summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2004-03-10Don't pass DOM_SIDs around when pointers are enough.Volker Lendecke1-2/+2
Volker (This used to be commit 27b27c28cd0421be3121e7f03c237df381c7ecb3)
2004-03-091) Two new functions to trust passwords interface in passdb:Rafal Szczesniak2-4/+142
settrustpwent, gettrustpwnam 2) Implementation of another couple of these functions in tdbsam: settrustpwent, gettrustpwnam, gettrustpwsid 3) Testing (mostly for now) usage of the interface in pdbedit which is soon to be offline tool back again. This is quite a new code, so many changes will be put in soon. rafal (This used to be commit 2ed23fbce846f9710747d72aa98c20d54894d61e)
2004-03-082 fixes to enhance readability of source code and debug messagesSimo Sorce1-0/+2
1 fix for a memleak (This used to be commit 9f3b0295fe7bd6c0c3a6061e5d00e7b88f702b21)
2004-03-07Get us a little closer to Windows LSA semantics.Volker Lendecke1-10/+1
A windows DC does not reply to DCNAME\\Administrator, only to DOMAIN\\Administrator. Fix that. Without winbind we are wrong as domain members, we should forward the request DOMAIN\\Username to the DC on behalf of the asking client. Winbind fixes that nicely. Volker (This used to be commit c39f698dde98de9b6be40a6c81e669dcd7696b3a)
2004-03-02Let's be polite with poorer backends ;-)Simo Sorce1-1/+3
(This used to be commit 90640a523e9898157a361f3fbf5923b1ef2a6651)
2004-03-01Ok here it is my latest work on privilegesSimo Sorce2-0/+510
This patch add privilege support for samba Currently it is implemented only for tdbsam backend but estending it to other sam backends is straightforward. I must make a big thank to JFM for his teachings on the matter and the functions at the base of this work. At thye moment only samr_create_user honours SeAddUsersPrivilege and SeMachineAccountPrivilege to permit any user to add machines and/or users to the server. The command "net priv" has been provided to manipulate the privileges database. There are still many things to do (like support in "net rpc vampire") but the working core is here. Feel free to comment/extend on this work. Of course I will deny that any bug may affect this code :-) Simo. This patch adds also my patch about add share command enhancements. (This used to be commit 7a78c3605e203bd8e0d7ae244605f076a5d0b0bc)
2004-03-01When asked to delete an alias member, don't add it ...Volker Lendecke1-1/+1
Volker (This used to be commit f95a5d81479b467c837b727831c2224832c8205c)
2004-03-01Add aliases to winbindd_getgroups().Volker Lendecke1-0/+57
su - WINDOWS\\vl now includes the locally defined aliases I'm member of. Next will be getent group. Volker (This used to be commit 52dae45684317ac8ac529017607bb5787dda7c50)
2004-02-29Apply my experimental aliases support to HEAD. This will be a bit difficult toVolker Lendecke1-0/+121
merge to 3_0, as the pdb interfaces has changed a bit between the two. This has not been tested too severly (which means it's completely broken ;-), but I want it in for review. Feel free to revert it :-) TODO: make 'net groupmap' a bit more friendly for alias members. Put that stuff into pdb_ldap. Getting the information over to winbind. One plan without linking pdb into winbind would be to fill group_mapping.tdb with the membership information and have that as a cache (or use gencache.tdb?). smbd on a PDC or stand-alone could trigger that itself, the problem is a BDC using LDAP. This needs to do it on a regular basis. The BDC smbd needs to be informed about SAM changes somehow... Volker (This used to be commit 30ef8fe1e85c0ca229b54f3f1595c4330f7191d1)
2004-02-26And another little constVolker Lendecke1-1/+1
(This used to be commit a3a15be5a2ae419992af004425592cca6796edcd)
2004-02-25(merge from 3.0)Andrew Bartlett1-1/+0
Fix bug in previous global_sam_sid() commit. I broke the 'read from MACHINE.SID' file functionality. Also, before we print out the results of 'net getlocalsid' and 'net getdomainsid', ensure we have tried to read that file, or have generated one. Andrew Bartlett (This used to be commit af1b6447b8292a83851361570219ee6d889e0898)
2004-02-25(merge from 3.0)Andrew Bartlett2-31/+45
