Age | Commit message (Collapse) | Author | Files | Lines |
|
The intention is to remove the muliple passdb backends, but we need the
'guest' account to always be there. If the admin adds the guest account to
(say) LDAP, there will only be one backend required for operation.
This helps remove some nasty behaviours with adding accounts to the system
for both the RPC 'create user' and the SAMSYNC code. Users 'added' with
an 'add user/machine' script won't magicly appear, and machine accounts
'pre-added' to unix, but not the smbpasswd file will not cause mayhem.
This commit also implements somthing tridge discussed with me, the concept
of 'default' passdb operation pointers - so that each backend does not
need it's own stub funcitons wrapping the default tdb privilages/group
mapping code.
This also removes an implicit 'sid->name' and 'name->sid' mapping from our
own local SID space, to winbind usernames. When adding mapping for NIS/LDAP
non-sam users in future, we need to be careful.
Andrew Bartlett
(This used to be commit 6f32fa234961a525760a05418a08ec48d22d7617)
|
|
(This used to be commit 3805a9c5d5e98e089e1cd9e794f7204fc354a311)
|
|
This patch adds the architecture for an IDMAP backend system including a new
smb.conf parameter "winbind backend". Right now, the only valid value is "tdb"
but I'm currently working on an LDAP backend.
(This used to be commit 35e4448dcb2deb0d5d34d9e974a49f2fb31f1356)
|
|
(pdbedit already has a -V option..)
(This used to be commit 5de622968d95c1436dbd34edc8d0a9bbff68916b)
|
|
(This used to be commit 8d166ae093655a5a14a7478c7a84474b43e8ee97)
|
|
and vfstest.
(This used to be commit bcbc2213230e95d732a774b5aee67295fba4380b)
|
|
(This used to be commit 651be759b3db98133feb6fe8c578964ec7b5cf71)
|
|
(This used to be commit ba25db83f241a28200132f3dc52f7f5f93a3b00e)
|
|
users w/o full administrative access on computer accounts to join a
computer into AD domain.
The patch and detailed changelog is available at:
http://www.itcollege.ee/~aandreim/samba
This is a list of changes in general:
1. When creating machine account do not fail if SD cannot be changed.
setting SD is not mandatory and join will work perfectly without it.
2. Implement KPASSWD CHANGEPW protocol for changing trust password so
machine account does not need to have reset password right for itself.
3. Command line utilities no longer interfere with user's existing
kerberos ticket cache.
4. Command line utilities can do kerberos authentication even if
username is specified (-U). Initial TGT will be requested in this case.
I've modified the patch to share the kinit code, rather than copying it,
and updated it to current CVS. The other change included in the original patch
(local realms) has been left out for now.
Andrew Bartlett
(This used to be commit ce52f1c2ed4d3ddafe8ae6258c90b90fa434fe43)
|
|
of libsmb.
Andrew Bartlett
(This used to be commit b5ec7efa80478187124c1cfa8c7fcc4036506a37)
|
|
(This used to be commit b44be1c7c4b8c7a8c1d35fe8b24aeff0ff0af32b)
|
|
hooked into pdb, and we need some access control on changing privileges. That's next
(This used to be commit f4f1f84a6bf1d356ccc83f0ecb135bef4a39619e)
|
|
(This used to be commit fa4961b1fc9f0ab2a1c32c56c6200d86a61093c9)
|
|
(This used to be commit cf167e9249fee0ea871c0dac28e9a21aeeebd614)
|
|
Andrew Bartlett
(This used to be commit f364921864bf4c33580c432f0d328c7ffc48a7df)
|
|
Perhaps this generated file should be autobuilt on samba.org for the
build farm and the tarballs.
Andrew Bartlett
(This used to be commit b8a07da68053b3eebb4f8c9ca9e620a67c878d15)
|
|
(This used to be commit d2fe7e38b287b87d6c76a9b73724118928941e93)
|
|
(This used to be commit 9f3525967d3a55a0156544733a1e83711bf4be78)
|
|
support shared libraries
(This used to be commit f739a7263d9da6edc2ecba5b942253c22f7cb3f8)
|
|
(This used to be commit 58a7744f4abebfbf87b9050b98db25c51321defa)
|
|
(This used to be commit a96592fb69fdebc5abe97a0b46055bd1486e7b94)
|
|
I have not tested this in a GNU MAKE environment yet.
(This used to be commit 5e99472d5b68dc393a5468b8949c3ad962a239f7)
|
|
for instructions.
(This used to be commit d51e12df78ff8fc721d693fedbd1c633f39edd49)
|
|
Andrew Bartlett
(This used to be commit 9128aa3dd2f4bf4a21adac51be1da7c6380d23a0)
|
|
(This used to be commit dfeab6ff24e87e3459d28aa4bbaa5187505c199c)
|
|
eliminate the dependency on the auth subsystem. The next step is to add
the required code to 'ntlm_auth', for export to Squid etc.
Andrew Bartlett
(This used to be commit 9e48ab86da40e4c1cafa70c04fb9ebdcce23dfab)
|
|
This tries to extract our server-side code out of sessetup.c, and into a more
general lib. I hope this is only a temporay resting place - I indend to
refactor it again into an auth-subsystem independent lib, using callbacks.
