| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
(This used to be commit 90640a523e9898157a361f3fbf5923b1ef2a6651)
|
|
This patch add privilege support for samba
Currently it is implemented only for tdbsam backend but estending it to
other sam backends is straightforward.
I must make a big thank to JFM for his teachings on the matter and the
functions at the base of this work.
At thye moment only samr_create_user honours SeAddUsersPrivilege and
SeMachineAccountPrivilege to permit any user to add machines and/or users to
the server.
The command "net priv" has been provided to manipulate the privileges
database.
There are still many things to do (like support in "net rpc vampire") but
the working core is here.
Feel free to comment/extend on this work.
Of course I will deny that any bug may affect this code :-)
Simo.
This patch adds also my patch about add share command enhancements.
(This used to be commit 7a78c3605e203bd8e0d7ae244605f076a5d0b0bc)
|
|
Volker
(This used to be commit f95a5d81479b467c837b727831c2224832c8205c)
|
|
su - WINDOWS\\vl
now includes the locally defined aliases I'm member of.
Next will be getent group.
Volker
(This used to be commit 52dae45684317ac8ac529017607bb5787dda7c50)
|
|
merge to 3_0, as the pdb interfaces has changed a bit between the two.
This has not been tested too severly (which means it's completely broken ;-),
but I want it in for review. Feel free to revert it :-)
TODO:
make 'net groupmap' a bit more friendly for alias members.
Put that stuff into pdb_ldap.
Getting the information over to winbind. One plan without linking pdb into
winbind would be to fill group_mapping.tdb with the membership information and
have that as a cache (or use gencache.tdb?). smbd on a PDC or stand-alone
could trigger that itself, the problem is a BDC using LDAP. This needs to do
it on a regular basis. The BDC smbd needs to be informed about SAM changes
somehow...
Volker
(This used to be commit 30ef8fe1e85c0ca229b54f3f1595c4330f7191d1)
|
|
(This used to be commit a3a15be5a2ae419992af004425592cca6796edcd)
|
|
Fix bug in previous global_sam_sid() commit. I broke the 'read from
MACHINE.SID' file functionality.
Also, before we print out the results of 'net getlocalsid' and 'net
getdomainsid', ensure we have tried to read that file, or have
generated one.
Andrew Bartlett
(This used to be commit af1b6447b8292a83851361570219ee6d889e0898)
|
|
I *hate* global variables...
OK, what was happening here was that we would invalidate global_sam_sid
when we set the sid into secrets.tdb, to force a re-read.
The problem was, we would do *two* writes into the TDB, and the second one
(in the PDC/BDC case) would be of a NULL pointer. This caused smbd startups
to fail, on a blank TDB.
By using a local variable in the pdb_generate_sam_sid() code, we avoid this
particular trap.
I've also added better debugging for the case where this all matters, which
is particularly for LDAP, where it finds out a domain SID from the sambaDomain
object.
Andrew Bartlett
(This used to be commit f3ecdea56d9ea6d562ace84f0e653a641eb96f6e)
|
|
Found by Fabien Chevalier <fabien.chevalier@supelec.fr> and
JustFillBug <mozbugbox@yahoo.com.au> on the Samba lists - a 'max
password age' of zero should be considered as 'never expire'.
For the timebeing we just set it like -1, but we might revisit this
for closer-to-ms behaviour.
Andrew Bartlett
(This used to be commit 2003cdc65e1b9f6514d97334997fee5c49813bac)
|
|
reset count and lockout duration
(This used to be commit ad2996e418a45c1cf4f969077ffc267de70d6866)
|
|
(This used to be commit 81dc9d53eb330f350f3f31068fe75c3606221e62)
|
|
(This used to be commit 91ea29b392ff05311e9631467ee6255b29887e04)
|
|
(This used to be commit 0a2b792556b3aaa056a1fa6adb35627fdb804758)
|
|
3.0 and reduce diff output.
(This used to be commit 306c021000d36f13b3740839b62df60986e4e112)
|
|
(This used to be commit 57314e060552523338071442e111fb4f7a2e1df8)
|
|
(This used to be commit 3b373cd15d17ab495f86c8b3b219d965b5aff606)
|
|
(This used to be commit 2478501d402a07248d6181d4c9de253b203ff67c)
|
|
define the INFO/version string in _only_ one place.
(This used to be commit 02181f77897d87989341e3f18dbf0cc3e9c22991)
|
|
they line up. Also change lockout_time to bad_password_time, since this
is actually what is replicated.
(This used to be commit adfc160082e5d1f20085e68eaacffea3fd277f1d)
|
|
HEAD PDC tomorrow)
(This used to be commit c57b24ee49aee0f0687742da7f8d741c62f6effe)
|
|
(This used to be commit 1ab42df4a648fc19391891163d891c4bdb23437e)
|
|
rafal
(This used to be commit e92fb5dcb02a56d10230df70d495f91da4052e62)
|
|
When we set a domain sid, force get_global_sam_sid() to do it's work again.
This should ensure that the value it returns is always consistant.
