1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

64 Commits

Author SHA1 Message Date
Günther Deschner
36f0225e5f r8396: fix some compile warnings.
Guenther
(This used to be commit af1aa09cde)
2007-10-10 11:00:04 -05:00
Jim McDonough
e0ffbfc558 r8189: commit vampire ldif patch, mostly from Don Watson (dwatson@us.ibm.com). Yes,
that's my copyright...that's just how we have to do things at big blue.

Adds subcommand to vampire to allow data to be put into an ldif file instead
of actually writing to the passdb.  See "net rpc help vampire" for usage
info.  This should be added to docs as well.
(This used to be commit cb5634a305)
2007-10-10 10:58:18 -05:00
Jeremy Allison
19ca97a70f r7882: Looks like a large patch - but what it actually does is make Samba
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145)
2007-10-10 10:58:00 -05:00
Gerald Carter
450e8d5749 r7130: remove 'winbind enable local accounts' code from the 3.0 tree
(This used to be commit 318c3db4cb)
2007-10-10 10:57:01 -05:00
Volker Lendecke
83e11ba86c r6263: Get rid of generate_wellknown_sids, they are const static and initializable
statically.

Volker
(This used to be commit 3493d9f383)
2007-10-10 10:56:33 -05:00
Tim Potter
5d88feaaad r5909: Remove some unecessary casts. Patch from Jason Mader for bugzill #2468.
(This used to be commit ede9fd08cf)
2007-10-10 10:56:08 -05:00
Günther Deschner
6c84ecb556 r5349: After talking with Jerry, reverted the addition of account policies to
passdb in 3_0 (they are still in trunk).

Guenther
(This used to be commit fdf9bdbbac)
2007-10-10 10:55:38 -05:00
Günther Deschner
5f54cc9bd3 r5264: Log with loglevel 0 when account-administration scripts fail.
Guenther
(This used to be commit 3d391ef149)
2007-10-10 10:55:35 -05:00
Günther Deschner
b4afdc08d5 r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).
Does automated migration from account_policy.tdb v1 and v2 and offers a
pdbedit-Migration interface. Jerry, please feel free to revert that if
you have other plans.

Guenther
(This used to be commit 75af83dfcd)
2007-10-10 10:55:08 -05:00
Günther Deschner
2b21e9004f r4877: When vampiring account policy AP_LOCK_ACCOUNT_DURATION honour "Lockout
Duration: Forever".

Guenther
(This used to be commit aecacf4d9c)
2007-10-10 10:55:06 -05:00
Jim McDonough
846b8d4cfd r4538: Fix bugzilla 2198, accounts which have password last set to 0 are getting
no passwords after vampire.  Set password last set field to now.
(This used to be commit 60c3a638e4)
2007-10-10 10:53:46 -05:00
Günther Deschner
3c1f5a024d r4353: Finally get length of munged_dial correct.
Guenther
(This used to be commit b209f97f24)
2007-10-10 10:53:46 -05:00
Günther Deschner
a3e4686b50 r4352: Base64-encode munged-dial with correct length in 'net rpc vampire'.
Guenther
(This used to be commit 98f3e3353d)
2007-10-10 10:53:45 -05:00
Günther Deschner
b314cf95ce r4351: Vampire Logon-Hours. Update Logon-Hours only when they have changed.
Guenther
(This used to be commit 0930ad6627)
2007-10-10 10:53:45 -05:00
Jeremy Allison
b46913fb95 r4291: More *alloc fixes inspired by Albert Chin (china@thewrittenword.com).
Jeremy
(This used to be commit efc1b688cf)
2007-10-10 10:53:42 -05:00
Günther Deschner
111f62c00c r4287: Vampire SAM_DELTA_DOMAIN_INFO.
Based on samba4-idl. The decoding of account-lockout-string is somewhat
experimental though.

