Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 136b9752fc9da86f0ad0e1f46dc389b752975aea)
|
|
(This used to be commit 56662a75f58d35cec1a5b2d6c9a4315d95a22420)
|
|
(This used to be commit 33d49ed68c4d6a66217558b13d960764c235089a)
|
|
Small tidyups.
(This used to be commit 252da94ebb279c47263dfae36fd016d0a29a6dbf)
|
|
Jeremy.
(This used to be commit 3bec83cbe9b863176ca087fd45efa6d1457b502c)
|
|
This commit builds on the auth subsystem to give Samba support for trusting NT4
domains. It is off by default, but is enabled by adding 'trustdomain' to the
'auth methods' smb.conf paramater.
Tested against NT4 only - there are still some issues with the join code for
Win2k servers (spnego stuff).
The main work TODO involves enumerating the trusted domains (including the RPC
calls to match), and getting winbind to run on the PDC correctly.
Similarly, work remains on getting NT4 to trust Samba domains.
Andrew Bartlett
(This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
|
|
(This used to be commit 413a46292b4e963343abce2428955305052e9cb4)
|
|
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
This adds the 'net' tools to manipulate the trusted domains.
Andrew Bartlett
(This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
|
|
(This used to be commit 7412890adc8f3dfddfabba545003715816e262bc)
|
|
Fix bug where zeroip addresses were being checked.
Jeremy.
(This used to be commit 8ed49fe0df201833329c17b2afe1e3aa70646558)
|
|
Jeremy.
(This used to be commit f7c980d61439f42395a457a5b99b28f526cabe69)
|
|
(and yes I know who you are..... :-).
Jeremy.
(This used to be commit 330b0df960329bcf4696b8fa4a7357e6c456f74e)
|
|
enumforms.
(This used to be commit e69222f0816878e3211e3dedb049de50ca90fed0)
|
|
(This used to be commit d37905f20397911e4f74e672ebdee28f1ddf3c2c)
|
|
where we pass the client's name. We should pass the servers name.
Andrew Bartlett
(This used to be commit aeecb7a06b006e69879f00699f4b8b6497553d19)
|
|
I couldn't test some of these because I didn't know the right magic
arguments to pass to rpcclient (familiar anyone? (-:) so there may be some
bugs lurking.
(This used to be commit 029e2b307d91171168040e71d2e5d5e0d01b7633)
|
|
(This used to be commit fccfa034e92bca145b8e0639e405f6af5bb1a50b)
|
|
Converted cli_spoolss_enumprinterdrivers() to pass offered and *needed as
parameters and return a WERROR.
(This used to be commit b595c258295ecc4824fe89ba1136c778a1700e28)
|
|
Andrew Bartlett
(This used to be commit ad1faf8fa4019cb57fbb7f311f6d4943359bcd45)
|
|
(This used to be commit 50fa21c995d33601920b3b56a3e03b09262e7fd9)
|
|
(This used to be commit 22f348a1f9501cc00d46d6c6064f71198558c0ee)
|
|
processing work correctly in winbindd. This is a really good patch
that gives full select semantics to the Samba modified select.
Jeremy.
(This used to be commit 3af16ade173cac24c1ac5eff4a36b439f16ac036)
|
|
(This used to be commit a7e67dc00ae1a9a80875f2708def6565af0c6f0e)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
(This used to be commit 9d62f25f5d3c25d71d8b87801084d42ae9b66f8c)
|
|
winbind default domains, particulary now I understand whats going on a lot
better. This ensures that the RPC client code does as little 'magic' as
possible - this is up to the application/user. (Where - for to name->sid code
- it was all along). This leaves the change that allows the sid->name code to
return domains and usernames in seperate paramaters.
Andrew Bartlett
(This used to be commit 5dfba2cf536f761b0aee314ed9e30dc53900b691)
|
|
info3. These are RIDs, and it only makes sense to combine them with the domain
SID returned with them. This is important for trusted domains, where that sid
might be other than the one we currently reterive from the secrets.tdb.
Also remove the become_root()/unbecome_root() wrapper from around both
remaining TDB users: Both are now initialised at smbd startup.
Andrew Bartlett
(This used to be commit 554842e0a55155193f25aefca6480b89d5c512ca)
|
|
(This used to be commit 7c2d7205938ddd958b8399599febbf63ac4c8a88)
|
|
in clirap2.
(This used to be commit 935955b50ff503d18265f745e6e0df90d3e5dd4b)
|
|
(This used to be commit e67c7c5852624bcdd5c565ea5f00b143aaf7fee4)
|
|
case.
Thanks to Nigel Williams <nigel@wednesday.demon.co.uk> for spotting these!
Andrew Bartlett
(This used to be commit 20e0b562283f75606ac9a36f3f104c6aaa294c40)
|
|
smbd, and also makes it much cleaner inside winbindd.
It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.
The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.
This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).
Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).
