1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

47 Commits

Author SHA1 Message Date
Michael Adam
c43505b621 s3: rename sid_check_is_domain() to sid_check_is_our_sam()
This does not check whether the given sid is the domain sid,
but whether it is the sid of the local sam, which is different
for a domain member server.
2012-07-12 16:43:51 +02:00
Günther Deschner
e75c436fe6 s3-passdb: trying to decouple passdb and secrets a little.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Jan 18 14:46:18 CET 2012 on sn-devel-104
2012-01-18 14:46:18 +01:00
Michael Adam
8b4dd99dae s3:passdb: convert machine_sid to use dbwrap wrapper functions only
Avoid direct use of the db_record and db_context structs.
2011-10-11 14:17:57 +02:00
Michael Adam
0b5c4a601a s3:dbwrap: move all .c and .h files of dbwrap to lib/dbwrap/
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Fri Jul 29 13:34:22 CEST 2011 on sn-devel-104
2011-07-29 13:34:22 +02:00
Andrew Bartlett
74eed8f3ed s3-param Remove special case for global_myname(), rename to lp_netbios_name()
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.

Andrew Bartlett
2011-06-09 12:40:09 +02:00
Günther Deschner
2f36ef7225 s3-passdb: add passdb.h where needed.
Guenther
2011-03-30 01:13:07 +02:00
Volker Lendecke
16b007c223 Quite some callers of sid_split_rid do not care about the rid 2011-03-10 18:48:34 +01:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Günther Deschner
4dbd743e46 s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.
Guenther
2010-09-20 14:04:37 -07:00
Günther Deschner
7a05ca2c9c s3-build: use dbwrap.h only where needed.
Guenther
2010-08-26 00:25:55 +02:00
Günther Deschner
c136b84f0d s3-secrets: only include secrets.h when needed.
Guenther
2010-08-05 10:12:25 +02:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 10:39:59 +02:00
Volker Lendecke
abbd0f9195 s3: Make use of ZERO_STRUCTP 2010-02-05 21:11:17 +01:00
Volker Lendecke
3ea602a7c3 s3: Remove a pointless if-statement 2010-02-05 21:11:17 +01:00
Volker Lendecke
1cd7223b8e s3: Fix some nonempty blank lines 2010-02-05 21:11:17 +01:00
Jelmer Vernooij
1b99d8fbb5 Use common util_file code. 2008-10-12 17:34:43 +02:00
Stefan Metzmacher
663eb087e6 passdb: guard pdb_generate_sam_sid() with a transaction
This prevents possible races with some dbwrap backends

metze
(This used to be commit 9322442510)
2008-04-01 14:04:20 +02:00
Volker Lendecke
3176392878 Fix some warnings
warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result
(This used to be commit ad37b7b0ae)
2008-02-25 16:09:26 +01:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
James Peach
b1ce226af8 r23510: Tidy calls to smb_panic by removing trailing newlines. Print the
failed expression in SMB_ASSERT.
(This used to be commit 171dc060e2)
2007-10-10 12:23:23 -05:00
James Peach
d7041fedc8 r22631: Remove the possibility of sid_check_is_domain and
sid_check_is_in_our_domain getting out of sync.
(This used to be commit bbc102172a)
2007-10-10 12:19:51 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Volker Lendecke
05ac2de0df r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm
reacts :-)

Volker
(This used to be commit 9f99d04a54)
2007-10-10 11:05:43 -05:00
Gerald Carter
3c47e65e93 r7577: switching to macro for IS_DC
(This used to be commit e6df9a7ac7)
2007-10-10 10:57:14 -05:00
Volker Lendecke
83e11ba86c r6263: Get rid of generate_wellknown_sids, they are const static and initializable
statically.

Volker
(This used to be commit 3493d9f383)
2007-10-10 10:56:33 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Andrew Bartlett
9d0783bf21 r1492: Rework our random number generation system.
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().

For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation.  This removes the 'need_reseed'
parameter from generate_random_buffer().

Andrew Bartlett
(This used to be commit 36741d3cf5)
2007-10-10 10:52:13 -05:00
Andrew Bartlett
9e2a098a0a Fix bug in previous global_sam_sid() commit. I broke the 'read from
MACHINE.SID' file functionality.

Also, before we print out the results of 'net getlocalsid' and 'net
getdomainsid', ensure we have tried to read that file, or have
generated one.

Andrew Bartlett
(This used to be commit 191b43159e)
2004-02-25 23:12:29 +00:00
Andrew Bartlett
56bd63b1cd I *hate* global variables...
OK, what was happening here was that we would invalidate global_sam_sid
when we set the sid into secrets.tdb, to force a re-read.

