summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2000-12-09group rid assignment cut and paste errorGerald Carter1-2/+2
--jerry (This used to be commit bb48b02d5f2118470a415d5f1f92305688e6b432)
2000-12-06Cause smbd to use the new posix_acls code, not the old unix_acls code.Jeremy Allison1-0/+5
Currently does exactly the same thing (returns ACLs the same way). This code is written to try and get a POSIX ACL via the abstract sys_XX interface, then fall back to providing a UNIX based ACL if the calls fail. Seems to work. Next step is to add a --with-posix-acls to configure.in and then check on a POSIX ACL system that a complex ACL is returned correctly as an NT ACL. Note that the ACL set (a more complex problem) is not addressed yet. Jeremy. (This used to be commit 4339e20202a876dbadc07980b731f711463b7299)
2000-12-06updates to the tdbsam implementation.Gerald Carter3-37/+269
--jerry (This used to be commit 29b3ac8634769d01c20bf394eecc536a02e0f36c)
2000-11-27passdb/secrets.c passdb/smbpassfile.c smbd/server.c : Actually *use* the codeJeremy Allison2-30/+19
written to transition from an old DOMAIN.MACHINE.MAC file to secrets.tdb. printing/nt_printing.c: Fix case insensitive name lookups for driver files. John - this should fix the Win9x/WinME problem correctly. Jeremy. (This used to be commit 8f3332a9acf413ac5d12053ca5c52733a4e946cc)
2000-11-22o fixed logon script problems (wrong len in reply to net_sam_logon forGerald Carter2-3/+4
a few strings). I was the one who broke it obviously. o changed a few more defaults in the smbpasswd backend with respect to times. Now the logon time becomes '0' and the pass_can_change_time is set ot the same as pass_last_set_time o change Get_Pwnam() call in local_lookup_name to sys_getpwnam() as it did not seem necessary to try case permutations in the username. Tim, I think this was your code, so you might want to double check me. -- jerry (This used to be commit 37a665002c5cd7908c13d306f61af272a899dbc8)
2000-11-21Another large patch for the passdb rewrite.Gerald Carter5-746/+867
o added BOOL own_memory flag in SAM_ACCOUNT so we could use static memory for string pointer assignment or allocate a new string o added a reference TDB passdb backend. This is only a reference and should not be used in production because - RID's are generated using the same algorithm as with smbpasswd - a TDB can only have one key (w/o getting into problems) and we need three. Therefore the pdb_sam-getpwuid() and pdb_getsampwrid() functions are interative searches :-( we need transaction support, multiple indexes, and a nice open source DBM. The Berkeley DB (from sleepycat.com seems to fit this criteria now) o added a new parameter "private dir" as many places in the code were using lp_smb_passwd_file() and chopping off the filename part. This makes more sense to me and I will docuement it in the man pages o Ran through Insure-lite and corrected memory leaks. Need for a public flogging this time Jeremy (-: -- jerry (This used to be commit 4792029a2991bd84251d152a62b1033dec62cee2)
2000-11-14- fix "declaration of 'time' shadows global declaration" warning.David O'Neill1-12/+12
(This used to be commit 92ff07132b3834b469ad7bb73d6e714b175a12af)
2000-11-14Fixed the cut-n-paste bugs in the new passdb backend code that leaked memory.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 55c6acce26a26af68149865dafb42e5a03b497e0)
2000-11-13Large commit which restructures the local password storage API.Gerald Carter6-1422/+1835
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+) are broken, but they were somewhat broken before. :) The following functions implement the storage manipulation interface /*The following definitions come from passdb/pdb_smbpasswd.c */ BOOL pdb_setsampwent (BOOL update); void pdb_endsampwent (void); SAM_ACCOUNT* pdb_getsampwent (void); SAM_ACCOUNT* pdb_getsampwnam (char *username); SAM_ACCOUNT* pdb_getsampwuid (uid_t uid); SAM_ACCOUNT* pdb_getsampwrid (uint32 rid); BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass); BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override); BOOL pdb_delete_sam_account (char* username); There is also a host of pdb_set..