summaryrefslogtreecommitdiff
path: root/source3/utils/pdbedit.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r13679: Commiting the rm_primary_group.patch posted on samba-technicalGerald Carter1-59/+24
* ignore the primary group SID attribute from struct samu* * generate the primary group SID strictlky from the Unix primary group when dealing with passdb users * Fix memory leak in original patch caused by failing to free a talloc * * add wrapper around samu_set_unix() to prevent exposing the create BOOL to callers. Wrappers are samu_set_unix() and samu-allic_rid_unix() (This used to be commit bcf269e2ec6630b78d909010fabd3b69dd6dda84)
2007-10-10r13607: Fix compile - don't ref auto variable in a structure initialization.Jeremy Allison1-1/+1
Fix from Richard Bollinger <rabollinger@gmail.com>. Jeremy. (This used to be commit 02da5189f1c2a07a7ac02cf51e23782f70829f34)
2007-10-10r13590: * replace all pdb_init_sam[_talloc]() calls with samu_new()Gerald Carter1-12/+33
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix() (This used to be commit 6f1afa4acc93a07d0ee9940822d7715acaae634f)
2007-10-10r13576: This is the beginnings of moving the SAM_ACCOUNT data structureGerald Carter1-25/+25
to make full use of the new talloc() interface. Discussed with Volker and Jeremy. * remove the internal mem_ctx and simply use the talloc() structure as the context. * replace the internal free_fn() with a talloc_destructor() function * remove the unnecessary private nested structure * rename SAM_ACCOUNT to 'struct samu' to indicate the current an upcoming changes. Groups will most likely be replaced with a 'struct samg' in the future. Note that there are now passbd API changes. And for the most part, the wrapper functions remain the same. While this code has been tested on tdb and ldap based Samba PDC's as well as Samba member servers, there are probably still some bugs. The code also needs more testing under valgrind to ensure it's not leaking memory. But it's a start...... (This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-2/+2
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13525: This is only a cleanup to have the memset() and SAFE_FREE() only oneLars Müller1-8/+9
time in the code. Even if we now have an additional if statement after the free I prefer this solution in opposite to the duplicated code we had before. (This used to be commit 4272419b1146b1c03e070655f3a31d027c00ad20)
2007-10-10r13524: Add -t|--password-from-stdin option to pdbedit as we had with Samba 2.2.Lars Müller1-10/+10
This fixes bug #1386. The initial changes had been made by Carsten Höger <choeger at open-xhange dot com> for Samba 2.2 while being at SuSE. *sigh* To not duplicate code from smbpasswd in pdbedit stdin_new_passwd() and get_pass() are moved from smbpasswd to utils/passwd_util.c. (This used to be commit dbdc5ba497c6010dbad47c9d77fc8bec5557a328)
2007-10-10r13517: Fix typo -- thanks to Karolin Seeger <ks@sernet.de>Volker Lendecke1-1/+1
(This used to be commit d0efb435e51ee4d5454b55aee1596355ecc4a2c6)
2007-10-10r13460: by popular demand....Gerald Carter1-159/+26
* remove pdb_context data structure * set default group for DOMAIN_RID_GUEST user as RID 513 (just like Windows) * Allow RID 513 to resolve to always resolve to a name * Remove auto mapping of guest account primary group given the previous 2 changes (This used to be commit 7a2da5f0cc05c1920c664c9a690a23bdf854e285)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-5/+5
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13212: r12414@cabra: derrell | 2006-01-28 17:52:17 -0500Derrell Lipman1-1/+1
lp_load() could not be called multiple times to modify parameter settings based on reading from multiple configuration settings. Each time, it initialized all of the settings back to their defaults before reading the specified configuration file. This patch adds a parameter to lp_load() specifying whether the settings should be initialized. It does, however, still force the settings to be initialized the first time, even if the request was to not initialize them. (Not doing so could wreak havoc due to uninitialized values.) (This used to be commit f2a24de769d1b2266e576597c57a8e3b1e2a2b51)
2007-10-10r13136: Fix handling user sid and user gidSimo Sorce1-2/+4
(This used to be commit 65d5abda68fa0cacbff489ea1e4bfeffd58c83cb)
2007-10-10r12555: Fix more load_case_table swegfaults. Arggg.Jeremy Allison1-0/+2
What I'd give for a global constructor... Jeremy. (This used to be commit c970d7d0a5ba225465dfb0980989b8817b17c643)
