summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2003-02-22Remove 'unixsam' from the default passdb backends.Andrew Bartlett7-279/+204
The intention is to remove the muliple passdb backends, but we need the 'guest' account to always be there. If the admin adds the guest account to (say) LDAP, there will only be one backend required for operation. This helps remove some nasty behaviours with adding accounts to the system for both the RPC 'create user' and the SAMSYNC code. Users 'added' with an 'add user/machine' script won't magicly appear, and machine accounts 'pre-added' to unix, but not the smbpasswd file will not cause mayhem. This commit also implements somthing tridge discussed with me, the concept of 'default' passdb operation pointers - so that each backend does not need it's own stub funcitons wrapping the default tdb privilages/group mapping code. This also removes an implicit 'sid->name' and 'name->sid' mapping from our own local SID space, to winbind usernames. When adding mapping for NIS/LDAP non-sam users in future, we need to be careful. Andrew Bartlett (This used to be commit 6f32fa234961a525760a05418a08ec48d22d7617)
2003-02-12initial server side privileges implementation, using a tdb. This needs to be ↵Andrew Tridgell1-0/+341
hooked into pdb, and we need some access control on changing privileges. That's next (This used to be commit f4f1f84a6bf1d356ccc83f0ecb135bef4a39619e)
2003-02-01More ldap parinoia - if we ever get more than one result, bail. The order weAndrew Bartlett1-5/+23
get them in should be indeterminate, so just picking the first one would be bad... Andrew Bartlett (This used to be commit 21da8c3bb39c507eb90865549c3bb3538dcea138)
2003-02-01Always escape ldap filter strings. Escaping code was from pam_ldap, but I'm toAndrew Bartlett1-3/+19
blame for the realloc() stuff. Plus a couple of minor updates to libads. Andrew Bartlett (This used to be commit 34b2e558a4b3cfd753339bb228a9799e27ed8170)
2003-02-01A couple more signed/unsigned issues.Andrew Bartlett1-2/+2
(This used to be commit 01d78b828b89f04b70b53ded01a7f4b356979317)
2003-01-16Fixed up mutex protection around winbindd logon code. Sync with APP-HEAD.Jeremy Allison1-8/+24
Jeremy. (This used to be commit 3d04872499332ef2d8e7479b924afc8fc1ac29d7)
2003-01-15initialize acct_ctrl before using itHerb Lewis1-2/+1
remove ldap_msgfree(result); as result is unitialized at this point (This used to be commit dc8882778694289ca461de57d443992f52ab7524)
2003-01-14Fix some debug lines, and add a bit more info to help track down ldapAndrew Bartlett1-8/+15
connectivity problems. Andrew Bartlett (This used to be commit 68de9a59203ed9778f11b78f233dc437b9dab55d)
2003-01-14clearer debug message when the user is already in the ldap dbAndrew Tridgell1-1/+2
(This used to be commit 31894ba0e5847eb934688598cd8d65bead23c58b)
2003-01-13Always initialise this variable - and don't set the 'must change now' if it wasAndrew Bartlett1-0/+1
last changed at '0'. We need to actually change this password sometime... Andrew Bartlett (This used to be commit 740bf439d2d1512127c873cf0e57697161d6566b)
2003-01-08Fix open problem with changing attributes on an existing file - basedJeremy Allison1-1/+0
on work by <steve@griffin.sio2.nl>. Jeremy. (This used to be commit 465d86d95fbdeda423d1f4b06cee46c119a31447)
2003-01-02We already have one function to move unistr2 -> multibyte-static, so weAndrew Bartlett1-19/+0
don't need a second just for pdb. Also, remove magic 'is lp_guest_account' test - the magic RID should be up to the passdb backend to set. Andrew Bartlett (This used to be commit f71c8338d35a2e8c73c3d8006ea6858cb522c715)
2003-01-02BIG patch...Andrew Bartlett6-16/+16
This patch makes Samba compile cleanly with -Wwrite-strings. - That is, all string literals are marked as 'const'. These strings are always read only, this just marks them as such for passing to other functions. What is most supprising is that I didn't need to change more than a few lines of code (all in 'net', which got a small cleanup of net.h and extern variables). The rest is just adding a lot of 'const'. As far as I can tell, I have not added any new warnings - apart from making all of tdbutil.c's function const (so they warn for adding that const string to struct). Andrew Bartlett (This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison2-2/+2
