summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2003-04-16Store the type of 'sec channel' that we establish to the DC. If we are aAndrew Bartlett2-16/+101
workstation, we have to use the workstation type, if we have a BDC account, we must use the BDC type - even if we are pretending to be a workstation at the moment. Also actually store and retreive the last change time, so we can do periodic password changes again (for RPC at least). And finally, a couple of minor fixes to 'net'. Andrew Bartlett (This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
2003-04-09Fix double free on error and typoJelmer Vernooij1-2/+1
(This used to be commit 84b116f9c007c0f933af82462dff4324ffa53f0f)
2003-04-07Restore previous behaviour to update on pdb_unix (auto-upgrade to new account)Andrew Bartlett1-0/+1
(This used to be commit 0509cbc59174354b7c57206a07f7bd222cc87db4)
2003-04-06Don't bail if we have a badly formed record, just move on to the next one.Andrew Bartlett1-1/+1
(This used to be commit febd966b10b23238c93444256b8ad30b50b20ef8)
2003-04-03The ldap idmap backend from Anthony Liguori (aliguori@us.ibm.com):Jim McDonough1-703/+94
This patch moves the ldap routines out of passdb into a generic library and implements an LDAP backend for IDMAP. THe backend can be enabled with "idmap backend = ldap" in smb.conf. THere are also schema changes to make sure to update teh ldap schema files. (This used to be commit 87c7c582c60521da3a93d997386fe79935012aea)
2003-04-02Add staticJelmer Vernooij1-1/+1
(This used to be commit 674d0ca5d84b64be395fbeff773c8dd8aeb1518c)
2003-04-02Fix a crash bug if LDAP doesn't fill in ld_error.Andrew Bartlett1-18/+18
Andrew Bartlett C VS: ---------------------------------------------------------------------- (This used to be commit d84a3fc522a588bdcd36cb86df304572947a456a)
2003-03-30This fixes group updates in LDAP the same way as user updatesVolker Lendecke1-77/+98
are handled, though we assume that always everything needs to be updated in LDAP. PDB_IS_* is not done yet for groups. Do we need it? Volker (This used to be commit 409a26282f8fcbd583a85df40c70b504eac26f6e)
2003-03-30- Point users at the HOWTO Collection instead of 'README' in modules/mysql.cJelmer Vernooij1-1/+4
- Make passdb work with absolute paths (passdb backend = /path/to/smbpasswd.so works now). vfs, rpc and charset will follow (This used to be commit 794d3ed03619a4e41558d9ff65783a1aa1b2be90)
2003-03-28Merge from HEAD - get better error strings from the ldap server in pdb_ldap.Andrew Bartlett1-11/+38
Andrew Bartlett (This used to be commit 5dc29b10b08658178133aee7b4c47197fadc533a)
2003-03-27This is no functional change. It just makes pdb_ldap.c a bitVolker Lendecke1-24/+50
easier to understand by moving the logic for init_ldap_from_sam and friends around. Volker (This used to be commit 124c80facba364033f72b20660f347390effba59)
2003-03-25Apply metze's change correctly this time. Playing 'patch' byVolker Lendecke1-6/+6
hand can be somewhat error-prone.. Volker (This used to be commit 12fabd07148c21f5481cb750f1cfdab2e8112e4b)
2003-03-23Implement abartlet's suggestion to add attribs to ldap if theyVolker Lendecke1-24/+30
are 'SET' when adding the account. I really don't like passing flags down to inner routines and complicated if/else conditions, but this time he might be right. ;-) Volker (This used to be commit 80d2578108da14f60133df3a308b867beb27e920)
2003-03-23This adds 'ldap delete dn' as the recommended parameterVolker Lendecke1-2/+2
for the 'ldap del only sam attr' functionality. So we are compatiple to the current SuSE patches as well as to TNG... ;-) Volker (This used to be commit 353309e2a3bc27e918bd0a6cf22833d57895fbc8)
2003-03-23Metzes change:Volker Lendecke1-4/+10
> Hi Volker, > > if 'displayName' is not available we should fallback to 'cn' for map->nt_name > 'cn' is used as unix group name by nss_ldap. > > and if nt_name is not available we should fail (so does this patch) Volker (This used to be commit 3a7d1e72e208b9609da4ff65d9fff9179799ecac)
2003-03-22Return value in non-void functionJelmer Vernooij1-0/+1
(This used to be commit 0efa773bac4b9fe2f79265413c32fecce55cc369)
2003-03-22Never touch complicated if/else/elsif structures :-)Volker Lendecke1-23/+27
This repairs domain join with fully existing wks-account which I broke with my last patch... Volker (This used to be commit 582a34efbe3c1570b852c93318ff6002954ddf6a)
2003-03-22This changes the way we do LDAP updates. We don't use LDAP_MOD_MODIFYVolker Lendecke1-121/+175