2007-10-10r12398: adding Guenther's account policy migration fixGerald Carter1-1/+50
(This used to be commit be32f10609f2274903cb3b2c6b84c9aa62962151)
2007-10-10r11327: Make user domain settable by pdbeditVolker Lendecke1-2/+9
(This used to be commit 37267d5ab018bb6df9e297ea68e57deb9a908f28)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison1-1/+1
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-9/+37
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r9272: Patch for fixing unused variables warning from Jason Mader. FixesTim Potter1-6/+6
bugzilla #2984. (This used to be commit 7d8dd97c3d978a326ab8b1506d327082933eebae)
2007-10-10r7882: Looks like a large patch - but what it actually does is make SambaJeremy Allison1-2/+2
safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a)
2007-10-10r5909: Remove some unecessary casts. Patch from Jason Mader for bugzill #2468.Tim Potter1-1/+1
(This used to be commit ede9fd08cf0ce04528f73c74e2345ba46d26f1e2)
2007-10-10r5862: And some more constVolker Lendecke1-1/+1
(This used to be commit dc442ea7a0eed0a496522dd518bc53bc9304b705)
2007-10-10r5790: Added ability to set account description.John Terpstra1-2/+8
(This used to be commit df6f0815af0171a47483f2f3d347d350704a012f)
2007-10-10r5349: After talking with Jerry, reverted the addition of account policies toGünther Deschner1-35/+7
passdb in 3_0 (they are still in trunk). Guenther (This used to be commit fdf9bdbbac1d8d4f3b3e1fc7e49c1e659b9301b1)
2007-10-10r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner1-7/+35
Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
2007-10-10r4921: Typo.Jeremy Allison1-2/+2
(This used to be commit 033105376ef4ed7d31ef7cab2442719ed57d29b9)
2007-10-10r4917: Merge some of Derrell.Lipman@UnwiredUniverse.com obvious fixes.Jeremy Allison1-2/+2
Added text explaining units in pdbedit time fields. Jeremy. (This used to be commit 3d09c15d8f06ad06fae362291a6c986f7b6107e6)
2007-10-10r4847: Hand over a acb_mask to pdb_setsampwent in load_sampwd_entries().Günther Deschner1-3/+3
This allows the ldap-backend to search much more effeciently. Machines will be searched in the ldap_machine_suffix and users in the ldap_users_suffix. (Note that we already use the ldap_group_suffix in ldapsam_setsamgrent for quite some time). Using the specific ldap-bases becomes notably important in large domains: On my testmachine "net rpc trustdom list" has to search through 40k accounts just to list 3 interdomain-trust-accounts, similiar effects show up the non-user query_dispinfo-calls, etc. Also renamed all_machines to only_machines in load_sampwd_entries() since that reflects better what is really meant. Guenther (This used to be commit 6394257cc721ca739bda0e320375f04506913533)
2007-10-10r4153: port from trunk of pdbedit changesSimo Sorce1-7/+82
(This used to be commit 9b322f232c450e9525d5aa3b8267881b94ba4052)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-2/+2
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r1812: Fix from Richard Renard <rrenard@idealx.com> to be able to resetJeremy Allison1-3/+30
a users logon hours restrictions. Jeremy. (This used to be commit 887aa22dc90dd8653a6c9eedf91ce76830d93de6)
2007-10-10r1537: Fix to stop printing accounts from resetting the bas passwordJeremy Allison1-15/+10
and account lockout flags. This is set when an account is updated only from smbd or pdbedit. Bug found by "Dunn, Drew A." <Drew.Dunn@jhuapl.edu>. Jeremy. (This used to be commit bb3a0fa61f5fb74b8fe421260473c07847baeb2b)
2007-10-10r1478: Useful patch from Tom Alsberg <alsbergt@cs.huji.ac.il>, to export a ↵Simo Sorce1-8/+24
single user from a backend. (This used to be commit 083740e74e0790f863c065a20e28f553fdc7d5bd)
2007-10-10r1412: Fix password history list in tdbsam. Fix some memory leaks. AddJeremy Allison1-0/+5
my (C) to a header file that was at least 50% mine :-). Jeremy. (This used to be commit 8ee6060977ec8e65082f3ad09e1e1ccf5b4672ed)
2004-02-23Fix "unable to initialize" bug when smbd hasn't been run withJeremy Allison1-0/+4
new system and a user is being added via pdbedit/smbpasswd. Found at Connectathon setup. Jeremy. (This used to be commit f9c7a42e895f50e15d2f5079bfb2cb389fdf2df4)
2004-02-19Enable checking/resetting of account lockout and bad password based on policyJim McDonough1-3/+17
(This used to be commit bd2e55399c21707d40199e4b519daefd897aadc7)
2004-02-19Add bad password reset and display of bad password count/timeJim McDonough1-3/+25
