summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
1999-02-01Fixed a domain functionality problem where NT clients would startMatthew Chapman1-30/+11
endlessly repeating a network SAMLOGON (hoping it to change, hmmm...). ( Guess what I found in pwdb_init_sam... unix_to_nt_time(&user->logon_time, (time_t)-1); unix_to_nt_time(&user->logoff_time, (time_t)-1); unix_to_nt_time(&user->kickoff_time, (time_t)-1); ... ) (This used to be commit e9c79c85e6d1352693ab13e907b07d4706975891)
1999-01-15Finally committing my LDAP changes.Matthew Chapman3-50/+135
* Added new APIs for modifying groups. * RIDs are allocated similarly to NT, starting from 1000 and incrementing by 1 for each new user/group. * RIDs are now consistently in hex * Fixed bugs reported by Allan Bjorklund <allan@umich.edu>: - ldap_close_connection is exported by OpenLDAP - changed to ldap_disconnect - Missing ldap_connect() in getusergroups functions - ldap_next_entry was being called too early while retrieving a sam_struct - LDAP globals should be extern in sampassldap.c * Fixed bugs reported by Martin Hofbauer <mh@bacher.at> - Newly added workstation trust accounts had attributes DU rather than W. - User dn's were forced to start with "uid=XX" rather than using the existing dn. (This used to be commit 91c77f5432169553572bb4d85ad5f09d17524f20)
1999-01-13Fixed the "You password will expire in 0 days. Would you like toGerald Carter2-1/+30
change it now?" message when you login to a Samba Controlled domain. The fix is a hard coded 42 days from right now until you need to change you pasword again time (see passdb/sampassdb.c:pwdb_smb_to_sam()) Also fixed getsmbfilepwent() so that it will read in the last password change time correctly. * Related to this lib/util_pwdb.c:StrnCaseCmp() returns 0 if the strings match. Chouldn't this be the pther way? Oh well. I didn't change the return code as it was used in several other cases (see lib/util_pwdb.c:pwdb_get_last_set_time()) (This used to be commit 175e598dccd042c0f8b045db45fbe3ae928a7387)
1998-12-14trying to track down issues in get_home_dir().Luke Leighton1-0/+4
(This used to be commit 2cce78aa00f31b79d51aaf46da72019b926e8226)
1998-12-11%U substitution should be unix user not nt userLuke Leighton2-4/+9
(This used to be commit f4b8a283065a7c1ae233a0ae01ac76f32fea6b31)
1998-12-08ldap_getpw() also needs to be (void)Luke Leighton1-3/+2
(This used to be commit f36cf3b6a70d0a91bce923ab51780d20d69e3bd6)
1998-12-08compilation warnings due to missing (void) in ldap_close_connection.Luke Leighton1-2/+6
(This used to be commit f11eb4165836ce8d15a453d37c4e07913562d778)
1998-12-07added ldap files by Matthew Chapman.Luke Leighton2-0/+623
(This used to be commit 2bc031e8fafeafdc58c6a8056597b647d00657ae)
1998-12-07Matthew Chapman spotted that smbpasschange was assuming the existenceLuke Leighton1-29/+0
of a private/smbpasswd file, this will not be the case for other database APIs. removed startsmbdb and endsmbpwdb calls because add_smbpwd_entry() and mod_smbpwd_entry() don't need them. (This used to be commit 8b36c7c08ffa408506c35219e6453a595cbc3a4f)
1998-12-07matthew chapman's ldap code, to date. plus docs!Luke Leighton3-817/+289
(This used to be commit 2c438c86cbb38833b3abd4fbead6324687633b25)
1998-11-30attempting to fix "domain user map" up, but it's a bit complicated.Luke Leighton1-4/+13
i may simply go for a response in the NetSamLogon returning the unix username, forcing the NT user to appear to be a unix user, however even that is fraught with implications. might just have to go the whole hog and do this tuple thing, "unix_name + nt_name" always associated together... issue with api_net_sam_logon, getsam21pwent() being called twice, the second time overwriting static buffer data (argh) so had to make a copy. noticed a nested "become_root()"/"unbecome_root()" which will have to be tracked down... (This used to be commit 474f94f419a531e33b475249da7efb99ac22f454)
