summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2003-07-01removing nisplussamGerald Carter3-1538/+2
(This used to be commit f75683995cf0d17df55a70dacd72ab2d6cd17989)
2003-07-01* fixed volker's wbinfo -a lockup again. This one was my fault.Gerald Carter2-61/+63
It was caused by the winbind_ping() call in is_trusted_domain() o if we are a DC then we check our own direct trust relationships we have to rely on winbindd to update the truatdom_cache o if we are a domain member, then we can update the trustdom_cache ourselves if winbindd is not there (This used to be commit 22dfcafb37f7109dc455f4fb6323a25ba4f097bc)
2003-07-01initial draft of changesetGerald Carter1-31/+123
(This used to be commit 0988e30ceaa76a165130e2fcb1785f2fac398b28)
2003-07-01applying fix for group map conversion (patch from Kristyan Osborne)Gerald Carter1-1/+1
(This used to be commit 6237fae9b8407ee04226b984a932150799191d29)
2003-07-01fix compile problem with nisplussamGerald Carter2-13/+20
(This used to be commit 2f7051e2bcaaa45a7315208fc9b5812e6ed657d9)
2003-07-01Different fix for memleak just committed. This belongs intoVolker Lendecke3-4/+1
tdb_search_list_free. Volker (This used to be commit 0f3822c8e71426983b960ad49511efa8707159f9)
2003-07-01Fix two memory leaks. tdb_search_keys allocates space for the keyVolker Lendecke2-0/+4
strings. Running 'net cache list' or secrets_get_trusted_domains through valgrind gives a *huge* amount of invalid reads of one byte beyond the indicated string length in libc's strncpy. Annoying... Volker (This used to be commit 0f8933ae778064ff58cdc832ce52c843631435bb)
2003-07-01Fix a segfault found by metze & valgrind...Volker Lendecke1-3/+5
Don't overwrite past the end of a string. Volker (This used to be commit f036368efdcbe576552ea85a78e5e6199a2b2c6d)
2003-07-01Don't set a mapping that is already there.Volker Lendecke1-0/+15
Volker (This used to be commit 9d317fb533c5236bef1701d322abd537beea02d5)
2003-07-01Grr, the order of these arguments mattersAndrew Bartlett1-2/+2
(This used to be commit 6babc35ef9c62a48a56ef63945d09e7e06229666)
2003-07-01Make smbpasswd use the higher log level for the second run - this shouldAndrew Bartlett1-2/+2
help us debug failures in smbpasswd. Andrew Bartlett (This used to be commit dcdbd530a6c74ecf09a96067c40be5813dd646c8)
2003-07-01fix typos in log messages and comments.Gerald Carter2-3/+3
(This used to be commit fd24183ec30688f3699e466bd4d908b24918e328)
2003-07-01* revert change to get_global_sam_name()Gerald Carter2-11/+28
* add get_default_sam_name() to be used by make_user_info_map() * add comments describing get_*_sam_name() (This used to be commit 90470366ea4bdb8021a3453c4bbeb29f009668c1)
2003-07-01* fix the trustdom_cache to work when winbindd is not running.Gerald Carter6-39/+250
smbd will update the trustdom_cache periodically after locking the timestamp key (This used to be commit 7bc4b65b91f98271089335cc301146d5f0c76c3a)
2003-07-01Fixed the latest complaint from jcmd :-). We were storing -1 for theJeremy Allison1-6/+10
CREATOR_OWNER/CREATOR_GROUP uid/gid entries in the SAMBA_PAI attribute. Creator Owner and Creator group now show up as inherited correctly (I think :-). Jim please test. Jeremy. (This used to be commit dbbd8dd15582f95fb9c160c6c42ce9f0971ac4b7)
2003-06-30Merge of Volkers patch to make the logic clearer (with my mod).Jeremy Allison2-45/+45
Jeremy. (This used to be commit 1714eb6bef627ebcfb6db03e58fdd02ea502c6e1)
2003-06-30Fix missing ret = found by Volker.Jeremy Allison1-1/+1
Jeremy. (This used to be commit ba112bb3fdb4e81d8f6ab1ccc4a68960f71ccb23)
2003-06-30* cleanup more DC name resolution issues in check_*domain_security()Gerald Carter8-306/+167
* is_trusted_domain() is broken without winbind. Still working on this. * get_global_sam_name() should return the workgroup name unless we are a standalone server (verified by volker) * Get_Pwnam() should always fall back to the username (minus domain name) even if it is not our workgroup so that TRUSTEDOMAIN\user can logon if 'user' exists in the local list of accounts (on domain members w/o winbind) Tested using Samba PDC with trusts (running winbindd) and a Samba 3.0 domain member not running winbindd. notes: make_user_info_map() is slightly broken now due to the fact that is_trusted_domain() only works with winbindd. disabled checks temporarily until I can sort this out. (This used to be commit e1d6094d066d4c16ab73075caba40a1ae6c56b1e)
2003-06-30Valgrind found a bug (subtracting a pointer from a length rather than theJeremy Allison1-1/+1
