summaryrefslogtreecommitdiffstats
path: root/source/passdb
Commit message (Collapse)AuthorAgeFilesLines
* Fresh meat in trusted domains code:Rafal Szczesniak2003-03-141-30/+47
| | | | | | | | | | | | | | | - packing/unpacking utility functions for trusted domain password struct; can be used to prepare buffer to store in secrets.tdb or (soon) passdb backend - similiar functions for DOM_SID - respectively modified secrets_(fetch|store) routines - new auth mapping code utilising introduced is_trusted_domain function - added tdb (un)packing of single bytes Rafal
* This patch attemptes to clean up winbindd's mutex locking.Andrew Bartlett2003-03-111-23/+7
| | | | | | | | | | | | | | | | | | | | | | | | | The current locking scheme in winbind is a complete mess - indeed, the next step should be to push the locking into cli_full_connection(), but I'll leave it for now. This patch works on the noted behaviour that 2 parts of the connection process need protection - and independent protection. Tim Potter did some work on this a little while back, verifying the second case. The two cases are: - between connect() and first session setup - during the auth2 phase of the netlogon pipe setup. I've removed the counter on the lock, as I fail to see what it gains us. This patch also adds 'anonymous fallback' to our winbindd -> DC connection. If the authenticated connection fails (wbinfo -A specifed) - say that account isn't trusted by a trusted DC - then we try an anonymous. Both tpot and mbp like the patch. Andrew Bartlett
* - Rename 'modules = ' to 'preload modules = 'Jelmer Vernooij2003-02-271-19/+34
| | | | | | - Add smb_probe_module() - Add init_modules() - Call these functions
* Fix comment - the other bits of code don't call this any more.Andrew Bartlett2003-02-221-4/+1
|
* Remove 'unixsam' from the default passdb backends.Andrew Bartlett2003-02-227-279/+204
| | | | | | | | | | | | | | | | | | | | | | The intention is to remove the muliple passdb backends, but we need the 'guest' account to always be there. If the admin adds the guest account to (say) LDAP, there will only be one backend required for operation. This helps remove some nasty behaviours with adding accounts to the system for both the RPC 'create user' and the SAMSYNC code. Users 'added' with an 'add user/machine' script won't magicly appear, and machine accounts 'pre-added' to unix, but not the smbpasswd file will not cause mayhem. This commit also implements somthing tridge discussed with me, the concept of 'default' passdb operation pointers - so that each backend does not need it's own stub funcitons wrapping the default tdb privilages/group mapping code. This also removes an implicit 'sid->name' and 'name->sid' mapping from our own local SID space, to winbind usernames. When adding mapping for NIS/LDAP non-sam users in future, we need to be careful. Andrew Bartlett
* initial server side privileges implementation, using a tdb. This needs to be ↵Andrew Tridgell2003-02-121-0/+341
| | | | hooked into pdb, and we need some access control on changing privileges. That's next
* More ldap parinoia - if we ever get more than one result, bail. The order weAndrew Bartlett2003-02-011-5/+23
| | | | | | | get them in should be indeterminate, so just picking the first one would be bad... Andrew Bartlett
* Always escape ldap filter strings. Escaping code was from pam_ldap, but I'm toAndrew Bartlett2003-02-011-3/+19
| | | | | | | | blame for the realloc() stuff. Plus a couple of minor updates to libads. Andrew Bartlett
* A couple more signed/unsigned issues.Andrew Bartlett2003-02-011-2/+2
|
* Fixed up mutex protection around winbindd logon code. Sync with APP-HEAD.Jeremy Allison2003-01-161-8/+24
| | | | Jeremy.
