sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code
85,515 Commits 60 Branches 1,145 Tags 452 MiB
70cb7fd214
Commit Graph

1914 Commits

Author SHA1 Message Date
Amitay Isaacs
6a18664d51 s3-passdb: Connect to specified samdb if location is provided, otherwise use default 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2011-08-13 12:30:50 +10:00
Amitay Isaacs
d7ab07e86f s3-passdb: Fix the error messages and return correct NTSTATUS 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2011-08-13 12:30:50 +10:00
Andrew Bartlett
93e8d3b381 s4-scripting Rename passdb upgrade routine to avoid conflict with upgradeprovision 2011-08-13 12:30:49 +10:00
Andrew Bartlett
00364e4e0d s3-passdb Add support for pdb_add_sam_account() and password hashes to pdb_samba4 
This will help when using this as part of the Samba3 passdb -> Samba4
ldb database upgrade script.

Andrew Bartlett
 2011-08-13 12:30:49 +10:00
Andrew Bartlett
2993113a56 s4-dsdb Add ability to force a particular SID in the upgrade case 2011-08-13 12:30:49 +10:00
Andrew Bartlett
add8505fde s3-passdb Make pdb_element_is_changed available to all passdb modules 
This will allow pdb_samba4 to use this

Andrew Bartlett
 2011-08-13 12:30:49 +10:00
Amitay Isaacs
65e12c0501 passdb: Allocate talloc stackframe before calling in pdb functions. 2011-08-13 12:30:48 +10:00
Amitay Isaacs
ae9a3274bc passdb: Call with correct backend methods instead of default methods 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2011-08-13 12:30:48 +10:00
Amitay Isaacs
2e0ccc4772 passdb: Added python wrapper to passdb 
- Added python wrapper for samu structure.

 - Added python wrapper for passdb methods:

   domain_info(), getsampwnam(), getsampwsid(), create_user(),
   delete_user(), add_sam_account(), delete_sam_account(),
   update_sam_account(), rename_sam_account(), search_users()

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2011-08-13 12:30:44 +10:00
Amitay Isaacs
08ccc6ed51 passdb: Add a function to read secrets db from a specified path 
This allows to load secrets db from a different location. The original
secrets_init() now calls secrets_init_path() with lp_private_dir().
 2011-08-13 10:25:06 +10:00
Amitay Isaacs
6f21f556c1 passdb: Add a function to expose loaded backend list. 
This function is used in python wrapper to list available python backends.
 2011-08-13 10:25:06 +10:00
Günther Deschner
51481c5912 s3-secrets: add lsa_secret passdb api. 
Guenther
 2011-07-31 22:37:26 +02:00
Günther Deschner
f9a5df8929 s3-passdb: add dummy calls to control global (replicated) secrets. 
Guenther
 2011-07-31 22:37:26 +02:00
Michael Adam
0b5c4a601a s3:dbwrap: move all .c and .h files of dbwrap to lib/dbwrap/ 
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Fri Jul 29 13:34:22 CEST 2011 on sn-devel-104
 2011-07-29 13:34:22 +02:00
Michael Adam
1abdd9b2bb s3:dbwrap: move db_open() to a file dbwrap_open.c of its own. 
Also start new folder lib/dbwrap/ where dbwrap_open.c is stored and
make the fallbacke implementation functoins non-static and create a
dbwrap_private.h header file that contains their prototypes.
 2011-07-29 12:23:13 +02:00
Andrew Tridgell
356a2cc0b0 s3-waf: the passdb subsystem needs to be called pdb 
the 'pdb' name is builtin to the passdb module loading code as a fixed
string. We need to call the subsystem pdb so that external passdb
modules end up in bin/modules/pdb/ where they can be found by the
Samba3 module loader

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2011-07-28 15:20:51 +10:00
Jeremy Allison
ee34c25c8a First part of fix for bug 8310 - toupper_ascii() is broken on big-endian systems 
Remove
int toupper_ascii(int c);
int tolower_ascii(int c);
int isupper_ascii(int c);
int islower_ascii(int c);

and replace with their _m equivalents, as they are identical.
 2011-07-19 13:19:29 -07:00
Andrew Bartlett
6e6aaacedb lib/util Move bitmap.c to lib/util 2011-07-08 11:23:23 +02:00
Andrew Bartlett
0ac4f64928 s3-build link passdb modules against libpassdb 
This ensures that they don't include a duplicate copy of
pdb_interface.c functions, because they will instead link the library.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Jul  4 12:24:50 CEST 2011 on sn-devel-104
 2011-07-04 12:24:50 +02:00
Andrew Bartlett
6b97a3b1ff s3-build allow_undefined_symbols=False is the default now 2011-07-04 19:03:52 +10:00
Günther Deschner
8bc3f957bc s3-waf: add some missing tdb dependencies. 
Guenther
 2011-06-28 16:43:01 +02:00
Andrew Bartlett
5db74b9607 lib/util Remove samba-util-common! 
All of this code is now in common, so we don't need the second
'-common' library any more!

Andrew Bartlett
 2011-06-21 09:36:22 +10:00
Rusty Russell
d925b327f4 tdb_compat: Higher level API fixes. 
My previous patches fixed up all direct TDB callers, but there are a
few utility functions and the db_context functions which are still
using the old -1 / 0 return codes.

It's clearer to fix up all the callers of these too, so everywhere is
consistent: non-zero means an error.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
 2011-06-20 11:18:35 +02:00
Sumit Bose
d5661467e1 s3-passdb: Implement new pdb trust calls for the default backend 
Signed-off-by: Simo Sorce <idra@samba.org>

Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Sun Jun 12 06:45:25 CEST 2011 on sn-devel-104
 2011-06-12 06:45:25 +02:00
Andrew Bartlett
74eed8f3ed s3-param Remove special case for global_myname(), rename to lp_netbios_name() 
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.