I *hate* global variables... OK, what was happening here was that we would invalidate global_sam_sid when we set the sid into secrets.tdb, to force a re-read. The problem was, we would do *two* writes into the TDB, and the second one (in the PDC/BDC case) would be of a NULL pointer. This caused smbd startups to fail, on a blank TDB. By using a local variable in the pdb_generate_sam_sid() code, we avoid this particular trap. I've also added better debugging for the case where this all matters, which is particularly for LDAP, where it finds out a domain SID from the sambaDomain object. Andrew Bartlett (This used to be commit f3ecdea56d9ea6d562ace84f0e653a641eb96f6e)
2004-02-23(merge from 3.0)Andrew Bartlett1-1/+1
Found by Fabien Chevalier <fabien.chevalier@supelec.fr> and JustFillBug <mozbugbox@yahoo.com.au> on the Samba lists - a 'max password age' of zero should be considered as 'never expire'. For the timebeing we just set it like -1, but we might revisit this for closer-to-ms behaviour. Andrew Bartlett (This used to be commit 2003cdc65e1b9f6514d97334997fee5c49813bac)
2004-02-20handle both 0 and -1 as disablingJim McDonough1-4/+4
reset count and lockout duration (This used to be commit ad2996e418a45c1cf4f969077ffc267de70d6866)
2004-02-19Clean up bad pw count and autolock flag update fn()sJim McDonough1-79/+95
(This used to be commit 81dc9d53eb330f350f3f31068fe75c3606221e62)
2004-02-19Add bad pw count and autolock flag update fn()sJim McDonough1-2/+127
(This used to be commit 91ea29b392ff05311e9631467ee6255b29887e04)
2004-02-19Add functions to get/set bad password timeJim McDonough2-1/+21
(This used to be commit 0a2b792556b3aaa056a1fa6adb35627fdb804758)
2004-02-13Fix a few comments/formatting issues to make it more in line withJim McDonough1-3/+6
3.0 and reduce diff output. (This used to be commit 306c021000d36f13b3740839b62df60986e4e112)
2004-02-12Fix format error for generating SELECT, since unknown_3 is now goneJim McDonough1-1/+1
(This used to be commit 57314e060552523338071442e111fb4f7a2e1df8)
2004-02-12abartlet's pdb_set/changed flag fix for NULL passwordsGerald Carter1-6/+4
(This used to be commit 3b373cd15d17ab495f86c8b3b219d965b5aff606)
2004-02-12merges from 3.0Gerald Carter1-2/+2
(This used to be commit 2478501d402a07248d6181d4c9de253b203ff67c)
2004-02-12A couple of versioning adjustments. Remove unused version #define, andJim McDonough1-3/+4
define the INFO/version string in _only_ one place. (This used to be commit 02181f77897d87989341e3f18dbf0cc3e9c22991)
2004-02-12Start of merging changes with SAMBA_3_0. Fix up some comments so thatJim McDonough1-10/+10
they line up. Also change lockout_time to bad_password_time, since this is actually what is replicated. (This used to be commit adfc160082e5d1f20085e68eaacffea3fd277f1d)
2004-02-12tdbsam & smb_panic merge from 3.0 (initial tests are ok but I'll setup a ↵Gerald Carter1-53/+103
HEAD PDC tomorrow) (This used to be commit c57b24ee49aee0f0687742da7f8d741c62f6effe)
2004-02-11Move around function to fix build after recent static rampage.Tim Potter1-63/+62
(This used to be commit 1ab42df4a648fc19391891163d891c4bdb23437e)
2004-02-10Fix compiler warning.Rafal Szczesniak1-1/+2
rafal (This used to be commit e92fb5dcb02a56d10230df70d495f91da4052e62)
2004-02-08(merge from 3.0)Andrew Bartlett2-1/+14
When we set a domain sid, force get_global_sam_sid() to do it's work again. This should ensure that the value it returns is always consistant. Andrew Bartlett (This used to be commit fb13c61d4eee943e44632a0d1ba57b19602d67a4)
2004-02-08(merge from 3.0)Andrew Bartlett1-1/+4
Add static, and assert that we will never overflow the static fstring in pdb_encode_acct_ctrl() (All current callers are fine) Andrew Bartlett (This used to be commit badf7f64fb38dfd40bdf65b19e9dd8932d5e6c3b)
2004-02-08(merge from 3.0)Andrew Bartlett1-3/+14
Make more functions static, and remove duplication in the use of functions in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c (These should perhaps be pulled back out to smbpasswd.c, but that can occour later). This also includes some >14 character password changes, and the start of a move away from using 'admin user' to determine if the user is root (as root can login without setting 'admin user'). Andrew Bartlett (This used to be commit be0704abb919152c359a735023283acbf9be3076)
2004-02-08(merge from 3.0)Andrew Bartlett1-2/+2
I should have done this years ago... This adds the very simple 'admin set password' capability to 'net rpc', much as we have it for 'net ads'. Andrew Bartlett (This used to be commit 5243b89e33efd2ea8842a624d8abd6c5755afb64)
2004-01-30(merge from 3.0)Andrew Bartlett1-17/+31
