summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2001-04-25converted the passdb smbpasswd implementation to using tallocGerald Carter2-330/+324
for memory allocation. This fixes a long standing seg fault (i knew i would get around to it one day :) ) Tested with NT4 and Win2k. Needs a little more testing with the "create the machine account on the fly" code for NT4. Simo, this is probably going to break the tdb passdb code. Can you look at that when you get a chance and see what you think? (This used to be commit 1c13110873e456748dc09fd51749f664643fe888)
2001-04-23Added "obey pam restrictions" parameter - default to "off".Jeremy Allison1-0/+17
Only set this to "on" if you know you have your PAM set up correctly..... NB. Doesn't apply to plaintext password authentication, which must use pam when compiled in. Jeremy. (This used to be commit 59aa99f3901d098b7afbe675021bda53b62ee496)
2001-04-23Fix more free twice bugs.Jeremy Allison1-2/+5
Jeremy. (This used to be commit 4db22afeed659a871a4a1f719d5fa1f2df07e24d)
2001-04-23Fix for bug in code for pam_session failure - pam_end called twice.Jeremy Allison1-12/+5
Jeremy. (This used to be commit c4048fcdb6ff3a890b69be8ef4832e9bd958cfec)
2001-04-23Added smb_ prefix to all Samba wrapper pam functions.Jeremy Allison2-50/+48
Fixed off by one bug using StrnCpy instead of strdup(). Jeremy. (This used to be commit d4b1c0be2e700c86a4338bb497777f97e3c960a7)
2001-04-22Commit of a modified version of Andrew Bartlett's patch that removes theJeremy Allison2-99/+101
horrid utmp hostname parameter - now uses the client name instead. Also tidies up some of the unencrypted password checking when PAM is compiled in. FIXME ! An pam_accountcheck() is being called even when smb encrypted passwords are negotiated. Is this the correct thing to do when winbindd is running ! This needs *SEVERE* testing.... Jeremy. (This used to be commit 071c799f479dd25efdb9c41745fc8f2beea7b568)
2001-04-20Oops. Typos.John Terpstra1-2/+2
(This used to be commit 44f96771c384b319290ab5e14cad6ba8f3fb5383)
2001-04-19Added error reporting to pam_session code.John Terpstra1-0/+19
(This used to be commit 72812e4cf199d804418dc52cc0b0ba683b8a2e5c)
2001-04-18merge from 2.2Andrew Tridgell2-8/+4
(This used to be commit f52a5014ee325f9d91f266f88eac51b6136a75b9)
2001-04-18patch from Steve Langasek <vorlon@netexpress.net> to make sure weJeremy Allison1-5/+11
don't use pam_setcred() if we haven't called pam_authenticate() Merge from 2.2 Jeremy. (This used to be commit 89589895e3adce75ecd6205547392326cf291543)
2001-04-13Updated with Andrew Bartlett patch.John Terpstra1-3/+30
(This used to be commit 02e84267f74b26bdf7f76c0fc9dbaecbc8574d58)
2001-04-12Merged John's changes.Jeremy Allison1-0/+2
Jeremy. (This used to be commit add847778bf458238bf2a1b14ab71b8cdfd7aec0)
2001-04-11Updating pampass from Samba-2.2 code tree. ===> JHTJohn Terpstra1-139/+87
(This used to be commit 88b6043b4e26c2771e0c444376b7017f5048baf8)
2001-04-10passdb/pass_check.c: Ensure second check is done only if given username is ↵Jeremy Allison1-62/+26
all in caps. rpc_server/srv_srvsvc_nt.c: Added "CONFIGFILE" arg to scripts so path to smb.conf is given. Jeremy. (This used to be commit 3c4c649951464be51541d5890afb997e3ecfcd23)
2001-04-10Added JohnT and Andrew Bartlett's PAM changes.Jeremy Allison2-134/+444
Jeremy. (This used to be commit ecd00e258c6fe4e8d90f48da74874e090dce4a40)
2001-04-08HEAD specific slprintf paranoia fixes.Jeremy Allison2-11/+11
Jeremy. (This used to be commit 61723c18f96a7b38cab0fcf545da7fb3640c5f7b)
2001-04-08Got "medieval on our ass" about adding the -1 to slprintf.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 94747b4639ed9b19f7d0fb896e43aa392a84989a)
2001-03-22New POSIX ACL mapping code. Works with UNIX permissions, now for testingJeremy Allison1-0/+6
