summaryrefslogtreecommitdiff
path: root/source3/passdb/pdb_get_set.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r5015: (based on abartlet's original patch to restrict password changes)Gerald Carter1-1/+1
* added SE_PRIV checks to access_check_samr_object() in order to deal with the run-time security descriptor and their interaction with user rights * Reordered original patch in _samr_set_userinfo[2] to still allow root/administrative password changes for users and machines. (This used to be commit f9f9e6039bd9443d54445e41c3783a2be18925fb)
2007-10-10r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner1-3/+3
Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
2007-10-10r4736: small set of merges from rtunk to minimize the diffsGerald Carter1-18/+0
(This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-1/+1
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r1661: Changed the password history format so that each history entryJeremy Allison1-9/+28
consists of a 16 byte salt, followed by the 16 byte MD5 hash of the concatination of the salt plus the NThash of the historical password. Allows these to be exposed in LDAP without security issues. Jeremy. (This used to be commit 82e4036aaa2d283534a5bd8149857320fcf0d0dc)
2007-10-10r1610: Patch from Richard Renard <rrenard@idealx.com>. Ensure weJeremy Allison1-10/+4
save the password as it is being changed into the password history list. Jeremy. (This used to be commit 4fd619d7e16b5f759e6dc8360ad192457b3c90b9)
2007-10-10r1394: Const fix.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 9ac4945012e0bd54519b8c81d4c36e88cea28fce)
2007-10-10r1388: Adding password history code for ldap backend, based on a patch fromJeremy Allison1-3/+87
"Jianliang Lu" <j.lu@tiesse.com>. Multi-string attribute changed to linearised pstring due to ordering issues. A few other changes to fix race conditions. I will add the tdb backend code next. This code compiles but has not yet been tested with password history policy set to greater than zero. Targeted for 3.0.6. Jeremy. (This used to be commit dd54b2a3c45e202e504ad69d170eb798da4e6fc9)
2004-02-23Found by Fabien Chevalier <fabien.chevalier@supelec.fr> andAndrew Bartlett1-1/+1
JustFillBug <mozbugbox@yahoo.com.au> on the Samba lists - a 'max password age' of zero should be considered as 'never expire'. For the timebeing we just set it like -1, but we might revisit this for closer-to-ms behaviour. Andrew Bartlett (This used to be commit 9ffc490fce215dcaed8ebfc1db85f5017a692ca4)
2004-02-19Add functions to get/set bad password timeJim McDonough1-0/+19
(This used to be commit 557f598c63f64c1c5b982a9057c0eea2a2ff2ee5)
2004-02-12More sync between passdb on 3.0 and HEAD.Jim McDonough1-5/+12
Replace unknown_3 with fields_present. Also causes rpc_samr structure field changes. (This used to be commit 1976843345efb6ca4f9cebd964a61acd8ae11d41)
2004-02-08Make more functions static, and remove duplication in the use of functionsAndrew Bartlett1-3/+14
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c (These should perhaps be pulled back out to smbpasswd.c, but that can occour later). Andrew Bartlett (This used to be commit fcdc5efb1e245c8fa95cd031f67ec56093b9056e)
2004-01-29initialization fixesGerald Carter1-2/+10
(This used to be commit 54fd3992c385fd6208c061131b2c98e448baf2c2)
2003-11-07I agree with vl's #if 0 here, and am not quite sure what I wasAndrew Bartlett1-13/+0
thinking with regard to the original code. Let's keep samba simple, and just remove it. Andrew Bartlett (This used to be commit 156cf8bede52e1d33be980fd8841367253a60b9e)
2003-10-06split some security related functions in their own files.Simo Sorce1-2/+2
(no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
2003-09-18The "unknown_5" 32 bit field in the user structs is actually 2 16-bitJeremy Allison1-6/+24
fields, bad_password_count and logon_count. Ensure this is stored/fetched in the various SAMs. As it replaces the unknown_5 field this fits exactly into the tdb SAM without any binary problems. It also is added to the LDAP SAM as two extra attributes. It breaks compatibility with the experimental SAMs xml and mysql. The maintainers of these SAMs must fix them so upgrades like this can be done transparently. I will insist on the "experimental" status until this is solved. Jeremy. (This used to be commit cd7bd8c2daff3293d48f3376a7c5a708a140fd94)
2003-07-18Fix two memleaks in pdb_ldap.c.Volker Lendecke1-0/+9
Whoever put the private.backend_private_data_free_fn thingy into SAM_ACCOUNT, could you please revisit my change to pdb_get_set.c and comment on my comment there? Thanks, Volker (This used to be commit 922ec277d1c80b5532f5cac0ee99ae7cd20f83f1)
2003-07-05Add some debug statments to our vampire code - try to make it easier to trackAndrew Bartlett1-2/+3
down failures. Add a 'auto-add on modify' feature to guestsam Fix some segfault bugs on no-op idmap modifications, and on new idmappings that do not have a DN to tack onto. Make the 'private data' a bit more robust. Andrew Bartlett (This used to be commit 6c48309cda9538da5a32f3d88a7bb9c413ae9e8e)
2003-07-05Fixes to our LDAP/vampire codepaths:Andrew Bartlett1-0/+30
