summaryrefslogtreecommitdiff
path: root/source3/utils/pdbedit.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r5349: After talking with Jerry, reverted the addition of account policies toGünther Deschner1-35/+7
passdb in 3_0 (they are still in trunk). Guenther (This used to be commit fdf9bdbbac1d8d4f3b3e1fc7e49c1e659b9301b1)
2007-10-10r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner1-7/+35
Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
2007-10-10r4921: Typo.Jeremy Allison1-2/+2
(This used to be commit 033105376ef4ed7d31ef7cab2442719ed57d29b9)
2007-10-10r4917: Merge some of Derrell.Lipman@UnwiredUniverse.com obvious fixes.Jeremy Allison1-2/+2
Added text explaining units in pdbedit time fields. Jeremy. (This used to be commit 3d09c15d8f06ad06fae362291a6c986f7b6107e6)
2007-10-10r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().Günther Deschner1-3/+3
This allows the ldap-backend to search much more effeciently. Machines will be searched in the ldap_machine_suffix and users in the ldap_users_suffix. (Note that we already use the ldap_group_suffix in ldapsam_setsamgrent for quite some time). Using the specific ldap-bases becomes notably important in large domains: On my testmachine "net rpc trustdom list" has to search through 40k accounts just to list 3 interdomain-trust-accounts, similiar effects show up the non-user query_dispinfo-calls, etc. Also renamed all_machines to only_machines in load_sampwd_entries() since that reflects better what is really meant. Guenther (This used to be commit 6394257cc721ca739bda0e320375f04506913533)
2007-10-10r4153: port from trunk of pdbedit changesSimo Sorce1-7/+82
(This used to be commit 9b322f232c450e9525d5aa3b8267881b94ba4052)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-2/+2
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r1812: Fix from Richard Renard <rrenard@idealx.com> to be able to resetJeremy Allison1-3/+30
a users logon hours restrictions. Jeremy. (This used to be commit 887aa22dc90dd8653a6c9eedf91ce76830d93de6)
2007-10-10r1537: Fix to stop printing accounts from resetting the bas passwordJeremy Allison1-15/+10
and account lockout flags. This is set when an account is updated only from smbd or pdbedit. Bug found by "Dunn, Drew A." <Drew.Dunn@jhuapl.edu>. Jeremy. (This used to be commit bb3a0fa61f5fb74b8fe421260473c07847baeb2b)
2007-10-10r1478: Useful patch from Tom Alsberg <alsbergt@cs.huji.ac.il>, to export a ↵Simo Sorce1-8/+24
single user from a backend. (This used to be commit 083740e74e0790f863c065a20e28f553fdc7d5bd)
2007-10-10r1412: Fix password history list in tdbsam. Fix some memory leaks. AddJeremy Allison1-0/+5
my (C) to a header file that was at least 50% mine :-). Jeremy. (This used to be commit 8ee6060977ec8e65082f3ad09e1e1ccf5b4672ed)
2004-02-23Fix "unable to initialize" bug when smbd hasn't been run withJeremy Allison1-0/+4
new system and a user is being added via pdbedit/smbpasswd. Found at Connectathon setup. Jeremy. (This used to be commit f9c7a42e895f50e15d2f5079bfb2cb389fdf2df4)
2004-02-19Enable checking/resetting of account lockout and bad password based on policyJim McDonough1-3/+17
(This used to be commit bd2e55399c21707d40199e4b519daefd897aadc7)
2004-02-19Add bad password reset and display of bad password count/timeJim McDonough1-3/+25
(This used to be commit 34fe16e445bd9da762cedb0dd0872959f31ecd67)
2004-02-11fix set/getsampwent iterator in tdbsam to use an allocated listGerald Carter1-2/+4
(This used to be commit 8734d91cd7681219f1389e3c41979028eadbb7fe)
2004-01-29more initialization fixesGerald Carter1-0/+41
(This used to be commit 9e590d603547ef1e8388bea66eb5d44e4dfd6412)
2003-11-27Fix for pdbedit error code returns (sorry, forgot who sent in the patch).Jeremy Allison1-2/+11
Jeremy. (This used to be commit 685097bc50a8ef387c5082401858d482329c37bc)
2003-09-21Fix typoJelmer Vernooij1-1/+1
(This used to be commit 37db75fc95aec2510a0ead0c97f44e80b00696d9)
2003-07-22Fixup a bunch of printf-style functions and debugs to use unsigned long whenTim Potter1-3/+4
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings on some of the 64-bit build farm machines as well as help us out when 64-bit uid/gid/pid values come along. (This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
