summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2002-09-27Readd the 2.2 --with-ldapsam paramaters so as to allow a smooth upgrade path toAndrew Bartlett1-4/+19
a 3.0 based PDC. Change defaults to use SSL, so that this also matches. Andrew Bartlett (This used to be commit 36c2a3820faa1d90cd331881720be0e61ab93460)
2002-09-26sync with HEADGerald Carter6-206/+228
(This used to be commit ee9cbf58071adb627a49a94c6340aaba330486b5)
2002-09-26remove files not in HEADGerald Carter1-219/+0
(This used to be commit 9d9f7bbf87bf9a0e003e6da482615fe040d00852)
2002-09-26syncing up with HEAD again....Gerald Carter2-51/+81
(This used to be commit e026b84815ad1a5fa981c24fff197fefa73b4928)
2002-09-26Patch from "Stefan (metze) Metzmacher" <metze@metzemix.de> to do a *much*Andrew Bartlett1-1/+1
better job of working with usrmgr. Previously we were blanking out entires, and all sort of mischif. The new patch (which I've now had a chance to test/modify) also takes care not to expand % values (ie we go \\%L\%U -> \\server\user, we don't want to store \\server\user back) and to correctly notice 'not set' compared to 'null string' etc. Andrew Bartlett (This used to be commit ab878b6cc4132594fc33f78aeebf0d8b7266c150)
2002-09-26move all the passdb internal interface to NTSTATUSSimo Sorce6-256/+307
only the interface has been fully moved to NTSTATUS not all the plugins make full use of it, but have been all converted. My testings passed completely, however a bit of more testing is welcome Simo. (This used to be commit 102a26e06591928a03b49cd312a65811ed46314f)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter9-1352/+1653
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-09-25Make it clear what this if statement applies to, and what it doesn'tAndrew Bartlett1-0/+1
(This used to be commit 6b78e554c3dd3c98bff7dbd1d3715a9b7e405b8d)
2002-09-25Whenever we deal with adding machine/trusted domain accounts, always reset theAndrew Bartlett1-20/+23
flag to what we expect. This handles the 'upgrade' from unixsam beter (where all $ terminated accounts are machines). Andrew Bartlett (This used to be commit a198940ea6f7b7f3cba38c5a9f695e0731204583)
2002-09-25Don't crash when a backend doesn't have a setsampwent function available - ↵Jelmer Vernooij1-2/+2
bug reported by metze (This used to be commit 4aea951102a6e82612560e6a59931fde433ee6ea)
2002-09-25This patch from "Stefan (metze) Metzmacher" <metze@metzemix.de> cleans upAndrew Bartlett3-123/+204
pdb_ldap and adds a 'ldap passwd sync' option. The idea with this option is to do allow an ldap backend to do all the fancy password hashing etc - and to tell smbd no to try and double-up. Using 'ldap passwd sync = only' will do this, but is not recommended unless such a backend is in place... Running 'ldap passwd sync = yes' just gets you the same as doing 'pam passwd sync = yes' and having both PAM and pam_ldap correctly configured for 'magic root' behaviour, but only using ldap connection, and one set of credentials. This also gets us closer to allowing ldap to say 'password too short' etc, which might assist in maintaining a consistant password policy. Andrew Bartlett (This used to be commit f13e243f1a13d34ae057b40b01f561e8b95d4570)
2002-09-25If adding a user to ldap, make sure we have the 'account' structural class, orAndrew Bartlett1-0/+1
else we can't add to OpenLDAP 2.1 (This used to be commit d9a91a41441c156223760cb356fa997ea7bdbc1a)
2002-09-18We had a race condition when changing a machine acount password as weJeremy Allison1-1/+21
were no longer locking the secrets entry. I saw this on a live system. Jeremy. (This used to be commit 660dafcbb2d1029831212a32d995891626a0344c)
2002-09-17Never, *ever* hold a mutex lock in the message database where there mayJeremy Allison1-0/+66
be traversals being attempted. Yes, this was from bitter experience (and an out of control server :-). Also allow callers to break out of a tdb_chainlock with sigalarm if desired. Jeremy. (This used to be commit a7781f91d8c1177210bffc199cd2f3b7ff993eaf)
2002-09-17more const cleanupsAndrew Tridgell1-3/+3
(This used to be commit dfa85f9c48aa3c8d93775df6b6ad2dec9a1692d7)
2002-09-04Set default ACB attributes on 'unixsam' accounts. This means that machineAndrew Bartlett1-0/+9
accounts added first to /etc/passwd will be honered correctly. Also, users 'upgraded' to smbpasswd will have the right flags. Andrew Bartlett (This used to be commit 474cc910c73e5567313bac438c7324a80e2e90d8)