() and pdb_get..() functions for manipulating SAM_ACCOUNT struct members. Note that the struct passdb_ops {} has gone away. Also notice that struct smb_passwd (formally in smb.h) has been moved to passdb/pdb_smbpasswd.c and is not accessed outisde of static internal functions in this file. All local password searches should make use of the the SAM_ACCOUNT struct and the previously mentioned functions. I'll write some documentation for this later. The next step is to fix the TDB passdb backend, then work on spliting the backends out into share libraries, and finally get the LDAP backend going. What works and may not: o domain logons from Win9x works o domain logons from WinNT 4 works o user and group enumeration as implemented by Tim works o file and print access works o changing password from Win9x & NT ummm...i'll fix this tonight :) If I broke anything else, just yell and I'll fix it. I think it should be fairly quite. -- jerry (This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
2000-10-26TDB password backend support written by Simo Sorce <simo.sorce@polimi.it>Gerald Carter2-0/+598
Marked as an experimental compile time option (defaults to off) for now. jerry (This used to be commit 0435af4417b876c2ea1dd4591ae7647784c28e30)
2000-10-13last part of W2K support.Jean-François Micouleau1-1/+0
the trust domain list reply on netlogon pipe was wrong, interim hack until we have full trust relationships. changed some unistr2 to parse the ending NULL char. added a prs_align_needed() function. much like a prs_align but with a condition. needed for the unistr2 parsing. J.F. (This used to be commit d8bf81553c17d9ee3419d8150b96119ebb0b8fa9)
2000-10-07added samr_set_user_info and info_2.Jean-François Micouleau1-0/+209
cleanup of create_user cleanup of rid/sid mix in samr. now we only have sid. some prs_align() missing in parse_samr.c a small debug change in srv_pipe.c You still can't change a user's password in this commit. Will be availble in the next one. J.F. (This used to be commit b655bc281fa183b1827a946ada1fcf500fb93aea)
2000-09-28Removed a line by mistake...Jeremy Allison1-0/+1
Jeremy. (This used to be commit dcbdff7a4d6442ca8f9e1aa6fcf65c196c2f22bf)
2000-09-28Added comment on JF's new code. Removed ifdef in passdb/smbpass.c as thisJeremy Allison1-7/+0
was not correct. Jeremy. (This used to be commit 1a3f7ecde2ca031b2f93a079f75822354fe241a0)
2000-09-28fixed samr_create_user(). we now correctly parse the query and the reply.Jean-François Micouleau2-1/+9
And we create the disabled account. That means we can create user and trust accounts remotely ! ifdef out a return in passdb/smbpass.c. I think I didn't break any security. Jeremy could you check if I didn't make any mistakes ??? J.F. (This used to be commit 416be1b64f366c8b859f25856fce2467ec0446d9)
2000-08-23Added code to do SID to uid/gid conversion. Needed for ACL support.Jeremy Allison1-2/+73
Jeremy. (This used to be commit 81c5380f91839b6416c8a42739dadf00e7388528)
2000-08-02Started to canonicalize our handling of uid -> sid code in order toJeremy Allison1-64/+22
get ready and fix se_access_check(). Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid() functions that look via winbind first the fall back on local lookup. All Samba should use these rather than trying to call winbindd code directly. Added NT_USER_TOKEN struct in user_struct, contains list of NT sids associated with this user. se_access_check() should use this (cached) value rather than attempting to do the same thing itself when given a uid/gid pair. More work needs to be done to preserve these things accross security context changes (especially with the tricky pipe problem) but I'm beginning to see how this will be done..... probably by registering a new vuid for an authenticated RPC pipe and not treating the pipe calls specially. More thoughts needed - but we're almost there... Jeremy. (This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
2000-08-01Tidyup removing many of the 0xC0000000 | NT_STATUS_XXX stuff (only need ↵Jeremy Allison1-12/+3
