summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2002-01-20This is another *BIG* change...Andrew Bartlett21-637/+1267
Samba now features a pluggable passdb interface, along the same lines as the one in use in the auth subsystem. In this case, only one backend may be active at a time by the 'normal' interface, and only one backend per passdb_context is permitted outside that. This pluggable interface is designed to allow any number of passdb backends to be compiled in, with the selection at runtime. The 'passdb backend' paramater has been created (and documented!) to support this. As such, configure has been modfied to allow (for example) --with-ldap and the old smbpasswd to be selected at the same time. This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua. These two backends accept 'non unix accounts', where the user does *not* exist in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to avoid conflicts in the algroitmic mapping of RIDs, they use the values specified in the 'non unix account range' paramter - in the same way as the winbind ranges are specifed. While I was at it, I cleaned up some of the code in pdb_tdb (code copied directly from smbpasswd and not really considered properly). Most of this was to do with % macro expansion on stored data. It isn't easy to get the macros into the tdb, and the first password change will 'expand' them. tdbsam needs to use a similar system to pdb_ldap in this regard. This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I don't have the test facilities for these. I plan to incoroprate at least pdb_ldap into this scheme after consultation with Jerry. Each (converted) passdb module now no longer has any 'static' variables, and only exports 1 init function outside its .c file. The non-unix-account support in this patch has been proven! It is now possible to join a win2k machine to a Samba PDC without an account in /etc/passwd! Other changes: Minor interface adjustments: pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*. pdb_update_sam_account() no longer takes the 'override' argument that was being ignored so often (every other passdb backend). Extra checks have been added in some places. Minor code changes: smbpasswd no longer attempts to initialise the passdb at startup, this is now done on first use. pdbedit has lost some of its 'machine account' logic, as this behaviour is now controlled by the passdb subsystem directly. The samr subsystem no longer calls 'local password change', but does the pdb interactions directly. This allow the ACB_ flags specifed to be transferred direct to the backend, without interference. Doco: I've updated the doco to reflect some of the changes, and removed some paramters no longer applicable to HEAD. (This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20Kill off another ugly wart from the side of the passdb subsystem.Andrew Bartlett8-70/+23
This time its the pdb_getsampwuid() function - which was only being used by the SAMR rpc subsystem to gain a 'user session key'. This 'user session key' is actually generated at login time, and the other changes here simply move that data around. This also means that (when I check some details) we will be able to use the user session key, even when we are not actually the DC, becouse its one of the components of the info3 struct returned on logon. Andrew Bartlett (This used to be commit 799ac01fe08a338e4e94289f5d6767ebf905c1fa)
2002-01-20Fix up an embarrsing bug I introduced when I moved the id21/id23 -> SAM_ACCOUNTAndrew Bartlett1-20/+40
conversion across to the pdb_set...() interface. Now we only set strings that are non-null. This allows Win2k to join the domain again, particularly when using tdbsam. Andrew Bartlett (This used to be commit 6d0b3d051f8f74ea6235173a89e96f5934aff4f3)
2002-01-20Kill off the old varient of 'check_plaintext_password' (new version justAndrew Bartlett2-103/+28
committed in auth/auth_compat.c and use the new version to make the plaintext password change slightly sane... (Needs testing). Andrew Bartlett (This used to be commit 996d0cd89cf9da5e9749f136f013cc4a8b977ee0)
2002-01-20Add a touch of 'const' to some auth components, and move the simple plaintextAndrew Bartlett2-32/+41