2003-07-22Replace the eight (!) copies of dummy become/unbecome root with a single one.Tim Potter1-15/+0
(This used to be commit 8b818ce381595cdcb36631a2440d6aa0038805f1)
2003-07-11moving more code around.Gerald Carter1-1/+1
* move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
2003-07-10pdbedit should not call idmap anymore. Otherwise pdbedit -L wouldVolker Lendecke1-13/+2
allocate id's. Volker (This used to be commit 0358cc76757e7ef06dada94ec3a73cd90a525ba9)
2003-07-09more compile fixes for become/unbecome_root()Gerald Carter1-0/+15
(This used to be commit f005f1cf12b839f3985ab00315da63c584ce803e)
2003-07-07and so it begins....Gerald Carter1-2/+2
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-07-04This patch cleans up some of our ldap code, for better behaviour:Andrew Bartlett1-0/+6
We now always read the Domain SID out of LDAP. If the local secrets.tdb is ever different to LDAP, it is overwritten out of LDAP. We also store the 'algorithmic rid base' into LDAP, and assert if it changes. (This ensures cross-host synchronisation, and allows for possible integration with idmap). If we fail to read/add the domain entry, we just fallback to the old behaviour. We always use an existing DN when adding IDMAP entries to LDAP, unless no suitable entry is available. This means that a user's posixAccount will have a SID added to it, or a user's sambaSamAccount will have a UID added. Where we cannot us an existing DN, we use 'sambaSid=S-x-y-z,....' as the DN. The code now allows modifications to the ID mapping in many cases. Likewise, we now check more carefully when adding new user entires to LDAP, to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount onto the idmap entry for that user, if it is already established (ensuring we do not duplicate sambaSid entries in the directory). The allocated UID code has been expanded to take into account the space between '1000 - algorithmic rid base'. This much better fits into what an NT4 does - allocating in the bottom part of the RID range. On the code cleanup side of things, we now share as much code as possible between idmap_ldap and pdb_ldap. We also no longer use the race-prone 'enumerate all users' method for finding the next RID to allocate. Instead, we just start at the bottom of the range, and increment again if the user already exists. The first time this is run, it may well take a long time, but next time will just be able to use the next Rid. Thanks to metze and AB for double-checking parts of this. Andrew Bartlett (This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e)
2003-06-27Some const correctness. Stop tdb being used as a remote backend. If anJeremy Allison1-1/+1
idmap backend is specified cause smbd to ask winbindd (use winbindd if you want a consistant remote backend solution). Should work well enough for next beta now... Jeremy. (This used to be commit 8f830c509af5976d988a30f0b0aee4ec61dd97a3)
2003-06-22Found out a good number of NT_STATUS_IS_ERR used the wrong way.Simo Sorce1-2/+2
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK This patch will cure the problem. Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is used correctly, but I'm not 100% sure, coders should check the use of NT_STATUS_IS_ERR() in samba is ok now. Simo. (This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
2003-06-18Ok, this patch removes the privilege stuff we had in, unused, for some time.Simo Sorce1-1/+1
The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-05-29Setting account policy values is done using -C, not -V. Fixes bug #120Jelmer Vernooij1-1/+1
(This used to be commit daf443757b62bd3c254a303d638bfd030b4acd2a)
2003-05-12Fix obvious compiler warnings.Jeremy Allison1-1/+0
Jeremy. (This used to be commit 2a6d0c2481c3c34351e57c30a85004babdbf99b0)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-35/+25
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-05-12Make it possible to actually use --user-SID and --group-SID on a standard ↵Andrew Bartlett1-2/+2
command line. Andrew Bartlett (This used to be commit dd14da756640ba36834a05b9da4759a809c0bb37)
