The Samba-Bugzilla – Attachment 10547 Details for
Bug 11017
Backport libsamba-passdb patches from master
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Backports for v4-2-test (bugs #10355, #10720, #11016)
tmp42.diff.txt (text/plain), 101.14 KB, created by
Stefan Metzmacher
on 2014-12-18 07:54:18 UTC
(
hide
)
Description:
Backports for v4-2-test (bugs #10355, #10720, #11016)
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2014-12-18 07:54:18 UTC
Size:
101.14 KB
patch
obsolete
>From f39c27f2628c814ad510ca7381aeb2e9fba9a87b Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 3 Oct 2014 05:14:21 +1300 >Subject: [PATCH 01/17] credentials: Set secure_channel_type from secrets.tdb > in cli_credentials_set_machine_account > >This should ensure more parts of the source4 code can work with a >password set in secrets.tdb. > >Andrew Bartlett > >Change-Id: I4a890a719246b073898333d2e04841904c6e1a5d >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit adb3eb79ea828b6e6e1858c3d1b8b5ffe868f8ed) >--- > auth/credentials/credentials_secrets.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > >diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c >index 625ce20..4f2aeb5 100644 >--- a/auth/credentials/credentials_secrets.c >+++ b/auth/credentials/credentials_secrets.c >@@ -239,6 +239,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr > time_t secrets_tdb_lct = 0; > char *secrets_tdb_password = NULL; > char *secrets_tdb_old_password = NULL; >+ uint32_t secrets_tdb_secure_channel_type = SEC_CHAN_NULL; > char *keystr; > char *keystr_upper = NULL; > char *secrets_tdb; >@@ -287,6 +288,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr > if (NT_STATUS_IS_OK(status)) { > secrets_tdb_password = (char *)dbuf.dptr; > } >+ > keystr = talloc_asprintf(tmp_ctx, "%s/%s", > SECRETS_MACHINE_PASSWORD_PREV, > domain); >@@ -296,6 +298,16 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr > if (NT_STATUS_IS_OK(status)) { > secrets_tdb_old_password = (char *)dbuf.dptr; > } >+ >+ keystr = talloc_asprintf(tmp_ctx, "%s/%s", >+ SECRETS_MACHINE_SEC_CHANNEL_TYPE, >+ domain); >+ keystr_upper = strupper_talloc(tmp_ctx, keystr); >+ status = dbwrap_fetch(db_ctx, tmp_ctx, string_tdb_data(keystr_upper), >+ &dbuf); >+ if (NT_STATUS_IS_OK(status) && dbuf.dsize == 4) { >+ secrets_tdb_secure_channel_type = IVAL(dbuf.dptr,0); >+ } > } > > filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER, >@@ -323,6 +335,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr > cli_credentials_set_domain(cred, domain, CRED_SPECIFIED); > cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED); > cli_credentials_set_password_last_changed_time(cred, secrets_tdb_lct); >+ cli_credentials_set_secure_channel_type(cred, secrets_tdb_secure_channel_type); > status = NT_STATUS_OK; > } else if (!NT_STATUS_IS_OK(status)) { > if (db_ctx) { >-- >1.9.1 > > >From 388e12b3829b75b8eb29121693c3f0f26a6712eb Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 3 Oct 2014 05:14:56 +1300 >Subject: [PATCH 02/17] credentials: Improve error message on failure to set > machine account password > >Change-Id: I4136067d6d0e5cfe92770a2e7efa39f4ebcb2aca >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 89daf5dc534ab03724a2622d3b6b4d6783756bae) >--- > auth/credentials/credentials_secrets.c | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) > >diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c >index 4f2aeb5..8607973 100644 >--- a/auth/credentials/credentials_secrets.c >+++ b/auth/credentials/credentials_secrets.c >@@ -339,10 +339,12 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr > status = NT_STATUS_OK; > } else if (!NT_STATUS_IS_OK(status)) { > if (db_ctx) { >- error_string = talloc_asprintf(cred, >- "Failed to fetch machine account password from " >- "secrets.ldb: %s and failed to fetch %s from %s", >- error_string, keystr_upper, secrets_tdb); >+ error_string >+ = talloc_asprintf(cred, >+ "Failed to fetch machine account password for %s from both " >+ "secrets.ldb (%s) and from %s", >+ domain, error_string, >+ dbwrap_name(db_ctx)); > } else { > error_string = talloc_asprintf(cred, > "Failed to fetch machine account password from " >-- >1.9.1 > > >From a5757e2df19b85e04d3cbdc96e82567d85fdd40f Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 3 Oct 2014 06:32:39 +1300 >Subject: [PATCH 03/17] credentials: Allow the secret.tdb handle to be passed > in to cli_credentials_set_machine_account() > >This adds a new wrapper, cli_credentials_set_machine_account_db_ctx() > >Andrew Bartlett > >Change-Id: Ia2cceefede4ba9cf7f8de41986daf9372c19d997 >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 35b8ed7710f60abcc70e0b070afc16bf3faef263) >--- > auth/credentials/credentials.h | 16 +++++++++ > auth/credentials/credentials_secrets.c | 61 ++++++++++++++++++++++++++-------- > 2 files changed, 64 insertions(+), 13 deletions(-) > >diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h >index fdd35bb..2da47d2 100644 >--- a/auth/credentials/credentials.h >+++ b/auth/credentials/credentials.h >@@ -36,6 +36,7 @@ struct ccache_container; > struct gssapi_creds_container; > struct smb_krb5_context; > struct keytab_container; >+struct db_context; > > /* In order of priority */ > enum credentials_obtained { >@@ -161,6 +162,21 @@ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred, > const char *serviceprincipal); > NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred, > struct loadparm_context *lp_ctx); >+/** >+ * Fill in credentials for the machine trust account, from the >+ * secrets.ldb or passed in handle to secrets.tdb (perhaps in CTDB). >+ * >+ * This version is used in parts of the code that can link in the >+ * CTDB dbwrap backend, by passing down the already open handle. >+ * >+ * @param cred Credentials structure to fill in >+ * @param db_ctx dbwrap context for secrets.tdb >+ * @retval NTSTATUS error detailing any failure >+ */ >+NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credentials *cred, >+ struct loadparm_context *lp_ctx, >+ struct db_context *db_ctx); >+ > bool cli_credentials_authentication_requested(struct cli_credentials *cred); > void cli_credentials_guess(struct cli_credentials *cred, > struct loadparm_context *lp_ctx); >diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c >index 8607973..13717b1 100644 >--- a/auth/credentials/credentials_secrets.c >+++ b/auth/credentials/credentials_secrets.c >@@ -231,6 +231,43 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, > _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred, > struct loadparm_context *lp_ctx) > { >+ struct db_context *db_ctx; >+ char *secrets_tdb_path; >+ >+ secrets_tdb_path = lpcfg_private_db_path(cred, lp_ctx, "secrets"); >+ if (secrets_tdb_path == NULL) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ >+ db_ctx = dbwrap_local_open(cred, lp_ctx, secrets_tdb_path, 0, >+ TDB_DEFAULT, O_RDWR, 0600, >+ DBWRAP_LOCK_ORDER_1, >+ DBWRAP_FLAG_NONE); >+ TALLOC_FREE(secrets_tdb_path); >+ >+ /* >+ * We do not check for errors here, we might not have a >+ * secrets.tdb at all, and so we just need to check the >+ * secrets.ldb >+ */ >+ return cli_credentials_set_machine_account_db_ctx(cred, lp_ctx, db_ctx); >+} >+ >+/** >+ * Fill in credentials for the machine trust account, from the >+ * secrets.ldb or passed in handle to secrets.tdb (perhaps in CTDB). >+ * >+ * This version is used in parts of the code that can link in the >+ * CTDB dbwrap backend, by passing down the already open handle. >+ * >+ * @param cred Credentials structure to fill in >+ * @param db_ctx dbwrap context for secrets.tdb >+ * @retval NTSTATUS error detailing any failure >+ */ >+_PUBLIC_ NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credentials *cred, >+ struct loadparm_context *lp_ctx, >+ struct db_context *db_ctx) >+{ > NTSTATUS status; > char *filter; > char *error_string; >@@ -242,22 +279,11 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr > uint32_t secrets_tdb_secure_channel_type = SEC_CHAN_NULL; > char *keystr; > char *keystr_upper = NULL; >- char *secrets_tdb; >- struct db_context *db_ctx; > TALLOC_CTX *tmp_ctx = talloc_named(cred, 0, "cli_credentials_set_secrets from ldb"); > if (!tmp_ctx) { > return NT_STATUS_NO_MEMORY; > } >- secrets_tdb = lpcfg_private_db_path(cred, lp_ctx, "secrets"); >- if (!secrets_tdb) { >- TALLOC_FREE(tmp_ctx); >- return NT_STATUS_NO_MEMORY; >- } >- >- db_ctx = dbwrap_local_open(cred, lp_ctx, secrets_tdb, 0, >- TDB_DEFAULT, O_RDWR, 0600, >- DBWRAP_LOCK_ORDER_1, >- DBWRAP_FLAG_NONE); >+ > /* Bleh, nasty recursion issues: We are setting a machine > * account here, so we don't want the 'pending' flag around > * any more */ >@@ -346,10 +372,19 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr > domain, error_string, > dbwrap_name(db_ctx)); > } else { >+ char *secrets_tdb_path; >+ >+ secrets_tdb_path = lpcfg_private_db_path(tmp_ctx, >+ lp_ctx, >+ "secrets"); >+ if (secrets_tdb_path == NULL) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ > error_string = talloc_asprintf(cred, > "Failed to fetch machine account password from " > "secrets.ldb: %s and failed to open %s", >- error_string, secrets_tdb); >+ error_string, secrets_tdb_path); > } > DEBUG(1, ("Could not find machine account in secrets database: %s: %s\n", > error_string, nt_errstr(status))); >-- >1.9.1 > > >From 7d25feab09d79215aaf3c94769a0b27a1bc102e3 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 6 Oct 2014 13:51:25 +1300 >Subject: [PATCH 04/17] auth/credentials: Ensure that we set the realm when > reading secrets.tdb > >Otherwise, we try and kinit as host$@DOMAIN and that will not work. > >Andrew Bartlett > >Change-Id: Id2fde673423e74dfa1e6ac48f47f49c61ee59779 >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit e9dc6423d3f1ab3401314e134ecc574fc5d4c18b) >--- > auth/credentials/credentials_secrets.c | 3 +++ > 1 file changed, 3 insertions(+) > >diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c >index 13717b1..d259a4d 100644 >--- a/auth/credentials/credentials_secrets.c >+++ b/auth/credentials/credentials_secrets.c >@@ -359,6 +359,9 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credenti > cli_credentials_set_password(cred, secrets_tdb_password, CRED_SPECIFIED); > cli_credentials_set_old_password(cred, secrets_tdb_old_password, CRED_SPECIFIED); > cli_credentials_set_domain(cred, domain, CRED_SPECIFIED); >+ if (strequal(domain, lpcfg_workgroup(lp_ctx))) { >+ cli_credentials_set_realm(cred, lpcfg_realm(lp_ctx), CRED_SPECIFIED); >+ } > cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED); > cli_credentials_set_password_last_changed_time(cred, secrets_tdb_lct); > cli_credentials_set_secure_channel_type(cred, secrets_tdb_secure_channel_type); >-- >1.9.1 > > >From 51c997945f30dae88a1e474cc83c240d0042f8c1 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 3 Oct 2014 06:35:28 +1300 >Subject: [PATCH 05/17] passdb: Use common code in > cli_credentials_set_machine_account_db_ctx() > >This avoids some duplication in setting the machine account passsword >for the domain member and DC case. > >This does not yet remove the duplication, that requires a bigger >restructure of the various routines used here to obtain the machine >and domain trust secrets. > >Also no longer used is the timeout/2 code to not set the previous >password. It is now always passed to the caller. > >Andrew Bartlett > >Change-Id: Idd5bafedf4cbac30b174955d743ec4128a6902ee >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 37f5d822d636d4286bd8ee64c7e9e44ae1a297e1) >--- > source3/passdb/passdb.c | 66 +++++++++++++++++++++++++++++++++++++------------ > 1 file changed, 50 insertions(+), 16 deletions(-) > >diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c >index 70d8626..02f0a78 100644 >--- a/source3/passdb/passdb.c >+++ b/source3/passdb/passdb.c >@@ -2521,9 +2521,58 @@ NTSTATUS pdb_get_trust_credentials(const char *netbios_domain, > char *prev_pw = NULL; > struct samr_Password cur_nt_hash; > struct cli_credentials *creds = NULL; >- struct pdb_get_trust_credentials_state *state = NULL; > bool ok; > >+ lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers()); >+ if (lp_ctx == NULL) { >+ DEBUG(1, ("loadparm_init_s3 failed\n")); >+ status = NT_STATUS_INTERNAL_ERROR; >+ goto fail; >+ } >+ >+ creds = cli_credentials_init(mem_ctx); >+ if (creds == NULL) { >+ status = NT_STATUS_NO_MEMORY; >+ goto fail; >+ } >+ >+ cli_credentials_set_conf(creds, lp_ctx); >+ >+ ok = cli_credentials_set_domain(creds, netbios_domain, CRED_SPECIFIED); >+ if (!ok) { >+ status = NT_STATUS_NO_MEMORY; >+ goto fail; >+ } >+ >+ /* >+ * If this is our primary trust relationship, use the common >+ * code to read the secrets.ldb or secrets.tdb file. >+ */ >+ if (strequal(netbios_domain, lp_workgroup())) { >+ struct db_context *db_ctx = secrets_db_ctx(); >+ if (db_ctx == NULL) { >+ DEBUG(1, ("failed to open secrets.tdb to obtain our trust credentials for %s\n", >+ netbios_domain)); >+ status = NT_STATUS_INTERNAL_ERROR; >+ goto fail; >+ } >+ >+ status = cli_credentials_set_machine_account_db_ctx(creds, >+ lp_ctx, >+ db_ctx); >+ if (!NT_STATUS_IS_OK(status)) { >+ goto fail; >+ } >+ goto done; >+ } else if (!IS_DC) { >+ DEBUG(1, ("Refusing to get trust account info for %s, " >+ "which is not our primary domain %s, " >+ "as we are not a DC\n", >+ netbios_domain, lp_workgroup())); >+ status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; >+ goto fail; >+ } >+ > ok = get_trust_pw_clear2(netbios_domain, > &_account_name, > &channel, >@@ -2551,21 +2600,6 @@ NTSTATUS pdb_get_trust_credentials(const char *netbios_domain, > goto fail; > } > >- lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers()); >- if (lp_ctx == NULL) { >- DEBUG(1, ("loadparm_init_s3 failed\n")); >- status = NT_STATUS_INTERNAL_ERROR; >- goto fail; >- } >- >- creds = cli_credentials_init(mem_ctx); >- if (creds == NULL) { >- status = NT_STATUS_NO_MEMORY; >- goto fail; >- } >- >- cli_credentials_set_conf(creds, lp_ctx); >- > cli_credentials_set_secure_channel_type(creds, channel); > cli_credentials_set_password_last_changed_time(creds, last_set_time); > >-- >1.9.1 > > >From 015adec3458103eb9a1dde90edd39101b4d3da0c Mon Sep 17 00:00:00 2001 >From: David Disseldorp <ddiss@samba.org> >Date: Sun, 2 Nov 2014 20:21:27 +0100 >Subject: [PATCH 06/17] account_pol: don't leak state_path onto talloc tos > >Also check for allocation failures. > >Signed-off-by: David Disseldorp <ddiss@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit f88535e56e23e27492851c0fc6e9a86cfdaab041) >--- > source3/passdb/account_pol.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > >diff --git a/source3/passdb/account_pol.c b/source3/passdb/account_pol.c >index 5f2c7ab..6b1066e 100644 >--- a/source3/passdb/account_pol.c >+++ b/source3/passdb/account_pol.c >@@ -214,24 +214,32 @@ bool init_account_policy(void) > uint32_t version = 0; > int i; > NTSTATUS status; >+ char *db_path; > > if (db != NULL) { > return True; > } > >- db = db_open(NULL, state_path("account_policy.tdb"), 0, TDB_DEFAULT, >+ db_path = state_path("account_policy.tdb"); >+ if (db_path == NULL) { >+ return false; >+ } >+ >+ db = db_open(NULL, db_path, 0, TDB_DEFAULT, > O_RDWR, 0600, DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > > if (db == NULL) { /* the account policies files does not exist or open > * failed, try to create a new one */ >- db = db_open(NULL, state_path("account_policy.tdb"), 0, >+ db = db_open(NULL, db_path, 0, > TDB_DEFAULT, O_RDWR|O_CREAT, 0600, > DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); > if (db == NULL) { > DEBUG(0,("Failed to open account policy database\n")); >+ TALLOC_FREE(db_path); > return False; > } > } >+ TALLOC_FREE(db_path); > > status = dbwrap_fetch_uint32_bystring(db, vstring, &version); > if (!NT_STATUS_IS_OK(status)) { >-- >1.9.1 > > >From 06e7803c7b53b52605426f3d4a1472fabbe04107 Mon Sep 17 00:00:00 2001 >From: David Disseldorp <ddiss@samba.org> >Date: Sun, 2 Nov 2014 20:21:28 +0100 >Subject: [PATCH 07/17] pdb_tdb: don't leak state_path onto talloc tos > >Also check for allocation failures. > >Signed-off-by: David Disseldorp <ddiss@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 6d5b8dd70e542840a96c45b916b1bd2b9685697f) >--- > source3/passdb/pdb_tdb.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > >diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c >index 94d9d52..ba1f1d4 100644 >--- a/source3/passdb/pdb_tdb.c >+++ b/source3/passdb/pdb_tdb.c >@@ -329,15 +329,21 @@ static bool tdbsam_upgrade_next_rid(struct db_context *db) > uint32 rid; > bool ok = false; > NTSTATUS status; >+ char *db_path; > > status = dbwrap_fetch_uint32_bystring(db, NEXT_RID_STRING, &rid); > if (NT_STATUS_IS_OK(status)) { > return true; > } > >- tdb = tdb_open_log(state_path("winbindd_idmap.tdb"), 0, >- TDB_DEFAULT, O_RDONLY, 0644); >+ db_path = state_path("winbindd_idmap.tdb"); >+ if (db_path == NULL) { >+ return false; >+ } > >+ tdb = tdb_open_log(db_path, 0, >+ TDB_DEFAULT, O_RDONLY, 0644); >+ TALLOC_FREE(db_path); > if (tdb) { > ok = tdb_fetch_uint32(tdb, "RID_COUNTER", &rid); > if (!ok) { >-- >1.9.1 > > >From 02315ff7f7cf4d5dd699e307419d5fa0848e39cf Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 11 Nov 2014 10:36:23 +0000 >Subject: [PATCH 08/17] pdb_tdb: Avoid a nasty error message with ctdb > >ctdb gives us 0-sized records for deleted passdb entries > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: David Disseldorp <ddiss@samba.org> > >Autobuild-User(master): David Disseldorp <ddiss@samba.org> >Autobuild-Date(master): Tue Nov 11 16:19:37 CET 2014 on sn-devel-104 > >(cherry picked from commit c2bda5bfae2cac4e473f2ae42775d2e35995c790) >--- > source3/passdb/pdb_tdb.c | 6 ++++++ > 1 file changed, 6 insertions(+) > >diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c >index ba1f1d4..d1ff006f 100644 >--- a/source3/passdb/pdb_tdb.c >+++ b/source3/passdb/pdb_tdb.c >@@ -602,6 +602,12 @@ static NTSTATUS tdbsam_getsampwnam (struct pdb_methods *my_methods, > return NT_STATUS_NO_SUCH_USER; > } > >+ if (data.dsize == 0) { >+ DEBUG(5, ("%s: Got 0-sized record for key %s\n", __func__, >+ keystr)); >+ return NT_STATUS_NO_SUCH_USER; >+ } >+ > /* unpack the buffer */ > > if (!init_samu_from_buffer(user, SAMU_BUFFER_LATEST, data.dptr, data.dsize)) { >-- >1.9.1 > > >From ac1418ed7d79df283aa4f6233a54c5ce5ae079c8 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 26 Feb 2014 20:16:26 +0100 >Subject: [PATCH 09/17] s3:passdb: always copy the history in > pdb_set_plaintext_passwd() > >We should not write to memory marked as const >(returned from pdb_get_pw_history())! > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 966192ee16d6802da5c2b046d2488ddd1a7ec960) >--- > source3/passdb/pdb_get_set.c | 33 ++++++++++++++------------------- > 1 file changed, 14 insertions(+), 19 deletions(-) > >diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c >index 0d7f4cb..1b716f4 100644 >--- a/source3/passdb/pdb_get_set.c >+++ b/source3/passdb/pdb_get_set.c >@@ -1001,6 +1001,7 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext) > uchar *pwhistory; > uint32_t pwHistLen; > uint32_t current_history_len; >+ const uint8_t *current_history; > > if (!plaintext) > return False; >@@ -1051,33 +1052,27 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext) > * the pw_history was first loaded into the struct samu struct > * and now.... JRA. > */ >- pwhistory = (uchar *)pdb_get_pw_history(sampass, ¤t_history_len); >- >- if ((current_history_len != 0) && (pwhistory == NULL)) { >+ current_history = pdb_get_pw_history(sampass, ¤t_history_len); >+ if ((current_history_len != 0) && (current_history == NULL)) { > DEBUG(1, ("pdb_set_plaintext_passwd: pwhistory == NULL!\n")); > return false; > } > >- if (current_history_len < pwHistLen) { >- /* >- * Ensure we have space for the needed history. This >- * also takes care of an account which did not have >- * any history at all so far, i.e. pwhistory==NULL >- */ >- uchar *new_history = talloc_zero_array( >+ /* >+ * Ensure we have space for the needed history. This >+ * also takes care of an account which did not have >+ * any history at all so far, i.e. pwhistory==NULL >+ */ >+ pwhistory = talloc_zero_array( > sampass, uchar, > pwHistLen*PW_HISTORY_ENTRY_LEN); >- >- if (!new_history) { >- return False; >- } >- >- memcpy(new_history, pwhistory, >- current_history_len*PW_HISTORY_ENTRY_LEN); >- >- pwhistory = new_history; >+ if (!pwhistory) { >+ return false; > } > >+ memcpy(pwhistory, current_history, >+ current_history_len*PW_HISTORY_ENTRY_LEN); >+ > /* > * Make room for the new password in the history list. > */ >-- >1.9.1 > > >From 7d6ad0bf986a2cb7a4c6d06b0107c40dee4d5b21 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 26 Feb 2014 20:16:26 +0100 >Subject: [PATCH 10/17] s3:passdb: avoid invalid pointer type warnings in > pdb_wbc_sam.c > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 7ec8401f82994070eaaf81ff067c0cd0576d58e3) >--- > source3/passdb/pdb_wbc_sam.c | 19 +++++++++++++------ > 1 file changed, 13 insertions(+), 6 deletions(-) > >diff --git a/source3/passdb/pdb_wbc_sam.c b/source3/passdb/pdb_wbc_sam.c >index 655890f..2343649 100644 >--- a/source3/passdb/pdb_wbc_sam.c >+++ b/source3/passdb/pdb_wbc_sam.c >@@ -135,18 +135,21 @@ static NTSTATUS pdb_wbc_sam_lookup_rids(struct pdb_methods *methods, > enum lsa_SidType *attrs) > { > NTSTATUS result = NT_STATUS_OK; >+ const char *p = NULL; >+ const char **pp = NULL; > char *domain = NULL; > char **account_names = NULL; > enum lsa_SidType *attr_list = NULL; > int i; > > if (!winbind_lookup_rids(talloc_tos(), domain_sid, num_rids, rids, >- (const char **)&domain, >- (const char ***)&account_names, &attr_list)) >+ &p, &pp, &attr_list)) > { > result = NT_STATUS_NONE_MAPPED; > goto done; > } >+ domain = discard_const_p(char, p); >+ account_names = discard_const_p(char *, pp); > > memcpy(attrs, attr_list, num_rids * sizeof(enum lsa_SidType)); > >@@ -243,16 +246,18 @@ static NTSTATUS pdb_wbc_sam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map > struct dom_sid sid) > { > NTSTATUS result = NT_STATUS_OK; >+ const char *p1 = NULL, *p2 = NULL; > char *name = NULL; > char *domain = NULL; > enum lsa_SidType name_type; > gid_t gid; > >- if (!winbind_lookup_sid(talloc_tos(), &sid, (const char **)&domain, >- (const char **) &name, &name_type)) { >+ if (!winbind_lookup_sid(talloc_tos(), &sid, &p1, &p2, &name_type)) { > result = NT_STATUS_NO_SUCH_GROUP; > goto done; > } >+ domain = discard_const_p(char, p1); >+ name = discard_const_p(char, p2); > > if ((name_type != SID_NAME_DOM_GRP) && > (name_type != SID_NAME_DOMAIN) && >@@ -282,6 +287,7 @@ static NTSTATUS pdb_wbc_sam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map > gid_t gid) > { > NTSTATUS result = NT_STATUS_OK; >+ const char *p1 = NULL, *p2 = NULL; > char *name = NULL; > char *domain = NULL; > struct dom_sid sid; >@@ -292,11 +298,12 @@ static NTSTATUS pdb_wbc_sam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map > goto done; > } > >- if (!winbind_lookup_sid(talloc_tos(), &sid, (const char **)&domain, >- (const char **)&name, &name_type)) { >+ if (!winbind_lookup_sid(talloc_tos(), &sid, &p1, &p2, &name_type)) { > result = NT_STATUS_NO_SUCH_GROUP; > goto done; > } >+ domain = discard_const_p(char, p1); >+ name = discard_const_p(char, p2); > > if ((name_type != SID_NAME_DOM_GRP) && > (name_type != SID_NAME_DOMAIN) && >-- >1.9.1 > > >From 3eb5361451ce0949da58a143d9c2bce3c4d7e311 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Tue, 25 Nov 2014 14:45:26 +1300 >Subject: [PATCH 11/17] idmap: unify passdb *id_to_sid methods > >Instead of passing down gid or uid, a pointer to a unixid is now sent >down. This acts as an in-out variable so that the idmap functions can >correctly receive ID_TYPE_BOTH, filling in cache details correctly >rather than forcing the cache to store ID_TYPE_UID or ID_TYPE_GID. