summaryrefslogtreecommitdiff
path: root/source3/sam/idmap_util.c
AgeCommit message (Collapse)AuthorFilesLines
2003-07-22Fixup a bunch of printf-style functions and debugs to use unsigned long whenTim Potter1-4/+4
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings on some of the 64-bit build farm machines as well as help us out when 64-bit uid/gid/pid values come along. (This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
2003-07-11moving more code around.Gerald Carter1-0/+114
* move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
2003-07-07fix some compile problems. Can't get IDMAP_OBJ our of proto.hGerald Carter1-1/+2
just yet. ` (This used to be commit 6f0b5d474a051db512db2f73a8097c80964ec513)
2003-07-07Cleaning up linking issues. sam/idmap*.c only links inGerald Carter1-114/+1
winbindd now. Also removing an unused file. (This used to be commit 688369c23c604e9b6654fcf07190d2e27c1138cf)
2003-07-07and so it begins....Gerald Carter1-110/+27
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-07-05Fixes to our LDAP/vampire codepaths:Andrew Bartlett1-0/+11
- Try better to add the appropriate mapping between UID and SIDs, based on Get_Pwnam() - Look for previous users (lookup by SID) and correctly modify the existing entry in that case - Map the root user to the Admin SID as a 'well known user' - Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update' call on that user. This means that VL's very nice work on atomic LDAP updates now really gets used properly! - This also means that we know the right DN to update, without the extra round-trips to the server. Andrew Bartlett (This used to be commit c7118cb31dac24db3b762fe68ce655b17ea102e0)
2003-07-04Don't allow RIDs (in our domain) below 1000 (or algorithmic rid base) to beAndrew Bartlett1-0/+5
mapped with the rid algorithm. Instead, a uid/gid from the UID/GID range will be allocated for this RID. Andrew Bartlett (This used to be commit 68245e9cfae9a8cb663503301c21498dd9a3a560)
2003-07-04This patch cleans up some of our ldap code, for better behaviour:Andrew Bartlett1-2/+5
We now always read the Domain SID out of LDAP. If the local secrets.tdb is ever different to LDAP, it is overwritten out of LDAP. We also store the 'algorithmic rid base' into LDAP, and assert if it changes. (This ensures cross-host synchronisation, and allows for possible integration with idmap). If we fail to read/add the domain entry, we just fallback to the old behaviour. We always use an existing DN when adding IDMAP entries to LDAP, unless no suitable entry is available. This means that a user's posixAccount will have a SID added to it, or a user's sambaSamAccount will have a UID added. Where we cannot us an existing DN, we use 'sambaSid=S-x-y-z,....' as the DN. The code now allows modifications to the ID mapping in many cases. Likewise, we now check more carefully when adding new user entires to LDAP, to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount onto the idmap entry for that user, if it is already established (ensuring we do not duplicate sambaSid entries in the directory). The allocated UID code has been expanded to take into account the space between '1000 - algorithmic rid base'. This much better fits into what an NT4 does - allocating in the bottom part of the RID range. On the code cleanup side of things, we now share as much code as possible between idmap_ldap and pdb_ldap. We also no longer use the race-prone 'enumerate all users' method for finding the next RID to allocate. Instead, we just start at the bottom of the range, and increment again if the user already exists. The first time this is run, it may well take a long time, but next time will just be able to use the next Rid. Thanks to metze and AB for double-checking parts of this. Andrew Bartlett (This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e)
2003-07-02Fix for idmap startup bug with remote ldap backend.Jeremy Allison1-21/+47
Jeremy. (This used to be commit 16a5461dd36f138a1bb1e3a2b70d4000bba0c980)