Andrew Bartlett
 2011-06-09 12:40:09 +02:00
Andrew Bartlett
5e26e94092 s3-talloc Change TALLOC_ZERO_ARRAY() to talloc_zero_array() 
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_ARRAY isn't standard talloc.
 2011-06-09 12:40:08 +02:00
Andrew Bartlett
ad0a07c531 s3-talloc Change TALLOC_ZERO_P() to talloc_zero() 
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_P isn't standard talloc.
 2011-06-09 12:40:08 +02:00
Andrew Bartlett
d5e6a47f06 s3-talloc Change TALLOC_P() to talloc() 
Using the standard macro makes it easier to move code into common, as
TALLOC_P isn't standard talloc.
 2011-06-09 12:40:08 +02:00
Andrew Bartlett
3d15137653 s3-talloc Change TALLOC_ARRAY() to talloc_array() 
Using the standard macro makes it easier to move code into common, as
TALLOC_ARRAY isn't standard talloc.
 2011-06-09 12:40:08 +02:00
Andrew Bartlett
73b377432c s3-talloc Change TALLOC_REALLOC_ARRAY() to talloc_realloc() 
Using the standard macro makes it easier to move code into common, as
TALLOC_REALLOC_ARRAY isn't standard talloc.

Andrew Bartlett
 2011-06-09 12:40:08 +02:00
Matthias Dieter Wallnöfer
059e735e41 s3:passdb/pdb_samba4.c - remove unused variable 
Reviewed-by: Tridge
 2011-06-09 09:35:26 +02:00
Matthias Dieter Wallnöfer
4d0c00bb33 s3:passdb/pdb_samba4.c - fix a format specifier warning 
Reviewed-by: Tridge
 2011-06-09 09:35:15 +02:00
Andrew Bartlett
d72b05cfe7 s3-passdb use new loadparm_init_s3 rather than reloading the smb.conf 2011-06-06 17:37:51 +10:00
Michael Adam
c0fc7aa129 s3:passdb: add GPL/copyright header to machine_sid.h 2011-05-31 18:37:29 +02:00
Michael Adam
7d40c88695 s3:passdb/proto.h: add _PASSDB_PROTO_H_ guard 2011-05-31 01:44:27 +02:00
Michael Adam
b3cbcd0eda s3:passdb/proto.h: add GPL/copyright comment header 2011-05-31 01:44:27 +02:00
Sean Finney
0f8018676a Fix numerous missing dependencies in WAF build scripts 
With the recent consolidation of code between s3 and s4, a number of new
dependencies have been implicitly introduced.  For example, previous s3
code gained an implicit dependency on talloc after the charset related
consolidation (lib/util/charset/charset.h now includes talloc.h).  When
building against the embedded version of talloc this isn't a problem
since the paths are automatically added to the search path, but when
building against the external libraries build failures will occur for
all components that don't directly or indirectly include talloc as
a dependency.

Since charset.h is included from util.h, which in turn is included from
includes.h, this means most of the codebase (s3 and s4) has such an
undeclared dependency.

Therefore, samba-util-common and samba-util have been added as
dependencies to the s3 and s4 code respectively, for all cases where
the source would otherwise fail to build.  Additionally, a few other
dependencies are added in specific wscript_build files to address
similar dependency-related problems.

https://bugzilla.samba.org/show_bug.cgi?id=8128

Signed-off-by: Sean Finney <seanius@seanius.net>
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed May 25 19:22:13 CEST 2011 on sn-devel-104
 2011-05-25 19:22:13 +02:00
Jeremy Allison
309a8fd7c6 Fix bug #7054 - X account flag does not work when pwdlastset is 0. 
Don't allow pass_last_set_time to be set to zero (which means
"user must change password on next logon") if user object doesn't
allow password change.

Don't automatically allow user object password change if
"user must change password on next logon" is set.

Jim please check.

Jeremy.
 2011-05-24 20:14:35 +02:00
Andrew Bartlett
da662b82b8 s3-lib Replace StrnCaseCmp() with strncasecmp_m() 
strncasecmp_m() never needs to call to talloc, and via next_codepoint()
still has an ASCII fast-path bypassing iconv() calls.

Andrew Bartlett
 2011-05-18 16:12:08 +02:00
Andrew Bartlett
a47c7f6b4c s3-passdb: added pdb_samba4 
This uses direct LDB operations and calls to the dsdb library to allow
passdb operations (such as pdbedit and smbpasswd) offline, and uses
transactions internally for database consistency.

Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
 2011-05-08 19:00:28 +02:00
Andrew Bartlett
25cfa29e29 s3-passdb Redirect domain GUID and SID queries to the passdb stack 
This is done if the passdb module supports PDB_ADS, and ensures that a
random SID is never made up locally for these directories.

This is only enabled when in the waf build, due to dependency issues.

Andrew Bartlett
 2011-05-08 17:48:33 +02:00
Günther Deschner
d8cfca3a9b s3: only include tdb headers where needed. 
Guenther
 2011-05-06 10:48:10 +02:00
Jeremy Allison
7d6ebe0de7 More const fixes. Remove CONST_DISCARD. 2011-05-06 01:44:07 +02:00
Jeremy Allison
cabd9e70e2 Simple +1 changes in hardcoded lengths when changing from safe_strcpy to strlcpy. 2011-05-04 12:12:14 -07:00
Volker Lendecke
d9c1d1f709 s3: Fix Coverity ID 2471: UNINIT 
Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Apr 14 16:22:58 CEST 2011 on sn-devel-104
 2011-04-14 16:22:58 +02:00
Volker Lendecke
ddfeccc6e4 s3: Use wbcSidsToUnixIds in create_local_token 
Signed-off-by: Jeremy Allison <jra@samba.org>
 2011-04-13 14:13:25 -07:00
Volker Lendecke
6a77b52169 s3: Fix Coverity ID 2470: STRAY_SEMICOLON 
Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Apr 13 12:57:43 CEST 2011 on sn-devel-104
 2011-04-13 12:57:43 +02:00
Andrew Bartlett
5694ba507c libcli/ldap pull LIBCLI_LDAP_MESSAGE and LIBCLI_LDAP_NDR into a library 
This reduces symbol duplication