1998-11-30passdb.c now calls getpwnam() which returns results in a static buffer.Luke Leighton1-7/+21
a call _outside_ of this was _also_ calling getpwnam. the calls to getsmbpwnam() were therefore overwriting the static buffer. (This used to be commit c5ba5fa6feab2884a23b8bcb5dcb349ee1a7c139)
1998-11-30- adding builtin[alias]db.Luke Leighton2-20/+32
- lib/sids.c: generate_sam_sid() modified to take a domain name: it now generates "DOMAIN_NAME.SID". reasons: 1) if you run multiple samba servers on the same machine under different netbios names as members of a domain, they won't all use the same SID, which is a _big_ mistake but it would happen _by default_. 2) we have (had) a problem with sid_to_string() and string_to_sid() which cause SIDs to be incorrectly read. one of the major reasons for *NOT* making this change was so as not to disrupt existing users. but as they will be anyway by this bug, we might as well go ahead. - passdb/smbpass.c: wanted to change the meaning of the name in the smbpasswd file to an "nt" name not a "unix" name. this is probably not a good idea: reverted this. - output formatting / bug-fixing in rpcclient query_useraliases code. (This used to be commit e4930f5f48f8246ceec8add8bf769954a963190c)
1998-11-29"retired" two modules to preserve their cvs history.Luke Leighton2-0/+713
added their replacements, added sam password database API modules (This used to be commit b1d1c1337c69c6f6bf25ab932a1a6a757e3ea2ae)
1998-11-29weekend work. user / group database API.Luke Leighton8-880/+209
- split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
1998-11-26we have a problem: resolution of "Primary Group RID" which we assumedLuke Leighton1-1/+14
would only be a domain group rid. it can also be a local group rid, which causes us problems in attempting to turn a unix gid into the correct rid (domain group or local group). sooo.... the fix is _in_ there, we just can't use it because it causes link / knock-on problems in nmbd. (This used to be commit e4ee6538709c33000774eb1676608f2dd67d5a30)
1998-11-25fixing group database issuesLuke Leighton2-7/+8
(This used to be commit 591c63e3e1e3201ddcd7582585b652fb848d80ca)
1998-11-25LsaLookupNames client call (first used as lookupnames command in rpcclient).Luke Leighton1-23/+29
(This used to be commit 68342a29a892e515cf2b22d759476d61944bcd59)
1998-11-25fixing domain join and domain login problemsLuke Leighton1-1/+0
(This used to be commit 90a24664318da97a6e8cfe4622a8573c0e3cbe5e)
1998-11-24clearer debug commentsLuke Leighton1-2/+2
(This used to be commit 06b9100c1c1590bad392a8d9bdd79a6c554a3cac)
1998-11-24oops, forgot to rename smbfilegrp to smbunixgrp.Luke Leighton1-11/+11
(This used to be commit 6de2b03d1c6714d63c6dbe7a417fb442e95ee0d9)
1998-11-24initialise not initialize...Luke Leighton2-2/+2
(This used to be commit b67d66a1e9d879cd5960380c94422c0af8dedaad)
1998-11-23remove unused variableLuke Leighton1-1/+0
(This used to be commit 30b3f339f8d55c2d3a4cbc380b7f12eb040bf381)
1998-11-23someone had added code to convert rids to rids, assuming that the ridsLuke Leighton1-9/+1
in the file were gids: they are not. (This used to be commit 8af860394fa3251a26285c8c96c9e4093346f20b)
1998-11-23unix instance of group database APILuke Leighton5-20/+263
(This used to be commit e76f593b3572ac881f1aa1fb3326d8b7169b0078)
1998-11-17Added the same open()/fopen()/creat()/mmap() -> sys_XXX calls.Jeremy Allison5-15/+14
Tidied up some of the mess (no other word for it). Still doesn't compile cleanly. There are calls with incorrect parameters that don't seem to be doing the right thing. This code still needs surgery :-(. Jeremy. (This used to be commit 18ff93a9abbf68ee8c59c0af3e57c63e4a015dac)
1998-11-17swapped username:uid:[groupridlist]:[aliasridlist] toLuke Leighton1-9/+9
