summaryrefslogtreecommitdiff
path: root/source3/passdb/passdb.c
AgeCommit message (Collapse)AuthorFilesLines
2000-10-13last part of W2K support.Jean-François Micouleau1-1/+0
the trust domain list reply on netlogon pipe was wrong, interim hack until we have full trust relationships. changed some unistr2 to parse the ending NULL char. added a prs_align_needed() function. much like a prs_align but with a condition. needed for the unistr2 parsing. J.F. (This used to be commit d8bf81553c17d9ee3419d8150b96119ebb0b8fa9)
2000-10-07added samr_set_user_info and info_2.Jean-François Micouleau1-0/+209
cleanup of create_user cleanup of rid/sid mix in samr. now we only have sid. some prs_align() missing in parse_samr.c a small debug change in srv_pipe.c You still can't change a user's password in this commit. Will be availble in the next one. J.F. (This used to be commit b655bc281fa183b1827a946ada1fcf500fb93aea)
2000-08-23Added code to do SID to uid/gid conversion. Needed for ACL support.Jeremy Allison1-2/+73
Jeremy. (This used to be commit 81c5380f91839b6416c8a42739dadf00e7388528)
2000-08-02Started to canonicalize our handling of uid -> sid code in order toJeremy Allison1-64/+22
get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy. (This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
2000-08-01Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only need ↵Jeremy Allison1-12/+3
NT_STATUS_XXX). Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more obscure way. Jeremy. (This used to be commit c55bcec817f47d6162466b193d533c877194124a)
2000-06-09Luke, I am moving the code back into passdb/passdb.c, this the correctJeremy Allison1-2/+41
place to do this, not in smbd/passwd.c Please don't change this without asking first, I have run this past Andrew so talk to him (I'm on vacation next week). I also removed the g_newXXX macros. There are essentially a private C extension, not used anywhere else in the code, and add no functionality over malloc(XX) and make the code harder to understand (everyone knows what malloc does). Jeremy. (This used to be commit e1b1b6fb6794ba02e1fea510a981fa0ce0d12b58)
2000-06-09reverted jeremy's changes that removed NET_USER_INFO_3. will you pleaseLuke Leighton1-0/+2
not just undercut work in progress, thank you. (This used to be commit 86d440a88c948727bfcfedc694c52c58f9687d8b)
2000-06-08include/smb.h: Removed NET_USER_3 struct from user struct. It doesn't belong ↵Jeremy Allison1-0/+29
there (yet) as there is no infrastructure for it. Replaced it with a dynamic array of group SIDs plus a user. passdb/passdb.c: Added setup_user_sids() function. This is where the lookup should be done, eventually calling winbind. smbd/password.c: Changed to call setup_user_sids(). Removed spurious DEBUG(0) statements. smbd/reply.c: Removed extra parameter to register_vuid(). Jeremy. (This used to be commit 425f4ad9a5e0e7d49620276100ade7a0cae47011)
2000-04-25moved trans2.h and nterr.h into includes.h with all our other includesAndrew Tridgell1-1/+0
(This used to be commit d7cd7c88fdabb01d9e40ae8a657737907a21ac37)
2000-04-12Roll back to using static MACHINE.SID after consultation with Andrew. ThisJeremy Allison1-57/+201
code will be removed soon and a SID auto-generated from (probably) primary hostname and never stored in a file will replace it. Jeremy. (This used to be commit fbfe94a799cda7f728bc920d4f0655d4f537e3b6)
2000-04-11The changes made here broke NT security descriptor returning to NT clients.Jeremy Allison1-0/+2
We need to talk about the MACHINE.SID/<WORKGROUP_NAME>.SID mess..... Jeremy. (This used to be commit 5bdaa043f015771cccdc9413c37232ab4a3e2e8e)
2000-02-25client/client.c:Jeremy Allison1-0/+9
libsmb/clientgen.c: Fixes for Win2k smbclient browsing. Other fixes implement smbpasswd -x user to delete users. Also allows swat to do the same. Jeremy. (This used to be commit 9f6ad046761adecafba59040baa3abc9f0959e65)
2000-01-03simple mods to add msrpc pipe redirection. default behaviour: fall backLuke Leighton1-201/+56