Andrew Bartlett
 2011-04-13 11:47:36 +10:00
Volker Lendecke
5cd6d93fa1 s3: Fix Coverity ID 2472, UNINIT 
Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Apr 11 17:14:35 CEST 2011 on sn-devel-104
 2011-04-11 17:14:35 +02:00
Volker Lendecke
d2d1d17323 s3: Fix Coverity ID 2473, UNINIT 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-04-11 16:30:19 +02:00
Michael Adam
32d816d59b s3:passdb:pdb_ipa: fix a C++ implicit void * cast warnings 2011-04-07 17:08:16 +02:00
Sumit Bose
6681e451c9 s3-pdb_ipa: Create DN for new object 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-04-06 11:53:57 +02:00
Sumit Bose
1cbe59e174 s3-pdb_ipa: Add ipasam_create_dom_group() 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-04-06 11:53:56 +02:00
Sumit Bose
2ee1d09f33 s3-pdb_ipa: Add ipasam_create_user() 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-04-06 11:53:56 +02:00
Sumit Bose
c47df017dd s3-pdb_ipa: Detect IPA server 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-04-06 11:53:56 +02:00
Sumit Bose
ca22befb9c s3-pdb_ipa: Use new smbldap_make_mod_blob() without a return value 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-04-06 11:53:56 +02:00
Günther Deschner
02c6940964 s3-ipasam: rename of smbldap_make_mod_blob to _smbldap_make_mod_blob. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
 2011-04-06 11:53:56 +02:00
Sumit Bose
db76adc308 s3-pdb_ipa: Fix indentation 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-04-06 11:53:56 +02:00
Günther Deschner
a730dff783 s3-libndr: add ../librpc/ndr/libndr.h include in some places. 
Guenther
 2011-03-31 00:14:01 +02:00
Günther Deschner
33082d016e s3-passdb: move LOOKUP_NAME_ flags to passdb where they belong to. 
Guenther
 2011-03-30 15:14:55 +02:00
Günther Deschner
c2d6260f10 s3: only include lib/privileges.h where needed. 
This finally removes the global lsa.h inclusion.

Guenther
 2011-03-30 01:13:10 +02:00
Günther Deschner
1d383daf39 s3-passdb: move lsa_dom_info and lsa_name_info out of smb.h into passdb. 
Guenther
 2011-03-30 01:13:09 +02:00
Günther Deschner
a22a53ea44 s3-passdb: move util_builtin.c out of passdb. 
Guenther
 2011-03-30 01:13:08 +02:00
Günther Deschner
7d798ac485 s3-passdb: move util_unixsids.c out of passdb. 
Guenther
 2011-03-30 01:13:08 +02:00
Günther Deschner
bcee6c1fe2 s3-passdb: move util_wellknown.c out of passdb. 
Guenther
 2011-03-30 01:13:08 +02:00
Günther Deschner
f378f9f144 s3-passdb: add machine_sid.h and lookup_sid.h 
Guenther
 2011-03-30 01:13:08 +02:00
Günther Deschner
2f36ef7225 s3-passdb: add passdb.h where needed. 
Guenther
 2011-03-30 01:13:07 +02:00
Günther Deschner
35c2d8ec1e s3-passdb: move passdb headers to passdb/proto.h. 
Guenther
 2011-03-30 01:13:07 +02:00
Günther Deschner
03e6082e3c s3: create_builtin_users/administrators belongs to passdb not auth. 
Guenther
 2011-03-30 01:13:07 +02:00
Günther Deschner
0e771263ee s3-includes: only include system/filesys.h when needed. 
Guenther
 2011-03-30 01:13:07 +02:00
Günther Deschner
49fcf653b1 s3-includes: only include system/passwd.h when needed. 
Guenther
 2011-03-30 01:13:07 +02:00
Günther Deschner
d85f140826 s3-winbind: remove global inclusion of libwbclient. 
Guenther
 2011-03-30 01:13:06 +02:00
Günther Deschner
96487959e9 lib/util/util_pw: share more code between lib/util/util_pw.c and source3/lib/username.c 
Guenther
 2011-03-30 01:13:06 +02:00
Günther Deschner
64421129b6 lib/util/util_pw: share sys_get{pw,gr} group of calls. 
Guenther
 2011-03-30 01:13:06 +02:00
Volker Lendecke
c07be5f747 s3: Fix Coverity ID 976: BAD_SIZEOF 2011-03-27 22:22:10 +02:00
Volker Lendecke
08e4e7fef7 s3: Fix Coverity ID 513: UNINIT 2011-03-27 22:22:10 +02:00
Volker Lendecke
f762886687 s3: Fix Coverity ID 2328: FORWARD_NULL 
Make startsmbfilepwent robust against an invalid open type
 2011-03-27 11:25:34 +02:00
Günther Deschner
ba510fae23 s3-ldapsam: fix ldapsam_create_user() with existing posix accounts. 
We were not taking into account the existing posix attributes and thus failed
while trying to add a 2nd uid attribute.

Found by Sumit.

Guenther
 2011-03-24 23:08:22 +01:00
Andrew Tridgell
15e84a9a09 charcnv: removed the allow_badcharcnv and allow_bad_conv options to convert_string*() 
we shouldn't accept bad multi-byte strings, it just hides problems

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
 2011-03-24 01:47:26 +01:00
Jeremy Allison
3d6a92a37b Fix compiler warning in debug message. 2011-03-17 10:35:10 -07:00
Volker Lendecke
4668ac8b16 s3: Fix Coverity ID 1034, CHECKED_RETURN 
In all other places we check the result of secrets_init.
 2011-03-16 21:14:58 +01:00
Volker Lendecke
9bc14afe96 s3: Fix a cut&paste error in pdb_ads_connect 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Mar 16 08:22:28 CET 2011 on sn-devel-104
 2011-03-16 08:22:28 +01:00
Volker Lendecke
420be02a60 s3: Read uidNumber/gidNumber in pdb_ads_sid_to_id 
Question: How shall we allocate those? Something like the rid allocator?

