summaryrefslogtreecommitdiffstats
path: root/source/passdb
Commit message (Collapse)AuthorAgeFilesLines
* Quick hack to get around the inadequacy of pdb_smbpasswd. This should make theAndrew Bartlett2002-08-171-1/+1
| | | | | | build farm happy again, and allow the 'guest account' to be added to smbpasswd. Andrew Bartlett
* Rework the 'guest account get's RID 501' code again...Andrew Bartlett2002-08-172-46/+57
| | | | | | | | | | This moves it right into the passdb subsystem, where we can do this in just one (or 2) places. Due to the fact that this code can be in a tight loop, I've had to make 'guest account' a 'const' paramater, where % macros cannot be used. In any case, if the 'guest account' varies, we are in for some nasty cases in the other code, so it's useful anyway. Andrew Bartlett
* Make the 'guest account' always have a RID of DOMAIN_USER_RID_GUEST.Andrew Bartlett2002-08-161-6/+20
| | | | Andrew Bartlett
* Update secrets_fetch_domain_guid to generate and store it if it doesn't exist.Jim McDonough2002-08-121-2/+11
| | | | Only does it for PDCs.
* Add const to a pile of const to *DOM_SID paramaters.Andrew Bartlett2002-08-075-7/+7
| | | | Andrew Bartlett
* Try to bind with LDAPv3 if possible.Andrew Bartlett2002-08-061-7/+19
| | | | Andrew Bartlett
* I must have missed this when I was adding 'const' to these earlier...Andrew Bartlett2002-08-051-1/+1
| | | | Andrew Bartlett
* Try to make this easier to debug - display the username that failed.Andrew Bartlett2002-08-051-1/+1
| | | | Andrew Bartlett
* Don't accidenity mess with the wrong domain's sids.Andrew Bartlett2002-07-311-2/+2
|
* fixed multi-line strings for portabilityAndrew Tridgell2002-07-311-2/+2
|
* Add LSA RPC 0x2E, lsa_query_info2. Only level implemented is 0x0c, whichJim McDonough2002-07-301-0/+32
| | | | | is netbios and dns domain info. Also add code to set/fetch the domain GUID from secrets.tdb (although set is not yet called by anyone).
* Update a pile of Samba's SID lookup code to ensure:Andrew Bartlett2002-07-301-40/+53
| | | | | | | | | | | | | | | - That we never call winbind recursivly - That we never use an 'algorithmic' RID when we have a fixed uid or gid mapping in either the passdb or the group mapping db. Also, remove restrictions that say 'this domain only'. If we have a mapping configured, allow it to be returned. If we later decide certian mappings are invalid, then we sould put that in the code that actually does the map. Allow 'sid->name' transtations on the fixed 'well known' groups for NT, even if they are not represented by Unix groups yet. Andrew Bartlett
* These are not critical errors, they should not be a level 0.Andrew Bartlett2002-07-301-3/+3
| | | | Andrew Bartlett
* found nasty bug in intl/lang_tdb.c tdb structure was not tested to not be ↵Simo Sorce2002-07-281-1/+1
| | | | | | | | | | | | null before close this one fixes swat not working with browsers that set more then one language. along the way implemented language priority in web/neg_lang.c with bubble sort also changet str_list_make to be able to use a different separator string Simo.
