Age | Commit message (Collapse) | Author | Files | Lines |
|
this!
(groupname and domain name paramaters swapped, giving 'interesting' results...)
Andrew Bartlett
(This used to be commit 5aed3759d8edbe59df8c1ea70827c4b931393134)
|
|
character set for conversion. To be used in Winbind and the 'net ads'
commands.
Andrew Bartlett
(This used to be commit fa9d3060ff7510e176d7608b49075379500f55c4)
|
|
this is needed because W2K will send a TCP reset to any open
connections that have not done a negprot when a second connection is
made. This meant that under heavy netlogon load a Samba domain member
would fail authentications.
Jeremy, you may wish to port this to 2.2.x
(This used to be commit eb196070e62b45b113e5712f27198c50c5c95657)
|
|
why does anything but smbd care about sec_init() anyway??
(This used to be commit 569505b77140c2688aeab4df058b864464f23c1d)
|
|
(This used to be commit e7abb79fb304b34aeb369dc6deafa96dfd1e02f3)
|
|
without before sec_init(). This should avoid the formation of another
magic function club. (-:
(This used to be commit 1b941e2c637e41049932945607149094342359c5)
|
|
(This used to be commit 5efe39af0c89e549bb8211a39a949f80f6d1bf78)
|
|
receive_smb: You might think that we ought to set smb_read_error here,
but apparently that breaks the recursive main loop in oplock.c.
Global variables suck. :-/
(This used to be commit b6d5d02aa1bf0caa28343dc87444f049c5fd8ce5)
|
|
:-)
Andrew Bartlett
(This used to be commit 542e0e37455e6bcd8e0c248b3bb6ede8306d1656)
|
|
Andrew Bartlett
(This used to be commit 59afc3d6daad2770219dba1ca113869967eefc23)
|
|
This adds code to do generic PAM -> NTSTATUS and NTSTATUS -> PAM error
conversions, and uses them to make the error handling in pam_winbind sane.
In particular, pam_winbind now uses PAM error codes, not silly '-1, -2 ...'
stuff, and logs the NTSTATUS error that winbind now sends over the pipe.
Added code to wbinfo to display these - makes a big difference in debugging
winbindd.
The main change here is the code to allow pam_winbind password changing to
correctly stack - This code ripped from pam_unix, and the copyright attached.
(Same as for all pam modules, including pam_winbind)
Andrew Bartlett
(This used to be commit dc1a72f896b83bc1ad3c7bf6c12c36ace3967280)
|
|
Jeremy.
(This used to be commit d1e911afd08971c6cf5429bda929663a5dd8f63d)
|
|
(This used to be commit e3bb6867454307ae592115e205d32ddd53988678)
|
|
processing work correctly in winbindd. This is a really good patch
that gives full select semantics to the Samba modified select.
Jeremy.
(This used to be commit 3af16ade173cac24c1ac5eff4a36b439f16ac036)
|
|
non-domain Samba server from a NT4 client.
Note that this exactly reverses a change by Jeremy on the 18th of
December 2001, reverting the code back to what JF originally wrote. I
have looked carefully with a sniffer and JFs original NULL sid is
correct (ie. it matches what NT4 does) and also fixes the problem.
Sending a blank sid (which is what jeremy's patch did) causes NT4 to
give a classic "parameter is incorrect error" and prevents the
addition of new ACLs.
(This used to be commit 9930cf97330dd93985c5558cec6b24406e90c228)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
(This used to be commit a034bfb9ef7a4c8a127ac91f4163cc6af98f29b3)
|
|
<a.bokovoy@sam-solutions.net>.
This patch is designed to remove the 'special cases' required for this support.
In particular this now kills off winbind_initgroups, as it appears no longer to
be required.
Andrew Bartlett
(This used to be commit f1d8d509766e9169d39332559162cfec249bfc70)
|
|
this might need a bit more work - or at least documentation.
This is certainly a worthwile little hack, as it avoids the need to invert the
group database. I don't think we should allow unqualified domains here - as
that allows us to distinguish between (at least some) usernames and these
'special' groups.
(This used to be commit 151dd7bc6c61e19a993017e5e0b50314801e26de)
|
|
correctly) be no longer needed. This is in aid of the 'winbind default domain'
code - which works much better when smbd always goes via the standard unix
interfaces.
Andrew Bartlett
(This used to be commit a41fe2f6c845789c719de1d9a26a1374fb0e7fdb)
|
|
J.F.
(This used to be commit 873dba59cf4e1f7ebb3593d890b9de7c8cd25653)
|
|
(This used to be commit 04f492980b73800b60dde764fdeb43f2eab79624)
|
|
idra has promised not to revert these this time :-)
(This used to be commit f556ad67e82518f5a024ffe9184ff9430ab5c541)
|
|
routines can work. The code was copied into both convert_string and
convert_string_allocate -- I split it into a little static function,
and removed an apparently duplicate call to init_valid_table().
(This used to be commit 7f7d22880d40c7344bc402203dd150255fc694cf)
|
|
(This used to be commit e05c9b34f084874fef3d9e6f39484242ed541940)
|
|
(This used to be commit 025a0ea8bac876633b790b62558a8ec1b7460e1b)
|
|
Jeremy.
(This used to be commit 61b4ce7aef53ab82bdc5bc214e50c1891e097c11)
|
|
(This used to be commit 6380f9ff7a57975b9827fb7252439ee28a25970d)
|
|
degree of seperation betwen reading/writing the raw NamedPipe SMB packets
and the matching operations inside smbd's RPC components.
This patch is designed for no change in behaviour, and my tests hold that to be
true. This patch does however allow for the future loadable modules interface
to specify function pointers in replacement of the fixed state.
