summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2002-06-22Add module versioning to the passdb module systemAndrew Bartlett2-2/+18
All passdb modules need to include a 'magic' macro that creates simple 'return my version number' function. (from metze and jelmer) Also fix up the dir_drive autosubsitute code to correctly use lp_logon_drive(). (from metze) Andrew Bartlett (This used to be commit 4a57c445dd4354034fc41b132a484afe6ab66e16)
2002-06-17compile warngin fixes merged from 2.2Gerald Carter1-1/+1
(This used to be commit 29874f4b8fecdc7cbd84d656dafce54cca49e0b1)
2002-06-15Rework much of the service.c code:Andrew Bartlett1-2/+2
The aim of this execise is to give the 'security>=user' code a straight paper path. Security=share will sill call authorise_login(), but otherwise we avoid that mess. This allow *much* more accurate error code reporting, beocuse we don't start pretending that we can use the (nonexistant) password etc. Also in this patch is code to create the 'homes' share at session setup time (as we have done in the past - been broken recently) and to record this on the user's vuser struct for later reference. The changes here should also allow for much better use of %H (some more changes to come here). The service.c changes move a lot of code around, but are not as drastric as they look... (Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not '*total_entries' was compared). This code is needs testing, but passes my basic tests. I expect we have lost some functionality, but the stuff I had expected to loose was already broken before I started. In particular, we don't 'fall back' to guest if the user cannot access a share (for security=user). If you want this kind of stuff then you really want security=share anyway. Andrew Bartlett (This used to be commit 4c0cbcaed95231f8cf11edb43f6adbec9a0d0b5c)
2002-06-14moved lp_list_* functions away from param/loadparm.c, put int lib/util_str.cSimo Sorce1-2/+2
and renamed to str_list_* as it is a better name. Elrond should be satisfied now :) (This used to be commit 4ae260adb9505384fcccfb4c9929cb60a45f2e84)
2002-06-14Allow non unix accounts to be added to an ldap directory without NUA accountsAndrew Bartlett1-0/+4
already. Andrew Bartlett (This used to be commit a5d5b4cf2555b9bbded31b556d4fc74c00c6c490)
2002-06-14Patch from ctrlsoft to use the pdb_sethexpwd function in smbpasswd - insteadAndrew Bartlett1-48/+7
of implementing it twice inline. This code is complex - but occasionally I get the feeling that people made it more complext than it really needed to be... Andrew Bartlett (This used to be commit 273d518e52a83eca466c134531dd12825fe3cbdb)
2002-06-14It looks like we never tested the 'cleanup' code, so when I triggered itAndrew Bartlett2-12/+20
(invalid passdb backends smb.conf entry) we picked up a few things :-). Andrew Bartlett (This used to be commit dfa98ae0ac195956490ca2f4140a8eff1566095e)
2002-06-14Some updates from ctrlsoft <jelmer@nl.linux.org> to return failure if *any* ofAndrew Bartlett1-19/+20
the passdb backends fail to load (is this the right way? - I think so). Also, I've added some more comments, cleaned up some style etc. (This used to be commit c8c490bcb84df43be38bdcb48067fec12331e358)
2002-06-14Debug fixes from ctrlsoftAndrew Bartlett1-2/+2
(This used to be commit 27e34d4e63adc6d6ad63857d2a17595b7cff52db)
2002-06-14Convenience function to allow a SID to be specified as a string.Andrew Bartlett1-3/+46
(for use in passdb modules like pdb_xml or a new pdb_ldap that stores sids etc.) Andrew Bartlett (This used to be commit c70b2c4fb72f251a14e0fc88b6520d69a0889bc2)
2002-06-14Patch from ctrlsoft to make the pluggable passdb subsystem use an lp_listAndrew Bartlett3-30/+43
rather than a string when configuring mulitple backends. Also adjust some of the users of get_global_sam_sid() to cope with the fact that it just might not exist (uninitialised, can't access secrets.tdb). More places need conversion. Add some const and remove silly casts. Andrew Bartlett (This used to be commit c264bf2ec93037d2a9927c00295fa60c88b7219d)
2002-06-14Add const, kill of useless casts and therefore eliminate warnings.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 29490f214750acd44cee6c4ab1354722d82d853a)
2002-06-13Latest patch from metze <metze@metzemix.de> to move most of samba acrossAndrew Bartlett7-84/+136
