summaryrefslogtreecommitdiff
path: root/source3/passdb/pdb_get_set.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r19058: Implement "user cannot change password", and complete "user must changeJim McDonough1-35/+33
password at next logon" code. The "password last set time" of zero now means "user must change password", because that's how windows seems to use it. The "can change" and "must change" times are now calculated based on the "last set" time and policies. We use the "can change" field now to indicate that a user cannot change a password by putting MAX_TIME_T in it (so long as "last set" time isn't zero). Based on this, we set the password-can-change bit in the faked secdesc. (This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
2007-10-10r18722: Fix up password change times. The can change and must change times areJim McDonough1-2/+22
calculated based on the last change time, policies, and acb flags. Next step will be to not bother storing them. Right now I'm just trying to get them reported correctly. (This used to be commit fd5761c9e52cbf8f1f7e45e71693598b27ecbf57)
2007-10-10r18684: pdb_get_group_sid() has to use the Get_Pwnam_alloc() callGerald Carter1-1/+1
to ensure it finds the Unix user. (This used to be commit 4cea9bfca1b84db31fae6f7a05ff3247a23fd409)
2007-10-10r18271: Big change:Gerald Carter1-1/+1
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-11/+10
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16381: Now samu can't be null don't check it on set. KlockworkJeremy Allison1-131/+6
related fix. Jeremy. (This used to be commit 2e5a88147826113f78ee0d8845c704692942cebf)
2007-10-10r16241: Fix Klocwork #106 and others like it.Jeremy Allison1-215/+112
Make 2 important changes. pdb_get_methods() returning NULL is a *fatal* error. Don't try and cope with it just call smb_panic. This removes a *lot* of pointless "if (!pdb)" handling code. Secondly, ensure that if samu_init() fails we *always* back out of a function. That way we are never in a situation where the pdb_XXX() functions need to start with a "if (sampass)" test - this was just bad design, not defensive programming. Jeremy. (This used to be commit a0d368197d6ae6777b7c2c3c6e970ab8ae7ca2ae)
2007-10-10r15310: only store lanman passwords on a change if 'lanman auth = yes'Gerald Carter1-7/+8
(This used to be commit b6904e0950a5e70ebb2ea8aa9e9afc220adbe211)
2007-10-10r14780: Fix coverity bug #272, null deref.Jeremy Allison1-0/+8
Jeremy. (This used to be commit 1588ce8efe7fafd89561b55a98c498f947f4ada9)
2007-10-10r13711: * Correctly handle acb_info/acct_flags as uint32 not as uint16.Günther Deschner1-2/+2
* Fix a couple of related parsing issues. * in the info3 reply in a samlogon, return the ACB-flags (instead of returning zero) Guenther (This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
2007-10-10r13679: Commiting the rm_primary_group.patch posted on samba-technicalGerald Carter1-32/+84
* ignore the primary group SID attribute from struct samu* * generate the primary group SID strictlky from the Unix primary group when dealing with passdb users * Fix memory leak in original patch caused by failing to free a talloc * * add wrapper around samu_set_unix() to prevent exposing the create BOOL to callers. Wrappers are samu_set_unix() and samu-allic_rid_unix() (This used to be commit bcf269e2ec6630b78d909010fabd3b69dd6dda84)
2007-10-10r13601: * Remove unused code from pdb_ldap.cGerald Carter1-32/+4
* Add a 'struct passwd *' to the struct samu for later reference (I know this may be controversial but its easily reverted which is is why I'm checking this is as a seaparate patch before I get too deep). * Remove unix_homedir from struct samu {} and update the pdb wrapper functions associated with it. (This used to be commit 92c251fdf0f1f566cfeca3c75ba2284b644aef5d)
2007-10-10r13576: This is the beginnings of moving the SAM_ACCOUNT data structureGerald Carter1-238/+238
to make full use of the new talloc() interface. Discussed with Volker and Jeremy. * remove the internal mem_ctx and simply use the talloc() structure as the context. * replace the internal free_fn() with a talloc_destructor() function * remove the unnecessary private nested structure * rename SAM_ACCOUNT to 'struct samu' to indicate the current an upcoming changes. Groups will most likely be replaced with a 'struct samg' in the future. Note that there are now passbd API changes. And for the most part, the wrapper functions remain the same. While this code has been tested on tdb and ldap based Samba PDC's as well as Samba member servers, there are probably still some bugs. The code also needs more testing under valgrind to ensure it's not leaking memory. But it's a start...... (This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
2007-10-10r13545: A patch which I think it's time has come. VOlker, we can talk aboutGerald Carter1-1/+11
