1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

1739 Commits

Author SHA1 Message Date
Volker Lendecke
08e4e7fef7 s3: Fix Coverity ID 513: UNINIT 2011-03-27 22:22:10 +02:00
Volker Lendecke
f762886687 s3: Fix Coverity ID 2328: FORWARD_NULL
Make startsmbfilepwent robust against an invalid open type
2011-03-27 11:25:34 +02:00
Günther Deschner
ba510fae23 s3-ldapsam: fix ldapsam_create_user() with existing posix accounts.
We were not taking into account the existing posix attributes and thus failed
while trying to add a 2nd uid attribute.

Found by Sumit.

Guenther
2011-03-24 23:08:22 +01:00
Andrew Tridgell
15e84a9a09 charcnv: removed the allow_badcharcnv and allow_bad_conv options to convert_string*()
we shouldn't accept bad multi-byte strings, it just hides problems

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
2011-03-24 01:47:26 +01:00
Jeremy Allison
3d6a92a37b Fix compiler warning in debug message. 2011-03-17 10:35:10 -07:00
Volker Lendecke
4668ac8b16 s3: Fix Coverity ID 1034, CHECKED_RETURN
In all other places we check the result of secrets_init.
2011-03-16 21:14:58 +01:00
Volker Lendecke
9bc14afe96 s3: Fix a cut&paste error in pdb_ads_connect
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Mar 16 08:22:28 CET 2011 on sn-devel-104
2011-03-16 08:22:28 +01:00
Volker Lendecke
420be02a60 s3: Read uidNumber/gidNumber in pdb_ads_sid_to_id
Question: How shall we allocate those? Something like the rid allocator?

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Mar 15 09:59:55 CET 2011 on sn-devel-104
2011-03-15 09:59:55 +01:00
Volker Lendecke
16b007c223 Quite some callers of sid_split_rid do not care about the rid 2011-03-10 18:48:34 +01:00
Volker Lendecke
f6f8ec8d8b s3: Move EXOP definitions to smbldap.h
This attempts to fix the build on Solaris

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Mar  6 10:45:16 CET 2011 on sn-devel-104
2011-03-06 10:45:16 +01:00
Volker Lendecke
ae28029f67 s3: Remove an obsolete comment 2011-03-03 22:08:49 +01:00
Günther Deschner
93db9489fd s3-libds: use already existing ../libds/common/flag_mapping.h header.
Guenther
2011-03-02 22:17:17 +01:00
Jelmer Vernooij
59a077d8f5 Fix some types
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
2011-02-28 23:30:06 +01:00
Jeremy Allison
f7b4209f99 Fix one more warning introduced by changing the size of UNIX_USER_TOKEN->ngroups from size_t to uint32_t.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Feb 28 22:43:50 CET 2011 on sn-devel-104
2011-02-28 22:43:50 +01:00
Gregor Beck
6710561c27 s3: add functions to remove entries from idmap memcache 2011-02-28 12:58:43 +01:00
Gregor Beck
01e7611050 s3: add functions to flush the idmap memcache 2011-02-28 12:58:37 +01:00
Volker Lendecke
cfffd0f3a0 s3: Fix pdb_ads_enum_group_memberships args
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Feb 26 11:37:10 CET 2011 on sn-devel-104
2011-02-26 11:37:10 +01:00
Volker Lendecke
56f02e8520 s3: Fix filtering in pdb_ads_search_users
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Feb 22 20:59:07 CET 2011 on sn-devel-104
2011-02-22 20:59:07 +01:00
Volker Lendecke
ecb65332ea s3: Fix some nonempty blank lines 2011-02-22 19:18:57 +01:00
Stefan Metzmacher
d7fa349052 s3:auth: change num_groups to from size_t to uint32_t
This will help with the change from UNIX_USER_TOKEN to security_unix_token

