summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2002-10-04Add a timeout to tdb_lock_bystring(). Ensure we never have more thanJeremy Allison1-49/+11
MAX_PRINT_JOBS in a queue. Jeremy. (This used to be commit 9fe3c0b90d4bff2217e3cb5a34b4683ca314c06e)
2002-10-01Updates from Samba HEAD:Andrew Bartlett2-9/+24
- Fix segfaults in the 'net ads' commands when no password is provided - Readd --with-ldapsam for 2.2 compatability. This conditionally compiles the old options, but the actual code is available on all ldap systems. - Fix shadow passwords (as per work with vl) - Fix sending plaintext passwords to unicode servers (again vl) - Add a bit of const to secrets.c functions - Fix some spelling and grammer by vance. - Document the -r option in smbgroupedit. There are more changes in HEAD, I'm only merging the changes I've been involved with. Andrew Bartlett (This used to be commit 83973c389355a5cc9ca74af467dfd8b5dabd2c8f)
2002-09-26sync with HEADGerald Carter6-206/+228
(This used to be commit ee9cbf58071adb627a49a94c6340aaba330486b5)
2002-09-26remove files not in HEADGerald Carter1-219/+0
(This used to be commit 9d9f7bbf87bf9a0e003e6da482615fe040d00852)
2002-09-26syncing up with HEAD again....Gerald Carter2-51/+81
(This used to be commit e026b84815ad1a5fa981c24fff197fefa73b4928)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter9-1352/+1653
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij10-139/+336
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell11-858/+1226
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-14This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User3-0/+506
used to be commit b8d39651fb90ef170055735412417239a63afc5d)
2002-07-14Fix up a botched prevoius commit.Andrew Bartlett1-11/+10
The idea here is to allow invalid LM passwords in otherwise valid accounts. This happens when we create an account without a password, for example. Previously we would stop at the LM password, and not read things like the account flags correctly. Now we process the record, and just set the password to NULL. (Note, 'no password for access' is decided only on the basis of the Account Control bits, not on the 'NULL' value of the password feild.). Andrew Bartlett (This used to be commit c590e0c970b5babf370924cef51530e5e215eaf2)
2002-07-13Make smbpasswd behave like all the other backends, where a NULL or invalidAndrew Bartlett1-7/+4
LM password isn't anything special. All the users check the ACB nowadays, and this allows us to correctly return flags set via usermgr. Andrew Bartlett (This used to be commit 89eb765d398de7654ba6bac7c51df727830c2591)
2002-07-10If we get a SID from group mapping, no need to check it's prefix.Andrew Bartlett1-6/+6
Just set it directly. Andrew Bartlett (This used to be commit 202202bc475f3b8500423b1a9ccf0adc80a4dc49)
2002-07-05Fix debug comment.Andrew Bartlett1-1/+1
(This used to be commit f32980c807adf8287436be0d5a223b9b1ce399b8)
2002-07-03Break up the passdb objects (to allow RPC clients to link without brining inAndrew Bartlett3-191/+104
*.o) and implment new enum_dom_users code in the SAMR RPC subsystem. Incresingly, we are using the pdb_get_{user,group}_sid() functions, in the eventual hope that we might one day support muliple domains off a single passdb. To extract the RID, we use sid_peek_check_rid(), and supply an 'expected' domain SID. The id21 -> SAM_ACCOUNT and id23 -> SAM_ACCOUNT code has been moved to srv_samr_util.c, to ease linking in passdb users. Compatiblity code that uses 'get_global_sam_sid()' for the 'expected' sid is in pdb_compat.c Andrew Bartlett (This used to be commit 5a2a6f1ba316489d118a8bdd9551b155226de94f)
2002-07-03Fix the spelling in the LDAP attributesAndrew Bartlett1-2/+2
(This used to be commit dab26f8891a77640ce382ce1785ca5dd22d43c22)
2002-07-01used findstatic.pl to make some variables static and remove some deadAndrew Tridgell1-1/+1
code (This used to be commit 91ad9041e9507d36eb3f40c23c5d4df61f139ef0)
2002-06-26Another bug fix from metze.Andrew Bartlett1-1/+1
(This used to be commit 5c754cef19c9580e2cb1e23152a1097d11ca8c60)
2002-06-22Add module versioning to the passdb module systemAndrew Bartlett2-2/+18
