summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2003-07-09Get rid of DISP_USER_INFO/DISP_GROUP_INFO as they serve no usefulJeremy Allison4-40/+31
purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries. ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX functions fail. Getting ready to add caching. Jeremy. (This used to be commit 9d0692a54fe2cb087f25796ec2ab5e1d8433e388)
2003-07-09Fix up become_root/unbecome_root pairs needed around local passdbJeremy Allison1-3/+17
lookups. Jeremy. (This used to be commit 6bd47884030c9c124c4bba1f0d57cb8dd916530d)
2003-07-09Ensure we correctly test for errors in uid/gid_to sid.Jeremy Allison1-15/+14
Jeremy. (This used to be commit f3c2e73a8c1c592d407542c12c0a445103415bc0)
2003-07-08Moved SAM_ACCOUNT marshall/unmarshall functions to make them externallyJeremy Allison5-408/+443
available. Removed extra auth_init (thanks metze). Jeremy. (This used to be commit 88135fbc4998c266052647f8b8e437ac01cf50ae)
2003-07-08standlone servers don't have any trusted domainsGerald Carter1-0/+5
(This used to be commit 4acdfc5c944aa8830d6cec7bd1225200448e45c5)
2003-07-08fix bone head mistake when setting the uid in the server_info struct.Gerald Carter1-11/+3
(This used to be commit 43f21078ec0f885d4d1a0b90476b55f8f92de9e7)
2003-07-08Initialise the uid and gid values to a safe default in make_server_info()Tim Potter1-0/+8
(This used to be commit 3a1f4f5ea5379b0deb6dc6b8ed81dedc3a08f70e)
2003-07-08fix some formattingGerald Carter1-25/+24
(This used to be commit fca08b1c8766ef1961a9dedc127224249cac9543)
2003-07-08fix temporary bug so people can test 3.0 again; make sure to initialize the ↵Gerald Carter1-1/+2
uid for the server_info struct (This used to be commit 6a84297da53e8658f4bcfa4951ceed011b69201f)
2003-07-08Spelling.Tim Potter1-1/+1
(This used to be commit a9a3339b2d99dcb64b675b27255d4aa5959a1caf)
2003-07-07Fix spotted by Nadav Danieli <nadavd@exanet.com> - ensure dev and inodeJeremy Allison1-0/+10
to fix open mode race condition. Jeremy. (This used to be commit cbde1c8dfcd9d3bef956fe073e7108a54b48844b)
2003-07-07Fix the build...Jeremy Allison1-2/+1
Jeremy. (This used to be commit 61e9c49cd67e73260738ca2482aa8f8dc5ce7366)
2003-07-07Fix from MORIYAMA Masayuki <msyk@mtg.biglobe.ne.jp> for new MB statcacheJeremy Allison1-7/+9
code. Bug #185. Jeremy. (This used to be commit 7a1ac7be42dfb90fd44f2c51810eedcea052386b)
2003-07-07another compile fixGerald Carter1-1/+1
(This used to be commit 8b52802e5d27bfc2d9dff2f4700e182c33f2b130)
2003-07-07fix some compile problems. Can't get IDMAP_OBJ our of proto.hGerald Carter2-6/+8
just yet. ` (This used to be commit 6f0b5d474a051db512db2f73a8097c80964ec513)
2003-07-07Cleaning up linking issues. sam/idmap*.c only links inGerald Carter6-305/+134
winbindd now. Also removing an unused file. (This used to be commit 688369c23c604e9b6654fcf07190d2e27c1138cf)
2003-07-07Fixed a couple of const issues with the new code.Jeremy Allison2-3/+3
Jeremy. (This used to be commit e9fb6e45086a6170b6f6d5d3295398708ab1af58)
2003-07-07temporarily disable a sanity check to prevent winbindd from deadlockingGerald Carter1-1/+3
on a Samba PDC. Will be re-enabled after winbind_passdb is done. (This used to be commit c4762aa3bc0d5d2dc5161b543b22808a369e0698)
2003-07-07and so it begins....Gerald Carter21-277/+874
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-07-07Call the synchronous version of the ldap delete function otherwise we end upTim Potter1-1/+1
treating the returned message id as an error code. (This used to be commit 42fdcef324d7a04e69c0078482e1a6b8a67ade94)
2003-07-06Adding profile acls man entry for smb.conf.5John Terpstra1-0/+33
(This used to be commit 80709d4304a02ca99853df009c5641e65b0ab12b)
2003-07-06Fix ldapsam_getsampwsid to correctly only say 'no such user' when indeed thereAndrew Bartlett1-13/+13
is no such user... Thanks to jerry for spotting this. Also clean up the function a bit, to avoid this happening again... Andrew Bartlett (This used to be commit d9a6859e2bd963f28cf3c3a62e483e868822597f)
2003-07-06This changes our Unix primary GID behaviour back to what most people expect:Andrew Bartlett3-10/+7