metze
2011-02-22 16:20:11 +11:00
Günther Deschner
dcf23f022f s3-pdb_ipa: remove uninitialized (and unused) status code.
Guenther
2011-02-21 18:03:20 +01:00
Volker Lendecke
367b35b1ff s3: Fix pdb_ads_enum_aliasmem for empty aliases
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb 20 21:40:40 CET 2011 on sn-devel-104
2011-02-20 21:40:40 +01:00
Volker Lendecke
ff6c175ae6 s3: Support SetGroupInfo in pdb_ads 2011-02-20 20:50:14 +01:00
Volker Lendecke
95126034b0 s3: Fix a debug message 2011-02-20 20:50:14 +01:00
Volker Lendecke
4c45078d8f s3: Fix pdb_ads_enum_group_members for empty groups 2011-02-20 20:50:14 +01:00
Volker Lendecke
288b396411 s3: Fix error returns in pdb_ads_mod_groupmem 2011-02-20 20:50:13 +01:00
Volker Lendecke
ac19b39577 s3: Fix return code of pdb_ads_getsamupriv if the user does not exist
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb 20 11:12:01 CET 2011 on sn-devel-104
2011-02-20 11:12:01 +01:00
Volker Lendecke
5f953b1ef8 s3: Add ACB_NORMAL to workstations, match RPC-SAMR 2011-02-20 10:23:29 +01:00
Volker Lendecke
351b672426 s3: Make QueryDispInfo and QueryInfo match for guest 2011-02-20 10:23:29 +01:00
Volker Lendecke
9971061a9d s3: Pass logonHours through pdb_ads
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Feb 19 12:22:08 CET 2011 on sn-devel-104
2011-02-19 12:22:08 +01:00
Volker Lendecke
943aac2e36 s3: Add "len" to pdb_set_hours 2011-02-19 11:32:49 +01:00
Volker Lendecke
6f3008e627 s3: Let pdb_ads write accountExpires 2011-02-19 11:32:49 +01:00
Volker Lendecke
478d74fe14 s3: Fix pdb_ads_pull_time 2011-02-19 11:32:49 +01:00
Andrew Tridgell
c8b2b10976 s3-waf: use SAMBA3_*() build rules in source3/build
this brings the s3 waf build much closer to the proposed s3build top
level build, using the same bld.SAMBA3_*() rules

There are a few renames of subsystems in here, with a 3 suffix where
it would create a conflict.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-02-18 16:46:41 +11:00
Günther Deschner
67dfc87291 s3-lsa: only proceed in _lsa_EnumTrustedDomainsEx when backend has trusted domain support.
Guenther
2011-02-17 16:02:20 +01:00
Sumit Bose
bfa7964da8 s3-ipasam: Add aliases for trusted domain user
Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb 16 12:58:13 CET 2011 on sn-devel-104
2011-02-16 12:58:13 +01:00
Sumit Bose
d638f4a3b8 s3-lsa: Implement lsaRSetForestTrustInformation
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16 11:44:06 +01:00
Sumit Bose
cc3b67fa1f s3-ipasam: add IPA specific attributes
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16 11:44:06 +01:00
Sumit Bose
8fa440c820 s3-ipasam: add pdb_ipasam_capabilities() and pdb_ipasam_get_domain_info()
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16 11:44:05 +01:00
Sumit Bose
72de982289 s3-ipasam: add ipasam_get_trusted_domain_by_sid()
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16 11:44:04 +01:00
Sumit Bose
b4bc1f8f5c s3-ipasam: add wrapper for ipasam_enum_trusteddoms()
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16 11:44:04 +01:00
Sumit Bose
4e60954071 s3-ipasam: implement enum_trusted_domains
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16 11:34:45 +01:00
Sumit Bose
8ddbb48869 s3-ipasam: implement {get,set,del}_trusted_domain
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16 11:34:45 +01:00
Sumit Bose
c96fd895b9 s3-passdb: make priv2ld() public
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16 11:34:45 +01:00
Sumit Bose
b4dd65d3f9 s3-passdb: add {get,set,del,enum}_trusted_domain calls
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16 11:34:44 +01:00
Sumit Bose
2e78022066 s3-ipasam: Disable old trustdom_pw calls
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16 11:34:44 +01:00
Sumit Bose
4fa210d76a s3-passdb: Add minimal stub for IPA passdb backend
Signed-off-by: Günther Deschner <gd@samba.org>
2011-02-16 11:34:31 +01:00
Volker Lendecke
ab85362cff s3: Support "codePage" in pdb_ads
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Feb 15 22:00:27 CET 2011 on sn-devel-104
2011-02-15 22:00:27 +01:00
Volker Lendecke
ead7ffa1a7 s3: Add "code_page" to struct samu 2011-02-15 21:12:22 +01:00
Volker Lendecke
8bbf0ad2a0 s3: Support "country_code" in pdb_ads 2011-02-15 21:12:22 +01:00
Volker Lendecke
d9d0fef862 s3: Add "country_code" to struct samu 2011-02-15 21:12:22 +01:00
Volker Lendecke
7a2cbdafa8 s3: Add userWorkstations and userParameters to pdb_ads 2011-02-15 21:12:22 +01:00
Günther Deschner
a32f0ff2f0 s3-waf: TLDAP is only needed by pdb_ads (and smbtorture).
Guenther
2011-02-15 12:09:22 +01:00
Volker Lendecke
5d63c503f7 s3: Add "comment" and "description" to pdb_ads
This is pending a change to samldb_description_check, we might have to modify
the description with a TLDAP_MOD_REPLACE operation.