length of what the pointer points to). Jeremy. (This used to be commit 492a96e9922c1ef96b967f2965f8bba1f5bc8f23)
2003-06-30Finally ! Fixed the ACL ordering bug reported by jcmd. I realised we wereJeremy Allison2-27/+125
not sorting returned ACE's correctly w.r.t. W2K - implemented the correct algorithm. Jeremy. (This used to be commit fa23a4158ec23c0b8dbdc6c53f29958243107dee)
2003-06-30removing old codeGerald Carter1-172/+0
(This used to be commit 80df684b72f273f9efc0c00646f26d17f1b4bc70)
2003-06-30* rename samstrict auth method to samGerald Carter6-137/+132
* rename original sam auth method to sam_ignoredomain * remove samstrict_dc auth method (now covered by 'sam') * fix wbinfo -a '...' and getent passwd bugs when running winbindd on a samba PDC (reported by Volker) (This used to be commit 52166faee793d337e045d64f7cb27ea7ac895f60)
2003-06-30fix for platforms that don't have unsetenv().Gerald Carter2-5/+9
we now have to check the value for _NO_WINBINDD. "1" enables, and != "1" disables (use "0" by convention). (This used to be commit 11eccaef1dc61d80a7db8d0fb4bc5a47d71a4390)
2003-06-30Add the 'guest' passdb backend automatically ifVolker Lendecke3-3/+28
guest account != "" Volker (This used to be commit 21d330af107f744af9569b5577afc6e7ba6a269c)
2003-06-30Yet more shadow variable warnings.Tim Potter1-3/+3
(This used to be commit b401e78b6eb7efa2af74a7e645c3b34091041769)
2003-06-30Fix more shadow variable warnings.Tim Potter1-20/+20
(This used to be commit 10c51bbef83dabd99f129fc7ff0e3fe47c393c67)
2003-06-30Fix shadow variable warnings.Tim Potter1-8/+8
(This used to be commit 5ffb8e0920be2da19ac3f442b9bf56c159011822)
2003-06-30- added LOCALE patch from vorlon@debian.org (Steve Langasek) (bug #122)Andrew Tridgell4-3/+42
- changed --enable-developer debug to use -gstabs as it makes the samba binaries about 10x smaller and is still quite functional for samba debugging (This used to be commit 53bfcd478a193d4def8da872e92d7ed8f46aa4b9)
2003-06-29Here's the code to make winbindd work on a Samba DCGerald Carter9-28/+108
to handle domain trusts. Jeremy and I talked about this and it's going in as working code. It keeps winbind clean and solves the trust problem with minimal changes. To summarize, there are 2 basic cases where the deadlock would occur. (1) lookuping up secondary groups for a user, and (2) get[gr|pw]nam() calls that fall through the NSS layer because they don't exist anywhere. o To handle case #1, we bypass winbindd in sys_getgrouplist() unless the username includes the 'winbind separator'. o Case #2 is handled by adding checks in winbindd to return failure if we are a DC and the domain matches our own. This code has been tested using basic share connections, domain logons, and with pam_winbind (both with and without 'winbind use default domain'). The 'trustdomain' auth module should work as well if an admin wants to manually create UNIX users for acounts in the trusted domains. Other misc fixes: * we need to fix check_ntlm_password() to be able to determine if an auth module is authoritative over a user (NT_STATUS_WRONG_PASSWORD, etc...). I worked around my specific situation, but this needs to be fixed. the winbindd auth module was causing delays. * fix named server mutex deadlock between trust domain auth module and winbindd looking up a uid * make sure SAM_ACCOUNT gets stored in the server_info struct for the _net_sam_logon() reply. Configuration details: The recommended method for supporting trusts is to use winbind. The gets us around some of the server mutex issues as well. * set 'files winbind' for passwd: and group: in /etc/nsswitch.conf * create domain trusts like normal * join winbind on the pdc to the Samba domain using 'net rpc join' * add normal parameters to smb.conf for winbind * set 'auth method = guest sam winbind' * start smbd, nmbd, & winbindd Problems that remain: * join a Windows 2k/XP box to a Samba domain. * create a 2-way trust between the Samba domain and an NT domain * logon to the windows client as a user from theh trusted domain * try to browse server in the trusted domain (or other workstations). an NT client seems to work ok, but 2k and XP either prompt for passwords or fail with errors. apparanently this never got tested since no one has ever been able to logon as a trusted user to a Samba domain from a Windows client. (This used to be commit f804b590f9dbf1f0147c06a0a2f12e221ae6fc3b)
2003-06-28add check for NT_STATUS_NOT_IMPLEMENTED in auth check so thatGerald Carter3-36/+50
