| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
| |
(for use in passdb modules like pdb_xml or a new pdb_ldap that stores sids etc.)
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
rather than a string when configuring mulitple backends.
Also adjust some of the users of get_global_sam_sid() to cope with the fact
that it just might not exist (uninitialised, can't access secrets.tdb).
More places need conversion.
Add some const and remove silly casts.
Andrew Bartlett
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
| |
to using SIDs instead of RIDs.
The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument.
The idea here is to prevent mistakes where the SID is implict, but isn't
the same one that we have in the struct.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
|
|
| |
initialising function. This patch thanks to the work of
"Stefan (metze) Metzmacher" <metze@metzemix.de>
This is partly to enable the transition to SIDs in the the passdb.
Andrew Bartlett
|
| |
|
|
|
|
|
| |
a file that is linked with the passdb.
This is to avoid linking insanity when this global becomes a self-initing
function.
|
| |
|
|
|
|
| |
passdb interface change, now the passdb modules will be asked for SID not for rid, the modules have been updated with a passthrough function that calls the old getsampwrid() functions.
srv_samr_nt.c functions that made use of the pdb_getsampwrid funcion has been updated to use the SID one.
|
| |
|
|
|
|
| |
the whole record which could include things like photos's etc.
Andrew Bartlett
|
| |
|
|
|
|
| |
structs.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
| |
- convert net to popt
- convert status to popt
- adapt examples/pdb/ to multiple passdb system
- add dynamic debug class example to examples/pdb/
and some reformatting to better match the samba coding style.
Andrew Bartlett
|
| |
|
|
| |
pointer.
|
| |
|
|
|
|
| |
BOOL const secrets_init(...)
Broke AIX build.
|
| |
|
|
|
|
|
| |
from 2.2 format) and LDAP rebind support (untested, I don't have a setup
to match).
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this is a first step only passdb stuff has beein "classized".
- so what can you do?
set debug level to: 1 poasdb:10
that will make all the code run at debug level 1 except the code in
passdb/* files that will run at level 10
TODO: fix the man page
- also smbcontrol has this nice feature so smbcontrol smbd debug 3 passdb:5
will set every smbd to have a default log level of 3 while passdb stuff
will be at level 5
and so no..
minor cosmetic fix to pdbedit is there too
|
| |
|
|
|
|
|
| |
previous commit, and remove some unsued variables.
Main change: Make sure to fill in the username when making a non-unix
account from smbpasswd.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Kill off the silly code that attempts to do NT -> Unix username mapping.
This is done well before here, no need to repeat it.
Add some small fixes and extra debugs, trying to track down current build
farm failures.
pdb_unix:
When 'updating' a pdb_unix account, instead add it to the default passdb.
This means that you don't need to specify '-a' to smbpasswd any more when
messing with an existing unix user, the account is simply 'upgraded'.
The idea here is that these accounts are just as 'real' as any other, they
just don't have the extra attributes an smbpasswd file does.
I'm open for debate on the pdb_unix issue, and will remove it if given
good reason. (without this, an attempt to add an account already in
pdb_unix to smbpasswd would fail, as it would fail to update pdb_unix).
rpc_server/srv_netlog_nt.c
Change a couple of things around, so as to show the client workstation etc.
WRONG_PASSWORD is certainly not the right default error. Try ACCESS_DENIED
for now.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cleanup some of the code in net_rpc_join re const warnings and
fstrings.
Passdb:
Make the %u and %U substituions in passdb work.
This is done by declaring these paramters to be 'const' and doing
the substitution manually. I'm told this is us going full circle,
but I can't really see a better way.
Finally these things actually seem to work properly...
Make the lanman code use the pdb's recorded values for homedir etc
rather than the values from lp_*()
Add code to set the plaintext password in the passdb, where it can
decide how to store/set it. For use with a future 'ldap password
change' option, or somthing like that...
Add pdb_unix, so as to remove the 'not in passdb' special cases from the
local_lookup_*() code. Quite small, as it uses the new 'struct passwd ->
SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd)
Other:
Fix up the adding of [homes] at session setup time to actually pass
the right string, that is the unix homedir, not the UNC path.
Fix up [homes] so that for winbind users is picks the correct name.
(bad interactions with the default domain code previously)
Change the rpc_server/srv_lsa_nt.c code to match NT when for the
SATUS_NONE_MAPPED reply: This was only being triggered on
no queries, now it is on the 'no mappings' (ie all mappings failed).
