summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2003-07-09Large set of changes to add UNIX account/group managementGerald Carter1-6/+17
to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
2003-07-09Get rid of DISP_USER_INFO/DISP_GROUP_INFO as they serve no usefulJeremy Allison1-0/+4
purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries. ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX functions fail. Getting ready to add caching. Jeremy. (This used to be commit 9d0692a54fe2cb087f25796ec2ab5e1d8433e388)
2003-07-09Ensure we correctly test for errors in uid/gid_to sid.Jeremy Allison1-15/+14
Jeremy. (This used to be commit f3c2e73a8c1c592d407542c12c0a445103415bc0)
2003-07-08Moved SAM_ACCOUNT marshall/unmarshall functions to make them externallyJeremy Allison1-2/+0
available. Removed extra auth_init (thanks metze). Jeremy. (This used to be commit 88135fbc4998c266052647f8b8e437ac01cf50ae)
2003-07-07Fix spotted by Nadav Danieli <nadavd@exanet.com> - ensure dev and inodeJeremy Allison1-0/+10
to fix open mode race condition. Jeremy. (This used to be commit cbde1c8dfcd9d3bef956fe073e7108a54b48844b)
2003-07-07Fix from MORIYAMA Masayuki <msyk@mtg.biglobe.ne.jp> for new MB statcacheJeremy Allison1-7/+9
code. Bug #185. Jeremy. (This used to be commit 7a1ac7be42dfb90fd44f2c51810eedcea052386b)
2003-07-07Fixed a couple of const issues with the new code.Jeremy Allison1-1/+1
Jeremy. (This used to be commit e9fb6e45086a6170b6f6d5d3295398708ab1af58)
2003-07-07and so it begins....Gerald Carter2-13/+409
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-07-06This changes our Unix primary GID behaviour back to what most people expect:Andrew Bartlett1-1/+1
Samba will now use the user's UNIX primary group, as the primary group when dealing with the filesystem. The NT primary group is ignored in unix. For the NT_TOKEN, the primary group is the NT priamry group, and the unix primary group is added to the NT_TOKEN as a supplementary group. This should fix bug #109, but will need to be revisited when we get a full NT group database. Also in this commit: - Fix debug statements in service.c - Make idmap_ldap show if it's adding, or modifying an existing DN - Make idmap_ldap show both the error message and error string (This used to be commit 32e455a714b2090fcfd1f6d73daccf600c15d51b)
2003-07-04This patch cleans up some of our ldap code, for better behaviour:Andrew Bartlett1-7/+13
We now always read the Domain SID out of LDAP. If the local secrets.tdb is ever different to LDAP, it is overwritten out of LDAP. We also store the 'algorithmic rid base' into LDAP, and assert if it changes. (This ensures cross-host synchronisation, and allows for possible integration with idmap). If we fail to read/add the domain entry, we just fallback to the old behaviour. We always use an existing DN when adding IDMAP entries to LDAP, unless no suitable entry is available. This means that a user's posixAccount will have a SID added to it, or a user's sambaSamAccount will have a UID added. Where we cannot us an existing DN, we use 'sambaSid=S-x-y-z,....' as the DN. The code now allows modifications to the ID mapping in many cases. Likewise, we now check more carefully when adding new user entires to LDAP, to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount onto the idmap entry for that user, if it is already established (ensuring we do not duplicate sambaSid entries in the directory). The allocated UID code has been expanded to take into account the space between '1000 - algorithmic rid base'. This much better fits into what an NT4 does - allocating in the bottom part of the RID range. On the code cleanup side of things, we now share as much code as possible between idmap_ldap and pdb_ldap. We also no longer use the race-prone 'enumerate all users' method for finding the next RID to allocate. Instead, we just start at the bottom of the range, and increment again if the user already exists. The first time this is run, it may well take a long time, but next time will just be able to use the next Rid. Thanks to metze and AB for double-checking parts of this. Andrew Bartlett (This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison6-12/+13
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-07-03Missed this in the previous patch - we now have a seperate idea of theAndrew Bartlett1-1/+1
'unix username' from the NT username, in the auth subsystem at least. Andrew Bartlett (This used to be commit df1aa2a669edc9f26007595411720742d7dff5d9)