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=10720 > >Change-Id: I11409a0f498e61a3c0a6ae606dd7af1135e6b066 >Pair-programmed-with: Andrew Bartlett <abarlet@samba.org> >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 7979c6cc50eaa792e5094866878c63df36e715c3) >--- > source3/include/passdb.h | 28 ++++++++++++++++------ > source3/passdb/lookup_sid.c | 19 ++++++++++++--- > source3/passdb/pdb_interface.c | 51 +++++++++++++++++++++-------------------- > source3/passdb/pdb_ldap.c | 24 ++++++++++++++++--- > source3/passdb/pdb_samba_dsdb.c | 46 +++++++++++-------------------------- > source3/passdb/pdb_wbc_sam.c | 23 +++++++++++-------- > source3/passdb/py_passdb.c | 13 +++++++++-- > source3/utils/net_sam.c | 6 ++++- > source3/winbindd/idmap_passdb.c | 16 ++----------- > 9 files changed, 129 insertions(+), 97 deletions(-) > >diff --git a/source3/include/passdb.h b/source3/include/passdb.h >index 86cb16e..16e3bef 100644 >--- a/source3/include/passdb.h >+++ b/source3/include/passdb.h >@@ -415,9 +415,10 @@ enum pdb_policy_type { > * Changed to 21, set/enum_upn_suffixes. AB. > * Changed to 22, idmap control functions > * Changed to 23, new idmap control functions >+ * Changed to 24, removed uid_to_sid and gid_to_sid, replaced with id_to_sid > */ > >-#define PASSDB_INTERFACE_VERSION 23 >+#define PASSDB_INTERFACE_VERSION 24 > > struct pdb_methods > { >@@ -560,10 +561,16 @@ struct pdb_methods > struct pdb_search *search, > const struct dom_sid *sid); > >- bool (*uid_to_sid)(struct pdb_methods *methods, uid_t uid, >- struct dom_sid *sid); >- bool (*gid_to_sid)(struct pdb_methods *methods, gid_t gid, >- struct dom_sid *sid); >+ /* >+ * Instead of passing down a gid or uid, this function sends down a pointer >+ * to a unixid. >+ * >+ * This acts as an in-out variable so that the idmap functions can correctly >+ * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing >+ * the cache to store ID_TYPE_UID or ID_TYPE_GID. >+ */ >+ bool (*id_to_sid)(struct pdb_methods *methods, struct unixid *id, >+ struct dom_sid *sid); > bool (*sid_to_id)(struct pdb_methods *methods, const struct dom_sid *sid, > struct unixid *id); > >@@ -889,8 +896,15 @@ NTSTATUS pdb_lookup_names(const struct dom_sid *domain_sid, > bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value); > bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value); > bool pdb_get_seq_num(time_t *seq_num); >-bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid); >-bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid); >+/* >+ * Instead of passing down a gid or uid, this function sends down a pointer >+ * to a unixid. >+ * >+ * This acts as an in-out variable so that the idmap functions can correctly >+ * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing >+ * the cache to store ID_TYPE_UID or ID_TYPE_GID. >+ */ >+bool pdb_id_to_sid(struct unixid *id, struct dom_sid *sid); > bool pdb_sid_to_id(const struct dom_sid *sid, struct unixid *id); > uint32_t pdb_capabilities(void); > bool pdb_new_rid(uint32_t *rid); >diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c >index d541719..494a840 100644 >--- a/source3/passdb/lookup_sid.c >+++ b/source3/passdb/lookup_sid.c >@@ -1029,11 +1029,15 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, > static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid) > { > bool ret; >+ struct unixid id; > > ZERO_STRUCTP(psid); > >+ id.id = uid; >+ id.type = ID_TYPE_UID; >+ > become_root(); >- ret = pdb_uid_to_sid(uid, psid); >+ ret = pdb_id_to_sid(&id, psid); > unbecome_root(); > > if (ret) { >@@ -1059,11 +1063,15 @@ static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid) > static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid) > { > bool ret; >+ struct unixid id; > > ZERO_STRUCTP(psid); > >+ id.id = gid; >+ id.type = ID_TYPE_GID; >+ > become_root(); >- ret = pdb_gid_to_sid(gid, psid); >+ ret = pdb_id_to_sid(&id, psid); > unbecome_root(); > > if (ret) { >@@ -1527,8 +1535,13 @@ NTSTATUS get_primary_group_sid(TALLOC_CTX *mem_ctx, > } > } else { > /* Try group mapping */ >+ struct unixid id; >+ >+ id.id = pwd->pw_gid; >+ id.type = ID_TYPE_GID; >+ > ZERO_STRUCTP(group_sid); >- if (pdb_gid_to_sid(pwd->pw_gid, group_sid)) { >+ if (pdb_id_to_sid(&id, group_sid)) { > need_lookup_sid = true; > } > } >diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c >index ed42961..9dee9d2 100644 >--- a/source3/passdb/pdb_interface.c >+++ b/source3/passdb/pdb_interface.c >@@ -1204,35 +1204,23 @@ bool pdb_get_seq_num(time_t *seq_num) > return NT_STATUS_IS_OK(pdb->get_seq_num(pdb, seq_num)); > } > >-bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid) >-{ >- struct pdb_methods *pdb = pdb_get_methods(); >- bool ret; >- >- ret = pdb->uid_to_sid(pdb, uid, sid); >- >- if (ret == true) { >- struct unixid id; >- id.id = uid; >- id.type = ID_TYPE_UID; >- idmap_cache_set_sid2unixid(sid, &id); >- } >- >- return ret; >-} >- >-bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid) >+/* >+ * Instead of passing down a gid or uid, this function sends down a pointer >+ * to a unixid. >+ * >+ * This acts as an in-out variable so that the idmap functions can correctly >+ * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing >+ * the cache to store ID_TYPE_UID or ID_TYPE_GID. >+ */ >+bool pdb_id_to_sid(struct unixid *id, struct dom_sid *sid) > { > struct pdb_methods *pdb = pdb_get_methods(); > bool ret; > >- ret = pdb->gid_to_sid(pdb, gid, sid); >+ ret = pdb->id_to_sid(pdb, id, sid); > > if (ret == true) { >- struct unixid id; >- id.id = gid; >- id.type = ID_TYPE_GID; >- idmap_cache_set_sid2unixid(sid, &id); >+ idmap_cache_set_sid2unixid(sid, id); > } > > return ret; >@@ -1458,6 +1446,20 @@ static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid, > return true; > } > >+static bool pdb_default_id_to_sid(struct pdb_methods *methods, struct unixid *id, >+ struct dom_sid *sid) >+{ >+ switch (id->type) { >+ case ID_TYPE_UID: >+ return pdb_default_uid_to_sid(methods, id->id, sid); >+ >+ case ID_TYPE_GID: >+ return pdb_default_gid_to_sid(methods, id->id, sid); >+ >+ default: >+ return false; >+ } >+} > /** > * The "Unix User" and "Unix Group" domains have a special > * id mapping that is a rid-algorithm with range starting at 0. >@@ -2614,8 +2616,7 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) > (*methods)->get_account_policy = pdb_default_get_account_policy; > (*methods)->set_account_policy = pdb_default_set_account_policy; > (*methods)->get_seq_num = pdb_default_get_seq_num; >- (*methods)->uid_to_sid = pdb_default_uid_to_sid; >- (*methods)->gid_to_sid = pdb_default_gid_to_sid; >+ (*methods)->id_to_sid = pdb_default_id_to_sid; > (*methods)->sid_to_id = pdb_default_sid_to_id; > > (*methods)->search_groups = pdb_default_search_groups; >diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c >index 0458e56..0d2c302 100644 >--- a/source3/passdb/pdb_ldap.c >+++ b/source3/passdb/pdb_ldap.c >@@ -3017,6 +3017,7 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods, > NTSTATUS result; > > struct dom_sid sid; >+ struct unixid id; > > int rc; > >@@ -3082,7 +3083,10 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods, > goto done; > } > >- if (pdb_gid_to_sid(map->gid, &sid)) { >+ id.id = map->gid; >+ id.type = ID_TYPE_GID; >+ >+ if (pdb_id_to_sid(&id, &sid)) { > DEBUG(3, ("Gid %u is already mapped to SID %s, refusing to " > "add\n", (unsigned int)map->gid, sid_string_dbg(&sid))); > result = NT_STATUS_GROUP_EXISTS; >@@ -5128,6 +5132,21 @@ static bool ldapsam_gid_to_sid(struct pdb_methods *methods, gid_t gid, > return ret; > } > >+static bool ldapsam_id_to_sid(struct pdb_methods *methods, struct unixid *id, >+ struct dom_sid *sid) >+{ >+ switch (id->type) { >+ case ID_TYPE_UID: >+ return ldapsam_uid_to_sid(methods, id->id, sid); >+ >+ case ID_TYPE_GID: >+ return ldapsam_gid_to_sid(methods, id->id, sid); >+ >+ default: >+ return false; >+ } >+} >+ > > /* > * The following functions are called only if >@@ -6487,8 +6506,7 @@ NTSTATUS pdb_ldapsam_init_common(struct pdb_methods **pdb_method, > ldapsam_enum_group_memberships; > (*pdb_method)->lookup_rids = ldapsam_lookup_rids; > (*pdb_method)->sid_to_id = ldapsam_sid_to_id; >- (*pdb_method)->uid_to_sid = ldapsam_uid_to_sid; >- (*pdb_method)->gid_to_sid = ldapsam_gid_to_sid; >+ (*pdb_method)->id_to_sid = ldapsam_id_to_sid; > > if (lp_parm_bool(-1, "ldapsam", "editposix", False)) { > (*pdb_method)->create_user = ldapsam_create_user; >diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c >index 465cc24..5fa2c2f 100644 >--- a/source3/passdb/pdb_samba_dsdb.c >+++ b/source3/passdb/pdb_samba_dsdb.c >@@ -2042,8 +2042,16 @@ static bool pdb_samba_dsdb_search_aliases(struct pdb_methods *m, > return true; > } > >-static bool pdb_samba_dsdb_uid_to_sid(struct pdb_methods *m, uid_t uid, >- struct dom_sid *sid) >+/* >+ * Instead of taking a gid or uid, this function takes a pointer to a >+ * unixid. >+ * >+ * This acts as an in-out variable so that the idmap functions can correctly >+ * receive ID_TYPE_BOTH, and this function ensures cache details are filled >+ * correctly rather than forcing the cache to store ID_TYPE_UID or ID_TYPE_GID. >+ */ >+static bool pdb_samba_dsdb_id_to_sid(struct pdb_methods *m, struct unixid *id, >+ struct dom_sid *sid) > { > struct pdb_samba_dsdb_state *state = talloc_get_type_abort( > m->private_data, struct pdb_samba_dsdb_state); >@@ -2055,8 +2063,7 @@ static bool pdb_samba_dsdb_uid_to_sid(struct pdb_methods *m, uid_t uid, > return false; > } > >- id_map.xid.id = uid; >- id_map.xid.type = ID_TYPE_UID; >+ id_map.xid = *id; > id_maps[0] = &id_map; > id_maps[1] = NULL; > >@@ -2065,33 +2072,9 @@ static bool pdb_samba_dsdb_uid_to_sid(struct pdb_methods *m, uid_t uid, > talloc_free(tmp_ctx); > return false; > } >- *sid = *id_map.sid; >- talloc_free(tmp_ctx); >- return true; >-} > >-static bool pdb_samba_dsdb_gid_to_sid(struct pdb_methods *m, gid_t gid, >- struct dom_sid *sid) >-{ >- struct pdb_samba_dsdb_state *state = talloc_get_type_abort( >- m->private_data, struct pdb_samba_dsdb_state); >- NTSTATUS status; >- struct id_map id_map; >- struct id_map *id_maps[2]; >- TALLOC_CTX *tmp_ctx = talloc_stackframe(); >- if (!tmp_ctx) { >- return false; >- } >- >- id_map.xid.id = gid; >- id_map.xid.type = ID_TYPE_GID; >- id_maps[0] = &id_map; >- id_maps[1] = NULL; >- >- status = idmap_xids_to_sids(state->idmap_ctx, tmp_ctx, id_maps); >- if (!NT_STATUS_IS_OK(status)) { >- talloc_free(tmp_ctx); >- return false; >+ if (id_map.xid.type != ID_TYPE_NOT_SPECIFIED) { >+ id->type = id_map.xid.type; > } > *sid = *id_map.sid; > talloc_free(tmp_ctx); >@@ -2341,8 +2324,7 @@ static void pdb_samba_dsdb_init_methods(struct pdb_methods *m) > m->search_users = pdb_samba_dsdb_search_users; > m->search_groups = pdb_samba_dsdb_search_groups; > m->search_aliases = pdb_samba_dsdb_search_aliases; >- m->uid_to_sid = pdb_samba_dsdb_uid_to_sid; >- m->gid_to_sid = pdb_samba_dsdb_gid_to_sid; >+ m->id_to_sid = pdb_samba_dsdb_id_to_sid; > m->sid_to_id = pdb_samba_dsdb_sid_to_id; > m->capabilities = pdb_samba_dsdb_capabilities; > m->new_rid = pdb_samba_dsdb_new_rid; >diff --git a/source3/passdb/pdb_wbc_sam.c b/source3/passdb/pdb_wbc_sam.c >index 2343649..b20a35a 100644 >--- a/source3/passdb/pdb_wbc_sam.c >+++ b/source3/passdb/pdb_wbc_sam.c >@@ -40,6 +40,7 @@ > #include "passdb.h" > #include "lib/winbind_util.h" > #include "passdb/pdb_wbc_sam.h" >+#include "idmap.h" > > /*************************************************************************** > Default implementations of some functions. >@@ -72,16 +73,19 @@ static NTSTATUS pdb_wbc_sam_getsampwsid(struct pdb_methods *methods, struct samu > return _pdb_wbc_sam_getsampw(methods, user, winbind_getpwsid(sid)); > } > >-static bool pdb_wbc_sam_uid_to_sid(struct pdb_methods *methods, uid_t uid, >- struct dom_sid *sid) >+static bool pdb_wbc_sam_id_to_sid(struct pdb_methods *methods, struct unixid *id, >+ struct dom_sid *sid) > { >- return winbind_uid_to_sid(sid, uid); >-} >+ switch (id->type) { >+ case ID_TYPE_UID: >+ return winbind_uid_to_sid(sid, id->id); > >-static bool pdb_wbc_sam_gid_to_sid(struct pdb_methods *methods, gid_t gid, >- struct dom_sid *sid) >-{ >- return winbind_gid_to_sid(sid, gid); >+ case ID_TYPE_GID: >+ return winbind_gid_to_sid(sid, id->id); >+ >+ default: >+ return false; >+ } > } > > static NTSTATUS pdb_wbc_sam_enum_group_members(struct pdb_methods *methods, >@@ -426,8 +430,7 @@ static NTSTATUS pdb_init_wbc_sam(struct pdb_methods **pdb_method, const char *lo > (*pdb_method)->lookup_rids = pdb_wbc_sam_lookup_rids; > (*pdb_method)->get_account_policy = pdb_wbc_sam_get_account_policy; > (*pdb_method)->set_account_policy = pdb_wbc_sam_set_account_policy; >- (*pdb_method)->uid_to_sid = pdb_wbc_sam_uid_to_sid; >- (*pdb_method)->gid_to_sid = pdb_wbc_sam_gid_to_sid; >+ (*pdb_method)->id_to_sid = pdb_wbc_sam_id_to_sid; > > (*pdb_method)->search_groups = pdb_wbc_sam_search_groups; > (*pdb_method)->search_aliases = pdb_wbc_sam_search_aliases; >diff --git a/source3/passdb/py_passdb.c b/source3/passdb/py_passdb.c >index dec45c3..3a1e583 100644 >--- a/source3/passdb/py_passdb.c >+++ b/source3/passdb/py_passdb.c >@@ -25,6 +25,7 @@ > #include "librpc/gen_ndr/idmap.h" > #include "passdb.h" > #include "secrets.h" >+#include "idmap.h" > > /* There's no Py_ssize_t in 2.4, apparently */ > #if PY_MAJOR_VERSION == 2 && PY_MINOR_VERSION < 5 >@@ -2678,6 +2679,7 @@ static PyObject *py_pdb_uid_to_sid(pytalloc_Object *self, PyObject *args) > { > TALLOC_CTX *frame = talloc_stackframe(); > struct pdb_methods *methods; >+ struct unixid id; > unsigned int uid; > struct dom_sid user_sid, *copy_user_sid; > PyObject *py_user_sid; >@@ -2689,7 +2691,10 @@ static PyObject *py_pdb_uid_to_sid(pytalloc_Object *self, PyObject *args) > > methods = pytalloc_get_ptr(self); > >- if (!methods->uid_to_sid(methods, uid, &user_sid)) { >+ id.id = uid; >+ id.type = ID_TYPE_UID; >+ >+ if (!methods->id_to_sid(methods, &id, &user_sid)) { > PyErr_Format(py_pdb_error, "Unable to get sid for uid=%d", uid); > talloc_free(frame); > return NULL; >@@ -2713,6 +2718,7 @@ static PyObject *py_pdb_gid_to_sid(pytalloc_Object *self, PyObject *args) > { > TALLOC_CTX *frame = talloc_stackframe(); > struct pdb_methods *methods; >+ struct unixid id; > unsigned int gid; > struct dom_sid group_sid, *copy_group_sid; > PyObject *py_group_sid; >@@ -2722,9 +2728,12 @@ static PyObject *py_pdb_gid_to_sid(pytalloc_Object *self, PyObject *args) > return NULL; > } > >+ id.id = gid; >+ id.type = ID_TYPE_GID; >+ > methods = pytalloc_get_ptr(self); > >- if (!methods->gid_to_sid(methods, gid, &group_sid)) { >+ if (!methods->id_to_sid(methods, &id, &group_sid)) { > PyErr_Format(py_pdb_error, "Unable to get sid for gid=%d", gid); > talloc_free(frame); > return NULL; >diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c >index aadabc1..2ee9a91 100644 >--- a/source3/utils/net_sam.c >+++ b/source3/utils/net_sam.c >@@ -30,6 +30,7 @@ > #include "passdb/pdb_ldap_schema.h" > #include "lib/privileges.h" > #include "secrets.h" >+#include "idmap.h" > > /* > * Set a user's data >@@ -912,6 +913,7 @@ static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **ar > static NTSTATUS unmap_unix_group(const struct group *grp) > { > struct dom_sid dom_sid; >+ struct unixid id; > > if (!lookup_name(talloc_tos(), grp->gr_name, LOOKUP_NAME_LOCAL, > NULL, NULL, NULL, NULL)) { >@@ -919,7 +921,9 @@ static NTSTATUS unmap_unix_group(const struct group *grp) > return NT_STATUS_NO_SUCH_GROUP; > } > >- if (!pdb_gid_to_sid(grp->gr_gid, &dom_sid)) { >+ id.id = grp->gr_gid; >+ id.type = ID_TYPE_GID; >+ if (!pdb_id_to_sid(&id, &dom_sid)) { > return NT_STATUS_UNSUCCESSFUL; > } > >diff --git a/source3/winbindd/idmap_passdb.c b/source3/winbindd/idmap_passdb.c >index e547e9b..cf8ad74 100644 >--- a/source3/winbindd/idmap_passdb.c >+++ b/source3/winbindd/idmap_passdb.c >@@ -44,23 +44,11 @@ static NTSTATUS idmap_pdb_unixids_to_sids(struct idmap_domain *dom, struct id_ma > int i; > > for (i = 0; ids[i]; i++) { >- > /* unmapped by default */ > ids[i]->status = ID_UNMAPPED; > >- switch (ids[i]->xid.type) { >- case ID_TYPE_UID: >- if (pdb_uid_to_sid((uid_t)ids[i]->xid.id, ids[i]->sid)) { >- ids[i]->status = ID_MAPPED; >- } >- break; >- case ID_TYPE_GID: >- if (pdb_gid_to_sid((gid_t)ids[i]->xid.id, ids[i]->sid)) { >- ids[i]->status = ID_MAPPED; >- } >- break; >- default: /* ?? */ >- ids[i]->status = ID_UNKNOWN; >+ if (pdb_id_to_sid(&ids[i]->xid, ids[i]->sid)) { >+ ids[i]->status = ID_MAPPED; > } > } > >-- >1.9.1 > > >From 6099bf430564d889bb2e0bc9f9bdfa355ae39104 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Wed, 26 Nov 2014 15:33:35 +1300 >Subject: [PATCH 12/17] idmap: return the correct id type to *id_to_sid methods > >We have a pointer to a unixid which is sent down instead of a uid or >gid. We can use this as an in-out variable so that pdb_samba_dsdb can be >returned ID_TYPE_BOTH to cache correctly instead of leaving it as >ID_TYPE_UID or ID_TYPE_GID. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=10720 > >Change-Id: I0cef2e419cbb337531244b7b41c708cf2ab883e3 >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 58b343be4742b3ba1f447701a8254453c21af413) >--- > source4/winbind/idmap.c | 20 +++++++++++++++++++- > 1 file changed, 19 insertions(+), 1 deletion(-) > >diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c >index 54fea18..26a4664 100644 >--- a/source4/winbind/idmap.c >+++ b/source4/winbind/idmap.c >@@ -208,7 +208,7 @@ struct idmap_context *idmap_init(TALLOC_CTX *mem_ctx, > > static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, > TALLOC_CTX *mem_ctx, >- const struct unixid *unixid, >+ struct unixid *unixid, > struct dom_sid **sid) > { > int ret; >@@ -321,6 +321,9 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, > } > > if (res->count == 1) { >+ const char *type = ldb_msg_find_attr_as_string(res->msgs[0], >+ "type", NULL); >+ > *sid = idmap_msg_get_dom_sid(mem_ctx, res->msgs[0], > "objectSid"); > if (*sid == NULL) { >@@ -328,6 +331,21 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, > status = NT_STATUS_NONE_MAPPED; > goto failed; > } >+ >+ if (type == NULL) { >+ DEBUG(1, ("Invalid type for mapping entry.\n")); >+ talloc_free(tmp_ctx); >+ return NT_STATUS_NONE_MAPPED; >+ } >+ >+ if (strcmp(type, "ID_TYPE_BOTH") == 0) { >+ unixid->type = ID_TYPE_BOTH; >+ } else if (strcmp(type, "ID_TYPE_UID") == 0) { >+ unixid->type = ID_TYPE_UID; >+ } else { >+ unixid->type = ID_TYPE_GID; >+ } >+ > talloc_free(tmp_ctx); > return NT_STATUS_OK; > } >-- >1.9.1 > > >From c5c14ed565a3a93c7afafdd83467b88191174599 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Tue, 25 Nov 2014 14:56:45 +1300 >Subject: [PATCH 13/17] pdb: Increase version number to fix ABI > >In the process, we can also rename pdb to avoid conflicts with libpdb. > >We don't depend directly on pdb to avoid duplicate symbols. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=10355 >Change-Id: I4df6ba2f4ce35d3718dc4198b527cca46a139efe >Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 3b76b705f03b8f639ece2308afdc0962d230c42a) >--- > source3/passdb/ABI/samba-passdb-0.2.0.sigs | 312 +++++++++++++++++++++++++++++ > source3/winbindd/wscript_build | 2 +- > source3/wscript_build | 30 +-- > 3 files changed, 330 insertions(+), 14 deletions(-) > create mode 100644 source3/passdb/ABI/samba-passdb-0.2.0.sigs > >diff --git a/source3/passdb/ABI/samba-passdb-0.2.0.sigs b/source3/passdb/ABI/samba-passdb-0.2.0.sigs >new file mode 100644 >index 0000000..e2246f6 >--- /dev/null >+++ b/source3/passdb/ABI/samba-passdb-0.2.0.sigs >@@ -0,0 +1,312 @@ >+PDB_secrets_clear_domain_protection: bool (const char *) >+PDB_secrets_fetch_domain_guid: bool (const char *, struct GUID *) >+PDB_secrets_fetch_domain_sid: bool (const char *, struct dom_sid *) >+PDB_secrets_mark_domain_protected: bool (const char *) >+PDB_secrets_store_domain_guid: bool (const char *, struct GUID *) >+PDB_secrets_store_domain_sid: bool (const char *, const struct dom_sid *) >+account_policy_get: bool (enum pdb_policy_type, uint32_t *) >+account_policy_get_default: bool (enum pdb_policy_type, uint32_t *) >+account_policy_get_desc: const char *(enum pdb_policy_type) >+account_policy_name_to_typenum: enum pdb_policy_type (const char *) >+account_policy_names_list: void (TALLOC_CTX *, const char ***, int *) >+account_policy_set: bool (enum pdb_policy_type, uint32_t) >+add_initial_entry: NTSTATUS (gid_t, const char *, enum lsa_SidType, const char *, const char *) >+algorithmic_pdb_gid_to_group_rid: uint32_t (gid_t) >+algorithmic_pdb_rid_is_user: bool (uint32_t) >+algorithmic_pdb_uid_to_user_rid: uint32_t (uid_t) >+algorithmic_pdb_user_rid_to_uid: uid_t (uint32_t) >+algorithmic_rid_base: int (void) >+builtin_domain_name: const char *(void) >+cache_account_policy_get: bool (enum pdb_policy_type, uint32_t *) >+cache_account_policy_set: bool (enum pdb_policy_type, uint32_t) >+create_builtin_administrators: NTSTATUS (const struct dom_sid *) >+create_builtin_users: NTSTATUS (const struct dom_sid *) >+decode_account_policy_name: const char *(enum pdb_policy_type) >+get_account_pol_db: struct db_context *(void) >+get_account_policy_attr: const char *(enum pdb_policy_type) >+get_domain_group_from_sid: bool (struct dom_sid, GROUP_MAP *) >+get_primary_group_sid: NTSTATUS (TALLOC_CTX *, const char *, struct passwd **, struct dom_sid **) >+get_privileges_for_sid_as_set: NTSTATUS (TALLOC_CTX *, PRIVILEGE_SET **, struct dom_sid *) >+get_privileges_for_sids: bool (uint64_t *, struct dom_sid *, int) >+get_trust_pw_clear: bool (const char *, char **, const char **, enum netr_SchannelType *) >+get_trust_pw_hash: bool (const char *, uint8_t *, const char **, enum netr_SchannelType *) >+gid_to_sid: void (struct dom_sid *, gid_t) >+gid_to_unix_groups_sid: void (gid_t, struct dom_sid *) >+grab_named_mutex: struct named_mutex *(TALLOC_CTX *, const char *, int) >+grant_all_privileges: bool (const struct dom_sid *) >+grant_privilege_by_name: bool (const struct dom_sid *, const char *) >+grant_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *) >+groupdb_tdb_init: const struct mapping_backend *(void) >+init_account_policy: bool (void) >+init_buffer_from_samu: uint32_t (uint8_t **, struct samu *, bool) >+init_samu_from_buffer: bool (struct samu *, uint32_t, uint8_t *, uint32_t) >+initialize_password_db: bool (bool, struct tevent_context *) >+is_dc_trusted_domain_situation: bool (const char *) >+is_privileged_sid: bool (const struct dom_sid *) >+local_password_change: NTSTATUS (const char *, int, const char *, char **, char **) >+login_cache_delentry: bool (const struct samu *) >+login_cache_init: bool (void) >+login_cache_read: bool (struct samu *, struct login_cache *) >+login_cache_shutdown: bool (void) >+login_cache_write: bool (const struct samu *, const struct login_cache *) >+lookup_builtin_name: bool (const char *, uint32_t *) >+lookup_builtin_rid: bool (TALLOC_CTX *, uint32_t, const char **) >+lookup_global_sam_name: bool (const char *, int, uint32_t *, enum lsa_SidType *) >+lookup_name: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *) >+lookup_name_smbconf: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *) >+lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *) >+lookup_sids: NTSTATUS (TALLOC_CTX *, int, const struct dom_sid **, int, struct lsa_dom_info **, struct lsa_name_info **) >+lookup_unix_group_name: bool (const char *, struct dom_sid *) >+lookup_unix_user_name: bool (const char *, struct dom_sid *) >+lookup_wellknown_name: bool (TALLOC_CTX *, const char *, struct dom_sid *, const char **) >+lookup_wellknown_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **) >+make_pdb_method: NTSTATUS (struct pdb_methods **) >+make_pdb_method_name: NTSTATUS (struct pdb_methods **, const char *) >+max_algorithmic_gid: gid_t (void) >+max_algorithmic_uid: uid_t (void) >+my_sam_name: const char *(void) >+pdb_add_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *) >+pdb_add_group_mapping_entry: NTSTATUS (GROUP_MAP *) >+pdb_add_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t) >+pdb_add_sam_account: NTSTATUS (struct samu *) >+pdb_build_fields_present: uint32_t (struct samu *) >+pdb_capabilities: uint32_t (void) >+pdb_copy_sam_account: bool (struct samu *, struct samu *) >+pdb_create_alias: NTSTATUS (const char *, uint32_t *) >+pdb_create_builtin: NTSTATUS (uint32_t) >+pdb_create_builtin_alias: NTSTATUS (uint32_t, gid_t) >+pdb_create_dom_group: NTSTATUS (TALLOC_CTX *, const char *, uint32_t *) >+pdb_create_user: NTSTATUS (TALLOC_CTX *, const char *, uint32_t, uint32_t *) >+pdb_decode_acct_ctrl: uint32_t (const char *) >+pdb_default_add_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *) >+pdb_default_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) >+pdb_default_alias_memberships: NTSTATUS (struct pdb_methods *, TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) >+pdb_default_create_alias: NTSTATUS (struct pdb_methods *, const char *, uint32_t *) >+pdb_default_del_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *) >+pdb_default_delete_alias: NTSTATUS (struct pdb_methods *, const struct dom_sid *) >+pdb_default_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid) >+pdb_default_enum_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *) >+pdb_default_enum_group_mapping: NTSTATUS (struct pdb_methods *, const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool) >+pdb_default_get_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *) >+pdb_default_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t) >+pdb_default_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *) >+pdb_default_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid) >+pdb_default_set_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *) >+pdb_default_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) >+pdb_del_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *) >+pdb_del_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t) >+pdb_del_trusted_domain: NTSTATUS (const char *) >+pdb_del_trusteddom_pw: bool (const char *) >+pdb_delete_alias: NTSTATUS (const struct dom_sid *) >+pdb_delete_dom_group: NTSTATUS (TALLOC_CTX *, uint32_t) >+pdb_delete_group_mapping_entry: NTSTATUS (struct dom_sid) >+pdb_delete_sam_account: NTSTATUS (struct samu *) >+pdb_delete_secret: NTSTATUS (const char *) >+pdb_delete_user: NTSTATUS (TALLOC_CTX *, struct samu *) >+pdb_element_is_changed: bool (const struct samu *, enum pdb_elements) >+pdb_element_is_set_or_changed: bool (const struct samu *, enum pdb_elements) >+pdb_encode_acct_ctrl: char *(uint32_t, size_t) >+pdb_enum_alias_memberships: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) >+pdb_enum_aliasmem: NTSTATUS (const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *) >+pdb_enum_group_mapping: bool (const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool) >+pdb_enum_group_members: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, uint32_t **, size_t *) >+pdb_enum_group_memberships: NTSTATUS (TALLOC_CTX *, struct samu *, struct dom_sid **, gid_t **, uint32_t *) >+pdb_enum_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct pdb_trusted_domain ***) >+pdb_enum_trusteddoms: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***) >+pdb_enum_upn_suffixes: NTSTATUS (TALLOC_CTX *, uint32_t *, char ***) >+pdb_find_backend_entry: struct pdb_init_function_entry *(const char *) >+pdb_get_account_policy: bool (enum pdb_policy_type, uint32_t *) >+pdb_get_acct_ctrl: uint32_t (const struct samu *) >+pdb_get_acct_desc: const char *(const struct samu *) >+pdb_get_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *) >+pdb_get_backend_private_data: void *(const struct samu *, const struct pdb_methods *) >+pdb_get_backends: const struct pdb_init_function_entry *(void) >+pdb_get_bad_password_count: uint16_t (const struct samu *) >+pdb_get_bad_password_time: time_t (const struct samu *) >+pdb_get_code_page: uint16_t (const struct samu *) >+pdb_get_comment: const char *(const struct samu *) >+pdb_get_country_code: uint16_t (const struct samu *) >+pdb_get_dir_drive: const char *(const struct samu *) >+pdb_get_domain: const char *(const struct samu *) >+pdb_get_domain_info: struct pdb_domain_info *(TALLOC_CTX *) >+pdb_get_fullname: const char *(const struct samu *) >+pdb_get_group_rid: uint32_t (struct samu *) >+pdb_get_group_sid: const struct dom_sid *(struct samu *) >+pdb_get_homedir: const char *(const struct samu *) >+pdb_get_hours: const uint8_t *(const struct samu *) >+pdb_get_hours_len: uint32_t (const struct samu *) >+pdb_get_init_flags: enum pdb_value_state (const struct samu *, enum pdb_elements) >+pdb_get_kickoff_time: time_t (const struct samu *) >+pdb_get_lanman_passwd: const uint8_t *(const struct samu *) >+pdb_get_logoff_time: time_t (const struct samu *) >+pdb_get_logon_count: uint16_t (const struct samu *) >+pdb_get_logon_divs: uint16_t (const struct samu *) >+pdb_get_logon_script: const char *(const struct samu *) >+pdb_get_logon_time: time_t (const struct samu *) >+pdb_get_munged_dial: const char *(const struct samu *) >+pdb_get_nt_passwd: const uint8_t *(const struct samu *) >+pdb_get_nt_username: const char *(const struct samu *) >+pdb_get_pass_can_change: bool (const struct samu *) >+pdb_get_pass_can_change_time: time_t (const struct samu *) >+pdb_get_pass_can_change_time_noncalc: time_t (const struct samu *) >+pdb_get_pass_last_set_time: time_t (const struct samu *) >+pdb_get_pass_must_change_time: time_t (const struct samu *) >+pdb_get_plaintext_passwd: const char *(const struct samu *) >+pdb_get_profile_path: const char *(const struct samu *) >+pdb_get_pw_history: const uint8_t *(const struct samu *, uint32_t *) >+pdb_get_secret: NTSTATUS (TALLOC_CTX *, const char *, DATA_BLOB *, NTTIME *, DATA_BLOB *, NTTIME *, struct security_descriptor **) >+pdb_get_seq_num: bool (time_t *) >+pdb_get_tevent_context: struct tevent_context *(void) >+pdb_get_trust_credentials: NTSTATUS (const char *, const char *, TALLOC_CTX *, struct cli_credentials **) >+pdb_get_trusted_domain: NTSTATUS (TALLOC_CTX *, const char *, struct pdb_trusted_domain **) >+pdb_get_trusted_domain_by_sid: NTSTATUS (TALLOC_CTX *, struct dom_sid *, struct pdb_trusted_domain **) >+pdb_get_trusteddom_pw: bool (const char *, char **, struct dom_sid *, time_t *) >+pdb_get_unknown_6: uint32_t (const struct samu *) >+pdb_get_user_rid: uint32_t (const struct samu *) >+pdb_get_user_sid: const struct dom_sid *(const struct samu *) >+pdb_get_username: const char *(const struct samu *) >+pdb_get_workstations: const char *(const struct samu *) >+pdb_getgrgid: bool (GROUP_MAP *, gid_t) >+pdb_getgrnam: bool (GROUP_MAP *, const char *) >+pdb_getgrsid: bool (GROUP_MAP *, struct dom_sid) >+pdb_gethexhours: bool (const char *, unsigned char *) >+pdb_gethexpwd: bool (const char *, unsigned char *) >+pdb_getsampwnam: bool (struct samu *, const char *) >+pdb_getsampwsid: bool (struct samu *, const struct dom_sid *) >+pdb_group_rid_to_gid: gid_t (uint32_t) >+pdb_id_to_sid: bool (struct unixid *, struct dom_sid *) >+pdb_increment_bad_password_count: bool (struct samu *) >+pdb_is_password_change_time_max: bool (time_t) >+pdb_is_responsible_for_builtin: bool (void) >+pdb_is_responsible_for_everything_else: bool (void) >+pdb_is_responsible_for_our_sam: bool (void) >+pdb_is_responsible_for_unix_groups: bool (void) >+pdb_is_responsible_for_unix_users: bool (void) >+pdb_is_responsible_for_wellknown: bool (void) >+pdb_lookup_rids: NTSTATUS (const struct dom_sid *, int, uint32_t *, const char **, enum lsa_SidType *) >+pdb_new_rid: bool (uint32_t *) >+pdb_nop_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) >+pdb_nop_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid) >+pdb_nop_enum_group_mapping: NTSTATUS (struct pdb_methods *, enum lsa_SidType, GROUP_MAP **, size_t *, bool) >+pdb_nop_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t) >+pdb_nop_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *) >+pdb_nop_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid) >+pdb_nop_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) >+pdb_rename_sam_account: NTSTATUS (struct samu *, const char *) >+pdb_search_aliases: struct pdb_search *(TALLOC_CTX *, const struct dom_sid *) >+pdb_search_entries: uint32_t (struct pdb_search *, uint32_t, uint32_t, struct samr_displayentry **) >+pdb_search_groups: struct pdb_search *(TALLOC_CTX *) >+pdb_search_init: struct pdb_search *(TALLOC_CTX *, enum pdb_search_type) >+pdb_search_users: struct pdb_search *(TALLOC_CTX *, uint32_t) >+pdb_set_account_policy: bool (enum pdb_policy_type, uint32_t) >+pdb_set_acct_ctrl: bool (struct samu *, uint32_t, enum pdb_value_state) >+pdb_set_acct_desc: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *) >+pdb_set_backend_private_data: bool (struct samu *, void *, void (*)(void **), const struct pdb_methods *, enum pdb_value_state) >+pdb_set_bad_password_count: bool (struct samu *, uint16_t, enum pdb_value_state) >+pdb_set_bad_password_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_code_page: bool (struct samu *, uint16_t, enum pdb_value_state) >+pdb_set_comment: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_country_code: bool (struct samu *, uint16_t, enum pdb_value_state) >+pdb_set_dir_drive: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_domain: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_fullname: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_group_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state) >+pdb_set_group_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state) >+pdb_set_homedir: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_hours: bool (struct samu *, const uint8_t *, int, enum pdb_value_state) >+pdb_set_hours_len: bool (struct samu *, uint32_t, enum pdb_value_state) >+pdb_set_init_flags: bool (struct samu *, enum pdb_elements, enum pdb_value_state) >+pdb_set_kickoff_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_lanman_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state) >+pdb_set_logoff_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_logon_count: bool (struct samu *, uint16_t, enum pdb_value_state) >+pdb_set_logon_divs: bool (struct samu *, uint16_t, enum pdb_value_state) >+pdb_set_logon_script: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_logon_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_munged_dial: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_nt_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state) >+pdb_set_nt_username: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_pass_can_change: bool (struct samu *, bool) >+pdb_set_pass_can_change_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_pass_last_set_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_plaintext_passwd: bool (struct samu *, const char *) >+pdb_set_plaintext_pw_only: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_profile_path: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_pw_history: bool (struct samu *, const uint8_t *, uint32_t, enum pdb_value_state) >+pdb_set_secret: NTSTATUS (const char *, DATA_BLOB *, DATA_BLOB *, struct security_descriptor *) >+pdb_set_trusted_domain: NTSTATUS (const char *, const struct pdb_trusted_domain *) >+pdb_set_trusteddom_pw: bool (const char *, const char *, const struct dom_sid *) >+pdb_set_unix_primary_group: NTSTATUS (TALLOC_CTX *, struct samu *) >+pdb_set_unknown_6: bool (struct samu *, uint32_t, enum pdb_value_state) >+pdb_set_upn_suffixes: NTSTATUS (uint32_t, const char **) >+pdb_set_user_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state) >+pdb_set_user_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state) >+pdb_set_user_sid_from_string: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_username: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_workstations: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_sethexhours: void (char *, const unsigned char *) >+pdb_sethexpwd: void (char *, const unsigned char *, uint32_t) >+pdb_sid_to_id: bool (const struct dom_sid *, struct unixid *) >+pdb_sid_to_id_unix_users_and_groups: bool (const struct dom_sid *, struct unixid *) >+pdb_update_autolock_flag: bool (struct samu *, bool *) >+pdb_update_bad_password_count: bool (struct samu *, bool *) >+pdb_update_group_mapping_entry: NTSTATUS (GROUP_MAP *) >+pdb_update_login_attempts: NTSTATUS (struct samu *, bool) >+pdb_update_sam_account: NTSTATUS (struct samu *) >+privilege_create_account: NTSTATUS (const struct dom_sid *) >+privilege_delete_account: NTSTATUS (const struct dom_sid *) >+privilege_enum_sids: NTSTATUS (enum sec_privilege, TALLOC_CTX *, struct dom_sid **, int *) >+privilege_enumerate_accounts: NTSTATUS (struct dom_sid **, int *) >+revoke_all_privileges: bool (const struct dom_sid *) >+revoke_privilege_by_name: bool (const struct dom_sid *, const char *) >+revoke_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *) >+samu_alloc_rid_unix: NTSTATUS (struct pdb_methods *, struct samu *, const struct passwd *) >+samu_new: struct samu *(TALLOC_CTX *) >+samu_set_unix: NTSTATUS (struct samu *, const struct passwd *) >+secrets_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***) >+sid_check_is_builtin: bool (const struct dom_sid *) >+sid_check_is_for_passdb: bool (const struct dom_sid *) >+sid_check_is_in_builtin: bool (const struct dom_sid *) >+sid_check_is_in_unix_groups: bool (const struct dom_sid *) >+sid_check_is_in_unix_users: bool (const struct dom_sid *) >+sid_check_is_in_wellknown_domain: bool (const struct dom_sid *) >+sid_check_is_unix_groups: bool (const struct dom_sid *) >+sid_check_is_unix_users: bool (const struct dom_sid *) >+sid_check_is_wellknown_builtin: bool (const struct dom_sid *) >+sid_check_is_wellknown_domain: bool (const struct dom_sid *, const char **) >+sid_check_object_is_for_passdb: bool (const struct dom_sid *) >+sid_to_gid: bool (const struct dom_sid *, gid_t *) >+sid_to_uid: bool (const struct dom_sid *, uid_t *) >+sids_to_unixids: bool (const