Age | Commit message (Collapse) | Author | Files | Lines |
|
<a.bokovoy@sam-solutions.net>.
This patch is designed to remove the 'special cases' required for this support.
In particular this now kills off winbind_initgroups, as it appears no longer to
be required.
Andrew Bartlett
(This used to be commit f1d8d509766e9169d39332559162cfec249bfc70)
|
|
this might need a bit more work - or at least documentation.
This is certainly a worthwile little hack, as it avoids the need to invert the
group database. I don't think we should allow unqualified domains here - as
that allows us to distinguish between (at least some) usernames and these
'special' groups.
(This used to be commit 151dd7bc6c61e19a993017e5e0b50314801e26de)
|
|
correctly) be no longer needed. This is in aid of the 'winbind default domain'
code - which works much better when smbd always goes via the standard unix
interfaces.
Andrew Bartlett
(This used to be commit a41fe2f6c845789c719de1d9a26a1374fb0e7fdb)
|
|
J.F.
(This used to be commit 873dba59cf4e1f7ebb3593d890b9de7c8cd25653)
|
|
(This used to be commit 04f492980b73800b60dde764fdeb43f2eab79624)
|
|
idra has promised not to revert these this time :-)
(This used to be commit f556ad67e82518f5a024ffe9184ff9430ab5c541)
|
|
routines can work. The code was copied into both convert_string and
convert_string_allocate -- I split it into a little static function,
and removed an apparently duplicate call to init_valid_table().
(This used to be commit 7f7d22880d40c7344bc402203dd150255fc694cf)
|
|
(This used to be commit e05c9b34f084874fef3d9e6f39484242ed541940)
|
|
(This used to be commit 025a0ea8bac876633b790b62558a8ec1b7460e1b)
|
|
Jeremy.
(This used to be commit 61b4ce7aef53ab82bdc5bc214e50c1891e097c11)
|
|
(This used to be commit 6380f9ff7a57975b9827fb7252439ee28a25970d)
|
|
degree of seperation betwen reading/writing the raw NamedPipe SMB packets
and the matching operations inside smbd's RPC components.
This patch is designed for no change in behaviour, and my tests hold that to be
true. This patch does however allow for the future loadable modules interface
to specify function pointers in replacement of the fixed state.
The pipes_struct has been split into two peices, with smb_np_struct taking the
information that should be generic to where the data ends up.
Some other minor changes are made: we get another small helper function in
util_sock.c and some of the original code has better failure debugs and
variable use. (As per on-list comments).
Andrew Bartlett
(This used to be commit 8ef13cabdddf58b741886782297fb64b2fb7e489)
|
|
smbd, and also makes it much cleaner inside winbindd.
It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.
The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.
This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).
Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).
I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string. The actual structures are unchanged
- but the meaning of 'username' in the 'rid' will have changed. (The cache is
invalidated at startup, so on-disk formats are not an issue here).
Andrew Bartlett
(This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
|
|
where stdin is !isatty to allow stripts to work.
Jeremy.
(This used to be commit 997d6687fc67e98fe561775b522edfaa00f5ee5f)
|
|
Jeremy.
(This used to be commit 80df5ab07e2149e7cc3a4a0a6695da01e8f9492c)
|
|
(This used to be commit 6b123adda901ff05b0271eeda060297448f64eec)
|
|
vorlon@netexpress.net
Jeremy.
(This used to be commit 478696e924a5e562965eb21841198c96500027c4)
|
|
<a.bokovoy@sam-solutions.net>.
The idea is the domain\username is rather harsh for unix systems - people don't
expect to have to FTP, SSH and (in particular) e-mail with a username like
that.
This 'corrects' that - but is not without its own problems.
As you can see from the changes to files like username.c and wb_client.c (smbd's
winbind client code) a lot of assumptions are made in a lot of places about
lp_winbind_seperator determining a users's status as a domain or local user.
The main change I will shortly be making is to investigate and kill off
winbind_initgroups() - as far as I know it was a workaround for an old bug in
winbind itself (and a bug in RH 5.2) and should no longer be relevent.
I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters
to determine a user/groups's 'local' status, rather than the presence of the
seperator.
As such, this functionality is recommended for servers providing unix services,
but is currently less than optimal for windows clients.
(TODO: remove all references to lp_winbind_seperator() and
lp_winbind_use_default_domain() from smbd)
Andrew Bartlett
(This used to be commit 07a21fcd2311d2d9b430b99303e3532a8c1159e4)
|
|
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps
them around for a long time - often past the next call...
This adds a getpwnam_alloc and a getpwuid_alloc to the collection.
These function as expected, returning a malloced structure that can be
free()ed with passwd_free(&passwd).
This patch also cuts down on the number of calls to getpwnam - mostly by
taking advantage of the fact that the passdb interface is already
case-insensiteve.
With this patch most of the recursive cases have been removed (that I know
of) and the problems are reduced further by not using the sys_ interface
in the new code. This means that pointers to the cache won't be affected.
(This is a tempoary HACK, I intend to kill the password cache entirly).
