summaryrefslogtreecommitdiff
path: root/source3/passdb/pdb_tdb.c
AgeCommit message (Collapse)AuthorFilesLines
2003-05-12Fix compiler warnings.Jeremy Allison1-1/+0
Jeremy. (This used to be commit e12934c67b6aea9e3e449009e159ce6814dcbd11)
2003-05-01fix wrong debug messages in idmap_util.cSimo Sorce1-3/+8
correctly handle allocated rids in tdbsam (This used to be commit 7ae6162e1dd668897628c4f7edff508616644d21)
2003-04-30correctly initiazlize idmap tdb when creationg newSimo Sorce1-1/+1
few fixes to *id_to_*id functions, we don't set the mapping for algoritmic RIDs, they are resolved in the classic way eliminate getpw* calls from tdbsam (This used to be commit 6a7689cf74cd4d5f29e0b12f4bf8ac3051d49157)
2003-04-29forgot to remove getpwnamSimo Sorce1-20/+0
(This used to be commit 1915ab7b95b2baade0f4293d5a7a96003888d1c9)
2003-04-29This is a nice rewrite:Simo Sorce1-48/+25
SAM_ACCOUNT does not have anymore uid and gid fields all the code that used them has been fixed to use the proper idmap calls fix to idmap_tdb for first time idmap.tdb initialization. auth_serversupplied_info structure has now an uid and gid field few other fixes to make the system behave correctly with idmap tested only with tdbsam, but smbpasswd and nisplus should be ok have not tested ldap ! (This used to be commit 6a6f6032467e55aa9b76390e035623976477ba42)
2003-04-29Change order of parameters to smb_register_passdb()Jelmer Vernooij1-1/+1
(This used to be commit 63cf5637c16dc770f0ab2f73ff00577c7cd426ee)
2003-04-29ok next_rid out as well local_*id_to*id functionsSimo Sorce1-2/+45
reverted user making function, did not pass the abartlet test :-) idmap is now fully integrated, we only miss user creation and removal of uid and gid from SAM_ACCOUNT (This used to be commit 67af8c26586c4829166795813a373bf9be27b753)
2003-04-27prepare to get _nua out of the door (but back in from the window ;-)Simo Sorce1-32/+7
(This used to be commit 09eb02cba0747ae47aa4a76f4fac69af293a774a)
2003-04-17seem that someone changed the semanthic of unix_strlower without fixing allSimo Sorce1-3/+7
places where it was used, this caused me segfaults in the last week :( add more debugging in idmap to chase down a problem (This used to be commit 6393105bda12fb3f6211e4f0128aabf588431b49)
2003-03-22Return value in non-void functionJelmer Vernooij1-0/+1
(This used to be commit 0efa773bac4b9fe2f79265413c32fecce55cc369)
2003-03-19Put in the new modules system. It's now used by passdb and rpc. I willJelmer Vernooij1-16/+3
put a doc about it in dev-doc later today. (This used to be commit af7bfee0c6902c07fdb8d3abccf4c8d6bab00b5a)
2003-02-22Remove 'unixsam' from the default passdb backends.Andrew Bartlett1-59/+0
The intention is to remove the muliple passdb backends, but we need the 'guest' account to always be there. If the admin adds the guest account to (say) LDAP, there will only be one backend required for operation. This helps remove some nasty behaviours with adding accounts to the system for both the RPC 'create user' and the SAMSYNC code. Users 'added' with an 'add user/machine' script won't magicly appear, and machine accounts 'pre-added' to unix, but not the smbpasswd file will not cause mayhem. This commit also implements somthing tridge discussed with me, the concept of 'default' passdb operation pointers - so that each backend does not need it's own stub funcitons wrapping the default tdb privilages/group mapping code. This also removes an implicit 'sid->name' and 'name->sid' mapping from our own local SID space, to winbind usernames. When adding mapping for NIS/LDAP non-sam users in future, we need to be careful. Andrew Bartlett (This used to be commit 6f32fa234961a525760a05418a08ec48d22d7617)
2003-01-02BIG patch...Andrew Bartlett1-1/+1
This patch makes Samba compile cleanly with -Wwrite-strings. - That is, all string literals are marked as 'const'. These strings are always read only, this just marks them as such for passing to other functions. What is most supprising is that I didn't need to change more than a few lines of code (all in 'net', which got a small cleanup of net.h and extern variables). The rest is just adding a lot of 'const'. As far as I can tell, I have not added any new warnings - apart from making all of tdbutil.c's function const (so they warn for adding that const string to struct). Andrew Bartlett (This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
2002-10-21This moves the group mapping API into the passdb backend.Volker Lendecke1-0/+59
Currently this calls back to mapping.c, but we have the framework to get the information into LDAP and the passdb.tdb (should we? I think so..). This has received moderate testing with net rpc vampire and usrmgr. I found the add_groupmem segfault in add_aliasmem as well, but that will be another checkin. Volker (This used to be commit f30095852fea19421ac8e25dfe9c5cd4b2206f84)
