summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2003-04-23This define does not always seem to be present, so define it if need be.Andrew Bartlett1-0/+4
Andrew Bartlett (This used to be commit 007143e2435904d941a62934986ac54e343f4936)
2003-04-23- Merge a memory leak fix from HEADAndrew Bartlett1-11/+16
- change update behaviour for new RIDs: - store the new RID into the SAM_ACCOUNT, so that the caller get's it back automaticly - use this to make the code paths simpiler for the normal 'need_update' code. We must always store a RID if we intend to use the sambaAccount objectClass Andrew Bartlett (This used to be commit 5edeee5116b9c775a1bded1d53cb2b22c7a2765f)
2003-04-23Merge idra's fix for pdb_tdb segfaults from HEAD to 3.0 - sombody changedAndrew Bartlett1-3/+7
unix_strlower semantics. Andrew Bartlett (This used to be commit 93bdd1a2925edb9dea3e85d8b025a65460896c05)
2003-04-22Remove ldapsam_search_one_user_by_uid from pdb_ldap.Andrew Bartlett2-68/+22
sambaAccount requires the rid to be present, and doing this fallback is quite dangerous, becouse it assumes that alorithmic RIDs are in use - which is quite often not the case. Also finish of vl's work on 'use a function pointer, not embedded logic' to tell lower levels that they should/should not attempt to set the user's password into LDAP with the extended operation. Andrew Bartlett (This used to be commit 715d0bd804b6bff4c0b365f98ca196d41ed9c5c4)
2003-04-22This is meant to be initialised to the size of the buffer.Andrew Bartlett1-1/+1
(This used to be commit ca489db7d3d4713401da3627b563af3cbef82c58)
2003-04-22Make pdb_ldap use a random factor in deciding how long we need to sleep.Andrew Bartlett1-7/+22
This might help avoid killing the ldap server when all 100 smbd processes reconnect in pulses... Also, reduces the maximum wait time, as SMB clients will time out after 30 seconds anyway... Andrew Bartlett (This used to be commit 08c5aaae6a92d6ee14f9bf8e3330191718e84edf)
2003-04-22Merge mimir's trusted domain code from HEAD -> 3.0, plus some memoryAndrew Bartlett1-37/+55
leak fixes. (secrets.c portion) Andrew Bartlett (This used to be commit 3ea8fdd0361623b38f30f0b815dc4935e2e17447)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett2-16/+101
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-04-21Default to "passdb.xml" as default output filename instead of "-"Jelmer Vernooij1-1/+1
(This used to be commit dfbd2a2e7a5f0f2713bc48daa24d43b07f187d14)
2003-04-21- Fix modules build of pdb_mysql and pdb_xmlJelmer Vernooij2-9/+3
- Fix typo in script/installswat.sh (This used to be commit 8d2aec7a73d41a9d32c10abd1c8833ebfd41dd77)
2003-04-21Pdb modules are in $libdir/pdb not $libdir/passdbJelmer Vernooij1-1/+1
(This used to be commit 9c9d969c93400d91a12e78635d54e1c5f90efab8)
2003-04-19Address gcc warnings.Volker Lendecke1-1/+5
I could not fix the "passing arg 5 of `ldap_search_s'" completely with gcc -Wall. A non-developer compile does not complain though. Volker (This used to be commit cf923d713305620278e3759599247d3cf7aa0e2f)
2003-04-15Use the new modules system for passdb (merge from HEAD)Jelmer Vernooij9-79/+127
(This used to be commit 1755d5f66221a910863cfc8a197f8d792e6b6e3d)
2003-04-09Fix double free on error and typoJelmer Vernooij1-2/+1
(This used to be commit c131c128e396a944e979992d9a5ac76e8b6e653b)
2003-04-07Merge from HEAD - restore previous behaviour of pdb_unix (auto upgrade toAndrew Bartlett1-0/+1
add on update) (This used to be commit 3ebecc662e0ace4a87153aabe644dcf18969435b)
2003-04-05Ensure we don't segfault if ldap doesn't fill in the ld_error string (merge ↵Andrew Bartlett1-18/+18
from HEAD). Andrew Bartlett (This used to be commit be27fa2986767fca1876ea5f886d9fb4c7000660)
2003-03-30This fixes group updates in LDAP the same way as user updatesVolker Lendecke1-77/+98
are handled, though we assume that always everything needs to be updated in LDAP. PDB_IS_* is not done yet for groups. Do we need it? Volker (This used to be commit 091f8f94486057b33f0409887ba09000a8415f4c)
2003-03-28Try to get meaningful errors out of ldap more often - get the error stringAndrew Bartlett1-11/+38
from the server, not just the error code translation. Andrew Bartlett (This used to be commit 92415441fdc0f7d7c8b338d4cd4bbbba5418f88e)
2003-03-27This is no functional change. It just makes pdb_ldap.c a bitVolker Lendecke1-24/+50
easier to understand by moving the logic for init_ldap_from_sam and friends around. Volker (This used to be commit 09a92984baaee94521d0cacf16daaf0291242b42)
2003-03-25Must have been somewhere else last sunday...Volker Lendecke1-3/+4
