Age | Commit message (Collapse) | Author | Files | Lines |
|
Andrew Bartlett
(This used to be commit 007143e2435904d941a62934986ac54e343f4936)
|
|
- change update behaviour for new RIDs:
- store the new RID into the SAM_ACCOUNT, so that the caller get's it back
automaticly
- use this to make the code paths simpiler for the normal 'need_update' code.
We must always store a RID if we intend to use the sambaAccount objectClass
Andrew Bartlett
(This used to be commit 5edeee5116b9c775a1bded1d53cb2b22c7a2765f)
|
|
unix_strlower semantics.
Andrew Bartlett
(This used to be commit 93bdd1a2925edb9dea3e85d8b025a65460896c05)
|
|
sambaAccount requires the rid to be present, and doing this fallback is quite
dangerous, becouse it assumes that alorithmic RIDs are in use - which is quite
often not the case.
Also finish of vl's work on 'use a function pointer, not embedded logic' to
tell lower levels that they should/should not attempt to set the user's password
into LDAP with the extended operation.
Andrew Bartlett
(This used to be commit 715d0bd804b6bff4c0b365f98ca196d41ed9c5c4)
|
|
(This used to be commit ca489db7d3d4713401da3627b563af3cbef82c58)
|
|
This might help avoid killing the ldap server when all 100 smbd processes
reconnect in pulses...
Also, reduces the maximum wait time, as SMB clients will time out after 30
seconds anyway...
Andrew Bartlett
(This used to be commit 08c5aaae6a92d6ee14f9bf8e3330191718e84edf)
|
|
leak fixes. (secrets.c portion)
Andrew Bartlett
(This used to be commit 3ea8fdd0361623b38f30f0b815dc4935e2e17447)
|
|
This allows us to join as a BDC, without appearing on the network as one
until we have the database replicated, and the admin changes the configuration.
This also change the SID retreval order from secrets.tdb, so we no longer
require a 'net rpc getsid' - the sid fetch during the domain join is sufficient.
Also minor fixes to 'net'.
Andrew Bartlett
(This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
|
|
(This used to be commit dfbd2a2e7a5f0f2713bc48daa24d43b07f187d14)
|
|
- Fix typo in script/installswat.sh
(This used to be commit 8d2aec7a73d41a9d32c10abd1c8833ebfd41dd77)
|
|
(This used to be commit 9c9d969c93400d91a12e78635d54e1c5f90efab8)
|
|
I could not fix the "passing arg 5 of `ldap_search_s'" completely with
gcc -Wall. A non-developer compile does not complain though.
Volker
(This used to be commit cf923d713305620278e3759599247d3cf7aa0e2f)
|
|
(This used to be commit 1755d5f66221a910863cfc8a197f8d792e6b6e3d)
|
|
(This used to be commit c131c128e396a944e979992d9a5ac76e8b6e653b)
|
|
add on update)
(This used to be commit 3ebecc662e0ace4a87153aabe644dcf18969435b)
|
|
from HEAD).
Andrew Bartlett
(This used to be commit be27fa2986767fca1876ea5f886d9fb4c7000660)
|
|
are handled, though we assume that always everything needs to
be updated in LDAP. PDB_IS_* is not done yet for groups.
Do we need it?
Volker
(This used to be commit 091f8f94486057b33f0409887ba09000a8415f4c)
|
|
from the server, not just the error code translation.
Andrew Bartlett
(This used to be commit 92415441fdc0f7d7c8b338d4cd4bbbba5418f88e)
|
|
easier to understand by moving the logic for init_ldap_from_sam
and friends around.
Volker
(This used to be commit 09a92984baaee94521d0cacf16daaf0291242b42)
|
|
Apply metzes patch (hopefully) correctly this time
Volker
(This used to be commit e52a2d5d49e3c784d5db06bade2c866422258fcc)
|
|
are 'SET' when adding the account.
I really don't like passing flags down to inner routines and
complicated if/else conditions, but this time he might be right. ;-)
Volker
(This used to be commit 339c14906802db6ddb59f07a0c71dcc3c73cc3d6)
|
|
This adds 'ldap delete dn' as the recommended parameter
for the 'ldap del only sam attr' functionality. So
we are compatiple to the current SuSE patches as well
as to TNG... ;-)
Volker
(This used to be commit 53b5704ff21de6fce097d74dd7f235d3ceccec66)
|
|
> Hi Volker,
>
> if 'displayName' is not available we should fallback to 'cn' for map->nt_name
> 'cn' is used as unix group name by nss_ldap.
>
> and if nt_name is not available we should fail (so does this patch)
Volker
(This used to be commit 7ae9c2500e3ac5f671d41077327156f1f3767fff)
|
|
This repairs domain join with fully existing wks-account which I broke
with my last patch...
Volker
(This used to be commit bc59912aa10e5000225110e48ad548f19756bed5)
|
|
anymore, but instead look at what is currently stored in the
database. Then we explicitly delete the existing attribute and add the
new value if it is not NULL or "". This way we can handle appearing
and disappearing attributes quite nicely.
This currently breaks pdbedit -o, as this does not set the CHANGED
flag on the SAM_ACCOUNT.
Jelmer suggested that we set all the fields on CHANGED in
context_add_sam_account. This sounds not too unreasonable.
Volker
(This used to be commit a75015c9ce8246670ee7c7d73df585390696fe95)
|
|
- pdb_guest (including change defaults)
- 'default' passdb actions (instead of 'not implemented' stubs in each module)
- net_rpc_samsync no longer assumes pdb_unix
Andrew Bartlett
(This used to be commit 4bec53c8c81019f0f06a93c4df0800bbf7281dd6)
|
|
'minimum password age' during a password SET.
