summaryrefslogtreecommitdiff
path: root/source3/passdb/passdb.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r19058: Implement "user cannot change password", and complete "user must changeJim McDonough1-1/+1
password at next logon" code. The "password last set time" of zero now means "user must change password", because that's how windows seems to use it. The "can change" and "must change" times are now calculated based on the "last set" time and policies. We use the "can change" field now to indicate that a user cannot change a password by putting MAX_TIME_T in it (so long as "last set" time isn't zero). Based on this, we set the password-can-change bit in the faked secdesc. (This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
2007-10-10r18271: Big change:Gerald Carter1-1/+1
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r17924: Get rid of warnings now that talloc is merged.Volker Lendecke1-3/+1
Destructors now take a pointer to the "real" destroyed object as an argument. Volker (This used to be commit 70edd716ef0ccb218fe18d1233bd30abe46b62bf)
2007-10-10r17815: Revert Volker's change in 16014. I really do not believeGerald Carter1-1/+0
the this should be necessary. If there is still a bug, I believe that setting thr group RID from the passdb is masking it. Not fixing it. It is very likely that the change was necessary before but is no longer with the recent changes. But I'm not taking the chance of merging it to 3.0.23c. :-) (This used to be commit 1a5b90f3c1aa5dcaa29a9d62288d9e4dbc596f96)
2007-10-10r17813: Remove another instance of manually setting the group SID.Gerald Carter1-1/+7
The would have been primaryly used when adding a user to an smbpasswd file, but could have been introduce to other backends by using pdbedit -i -e. The symptom was [2006/08/09 13:07:43, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(6276) init_sam_user_info_21A: User nobody has Primary Group SID S-1-22-2-99, which conflicts with the domain sid S-1-5-21-1825997848-4107600307-1754506280. Failing operation. (This used to be commit 0a3aa8b43ace8c635423c2df10827e81d145b58f)
2007-10-10r17669: Remove RID algorithm support from unmapped users and groupsGerald Carter1-1/+1
when using smbpasswd (This used to be commit dde552336c732ddd6076a6a32575a37cb51aa94c)
2007-10-10r17554: CleanupVolker Lendecke1-1/+1
(This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9)
2007-10-10r17463: A bit of cleanup work:Volker Lendecke1-1/+1
Remove some unused code: pdb_find_alias is not used anymore, and nobody I think has ever used the pdb_nop operations for group mapping. smbpasswd and tdb use the default ones and ldap has its own. Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right now really makes use of it, but it feels wrong to throw away information so early. Volker (This used to be commit f9856f6490fe44fdba97ea86062237d8c74d4bdc)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-9/+11
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16593: Make the invarient explicit to Klocwork. Bug #2023.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 720a9172050beb158a25fbb826676ba19cdcef20)
2007-10-10r16241: Fix Klocwork #106 and others like it.Jeremy Allison1-25/+16
Make 2 important changes. pdb_get_methods() returning NULL is a *fatal* error. Don't try and cope with it just call smb_panic. This removes a *lot* of pointless "if (!pdb)" handling code. Secondly, ensure that if samu_init() fails we *always* back out of a function. That way we are never in a situation where the pdb_XXX() functions need to start with a "if (sampass)" test - this was just bad design, not defensive programming. Jeremy. (This used to be commit a0d368197d6ae6777b7c2c3c6e970ab8ae7ca2ae)
2007-10-10r16014: Correctly set the group RID in init_sam_from_buffer.Volker Lendecke1-0/+1
BIG THANKS to Tom Bork for reporting that Bug! Volker (This used to be commit 40339fdcced67d62e449ba6f19329d89c808e139)
2007-10-10r15601: Fix segfaults with 'security=share' and 'guest only = yes'Volker Lendecke1-0/+3
Volker (This used to be commit ea7cced6bcb3cb7d817e4cb072774692e4afedb0)
2007-10-10r14457: Add a few more special cases for RID 513 in the samr code.Gerald Carter1-0/+12
Now that I know what all the requirements for this group are I can generalize the code some more and make it cleaner. But at least this is working with lusrmgr.msc on XP and 2k now. (This used to be commit d2c1842978cd50485849bfc4fb6d94767d96cab0)
