summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2004-03-18Password lockout for LDAP backend. Caches autolock flag, bad count, andJim McDonough2-1/+294
bad time locally, updating the directory only for hitting the policy limit or resetting. This needed to be done at the passdb level rather than auth, because some of the functions need to be supported from tools such as pdbedit. It was done at the LDAP backend level instead of generically after discussion, because of the complexity of inserting it at a higher level. The login cache read/write/delete is outside of the ldap backend, so it could easily be called by other backends. tdbsam won't call it for obvious reasons, and authors of other backends need to decide if they want to implement it. (This used to be commit 2a679cbc87a2a9111e9e6cdebbb62dec0ab3a0c0)
2004-03-11Get MungedDial actually working with full TS strings in it for pdb_ldap.Jim McDonough1-35/+35
I know this isn't pretty, but neither was our assumption that all strings from the directory fit inside a pstring. There was no way this worked before will all versions of usrmgr (for example, the only version of mine that has the TS Confic button). (This used to be commit d275c0e384db08c2a6efc28e52844f676ff71fb6)
2004-03-07Get us a little closer to Windows LSA semantics.Volker Lendecke1-10/+1
A windows DC does not reply to DCNAME\\Administrator, only to DOMAIN\\Administrator. Fix that. Without winbind we are wrong as domain members, we should forward the request DOMAIN\\Username to the DC on behalf of the asking client. Winbind fixes that nicely. Volker (This used to be commit 7ed61edbbedbdee25f750aa30c13479764aa1af2)
2004-02-26And another little constVolker Lendecke1-1/+1
(This used to be commit f6bb3304fc5ef298a921b9ee5ad2f6444b0e72bc)
2004-02-25Fix bug in previous global_sam_sid() commit. I broke the 'read fromAndrew Bartlett1-1/+0
MACHINE.SID' file functionality. Also, before we print out the results of 'net getlocalsid' and 'net getdomainsid', ensure we have tried to read that file, or have generated one. Andrew Bartlett (This used to be commit 191b43159e7358541be9a3deac8c447885145442)
2004-02-25I *hate* global variables...Andrew Bartlett2-31/+45
OK, what was happening here was that we would invalidate global_sam_sid when we set the sid into secrets.tdb, to force a re-read. The problem was, we would do *two* writes into the TDB, and the second one (in the PDC/BDC case) would be of a NULL pointer. This caused smbd startups to fail, on a blank TDB. By using a local variable in the pdb_generate_sam_sid() code, we avoid this particular trap. I've also added better debugging for the case where this all matters, which is particularly for LDAP, where it finds out a domain SID from the sambaDomain object. Andrew Bartlett (This used to be commit 86ad04d26d3065a99b08afaaf2914968a9e701c5)
2004-02-23Found by Fabien Chevalier <fabien.chevalier@supelec.fr> andAndrew Bartlett1-1/+1
JustFillBug <mozbugbox@yahoo.com.au> on the Samba lists - a 'max password age' of zero should be considered as 'never expire'. For the timebeing we just set it like -1, but we might revisit this for closer-to-ms behaviour. Andrew Bartlett (This used to be commit 9ffc490fce215dcaed8ebfc1db85f5017a692ca4)
2004-02-20handle both 0 and -1 as disabling reset count and lockout durationJim McDonough1-4/+4
(This used to be commit 84fe24e64ee405bb25878c1e5fdf50592eb75f73)
2004-02-19Clean up bad pw count and autolock flag update fn()sJim McDonough1-79/+95
(This used to be commit 9a79f9fbcb43085e419dbccd670a54256d01cb4b)
2004-02-19Add bad pw count and autolock flag update fn()sJim McDonough1-2/+127
(This used to be commit 600fcd534b6e101b6a12774946b0e9814c6f54a8)
2004-02-19Add functions to get/set bad password timeJim McDonough2-1/+21
(This used to be commit 557f598c63f64c1c5b982a9057c0eea2a2ff2ee5)
2004-02-13Move tdbsam versioning/upgrade code into 3.0Jim McDonough2-28/+620
(This used to be commit 730c07cac2166812f4a2da5cfba7152d168b2bdd)
2004-02-12Try to remove the last vestiges of unknown_3...Jim McDonough5-14/+1
