summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2001-05-04fixes from SimoGerald Carter2-213/+281
(This used to be commit 7703fbb30d9695b5a71ee0bcca9520bed4880bbd)
2001-05-02Had to add a "pam password change" parameter (defaults to "off") and inlinedJeremy Allison1-10/+11
the pam password change code to ensure that existing and working password chat scripts don't break with 2.2.1. PAM password changing has to be explicitly requested. Allowed wildcards in pam password change matching (matches password chat script matching). Had to add const (sorry Tim :-) to ms_fnmatch() to stop warnings. Don't worry - the const changes are isolated and don't cause any other warnings :-). Jeremy. (This used to be commit 47b4d82536c09bffe3a0d9917fa31d935f1be7d8)
2001-05-01Runtime check for broken PAM systems with no appdata_ptr support. ThisJeremy Allison1-2/+22
should eventually be an autoconf test with a #ifdef workaround. I *HATE* pam :-). Jeremy. (This used to be commit 52a9226a5aaa769e960619c2bd0a561dd9b0493d)
2001-05-01Stop coredump on pam password change with pam_pwdb.so module on error.Jeremy Allison1-1/+5
Jeremy. (This used to be commit d9b960b4a5997e4cd09e3da9ea4754cbae1e29b3)
2001-05-01Added Andrew Bartlett's fixes to my changes to his original patch (at theJeremy Allison2-3/+3
court of king caractacus, was just passing by... :-). Jeremy. (This used to be commit acc3e7a057ad7fb0c2fb1cafff0c623ec0524d04)
2001-05-01Allow pam code to compile on Solaris (which doesn't have ↵Jeremy Allison1-0/+5
PAM_AUTHTOK_RECOVER_ERR). Jeremy. (This used to be commit 6b2dd14205a4170c11067c4f851db11ab9154fce)
2001-04-30Fixing consts in pam code.Jeremy Allison1-2/+2
Jeremy. (This used to be commit c4d3df4f145dc28d1b285fad64c787cebb613e70)
2001-04-30Based on an original PAM patch by Andrew Bartlett, re-written by me toJeremy Allison1-124/+417
remove global static PAM variables, and to tidy up the PAM internals code. Now looks like the rest of Samba. Still needs testing. Jeremy. (This used to be commit 1648ac64a75de74d1a1575eb49cccc4f75488bfa)
2001-04-28- fixed some compiler warningsAndrew Tridgell1-2/+3
- fixed slprintf and vsprintf macros (This used to be commit c986a3c51e8cdbc1230edbe0f4a91138c4ada29d)
2001-04-28few cleanups to bring in line with 2.2Gerald Carter1-2/+0
(This used to be commit 0feaac00a1847af41464d4ce35821ff851cded9c)
2001-04-25converted the passdb smbpasswd implementation to using tallocGerald Carter2-330/+324
for memory allocation. This fixes a long standing seg fault (i knew i would get around to it one day :) ) Tested with NT4 and Win2k. Needs a little more testing with the "create the machine account on the fly" code for NT4. Simo, this is probably going to break the tdb passdb code. Can you look at that when you get a chance and see what you think? (This used to be commit 1c13110873e456748dc09fd51749f664643fe888)
2001-04-23Added "obey pam restrictions" parameter - default to "off".Jeremy Allison1-0/+17
Only set this to "on" if you know you have your PAM set up correctly..... NB. Doesn't apply to plaintext password authentication, which must use pam when compiled in. Jeremy. (This used to be commit 59aa99f3901d098b7afbe675021bda53b62ee496)
2001-04-23Fix more free twice bugs.Jeremy Allison1-2/+5
Jeremy. (This used to be commit 4db22afeed659a871a4a1f719d5fa1f2df07e24d)
2001-04-23Fix for bug in code for pam_session failure - pam_end called twice.Jeremy Allison1-12/+5
Jeremy. (This used to be commit c4048fcdb6ff3a890b69be8ef4832e9bd958cfec)
2001-04-23Added smb_ prefix to all Samba wrapper pam functions.Jeremy Allison2-50/+48
Fixed off by one bug using StrnCpy instead of strdup(). Jeremy. (This used to be commit d4b1c0be2e700c86a4338bb497777f97e3c960a7)