password check into its own helper funciton. (This will allow it to be called from other places). Andrew Bartlett (This used to be commit 9e96f438057da21254f40facdd9a31dd20652f35)
2002-01-20Fix a couple of memory leaks in the cli_establish_connection() code's failureAndrew Bartlett1-0/+2
case. Thanks to Nigel Williams <nigel@wednesday.demon.co.uk> for spotting these! Andrew Bartlett (This used to be commit 20e0b562283f75606ac9a36f3f104c6aaa294c40)
2002-01-20This is the current patch from Luke Leighton <lckl@samba-tng.org> to add aAndrew Bartlett9-95/+341
degree of seperation betwen reading/writing the raw NamedPipe SMB packets and the matching operations inside smbd's RPC components. This patch is designed for no change in behaviour, and my tests hold that to be true. This patch does however allow for the future loadable modules interface to specify function pointers in replacement of the fixed state. The pipes_struct has been split into two peices, with smb_np_struct taking the information that should be generic to where the data ends up. Some other minor changes are made: we get another small helper function in util_sock.c and some of the original code has better failure debugs and variable use. (As per on-list comments). Andrew Bartlett (This used to be commit 8ef13cabdddf58b741886782297fb64b2fb7e489)
2002-01-20This patch makes the 'winbind use default domain' code interact better withAndrew Bartlett16-148/+134
smbd, and also makes it much cleaner inside winbindd. It is mostly my code, with a few changes and testing performed by Alexander Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and security=ads, but more testing is always appricatiated. The idea is that we no longer cart around a 'domain\user' string, we keep them seperate until the last moment - when we push that string into a pwent on onto the socket. This removes the need to be constantly parsing that string - the domain prefix is almost always already provided, (only a couple of functions actually changed arguments in all this). Some consequential changes to the RPC client code, to stop it concatonating the two strings (it now passes them both back as params). I havn't changed the cache code, however the usernames will no longer have a double domain prefix in the key string. The actual structures are unchanged - but the meaning of 'username' in the 'rid' will have changed. (The cache is invalidated at startup, so on-disk formats are not an issue here). Andrew Bartlett (This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
2002-01-20Ensure identical between 2.2.3 and 3.0 - no need for difference here..Jeremy Allison1-1/+0
Jeremy. (This used to be commit 7c5c035e417b45acebc3580c4fdc80a7ef3306ce)
2002-01-20Fix file size calculations for write cache code.Jeremy Allison1-5/+41
Jeremy. (This used to be commit 71d647b6c0db8470d6144683c41ab26a7e1ef35e)
2002-01-20Attempt to fix bugs in write cache code (yes I know it's going away :-).Jeremy Allison2-3/+21
Jeremy. (This used to be commit ccda82b457b11ec683f404c9059b02c1214a0fd1)
2002-01-19Readline has problems on non tty fd's. Use readline replacement to in casesJeremy Allison1-31/+32
where stdin is !isatty to allow stripts to work. Jeremy. (This used to be commit 997d6687fc67e98fe561775b522edfaa00f5ee5f)
2002-01-19Added #ifdef for FreeBSD TCP bug.Jeremy Allison1-0/+4
Jeremy. (This used to be commit 80df5ab07e2149e7cc3a4a0a6695da01e8f9492c)
2002-01-19Report write fail in smb_dump.Jeremy Allison1-1/+3
Jeremy. (This used to be commit 832b9e7838afc0a48932dd0622c7e2f7b7e44a8f)
2002-01-19Fix to close winbindd_idmap on exit. Pointed out by Alexander Bokovoy.Jeremy Allison3-0/+10
Jeremy. (This used to be commit 1bd96b3094b530c3426b22b6f891c7fc055e7033)
2002-01-19fixes (asprintf) from 2.2Simo Sorce5-17/+24
(This used to be commit 6b123adda901ff05b0271eeda060297448f64eec)
2002-01-18Don't do tridge's crazy 'am I a trusted domain' lookup for guests.Andrew Bartlett1-9/+12
Andrew Bartlett (This used to be commit 9bfe54a3d484919fe830f9c6ae01f67663974af2)
2002-01-18Ensure (C) message is output on startup.Jeremy Allison2-4/+4
Jeremy. (This used to be commit 7d05175494227bf30d098e04ec91c4f0a7b7184c)
2002-01-18If 127.0.0.1 matches both allow & deny then allow. Patch from Steve Langasek ↵Jeremy Allison1-1/+7
vorlon@netexpress.net Jeremy. (This used to be commit 478696e924a5e562965eb21841198c96500027c4)