2002-08-29small fixesJelmer Vernooij1-1/+1
make lp_sam_backend() a list (This used to be commit 06eb3138ab14ff450bbc44f5fa539867ce67a7dd)
2002-08-29RTLD_GLOBAL is not necessaryJelmer Vernooij1-1/+1
(This used to be commit 3146b243e0b143e1038c97d9f919aba494cc46f7)
2002-08-28Put in intermediate version of new SAM system. It's not stable yet, codeJelmer Vernooij1-219/+0
might be ugly, etc - please don't blame me for anything but instead try to fix the code :-). Compiling of the new sam system can be enabled with the configure option --with-sam Removing passdb/passgrp.c as it's unused fix typo in utils/testparm.c (This used to be commit 4b7de5ee236c043e6169f137992baf09a95c6f2c)
2002-08-21More hacks for 'guest account' to get it to show up with the right rid...Andrew Bartlett1-1/+12
Andrew Bartlett (This used to be commit 2795d92268d23063faf5a661279a91f7703d8aac)
2002-08-21Replaced reference to global_myworkgroup by calls to lp_workgroup().Volker Lendecke1-6/+5
pdbedit failed to initialize global_myworkgroup, wo we could end up having a SID for SECRETS/SID/ in secrets.tdb. Volker (This used to be commit 8c96ab4bc05e55e119c1b44779fe14d3ab6c5f35)
2002-08-21Add changes suggested by abartlet:Jelmer Vernooij1-1124/+1205
- don't use lp_passwd_file() to retrieve NIS domain name, but use location instead - some cleanups (This used to be commit 16f4568f35c753ec0ab0a0dda2b264668f5ac5ab)
2002-08-21Use the 'init' flag to determine if the UID is set, rather than testing theAndrew Bartlett1-2/+5
uid for -1. Andrew Bartlett (This used to be commit 2fc12864ae78ea08d8cb4e3b1c7e341ca4a854e6)
2002-08-20pdb_nisplus converted to the new passdb system API'sJelmer Vernooij2-559/+586
(This used to be commit 72e9a5cd340d6a912e274dc0d6f2a22a922d4b03)
2002-08-17sync 3.0 branch with headJelmer Vernooij10-139/+336
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-08-17Quick hack to get around the inadequacy of pdb_smbpasswd. This should make theAndrew Bartlett1-1/+1
build farm happy again, and allow the 'guest account' to be added to smbpasswd. Andrew Bartlett (This used to be commit 5e5cd2874527dd9a213c4bfcf98a425c39f3f2e2)
2002-08-17Rework the 'guest account get's RID 501' code again...Andrew Bartlett2-46/+57
This moves it right into the passdb subsystem, where we can do this in just one (or 2) places. Due to the fact that this code can be in a tight loop, I've had to make 'guest account' a 'const' paramater, where % macros cannot be used. In any case, if the 'guest account' varies, we are in for some nasty cases in the other code, so it's useful anyway. Andrew Bartlett (This used to be commit 8718e5e7b2651edad15f52a4262dc745df7ad70f)
2002-08-16Make the 'guest account' always have a RID of DOMAIN_USER_RID_GUEST.Andrew Bartlett1-6/+20
Andrew Bartlett (This used to be commit 4725d7d04936335cbd85bd6ac5096c50fed93671)
2002-08-12Update secrets_fetch_domain_guid to generate and store it if it doesn't exist.Jim McDonough1-2/+11
Only does it for PDCs. (This used to be commit 3543f92c39a80c8b6eb7ca3188b87f0f15896f33)
2002-08-07Add const to a pile of const to *DOM_SID paramaters.Andrew Bartlett5-7/+7
Andrew Bartlett (This used to be commit fd0ebf976eb6e5fc25bc75ff471c69c3f3761e32)
2002-08-06Try to bind with LDAPv3 if possible.Andrew Bartlett1-7/+19
Andrew Bartlett (This used to be commit 0e420878f26bdd19b5defb78a5fe4c31662ec941)
2002-08-05I must have missed this when I was adding 'const' to these earlier...Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit ce6c8a647ca56dcbb60ff898d77c2df297c1fe79)
2002-08-05Try to make this easier to debug - display the username that failed.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 8405bccd4e7a5315e58890ffa5d481031636f88a)
2002-07-31Don't accidenity mess with the wrong domain's sids.Andrew Bartlett1-2/+2
(This used to be commit 0e2207c9c1ce573098f764e85a65c17cc1f1d284)
2002-07-31fixed multi-line strings for portabilityAndrew Tridgell1-2/+2
(This used to be commit 9f9e0cbd2c9920b730286f8bf560dc3415c29aa6)
2002-07-30Add LSA RPC 0x2E, lsa_query_info2. Only level implemented is 0x0c, whichJim McDonough1-0/+32
is netbios and dns domain info. Also add code to set/fetch the domain GUID from secrets.tdb (although set is not yet called by anyone). (This used to be commit 31d7168530ccce2c5e9e7f96464b47f4d9771a25)
