| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
| |
from itself).
they where alo not clean after use!
Simo.
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
| |
Update account_pol.c to use just uint32, rather then uint32 for paramaters,
int32 for storage. (The int32 functions didn't have seperate return/status
values, uint32 functions use a pointer-paramater).
Move the #define -> string from a swtich to a table, so we can look it up
both ways.
Andrew Bartlett
|
| | |
|
| | |
|
| |
|
|
| |
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
rather than a string when configuring mulitple backends.
Also adjust some of the users of get_global_sam_sid() to cope with the fact
that it just might not exist (uninitialised, can't access secrets.tdb).
More places need conversion.
Add some const and remove silly casts.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
| |
to using SIDs instead of RIDs.
The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument.
The idea here is to prevent mistakes where the SID is implict, but isn't
the same one that we have in the struct.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
| |
- convert net to popt
- convert status to popt
- adapt examples/pdb/ to multiple passdb system
- add dynamic debug class example to examples/pdb/
and some reformatting to better match the samba coding style.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this is a first step only passdb stuff has beein "classized".
- so what can you do?
set debug level to: 1 poasdb:10
that will make all the code run at debug level 1 except the code in
passdb/* files that will run at level 10
TODO: fix the man page
- also smbcontrol has this nice feature so smbcontrol smbd debug 3 passdb:5
will set every smbd to have a default log level of 3 while passdb stuff
will be at level 5
and so no..
minor cosmetic fix to pdbedit is there too
|
| |
|
|
| |
of non-existant passdb cases.
|
| | |
|
| |
|
|
|
|
|
| |
Doco for pdbedit and (ugly, but the best we could come up with) fix
for compiling pdbedit on some non-gcc compilers.
Andrew Bartlett
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
<jelmer@nl.linux.org>.
This patch also includes major rework of pdbedit to use popt, and the addition
of -i paramter (allowing the user to specify which PDBs is being
operated on) and -e to export a pdb - useful for backup and testing etc.
Use of -i and -e gets us pdb2pdb functionality for transition between backends,
much like the sam2sam in TNG.
Andrew Bartlett
|
| |
|
|
| |
we still need to free gid<->rid mapping and few other stuff
|
| |
|
|
|
| |
fixed tdbsam memory corruption (and segfault)
reducing calls to pdb_uid_to_user_rid and countrary to 0 to move to a non alghoritmic rid allocation with some passdb modules.
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
| |
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
|
| |
|
|
|
|
|
|
|
| |
much saner :-).
Change to pdb_init_sam()/pdb_free_sam() loop rather than reset based due to
the talloc basis.
Andrew Bartlett
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
| |
idra has promised not to revert these this time :-)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These strings are allocated using talloc(), either using its own memory context
stored on the SAM_ACCOUNT or one supplied by the caller.
The pdb_init_sam() and pdb_free_sam() function have been modifed so that a call
to pdb_free_sam() will either clean up (remove hashes from memory) and destroy
the TALLOC_CTX or just clean up depending on who supplied it.
The pdb_init_sam and pdb_free_sam functions now also return an NTSTATUS, and I
have modified the 3 places that actually checked these returns.
The only nasty thing about this patch is the small measure needed to maintin
interface compatability - strings set to NULL are actually set to "".
This is becouse there are too many places in Samba that do strlen() on these
strings without checking if they are NULL pointers.
A supp patch will follow to set all strings to "" in pdb_default_sam().
Andrew Bartlett
|
| |
|
|
| |
of commands when specified on command line.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Thou shalt not reference SAM_ACCOUNT members directly - always use
pdb_get/pdb_set.
This is achived by making the whole of SAM_ACCOUNT have a .private member,
where the real members live. This caught a pile of examples, and these have
beeen fixed.
The pdb_get..() functions are 'const' (have been for some time) and this
required a few small changes to constify other functions.
I've also added some debugs to the pdb get and set, they can be removed if
requested.