2002-01-18This is the 'winbind default domain' patch from Alexander BokovoyAndrew Bartlett10-50/+146
<a.bokovoy@sam-solutions.net>. The idea is the domain\username is rather harsh for unix systems - people don't expect to have to FTP, SSH and (in particular) e-mail with a username like that. This 'corrects' that - but is not without its own problems. As you can see from the changes to files like username.c and wb_client.c (smbd's winbind client code) a lot of assumptions are made in a lot of places about lp_winbind_seperator determining a users's status as a domain or local user. The main change I will shortly be making is to investigate and kill off winbind_initgroups() - as far as I know it was a workaround for an old bug in winbind itself (and a bug in RH 5.2) and should no longer be relevent. I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters to determine a user/groups's 'local' status, rather than the presence of the seperator. As such, this functionality is recommended for servers providing unix services, but is currently less than optimal for windows clients. (TODO: remove all references to lp_winbind_seperator() and lp_winbind_use_default_domain() from smbd) Andrew Bartlett (This used to be commit 07a21fcd2311d2d9b430b99303e3532a8c1159e4)
2002-01-18Tidyup & code refactoring from Martin.Sheppard@csiro.au.Jeremy Allison1-26/+23
Jeremy. (This used to be commit 85da18e46e607aa593b7c55f2c7eddd1c3769673)
2002-01-18Ensure we log tdb open fails. Patch from Alexander Bokovoy ↵Jeremy Allison1-4/+2
<a.bokovoy@sam-solutions.net> Jeremy. (This used to be commit eb99e7f29c2d6041054331425cb245da86bedaa4)
2002-01-18Added prs_mem_clear(). Clear memory on buffer reallocation. That wayJeremy Allison2-11/+19
we're not returning what the client gave us. Jeremy. (This used to be commit 9a969069f132019cdd8a11be2b00356a3f09b64d)
2002-01-18Always clear malloced memory for parse structs.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 6deb4caca5b45f87be84032fe0588db8d73b901a)
2002-01-17A nice *big* change to the fundemental way we do things.Andrew Bartlett19-72/+243
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps them around for a long time - often past the next call... This adds a getpwnam_alloc and a getpwuid_alloc to the collection. These function as expected, returning a malloced structure that can be free()ed with passwd_free(&passwd). This patch also cuts down on the number of calls to getpwnam - mostly by taking advantage of the fact that the passdb interface is already case-insensiteve. With this patch most of the recursive cases have been removed (that I know of) and the problems are reduced further by not using the sys_ interface in the new code. This means that pointers to the cache won't be affected. (This is a tempoary HACK, I intend to kill the password cache entirly). The only change I'm a little worried about is the change to rpc_server/srv_samr_nt.c for private groups. In this case we are getting groups from the new group mapping DB. Do we still need to check for private groups? I've toned down the check to a case sensitve match with the new code, but we might be able to kill it entirly. I've also added a make_modifyable_passwd() function, that copies a passwd struct into the form that the old sys_getpw* code provided. As far as I can tell this is only actually used in the pass_check.c crazies, where I moved the final 'special case' for shadow passwords (out of _Get_Pwnam()). The matching case for getpwent() is dealt with already, in lib/util_getent.c Also included in here is a small change to register the [homes] share at vuid creation rather than just in one varient of the session setup. (This picks up the SPNEGO cases). The home directory is now stored on the vuid, and I am hoping this might provide a saner way to do %H substitions. TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change the remaining sys_getpwnam() callers to use getpwnam_alloc() and move Get_Pwnam to return an allocated struct. Andrew Bartlett (This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
2002-01-17Move the bang (!) command back to the bottom of the list, allowing smbclientAndrew Bartlett1-1/+3
to function again. Add comment to warn anybody that wants to 'Alphabetize' the list to read crh's existing comment on the issue. Andrew Bartlett (This used to be commit d123d79060caf3ad084e733dac02aa2f67bda35f)