to using SIDs instead of RIDs. The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument. The idea here is to prevent mistakes where the SID is implict, but isn't the same one that we have in the struct. Andrew Bartlett (This used to be commit 04f9a8ff4c7982f6597c0f6748f85d66d4784901)
2002-06-07Fix commentAndrew Bartlett1-1/+1
(This used to be commit 1996bcbe6acae49e191363ee122b30e4e5d5e8a9)
2002-06-07Globally replace 'global_sam_sid' with get_global_sam_sid(), a selfAndrew Bartlett3-36/+50
initialising function. This patch thanks to the work of "Stefan (metze) Metzmacher" <metze@metzemix.de> This is partly to enable the transition to SIDs in the the passdb. Andrew Bartlett (This used to be commit 96afea638e15d4cbadc57023a511094a770c6adc)
2002-06-07Move the code from lib/util_sid.c that deals with the global_sam_sid intoAndrew Bartlett1-0/+280
a file that is linked with the passdb. This is to avoid linking insanity when this global becomes a self-initing function. (This used to be commit 743afd96cb54b4966e3afad11ea987f968b98651)
2002-05-26change: pdb_getsampwrid() ->pdb_getsampwsid()Simo Sorce7-14/+49
passdb interface change, now the passdb modules will be asked for SID not for rid, the modules have been updated with a passthrough function that calls the old getsampwrid() functions. srv_samr_nt.c functions that made use of the pdb_getsampwrid funcion has been updated to use the SID one. (This used to be commit f5c6496c33fa7f5c2826540ffb4a49d8a5790fb3)
2002-05-25Only reterive the attributes we are actually going to use - rather thanAndrew Bartlett1-3/+14
the whole record which could include things like photos's etc. Andrew Bartlett (This used to be commit bbc69545516f29cc4e05ba6238b03eb504f28226)
2002-05-25Remove unused variable, fix functions to match prototypes in the variousAndrew Bartlett1-6/+5
structs. Andrew Bartlett (This used to be commit 57097bf1ba10566389266a4863899a7f25cdbb43)
2002-05-24Some of the updates from ctrlsoft's 'Various' patch:Andrew Bartlett1-17/+18
- convert net to popt - convert status to popt - adapt examples/pdb/ to multiple passdb system - add dynamic debug class example to examples/pdb/ and some reformatting to better match the samba coding style. Andrew Bartlett (This used to be commit 2498bc69d4e5c38ec385f640489daa94c508c726)
2002-05-24Make function match the defintion require for assignment as a functionAndrew Bartlett1-1/+1
pointer. (This used to be commit 38012edaca4c181f3d3a9e9df4fc434bba78f9dc)
2002-05-23Looks like abartlet got a bit overexcited about using const...Jim McDonough1-1/+1
BOOL const secrets_init(...) Broke AIX build. (This used to be commit 37b6bf3aae4fd8ee3af7e5947b3e549dcef754cf)
2002-05-22Updates for sane storage of ldap root DN passwords (tested, with upgradeAndrew Bartlett2-44/+120
from 2.2 format) and LDAP rebind support (untested, I don't have a setup to match). Andrew Bartlett (This used to be commit 4f7ba78c9d50ac584497dcf1d78ce613112742d4)
2002-05-18so here it is the code to introduce seriously debugggging classes.Simo Sorce10-2/+48
this is a first step only passdb stuff has beein "classized". - so what can you do? set debug level to: 1 poasdb:10 that will make all the code run at debug level 1 except the code in passdb/* files that will run at level 10 TODO: fix the man page - also smbcontrol has this nice feature so smbcontrol smbd debug 3 passdb:5 will set every smbd to have a default log level of 3 while passdb stuff will be at level 5 and so no.. minor cosmetic fix to pdbedit is there too (This used to be commit be5c3b3f5781ddc002ffcc98df04ab024dcef4ca)
2002-05-18Remove const from some functions to match the changed prototype in aAndrew Bartlett2-10/+8
previous commit, and remove some unsued variables. Main change: Make sure to fill in the username when making a non-unix account from smbpasswd. (This used to be commit 7019486eacb72ca44c42ce620b8696bb29f12292)
2002-05-18Passdb:Andrew Bartlett2-44/+29