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb 13 17:56:58 CET 2011 on sn-devel-104
2011-02-13 17:56:58 +01:00
Volker Lendecke
60df3c0679 s3: Make "net sam list [users|workstations]" list only the right things
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb 13 12:59:14 CET 2011 on sn-devel-104
2011-02-13 12:59:14 +01:00
Volker Lendecke
f49ad6d073 s3: Remove an unneeded proto 2011-02-13 12:11:53 +01:00
Volker Lendecke
9331bc378d s3: Fix some nonempty blank lines 2011-02-13 12:11:53 +01:00
Volker Lendecke
fe551d6815 s3: Convert tldap_entry_values args to "array, count" 2011-02-13 12:11:53 +01:00
Volker Lendecke
84abb428f6 s3: Add an explicit counter to tldap_add_mod_[blobs|str] 2011-02-13 12:11:53 +01:00
Volker Lendecke
158c1e315b s3: Convert tldap_make_mod_fmt args to "array, count" 2011-02-13 12:11:52 +01:00
Volker Lendecke
6b492a1741 s3: Convert tldap_add_mod_blobs args to "array, count" 2011-02-13 12:11:52 +01:00
Volker Lendecke
30e72e0d0a s3: Align the args of pdb_ads_update_sam_account to tldap_modify 2011-02-13 12:11:52 +01:00
Volker Lendecke
d38ab83bab s3: Make "smbpasswd <user>" work with pdb_ads
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Feb 12 15:17:39 CET 2011 on sn-devel-104
2011-02-12 15:17:39 +01:00
Günther Deschner
8015514c5b s3-waf: use bld.env.HAVE_LDAP in some more places, hopefully fixes the builds w/o ldap.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Feb 11 13:08:38 CET 2011 on sn-devel-104
2011-02-11 13:08:38 +01:00
Volker Lendecke
efa460e291 s3: Align the args in tldap_modify
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Feb 10 23:20:05 CET 2011 on sn-devel-104
2011-02-10 23:20:05 +01:00
Volker Lendecke
b524e58f9a s3: Align tldap_add and tldap_add_send 2011-02-10 22:34:01 +01:00
Volker Lendecke
0539ca51ab s3: Add primary group in pdb_ads_enum_group_memberships
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb  6 18:41:08 CET 2011 on sn-devel-104
2011-02-06 18:41:08 +01:00
Volker Lendecke
d515c6cd5c s3: Fix auth_netlogond to cope with netlogon_creds_CredentialState
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb  6 17:30:48 CET 2011 on sn-devel-104
2011-02-06 17:30:48 +01:00
Volker Lendecke
47d07df37f s3: Fix a potential memleak in secrets_fetch_trusted_domain_password 2011-02-06 16:44:56 +01:00
Volker Lendecke
8c367162f0 s3: In pdb_ads, cope with artificial samu structs 2011-02-06 16:44:56 +01:00
Volker Lendecke
08f2a8562f s3: Use strlcpy in pdb_ads_connect 2011-02-06 16:44:56 +01:00
Andreas Schneider
ad65605643 s3-auth: Fixed account lockout check. 2011-01-17 16:50:50 +01:00
Bjoern Baumbach
6acbcd1b0c Make sure that user exists after running add user script before adding sam account.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Tue Dec  7 17:37:52 CET 2010 on sn-devel-104
2010-12-07 17:37:52 +01:00
Günther Deschner
133a2ffd00 s3-waf: avoid module name uppercasing.
This finally allows mixed case module names like the classic build
(./configure --shared_modules=charset_CP850)

