summaryrefslogtreecommitdiff
path: root/source3/passdb
AgeCommit message (Collapse)AuthorFilesLines
2002-08-12Update secrets_fetch_domain_guid to generate and store it if it doesn't exist.Jim McDonough1-2/+11
Only does it for PDCs. (This used to be commit 3543f92c39a80c8b6eb7ca3188b87f0f15896f33)
2002-08-07Add const to a pile of const to *DOM_SID paramaters.Andrew Bartlett5-7/+7
Andrew Bartlett (This used to be commit fd0ebf976eb6e5fc25bc75ff471c69c3f3761e32)
2002-08-06Try to bind with LDAPv3 if possible.Andrew Bartlett1-7/+19
Andrew Bartlett (This used to be commit 0e420878f26bdd19b5defb78a5fe4c31662ec941)
2002-08-05I must have missed this when I was adding 'const' to these earlier...Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit ce6c8a647ca56dcbb60ff898d77c2df297c1fe79)
2002-08-05Try to make this easier to debug - display the username that failed.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 8405bccd4e7a5315e58890ffa5d481031636f88a)
2002-07-31Don't accidenity mess with the wrong domain's sids.Andrew Bartlett1-2/+2
(This used to be commit 0e2207c9c1ce573098f764e85a65c17cc1f1d284)
2002-07-31fixed multi-line strings for portabilityAndrew Tridgell1-2/+2
(This used to be commit 9f9e0cbd2c9920b730286f8bf560dc3415c29aa6)
2002-07-30Add LSA RPC 0x2E, lsa_query_info2. Only level implemented is 0x0c, whichJim McDonough1-0/+32
is netbios and dns domain info. Also add code to set/fetch the domain GUID from secrets.tdb (although set is not yet called by anyone). (This used to be commit 31d7168530ccce2c5e9e7f96464b47f4d9771a25)
2002-07-30Update a pile of Samba's SID lookup code to ensure:Andrew Bartlett1-40/+53
- That we never call winbind recursivly - That we never use an 'algorithmic' RID when we have a fixed uid or gid mapping in either the passdb or the group mapping db. Also, remove restrictions that say 'this domain only'. If we have a mapping configured, allow it to be returned. If we later decide certian mappings are invalid, then we sould put that in the code that actually does the map. Allow 'sid->name' transtations on the fixed 'well known' groups for NT, even if they are not represented by Unix groups yet. Andrew Bartlett (This used to be commit d5bafb224337e393420c2ce9c0a787405314713c)
2002-07-30These are not critical errors, they should not be a level 0.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit 082c0324cde38fadd70934a10849c7d40a34e3b1)
2002-07-28found nasty bug in intl/lang_tdb.c tdb structure was not tested to not be ↵Simo Sorce1-1/+1
null before close this one fixes swat not working with browsers that set more then one language. along the way implemented language priority in web/neg_lang.c with bubble sort also changet str_list_make to be able to use a different separator string Simo. (This used to be commit 69765e4faa8aaae74c97afc917891fc72d80703d)
2002-07-27Update the rebind code in pdb_ldap.Andrew Bartlett1-34/+114
I've still not tested this, but I didn't test the last lot and I'm pretty sure I stuffed it up - but at least this rebind procedure matches the function prototype. It should also be fine on OpenLDAP 2.1 if I'm lucky. Andrew Bartlett (This used to be commit 064f269508d05cc833cf7bfd5613e4fe389f32dc)
2002-07-26fix parameters for ldap_set_rebind_proc() from OpenLDAP 2.1Gerald Carter1-2/+7
(This used to be commit a6725d4ce95ca8807ccefe4ce033b45d0635da6d)
2002-07-26(another patch from mimir)Andrew Bartlett1-2/+17
Add some debugging info to the secrets code. We might review what debug level that should be at, but it's fine for now. Andrew Bartlett (This used to be commit 2b6a318d686ac0b08a30844bf2960703b06d5c90)
2002-07-26Mimir has been busy with patches again, and sent in the followingAndrew Bartlett1-1/+1