All passdb modules need to include a 'magic' macro that creates simple 'return my version number' function. (from metze and jelmer) Also fix up the dir_drive autosubsitute code to correctly use lp_logon_drive(). (from metze) Andrew Bartlett (This used to be commit 4a57c445dd4354034fc41b132a484afe6ab66e16)
2002-06-17compile warngin fixes merged from 2.2Gerald Carter1-1/+1
(This used to be commit 29874f4b8fecdc7cbd84d656dafce54cca49e0b1)
2002-06-15Rework much of the service.c code:Andrew Bartlett1-2/+2
The aim of this execise is to give the 'security>=user' code a straight paper path. Security=share will sill call authorise_login(), but otherwise we avoid that mess. This allow *much* more accurate error code reporting, beocuse we don't start pretending that we can use the (nonexistant) password etc. Also in this patch is code to create the 'homes' share at session setup time (as we have done in the past - been broken recently) and to record this on the user's vuser struct for later reference. The changes here should also allow for much better use of %H (some more changes to come here). The service.c changes move a lot of code around, but are not as drastric as they look... (Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not '*total_entries' was compared). This code is needs testing, but passes my basic tests. I expect we have lost some functionality, but the stuff I had expected to loose was already broken before I started. In particular, we don't 'fall back' to guest if the user cannot access a share (for security=user). If you want this kind of stuff then you really want security=share anyway. Andrew Bartlett (This used to be commit 4c0cbcaed95231f8cf11edb43f6adbec9a0d0b5c)
2002-06-14moved lp_list_* functions away from param/loadparm.c, put int lib/util_str.cSimo Sorce1-2/+2
and renamed to str_list_* as it is a better name. Elrond should be satisfied now :) (This used to be commit 4ae260adb9505384fcccfb4c9929cb60a45f2e84)
2002-06-14Allow non unix accounts to be added to an ldap directory without NUA accountsAndrew Bartlett1-0/+4
already. Andrew Bartlett (This used to be commit a5d5b4cf2555b9bbded31b556d4fc74c00c6c490)
2002-06-14Patch from ctrlsoft to use the pdb_sethexpwd function in smbpasswd - insteadAndrew Bartlett1-48/+7
of implementing it twice inline. This code is complex - but occasionally I get the feeling that people made it more complext than it really needed to be... Andrew Bartlett (This used to be commit 273d518e52a83eca466c134531dd12825fe3cbdb)
2002-06-14It looks like we never tested the 'cleanup' code, so when I triggered itAndrew Bartlett2-12/+20
(invalid passdb backends smb.conf entry) we picked up a few things :-). Andrew Bartlett (This used to be commit dfa98ae0ac195956490ca2f4140a8eff1566095e)
2002-06-14Some updates from ctrlsoft <jelmer@nl.linux.org> to return failure if *any* ofAndrew Bartlett1-19/+20
the passdb backends fail to load (is this the right way? - I think so). Also, I've added some more comments, cleaned up some style etc. (This used to be commit c8c490bcb84df43be38bdcb48067fec12331e358)
2002-06-14Debug fixes from ctrlsoftAndrew Bartlett1-2/+2
(This used to be commit 27e34d4e63adc6d6ad63857d2a17595b7cff52db)
2002-06-14Convenience function to allow a SID to be specified as a string.Andrew Bartlett1-3/+46
(for use in passdb modules like pdb_xml or a new pdb_ldap that stores sids etc.) Andrew Bartlett (This used to be commit c70b2c4fb72f251a14e0fc88b6520d69a0889bc2)
2002-06-14Patch from ctrlsoft to make the pluggable passdb subsystem use an lp_listAndrew Bartlett3-30/+43
rather than a string when configuring mulitple backends. Also adjust some of the users of get_global_sam_sid() to cope with the fact that it just might not exist (uninitialised, can't access secrets.tdb). More places need conversion. Add some const and remove silly casts. Andrew Bartlett (This used to be commit c264bf2ec93037d2a9927c00295fa60c88b7219d)
2002-06-14Add const, kill of useless casts and therefore eliminate warnings.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 29490f214750acd44cee6c4ab1354722d82d853a)
2002-06-13Latest patch from metze <metze@metzemix.de> to move most of samba acrossAndrew Bartlett7-84/+136
to using SIDs instead of RIDs. The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument. The idea here is to prevent mistakes where the SID is implict, but isn't the same one that we have in the struct. Andrew Bartlett (This used to be commit 04f9a8ff4c7982f6597c0f6748f85d66d4784901)