Andrew Bartlett
(This used to be commit fb13c61d4eee943e44632a0d1ba57b19602d67a4)
|
|
Add static, and assert that we will never overflow the static fstring
in pdb_encode_acct_ctrl() (All current callers are fine)
Andrew Bartlett
(This used to be commit badf7f64fb38dfd40bdf65b19e9dd8932d5e6c3b)
|
|
Make more functions static, and remove duplication in the use of functions
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c
(These should perhaps be pulled back out to smbpasswd.c, but that can occour
later).
This also includes some >14 character password changes, and the start
of a move away from using 'admin user' to determine if the user is
root (as root can login without setting 'admin user').
Andrew Bartlett
(This used to be commit be0704abb919152c359a735023283acbf9be3076)
|
|
I should have done this years ago...
This adds the very simple 'admin set password' capability to 'net rpc',
much as we have it for 'net ads'.
Andrew Bartlett
(This used to be commit 5243b89e33efd2ea8842a624d8abd6c5755afb64)
|
|
If we are setting the NT or LM password to NULL, remove the attribute
rather than writing XXXXX
Andrew Bartlett
(This used to be commit 2ae9672f811c91c95ee2ddfd4b0dcc6b0f4fa192)
|
|
ACB_PWNOTREQ bit set
(This used to be commit 6c4de7198b94a8cea176e1c9d86deb65705f9058)
|
|
(This used to be commit 63206b1204bd532bf99912cd4312baf7d69db1f6)
|
|
(This used to be commit 77335cc5bce46ab3498f9401099f110b0e5506c1)
|
|
(This used to be commit 4840b25dbd4d2eafc010389a711d42862d5fb0f0)
|
|
(This used to be commit c5634e0b713e594a32522df7a76c36639f772ed5)
|
|
meaning of fields_present bit mask. Also avoid it being saved in backends (0
is saved where removing the unit32 would have produced a format change).
Also add support in samr functions to correctly interpret the flags.
Flags still not set properly (eg. still set all flags 0xffffff as previous
code), need a tool to test this properly (I',ve done preliminary tests with
samba4 rpc torture and it seem to work properly against w2k).
2. Patch for handlig the flag user must change password at next logon
in usrmgr based on Jianliang Lu <j.lu@tiesse.com> patch
(This used to be commit 78975e9483e64412e436c5dbfe2b71e20b79de29)
|
|
rafal
(This used to be commit a284082716bf63569e5921eb33b1ecd1a9b4810d)
|
|
rafal
(This used to be commit 2d2c36cc3f691f31506fbd97e74cf225a2ef85c5)
|
|
from passdb backend level (tdbsam, in this case).
It is written as wrapper for secrets_ calls that use secrets.tdb file
and is not treated as eventual solution. Trust passwords are being
handled uniformly, SAM_TRUST_PASSWD structure, and so they should be
stored as well.
Note, this code is disabled ie. not used anywhere yet. I'm working
on next routines in line.
rafal
(This used to be commit 02ac9332ab1d34f47667b40ce23b2b5d04c4dff1)
|
|
rafal
(This used to be commit 336720416abd1f6d62f9a6748ae6a0454976c9d4)
|
|
(This used to be commit c98399e3c9d74e19b7c9d806ca8028b48866931e)
|
|
rafal
(This used to be commit f912d8c3403071582f776886f9793e3289b285b6)
|
|
rafal
(This used to be commit 4a2bd4de3f5a99bc19013a2878659e8686606e30)
|
|
backend-independent part ie. interface - does build and (it seems)
doesn't break anything else.
rafal
(This used to be commit 9ce6dc6476202d9db6ea1c2deab93e454e4db546)
|
|
(This used to be commit 4c877ccc16bcb69490c4d34d2ef5f727bf98438e)
|
|
JHT came up with a nasty (broken) torture case in preparing examples for
his book.
This prompted me to look at the code that reads the unix group list. This
code did a lot of name -> uid -> name -> sid translations, which caused
problems. Instead, we now do just name -> sid
I also cleaned up some interfaces, and client tools.
Andrew Bartlett
(This used to be commit cc535a6c70d8dcf677322e31b24dec58b23d80f0)
|
|
Check the return value of string_to_sid in a few more places. (But
string_to_sid also needs to be less permissive on what it thinks are
valid sids...)
Andrew Bartlett
(This used to be commit 74ea8682e4b5c78f456cc9284e953e35e4146a8b)
|
|
Show the error message for failure to set the ldap password.
(For 'ldap password sync = yes')
Andrew Bartlett
(This used to be commit ef5d2309c2252c9d6111738075f863b69b616722)
|
|
(This used to be commit 61cbd5c9be1962d0c33c28ff472a2f82d3aa2a80)
|
|
(This used to be commit 426a02cf678236f902c143b56eaaf854fca2237f)
|
|
group.
Jeremy.
(This used to be commit 72174634aa26c01431ccf85331aaa8b51e70c8ff)
|
|
<appro@fy.chalmers.se>
(This used to be commit ca21dd3bb682700d628e9fc1aeedd1594cda3094)
|
|
(This used to be commit 975ac6f5aa4d8d709733757e4e003f3c551fc9ba)
|