Guenther
(This used to be commit 721bf50d74)
2007-10-10 10:53:41 -05:00
Günther Deschner
f3074443dc r4130: add bad_password_count and logon_count to vampire (inspired by a patch
from Lars Mueller <lmuelle@suse.de>), just for completeness.

Note that though we have logon_count implemented in all pdb-backends but
never (for good reason!) update the counter.

Guenther
(This used to be commit a03aa09568)
2007-10-10 10:53:35 -05:00
Günther Deschner
b0beeb8123 r4127: vampire munged_dial.
Guenther
(This used to be commit eb64eb9d57)
2007-10-10 10:53:35 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Tim Potter
b4cf9e9505 r2835: Since we always have -I. and -I$(srcdir) in CFLAGS, we can get rid of
'..' from all #include preprocessor commands.   This fixes bugzilla #1880
where OpenVMS gets confused about the '.' characters.
(This used to be commit 7f161702fa)
2007-10-10 10:52:55 -05:00
Andrew Bartlett
784c631a3a Make it possible to 'net rpc samdump' of any domain you are currently joined
to, despite any smb.conf settings.

Work to allow the same for 'net rpc vampire', but instead give a clear
error message on what is incorrect.

Andrew Bartlett
(This used to be commit 6b629344c5)
2004-02-08 10:59:09 +00:00
Andrew Bartlett
d198c55877 Make more functions static, and remove duplication in the use of functions
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c

(These should perhaps be pulled back out to smbpasswd.c, but that can occour
later).

Andrew Bartlett
(This used to be commit fcdc5efb1e)
2004-02-08 08:38:42 +00:00
Andrew Bartlett
b4593e92ff JHT came up with a nasty (broken) torture case in preparing examples for
his book.

This prompted me to look at the code that reads the unix group list.  This
code did a lot of name -> uid -> name -> sid translations, which caused
problems.  Instead, we now do just name->sid

I also cleaned up some interfaces, and client tools.

Andrew Bartlett
(This used to be commit f9e59f8bc0)
2004-01-02 05:32:07 +00:00
Tim Potter
bde2b4a8ec Break out of samsync loop on error.
(This used to be commit f899448348)
2003-10-14 03:50:27 +00:00
Tim Potter
4059dfcca2 Fix error return path memory leaks in vampire code for creating users.
Display an error if we can't create a posix account for the user
(e.g no add user/machine script was specified; bug #323).
(This used to be commit 0c35ba2cd6)
2003-09-10 06:58:41 +00:00
Tim Potter
51297321ba Use opt_target_workgroup instead of lp_workgroup() in vampire code so
we can override the value in smb.conf with the -w option.

Migrating accounts from another domain can now be done like:

# bin/net join bdc -w nt4dom -Uadministrator%password
# bin/net rpc vampire -w nt4dom -U administrator%password
(This used to be commit d7bd3c1efb)
2003-09-10 06:49:13 +00:00
Jeremy Allison
110abf10d2 Turns out I had my packet sequences wrong for oplock break code.
I was storing the mid of the oplock break - I should have been
storing the mid from the open. There are thus 2 types of deferred
packet sequence returns - ones that increment the sequence number
(returns from oplock causing opens) and ones that don't (change notify
returns etc). Running with signing forced on does lead to some
interesting tests :-).
Jeremy.
(This used to be commit 85907f02ce)
2003-08-07 02:59:52 +00:00
Jeremy Allison
4461109416 Cosmetic fix from waider@waider.ie.
Jeremy.
(This used to be commit cb326c2dbf)
2003-08-07 01:04:57 +00:00
Jeremy Allison
9fc34cafa2 Ensure all code paths set add_script.
Jeremy.
(This used to be commit 0021c83ff6)
2003-07-27 00:20:45 +00:00
Tim Potter
80c1f1d865 Fixup a bunch of printf-style functions and debugs to use unsigned long when
displaying pid_t, uid_t and gid_t values.  This removes a whole lot of warnings
on some of the 64-bit build farm machines as well as help us out when 64-bit
uid/gid/pid values come along.
(This used to be commit f93528ba00)
2003-07-22 04:31:20 +00:00
Gerald Carter
a84270ce11 fixes for 'net rpc vampire'. I can now take a blank Samba host
and migrate an NT4 domain and still logon from domain members
(tested logon scripts, system policies, profiles, & home directories)
(passdb backend = tdbsam)