Samba will now use the user's UNIX primary group, as the primary group when dealing with the filesystem. The NT primary group is ignored in unix. For the NT_TOKEN, the primary group is the NT priamry group, and the unix primary group is added to the NT_TOKEN as a supplementary group. This should fix bug #109, but will need to be revisited when we get a full NT group database. Also in this commit: - Fix debug statements in service.c - Make idmap_ldap show if it's adding, or modifying an existing DN - Make idmap_ldap show both the error message and error string (This used to be commit 32e455a714b2090fcfd1f6d73daccf600c15d51b)
2003-07-05This parameter is unused.Andrew Bartlett2-16/+0
Andrew Bartlett (This used to be commit 3dd767841666068a1b32c71b03a8e7bc797087be)
2003-07-05Fix commentAndrew Bartlett1-1/+1
(This used to be commit f7bf48114cec83a3f3107cce2b413221276a486d)
2003-07-05Add some debug statments to our vampire code - try to make it easier to trackAndrew Bartlett7-13/+48
down failures. Add a 'auto-add on modify' feature to guestsam Fix some segfault bugs on no-op idmap modifications, and on new idmappings that do not have a DN to tack onto. Make the 'private data' a bit more robust. Andrew Bartlett (This used to be commit 6c48309cda9538da5a32f3d88a7bb9c413ae9e8e)
2003-07-05Fixes to our LDAP/vampire codepaths:Andrew Bartlett7-48/+123
- Try better to add the appropriate mapping between UID and SIDs, based on Get_Pwnam() - Look for previous users (lookup by SID) and correctly modify the existing entry in that case - Map the root user to the Admin SID as a 'well known user' - Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update' call on that user. This means that VL's very nice work on atomic LDAP updates now really gets used properly! - This also means that we know the right DN to update, without the extra round-trips to the server. Andrew Bartlett (This used to be commit c7118cb31dac24db3b762fe68ce655b17ea102e0)
2003-07-05PAM should operate on the Unix username, not the NT username (which might notAndrew Bartlett1-6/+6
have the domain\ qualification). Andrew Bartlett (This used to be commit 7cfa1e7c4abee10fe8c75e36aee68ee9f557656e)
2003-07-05Allow modification of an existing entry.Andrew Bartlett1-15/+36
We still have a lot of work to do to allow this in quite the same way as we have in the TDB, but it certainly is getting closer. Andrew Bartlett (This used to be commit b9ef4e138843e3a9d1157e197de0964daf29f0dd)
2003-07-05Fix typosJelmer Vernooij2-3/+3
(This used to be commit 1a6cdbddbd008c9fe5255ed29871f9a3172fec6b)
2003-07-05Update from Andrew Bartlett with documentation forJelmer Vernooij2-0/+54
'client lanman auth' and 'client ntlmv2 auth' (This used to be commit 60f0934a6dc7a34dad42ba86744a1e3426e99967)
2003-07-05Clear up the difference between 'smb signing' and 'sign&seal' - which has toAndrew Bartlett1-3/+3
this point referred to schannel. Andrew Bartlett (This used to be commit b67479076ddf0c51bc7e319d7fc91a5da52eb8bf)
2003-07-04Add smb_event_id to list of return types (patch from metze)Jelmer Vernooij1-1/+1
(This used to be commit 95c4c801fe80a4d8fce366e63b7f92cbf24930e5)
2003-07-04More conversions I missed. Thanks metze.Jeremy Allison3-7/+7
Jeremy. (This used to be commit 4f78d747e66b38edcd2a5754681f9a01aeaf7864)
2003-07-04Fixed strlower changes I missed. Pointed out by metze.Jeremy Allison2-4/+4
Jeremy (This used to be commit da5ee2b765fc321b14e92eb27bde8ec8930b61d4)
2003-07-04Don't allow RIDs (in our domain) below 1000 (or algorithmic rid base) to beAndrew Bartlett1-0/+5
mapped with the rid algorithm. Instead, a uid/gid from the UID/GID range will be allocated for this RID. Andrew Bartlett (This used to be commit 68245e9cfae9a8cb663503301c21498dd9a3a560)
2003-07-04Update WHATSNEW with the further LDAP schema changes in previous commit.Andrew Bartlett1-3/+5
Andrew Bartlett (This used to be commit 81f84cc57fb39cc8d5edf8cf1005159c67031142)
2003-07-04This patch cleans up some of our ldap code, for better behaviour:Andrew Bartlett9-994/+745