NT_STATUS_XXX). Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more obscure way. Jeremy. (This used to be commit c55bcec817f47d6162466b193d533c877194124a)
2000-07-10Fixes for various compile warnings on Solaris 8.Tim Potter1-1/+1
(This used to be commit 898a483cdab1ed7d8ff902c0dc0e0620440ae4cd)
2000-06-09Luke, I am moving the code back into passdb/passdb.c, this the correctJeremy Allison1-2/+41
place to do this, not in smbd/passwd.c Please don't change this without asking first, I have run this past Andrew so talk to him (I'm on vacation next week). I also removed the g_newXXX macros. There are essentially a private C extension, not used anywhere else in the code, and add no functionality over malloc(XX) and make the code harder to understand (everyone knows what malloc does). Jeremy. (This used to be commit e1b1b6fb6794ba02e1fea510a981fa0ce0d12b58)
2000-06-09reverted jeremy's changes that removed NET_USER_INFO_3. will you pleaseLuke Leighton1-0/+2
not just undercut work in progress, thank you. (This used to be commit 86d440a88c948727bfcfedc694c52c58f9687d8b)
2000-06-08include/smb.h: Removed NET_USER_3 struct from user struct. It doesn't belong ↵Jeremy Allison1-0/+29
there (yet) as there is no infrastructure for it. Replaced it with a dynamic array of group SIDs plus a user. passdb/passdb.c: Added setup_user_sids() function. This is where the lookup should be done, eventually calling winbind. smbd/password.c: Changed to call setup_user_sids(). Removed spurious DEBUG(0) statements. smbd/reply.c: Removed extra parameter to register_vuid(). Jeremy. (This used to be commit 425f4ad9a5e0e7d49620276100ade7a0cae47011)
2000-06-03moved secrets handling into secrets.cAndrew Tridgell2-49/+43
(This used to be commit e49550b975dd407a1a8538c9885e036e400b7714)
2000-06-01param/loadparm.c: Looks like someone ran indent on this !Jeremy Allison1-1/+3
passdb/smbpass.c: Insure uninitialized memory reference fix. printing/nt_printing.c: rpc_server/srv_spoolss_nt.c: Insure memory leak fixes. smbd/unix_acls.c: Shadow ref fix. Jeremy. (This used to be commit d175d3ebefc053e9badd91ca5f2d8bd03eb6705d)
2000-06-01Getting back to a compilable state (not there yet but close).Jeremy Allison1-14/+2
Added patches for random -> sys_random. Added set_effective_xxx patches for AFS code. Memory allocation changes in spoolss code. Jeremy. (This used to be commit c2099cfb033c2cdb6035f4f7f50ce21b98e1584d)
2000-05-29Fixed LsaQueryInformationPolicy level 3 to return primary domain info.Matthew Chapman1-0/+32
Domain SID is saved in secrets.tdb upon joining domain. Added "Authenticated Users" and "SYSTEM" well-known SIDs (under NT Authority). (This used to be commit 7710b4f48d3e8532df5e37f99a779758f750efdb)
2000-05-15passdb/secrets.c: Fix typo in comment.Jeremy Allison1-1/+1
rpc_server/srv_pipe.c: Use accessor functions rather than diddling with structure internals directly. smbd/process.c: smbd/reply.c: Remove READ_PREDICTION #ifdefs. Jeremy. (This used to be commit eba825ff030a175bd271caa6f543379dfdbbd646)
2000-05-13Added code to do a one-way migration of the old DOMAIN.MACHINE.macJeremy Allison1-4/+259
file into the secrets tdb. Also restored check for password timeout (this seemed to have gotten lost). Jeremy. (This used to be commit 9493e10de3d1c73b246a9841d4b5bb01838c265f)
2000-05-12fixed two uninitialised variablesAndrew Tridgell1-1/+1
(This used to be commit eefb36f130f79f2f2c6cfb58c1646aa6ce4303be)
2000-05-08Someone :-) forgot to add secrets.c to HEAD.Jeremy Allison1-0/+90
Jeremy. (This used to be commit ac40971f30e00a93fc5e138bfd1afa05cd8dea4b)
2000-05-08added secrets.tdb and changed storage of trust account password to useAndrew Tridgell1-219/+22
it (This used to be commit 88ad00b82acc4636ab57dfe710af08ea85b82ff1)
2000-05-02Added sys_fork() and sys_getpid() functions to stop the overheadJeremy Allison2-4/+4
of doing a system call every time we want to just get our pid. Jeremy. (This used to be commit 148628b616b5c29ba6340d65fc3ddbcabba6e67a)
2000-04-25moved trans2.h and nterr.h into includes.h with all our other includesAndrew Tridgell2-2/+0
(This used to be commit d7cd7c88fdabb01d9e40ae8a657737907a21ac37)