removed call to idmap_init_wellknown_sids() from winbindd.c
since the local domain should be handled by the guest passdb backend
(and you don't really always want the Administrator account to be root)
...and we didn't pay attention to this anyways now.
(This used to be commit 837d7c54d3)
2003-07-16 02:20:53 +00:00
Gerald Carter
03d5867d52 moving more code around.
* move rid allocation into IDMAP.  See comments in _api_samr_create_user()
  * add winbind delete user/group functions

I'm checking this in to sync up with everyone.  But I'm going to split
the add a separate winbindd_allocate_rid() function for systems
that have an 'add user script' but need idmap to give them a RID.
Life would be so much simplier without 'enable rid algorithm'.
The current RID allocation is horrible due to this one fact.
Tested idmap_tdb but not idmap_ldap yet.  Will do that tomorrow.

Nothing has changed in the way a samba domain is represented, stored,
or search in the directory so things should be ok with previous installations.

going to bed now.
(This used to be commit 0463045cc7)
2003-07-11 05:33:40 +00:00
Gerald Carter
16ff7b26f6 Large set of changes to add UNIX account/group management
to winbindd.  See README.idmap-and-winbind-changes for details.
(This used to be commit 1111bc7b0c)
2003-07-09 16:44:47 +00:00
Andrew Bartlett
85921dbd6f Add some debug statments to our vampire code - try to make it easier to track
down failures.

Add a 'auto-add on modify' feature to guestsam

Fix some segfault bugs on no-op idmap modifications, and on new idmappings that
do not have a DN to tack onto.

Make the 'private data' a bit more robust.

Andrew Bartlett
(This used to be commit 6c48309cda)
2003-07-05 10:39:41 +00:00
Andrew Bartlett
a3ddfa5069 Fixes to our LDAP/vampire codepaths:
- Try better to add the appropriate mapping between UID and SIDs, based
   on Get_Pwnam()
 - Look for previous users (lookup by SID) and correctly modify the existing
   entry in that case
 - Map the root user to the Admin SID as a 'well known user'
 - Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update'
   call on that user.  This means that VL's very nice work on atomic LDAP
   updates now really gets used properly!
 - This also means that we know the right DN to update, without the extra
   round-trips to the server.

Andrew Bartlett
(This used to be commit c7118cb31d)
2003-07-05 09:46:12 +00:00
Simo Sorce
75a5c0b307 Ok, this patch removes the privilege stuff we had in, unused, for some time.
The code was nice, but put in the wrong place (group mapping) and not
supported by most of the code, thus useless.

We will put back most of the code when our infrastructure will be changed
so that privileges actually really make sense to be set.

This is a first patch of a set to enhance all our mapping code cleaness and
stability towards a sane next beta for 3.0 code base

Simo.
(This used to be commit e341e7c49f)
2003-06-18 15:24:10 +00:00
Tim Potter
6a2b43db9c Make net rpc vampire return an error if the sam sync RPC returns an error.
E.g if we are pointing at a win2k native mode domain we are returned
an NT_STATUS_NOT_SUPPORTED error.
(This used to be commit 6053c30f26)
2003-06-16 05:39:26 +00:00
Andrew Bartlett
b85664047c This patch modifies 'net rpc vampire' to add new and existing users to both
the idmap and the SAM.

The basic idea is this:  Lookup the user with GetPwnam(), and if they
exist then use that uid.  This is what people expect.  If the user does
not exist, try and run the right script.

This is also what people expect from previous Samba 3.0 behaviour, where
the Get_Pwnam() was at runtime.

If the idmap entry for this SID isn't valid, or isn't the right value,
modify the idmap to account for this mapping.

