summaryrefslogtreecommitdiff
path: root/source3/smbd/server.c
AgeCommit message (Collapse)AuthorFilesLines
2003-07-08Moved SAM_ACCOUNT marshall/unmarshall functions to make them externallyJeremy Allison1-2/+0
available. Removed extra auth_init (thanks metze). Jeremy. (This used to be commit 88135fbc4998c266052647f8b8e437ac01cf50ae)
2003-07-07and so it begins....Gerald Carter1-13/+1
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-07-04This patch cleans up some of our ldap code, for better behaviour:Andrew Bartlett1-7/+13
We now always read the Domain SID out of LDAP. If the local secrets.tdb is ever different to LDAP, it is overwritten out of LDAP. We also store the 'algorithmic rid base' into LDAP, and assert if it changes. (This ensures cross-host synchronisation, and allows for possible integration with idmap). If we fail to read/add the domain entry, we just fallback to the old behaviour. We always use an existing DN when adding IDMAP entries to LDAP, unless no suitable entry is available. This means that a user's posixAccount will have a SID added to it, or a user's sambaSamAccount will have a UID added. Where we cannot us an existing DN, we use 'sambaSid=S-x-y-z,....' as the DN. The code now allows modifications to the ID mapping in many cases. Likewise, we now check more carefully when adding new user entires to LDAP, to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount onto the idmap entry for that user, if it is already established (ensuring we do not duplicate sambaSid entries in the directory). The allocated UID code has been expanded to take into account the space between '1000 - algorithmic rid base'. This much better fits into what an NT4 does - allocating in the bottom part of the RID range. On the code cleanup side of things, we now share as much code as possible between idmap_ldap and pdb_ldap. We also no longer use the race-prone 'enumerate all users' method for finding the next RID to allocate. Instead, we just start at the bottom of the range, and increment again if the user already exists. The first time this is run, it may well take a long time, but next time will just be able to use the next Rid. Thanks to metze and AB for double-checking parts of this. Andrew Bartlett (This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e)
2003-07-02Fixing problems in the iconv discovery stuff in configure.in.Richard Sharpe1-0/+1
This is the first part of the fix that at least allows configure to walk the list of supplied locations where libiconv etc might be found. aclocal.m4 also needs a fix, as does a later test. (This used to be commit 20786543139c546d112f8f6b6d4d796ee7fed609)
2003-06-27Some const correctness. Stop tdb being used as a remote backend. If anJeremy Allison1-2/+6
idmap backend is specified cause smbd to ask winbindd (use winbindd if you want a consistant remote backend solution). Should work well enough for next beta now... Jeremy. (This used to be commit 8f830c509af5976d988a30f0b0aee4ec61dd97a3)
2003-06-21merge of the netsamlogon caching code from APPLIANCE_HEADGerald Carter1-3/+0
This replaces the universal group caching code (was originally based on that code). Only applies to the the RPC code. One comment: domain local groups don't show up in 'getent group' that's easy to fix. Code has been tested against 2k domain but doesn't change anything with respect to NT4 domains. netsamlogon caching works pretty much like the universal group caching code did but has had much more testing and puts winbind mostly back in sync between branches. (This used to be commit aac01dc7bc95c20ee21c93f3581e2375d9a894e1)
2003-05-27More fixes for builddir != srcdir.Tim Potter1-0/+6
- Use absolute directories for $builddir and $srcdir in the Makefile - Don't try and combine source files in $builddir and $srcdir to build proto.h. It's just too hard to get it right across all targets we wish to compile on. Use a hand created prototype for the single function in smbd/build_options.c that we need. This allows us to ditch all the extra sed work that was causing problems: \t not portable - hah! - Fix bogus delheaders target to remove the correct files This appears to work quite nicely now. Let's see how it goes on the buildfarm machines. (This used to be commit 456184463d35c18840c39cb3483b7136247ea764)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-0/+6
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-05-10Reverse previous patch from Stefan and me after comments by Andrew BartlettJelmer Vernooij1-7/+0
(This used to be commit d817eaf0ecca2d878ab1ffcf7a747a02d71c811e)
2003-05-10Patch from metze and me that adds dummy smb_register_*() functions soJelmer Vernooij1-0/+7
that is now possible to, for example, load a module which contains an auth method into a binary without the auth/ subsystem built in. (This used to be commit 74d9ecfe2dd7364643d32acb62ade957bd71cd0d)