2003-06-26Add include guards around idmap.h, change ID_NOMAP to ID_QUERY_ONLYJeremy Allison1-7/+7
and ID_CACHE to ID_CACHE_SAVE. Added locking around tdb writes & deletes for multi-process access. Jeremy. (This used to be commit 5b998cdc1d552234236862f6a2bbae703b0c146e)
2003-06-26Fix immediate bug where the idmap can't tell the difference between an entryJeremy Allison1-1/+1
not being present (and so allocate another) and an entry that is present but of the wrong type. This code still has major problems... Jeremy. (This used to be commit a304bc5ff134df118754d9e8d2b2680b4101e438)
2003-06-25Tought I already done.Simo Sorce1-7/+3
Set back 3.0 to use only winbindd_idmap.tdb as idmap database as told on samba-technical. Tested and working so far. (This used to be commit e154e50fed8968567f75fcd581de2b41914ea2c1)
2003-06-22Found out a good number of NT_STATUS_IS_ERR used the wrong way.Simo Sorce1-5/+5
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK This patch will cure the problem. Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is used correctly, but I'm not 100% sure, coders should check the use of NT_STATUS_IS_ERR() in samba is ok now. Simo. (This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
2003-06-18Ok, this patch removes the privilege stuff we had in, unused, for some time.Simo Sorce1-1/+1
The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-06-17And more other memory leaks. One new (idmap) and one ancient (groupdb).Volker Lendecke1-0/+1
Volker (This used to be commit 2392f460aeb11f32759e84faf1e7ace73c5db281)
2003-05-12Fix obvious compiler warnings.Jeremy Allison1-2/+0
Jeremy. (This used to be commit 2a6d0c2481c3c34351e57c30a85004babdbf99b0)
2003-05-03fixes to *_util.c filesSimo Sorce1-13/+48
add winbindd_passdb backend this makes it possible to have nua accounts on security = user servers to show up in unic through nss_winbind.so the problem is that we do not have group support, so nss group support is not very good at this time (read: totally absent) we NEED group support in passdb (This used to be commit 921215cf4bfbd4d7457f81e181bb1a74a4531ca1)
2003-05-02shouldn't wellknown group be well.. ..WKN_GRP ?Simo Sorce1-1/+1
make a new sam_Account contain our domain by default, windows will complain on logon otherwise. fix stupid typo in idmap_util.c (This used to be commit 21701876dc6c59ebfc51be708a98226a00a764e0)
2003-05-01fix wrong debug messages in idmap_util.cSimo Sorce1-2/+2
correctly handle allocated rids in tdbsam (This used to be commit 7ae6162e1dd668897628c4f7edff508616644d21)
2003-05-01init wellknown in pdbedit tooSimo Sorce1-24/+20
add group mapping mappings to idmap at startup (This used to be commit 62365023db61d5a4fa32845af3db73bce6cb94ea)
2003-05-01proper wellknown sids initialization at startupSimo Sorce1-0/+46
(This used to be commit 568feee8977ee1be210344c8ab1896512894cba2)
2003-05-01*id_to_*id call reshape to return NTSTATUS errorsSimo Sorce1-70/+113
plus internal fixes 1st stage (This used to be commit 6d036761e565bc93964bb3c939d5b7d78d5778a3)
2003-04-30correctly initiazlize idmap tdb when creationg newSimo Sorce1-78/+152
few fixes to *id_to_*id functions, we don't set the mapping for algoritmic RIDs, they are resolved in the classic way eliminate getpw* calls from tdbsam (This used to be commit 6a7689cf74cd4d5f29e0b12f4bf8ac3051d49157)
2003-04-29This is a nice rewrite:Simo Sorce1-10/+4
SAM_ACCOUNT does not have anymore uid and gid fields all the code that used them has been fixed to use the proper idmap calls fix to idmap_tdb for first time idmap.tdb initialization. auth_serversupplied_info structure has now an uid and gid field few other fixes to make the system behave correctly with idmap tested only with tdbsam, but smbpasswd and nisplus should be ok have not tested ldap ! (This used to be commit 6a6f6032467e55aa9b76390e035623976477ba42)
2003-04-29forgot to add the file where things movedSimo Sorce1-0/+189
(This used to be commit 3c2963f8e3f98ecae9fe59336c35000cf4d386c5)