summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2002-03-18more verbose checking in talloc and util_pwSimo Sorce2-39/+60
fixed tdbsam memory corruption (and segfault) reducing calls to pdb_uid_to_user_rid and countrary to 0 to move to a non alghoritmic rid allocation with some passdb modules. (This used to be commit 9836af7cd623357feaec07bc49cfb78f0aa01fc3)
2002-03-18Start to switch away from the alghorithmic uid->rid mapping modelSimo Sorce5-29/+179
(This used to be commit 724390a8daabbecd236960562e0a50f62c6904f1)
2002-03-17Renamed get_nt_error_msg() to nt_errstr().Tim Potter1-1/+1
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
2002-03-13I don't need my name on this twice :-)Andrew Bartlett1-1/+0
(This used to be commit 764b99a3906d6299650f984860a586f37b18326d)
2002-03-13Remove a stub function I forgot to fill in.Jeremy Allison1-6/+0
Jeremy. (This used to be commit d08cbcbc5d4fc3ec9554145de6b0b0a64dfbb8d1)
2002-03-12Removed unused var.Jeremy Allison1-1/+0
Jeremy. (This used to be commit 45bf5f6c050bbe69209a5c80141ef8e54354f5ea)
2002-03-12Ensure, if we're a PDC or BDC, that the SID stored for the domain nameJeremy Allison1-10/+70
and the machine name are identical. Jeremy. (This used to be commit 87e6b08964d13d6613342c9be21871a2e776e2e6)
2002-03-10rewrote the machine sid storage code to store the SID in secrets.tdbAndrew Tridgell1-208/+63
rather than MACHINE.SID. We try to load MACHINE.SID only if we can't fetch the SID from secrets.tdb This also fixes the value of global_sam_sid for the DC/non-DC case (This used to be commit bcd018f07c2e2c0aabdb4574d199d7f5f199a264)
2002-03-10make sure we use consistent keys in secrets.tdb by uppercasing domainAndrew Tridgell1-0/+4
names (This used to be commit 4cb7b6954b96e6964743e65413e122f7b4d39052)
2002-03-07Compile fixes for the pdb nisplus module.Tim Potter1-17/+27
(This used to be commit d4d2f3bd8922aa88f4940e5079f7157ea674b317)
2002-03-06Fix SIGSEGV on error message when trying to add a user to smbpasswd file ↵Jim McDonough1-1/+1
without a unix account. (This used to be commit 2fdd601f2efaf3515f0e4c30fa176651eb4bb387)
2002-03-02This patch merges my private LDAP tree into HEAD.Andrew Bartlett7-281/+692
The main change here is to move ldap into the new pluggable passdb subsystem and to take the LDAP location as a 'location' paramter on the 'passdb backend' line in the smb.conf. This is an LDAP URL, parsed by OpenLDAP where supported, and by hand where it isn't. It also adds the ldap user suffix and ldap machine suffix smb.conf options, so that machines added to the LDAP dir don't get mixed in with people. Non-unix account support is also added. This means that machines don't need to be in /etc/passwd or in nss_ldap's scope. This code has stood up well under my production environment, so it relitivly well tested. I'm commiting this now becouse others have shown interest in using it, and there is no point 'hording' the code :-). Andrew Bartlett (This used to be commit cd5234d7dd7309d88944b83d807c1f1c2ca0460a)
2002-03-02Fix up the trusted domains secrets code so as to have a slight chance ofAndrew Bartlett1-12/+10
working. (This used to be commit 4ecc170dcb84522135ddefb5f424cc756051a6d3)
2002-03-01merge from 2.2Gerald Carter1-2/+7
(This used to be commit 5b28a7c59c392c6352cb8915a13806ca772d8cac)
2002-03-01The beginning of trusted and trusting domain support fromAndrew Bartlett1-3/+89
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl> This adds the 'net' tools to manipulate the trusted domains. Andrew Bartlett (This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
2002-02-22made the domain secret key in secrets.tdb domain specific. This allowsAndrew Tridgell1-2/+14
you to join a 2nd domain then leave the old domain rather than the other way around (This used to be commit b26b6aef64e1042c9867a13761ded0c3c6f9670f)
2002-02-22Add the pdb_plugin module from Jelmer Vernooij <jelmer@nl.linux.org>.Andrew Bartlett2-3/+76
This allow the user to select 'passdb backend = plugin : /path/to/plugin.so : pluging args' And load any arbitary plugin. Apparently Jelmer has a mysql plugin in the works - hence this patch. We probably need to rework the interface a bit before 3.0 (add versioning of some kind) but this is a good start. Andrew Bartlett (This used to be commit d6d18b70f0c377344b0b3d9df5a11d209793bfe0)
2002-02-01update from 2.2Simo Sorce1-2/+3
(This used to be commit 8bb2a7446ed69020086aaedf2889795dd38ef9d4)
2002-01-30Back out herb's changes (to allow smbpasswd -x to work on accounts outsideAndrew Bartlett1-10/+9