patches: Andrew Bartlett From his e-mail: Below I attach the following patches as a result of my work on trusted domains support: 1) srv_samr_nt.c.diff This fixes a bug which caused to return null string as the first entry of enumerated accounts list (no matter what entry, it was always null string and rid) and possibly spoiled further names, depeding on their length. I found that while testing my 'net rpc trustdom list' against nt servers and samba server. 2) libsmb.diff Now, fallback to anonymous connection works correctly. 3) smbpasswd.c.diff Just a little fix which actually allows one to create a trusting domain account using smbpasswd 4) typos.diff As the name suggests, it's just a few typos fix :) (This used to be commit 888d595fab4f6b28318b743f47378cb7ca35d479)
2002-07-26Clarify this comment.Andrew Bartlett1-0/+3
(This used to be commit d2b4e669aeada9c3498c3a9e49360270def5ad99)
2002-07-24Actually check the return value of the account_policy_get() call.Andrew Bartlett1-5/+4
Andrew Bartlett (This used to be commit a7b0a2334cd8e7234c5bcb284e4c6de7a8e45f98)
2002-07-21Name get and set dir drive functions consistently.Tim Potter4-10/+11
(This used to be commit 290a304d2c1b70d20129236e20a0ff664179023e)
2002-07-21More cleanups, and add a comment/hint not to clean somthing up in future :-)Andrew Bartlett1-0/+3
Andrew Bartlett (This used to be commit 21b0e8f560849be77bde463cf006ea0de54211e9)
2002-07-20More fixes towards warnings on the IRIX compilerAndrew Bartlett1-1/+1
(and yes, some of these are real bugs) In particular, the samr code was doing an &foo of various types, to a function that assumed uint32. If time_t isn't 32 bits long, that broke. They are assignment compatible however, so use that and an intermediate variable. Andrew Bartlett (This used to be commit 30d0998c8c1a1d4de38ef0fbc83c2b763e05a3e6)
2002-07-14addedd new (t)alloc_sub_* functionsSimo Sorce3-13/+13
they will get a const string and return a (t)alloced epanded one. also modified passdb/* stuff to use this one. (This used to be commit d378ac1e2efb0efc9a0f983d69cf678ca6255fd5)
2002-07-14Fix up a botched prevoius commit.Andrew Bartlett1-11/+10
The idea here is to allow invalid LM passwords in otherwise valid accounts. This happens when we create an account without a password, for example. Previously we would stop at the LM password, and not read things like the account flags correctly. Now we process the record, and just set the password to NULL. (Note, 'no password for access' is decided only on the basis of the Account Control bits, not on the 'NULL' value of the password feild.). Andrew Bartlett (This used to be commit c590e0c970b5babf370924cef51530e5e215eaf2)
2002-07-13Make smbpasswd behave like all the other backends, where a NULL or invalidAndrew Bartlett1-7/+4
LM password isn't anything special. All the users check the ACB nowadays, and this allows us to correctly return flags set via usermgr. Andrew Bartlett (This used to be commit 89eb765d398de7654ba6bac7c51df727830c2591)
2002-07-10If we get a SID from group mapping, no need to check it's prefix.Andrew Bartlett1-6/+6
Just set it directly. Andrew Bartlett (This used to be commit 202202bc475f3b8500423b1a9ccf0adc80a4dc49)
2002-07-05Fix debug comment.Andrew Bartlett1-1/+1
(This used to be commit f32980c807adf8287436be0d5a223b9b1ce399b8)
2002-07-03Break up the passdb objects (to allow RPC clients to link without brining inAndrew Bartlett3-191/+104
*.o) and implment new enum_dom_users code in the SAMR RPC subsystem. Incresingly, we are using the pdb_get_{user,group}_sid() functions, in the eventual hope that we might one day support muliple domains off a single passdb. To extract the RID, we use sid_peek_check_rid(), and supply an 'expected' domain SID. The id21 -> SAM_ACCOUNT and id23 -> SAM_ACCOUNT code has been moved to srv_samr_util.c, to ease linking in passdb users. Compatiblity code that uses 'get_global_sam_sid()' for the 'expected' sid is in pdb_compat.c Andrew Bartlett (This used to be commit 5a2a6f1ba316489d118a8bdd9551b155226de94f)