struct dom_sid *, uint32_t, struct unixid *) >+smb_add_user_group: int (const char *, const char *) >+smb_create_group: int (const char *, gid_t *) >+smb_delete_group: int (const char *) >+smb_delete_user_group: int (const char *, const char *) >+smb_nscd_flush_group_cache: void (void) >+smb_nscd_flush_user_cache: void (void) >+smb_register_passdb: NTSTATUS (int, const char *, pdb_init_function) >+smb_set_primary_group: int (const char *, const char *) >+uid_to_sid: void (struct dom_sid *, uid_t) >+uid_to_unix_users_sid: void (uid_t, struct dom_sid *) >+unix_groups_domain_name: const char *(void) >+unix_users_domain_name: const char *(void) >+unixid_from_both: void (struct unixid *, uint32_t) >+unixid_from_gid: void (struct unixid *, uint32_t) >+unixid_from_uid: void (struct unixid *, uint32_t) >+wb_is_trusted_domain: wbcErr (const char *) >+winbind_allocate_gid: bool (gid_t *) >+winbind_allocate_uid: bool (uid_t *) >+winbind_get_groups: bool (TALLOC_CTX *, const char *, uint32_t *, gid_t **) >+winbind_get_sid_aliases: bool (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) >+winbind_getpwnam: struct passwd *(const char *) >+winbind_getpwsid: struct passwd *(const struct dom_sid *) >+winbind_gid_to_sid: bool (struct dom_sid *, gid_t) >+winbind_lookup_name: bool (const char *, const char *, struct dom_sid *, enum lsa_SidType *) >+winbind_lookup_rids: bool (TALLOC_CTX *, const struct dom_sid *, int, uint32_t *, const char **, const char ***, enum lsa_SidType **) >+winbind_lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *) >+winbind_lookup_usersids: bool (TALLOC_CTX *, const struct dom_sid *, uint32_t *, struct dom_sid **) >+winbind_ping: bool (void) >+winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *) >+winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *) >+winbind_uid_to_sid: bool (struct dom_sid *, uid_t) >diff --git a/source3/winbindd/wscript_build b/source3/winbindd/wscript_build >index ea1131c8..13658f8 100644 >--- a/source3/winbindd/wscript_build >+++ b/source3/winbindd/wscript_build >@@ -52,7 +52,7 @@ bld.SAMBA3_MODULE('idmap_rid', > bld.SAMBA3_MODULE('idmap_passdb', > subsystem='idmap', > source='idmap_passdb.c', >- deps='samba-util pdb', >+ deps='samba-util samba-passdb', > init_function='', > internal_module=bld.SAMBA3_IS_STATIC_MODULE('idmap_passdb'), > enabled=bld.SAMBA3_IS_ENABLED_MODULE('idmap_passdb')) >diff --git a/source3/wscript_build b/source3/wscript_build >index 92ab5be..e402a2f 100755 >--- a/source3/wscript_build >+++ b/source3/wscript_build >@@ -136,7 +136,21 @@ private_pdb_match = private_pdb_match + ldapsam_pdb_match > > private_pdb_match = private_pdb_match + map(lambda x: '!pdb_%s_init' % x, static_pdb_match) > >-bld.SAMBA3_LIBRARY('pdb', >+bld.SAMBA3_LIBRARY('samba-passdb', >+ source='', >+ deps='pdb', >+ private_library=False, >+ pc_files=[], >+ public_headers_install=True, >+ public_headers=''' >+ include/passdb.h >+ passdb/machine_sid.h >+ passdb/lookup_sid.h''', >+ abi_match=private_pdb_match, >+ abi_directory='passdb/ABI', >+ vnum='0.2.0') >+ >+bld.SAMBA3_SUBSYSTEM('pdb', > source='''passdb/pdb_get_set.c > passdb/passdb.c > lib/util_wellknown.c >@@ -154,17 +168,7 @@ bld.SAMBA3_LIBRARY('pdb', > passdb/pdb_interface.c > passdb/pdb_secrets.c > passdb/pdb_unixid.c''', >- deps='secrets3 GROUPDB SERVER_MUTEX wbclient LIBCLI_AUTH flag_mapping samba-credentials', >- private_library=False, >- pc_files=[], >- public_headers_install=True, >- public_headers=''' >- include/passdb.h >- passdb/machine_sid.h >- passdb/lookup_sid.h''', >- abi_match=private_pdb_match, >- abi_directory='passdb/ABI', >- vnum='0.1.2') >+ deps='secrets3 GROUPDB SERVER_MUTEX wbclient LIBCLI_AUTH flag_mapping samba-credentials') > > bld.SAMBA3_LIBRARY('smbldaphelper', > source='passdb/pdb_ldap_schema.c passdb/pdb_ldap_util.c', >@@ -758,7 +762,7 @@ bld.SAMBA3_SUBSYSTEM('DCUTIL', > > bld.SAMBA3_LIBRARY('trusts_util', > source='libsmb/trusts_util.c', >- deps='libcli_netlogon3 msrpc3 pdb', >+ deps='libcli_netlogon3 msrpc3 samba-passdb', > private_library=True) > > bld.SAMBA3_SUBSYSTEM('tdb-wrap3', >-- >1.9.1 > > >From 584ee409691cfc1902136fd3b6b2fce915238f6f Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sat, 29 Nov 2014 10:52:05 +0100 >Subject: [PATCH 14/17] s3:idmap_cache: remove unused > idmap_cache_set_sid2[u|g]id() > >Change-Id: I40bcfacb812b0dac7917533c9baf82a79f598efd >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> > >Autobuild-User(master): Garming Sam <garming@samba.org> >Autobuild-Date(master): Wed Dec 3 06:44:29 CET 2014 on sn-devel-104 > >(cherry picked from commit 816751a3a8ed564f2cf880fd1ca3b1e8f9c85471) >--- > source3/lib/idmap_cache.c | 72 ----------------------------------------------- > source3/lib/idmap_cache.h | 2 -- > 2 files changed, 74 deletions(-) > >diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c >index 8844171..11bda39 100644 >--- a/source3/lib/idmap_cache.c >+++ b/source3/lib/idmap_cache.c >@@ -346,78 +346,6 @@ void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_i > } > } > >-/** >- * Store a mapping in the idmap cache >- * @param[in] sid the sid to map >- * @param[in] uid the uid to map >- * >- * If both parameters are valid values, then a positive mapping in both >- * directions is stored. If "is_null_sid(sid)" is true, then this will be a >- * negative mapping of uid, we want to cache that for this uid we could not >- * find anything. Likewise if "uid==-1", then we want to cache that we did not >- * find a mapping for the sid passed here. >- */ >- >-void idmap_cache_set_sid2uid(const struct dom_sid *sid, uid_t uid) >-{ >- struct unixid id; >- id.type = ID_TYPE_UID; >- id.id = uid; >- >- if (uid == -1) { >- uid_t tmp_gid; >- bool expired; >- /* If we were asked to invalidate this SID -> UID >- * mapping, it was because we found out that this was >- * not a UID at all. Do not overwrite a valid GID or >- * BOTH mapping */ >- if (idmap_cache_find_sid2gid(sid, &tmp_gid, &expired)) { >- if (!expired) { >- return; >- } >- } >- } >- >- idmap_cache_set_sid2unixid(sid, &id); >- return; >-} >- >-/** >- * Store a mapping in the idmap cache >- * @param[in] sid the sid to map >- * @param[in] gid the gid to map >- * >- * If both parameters are valid values, then a positive mapping in both >- * directions is stored. If "is_null_sid(sid)" is true, then this will be a >- * negative mapping of gid, we want to cache that for this gid we could not >- * find anything. Likewise if "gid==-1", then we want to cache that we did not >- * find a mapping for the sid passed here. >- */ >- >-void idmap_cache_set_sid2gid(const struct dom_sid *sid, gid_t gid) >-{ >- struct unixid id; >- id.type = ID_TYPE_GID; >- id.id = gid; >- >- if (gid == -1) { >- uid_t tmp_uid; >- bool expired; >- /* If we were asked to invalidate this SID -> GID >- * mapping, it was because we found out that this was >- * not a GID at all. Do not overwrite a valid UID or >- * BOTH mapping */ >- if (idmap_cache_find_sid2uid(sid, &tmp_uid, &expired)) { >- if (!expired) { >- return; >- } >- } >- } >- >- idmap_cache_set_sid2unixid(sid, &id); >- return; >-} >- > static char* key_xid2sid_str(TALLOC_CTX* mem_ctx, char t, const char* id) { > return talloc_asprintf(mem_ctx, "IDMAP/%cID2SID/%s", t, id); > } >diff --git a/source3/lib/idmap_cache.h b/source3/lib/idmap_cache.h >index 0885266..5b8586f 100644 >--- a/source3/lib/idmap_cache.h >+++ b/source3/lib/idmap_cache.h >@@ -32,8 +32,6 @@ bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid, > bool idmap_cache_find_uid2sid(uid_t uid, struct dom_sid *sid, bool *expired); > bool idmap_cache_find_gid2sid(gid_t gid, struct dom_sid *sid, bool *expired); > void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id); >-void idmap_cache_set_sid2uid(const struct dom_sid *sid, uid_t uid); >-void idmap_cache_set_sid2gid(const struct dom_sid *sid, gid_t gid); > > bool idmap_cache_del_uid(uid_t uid); > bool idmap_cache_del_gid(gid_t gid); >-- >1.9.1 > > >From 860769275b2fe38b11c8aa1d5e1d85a48460389e Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 4 Dec 2014 10:44:26 +1300 >Subject: [PATCH 15/17] pdb: fix build issues with shared modules > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=10355 > >Change-Id: I26e78b56ead0c66afcda6b3fb8b1fd09130b24a5 >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >(cherry picked from commit 7a9147dab593a495c5ed5e1157ec8eb8a2809586) >--- > source3/wscript_build | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/source3/wscript_build b/source3/wscript_build >index e402a2f..6fbe581 100755 >--- a/source3/wscript_build >+++ b/source3/wscript_build >@@ -140,6 +140,7 @@ bld.SAMBA3_LIBRARY('samba-passdb', > source='', > deps='pdb', > private_library=False, >+ grouping_library=True, > pc_files=[], > public_headers_install=True, > public_headers=''' >-- >1.9.1 > > >From a20199f2ed3240e3b19d65d07267f5f92e9a9723 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 11 Dec 2014 10:52:53 +0000 >Subject: [PATCH 16/17] s3:passdb: add optional get_trusteddom_creds() hooks > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 8e90b93ddceabd582cb28e40882036e7772608aa) >--- > source3/include/passdb.h | 8 + > source3/passdb/ABI/samba-passdb-0.24.1.sigs | 313 ++++++++++++++++++++++++++++ > source3/passdb/pdb_interface.c | 17 ++ > source3/wscript_build | 2 +- > 4 files changed, 339 insertions(+), 1 deletion(-) > create mode 100644 source3/passdb/ABI/samba-passdb-0.24.1.sigs > >diff --git a/source3/include/passdb.h b/source3/include/passdb.h >index 16e3bef..893d0d0 100644 >--- a/source3/include/passdb.h >+++ b/source3/include/passdb.h >@@ -34,6 +34,7 @@ > #include "../librpc/gen_ndr/lsa.h" > #include <tevent.h> > struct unixid; >+struct cli_credentials; > > /* group mapping headers */ > >@@ -416,6 +417,7 @@ enum pdb_policy_type { > * Changed to 22, idmap control functions > * Changed to 23, new idmap control functions > * Changed to 24, removed uid_to_sid and gid_to_sid, replaced with id_to_sid >+ * Leave at 24, add optional get_trusteddom_creds() > */ > > #define PASSDB_INTERFACE_VERSION 24 >@@ -581,6 +583,10 @@ struct pdb_methods > bool (*get_trusteddom_pw)(struct pdb_methods *methods, > const char *domain, char** pwd, > struct dom_sid *sid, time_t *pass_last_set_time); >+ NTSTATUS (*get_trusteddom_creds)(struct pdb_methods *methods, >+ const char *domain, >+ TALLOC_CTX *mem_ctx, >+ struct cli_credentials **creds); > bool (*set_trusteddom_pw)(struct pdb_methods *methods, > const char* domain, const char* pwd, > const struct dom_sid *sid); >@@ -919,6 +925,8 @@ uint32_t pdb_search_entries(struct pdb_search *search, > struct samr_displayentry **result); > bool pdb_get_trusteddom_pw(const char *domain, char** pwd, struct dom_sid *sid, > time_t *pass_last_set_time); >+NTSTATUS pdb_get_trusteddom_creds(const char *domain, TALLOC_CTX *mem_ctx, >+ struct cli_credentials **creds); > bool pdb_set_trusteddom_pw(const char* domain, const char* pwd, > const struct dom_sid *sid); > bool pdb_del_trusteddom_pw(const char *domain); >diff --git a/source3/passdb/ABI/samba-passdb-0.24.1.sigs b/source3/passdb/ABI/samba-passdb-0.24.1.sigs >new file mode 100644 >index 0000000..e5885d0 >--- /dev/null >+++ b/source3/passdb/ABI/samba-passdb-0.24.1.sigs >@@ -0,0 +1,313 @@ >+PDB_secrets_clear_domain_protection: bool (const char *) >+PDB_secrets_fetch_domain_guid: bool (const char *, struct GUID *) >+PDB_secrets_fetch_domain_sid: bool (const char *, struct dom_sid *) >+PDB_secrets_mark_domain_protected: bool (const char *) >+PDB_secrets_store_domain_guid: bool (const char *, struct GUID *) >+PDB_secrets_store_domain_sid: bool (const char *, const struct dom_sid *) >+account_policy_get: bool (enum pdb_policy_type, uint32_t *) >+account_policy_get_default: bool (enum pdb_policy_type, uint32_t *) >+account_policy_get_desc: const char *(enum pdb_policy_type) >+account_policy_name_to_typenum: enum pdb_policy_type (const char *) >+account_policy_names_list: void (TALLOC_CTX *, const char ***, int *) >+account_policy_set: bool (enum pdb_policy_type, uint32_t) >+add_initial_entry: NTSTATUS (gid_t, const char *, enum lsa_SidType, const char *, const char *) >+algorithmic_pdb_gid_to_group_rid: uint32_t (gid_t) >+algorithmic_pdb_rid_is_user: bool (uint32_t) >+algorithmic_pdb_uid_to_user_rid: uint32_t (uid_t) >+algorithmic_pdb_user_rid_to_uid: uid_t (uint32_t) >+algorithmic_rid_base: int (void) >+builtin_domain_name: const char *(void) >+cache_account_policy_get: bool (enum pdb_policy_type, uint32_t *) >+cache_account_policy_set: bool (enum pdb_policy_type, uint32_t) >+create_builtin_administrators: NTSTATUS (const struct dom_sid *) >+create_builtin_users: NTSTATUS (const struct dom_sid *) >+decode_account_policy_name: const char *(enum pdb_policy_type) >+get_account_pol_db: struct db_context *(void) >+get_account_policy_attr: const char *(enum pdb_policy_type) >+get_domain_group_from_sid: bool (struct dom_sid, GROUP_MAP *) >+get_primary_group_sid: NTSTATUS (TALLOC_CTX *, const char *, struct passwd **, struct dom_sid **) >+get_privileges_for_sid_as_set: NTSTATUS (TALLOC_CTX *, PRIVILEGE_SET **, struct dom_sid *) >+get_privileges_for_sids: bool (uint64_t *, struct dom_sid *, int) >+get_trust_pw_clear: bool (const char *, char **, const char **, enum netr_SchannelType *) >+get_trust_pw_hash: bool (const char *, uint8_t *, const char **, enum netr_SchannelType *) >+gid_to_sid: void (struct dom_sid *, gid_t) >+gid_to_unix_groups_sid: void (gid_t, struct dom_sid *) >+grab_named_mutex: struct named_mutex *(TALLOC_CTX *, const char *, int) >+grant_all_privileges: bool (const struct dom_sid *) >+grant_privilege_by_name: bool (const struct dom_sid *, const char *) >+grant_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *) >+groupdb_tdb_init: const struct mapping_backend *(void) >+init_account_policy: bool (void) >+init_buffer_from_samu: uint32_t (uint8_t **, struct samu *, bool) >+init_samu_from_buffer: bool (struct samu *, uint32_t, uint8_t *, uint32_t) >+initialize_password_db: bool (bool, struct tevent_context *) >+is_dc_trusted_domain_situation: bool (const char *) >+is_privileged_sid: bool (const struct dom_sid *) >+local_password_change: NTSTATUS (const char *, int, const char *, char **, char **) >+login_cache_delentry: bool (const struct samu *) >+login_cache_init: bool (void) >+login_cache_read: bool (struct samu *, struct login_cache *) >+login_cache_shutdown: bool (void) >+login_cache_write: bool (const struct samu *, const struct login_cache *) >+lookup_builtin_name: bool (const char *, uint32_t *) >+lookup_builtin_rid: bool (TALLOC_CTX *, uint32_t, const char **) >+lookup_global_sam_name: bool (const char *, int, uint32_t *, enum lsa_SidType *) >+lookup_name: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *) >+lookup_name_smbconf: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *) >+lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *) >+lookup_sids: NTSTATUS (TALLOC_CTX *, int, const struct dom_sid **, int, struct lsa_dom_info **, struct lsa_name_info **) >+lookup_unix_group_name: bool (const char *, struct dom_sid *) >+lookup_unix_user_name: bool (const char *, struct dom_sid *) >+lookup_wellknown_name: bool (TALLOC_CTX *, const char *, struct dom_sid *, const char **) >+lookup_wellknown_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **) >+make_pdb_method: NTSTATUS (struct pdb_methods **) >+make_pdb_method_name: NTSTATUS (struct pdb_methods **, const char *) >+max_algorithmic_gid: gid_t (void) >+max_algorithmic_uid: uid_t (void) >+my_sam_name: const char *(void) >+pdb_add_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *) >+pdb_add_group_mapping_entry: NTSTATUS (GROUP_MAP *) >+pdb_add_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t) >+pdb_add_sam_account: NTSTATUS (struct samu *) >+pdb_build_fields_present: uint32_t (struct samu *) >+pdb_capabilities: uint32_t (void) >+pdb_copy_sam_account: bool (struct samu *, struct samu *) >+pdb_create_alias: NTSTATUS (const char *, uint32_t *) >+pdb_create_builtin: NTSTATUS (uint32_t) >+pdb_create_builtin_alias: NTSTATUS (uint32_t, gid_t) >+pdb_create_dom_group: NTSTATUS (TALLOC_CTX *, const char *, uint32_t *) >+pdb_create_user: NTSTATUS (TALLOC_CTX *, const char *, uint32_t, uint32_t *) >+pdb_decode_acct_ctrl: uint32_t (const char *) >+pdb_default_add_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *) >+pdb_default_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) >+pdb_default_alias_memberships: NTSTATUS (struct pdb_methods *, TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) >+pdb_default_create_alias: NTSTATUS (struct pdb_methods *, const char *, uint32_t *) >+pdb_default_del_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *) >+pdb_default_delete_alias: NTSTATUS (struct pdb_methods *, const struct dom_sid *) >+pdb_default_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid) >+pdb_default_enum_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *) >+pdb_default_enum_group_mapping: NTSTATUS (struct pdb_methods *, const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool) >+pdb_default_get_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *) >+pdb_default_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t) >+pdb_default_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *) >+pdb_default_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid) >+pdb_default_set_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *) >+pdb_default_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) >+pdb_del_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *) >+pdb_del_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t) >+pdb_del_trusted_domain: NTSTATUS (const char *) >+pdb_del_trusteddom_pw: bool (const char *) >+pdb_delete_alias: NTSTATUS (const struct dom_sid *) >+pdb_delete_dom_group: NTSTATUS (TALLOC_CTX *, uint32_t) >+pdb_delete_group_mapping_entry: NTSTATUS (struct dom_sid) >+pdb_delete_sam_account: NTSTATUS (struct samu *) >+pdb_delete_secret: NTSTATUS (const char *) >+pdb_delete_user: NTSTATUS (TALLOC_CTX *, struct samu *) >+pdb_element_is_changed: bool (const struct samu *, enum pdb_elements) >+pdb_element_is_set_or_changed: bool (const struct samu *, enum pdb_elements) >+pdb_encode_acct_ctrl: char *(uint32_t, size_t) >+pdb_enum_alias_memberships: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) >+pdb_enum_aliasmem: NTSTATUS (const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *) >+pdb_enum_group_mapping: bool (const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool) >+pdb_enum_group_members: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, uint32_t **, size_t *) >+pdb_enum_group_memberships: NTSTATUS (TALLOC_CTX *, struct samu *, struct dom_sid **, gid_t **, uint32_t *) >+pdb_enum_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct pdb_trusted_domain ***) >+pdb_enum_trusteddoms: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***) >+pdb_enum_upn_suffixes: NTSTATUS (TALLOC_CTX *, uint32_t *, char ***) >+pdb_find_backend_entry: struct pdb_init_function_entry *(const char *) >+pdb_get_account_policy: bool (enum pdb_policy_type, uint32_t *) >+pdb_get_acct_ctrl: uint32_t (const struct samu *) >+pdb_get_acct_desc: const char *(const struct samu *) >+pdb_get_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *) >+pdb_get_backend_private_data: void *(const struct samu *, const struct pdb_methods *) >+pdb_get_backends: const struct pdb_init_function_entry *(void) >+pdb_get_bad_password_count: uint16_t (const struct samu *) >+pdb_get_bad_password_time: time_t (const struct samu *) >+pdb_get_code_page: uint16_t (const struct samu *) >+pdb_get_comment: const char *(const struct samu *) >+pdb_get_country_code: uint16_t (const struct samu *) >+pdb_get_dir_drive: const char *(const struct samu *) >+pdb_get_domain: const char *(const struct samu *) >+pdb_get_domain_info: struct pdb_domain_info *(TALLOC_CTX *) >+pdb_get_fullname: const char *(const struct samu *) >+pdb_get_group_rid: uint32_t (struct samu *) >+pdb_get_group_sid: const struct dom_sid *(struct samu *) >+pdb_get_homedir: const char *(const struct samu *) >+pdb_get_hours: const uint8_t *(const struct samu *) >+pdb_get_hours_len: uint32_t (const struct samu *) >+pdb_get_init_flags: enum pdb_value_state (const struct samu *, enum pdb_elements) >+pdb_get_kickoff_time: time_t (const struct samu *) >+pdb_get_lanman_passwd: const uint8_t *(const struct samu *) >+pdb_get_logoff_time: time_t (const struct samu *) >+pdb_get_logon_count: uint16_t (const struct samu *) >+pdb_get_logon_divs: uint16_t (const struct samu *) >+pdb_get_logon_script: const char *(const struct samu *) >+pdb_get_logon_time: time_t (const struct samu *) >+pdb_get_munged_dial: const char *(const struct samu *) >+pdb_get_nt_passwd: const uint8_t *(const struct samu *) >+pdb_get_nt_username: const char *(const struct samu *) >+pdb_get_pass_can_change: bool (const struct samu *) >+pdb_get_pass_can_change_time: time_t (const struct samu *) >+pdb_get_pass_can_change_time_noncalc: time_t (const struct samu *) >+pdb_get_pass_last_set_time: time_t (const struct samu *) >+pdb_get_pass_must_change_time: time_t (const struct samu *) >+pdb_get_plaintext_passwd: const char *(const struct samu *) >+pdb_get_profile_path: const char *(const struct samu *) >+pdb_get_pw_history: const uint8_t *(const struct samu *, uint32_t *) >+pdb_get_secret: NTSTATUS (TALLOC_CTX *, const char *, DATA_BLOB *, NTTIME *, DATA_BLOB *, NTTIME *, struct security_descriptor **) >+pdb_get_seq_num: bool (time_t *) >+pdb_get_tevent_context: struct tevent_context *(void) >+pdb_get_trust_credentials: NTSTATUS (const char *, const char *, TALLOC_CTX *, struct cli_credentials **) >+pdb_get_trusted_domain: NTSTATUS (TALLOC_CTX *, const char *, struct pdb_trusted_domain **) >+pdb_get_trusted_domain_by_sid: NTSTATUS (TALLOC_CTX *, struct dom_sid *, struct pdb_trusted_domain **) >+pdb_get_trusteddom_creds: NTSTATUS (const char *, TALLOC_CTX *, struct cli_credentials **) >+pdb_get_trusteddom_pw: bool (const char *, char **, struct dom_sid *, time_t *) >+pdb_get_unknown_6: uint32_t (const struct samu *) >+pdb_get_user_rid: uint32_t (const struct samu *) >+pdb_get_user_sid: const struct dom_sid *(const struct samu *) >+pdb_get_username: const char *(const struct samu *) >+pdb_get_workstations: const char *(const struct samu *) >+pdb_getgrgid: bool (GROUP_MAP *, gid_t) >+pdb_getgrnam: bool (GROUP_MAP *, const char *) >+pdb_getgrsid: bool (GROUP_MAP *, struct dom_sid) >+pdb_gethexhours: bool (const char *, unsigned char *) >+pdb_gethexpwd: bool (const char *, unsigned char *) >+pdb_getsampwnam: bool (struct samu *, const char *) >+pdb_getsampwsid: bool (struct samu *, const struct dom_sid *) >+pdb_group_rid_to_gid: gid_t (uint32_t) >+pdb_id_to_sid: bool (struct unixid *, struct dom_sid *) >+pdb_increment_bad_password_count: bool (struct samu *) >+pdb_is_password_change_time_max: bool (time_t) >+pdb_is_responsible_for_builtin: bool (void) >+pdb_is_responsible_for_everything_else: bool (void) >+pdb_is_responsible_for_our_sam: bool (void) >+pdb_is_responsible_for_unix_groups: bool (void) >+pdb_is_responsible_for_unix_users: bool (void) >+pdb_is_responsible_for_wellknown: bool (void) >+pdb_lookup_rids: NTSTATUS (const struct dom_sid *, int, uint32_t *, const char **, enum lsa_SidType *) >+pdb_new_rid: bool (uint32_t *) >+pdb_nop_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) >+pdb_nop_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid) >+pdb_nop_enum_group_mapping: NTSTATUS (struct pdb_methods *, enum lsa_SidType, GROUP_MAP **, size_t *, bool) >+pdb_nop_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t) >+pdb_nop_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *) >+pdb_nop_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid) >+pdb_nop_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) >+pdb_rename_sam_account: NTSTATUS (struct samu *, const char *) >+pdb_search_aliases: struct pdb_search *(TALLOC_CTX *, const struct dom_sid *) >+pdb_search_entries: uint32_t (struct pdb_search *, uint32_t, uint32_t, struct samr_displayentry **) >+pdb_search_groups: struct pdb_search *(TALLOC_CTX *) >+pdb_search_init: struct pdb_search *(TALLOC_CTX *, enum pdb_search_type) >+pdb_search_users: struct pdb_search *(TALLOC_CTX *, uint32_t) >+pdb_set_account_policy: bool (enum pdb_policy_type, uint32_t) >+pdb_set_acct_ctrl: bool (struct samu *, uint32_t, enum pdb_value_state) >+pdb_set_acct_desc: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *) >+pdb_set_backend_private_data: bool (struct samu *, void *, void (*)(void **), const struct pdb_methods *, enum pdb_value_state) >+pdb_set_bad_password_count: bool (struct samu *, uint16_t, enum