summaryrefslogtreecommitdiff
path: root/source3/lib/username.c
AgeCommit message (Collapse)AuthorFilesLines
2004-03-19BUG 417: fix %UuGg variables expansion in include lines setging the ↵Gerald Carter1-0/+5
current_user_info struct in register_vuid() -- shouldn't be any more broken than we were (This used to be commit a90c3bd281e7a62bb8482e42aa3b674eeeb5995a)
2003-11-04Fix for bug #703, try lowercase netgroups lookups.Jeremy Allison1-1/+18
Jeremy. (This used to be commit 8b06385e008a9433fa6efb941b997f7d6b182a65)
2003-07-25fix user_in_list to work with winbind groups again; my bugGerald Carter1-1/+1
(This used to be commit 850f4fafdbaf19ea13273a8bf82433ba50a11868)
2003-07-22Fixup a bunch of printf-style functions and debugs to use unsigned long whenTim Potter1-1/+1
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings on some of the 64-bit build farm machines as well as help us out when 64-bit uid/gid/pid values come along. (This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-3/+3
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-06-23* set domain->last_status = NT_STATUS_SERVER_DISABLED on an ads_connect() ↵Gerald Carter1-6/+7
failure * Fix code to use winbind_rpc methods for trusted mixed mode or NT4 domains ( does no one ever test this? ) * add in LDAP code to get the sequence number for rpc based seqnum update. ( this is needed if the DC is upgraded and samba is not reconfigured to use security = ads; it's not pretty but it works (from app_head) ) * fix bug that caused us to enumerate domain local groups in domains other than our own (This used to be commit 14f2cd139a22454571cea8475d3b7c5c2787d378)
2003-06-21merge of the netsamlogon caching code from APPLIANCE_HEADGerald Carter1-23/+46
This replaces the universal group caching code (was originally based on that code). Only applies to the the RPC code. One comment: domain local groups don't show up in 'getent group' that's easy to fix. Code has been tested against 2k domain but doesn't change anything with respect to NT4 domains. netsamlogon caching works pretty much like the universal group caching code did but has had much more testing and puts winbind mostly back in sync between branches. (This used to be commit aac01dc7bc95c20ee21c93f3581e2375d9a894e1)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-1/+1
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-02-24Merge of server-side authentication changes to 3.0:Andrew Bartlett1-15/+42
- user_ok() and user_in_group() now take a list of groups, instead of looking for the user in the members of all groups. - The 'server_info' returned from the authentication is now kept around - in future we won't copy the sesion key, username etc, we will just referece them directly. - rhosts upgraded to use the SAM if possible, otherwise fake up based on getpwnam(). - auth_util code to deal with groups upgraded to deal with non-winbind domain members again. Andrew Bartlett (This used to be commit 74b5436c75114170ce7c780c19226103d0df9060)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-2/+2
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-57/+0
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-1/+1
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-47/+35
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-04-15Merge of comment fix.Tim Potter1-1/+1
(This used to be commit 0e3be3603e6fea05cc8febd6ba50a5064e225901)
2002-03-23Update some of the DEBUG()s in Get_Pwnam_internal()Andrew Bartlett1-8/+11
Andrew Bartlett (This used to be commit 20f6f9e3a221da60aae0de166f17085053e27286)
2002-02-27Make this function staticAndrew Bartlett1-1/+1
(This used to be commit 85974e6c43b796649f04544eeffeba837cae963b)
2002-02-20Thanks to David Edward Shapiro <David.Edward.Shapiro@btitele.com> for spottingAndrew Bartlett1-1/+1
this! (groupname and domain name paramaters swapped, giving 'interesting' results...) Andrew Bartlett (This used to be commit 5aed3759d8edbe59df8c1ea70827c4b931393134)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-27Some more 'winbind default domain' support patches from Alexander BokovoyAndrew Bartlett1-0/+27