2000-04-12Roll back to using static MACHINE.SID after consultation with Andrew. ThisJeremy Allison1-57/+201
code will be removed soon and a SID auto-generated from (probably) primary hostname and never stored in a file will replace it. Jeremy. (This used to be commit fbfe94a799cda7f728bc920d4f0655d4f537e3b6)
2000-04-11The changes made here broke NT security descriptor returning to NT clients.Jeremy Allison1-0/+2
We need to talk about the MACHINE.SID/<WORKGROUP_NAME>.SID mess..... Jeremy. (This used to be commit 5bdaa043f015771cccdc9413c37232ab4a3e2e8e)
2000-03-21indent update to make t easier to see setuid mods in TNG. someLuke Leighton1-366/+459
code from these modules i had to leave out (nothing to do withj setuid) (This used to be commit 96717211edcc389daa4494907251ffb79ffa56d9)
2000-03-02Tidied up fchown code, error reporting.Jeremy Allison1-3/+9
Jeremy. (This used to be commit 8e3239440dee6c6f50d26b70f7db46bef2a87a2d)
2000-03-02Correctly full buffer smbpasswd i/o streams.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 7b222ed713d47241822323970214326b6a8e67ac)
2000-03-02Update last changed time for new password entry.Jeremy Allison1-0/+1
Jeremy. (This used to be commit a8ccf1d9532cdf623342c968f51f1d89f89d728a)
2000-03-02Fixed bugs with -x smbpasswd entry. Thanks to Bruce Tenison ↵Jeremy Allison1-20/+21
<btenison@dibbs.net>. Jeremy. (This used to be commit c7695c66774225248978ac9ca2615762a0d449aa)
2000-02-25client/client.c:Jeremy Allison5-94/+355
libsmb/clientgen.c: Fixes for Win2k smbclient browsing. Other fixes implement smbpasswd -x user to delete users. Also allows swat to do the same. Jeremy. (This used to be commit 9f6ad046761adecafba59040baa3abc9f0959e65)
2000-01-03simple mods to add msrpc pipe redirection. default behaviour: fall backLuke Leighton1-201/+56
to using internal msrpc code in smbd. (This used to be commit 8976e26d46cb991710bc77463f7f928ac00dd4d8)
1999-12-132nd phase of head branch sync with SAMBA_2_0 - this delets all the files ↵Andrew Tridgell7-2843/+0
that were in the head branch but weren't in SAMBA_2_0 (This used to be commit d7b208786590b5a28618590172b8d523627dda09)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell9-1071/+3059
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-12final part of "first" phase converting over to msrpc daemon architecture.Luke Leighton1-2/+2
done a minimal amout of clean-up in the Makefile, removing unnecessary modules from the link stage. this is not complete, yet, and will involve some changes, for example to smbd, to remove dependencies on the password database API that shouldn't be there. for example, smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa API. this first implementation has minor problems with not reinstantiating the same services as the caller. the "homes" service is a good example. (This used to be commit caa50525220b0d0250fa139367593c2de2c12135)
1999-12-01fixing joining to domain plus something weird going down with nt logins...Luke Leighton1-1/+34
(This used to be commit cef258f1c931ecb7c2dda9d5c9977153e4c1dc73)
1999-11-16attempting to get nt5 wksta to join domain.Luke Leighton1-15/+38
1) had to fix samr "create user" and "set user info" (level 23). 2) had to fix netlogon enum trust domains 3) registry key needed \\ in it not \. (This used to be commit 70b2c1ecbb4fbbb86fea676c80754485aae5ab13)
1999-09-24Whoops ! Being over-paranoid is not good.Jean-François Micouleau1-8/+0
J.F. (This used to be commit 706acb17cffd8d6a84209dadb97916f0346cd174)
1999-09-23use gecos field to fill the full_nameJean-François Micouleau2-7/+36
don't overwrite backend values with defaults values. J.F. (This used to be commit a204a9adb84c41658def08cb75670995aec02baa)
1999-09-22Fixed an annoying bug in the LDAP code. Attributes not present in theMatthew Chapman1-22/+3
LDAP database were being initialised using unix_to_nt_time on -1, rather than -1 as an NTTIME (which is very different). Problems solved (hopefully): * "Access Denied" when accessing an NT share in a Samba controlled domain. * "Your password has expired" sometimes when logging in. (This used to be commit 740d8388cb6dfebb26681a45fd1b293383d08a6d)