2001-04-22Commit of a modified version of Andrew Bartlett's patch that removes theJeremy Allison2-99/+101
horrid utmp hostname parameter - now uses the client name instead. Also tidies up some of the unencrypted password checking when PAM is compiled in. FIXME ! An pam_accountcheck() is being called even when smb encrypted passwords are negotiated. Is this the correct thing to do when winbindd is running ! This needs *SEVERE* testing.... Jeremy. (This used to be commit 071c799f479dd25efdb9c41745fc8f2beea7b568)
2001-04-20Oops. Typos.John Terpstra1-2/+2
(This used to be commit 44f96771c384b319290ab5e14cad6ba8f3fb5383)
2001-04-19Added error reporting to pam_session code.John Terpstra1-0/+19
(This used to be commit 72812e4cf199d804418dc52cc0b0ba683b8a2e5c)
2001-04-18merge from 2.2Andrew Tridgell2-8/+4
(This used to be commit f52a5014ee325f9d91f266f88eac51b6136a75b9)
2001-04-18patch from Steve Langasek <vorlon@netexpress.net> to make sure weJeremy Allison1-5/+11
don't use pam_setcred() if we haven't called pam_authenticate() Merge from 2.2 Jeremy. (This used to be commit 89589895e3adce75ecd6205547392326cf291543)
2001-04-13Updated with Andrew Bartlett patch.John Terpstra1-3/+30
(This used to be commit 02e84267f74b26bdf7f76c0fc9dbaecbc8574d58)
2001-04-12Merged John's changes.Jeremy Allison1-0/+2
Jeremy. (This used to be commit add847778bf458238bf2a1b14ab71b8cdfd7aec0)
2001-04-11Updating pampass from Samba-2.2 code tree. ===> JHTJohn Terpstra1-139/+87
(This used to be commit 88b6043b4e26c2771e0c444376b7017f5048baf8)
2001-04-10passdb/pass_check.c: Ensure second check is done only if given username is ↵Jeremy Allison1-62/+26
all in caps. rpc_server/srv_srvsvc_nt.c: Added "CONFIGFILE" arg to scripts so path to smb.conf is given. Jeremy. (This used to be commit 3c4c649951464be51541d5890afb997e3ecfcd23)
2001-04-10Added JohnT and Andrew Bartlett's PAM changes.Jeremy Allison2-134/+444
Jeremy. (This used to be commit ecd00e258c6fe4e8d90f48da74874e090dce4a40)
2001-04-08HEAD specific slprintf paranoia fixes.Jeremy Allison2-11/+11
Jeremy. (This used to be commit 61723c18f96a7b38cab0fcf545da7fb3640c5f7b)
2001-04-08Got "medieval on our ass" about adding the -1 to slprintf.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 94747b4639ed9b19f7d0fb896e43aa392a84989a)
2001-03-22New POSIX ACL mapping code. Works with UNIX permissions, now for testingJeremy Allison1-0/+6
with real ACLs... Jeremy. (This used to be commit 852b9e15ac245a593460cfff3f629d0333372e41)
2001-03-20Fix for crash when doing name lookup with a quoted string. Part ofJeremy Allison1-1/+11
lookup_name was expecting to be able to write to the string. Changed lookup_name to use const. Jeremy. (This used to be commit 80c18d88491f1148ade623e81c33f84ba4f952f3)
2001-03-19Added sys_dlopen/sys_dlsym/sys_dlclose.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 49f0e7e7143f82bce9dfd8b06e9e515bc0869ab7)
2001-03-18fixed unused variableAndrew Tridgell1-1/+1
(This used to be commit af62692e623429ca861905a0ac050b00a3bffdb0)
2001-03-14patches from Simo. Couple of snity thingsGerald Carter1-1/+3
(This used to be commit af3f2a30c657fc42171bbf7da2354bc4cc7b088d)
2001-03-11Remove "BYTE" - we already have uint8 - don't need more conflicts withJeremy Allison3-18/+18
system header files... Jeremy. (This used to be commit 31e0ce310ec38b3a3a05b344d6450d442c6be471)
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-5/+0
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
2001-03-02Merged JF's fixes into HEAD. These are for string parsing and SAMR fixes.Jeremy Allison3-6/+5
Jeremy. (This used to be commit c3a1904564175a7a5cf71e88540b96f7daa59730)
