Age | Commit message (Collapse) | Author | Files | Lines |
|
This patch add privilege support for samba
Currently it is implemented only for tdbsam backend but estending it to
other sam backends is straightforward.
I must make a big thank to JFM for his teachings on the matter and the
functions at the base of this work.
At thye moment only samr_create_user honours SeAddUsersPrivilege and
SeMachineAccountPrivilege to permit any user to add machines and/or users to
the server.
The command "net priv" has been provided to manipulate the privileges
database.
There are still many things to do (like support in "net rpc vampire") but
the working core is here.
Feel free to comment/extend on this work.
Of course I will deny that any bug may affect this code :-)
Simo.
This patch adds also my patch about add share command enhancements.
(This used to be commit 7a78c3605e203bd8e0d7ae244605f076a5d0b0bc)
|
|
(This used to be commit 90ae3667448be9b3445f401bcd9d7e3eba374215)
|
|
(This used to be commit c77baee0f17fd44e333c8db6a9cae33f649a6701)
|
|
(This used to be commit 428504b5508e9e0f9cbc0dc8041f25f06de52f88)
|
|
meaning of fields_present bit mask. Also avoid it being saved in backends (0
is saved where removing the unit32 would have produced a format change).
Also add support in samr functions to correctly interpret the flags.
Flags still not set properly (eg. still set all flags 0xffffff as previous
code), need a tool to test this properly (I',ve done preliminary tests with
samba4 rpc torture and it seem to work properly against w2k).
2. Patch for handlig the flag user must change password at next logon
in usrmgr based on Jianliang Lu <j.lu@tiesse.com> patch
(This used to be commit 78975e9483e64412e436c5dbfe2b71e20b79de29)
|
|
(This used to be commit 4c877ccc16bcb69490c4d34d2ef5f727bf98438e)
|
|
(This used to be commit 89a8c607af4ca67fcefe285480f7c9b832f6720c)
|
|
UNIX entity foo to DOMAIN\foo instead of SERVER\foo
on members of a Samba domain when all UNIX accounts
are shared via NIS, et. al.
* allow winbindd to match local accounts to domain SID
when 'winbind trusted domains only = yes'
* remove code in idmap_ldap that searches the user
suffix and group suffix. It's not needed and
provides inconsistent functionality from the tdb backend.
This has been tested. I'm still waiting on some more feedback
but This needs to be in 3.0.1pre2 for widespread use.
(This used to be commit cac4723e206bd001882011c9e12327064d032268)
|
|
(This used to be commit 512a81c9fd4490cb6f9b1cc88cdb9238d21decb1)
|
|
* add server support for DsEnumerateDomainTrusts()
(This used to be commit 06bacf6e3434db5bd09b48f84206441712e69a63)
|
|
(This used to be commit 0ed85e6a2dff0953dbbd5ff4723ef6941ec32850)
|
|
laternative to the current passdb).
Currently it is run through a comatibility module in the passdb layer, with
a subset of the functionality it may provide.
It is still work in progress, but as someone asked me about it, and as it
should make no difference to the normal code, I tought it was a good idea to
put it into.
It adds a dependency on perl. I know it is not very nice, but I'm sure we
will work out a solution for that.
As always blame me if I break something, but try to fix yourself, as I am
busy-busy-busy :-)
Simo.
(This used to be commit 7b3c94b5cfc1a9ceb430613353a937345f2eda74)
|
|
>Ensure we consistantly translate to/from utf8 for talking to LDAP.
>Jeremy.
(This used to be commit 5b0753bd98ffef5133da31f1c47a45e794d0bb72)
|
|
(This used to be commit 3d71340e5c1bf3397e69897bbc8434bbaa503a75)
|
|
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
|
|
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
|
|
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE
(This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
|
|
(This used to be commit 69c84ad06b759da2246b3c00155a43e90f45a7f6)
|
|
(This used to be commit a1326ea34831bf49942f7bcb954999091c3ea820)
|
|
Jeremy.
(This used to be commit e12934c67b6aea9e3e449009e159ce6814dcbd11)
|
|
add winbindd_passdb backend
this makes it possible to have nua accounts on security = user servers to
show up in unic through nss_winbind.so
the problem is that we do not have group support, so nss group support is
not very good at this time (read: totally absent)
we NEED group support in passdb
(This used to be commit 921215cf4bfbd4d7457f81e181bb1a74a4531ca1)
|
|
make a new sam_Account contain our domain by default, windows will complain
on logon otherwise.