2007-10-10r13776: Merge in the editposix ldapsam optimizationSimo Sorce1-1/+1
(This used to be commit a374546c7e8dfc17eb2346c518d1d89f28c32feb)
2007-10-10r13711: * Correctly handle acb_info/acct_flags as uint32 not as uint16.Günther Deschner1-24/+25
* Fix a couple of related parsing issues. * in the info3 reply in a samlogon, return the ACB-flags (instead of returning zero) Guenther (This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
2007-10-10r13679: Commiting the rm_primary_group.patch posted on samba-technicalGerald Carter1-251/+125
* ignore the primary group SID attribute from struct samu* * generate the primary group SID strictlky from the Unix primary group when dealing with passdb users * Fix memory leak in original patch caused by failing to free a talloc * * add wrapper around samu_set_unix() to prevent exposing the create BOOL to callers. Wrappers are samu_set_unix() and samu-allic_rid_unix() (This used to be commit bcf269e2ec6630b78d909010fabd3b69dd6dda84)
2007-10-10r13601: * Remove unused code from pdb_ldap.cGerald Carter1-1/+6
* Add a 'struct passwd *' to the struct samu for later reference (I know this may be controversial but its easily reverted which is is why I'm checking this is as a seaparate patch before I get too deep). * Remove unix_homedir from struct samu {} and update the pdb wrapper functions associated with it. (This used to be commit 92c251fdf0f1f566cfeca3c75ba2284b644aef5d)
2007-10-10r13600: Move functions local to tdbsam to pdb_tdb.cGerald Carter1-384/+9
(This used to be commit e3489f7eddb21981bb74cd8792aca869ae6790e1)
2007-10-10r13593: consolidate pdb_set_sam_sids() into samu_set_unix() whichGerald Carter1-116/+84
was the only place it was called from. (This used to be commit 6568c9cb03ca378ea7d08190ca3cfcc3e380ee4e)
2007-10-10r13590: * replace all pdb_init_sam[_talloc]() calls with samu_new()Gerald Carter1-92/+28
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix() (This used to be commit 6f1afa4acc93a07d0ee9940822d7715acaae634f)
2007-10-10r13576: This is the beginnings of moving the SAM_ACCOUNT data structureGerald Carter1-209/+134
to make full use of the new talloc() interface. Discussed with Volker and Jeremy. * remove the internal mem_ctx and simply use the talloc() structure as the context. * replace the internal free_fn() with a talloc_destructor() function * remove the unnecessary private nested structure * rename SAM_ACCOUNT to 'struct samu' to indicate the current an upcoming changes. Groups will most likely be replaced with a 'struct samg' in the future. Note that there are now passbd API changes. And for the most part, the wrapper functions remain the same. While this code has been tested on tdb and ldap based Samba PDC's as well as Samba member servers, there are probably still some bugs. The code also needs more testing under valgrind to ensure it's not leaking memory. But it's a start...... (This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-1/+1
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13545: A patch which I think it's time has come. VOlker, we can talk aboutGerald Carter1-7/+15
this more but it gets around the primary group issue. * don't map a SID to a name from the group mapping code if the map doesn't have a valid gid. This is only an issue in a tdb setup * Always allow S-1-$DOMAIN-513 to resolve (just like Windows) * if we cannot resolve a users primary GID to a SID, then set it to S-1-$DOMAIN-513 * Ignore the primary group SID inside pdb_enum_group_memberships(). Only look at the Unix group membersip. Jeremy, this fixes a fresh install startup for smbd as far as my tests are concerned. (This used to be commit f79f4dc4c58a6172bf69d37469fdd8de05a812df)
2007-10-10r13494: Merge the stuff I've done in head the last days.Volker Lendecke1-83/+43
Volker (This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
2007-10-10r13460: by popular demand....Gerald Carter1-1/+5
* remove pdb_context data structure * set default group for DOMAIN_RID_GUEST user as RID 513 (just like Windows) * Allow RID 513 to resolve to always resolve to a name * Remove auto mapping of guest account primary group given the previous 2 changes (This used to be commit 7a2da5f0cc05c1920c664c9a690a23bdf854e285)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-443/+178
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r12913: missed merge to fix BUG 3391; ensure we can lookup account policiesGerald Carter1-2/+5
