Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 66ef6b942e00dc0d7742226f24861445d3bc0eb3)
|
|
that app-head does.
Jeremy.
(This used to be commit b521abd86b10573ca8f9116907c81e6deb55f049)
|
|
Added directory specific access mask bits.
(This used to be commit edbd942a8d0edcb5e7cc3086c3d98c6ff1d6cd80)
|
|
The actual design change is relitivly small however:
It all goes back to jerry's 'BOOL store', added to many of the elements in a
SAM_ACCOUNT. This ensured that smb.conf defaults did not get 'fixed' into
ldap. This was a great win for admins, and this patch follows in the same way.
This patch extends the concept - we don't store values back into LDAP unless
they have been changed. So if we read a value, but don't update it, or we
read a value, find it's not there and use a default, we will not update
ldap with that value. This reduced clutter in our LDAP DB, and makes it
easier to change defaults later on.
Metze's particular problem was that when we 'write back' an unchanged value,
we would clear any muliple values in that feild. Now he can still have his
mulitivalued 'uid' feild, without Samba changing it for *every* other
operation.
This also applies to many other attributes, and helps to eliminate a nasty
race condition. (Time between get and set)
This patch is big, and needs more testing, but metze has tested usrmgr, and
I've fixed some pdbedit bugs, and tested domain joins, so it isn't compleatly
flawed ;-).
The same system will be introduced into the SAM code shortly, but this fixes
bugs that people were coming across in production uses of Samba 3.0/HEAD, hence
it's inclusion here.
Andrew Bartlett
(This used to be commit 7f237bde212eb188df84a5d8adb598a93fba8155)
|
|
(This used to be commit 738b9237eda8fdb8adb534ab1a84070923f352f1)
|
|
also try to uniform names to a clean scheme.
first part.
(This used to be commit a123e05877caf90c28980be2d84b1d0b46e4fd21)
|
|
the ones for debuglevel and configuration file in pdbedit
(This used to be commit cb0d03a393d9009c3e16b9d05d88c171de9a9414)
|
|
MAX_PRINT_JOBS in a queue.
Jeremy.
(This used to be commit bb58a08af459b4abae9d53ab98c15f40638ce52b)
|
|
(This used to be commit f70caa25e4ee198151b915cf2bc0a26b2d0e243d)
|
|
from APP_HEAD
(This used to be commit 38c9e4299845fd77cc8629945ce2d259489f7437)
|
|
(This used to be commit 92e0d0e6082117d2d5342383023cff244bbceed0)
|
|
Jeremy.
(This used to be commit 736a7bab487d7e217eed452e2089adb6b4164ad5)
|
|
Jeremy.
(This used to be commit abeebf33c132c4975ac5dadde57c22176ddc9fda)
|
|
<belanger@yahoo.com>.
Jeremy.
(This used to be commit 8db4d46dc983ce37814fb375d61951b6220a4c61)
|
|
In order to reduce complexity, this patch removes the upper layer of the SAM
API. Also, we remove the function pointers on the sam context - there really
is no point making these replaceable - that's for the modules.
Move a number of functions in include/interface.c around to allow for use of
'static' and to keep the external API in one chunk, at the bottem. All these
functions were renamed to remove the context_sam -> sam
Consequential changes in the samtest module, and back out metze's change for
ACB filtering, becouse I think it belongs in the SAM backeds. (But I will take
debate on this one).
Changes to the lib/util_sid.c code to create a 'system' token, and make it a
SAM_ASSERT() enforced requirement to have a token on those calls that specify
it. samtest now uses this.
We should have a samtest call to set your own token.
We also need to extend our se_access code to cover the things that Win2k is
returning in it's access tokens. Currently our system token doesn't pass, due
to unexpected flags. (When running sam_ads against Win2k)
Andrew Bartlett
(This used to be commit b9036900d0bb227ec16c6a5792c18ef943dcf015)
|
|
(This used to be commit cf249f5b222312bb05fb8ab53413d160149f7477)
|
|
This module, primarilly the work of "Stefan (metze) Metzmacher"
<metze@metzemix.de>, uses the Active Directory schema to store the
user/group/other information. I've been testing it against a real AD server,
and it is intended to work with OpenLDAP as well.
I've moved a few functions around in our other libads code, which has made it
easier to tap into that existing code.
Also, I've made some changes to the SAM interface, I hope there are not too
many objections... To ensure we don't get silly bugs in the skel module, it
is now in the default compile. This way you should not forget to update it :-)
Andrew Bartlett
(This used to be commit 24fb0cde2f0b657df1c99474cd694438c94a566e)
|
|
a 3.0 based PDC.
Change defaults to use SSL, so that this also matches.
Andrew Bartlett
(This used to be commit 36c2a3820faa1d90cd331881720be0e61ab93460)
|
|
branch.
(This used to be commit 0962a2f74f89b684a5f333126fed2b6a7fc0b454)
|
|
(This used to be commit ba8b6c8e31ad5f15a0cfa9d28d9b8692c3473a42)
|
|
(This used to be commit cae3705b9a03e36137439e24667dcf2e5e9643fc)
|
|
control bits right on the SAMR pipe.
Andrew Bartlett
(This used to be commit e87948c777b59592b130da081ef5d25600455d29)
|
|
(This used to be commit 67d600ed8ed1cdd25503fdb2299bdfa93befee1f)
|
|
better job of working with usrmgr. Previously we were blanking out entires,
and all sort of mischif.