The pipes_struct has been split into two peices, with smb_np_struct taking the
information that should be generic to where the data ends up.
Some other minor changes are made: we get another small helper function in
util_sock.c and some of the original code has better failure debugs and
variable use. (As per on-list comments).
Andrew Bartlett
(This used to be commit 8ef13cabdddf58b741886782297fb64b2fb7e489)
|
|
smbd, and also makes it much cleaner inside winbindd.
It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.
The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.
This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).
Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).
I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string. The actual structures are unchanged
- but the meaning of 'username' in the 'rid' will have changed. (The cache is
invalidated at startup, so on-disk formats are not an issue here).
Andrew Bartlett
(This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
|
|
where stdin is !isatty to allow stripts to work.
Jeremy.
(This used to be commit 997d6687fc67e98fe561775b522edfaa00f5ee5f)
|
|
Jeremy.
(This used to be commit 80df5ab07e2149e7cc3a4a0a6695da01e8f9492c)
|
|
(This used to be commit 6b123adda901ff05b0271eeda060297448f64eec)
|
|
vorlon@netexpress.net
Jeremy.
(This used to be commit 478696e924a5e562965eb21841198c96500027c4)
|
|
<a.bokovoy@sam-solutions.net>.
The idea is the domain\username is rather harsh for unix systems - people don't
expect to have to FTP, SSH and (in particular) e-mail with a username like
that.
This 'corrects' that - but is not without its own problems.
As you can see from the changes to files like username.c and wb_client.c (smbd's
winbind client code) a lot of assumptions are made in a lot of places about
lp_winbind_seperator determining a users's status as a domain or local user.
The main change I will shortly be making is to investigate and kill off
winbind_initgroups() - as far as I know it was a workaround for an old bug in
winbind itself (and a bug in RH 5.2) and should no longer be relevent.
I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters
to determine a user/groups's 'local' status, rather than the presence of the
seperator.
As such, this functionality is recommended for servers providing unix services,
but is currently less than optimal for windows clients.
(TODO: remove all references to lp_winbind_seperator() and
lp_winbind_use_default_domain() from smbd)
Andrew Bartlett
(This used to be commit 07a21fcd2311d2d9b430b99303e3532a8c1159e4)
|
|
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps
them around for a long time - often past the next call...
This adds a getpwnam_alloc and a getpwuid_alloc to the collection.
These function as expected, returning a malloced structure that can be
free()ed with passwd_free(&passwd).
This patch also cuts down on the number of calls to getpwnam - mostly by
taking advantage of the fact that the passdb interface is already
case-insensiteve.
With this patch most of the recursive cases have been removed (that I know
of) and the problems are reduced further by not using the sys_ interface
in the new code. This means that pointers to the cache won't be affected.
(This is a tempoary HACK, I intend to kill the password cache entirly).
The only change I'm a little worried about is the change to
rpc_server/srv_samr_nt.c for private groups. In this case we are getting
groups from the new group mapping DB. Do we still need to check for private
groups? I've toned down the check to a case sensitve match with the new code,
but we might be able to kill it entirly.
I've also added a make_modifyable_passwd() function, that copies a passwd
struct into the form that the old sys_getpw* code provided. As far as I can
tell this is only actually used in the pass_check.c crazies, where I moved
the final 'special case' for shadow passwords (out of _Get_Pwnam()).
The matching case for getpwent() is dealt with already, in lib/util_getent.c
Also included in here is a small change to register the [homes] share at vuid
creation rather than just in one varient of the session setup. (This picks
up the SPNEGO cases). The home directory is now stored on the vuid, and I
am hoping this might provide a saner way to do %H substitions.
TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change
the remaining sys_getpwnam() callers to use getpwnam_alloc() and move
Get_Pwnam to return an allocated struct.
Andrew Bartlett
(This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
|
|
Jeremy.
(This used to be commit c1b97226db63daf64359e79083a4754e7c7f8054)
|
|
Jeremy.
(This used to be commit 0fcca6c627a5c9c2219ec9714df5e0bc1a44cc29)
|
|
-> NT STATUS
maps. Fixes problem with disk full returning incorrect error.
Jeremy.
(This used to be commit 16fcbf3c1ccf1d704765653f68395dd596c0d841)
|
|
and constness changes.
(This used to be commit cee0ec72746122c962e6c5278a736266a7f2c424)
|
|
(This used to be commit bf513668cb76fd20b04b8142c86c263280b05bb6)
|
|
(This used to be commit 8d106dc1f4a51112516d72ae68747ca6b5b904b7)
|
|
otherwise all the memory will be seen as still reachable.
(This used to be commit 682e7cd394c1e1cc9a83f7e8e5e3694e083946c4)
|
|
(This used to be commit 7417d6f9310188d2ad3d8f41d3dcbe55862c72ac)
|
|
contents...
Andrew Bartlett
(This used to be commit e20d69d51862ea3fd5a7317a9592bd4dc6e68bfd)
|
|
to move this from being a static to matching its mate in lib/util_sock.c.
In any case, this should discorage anybody from using the 'wrong' version of
this function. (ie the one from TNG, which needs a bit more error checking
depending on use).
Andrew Bartlett
(This used to be commit e6a3a01f795a85d908180ff19469ce09a2803512)
|
|
Jeremy.
(This used to be commit 2603ab3c6870f3697751b887e940910713f08985)
|
|
Jeremy.
(This used to be commit 24ee18c77e1b61004d8ed817118a481f3d43e34c)
|
|
Jeremy.
(This used to be commit 01ff6ce4963e1daff019f2b936cef218e1c93f67)
|
|
(This used to be commit 85d3ffb2709258e576191adade9c61b11e83eec5)
|