We now always read the Domain SID out of LDAP. If the local secrets.tdb is ever different to LDAP, it is overwritten out of LDAP. We also store the 'algorithmic rid base' into LDAP, and assert if it changes. (This ensures cross-host synchronisation, and allows for possible integration with idmap). If we fail to read/add the domain entry, we just fallback to the old behaviour. We always use an existing DN when adding IDMAP entries to LDAP, unless no suitable entry is available. This means that a user's posixAccount will have a SID added to it, or a user's sambaSamAccount will have a UID added. Where we cannot us an existing DN, we use 'sambaSid=S-x-y-z,....' as the DN. The code now allows modifications to the ID mapping in many cases. Likewise, we now check more carefully when adding new user entires to LDAP, to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount onto the idmap entry for that user, if it is already established (ensuring we do not duplicate sambaSid entries in the directory). The allocated UID code has been expanded to take into account the space between '1000 - algorithmic rid base'. This much better fits into what an NT4 does - allocating in the bottom part of the RID range. On the code cleanup side of things, we now share as much code as possible between idmap_ldap and pdb_ldap. We also no longer use the race-prone 'enumerate all users' method for finding the next RID to allocate. Instead, we just start at the bottom of the range, and increment again if the user already exists. The first time this is run, it may well take a long time, but next time will just be able to use the next Rid. Thanks to metze and AB for double-checking parts of this. Andrew Bartlett (This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e)
2003-07-04Fix memleak in groupdb. Spotted by MetzeAlexander Bokovoy1-1/+1
(This used to be commit 5280c6953195c2664628ecaab59ea82b4863e8f7)
2003-07-04Display libraries detected by configure but before configureTim Potter1-0/+12
summary as suggested by abartlet. (This used to be commit 7b2c6181b17a0d62043569ffa49cdf6c5b0b6859)
2003-07-04Debian updates.Eloy Paris1-0/+11
(This used to be commit c14fca49e99395c064b0365e902dd97119974bb6)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison56-280/+268
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-07-03Fix for bug #199 (xp driver uploads). Needed to supportGerald Carter1-6/+14
the "OSVersion" print server data value. (This used to be commit 02bc7be1ac6b75bf6559ea684bbc89ab3e19402e)
2003-07-03fix for bug #200. flush connections if the machine trsut accountGerald Carter1-1/+31
changed underneath us. (This used to be commit 6a1ad1ded1d619394ed4ca9e05fdffaa3b902b3b)
2003-07-03Missed this in the previous patch - we now have a seperate idea of theAndrew Bartlett1-1/+1
'unix username' from the NT username, in the auth subsystem at least. Andrew Bartlett (This used to be commit df1aa2a669edc9f26007595411720742d7dff5d9)
2003-07-03This patch takes the work the jerry did for beta2, and generalises it:Andrew Bartlett11-64/+97
- The 'not implmented' checks are now done by all auth modules - the ntdomain/trustdomain/winbind modules are more presise as to what domain names they can and cannot handle - The become_root() calls are now around the winbind pipe opening only, not the entire auth call - The unix username is kept seperate from the NT username, removing the need for 'clean off the domain\' in parse_net.c - All sid->uid translations are now validated with getpwuid() to put a very basic stop to logins with 'half deleted' accounts. Andrew Bartlett (This used to be commit 85f88191b9927cc434645ef4c1eaf5ec0e8af2ec)
2003-07-03Some fixes for ads printer publish:Tim Potter1-6/+26
- check error return for cli_full_connection() when trying to obtain printer data - check error return on ads_find_machine_acct() - Minor reformatting to separate fetching printer data from publishing it (This used to be commit 94fe3b2cdfa67c9d74edc00a436b5eacbf3e0dc4)
2003-07-03Implemented 'net ads printer search' which searches the directory forTim Potter2-1/+46
published printers. At the moment we don't search using any parameters but this can be fixed by changing the LDAP search string. Also we should contact the global catalog at SRV _gc._tcp instead of the ldap server we get back from ads_startup(). (This used to be commit 814519c5de7f962623163b732c8589abd355d845)
2003-07-03fix bug #190; WINS server was getting marked as dead when it was not.Gerald Carter1-2/+14
(This used to be commit fa354f3ceefe53bdfd4f543559041d337b75613f)
2003-07-03Fix bug in doxygen comments for ads search functions.Tim Potter1-4/+4
(This used to be commit ae6c05ea726da13fc1a18398d1ffe56f34e1edb9)