The only change I'm a little worried about is the change to
rpc_server/srv_samr_nt.c for private groups. In this case we are getting
groups from the new group mapping DB. Do we still need to check for private
groups? I've toned down the check to a case sensitve match with the new code,
but we might be able to kill it entirly.
I've also added a make_modifyable_passwd() function, that copies a passwd
struct into the form that the old sys_getpw* code provided. As far as I can
tell this is only actually used in the pass_check.c crazies, where I moved
the final 'special case' for shadow passwords (out of _Get_Pwnam()).
The matching case for getpwent() is dealt with already, in lib/util_getent.c
Also included in here is a small change to register the [homes] share at vuid
creation rather than just in one varient of the session setup. (This picks
up the SPNEGO cases). The home directory is now stored on the vuid, and I
am hoping this might provide a saner way to do %H substitions.
TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change
the remaining sys_getpwnam() callers to use getpwnam_alloc() and move
Get_Pwnam to return an allocated struct.
Andrew Bartlett
(This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
|
|
Jeremy.
(This used to be commit c1b97226db63daf64359e79083a4754e7c7f8054)
|
|
Jeremy.
(This used to be commit 0fcca6c627a5c9c2219ec9714df5e0bc1a44cc29)
|
|
-> NT STATUS
maps. Fixes problem with disk full returning incorrect error.
Jeremy.
(This used to be commit 16fcbf3c1ccf1d704765653f68395dd596c0d841)
|
|
and constness changes.
(This used to be commit cee0ec72746122c962e6c5278a736266a7f2c424)
|
|
(This used to be commit bf513668cb76fd20b04b8142c86c263280b05bb6)
|
|
(This used to be commit 8d106dc1f4a51112516d72ae68747ca6b5b904b7)
|
|
otherwise all the memory will be seen as still reachable.
(This used to be commit 682e7cd394c1e1cc9a83f7e8e5e3694e083946c4)
|
|
(This used to be commit 7417d6f9310188d2ad3d8f41d3dcbe55862c72ac)
|
|
contents...
Andrew Bartlett
(This used to be commit e20d69d51862ea3fd5a7317a9592bd4dc6e68bfd)
|
|
to move this from being a static to matching its mate in lib/util_sock.c.
In any case, this should discorage anybody from using the 'wrong' version of
this function. (ie the one from TNG, which needs a bit more error checking
depending on use).
Andrew Bartlett
(This used to be commit e6a3a01f795a85d908180ff19469ce09a2803512)
|
|
Jeremy.
(This used to be commit 2603ab3c6870f3697751b887e940910713f08985)
|
|
Jeremy.
(This used to be commit 24ee18c77e1b61004d8ed817118a481f3d43e34c)
|
|
Jeremy.
(This used to be commit 01ff6ce4963e1daff019f2b936cef218e1c93f67)
|
|
(This used to be commit 85d3ffb2709258e576191adade9c61b11e83eec5)
|
|
Jeremy
(This used to be commit 6210d4aa196c944e47076e316980f76ac9c6b02d)
|
|
prompt dmalloc to log information about what happening, so you can see
in flight why smbd is getting bloated.
(This used to be commit bcb443c5c4bf97fe6b5b0993e42496c2e64f0124)
|
|
gcc warnings about unused parameters.
msg_pool_usage: assert msg_type is as expected.
(This used to be commit 3ef135e91aaebf9648c4dd13f59686f57f4cff70)
|
|
variable called 'free'.
(This used to be commit a823e3f8b2961c3e24205911354a55ffa588233b)
|
|
in tdb's. All except winbindd_idmap.... Hmmmmmm.
Jeremy.
(This used to be commit ec71f1732b6b27bd2d65b250a6f3720a235dc38d)
|
|
of commands when specified on command line.
(This used to be commit 39d6b31e14144a3ff4b992d4286b706147e58566)
|
|
(This used to be commit 08bb2dfec2ca0282e9268d09da2b966d3bdf493a)
|
|
Also change the structure so it has its own (optional) 'free' pointer - so we
don't free() a talloc'ed version.
also split out the data_blob_clear() functionaility.
Andrew Bartlett
(This used to be commit 207ee8aac42cf4b35f07e496b15fdeabe50950bc)
|
|
Jeremy.
(This used to be commit a0cdec3acc82d1ce0292fadd4b8dac23638450f3)
|
|
Jeremy.
(This used to be commit 8aee8211cddb6705c9aa545fc57ece2c721ef448)
|
|
Jeremy.
(This used to be commit 73cf9d04f6a35aa3b6bdb4e921de34e0021b5a2c)
|
|
Jeremy.
(This used to be commit b52c3219d6f46df6e98742447d65ecda2ecbac65)
|
|
(This used to be commit 4877501da92762d233e5e4f24d1cb2bdd1eab8ae)
|
|
(This used to be commit 86abefc17260387b6b68c71ad5587ef0212162c0)
|
|
(This used to be commit cd25d01e42e7874bc93f6ca336c5b2cde453bb52)
|
|
(This used to be commit 7cb8e95f9332d4c278d2aac5416f963639609d5a)
|
|
contain new print-formatted information. (Also
talloc_vasprintf_append.) Idea borrowed from glib.
(This used to be commit 53723e874885936dd67483ebf46601fc73489d17)
|