anymore, but instead look at what is currently stored in the database. Then we explicitly delete the existing attribute and add the new value if it is not NULL or "". This way we can handle appearing and disappearing attributes quite nicely. This currently breaks pdbedit -o, as this does not set the CHANGED flag on the SAM_ACCOUNT. Jelmer suggested that we set all the fields on CHANGED in context_add_sam_account. This sounds not too unreasonable. Volker (This used to be commit f7149cf500d2b10ee72163c018a39fdd192d7632)
2003-03-22Patch from Jianliang Lu <j.lu@tiesse.com> to set the 'minimum password age'Andrew Bartlett1-0/+11
when setting the password. Andrew Bartlett (This used to be commit 552198b9e149c41f8cb2f976421ef030eac6fba6)
2003-03-22FALSE -> False (reported by Paul Green)Jelmer Vernooij1-1/+1
(This used to be commit 1002b0bbff295548b74580dbb0dc0c76474af23b)
2003-03-20Use True, not TRUE and False, not FALSEJelmer Vernooij3-3/+3
(This used to be commit 44e9bf88cc2bbb2aa34711354258c3abb319cb9b)
2003-03-20Fix typoVolker Lendecke1-3/+3
(This used to be commit 5c6f5bef30db62f351d83ecdd6aa6990a567d842)
2003-03-20I like debug level 10, but these messages always get into my wayVolker Lendecke1-5/+5
when debugging pdc stuff... Volker (This used to be commit e1c275a66aa8a0fe29c61f4742fed5953671cb43)
2003-03-20Merge Herb's change.Volker Lendecke1-1/+1
Volker (This used to be commit e8725913f9f174c03683a35bbce16ee33ab4c707)
2003-03-19Fix corrupt memory reading in smb_register_passdbJelmer Vernooij1-1/+1
(This used to be commit 6acbb37e4e32de635ace8420a5182b04b6527e34)
2003-03-19Put in the new modules system. It's now used by passdb and rpc. I willJelmer Vernooij7-75/+42
put a doc about it in dev-doc later today. (This used to be commit af7bfee0c6902c07fdb8d3abccf4c8d6bab00b5a)
2003-03-19Add paramter 'ldap del only sam attr'.Volker Lendecke1-59/+97
This patch is heavily based on a patch by SuSE. Thanks to Guenther Deschner <gd@suse.de> for providing it. Volker (This used to be commit 5eaf9195eefda5ababba85cc0f6d581ff6f0f454)
2003-03-19Hey -- there is an error code NT_STATUS_CANNOT_DELETE :-)Volker Lendecke1-1/+1
(This used to be commit aa9b8382d38346cb3e94ddf2e7caf6d663034579)
2003-03-19If we fail, return an error code :-)Volker Lendecke1-0/+1
Volker (This used to be commit a5218499eb3f0a62cd663a06157591fbb0dfcbef)
2003-03-19Put group mapping into LDAP.Volker Lendecke1-1/+501
Volker (This used to be commit f0f1518fc450834725902e9cdf33fb8d35f99360)
2003-03-17Fix memory leak.Volker Lendecke1-0/+2
Volker (This used to be commit e8975d6e7bdcceb78a83a3446cf1430e1e3f1a72)
2003-03-17Fix invalid SAFE_FREE() of talloc()ed memory.Andrew Bartlett1-3/+0
Andrew Bartlett (This used to be commit 21add5f97d0d112094e34a02e6319991a1d2af4d)
2003-03-14Fresh meat in trusted domains code:Rafal Szczesniak1-30/+47
- packing/unpacking utility functions for trusted domain password struct; can be used to prepare buffer to store in secrets.tdb or (soon) passdb backend - similiar functions for DOM_SID - respectively modified secrets_(fetch|store) routines - new auth mapping code utilising introduced is_trusted_domain function - added tdb (un)packing of single bytes Rafal (This used to be commit 5281ee7e84421b9be746aed2f1718ceaf2a2fe3d)
2003-03-11This patch attemptes to clean up winbindd's mutex locking.Andrew Bartlett1-23/+7
The current locking scheme in winbind is a complete mess - indeed, the next step should be to push the locking into cli_full_connection(), but I'll leave it for now. This patch works on the noted behaviour that 2 parts of the connection process need protection - and independent protection. Tim Potter did some work on this a little while back, verifying the second case. The two cases are: - between connect() and first session setup - during the auth2 phase of the netlogon pipe setup. I've removed the counter on the lock, as I fail to see what it gains us. This patch also adds 'anonymous fallback' to our winbindd -> DC connection. If the authenticated connection fails (wbinfo -A specifed) - say that account isn't trusted by a trusted DC - then we try an anonymous. Both tpot and mbp like the patch. Andrew Bartlett (This used to be commit 0620320002082298a15cbba72bd79aecfc607947)
2003-02-27- Rename 'modules = ' to 'preload modules = 'Jelmer Vernooij1-19/+34
- Add smb_probe_module() - Add init_modules() - Call these functions (This used to be commit f8f21653225792c0001d183c6efe8b7d89a0785d)
2003-02-22Fix comment - the other bits of code don't call this any more.Andrew Bartlett1-4/+1
