Age | Commit message (Collapse) | Author | Files | Lines |
|
<a.bokovoy@sam-solutions.net>.
The idea is the domain\username is rather harsh for unix systems - people don't
expect to have to FTP, SSH and (in particular) e-mail with a username like
that.
This 'corrects' that - but is not without its own problems.
As you can see from the changes to files like username.c and wb_client.c (smbd's
winbind client code) a lot of assumptions are made in a lot of places about
lp_winbind_seperator determining a users's status as a domain or local user.
The main change I will shortly be making is to investigate and kill off
winbind_initgroups() - as far as I know it was a workaround for an old bug in
winbind itself (and a bug in RH 5.2) and should no longer be relevent.
I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters
to determine a user/groups's 'local' status, rather than the presence of the
seperator.
As such, this functionality is recommended for servers providing unix services,
but is currently less than optimal for windows clients.
(TODO: remove all references to lp_winbind_seperator() and
lp_winbind_use_default_domain() from smbd)
Andrew Bartlett
(This used to be commit 07a21fcd2311d2d9b430b99303e3532a8c1159e4)
|
|
Jeremy.
(This used to be commit 85da18e46e607aa593b7c55f2c7eddd1c3769673)
|
|
<a.bokovoy@sam-solutions.net>
Jeremy.
(This used to be commit eb99e7f29c2d6041054331425cb245da86bedaa4)
|
|
we're not returning what the client gave us.
Jeremy.
(This used to be commit 9a969069f132019cdd8a11be2b00356a3f09b64d)
|
|
Jeremy.
(This used to be commit 6deb4caca5b45f87be84032fe0588db8d73b901a)
|
|
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps
them around for a long time - often past the next call...
This adds a getpwnam_alloc and a getpwuid_alloc to the collection.
These function as expected, returning a malloced structure that can be
free()ed with passwd_free(&passwd).
This patch also cuts down on the number of calls to getpwnam - mostly by
taking advantage of the fact that the passdb interface is already
case-insensiteve.
With this patch most of the recursive cases have been removed (that I know
of) and the problems are reduced further by not using the sys_ interface
in the new code. This means that pointers to the cache won't be affected.
(This is a tempoary HACK, I intend to kill the password cache entirly).
The only change I'm a little worried about is the change to
rpc_server/srv_samr_nt.c for private groups. In this case we are getting
groups from the new group mapping DB. Do we still need to check for private
groups? I've toned down the check to a case sensitve match with the new code,
but we might be able to kill it entirly.
I've also added a make_modifyable_passwd() function, that copies a passwd
struct into the form that the old sys_getpw* code provided. As far as I can
tell this is only actually used in the pass_check.c crazies, where I moved
the final 'special case' for shadow passwords (out of _Get_Pwnam()).
The matching case for getpwent() is dealt with already, in lib/util_getent.c
Also included in here is a small change to register the [homes] share at vuid
creation rather than just in one varient of the session setup. (This picks
up the SPNEGO cases). The home directory is now stored on the vuid, and I
am hoping this might provide a saner way to do %H substitions.
TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change
the remaining sys_getpwnam() callers to use getpwnam_alloc() and move
Get_Pwnam to return an allocated struct.
Andrew Bartlett
(This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
|
|
to function again.
Add comment to warn anybody that wants to 'Alphabetize' the list to read crh's
existing comment on the issue.
Andrew Bartlett
(This used to be commit d123d79060caf3ad084e733dac02aa2f67bda35f)
|
|
(This used to be commit aca0edc819e892944c65b3feb60250994a79e88a)
|
|
(This used to be commit 967c68858001cd620d2524d56180497c4b479c6b)
|
|
(This used to be commit e675d34dbfe1435150faf5af4bb97f01d311f5b0)
|
|
(This used to be commit 4ab2a775438f4266d270c626a9ad547c97c4eb62)
|
|
(This used to be commit fb300e411bb385dcba2c3ca166598a71ed693b35)
|
|
oplocks and really shouldn't be used
(This used to be commit c3a83002cfc2e0b5158cae1898eda8bafcb41e48)
|
|
Jeremy.
(This used to be commit c1b97226db63daf64359e79083a4754e7c7f8054)
|
|
Jeremy.
(This used to be commit 0fcca6c627a5c9c2219ec9714df5e0bc1a44cc29)
|
|
-> NT STATUS
maps. Fixes problem with disk full returning incorrect error.
Jeremy.
(This used to be commit 16fcbf3c1ccf1d704765653f68395dd596c0d841)
|
|
Jeremy.
(This used to be commit 64301bc5f75283c948630d2b78d28e3869db39a2)
|
|
Jeremy.
(This used to be commit 794c3e2c76aae57d054e46b185def104ca02977c)
|
|
Jeremy.
(This used to be commit 4e41780c21d9a6c056104f952e720a79c830c65e)
|
|
HEAD soon.
Jeremy.
(This used to be commit 2f57257558b67b4a5106fece269ce55643464683)
|
|
and constness changes.
(This used to be commit cee0ec72746122c962e6c5278a736266a7f2c424)
|
|
(This used to be commit 1906903f063de526045be68d19cf39de3c029c6f)
|
|
(This used to be commit 7e876057d5e392f85e6fdb0f2c233b0fe76df688)
|
|
Just leave the fstrcpy/pstrcpy bugfix, and conversion to pstr_sprintf
rather than manual calculation of length.