2003-05-06Patch from metze to add exit and interval events. Useful for modulesJelmer Vernooij1-0/+3
(This used to be commit 3033a63cefb5f28d4460885f7f4e4ecaed95443c)
2003-04-23Merge HEAD's winbind into 3.0.Andrew Bartlett1-0/+1
This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code, the winbind_idmap abstraction (not idmap proper, but the stuff that held up the winbind LDAP backend in HEAD). Andrew Bartlett (This used to be commit d4d5e6c2ee6383c6cceb5d449aa2ba6c83eb0666)
2003-04-16Add support for the new modules system to auth/ (merge from HEAD)Jelmer Vernooij1-0/+4
(This used to be commit c7a1de090db35835be1a1623bfc80c04065c5dd9)
2003-04-14Merge:Tim Potter1-23/+0
- debugging tdb messages now initialised and handled in lib/messages.c (This used to be commit 380875de779f2519d9ce8735362484021388b4eb)
2003-04-14Merge Jelmer's popt updates from HEAD.Tim Potter1-6/+2
(This used to be commit 98e84b3e83d2a365c818ea64f9418edb29d690f2)
2003-03-30update copyright notice since it we are now almost 4 months into 2003Gerald Carter1-1/+1
(This used to be commit 0751d2f117b4274dd19388d856de75d9fc739865)
2003-03-18Add an extra parameter to our 'set_remote_machine_name' andAndrew Bartlett1-2/+2
'set_local_machine_name' so that the client can't change it from under us. (.NET RC2 and WinXP install calls the machine 'machinename' during NTLMSSP on the domain join). Andrew Bartlett (This used to be commit 4c7163e7c2cc09bd95faa05156ee480957a7a4d8)
2003-02-05Check for too many processes *before* the fork.Jeremy Allison1-2/+36
Jeremy. (This used to be commit be54b1b831b0bd6c428558131ea600c46433c090)
2003-01-30Add 3 second timeout when terminating server and sending print notifyJeremy Allison1-1/+1
messages. Stops build-up of large numbers of smbd's waiting to terminate on large print throughput. Jeremy. (This used to be commit 07efebb98473cb3d4adc6b2e0afef3f06dcc99b8)
2003-01-14make -i flag work lik eit did in 2.2Gerald Carter1-2/+5
(This used to be commit 5d821c0e23f96f4da6a29a6bebf800532fcf1aa6)
2003-01-09Moved smbd process counting functions from smbd/server.c to smbd/process.cHerb Lewis1-30/+0
so that bin/vfstest can link. merge from head (This used to be commit 9151cd7d64a1ee1277cbcfb3e7ed61c32c1037cf)
2003-01-08Ensure we don't get an invalid number for total smbd's if the tdb updateJeremy Allison1-1/+17
fails. Jeremy. (This used to be commit e0482594724ebba801bbc39a90a73fafa54f8b9e)
2003-01-03patch to include support for daemontools from Michael HandlerGerald Carter1-2/+16
(This used to be commit a8db1b611d83bfd8dcf60f1e6d8fcbf57c798528)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-4/+5
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-12-20Forward port the change to talloc_init() to make all talloc contextsJeremy Allison1-7/+24
named. Ensure we can query them. Jeremy. (This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-17/+6
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-11-09Last sync with HEADJelmer Vernooij1-105/+27
(This used to be commit 1175b62337f5c29954cd5e8dfdc2327c9c80748c)
2002-10-31Fix slowdown because of enumerating all print queues on every smbd startup.Jeremy Allison1-4/+7
Jeremy. (This used to be commit 6efd17ef78ebcfed1130312fa019d674e4663a00)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-5/+5
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17Sync 3.0 branch with headJelmer Vernooij1-59/+98
(This used to be commit 42615b945e2e48e53a21ea47f2e45407913a6a1e)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-13/+10
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-04-11This split the mangling code up to allow for the possibility of multipleAndrew Tridgell1-1/+1
mangling implementation, selectable using "mangling method = " in smb.conf It also tidies the interface a little, although it is still nasty. (This used to be commit be23d87a178e7d0691e7d942adf89bb3d2d533c2)
2002-04-08Reintroduce the 2.2 name mangling code, until we get are more flexible solution.Andrew Bartlett1-4/+0
Even for a hash/cache setup, this code needs some more work, in particular it needs to use mangle_get_prefix() etc and to move to unicode internals. Andrew Bartlett (This used to be commit ad8aa470575c39fcbc7f1440bf1081d7ea31c0aa)
2002-03-29added shutdown to smbdJean-François Micouleau1-0/+6
J.F. (This used to be commit 51a5bbfee71e064c73283a090e9e922a31b1e21b)
2002-03-14Now we have reliable signals take SIGTERM inband.Jeremy Allison1-42/+49
Jeremy. (This used to be commit cad82926a8baf7605cef81f0e0d4daa8e527e6ee)
2002-03-05Added Herb's fix to override log level from command line.Jeremy Allison1-0/+2
Jeremy. (This used to be commit 439839be99e6e418eb5782a2fe0630d0ef5fb3c5)
2002-01-31Fix from Michael Steffens <michael_steffens@hp.com> to make signalJeremy Allison1-1/+1
