:00