2002-10-12Nice *big* patch from metze.Andrew Bartlett1-48/+48
The actual design change is relitivly small however: It all goes back to jerry's 'BOOL store', added to many of the elements in a SAM_ACCOUNT. This ensured that smb.conf defaults did not get 'fixed' into ldap. This was a great win for admins, and this patch follows in the same way. This patch extends the concept - we don't store values back into LDAP unless they have been changed. So if we read a value, but don't update it, or we read a value, find it's not there and use a default, we will not update ldap with that value. This reduced clutter in our LDAP DB, and makes it easier to change defaults later on. Metze's particular problem was that when we 'write back' an unchanged value, we would clear any muliple values in that feild. Now he can still have his mulitivalued 'uid' feild, without Samba changing it for *every* other operation. This also applies to many other attributes, and helps to eliminate a nasty race condition. (Time between get and set) This patch is big, and needs more testing, but metze has tested usrmgr, and I've fixed some pdbedit bugs, and tested domain joins, so it isn't compleatly flawed ;-). The same system will be introduced into the SAM code shortly, but this fixes bugs that people were coming across in production uses of Samba 3.0/HEAD, hence it's inclusion here. Andrew Bartlett (This used to be commit 7f237bde212eb188df84a5d8adb598a93fba8155)
2002-09-26move all the passdb internal interface to NTSTATUSSimo Sorce1-30/+40
only the interface has been fully moved to NTSTATUS not all the plugins make full use of it, but have been all converted. My testings passed completely, however a bit of more testing is welcome Simo. (This used to be commit 102a26e06591928a03b49cd312a65811ed46314f)
2002-08-07Add const to a pile of const to *DOM_SID paramaters.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit fd0ebf976eb6e5fc25bc75ff471c69c3f3761e32)
2002-07-26Mimir has been busy with patches again, and sent in the followingAndrew Bartlett1-1/+1
patches: Andrew Bartlett From his e-mail: Below I attach the following patches as a result of my work on trusted domains support: 1) srv_samr_nt.c.diff This fixes a bug which caused to return null string as the first entry of enumerated accounts list (no matter what entry, it was always null string and rid) and possibly spoiled further names, depeding on their length. I found that while testing my 'net rpc trustdom list' against nt servers and samba server. 2) libsmb.diff Now, fallback to anonymous connection works correctly. 3) smbpasswd.c.diff Just a little fix which actually allows one to create a trusting domain account using smbpasswd 4) typos.diff As the name suggests, it's just a few typos fix :) (This used to be commit 888d595fab4f6b28318b743f47378cb7ca35d479)
2002-07-21Name get and set dir drive functions consistently.Tim Potter1-1/+2
(This used to be commit 290a304d2c1b70d20129236e20a0ff664179023e)
2002-07-14addedd new (t)alloc_sub_* functionsSimo Sorce1-5/+5
they will get a const string and return a (t)alloced epanded one. also modified passdb/* stuff to use this one. (This used to be commit d378ac1e2efb0efc9a0f983d69cf678ca6255fd5)
2002-06-13Latest patch from metze <metze@metzemix.de> to move most of samba acrossAndrew Bartlett1-6/+7
to using SIDs instead of RIDs. The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument. The idea here is to prevent mistakes where the SID is implict, but isn't the same one that we have in the struct. Andrew Bartlett (This used to be commit 04f9a8ff4c7982f6597c0f6748f85d66d4784901)
2002-05-26change: pdb_getsampwrid() ->pdb_getsampwsid()Simo Sorce1-2/+9
passdb interface change, now the passdb modules will be asked for SID not for rid, the modules have been updated with a passthrough function that calls the old getsampwrid() functions. srv_samr_nt.c functions that made use of the pdb_getsampwrid funcion has been updated to use the SID one. (This used to be commit f5c6496c33fa7f5c2826540ffb4a49d8a5790fb3)
2002-05-25Remove unused variable, fix functions to match prototypes in the variousAndrew Bartlett1-6/+5
structs. Andrew Bartlett (This used to be commit 57097bf1ba10566389266a4863899a7f25cdbb43)
2002-05-18so here it is the code to introduce seriously debugggging classes.Simo Sorce1-2/+23
this is a first step only passdb stuff has beein "classized". - so what can you do? set debug level to: 1 poasdb:10 that will make all the code run at debug level 1 except the code in passdb/* files that will run at level 10 TODO: fix the man page - also smbcontrol has this nice feature so smbcontrol smbd debug 3 passdb:5 will set every smbd to have a default log level of 3 while passdb stuff will be at level 5 and so no.. minor cosmetic fix to pdbedit is there too (This used to be commit be5c3b3f5781ddc002ffcc98df04ab024dcef4ca)
