Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit dc3fb2e6dcd92efd7468bd8121fbc49e3dadb8ea)
|
|
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
|
|
screen-full of kerberos warnings.
This is almost as good, and I can actually see the Samba warnings.
Andrew Bartlett
(This used to be commit 35a6275e186cbd7b1f2190265b47112f1d082c06)
|
|
Jeremy.
(This used to be commit ee8c8add7f83d7a794546769c59c85ef8bb5b89a)
|
|
Jeremy
(This used to be commit 6210d4aa196c944e47076e316980f76ac9c6b02d)
|
|
the specifies the units that st_blocks is in. The reason for this is
that HPUX uses 8k, AIX uses a #defined constant and everyone else (tm)
uses 512 byte units.
Needed for the CIFS UNIX extensions - coming to a Samba server near
you soon.... :-).
Jeremy.
(This used to be commit 38cfffea5f0d7f5ff676f83204a2923247dce9d5)
|
|
Also more insertion of parenthesis to handle struct members called
'free'.
You can now get useful dmalloc output, as long as it is compatible
with your C library. On RH7.1 it looks like you have to rebuild
dmalloc to allow free(0) by default, because something in libcrypt
does that. (sigh)
(This used to be commit 391cbb690196537c8b6292b42c2e27408cc7e249)
|
|
like strcat
(This used to be commit fb8ab69b6f638c41d734282488be91d85b4ec057)
|
|
- allow winbindd and wbinfo to build without shared libraries
(This used to be commit d5db2518be8458f24f66eaa17434504b994ebb9a)
|
|
- don't attempt to build winbindd if we can't do shared libs
(This used to be commit c98158f3f818118fb13cc7ae6f45634204343b46)
|
|
(This used to be commit dfcc97a15837e2d13561e023ad5a7532faa441b8)
|
|
(This used to be commit ee6d33a8db2afc43c8784f2e43572ae8959126e5)
|
|
(This used to be commit 8143052e6917d4ae774192ed463ea7359cf0a5fb)
|
|
works
(This used to be commit 3aeefbca4f272f57e83e753177ee6e8157b2dbd5)
|
|
(This used to be commit c4d928e55fe99a3a1c4e53508a44949f92d74219)
|
|
We now include the libber.h file if required, but currently we just don't use
ldap. (I'll chase this up).
In the meantime, I've moved the ads_status code about, its now in its own file,
and has a couple of #ifdefs to allow smbd to link - becouse the lack of LDAP
caused HAVE_ADS to be undefined. (I hope its not too ugly).
Andrew Bartlett
(This used to be commit 14407c87e2dcccae1784290e3eb7a2d611516aff)
|
|
signal management.
Jeremy.
(This used to be commit fffae94dd5699f44c0b1c8081587deafd89b3fc0)
|
|
(This used to be commit 20c5f042e3bb79ff96a993c70b843908dcfafb65)
|
|
(This used to be commit 831f25a9a7ef3f5481c531b3a5ff514fa8b6d81e)
|
|
It's not as strong as Insure, but it's free, reasonably efficient and
works on every platform.
(This used to be commit e76d27fcdb33df5212ca5b0ce53c77ed8ca58906)
|
|
nsswitch code uses vsyslog without checking for it.
Provide replacement for vsyslog in lib/snprintf if not found by configure.
Jeremy.
(This used to be commit ab2e55cdb376d6699c9a09fac243fba7d3840447)
|
|
Jeremy.
(This used to be commit 6d03184f8c039ad81de47b5f3bde7dac5b2815ad)
|
|
Jeremy.
(This used to be commit 064a3e0fc406d5ab408da0fbfbf68c89ce8defdd)
|
|
(This used to be commit 564bfd77287b3006c7246065990ca9b91f79826a)
|
|
working on RedHat systems because of /usr/kerberos install location.
(This used to be commit 55d55e311e67ea75e13c4a81fe3033b43bed38ca)
|
|
(This used to be commit d7853d993796a3f5baea26933cb0e65651c2e605)
|
|
(This used to be commit 838fbac7a086ff82498c3f0ba95b714123a7428c)
|
|
cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm
(This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)
|
|
don't set WINBIND variables unless configure was run --with-winbind
(This used to be commit 83ec4c0f4dbfa43c893f18af1c6bb58c55043c9b)
|
|
paths. This make it hard to use a script that overrides CFLAGS options.
(This used to be commit 646b5ae752f7cd00e057d0d7cc6001161125fd3f)
|
|
(This used to be commit 93a652b705e99df6cd493eacb1a8a61a3a2b82f7)
|
|
Jeremy.
(This used to be commit ce099faf6ce07e14bd9610960bd09f56c5bee864)
|
|
behaviour no matter if kerberos was found automatically, found in the
/usr/kerberos path or was specified.
(This used to be commit 4e212f728c429b986bb3e2230fbc9cd4bcf6dd40)
|
|
the configure test uses the CPPFLAGS when checking that krb5.h exists
(This used to be commit 1e4fc749ad17114ac715c8ab833ef1d50dd318da)
|
|
this was causing the kerberos stuff to fail compilation on several
platforms
(This used to be commit 17e2f3897374c76dd66b21fdcd93c3a04671f4ce)
|
|
(This used to be commit 0120dea7f0a799ed5cf43179462973e7a9a01bd3)
|
|
(This used to be commit d7216424d94ee89e1760596c8f87d1883f369771)
|
|
(This used to be commit c7f611691941ca92f57665e19d6e46b161599427)
|
|
this is only to get the cast right, but it might help with other parts
of the API that changed later.
(This used to be commit b792c9317ab62fe407de34ed811cc883a7652cc4)
|
|
Jeremy.
(This used to be commit d70674312d8b98367ccdbbc12fe880f9f539d258)
|
|
Remove unused old file.
Test 42 byte reply to SMBntcreate (W2K does this).
Jeremy.
(This used to be commit a55a63a4ca55602ad9221af17c0bc8e185536433)
|
|
Jeremy.
(This used to be commit b14ac75666939b4f98213719ce7bc72fa9d37ce4)
|
|
(This used to be commit 87d27265a501da2aab04f655a6a086f2eead000d)
|
|
This should remove some confusion from the ./configure, but does not affect the
'real' kerberos support currently residing in smbd/sesssetup.c.
This code is vunerable to a spoofed KDC, and is best replaced by --with-pam and
the pam_krb5 module. This module includes measures to prevent such spoofing.
Andrew Bartlett
(This used to be commit 3235880b41ee5dd5ef171195489fb9254f5d89b0)
|
|
(This used to be commit 2cd33e88eb5ed88da90ddfd50a1ec96a2053479a)
|
|
(This used to be commit df34e11d84a6fe89dc6654eb10de0a49383e1dea)
|
|
- accept a wide range of principal names in session setup
(This used to be commit 672df66296f540b606aa43effab5f021b8978e4b)
|
|
(This used to be commit a899086a51546220247390ac641f51b1df2f5496)
|
|
(This used to be commit 2667dea146169658f3c0290bb78dc5854c821eb4)
|
|
(This used to be commit 7bb99a9e892f8d60d4acb71ffc047b28ba66ffd8)
|