summaryrefslogtreecommitdiff
path: root/source3/sam
AgeCommit message (Collapse)AuthorFilesLines
2003-06-25Start to instrument this code as I try and track down a nasty bug thatJeremy Allison1-3/+34
causes mapping to dissapear... Jeremy. (This used to be commit bdffc81c9d1eeab26e4dba017a99bb9cc9131493)
2003-06-22Found out a good number of NT_STATUS_IS_ERR used the wrong way.Simo Sorce2-14/+14
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK This patch will cure the problem. Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is used correctly, but I'm not 100% sure, coders should check the use of NT_STATUS_IS_ERR() in samba is ok now. Simo. (This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
2003-06-21This patch fixes some issues with idmap_tdb as raised by bug #181Andrew Bartlett1-91/+115
The idea here is to eliminate the need to *set* the 'HWM' (High Water Mark) in the tdb. Instead, each caller wanting to add an item to the TDB uses the fact that an insert will *fail* if entry already exists. More importantly, this means that we don't need to know the value of the idmap uid/gid values when setting arbitrary entries, which can occur on an smb.conf without such values specified. Then all we need to do is loop until we get an id that will insert. This means that the HWM does not need to be accurate, and we can have IDs allocates safely above the HWM. Setting the HWM to an arbitrary value was racy in the past - now we don't even do it. This patch also adds paranoia in reading the tdb - both the entry, and it's reverse entry must be present. This means that we don't need to 'clean up' after an abnormal failure (which would probably fail too), instead we rely on readers to ignore the half-completed entry. The way this is done will allow SIDs to then allocated an ID when things are normal again. Andrew Bartlett (This used to be commit 74709e159cdcd4dbcf138428a85067b38c4ebe64)
2003-06-21This patch works towards to goal of common code shared between idmap_ldapAndrew Bartlett1-12/+12
and pdb_ldap. So far, it's just a function rename, so that the next patch can be a very simple matter of copying functions, without worrying about what changed in the process. Also removes the 'static' pointers for the rebind procedures, replacing them with a linked list of value/key lookups. (Only needed on older LDAP client libs) Andrew Bartlett (This used to be commit f93167a7e1c56157481a934d2225fe19786a3bff)
2003-06-18Ok, this patch removes the privilege stuff we had in, unused, for some time.Simo Sorce1-1/+1
The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-06-18There's nothing particularly secret in idmap.tdb, so create it withVolker Lendecke1-1/+1
0644 as the other databases. Volker (This used to be commit 5849053930474b1e735f3232995813ef5126ad00)
2003-06-17And more other memory leaks. One new (idmap) and one ancient (groupdb).Volker Lendecke1-0/+1
Volker (This used to be commit 2392f460aeb11f32759e84faf1e7ace73c5db281)
2003-06-17Fix memory leak in idmap. Valgrind is soooo cool.Volker Lendecke1-0/+2
Volker (This used to be commit dcdb6683a7c9d675c23cc2c0295cefec81f469a7)
2003-06-14Add 'net idmap restore'. This restores a broken idmap fileVolker Lendecke1-1/+42
from the output of 'net idmap dump'. 'net idmap dump' now also prints the USER/GROUP HWM. Volker (This used to be commit c0575be936572bb091a77c58361bd3a4fe9549ff)
2003-06-11Sorry idra for messing around with your stuff, but this was obviously notVolker Lendecke1-3/+3
tested. Incrementing HWW_USER while allocating a GROUPID looked somewhat wrong. Volker (This used to be commit d1eac2c75856f8f1dec8d429feb24a5f05fa6ca8)
2003-06-11avoid races in getting high watermarkSimo Sorce1-6/+32
(This used to be commit df0df941d84386a7de5c97149c6c06d01a8720d0)
2003-06-09Fix for crash bug noticed by Luke Howard | PADL Software Pty Ltd | www.padl.com.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 6a07d19b6342e28a4827c16fcc379952bb1808b4)
2003-06-06* break out more common code used between pdb_ldap and idmap_ldapGerald Carter4-84/+188
* remove 'winbind uid' and 'winbind gid' parameters (replaced by current idmap parameter) * create the sambaUnixIdPool entries automatically in the 'ldap idmap suffix' * add new 'ldap idmap suffix' and 'ldap group suffix' parametrer * "idmap backend = ldap" now accepts 'ldap:ldap://server/' format (parameters are passed to idmap init() function (This used to be commit 1665926281ed2be3c5affca551c9d458d013fc7f)