2002-05-18A few things in this commit:Andrew Bartlett1-46/+53
cleanup some of the code in net_rpc_join re const warnings and fstrings. Passdb: Make the %u and %U substituions in passdb work. This is done by declaring these paramters to be 'const' and doing the substitution manually. I'm told this is us going full circle, but I can't really see a better way. Finally these things actually seem to work properly... Make the lanman code use the pdb's recorded values for homedir etc rather than the values from lp_*() Add code to set the plaintext password in the passdb, where it can decide how to store/set it. For use with a future 'ldap password change' option, or somthing like that... Add pdb_unix, so as to remove the 'not in passdb' special cases from the local_lookup_*() code. Quite small, as it uses the new 'struct passwd -> SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd) Other: Fix up the adding of [homes] at session setup time to actually pass the right string, that is the unix homedir, not the UNC path. Fix up [homes] so that for winbind users is picks the correct name. (bad interactions with the default domain code previously) Change the rpc_server/srv_lsa_nt.c code to match NT when for the SATUS_NONE_MAPPED reply: This was only being triggered on no queries, now it is on the 'no mappings' (ie all mappings failed). Checked against Win2k. Policy Question: Should SID -> unix_user.234/unix_group.364 be considered a mapping or not? Currently it isn't. Andrew Bartlett (This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34)
2002-04-13Better handling of uid/gid -> RID and RID -> uid/gid code.Andrew Bartlett1-11/+34
All uids and gids must create valid RIDs, becouse other code expects this, and can't handle the failure case. (ACL code in particular) Allow admins to adjust the base of the RID algorithm, so avoid clashes with users brought in from NT (for example). Put all the algorithm code back in one place, so that this change is global. Better coping with NULL sid pointers - but it still breaks a lot of stuff. BONUS: manpage entry for new paramater :-) counter based rids for normal users in tdbsam is disabled for the timebeing, idra and I will work out some things here soon I hope. Andrew Bartlett (This used to be commit 5275c94cdf0c64f347d4282f47088d084b1a7ea5)
2002-04-13This is the 'multiple pdb backends' patch from ctrlsoft, aka Jelmer VernooijAndrew Bartlett1-19/+19
<jelmer@nl.linux.org>. This patch also includes major rework of pdbedit to use popt, and the addition of -i paramter (allowing the user to specify which PDBs is being operated on) and -e to export a pdb - useful for backup and testing etc. Use of -i and -e gets us pdb2pdb functionality for transition between backends, much like the sam2sam in TNG. Andrew Bartlett (This used to be commit c10def37f506d3f2bab442418ac08fdb62659b02)
2002-03-19second step to gain free uid<->rid mappingSimo Sorce1-74/+19
we still need to free gid<->rid mapping and few other stuff (This used to be commit aa4b6f8181f34196a28951264dd8b631a5deef7f)
2002-03-18more verbose checking in talloc and util_pwSimo Sorce1-16/+19
fixed tdbsam memory corruption (and segfault) reducing calls to pdb_uid_to_user_rid and countrary to 0 to move to a non alghoritmic rid allocation with some passdb modules. (This used to be commit 9836af7cd623357feaec07bc49cfb78f0aa01fc3)
2002-03-18Start to switch away from the alghorithmic uid->rid mapping modelSimo Sorce1-22/+87
(This used to be commit 724390a8daabbecd236960562e0a50f62c6904f1)
2002-03-02This patch merges my private LDAP tree into HEAD.Andrew Bartlett1-5/+5
The main change here is to move ldap into the new pluggable passdb subsystem and to take the LDAP location as a 'location' paramter on the 'passdb backend' line in the smb.conf. This is an LDAP URL, parsed by OpenLDAP where supported, and by hand where it isn't. It also adds the ldap user suffix and ldap machine suffix smb.conf options, so that machines added to the LDAP dir don't get mixed in with people. Non-unix account support is also added. This means that machines don't need to be in /etc/passwd or in nss_ldap's scope. This code has stood up well under my production environment, so it relitivly well tested. I'm commiting this now becouse others have shown interest in using it, and there is no point 'hording' the code :-). Andrew Bartlett (This used to be commit cd5234d7dd7309d88944b83d807c1f1c2ca0460a)
2002-02-01update from 2.2Simo Sorce1-2/+3
(This used to be commit 8bb2a7446ed69020086aaedf2889795dd38ef9d4)