this more but it gets around the primary group issue. * don't map a SID to a name from the group mapping code if the map doesn't have a valid gid. This is only an issue in a tdb setup * Always allow S-1-$DOMAIN-513 to resolve (just like Windows) * if we cannot resolve a users primary GID to a SID, then set it to S-1-$DOMAIN-513 * Ignore the primary group SID inside pdb_enum_group_memberships(). Only look at the Unix group membersip. Jeremy, this fixes a fresh install startup for smbd as far as my tests are concerned. (This used to be commit f79f4dc4c58a6172bf69d37469fdd8de05a812df)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-4/+8
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-4/+4
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison1-142/+142
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r6149: Fixes bugs #2498 and 2484.Derrell Lipman1-1/+1
1. using smbc_getxattr() et al, one may now request all access control entities in the ACL without getting all other NT attributes. 2. added the ability to exclude specified attributes from the result set provided by smbc_getxattr() et al, when requesting all attributes, all NT attributes, or all DOS attributes. 3. eliminated all compiler warnings, including when --enable-developer compiler flags are in use. removed -Wcast-qual flag from list, as that is specifically to force warnings in the case of casting away qualifiers. Note: In the process of eliminating compiler warnings, a few nasties were discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED kerberos interfaces are being used. Someone who knows kerberos should look at these and determine if there is an alternate method of accomplishing the task. (This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
2007-10-10r5349: After talking with Jerry, reverted the addition of account policies toGünther Deschner1-3/+3
passdb in 3_0 (they are still in trunk). Guenther (This used to be commit fdf9bdbbac1d8d4f3b3e1fc7e49c1e659b9301b1)
2007-10-10r5015: (based on abartlet's original patch to restrict password changes)Gerald Carter1-1/+1
* added SE_PRIV checks to access_check_samr_object() in order to deal with the run-time security descriptor and their interaction with user rights * Reordered original patch in _samr_set_userinfo[2] to still allow root/administrative password changes for users and machines. (This used to be commit f9f9e6039bd9443d54445e41c3783a2be18925fb)
2007-10-10r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner1-3/+3
Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
2007-10-10r4736: small set of merges from rtunk to minimize the diffsGerald Carter1-18/+0
(This used to be commit 4b351f2fcc365a7b7f8c22b5139c299aa54c9458)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-1/+1
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r1661: Changed the password history format so that each history entryJeremy Allison1-9/+28
consists of a 16 byte salt, followed by the 16 byte MD5 hash of the concatination of the salt plus the NThash of the historical password. Allows these to be exposed in LDAP without security issues. Jeremy. (This used to be commit 82e4036aaa2d283534a5bd8149857320fcf0d0dc)
2007-10-10r1610: Patch from Richard Renard <rrenard@idealx.com>. Ensure weJeremy Allison1-10/+4
save the password as it is being changed into the password history list. Jeremy. (This used to be commit 4fd619d7e16b5f759e6dc8360ad192457b3c90b9)
2007-10-10r1394: Const fix.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 9ac4945012e0bd54519b8c81d4c36e88cea28fce)
2007-10-10r1388: Adding password history code for ldap backend, based on a patch fromJeremy Allison1-3/+87
"Jianliang Lu" <j.lu@tiesse.com>. Multi-string attribute changed to linearised pstring due to ordering issues. A few other changes to fix race conditions. I will add the tdb backend code next. This code compiles but has not yet been tested with password history policy set to greater than zero. Targeted for 3.0.6. Jeremy. (This used to be commit dd54b2a3c45e202e504ad69d170eb798da4e6fc9)
2004-02-23Found by Fabien Chevalier <fabien.chevalier@supelec.fr> andAndrew Bartlett1-1/+1
JustFillBug <mozbugbox@yahoo.com.au> on the Samba lists - a 'max password age' of zero should be considered as 'never expire'. For the timebeing we just set it like -1, but we might revisit this for closer-to-ms behaviour. Andrew Bartlett (This used to be commit 9ffc490fce215dcaed8ebfc1db85f5017a692ca4)
2004-02-19Add functions to get/set bad password timeJim McDonough1-0/+19
(This used to be commit 557f598c63f64c1c5b982a9057c0eea2a2ff2ee5)
2004-02-12More sync between passdb on 3.0 and HEAD.Jim McDonough1-5/+12
Replace unknown_3 with fields_present. Also causes rpc_samr structure field changes. (This used to be commit 1976843345efb6ca4f9cebd964a61acd8ae11d41)