processing work correctly in winbindd. This is a really good patch that gives full select semantics to the Samba modified select. Jeremy. (This used to be commit 3af16ade173cac24c1ac5eff4a36b439f16ac036)
2002-01-30Removed version number from file header.Tim Potter1-1/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-30merge from 2.2Gerald Carter1-1/+8
(This used to be commit 69a9c005c21833bdf22b72aaa3704bd14f627840)
2002-01-29Since we have dynamic initialisation in the group mapping code, makeTim Potter1-5/+0
init_group_mapping() a static function and don't call it from any client programs. Not sure whether I've made a bigger mess here or not... (This used to be commit 3c887d9021269aaa9fc0bc771af8589077e6208e)
2002-01-26Fix up a security issue with the way we handle domain groups retuned on theAndrew Bartlett1-0/+3
info3. These are RIDs, and it only makes sense to combine them with the domain SID returned with them. This is important for trusted domains, where that sid might be other than the one we currently reterive from the secrets.tdb. Also remove the become_root()/unbecome_root() wrapper from around both remaining TDB users: Both are now initialised at smbd startup. Andrew Bartlett (This used to be commit 554842e0a55155193f25aefca6480b89d5c512ca)
2002-01-18Ensure (C) message is output on startup.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 7d05175494227bf30d098e04ec91c4f0a7b7184c)
2002-01-16Roll back PSTR insertion.Martin Pool1-23/+21
Just leave the fstrcpy/pstrcpy bugfix, and conversion to pstr_sprintf rather than manual calculation of length. (This used to be commit e38e7a2bdcf2901359035ac4aa79ebf33599e0c8)
2002-01-15Convert to the new pstring interface. This diff is a pretty goodMartin Pool1-26/+29
example of the scope of change the new pstrings would entail: basically inserting PSTR() or FSTR() everywhere you need to coerce one to a char*. It's also a good example of the kind of bug we might catch: on about line 540, we were doing a pstrcpy into an fstring, which might overflow. It's not a problem in this particular case, but it is in general. (This used to be commit 5a403da4a735a8fb8d118a0a67f3a15127152e18)
2002-01-14Removed MAXSTATUS which was set incorrectly - thus causing tdb traversalJeremy Allison1-16/+9
of the connections db on smbd startup. This should fix the Solaris large load bug.... (fingers crossed). Jeremy. (This used to be commit 5b2b9c25af28543e67762805d1387524cbb6c39d)
2002-01-12Many thanks to Alexander Bokovoy <a.bokovoy@sam-solutions.net>.Andrew Bartlett1-0/+1
This work was sponsored by Optifacio Software Services, Inc. Andrew Bartlett (various e-mails announcements merged into some form of commit message below:) This patch which adds basics of universal groups support into Samba 3. Currently, only Winbind with RPC calls supports this, ADS support requires additional (possibly huge) work on KRB5 PAC. However, basic infrastructure is here. This patch adds: 1. Storing of universal groups for particular user logged into Samba software (smbd/ two winbind-pam methods) into netlogon_unigrp.tdb as array of uint32 supplemental group rids keyed as DOMAIN_SID/USER_RID in tdb. 2. Fetching of unversal groups for given user rid and domain sid from netlogon_unigrp.tdb. Since this is used in both smbd and winbindd, main code is in source/lib/netlogon_uingrp.c. Dependencies are added to AUTH_OBJ as UNIGRP_OBJ and WINBINDD_OBJ as UNIGRP_OBJ. This patch has had a few versions, the final version in particular: Many thanks to Andrew Bartlett for critics and comments, and partly rewritten code. New: - updated fetching code to changed byte order macros - moved functions to proper namespace - optimized memory usage by reusing caller's memory context - enhanced code to more follow Samba coding rules Todo: - proper universal group expiration after timeout (This used to be commit 80c2aefbe7c1aa363dd286a47d50c5d8b4595f43)
2002-01-09Add two more memory-debug smbcontrol messages: these ones shouldMartin Pool1-0/+1
prompt dmalloc to log information about what happening, so you can see in flight why smbd is getting bloated. (This used to be commit bcb443c5c4bf97fe6b5b0993e42496c2e64f0124)
2002-01-09Better explanation message for dmalloc.Martin Pool1-1/+1
Also more insertion of parenthesis to handle struct members called 'free'. You can now get useful dmalloc output, as long as it is compatible with your C library. On RH7.1 it looks like you have to rebuild dmalloc to allow free(0) by default, because something in libcrypt does that. (sigh) (This used to be commit 391cbb690196537c8b6292b42c2e27408cc7e249)
2002-01-09Add UNUSED(paramname) macro to be used in parameter lists, to quietenMartin Pool1-1/+2
gcc warnings about unused parameters. (This used to be commit b29775d442c36f667a6db5ba9dbe47d1a133525f)
2002-01-09Fixed up atomic update code.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 274b04d4a6123fbfe363afc214e908ab36c7e8a7)