(This used to be commit 523d1429b1072c999d376d2b4e13a1c08349990a)
2003-02-22Remove 'unixsam' from the default passdb backends.Andrew Bartlett7-279/+204
The intention is to remove the muliple passdb backends, but we need the 'guest' account to always be there. If the admin adds the guest account to (say) LDAP, there will only be one backend required for operation. This helps remove some nasty behaviours with adding accounts to the system for both the RPC 'create user' and the SAMSYNC code. Users 'added' with an 'add user/machine' script won't magicly appear, and machine accounts 'pre-added' to unix, but not the smbpasswd file will not cause mayhem. This commit also implements somthing tridge discussed with me, the concept of 'default' passdb operation pointers - so that each backend does not need it's own stub funcitons wrapping the default tdb privilages/group mapping code. This also removes an implicit 'sid->name' and 'name->sid' mapping from our own local SID space, to winbind usernames. When adding mapping for NIS/LDAP non-sam users in future, we need to be careful. Andrew Bartlett (This used to be commit 6f32fa234961a525760a05418a08ec48d22d7617)
2003-02-12initial server side privileges implementation, using a tdb. This needs to be ↵Andrew Tridgell1-0/+341
hooked into pdb, and we need some access control on changing privileges. That's next (This used to be commit f4f1f84a6bf1d356ccc83f0ecb135bef4a39619e)
2003-02-01More ldap parinoia - if we ever get more than one result, bail. The order weAndrew Bartlett1-5/+23
get them in should be indeterminate, so just picking the first one would be bad... Andrew Bartlett (This used to be commit 21da8c3bb39c507eb90865549c3bb3538dcea138)
2003-02-01Always escape ldap filter strings. Escaping code was from pam_ldap, but I'm toAndrew Bartlett1-3/+19
blame for the realloc() stuff. Plus a couple of minor updates to libads. Andrew Bartlett (This used to be commit 34b2e558a4b3cfd753339bb228a9799e27ed8170)
2003-02-01A couple more signed/unsigned issues.Andrew Bartlett1-2/+2
(This used to be commit 01d78b828b89f04b70b53ded01a7f4b356979317)
2003-01-16Fixed up mutex protection around winbindd logon code. Sync with APP-HEAD.Jeremy Allison1-8/+24
Jeremy. (This used to be commit 3d04872499332ef2d8e7479b924afc8fc1ac29d7)
2003-01-15initialize acct_ctrl before using itHerb Lewis1-2/+1
remove ldap_msgfree(result); as result is unitialized at this point (This used to be commit dc8882778694289ca461de57d443992f52ab7524)
2003-01-14Fix some debug lines, and add a bit more info to help track down ldapAndrew Bartlett1-8/+15
connectivity problems. Andrew Bartlett (This used to be commit 68de9a59203ed9778f11b78f233dc437b9dab55d)
2003-01-14clearer debug message when the user is already in the ldap dbAndrew Tridgell1-1/+2
(This used to be commit 31894ba0e5847eb934688598cd8d65bead23c58b)
2003-01-13Always initialise this variable - and don't set the 'must change now' if it wasAndrew Bartlett1-0/+1
last changed at '0'. We need to actually change this password sometime... Andrew Bartlett (This used to be commit 740bf439d2d1512127c873cf0e57697161d6566b)
2003-01-08Fix open problem with changing attributes on an existing file - basedJeremy Allison1-1/+0
on work by <steve@griffin.sio2.nl>. Jeremy. (This used to be commit 465d86d95fbdeda423d1f4b06cee46c119a31447)
2003-01-02We already have one function to move unistr2 -> multibyte-static, so weAndrew Bartlett1-19/+0
don't need a second just for pdb. Also, remove magic 'is lp_guest_account' test - the magic RID should be up to the passdb backend to set. Andrew Bartlett (This used to be commit f71c8338d35a2e8c73c3d8006ea6858cb522c715)
2003-01-02BIG patch...Andrew Bartlett6-16/+16
This patch makes Samba compile cleanly with -Wwrite-strings. - That is, all string literals are marked as 'const'. These strings are always read only, this just marks them as such for passing to other functions. What is most supprising is that I didn't need to change more than a few lines of code (all in 'net', which got a small cleanup of net.h and extern variables). The rest is just adding a lot of 'const'. As far as I can tell, I have not added any new warnings - apart from making all of tdbutil.c's function const (so they warn for adding that const string to struct). Andrew Bartlett (This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison2-2/+2
named. Ensure we can query them. Jeremy. (This used to be commit 842e08e52a665ae678eea239759bb2de1a0d7b33)