(This used to be commit e38e7a2bdcf2901359035ac4aa79ebf33599e0c8)
|
|
(This used to be commit cfac669017afa763100e335d1516fbed18049e00)
|
|
(This used to be commit 4fcaec53de18220ff6662f62a1430f67757cdcc5)
|
|
Jeremy.
(This used to be commit adf24a90e8b4d970d71fa8a6854edcf6deff9688)
|
|
Anyway, this makes it slightly sane, but we may decide to smb_panic() here
instead.
Andrew Bartlett
(This used to be commit 724109a33bf2f06bcb97cdd31c0442c6035ff6a6)
|
|
example of the scope of change the new pstrings would entail:
basically inserting PSTR() or FSTR() everywhere you need to coerce one
to a char*.
It's also a good example of the kind of bug we might catch: on about
line 540, we were doing a pstrcpy into an fstring, which might
overflow. It's not a problem in this particular case, but it is in
general.
(This used to be commit 5a403da4a735a8fb8d118a0a67f3a15127152e18)
|
|
(This used to be commit 04e3082f7d45c1b304adff5a46106136cff0e09e)
|
|
(This used to be commit 20a03facb6acf6329acc1645d4e9ead863a1a57c)
|
|
(This used to be commit bf513668cb76fd20b04b8142c86c263280b05bb6)
|
|
(This used to be commit e0105974c06e210e7565555d4b673c484de32907)
|
|
after further testing in 2.2 branch.
(This used to be commit d5cdbc7e4ff48273bd7616694eef98c61e6f1f33)
|
|
(This used to be commit a61abaec063d00afe13ce0baa356245fb6e21bc0)
|
|
(This used to be commit 8d106dc1f4a51112516d72ae68747ca6b5b904b7)
|
|
Also set the default value of all the allocated strings to "" to avoid changing
the interface (becouse pdb_get...() would point to a null string, rather than a
null pointer and parts of samba rely on that).
Andrew Bartlett
(This used to be commit 5b4079f748e25f21162e21b439063249baf8dca6)
|
|
These strings are allocated using talloc(), either using its own memory context
stored on the SAM_ACCOUNT or one supplied by the caller.
The pdb_init_sam() and pdb_free_sam() function have been modifed so that a call
to pdb_free_sam() will either clean up (remove hashes from memory) and destroy
the TALLOC_CTX or just clean up depending on who supplied it.
The pdb_init_sam and pdb_free_sam functions now also return an NTSTATUS, and I
have modified the 3 places that actually checked these returns.
The only nasty thing about this patch is the small measure needed to maintin
interface compatability - strings set to NULL are actually set to "".
This is becouse there are too many places in Samba that do strlen() on these
strings without checking if they are NULL pointers.
A supp patch will follow to set all strings to "" in pdb_default_sam().
Andrew Bartlett
(This used to be commit 144345b41d39a6f68d01f62b7aee64ca0d328085)
|
|
(This used to be commit d6bd9f1005496753333c3d8dec5e1a8069f1ce7b)
|
|
screen-full of kerberos warnings.
This is almost as good, and I can actually see the Samba warnings.
Andrew Bartlett
(This used to be commit 35a6275e186cbd7b1f2190265b47112f1d082c06)
|
|
memory.
The winbind connection caching code isn't exactly a plesent beast, and there is
more work that needs to be done to nail this properly.
Andrew Bartlett
(This used to be commit dd40ce54b7f170854d63e08ac737f1b4306bd95b)
|
|
This occured when the attempt to contact the PDC failed. The connection code
has already shut down the connection, and 'free'ed the cli or has never
initialised it in the first place.
Andrew Bartlett
(This used to be commit 37ce7630434c1afae5164c64438f428dd8e1b731)
|
|
of the connections db on smbd startup. This should fix the Solaris large
load bug.... (fingers crossed).
Jeremy.
(This used to be commit 5b2b9c25af28543e67762805d1387524cbb6c39d)
|
|
otherwise all the memory will be seen as still reachable.
(This used to be commit 682e7cd394c1e1cc9a83f7e8e5e3694e083946c4)
|
|
(This used to be commit 312c6d906e64d231ff3c2f37e61d752cc948ee7b)
|
|
If you define this, pstring and fstring become distinguished types, so
that it's harder to accidentally overflow them by for example passing
an fstring on the lhs of pstrcpy.
The types are defined as one-element union arrays so that with
"fstring f" the name "f" will be a pointer and with a big hammer you
can cast it to (char *). So code that tries to just use it directly
will get a loud warning, but hopefully nothing worse.
To pass them to non-pstring-aware functions, use PSTR and check that
the function takes a const. They should almost never be modified
except by special calls. In those unusual cases, use PSTR_MUTABLE.
This is off by default so as not to produce too many warnings. As the
code is vetted it can become the default.
(This used to be commit ca233bc8b30d7d0626039b2769c4e1ae92dafd50)
|
|
functions.
(This used to be commit e69a22290e5c923f31223906461df4874e3b2aac)
|
|
(This used to be commit 7417d6f9310188d2ad3d8f41d3dcbe55862c72ac)
|
|
contents...
Andrew Bartlett
(This used to be commit e20d69d51862ea3fd5a7317a9592bd4dc6e68bfd)
|
|
(This used to be commit d09616da6823b69a03a8a008987c4eb02ca0061b)
|