<a.bokovoy@sam-solutions.net>. This patch is designed to remove the 'special cases' required for this support. In particular this now kills off winbind_initgroups, as it appears no longer to be required. Andrew Bartlett (This used to be commit f1d8d509766e9169d39332559162cfec249bfc70)
2002-01-26Bring this code into line with new winbind_lookup_name() interface. I thinkAndrew Bartlett1-10/+23
this might need a bit more work - or at least documentation. This is certainly a worthwile little hack, as it avoids the need to invert the group database. I don't think we should allow unqualified domains here - as that allows us to distinguish between (at least some) usernames and these 'special' groups. (This used to be commit 151dd7bc6c61e19a993017e5e0b50314801e26de)
2002-01-18This is the 'winbind default domain' patch from Alexander BokovoyAndrew Bartlett1-1/+1
<a.bokovoy@sam-solutions.net>. The idea is the domain\username is rather harsh for unix systems - people don't expect to have to FTP, SSH and (in particular) e-mail with a username like that. This 'corrects' that - but is not without its own problems. As you can see from the changes to files like username.c and wb_client.c (smbd's winbind client code) a lot of assumptions are made in a lot of places about lp_winbind_seperator determining a users's status as a domain or local user. The main change I will shortly be making is to investigate and kill off winbind_initgroups() - as far as I know it was a workaround for an old bug in winbind itself (and a bug in RH 5.2) and should no longer be relevent. I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters to determine a user/groups's 'local' status, rather than the presence of the seperator. As such, this functionality is recommended for servers providing unix services, but is currently less than optimal for windows clients. (TODO: remove all references to lp_winbind_seperator() and lp_winbind_use_default_domain() from smbd) Andrew Bartlett (This used to be commit 07a21fcd2311d2d9b430b99303e3532a8c1159e4)
2002-01-17A nice *big* change to the fundemental way we do things.Andrew Bartlett1-28/+6
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps them around for a long time - often past the next call... This adds a getpwnam_alloc and a getpwuid_alloc to the collection. These function as expected, returning a malloced structure that can be free()ed with passwd_free(&passwd). This patch also cuts down on the number of calls to getpwnam - mostly by taking advantage of the fact that the passdb interface is already case-insensiteve. With this patch most of the recursive cases have been removed (that I know of) and the problems are reduced further by not using the sys_ interface in the new code. This means that pointers to the cache won't be affected. (This is a tempoary HACK, I intend to kill the password cache entirly). The only change I'm a little worried about is the change to rpc_server/srv_samr_nt.c for private groups. In this case we are getting groups from the new group mapping DB. Do we still need to check for private groups? I've toned down the check to a case sensitve match with the new code, but we might be able to kill it entirly. I've also added a make_modifyable_passwd() function, that copies a passwd struct into the form that the old sys_getpw* code provided. As far as I can tell this is only actually used in the pass_check.c crazies, where I moved the final 'special case' for shadow passwords (out of _Get_Pwnam()). The matching case for getpwent() is dealt with already, in lib/util_getent.c Also included in here is a small change to register the [homes] share at vuid creation rather than just in one varient of the session setup. (This picks up the SPNEGO cases). The home directory is now stored on the vuid, and I am hoping this might provide a saner way to do %H substitions. TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change the remaining sys_getpwnam() callers to use getpwnam_alloc() and move Get_Pwnam to return an allocated struct. Andrew Bartlett (This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