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Mar 15 09:59:55 CET 2011 on sn-devel-104
 2011-03-15 09:59:55 +01:00
Volker Lendecke
16b007c223 Quite some callers of sid_split_rid do not care about the rid 2011-03-10 18:48:34 +01:00
Volker Lendecke
f6f8ec8d8b s3: Move EXOP definitions to smbldap.h 
This attempts to fix the build on Solaris

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Mar  6 10:45:16 CET 2011 on sn-devel-104
 2011-03-06 10:45:16 +01:00
Volker Lendecke
ae28029f67 s3: Remove an obsolete comment 2011-03-03 22:08:49 +01:00
Günther Deschner
93db9489fd s3-libds: use already existing ../libds/common/flag_mapping.h header. 
Guenther
 2011-03-02 22:17:17 +01:00
Jelmer Vernooij
59a077d8f5 Fix some types 
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
 2011-02-28 23:30:06 +01:00
Jeremy Allison
f7b4209f99 Fix one more warning introduced by changing the size of UNIX_USER_TOKEN->ngroups from size_t to uint32_t. 
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Feb 28 22:43:50 CET 2011 on sn-devel-104
 2011-02-28 22:43:50 +01:00
Gregor Beck
6710561c27 s3: add functions to remove entries from idmap memcache 2011-02-28 12:58:43 +01:00
Gregor Beck
01e7611050 s3: add functions to flush the idmap memcache 2011-02-28 12:58:37 +01:00
Volker Lendecke
cfffd0f3a0 s3: Fix pdb_ads_enum_group_memberships args 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Feb 26 11:37:10 CET 2011 on sn-devel-104
 2011-02-26 11:37:10 +01:00
Volker Lendecke
56f02e8520 s3: Fix filtering in pdb_ads_search_users 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Feb 22 20:59:07 CET 2011 on sn-devel-104
 2011-02-22 20:59:07 +01:00
Volker Lendecke
ecb65332ea s3: Fix some nonempty blank lines 2011-02-22 19:18:57 +01:00
Stefan Metzmacher
d7fa349052 s3:auth: change num_groups to from size_t to uint32_t 
This will help with the change from UNIX_USER_TOKEN to security_unix_token

metze
 2011-02-22 16:20:11 +11:00
Günther Deschner
dcf23f022f s3-pdb_ipa: remove uninitialized (and unused) status code. 
Guenther
 2011-02-21 18:03:20 +01:00
Volker Lendecke
367b35b1ff s3: Fix pdb_ads_enum_aliasmem for empty aliases 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb 20 21:40:40 CET 2011 on sn-devel-104
 2011-02-20 21:40:40 +01:00
Volker Lendecke
ff6c175ae6 s3: Support SetGroupInfo in pdb_ads 2011-02-20 20:50:14 +01:00
Volker Lendecke
95126034b0 s3: Fix a debug message 2011-02-20 20:50:14 +01:00
Volker Lendecke
4c45078d8f s3: Fix pdb_ads_enum_group_members for empty groups 2011-02-20 20:50:14 +01:00
Volker Lendecke
288b396411 s3: Fix error returns in pdb_ads_mod_groupmem 2011-02-20 20:50:13 +01:00
Volker Lendecke
ac19b39577 s3: Fix return code of pdb_ads_getsamupriv if the user does not exist 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb 20 11:12:01 CET 2011 on sn-devel-104
 2011-02-20 11:12:01 +01:00
Volker Lendecke
5f953b1ef8 s3: Add ACB_NORMAL to workstations, match RPC-SAMR 2011-02-20 10:23:29 +01:00
Volker Lendecke
351b672426 s3: Make QueryDispInfo and QueryInfo match for guest 2011-02-20 10:23:29 +01:00
Volker Lendecke
9971061a9d s3: Pass logonHours through pdb_ads 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Feb 19 12:22:08 CET 2011 on sn-devel-104
 2011-02-19 12:22:08 +01:00
Volker Lendecke
943aac2e36 s3: Add "len" to pdb_set_hours 2011-02-19 11:32:49 +01:00
Volker Lendecke
6f3008e627 s3: Let pdb_ads write accountExpires 2011-02-19 11:32:49 +01:00
Volker Lendecke
478d74fe14 s3: Fix pdb_ads_pull_time 2011-02-19 11:32:49 +01:00
Andrew Tridgell
c8b2b10976 s3-waf: use SAMBA3_*() build rules in source3/build 
this brings the s3 waf build much closer to the proposed s3build top
level build, using the same bld.SAMBA3_*() rules

There are a few renames of subsystems in here, with a 3 suffix where
it would create a conflict.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2011-02-18 16:46:41 +11:00
Günther Deschner
67dfc87291 s3-lsa: only proceed in _lsa_EnumTrustedDomainsEx when backend has trusted domain support. 
Guenther
 2011-02-17 16:02:20 +01:00
Sumit Bose
bfa7964da8 s3-ipasam: Add aliases for trusted domain user 
Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb 16 12:58:13 CET 2011 on sn-devel-104
 2011-02-16 12:58:13 +01:00
Sumit Bose
d638f4a3b8 s3-lsa: Implement lsaRSetForestTrustInformation 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-02-16 11:44:06 +01:00
Sumit Bose
cc3b67fa1f s3-ipasam: add IPA specific attributes 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-02-16 11:44:06 +01:00
Sumit Bose
8fa440c820 s3-ipasam: add pdb_ipasam_capabilities() and pdb_ipasam_get_domain_info() 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-02-16 11:44:05 +01:00
Sumit Bose
72de982289 s3-ipasam: add ipasam_get_trusted_domain_by_sid() 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-02-16 11:44:04 +01:00
Sumit Bose
b4bc1f8f5c s3-ipasam: add wrapper for ipasam_enum_trusteddoms() 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-02-16 11:44:04 +01:00
Sumit Bose
4e60954071 s3-ipasam: implement enum_trusted_domains 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-02-16 11:34:45 +01:00
Sumit Bose
8ddbb48869 s3-ipasam: implement {get,set,del}_trusted_domain 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-02-16 11:34:45 +01:00
Sumit Bose
c96fd895b9 s3-passdb: make priv2ld() public 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-02-16 11:34:45 +01:00
Sumit Bose
b4dd65d3f9 s3-passdb: add {get,set,del,enum}_trusted_domain calls 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-02-16 11:34:44 +01:00
Sumit Bose
2e78022066 s3-ipasam: Disable old trustdom_pw calls 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-02-16 11:34:44 +01:00
Sumit Bose
4fa210d76a s3-passdb: Add minimal stub for IPA passdb backend 
Signed-off-by: Günther Deschner <gd@samba.org>
 2011-02-16 11:34:31 +01:00
Volker Lendecke
ab85362cff s3: Support "codePage" in pdb_ads 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Feb 15 22:00:27 CET 2011 on sn-devel-104
 2011-02-15 22:00:27 +01:00
Volker Lendecke
ead7ffa1a7 s3: Add "code_page" to struct samu 2011-02-15 21:12:22 +01:00
Volker Lendecke
8bbf0ad2a0 s3: Support "country_code" in pdb_ads 2011-02-15 21:12:22 +01:00
Volker Lendecke
d9d0fef862 s3: Add "country_code" to struct samu 2011-02-15 21:12:22 +01:00
Volker Lendecke
7a2cbdafa8 s3: Add userWorkstations and userParameters to pdb_ads 2011-02-15 21:12:22 +01:00
Günther Deschner
a32f0ff2f0 s3-waf: TLDAP is only needed by pdb_ads (and smbtorture). 
Guenther
 2011-02-15 12:09:22 +01:00
Volker Lendecke
5d63c503f7 s3: Add "comment" and "description" to pdb_ads 
This is pending a change to samldb_description_check, we might have to modify
the description with a TLDAP_MOD_REPLACE operation.