with real ACLs... Jeremy. (This used to be commit 852b9e15ac245a593460cfff3f629d0333372e41)
2001-03-20Fix for crash when doing name lookup with a quoted string. Part ofJeremy Allison1-1/+11
lookup_name was expecting to be able to write to the string. Changed lookup_name to use const. Jeremy. (This used to be commit 80c18d88491f1148ade623e81c33f84ba4f952f3)
2001-03-19Added sys_dlopen/sys_dlsym/sys_dlclose.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 49f0e7e7143f82bce9dfd8b06e9e515bc0869ab7)
2001-03-18fixed unused variableAndrew Tridgell1-1/+1
(This used to be commit af62692e623429ca861905a0ac050b00a3bffdb0)
2001-03-14patches from Simo. Couple of snity thingsGerald Carter1-1/+3
(This used to be commit af3f2a30c657fc42171bbf7da2354bc4cc7b088d)
2001-03-11Remove "BYTE" - we already have uint8 - don't need more conflicts withJeremy Allison3-18/+18
system header files... Jeremy. (This used to be commit 31e0ce310ec38b3a3a05b344d6450d442c6be471)
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-5/+0
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
2001-03-02Merged JF's fixes into HEAD. These are for string parsing and SAMR fixes.Jeremy Allison3-6/+5
Jeremy. (This used to be commit c3a1904564175a7a5cf71e88540b96f7daa59730)
2001-02-14Merge of i18n fixes from appliance branch. Samba can now talk to a networkTim Potter1-3/+10
with a PDC that has international netbios name and domain name. There's still quite a bit of i18n stuff to fix though... (This used to be commit 79045bd72ace9144e7dd73785b1d10a71b0d15aa)
2001-02-08add pam_setcred() call to pam_auth(). Patch was submited last Oct.Gerald Carter1-0/+8
jerry (This used to be commit 57165d1578eefa270d5c0bd8697a774eb8cb06cf)
2001-01-15Fixes for POSIX ACLS. ACL merge code.Jeremy Allison1-2/+12
Jeremy. (This used to be commit 180e4a9cd05bcadb2f7c4c23d653724e867196f0)
2001-01-11Changes from APPLIANCE_HEAD:David O'Neill1-0/+2
testsuite/printing/psec.c - Use lock directory from smb.conf parameter when peeking at the ntdrivers.tdb file. source/rpc_parse/parse_sec.c - fix typo in debug message source/script/installbin.sh - create private directory as part of 'make install'. source/nsswitch/winbindd_cache.c source/nsswitch/winbindd_idmap.c source/passdb/secrets.c source/smbd/connection.c - always convert tdb key to unix code-page when generating. source/printing/nt_printing.c - always convert tdb key to unix code-page when generating. - don't prepend path to a filename that is NULL in add_a_printer_driver_3(). source/rpc_server/srv_spoolss_nt.c - always convert tdb key to unix code-page when generating. - don't prepend server name to a path/filename that is NULL in the fill_printer_driver_info functions. source/printing/printing.c - always convert tdb key to unix code-page when generating. - move access check for print_queue_purge() outside of job delete loop. source/smbd/unix_acls.c - fix for setting ACLs (this got missed earlier) source/lib/messages.c - trivial sync with appliance_head (This used to be commit 376601d17d53ef7bfaafa576bd770e554516e808)
2001-01-10Changes from APPLIANCE_HEAD:David O'Neill1-9/+31
source/include/proto.h source/param/loadparm.c source/passdb/passdb.c source/rpc_server/srv_samr.c - add support for "hide local users" option to HEAD. (This used to be commit 44dc339fe757b2b5578b30e74aad8c1b12c23f5f)
2000-12-12more fixes from Simo. Also fixed the password expiration fieldGerald Carter1-134/+59
in the tdbsam to never expire (we don't support this yet). jerry (This used to be commit 3b7d0fe7eb3a9275d2713d7b3325de0ab510ea62)
2000-12-09group rid assignment cut and paste errorGerald Carter1-2/+2
--jerry (This used to be commit bb48b02d5f2118470a415d5f1f92305688e6b432)