Jelmer, can you look at the sql and xml backends please to verify? (This used to be commit b7706f7e258516d83646aca8c367508bc1c8f0dd)
2004-02-12abartlet's pdb_set/changed flag fix for NULL passwordsGerald Carter1-6/+4
(This used to be commit cfe80f0df7ecfa6c689b03b9bed80ea80701a4c1)
2004-02-12stupid cut-n=paste error; my faultGerald Carter1-2/+2
(This used to be commit ee8f142b874a5bd365e59f68fb48ff3fec82fcda)
2004-02-12More sync between passdb on 3.0 and HEAD.Jim McDonough2-11/+18
Replace unknown_3 with fields_present. Also causes rpc_samr structure field changes. (This used to be commit 1976843345efb6ca4f9cebd964a61acd8ae11d41)
2004-02-12Start of merging HEAD changes. Right now, just move one fn() to eliminateJim McDonough1-67/+63
the prototype at the beginning, and change some comments so diffs to HEAD aren't filled with useless info. (This used to be commit 7b40f6c464ecbd40ab3fdf32b53da1e61475d2e7)
2004-02-12updates for tdbsam code to help make merge into head easier; needs a bit ↵Gerald Carter1-46/+53
more testing tomorrow but initial results seem ok (This used to be commit daee8d7feee4a08d6c204e2de3f346b6d10640e6)
2004-02-11Don't set an iterator to a piece of free'd memory, store it first.Jeremy Allison1-2/+3
Jeremy. (This used to be commit e914230a2d1a7b515bd7859d655d6555b7d3e67e)
2004-02-11fix set/getsampwent iterator in tdbsam to use an allocated listGerald Carter1-44/+101
(This used to be commit 8734d91cd7681219f1389e3c41979028eadbb7fe)
2004-02-09And another build fix.Volker Lendecke1-2/+2
Volker (This used to be commit 6c78a096a5c4a8ae21e846505f6ac2df826d5cbd)
2004-02-09Fix the build & get rid of a compiler warning.Volker Lendecke2-1/+4
Volker (This used to be commit 38c9b775ce029e1d480d89d4adb0d1bd45a28fe6)
2004-02-08When we set a domain sid, force get_global_sam_sid() to do it's work again.Andrew Bartlett2-1/+14
This should ensure that the value it returns is always consistant. Andrew Bartlett (This used to be commit a4392ede33019b7584bf6a2d8445adb5191e640f)
2004-02-08Add static, and assert that we will never overflow the static fstringAndrew Bartlett1-1/+4
in pdb_encode_acct_ctrl() (All current callers are fine) Andrew Bartlett (This used to be commit 01be89eb438567cfe0a002a247fe2d314b01f9da)
2004-02-08Make more functions static, and remove duplication in the use of functionsAndrew Bartlett1-3/+14
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c (These should perhaps be pulled back out to smbpasswd.c, but that can occour later). Andrew Bartlett (This used to be commit fcdc5efb1e245c8fa95cd031f67ec56093b9056e)
2004-02-04move disabling code to context functions instead of backwards compatible ↵Gerald Carter1-28/+28
wrappers (This used to be commit e62ef2ba2d73f492d879af4d06b223f8e739dc6c)
2004-02-04Fix const warningAndrew Bartlett1-2/+2
(This used to be commit 7a36cc4ac0ff4d9c42eb9ddaf41bf33b4e8cd7c6)
2004-01-30If we are setting the NT or LM password to NULL, remove the attributeAndrew Bartlett1-17/+31
rather than writing XXXXX Andrew Bartlett (This used to be commit ab7dd748a98361ac9c1c3ca52e9a97aee3f93e6f)
2004-01-30disable any account that doesn't have a password and doesn't had the ↵Gerald Carter1-6/+12
ACB_PWNOTREQ bit set (This used to be commit 52bf070b10ca99be7e4b9d1b5e32f69d2667d8f4)
2004-01-29more initialization fixesGerald Carter1-0/+22
(This used to be commit 9e590d603547ef1e8388bea66eb5d44e4dfd6412)
2004-01-29initialization fixesGerald Carter2-2/+51
(This used to be commit 54fd3992c385fd6208c061131b2c98e448baf2c2)
2004-01-07Typo fix.Rafal Szczesniak1-1/+1
rafal (This used to be commit 5d7f81eea2f3d9ba59eb549a45de030b0a277263)
2004-01-07Don't duplicate pulling the 'IPC' username from secrets.tdb, insteadAndrew Bartlett1-1/+39
just use one function for both places. Andrew Bartlett (This used to be commit 85da181e8a0ade839f6d595fabdf4cea606f82e1)
2004-01-06isolate ldap debug messages to the common smbldap_XXX() functionsGerald Carter1-3/+0
(This used to be commit 7d7a262f45182e67daecdca49df85445c2b9700a)