Also, the same logic is applied to the primary gid - if it has changed,
update the user's primary unix group.

This patch allows users to be added without a mapping - this is fine for
machine accounts, for example.  I've given it a quick test against my
Win2k DC, and I *think* it's sane.

Andrew Bartlett
(This used to be commit d2a70bfff1)
2003-06-14 00:49:02 +00:00
Tim Potter
1a38fcb22a Re-enable secure channel for net rpc vampire.
Jump out of sam entry processing loop if the return value from
cli_netlogon_sam_sync() isn't OK or STATUS_MORE_ENTRIES.
(This used to be commit 47d8ee3679)
2003-05-12 07:18:36 +00:00
Volker Lendecke
d1da999e0a This puts real netlogon connection caching to winbind. This becomes
important once we start doing schannel, as there would be a lot more
roundtrips for the second PIPE open and bind. With this patch logging
in to a member server is a matter of two (three if you count the
ack...) packets between us and the DC.

Volker
(This used to be commit 5b3cb7725a)
2003-05-08 08:02:52 +00:00
Gerald Carter
c6d550b99b adding ifdef'd code to add alias membership for vampire
(This used to be commit 2557b94519)
2003-04-29 14:42:49 +00:00
Andrew Bartlett
f071020f5e Merge from HEAD - save the type of channel used to contact the DC.
This allows us to join as a BDC, without appearing on the network as one
until we have the database replicated, and the admin changes the configuration.

This also change the SID retreval order from secrets.tdb, so we no longer
require a 'net rpc getsid' - the sid fetch during the domain join is sufficient.
Also minor fixes to 'net'.

Andrew Bartlett
(This used to be commit 876e00fd11)
2003-04-21 14:09:03 +00:00
Tim Potter
e9a4e1bb2e Merge: remove unused variables.
(This used to be commit dfa9412da5)
2003-04-14 05:28:09 +00:00
Tim Potter
b0f49fcd53 Merge of Jelmer's usage updates for net.
(This used to be commit 6a5b88c95b)
2003-04-14 04:00:37 +00:00
Volker Lendecke
7238bf5f40 This is the netlogon schannel client code. Try a
rpcclient -S pdc -U% -c "samlogon user password"

and it should work with the schannel. Needs testing against platforms
different from NT4SP6.

Volker
(This used to be commit eaef0d8aef)
2003-04-09 15:54:17 +00:00
Volker Lendecke
32e12d4984 Waider's cosmetic change to print out the database type when
downloading stuff.

Volker
(This used to be commit 702d368a9a)
2003-03-31 10:47:26 +00:00
Volker Lendecke
456a4be3f3 This sets the domain for the user in vampire. Otherwise
we end up with an empty domain field, which a workstation
does not really like in sam_logon..

Volker
(This used to be commit 5a3f89d3c1)
2003-03-30 16:46:04 +00:00
Andrew Bartlett
0e55d8d6e5 Merge of patch by waider to our samsync code.
(Decode all database names, and set only changes, not all info from the samsync
record).

Andrew Bartlett
(This used to be commit c7b8405bde)
2003-03-23 02:22:41 +00:00
Andrew Bartlett
3d8c50c874 Thanks to volker, merge passdb changes from HEAD:
- pdb_guest (including change defaults)
 - 'default' passdb actions (instead of 'not implemented' stubs in each module)

 - net_rpc_samsync no longer assumes pdb_unix

Andrew Bartlett
(This used to be commit 4bec53c8c8)
2003-03-22 09:03:46 +00:00
Gerald Carter
aed54afc2c playing janitor for abartlet. :-(
"
Make the vampire code use just pdb calls - allowing better operation on systems
that are not configured with an add user script, and have an _nua backend for
storage.

We really need to get the PDB backends out of the IDMAP game...

Andrew Bartlett
"
(This used to be commit e959a8eb67)
2003-01-29 18:47:57 +00:00