If we are setting the NT or LM password to NULL, remove the attribute rather than writing XXXXX Andrew Bartlett (This used to be commit 2ae9672f811c91c95ee2ddfd4b0dcc6b0f4fa192)
2004-01-30disable any account that doesn't have a password and doesn't had the ↵Gerald Carter1-6/+12
ACB_PWNOTREQ bit set (This used to be commit 6c4de7198b94a8cea176e1c9d86deb65705f9058)
2004-01-29more initialization fixesGerald Carter1-0/+22
(This used to be commit 63206b1204bd532bf99912cd4312baf7d69db1f6)
2004-01-29merge from 3.0Gerald Carter2-2/+51
(This used to be commit 77335cc5bce46ab3498f9401099f110b0e5506c1)
2004-01-22fix previously committed old version by mistakeSimo Sorce1-3/+3
(This used to be commit 4840b25dbd4d2eafc010389a711d42862d5fb0f0)
2004-01-22sorry for the conflict markers committed in by mistake :-(Simo Sorce1-7/+1
(This used to be commit c5634e0b713e594a32522df7a76c36639f772ed5)
2004-01-191. The most part of this patch changed the unknown_3 flag to the now knownSimo Sorce8-44/+22
meaning of fields_present bit mask. Also avoid it being saved in backends (0 is saved where removing the unit32 would have produced a format change). Also add support in samr functions to correctly interpret the flags. Flags still not set properly (eg. still set all flags 0xffffff as previous code), need a tool to test this properly (I',ve done preliminary tests with samba4 rpc torture and it seem to work properly against w2k). 2. Patch for handlig the flag user must change password at next logon in usrmgr based on Jianliang Lu <j.lu@tiesse.com> patch (This used to be commit 78975e9483e64412e436c5dbfe2b71e20b79de29)
2004-01-15Remove unused variables.Rafal Szczesniak1-3/+0
rafal (This used to be commit a284082716bf63569e5921eb33b1ecd1a9b4810d)
2004-01-15Remove unused function.Rafal Szczesniak1-13/+0
rafal (This used to be commit 2d2c36cc3f691f31506fbd97e74cf225a2ef85c5)
2004-01-14Initial design of some of the functions to operate on trust passwordsRafal Szczesniak1-0/+202
from passdb backend level (tdbsam, in this case). It is written as wrapper for secrets_ calls that use secrets.tdb file and is not treated as eventual solution. Trust passwords are being handled uniformly, SAM_TRUST_PASSWD structure, and so they should be stored as well. Note, this code is disabled ie. not used anywhere yet. I'm working on next routines in line. rafal (This used to be commit 02ac9332ab1d34f47667b40ce23b2b5d04c4dff1)
2004-01-14Comment and formatting fix.Rafal Szczesniak1-2/+3
rafal (This used to be commit 336720416abd1f6d62f9a6748ae6a0454976c9d4)
2004-01-13sync HEAD with recent changes in 3.0Gerald Carter1-0/+38
(This used to be commit c98399e3c9d74e19b7c9d806ca8028b48866931e)
2004-01-07This was cut-n-paste mistake, I guess... :)Rafal Szczesniak1-1/+1
rafal (This used to be commit f912d8c3403071582f776886f9793e3289b285b6)
2004-01-07Typo fix.Rafal Szczesniak1-1/+1
rafal (This used to be commit 4a2bd4de3f5a99bc19013a2878659e8686606e30)
2004-01-07Prototype version of trust passwords moved to SAM/pdb. This isRafal Szczesniak1-0/+141
backend-independent part ie. interface - does build and (it seems) doesn't break anything else. rafal (This used to be commit 9ce6dc6476202d9db6ea1c2deab93e454e4db546)
2004-01-06isolate ldap debug messages to the common smbldap_XXX() functionsGerald Carter1-3/+0
(This used to be commit 4c877ccc16bcb69490c4d34d2ef5f727bf98438e)
2004-01-05(merge from 3.0)Andrew Bartlett1-1/+1
JHT came up with a nasty (broken) torture case in preparing examples for his book. This prompted me to look at the code that reads the unix group list. This code did a lot of name -> uid -> name -> sid translations, which caused problems. Instead, we now do just name -> sid I also cleaned up some interfaces, and client tools. Andrew Bartlett (This used to be commit cc535a6c70d8dcf677322e31b24dec58b23d80f0)
2004-01-05(merge from 3.0)Andrew Bartlett1-2/+10
Check the return value of string_to_sid in a few more places. (But string_to_sid also needs to be less permissive on what it thinks are valid sids...) Andrew Bartlett (This used to be commit 74ea8682e4b5c78f456cc9284e953e35e4146a8b)
2004-01-05(merge from 3.0)Andrew Bartlett1-2/+8
Show the error message for failure to set the ldap password. (For 'ldap password sync = yes') Andrew Bartlett (This used to be commit ef5d2309c2252c9d6111738075f863b69b616722)
2004-01-05Merge commit to 3_0: add pdb_pgsqlJelmer Vernooij3-501/+1008
(This used to be commit 61cbd5c9be1962d0c33c28ff472a2f82d3aa2a80)