Kill off the silly code that attempts to do NT -> Unix username mapping. This is done well before here, no need to repeat it. Add some small fixes and extra debugs, trying to track down current build farm failures. pdb_unix: When 'updating' a pdb_unix account, instead add it to the default passdb. This means that you don't need to specify '-a' to smbpasswd any more when messing with an existing unix user, the account is simply 'upgraded'. The idea here is that these accounts are just as 'real' as any other, they just don't have the extra attributes an smbpasswd file does. I'm open for debate on the pdb_unix issue, and will remove it if given good reason. (without this, an attempt to add an account already in pdb_unix to smbpasswd would fail, as it would fail to update pdb_unix). rpc_server/srv_netlog_nt.c Change a couple of things around, so as to show the client workstation etc. WRONG_PASSWORD is certainly not the right default error. Try ACCESS_DENIED for now. Andrew Bartlett (This used to be commit d78b74b338df9accd9ad84c56a49fa4f787425e2)
2002-05-18A few things in this commit:Andrew Bartlett7-267/+465
cleanup some of the code in net_rpc_join re const warnings and fstrings. Passdb: Make the %u and %U substituions in passdb work. This is done by declaring these paramters to be 'const' and doing the substitution manually. I'm told this is us going full circle, but I can't really see a better way. Finally these things actually seem to work properly... Make the lanman code use the pdb's recorded values for homedir etc rather than the values from lp_*() Add code to set the plaintext password in the passdb, where it can decide how to store/set it. For use with a future 'ldap password change' option, or somthing like that... Add pdb_unix, so as to remove the 'not in passdb' special cases from the local_lookup_*() code. Quite small, as it uses the new 'struct passwd -> SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd) Other: Fix up the adding of [homes] at session setup time to actually pass the right string, that is the unix homedir, not the UNC path. Fix up [homes] so that for winbind users is picks the correct name. (bad interactions with the default domain code previously) Change the rpc_server/srv_lsa_nt.c code to match NT when for the SATUS_NONE_MAPPED reply: This was only being triggered on no queries, now it is on the 'no mappings' (ie all mappings failed). Checked against Win2k. Policy Question: Should SID -> unix_user.234/unix_group.364 be considered a mapping or not? Currently it isn't. Andrew Bartlett (This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34)
2002-05-17Make --with-ldapsam 'go away'. This is now a standard, stable, featureAndrew Bartlett1-3/+3
and there is no real reason for it to depend on more than the abilty to compile the code. (This used to be commit 64aaec137e39595e6e61b55eb525615683a1393c)
2002-05-17A few more trusted domains updates from mimir.Andrew Bartlett1-13/+34
I think we may still need to look at our server enumeration code, but other than that, its much better in the tree than out. Andrew Bartlett (This used to be commit d57a1b4629d12a0374cc6d74dfc6f5d4793fcef8)
2002-04-23Spelling fixes from vanceAndrew Bartlett1-6/+6
(This used to be commit 70c6f5fc6d3ec3121b29d1e46e7fd3933fbcce6b)
2002-04-14Partly based on the work by mimir (Rafal SzczesniakAndrew Bartlett1-9/+127
<mimir@diament.ists.pwr.wroc.pl>) this patch allows samba to correctly enumerate its trusted domains - by exaimining the keys in the secrets.tdb file. This patch has been tested with both NT4 and rpcclient/wbinfo, and adds some extra functionality to talloc and rpc_parse to allow it to deal with already unicode strings. Finally, this cleans up some const warnings that were in net_rpc.c by pushing another dash of const into the rpc client code. Andrew Bartlett (This used to be commit 0bdd94cb992b40942aaf2e5e0efd2868b4686296)
2002-04-13Fix the compile-bug in pdb_ldap from my last patch.Andrew Bartlett1-4/+4
Andrew Bartlett (This used to be commit 81eaa7924b7bd3a13d049bce7fe7a16ab9174364)
2002-04-13Better handling of uid/gid -> RID and RID -> uid/gid code.Andrew Bartlett5-78/+67
All uids and gids must create valid RIDs, becouse other code expects this, and can't handle the failure case. (ACL code in particular) Allow admins to adjust the base of the RID algorithm, so avoid clashes with users brought in from NT (for example). Put all the algorithm code back in one place, so that this change is global. Better coping with NULL sid pointers - but it still breaks a lot of stuff. BONUS: manpage entry for new paramater :-) counter based rids for normal users in tdbsam is disabled for the timebeing, idra and I will work out some things here soon I hope. Andrew Bartlett (This used to be commit 5275c94cdf0c64f347d4282f47088d084b1a7ea5)