2000-12-06Cause smbd to use the new posix_acls code, not the old unix_acls code.Jeremy Allison1-0/+5
Currently does exactly the same thing (returns ACLs the same way). This code is written to try and get a POSIX ACL via the abstract sys_XX interface, then fall back to providing a UNIX based ACL if the calls fail. Seems to work. Next step is to add a --with-posix-acls to configure.in and then check on a POSIX ACL system that a complex ACL is returned correctly as an NT ACL. Note that the ACL set (a more complex problem) is not addressed yet. Jeremy. (This used to be commit 4339e20202a876dbadc07980b731f711463b7299)
2000-12-06updates to the tdbsam implementation.Gerald Carter3-37/+269
--jerry (This used to be commit 29b3ac8634769d01c20bf394eecc536a02e0f36c)
2000-11-27passdb/secrets.c passdb/smbpassfile.c smbd/server.c : Actually *use* the codeJeremy Allison2-30/+19
written to transition from an old DOMAIN.MACHINE.MAC file to secrets.tdb. printing/nt_printing.c: Fix case insensitive name lookups for driver files. John - this should fix the Win9x/WinME problem correctly. Jeremy. (This used to be commit 8f3332a9acf413ac5d12053ca5c52733a4e946cc)
2000-11-22o fixed logon script problems (wrong len in reply to net_sam_logon forGerald Carter2-3/+4
a few strings). I was the one who broke it obviously. o changed a few more defaults in the smbpasswd backend with respect to times. Now the logon time becomes '0' and the pass_can_change_time is set ot the same as pass_last_set_time o change Get_Pwnam() call in local_lookup_name to sys_getpwnam() as it did not seem necessary to try case permutations in the username. Tim, I think this was your code, so you might want to double check me. -- jerry (This used to be commit 37a665002c5cd7908c13d306f61af272a899dbc8)
2000-11-21Another large patch for the passdb rewrite.Gerald Carter5-746/+867
o added BOOL own_memory flag in SAM_ACCOUNT so we could use static memory for string pointer assignment or allocate a new string o added a reference TDB passdb backend. This is only a reference and should not be used in production because - RID's are generated using the same algorithm as with smbpasswd - a TDB can only have one key (w/o getting into problems) and we need three. Therefore the pdb_sam-getpwuid() and pdb_getsampwrid() functions are interative searches :-( we need transaction support, multiple indexes, and a nice open source DBM. The Berkeley DB (from sleepycat.com seems to fit this criteria now) o added a new parameter "private dir" as many places in the code were using lp_smb_passwd_file() and chopping off the filename part. This makes more sense to me and I will docuement it in the man pages o Ran through Insure-lite and corrected memory leaks. Need for a public flogging this time Jeremy (-: -- jerry (This used to be commit 4792029a2991bd84251d152a62b1033dec62cee2)
2000-11-14- fix "declaration of 'time' shadows global declaration" warning.David O'Neill1-12/+12
(This used to be commit 92ff07132b3834b469ad7bb73d6e714b175a12af)
2000-11-14Fixed the cut-n-paste bugs in the new passdb backend code that leaked memory.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 55c6acce26a26af68149865dafb42e5a03b497e0)
2000-11-13Large commit which restructures the local password storage API.Gerald Carter6-1422/+1835