The new patch (which I've now had a chance to test/modify) also takes care not
to expand % values (ie we go \\%L\%U -> \\server\user, we don't want to store
\\server\user back) and to correctly notice 'not set' compared to 'null string'
etc.
Andrew Bartlett
(This used to be commit ab878b6cc4132594fc33f78aeebf0d8b7266c150)
|
|
pdb_ldap and adds a 'ldap passwd sync' option.
The idea with this option is to do allow an ldap backend to do all the fancy
password hashing etc - and to tell smbd no to try and double-up. Using 'ldap
passwd sync = only' will do this, but is not recommended unless such a backend
is in place...
Running 'ldap passwd sync = yes' just gets you the same as doing 'pam passwd
sync = yes' and having both PAM and pam_ldap correctly configured for 'magic
root' behaviour, but only using ldap connection, and one set of credentials.
This also gets us closer to allowing ldap to say 'password too short' etc,
which might assist in maintaining a consistant password policy.
Andrew Bartlett
(This used to be commit f13e243f1a13d34ae057b40b01f561e8b95d4570)
|
|
See mx-ldap.sf.net for his current progress.
(This used to be commit 9c62d1312fdf0aa7b1978e8bbb56fc076ba7e9d0)
|
|
if we ever want to get rid of the magic macros.
(This used to be commit 13f33e466ed31d35221157d6b3a1a05507157b66)
|
|
and domainname
- Allocate sam_methods, set domain_sid, domain_name and backend_name in make_sam_methods_backend_entry instead of in the backend
- Remove sam_context and domain_sid pointers from the sam_init_function - we don't need those arguments anymore since they're
available in sam_methods as well
(This used to be commit 50d2527eed0eb26c16f2f7e28badbf08d771380e)
|
|
Volker
(This used to be commit 8c41b5cd1b8b0c2639def9552bd20b8aca39785c)
|
|
Fix small bug in sam/interface.c
Make sam backend to default to a define
(This used to be commit 60ab55fedf03a0b505b0b73527e031124a46304e)
|
|
Jeremy.
(This used to be commit 91e41ebe97c143f413e2a5614b20f3db4642490f)
|
|
(This used to be commit aa52351384abace54a89c9fbfa5e4c31a8464c91)
|
|
Jeremy.
(This used to be commit 5881f0a22633ed9fb73e6cd788d0751c4db6cd32)
|
|
the DC being out of sync with the local machine.
(This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
|
|
--with-ads=no or ./configure --without-ads Samba will build without
linking to the various kerberos libraries.
(This used to be commit edb6172abf0f07fead8ed3aaaebe0411d757aa64)
|
|
Jeremy.
(This used to be commit 6425f169779ce65509b77cf6d5634de24894a965)
|
|
Jeremy.
(This used to be commit f956a4d29d0d88cd92fac0f0c9f636fc152afe0a)
|
|
still needs more work. Don't add --with-sendfile-support yet...
Jeremy.
(This used to be commit c6ece53ac2a7a6115ca1160cf02247d7cc0bbb95)
|
|
Added new SWAT Flags for Advanced and Developer modes.
(This used to be commit 0250e2c52c7d7aa25308b6c20b8e2a51184cb598)
|
|
(This used to be commit bd7245dc6fcff805fcb69f6bd1f4852dadf5aa84)
|
|
field.
(This used to be commit d153d692a0f8499e1d6dac791a4d119cd9c15e45)
|
|
Jeremy.
(This used to be commit 2d080d7579c0a59bcb03608600c6b28243bbe353)
|
|
and doesn't actually call sendfile. Needs to be vectored through the
VFS and tested on all supported platforms (Solaris/HPUX/FreeBSD/Linux).
Linux doesn't actually work (2.4.19 kernel) at the moment because it
doesn't have a 64-bit clean sendfile.
Jeremy.
(This used to be commit fd772ca7b16cd86e0d50c7ed8d537c202976a6d2)
|
|
pushing it onto the blocking queue.
Jeremy.
(This used to be commit 237e36124cedf0485deaff81f34688fa862c3317)
|
|
(This used to be commit b5227f0a645fdf2358fcb880f22e4662efdfe8e3)
|
|
Jeremy.
(This used to be commit af2168c0344d49041b1fe78cd5219ac50308deb3)
|
|
(This used to be commit 771878a2d94009b6eccef5f98d4e782cd85c291e)
|
|
The global winbind file descriptor can cause havoc in some situations -
particulary when it becomes 0, 1 or 2. This patch (based on some very nice
work by Hannes Schmidt <mail@schmidt-net.via.t-online.de>) starts to recitfy
the problem by ensuring that the close-on-exec flag is set, and that we move
above 3 in the file descriptor table.
I've also decided that the PAM module can close it's pipe handle on every
request - this isn't performance-critical code.
The next step is to do the same for nss_winbind. (But things like getent()
might get in our way there).
This also cleans up some function prototypes, puts them in just one place.
Andrew Bartlett
(This used to be commit 442eb39657b98f67cd229ed3110b63aae8bf4e3c)
|
|
#ifdef mess...) in readline.c, we don't need or use them in the rest of Samba.
(This OK was of course conditional on 'if you break it, you better fix it...')
Andrew Bartlett
(This used to be commit 55ee289f587f107fa03c5f889491fdaab101df2d)
|
|
SAM_ASSERT if we are not going to crash.
(This used to be commit f91fcb166107e45ffb3de95a3da65c79992341eb)
|