map to guest = bad user works again when "trustdomain" is listed as last auth method. Also clean up some more DC location calls. (This used to be commit 77a5b1032f39b8d20925721b719fdcfff910cb06)
2003-06-28cleaning up after the s/in_addr/ip_service/ switch for the get_dc_list() patchGerald Carter1-6/+18
(This used to be commit 303fdc516c79b170d7c12fe2f6264d9636673347)
2003-06-27Some const correctness. Stop tdb being used as a remote backend. If anJeremy Allison10-95/+114
idmap backend is specified cause smbd to ask winbindd (use winbindd if you want a consistant remote backend solution). Should work well enough for next beta now... Jeremy. (This used to be commit 8f830c509af5976d988a30f0b0aee4ec61dd97a3)
2003-06-26Add include guards around idmap.h, change ID_NOMAP to ID_QUERY_ONLYJeremy Allison4-16/+38
and ID_CACHE to ID_CACHE_SAVE. Added locking around tdb writes & deletes for multi-process access. Jeremy. (This used to be commit 5b998cdc1d552234236862f6a2bbae703b0c146e)
2003-06-26As has been pointed out, ordering here doesn't matter so use normalJeremy Allison1-2/+2
add. Jeremy. (This used to be commit 030b35ca0fc9fe49610084c6c1be95241157564b)
2003-06-26Remove the MODULES_CLEAN variable. It's no longer necessary sinceJelmer Vernooij3-5/+2
object files for modules are in .po files, while object files for static use are in .o files. Pointed out by metze. This reduces the number of files that have to be recompiled after the Makefile changes. Preventing unnecessary recompiling of the other few is high on my todo list. (This used to be commit b9b46d43c7c39d6738c254c4a148bdb93cae02e3)
2003-06-26Move up intialisation of logging, so we catch errors in handling 'preload ↵Jelmer Vernooij1-4/+4
modules' (This used to be commit 13b81d0d92b9e28eaab18f5437060e79f6075f9e)
2003-06-26Document name resolve order suggested settings for security=ads as mentioned ↵Alexander Bokovoy1-1/+7
by Jerry (This used to be commit 0413385feb71e15c9b2f331417ce24c985f1fe8d)
2003-06-26cleaning up more build issues. TestedGerald Carter2-17/+19
"--with-ads=no --with-ldap=yes" and "--with-ads=yes && make everything" (This used to be commit 3e9e4bb7d1a2f5a95539f415aa101f033b67932a)
2003-06-26Fix immediate bug where the idmap can't tell the difference between an entryJeremy Allison2-17/+32
not being present (and so allocate another) and an entry that is present but of the wrong type. This code still has major problems... Jeremy. (This used to be commit a304bc5ff134df118754d9e8d2b2680b4101e438)
2003-06-25Add netlogon debug registry key infoJelmer Vernooij1-0/+19
(This used to be commit ffaddd8202aeb7a442aa565e19a76a5f407c9f91)
2003-06-25fix linking of some things that are not built by defaultGerald Carter1-14/+14
(This used to be commit 42133092a40e7979b29c8cc82c662d54bc399e6e)
2003-06-25ifdef out some functions that are not used when HAVE_ADS is not definedGerald Carter1-1/+1
(This used to be commit 2d192e0431c7b754cf9db2306acb01fbe4068a14)
2003-06-25fix build on non-ldap platformsGerald Carter1-0/+3
(This used to be commit a59ea1d6d32337226f6099eefd19681fb28279c0)
2003-06-25Ensure idmap backends are added in the correct order (DLIST_ADD putsJeremy Allison3-8/+26
things at the *front* of the list). Add more debug. Still broken.. :-(. Jeremy. (This used to be commit dd9251e6f51f229ca1fab23d9b06f5bb68644fab)
2003-06-25* fix typos in a few debug statementsGerald Carter3-5/+11
* check negative connection cache before ads_try_connect() in ads_find_dc() (This used to be commit 2a76101a3a31f5fca2f444b25e3f0486f7ef406f)
2003-06-25forgot one fileGerald Carter1-0/+158
(This used to be commit ef978bd851431da373e005177504dbef2611cf4f)
2003-06-25large change:Gerald Carter24-767/+533
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-25Patch to move functions directly from pdb_ldap.c into lib/smbldap.cAndrew Bartlett4-738/+763
The functions are unchanged. Next step is to make idmap_ldap use them. Andrew Bartlett (This used to be commit 57617a0f8c84f9ced4df2901811ce5a5a5ae005e)
2003-06-25Metze assures me that this will fix Heimdal et al.Tim Potter1-1/+1
I think the lesson to take away here is that refactoring configure.in is a hazardous task and should only be attempted if you have a lot of time and patience! (This used to be commit 5ba121ac9d75de72261521cb1066ed585b68c307)
2003-06-25Fix a warning in a DEBUGVolker Lendecke1-12/+12
Clean up the init a little bit, less nested if-statements. Agreed upon with Simo. Volker (This used to be commit fdcfefd7f1be55307ccd59290efd249981198e1e)