to using internal msrpc code in smbd. (This used to be commit 8976e26d46cb991710bc77463f7f928ac00dd4d8)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-110/+969
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-07-11NULL pwdb_xxx_map_names() parameter can be passed here (which is a bugLuke Leighton1-5/+6
anyway!) (This used to be commit 91d5bda9ad22c922a918f0942dcbff04202b9991)
1999-07-08issues with pwdb_sam_map_names() and pwdb_smb_map_names() returning NULL.Luke Leighton1-2/+12
found by Bertl <bs@vpnet.at> (This used to be commit 389c17a225884b39d097dc0851a794d3669fdc31)
1999-07-07added debug reporting to pwdb_sam_map_names() and pwdb_smb_map_names()Luke Leighton1-1/+4
(This used to be commit baab30815238a803badeafa1ed8f029d7782242f)
1999-03-03Benjamin Kuit's latest mysql mods. issue with "make proto" needs to beLuke Leighton1-1/+6
resolved. (This used to be commit d59a2e669aed7ee33fdca8b8ec126b1c0a984981)
1999-03-01Benjamin Kuit's MYSQL SAM Database implementation.Luke Leighton1-0/+2
Copyright (C) Benjamin Kuit <bj@mcs.uts.edu.au> 1999. (This used to be commit fdf61e1dabc2c977ee5cf1e9d60e3380f19840da)
1998-12-11%U substitution should be unix user not nt userLuke Leighton1-0/+4
(This used to be commit f4b8a283065a7c1ae233a0ae01ac76f32fea6b31)
1998-11-29weekend work. user / group database API.Luke Leighton1-572/+64
- split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
1998-11-25fixing group database issuesLuke Leighton1-6/+7
(This used to be commit 591c63e3e1e3201ddcd7582585b652fb848d80ca)
1998-11-25LsaLookupNames client call (first used as lookupnames command in rpcclient).Luke Leighton1-23/+29
(This used to be commit 68342a29a892e515cf2b22d759476d61944bcd59)
1998-11-23unix instance of group database APILuke Leighton1-1/+1
(This used to be commit e76f593b3572ac881f1aa1fb3326d8b7169b0078)
1998-11-17Added the same open()/fopen()/creat()/mmap() -> sys_XXX calls.Jeremy Allison1-5/+5
Tidied up some of the mess (no other word for it). Still doesn't compile cleanly. There are calls with incorrect parameters that don't seem to be doing the right thing. This code still needs surgery :-(. Jeremy. (This used to be commit 18ff93a9abbf68ee8c59c0af3e57c63e4a015dac)
1998-11-17- group database API. oops and oh dear, the threat has been carried out:Luke Leighton1-336/+120
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
1998-11-07codepages/codepage_def.936: Updated comment.Jeremy Allison1-5/+3
param/loadparm.c: Removed "networkstation user login", "domain controller", and "domain sid" parameters. passdb/passdb.c: Removed "networkstation user login" code and changed bug test code to only check once for a bad password server. This will stop the complaints of many "bad login" audit records in NT PDC logs. utils/smbpasswd.c: Removed check for "domain controller". Jeremy. (This used to be commit d6e6e936b5dd90dd8fc38d9404efbe5c546c15e5)
1998-10-21domain aliases added a bit better: does local aliases if you queryLuke Leighton1-5/+6
for sid S-1-5-20 and does (nothing at the moment) if you query for your own sid. (This used to be commit da40f26f4b2f7ce286076b4e39dffd76aa2ef8e6)
1998-10-21the next dialog: user-groups. it's not very sensible what appears, but hey:Luke Leighton1-0/+27
it appears! (This used to be commit 399035098f212e976cc0000a215e0705ebe78c05)
1998-09-29Fixed warning in get_time_from_string().Jeremy Allison1-1/+1
Jeremy. (This used to be commit e9b7ff0dece2252b28be1ed526f43ff2bdf86ade)
1998-09-29missed the pdb_sam_to_smb function needed by nispass.cLuke Leighton1-19/+22
(This used to be commit b40a4e6385757cb8a44044a1437651954d6b1c90)
1998-09-29added in some pdb_xxx routines that are needed by nispass.cLuke Leighton1-0/+121
(This used to be commit 5212dd69d05a0d26dddcb4a0d9efca195436bfda)
1998-09-25Makefile.in: Fixed bug with continuation line causing proto to fail.Jeremy Allison1-1/+1