/etc/passwd) and replace them with a version that works. Unfortunetly HEAD and 2.2 have different passdb interfaces and different local_password_change functions... Andrew Bartlett (This used to be commit 86d5326d0dc6a070dfeb24a5306a2b4404bfc0f1)
2002-01-30Removed version number from file header.Tim Potter10-18/+13
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-30merge change from @_2 to allow smbpasswd -x to delete user even if noHerb Lewis1-7/+10
entry in /etc/passwd. There are still differences in the local_password_change function. I'm not sure which was the latest so I didn't change any thing else. Someone needs to take a look and sync these up. (This used to be commit 539b025397e569796f2349d33438c2be469c8c69)
2002-01-26 - Provide sid->name lookup support for non-unix accounts.Andrew Bartlett1-13/+39
- Rework the name -> sid lookup function to always try local lookup first (for local domain names) before trying winbind. This seems to eliminate my winbind feedback loop problems. (I don't use winbind for nsswitch, where there are almost certainly further issues). Andrew Bartlett (This used to be commit 25cadce67bc8effd4248ab993ae78e1d8511d994)
2002-01-26local_lookup_name() doens't acutally use its 'domain' argument, so drop it andAndrew Bartlett1-5/+3
make its use clearer. (This used to be commit d1ea20cc2392f8ba4ac4241f9b5ec14489e49147)
2002-01-26fix typoAndrew Bartlett1-1/+1
(This used to be commit 8ffc024ebc73dee32a9dfc1873e824c996205475)
2002-01-26Add some information tidbits to an error DEBUG().Andrew Bartlett1-1/+1
(This used to be commit 3db417c2ebfda0d5872dee39e36edc4fb6299b9a)
2002-01-25Passdb changes:Andrew Bartlett3-11/+30
Modules now name themselves, which should allow for sane behaviour when we get an 'extern' passdb module (which in turn loads a .so). Fix up tdbsam for non-unix-accounts. Not sure if this fixes idra's bug, but its a start... Andrew Bartlett (This used to be commit 7d576d89d7b4a7b95e87a844568d7d7cd89f0542)
2002-01-23getpwnam -> getpwnam_alloc.Andrew Bartlett3-4/+11
idra has promised not to revert these this time :-) (This used to be commit f556ad67e82518f5a024ffe9184ff9430ab5c541)
2002-01-21getpwnam_alloc -> getpwnamSimo Sorce1-9/+8
same reason as per pdb_tdb.c there isn't (and will never be probably) another call to any getpw* fn, let's use getpwnam_alloc only when needed. (This used to be commit f12361b1327306e6a3fcf8ff138413ad9a6c69a3)
2002-01-21hmm, get it right this time.Simo Sorce1-1/+1
(This used to be commit 57a145bff6b382e6dc9a9af96451175d81462c8d)
2002-01-21fix also the comment.Simo Sorce1-2/+5
(This used to be commit 7f7a15e09a53a03dd423d40201f037f8da049cd7)
2002-01-21replace getpwnam_alloc with plain getpwnam.Simo Sorce1-2/+1
We are not going to reuse any getpw* call, so the extra alloc,copy and free only uses extra memory and extra cpu time for nothing. (This used to be commit 5c0bb0487bec00df494b72b64ddf274f42bfefea)
2002-01-21getpwnam -> getpwnam_allocAndrew Bartlett1-2/+3
(This used to be commit 59905d44e51d83f2d4a7b6844e0ae764e0b35c0c)
2002-01-20Inititialise the gid to what standard_sub_advanced wants for 'no value'.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit a96503475d9c1d91c2dfcdebb4f60183432d9aff)
2002-01-20fixes from 2.2Simo Sorce1-93/+127
(This used to be commit e8a891354d307b2352eac375b9be02d7616cdb61)
2002-01-20This is another *BIG* change...Andrew Bartlett6-439/+992
Samba now features a pluggable passdb interface, along the same lines as the one in use in the auth subsystem. In this case, only one backend may be active at a time by the 'normal' interface, and only one backend per passdb_context is permitted outside that. This pluggable interface is designed to allow any number of passdb backends to be compiled in, with the selection at runtime. The 'passdb backend' paramater has been created (and documented!) to support this. As such, configure has been modfied to allow (for example) --with-ldap and the old smbpasswd to be selected at the same time. This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua. These two backends accept 'non unix accounts', where the user does *not* exist in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to avoid conflicts in the algroitmic mapping of RIDs, they use the values specified in the 'non unix account range' paramter - in the same way as the winbind ranges are specifed. While I was at it, I cleaned up some of the code in pdb_tdb (code copied directly from smbpasswd and not really considered properly). Most of this was to do with % macro expansion on stored data. It isn't easy to get the macros into the tdb, and the first password change will 'expand' them. tdbsam needs