2002-07-03Fix the spelling in the LDAP attributesAndrew Bartlett1-2/+2
(This used to be commit dab26f8891a77640ce382ce1785ca5dd22d43c22)
2002-07-01used findstatic.pl to make some variables static and remove some deadAndrew Tridgell1-1/+1
code (This used to be commit 91ad9041e9507d36eb3f40c23c5d4df61f139ef0)
2002-06-26Another bug fix from metze.Andrew Bartlett1-1/+1
(This used to be commit 5c754cef19c9580e2cb1e23152a1097d11ca8c60)
2002-06-22Add module versioning to the passdb module systemAndrew Bartlett2-2/+18
All passdb modules need to include a 'magic' macro that creates simple 'return my version number' function. (from metze and jelmer) Also fix up the dir_drive autosubsitute code to correctly use lp_logon_drive(). (from metze) Andrew Bartlett (This used to be commit 4a57c445dd4354034fc41b132a484afe6ab66e16)
2002-06-17compile warngin fixes merged from 2.2Gerald Carter1-1/+1
(This used to be commit 29874f4b8fecdc7cbd84d656dafce54cca49e0b1)
2002-06-15Rework much of the service.c code:Andrew Bartlett1-2/+2
The aim of this execise is to give the 'security>=user' code a straight paper path. Security=share will sill call authorise_login(), but otherwise we avoid that mess. This allow *much* more accurate error code reporting, beocuse we don't start pretending that we can use the (nonexistant) password etc. Also in this patch is code to create the 'homes' share at session setup time (as we have done in the past - been broken recently) and to record this on the user's vuser struct for later reference. The changes here should also allow for much better use of %H (some more changes to come here). The service.c changes move a lot of code around, but are not as drastric as they look... (Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not '*total_entries' was compared). This code is needs testing, but passes my basic tests. I expect we have lost some functionality, but the stuff I had expected to loose was already broken before I started. In particular, we don't 'fall back' to guest if the user cannot access a share (for security=user). If you want this kind of stuff then you really want security=share anyway. Andrew Bartlett (This used to be commit 4c0cbcaed95231f8cf11edb43f6adbec9a0d0b5c)
2002-06-14moved lp_list_* functions away from param/loadparm.c, put int lib/util_str.cSimo Sorce1-2/+2
and renamed to str_list_* as it is a better name. Elrond should be satisfied now :) (This used to be commit 4ae260adb9505384fcccfb4c9929cb60a45f2e84)
2002-06-14Allow non unix accounts to be added to an ldap directory without NUA accountsAndrew Bartlett1-0/+4
already. Andrew Bartlett (This used to be commit a5d5b4cf2555b9bbded31b556d4fc74c00c6c490)
2002-06-14Patch from ctrlsoft to use the pdb_sethexpwd function in smbpasswd - insteadAndrew Bartlett1-48/+7
of implementing it twice inline. This code is complex - but occasionally I get the feeling that people made it more complext than it really needed to be... Andrew Bartlett (This used to be commit 273d518e52a83eca466c134531dd12825fe3cbdb)
2002-06-14It looks like we never tested the 'cleanup' code, so when I triggered itAndrew Bartlett2-12/+20
(invalid passdb backends smb.conf entry) we picked up a few things :-). Andrew Bartlett (This used to be commit dfa98ae0ac195956490ca2f4140a8eff1566095e)
2002-06-14Some updates from ctrlsoft <jelmer@nl.linux.org> to return failure if *any* ofAndrew Bartlett1-19/+20