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Dec  1 18:39:14 CET 2010 on sn-devel-104
2010-12-01 18:39:14 +01:00
Jeremy Allison
e1cfca1e2e Make getpwnam_alloc() static to lib/username.c, and ensure all username lookups go
through Get_Pwnam_alloc(), which is the correct wrapper function. We were using
it *some* of the time anyway, so this just makes us properly consistent.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
2010-10-20 16:02:12 +00:00
Günther Deschner
10f95a4f1a s3-waf: fix pdb modules build.
Guenther
2010-10-18 15:57:03 +02:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Volker Lendecke
41b54a8931 s3: Remove talloc_autofree_context from pdb_interface
None of the pdb backends have special destructors that need to be run at
program exit.
2010-10-03 10:45:56 +02:00
Günther Deschner
b894847ca0 s3-waf: rework CLDAP and LIBCLI_LDAP subsystems.
Guenther
2010-09-27 00:39:38 +02:00
Günther Deschner
d7d33317c7 s3-waf: move pdb subsystem to pdb/wscript_build.
Guenther
2010-09-27 00:39:37 +02:00
Volker Lendecke
d4bfb5c488 s3: Remove talloc_autofree_context() from guest_user_info()
pwd is freed a few lines down
2010-09-26 17:36:40 +02:00
Volker Lendecke
2b601d72d5 s3: Remove talloc_autofree_context() from lookup_unix_user_name()
pwd is freed in this routine immediately
2010-09-26 03:29:28 +02:00
Volker Lendecke
9b2d3142c1 s3: Remove talloc_autofree_context() from pdb_init_ads() 2010-09-26 03:29:28 +02:00
Andrew Bartlett
d7bc452a89 s3: Replace sid_binstring and sid_guidstring with PIDL-based alternatives
This reduces the manual marshalling of these structures by removing
the duplication here.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-09-20 16:15:03 -07:00
Günther Deschner
4dbd743e46 s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.
Guenther
2010-09-20 14:04:37 -07:00
Andrew Bartlett
4bf783d4d6 s3-auth Change type of num_sids to uint32_t
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.

This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:05 +10:00
Andreas Schneider
c5cfad142c s3-passdb: Try to unlock the account if it is locked out.
Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-30 10:43:41 -04:00
Andreas Schneider
2ab0b63bd8 s3-passdb: Added a pdb_try_account_unlock function.
The function checks if the account has been autolocked. If we have a
lockout_duration and a bad password time it checks if we can unlock the
account.

Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-30 10:43:34 -04:00
Günther Deschner
7a05ca2c9c s3-build: use dbwrap.h only where needed.
Guenther
2010-08-26 00:25:55 +02:00
Günther Deschner
2b41f421fd s3-idmap: only include idmap headers where needed.
Guenther
2010-08-26 00:20:29 +02:00
Günther Deschner
7ff7eb0b52 s3-build: only include nsswitch header where needed.
Guenther
2010-08-26 00:20:28 +02:00
Günther Deschner
aba1bf4b5e s3-build: only include memcache.h where needed.
Guenther
2010-08-26 00:20:28 +02:00
Michael Adam
c45eca5751 s3:pdb_ldap: move some code in ldapsam_create_dom_group()
to make the flow more similar to ldapsam_create_user().
This prepares for calling winbind_sid_to_gid() instead of
winbind_allocate_gid(): we need the group_sid for this...

Michael
2010-08-14 02:10:30 +02:00
Günther Deschner
ae36783c7b s3-passdb: include samr.h where needed.
Guenther
2010-08-06 15:43:37 +02:00
Günther Deschner
c136b84f0d s3-secrets: only include secrets.h when needed.
Guenther
2010-08-05 10:12:25 +02:00
Volker Lendecke
c186f92437 s3: [ug]id_to_unix_... can not fail
Remove some silly failure checks
2010-07-11 17:33:34 +02:00
Björn Jacke
a679319192 s3:pdb_ldap: change LDAP password before samba password hashes
this way we can catch up with password change refuses from ldap password policy
overlays and abort the password change early.

Thanks to Andy Hanton <andyhanton@gmail.com> for the initial patch.
2010-07-06 18:50:01 +02:00
Volker Lendecke
a56c688366 s3: Fix another aspect of bug 7262 and make paged results work again 2010-07-06 17:36:18 +02:00
Volker Lendecke
3278554b3e s3: Make talloc_attrs() static 2010-07-05 12:37:13 +02:00
Günther Deschner
dff7be8ccb s3-libads: only include libds flags where needed.
Guenther
2010-07-01 23:20:40 +02:00
Andreas Schneider
ac5600fc7e s3-passdb: Make sure dn is initialized and don't free it.
dn is just a pointer to a memory which hasn't been duplicated.

Found by clang-analyzer.
2010-06-28 12:56:13 +02:00
Andreas Schneider
6d89116afe s3-passdb: Make sure we don't call free on a garbage pointer.
Found by clang-analyzer.
2010-06-28 12:56:13 +02:00
Andreas Schneider
a81b97ff34 s3-passdb: Make sure that we don't assign garbage. 2010-06-28 10:18:12 +02:00
Volker Lendecke
f66cc82709 s3: Fix EnumDomainAliases when no aliases are in LDAP
We used to return NT_STATUS_ACCESS_DENIED, now we just return 0 entries, just
like W2k8 does.

usrmgr.exe was pretty unhappy with the NT_STATUS_ACCESS_DENIED
2010-06-10 15:28:26 +02:00
Michael Adam
ba809ecb8a s3:pdb_ldap: fix bug 7505 - init_sam_from_ldap stores group in sid2uid cache 2010-06-10 12:02:05 +02:00
Karolin Seeger
8ca88e2f81 s3-passdb: Fix typo in comment.
Karolin
2010-06-10 10:34:58 +02:00
Volker Lendecke
1fd15dcb7c s3: Fix bug 7253
acct_ctrl is 32 bit in LOGIN_CACHE, but "w" as a format specifier for
tdb_unpack only writes 16 bits. Okay on x86, not okay on Solaris.

Thanks to Vladimir.Marek@Sun.COM!

Volker
2010-06-09 10:27:17 +02:00
Simo Sorce
0a7ff14617 s3:passdb Export function to calculate the proper primary group sid
Don't keep it buried in passdb, this function need to be available
for use in places where we do not want to construct an artificial
samu struct just to play tricks.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-07 22:53:08 +10:00
Matthieu Patou
57ab910b6f s3: Allow previous password to be stored and use it to check tickets
This patch is to fix bug 7099. It stores the current password in the
 previous password key when the password is changed. It also check the
 user ticket against previous password.

