Age | Commit message (Collapse) | Author | Files | Lines |
|
* add synonym for idmap_rid in better lining with
other idmap backend names
* remove old debug messages when idmap {uid|gid} options
are not defined
(This used to be commit 03ebf3ebfe83897d8c18e57ed378154d1377874b)
|
|
(This used to be commit fb561fe26cc61272e24965b81e276fa5420b146d)
|
|
pieces that
can be taken out of it, so I decided to commit this in one lump. It changes
the passdb enumerating functions to use ldap paged results where possible. In
particular the samr calls querydispinfo, enumdomusers and friends have
undergone significant internal changes. I have tested this extensively with
rpcclient and a bit with usrmgr.exe. More tests and the merge to trunk will
follow later.
The code is based on a first implementation by Günther Deschner, but has
evolved quite a bit since then.
Volker
(This used to be commit f0bb44ac58e190e19eb4e92928979b0446e611c9)
|
|
(This used to be commit 88c2ed1534d5239273458768b7b3f05102a2af16)
|
|
(This used to be commit b451434e378e52e8ab6b932d7b26657ea9d0353c)
|
|
initializable
statically.
Volker
(This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
|
|
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
|
|
fixes the
expansion of domain local groups in case the netsamlogon_cache is valid. The
non-samlogon-cache side needs more work, as well as the samlogon cache itself.
Volker
(This used to be commit b6352a3c46f8e67503945eeac33e157ecea01bfb)
|
|
really use
domain local groups ...
Volker
(This used to be commit ed2d76d663a4388acc26a724cf2cdb5c40763def)
|
|
(This used to be commit 91a8e1ac6debffe457624a625e0f407bdbbbcb15)
|
|
Can't do LsaOpenPolicy() over schannel anymore.
This is an interesting find as it could imply that there are
other changes we haven't seen yet in sp1.
Volker, You might want to look at this for trunk.
(This used to be commit 82e3a9d9b526522376ea967c66c67b02f2c68dd8)
|
|
1. using smbc_getxattr() et al, one may now request all access control
entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
provided by smbc_getxattr() et al, when requesting all attributes,
all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
compiler flags are in use. removed -Wcast-qual flag from list, as that
is specifically to force warnings in the case of casting away qualifiers.
Note: In the process of eliminating compiler warnings, a few nasties were
discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces
are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
kerberos interfaces are being used. Someone who knows kerberos
should look at these and determine if there is an alternate method
of accomplishing the task.
(This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
|
|
"qualifiers". The
whole of samba comiles warning-free with the default compiler flags.
Temporarily defined -Wall to locate other potential problems. Found an
unused static function (#ifdefed out rather than deleted, in case it's
needed for something in progress).
There are also a number of uses of undeclared functions, mostly krb5_*.
Files with these problems need to have appropriate header files included,
but they are not fixed in this update.
oplock_linux.c.c has undefined functions capget() and capset(), which need
to have "#undef _POSIX_SOURCE" specified before including <sys/capability.h>,
but that could potentially have other side effects, so that remains uncorrected
as well.
The flag -Wall should be added permanently to CFLAGS, and all warnings then
generated should be eliminated.
(This used to be commit 5b19ede88ed80318e392f8017f4573fbb2ecbe0f)
|
|
is the
change in pdb_enum_alias_memberships to match samr.idl a bit closer.
Volker
(This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f)
|
|
(This used to be commit 42588ba50cb1b47a00f3e0bed33ca3431eb8af14)
|
|
initialized whenenumerating users and groups
(This used to be commit 105a63c207e8d2b03a30dec2b8b55b92047cba80)
|
|
(This used to be commit 5205949dac4566a815ea443114309c284270ba91)
|
|
(This used to be commit 642a2d5a0aecd507d4f26dc2250de3667af3abbf)
|
|
(This used to be commit c2f710e3219aab647c0ed294d1d3481f5578b930)
|
|
TODO: This needs to be merged to trunk separately, it has changed a little,
but it's friday evening here.
Volker
(This used to be commit 49c3e04632e9fcdf552259412e8ec54d18269516)
|
|
rejects
everything but 1000 here, so there's no point in exposing that to the caller.
Thanks,
Volker
(This used to be commit 03ec1bd9e54b065c0494bc57a3d78ac0ae28e234)
|
|
*attr[]. This
gives some new warnings in smbldap.c, but a the callers are cleaned up.
Volker
(This used to be commit 543799fc0ddc3176469acc1fab7093c41556d403)
|
|
netbios = yes'
(This used to be commit 75a223f1188ae0041c9e3c748af107d642f73810)
|
|
Add 'log nt token command' parameter. If set, %s is replaced with the user
sid, and %t takes all the group sids.
Volker
(This used to be commit e7dc9fde45c750013ad07f584599dd51f8eb8a54)
|
|
Volker
(This used to be commit b48a46162d7971be3d44d403a2d62247ef2321f7)
|
|
(This used to be commit 9019a8436162d3606f6b8584701b0832cf5a7439)
|
|
Volker
(This used to be commit 78975ab9a996ac61be37410f18ddedb9df58d04b)
|
|
the cli* in cm_prepare_connection(). using credentials from a domain other thanour primary domain will cause the schannel setup to fail
(This used to be commit a13e29b5f2f1e48225b5b5964bc0777948f16622)
|
|
shows that this info is correctly returned to us in to info3 struct, so
check_info3_in_group does not need to be adapted.