Andrew Bartlett
(This used to be commit dd6516e2e87cbe6bcbc371756d99ebb3b5617c2b)
|
|
(This used to be commit 62d5a78b024898485f610b5d9db1a6d9a5c68c21)
|
|
a void)
(This used to be commit 55681422e97ede0ff9446925c7678d6254b13878)
|
|
used to be commit 6f94672d3da070aae0b17f4dcdc6cd119b68d84c)
|
|
put a doc about it in dev-doc later today.
(This used to be commit af7bfee0c6902c07fdb8d3abccf4c8d6bab00b5a)
|
|
Volker
(This used to be commit f42032060812e9bf409042c790e71fefb40ff17a)
|
|
This patch is heavily based on a patch by SuSE. Thanks
to Guenther Deschner <gd@suse.de> for providing it.
Volker
(This used to be commit 5eaf9195eefda5ababba85cc0f6d581ff6f0f454)
|
|
(This used to be commit 12110a263b5ac65d6b965ccbe19b7be3025f0373)
|
|
(This used to be commit aa9b8382d38346cb3e94ddf2e7caf6d663034579)
|
|
Volker
(This used to be commit a5218499eb3f0a62cd663a06157591fbb0dfcbef)
|
|
Volker
(This used to be commit da83d97eb50c3c3a67985e22410842100207431f)
|
|
Volker
(This used to be commit f0f1518fc450834725902e9cdf33fb8d35f99360)
|
|
Original message:
This patch attemptes to clean up winbindd's mutex locking.
The current locking scheme in winbind is a complete mess - indeed, the
next step should be to push the locking into cli_full_connection(), but
I'll leave it for now.
This patch works on the noted behaviour that 2 parts of the connection
process need protection - and independent protection. Tim Potter did
some work on this a little while back, verifying the second case.
The two cases are:
- between connect() and first session setup
- during the auth2 phase of the netlogon pipe setup.
I've removed the counter on the lock, as I fail to see what it gains us.
This patch also adds 'anonymous fallback' to our winbindd -> DC connection.
If the authenticated connection fails (wbinfo -A specifed) - say that
account isn't trusted by a trusted DC - then we try an anonymous.
Both tpot and mbp like the patch.
Andrew Bartlett
(This used to be commit b5283c00a900393b83f0edb2785c5caf402404eb)
|
|
Volker
(This used to be commit 115cd4b27f84343c7f98622717edda6da4866a6b)
|
|
Volker
(This used to be commit e8975d6e7bdcceb78a83a3446cf1430e1e3f1a72)
|
|
Andrew Bartlett
(This used to be commit 21add5f97d0d112094e34a02e6319991a1d2af4d)
|
|
- packing/unpacking utility functions for trusted domain
password struct; can be used to prepare buffer to store
in secrets.tdb or (soon) passdb backend
- similiar functions for DOM_SID
- respectively modified secrets_(fetch|store) routines
- new auth mapping code utilising introduced is_trusted_domain
function
- added tdb (un)packing of single bytes
Rafal
(This used to be commit 5281ee7e84421b9be746aed2f1718ceaf2a2fe3d)
|
|
The current locking scheme in winbind is a complete mess - indeed, the
next step should be to push the locking into cli_full_connection(), but
I'll leave it for now.
This patch works on the noted behaviour that 2 parts of the connection
process need protection - and independent protection. Tim Potter did
some work on this a little while back, verifying the second case.
The two cases are:
- between connect() and first session setup
- during the auth2 phase of the netlogon pipe setup.
I've removed the counter on the lock, as I fail to see what it gains us.
This patch also adds 'anonymous fallback' to our winbindd -> DC connection.
If the authenticated connection fails (wbinfo -A specifed) - say that
account isn't trusted by a trusted DC - then we try an anonymous.
Both tpot and mbp like the patch.
Andrew Bartlett
(This used to be commit 0620320002082298a15cbba72bd79aecfc607947)
|
|
- Add smb_probe_module()
- Add init_modules()
- Call these functions
(This used to be commit f8f21653225792c0001d183c6efe8b7d89a0785d)
|
|
Andrew Bartlett
(This used to be commit 9ef0d40c3f8aef52ab321dc065264c42065bc876)
|
|
(This used to be commit 523d1429b1072c999d376d2b4e13a1c08349990a)
|
|
The intention is to remove the muliple passdb backends, but we need the
'guest' account to always be there. If the admin adds the guest account to
(say) LDAP, there will only be one backend required for operation.
This helps remove some nasty behaviours with adding accounts to the system
for both the RPC 'create user' and the SAMSYNC code. Users 'added' with
an 'add user/machine' script won't magicly appear, and machine accounts
'pre-added' to unix, but not the smbpasswd file will not cause mayhem.
This commit also implements somthing tridge discussed with me, the concept
of 'default' passdb operation pointers - so that each backend does not
need it's own stub funcitons wrapping the default tdb privilages/group
mapping code.
This also removes an implicit 'sid->name' and 'name->sid' mapping from our
own local SID space, to winbind usernames. When adding mapping for NIS/LDAP
non-sam users in future, we need to be careful.
Andrew Bartlett
(This used to be commit 6f32fa234961a525760a05418a08ec48d22d7617)
|
|
used to be commit c31455779d7948e866fe1916425c3746134dea01)
|
|
hooked into pdb, and we need some access control on changing privileges. That's next
(This used to be commit f4f1f84a6bf1d356ccc83f0ecb135bef4a39619e)
|