2002-01-30Removed version number from file header.Tim Potter1-1/+2
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-26Add some information tidbits to an error DEBUG().Andrew Bartlett1-1/+1
(This used to be commit 3db417c2ebfda0d5872dee39e36edc4fb6299b9a)
2002-01-25Passdb changes:Andrew Bartlett1-5/+7
Modules now name themselves, which should allow for sane behaviour when we get an 'extern' passdb module (which in turn loads a .so). Fix up tdbsam for non-unix-accounts. Not sure if this fixes idra's bug, but its a start... Andrew Bartlett (This used to be commit 7d576d89d7b4a7b95e87a844568d7d7cd89f0542)
2002-01-23getpwnam -> getpwnam_alloc.Andrew Bartlett1-2/+4
idra has promised not to revert these this time :-) (This used to be commit f556ad67e82518f5a024ffe9184ff9430ab5c541)
2002-01-21hmm, get it right this time.Simo Sorce1-1/+1
(This used to be commit 57a145bff6b382e6dc9a9af96451175d81462c8d)
2002-01-21fix also the comment.Simo Sorce1-2/+5
(This used to be commit 7f7a15e09a53a03dd423d40201f037f8da049cd7)
2002-01-21replace getpwnam_alloc with plain getpwnam.Simo Sorce1-2/+1
We are not going to reuse any getpw* call, so the extra alloc,copy and free only uses extra memory and extra cpu time for nothing. (This used to be commit 5c0bb0487bec00df494b72b64ddf274f42bfefea)
2002-01-21getpwnam -> getpwnam_allocAndrew Bartlett1-2/+3
(This used to be commit 59905d44e51d83f2d4a7b6844e0ae764e0b35c0c)
2002-01-20Inititialise the gid to what standard_sub_advanced wants for 'no value'.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit a96503475d9c1d91c2dfcdebb4f60183432d9aff)
2002-01-20fixes from 2.2Simo Sorce1-93/+127
(This used to be commit e8a891354d307b2352eac375b9be02d7616cdb61)
2002-01-20This is another *BIG* change...Andrew Bartlett1-189/+232
Samba now features a pluggable passdb interface, along the same lines as the one in use in the auth subsystem. In this case, only one backend may be active at a time by the 'normal' interface, and only one backend per passdb_context is permitted outside that. This pluggable interface is designed to allow any number of passdb backends to be compiled in, with the selection at runtime. The 'passdb backend' paramater has been created (and documented!) to support this. As such, configure has been modfied to allow (for example) --with-ldap and the old smbpasswd to be selected at the same time. This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua. These two backends accept 'non unix accounts', where the user does *not* exist in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to avoid conflicts in the algroitmic mapping of RIDs, they use the values specified in the 'non unix account range' paramter - in the same way as the winbind ranges are specifed. While I was at it, I cleaned up some of the code in pdb_tdb (code copied directly from smbpasswd and not really considered properly). Most of this was to do with % macro expansion on stored data. It isn't easy to get the macros into the tdb, and the first password change will 'expand' them. tdbsam needs to use a similar system to pdb_ldap in this regard. This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I don't have the test facilities for these. I plan to incoroprate at least pdb_ldap into this scheme after consultation with Jerry. Each (converted) passdb module now no longer has any 'static' variables, and only exports 1 init function outside its .c file. The non-unix-account support in this patch has been proven! It is now possible to join a win2k machine to a Samba PDC without an account in /etc/passwd! Other changes: Minor interface adjustments: pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*. pdb_update_sam_account() no longer takes the 'override' argument that was being ignored so often (every other passdb backend). Extra checks have been added in some places. Minor code changes: smbpasswd no longer attempts to initialise the passdb at startup, this is now done on first use. pdbedit has lost some of its 'machine account' logic, as this behaviour is now controlled by the passdb subsystem directly. The samr subsystem no longer calls 'local password change', but does the pdb interactions directly. This allow the ACB_ flags specifed to be transferred direct to the backend, without interference. Doco: I've updated the doco to reflect some of the changes, and removed some paramters no longer applicable to HEAD. (This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-19fixes (asprintf) from 2.2Simo Sorce1-6/+6
(This used to be commit 6b123adda901ff05b0271eeda060297448f64eec)
2002-01-17A nice *big* change to the fundemental way we do things.Andrew Bartlett1-2/+6