Added $(PROGS) $(SPROGS) as targets for make clean. acconfig.h: Added HAVE_IRIX_SPECIFIC_CAPABILITIES. configure.in: Added sys/capability.h header check. Added function checks for srandom random srand rand. Added HAVE_IRIX_SPECIFIC_CAPABILITIES test. includes.h: Added #include <sys/capability.h>. ntdomain.h: Moved struct acct_info into here from smb.h smb.h: Added KERNEL_OPLOCK_CAPABILITY define. Moved enum action_type into rpcclient.h Moved struct cli_state into client.h Moved struct nt_client_info, struct tar_client_info, struct client_info into rpcclient.h lib/genrand.c: Changed to use sys_random() & friends. lib/smbrun.c: Lose capabilities after fork. lib/system.c: Added set_process_capability(), set_inherited_process_capability() sys_random(), sys_srandom(). lib/util.c: Added Ander's EFBIG lock check to fcntl_lock for 64 bit access to an 32 bit mounted NFS filesystem. nmbd/nmbd.c: Changed to use sys_random() & friends. nmbd/nmbd_browsesync.c: Changed to use sys_random() & friends. passdb/ldap.c: Missed one pdb_encode_acct_ctrl call. passdb/passdb.c: Changed to Ander's code for ' ' characters. passdb/smbpass.c: Added Ander's code to reset ACB_PWNOTREQ. script/mkproto.awk: Added 'long' to prototypes. smbd/chgpasswd.c: Lose capabilities after fork. smbd/open.c: Do the mmap *after* the kernel oplock. smbd/oplock.c: Removed stub code from kernel oplock path. Added set_process_capability(), set_inherited_process_capability() calls. smbd/reply.c: Initialize count = 0, offset = 0. smbd/server.c: Added set_process_capability(), set_inherited_process_capability() calls. tests/summary.c: Ensure we have RANDOM or RAND. utils/smbpasswd.c: Added Ander's code to reset ACB_PWNOTREQ. utils/torture.c: Changed to use sys_random() & friends. Jeremy. (This used to be commit e8be306f23963ac00b1a383ebe0cc1421529fb02)
1998-09-24Integration of Anders Blomdell <anders.blomdell@control.lth.se>'sJeremy Allison1-25/+27
smbpasswd changes. Not exactly the same as his code - several changes. Jeremy. (This used to be commit e96747a8e3b9ea5a79c4258e55d7e8f3bf0bf193)
1998-09-24removed function names printed out in debug statements (duplicated inLuke Leighton1-33/+37
DEBUG macro, automatically) (This used to be commit 2e4d681d17f6bc097881444a72317ff3bb089151)
1998-09-05tridge the destroyer returns!Andrew Tridgell1-246/+2
prompted by the interpret_security() dead code that Jean-Francois pointed out I added a make target "finddead" that finds potentially dead (ie. unused) code. It spat out 304 function names ... I went through these are deleted many of them, making others static (finddead also reports functions that are used only in the local file). in doing this I have almost certainly deleted some useful code. I may have even prevented compilation with some compile options. I apologise. I decided it was better to get rid of this code now and add back the one or two functions that are needed than to keep all this baggage. So, if I have done a bit too much "destroying" then let me know. Keep the swearing to a minimum :) One bit I didn't do is the ubibt code. Chris, can you look at that? Heaps of unused functions there. Can they be made static? (This used to be commit 2204475c87f3024ea8fd1fbd7385b2def617a46f)
1998-09-03Ok - this is the 64 bit widening check in. It changes the configureJeremy Allison1-2/+2
to check for stat64 and friends, and then changes much of Samba to use the data type SMB_OFF_T for file size information. stat/fstat/lstat/lseek/ftruncate have now become sys_stat etc. to hide the 64 bit calls if needed. Note that this still does not expose 64 bit functionality to the client, as the changes to the reply_xxx smb's are not yet done. This code change should make these changes possible. Still to do before full 64 bit-ness to the client: fcntl lock code. statfs code widening of dev_t and ino_t (now possible due to SMB_DEV_T and SMB_OFF_T types being in place). Let me know if wierd things happen after this check-in and I'll fix them :-). Jeremy. (This used to be commit 14500936c321d15995c963766aac67bf1f4e3824)
1998-09-01More abstraction of file system data types, to move to a 64Jeremy Allison1-2/+2