2002-06-07Fix commentAndrew Bartlett1-1/+1
(This used to be commit 1996bcbe6acae49e191363ee122b30e4e5d5e8a9)
2002-06-07Globally replace 'global_sam_sid' with get_global_sam_sid(), a selfAndrew Bartlett3-36/+50
initialising function. This patch thanks to the work of "Stefan (metze) Metzmacher" <metze@metzemix.de> This is partly to enable the transition to SIDs in the the passdb. Andrew Bartlett (This used to be commit 96afea638e15d4cbadc57023a511094a770c6adc)
2002-06-07Move the code from lib/util_sid.c that deals with the global_sam_sid intoAndrew Bartlett1-0/+280
a file that is linked with the passdb. This is to avoid linking insanity when this global becomes a self-initing function. (This used to be commit 743afd96cb54b4966e3afad11ea987f968b98651)
2002-05-26change: pdb_getsampwrid() ->pdb_getsampwsid()Simo Sorce7-14/+49
passdb interface change, now the passdb modules will be asked for SID not for rid, the modules have been updated with a passthrough function that calls the old getsampwrid() functions. srv_samr_nt.c functions that made use of the pdb_getsampwrid funcion has been updated to use the SID one. (This used to be commit f5c6496c33fa7f5c2826540ffb4a49d8a5790fb3)
2002-05-25Only reterive the attributes we are actually going to use - rather thanAndrew Bartlett1-3/+14
the whole record which could include things like photos's etc. Andrew Bartlett (This used to be commit bbc69545516f29cc4e05ba6238b03eb504f28226)
2002-05-25Remove unused variable, fix functions to match prototypes in the variousAndrew Bartlett1-6/+5
structs. Andrew Bartlett (This used to be commit 57097bf1ba10566389266a4863899a7f25cdbb43)
2002-05-24Some of the updates from ctrlsoft's 'Various' patch:Andrew Bartlett1-17/+18
- convert net to popt - convert status to popt - adapt examples/pdb/ to multiple passdb system - add dynamic debug class example to examples/pdb/ and some reformatting to better match the samba coding style. Andrew Bartlett (This used to be commit 2498bc69d4e5c38ec385f640489daa94c508c726)
2002-05-24Make function match the defintion require for assignment as a functionAndrew Bartlett1-1/+1
pointer. (This used to be commit 38012edaca4c181f3d3a9e9df4fc434bba78f9dc)
2002-05-23Looks like abartlet got a bit overexcited about using const...Jim McDonough1-1/+1
BOOL const secrets_init(...) Broke AIX build. (This used to be commit 37b6bf3aae4fd8ee3af7e5947b3e549dcef754cf)
2002-05-22Updates for sane storage of ldap root DN passwords (tested, with upgradeAndrew Bartlett2-44/+120
from 2.2 format) and LDAP rebind support (untested, I don't have a setup to match). Andrew Bartlett (This used to be commit 4f7ba78c9d50ac584497dcf1d78ce613112742d4)
2002-05-18so here it is the code to introduce seriously debugggging classes.Simo Sorce10-2/+48
this is a first step only passdb stuff has beein "classized". - so what can you do? set debug level to: 1 poasdb:10 that will make all the code run at debug level 1 except the code in passdb/* files that will run at level 10 TODO: fix the man page - also smbcontrol has this nice feature so smbcontrol smbd debug 3 passdb:5 will set every smbd to have a default log level of 3 while passdb stuff will be at level 5 and so no.. minor cosmetic fix to pdbedit is there too (This used to be commit be5c3b3f5781ddc002ffcc98df04ab024dcef4ca)
2002-05-18Remove const from some functions to match the changed prototype in aAndrew Bartlett2-10/+8
previous commit, and remove some unsued variables. Main change: Make sure to fill in the username when making a non-unix account from smbpasswd. (This used to be commit 7019486eacb72ca44c42ce620b8696bb29f12292)
2002-05-18Passdb:Andrew Bartlett2-44/+29
Kill off the silly code that attempts to do NT -> Unix username mapping. This is done well before here, no need to repeat it. Add some small fixes and extra debugs, trying to track down current build farm failures. pdb_unix: When 'updating' a pdb_unix account, instead add it to the default passdb. This means that you don't need to specify '-a' to smbpasswd any more when messing with an existing unix user, the account is simply 'upgraded'. The idea here is that these accounts are just as 'real' as any other, they just don't have the extra attributes an smbpasswd file does. I'm open for debate on the pdb_unix issue, and will remove it if given good reason. (without this, an attempt to add an account already in pdb_unix to smbpasswd would fail, as it would fail to update pdb_unix). rpc_server/srv_netlog_nt.c Change a couple of things around, so as to show the client workstation etc. WRONG_PASSWORD is certainly not the right default error. Try ACCESS_DENIED for now. Andrew Bartlett (This used to be commit d78b74b338df9accd9ad84c56a49fa4f787425e2)