named. Ensure we can query them. Jeremy. (This used to be commit 842e08e52a665ae678eea239759bb2de1a0d7b33)
2002-12-12merge of get_dc_name()-like code from APP_HEAD; better support password ↵Gerald Carter1-0/+30
server = DC1 * (This used to be commit 6b18ca9511ddcf1718f222af3f61491d1e5f3b60)
2002-12-03use FILE_MACRO instead of __FILE__Herb Lewis1-5/+5
use FUNCTION_MACRO instead of __FUNCTION_ (This used to be commit 243763d6eb107ab2444d81025232c8fe795baaf1)
2002-11-24Move from NT_STATUS_UNSUCCESSFUL to NT_STATUS_NO_SUCH_USER, and other slightlyAndrew Bartlett1-16/+21
more useful error codes. (This used to be commit 5b1185b4e8592e6bc1abe581950571e249c03a78)
2002-11-20fixed a number of places where we can try to free a wild pointer orAndrew Tridgell1-2/+14
look for the record count after an invalid search. This fixes a segv in ldapsam (This used to be commit d076823c73731a4c83f49a21f13360a38d54406e)
2002-11-15Use smb_register_passdb() - plus some small fixesJelmer Vernooij3-1603/+0
(This used to be commit 2addbaff358993923a58ad3845c63168678c2c21)
2002-11-15Add smb_register_passdb()Jelmer Vernooij2-86/+59
(This used to be commit b5b3b2e6bef431c9c30dc8f2899dc22328801c0e)
2002-11-14Remove the #ifdef's for NISPLUS_SAM - there are no function name collisions ↵Jelmer Vernooij1-4/+0
anymore (This used to be commit f6ef18df11cc48f25adeee464e79e63ee209b08c)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison5-25/+19
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
2002-11-11More improvement of DEBUG outputJelmer Vernooij1-2/+5
(This used to be commit 21530f06b2b89d159657646fe15e16a3fcfdb668)
2002-11-11Add extra debug infoJelmer Vernooij1-2/+2
(This used to be commit 79207d56929de2acc15a761b23c8b33369c298ee)
2002-11-10Print the number of returned rows, not the number of fieldsJelmer Vernooij1-2/+2
(This used to be commit f4110a0f80a4f62d548b6d6cae81692476ef85ba)
2002-11-08Make smbpasswd use the group mapping, and fix spelling in ldapsam.Andrew Bartlett2-30/+38
This gets user mangler for doamins working again. Andrew Bartlett (This used to be commit 205209f77f154a2a5d5f7a255194d7953860a4db)
2002-11-07Fix small typoJelmer Vernooij1-1/+1
(This used to be commit 3c39bd9db09c59f149d77e371ed078cd7ec2d1b4)
2002-11-07when doing a 'net rpc vampire' a pdb_init_sam_pw() is used to create aAndrew Tridgell1-0/+3
sam account object, then pdb_update_sam_account() can be used to update an account. This code path could lead to the methods element of the account being used when uninitialised (leading to a segv) Easiest fix is to always make that that when creating a sam_account object we initialise the methods to null, so that the passdb code knows that it needs to be filled in. (This used to be commit fb79fa5a31c2fa8ebdcddbc49b1d9c1aa3059691)
2002-11-07Merge of scalable printing code fix... Needs testing.Jeremy Allison1-6/+9
Also tidied up some of Richard's code (I don't think he uses the compiler flags -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual like I do :-) :-). Jeremy. (This used to be commit 10024ed06e9d91f24fdc78d59eef2f76bf395438)
2002-11-06Add group management support (patch from metze)Jelmer Vernooij2-0/+67
(This used to be commit 090a2015eb9aa4ec68d80e972ae192d19afd536e)
2002-11-06Adapt to latest pdb API changes - only thing left is group supportJelmer Vernooij2-21/+17
(This used to be commit 99a2e7fde1fd4e589035c273f40419ef322e097d)
2002-11-06pdb_get_unknown? -> pdb_get_unknown_?Jelmer Vernooij1-3/+3
(This used to be commit c13ed6c866fed43e5f83e083c377a1cd7d505061)
2002-11-05Move pdb_xml to source/Jelmer Vernooij1-0/+561
(This used to be commit b68106a79e4536fa82d75dd330d07dba51bfeaf4)
2002-11-05Move pdb_mysql to source/passdbJelmer Vernooij1-0/+975
(This used to be commit 1d742e14ad18070aee654071d159b8b7410d6f86)
2002-11-04Allow 'normal' accounts in the non-unix-account range for smbpasswd - I hopeAndrew Bartlett1-19/+20
this will fix some of the problems on the build farm @ Compaq (where they have a *lot* of accounts...). (This used to be commit 2c97b7e6480c2731739ccc52af97bc62a6228cfe)
2002-11-04Fix debugAndrew Bartlett1-1/+1
(This used to be commit 5b5b8de70e46a15e9fb9b47c7af6cb0133f41217)