Apply metzes patch (hopefully) correctly this time Volker (This used to be commit e52a2d5d49e3c784d5db06bade2c866422258fcc)
2003-03-23Implement abartlet's suggestion to add attribs to ldap if theyVolker Lendecke1-24/+30
are 'SET' when adding the account. I really don't like passing flags down to inner routines and complicated if/else conditions, but this time he might be right. ;-) Volker (This used to be commit 339c14906802db6ddb59f07a0c71dcc3c73cc3d6)
2003-03-23Merge from HEAD:Volker Lendecke1-2/+2
This adds 'ldap delete dn' as the recommended parameter for the 'ldap del only sam attr' functionality. So we are compatiple to the current SuSE patches as well as to TNG... ;-) Volker (This used to be commit 53b5704ff21de6fce097d74dd7f235d3ceccec66)
2003-03-23Metzes change:Volker Lendecke1-4/+9
> Hi Volker, > > if 'displayName' is not available we should fallback to 'cn' for map->nt_name > 'cn' is used as unix group name by nss_ldap. > > and if nt_name is not available we should fail (so does this patch) Volker (This used to be commit 7ae9c2500e3ac5f671d41077327156f1f3767fff)
2003-03-22Never touch complicated if/else/elsif structures :-)Volker Lendecke1-23/+27
This repairs domain join with fully existing wks-account which I broke with my last patch... Volker (This used to be commit bc59912aa10e5000225110e48ad548f19756bed5)
2003-03-22This changes the way we do LDAP updates. We don't use LDAP_MOD_MODIFYVolker Lendecke1-121/+175
anymore, but instead look at what is currently stored in the database. Then we explicitly delete the existing attribute and add the new value if it is not NULL or "". This way we can handle appearing and disappearing attributes quite nicely. This currently breaks pdbedit -o, as this does not set the CHANGED flag on the SAM_ACCOUNT. Jelmer suggested that we set all the fields on CHANGED in context_add_sam_account. This sounds not too unreasonable. Volker (This used to be commit a75015c9ce8246670ee7c7d73df585390696fe95)
2003-03-22Thanks to volker, merge passdb changes from HEAD:Andrew Bartlett5-222/+78
- pdb_guest (including change defaults) - 'default' passdb actions (instead of 'not implemented' stubs in each module) - net_rpc_samsync no longer assumes pdb_unix Andrew Bartlett (This used to be commit 4bec53c8c81019f0f06a93c4df0800bbf7281dd6)
2003-03-22Merge from HEAD - patch from Jianliang Lu <j.lu@tiesse.com> to set theAndrew Bartlett1-0/+11
'minimum password age' during a password SET. Andrew Bartlett (This used to be commit dd6516e2e87cbe6bcbc371756d99ebb3b5617c2b)
2003-03-20Merge from HEADVolker Lendecke1-8/+8
(This used to be commit 62d5a78b024898485f610b5d9db1a6d9a5c68c21)
2003-03-19void function cannot return a value (besides the function called wasHerb Lewis1-1/+1
a void) (This used to be commit 55681422e97ede0ff9446925c7678d6254b13878)
2003-03-19This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User1-0/+129
used to be commit 6f94672d3da070aae0b17f4dcdc6cd119b68d84c)
2003-03-19Put in the new modules system. It's now used by passdb and rpc. I willJelmer Vernooij7-75/+42
put a doc about it in dev-doc later today. (This used to be commit af7bfee0c6902c07fdb8d3abccf4c8d6bab00b5a)
2003-03-19Merge from HEAD.Volker Lendecke1-59/+97
Volker (This used to be commit f42032060812e9bf409042c790e71fefb40ff17a)
2003-03-19Add paramter 'ldap del only sam attr'.Volker Lendecke1-59/+97
This patch is heavily based on a patch by SuSE. Thanks to Guenther Deschner <gd@suse.de> for providing it. Volker (This used to be commit 5eaf9195eefda5ababba85cc0f6d581ff6f0f454)
2003-03-19merge from HEADVolker Lendecke1-0/+1
(This used to be commit 12110a263b5ac65d6b965ccbe19b7be3025f0373)
2003-03-19Hey -- there is an error code NT_STATUS_CANNOT_DELETE :-)Volker Lendecke1-1/+1
(This used to be commit aa9b8382d38346cb3e94ddf2e7caf6d663034579)
2003-03-19If we fail, return an error code :-)Volker Lendecke1-0/+1
Volker (This used to be commit a5218499eb3f0a62cd663a06157591fbb0dfcbef)
2003-03-19Put group mapping into LDAP.Volker Lendecke1-30/+471
Volker (This used to be commit da83d97eb50c3c3a67985e22410842100207431f)
2003-03-19Put group mapping into LDAP.Volker Lendecke1-1/+501
Volker (This used to be commit f0f1518fc450834725902e9cdf33fb8d35f99360)
2003-03-17Merge from HEAD - make winbindd locking sane again:Andrew Bartlett1-18/+2