2004-01-04- Put functions for generating SQL queries in pdb_sql.cJelmer Vernooij3-501/+1008
- Add pgSQL backend (based on patch by Hamish Friedlander) - Use query generate functions from pdb_mysql and pdb_pgsql - Only pdb_pgsql.c needs to be changed whenever the fields in SAM_ACCOUNT change (This used to be commit 65ad2c02fd2bf36d535c279ad290ab81e39f6816)
2004-01-02JHT came up with a nasty (broken) torture case in preparing examples forAndrew Bartlett1-1/+1
his book. This prompted me to look at the code that reads the unix group list. This code did a lot of name -> uid -> name -> sid translations, which caused problems. Instead, we now do just name->sid I also cleaned up some interfaces, and client tools. Andrew Bartlett (This used to be commit f9e59f8bc06fae7e5c8cb0980947f78942dc25c0)
2003-12-26Check the return value of string_to_sid in a few more places. (ButAndrew Bartlett1-2/+10
string_to_sid also needs to be less permissive on what it thinks are valid sids...) Andrew Bartlett (This used to be commit 9080c30de8aa96ed3b9b121ca111f1632572754e)
2003-12-26Show the error message for failure to set the ldap password.Andrew Bartlett1-2/+8
(For 'ldap password sync = yes') Andrew Bartlett (This used to be commit 5b682aef678cc9ee135852d7ee6b8c159902fab7)
2003-12-22add well known rid for pre win2k compatible access group; bug 897Gerald Carter1-0/+1
(This used to be commit 33a1a374ebb44c839d995d11e1229767fc679678)
2003-12-22Patch from Jianliang Lu j.lu@tiesse.com to manage Power UsersJeremy Allison1-0/+1
group. Jeremy. (This used to be commit 72252fb0b207205d41a2ec50f6d364bf0bb21747)
2003-12-11Fix uninitialized variable in passdb code. Reported by Andy Polyakov ↵Alexander Bokovoy1-1/+1
<appro@fy.chalmers.se> (This used to be commit ac7a60abf2c465b518a3eb7502fa8eee767c8b22)
2003-12-10more group lookup access fixes on the neverending bug 281Gerald Carter1-6/+16
(This used to be commit 9359a6ea80d1228e87ea825a100a2d289c37162d)
2003-12-04support munged dial for ldapsam; patch from Aurélien Degrémont; bug 800Gerald Carter1-3/+15
(This used to be commit 1c3c16abc94d197e69e3350de1e5cc1e99be4322)
2003-12-01another strequal() == 0 fixGerald Carter1-1/+1
(This used to be commit 464b410734c46bc55f2427e99ecf61bad7e3b244)
2003-12-01add Replicator and RAS Servers to list of builtin SIDs we resolve; bug 608Gerald Carter1-0/+2
(This used to be commit 4bc58129e073973620aed1bfb161ee83c1863f81)
2003-11-24more access fixes for group enumeration in LDAP; bug 281Gerald Carter1-3/+14
(This used to be commit 68283407e0f366d8315f4be6caed67eb6fe84b85)
2003-11-17* make sure we only enumerate group mapping entriesGerald Carter1-14/+0
(not /etc/group) even when doing local aliases * remove "hide local users" parameter; we have this behavior built into 3.0 (This used to be commit a7685a069766ac720f0b26fe01b0e17fc388fca3)
2003-11-14fix more memory leaks in the LDAP backend code; patches from metzeGerald Carter1-22/+38
(This used to be commit e079c8842a24ff4f50483bea8ca6b11db4b2dc99)
2003-11-07* only install swat html files onceGerald Carter1-1/+4
* revert the change that prevent the guest account from being added to a passdb backend since it broke the build farm. * apply patch from Alex Deiter to fix the "smbldap_open: cannot access when not root error" messages when looking up group information (bug 281) (This used to be commit 9b8bf6a950186bd95abe952af4a7d35829b34ff8)
2003-11-07fix for bug 680 (heads up). This gist is to map theGerald Carter1-5/+17
UNIX entity foo to DOMAIN\foo instead of SERVER\foo on members of a Samba domain when all UNIX accounts are shared via NIS, et. al. * allow winbindd to match local accounts to domain SID when 'winbind trusted domains only = yes' * remove code in idmap_ldap that searches the user suffix and group suffix. It's not needed and provides inconsistent functionality from the tdb backend. This has been tested. I'm still waiting on some more feedback but This needs to be in 3.0.1pre2 for widespread use. (This used to be commit ee272414e9965d7d550ba91d4e83997134dd51e6)