bit file interface for the NT SMB's. Created a new define, SMB_STRUCT_STAT that currently is defined to be struct stat - this wil change to a user defined type containing 64 bit info when the correct wrappers are written for 64 bit stat(), fstat() and lstat() calls. Also changed all sys_xxxx() calls that were previously just wrappers to the same call prefixed by a dos_to_unix() call into dos_xxxx() calls. This makes it explicit when a pathname translation is being done, and when it is not. Now, all sys_xxx() calls are meant to be wrappers to mask OS differences, and not silently converting filenames on the fly. Jeremy. (This used to be commit 28aa182dbffaa4ffd86047e608400de4b26e80eb)
1998-08-15configure: Changes for extra headers.Jeremy Allison1-5/+5
configure.in: Source for header changes. client/clitar.c: Fixed isXXX macros & debugs for gcc pedantic compile. include/config.h.in: Added MEMSET, BZERO, MEMORY, RPCSVC_YPCLNT, STRINGS headers. include/includes.h: Headers for the above. include/smb.h: Made SIGNAL_CAST POSIX by default void (*)(int). lib/access.c: Fixed isXXX macros & debugs for gcc pedantic compile. lib/charset.c: Fixed isXXX macros & debugs for gcc pedantic compile. lib/debug.c: Fixed signal functs. lib/kanji.c: Fixed isXXX macros & debugs for gcc pedantic compile. lib/smbrun.c: Fixed isXXX macros & debugs for gcc pedantic compile. lib/util.c: Fixed isXXX macros & debugs for gcc pedantic compile. libsmb/namequery.c: Fixed isXXX macros & debugs for gcc pedantic compile. locking/shmem.c: Fixed isXXX macros & debugs for gcc pedantic compile. locking/shmem_sysv.c: Fixed error messages in sysV stuff. nmbd/asyncdns.c: Fixed signal functs. nmbd/nmbd.c: Fixed isXXX macros & debugs for gcc pedantic compile. passdb/passdb.c: Fixed isXXX macros & debugs for gcc pedantic compile. passdb/smbpassfile.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/chgpasswd.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/ipc.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/nttrans.c: Fixed fsp code path. smbd/password.c: fixed HAVE_YP_GET_DEFAULT_DOMAIN problem. smbd/printing.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/reply.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/server.c: Fixed isXXX macros & debugs for gcc pedantic compile. smbd/trans2.c: Fixed core dump bug. smbd/uid.c: Fixed isXXX macros & debugs for gcc pedantic compile. Jeremy. (This used to be commit 1b9cbcd02e575dc0a95fa589f720df30a4acc46b)
1998-07-29merge from the autoconf2 branch to the main branchAndrew Tridgell1-151/+155
(This used to be commit 3bda7ac417107a7b01d91805ca71c4330657ed21)
1998-06-20clitar.c: Fixed minor gcc -pedantic-error compile warnings.Jeremy Allison1-0/+2
passdb.c: Fixed stupid bug in read_sid_from_file(). Jeremy. (This used to be commit e65efe3f78240a4fa1ed7931e96c6fb698d9d8c8)
1998-06-01clientutil.c: Don't core dump if no controlling terminal available for password.Jeremy Allison1-6/+24
passdb.c: lib/rpc/include/rpc_misc.h: First cut at automatic uid/gid to rid mapping. We can change this at a later date to make more bits available if neccessary. Jeremy. (This used to be commit 34f40474aba97118e1e80fe6259c686e46dc16b4)
1998-05-27loadparm.c: Added machine password timeout parameter - set to 7 days be default.Jeremy Allison1-1/+0
password.c: Added code to tell server.c when machine password needs changing. server.c: Change machine password in idle cycles if it needs it. smbpassfile.c: Fixed up length calculations for machine password file. smbpasswd.c: Moved domain joining code/machine password changing code. lib/rpc/client/cli_netlogon.c: And this is where it now lives. Jeremy. (This used to be commit b8fedca6191de96159df0d1d17082d82e8e44773)
1998-05-25added set logon, logoff, kickoff etc time functions.Luke Leighton1-1/+39
(This used to be commit dab9728a4376cc52d6e53b09b5f42d08712330d6)
1998-05-25i wondered why nisppass.c came up with a linker error "pdb_set_last_set_time"Luke Leighton1-5/+0