2002-07-30Update a pile of Samba's SID lookup code to ensure:Andrew Bartlett1-40/+53
- That we never call winbind recursivly - That we never use an 'algorithmic' RID when we have a fixed uid or gid mapping in either the passdb or the group mapping db. Also, remove restrictions that say 'this domain only'. If we have a mapping configured, allow it to be returned. If we later decide certian mappings are invalid, then we sould put that in the code that actually does the map. Allow 'sid->name' transtations on the fixed 'well known' groups for NT, even if they are not represented by Unix groups yet. Andrew Bartlett (This used to be commit d5bafb224337e393420c2ce9c0a787405314713c)
2002-07-30These are not critical errors, they should not be a level 0.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit 082c0324cde38fadd70934a10849c7d40a34e3b1)
2002-07-28found nasty bug in intl/lang_tdb.c tdb structure was not tested to not be ↵Simo Sorce1-1/+1
null before close this one fixes swat not working with browsers that set more then one language. along the way implemented language priority in web/neg_lang.c with bubble sort also changet str_list_make to be able to use a different separator string Simo. (This used to be commit 69765e4faa8aaae74c97afc917891fc72d80703d)
2002-07-27Update the rebind code in pdb_ldap.Andrew Bartlett1-34/+114
I've still not tested this, but I didn't test the last lot and I'm pretty sure I stuffed it up - but at least this rebind procedure matches the function prototype. It should also be fine on OpenLDAP 2.1 if I'm lucky. Andrew Bartlett (This used to be commit 064f269508d05cc833cf7bfd5613e4fe389f32dc)
2002-07-26fix parameters for ldap_set_rebind_proc() from OpenLDAP 2.1Gerald Carter1-2/+7
(This used to be commit a6725d4ce95ca8807ccefe4ce033b45d0635da6d)
2002-07-26(another patch from mimir)Andrew Bartlett1-2/+17
Add some debugging info to the secrets code. We might review what debug level that should be at, but it's fine for now. Andrew Bartlett (This used to be commit 2b6a318d686ac0b08a30844bf2960703b06d5c90)
2002-07-26Mimir has been busy with patches again, and sent in the followingAndrew Bartlett1-1/+1
patches: Andrew Bartlett From his e-mail: Below I attach the following patches as a result of my work on trusted domains support: 1) srv_samr_nt.c.diff This fixes a bug which caused to return null string as the first entry of enumerated accounts list (no matter what entry, it was always null string and rid) and possibly spoiled further names, depeding on their length. I found that while testing my 'net rpc trustdom list' against nt servers and samba server. 2) libsmb.diff Now, fallback to anonymous connection works correctly. 3) smbpasswd.c.diff Just a little fix which actually allows one to create a trusting domain account using smbpasswd 4) typos.diff As the name suggests, it's just a few typos fix :) (This used to be commit 888d595fab4f6b28318b743f47378cb7ca35d479)
2002-07-26Clarify this comment.Andrew Bartlett1-0/+3
(This used to be commit d2b4e669aeada9c3498c3a9e49360270def5ad99)
2002-07-24Actually check the return value of the account_policy_get() call.Andrew Bartlett1-5/+4
Andrew Bartlett (This used to be commit a7b0a2334cd8e7234c5bcb284e4c6de7a8e45f98)
2002-07-21Name get and set dir drive functions consistently.Tim Potter4-10/+11
(This used to be commit 290a304d2c1b70d20129236e20a0ff664179023e)
2002-07-21More cleanups, and add a comment/hint not to clean somthing up in future :-)Andrew Bartlett1-0/+3
Andrew Bartlett (This used to be commit 21b0e8f560849be77bde463cf006ea0de54211e9)
2002-07-20More fixes towards warnings on the IRIX compilerAndrew Bartlett1-1/+1
(and yes, some of these are real bugs) In particular, the samr code was doing an &foo of various types, to a function that assumed uint32. If time_t isn't 32 bits long, that broke. They are assignment compatible however, so use that and an intermediate variable. Andrew Bartlett (This used to be commit 30d0998c8c1a1d4de38ef0fbc83c2b763e05a3e6)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell11-858/+1226
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-14addedd new (t)alloc_sub_* functionsSimo Sorce3-13/+13
they will get a const string and return a (t)alloced epanded one. also modified passdb/* stuff to use this one. (This used to be commit d378ac1e2efb0efc9a0f983d69cf678ca6255fd5)