2003-07-02Fixing problems in the iconv discovery stuff in configure.in.Richard Sharpe1-0/+1
This is the first part of the fix that at least allows configure to walk the list of supplied locations where libiconv etc might be found. aclocal.m4 also needs a fix, as does a later test. (This used to be commit 20786543139c546d112f8f6b6d4d796ee7fed609)
2003-07-02Added fix for Japanese case names in statcache - these can changeJeremy Allison1-2/+33
size on upper casing. Based on patch from monyo@home.monyo.com. Jeremy. (This used to be commit 72e382e99b92666acdaf50a040b14aa16d48b80d)
2003-07-02Whitespace reformat before applying a patch.Jeremy Allison1-184/+187
Jeremy. (This used to be commit bbe1276b516e1803a4a9285691674784b989b72f)
2003-07-01Fix for bug 189 from MORIYAMA Masayuki <msyk@mtg.biglobe.ne.jp>. IncorrectJeremy Allison1-1/+1
call for Japanese characters. Jeremy. (This used to be commit c6de5df01d470c2dab48cdd6298f450fa94f9a8e)
2003-07-01Fixed the latest complaint from jcmd :-). We were storing -1 for theJeremy Allison1-6/+10
CREATOR_OWNER/CREATOR_GROUP uid/gid entries in the SAMBA_PAI attribute. Creator Owner and Creator group now show up as inherited correctly (I think :-). Jim please test. Jeremy. (This used to be commit dbbd8dd15582f95fb9c160c6c42ce9f0971ac4b7)
2003-06-30Finally ! Fixed the ACL ordering bug reported by jcmd. I realised we wereJeremy Allison1-20/+10
not sorting returned ACE's correctly w.r.t. W2K - implemented the correct algorithm. Jeremy. (This used to be commit fa23a4158ec23c0b8dbdc6c53f29958243107dee)
2003-06-27Some const correctness. Stop tdb being used as a remote backend. If anJeremy Allison2-7/+11
idmap backend is specified cause smbd to ask winbindd (use winbindd if you want a consistant remote backend solution). Should work well enough for next beta now... Jeremy. (This used to be commit 8f830c509af5976d988a30f0b0aee4ec61dd97a3)
2003-06-25large change:Gerald Carter1-1/+1
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-23Fixed the merge_default_aces() code to work correctly with inheritance.Jeremy Allison1-11/+38
Hopefully will fix jcmd bugs :-). Jeremy. (This used to be commit 482e6c79edefc8aaacbb37f807d2076e59b40e26)
2003-06-22Found out a good number of NT_STATUS_IS_ERR used the wrong way.Simo Sorce4-10/+10
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK This patch will cure the problem. Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is used correctly, but I'm not 100% sure, coders should check the use of NT_STATUS_IS_ERR() in samba is ok now. Simo. (This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
2003-06-21Always initialize.Andrew Bartlett1-0/+2
(This used to be commit 75081860af5ace873f53c361ec34d029b7864ff7)
2003-06-21merge of the netsamlogon caching code from APPLIANCE_HEADGerald Carter1-3/+0
This replaces the universal group caching code (was originally based on that code). Only applies to the the RPC code. One comment: domain local groups don't show up in 'getent group' that's easy to fix. Code has been tested against 2k domain but doesn't change anything with respect to NT4 domains. netsamlogon caching works pretty much like the universal group caching code did but has had much more testing and puts winbind mostly back in sync between branches. (This used to be commit aac01dc7bc95c20ee21c93f3581e2375d9a894e1)
2003-06-20Fixed sorting algorithm to prevent problems with W2K clients.Jeremy Allison1-2/+2
Jeremy. (This used to be commit fa8ca20ed440673d02ac5669f8d4c6623c1fdb6d)
2003-06-20Mapping of Windows ACL inheritance and protected bits onto extended attributesJeremy Allison1-16/+461
if available. Adds new parameter "map acl inheritance" (docs coming soon) off by default. Allows W2K acl inheritance dialogs to work correctly on POSIX acls. Jeremy. (This used to be commit a83595e80ae539135fa1a65d6066b10ac94fbad1)
2003-06-18Ok, this patch removes the privilege stuff we had in, unused, for some time.Simo Sorce1-1/+1
The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-06-13Fix an spelling mistake.Richard Sharpe1-1/+1
(This used to be commit 8e37c1d579ed801fd602d698174f981deff435d9)
2003-06-07Don't assume that the SAM knows the unix home directory - look it up byAndrew Bartlett1-6/+14
getpwnam() if need be. Fixes bug #130 Andrew Bartlett (This used to be commit a4bc789a3993be4b25955c729b533b86dba666f4)
2003-06-06* add in David Lee's utmp patch (defaults to on if available)Gerald Carter2-11/+18