u:u:a:g (This used to be commit 2f456ed92ffbf596945a9ec800c373495fc4e38a)
1998-11-17- group database API. oops and oh dear, the threat has been carried out:Luke Leighton5-719/+388
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
1998-11-13Makefile.in configure configure.in include/config.h.in: Changes for DGUX and ↵Jeremy Allison1-1/+1
UNIXWARE. groupdb/aliasdb.c groupdb/aliasfile.c groupdb/groupfile.c: Don't use snprinf, use slprintf. include/includes.h: Fix YP problem. include/smb.h: Fix ZERO_STRUCTP. lib/util_sock.c: Added strerror() in debugs. passdb/ldap.c: Don't use snprinf, use slprintf. rpc_client/cli_lsarpc.c rpc_client/cli_pipe.c rpc_parse/parse_sec.c rpc_server/srv_pipe.c: Don't use snprinf, use slprintf. script/installman.sh: DGUX changes. smbd/open.c smbd/oplock.c: Fixed gcc warnings. web/swat.c: Changes USER to SWAT_USER. (This used to be commit 4c2b5a00983501e5d4aad1456ba8b5ab0dfd9b4c)
1998-11-12Removed code that used printf/fprintf in password changin libraries.Herb Lewis1-11/+18
Now passes strings instead. (This used to be commit 48af29bcc9e8094de6ba057a52dbae3c80ea7a05)
1998-11-12extracted the password change code from smbpasswd and used it in swatAndrew Tridgell1-0/+162
instead of opening pipes and other horrible stuff. (This used to be commit 49bf19710345a59a2d17cd449be1a132885ed821)
1998-11-10util functions split into relevant modules, first pass.Luke Leighton1-43/+0
(This used to be commit d448906e68cec5019fa83f7d31b862efff41e2da)
1998-11-07codepages/codepage_def.936: Updated comment.Jeremy Allison1-5/+3
param/loadparm.c: Removed "networkstation user login", "domain controller", and "domain sid" parameters. passdb/passdb.c: Removed "networkstation user login" code and changed bug test code to only check once for a bad password server. This will stop the complaints of many "bad login" audit records in NT PDC logs. utils/smbpasswd.c: Removed check for "domain controller". Jeremy. (This used to be commit d6e6e936b5dd90dd8fc38d9404efbe5c546c15e5)
1998-11-05the start of the start of the SAM database APILuke Leighton2-0/+417
(This used to be commit 3eacd3013cc909e6e731a1a42f0aa7f202673bb9)
1998-10-21domain aliases added a bit better: does local aliases if you queryLuke Leighton1-5/+6
for sid S-1-5-20 and does (nothing at the moment) if you query for your own sid. (This used to be commit da40f26f4b2f7ce286076b4e39dffd76aa2ef8e6)
1998-10-21the next dialog: user-groups. it's not very sensible what appears, but hey:Luke Leighton4-0/+40
it appears! (This used to be commit 399035098f212e976cc0000a215e0705ebe78c05)
1998-10-17Small tidyups for gcc in 'preen' mode....Jeremy Allison2-0/+2
Jeremy. (This used to be commit 60dc1a4a00a22088d33369588b0d5eb292cf084a)
1998-10-16trust passwordLuke Leighton1-2/+2
(This used to be commit fa86770d56fd4a3e280ee4f5685e29dee2a713fb)
1998-10-15rpcclient interactive login (with trust account changing if you are root)Luke Leighton2-2/+38
cli_session_setup handles null sessions correctly (This used to be commit 60c0f22a4e84703467006dfe1971384a6294a9aa)
1998-10-15getpwnam() failing is a serious error (corrupt smbpasswd database)Luke Leighton1-1/+6
(This used to be commit 18e628ac1516cbd9773608cb5a9f4b784cf4dd9e)
1998-10-15bug-fixing against:Luke Leighton1-0/+2
AS/U: it returns dce/rpc "first" and "last" bits _clear_ in a bind/ack response, when they should be set in a (small) packet. they also, in the bind/ack do not set a secondary address string at all, so we can't check against that... Win95: client-side dce/rpc code is a bit odd. it does a "WaitNamedPipeState" and has slightly different pipe-naming (\PIPE\LANMAN is joined by \PIPE\SRVSVC, \PIPE\WINREG etc whereas nt just has \PIPE\LANMAN and \PIPE\). Win95-USRMGR.EXE: added LsaOpenPolicy (renamed existing to LsaOpenPolicy2). added SamrConnect (renamed existing to SamrConnect2). (This used to be commit a7fccd807b938cbb51002ebae8c7a48b40dbb655)