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+) are broken, but they were somewhat broken before. :) The following functions implement the storage manipulation interface /*The following definitions come from passdb/pdb_smbpasswd.c */ BOOL pdb_setsampwent (BOOL update); void pdb_endsampwent (void); SAM_ACCOUNT* pdb_getsampwent (void); SAM_ACCOUNT* pdb_getsampwnam (char *username); SAM_ACCOUNT* pdb_getsampwuid (uid_t uid); SAM_ACCOUNT* pdb_getsampwrid (uint32 rid); BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass); BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override); BOOL pdb_delete_sam_account (char* username); There is also a host of pdb_set..() and pdb_get..() functions for manipulating SAM_ACCOUNT struct members. Note that the struct passdb_ops {} has gone away. Also notice that struct smb_passwd (formally in smb.h) has been moved to passdb/pdb_smbpasswd.c and is not accessed outisde of static internal functions in this file. All local password searches should make use of the the SAM_ACCOUNT struct and the previously mentioned functions. I'll write some documentation for this later. The next step is to fix the TDB passdb backend, then work on spliting the backends out into share libraries, and finally get the LDAP backend going. What works and may not: o domain logons from Win9x works o domain logons from WinNT 4 works o user and group enumeration as implemented by Tim works o file and print access works o changing password from Win9x & NT ummm...i'll fix this tonight :) If I broke anything else, just yell and I'll fix it. I think it should be fairly quite. -- jerry (This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
2000-10-26TDB password backend support written by Simo Sorce <simo.sorce@polimi.it>Gerald Carter2-0/+598
Marked as an experimental compile time option (defaults to off) for now. jerry (This used to be commit 0435af4417b876c2ea1dd4591ae7647784c28e30)
2000-10-13last part of W2K support.Jean-François Micouleau1-1/+0
the trust domain list reply on netlogon pipe was wrong, interim hack until we have full trust relationships. changed some unistr2 to parse the ending NULL char. added a prs_align_needed() function. much like a prs_align but with a condition. needed for the unistr2 parsing. J.F. (This used to be commit d8bf81553c17d9ee3419d8150b96119ebb0b8fa9)
2000-10-07added samr_set_user_info and info_2.Jean-François Micouleau1-0/+209
cleanup of create_user cleanup of rid/sid mix in samr. now we only have sid. some prs_align() missing in parse_samr.c a small debug change in srv_pipe.c You still can't change a user's password in this commit. Will be availble in the next one. J.F. (This used to be commit b655bc281fa183b1827a946ada1fcf500fb93aea)
2000-09-28Removed a line by mistake...Jeremy Allison1-0/+1
Jeremy. (This used to be commit dcbdff7a4d6442ca8f9e1aa6fcf65c196c2f22bf)
2000-09-28Added comment on JF's new code. Removed ifdef in passdb/smbpass.c as thisJeremy Allison1-7/+0
was not correct. Jeremy. (This used to be commit 1a3f7ecde2ca031b2f93a079f75822354fe241a0)
2000-09-28fixed samr_create_user(). we now correctly parse the query and the reply.Jean-François Micouleau2-1/+9
And we create the disabled account. That means we can create user and trust accounts remotely ! ifdef out a return in passdb/smbpass.c. I think I didn't break any security. Jeremy could you check if I didn't make any mistakes ??? J.F. (This used to be commit 416be1b64f366c8b859f25856fce2467ec0446d9)
2000-08-23Added code to do SID to uid/gid conversion. Needed for ACL support.Jeremy Allison1-2/+73
Jeremy. (This used to be commit 81c5380f91839b6416c8a42739dadf00e7388528)
2000-08-02Started to canonicalize our handling of uid -> sid code in order toJeremy Allison1-64/+22
get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy. (This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
2000-08-01Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only need ↵Jeremy Allison1-12/+3
NT_STATUS_XXX). Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more obscure way. Jeremy. (This used to be commit c55bcec817f47d6162466b193d533c877194124a)
2000-07-10Fixes for various compile warnings on Solaris 8.Tim Potter1-1/+1
(This used to be commit 898a483cdab1ed7d8ff902c0dc0e0620440ae4cd)