(This used to be commit 77575c64e4e961f37ccf5b2dd17e41c74678ea45)
2007-10-10r12522: Try and fix bug #2926 by removing setlocale(LC_ALL, "C")Jeremy Allison1-4/+4
and replace calls to isupper/islower/toupper/tolower with ASCII equivalents (mapping into _w variants). Jeremy. (This used to be commit c2752347eb2deeb2798c580ec7fc751a847717e9)
2007-10-10r12163: Change lookup_sid and lookup_name to return const char * instead of ↵Volker Lendecke1-1/+1
char *, use a temporary talloc_ctx for clarity. Volker (This used to be commit b15815c804bf3e558ed6357b5e9a6e3e0fac777f)
2007-10-10r12051: Merge across the lookup_name and lookup_sid work. Lets see how the ↵Volker Lendecke1-59/+76
build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2007-10-10r11999: Re-add "passdb expand explicit".Volker Lendecke1-3/+13
We came to the conclusion that changing the default is something that has to wait one or two more releases, but it will happen one way or the other. Volker (This used to be commit 30fcdf84d8943e630af78a96320607c42e4d15aa)
2007-10-10r11947: Back out passdb:expand_explicit until we find consensus. I'll file ↵Volker Lendecke1-14/+3
this as a bugzilla entry. Volker (This used to be commit d228cb62a7be6ae128d3418aeb0ea466c7329802)
2007-10-10r11920: Rename local_lookup_rid to lookup_global_sam_rid, add ↵Volker Lendecke1-15/+21
lookup_builtin_rid. Volker (This used to be commit bc8836d5d7361041ce935f65bf2d172e1eb43299)
2007-10-10r11919: The generic mappings in srv_samr_nt.c are only used there -- make themVolker Lendecke1-25/+14
static. One long overdue simplification: Change local_lookup_sid to local_lookup_rid its responsible for "our" domain only, in fact it checked for it. Volker (This used to be commit 35ba5e083cddfa5ddba5ad84233262fadfbe87b2)
2007-10-10r11914: After talking to Jeremy, implement passdb:expand_explicit with a ↵Volker Lendecke1-3/+14
default of no. This changes our default behaviour. Sorry, Ingo, this *is* a bug that needs fixing. Jerry, you might want to put a marker into the WHATSNEW.txt when this is due. Volker (This used to be commit 6622db97bb575b028b3c0bc016b91f62a8c561a2)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-8/+8
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison1-38/+38
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r7730: Some mergesVolker Lendecke1-22/+4
(This used to be commit 5b4720598b4c7f4af1027a181fbe9c1568e71361)
2007-10-10r6774: Fix 2 memleaksVolker Lendecke1-1/+2
(This used to be commit 6af57d4bae3ee0a28ab12294e813bb37b62e00f5)
2007-10-10r5951: gotta love that SGI compiler :-) (thanks Jason)Gerald Carter1-1/+1
(This used to be commit e84d070275464de43107b6b5910e25ccc3339302)
2007-10-10r5421: Fix a memleakVolker Lendecke1-1/+3
(This used to be commit a7df3b5f06085d55cbf1e491aa606312b87e0448)
2007-10-10r5349: After talking with Jerry, reverted the addition of account policies toGünther Deschner1-8/+8
passdb in 3_0 (they are still in trunk). Guenther (This used to be commit fdf9bdbbac1d8d4f3b3e1fc7e49c1e659b9301b1)
2007-10-10r5337: BUG 1439: make sure to initialize pointer to prevent invalide ↵Gerald Carter1-42/+42
free()'s on exit (This used to be commit a882a349df1488a4d64c892dbd1ec1ee3624ea42)
2007-10-10r5058: Due to the fragileness how windows reacts on unmapped sids sometimes,Günther Deschner1-0/+6
don't leave administator-sid unmapped. Simply return "Administrator" Guenther (This used to be commit 168ddf31d1af49d52d17dd09c9653d3deafb9442)
2007-10-10r4988: After speaking with Jerry, remove old lp_admin_users toGünther Deschner1-14/+0
administrator-sid mapping completely. Guenther (This used to be commit 4cbe37ecd544b01c57c7fce5b3be28669f4ba6c3)
2007-10-10r4964: Fix our lsa lookupsid $OURDOMAINSID-500.Günther Deschner1-14/+15
Give the admin-user (rid 500) a chance to be found in passdb, not returning the (possibly obscure) first entry of "admin users" before that. Guenther (This used to be commit d319c0e189bc67a4552dafaff80113603b551eb3)
2007-10-10r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner1-8/+8
Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
2007-10-10r4860: fix silly limitation in ldapsam and tdbsam. Expand variables in the ↵Gerald Carter1-10/+16
profile path, logon home and logon script values (This used to be commit 504ea4ac68f47b71542a88b17cbb6b546e1cb881)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-3/+3
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)