Age | Commit message (Collapse) | Author | Files | Lines |
|
tdb as well to make naming consistent.
(This used to be commit ee91eb9a39cc5e3edd9e97eb040e7557930e4e62)
|
|
This gets it working before replacing tdb with the samba4 version.
(This used to be commit 8210b0503a050e12ee1b4335fa6e50d10ad06577)
|
|
This allows the ldap-backend to search much more effeciently. Machines
will be searched in the ldap_machine_suffix and users in the
ldap_users_suffix. (Note that we already use the ldap_group_suffix in
ldapsam_setsamgrent for quite some time).
Using the specific ldap-bases becomes notably important in large
domains: On my testmachine "net rpc trustdom list" has to search through
40k accounts just to list 3 interdomain-trust-accounts, similiar effects
show up the non-user query_dispinfo-calls, etc.
Also renamed all_machines to only_machines in load_sampwd_entries()
since that reflects better what is really meant.
Guenther
(This used to be commit 6394257cc721ca739bda0e320375f04506913533)
|
|
(based on Simo's code in trunk). Rewritten with the
following changes:
* privilege set is based on a 32-bit mask instead of strings
(plans are to extend this to a 64 or 128-bit mask before
the next 3.0.11preX release).
* Remove the privilege code from the passdb API
(replication to come later)
* Only support the minimum amount of privileges that make
sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
instead of the 'is a member of "Domain Admins"?' check that started
all this.
Still todo:
* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
Samba DC to another.
* Come up with some management tool for manipultaing privileges
instead of user manager since it is buggy when run on a 2k client
(haven't tried xp). Works ok on NT4.
(This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
|
|
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
|
|
my (C) to a header file that was at least 50% mine :-).
Jeremy.
(This used to be commit 8ee6060977ec8e65082f3ad09e1e1ccf5b4672ed)
|
|
core dump) but compiles and links correctly. I will run the full set of
tests on the ldap sam and the tdb sam for password history tomorrow.
Jeremy.
(This used to be commit ac846420d0ef2c60d2dc71319b24401c73699249)
|
|
"Jianliang Lu" <j.lu@tiesse.com>. Multi-string attribute changed to
linearised pstring due to ordering issues. A few other changes to
fix race conditions. I will add the tdb backend code next. This code
compiles but has not yet been tested with password history policy
set to greater than zero. Targeted for 3.0.6.
Jeremy.
(This used to be commit dd54b2a3c45e202e504ad69d170eb798da4e6fc9)
|
|
(This used to be commit 730c07cac2166812f4a2da5cfba7152d168b2bdd)
|
|
more testing tomorrow but initial results seem ok
(This used to be commit daee8d7feee4a08d6c204e2de3f346b6d10640e6)
|
|
Jeremy.
(This used to be commit e914230a2d1a7b515bd7859d655d6555b7d3e67e)
|
|
(This used to be commit 8734d91cd7681219f1389e3c41979028eadbb7fe)
|
|
(This used to be commit a6a39c61e8228c8b3b7552ab3c61ec3a6a639143)
|
|
(This used to be commit b8394a107d3448434f1a34076eaab8e6dd9a8a9d)
|
|
An extra message notifying that needed file didn't exist is displayed.
There's still a little catch with tdb backend, but it's better than it was,
from end-user's point of view.
This fixes #198
rafal
(This used to be commit b0be700605c289ce8e9dd3abe49d78ac77256911)
|
|
(This used to be commit 5efa0d7cc28d903c1986b8e40072ae49e9532a88)
|
|
* move rid allocation into IDMAP. See comments in _api_samr_create_user()
* add winbind delete user/group functions
I'm checking this in to sync up with everyone. But I'm going to split
the add a separate winbindd_allocate_rid() function for systems
that have an 'add user script' but need idmap to give them a RID.
Life would be so much simplier without 'enable rid algorithm'.
The current RID allocation is horrible due to this one fact.
Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow.
Nothing has changed in the way a samba domain is represented, stored,
or search in the directory so things should be ok with previous installations.
going to bed now.
(This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
|
|
available. Removed extra auth_init (thanks metze).
Jeremy.
(This used to be commit 88135fbc4998c266052647f8b8e437ac01cf50ae)
|
|
winbindd now. Also removing an unused file.
(This used to be commit 688369c23c604e9b6654fcf07190d2e27c1138cf)
|
|
strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
|
|
mallocs its key, so we should free it after use.
Volker
(This used to be commit 9750799ba2e1aaa59fa255f23880c9c618195c3d)
|
|
Simo, I remember you complaining about a memleak there, could it be
this one, or did you resolve it at that time?
Volker
(This used to be commit c660595deda2ce836c0a191da0236f850004ba0d)
|
|
(This used to be commit 908b16cc2a8b6c5c67aae0e1af9d51f57fe31212)
|
|
(This used to be commit f09df852ac0b25470fb9435c79a4a417e06e9b75)
|
|
(This used to be commit 2c47893c7542889d9e2ee097897a1df248b1a5e2)
|
|
please check this?