fix stupid typo in idmap_util.c
(This used to be commit 21701876dc6c59ebfc51be708a98226a00a764e0)
|
|
correctly handle allocated rids in tdbsam
(This used to be commit 7ae6162e1dd668897628c4f7edff508616644d21)
|
|
add group mapping mappings to idmap at startup
(This used to be commit 62365023db61d5a4fa32845af3db73bce6cb94ea)
|
|
(This used to be commit 568feee8977ee1be210344c8ab1896512894cba2)
|
|
plus internal fixes
1st stage
(This used to be commit 6d036761e565bc93964bb3c939d5b7d78d5778a3)
|
|
few fixes to *id_to_*id functions, we don't set the mapping for algoritmic
RIDs, they are resolved in the classic way
eliminate getpw* calls from tdbsam
(This used to be commit 6a7689cf74cd4d5f29e0b12f4bf8ac3051d49157)
|
|
(This used to be commit db571a9fd7fbce1c13ed652616ad9725db00b49f)
|
|
SAM_ACCOUNT does not have anymore uid and gid fields
all the code that used them has been fixed to use the proper idmap calls
fix to idmap_tdb for first time idmap.tdb initialization.
auth_serversupplied_info structure has now an uid and gid field
few other fixes to make the system behave correctly with idmap
tested only with tdbsam, but smbpasswd and nisplus should be ok
have not tested ldap !
(This used to be commit 6a6f6032467e55aa9b76390e035623976477ba42)
|
|
(This used to be commit 3c2963f8e3f98ecae9fe59336c35000cf4d386c5)
|
|
(This used to be commit f7041ec5d74475013c839b5ea9ecac10322e5e65)
|
|
change idmap_init call
removed ldap backend for winbind idmap, seem it had problems anyway and it
have to be reworked to work with idmap without calling winbind code.
simo
(This used to be commit 9d7d007443fc75264b2764b90f272ffc40c9be6c)
|
|
(This used to be commit ff051e9cf4b468aa9fe7e3f84483571d3d2de556)
|
|
make idmap not map SIDs outside the uid/gid range defined by default
this is to keep backward compatibility
(This used to be commit bec45093c379915082d7b7f44113f5c17110d123)
|
|
smb.conf parameters along with some other small fixes. Binary
compatible with older modules.
(This used to be commit aa07b12fda732ca19d8dc41cebc7bb09e2549a30)
|
|
fix debug, add "idmap" string to the list of classes
fix idmap, check init failures, and enhance debugging
fix idmap_tdb, _do_ init uid and gid low,high states (too bad I missed that
before)
fix smbd/uid.c, use gid_t for gids and uid_t for uids
(This used to be commit bc95de4ebb014080bc70173e7df94c672cea8df6)
|
|
places where it was used, this caused me segfaults in the last week :(
add more debugging in idmap to chase down a problem
(This used to be commit 6393105bda12fb3f6211e4f0128aabf588431b49)
|
|
(This used to be commit aeaa60c8432fe06ad51bac52f473e5fdc6c00afc)
|
|
(This used to be commit 9374f8692f6587b5f773c72b7847b64edeee9614)
|
|
(This used to be commit ad1a2ab0d6330a0b0fbce7b30ec5f6f502133921)
|
|
first run if idmap.tdb is not found, and then eventually convert it to the
new format.
This is done to unify winbind and idmap databases and to make a backup of
winbindd_idmap.tdb in case you want to downgrade (of course it will not be
updated).
This is needed because idmap.tdb contains also local mappings, not only
foreign domains mappings.
Added some other fixes/improvements
Simo.
(This used to be commit cf17261519fd8775500f9b9d6caa2bc462e04633)
|
|
(This used to be commit 5ac94535d7b7ce0cc0d44b9a77d6e42ddfd0cd26)
|
|
(This used to be commit 9c706be7b4417a1dc36866c3bad7a156f30b8af6)
|
|
includes a --with-idmap=no switch to disable idmap usage if you find
problems.
cosmetic fixes and param aliases to separate winbind from idamp roles.
A temporarily remote idmap winbind compatibility backend.
As I have time I will further change code to not call directly winbind
(partly done but not tested) and a specilized module will be built in place
for the current glue hack.
The patch has been tested locally in my limited time, the patch is simple and
clear and should not reserve problems, if any just disable it.
As usual, comments and fisex are welcome :-)
Simo.
(This used to be commit 02781320476ed1b7ee5d943fa36f9a66ab67f208)
|
|
- Add some const
(This used to be commit e149e70717f38e082ce35d55f9b4d84ba8419af7)
|
|
two layers structure with
- local tdb cache
- remote idmap repository
compiles
(This used to be commit 8fb4e210bc7564ed491d121c20d598ba0bfbddff)
|
|
(not tested yet)
(This used to be commit 0d6cec90c13731827abcbc61974efc993e794003)
|
|
(This used to be commit 8338e74ac4e5f31150c96f459a67e52090dc6013)
|
|
genparser works fine, and it is a marvelous tool to store objects in tdb :)
(This used to be commit 4c6d461a8572f03cd33cba95500cc837638b732c)
|
|
- Building a tdbsam2 backend to see what I got right and what not about the proposed API
- Corrections to API based on tdbsam2 work
(This used to be commit 54f11b7de84233209b7db2d01d876f9c6c6340d6)
|