* Update the rebind code in pdb_ldap.Andrew Bartlett2002-07-271-34/+114
| | | | | | | | | | I've still not tested this, but I didn't test the last lot and I'm pretty sure I stuffed it up - but at least this rebind procedure matches the function prototype. It should also be fine on OpenLDAP 2.1 if I'm lucky. Andrew Bartlett
* fix parameters for ldap_set_rebind_proc() from OpenLDAP 2.1Gerald Carter2002-07-261-2/+7
|
* (another patch from mimir)Andrew Bartlett2002-07-261-2/+17
| | | | | | | | Add some debugging info to the secrets code. We might review what debug level that should be at, but it's fine for now. Andrew Bartlett
* Mimir has been busy with patches again, and sent in the followingAndrew Bartlett2002-07-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | patches: Andrew Bartlett From his e-mail: Below I attach the following patches as a result of my work on trusted domains support: 1) srv_samr_nt.c.diff This fixes a bug which caused to return null string as the first entry of enumerated accounts list (no matter what entry, it was always null string and rid) and possibly spoiled further names, depeding on their length. I found that while testing my 'net rpc trustdom list' against nt servers and samba server. 2) libsmb.diff Now, fallback to anonymous connection works correctly. 3) smbpasswd.c.diff Just a little fix which actually allows one to create a trusting domain account using smbpasswd 4) typos.diff As the name suggests, it's just a few typos fix :)
* Clarify this comment.Andrew Bartlett2002-07-261-0/+3
|
* Actually check the return value of the account_policy_get() call.Andrew Bartlett2002-07-241-5/+4
| | | | Andrew Bartlett
* Name get and set dir drive functions consistently.Tim Potter2002-07-214-10/+11
|
* More cleanups, and add a comment/hint not to clean somthing up in future :-)Andrew Bartlett2002-07-211-0/+3
| | | | Andrew Bartlett
* More fixes towards warnings on the IRIX compilerAndrew Bartlett2002-07-201-1/+1
| | | | | | | | | | | | (and yes, some of these are real bugs) In particular, the samr code was doing an &foo of various types, to a function that assumed uint32. If time_t isn't 32 bits long, that broke. They are assignment compatible however, so use that and an intermediate variable. Andrew Bartlett
* addedd new (t)alloc_sub_* functionsSimo Sorce2002-07-143-13/+13
| | | | | they will get a const string and return a (t)alloced epanded one. also modified passdb/* stuff to use this one.
* Fix up a botched prevoius commit.Andrew Bartlett2002-07-141-11/+10
| | | | | | | | | | | | | | The idea here is to allow invalid LM passwords in otherwise valid accounts. This happens when we create an account without a password, for example. Previously we would stop at the LM password, and not read things like the account flags correctly. Now we process the record, and just set the password to NULL. (Note, 'no password for access' is decided only on the basis of the Account Control bits, not on the 'NULL' value of the password feild.). Andrew Bartlett
* Make smbpasswd behave like all the other backends, where a NULL or invalidAndrew Bartlett2002-07-131-7/+4
| | | | | | | LM password isn't anything special. All the users check the ACB nowadays, and this allows us to correctly return flags set via usermgr. Andrew Bartlett
* If we get a SID from group mapping, no need to check it's prefix.Andrew Bartlett2002-07-101-6/+6
| | | | | | Just set it directly. Andrew Bartlett
* Fix debug comment.Andrew Bartlett2002-07-051-1/+1
|
* Break up the passdb objects (to allow RPC clients to link without brining inAndrew Bartlett2002-07-033-191/+104
| | | | | | | | | | | | | | | | | *.o) and implment new enum_dom_users code in the SAMR RPC subsystem. Incresingly, we are using the pdb_get_{user,group}_sid() functions, in the eventual hope that we might one day support muliple domains off a single passdb. To extract the RID, we use sid_peek_check_rid(), and supply an 'expected' domain SID. The id21 -> SAM_ACCOUNT and id23 -> SAM_ACCOUNT code has been moved to srv_samr_util.c, to ease linking in passdb users. Compatiblity code that uses 'get_global_sam_sid()' for the 'expected' sid is in pdb_compat.c Andrew Bartlett
* Fix the spelling in the LDAP attributesAndrew Bartlett2002-07-031-2/+2
|
* used findstatic.pl to make some variables static and remove some deadAndrew Tridgell2002-07-011-1/+1
| | | | code
* Another bug fix from metze.Andrew Bartlett2002-06-261-1/+1
|
* Add module versioning to the passdb module systemAndrew Bartlett2002-06-222-2/+18
| | | | | | | | | | | | | All passdb modules need to include a 'magic' macro that creates simple 'return my version number' function. (from metze and jelmer) Also fix up the dir_drive autosubsitute code to correctly use lp_logon_drive(). (from metze) Andrew Bartlett
