1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

1156 Commits

Author SHA1 Message Date
Volker Lendecke
25f1710991 r20998: Fix debug message
(This used to be commit a5a1c8c785)
2007-10-10 12:17:25 -05:00
Gerald Carter
78f5f4b260 r20985: leave room for terminating NULL when printing password hashes via 'pdbedit -L -w'
(This used to be commit 2a7311db27)
2007-10-10 12:17:22 -05:00
Volker Lendecke
b385a40f59 r20851: To read account policies from LDAP we need root.
Volker
(This used to be commit b48ea4d777)
2007-10-10 12:17:13 -05:00
Volker Lendecke
b906886e9e r20824: Send access to the trusted domain passwords through the pdb backend, so that
in the next step we can store them in LDAP to be replicated across DCs.

Thanks to Michael Adam <ma@sernet.de>

Volker
(This used to be commit 3c879745cf)
2007-10-10 12:17:10 -05:00
Volker Lendecke
dbea3a2b6f r20707: Clean up pdb_interface.c a bit -- patch from Michael Adam <ma@sernet.de>
(This used to be commit d78c18a9fa)
2007-10-10 12:17:04 -05:00
Volker Lendecke
69272c9b04 r20644: Make some functions static, thanks to Michael Adam <ma@sernet.de> for the hint.
(This used to be commit f1f5d035db)
2007-10-10 12:17:01 -05:00
Volker Lendecke
5740f6910e r20614: Dummy-checkin to trigger the build
(This used to be commit 7e444e1612)
2007-10-10 12:16:58 -05:00
Andrew Bartlett
adb3a63943 r20402: Fix spelling: samba bug #4292 debian #402392
(This used to be commit e43aa4e03d)
2007-10-10 12:16:46 -05:00
Simo Sorce
91626a4497 r20243: Make lookup_name resolve both the mapped and the real unix group name
(This used to be commit 7167e7b26a)
2007-10-10 12:16:35 -05:00
Volker Lendecke
494a6e7658 r20212: Attempt to fix the Solaris build
(This used to be commit 902d81becb)
2007-10-10 12:16:32 -05:00
Simo Sorce
35a3773a6d r20169: Support for fallback to legacy mapping code was not completely tested.
Add necessary fixes.
(This used to be commit 4a81ee9608)
2007-10-10 12:16:28 -05:00
Simo Sorce
4225f9a4bd r20116: Start merging in the work done to create the new idmap subsystem.
Simo.
(This used to be commit 50cd8bffee)
2007-10-10 12:16:25 -05:00
Jeremy Allison
63609fbb04 r20090: Fix a class of bugs found by James Peach. Ensure
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e)
2007-10-10 12:16:24 -05:00
Volker Lendecke
d746c3b781 r19945: Fix a segfault -- lookup_rids needs to init the names even on failure
(This used to be commit eba404e668)
2007-10-10 12:16:14 -05:00
Volker Lendecke
817151c87f r19943: Fix bug 4267 -- Thanks to David!
(This used to be commit 714971b34a)
2007-10-10 12:16:12 -05:00
Gerald Carter
cd41945acc r19579: BUG 4075: patch from Dmitry Butskoy <dmitry@butskoy.name>.
Allow smbd to use winbindd to lookup uids/gids outside the
idmap range if 'winbind trusted domains only = yes'
(This used to be commit 5b3ac400a7)
2007-10-10 12:15:42 -05:00
Gerald Carter
2145eff91d r19419: BUG 4109: Patch from Timur Bakeyev. Fix bug causing smbd to turn off
winbindd and fail to disable the _NO_WINBIND environment.
(This used to be commit a6366b40b3)
2007-10-10 12:15:34 -05:00
Volker Lendecke
d193fa1a4d r19083: Fix objectclass
(This used to be commit 6c4d68d849)
2007-10-10 12:15:09 -05:00
Jim McDonough
dc1f0804dd r19058: Implement "user cannot change password", and complete "user must change
password at next logon" code.  The "password last set time" of zero now
means "user must change password", because that's how windows seems to
use it.  The "can change" and "must change" times are now calculated
based on the "last set" time and policies.

We use the "can change" field now to indicate that a user cannot change
a password by putting MAX_TIME_T in it (so long as "last set" time isn't
zero).  Based on this, we set the password-can-change bit in the
faked secdesc.
(This used to be commit 21abbeaee9)
2007-10-10 12:15:06 -05:00
Jim McDonough
e04dda6a2a r18722: Fix up password change times. The can change and must change times are
calculated based on the last change time, policies, and acb flags.