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb 13 17:56:58 CET 2011 on sn-devel-104
 2011-02-13 17:56:58 +01:00
Volker Lendecke
60df3c0679 s3: Make "net sam list [users|workstations]" list only the right things 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb 13 12:59:14 CET 2011 on sn-devel-104
 2011-02-13 12:59:14 +01:00
Volker Lendecke
f49ad6d073 s3: Remove an unneeded proto 2011-02-13 12:11:53 +01:00
Volker Lendecke
9331bc378d s3: Fix some nonempty blank lines 2011-02-13 12:11:53 +01:00
Volker Lendecke
fe551d6815 s3: Convert tldap_entry_values args to "array, count" 2011-02-13 12:11:53 +01:00
Volker Lendecke
84abb428f6 s3: Add an explicit counter to tldap_add_mod_[blobs|str] 2011-02-13 12:11:53 +01:00
Volker Lendecke
158c1e315b s3: Convert tldap_make_mod_fmt args to "array, count" 2011-02-13 12:11:52 +01:00
Volker Lendecke
6b492a1741 s3: Convert tldap_add_mod_blobs args to "array, count" 2011-02-13 12:11:52 +01:00
Volker Lendecke
30e72e0d0a s3: Align the args of pdb_ads_update_sam_account to tldap_modify 2011-02-13 12:11:52 +01:00
Volker Lendecke
d38ab83bab s3: Make "smbpasswd <user>" work with pdb_ads 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Feb 12 15:17:39 CET 2011 on sn-devel-104
 2011-02-12 15:17:39 +01:00
Günther Deschner
8015514c5b s3-waf: use bld.env.HAVE_LDAP in some more places, hopefully fixes the builds w/o ldap. 
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Feb 11 13:08:38 CET 2011 on sn-devel-104
 2011-02-11 13:08:38 +01:00
Volker Lendecke
efa460e291 s3: Align the args in tldap_modify 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Feb 10 23:20:05 CET 2011 on sn-devel-104
 2011-02-10 23:20:05 +01:00
Volker Lendecke
b524e58f9a s3: Align tldap_add and tldap_add_send 2011-02-10 22:34:01 +01:00
Volker Lendecke
0539ca51ab s3: Add primary group in pdb_ads_enum_group_memberships 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb  6 18:41:08 CET 2011 on sn-devel-104
 2011-02-06 18:41:08 +01:00
Volker Lendecke
d515c6cd5c s3: Fix auth_netlogond to cope with netlogon_creds_CredentialState 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Feb  6 17:30:48 CET 2011 on sn-devel-104
 2011-02-06 17:30:48 +01:00
Volker Lendecke
47d07df37f s3: Fix a potential memleak in secrets_fetch_trusted_domain_password 2011-02-06 16:44:56 +01:00
Volker Lendecke
8c367162f0 s3: In pdb_ads, cope with artificial samu structs 2011-02-06 16:44:56 +01:00
Volker Lendecke
08f2a8562f s3: Use strlcpy in pdb_ads_connect 2011-02-06 16:44:56 +01:00
Andreas Schneider
ad65605643 s3-auth: Fixed account lockout check. 2011-01-17 16:50:50 +01:00
Bjoern Baumbach
6acbcd1b0c Make sure that user exists after running add user script before adding sam account. 
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Tue Dec  7 17:37:52 CET 2010 on sn-devel-104
 2010-12-07 17:37:52 +01:00
Günther Deschner
133a2ffd00 s3-waf: avoid module name uppercasing. 
This finally allows mixed case module names like the classic build
(./configure --shared_modules=charset_CP850)

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Dec  1 18:39:14 CET 2010 on sn-devel-104
 2010-12-01 18:39:14 +01:00
Jeremy Allison
e1cfca1e2e Make getpwnam_alloc() static to lib/username.c, and ensure all username lookups go 
through Get_Pwnam_alloc(), which is the correct wrapper function. We were using
it *some* of the time anyway, so this just makes us properly consistent.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104
 2010-10-20 16:02:12 +00:00
Günther Deschner
10f95a4f1a s3-waf: fix pdb modules build. 
Guenther
 2010-10-18 15:57:03 +02:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h 
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
 2010-10-12 05:54:10 +00:00
Volker Lendecke
41b54a8931 s3: Remove talloc_autofree_context from pdb_interface 
None of the pdb backends have special destructors that need to be run at
program exit.
 2010-10-03 10:45:56 +02:00
Günther Deschner
b894847ca0 s3-waf: rework CLDAP and LIBCLI_LDAP subsystems. 
Guenther
 2010-09-27 00:39:38 +02:00
Günther Deschner
d7d33317c7 s3-waf: move pdb subsystem to pdb/wscript_build. 
Guenther
 2010-09-27 00:39:37 +02:00
Volker Lendecke
d4bfb5c488 s3: Remove talloc_autofree_context() from guest_user_info() 
pwd is freed a few lines down
 2010-09-26 17:36:40 +02:00
Volker Lendecke
2b601d72d5 s3: Remove talloc_autofree_context() from lookup_unix_user_name() 
pwd is freed in this routine immediately
 2010-09-26 03:29:28 +02:00
Volker Lendecke
9b2d3142c1 s3: Remove talloc_autofree_context() from pdb_init_ads() 2010-09-26 03:29:28 +02:00
Andrew Bartlett
d7bc452a89 s3: Replace sid_binstring and sid_guidstring with PIDL-based alternatives 
This reduces the manual marshalling of these structures by removing
the duplication here.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-09-20 16:15:03 -07:00
Günther Deschner
4dbd743e46 s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions. 
Guenther
 2010-09-20 14:04:37 -07:00
Andrew Bartlett
4bf783d4d6 s3-auth Change type of num_sids to uint32_t 
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.