The problem was, we would do *two* writes into the TDB, and the second one
(in the PDC/BDC case) would be of a NULL pointer.  This caused smbd startups
to fail, on a blank TDB.

By using a local variable in the pdb_generate_sam_sid() code, we avoid this
particular trap.

I've also added better debugging for the case where this all matters, which
is particularly for LDAP, where it finds out a domain SID from the sambaDomain
object.

Andrew Bartlett
(This used to be commit 86ad04d26d)
2004-02-25 22:01:02 +00:00
Volker Lendecke
42f763e6f0 Fix the build & get rid of a compiler warning.
Volker
(This used to be commit 38c9b775ce)
2004-02-09 14:43:18 +00:00
Andrew Bartlett
46975eb92f When we set a domain sid, force get_global_sam_sid() to do it's work again.
This should ensure that the value it returns is always consistant.

Andrew Bartlett
(This used to be commit a4392ede33)
2004-02-08 11:05:34 +00:00
Volker Lendecke
e48ebd09ff Better panic cleanly than segfault later when no sid can be found and created.
Everybody who calls get_global_sam_sid expects this to return non-NULL, and
there are way too many places where this is called.

Volker
(This used to be commit 2dfa896e6f)
2003-06-18 08:42:04 +00:00
Andrew Bartlett
f071020f5e Merge from HEAD - save the type of channel used to contact the DC.
This allows us to join as a BDC, without appearing on the network as one
until we have the database replicated, and the admin changes the configuration.

This also change the SID retreval order from secrets.tdb, so we no longer
require a 'net rpc getsid' - the sid fetch during the domain join is sufficient.
Also minor fixes to 'net'.

Andrew Bartlett
(This used to be commit 876e00fd11)
2003-04-21 14:09:03 +00:00
Jeremy Allison
2f194322d4 Removed global_myworkgroup, global_myname, global_myscope. Added liberal
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8)
2002-11-12 23:20:50 +00:00
Gerald Carter
a834a73e34 sync'ing up for 3.0alpha20 release
(This used to be commit 65e7b5273b)
2002-09-25 15:19:00 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Jeremy Allison
6a64206a27 Fix from Stefan "metze" Metzmacher <metze@metzemix.de> to prevent us
overwriting an old MACHINE.SID sid.
Jeremy.
(This used to be commit 896d4fac98)
2002-04-02 07:45:19 +00:00
Jeremy Allison
b0ace3183f Remove a stub function I forgot to fill in.
Jeremy.
(This used to be commit d08cbcbc5d)
2002-03-13 00:47:26 +00:00
Jeremy Allison
8cb4e34b3a Removed unused var.
Jeremy.
(This used to be commit 45bf5f6c05)
2002-03-12 02:33:31 +00:00
Jeremy Allison
0235736212 Ensure, if we're a PDC or BDC, that the SID stored for the domain name
and the machine name are identical.
Jeremy.
(This used to be commit 87e6b08964)
2002-03-12 02:26:33 +00:00
Andrew Tridgell
02a601b98c rewrote the machine sid storage code to store the SID in secrets.tdb
rather than MACHINE.SID. We try to load MACHINE.SID only if we can't
fetch the SID from secrets.tdb

This also fixes the value of global_sam_sid for the DC/non-DC case
(This used to be commit bcd018f07c)
2002-03-10 01:44:21 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
Andrew Bartlett
03b0f3b106 Use lp_private_dir() not magic on the lp_smb_passwd_file() output.
(This used to be commit 65ae05ce63)
2001-09-19 08:21:12 +00:00
Andrew Tridgell
527e824293 strchr and strrchr are macros when compiling with optimisation in gcc, so we can't redefine them. damn.
(This used to be commit c41fc06376)
2001-07-04 07:36:09 +00:00
Gerald Carter
9fede0dc0d Large commit which restructures the local password storage API.
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)

The following functions implement the storage manipulation interface

/*The following definitions come from  passdb/pdb_smbpasswd.c  */

BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);

There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members.  Note that the struct
passdb_ops {} has gone away.  Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file.  All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.

I'll write some documentation for this later.  The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.

What works and may not:

	o domain logons from Win9x 	works
	o domain logons from WinNT 4	works
	o user and group enumeration
		as implemented by Tim	works
	o file and print access		works
	o changing password from
		Win9x & NT		ummm...i'll fix this tonight :)

If I broke anything else, just yell and I'll fix it.  I think it
should be fairly quite.





-- jerry
(This used to be commit 0b92d0838e)
2000-11-13 23:03:34 +00:00