* initialize acct_ctrl before using itHerb Lewis2003-01-151-2/+1
| | | | remove ldap_msgfree(result); as result is unitialized at this point
* Fix some debug lines, and add a bit more info to help track down ldapAndrew Bartlett2003-01-141-8/+15
| | | | | | connectivity problems. Andrew Bartlett
* clearer debug message when the user is already in the ldap dbAndrew Tridgell2003-01-141-1/+2
|
* Always initialise this variable - and don't set the 'must change now' if it wasAndrew Bartlett2003-01-131-0/+1
| | | | | | | | last changed at '0'. We need to actually change this password sometime... Andrew Bartlett
* Fix open problem with changing attributes on an existing file - basedJeremy Allison2003-01-081-1/+0
| | | | | on work by <steve@griffin.sio2.nl>. Jeremy.
* We already have one function to move unistr2 -> multibyte-static, so weAndrew Bartlett2003-01-021-19/+0
| | | | | | | | | don't need a second just for pdb. Also, remove magic 'is lp_guest_account' test - the magic RID should be up to the passdb backend to set. Andrew Bartlett
* BIG patch...Andrew Bartlett2003-01-026-16/+16
| | | | | | | | | | | | | | | | This patch makes Samba compile cleanly with -Wwrite-strings. - That is, all string literals are marked as 'const'. These strings are always read only, this just marks them as such for passing to other functions. What is most supprising is that I didn't need to change more than a few lines of code (all in 'net', which got a small cleanup of net.h and extern variables). The rest is just adding a lot of 'const'. As far as I can tell, I have not added any new warnings - apart from making all of tdbutil.c's function const (so they warn for adding that const string to struct). Andrew Bartlett
* Forward port the change to talloc_init() to make all talloc contextsJeremy Allison2002-12-202-2/+2
| | | | | named. Ensure we can query them. Jeremy.
* merge of get_dc_name()-like code from APP_HEAD; better support password ↵Gerald Carter2002-12-121-0/+30
| | | | server = DC1 *
* use FILE_MACRO instead of __FILE__Herb Lewis2002-12-031-5/+5
| | | | use FUNCTION_MACRO instead of __FUNCTION_
* Move from NT_STATUS_UNSUCCESSFUL to NT_STATUS_NO_SUCH_USER, and other slightlyAndrew Bartlett2002-11-241-16/+21
| | | | more useful error codes.
* fixed a number of places where we can try to free a wild pointer orAndrew Tridgell2002-11-201-2/+14
| | | | | look for the record count after an invalid search. This fixes a segv in ldapsam
* Use smb_register_passdb() - plus some small fixesJelmer Vernooij2002-11-153-1603/+0
|
* Add smb_register_passdb()Jelmer Vernooij2002-11-152-86/+59
|
* Remove the #ifdef's for NISPLUS_SAM - there are no function name collisions ↵Jelmer Vernooij2002-11-141-4/+0
| | | | anymore
* Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison2002-11-125-25/+19
| | | | | | dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy.
* More improvement of DEBUG outputJelmer Vernooij2002-11-111-2/+5
|
* Add extra debug infoJelmer Vernooij2002-11-111-2/+2
|
* Print the number of returned rows, not the number of fieldsJelmer Vernooij2002-11-101-2/+2
|
* Make smbpasswd use the group mapping, and fix spelling in ldapsam.Andrew Bartlett2002-11-082-30/+38
| | | | | | This gets user mangler for doamins working again. Andrew Bartlett
* Fix small typoJelmer Vernooij2002-11-071-1/+1
|
* when doing a 'net rpc vampire' a pdb_init_sam_pw() is used to create aAndrew Tridgell2002-11-071-0/+3
| | | | | | | | | | sam account object, then pdb_update_sam_account() can be used to update an account. This code path could lead to the methods element of the account being used when uninitialised (leading to a segv) Easiest fix is to always make that that when creating a sam_account object we initialise the methods to null, so that the passdb code knows that it needs to be filled in.
* Merge of scalable printing code fix... Needs testing.Jeremy Allison2002-11-071-6/+9
| | | | | | | Also tidied up some of Richard's code (I don't think he uses the compiler flags -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual like I do :-) :-). Jeremy.