2002-01-16Separate out get_user_home_dir() from get_user_home_service_dir().Jeremy Allison1-0/+19
Jeremy. (This used to be commit c1b97226db63daf64359e79083a4754e7c7f8054)
2002-01-16Merged in %S fixes and XX_NOT_CHANGED fixes from 2.2.Jeremy Allison1-6/+9
Jeremy. (This used to be commit 0fcca6c627a5c9c2219ec9714df5e0bc1a44cc29)
2001-12-20fixed warnings on irix and crash bug on big endian machinesAndrew Tridgell1-4/+4
(This used to be commit cc6c263993eaf0715f231fc80ca7e6e65694548b)
2001-12-18A fix to override the location of a user's home directory if it isTim Potter1-0/+16
specified in the [homes] section of the smb.conf file. Jeremy, can you take a look at this? This is in response to someone on the samba mailing list worrying about it. Tim. From: Phil Thompson <philnanne@mediaone.net> To: samba@lists.samba.org Subject: Different [homes] behavior in 2.2.2 X-Original-Date: Mon, 17 Dec 2001 23:09:28 -0500 Is it possible to configure samba to disregard the home directory in the passwd file when using [homes]? Even though an alternate "path" is set in [homes], the service fails since the unix home directory is invalid (nonexistent) on the server. [...] This behavior of validating the user's home dir as set in the passwd files appears to be new in 2.2.2 and the latest CVS. Anyway to work around this? (This used to be commit c15dec74a360c6b20f536708e00e61d1d27dcbfc)
2001-12-14Added the group enum code from 2.2Jeremy Allison1-13/+15
Jeremy. (This used to be commit 59e01a22c5cb1046758c8cd6b09333c19d6cd26e)
2001-12-14I see no reasons why we should limit username lenght while checkingSimo Sorce1-4/+0
see bug 22130 jeremy, probably this should be fixed also in 2_2 (This used to be commit d0614b2e660122c57a660977f554799d08b35ab6)
2001-12-04winbindd friendly user_in_list code. Tested on a 65k user domain.Jeremy Allison1-7/+15
Jeremy. (This used to be commit 5215bcca15f2cfbe438ac62cbaf94afae63ce993)
2001-12-04Moved name_is_local to the correct place. Ooops.Jeremy Allison1-0/+10
Jeremy. (This used to be commit 708c0a8d16ca86439e451def5f8d37f600ff15f1)
2001-12-04Tidyup of lib/username. Add name_is_local fn to determine if name isJeremy Allison1-171/+173
winbindd. Getting ready for efficiency fix in group lookups. Jeremy. (This used to be commit 8d41dfd149625e8ac53ab5e90a96e9a2daf9a629)
2001-11-13Look for DOMAIN\group in group lists and ask winbind.Jeremy Allison1-68/+89
Jeremy. (This used to be commit 763fd1c78757ea640dd50ac72caf5ebbb465b3b9)
2001-10-29This commit is number 4 of 4.Andrew Bartlett1-5/+5
In particular this commit focuses on: Actually adding the 'const' to the passdb interface, and the flow-on changes. Also kill off the 'disp_info' stuff, as its no longer used. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes introduces a large dose of 'const' to the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username --- This finishes this line of commits off, your tree should now compile again :-) Andrew Bartlett (This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)
2001-10-29This commit is number 3 of 4.Andrew Bartlett1-19/+58
In particular this commit focuses on: Changing the Get_Pwnam code so that it can work in a const-enforced environment. While these changes have been mildly tested, and are pretty small, any assistance in this is appreciated. ---- These changes allow for 'const' in the Samba tree. There are a number of good reasons to do this: - I want to allow the SAM_ACCOUNT structure to move from wasteful pstrings and fstrings to allocated strings. We can't do that if people are modifying these outputs, as they may well make assumptions about getting pstrings and fstrings - I want --with-pam_smbpass to compile with a slightly sane volume of warnings, currently its pretty bad, even in 2.2 where is compiles at all. - Tridge assures me that he no longer opposes 'const religion' based on the ability to #define const the problem away. - Changed Get_Pwnam(x,y) into two variants (so that the const parameter can work correctly): - Get_Pwnam(const x) and Get_Pwnam_Modify(x). - Reworked smbd/chgpasswd.c to work with these mods, passing around a 'struct passwd' rather than the modified username (This used to be commit e7634f81c5116ff4addfb7e495f54b6bb78e8f77)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-1/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-17move to SAFE_FREE()Simo Sorce1-2/+2