This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-09-11 18:46:05 +10:00
Andreas Schneider
c5cfad142c s3-passdb: Try to unlock the account if it is locked out. 
Signed-off-by: Simo Sorce <idra@samba.org>
 2010-08-30 10:43:41 -04:00
Andreas Schneider
2ab0b63bd8 s3-passdb: Added a pdb_try_account_unlock function. 
The function checks if the account has been autolocked. If we have a
lockout_duration and a bad password time it checks if we can unlock the
account.

Signed-off-by: Simo Sorce <idra@samba.org>
 2010-08-30 10:43:34 -04:00
Günther Deschner
7a05ca2c9c s3-build: use dbwrap.h only where needed. 
Guenther
 2010-08-26 00:25:55 +02:00
Günther Deschner
2b41f421fd s3-idmap: only include idmap headers where needed. 
Guenther
 2010-08-26 00:20:29 +02:00
Günther Deschner
7ff7eb0b52 s3-build: only include nsswitch header where needed. 
Guenther
 2010-08-26 00:20:28 +02:00
Günther Deschner
aba1bf4b5e s3-build: only include memcache.h where needed. 
Guenther
 2010-08-26 00:20:28 +02:00
Michael Adam
c45eca5751 s3:pdb_ldap: move some code in ldapsam_create_dom_group() 
to make the flow more similar to ldapsam_create_user().
This prepares for calling winbind_sid_to_gid() instead of
winbind_allocate_gid(): we need the group_sid for this...

Michael
 2010-08-14 02:10:30 +02:00
Günther Deschner
ae36783c7b s3-passdb: include samr.h where needed. 
Guenther
 2010-08-06 15:43:37 +02:00
Günther Deschner
c136b84f0d s3-secrets: only include secrets.h when needed. 
Guenther
 2010-08-05 10:12:25 +02:00
Volker Lendecke
c186f92437 s3: [ug]id_to_unix_... can not fail 
Remove some silly failure checks
 2010-07-11 17:33:34 +02:00
Björn Jacke
a679319192 s3:pdb_ldap: change LDAP password before samba password hashes 
this way we can catch up with password change refuses from ldap password policy
overlays and abort the password change early.

Thanks to Andy Hanton <andyhanton@gmail.com> for the initial patch.
 2010-07-06 18:50:01 +02:00
Volker Lendecke
a56c688366 s3: Fix another aspect of bug 7262 and make paged results work again 2010-07-06 17:36:18 +02:00
Volker Lendecke
3278554b3e s3: Make talloc_attrs() static 2010-07-05 12:37:13 +02:00
Günther Deschner
dff7be8ccb s3-libads: only include libds flags where needed. 
Guenther
 2010-07-01 23:20:40 +02:00
Andreas Schneider
ac5600fc7e s3-passdb: Make sure dn is initialized and don't free it. 
dn is just a pointer to a memory which hasn't been duplicated.

Found by clang-analyzer.
 2010-06-28 12:56:13 +02:00
Andreas Schneider
6d89116afe s3-passdb: Make sure we don't call free on a garbage pointer. 
Found by clang-analyzer.
 2010-06-28 12:56:13 +02:00
Andreas Schneider
a81b97ff34 s3-passdb: Make sure that we don't assign garbage. 2010-06-28 10:18:12 +02:00
Volker Lendecke
f66cc82709 s3: Fix EnumDomainAliases when no aliases are in LDAP 
We used to return NT_STATUS_ACCESS_DENIED, now we just return 0 entries, just
like W2k8 does.

usrmgr.exe was pretty unhappy with the NT_STATUS_ACCESS_DENIED
 2010-06-10 15:28:26 +02:00
Michael Adam
ba809ecb8a s3:pdb_ldap: fix bug 7505 - init_sam_from_ldap stores group in sid2uid cache 2010-06-10 12:02:05 +02:00
Karolin Seeger
8ca88e2f81 s3-passdb: Fix typo in comment. 
Karolin
 2010-06-10 10:34:58 +02:00
Volker Lendecke
1fd15dcb7c s3: Fix bug 7253 
acct_ctrl is 32 bit in LOGIN_CACHE, but "w" as a format specifier for
tdb_unpack only writes 16 bits. Okay on x86, not okay on Solaris.

Thanks to Vladimir.Marek@Sun.COM!

Volker
 2010-06-09 10:27:17 +02:00
Simo Sorce
0a7ff14617 s3:passdb Export function to calculate the proper primary group sid 
Don't keep it buried in passdb, this function need to be available
for use in places where we do not want to construct an artificial
samu struct just to play tricks.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-07 22:53:08 +10:00
Matthieu Patou
57ab910b6f s3: Allow previous password to be stored and use it to check tickets 
This patch is to fix bug 7099. It stores the current password in the
 previous password key when the password is changed. It also check the
 user ticket against previous password.

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-06-02 14:32:23 +02:00
Günther Deschner
f9f8007361 s3-build: only use ndr_security.h where needed. 
Guenther
 2010-05-31 11:32:37 +02:00
Simo Sorce
d85d85b851 s3:passdb Fix memory leak 
We were allocating this passwd structure on sampass, but never freeing
it nor assigning it to unix_pw where it could be reused.
 2010-05-29 10:54:08 -04:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid 
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-21 10:39:59 +02:00
Andrew Bartlett
a92b653af9 s3:passdb Remove use of uint8 uint16 and uint32 in favour of C99 types 
Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-21 10:24:55 +02:00
Günther Deschner
f6f3bb1813 s3-passdb: move get_logon_hours_from_pdb() into samr server. 
Guenther
 2010-05-18 21:43:05 +02:00
Andrew Bartlett
7a8e34fe86 s3:split secrets.c to put machine account secrets in a new file 
This helps the s3compat effort by allowing these functions to be
replaced by functions that query the cli_credentials and secrets.ldb
APIs.

