| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
fails.
Andrew Bartlett
(This used to be commit 56009ffbaa00259d15f286248a7ab73c55371819)
|
|
(This used to be commit 9282aa02d44ae7a7688e8399b397aae35f73ddd1)
|
|
(This used to be commit 88d8897e21749f177952b264031aa386bbbeaaeb)
|
|
> Don't put two copies of the server name in construct_printer_info_1()
(This used to be commit 47b1003bc5a069e84cb20df507022e5ff3e93832)
|
|
we still need to free gid<->rid mapping and few other stuff
(This used to be commit aa4b6f8181f34196a28951264dd8b631a5deef7f)
|
|
Jeremy.
(This used to be commit 2e3133fbe5531b9bbc9bf46a04b27fa58e555f5a)
|
|
fixed tdbsam memory corruption (and segfault)
reducing calls to pdb_uid_to_user_rid and countrary to 0 to move to a non alghoritmic rid allocation with some passdb modules.
(This used to be commit 9836af7cd623357feaec07bc49cfb78f0aa01fc3)
|
|
(This used to be commit ddb5753e36b8c5efb48ce5c82c16d970fb8e76b6)
|
|
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
|
|
in the reverse).
* add in new printer change notify code from SAMBA_2_2
* add in se_map_standard() from 2.2 in _spoolss_open_printer_ex()
* sync up the _print_queue_struct in smb.h (why did someone change the
user/file names in fs_user/fs_file (or vice-versa) ? )
* sync up some cli_spoolss_XXX functions
(This used to be commit 5760315c1de4033fdc22684c940f18010010924f)
|
|
(This used to be commit d7efc5dd3dd712e7138b5c79eea9756125757175)
|
|
(This used to be commit dfd51bc8d0714473880bf50369f7994304c1d83f)
|
|
lookup_domain calls. We were incorrectly returning the PDCs domain
nameand SID when we are a domain member. We should only do that when
we are the DC
(This used to be commit f56d689497eaa670cbfb214486ba88d5972129db)
|
|
(This used to be commit 66eb969ade0dfde355df3e308dccbc9522087eef)
|
|
(This used to be commit 4960692e958c986ca7f71e091333300310b0e0b2)
|
|
Jeremy.
(This used to be commit d31d2dcd22e1be2c26ea315e1b0e8442822a9a0f)
|
|
Should allow the buggy spoolss code on NT to work against us.
Jeremy.
(This used to be commit 2b3609a7dd55d96f5aafe137fff1ac2da0434867)
|
|
Jeremy.
(This used to be commit 2b85d3570c2b149049482c3878c50cf8f5bfca61)
|
|
(This used to be commit a7fa0733badad66ae610eac5e01569cf264976f3)
|
|
change, just in different packets.
(This used to be commit ffa6c61f0bb0c413d4bcc46da3bc879c40a40569)
|
|
Simply add an account (smbpasswd -a -i REMOTEDOM) and join with 'user manager'
on the remote domain.
The only issue (at the auth level at least) that prevented NT4 domains from
trusting Samba was that our netlogon code was based on what appear to be
invalid assumptions.
The netlogon code appears to assume that the 'client name' specified
corrosponds to an account of the same form. This doesn't apply in trusted
domains, becouse the account is in the form domain$
Now that we use the supplied account name, and no longer make our access
control checks at the challange stage (where this info is unavailable) we
match the Win2k behaviour for invalid machine logins, and don't need to know
the names of PDCs/BDCs in trusting domains.
We also kill off the 'you logged on with a machine account, use your user
account' error message, becouse the previous NT_STATUS return was compleatly
bogus. (The ACCESS_DENIED we now return matches Win2k, and gives snane error
messages on the client).
TNG doesn't use this and has to do magic password syncs between the various
accounts for domain/pdc/bdc. This patch feels like the much more natural way
of doing things, and has been mildly tested.
Andrew Bartlett
(This used to be commit 542673fcd6654a1d0966dddadde177a4c4ce135d)
|
|
Remove a stray 'unbecome_root()' in the ntdomain an auth failure case.
Only allow trust accounts to request a challange in srv_netlogon_nt.c.
Currently any user can be the 'machine' for the domain logon. MERGE for 2.2.
Andrew Bartlett
(This used to be commit 0242d0e17827b05d8cd270f675d2595fa67fd5b9)
|
|
Jeremy.