2002-01-17Made a debug look nicer.Tim Potter1-1/+2
(This used to be commit aca0edc819e892944c65b3feb60250994a79e88a)
2002-01-17Added some guards.Tim Potter1-0/+4
(This used to be commit 967c68858001cd620d2524d56180497c4b479c6b)
2002-01-17Fixed typo.Tim Potter1-1/+1
(This used to be commit e675d34dbfe1435150faf5af4bb97f01d311f5b0)
2002-01-17fixed a typo in the error map for WRONG_PASSWORDAndrew Tridgell1-1/+1
(This used to be commit fb300e411bb385dcba2c3ca166598a71ed693b35)
2002-01-17don't use O_NONBLOCK in open(). This was added erroneously for kernelAndrew Tridgell1-4/+0
oplocks and really shouldn't be used (This used to be commit c3a83002cfc2e0b5158cae1898eda8bafcb41e48)
2002-01-16Separate out get_user_home_dir() from get_user_home_service_dir().Jeremy Allison4-44/+51
Jeremy. (This used to be commit c1b97226db63daf64359e79083a4754e7c7f8054)
2002-01-16Merged in %S fixes and XX_NOT_CHANGED fixes from 2.2.Jeremy Allison4-27/+67
Jeremy. (This used to be commit 0fcca6c627a5c9c2219ec9714df5e0bc1a44cc29)
2002-01-16Fixup error mapping so we have only one table containing errno -> dos error ↵Jeremy Allison4-66/+48
-> NT STATUS maps. Fixes problem with disk full returning incorrect error. Jeremy. (This used to be commit 16fcbf3c1ccf1d704765653f68395dd596c0d841)
2002-01-16Alphabetize.Jeremy Allison1-3/+3
Jeremy. (This used to be commit 64301bc5f75283c948630d2b78d28e3869db39a2)
2002-01-16Added CIFS UNIX extension code to client.Jeremy Allison3-0/+316
Jeremy. (This used to be commit 794c3e2c76aae57d054e46b185def104ca02977c)
2002-01-16Fix name register bug with non-existent wins server.Jeremy Allison1-32/+29
Jeremy. (This used to be commit 4e41780c21d9a6c056104f952e720a79c830c65e)
2002-01-16At leadt don't lose this - I need to re-sync trans2.c between 2.2.x andJeremy Allison1-27/+66
HEAD soon. Jeremy. (This used to be commit 2f57257558b67b4a5106fece269ce55643464683)
2002-01-16Roll back PSTRING_SANCTIFY patch; just leave non-controversial typeMartin Pool5-59/+30
and constness changes. (This used to be commit cee0ec72746122c962e6c5278a736266a7f2c424)
2002-01-16Quieten some pointer cast warnings.Tim Potter1-3/+4
(This used to be commit 1906903f063de526045be68d19cf39de3c029c6f)
2002-01-16much better support for organisational units in ADS joinAndrew Tridgell3-15/+53
(This used to be commit 7e876057d5e392f85e6fdb0f2c233b0fe76df688)
2002-01-16Roll back PSTR insertion.Martin Pool1-23/+21
Just leave the fstrcpy/pstrcpy bugfix, and conversion to pstr_sprintf rather than manual calculation of length. (This used to be commit e38e7a2bdcf2901359035ac4aa79ebf33599e0c8)
2002-01-16Merge of name_status_find() debugs.Tim Potter1-5/+18
(This used to be commit cfac669017afa763100e335d1516fbed18049e00)
2002-01-15Fix from 2.2. It didn't break on HEAD because it isn't being compiled. Herb?Jim McDonough1-10/+10
(This used to be commit 4fcaec53de18220ff6662f62a1430f67757cdcc5)
2002-01-15Missing assign fix from Bernt Nilsson bkn@ida.liu.se.Jeremy Allison1-1/+1
Jeremy. (This used to be commit adf24a90e8b4d970d71fa8a6854edcf6deff9688)
2002-01-15For some reason I wasn't thinking about failure cases this morning...Andrew Bartlett1-0/+72
Anyway, this makes it slightly sane, but we may decide to smb_panic() here instead. Andrew Bartlett (This used to be commit 724109a33bf2f06bcb97cdd31c0442c6035ff6a6)
2002-01-15Convert to the new pstring interface. This diff is a pretty goodMartin Pool1-26/+29
example of the scope of change the new pstrings would entail: basically inserting PSTR() or FSTR() everywhere you need to coerce one to a char*. It's also a good example of the kind of bug we might catch: on about line 540, we were doing a pstrcpy into an fstring, which might overflow. It's not a problem in this particular case, but it is in general. (This used to be commit 5a403da4a735a8fb8d118a0a67f3a15127152e18)
2002-01-15Split pstring definitions into their own header.Martin Pool2-53/+72
(This used to be commit 04e3082f7d45c1b304adff5a46106136cff0e09e)
2002-01-15Integrate with PSTRING_SANCTIFY.Martin Pool1-4/+4
(This used to be commit 20a03facb6acf6329acc1645d4e9ead863a1a57c)
2002-01-15#ifdef variable that's not used without dmallocMartin Pool1-0/+2
(This used to be commit bf513668cb76fd20b04b8142c86c263280b05bb6)