pdb_value_state) >+pdb_set_bad_password_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_code_page: bool (struct samu *, uint16_t, enum pdb_value_state) >+pdb_set_comment: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_country_code: bool (struct samu *, uint16_t, enum pdb_value_state) >+pdb_set_dir_drive: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_domain: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_fullname: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_group_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state) >+pdb_set_group_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state) >+pdb_set_homedir: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_hours: bool (struct samu *, const uint8_t *, int, enum pdb_value_state) >+pdb_set_hours_len: bool (struct samu *, uint32_t, enum pdb_value_state) >+pdb_set_init_flags: bool (struct samu *, enum pdb_elements, enum pdb_value_state) >+pdb_set_kickoff_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_lanman_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state) >+pdb_set_logoff_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_logon_count: bool (struct samu *, uint16_t, enum pdb_value_state) >+pdb_set_logon_divs: bool (struct samu *, uint16_t, enum pdb_value_state) >+pdb_set_logon_script: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_logon_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_munged_dial: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_nt_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state) >+pdb_set_nt_username: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_pass_can_change: bool (struct samu *, bool) >+pdb_set_pass_can_change_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_pass_last_set_time: bool (struct samu *, time_t, enum pdb_value_state) >+pdb_set_plaintext_passwd: bool (struct samu *, const char *) >+pdb_set_plaintext_pw_only: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_profile_path: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_pw_history: bool (struct samu *, const uint8_t *, uint32_t, enum pdb_value_state) >+pdb_set_secret: NTSTATUS (const char *, DATA_BLOB *, DATA_BLOB *, struct security_descriptor *) >+pdb_set_trusted_domain: NTSTATUS (const char *, const struct pdb_trusted_domain *) >+pdb_set_trusteddom_pw: bool (const char *, const char *, const struct dom_sid *) >+pdb_set_unix_primary_group: NTSTATUS (TALLOC_CTX *, struct samu *) >+pdb_set_unknown_6: bool (struct samu *, uint32_t, enum pdb_value_state) >+pdb_set_upn_suffixes: NTSTATUS (uint32_t, const char **) >+pdb_set_user_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state) >+pdb_set_user_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state) >+pdb_set_user_sid_from_string: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_username: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_set_workstations: bool (struct samu *, const char *, enum pdb_value_state) >+pdb_sethexhours: void (char *, const unsigned char *) >+pdb_sethexpwd: void (char *, const unsigned char *, uint32_t) >+pdb_sid_to_id: bool (const struct dom_sid *, struct unixid *) >+pdb_sid_to_id_unix_users_and_groups: bool (const struct dom_sid *, struct unixid *) >+pdb_update_autolock_flag: bool (struct samu *, bool *) >+pdb_update_bad_password_count: bool (struct samu *, bool *) >+pdb_update_group_mapping_entry: NTSTATUS (GROUP_MAP *) >+pdb_update_login_attempts: NTSTATUS (struct samu *, bool) >+pdb_update_sam_account: NTSTATUS (struct samu *) >+privilege_create_account: NTSTATUS (const struct dom_sid *) >+privilege_delete_account: NTSTATUS (const struct dom_sid *) >+privilege_enum_sids: NTSTATUS (enum sec_privilege, TALLOC_CTX *, struct dom_sid **, int *) >+privilege_enumerate_accounts: NTSTATUS (struct dom_sid **, int *) >+revoke_all_privileges: bool (const struct dom_sid *) >+revoke_privilege_by_name: bool (const struct dom_sid *, const char *) >+revoke_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *) >+samu_alloc_rid_unix: NTSTATUS (struct pdb_methods *, struct samu *, const struct passwd *) >+samu_new: struct samu *(TALLOC_CTX *) >+samu_set_unix: NTSTATUS (struct samu *, const struct passwd *) >+secrets_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***) >+sid_check_is_builtin: bool (const struct dom_sid *) >+sid_check_is_for_passdb: bool (const struct dom_sid *) >+sid_check_is_in_builtin: bool (const struct dom_sid *) >+sid_check_is_in_unix_groups: bool (const struct dom_sid *) >+sid_check_is_in_unix_users: bool (const struct dom_sid *) >+sid_check_is_in_wellknown_domain: bool (const struct dom_sid *) >+sid_check_is_unix_groups: bool (const struct dom_sid *) >+sid_check_is_unix_users: bool (const struct dom_sid *) >+sid_check_is_wellknown_builtin: bool (const struct dom_sid *) >+sid_check_is_wellknown_domain: bool (const struct dom_sid *, const char **) >+sid_check_object_is_for_passdb: bool (const struct dom_sid *) >+sid_to_gid: bool (const struct dom_sid *, gid_t *) >+sid_to_uid: bool (const struct dom_sid *, uid_t *) >+sids_to_unixids: bool (const struct dom_sid *, uint32_t, struct unixid *) >+smb_add_user_group: int (const char *, const char *) >+smb_create_group: int (const char *, gid_t *) >+smb_delete_group: int (const char *) >+smb_delete_user_group: int (const char *, const char *) >+smb_nscd_flush_group_cache: void (void) >+smb_nscd_flush_user_cache: void (void) >+smb_register_passdb: NTSTATUS (int, const char *, pdb_init_function) >+smb_set_primary_group: int (const char *, const char *) >+uid_to_sid: void (struct dom_sid *, uid_t) >+uid_to_unix_users_sid: void (uid_t, struct dom_sid *) >+unix_groups_domain_name: const char *(void) >+unix_users_domain_name: const char *(void) >+unixid_from_both: void (struct unixid *, uint32_t) >+unixid_from_gid: void (struct unixid *, uint32_t) >+unixid_from_uid: void (struct unixid *, uint32_t) >+wb_is_trusted_domain: wbcErr (const char *) >+winbind_allocate_gid: bool (gid_t *) >+winbind_allocate_uid: bool (uid_t *) >+winbind_get_groups: bool (TALLOC_CTX *, const char *, uint32_t *, gid_t **) >+winbind_get_sid_aliases: bool (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) >+winbind_getpwnam: struct passwd *(const char *) >+winbind_getpwsid: struct passwd *(const struct dom_sid *) >+winbind_gid_to_sid: bool (struct dom_sid *, gid_t) >+winbind_lookup_name: bool (const char *, const char *, struct dom_sid *, enum lsa_SidType *) >+winbind_lookup_rids: bool (TALLOC_CTX *, const struct dom_sid *, int, uint32_t *, const char **, const char ***, enum lsa_SidType **) >+winbind_lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *) >+winbind_lookup_usersids: bool (TALLOC_CTX *, const struct dom_sid *, uint32_t *, struct dom_sid **) >+winbind_ping: bool (void) >+winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *) >+winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *) >+winbind_uid_to_sid: bool (struct dom_sid *, uid_t) >diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c >index 9dee9d2..b8247f2 100644 >--- a/source3/passdb/pdb_interface.c >+++ b/source3/passdb/pdb_interface.c >@@ -2145,6 +2145,13 @@ bool pdb_get_trusteddom_pw(const char *domain, char** pwd, struct dom_sid *sid, > pass_last_set_time); > } > >+NTSTATUS pdb_get_trusteddom_creds(const char *domain, TALLOC_CTX *mem_ctx, >+ struct cli_credentials **creds) >+{ >+ struct pdb_methods *pdb = pdb_get_methods(); >+ return pdb->get_trusteddom_creds(pdb, domain, mem_ctx, creds); >+} >+ > bool pdb_set_trusteddom_pw(const char* domain, const char* pwd, > const struct dom_sid *sid) > { >@@ -2182,6 +2189,15 @@ static bool pdb_default_get_trusteddom_pw(struct pdb_methods *methods, > > } > >+static NTSTATUS pdb_default_get_trusteddom_creds(struct pdb_methods *methods, >+ const char *domain, >+ TALLOC_CTX *mem_ctx, >+ struct cli_credentials **creds) >+{ >+ *creds = NULL; >+ return NT_STATUS_NOT_IMPLEMENTED; >+} >+ > static bool pdb_default_set_trusteddom_pw(struct pdb_methods *methods, > const char* domain, > const char* pwd, >@@ -2623,6 +2639,7 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) > (*methods)->search_aliases = pdb_default_search_aliases; > > (*methods)->get_trusteddom_pw = pdb_default_get_trusteddom_pw; >+ (*methods)->get_trusteddom_creds = pdb_default_get_trusteddom_creds; > (*methods)->set_trusteddom_pw = pdb_default_set_trusteddom_pw; > (*methods)->del_trusteddom_pw = pdb_default_del_trusteddom_pw; > (*methods)->enum_trusteddoms = pdb_default_enum_trusteddoms; >diff --git a/source3/wscript_build b/source3/wscript_build >index 6fbe581..e1964a3 100755 >--- a/source3/wscript_build >+++ b/source3/wscript_build >@@ -149,7 +149,7 @@ bld.SAMBA3_LIBRARY('samba-passdb', > passdb/lookup_sid.h''', > abi_match=private_pdb_match, > abi_directory='passdb/ABI', >- vnum='0.2.0') >+ vnum='0.24.1') > > bld.SAMBA3_SUBSYSTEM('pdb', > source='''passdb/pdb_get_set.c >-- >1.9.1 > > >From 34a3dcd1829f14980d969c8196f193298dd87254 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 16 Dec 2014 15:05:17 +0000 >Subject: [PATCH 17/17] s3:passdb: let pdb_get_trust_credentials() try > pdb_get_trusteddom_creds() first > >NT_STATUS_NOT_IMPLEMENTED lets it fallback to the old get_trust_pw_clear2() >code. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >Autobuild-User(master): Stefan Metzmacher <metze@samba.org> >Autobuild-Date(master): Thu Dec 18 06:46:05 CET 2014 on sn-devel-104 > >(cherry picked from commit 12aaafd2971ac71823ccbebda7b2afd689239770) >--- > source3/passdb/passdb.c | 65 +++++++++++++++++++++++++++++++++---------------- > 1 file changed, 44 insertions(+), 21 deletions(-) > >diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c >index 02f0a78..f071027 100644 >--- a/source3/passdb/passdb.c >+++ b/source3/passdb/passdb.c >@@ -2523,27 +2523,6 @@ NTSTATUS pdb_get_trust_credentials(const char *netbios_domain, > struct cli_credentials *creds = NULL; > bool ok; > >- lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers()); >- if (lp_ctx == NULL) { >- DEBUG(1, ("loadparm_init_s3 failed\n")); >- status = NT_STATUS_INTERNAL_ERROR; >- goto fail; >- } >- >- creds = cli_credentials_init(mem_ctx); >- if (creds == NULL) { >- status = NT_STATUS_NO_MEMORY; >- goto fail; >- } >- >- cli_credentials_set_conf(creds, lp_ctx); >- >- ok = cli_credentials_set_domain(creds, netbios_domain, CRED_SPECIFIED); >- if (!ok) { >- status = NT_STATUS_NO_MEMORY; >- goto fail; >- } >- > /* > * If this is our primary trust relationship, use the common > * code to read the secrets.ldb or secrets.tdb file. >@@ -2557,6 +2536,27 @@ NTSTATUS pdb_get_trust_credentials(const char *netbios_domain, > goto fail; > } > >+ lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers()); >+ if (lp_ctx == NULL) { >+ DEBUG(1, ("loadparm_init_s3 failed\n")); >+ status = NT_STATUS_INTERNAL_ERROR; >+ goto fail; >+ } >+ >+ creds = cli_credentials_init(mem_ctx); >+ if (creds == NULL) { >+ status = NT_STATUS_NO_MEMORY; >+ goto fail; >+ } >+ >+ cli_credentials_set_conf(creds, lp_ctx); >+ >+ ok = cli_credentials_set_domain(creds, netbios_domain, CRED_SPECIFIED); >+ if (!ok) { >+ status = NT_STATUS_NO_MEMORY; >+ goto fail; >+ } >+ > status = cli_credentials_set_machine_account_db_ctx(creds, > lp_ctx, > db_ctx); >@@ -2573,6 +2573,14 @@ NTSTATUS pdb_get_trust_credentials(const char *netbios_domain, > goto fail; > } > >+ status = pdb_get_trusteddom_creds(netbios_domain, mem_ctx, &creds); >+ if (NT_STATUS_IS_OK(status)) { >+ goto done; >+ } >+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) { >+ goto fail; >+ } >+ > ok = get_trust_pw_clear2(netbios_domain, > &_account_name, > &channel, >@@ -2600,6 +2608,21 @@ NTSTATUS pdb_get_trust_credentials(const char *netbios_domain, > goto fail; > } > >+ lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers()); >+ if (lp_ctx == NULL) { >+ DEBUG(1, ("loadparm_init_s3 failed\n")); >+ status = NT_STATUS_INTERNAL_ERROR; >+ goto fail; >+ } >+ >+ creds = cli_credentials_init(mem_ctx); >+ if (creds == NULL) { >+ status = NT_STATUS_NO_MEMORY; >+ goto fail; >+ } >+ >+ cli_credentials_set_conf(creds, lp_ctx); >+ > cli_credentials_set_secure_channel_type(creds, channel); > cli_credentials_set_password_last_changed_time(creds, last_set_time); > >-- >1.9.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10547">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
abartlet
:
review+
ab
:
review+
Actions:
View
Attachments on
bug 11017
: 10547