1998-10-09anders blomdell spotted an unititialised fstring causing strlen to goLuke Leighton1-0/+1
awry (ascii_p16) (This used to be commit 0b45c08ffad6f8b12c6fb2b184d3b5d52177cabe)
1998-09-29Fixed warning in get_time_from_string().Jeremy Allison1-1/+1
Jeremy. (This used to be commit e9b7ff0dece2252b28be1ed526f43ff2bdf86ade)
1998-09-29missed the pdb_sam_to_smb function needed by nispass.cLuke Leighton1-19/+22
(This used to be commit b40a4e6385757cb8a44044a1437651954d6b1c90)
1998-09-29added in some pdb_xxx routines that are needed by nispass.cLuke Leighton1-0/+121
(This used to be commit 5212dd69d05a0d26dddcb4a0d9efca195436bfda)
1998-09-28Added fix from gildea@intouchsys.com - smbpasswd file could be leftJeremy Allison1-1/+5
locked. Jeremy. (This used to be commit 71ab5c367cf54f4b821aaf056f283f48d7eb4638)
1998-09-28Changes to test in configure if capabilities are enabled on a system.Jeremy Allison1-2/+2
Changes to get Samba to compile cleanly with the IRIX compiler with the options : -fullwarn -woff 1209,1174 (the -woff options are to turn off warnings about unused function parameters and controlling loop expressions being constants). Split prototype generation as we hit a limit in IRIX nawk. Removed "." code in smbd/filename.c (yet again :-). Jeremy. (This used to be commit e0567433bd72aec17bf5a54cc292701095d25f09)
1998-09-28automated generation of .dummy files for each subdirectory;Alexandre Oliva1-1/+0
dummy.in files are no longer needed, and new directories will be taken care of automatically, at configure (or config.status --recheck) time (This used to be commit 237a8e5fe62d757c04b8207cbbee4df1470cfe4e)
1998-09-26Added Kerberos4 support patches from Johan Hedin <johanh@fusion.kth.se>Jeremy Allison1-1/+3
Jeremy. (This used to be commit 548634915f21f774b7efb06f138c8fb7bc089daa)
1998-09-25Makefile.in: Fixed bug with continuation line causing proto to fail.Jeremy Allison3-2/+12
Added $(PROGS) $(SPROGS) as targets for make clean. acconfig.h: Added HAVE_IRIX_SPECIFIC_CAPABILITIES. configure.in: Added sys/capability.h header check. Added function checks for srandom random srand rand. Added HAVE_IRIX_SPECIFIC_CAPABILITIES test. includes.h: Added #include <sys/capability.h>. ntdomain.h: Moved struct acct_info into here from smb.h smb.h: Added KERNEL_OPLOCK_CAPABILITY define. Moved enum action_type into rpcclient.h Moved struct cli_state into client.h Moved struct nt_client_info, struct tar_client_info, struct client_info into rpcclient.h lib/genrand.c: Changed to use sys_random() & friends. lib/smbrun.c: Lose capabilities after fork. lib/system.c: Added set_process_capability(), set_inherited_process_capability() sys_random(), sys_srandom(). lib/util.c: Added Ander's EFBIG lock check to fcntl_lock for 64 bit access to an 32 bit mounted NFS filesystem. nmbd/nmbd.c: Changed to use sys_random() & friends. nmbd/nmbd_browsesync.c: Changed to use sys_random() & friends. passdb/ldap.c: Missed one pdb_encode_acct_ctrl call. passdb/passdb.c: Changed to Ander's code for ' ' characters. passdb/smbpass.c: Added Ander's code to reset ACB_PWNOTREQ. script/mkproto.awk: Added 'long' to prototypes. smbd/chgpasswd.c: Lose capabilities after fork. smbd/open.c: Do the mmap *after* the kernel oplock. smbd/oplock.c: Removed stub code from kernel oplock path. Added set_process_capability(), set_inherited_process_capability() calls. smbd/reply.c: Initialize count = 0, offset = 0. smbd/server.c: Added set_process_capability(), set_inherited_process_capability() calls. tests/summary.c: Ensure we have RANDOM or RAND. utils/smbpasswd.c: Added Ander's code to reset ACB_PWNOTREQ. utils/torture.c: Changed to use sys_random() & friends. Jeremy. (This used to be commit e8be306f23963ac00b1a383ebe0cc1421529fb02)