2004-02-08Make more functions static, and remove duplication in the use of functionsAndrew Bartlett1-3/+14
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c (These should perhaps be pulled back out to smbpasswd.c, but that can occour later). Andrew Bartlett (This used to be commit fcdc5efb1e245c8fa95cd031f67ec56093b9056e)
2004-01-29initialization fixesGerald Carter1-2/+10
(This used to be commit 54fd3992c385fd6208c061131b2c98e448baf2c2)
2003-11-07I agree with vl's #if 0 here, and am not quite sure what I wasAndrew Bartlett1-13/+0
thinking with regard to the original code. Let's keep samba simple, and just remove it. Andrew Bartlett (This used to be commit 156cf8bede52e1d33be980fd8841367253a60b9e)
2003-10-06split some security related functions in their own files.Simo Sorce1-2/+2
(no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
2003-09-18The "unknown_5" 32 bit field in the user structs is actually 2 16-bitJeremy Allison1-6/+24
fields, bad_password_count and logon_count. Ensure this is stored/fetched in the various SAMs. As it replaces the unknown_5 field this fits exactly into the tdb SAM without any binary problems. It also is added to the LDAP SAM as two extra attributes. It breaks compatibility with the experimental SAMs xml and mysql. The maintainers of these SAMs must fix them so upgrades like this can be done transparently. I will insist on the "experimental" status until this is solved. Jeremy. (This used to be commit cd7bd8c2daff3293d48f3376a7c5a708a140fd94)
2003-07-18Fix two memleaks in pdb_ldap.c.Volker Lendecke1-0/+9
Whoever put the private.backend_private_data_free_fn thingy into SAM_ACCOUNT, could you please revisit my change to pdb_get_set.c and comment on my comment there? Thanks, Volker (This used to be commit 922ec277d1c80b5532f5cac0ee99ae7cd20f83f1)
2003-07-05Add some debug statments to our vampire code - try to make it easier to trackAndrew Bartlett1-2/+3
down failures. Add a 'auto-add on modify' feature to guestsam Fix some segfault bugs on no-op idmap modifications, and on new idmappings that do not have a DN to tack onto. Make the 'private data' a bit more robust. Andrew Bartlett (This used to be commit 6c48309cda9538da5a32f3d88a7bb9c413ae9e8e)
2003-07-05Fixes to our LDAP/vampire codepaths:Andrew Bartlett1-0/+30
- Try better to add the appropriate mapping between UID and SIDs, based on Get_Pwnam() - Look for previous users (lookup by SID) and correctly modify the existing entry in that case - Map the root user to the Admin SID as a 'well known user' - Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update' call on that user. This means that VL's very nice work on atomic LDAP updates now really gets used properly! - This also means that we know the right DN to update, without the extra round-trips to the server. Andrew Bartlett (This used to be commit c7118cb31dac24db3b762fe68ce655b17ea102e0)
2003-05-14spellingTim Potter1-1/+1
(This used to be commit 865c11275685c85124b506c9bbd2a8bde2e760b9)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-42/+0
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-04-28Merge of a debuglevel downgrade from HEAD.Tim Potter1-2/+2
(This used to be commit d17e04e82b77256f10f4bdf4442dac6d30e197b5)
2003-03-22Merge from HEAD - patch from Jianliang Lu <j.lu@tiesse.com> to set theAndrew Bartlett1-0/+11
'minimum password age' during a password SET. Andrew Bartlett (This used to be commit dd6516e2e87cbe6bcbc371756d99ebb3b5617c2b)
2003-03-20Merge from HEADVolker Lendecke1-8/+8
(This used to be commit 62d5a78b024898485f610b5d9db1a6d9a5c68c21)
2003-01-08Fix open problem with changing attributes on an existing file - basedJeremy Allison1-1/+0
on work by <steve@griffin.sio2.nl>. Jeremy. (This used to be commit 1cff725e37d04e25d2cd5523683b35c82d5040fa)
2002-11-02Merge passdb from HEAD -> 3.0Andrew Bartlett1-139/+171
The work here includes: - metze' set/changed patch, which avoids making changes to ldap on unmodified attributes. - volker's group mapping in passdb patch - volker's samsync stuff - volkers SAMR changes. - mezte's connection caching patch - my recent changes (fix magic root check, ldap ssl) Andrew Bartlett (This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)
2002-09-26sync with HEADGerald Carter1-0/+1
(This used to be commit ee9cbf58071adb627a49a94c6340aaba330486b5)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-6/+19
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-6/+5
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-26/+142
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-18more verbose checking in talloc and util_pwSimo Sorce1-23/+41
fixed tdbsam memory corruption (and segfault) reducing calls to pdb_uid_to_user_rid and countrary to 0 to move to a non alghoritmic rid allocation with some passdb modules. (This used to be commit 9836af7cd623357feaec07bc49cfb78f0aa01fc3)