not found. this gave me a clue... #if 0 /* commented out until someone uses them jra */ ... #endif (This used to be commit d553901b9a21c4917058fc6838aaf73eb9a1c8cc)
1998-05-24- created pdb_sethexpwd(), to be called from all pwd apis that need toLuke Leighton1-21/+51
store passwords in ascii format - dealt with lots of signed/unsigned char thingies spotted by Tim Winders. (This used to be commit bd825f1ef15c4bf12aeba945f8bfdc7fd0e14d25)
1998-05-21fixed signed / unsigned warnings spotted by tim winders. also fixedLuke Leighton1-1/+1
unnecessary "address of" warnings. (This used to be commit ed0afe1e186ce53046e70d8a92103d4f59a2eed2)
1998-05-19passdb.c: Fixed typo in coment.Jeremy Allison1-1/+1
smb.h: Removed comments no longer valid. smbpass.c: Stopped dummy function from being prototyped. util.c: Fix for multibyte char problems with strlower, strupper and string_replace. Jeremy. (This used to be commit cd244b45a5d35fceee2a4034b0c6aabdb58871aa)
1998-05-19removed "default" system for password database api: all functions mustLuke Leighton1-180/+76
be supported. there are some stub routines in passdb.c which can be copied into a password database api which do conversion. the module writer can choose which of these to provide full support for instead of using the conversion routines. (This used to be commit d906ac5941fa22f93a38d65906b89a80f971b83c)
1998-05-19ldap.c :Luke Leighton1-21/+238
- added support for some of the new passdb_ops functions. - removed functions that are supported "indirectly" through passdb.c nisppass.c : - modified make_nisname_from_xxx() functions to take a "file" arg. - turned getnisp21pwuid() into getnisp21pwrid(). getnisp21pwuid() functionality is available through "indirect" support in passdb.c - removed functions that are supported "indirectly" through passdb.c - added support for some of the new passdb_ops functions. passdb.c : - created getsam21pwrid() function to go alongside getsam21pwuid. it is not expected that getsam21pwuid ever be used, certainly not from the lib/rpc code. - created getsamdisprid() and getsamdispent(). these are primarily for support of SamrQueryDisplayInfo, however given that they [struct sam_disp_info] return username, rid and fullname, there may be further instances where these functions will be useful. - added support where either the get/add/mod-smb or get/add/mod-sam21 functions are optional. this can be done very easily by checking whether the struct passdb_ops table functions are NULL or not. documented this capability in the notes at the top of the module. - where unix uid was referenced, use uid_t. - where unix gid was referenced, use gid_t. smb.h : - added sam_disp_info functions to passdb_ops. - added getsam21pwrid() function. smbpass.c : - added reference to iterate_getsam21pwrid(). lib/rpc/server/srv_samr.c : - removed group rid code added to get_user_info_21() code: this had been added in the wrong place. the client / server should already know whether it wants to do a lookup by user rid or by group rid. the test of whether the rid is a user or group rid has been left in because this may become useful consistency-check code. - converted back to getsam21pwrid() not getsam21pwuid(pdb_user_rid_to_uid()). this is because the unix uid to user rid mapping can be non-monotonic in some password database systems, and monotonic in others. imposing the restriction by converting immediately from rid to uid at this point is inadviseable, and will place this potential restriction on _all_ password database systems, not just some which, for whatever reason, do not support user rids. it should be up to the individual password database writer to convert from user rid to unix uid, should that module not support rids. lib/rpc/server/srv_util.c : - got lookup_user_name() to call getsamdisprid() not getsmbpwuid(). a bug was introduced (or at least the bug already there was not fixed) whereby the nt user rid was converted to a unix uid, and then not used. (This used to be commit 0193dd21c3c44e0611add742c6f92b92474de6b8)