2001-02-14Merge of i18n fixes from appliance branch. Samba can now talk to a networkTim Potter1-3/+10
with a PDC that has international netbios name and domain name. There's still quite a bit of i18n stuff to fix though... (This used to be commit 79045bd72ace9144e7dd73785b1d10a71b0d15aa)
2001-02-08add pam_setcred() call to pam_auth(). Patch was submited last Oct.Gerald Carter1-0/+8
jerry (This used to be commit 57165d1578eefa270d5c0bd8697a774eb8cb06cf)
2001-01-15Fixes for POSIX ACLS. ACL merge code.Jeremy Allison1-2/+12
Jeremy. (This used to be commit 180e4a9cd05bcadb2f7c4c23d653724e867196f0)
2001-01-11Changes from APPLIANCE_HEAD:David O'Neill1-0/+2
testsuite/printing/psec.c - Use lock directory from smb.conf parameter when peeking at the ntdrivers.tdb file. source/rpc_parse/parse_sec.c - fix typo in debug message source/script/installbin.sh - create private directory as part of 'make install'. source/nsswitch/winbindd_cache.c source/nsswitch/winbindd_idmap.c source/passdb/secrets.c source/smbd/connection.c - always convert tdb key to unix code-page when generating. source/printing/nt_printing.c - always convert tdb key to unix code-page when generating. - don't prepend path to a filename that is NULL in add_a_printer_driver_3(). source/rpc_server/srv_spoolss_nt.c - always convert tdb key to unix code-page when generating. - don't prepend server name to a path/filename that is NULL in the fill_printer_driver_info functions. source/printing/printing.c - always convert tdb key to unix code-page when generating. - move access check for print_queue_purge() outside of job delete loop. source/smbd/unix_acls.c - fix for setting ACLs (this got missed earlier) source/lib/messages.c - trivial sync with appliance_head (This used to be commit 376601d17d53ef7bfaafa576bd770e554516e808)
2001-01-10Changes from APPLIANCE_HEAD:David O'Neill1-9/+31
source/include/proto.h source/param/loadparm.c source/passdb/passdb.c source/rpc_server/srv_samr.c - add support for "hide local users" option to HEAD. (This used to be commit 44dc339fe757b2b5578b30e74aad8c1b12c23f5f)
2000-12-12more fixes from Simo. Also fixed the password expiration fieldGerald Carter1-134/+59
in the tdbsam to never expire (we don't support this yet). jerry (This used to be commit 3b7d0fe7eb3a9275d2713d7b3325de0ab510ea62)
2000-12-09group rid assignment cut and paste errorGerald Carter1-2/+2
--jerry (This used to be commit bb48b02d5f2118470a415d5f1f92305688e6b432)
2000-12-06Cause smbd to use the new posix_acls code, not the old unix_acls code.Jeremy Allison1-0/+5
Currently does exactly the same thing (returns ACLs the same way). This code is written to try and get a POSIX ACL via the abstract sys_XX interface, then fall back to providing a UNIX based ACL if the calls fail. Seems to work. Next step is to add a --with-posix-acls to configure.in and then check on a POSIX ACL system that a complex ACL is returned correctly as an NT ACL. Note that the ACL set (a more complex problem) is not addressed yet. Jeremy. (This used to be commit 4339e20202a876dbadc07980b731f711463b7299)
2000-12-06updates to the tdbsam implementation.Gerald Carter3-37/+269
--jerry (This used to be commit 29b3ac8634769d01c20bf394eecc536a02e0f36c)
2000-11-27passdb/secrets.c passdb/smbpassfile.c smbd/server.c : Actually *use* the codeJeremy Allison2-30/+19
written to transition from an old DOMAIN.MACHINE.MAC file to secrets.tdb. printing/nt_printing.c: Fix case insensitive name lookups for driver files. John - this should fix the Win9x/WinME problem correctly. Jeremy. (This used to be commit 8f3332a9acf413ac5d12053ca5c52733a4e946cc)
2000-11-22o fixed logon script problems (wrong len in reply to net_sam_logon forGerald Carter2-3/+4