* compile warngin fixes merged from 2.2Gerald Carter2002-06-171-1/+1
|
* Rework much of the service.c code:Andrew Bartlett2002-06-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The aim of this execise is to give the 'security>=user' code a straight paper path. Security=share will sill call authorise_login(), but otherwise we avoid that mess. This allow *much* more accurate error code reporting, beocuse we don't start pretending that we can use the (nonexistant) password etc. Also in this patch is code to create the 'homes' share at session setup time (as we have done in the past - been broken recently) and to record this on the user's vuser struct for later reference. The changes here should also allow for much better use of %H (some more changes to come here). The service.c changes move a lot of code around, but are not as drastric as they look... (Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not '*total_entries' was compared). This code is needs testing, but passes my basic tests. I expect we have lost some functionality, but the stuff I had expected to loose was already broken before I started. In particular, we don't 'fall back' to guest if the user cannot access a share (for security=user). If you want this kind of stuff then you really want security=share anyway. Andrew Bartlett
* moved lp_list_* functions away from param/loadparm.c, put int lib/util_str.cSimo Sorce2002-06-141-2/+2
| | | | | and renamed to str_list_* as it is a better name. Elrond should be satisfied now :)
* Allow non unix accounts to be added to an ldap directory without NUA accountsAndrew Bartlett2002-06-141-0/+4
| | | | | | already. Andrew Bartlett
* Patch from ctrlsoft to use the pdb_sethexpwd function in smbpasswd - insteadAndrew Bartlett2002-06-141-48/+7
| | | | | | | | | of implementing it twice inline. This code is complex - but occasionally I get the feeling that people made it more complext than it really needed to be... Andrew Bartlett
* It looks like we never tested the 'cleanup' code, so when I triggered itAndrew Bartlett2002-06-142-12/+20
| | | | | | (invalid passdb backends smb.conf entry) we picked up a few things :-). Andrew Bartlett
* Some updates from ctrlsoft <jelmer@nl.linux.org> to return failure if *any* ofAndrew Bartlett2002-06-141-19/+20
| | | | | | the passdb backends fail to load (is this the right way? - I think so). Also, I've added some more comments, cleaned up some style etc.
* Debug fixes from ctrlsoftAndrew Bartlett2002-06-141-2/+2
|
* Convenience function to allow a SID to be specified as a string.Andrew Bartlett2002-06-141-3/+46
| | | | | | (for use in passdb modules like pdb_xml or a new pdb_ldap that stores sids etc.) Andrew Bartlett
* Patch from ctrlsoft to make the pluggable passdb subsystem use an lp_listAndrew Bartlett2002-06-143-30/+43
| | | | | | | | | | | | | rather than a string when configuring mulitple backends. Also adjust some of the users of get_global_sam_sid() to cope with the fact that it just might not exist (uninitialised, can't access secrets.tdb). More places need conversion. Add some const and remove silly casts. Andrew Bartlett
* Add const, kill of useless casts and therefore eliminate warnings.Andrew Bartlett2002-06-141-2/+2
| | | | Andrew Bartlett
* Latest patch from metze <metze@metzemix.de> to move most of samba acrossAndrew Bartlett2002-06-137-84/+136
| | | | | | | | | | | to using SIDs instead of RIDs. The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument. The idea here is to prevent mistakes where the SID is implict, but isn't the same one that we have in the struct. Andrew Bartlett
* Fix commentAndrew Bartlett2002-06-071-1/+1
|
* Globally replace 'global_sam_sid' with get_global_sam_sid(), a selfAndrew Bartlett2002-06-073-36/+50
| | | | | | | | | initialising function. This patch thanks to the work of "Stefan (metze) Metzmacher" <metze@metzemix.de> This is partly to enable the transition to SIDs in the the passdb. Andrew Bartlett
* Move the code from lib/util_sid.c that deals with the global_sam_sid intoAndrew Bartlett2002-06-071-0/+280
| | | | | | | a file that is linked with the passdb. This is to avoid linking insanity when this global becomes a self-initing function.
* change: pdb_getsampwrid() ->pdb_getsampwsid()Simo Sorce2002-05-267-14/+49
| | | | | | passdb interface change, now the passdb modules will be asked for SID not for rid, the modules have been updated with a passthrough function that calls the old getsampwrid() functions. srv_samr_nt.c functions that made use of the pdb_getsampwrid funcion has been updated to use the SID one.
* Only reterive the attributes we are actually going to use - rather thanAndrew Bartlett2002-05-251-3/+14
| | | | | | the whole record which could include things like photos's etc. Andrew Bartlett
generated by cgit (git 2.34.1) at 2025-09-26 20:33:35 +0000