2003-06-05working draft of the idmap_ldap code.Gerald Carter1-192/+254
Includes sambaUnixIdPool objectclass Still needs cleaning up wrt to name space. More changes to come, but at least we now have a a working distributed winbindd solution. (This used to be commit 824175854421f7c27d31ad673a8790dd018ae350)
2003-06-03added idmap_ldap to wrong branch.Gerald Carter1-1/+0
(This used to be commit eafd53a7e7b54ccf2089dc5841ea4291a891ea91)
2003-06-03This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User1-0/+838
used to be commit 7a85a963251c3b26187adbf9ff1b241bc9fbafa2)
2003-06-03initial version of idmap_ldap.c; lots of updates to comeGerald Carter1-0/+838
(This used to be commit 69c84ad06b759da2246b3c00155a43e90f45a7f6)
2003-05-29function() is *NOT* a valid C proto, but C++ only.Jeremy Allison1-1/+1
The correct prototype in C is function(void). Please remember this ! Jeremy. (This used to be commit b6b844a1a23532927b1177b652191ddfa92437e0)
2003-05-29Add smb_register_idmap(). Based on a patch from metzeJelmer Vernooij3-38/+64
(This used to be commit 7e352f5c62c4889bdf2662dded1e74a354890dc7)
2003-05-16add idmap_winbind unless I made a better way to solve SID type for domainSimo Sorce2-0/+156
SIDs (This used to be commit b24c0efc4b363cb0d4ed71588e9617d668c16be9)
2003-05-14syncing LDAP schema changes with Samba_3_0Gerald Carter1-4/+4
(This used to be commit a1326ea34831bf49942f7bcb954999091c3ea820)
2003-05-14*****LDAP schema changes*****Gerald Carter1-4/+4
New objectclass named sambaSamAccount which uses attribute prefaced with the phrase 'samba' to prevent future name clashes. Change in functionality of the 'ldap filter' parameter. This always defaults to "(uid=%u)" now and is and'd with the approriate objectclass depending on whether you are using ldapsam_compat or ldapsam conversion script for migrating from sambaAccount to sambaSamAccount will come next. (This used to be commit 998586e65271daa919e47e1206c0007454cbca66)
2003-05-12Fix compiler warnings.Jeremy Allison1-2/+0
Jeremy. (This used to be commit e12934c67b6aea9e3e449009e159ce6814dcbd11)
2003-05-12Fix obvious compiler warnings.Jeremy Allison1-2/+0
Jeremy. (This used to be commit 2a6d0c2481c3c34351e57c30a85004babdbf99b0)
2003-05-03This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User1-0/+377
used to be commit f1e59906577a59269f1821d9e438fc56278b9dbe)
2003-05-03fixes to *_util.c filesSimo Sorce1-13/+48
add winbindd_passdb backend this makes it possible to have nua accounts on security = user servers to show up in unic through nss_winbind.so the problem is that we do not have group support, so nss group support is not very good at this time (read: totally absent) we NEED group support in passdb (This used to be commit 921215cf4bfbd4d7457f81e181bb1a74a4531ca1)
2003-05-02shouldn't wellknown group be well.. ..WKN_GRP ?Simo Sorce1-1/+1
make a new sam_Account contain our domain by default, windows will complain on logon otherwise. fix stupid typo in idmap_util.c (This used to be commit 21701876dc6c59ebfc51be708a98226a00a764e0)
2003-05-01fix wrong debug messages in idmap_util.cSimo Sorce1-2/+2
correctly handle allocated rids in tdbsam (This used to be commit 7ae6162e1dd668897628c4f7edff508616644d21)
2003-05-01init wellknown in pdbedit tooSimo Sorce1-24/+20
add group mapping mappings to idmap at startup (This used to be commit 62365023db61d5a4fa32845af3db73bce6cb94ea)
2003-05-01proper wellknown sids initialization at startupSimo Sorce1-0/+46
(This used to be commit 568feee8977ee1be210344c8ab1896512894cba2)
2003-05-01This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This ↵cvs2svn Import User2-0/+655
used to be commit a1ffe2a29c0e6be54af09d6647b7f54369d75a1e)
2003-05-01*id_to_*id call reshape to return NTSTATUS errorsSimo Sorce3-102/+128
plus internal fixes 1st stage (This used to be commit 6d036761e565bc93964bb3c939d5b7d78d5778a3)
2003-04-30correctly initiazlize idmap tdb when creationg newSimo Sorce2-94/+168
few fixes to *id_to_*id functions, we don't set the mapping for algoritmic RIDs, they are resolved in the classic way eliminate getpw* calls from tdbsam (This used to be commit 6a7689cf74cd4d5f29e0b12f4bf8ac3051d49157)