Checked against Win2k.
Policy Question: Should SID -> unix_user.234/unix_group.364 be
considered a mapping or not? Currently it isn't.
Andrew Bartlett
|
| |
|
|
|
| |
and there is no real reason for it to depend on more than the abilty
to compile the code.
|
| |
|
|
|
|
|
| |
I think we may still need to look at our server enumeration code, but
other than that, its much better in the tree than out.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
<mimir@diament.ists.pwr.wroc.pl>) this patch allows samba to correctly
enumerate its trusted domains - by exaimining the keys in the secrets.tdb file.
This patch has been tested with both NT4 and rpcclient/wbinfo, and adds
some extra functionality to talloc and rpc_parse to allow it to deal with
already unicode strings.
Finally, this cleans up some const warnings that were in net_rpc.c by pushing
another dash of const into the rpc client code.
Andrew Bartlett
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All uids and gids must create valid RIDs, becouse other code expects this, and
can't handle the failure case. (ACL code in particular)
Allow admins to adjust the base of the RID algorithm, so avoid clashes with
users brought in from NT (for example).
Put all the algorithm code back in one place, so that this change is global.
Better coping with NULL sid pointers - but it still breaks a lot of stuff.
BONUS: manpage entry for new paramater :-)
counter based rids for normal users in tdbsam is disabled for the timebeing,
idra and I will work out some things here soon I hope.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
<jelmer@nl.linux.org>.
This patch also includes major rework of pdbedit to use popt, and the addition
of -i paramter (allowing the user to specify which PDBs is being
operated on) and -e to export a pdb - useful for backup and testing etc.
Use of -i and -e gets us pdb2pdb functionality for transition between backends,
much like the sam2sam in TNG.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
the passdb) and RIDs not in the passdb, due to being NIS users etc.
The main fix here is to add become_root()/unbecome_root() at critical places.
This (finally) fixes the bug where you could not see local users's names
in a file's security properties as non-root. Tested.
The similar bug in uid_to_sid is also fixed, but is not (yet) Tested.
Andrew Bartlett
|
| |
|
|
|
|
|
|
| |
WARNING: if you relied on these logic flaws, you will need to manually
edit your ldap backend (for things like account expries etc).
Now correctly retunes the information needed for 'must change at next login'
support.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Some reformatting and spelling fixes.
|
| |
|
|
|
| |
overwriting an old MACHINE.SID sid.
Jeremy.
|
| |
|
|
|
|
| |
dlopen & friends into configure.in. This should help building on *BSD
where dl*** calls are in libc.
Jeremy
|
| |
|
|
|
|
|
|
|
|
|
| |
- Fix warnings in loadparm.c
- Remove the unused 'passdb modules path' paramater
- Make pdb_ldap use $ termination rather than the workstation trust account
flag becouse some 'machine' accounts appear as normal accounts at creation
time. Also covers domains etc.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
| |
fails.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
| |
should chose the next available RID. For smbpasswd it just means using the algorithm, but other backends can do somthing more useful.
Andrew Bartlett
|
| |
|
|
| |
we still need to free gid<->rid mapping and few other stuff
|
| |
|
|
|
| |
fixed tdbsam memory corruption (and segfault)
reducing calls to pdb_uid_to_user_rid and countrary to 0 to move to a non alghoritmic rid allocation with some passdb modules.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
and the machine name are identical.
Jeremy.
|
| |
|
|
|
|
|
| |
rather than MACHINE.SID. We try to load MACHINE.SID only if we can't
fetch the SID from secrets.tdb
This also fixes the value of global_sam_sid for the DC/non-DC case
|
| |
|
|
| |
names
|
| | |
|
| |
|
|
| |
without a unix account.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The main change here is to move ldap into the new pluggable passdb subsystem
and to take the LDAP location as a 'location' paramter on the 'passdb backend'
line in the smb.conf. This is an LDAP URL, parsed by OpenLDAP where supported,
and by hand where it isn't.
It also adds the ldap user suffix and ldap machine suffix smb.conf options,
so that machines added to the LDAP dir don't get mixed in with people.
Non-unix account support is also added. This means that machines don't need to
be in /etc/passwd or in nss_ldap's scope.
This code has stood up well under my production environment, so it relitivly
well tested.
I'm commiting this now becouse others have shown interest in using it, and
there is no point 'hording' the code :-).
Andrew Bartlett
|