to use a similar system to pdb_ldap in this regard. This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I don't have the test facilities for these. I plan to incoroprate at least pdb_ldap into this scheme after consultation with Jerry. Each (converted) passdb module now no longer has any 'static' variables, and only exports 1 init function outside its .c file. The non-unix-account support in this patch has been proven! It is now possible to join a win2k machine to a Samba PDC without an account in /etc/passwd! Other changes: Minor interface adjustments: pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*. pdb_update_sam_account() no longer takes the 'override' argument that was being ignored so often (every other passdb backend). Extra checks have been added in some places. Minor code changes: smbpasswd no longer attempts to initialise the passdb at startup, this is now done on first use. pdbedit has lost some of its 'machine account' logic, as this behaviour is now controlled by the passdb subsystem directly. The samr subsystem no longer calls 'local password change', but does the pdb interactions directly. This allow the ACB_ flags specifed to be transferred direct to the backend, without interference. Doco: I've updated the doco to reflect some of the changes, and removed some paramters no longer applicable to HEAD. (This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20Kill off another ugly wart from the side of the passdb subsystem.Andrew Bartlett1-33/+0
This time its the pdb_getsampwuid() function - which was only being used by the SAMR rpc subsystem to gain a 'user session key'. This 'user session key' is actually generated at login time, and the other changes here simply move that data around. This also means that (when I check some details) we will be able to use the user session key, even when we are not actually the DC, becouse its one of the components of the info3 struct returned on logon. Andrew Bartlett (This used to be commit 799ac01fe08a338e4e94289f5d6767ebf905c1fa)
2002-01-20Fix up an embarrsing bug I introduced when I moved the id21/id23 -> SAM_ACCOUNTAndrew Bartlett1-20/+40
conversion across to the pdb_set...() interface. Now we only set strings that are non-null. This allows Win2k to join the domain again, particularly when using tdbsam. Andrew Bartlett (This used to be commit 6d0b3d051f8f74ea6235173a89e96f5934aff4f3)
2002-01-19fixes (asprintf) from 2.2Simo Sorce1-6/+6
(This used to be commit 6b123adda901ff05b0271eeda060297448f64eec)
2002-01-17A nice *big* change to the fundemental way we do things.Andrew Bartlett4-12/+27
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps them around for a long time - often past the next call... This adds a getpwnam_alloc and a getpwuid_alloc to the collection. These function as expected, returning a malloced structure that can be free()ed with passwd_free(&passwd). This patch also cuts down on the number of calls to getpwnam - mostly by taking advantage of the fact that the passdb interface is already case-insensiteve. With this patch most of the recursive cases have been removed (that I know of) and the problems are reduced further by not using the sys_ interface in the new code. This means that pointers to the cache won't be affected. (This is a tempoary HACK, I intend to kill the password cache entirly). The only change I'm a little worried about is the change to rpc_server/srv_samr_nt.c for private groups. In this case we are getting groups from the new group mapping DB. Do we still need to check for private groups? I've toned down the check to a case sensitve match with the new code, but we might be able to kill it entirly. I've also added a make_modifyable_passwd() function, that copies a passwd struct into the form that the old sys_getpw* code provided. As far as I can tell this is only actually used in the pass_check.c crazies, where I moved the final 'special case' for shadow passwords (out of _Get_Pwnam()). The matching case for getpwent() is dealt with already, in lib/util_getent.c Also included in here is a small change to register the [homes] share at vuid creation rather than just in one varient of the session setup. (This picks up the SPNEGO cases). The home directory is now stored on the vuid, and I am hoping this might provide a saner way to do %H substitions. TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change the remaining sys_getpwnam() callers to use getpwnam_alloc() and move Get_Pwnam to return an allocated struct. Andrew Bartlett (This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