(This used to be commit af4b1f869a7dca0d24391fb2cefef7e05cca2c04)
|
|
Jeremy.
(This used to be commit 2a6d0c2481c3c34351e57c30a85004babdbf99b0)
|
|
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.
Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.
The code has been tested and seem to work right, more testing is needed for
corner cases.
Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)
Simo.
(This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
|
|
function. Patch by metze with some minor modifications.
(This used to be commit bc4b51bcb2daa7271c884cb83bf8bdba6d3a9b6d)
|
|
This patch removes 'non unix account range' (same as idra's change in HEAD),
and uses the winbind uid range instead.
More importanly, this patch changes the LDAP schema to use 'ntSid' instead
of 'rid' as the primary attribute. This makes it in common with the group
mapping code, and should allow it to be used closely with a future idmap_ldap.
Existing installations can use the existing functionality by using the
ldapsam_compat backend, and users who compile with --with-ldapsam will get
this by default.
More importantly, this patch adds a 'sambaDomain' object to our schema -
which contains 2 'next rid' attributes, the domain name and the domain sid.
Yes, there are *2* next rid attributes. The problem is that we don't 'own'
the entire RID space - we can only allocate RIDs that could be 'algorithmic'
RIDs. Therefore, we use the fact that UIDs in 'winbind uid' range will be
mapped by IDMAP, not the algorithm.
Andrew Bartlett
(This used to be commit 3e07406ade81e136f67439d4f8fd7fe1dbb6db14)
|
|
unix_strlower semantics.
Andrew Bartlett
(This used to be commit 93bdd1a2925edb9dea3e85d8b025a65460896c05)
|
|
(This used to be commit 1755d5f66221a910863cfc8a197f8d792e6b6e3d)
|
|
- pdb_guest (including change defaults)
- 'default' passdb actions (instead of 'not implemented' stubs in each module)
- net_rpc_samsync no longer assumes pdb_unix
Andrew Bartlett
(This used to be commit 4bec53c8c81019f0f06a93c4df0800bbf7281dd6)
|
|
warnings. (Adds a lot of const).
Andrew Bartlett
(This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
|
|
The work here includes:
- metze' set/changed patch, which avoids making changes to ldap on unmodified
attributes.
- volker's group mapping in passdb patch
- volker's samsync stuff
- volkers SAMR changes.
- mezte's connection caching patch
- my recent changes (fix magic root check, ldap ssl)
Andrew Bartlett
(This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)
|
|
(This used to be commit e026b84815ad1a5fa981c24fff197fefa73b4928)
|
|
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
we still need to free gid<->rid mapping and few other stuff
(This used to be commit aa4b6f8181f34196a28951264dd8b631a5deef7f)
|
|
fixed tdbsam memory corruption (and segfault)
reducing calls to pdb_uid_to_user_rid and countrary to 0 to move to a non alghoritmic rid allocation with some passdb modules.
(This used to be commit 9836af7cd623357feaec07bc49cfb78f0aa01fc3)
|
|
(This used to be commit 724390a8daabbecd236960562e0a50f62c6904f1)
|
|
The main change here is to move ldap into the new pluggable passdb subsystem
and to take the LDAP location as a 'location' paramter on the 'passdb backend'
line in the smb.conf. This is an LDAP URL, parsed by OpenLDAP where supported,
and by hand where it isn't.
It also adds the ldap user suffix and ldap machine suffix smb.conf options,
so that machines added to the LDAP dir don't get mixed in with people.
Non-unix account support is also added. This means that machines don't need to
be in /etc/passwd or in nss_ldap's scope.
This code has stood up well under my production environment, so it relitivly
well tested.
I'm commiting this now becouse others have shown interest in using it, and
there is no point 'hording' the code :-).
Andrew Bartlett
(This used to be commit cd5234d7dd7309d88944b83d807c1f1c2ca0460a)
|
|
(This used to be commit 8bb2a7446ed69020086aaedf2889795dd38ef9d4)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
(This used to be commit 3db417c2ebfda0d5872dee39e36edc4fb6299b9a)
|
|
Modules now name themselves, which should allow for sane behaviour when we get
an 'extern' passdb module (which in turn loads a .so).
Fix up tdbsam for non-unix-accounts. Not sure if this fixes idra's bug, but
its a start...
Andrew Bartlett
(This used to be commit 7d576d89d7b4a7b95e87a844568d7d7cd89f0542)
|
|
idra has promised not to revert these this time :-)
(This used to be commit f556ad67e82518f5a024ffe9184ff9430ab5c541)
|
|
(This used to be commit 57a145bff6b382e6dc9a9af96451175d81462c8d)
|
|
(This used to be commit 7f7a15e09a53a03dd423d40201f037f8da049cd7)
|
|
We are not going to reuse any getpw* call, so the extra alloc,copy and free
only uses extra memory and extra cpu time for nothing.
(This used to be commit 5c0bb0487bec00df494b72b64ddf274f42bfefea)
|