Also, this changes a couple of DOM_SID to struct dom_sid along the
way.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
 2010-05-18 21:39:42 +02:00
Jelmer Vernooij
b8268cf7b0 s3: Remove use of iconv_convenience. 2010-05-18 11:45:31 +02:00
Günther Deschner
d7d313851a s3-tldap: only include tldap when actually needed. 
Guenther
 2010-05-18 00:44:27 +02:00
Günther Deschner
ca73e03eb7 security: merge builtin rid tables. 
Guenther
 2010-05-18 00:44:26 +02:00
Günther Deschner
3b529d50be s3-rpc_misc: clean out include/rpc_misc.h. 
Well known rids don't really belong into an rpc header, just use the ones
defined in security.idl.

Guenther
 2010-05-18 00:44:26 +02:00
Günther Deschner
b83ab96b16 s3-passdb: moving account_pol.c into passdb. 
Guenther
 2010-05-08 01:45:27 +02:00
Günther Deschner
f5ac746091 s3-pdb_ldap: fix memleak. 
Guenther
 2010-04-29 12:05:42 +02:00
Volker Lendecke
5197d76faa s3: Make a debug msg more readable 2010-04-28 10:55:50 +02:00
Stefan Metzmacher
9fbbaa560a s3:passdb: avoid sid_to_gid() if the sid is "domain users" 
If the call fails we would use the "domain users" sid anyway.

metze
 2010-03-25 21:25:27 +01:00
Volker Lendecke
ea8e0d5d54 Fix some nonempty blank lines 2010-03-25 10:24:45 +01:00
Karolin Seeger
fad0629e78 s3-builtin: Add missing builtin groups. 
Karolin
 2010-03-23 15:24:52 +01:00
Karolin Seeger
ef83c970ca s3-builtin: Add some builtin groups. 
Karolin
 2010-03-23 11:39:05 +01:00
Volker Lendecke
2b4ce9a73f s3: Make login_cache_write take a pointer 2010-03-16 22:35:41 +01:00
Volker Lendecke
276b1aa189 s3: Make login_cache_read take a pointer, avoid a malloc 2010-03-16 22:35:41 +01:00
Volker Lendecke
13a278c1b9 s3: Remove a typedef 2010-03-16 22:35:41 +01:00
Volker Lendecke
02d7cdc671 s3: Fix some nonempty blank lines 2010-03-16 22:35:41 +01:00
Karolin Seeger
7fdbbddf42 s3-passdb: Fix typo in debug message. 
Karolin
 2010-03-10 12:08:27 +01:00
Simo Sorce
3b12c38ac0 s3:schannel streamline interface 
Make calling schannel much easier by removing the need to explicitly open the
database. Let the abstraction do it instead.
 2010-02-23 12:46:50 -05:00
Andreas Schneider
b9cf55cfea s3-passdb: Remove obsolete signal type cast. 2010-02-23 12:23:42 +01:00
Volker Lendecke
2ea2d2a81e s3: Fix bug 5198 -- parse chfn(1)-change gecos field 2010-02-13 17:23:43 +01:00
Björn Jacke
9b75650f1a s3: change ldap filter to what really was intended 2010-02-10 13:48:11 +01:00
Stefan Metzmacher
4dc2be2264 s3:passdb: only use gid_to_sid() result if the result is a group of our local sam 
Otherwise retry with pdb_gid_to_sid().

metze
 2010-02-09 12:57:01 +01:00
Stefan Metzmacher
6753fb1cf6 s3:pdb_ldap: don't search for the users primary group, if we already know it 
metze
 2010-02-08 11:23:25 +01:00
Stefan Metzmacher
49ace81e19 s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches. 
ldapsam_alias_memberships() does the same LDAP search twice, triggered
via add_aliases() from create_local_nt_token().

This happens when no domain aliases are used.

metze
 2010-02-08 11:23:24 +01:00
Stefan Metzmacher
25038fa85f s3:pdb_ldap: try to build the full unix_pw structure with ldapsam:trusted support 
And also store the gid_to_sid mappings in the idmap_cache.

metze
 2010-02-08 11:23:24 +01:00
Stefan Metzmacher
e10d086956 s3:passdb: speed up pdb_get_group_sid() 
Use the cached version gid_to_sid() instead
of pdb_gid_to_sid().

And also avoid the expensive lookup_sid() call
for wellkown domain groups.

metze
 2010-02-08 11:23:23 +01:00
Volker Lendecke
b99046fed1 s3: Make pdb_copy_sam_account also copy the group sid 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2010-02-08 11:23:23 +01:00
Stefan Metzmacher
779821df8e s3: shortcut gid_to_sid when "ldapsam:trusted = yes" 
The normal gid_to_sid behaviour is to call sys_getgrgid()
to get the name for the given gid and then call the
getsamgrnam passdb method for the resulting name.

In the ldapsam:trusted case we can reduce the gid_to_sid
operation to one simple search for the gidNumber attribute
and only get the sambaSID attribute from the correspoinding
LDAP object. This reduces the number of ldap roundtrips
for this operation.

metze
 2010-02-08 11:23:17 +01:00
Volker Lendecke
abbd0f9195 s3: Make use of ZERO_STRUCTP 2010-02-05 21:11:17 +01:00
Volker Lendecke
3ea602a7c3 s3: Remove a pointless if-statement 2010-02-05 21:11:17 +01:00
Volker Lendecke
dcc850e3b3 s3: Make guest_user_info() static 2010-02-05 21:11:17 +01:00
Volker Lendecke
004e3e400d s3: Hide some uses of pdb_get_init_flags (which I would love to remove...) 2010-02-05 21:11:17 +01:00
Volker Lendecke
1cd7223b8e s3: Fix some nonempty blank lines 2010-02-05 21:11:17 +01:00
Stefan Metzmacher
0c93aa3cd5 s3:passdb: fix a type Domain Users has RID -513 
metze
 2010-02-04 15:19:50 +01:00
Jeremy Allison
69fd8461b8 Second part of fix for bug #7072 - Accounts can't be unlocked from ldap. 
Missed read of entry_timestamp (was entry->entry_timestamp).