a few strings). I was the one who broke it obviously. o changed a few more defaults in the smbpasswd backend with respect to times. Now the logon time becomes '0' and the pass_can_change_time is set ot the same as pass_last_set_time o change Get_Pwnam() call in local_lookup_name to sys_getpwnam() as it did not seem necessary to try case permutations in the username. Tim, I think this was your code, so you might want to double check me. -- jerry (This used to be commit 37a665002c5cd7908c13d306f61af272a899dbc8)
2000-11-21Another large patch for the passdb rewrite.Gerald Carter5-746/+867
o added BOOL own_memory flag in SAM_ACCOUNT so we could use static memory for string pointer assignment or allocate a new string o added a reference TDB passdb backend. This is only a reference and should not be used in production because - RID's are generated using the same algorithm as with smbpasswd - a TDB can only have one key (w/o getting into problems) and we need three. Therefore the pdb_sam-getpwuid() and pdb_getsampwrid() functions are interative searches :-( we need transaction support, multiple indexes, and a nice open source DBM. The Berkeley DB (from sleepycat.com seems to fit this criteria now) o added a new parameter "private dir" as many places in the code were using lp_smb_passwd_file() and chopping off the filename part. This makes more sense to me and I will docuement it in the man pages o Ran through Insure-lite and corrected memory leaks. Need for a public flogging this time Jeremy (-: -- jerry (This used to be commit 4792029a2991bd84251d152a62b1033dec62cee2)
2000-11-14- fix "declaration of 'time' shadows global declaration" warning.David O'Neill1-12/+12
(This used to be commit 92ff07132b3834b469ad7bb73d6e714b175a12af)
2000-11-14Fixed the cut-n-paste bugs in the new passdb backend code that leaked memory.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 55c6acce26a26af68149865dafb42e5a03b497e0)
2000-11-13Large commit which restructures the local password storage API.Gerald Carter6-1422/+1835
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+) are broken, but they were somewhat broken before. :) The following functions implement the storage manipulation interface /*The following definitions come from passdb/pdb_smbpasswd.c */ BOOL pdb_setsampwent (BOOL update); void pdb_endsampwent (void); SAM_ACCOUNT* pdb_getsampwent (void); SAM_ACCOUNT* pdb_getsampwnam (char *username); SAM_ACCOUNT* pdb_getsampwuid (uid_t uid); SAM_ACCOUNT* pdb_getsampwrid (uint32 rid); BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass); BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override); BOOL pdb_delete_sam_account (char* username); There is also a host of pdb_set..() and pdb_get..() functions for manipulating SAM_ACCOUNT struct members. Note that the struct passdb_ops {} has gone away. Also notice that struct smb_passwd (formally in smb.h) has been moved to passdb/pdb_smbpasswd.c and is not accessed outisde of static internal functions in this file. All local password searches should make use of the the SAM_ACCOUNT struct and the previously mentioned functions. I'll write some documentation for this later. The next step is to fix the TDB passdb backend, then work on spliting the backends out into share libraries, and finally get the LDAP backend going. What works and may not: o domain logons from Win9x works o domain logons from WinNT 4 works o user and group enumeration as implemented by Tim works o file and print access works o changing password from Win9x & NT ummm...i'll fix this tonight :) If I broke anything else, just yell and I'll fix it. I think it should be fairly quite. -- jerry (This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)