Move some of our our NTLMSSP #defines into a new file, and add two that I found
in the COMsource docs - we seem to have a double-up, but I've verified from
traces that the NTLMSSP_TARGET_TYPE_{DOMAIN,SERVER} is real.
This code also copes with ASCII clients - not that we will ever see any here,
but I hope to use this for HTTP, were we can get them. Win2k authenticates
fine under forced ASCII, btw.
Tested with Win2k, NTLMv2 and Samba's smbclient.
Andrew Bartlett
(This used to be commit b6641badcbb2fb3bfec9d00a6466318203ea33e1)
|
|
(This used to be commit 0f8ba688d427febecfd94e02f1779f4a699a0df2)
|
|
(This used to be commit 63d057fc7880d2522202451288087306e8fa3806)
|
|
objects.
Andrew Bartlett
(This used to be commit 23abf75adef2f400414dfafa1248f5f886ae27c0)
|
|
make it fiddle with NT ACLs (or report no ACL, so Samba fakes it up).
The idea here is that Samba reports an NT ACL to Windows clients, which use
that ACL in downloaded profiles.
If the user doesn't have write permissions on the directories being downloaded,
then it cant put the subfolders in (yes, NT will set perms so that it can't
access the dir as the user the created it) and the profile download fails.
The current solution it to give the user unix write perms to the folders, but
this is rather dangerous - sombody could trojen the profile. This should
avoid that mess.
I'll test this out properly next week, but it works in vfstest (thanks idra!).
Andrew Bartlett
(This used to be commit 1ad782282a3eb4f89c489a77ad8404099d41d0f9)
|
|
(This used to be commit 773e5af6eb61fc38f8e45ea0a2afd6922cc71fd5)
|
|
introduce genparser will be used by tdbsam2
(This used to be commit 831d3d1ec751f23481f26b31d22b09f3d9c0709a)
|
|
server = DC1 *
(This used to be commit 6b18ca9511ddcf1718f222af3f61491d1e5f3b60)
|
|
Fix a couple of duplicated macros.
(This used to be commit 5273844a748230f710d860e33bdcde1c0b1e6c6f)
|
|
Less Fir needed.
(This used to be commit 481fa87154a15eebd5a59ac4de9912fa932a42e7)
|
|
strncpy() to make it clear that we must operate on a PATH_MAX sized buffer.
Andrew Bartlett
(This used to be commit 49d9698ef08d66dc238b2e3469da8944b444dfa1)
|
|
Andrew Bartlett
(This used to be commit 3f5608c7e0175184fa599176178d391d54087b3d)
|
|
(This used to be commit f5fa4801ceb56b21facccb382db09165936df319)
|
|
some issues in the new module system have been resolved)
(This used to be commit 5b4d03fc8549696baebc0b4417582203ad7ba88e)
|
|
(This used to be commit 3d0735e6b03ae77af42135a7f1aebb4206ae6655)
|
|
(This used to be commit 1cf0cfa1b7f00946c439b2b1a30ab3981df4a459)
|
|
cache code.
This uses gencache, mimir's new caching code that stores at text-based cache
of various data.
Mimir has done a *lot* of work on this patch, and it is finally time to
get it in CVS.
Andrew Bartlett
(This used to be commit 47f3bfe9564e7f3aff60cefaefd599e0abb30a31)
|
|
* fixing change notify on print server handle
* adding change notify support into smbcontrol for sending comment
changes, etc...
All part of CR 1159/1160
(This used to be commit 256d8c27cdc6f802f3bfba44593b07014f6ae10a)
|
|
don't build any extra programs.
(This used to be commit 9bac0b72774fe0c05956065a34ef48c05a7acaad)
|
|
authentication code.
In particular, ntlm_auth is designed to replace the winbind authentication
'helpers' currently supplied by Squid. I have added support for the current
plaintext password protocol used by Squid, and will add the real guts (NTLMSSP
support) shortly.
I'll merge this into 3.0 when I've got the interface more stable (error message
format etc) and got the important NTLMSSP support added.
Also move SWAT's URL decoding code into util_str.c, for use in both utilities.
Andrew Bartlett
(This used to be commit 82dbf838879e8a2d2d3f9dd5be6eda50b780b787)
|
|
now combined all the ad-hoc AC_SUBST variables into three generalised
ones:
EXTRA_BIN_PROGS Additional programs to install in ${prefix}/sbin
EXTRA_SBIN_PROGS Additional programs to install in ${prefix}/bin
EXTRA_ALL_TARGETS Additional targets to build by default
SHLIB_PROGS Shared library objects (pam, winbind) to build
We also build some extra stuff by default: the python extensions (if
--with-python specified), smbmount related binaries (if
--with-smbmount specified), and the samba torture suite.
The idea behind this is to have everything that is configured built by
default to detect breakage as soon as possible when people make low
level changes.
(This used to be commit d6dfe3ea69d4672339559389c6fb16e78a9152b0)
|
|
(This used to be commit 2addbaff358993923a58ad3845c63168678c2c21)
|
|
which we can use to link against Samba unit test programs. Now we can
compile and link unit tests without having to create 4MB executables
for each program
It's called libbigballofmud.so both to discourage casual usage and
also to reflect what the dependencies within Samba have become.
(This used to be commit a59f731256f3a1c09f32452de9483b44088c942b)
|
|
(This used to be commit 85946731dd8bc60d0f71fe7ffa6756bd3bcbbf67)
|