1
0
mirror of https://github.com/samba-team/samba.git synced 2025-07-23 20:59:10 +03:00
Commit Graph

167 Commits

Author SHA1 Message Date
f5974dfaae Found out a good number of NT_STATUS_IS_ERR used the wrong way.
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK

This patch will cure the problem.
Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is
used correctly, but I'm not 100% sure, coders should check the use of
NT_STATUS_IS_ERR() in samba is ok now.

Simo.
(This used to be commit c501e84d41)
2003-06-22 10:09:52 +00:00
75a5c0b307 Ok, this patch removes the privilege stuff we had in, unused, for some time.
The code was nice, but put in the wrong place (group mapping) and not
supported by most of the code, thus useless.

We will put back most of the code when our infrastructure will be changed
so that privileges actually really make sense to be set.

This is a first patch of a set to enhance all our mapping code cleaness and
stability towards a sane next beta for 3.0 code base

Simo.
(This used to be commit e341e7c49f)
2003-06-18 15:24:10 +00:00
2153494966 Setting account policy values is done using -C, not -V. Fixes bug #120
(This used to be commit daf443757b)
2003-05-29 22:00:54 +00:00
6abef08100 Fix obvious compiler warnings.
Jeremy.
(This used to be commit 2a6d0c2481)
2003-05-12 21:27:54 +00:00
c823b191ab And finally IDMAP in 3_0
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.

Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.

The code has been tested and seem to work right, more testing is needed for
corner cases.

Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)

Simo.
(This used to be commit 0e58085978)
2003-05-12 18:12:31 +00:00
ca40b71686 Make it possible to actually use --user-SID and --group-SID on a standard command line.
Andrew Bartlett
(This used to be commit dd14da7566)
2003-05-12 00:17:44 +00:00
0914e541f5 Reverse previous patch from Stefan and me after comments by Andrew Bartlett
(This used to be commit d817eaf0ec)
2003-05-10 11:49:51 +00:00
c507ebe567 Patch from metze and me that adds dummy smb_register_*() functions so
that is now possible to, for example, load a module which contains
an auth method into a binary without the auth/ subsystem built in.
(This used to be commit 74d9ecfe2d)
2003-05-10 10:53:48 +00:00
281d95e2f3 Use a common function to create the SAM_ACCOUNT being used to add accounts
to the system.  This means that we always run Get_Pwnam(), and can never add
FOO when foo exists on the system (the idea is to instead add foo into
the passdb, using it's full name, RID etc).

Andrew Bartlett
(This used to be commit bb79b127e0)
2003-04-29 09:43:17 +00:00
43b3ea968b back port from HEAD
(This used to be commit f7cfdf20b7)
2003-04-26 01:15:57 +00:00
63cbbe2692 Merge Jelmer's popt updates from HEAD.
(This used to be commit 98e84b3e83)
2003-04-14 03:30:20 +00:00
7d4bfa0eda Implement abartlet's suggestion to add attribs to ldap if they
are 'SET' when adding the account.

I really don't like passing flags down to inner routines and
complicated if/else conditions, but this time he might be right. ;-)

Volker
(This used to be commit 339c149068)
2003-03-23 14:20:21 +00:00
b8d83f7cdb This does two things:
* pdbedit -i -e sets all SAM_ACCOUNT elements
  to CHANGED to satisfy the new pdb_ldap.c handling

* pdbedit -g transfers group mappings. I made this
  separate from the user database, as current installations
  have to live with a split backend.

  So, if you are running 3_0 alphas with LDAP as a backend
  and upgrade to the next 3_0 alpha, you should call

  pdbedit -i tdbsam -e ldapsam -g

  to transfer your group mapping database to LDAP.

  You certainly have to have all your groups as posixGroup
  objects in LDAP and adapt the LDAP schema before this
  call.

Volker
(This used to be commit 09a3db0ffc)
2003-03-23 11:50:16 +00:00
d5ee9b2f48 Jeremy merged across my string parinoia fixes, but forgot to enable them! :-)
This patch catches up on the rest of the work - as much string checking
as is possible is done at compile time, and the rest at runtime.

Lots of code converted to pstrcpy() etc, and other code reworked to correctly
call sizeof().