Original message: This patch attemptes to clean up winbindd's mutex locking. The current locking scheme in winbind is a complete mess - indeed, the next step should be to push the locking into cli_full_connection(), but I'll leave it for now. This patch works on the noted behaviour that 2 parts of the connection process need protection - and independent protection. Tim Potter did some work on this a little while back, verifying the second case. The two cases are: - between connect() and first session setup - during the auth2 phase of the netlogon pipe setup. I've removed the counter on the lock, as I fail to see what it gains us. This patch also adds 'anonymous fallback' to our winbindd -> DC connection. If the authenticated connection fails (wbinfo -A specifed) - say that account isn't trusted by a trusted DC - then we try an anonymous. Both tpot and mbp like the patch. Andrew Bartlett (This used to be commit b5283c00a900393b83f0edb2785c5caf402404eb)
2003-03-17Fix memory leak.Volker Lendecke1-0/+2
Volker (This used to be commit 115cd4b27f84343c7f98622717edda6da4866a6b)
2003-03-17Fix memory leak.Volker Lendecke1-0/+2
Volker (This used to be commit e8975d6e7bdcceb78a83a3446cf1430e1e3f1a72)
2003-03-17Fix invalid SAFE_FREE() of talloc()ed memory.Andrew Bartlett1-3/+0
Andrew Bartlett (This used to be commit 21add5f97d0d112094e34a02e6319991a1d2af4d)
2003-03-14Fresh meat in trusted domains code:Rafal Szczesniak1-30/+47
- packing/unpacking utility functions for trusted domain password struct; can be used to prepare buffer to store in secrets.tdb or (soon) passdb backend - similiar functions for DOM_SID - respectively modified secrets_(fetch|store) routines - new auth mapping code utilising introduced is_trusted_domain function - added tdb (un)packing of single bytes Rafal (This used to be commit 5281ee7e84421b9be746aed2f1718ceaf2a2fe3d)
2003-03-11This patch attemptes to clean up winbindd's mutex locking.Andrew Bartlett1-23/+7
The current locking scheme in winbind is a complete mess - indeed, the next step should be to push the locking into cli_full_connection(), but I'll leave it for now. This patch works on the noted behaviour that 2 parts of the connection process need protection - and independent protection. Tim Potter did some work on this a little while back, verifying the second case. The two cases are: - between connect() and first session setup - during the auth2 phase of the netlogon pipe setup. I've removed the counter on the lock, as I fail to see what it gains us. This patch also adds 'anonymous fallback' to our winbindd -> DC connection. If the authenticated connection fails (wbinfo -A specifed) - say that account isn't trusted by a trusted DC - then we try an anonymous. Both tpot and mbp like the patch. Andrew Bartlett (This used to be commit 0620320002082298a15cbba72bd79aecfc607947)
2003-02-27- Rename 'modules = ' to 'preload modules = 'Jelmer Vernooij1-19/+34
- Add smb_probe_module() - Add init_modules() - Call these functions (This used to be commit f8f21653225792c0001d183c6efe8b7d89a0785d)
2003-02-24Merge doxygen, signed/unsigned, const and other small fixes from HEAD to 3.0.Andrew Bartlett1-7/+4
Andrew Bartlett (This used to be commit 9ef0d40c3f8aef52ab321dc065264c42065bc876)
2003-02-22Fix comment - the other bits of code don't call this any more.Andrew Bartlett1-4/+1
(This used to be commit 523d1429b1072c999d376d2b4e13a1c08349990a)
2003-02-22Remove 'unixsam' from the default passdb backends.Andrew Bartlett7-279/+204
The intention is to remove the muliple passdb backends, but we need the 'guest' account to always be there. If the admin adds the guest account to (say) LDAP, there will only be one backend required for operation. This helps remove some nasty behaviours with adding accounts to the system for both the RPC 'create user' and the SAMSYNC code. Users 'added' with an 'add user/machine' script won't magicly appear, and machine accounts 'pre-added' to unix, but not the smbpasswd file will not cause mayhem. This commit also implements somthing tridge discussed with me, the concept of 'default' passdb operation pointers - so that each backend does not need it's own stub funcitons wrapping the default tdb privilages/group mapping code. This also removes an implicit 'sid->name' and 'name->sid' mapping from our own local SID space, to winbind usernames. When adding mapping for NIS/LDAP non-sam users in future, we need to be careful. Andrew Bartlett (This used to be commit 6f32fa234961a525760a05418a08ec48d22d7617)
2003-02-18This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User1-0/+341
used to be commit c31455779d7948e866fe1916425c3746134dea01)
2003-02-12initial server side privileges implementation, using a tdb. This needs to be ↵Andrew Tridgell1-0/+341
hooked into pdb, and we need some access control on changing privileges. That's next (This used to be commit f4f1f84a6bf1d356ccc83f0ecb135bef4a39619e)