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps them around for a long time - often past the next call... This adds a getpwnam_alloc and a getpwuid_alloc to the collection. These function as expected, returning a malloced structure that can be free()ed with passwd_free(&passwd). This patch also cuts down on the number of calls to getpwnam - mostly by taking advantage of the fact that the passdb interface is already case-insensiteve. With this patch most of the recursive cases have been removed (that I know of) and the problems are reduced further by not using the sys_ interface in the new code. This means that pointers to the cache won't be affected. (This is a tempoary HACK, I intend to kill the password cache entirly). The only change I'm a little worried about is the change to rpc_server/srv_samr_nt.c for private groups. In this case we are getting groups from the new group mapping DB. Do we still need to check for private groups? I've toned down the check to a case sensitve match with the new code, but we might be able to kill it entirly. I've also added a make_modifyable_passwd() function, that copies a passwd struct into the form that the old sys_getpw* code provided. As far as I can tell this is only actually used in the pass_check.c crazies, where I moved the final 'special case' for shadow passwords (out of _Get_Pwnam()). The matching case for getpwent() is dealt with already, in lib/util_getent.c Also included in here is a small change to register the [homes] share at vuid creation rather than just in one varient of the session setup. (This picks up the SPNEGO cases). The home directory is now stored on the vuid, and I am hoping this might provide a saner way to do %H substitions. TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change the remaining sys_getpwnam() callers to use getpwnam_alloc() and move Get_Pwnam to return an allocated struct. Andrew Bartlett (This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
2002-01-15Change the passdb interface to use allocated strings.Andrew Bartlett1-1/+1
These strings are allocated using talloc(), either using its own memory context stored on the SAM_ACCOUNT or one supplied by the caller. The pdb_init_sam() and pdb_free_sam() function have been modifed so that a call to pdb_free_sam() will either clean up (remove hashes from memory) and destroy the TALLOC_CTX or just clean up depending on who supplied it. The pdb_init_sam and pdb_free_sam functions now also return an NTSTATUS, and I have modified the 3 places that actually checked these returns. The only nasty thing about this patch is the small measure needed to maintin interface compatability - strings set to NULL are actually set to "". This is becouse there are too many places in Samba that do strlen() on these strings without checking if they are NULL pointers. A supp patch will follow to set all strings to "" in pdb_default_sam(). Andrew Bartlett (This used to be commit 144345b41d39a6f68d01f62b7aee64ca0d328085)
2002-01-02Actually enforce the passdb API.Andrew Bartlett1-1/+1
Thou shalt not reference SAM_ACCOUNT members directly - always use pdb_get/pdb_set. This is achived by making the whole of SAM_ACCOUNT have a .private member, where the real members live. This caught a pile of examples, and these have beeen fixed. The pdb_get..() functions are 'const' (have been for some time) and this required a few small changes to constify other functions. I've also added some debugs to the pdb get and set, they can be removed if requested. I've rewritten the copy_id2x_to_sam_pass() functions to use the new passdb interface, but I need the flags info to do it properly. The pdb_free_sam() funciton now blanks out the LM and NT hashes, and as such I have removed many extra 'samr_clear_sam_passwd(smbpass)' calls as a result. Finally, any and all testing is always appriciated - but the basics seem to work. Andrew Bartlett (This used to be commit d3dd28f6c443187b8d820d5a39c7c5b3be2fa95c)
2001-12-31ops, froget to set the values.Simo Sorce1-1/+7
jerry, can you look at theis where we use standard_sub_advanced() fns? I think this structure should be backported to 2.2 because we do not know if the SAM_ACCOUNT strings have enough space to contain the "substituted" string. (Yes, just now we know they are pstrings, but we may change them into alloced one, I'm a strong suported of alloced strings as 1024 bytes are not always enough and are often too much) (This used to be commit 29b3b5e9292805aa65e887755567abd50f74e5cb)
2001-12-31port mods from 2.2Simo Sorce1-3/+36
(This used to be commit f796f18a83cd2fc0988612aa38c794f005efbfaf)
2001-12-31Make --with-tdbsam compile again, given the new 'am I setting a default' flags.Andrew Bartlett1-4/+4
Andrew Bartlett (This used to be commit 20d7c5d9b9bc0a426897f21b3350933602abdbf1)