Andrew Bartlett
(This used to be commit c5b604e2ee)
2003-03-18 11:22:52 +00:00
13f65125ac Invert flag testing
(This used to be commit 05397c526d)
2003-02-07 08:03:37 +00:00
21ee739b83 merge from HEAD
(This used to be commit 4ef6de20cb)
2003-02-06 17:10:38 +00:00
d034ba5ce1 Fix memory leak. Thanks, Herb!
Volker
(This used to be commit 434e496289)
2003-01-07 20:55:43 +00:00
b59dc9ee58 Merge from HEAD.
Volker
(This used to be commit 7977a025ae)
2003-01-07 10:39:23 +00:00
634c54310c Merge from HEAD - make Samba compile with -Wwrite-strings without additional
warnings.  (Adds a lot of const).

Andrew Bartlett
(This used to be commit 3a7458f947)
2003-01-03 08:28:12 +00:00
af9599e3c4 Revert by Simo's request. HEAD and 3.0 should be in sync for
this except for the modules load.
Jeremy.
(This used to be commit 388cf13648)
2002-12-28 19:48:59 +00:00
e114e03d3f Patch for coredump with missing arg from "Bradley W. Langhorst" <brad@langhorst.com>
Jeremy.
(This used to be commit 0958a2ae73)
2002-12-28 01:23:38 +00:00
2f194322d4 Removed global_myworkgroup, global_myname, global_myscope. Added liberal
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8)
2002-11-12 23:20:50 +00:00
6d7195d1d7 Merge passdb from HEAD -> 3.0
The work here includes:
 - metze' set/changed patch, which avoids making changes to ldap on unmodified
attributes.

 - volker's group mapping in passdb patch

 - volker's samsync stuff
 - volkers SAMR changes.

 - mezte's connection caching patch

 - my recent changes (fix magic root check, ldap ssl)

Andrew Bartlett
(This used to be commit 2044d60bbe)
2002-11-02 03:47:48 +00:00
9b6cd7db77 sync with head...
(This used to be commit 9daaf66754)
2002-10-28 19:48:00 +00:00
7d1eb6f7b6 sync with HEAD
(This used to be commit ee9cbf5807)
2002-09-26 18:58:34 +00:00
a834a73e34 sync'ing up for 3.0alpha20 release
(This used to be commit 65e7b5273b)
2002-09-25 15:19:00 +00:00
f0255b38bc sync 3.0 branch with HEAD
(This used to be commit 1b83b78e33)
2002-08-17 14:45:04 +00:00
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
050b80356e second step to gain free uid<->rid mapping
we still need to free gid<->rid mapping and few other stuff
(This used to be commit aa4b6f8181)
2002-03-19 13:57:53 +00:00
32334bc655 more verbose checking in talloc and util_pw
fixed tdbsam memory corruption (and segfault)
reducing calls to pdb_uid_to_user_rid and countrary to 0 to move to a non alghoritmic rid allocation with some passdb modules.
(This used to be commit 9836af7cd6)
2002-03-18 23:57:14 +00:00
f3ee505fce Initialise some SAM_ACCOUNT structs to NULL, and add some more error checking.
Andrew Bartlett
(This used to be commit f3f375dc6b)
2002-01-31 11:38:47 +00:00
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
26073c4aec Give pdbedit a -D paramater for setting the DEBUGLEVEL (makes debugging passdb
much saner :-).

Change to pdb_init_sam()/pdb_free_sam() loop rather than reset based due to
the talloc basis.

Andrew Bartlett
(This used to be commit e40a0a7f27)
2002-01-27 03:00:56 +00:00
3e29c28a0b Try to get the compiler not to complain about assignments and truth values...
Andrew Bartlett
(This used to be commit 6650b21cea)
2002-01-26 05:53:07 +00:00
158efc3aa2 getpwnam -> getpwnam_alloc.
idra has promised not to revert these this time :-)
(This used to be commit f556ad67e8)
2002-01-23 12:59:24 +00:00
1a74d8d1f0 This is another *BIG* change...
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem.  In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.

This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime.  The 'passdb backend' paramater
has been created (and documented!) to support this.

As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.

This patch also introduces two new backends:  smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd.  These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.

While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly).  Most of this was
to do with % macro expansion on stored data.  It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them.  tdbsam needs
to use a similar system to pdb_ldap in this regard.

This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these.  I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.

Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.

The non-unix-account support in this patch has been proven!  It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!

Other changes:

Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.

pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend).  Extra checks have been added in
some places.

Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.

pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.

The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly.  This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.

Doco:

I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c5)
2002-01-20 14:30:58 +00:00
dbee612f71 Change the passdb interface to use allocated strings.
These strings are allocated using talloc(), either using its own memory context
stored on the SAM_ACCOUNT or one supplied by the caller.