Jeremy.
 2010-01-27 16:52:40 -08:00
Jeremy Allison
627fb85092 Fix bug #7072 - Accounts can't be unlocked from ldap. 
Fix suggested by Andy Hanton <andyhanton@gmail.com>. The LOGIN_CACHE
struct contains two time_t entries, but was being written to and
read from via tdb_pack/tdb_unpack functions using explicit 32-bit int specifiers.
This would break on machines with a 64-bit time_t. Use correct int
sizes for tdb_pack/tdb_unpack.

We have to fix this properly before 2037 :-).

Jeremy.
 2010-01-27 16:42:06 -08:00
Volker Lendecke
9fcbe3a65c s3: Remove some pointless uses of string_sid_talloc 2010-01-23 14:35:37 +01:00
Volker Lendecke
253465456a s3:pdb_ldap: Fix large paged search. 
Fix bug #6981 (Paged Search with DirX LDAP server broken).
(cherry picked from commit 0a3b576c0a)
 2010-01-21 15:33:42 +01:00
Stefan Metzmacher
ac224452b9 s3:pdb_ldap: restore Samba 3.0.x behavior and use the first "uid" value. 
See bug #6157 for more details.

metze

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 25806f43dd)
 2010-01-14 02:27:34 +01:00
Volker Lendecke
373dcf45cf s3: Remove a pointless if-statement 2010-01-12 13:55:07 +01:00
Volker Lendecke
48251c3370 s3: Use sid_check_is_in_our_domain instead of a direct sid_peek_check_rid 2010-01-10 20:56:16 +01:00
Volker Lendecke
3ea64e0ad8 s3: Replace most calls to sid_append_rid() by sid_compose() 2010-01-10 20:56:16 +01:00
Michael Adam
017ccd0bda s3:passdb: store the plain nt passwords hashes in history, not salted md5 
This is in order to be able to do challenge response with the history,
so that this can be checked when an invalid password was entered:
If the given password is wrong but in the history, then the bad password
count should not be updated...

The "lucky" bit here is that the md5 has and the nt hash (md4) both are
16 bytes long.

This is part of the fix for bug #4347 .

Michael
 2010-01-07 16:51:17 +01:00
Volker Lendecke
5e2fc28b63 s3: Simplify pdb_set_plaintext_passwd: pwhistory==NULL can not happen anymore 2010-01-07 11:07:54 +01:00
Volker Lendecke
2a11f3b3d7 s3: Simplify pdb_set_plaintext_passwd: pwHistLen==0 was checked above 2010-01-07 11:07:54 +01:00
Volker Lendecke
ec0998ada5 s3: Add a paranoia check to pdb_set_plaintext_passwd() 2010-01-07 11:07:54 +01:00
Volker Lendecke
a3f522202d s3: Simplify pdb_set_plaintext_passwd() by removing a redundant condition 
if (current_history_len != pwHistLen) {
     if (current_history_len < pwHistLen) {
     }
}

The second "if" is a bit pointless here
 2010-01-07 11:07:54 +01:00
Volker Lendecke
7633837026 s3: Simplify pdb_set_plaintext_passwd: memcpy deals fine with 0 bytes 2010-01-07 11:07:53 +01:00
Volker Lendecke
864ed92954 s3: Simplify pdb_set_plaintext_passwd by using talloc_zero_array 2010-01-07 11:07:53 +01:00
Volker Lendecke
e7290255f5 s3: Make use of talloc_array in pdb_set_plaintext_passwd() 2010-01-07 11:07:53 +01:00
Volker Lendecke
7ba006430f s3: Simplify pdb_set_plaintext_passwd() a bit 
Remove an indentation by the early return in

+       if (pwHistLen == 0) {
+               /* Set the history length to zero. */
+               pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
+               return true;
+       }
 2010-01-07 11:07:52 +01:00
Volker Lendecke
ca6c1cdd5f s3: Simplify pdb_set_plaintext_passwd() slightly 
No functional change, this just removes an indentation level by the early
"return True;" in

+       if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) == 0) {
+               /*
+                * No password history for non-user accounts
+                */
+               return true;
+       }

Volker
 2010-01-07 11:07:52 +01:00
Michael Adam
2fad148b27 s3:pdb_set_pw_history: free the old history before setting the new. 
This is not strictly necessary, since this only leaks into the
struct samu, and this is not so long-lived in the code path that
changes the password, but it definitely correct and does not harm.

Michael
 2010-01-07 11:07:51 +01:00
Michael Adam
71e3de6c9f s3:pdb_ldap:init_sam_from_ldap: untangle an assignment from the check 
to enhance readability and denbuggability.

Michael
 2010-01-07 11:07:51 +01:00
Volker Lendecke
129e976c47 s3: "startsmbfilepwent" only looks at the inode -- is that enough? 2009-11-29 11:22:04 +01:00
Volker Lendecke
44ce5603dd s3: Pass the "fake dir create times" parameter to sys_*stat 
Step 0 to restore it as a per-share paramter
 2009-11-29 11:22:01 +01:00
Michael Adam
557535302c s3:pdb_ldap: fix a comment typo 
Michael
 2009-11-19 17:55:47 +01:00
Michael Adam
457055871a s3: shortcut uid_to_sid when "ldapsam:trusted = yes" 
The normal uid_to_sid behaviour is to call sys_getpwuid()
to get the name for the given uid and then call the
getsampwnam passdb method for the resulting name.

In the ldapsam:trusted case we can reduce the uid_to_sid
operation to one simple search for the uidNumber attribute
and only get the sambaSID attribute from the correspoinding
LDAP object. This reduces the number of ldap roundtrips
for this operation.

Michael
 2009-11-19 17:55:47 +01:00
Michael Adam
30ab3a762e s3:passdb: remove the uid_to_rid method - we only need uid_to_sid 
Michael
 2009-11-14 01:28:50 +01:00
Michael Adam
3b7448de14 s3:pdb_default_uid_to_sid: fix some debug statements. 
Michael
 2009-11-14 01:27:45 +01:00
Michael Adam
1e3c4b381a s3:smbd: also fill the memcache with sid<->id mappings in ldapsam_sid_to_id() 
not only the persistent idmap cache.

Michael
 2009-11-13 16:19:32 +01:00