2002-01-15For some reason I wasn't thinking about failure cases this morning...Andrew Bartlett1-0/+72
Anyway, this makes it slightly sane, but we may decide to smb_panic() here instead. Andrew Bartlett (This used to be commit 724109a33bf2f06bcb97cdd31c0442c6035ff6a6)
2002-01-15Add constness to parametersMartin Pool1-1/+1
(This used to be commit e0105974c06e210e7565555d4b673c484de32907)
2002-01-15Commit the auth associated changes I missed from the last commit.Andrew Bartlett2-0/+16
Also set the default value of all the allocated strings to "" to avoid changing the interface (becouse pdb_get...() would point to a null string, rather than a null pointer and parts of samba rely on that). Andrew Bartlett (This used to be commit 5b4079f748e25f21162e21b439063249baf8dca6)
2002-01-15Change the passdb interface to use allocated strings.Andrew Bartlett3-114/+161
These strings are allocated using talloc(), either using its own memory context stored on the SAM_ACCOUNT or one supplied by the caller. The pdb_init_sam() and pdb_free_sam() function have been modifed so that a call to pdb_free_sam() will either clean up (remove hashes from memory) and destroy the TALLOC_CTX or just clean up depending on who supplied it. The pdb_init_sam and pdb_free_sam functions now also return an NTSTATUS, and I have modified the 3 places that actually checked these returns. The only nasty thing about this patch is the small measure needed to maintin interface compatability - strings set to NULL are actually set to "". This is becouse there are too many places in Samba that do strlen() on these strings without checking if they are NULL pointers. A supp patch will follow to set all strings to "" in pdb_default_sam(). Andrew Bartlett (This used to be commit 144345b41d39a6f68d01f62b7aee64ca0d328085)
2002-01-12Move all the pdb_get...() and pdb_set...() functions to a new file.Andrew Bartlett2-798/+825
This brings passdb.c down to a much more manageable ~1100 lines and makes it a little easier to comprehend whats going on here. Andrew Bartlett (This used to be commit 28d5ab269cfba5e8410163edb3e0c222ed7f0be1)
2002-01-09Fixed up atomic update code.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 274b04d4a6123fbfe363afc214e908ab36c7e8a7)
2002-01-02fixing compile errorGerald Carter1-4/+4
(This used to be commit 999a2f5c847c6a4336df60807e2fb546a2a4894f)
2002-01-02We should be SHLD not LINK when creating shared libraries.Jeremy Allison1-2/+2
Tidyup in passdb.c Jeremy. (This used to be commit 676eea502a1bb2114a6e8055ecaf97ecab2e3a91)
2002-01-02We go to a lot of effort to avoid strcpy() in Samba, but its not much use ifAndrew Bartlett1-12/+12
people start doing using strlen(src) in strncpy() :-) This occured when the talloc based passdb was reverted in favor of a pstring based one. In the talloc version this was fine, becouse the buffer was strlen(src) bytes long. This no longer applies... This doesn't seem to have broken anything, but I'm chasing up an oddity with NT password changing from the last merge. Test & MERGE for 2.2.3 Andrew Bartlett (This used to be commit 673ece2841e8b60966a17ece3591f9f202807332)
2002-01-02Actually enforce the passdb API.Andrew Bartlett4-189/+264
Thou shalt not reference SAM_ACCOUNT members directly - always use pdb_get/pdb_set. This is achived by making the whole of SAM_ACCOUNT have a .private member, where the real members live. This caught a pile of examples, and these have beeen fixed. The pdb_get..() functions are 'const' (have been for some time) and this required a few small changes to constify other functions. I've also added some debugs to the pdb get and set, they can be removed if requested. I've rewritten the copy_id2x_to_sam_pass() functions to use the new passdb interface, but I need the flags info to do it properly. The pdb_free_sam() funciton now blanks out the LM and NT hashes, and as such I have removed many extra 'samr_clear_sam_passwd(smbpass)' calls as a result. Finally, any and all testing is always appriciated - but the basics seem to work. Andrew Bartlett (This used to be commit d3dd28f6c443187b8d820d5a39c7c5b3be2fa95c)
2001-12-31ops, froget to set the values.Simo Sorce1-1/+7
jerry, can you look at theis where we use standard_sub_advanced() fns? I think this structure should be backported to 2.2 because we do not know if the SAM_ACCOUNT strings have enough space to contain the "substituted" string. (Yes, just now we know they are pstrings, but we may change them into alloced one, I'm a strong suported of alloced strings as 1024 bytes are not always enough and are often too much) (This used to be commit 29b3b5e9292805aa65e887755567abd50f74e5cb)