(This used to be commit 60e907b7e8e1c008463a88ed2b076344278986ef)
2001-09-10convert more code to use XFILEAndrew Tridgell1-4/+4
(This used to be commit fe6679dffba9a92bb35933ad52172c9be0e9ef90)
2001-07-24Convert other parameters (read list, write list, valid users...) to the ↵Simo Sorce1-21/+33
P_LIST format. changed functions to use list instead of strings addedd lp_list_substitute function (This used to be commit 7257d07563ba21bd88733d5d2b4ec4829fab2507)
2001-07-04strchr and strrchr are macros when compiling with optimisation in gcc, so we ↵Andrew Tridgell1-4/+4
can't redefine them. damn. (This used to be commit c41fc06376d1a2b83690612304e85010b5e5f3cf)
2001-04-06If we can't open the username map file, at least print the strerror.Jeremy Allison1-1/+1
Jeremy. (This used to be commit abf436153a476b7c5a7bff31f1e657b8f53b9dee)
2001-01-24fixed typo in debug statementGerald Carter1-2/+2
jerry (This used to be commit a28d384e4d7aff1578f22947d34338b75ceab76d)
2001-01-17Cleanup of Get_Pwnam(). Adds debugging, cleans up the allow_changeDavid O'Neill1-48/+45
codepath. (This used to be commit 767f73aee62438d74248facf7122b2c49645d5c7)
2000-12-11new version of Get_Pwnam()Gerald Carter1-52/+50
o check the username in all lowercase o check the username as transmitted if this would be a different case o check the username in all upper case if this is a new version -- jerry (This used to be commit 059f4fee5d8ad72cd699995c660263ed2cc4f25f)
2000-10-25Even when looking up a users groups via winbindd even if the lookup forJeremy Allison1-2/+2
the list of groups a user is in succeeds via winbind, we must allow the lookup of the group name -> gid we are checking if the user is a member of to go via winbind or /etc/group - as it may be a group on the local box we are checking against. This is a subtle one..... Jeremy. (This used to be commit 4ffda462b97e4f35c6d050c579dfe3e3b64e2c9f)
2000-10-25John Reilly @ HP (who is a wonderful human being and *definately* needsJeremy Allison1-2/+0
CVS commit access :-) has written a simple routine that peeks inside the MS PE printer driver file format and can tell if a driver is W2K or NT4.x. So we can now correctly return the driver version number. Hurrah ! JF - this is the code you always wanted ..... :-) :-). Jeremy. (This used to be commit fd17374e6d888813f4ed7142480cf93b8a16bfef)
2000-10-13Added David O'Neills fix to HEAD (hmmm. how did this compile... :-).Jeremy Allison1-1/+1
Jeremy. (This used to be commit e222057140edb3f14d76e54bd6e744919f50b4df)
2000-10-13Fix to allow smbd to call winbindd if it is running for all group enumeration,Jeremy Allison1-17/+113
falling back to the UNIX calls on error. This should fix all problems with smbd enumerating all users in all groups in all trusted domains via winbindd. Also changed GETDC to query 1C name rather than 1b name as only the PDC registers 1b. Jeremy. (This used to be commit 5b0038a2afd8abbd6fd4a58f5477a40d1926d498)
2000-10-11Turns out we do need the pwnam check as on many systems the usersJeremy Allison1-0/+7
primary group is not listed in the groups file... Jeremy. (This used to be commit b1cb7bec51963ac2ddc62dd1abbf8f8fa4351f9b)
2000-10-11Fix to avoid calling getgrgid for no reason.Jeremy Allison1-21/+9
Jeremy. (This used to be commit b057a7349b2d6420f96a6ebc31822da66b39fe6c)
2000-05-29don't return a passwd struct for usernames that don'tAndrew Tridgell1-2/+12
belong to us (This used to be commit 2740a80e30cbf512d51ba76684905a904c2fddf7)