Next step will be to not bother storing them.  Right now I'm just trying to
get them reported correctly.
(This used to be commit fd5761c9e5)
2007-10-10 12:00:52 -05:00
Günther Deschner
a3e1f7e44d r18703: Fix the annoying effect that happens when nscd is running:
We usually do not get the results from user/group script modifications
immediately. A lot of users do add nscd restart/refresh commands into
their scripts to workaround that while we could flush the nscd caches
directly using libnscd.

Guenther
(This used to be commit 7db6ce295a)
2007-10-10 12:00:49 -05:00
Gerald Carter
3c222089ed r18684: pdb_get_group_sid() has to use the Get_Pwnam_alloc() call
to ensure it finds the Unix user.
(This used to be commit 4cea9bfca1)
2007-10-10 12:00:47 -05:00
Jelmer Vernooij
4e7d11449a r18654: Rename "struct uuid" => "struct GUID" for consistency.
(This used to be commit 5de76767e8)
2007-10-10 11:52:19 -05:00
Volker Lendecke
fcec9a23e9 r18527: Janitor for Jeremy ;-)
(This used to be commit d72ba9ed12)
2007-10-10 11:51:46 -05:00
Jeremy Allison
b3b207e966 r18483: Ensure all pdb_XXX calls are wrapped in become_root()/unbecome_root()
pairs. Should fix bug #4097.
Jeremy.
(This used to be commit f787b9d156)
2007-10-10 11:51:44 -05:00
Volker Lendecke
716f7245d9 r18313: Nobody said "no" (yet.... gd?), so commit it:
Remove the account_policy_migrated() thingy, and make cache_account_policy_set
use gencache. Account policies are now handled like groups and users are with
respect to "passdb backend".

Volker
(This used to be commit fa8b2e2a58)
2007-10-10 11:51:19 -05:00
Gerald Carter
2b27c93a9a r18271: Big change:
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
  gen_ndr/ndr_security.c in SAMBA_4_0

The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28)
2007-10-10 11:51:18 -05:00
Gerald Carter
e53dfa1f4a r17971: Disable storing SIDs in the S-1-22-1 and S-1-22-2 domain to the SID<->uid/gid cache. FIxes a bug in token creation
(This used to be commit fa05708789)
2007-10-10 11:39:44 -05:00
Volker Lendecke
3bc4fd1bb9 r17924: Get rid of warnings now that talloc is merged.
Destructors now take a pointer to the "real" destroyed object as an argument.

Volker
(This used to be commit 70edd716ef)
2007-10-10 11:38:59 -05:00
Volker Lendecke
b9142f20df r17831: Attempt to fix the build farm: 0x7fffffffffffffff needs special casing too I
think. This broke 'make test' because the newly created user was set to be
kicked off Mi, 22 Jan 1975 23:55:33 CET (unix time 159663333) with the
setuserinfo21 call.

I'm not 100% sure that 0x7ff... means max time as I do it here, I vaguely
remember it to mean "don't touch".

Does anybody know that for sure?

Jeremy, please check this.

Thanks,

Volker
(This used to be commit 872d1299eb)
2007-10-10 11:38:52 -05:00
Gerald Carter
f8f1ed21db r17815: Revert Volker's change in 16014. I really do not believe
the this should be necessary.  If there is still a bug,
I believe that setting thr group RID from the passdb is
masking it.  Not fixing it.  It is very likely that
the change was necessary before but is no longer
with the recent changes.  But I'm not taking the chance
of merging it to 3.0.23c. :-)
(This used to be commit 1a5b90f3c1)
2007-10-10 11:38:51 -05:00
Gerald Carter
40b1bd3091 r17813: Remove another instance of manually setting the group SID.
The would have been primaryly used when adding a user to
an smbpasswd file, but could have been introduce to other
backends by using pdbedit -i -e.

The symptom was

[2006/08/09 13:07:43, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(6276)
  init_sam_user_info_21A: User nobody has Primary Group SID S-1-22-2-99,
  which conflicts with the domain sid S-1-5-21-1825997848-4107600307-1754506280.
  Failing operation.
(This used to be commit 0a3aa8b43a)
2007-10-10 11:38:51 -05:00
Gerald Carter
d190f71b83 r17709: Fix cut-n-paste error with the name of gid_to_unix_group_sid().
(This used to be commit dda0b8bce6)
2007-10-10 11:38:46 -05:00
Gerald Carter
4a6a574eb4 r17673: volker's patch for re-adding Getpwnam() lookups to smbpasswd backend (I hate username level)
(This used to be commit 0939b6e20c)
2007-10-10 11:38:46 -05:00
Gerald Carter
c9f9c65050 r17669: Remove RID algorithm support from unmapped users and groups
when using smbpasswd
(This used to be commit dde552336c)
2007-10-10 11:38:45 -05:00
Volker Lendecke
d0301937ed r17592: Remove some unused functions pointed out by John E. Malmberg, make
do_file_lock static to pdb_smbpasswd.c, the only user of it.