* one more try at fixing builds when --with-ldap=no (This used to be commit b516ab7bdef6b6b2b7f0df8966dbd4c329f46a92)
2003-06-06SMBlockingX timeouts are in units of 2 milliseconds, not 1Andrew Tridgell1-1/+1
(This used to be commit 999cde3227210c90132ade3812e964087f04e541)
2003-06-062 more places where win2003 forces UCS2Andrew Tridgell1-2/+2
(This used to be commit b64f6e52ec8aa0892b405d3360079ababc8527f4)
2003-06-06- the ALL_INFO trans2 QFILEINFO level uses a forced UCS2 nameAndrew Tridgell1-3/+3
- win2003 returns 0 for ea_size when there are no EAs (This used to be commit 83e0c21831f32aad2dfb6ebe4a27c7a0d2adb692)
2003-06-06make the allocation_size consistent between trans2 QFILEINFO and SMBgetattrEAndrew Tridgell1-1/+2
(This used to be commit 59f1a5e6fd783b977f787dae4ba4bb8b65c41e43)
2003-06-06- the 8.3 name in BOTH_DIRECTORY_INFO is supposed to be always unicodeAndrew Tridgell1-5/+5
(to match win2003 behaviour) - added the STR_TERMINATE_ASCII flag from samba4 so we can get the string termination right for the case where it is supposed to be non-terminated for UCS2 and terminated when ASCII (This used to be commit 791a4cc7cf84eca77116bca00aeb5f95560f6705)
2003-06-06fixed the string alignment of the QUERY_EA_SIZE trans2 findfirst levelAndrew Tridgell1-2/+1
(This used to be commit ff5e37ed293b61c2585c66e7366fae478754cca1)
2003-06-06fixed the layout of the FULL_DIRECTORY_INFO trans2 findfirst levelAndrew Tridgell1-5/+5
found by samba4 smbtorture SEARCH test (This used to be commit 5a5f59cf5eec39394b8aec4aab7f2c347d617255)
2003-06-06removed the 'valgrind fix' that (although it may well remove aAndrew Tridgell1-8/+0
valgrind warning) causes us to return a completely wrong 8.3 filename in directory searches! come on guys, this close to a release you need to TEST CODE BEFORE COMMITTING (This used to be commit 381cea68b81aeb42b088677d2a8bfd410a7da329)
2003-06-06Added EA operations to VFS layer.Jeremy Allison2-1/+81
Jeremy. (This used to be commit 024de9213e414659296cb518a6753e510c64f614)
2003-06-04fixed the termination of several trans2 stringsAndrew Tridgell1-3/+3
(This used to be commit 8f23ad3054febe47b667172d680d2d19ad141416)
2003-06-04shouldn't null terminate trans2 qfileinfo all_info/nameAndrew Tridgell1-1/+1
(This used to be commit f7cd16ab58753be25bc9c7b487289361e3882da3)
2003-06-01added the COMPRESSION_INFO trans2 QFILEINFO level and fixed theAndrew Tridgell1-3/+9
IS_NAME_VALID QPATHINFO level (This used to be commit 1634346e2a6e73af80d4e68d50c6398fb24869a5)
2003-06-01fixed the ALL_INFO and ALL_INFORMATION trans2 QFILEINFO levels. TheAndrew Tridgell1-35/+2
structure we were using was completely wrong after the first few parameters. found by samba4 testsuite. Lots of other stuff also fails, but is harder to fix. (This used to be commit 6f34bd423ebb805e1e5a3b61bb5b2ca8530ce69d)
2003-05-31Got us happy running under valgrind again :-).Jeremy Allison3-0/+10
Jeremy. (This used to be commit b6ab9d73610861d225d72845d4df7cf970155e39)
2003-05-31Fixes to stop valgrind complaining about uninitialised memory when it'sJeremy Allison2-0/+16
copying clobbered buffer areas and doing hashes on them and sending them onto the wire. Jeremy. (This used to be commit 7dfcf714ae2e81fece489640e2341f132c9f567d)
2003-05-30Ensure 'blank' entries show up in both default and normal entries toJeremy Allison1-13/+7
allow them to be changed. Works well with W2K and above. Jeremy. (This used to be commit 685e4e518236079f201650f26152f6f9ad3c61ab)
2003-05-29Change get_nt_acl() to include security_info wanted. Only return this.Jeremy Allison4-235/+256
This gets us closer to W2k+ in what we return for file ACLs. Fix horribly broken make_sec_desc() that screwed up the size when given a SD with no owner or group (how did it get this bad... ?). Jeremy. (This used to be commit 183c9ed4052ab14e269ed1234ca557053f77e77a)
2003-05-28Fix bug brought up by Ken Cross that empty ACE's cause existing ACE's toJeremy Allison1-107/+14
be applied to new ACE set calls. This is incorrect. Don't think this has a bugzilla id. Jeremy. (This used to be commit cb70d8c9e87801c314d1b926d4e43ee451c04135)
2003-05-28It seems only NT4 does the VC == 0 session drop code.Jeremy Allison1-1/+5
Jeremy. (This used to be commit 30bbf4c8c4cbed0f7980237ea9b78baa785dec3d)
2003-05-27Correct (?) handling for VC = 0. Trying to fix XP logoff leaving resourcesJeremy Allison1-1/+18
around. Jeremy. (This used to be commit bf0916e1da442606311c74ac73ccec2e9710d663)