Signed-off-by: Günther Deschner <gd@samba.org>
2010-06-02 14:32:23 +02:00
Günther Deschner
f9f8007361 s3-build: only use ndr_security.h where needed.
Guenther
2010-05-31 11:32:37 +02:00
Simo Sorce
d85d85b851 s3:passdb Fix memory leak
We were allocating this passwd structure on sampass, but never freeing
it nor assigning it to unix_pw where it could be reused.
2010-05-29 10:54:08 -04:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 10:39:59 +02:00
Andrew Bartlett
a92b653af9 s3:passdb Remove use of uint8 uint16 and uint32 in favour of C99 types
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 10:24:55 +02:00
Günther Deschner
f6f3bb1813 s3-passdb: move get_logon_hours_from_pdb() into samr server.
Guenther
2010-05-18 21:43:05 +02:00
Andrew Bartlett
7a8e34fe86 s3:split secrets.c to put machine account secrets in a new file
This helps the s3compat effort by allowing these functions to be
replaced by functions that query the cli_credentials and secrets.ldb
APIs.

Also, this changes a couple of DOM_SID to struct dom_sid along the
way.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18 21:39:42 +02:00
Jelmer Vernooij
b8268cf7b0 s3: Remove use of iconv_convenience. 2010-05-18 11:45:31 +02:00
Günther Deschner
d7d313851a s3-tldap: only include tldap when actually needed.
Guenther
2010-05-18 00:44:27 +02:00
Günther Deschner
ca73e03eb7 security: merge builtin rid tables.
Guenther
2010-05-18 00:44:26 +02:00
Günther Deschner
3b529d50be s3-rpc_misc: clean out include/rpc_misc.h.
Well known rids don't really belong into an rpc header, just use the ones
defined in security.idl.

Guenther
2010-05-18 00:44:26 +02:00
Günther Deschner
b83ab96b16 s3-passdb: moving account_pol.c into passdb.
Guenther
2010-05-08 01:45:27 +02:00
Günther Deschner
f5ac746091 s3-pdb_ldap: fix memleak.
Guenther
2010-04-29 12:05:42 +02:00
Volker Lendecke
5197d76faa s3: Make a debug msg more readable 2010-04-28 10:55:50 +02:00
Stefan Metzmacher
9fbbaa560a s3:passdb: avoid sid_to_gid() if the sid is "domain users"
If the call fails we would use the "domain users" sid anyway.

metze
2010-03-25 21:25:27 +01:00
Volker Lendecke
ea8e0d5d54 Fix some nonempty blank lines 2010-03-25 10:24:45 +01:00
Karolin Seeger
fad0629e78 s3-builtin: Add missing builtin groups.
Karolin
2010-03-23 15:24:52 +01:00
Karolin Seeger
ef83c970ca s3-builtin: Add some builtin groups.
Karolin
2010-03-23 11:39:05 +01:00
Volker Lendecke
2b4ce9a73f s3: Make login_cache_write take a pointer 2010-03-16 22:35:41 +01:00
Volker Lendecke
276b1aa189 s3: Make login_cache_read take a pointer, avoid a malloc 2010-03-16 22:35:41 +01:00
Volker Lendecke
13a278c1b9 s3: Remove a typedef 2010-03-16 22:35:41 +01:00
Volker Lendecke
02d7cdc671 s3: Fix some nonempty blank lines 2010-03-16 22:35:41 +01:00
Karolin Seeger
7fdbbddf42 s3-passdb: Fix typo in debug message.
Karolin
2010-03-10 12:08:27 +01:00
Simo Sorce
3b12c38ac0 s3:schannel streamline interface
Make calling schannel much easier by removing the need to explicitly open the
database. Let the abstraction do it instead.
2010-02-23 12:46:50 -05:00
Andreas Schneider
b9cf55cfea s3-passdb: Remove obsolete signal type cast. 2010-02-23 12:23:42 +01:00
Volker Lendecke
2ea2d2a81e s3: Fix bug 5198 -- parse chfn(1)-change gecos field 2010-02-13 17:23:43 +01:00
Björn Jacke
9b75650f1a s3: change ldap filter to what really was intended 2010-02-10 13:48:11 +01:00
Stefan Metzmacher
4dc2be2264 s3:passdb: only use gid_to_sid() result if the result is a group of our local sam
Otherwise retry with pdb_gid_to_sid().