The pdb_init_sam() and pdb_free_sam() function have been modifed so that a call
to pdb_free_sam() will either clean up (remove hashes from memory) and destroy
the TALLOC_CTX or just clean up depending on who supplied it.

The pdb_init_sam and pdb_free_sam functions now also return an NTSTATUS, and I
have modified the 3 places that actually checked these returns.

The only nasty thing about this patch is the small measure needed to maintin
interface compatability - strings set to NULL are actually set to "".

This is becouse there are too many places in Samba that do strlen() on these
strings without checking if they are NULL pointers.

A supp patch will follow to set all strings to "" in pdb_default_sam().

Andrew Bartlett
(This used to be commit 144345b41d)
2002-01-15 01:02:13 +00:00
f1256e847e merge changes from 2.2 branch to prevent smb.conf from changing debug level
of commands when specified on command line.
(This used to be commit 39d6b31e14)
2002-01-07 21:32:22 +00:00
a3f891dbd2 Actually enforce the passdb API.
Thou shalt not reference SAM_ACCOUNT members directly - always use
pdb_get/pdb_set.

This is achived by making the whole of SAM_ACCOUNT have a .private member,
where the real members live.  This caught a pile of examples, and these have
beeen fixed.

The pdb_get..() functions are 'const' (have been for some time) and this
required a few small changes to constify other functions.

I've also added some debugs to the pdb get and set, they can be removed if
requested.

I've rewritten the copy_id2x_to_sam_pass() functions to use the new passdb
interface, but I need the flags info to do it properly.

The pdb_free_sam() funciton now blanks out the LM and NT hashes, and as such
I have removed many extra 'samr_clear_sam_passwd(smbpass)' calls as a result.

Finally, any and all testing is always appriciated - but the basics seem to
work.

Andrew Bartlett
(This used to be commit d3dd28f6c4)
2002-01-02 07:41:54 +00:00
a18387851c reverted to 1.24 and manually merged in changes from 2.2
(This used to be commit 466f515240)
2001-12-31 14:39:26 +00:00
871f1791c6 fix compile error
(This used to be commit c946c6bbc8)
2001-12-31 02:04:08 +00:00
7fdb821ef3 some merges from 2.2. Still need to merge in changes from pdb_tdb.c
but it will take more time as I don't want to loose any fixes that
are only in HEAD.
(This used to be commit efcde5d9d8)
2001-12-31 00:06:51 +00:00
04aff47c71 moving SAM_ACCOUNT to include a bit field for initialized
members (such as uid and gid).  This way we will be able to
keep ourselves from writing out default smb.conf settings when
the admin doesn't want to,  That part is not done yet.

Tested compiles with ldap/tdb/smbpasswd.  Tested connection with smbpasswd
backend.

oh...and smbpasswd doesn'y automatically expire accounts after 21 days
from the last password change either now.  Just ifdef'd out that code
in build_sam_account().

Will merge updates into 2.2 as they are necessary.




jerry
(This used to be commit f0d4379115)
2001-12-27 06:38:04 +00:00
2e686c98d1 Minor typos
(This used to be commit 1c9d951f86)
2001-11-25 18:54:04 +00:00
79b34d1b11 Removed TimeInit() call from every client program (except for one place
in smbd/process.c where the timezone is reinitialised.  Was replaced with
check for a static is_initialised boolean.
(This used to be commit 8fc772c9e5)
2001-11-23 00:52:29 +00:00
f741f65673 Store some path names in global variables initialized to configure
default, rather than in preprocessor macros.
(This used to be commit 79ec88f0da)
2001-11-19 02:49:53 +00:00
8ae815e31e Fix up pdbedit so that it at least compiles without warnings.
- Basic functionality intact
 - Now adds machine accounts without a uid.  (using the machine uid range to
   avoid conflict with real uid based accounts)
(This used to be commit 09d2e05d26)
2001-11-04 01:09:04 +00:00
f8e2baf39e Added NT_USER_TOKEN into server_info to fix extra groups problem.
Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
(This used to be commit ee5e7ca547)
2001-11-03 23:34:24 +00:00
192a8f9a3e clear errno before a call, tdbsam will not update it.
just a hack to make things work.
(This used to be commit fd1bc3557a)
2001-10-29 13:31:01 +00:00
dc1fc3ee8e Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.
(This used to be commit 2d0922b0ea)
2001-10-02 04:29:50 +00:00