- Try better to add the appropriate mapping between UID and SIDs, based on Get_Pwnam() - Look for previous users (lookup by SID) and correctly modify the existing entry in that case - Map the root user to the Admin SID as a 'well known user' - Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update' call on that user. This means that VL's very nice work on atomic LDAP updates now really gets used properly! - This also means that we know the right DN to update, without the extra round-trips to the server. Andrew Bartlett (This used to be commit c7118cb31dac24db3b762fe68ce655b17ea102e0)
2003-05-14spellingTim Potter1-1/+1
(This used to be commit 865c11275685c85124b506c9bbd2a8bde2e760b9)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-42/+0
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-04-28Merge of a debuglevel downgrade from HEAD.Tim Potter1-2/+2
(This used to be commit d17e04e82b77256f10f4bdf4442dac6d30e197b5)
2003-03-22Merge from HEAD - patch from Jianliang Lu <j.lu@tiesse.com> to set theAndrew Bartlett1-0/+11
'minimum password age' during a password SET. Andrew Bartlett (This used to be commit dd6516e2e87cbe6bcbc371756d99ebb3b5617c2b)
2003-03-20Merge from HEADVolker Lendecke1-8/+8
(This used to be commit 62d5a78b024898485f610b5d9db1a6d9a5c68c21)
2003-01-08Fix open problem with changing attributes on an existing file - basedJeremy Allison1-1/+0
on work by <steve@griffin.sio2.nl>. Jeremy. (This used to be commit 1cff725e37d04e25d2cd5523683b35c82d5040fa)
2002-11-02Merge passdb from HEAD -> 3.0Andrew Bartlett1-139/+171
The work here includes: - metze' set/changed patch, which avoids making changes to ldap on unmodified attributes. - volker's group mapping in passdb patch - volker's samsync stuff - volkers SAMR changes. - mezte's connection caching patch - my recent changes (fix magic root check, ldap ssl) Andrew Bartlett (This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)
2002-09-26sync with HEADGerald Carter1-0/+1
(This used to be commit ee9cbf58071adb627a49a94c6340aaba330486b5)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-6/+19
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-6/+5
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-26/+142
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-18more verbose checking in talloc and util_pwSimo Sorce1-23/+41
fixed tdbsam memory corruption (and segfault) reducing calls to pdb_uid_to_user_rid and countrary to 0 to move to a non alghoritmic rid allocation with some passdb modules. (This used to be commit 9836af7cd623357feaec07bc49cfb78f0aa01fc3)
2002-03-02This patch merges my private LDAP tree into HEAD.Andrew Bartlett1-7/+28
The main change here is to move ldap into the new pluggable passdb subsystem and to take the LDAP location as a 'location' paramter on the 'passdb backend' line in the smb.conf. This is an LDAP URL, parsed by OpenLDAP where supported, and by hand where it isn't. It also adds the ldap user suffix and ldap machine suffix smb.conf options, so that machines added to the LDAP dir don't get mixed in with people. Non-unix account support is also added. This means that machines don't need to be in /etc/passwd or in nss_ldap's scope. This code has stood up well under my production environment, so it relitivly well tested. I'm commiting this now becouse others have shown interest in using it, and there is no point 'hording' the code :-). Andrew Bartlett (This used to be commit cd5234d7dd7309d88944b83d807c1f1c2ca0460a)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-15For some reason I wasn't thinking about failure cases this morning...Andrew Bartlett1-0/+72
Anyway, this makes it slightly sane, but we may decide to smb_panic() here instead. Andrew Bartlett (This used to be commit 724109a33bf2f06bcb97cdd31c0442c6035ff6a6)
2002-01-15Add constness to parametersMartin Pool1-1/+1
(This used to be commit e0105974c06e210e7565555d4b673c484de32907)
2002-01-15Commit the auth associated changes I missed from the last commit.Andrew Bartlett1-0/+1
Also set the default value of all the allocated strings to "" to avoid changing the interface (becouse pdb_get...() would point to a null string, rather than a null pointer and parts of samba rely on that). Andrew Bartlett (This used to be commit 5b4079f748e25f21162e21b439063249baf8dca6)
2002-01-15Change the passdb interface to use allocated strings.Andrew Bartlett1-63/+85
These strings are allocated using talloc(), either using its own memory context stored on the SAM_ACCOUNT or one supplied by the caller. The pdb_init_sam() and pdb_free_sam() function have been modifed so that a call to pdb_free_sam() will either clean up (remove hashes from memory) and destroy the TALLOC_CTX or just clean up depending on who supplied it. The pdb_init_sam and pdb_free_sam functions now also return an NTSTATUS, and I have modified the 3 places that actually checked these returns. The only nasty thing about this patch is the small measure needed to maintin interface compatability - strings set to NULL are actually set to "". This is becouse there are too many places in Samba that do strlen() on these strings without checking if they are NULL pointers. A supp patch will follow to set all strings to "" in pdb_default_sam(). Andrew Bartlett (This used to be commit 144345b41d39a6f68d01f62b7aee64ca0d328085)
2002-01-12Move all the pdb_get...() and pdb_set...() functions to a new file.Andrew Bartlett1-0/+823
This brings passdb.c down to a much more manageable ~1100 lines and makes it a little easier to comprehend whats going on here. Andrew Bartlett (This used to be commit 28d5ab269cfba5e8410163edb3e0c222ed7f0be1)