Volker
(This used to be commit 543f77a45f)
2007-10-10 11:38:41 -05:00
Volker Lendecke
03e3cd1d5a r17554: Cleanup
(This used to be commit 761cbd52f0)
2007-10-10 11:38:38 -05:00
Volker Lendecke
76362d0d33 r17468: To minimize the diff later on, pre-commit some changes independently: Change
internal mapping.c functions to return NTSTATUS instead of BOOL.

Volker
(This used to be commit 4ebfc30a28)
2007-10-10 11:38:36 -05:00
Volker Lendecke
d802774e02 r17465: Get rid of add_initial_entry. In the two places it was called in it seemed a
bit pointless to me.

Volker
(This used to be commit 244b25ae49)
2007-10-10 11:38:36 -05:00
Volker Lendecke
e1e62d8999 r17463: A bit of cleanup work:
Remove some unused code: pdb_find_alias is not used anymore, and nobody I
think has ever used the pdb_nop operations for group mapping. smbpasswd and
tdb use the default ones and ldap has its own.

Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right
now really makes use of it, but it feels wrong to throw away information so
early.

Volker
(This used to be commit f9856f6490)
2007-10-10 11:38:36 -05:00
Volker Lendecke
ff7c0a7c35 r17451: Change pdb_getgrsid not to take a DOM_SID but a const DOM_SID * as an
argument.

Volker
(This used to be commit 873a5a1211)
2007-10-10 11:38:34 -05:00
Jeremy Allison
43c7f6d1d1 r17407: Don't do strchr_m twice when once will do.
Jeremy.
(This used to be commit b5f0b1b644)
2007-10-10 11:38:32 -05:00
Volker Lendecke
6361d151a4 r17406: We need to do a translation of winbind separator -> '\\' in
lookup_name_smbconf, otherwise

force user = domain+administrator

can not work. Also attempt to fix the 'valid users = domain+group' bug at the
same time.

Volker
(This used to be commit 255475901c)
2007-10-10 11:38:32 -05:00
Volker Lendecke
7cc7fc51c6 r17404: Is this XP (extreme programming)? :-)
With lp_workgroup we end up with remote names again...

Volker
(This used to be commit 250b9f3531)
2007-10-10 11:38:32 -05:00
Gerald Carter
f8aa6abb68 r17403: add a helpful debug msg
(This used to be commit 63325b3687)
2007-10-10 11:38:32 -05:00
Jeremy Allison
f8aa1c75f4 r17402: Added lookup_name_smbconf() to be called when looking
up names from smb.conf. If the name is unqualified it
causes the lookup to be done in WORKGROUP\name, then
"Unix [users|groups]"\name rather than searching the
domain. Should fix the problems with "force user"
selecting a domain user by preference.
Jeremy.
(This used to be commit 1e1fcb5eb2)
2007-10-10 11:38:31 -05:00
Gerald Carter
9bfa22a502 r17271: Fix a regression in the ldapsam uri syntax.
Allow multiple LDAP URIs to be grouped by  ""
(This used to be commit 21d69dcb3c)
2007-10-10 11:38:23 -05:00
Gerald Carter
382b088193 r17246: BUG 3964: lower case username prior to getpwnam() call in smbpasswd
(This used to be commit dc4fec1f7d)
2007-10-10 11:38:22 -05:00
Gerald Carter
9f6fb43eee r17150: MMC User & group plugins fixes:
* Make sure to lower case all usernames before
  calling the create, delete, or rename hooks.
* Preserve case for usernames in passdb
* Flush the getpwnam cache after renaming a user
* Add become/unbecome root block in _samr_delete_dom_user()
  when trying to verify the account's existence.
(This used to be commit bbe11b7a95)
2007-10-10 11:38:16 -05:00
Volker Lendecke
d2b11041b2 r17075: Even without talloc_steal you can still create memory problems.... ;-)
(This used to be commit 03e9924f5c)
2007-10-10 11:38:10 -05:00