metze
2010-02-09 12:57:01 +01:00
Stefan Metzmacher
6753fb1cf6 s3:pdb_ldap: don't search for the users primary group, if we already know it
metze
2010-02-08 11:23:25 +01:00
Stefan Metzmacher
49ace81e19 s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches.
ldapsam_alias_memberships() does the same LDAP search twice, triggered
via add_aliases() from create_local_nt_token().

This happens when no domain aliases are used.

metze
2010-02-08 11:23:24 +01:00
Stefan Metzmacher
25038fa85f s3:pdb_ldap: try to build the full unix_pw structure with ldapsam:trusted support
And also store the gid_to_sid mappings in the idmap_cache.

metze
2010-02-08 11:23:24 +01:00
Stefan Metzmacher
e10d086956 s3:passdb: speed up pdb_get_group_sid()
Use the cached version gid_to_sid() instead
of pdb_gid_to_sid().

And also avoid the expensive lookup_sid() call
for wellkown domain groups.

metze
2010-02-08 11:23:23 +01:00
Volker Lendecke
b99046fed1 s3: Make pdb_copy_sam_account also copy the group sid
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-02-08 11:23:23 +01:00
Stefan Metzmacher
779821df8e s3: shortcut gid_to_sid when "ldapsam:trusted = yes"
The normal gid_to_sid behaviour is to call sys_getgrgid()
to get the name for the given gid and then call the
getsamgrnam passdb method for the resulting name.

In the ldapsam:trusted case we can reduce the gid_to_sid
operation to one simple search for the gidNumber attribute
and only get the sambaSID attribute from the correspoinding
LDAP object. This reduces the number of ldap roundtrips
for this operation.

metze
2010-02-08 11:23:17 +01:00
Volker Lendecke
abbd0f9195 s3: Make use of ZERO_STRUCTP 2010-02-05 21:11:17 +01:00
Volker Lendecke
3ea602a7c3 s3: Remove a pointless if-statement 2010-02-05 21:11:17 +01:00
Volker Lendecke
dcc850e3b3 s3: Make guest_user_info() static 2010-02-05 21:11:17 +01:00
Volker Lendecke
004e3e400d s3: Hide some uses of pdb_get_init_flags (which I would love to remove...) 2010-02-05 21:11:17 +01:00
Volker Lendecke
1cd7223b8e s3: Fix some nonempty blank lines 2010-02-05 21:11:17 +01:00
Stefan Metzmacher
0c93aa3cd5 s3:passdb: fix a type Domain Users has RID -513
metze
2010-02-04 15:19:50 +01:00
Jeremy Allison
69fd8461b8 Second part of fix for bug #7072 - Accounts can't be unlocked from ldap.
Missed read of entry_timestamp (was entry->entry_timestamp).

Jeremy.
2010-01-27 16:52:40 -08:00
Jeremy Allison
627fb85092 Fix bug #7072 - Accounts can't be unlocked from ldap.
Fix suggested by Andy Hanton <andyhanton@gmail.com>. The LOGIN_CACHE
struct contains two time_t entries, but was being written to and
read from via tdb_pack/tdb_unpack functions using explicit 32-bit int specifiers.
This would break on machines with a 64-bit time_t. Use correct int
sizes for tdb_pack/tdb_unpack.

We have to fix this properly before 2037 :-).

Jeremy.
2010-01-27 16:42:06 -08:00