2002-04-13This is the 'multiple pdb backends' patch from ctrlsoft, aka Jelmer VernooijAndrew Bartlett4-153/+251
<jelmer@nl.linux.org>. This patch also includes major rework of pdbedit to use popt, and the addition of -i paramter (allowing the user to specify which PDBs is being operated on) and -e to export a pdb - useful for backup and testing etc. Use of -i and -e gets us pdb2pdb functionality for transition between backends, much like the sam2sam in TNG. Andrew Bartlett (This used to be commit c10def37f506d3f2bab442418ac08fdb62659b02)
2002-04-11Much better support for both non-algorithic RIDs (where the RID is stored inAndrew Bartlett1-135/+130
the passdb) and RIDs not in the passdb, due to being NIS users etc. The main fix here is to add become_root()/unbecome_root() at critical places. This (finally) fixes the bug where you could not see local users's names in a file's security properties as non-root. Tested. The similar bug in uid_to_sid is also fixed, but is not (yet) Tested. Andrew Bartlett (This used to be commit 79327a305e20d78ab5ca21d01c39b5f49dc0d632)
2002-04-08Fix up major logic reversal flaws in pdb_ldap.Andrew Bartlett1-36/+70
WARNING: if you relied on these logic flaws, you will need to manually edit your ldap backend (for things like account expries etc). Now correctly retunes the information needed for 'must change at next login' support. (This used to be commit 26842f1ac051b030c1295b68244a1f9007d4eefb)
2002-04-05Fixed up admin user / guest user lookup.Jeremy Allison1-5/+8
Jeremy. (This used to be commit 28ef07424f19652fdfa4ee79f1c69e0004fa39fe)
2002-04-04Fixed memory leak in make_pdb_context_name()Tim Potter1-17/+25
Some reformatting and spelling fixes. (This used to be commit a0f7bbad11a0c0f1ecd930626289c5ff493b0f1d)
2002-04-02Fix from Stefan "metze" Metzmacher <metze@metzemix.de> to prevent usJeremy Allison1-0/+5
overwriting an old MACHINE.SID sid. Jeremy. (This used to be commit 896d4fac98460778f72378b084a76d5aab11462e)
2002-03-27Removed HAVE_LIBDL from most places (except system.c). Added checks forJeremy Allison1-12/+0
dlopen & friends into configure.in. This should help building on *BSD where dl*** calls are in libc. Jeremy (This used to be commit ac1baba35d7a399bf800ced49a4384e39955e3eb)
2002-03-23Minor fixes:Andrew Bartlett1-8/+13
- Fix warnings in loadparm.c - Remove the unused 'passdb modules path' paramater - Make pdb_ldap use $ termination rather than the workstation trust account flag becouse some 'machine' accounts appear as normal accounts at creation time. Also covers domains etc. Andrew Bartlett (This used to be commit 8c82a3daf777bcd4cd4388d30222e370fe800819)
2002-03-21Don't leak memory on failure.Andrew Bartlett1-1/+3
(This used to be commit 438f028fc45ee6c5b12fa960beabea4b5fdcff38)
2002-03-21Make sure to initaliase SAM_ACCOUNT pointers to NULL, otherwise pdb_init_sam()Andrew Bartlett1-3/+3
fails. Andrew Bartlett (This used to be commit 56009ffbaa00259d15f286248a7ab73c55371819)
2002-03-20Make ldapsam compile again.Andrew Bartlett1-20/+0
(This used to be commit 520c8626dc238a1e338635981d1b41950f2219b6)
2002-03-20Allow a zero rid in pdb_smbpasswd. When given a zero rid the pdb backendAndrew Bartlett1-1/+3
should chose the next available RID. For smbpasswd it just means using the algorithm, but other backends can do somthing more useful. Andrew Bartlett (This used to be commit 0f0f87e6c31b468368c5a4729db892622e616cac)
2002-03-19second step to gain free uid<->rid mappingSimo Sorce6-148/+117
we still need to free gid<->rid mapping and few other stuff (This used to be commit aa4b6f8181f34196a28951264dd8b631a5deef7f)
2002-03-18more verbose checking in talloc and util_pwSimo Sorce2-39/+60
fixed tdbsam memory corruption (and segfault) reducing calls to pdb_uid_to_user_rid and countrary to 0 to move to a non alghoritmic rid allocation with some passdb modules. (This used to be commit 9836af7cd623357feaec07bc49cfb78f0aa01fc3)
2002-03-18Start to switch away from the alghorithmic uid->rid mapping modelSimo Sorce5-29/+179
(This used to be commit 724390a8daabbecd236960562e0a50f62c6904f1)
2002-03-17Renamed get_nt_error_msg() to nt_errstr().Tim Potter1-1/+1
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
2002-03-13I don't need my name on this twice :-)Andrew Bartlett1-1/+0
(This used to be commit 764b99a3906d6299650f984860a586f37b18326d)