2002-11-03Extra little fix to vl's patch. Make sure the passdb and testparm messagesAndrew Bartlett1-3/+5
say exactly the same thing - in particular that we can algorithmic rid base == 1000, and use the BASE_RID macro to avoid the use of magic numbers. Andrew Bartlett (This used to be commit b70f2a8047ac549841bc103932b38951e9814186)
2002-11-03Force algorithmic rid base to sane values and talk about it.Volker Lendecke1-4/+25
Volker (This used to be commit ce5b2d991b42bbf6865ff75194f8ee4b46694841)
2002-11-02Clean up this a little - add comments describing a bit of what is going onAndrew Bartlett1-5/+6
here. (This used to be commit 88455313f6551a75eff4df2f0ba91430948c1c78)
2002-11-02Add a 'ldap trust ids' option that lets pdb_ldap check for posixAccountAndrew Bartlett1-33/+92
attributes rather than calling getpwnam() on the user. This should help fix some of metze's performance issues - particularly on enumerations. There is a consequential change to the operation of 'non unix account's in LDAP - they are no longer restricted to being 'within' the NUA range, but will always be added to that range. Finally, there is the doco for this and the previous LDAP SSL changes. (This used to be commit 18abaeffda300074a507561d8372d5bfddc8fe50)
2002-11-02Return the result code, not false (0 == success) on error...Andrew Bartlett1-1/+1
(This used to be commit f91c363bc05d1c82ad8a99a5c0d59b46cf820aac)
2002-11-02Fixes for pdb_ldap:Andrew Bartlett1-111/+103
- Default is now for start-tls, on the ldap (not ldaps) port - We check for 'I am currently root' in the right place now, and don't accidentily use a cached connection. - We don't loop on failure to be root, or some other errors. - A bit cleaner error reporting for add/modify. - Both the OpenLDAP and manual URI parsing tested. Andrew Bartlett (This used to be commit cfa1e459d727764feddcfdd8c9c0404282e2d0e8)
2002-10-26One more step towards to better PDC.Andrew Bartlett1-208/+330
This patch, from "Stefan (metze) Metzmacher" <metze@metzemix.de> implements an LDAP connection cache. This removes the quite silly situation where every single passdb operation involved a new LDAP connection. The hope is that this will give us a decent performance boost in some usrmgr related activities, and in the sid->name/sid->uid code. The remaining things I think are 'todo' for pdb_ldap (in the near term) are: - intergrate volker's next_rid patch for NUA accounts, - add a 'trust ldap ids' option (remove Get_Pwnam() hit on enumerations). - put the group mapping actually into ldap - Schema fixes and do utf8 conversion - server failover (try a second server for the rebind on fail) - ensure we block between an 'add' and the ldap master replicating to our local slave (mezte found this issue, kills domain joins) Andrew Bartlett (This used to be commit 3418da16456511490beb0d1045fff24576b48273)
2002-10-25Fix memory leak (patch by Steve Langasek)Jelmer Vernooij1-0/+14
(This used to be commit 06362586cb754bd6bc89b50b966737958286ca2e)
2002-10-25Only run free_private_data when it's specified (reported by Steve Langasek ↵Jelmer Vernooij1-1/+2
aka vorlon) (This used to be commit 9efa98b4a65a38df922ce3b83f5fde631cb70844)
2002-10-21pdb_unix.c did not really expect group RIDs dictated by a PDC and lookingVolker Lendecke1-2/+4
like user RIDs. Volker (This used to be commit 872c7d40454545108ec9e7eee12894af77b4adc3)
2002-10-21This moves the group mapping API into the passdb backend.Volker Lendecke7-11/+453
Currently this calls back to mapping.c, but we have the framework to get the information into LDAP and the passdb.tdb (should we? I think so..). This has received moderate testing with net rpc vampire and usrmgr. I found the add_groupmem segfault in add_aliasmem as well, but that will be another checkin. Volker (This used to be commit f30095852fea19421ac8e25dfe9c5cd4b2206f84)
2002-10-18Start to merge the new ACL mapping code from Andreas Gruenbacher ↵Jeremy Allison1-10/+38
<agruen@suse.de>. Jeremy. (This used to be commit f6103f866a5e698ab55fdab1444a14e3d8da16bb)
2002-10-17Revert changesVolker Lendecke1-1/+1
(This used to be commit 975fd17f8af0f03f43995deb3fdd9bd5995a1c92)
2002-10-17Revert changesVolker Lendecke1-24/+22
(This used to be commit 84b62f6d96a77ccbc1b4475ab0780a4e4c9d4875)