the passdb backends fail to load (is this the right way? - I think so). Also, I've added some more comments, cleaned up some style etc. (This used to be commit c8c490bcb84df43be38bdcb48067fec12331e358)
2002-06-14Debug fixes from ctrlsoftAndrew Bartlett1-2/+2
(This used to be commit 27e34d4e63adc6d6ad63857d2a17595b7cff52db)
2002-06-14Convenience function to allow a SID to be specified as a string.Andrew Bartlett1-3/+46
(for use in passdb modules like pdb_xml or a new pdb_ldap that stores sids etc.) Andrew Bartlett (This used to be commit c70b2c4fb72f251a14e0fc88b6520d69a0889bc2)
2002-06-14Patch from ctrlsoft to make the pluggable passdb subsystem use an lp_listAndrew Bartlett3-30/+43
rather than a string when configuring mulitple backends. Also adjust some of the users of get_global_sam_sid() to cope with the fact that it just might not exist (uninitialised, can't access secrets.tdb). More places need conversion. Add some const and remove silly casts. Andrew Bartlett (This used to be commit c264bf2ec93037d2a9927c00295fa60c88b7219d)
2002-06-14Add const, kill of useless casts and therefore eliminate warnings.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 29490f214750acd44cee6c4ab1354722d82d853a)
2002-06-13Latest patch from metze <metze@metzemix.de> to move most of samba acrossAndrew Bartlett7-84/+136
to using SIDs instead of RIDs. The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument. The idea here is to prevent mistakes where the SID is implict, but isn't the same one that we have in the struct. Andrew Bartlett (This used to be commit 04f9a8ff4c7982f6597c0f6748f85d66d4784901)
2002-06-07Fix commentAndrew Bartlett1-1/+1
(This used to be commit 1996bcbe6acae49e191363ee122b30e4e5d5e8a9)
2002-06-07Globally replace 'global_sam_sid' with get_global_sam_sid(), a selfAndrew Bartlett3-36/+50
initialising function. This patch thanks to the work of "Stefan (metze) Metzmacher" <metze@metzemix.de> This is partly to enable the transition to SIDs in the the passdb. Andrew Bartlett (This used to be commit 96afea638e15d4cbadc57023a511094a770c6adc)
2002-06-07Move the code from lib/util_sid.c that deals with the global_sam_sid intoAndrew Bartlett1-0/+280
a file that is linked with the passdb. This is to avoid linking insanity when this global becomes a self-initing function. (This used to be commit 743afd96cb54b4966e3afad11ea987f968b98651)
2002-05-26change: pdb_getsampwrid() ->pdb_getsampwsid()Simo Sorce7-14/+49
passdb interface change, now the passdb modules will be asked for SID not for rid, the modules have been updated with a passthrough function that calls the old getsampwrid() functions. srv_samr_nt.c functions that made use of the pdb_getsampwrid funcion has been updated to use the SID one. (This used to be commit f5c6496c33fa7f5c2826540ffb4a49d8a5790fb3)
2002-05-25Only reterive the attributes we are actually going to use - rather thanAndrew Bartlett1-3/+14
the whole record which could include things like photos's etc. Andrew Bartlett (This used to be commit bbc69545516f29cc4e05ba6238b03eb504f28226)
2002-05-25Remove unused variable, fix functions to match prototypes in the variousAndrew Bartlett1-6/+5
structs. Andrew Bartlett (This used to be commit 57097bf1ba10566389266a4863899a7f25cdbb43)
2002-05-24Some of the updates from ctrlsoft's 'Various' patch:Andrew Bartlett1-17/+18
- convert net to popt - convert status to popt - adapt examples/pdb/ to multiple passdb system - add dynamic debug class example to examples/pdb/ and some reformatting to better match the samba coding style. Andrew Bartlett (This used to be commit 2498bc69d4e5c38ec385f640489daa94c508c726)
2002-05-24Make function match the defintion require for assignment as a functionAndrew Bartlett1-1/+1
pointer. (This used to be commit 38012edaca4c181f3d3a9e9df4fc434bba78f9dc)