(This used to be commit 28d4e7a3e2bd8f15ef807b821e4300a72bbc6904)
|
|
(This used to be commit c8dc59dfe877f63bea6976b7d7fd448e0c8722ba)
|
|
(This used to be commit 505119f0a7c6f10fd7e580edfe1bd0fb6ec36428)
|
|
(This used to be commit 63ab947fd9dd17a4c370402e74b389458bbd3a60)
|
|
(This used to be commit 25fb4a8d110bcdcbe7822a833cab9cfdec8a1fb2)
|
|
(This used to be commit 696d439515016e4c2bc5ad085e443abe43c95136)
|
|
(This used to be commit e18a7c26476e05f95850ac2bbeb42c2588115741)
|
|
(This used to be commit 09fc979172327d6396642e824f6d482c6f986850)
|
|
Jeremy.
(This used to be commit 771ef92fc6e43725b7cc351079998a8acb74abef)
|
|
(This used to be commit e734c1971d2841b2cfe37414fe4893f4a66b22a9)
|
|
rpcs. The only one I have been able to verify is addform - can't get the
client side routines working properly yet. )-:
(This used to be commit 3cd97d65dea428382104ebde63eaf660aa3942fb)
|
|
non-domain Samba server from a NT4 client.
Note that this exactly reverses a change by Jeremy on the 18th of
December 2001, reverting the code back to what JF originally wrote. I
have looked carefully with a sniffer and JFs original NULL sid is
correct (ie. it matches what NT4 does) and also fixes the problem.
Sending a blank sid (which is what jeremy's patch did) causes NT4 to
give a classic "parameter is incorrect error" and prevents the
addition of new ACLs.
(This used to be commit 9930cf97330dd93985c5558cec6b24406e90c228)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
(This used to be commit e3b87ffc8c26f9fd4c3e8181897b8812b7dc4ab6)
|
|
and its new args.
(This used to be commit e7b3d64f6055b5d3b036f525f0ece3c9479d4f7a)
|
|
in become_root()/unbecome_root().
Also only allocate the memory the client reqests - and don't allow the client
to trigger an SMB_ASSERT if they ask for 'more'.
Up the maximum number of sids allowed, and note that this is an arbiary guess,
and can be raised without consequence.
Andrew Bartlett
(This used to be commit 6e7667125d142670db7393ed7a48386f3821d896)
|
|
calls from rpc_parse/parse_net.c - instead these values are passed as a
paramater.
Unfortunetly some there is still some samr work to be done before this is
actually useful.
Andrew Bartlett
(This used to be commit 4fc9e16ad7a77cf2e37b27640c0dec2052e9cda0)
|
|
Jeremy.
(This used to be commit 27f65b3aad13ecd33bbb84048d70e3dde212f278)
|
|
Benjamin (Bj) Kuit bj@it.uts.edu.au.
Jeremy.
(This used to be commit 5f4de275a3a63a95e76d077ffc94321a078833bf)
|
|
Jeremy.
(This used to be commit 0db93d8752197e213f0974edae53e2dafdd77b51)
|
|
(This used to be commit 6025ab201aa34bbf4a7e897149ef6ba370a89703)
|
|
Jeremy.
(This used to be commit 6406a42d012184f5289d4a2b1c07a55556635fe4)
|
|
(This used to be commit 38d2d26af9ef4d90dcb57fa940267f7136876191)
|
|
I *love* automated testing - this one got picked up by the build farm.
Andew Bartlett
(This used to be commit b19296172a75449a27eb9f674c74c462b146e717)
|
|
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
|
|
This time its the pdb_getsampwuid() function - which was only being used by the
SAMR rpc subsystem to gain a 'user session key'. This 'user session key' is
actually generated at login time, and the other changes here simply move that
data around.
This also means that (when I check some details) we will be able to use the
user session key, even when we are not actually the DC, becouse its one of the
components of the info3 struct returned on logon.
Andrew Bartlett
(This used to be commit 799ac01fe08a338e4e94289f5d6767ebf905c1fa)
|
|
degree of seperation betwen reading/writing the raw NamedPipe SMB packets
and the matching operations inside smbd's RPC components.
This patch is designed for no change in behaviour, and my tests hold that to be
true. This patch does however allow for the future loadable modules interface
to specify function pointers in replacement of the fixed state.
The pipes_struct has been split into two peices, with smb_np_struct taking the
information that should be generic to where the data ends up.
Some other minor changes are made: we get another small helper function in
util_sock.c and some of the original code has better failure debugs and
variable use. (As per on-list comments).
Andrew Bartlett
(This used to be commit 8ef13cabdddf58b741886782297fb64b2fb7e489)
|
|
smbd, and also makes it much cleaner inside winbindd.
It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.
The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.
This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).
Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).
I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string. The actual structures are unchanged
- but the meaning of 'username' in the 'rid' will have changed. (The cache is
invalidated at startup, so on-disk formats are not an issue here).
Andrew Bartlett
(This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
|