* Add group management support (patch from metze)Jelmer Vernooij2002-11-062-0/+67
|
* Adapt to latest pdb API changes - only thing left is group supportJelmer Vernooij2002-11-062-21/+17
|
* pdb_get_unknown? -> pdb_get_unknown_?Jelmer Vernooij2002-11-061-3/+3
|
* Move pdb_xml to source/Jelmer Vernooij2002-11-051-0/+561
|
* Move pdb_mysql to source/passdbJelmer Vernooij2002-11-051-0/+975
|
* Allow 'normal' accounts in the non-unix-account range for smbpasswd - I hopeAndrew Bartlett2002-11-041-19/+20
| | | | | this will fix some of the problems on the build farm @ Compaq (where they have a *lot* of accounts...).
* Fix debugAndrew Bartlett2002-11-041-1/+1
|
* Extra little fix to vl's patch. Make sure the passdb and testparm messagesAndrew Bartlett2002-11-031-3/+5
| | | | | | | say exactly the same thing - in particular that we can algorithmic rid base == 1000, and use the BASE_RID macro to avoid the use of magic numbers. Andrew Bartlett
* Force algorithmic rid base to sane values and talk about it.Volker Lendecke2002-11-031-4/+25
| | | | Volker
* Clean up this a little - add comments describing a bit of what is going onAndrew Bartlett2002-11-021-5/+6
| | | | here.
* Add a 'ldap trust ids' option that lets pdb_ldap check for posixAccountAndrew Bartlett2002-11-021-33/+92
| | | | | | | | | | | | | attributes rather than calling getpwnam() on the user. This should help fix some of metze's performance issues - particularly on enumerations. There is a consequential change to the operation of 'non unix account's in LDAP - they are no longer restricted to being 'within' the NUA range, but will always be added to that range. Finally, there is the doco for this and the previous LDAP SSL changes.
* Return the result code, not false (0 == success) on error...Andrew Bartlett2002-11-021-1/+1
|
* Fixes for pdb_ldap:Andrew Bartlett2002-11-021-111/+103
| | | | | | | | | | | | | - Default is now for start-tls, on the ldap (not ldaps) port - We check for 'I am currently root' in the right place now, and don't accidentily use a cached connection. - We don't loop on failure to be root, or some other errors. - A bit cleaner error reporting for add/modify. - Both the OpenLDAP and manual URI parsing tested. Andrew Bartlett
* One more step towards to better PDC.Andrew Bartlett2002-10-261-208/+330
| | | | | | | | | | | | | | | | | | | | This patch, from "Stefan (metze) Metzmacher" <metze@metzemix.de> implements an LDAP connection cache. This removes the quite silly situation where every single passdb operation involved a new LDAP connection. The hope is that this will give us a decent performance boost in some usrmgr related activities, and in the sid->name/sid->uid code. The remaining things I think are 'todo' for pdb_ldap (in the near term) are: - intergrate volker's next_rid patch for NUA accounts, - add a 'trust ldap ids' option (remove Get_Pwnam() hit on enumerations). - put the group mapping actually into ldap - Schema fixes and do utf8 conversion - server failover (try a second server for the rebind on fail) - ensure we block between an 'add' and the ldap master replicating to our local slave (mezte found this issue, kills domain joins) Andrew Bartlett
* Fix memory leak (patch by Steve Langasek)Jelmer Vernooij2002-10-251-0/+14
|
* Only run free_private_data when it's specified (reported by Steve Langasek ↵Jelmer Vernooij2002-10-251-1/+2
| | | | aka vorlon)
* pdb_unix.c did not really expect group RIDs dictated by a PDC and lookingVolker Lendecke2002-10-211-2/+4
| | | | | | like user RIDs. Volker
generated by cgit (git 2.34.1) at 2024-10-08 12:29:59 +0000