I've rewritten the copy_id2x_to_sam_pass() functions to use the new passdb
interface, but I need the flags info to do it properly.
The pdb_free_sam() funciton now blanks out the LM and NT hashes, and as such
I have removed many extra 'samr_clear_sam_passwd(smbpass)' calls as a result.
Finally, any and all testing is always appriciated - but the basics seem to
work.
Andrew Bartlett
|
| | |
|
| | |
|
| |
|
|
|
| |
but it will take more time as I don't want to loose any fixes that
are only in HEAD.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
members (such as uid and gid). This way we will be able to
keep ourselves from writing out default smb.conf settings when
the admin doesn't want to, That part is not done yet.
Tested compiles with ldap/tdb/smbpasswd. Tested connection with smbpasswd
backend.
oh...and smbpasswd doesn'y automatically expire accounts after 21 days
from the last password change either now. Just ifdef'd out that code
in build_sam_account().
Will merge updates into 2.2 as they are necessary.
jerry
|
| | |
|
| |
|
|
|
| |
in smbd/process.c where the timezone is reinitialised. Was replaced with
check for a static is_initialised boolean.
|
| |
|
|
| |
default, rather than in preprocessor macros.
|
| |
|
|
|
|
| |
- Basic functionality intact
- Now adds machine accounts without a uid. (using the machine uid range to
avoid conflict with real uid based accounts)
|
| |
|
|
|
| |
Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
|
| |
|
|
| |
just a hack to make things work.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The big one is a global change to allow us to NULLify the free'ed pointer to a
former passdb object. This was done to allow idra's SAFE_FREE() macro to do
its magic, and to satisfy the input test in pdb_init_sam() for a NULL pointer
to start with.
This NULL pointer test was what was breaking the adding of accounts up until
now, and this code has been reworked to avoid duplicating work - I hope this
will avoid a similar mess-up in future.
Finally, I fixed a few nasty bugs where the pdb_ fuctions's return codes were
being ignored. Some of these functions malloc() and are permitted to fail.
Also, this caught a nasty bug where pdb_set_lanman_password(sam, NULL) acheived
precisely didilly-squat, just returning False. Now that we check the returns
this bug was spotted. This could allow different LM and NT passwords.
- the pdbedit code needs to start checking these too, but I havn't had a
chance to fix it.
I have also fixed up where some of the password changing code was using the
pdb_set functions to store *internal* data. I assume this is from a previous
lot of mass conversion work...
Most likally (and going on past experience) I have missed somthing, probably in
the LanMan password change code which I havn't yet been able to test, but this
lot is in much better shape than it was before.
If all this is too much to swallow (particularly for 2.2.2) then just adding a
sam_pass = NULL to the particular line of passdb.c should do the trick for the
ovbious bug.
Andrew Bartlett
|
| |
|
|
|
| |
these yesterday ?).
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
to use the pdb_ formatting functions.
Similarly, it now uses pdb_set...() rather than accessing passdb members
directly.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
| |
therfore ensuring sensible defaults for some values, notably account expriries
which mean 'locked out' if == 0.
This NEEDS to be merged into 2.2.2 or people can get wrongly initilaised TDB
records. (which will only fail on future versions of samba).
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lib/smbpasswd.c which will contain routines related to manipulating
smbpasswd entries.
- renamed and moved pdb_{get,set}hexpwd() functions
- renamed and moved pdb_{decode,encode}acct_ctrl() functions
- started hiding references to the cruftalicious
NEW_PW_FORMAT_SPACE_PADDED_LEN constant
- started gradual rename of references to acct_ctrl to acb_info which is
the nomenclature used in MSDN and header files
There's still more work to be done. Currently there are several places
where smbpasswd entries are iterated etc. Ideally this should all happen
through the passdb system.
|
| | |
|
| |
|
|
| |
have the first set of symbols.
|
| |
|
|
| |
can't redefine them. damn.
|
| |
|
|
|
|
|
| |
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
|