2003-05-10Reverse previous patch from Stefan and me after comments by Andrew BartlettJelmer Vernooij1-3/+0
(This used to be commit d817eaf0ecca2d878ab1ffcf7a747a02d71c811e)
2003-05-10Patch from metze and me that adds dummy smb_register_*() functions soJelmer Vernooij1-0/+3
that is now possible to, for example, load a module which contains an auth method into a binary without the auth/ subsystem built in. (This used to be commit 74d9ecfe2dd7364643d32acb62ade957bd71cd0d)
2003-04-29Use a common function to create the SAM_ACCOUNT being used to add accountsAndrew Bartlett1-12/+4
to the system. This means that we always run Get_Pwnam(), and can never add FOO when foo exists on the system (the idea is to instead add foo into the passdb, using it's full name, RID etc). Andrew Bartlett (This used to be commit bb79b127e02cefae13c822fd0fd165f1f214b740)
2003-04-26back port from HEADSimo Sorce1-5/+74
(This used to be commit f7cfdf20b7b3b7743c0c3af4ff62fdde00e45fdc)
2003-04-14Merge Jelmer's popt updates from HEAD.Tim Potter1-5/+4
(This used to be commit 98e84b3e83d2a365c818ea64f9418edb29d690f2)
2003-03-23Implement abartlet's suggestion to add attribs to ldap if theyVolker Lendecke1-6/+0
are 'SET' when adding the account. I really don't like passing flags down to inner routines and complicated if/else conditions, but this time he might be right. ;-) Volker (This used to be commit 339c14906802db6ddb59f07a0c71dcc3c73cc3d6)
2003-03-23This does two things:Volker Lendecke1-1/+37
* pdbedit -i -e sets all SAM_ACCOUNT elements to CHANGED to satisfy the new pdb_ldap.c handling * pdbedit -g transfers group mappings. I made this separate from the user database, as current installations have to live with a split backend. So, if you are running 3_0 alphas with LDAP as a backend and upgrade to the next 3_0 alpha, you should call pdbedit -i tdbsam -e ldapsam -g to transfer your group mapping database to LDAP. You certainly have to have all your groups as posixGroup objects in LDAP and adapt the LDAP schema before this call. Volker (This used to be commit 09a3db0ffcbbe578788d3dd5ee7540d27cc7c09a)
2003-03-18Jeremy merged across my string parinoia fixes, but forgot to enable them! :-)Andrew Bartlett1-10/+12
This patch catches up on the rest of the work - as much string checking as is possible is done at compile time, and the rest at runtime. Lots of code converted to pstrcpy() etc, and other code reworked to correctly call sizeof(). Andrew Bartlett (This used to be commit c5b604e2ee67d74241ae2fa07ae904647d35a2be)
2003-02-07Invert flag testingVolker Lendecke1-3/+5
(This used to be commit 05397c526d2fad63faee781cc68934c58ee97500)
2003-02-06merge from HEADVolker Lendecke1-4/+22
(This used to be commit 4ef6de20cb62fc2b22c288b4452c09eaf007ae5e)
2003-01-07Fix memory leak. Thanks, Herb!Volker Lendecke1-0/+1
Volker (This used to be commit 434e496289ac21e516b22d91c4f52c0a6674214f)
2003-01-07Merge from HEAD.Volker Lendecke1-4/+14
Volker (This used to be commit 7977a025ae698fb91694e3809985b14e35693e92)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-12/+16
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-12-28Revert by Simo's request. HEAD and 3.0 should be in sync forJeremy Allison1-10/+2
this except for the modules load. Jeremy. (This used to be commit 388cf136488bf92d057d23223dfcda9986681aee)
2002-12-28Patch for coredump with missing arg from "Bradley W. Langhorst" ↵Jeremy Allison1-1/+8
<brad@langhorst.com> Jeremy. (This used to be commit 0958a2ae73345aff42d6cf8ebc248e463949a3ff)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-13/+4
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-11-02Merge passdb from HEAD -> 3.0Andrew Bartlett1-15/+15
The work here includes: - metze' set/changed patch, which avoids making changes to ldap on unmodified attributes. - volker's group mapping in passdb patch - volker's samsync stuff - volkers SAMR changes. - mezte's connection caching patch - my recent changes (fix magic root check, ldap ssl) Andrew Bartlett (This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)
2002-10-28sync with head...Jelmer Vernooij1-19/+13
(This used to be commit 9daaf667543c44f5e6c23f65d39810073bc12211)