2003-04-30auto-init for utility functionsSimo Sorce1-0/+18
(This used to be commit db571a9fd7fbce1c13ed652616ad9725db00b49f)
2003-04-29This is a nice rewrite:Simo Sorce2-16/+19
SAM_ACCOUNT does not have anymore uid and gid fields all the code that used them has been fixed to use the proper idmap calls fix to idmap_tdb for first time idmap.tdb initialization. auth_serversupplied_info structure has now an uid and gid field few other fixes to make the system behave correctly with idmap tested only with tdbsam, but smbpasswd and nisplus should be ok have not tested ldap ! (This used to be commit 6a6f6032467e55aa9b76390e035623976477ba42)
2003-04-29forgot to add the file where things movedSimo Sorce1-0/+189
(This used to be commit 3c2963f8e3f98ecae9fe59336c35000cf4d386c5)
2003-04-29consolidate idmap code in one placeSimo Sorce1-1/+1
(This used to be commit f7041ec5d74475013c839b5ea9ecac10322e5e65)
2003-04-27make winbind use idmap as well.Simo Sorce2-159/+3
change idmap_init call removed ldap backend for winbind idmap, seem it had problems anyway and it have to be reworked to work with idmap without calling winbind code. simo (This used to be commit 9d7d007443fc75264b2764b90f272ffc40c9be6c)
2003-04-26enhancementsSimo Sorce1-5/+27
(This used to be commit ff051e9cf4b468aa9fe7e3f84483571d3d2de556)
2003-04-26add idmap only parameterSimo Sorce1-0/+29
make idmap not map SIDs outside the uid/gid range defined by default this is to keep backward compatibility (This used to be commit bec45093c379915082d7b7f44113f5c17110d123)
2003-04-24Patch from Stefan Metzmacher to add default parameters to the lp_parm()Jelmer Vernooij1-3/+3
smb.conf parameters along with some other small fixes. Binary compatible with older modules. (This used to be commit aa07b12fda732ca19d8dc41cebc7bb09e2549a30)
2003-04-19fixesSimo Sorce2-5/+18
fix debug, add "idmap" string to the list of classes fix idmap, check init failures, and enhance debugging fix idmap_tdb, _do_ init uid and gid low,high states (too bad I missed that before) fix smbd/uid.c, use gid_t for gids and uid_t for uids (This used to be commit bc95de4ebb014080bc70173e7df94c672cea8df6)
2003-04-17seem that someone changed the semanthic of unix_strlower without fixing allSimo Sorce2-5/+8
places where it was used, this caused me segfaults in the last week :( add more debugging in idmap to chase down a problem (This used to be commit 6393105bda12fb3f6211e4f0128aabf588431b49)
2003-04-16NTSTATUS strings are much more use than raw numbers...Andrew Bartlett1-2/+2
(This used to be commit aeaa60c8432fe06ad51bac52f473e5fdc6c00afc)
2003-04-08some more debugging in case of failureSimo Sorce2-3/+4
(This used to be commit 9374f8692f6587b5f773c72b7847b64edeee9614)
2003-04-06fix commitSimo Sorce1-2/+2
(This used to be commit ad1a2ab0d6330a0b0fbce7b30ec5f6f502133921)
2003-04-06This commit make winbindd copy winbindd_idmap.tdb into idmap.tdb on theSimo Sorce2-150/+18
first run if idmap.tdb is not found, and then eventually convert it to the new format. This is done to unify winbind and idmap databases and to make a backup of winbindd_idmap.tdb in case you want to downgrade (of course it will not be updated). This is needed because idmap.tdb contains also local mappings, not only foreign domains mappings. Added some other fixes/improvements Simo. (This used to be commit cf17261519fd8775500f9b9d6caa2bc462e04633)
2003-04-05some more idmapping :)Simo Sorce1-18/+61
(This used to be commit 5ac94535d7b7ce0cc0d44b9a77d6e42ddfd0cd26)
2003-04-04Fixed compiler warning.Tim Potter1-1/+1
(This used to be commit 9c706be7b4417a1dc36866c3bad7a156f30b8af6)
2003-04-02THE Idmap patch :-)Simo Sorce3-85/+170
includes a --with-idmap=no switch to disable idmap usage if you find problems. cosmetic fixes and param aliases to separate winbind from idamp roles. A temporarily remote idmap winbind compatibility backend. As I have time I will further change code to not call directly winbind (partly done but not tested) and a specilized module will be built in place for the current glue hack. The patch has been tested locally in my limited time, the patch is simple and clear and should not reserve problems, if any just disable it. As usual, comments and fisex are welcome :-) Simo. (This used to be commit 02781320476ed1b7ee5d943fa36f9a66ab67f208)