2002-05-18A few things in this commit:Andrew Bartlett7-267/+465
cleanup some of the code in net_rpc_join re const warnings and fstrings. Passdb: Make the %u and %U substituions in passdb work. This is done by declaring these paramters to be 'const' and doing the substitution manually. I'm told this is us going full circle, but I can't really see a better way. Finally these things actually seem to work properly... Make the lanman code use the pdb's recorded values for homedir etc rather than the values from lp_*() Add code to set the plaintext password in the passdb, where it can decide how to store/set it. For use with a future 'ldap password change' option, or somthing like that... Add pdb_unix, so as to remove the 'not in passdb' special cases from the local_lookup_*() code. Quite small, as it uses the new 'struct passwd -> SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd) Other: Fix up the adding of [homes] at session setup time to actually pass the right string, that is the unix homedir, not the UNC path. Fix up [homes] so that for winbind users is picks the correct name. (bad interactions with the default domain code previously) Change the rpc_server/srv_lsa_nt.c code to match NT when for the SATUS_NONE_MAPPED reply: This was only being triggered on no queries, now it is on the 'no mappings' (ie all mappings failed). Checked against Win2k. Policy Question: Should SID -> unix_user.234/unix_group.364 be considered a mapping or not? Currently it isn't. Andrew Bartlett (This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34)
2002-05-17Make --with-ldapsam 'go away'. This is now a standard, stable, featureAndrew Bartlett1-3/+3
and there is no real reason for it to depend on more than the abilty to compile the code. (This used to be commit 64aaec137e39595e6e61b55eb525615683a1393c)
2002-05-17A few more trusted domains updates from mimir.Andrew Bartlett1-13/+34
I think we may still need to look at our server enumeration code, but other than that, its much better in the tree than out. Andrew Bartlett (This used to be commit d57a1b4629d12a0374cc6d74dfc6f5d4793fcef8)
2002-04-23Spelling fixes from vanceAndrew Bartlett1-6/+6
(This used to be commit 70c6f5fc6d3ec3121b29d1e46e7fd3933fbcce6b)
2002-04-14Partly based on the work by mimir (Rafal SzczesniakAndrew Bartlett1-9/+127
<mimir@diament.ists.pwr.wroc.pl>) this patch allows samba to correctly enumerate its trusted domains - by exaimining the keys in the secrets.tdb file. This patch has been tested with both NT4 and rpcclient/wbinfo, and adds some extra functionality to talloc and rpc_parse to allow it to deal with already unicode strings. Finally, this cleans up some const warnings that were in net_rpc.c by pushing another dash of const into the rpc client code. Andrew Bartlett (This used to be commit 0bdd94cb992b40942aaf2e5e0efd2868b4686296)
2002-04-13Fix the compile-bug in pdb_ldap from my last patch.Andrew Bartlett1-4/+4
Andrew Bartlett (This used to be commit 81eaa7924b7bd3a13d049bce7fe7a16ab9174364)
2002-04-13Better handling of uid/gid -> RID and RID -> uid/gid code.Andrew Bartlett5-78/+67
All uids and gids must create valid RIDs, becouse other code expects this, and can't handle the failure case. (ACL code in particular) Allow admins to adjust the base of the RID algorithm, so avoid clashes with users brought in from NT (for example). Put all the algorithm code back in one place, so that this change is global. Better coping with NULL sid pointers - but it still breaks a lot of stuff. BONUS: manpage entry for new paramater :-) counter based rids for normal users in tdbsam is disabled for the timebeing, idra and I will work out some things here soon I hope. Andrew Bartlett (This used to be commit 5275c94cdf0c64f347d4282f47088d084b1a7ea5)