I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string. The actual structures are unchanged
- but the meaning of 'username' in the 'rid' will have changed. (The cache is
invalidated at startup, so on-disk formats are not an issue here).
Andrew Bartlett
(This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
|
|
<a.bokovoy@sam-solutions.net>.
The idea is the domain\username is rather harsh for unix systems - people don't
expect to have to FTP, SSH and (in particular) e-mail with a username like
that.
This 'corrects' that - but is not without its own problems.
As you can see from the changes to files like username.c and wb_client.c (smbd's
winbind client code) a lot of assumptions are made in a lot of places about
lp_winbind_seperator determining a users's status as a domain or local user.
The main change I will shortly be making is to investigate and kill off
winbind_initgroups() - as far as I know it was a workaround for an old bug in
winbind itself (and a bug in RH 5.2) and should no longer be relevent.
I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters
to determine a user/groups's 'local' status, rather than the presence of the
seperator.
As such, this functionality is recommended for servers providing unix services,
but is currently less than optimal for windows clients.
(TODO: remove all references to lp_winbind_seperator() and
lp_winbind_use_default_domain() from smbd)
Andrew Bartlett
(This used to be commit 07a21fcd2311d2d9b430b99303e3532a8c1159e4)
|
|
(This used to be commit aca0edc819e892944c65b3feb60250994a79e88a)
|
|
(This used to be commit fb300e411bb385dcba2c3ca166598a71ed693b35)
|
|
Jeremy.
(This used to be commit 0fcca6c627a5c9c2219ec9714df5e0bc1a44cc29)
|
|
-> NT STATUS
maps. Fixes problem with disk full returning incorrect error.
Jeremy.
(This used to be commit 16fcbf3c1ccf1d704765653f68395dd596c0d841)
|
|
Jeremy.
(This used to be commit 794c3e2c76aae57d054e46b185def104ca02977c)
|
|
(This used to be commit cfac669017afa763100e335d1516fbed18049e00)
|
|
functions.
(This used to be commit e69a22290e5c923f31223906461df4874e3b2aac)
|
|
This work was sponsored by Optifacio Software Services, Inc.
Andrew Bartlett
(various e-mails announcements merged into some form of commit message below:)
This patch which adds basics of universal groups support
into Samba 3. Currently, only Winbind with RPC calls supports this, ADS
support requires additional (possibly huge) work on KRB5 PAC. However,
basic infrastructure is here.
This patch adds:
1. Storing of universal groups for particular user logged into Samba
software (smbd/ two winbind-pam methods) into netlogon_unigrp.tdb as array
of uint32 supplemental group rids keyed as DOMAIN_SID/USER_RID in tdb.
2. Fetching of unversal groups for given user rid and domain sid from
netlogon_unigrp.tdb.
Since this is used in both smbd and winbindd, main code is in
source/lib/netlogon_uingrp.c. Dependencies are added to AUTH_OBJ as
UNIGRP_OBJ and WINBINDD_OBJ as UNIGRP_OBJ.
This patch has had a few versions, the final version in particular:
Many thanks to Andrew Bartlett for critics and comments, and partly
rewritten code.
New:
- updated fetching code to changed byte order macros
- moved functions to proper namespace
- optimized memory usage by reusing caller's memory context
- enhanced code to more follow Samba coding rules
Todo:
- proper universal group expiration after timeout
(This used to be commit 80c2aefbe7c1aa363dd286a47d50c5d8b4595f43)
|
|
Jeremy.
(This used to be commit 01ff6ce4963e1daff019f2b936cef218e1c93f67)
|
|
(This used to be commit 0b0b937b58f4bf4e005fb622f0db19175fc46a47)
|
|
(This used to be commit 73a59170e6fab3b0f91938a74302750915a04a7a)
|
|
This fixes up a problem where a machine would join (or downgrade by trust
password change) to NT4 membership and not be able to regain full ADS
membership until a 'net ads leave'.
Andrew Bartlett
(This used to be commit ab8ff85f03b25a0dfe4ab63886a10da81207393c)
|
|
this is actually a workaround for old broken nmbd daemons, especially
from Samba 2.0
(This used to be commit 12021a8de6a1dc2e43cc62f094a57c57283dfaf4)
|
|
- put in some level 10 debugs so we can see what internal_resolve_name()
is doing
- remove duplicates from returned ip list of internal_resolve_name()
(This used to be commit 08d2bcef1a4fc77d28bc0fa9e4ff5f3131cedea5)
|
|
(invalid handle) though. )-:
(This used to be commit 7bfd1f35e4e194f8a2f07046e4a6c005c256c05b)
|
|
Make the offered and needed buffer size into parameters.
(This used to be commit 9d9e7fb74d420913cda1c592765b498fd64384f0)
|
|
Patch from Alexander Bokovoy <a.bokovoy@sam-solutions.net>
(This used to be commit 6c42bf208976ed3020e57efff6281f984d9fe893)
|