(This used to be commit 34fe16e445bd9da762cedb0dd0872959f31ecd67)
2004-02-11fix set/getsampwent iterator in tdbsam to use an allocated listGerald Carter1-2/+4
(This used to be commit 8734d91cd7681219f1389e3c41979028eadbb7fe)
2004-01-29more initialization fixesGerald Carter1-0/+41
(This used to be commit 9e590d603547ef1e8388bea66eb5d44e4dfd6412)
2003-11-27Fix for pdbedit error code returns (sorry, forgot who sent in the patch).Jeremy Allison1-2/+11
Jeremy. (This used to be commit 685097bc50a8ef387c5082401858d482329c37bc)
2003-09-21Fix typoJelmer Vernooij1-1/+1
(This used to be commit 37db75fc95aec2510a0ead0c97f44e80b00696d9)
2003-07-22Fixup a bunch of printf-style functions and debugs to use unsigned long whenTim Potter1-3/+4
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings on some of the 64-bit build farm machines as well as help us out when 64-bit uid/gid/pid values come along. (This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
2003-07-22Replace the eight (!) copies of dummy become/unbecome root with a single one.Tim Potter1-15/+0
(This used to be commit 8b818ce381595cdcb36631a2440d6aa0038805f1)
2003-07-11moving more code around.Gerald Carter1-1/+1
* move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
2003-07-10pdbedit should not call idmap anymore. Otherwise pdbedit -L wouldVolker Lendecke1-13/+2
allocate id's. Volker (This used to be commit 0358cc76757e7ef06dada94ec3a73cd90a525ba9)
2003-07-09more compile fixes for become/unbecome_root()Gerald Carter1-0/+15
(This used to be commit f005f1cf12b839f3985ab00315da63c584ce803e)
2003-07-07and so it begins....Gerald Carter1-2/+2
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-07-04This patch cleans up some of our ldap code, for better behaviour:Andrew Bartlett1-0/+6
We now always read the Domain SID out of LDAP. If the local secrets.tdb is ever different to LDAP, it is overwritten out of LDAP. We also store the 'algorithmic rid base' into LDAP, and assert if it changes. (This ensures cross-host synchronisation, and allows for possible integration with idmap). If we fail to read/add the domain entry, we just fallback to the old behaviour. We always use an existing DN when adding IDMAP entries to LDAP, unless no suitable entry is available. This means that a user's posixAccount will have a SID added to it, or a user's sambaSamAccount will have a UID added. Where we cannot us an existing DN, we use 'sambaSid=S-x-y-z,....' as the DN. The code now allows modifications to the ID mapping in many cases. Likewise, we now check more carefully when adding new user entires to LDAP, to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount onto the idmap entry for that user, if it is already established (ensuring we do not duplicate sambaSid entries in the directory). The allocated UID code has been expanded to take into account the space between '1000 - algorithmic rid base'. This much better fits into what an NT4 does - allocating in the bottom part of the RID range. On the code cleanup side of things, we now share as much code as possible between idmap_ldap and pdb_ldap. We also no longer use the race-prone 'enumerate all users' method for finding the next RID to allocate. Instead, we just start at the bottom of the range, and increment again if the user already exists. The first time this is run, it may well take a long time, but next time will just be able to use the next Rid. Thanks to metze and AB for double-checking parts of this. Andrew Bartlett (This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e)
2003-06-27Some const correctness. Stop tdb being used as a remote backend. If anJeremy Allison1-1/+1
idmap backend is specified cause smbd to ask winbindd (use winbindd if you want a consistant remote backend solution). Should work well enough for next beta now... Jeremy. (This used to be commit 8f830c509af5976d988a30f0b0aee4ec61dd97a3)
2003-06-22Found out a good number of NT_STATUS_IS_ERR used the wrong way.Simo Sorce1-2/+2
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK This patch will cure the problem. Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is used correctly, but I'm not 100% sure, coders should check the use of NT_STATUS_IS_ERR() in samba is ok now. Simo. (This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
2003-06-18Ok, this patch removes the privilege stuff we had in, unused, for some time.Simo Sorce1-1/+1
The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)