Volker
(This used to be commit a84e778cafcefdc1809474c2123e757c8c9d9b70)
|
|
(This used to be commit a8aab6de7516b70cae6c096883874fa152777b13)
|
|
(This used to be commit ccdff4a998405544433aa32938963e4c37962fcc)
|
|
DC name
via netbios, as the user might have set an IP address or a fqdn.
Volker
(This used to be commit 61466f38429ba67ace3e84c870a0f913f64d122c)
|
|
(This used to be commit 13a2aa50ea203cee9c2323bb0428f8c50a3c0f77)
|
|
based on samba4-idl.
This saves us an enormous amount of totally unnecessary ldap-traffic
when several hundreds of winbind-daemons query a Samba3 DC just to get
the fake SAM-sequence-number (time(NULL)) by enumerating all users, all
groups and all aliases when query-dom-info level 2 is used.
Note that we apparently never get the sequence number right (we parse a
uint32, although it's a uint64, at least in samba4 idl). For the time
being, I would propose to stay with that behaviour.
Guenther
(This used to be commit f9ab15a986626581000d4b93961184c501f36b93)
|
|
The old #ifdef JRATEST-block was copying 16 bytes and thus overwriting
acct_flags with bizarre values, breaking a lot of things.
This patch is successfully running in a production environment for quite
some time now and is required to finally allow Exchange 5.5 to access
another Exchange Server when both are running on NT4 in a
samba-controlled domain. This also allows Exchange Replication to take
place, Exchange Administrator to access other Servers in the network,
etc. Fixes Bugzilla #1136.
Thanks abartlet for helping me with that one.
Guenther
(This used to be commit bd4c5125d6989cebc90152a23e113b345806c660)
|
|
(This used to be commit 82b9faaaa2e1e2986a15102605739e7d13885ac6)
|
|
Guenther
(This used to be commit 4f10666295ff7c086ac2a38e0a5f0ac80b57b9a0)
|
|
log.winbindd is spammed with 'user root does not exist'. Increase debug level.
Volker
(This used to be commit 7256771dd01029ed103896c0825bb91b88757015)
|
|
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
|
|
Jeremy.
(This used to be commit 8e979772a640bb4f00f4d72b6a9c837b8ef14333)
|
|
Guenther
(This used to be commit 52dea588fd0b40a32c56b5634315b149fc088907)
|
|
simultaeneously to all
DCs found. The first one to reply wins.
Volker
(This used to be commit 84ac54aef2bd56b5c889d3b05b8828aceb8ae00e)
|
|
for no groups after every lookup - move check to the end as we should
only fail if all lookups fail.
Jeremy.
(This used to be commit 3b40c1e4365f37b967e14be02c6aa52893a80f51)
|
|
implementation does
not exactly match what you would expect.
XP workstations during login actually do this, so we should better become a
bit more correct. The LDAP query issued is not really fully optimal, but it is
a lot faster and more correct than what was there before. The change in
passdb.h makes it possible that queryuseraliases is done with a single ldap
query.
Volker
(This used to be commit 2508d4ed1e16c268fc9f3676b0c6a122e070f93d)
|
|
Use the fully qualified DOMAIN\user format for 'security = domain|ads'
and apply after authentication has succeeded.
* also change fill_domain_username() to only lowercase the username
and not the domain+username. This was a cosmetic fix only.
makes the output more consistent with %D and %U.
(This used to be commit 30ee2d5b0906d5cd73a8faf5170e5aebcc6d69c8)
|
|
I've been grumbling about under-efficient calls in SAMR, and finally
got around to fixing some of them.
We now call sys_getgroups() (which in turn calls initgroups(), until
glibc 3.4 is released) to figure out a user's group membership. This
is far, far more efficient than scanning all the groups looking for a
match, and is still the 'posix way', just using an effiecient call.
The seperate issue of 'who is in this group' remains, but this one has
been biting some people.
I need to talk to VL about how best to exersise nasty corner cases,
but my initial tests hold strong. (The code is also much simpiler
than before, which has to count for something :-)
Andrew Bartlett
(This used to be commit dc19f161698dab5b71d61fa2bacc7e7b8da5fbba)
|
|
'..' from all #include preprocessor commands. This fixes bugzilla #1880
where OpenVMS gets confused about the '.' characters.
(This used to be commit 7f161702fa4916979602cc0295919b541912acd6)
|
|
Qiao Yang.
(This used to be commit 30ae13cb9fbe5f04e46bcbd5e0c19da9b33341d5)
|
|
Allow 'require_membership_of' and 'require-membership-of'.
Really use a different struct for the SID->Name lookup.
Andrew Bartlett
(This used to be commit 83dadcd089905aa8ff3392010177ffa1dc8237ba)
|
|
naming of the require_membership_of parameter in pam_winbind and fix
the error code for 'you didn't specify a domain' in ntlm_auth.
Andrew Bartlett
(This used to be commit 4bf0b94011fe6bfbec5635e58cafbfe3dc898569)
|