| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
We now always read the Domain SID out of LDAP. If the local secrets.tdb
is ever different to LDAP, it is overwritten out of LDAP. We also
store the 'algorithmic rid base' into LDAP, and assert if it changes.
(This ensures cross-host synchronisation, and allows for possible
integration with idmap). If we fail to read/add the domain entry, we just
fallback to the old behaviour.
We always use an existing DN when adding IDMAP entries to LDAP, unless
no suitable entry is available. This means that a user's posixAccount
will have a SID added to it, or a user's sambaSamAccount will have a UID
added. Where we cannot us an existing DN, we use
'sambaSid=S-x-y-z,....' as the DN.
The code now allows modifications to the ID mapping in many cases.
Likewise, we now check more carefully when adding new user entires to LDAP,
to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount
onto the idmap entry for that user, if it is already established (ensuring
we do not duplicate sambaSid entries in the directory).
The allocated UID code has been expanded to take into account the space
between '1000 - algorithmic rid base'. This much better fits into what
an NT4 does - allocating in the bottom part of the RID range.
On the code cleanup side of things, we now share as much code as
possible between idmap_ldap and pdb_ldap.
We also no longer use the race-prone 'enumerate all users' method for
finding the next RID to allocate. Instead, we just start at the bottom
of the range, and increment again if the user already exists. The first
time this is run, it may well take a long time, but next time will just
be able to use the next Rid.
Thanks to metze and AB for double-checking parts of this.
Andrew Bartlett
(This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e)
|
|
strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
|
|
'unix username' from the NT username, in the auth subsystem at least.
Andrew Bartlett
(This used to be commit df1aa2a669edc9f26007595411720742d7dff5d9)
|
|
This is the first part of the fix that at least allows configure to
walk the list of supplied locations where libiconv etc might be found.
aclocal.m4 also needs a fix, as does a later test.
(This used to be commit 20786543139c546d112f8f6b6d4d796ee7fed609)
|
|
size on upper casing. Based on patch from monyo@home.monyo.com.
Jeremy.
(This used to be commit 72e382e99b92666acdaf50a040b14aa16d48b80d)
|
|
Jeremy.
(This used to be commit bbe1276b516e1803a4a9285691674784b989b72f)
|
|
call for Japanese characters.
Jeremy.
(This used to be commit c6de5df01d470c2dab48cdd6298f450fa94f9a8e)
|
|
CREATOR_OWNER/CREATOR_GROUP uid/gid entries in the SAMBA_PAI attribute.
Creator Owner and Creator group now show up as inherited correctly (I
think :-). Jim please test.
Jeremy.
(This used to be commit dbbd8dd15582f95fb9c160c6c42ce9f0971ac4b7)
|
|
not sorting returned ACE's correctly w.r.t. W2K - implemented the correct
algorithm.
Jeremy.
(This used to be commit fa23a4158ec23c0b8dbdc6c53f29958243107dee)
|
|
idmap backend is specified cause smbd to ask winbindd (use winbindd if
you want a consistant remote backend solution).
Should work well enough for next beta now...
Jeremy.
(This used to be commit 8f830c509af5976d988a30f0b0aee4ec61dd97a3)
|
|
*) consolidates the dc location routines again (dns
and netbios) get_dc_list() or get_sorted_dc_list()
is the authoritative means of locating DC's again.
(also inludes a flag to get_dc_list() to define
if this should be a DNS only lookup or not)
(however, if you set "name resolve order = hosts wins"
you could still get DNS queries for domain name IFF
ldap_domain2hostlist() fails. The answer? Fix your DNS
setup)
*) enabled DOMAIN<0x1c> lookups to be funneled through
resolve_hosts resulting in a call to ldap_domain2hostlist()
if lp_security() == SEC_ADS
*) enables name cache for winbind ADS backend
*) enable the negative connection cache for winbind
ADS backend
*) removes some old dead code
*) consolidates some duplicate code
*) moves the internal_name_resolve() to use an IP/port pair
to deal with SRV RR dns replies. The namecache code
also supports the IP:port syntax now as well.
*) removes 'ads server' and moves the functionality back
into 'password server' (which can support "hostname:port"
syntax now but works fine with defaults depending on
the value of lp_security())
(This used to be commit d7f7fcda425bef380441509734eca33da943c091)
|
|
Hopefully will fix jcmd bugs :-).
Jeremy.
(This used to be commit 482e6c79edefc8aaacbb37f807d2076e59b40e26)
|
|
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK
This patch will cure the problem.
Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is
used correctly, but I'm not 100% sure, coders should check the use of
NT_STATUS_IS_ERR() in samba is ok now.
Simo.
(This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
|
|
(This used to be commit 75081860af5ace873f53c361ec34d029b7864ff7)
|
|
This replaces the universal group caching code (was originally
based on that code). Only applies to the the RPC code.
One comment: domain local groups don't show up in 'getent group'
that's easy to fix.
Code has been tested against 2k domain but doesn't change anything
with respect to NT4 domains.
netsamlogon caching works pretty much like the universal group
caching code did but has had much more testing and puts winbind
mostly back in sync between branches.
(This used to be commit aac01dc7bc95c20ee21c93f3581e2375d9a894e1)
|
|
Jeremy.
(This used to be commit fa8ca20ed440673d02ac5669f8d4c6623c1fdb6d)
|
|
if available. Adds new parameter "map acl inheritance" (docs coming soon)
off by default. Allows W2K acl inheritance dialogs to work correctly on
POSIX acls.
Jeremy.
(This used to be commit a83595e80ae539135fa1a65d6066b10ac94fbad1)
|
|
The code was nice, but put in the wrong place (group mapping) and not
supported by most of the code, thus useless.
We will put back most of the code when our infrastructure will be changed
so that privileges actually really make sense to be set.
This is a first patch of a set to enhance all our mapping code cleaness and
stability towards a sane next beta for 3.0 code base
Simo.
(This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
|
|
(This used to be commit 8e37c1d579ed801fd602d698174f981deff435d9)
|
|
getpwnam() if need be.
Fixes bug #130
Andrew Bartlett
(This used to be commit a4bc789a3993be4b25955c729b533b86dba666f4)
|
|
* one more try at fixing builds when --with-ldap=no
(This used to be commit b516ab7bdef6b6b2b7f0df8966dbd4c329f46a92)
|
|
(This used to be commit 999cde3227210c90132ade3812e964087f04e541)
|
|
(This used to be commit b64f6e52ec8aa0892b405d3360079ababc8527f4)
|
|
- win2003 returns 0 for ea_size when there are no EAs
(This used to be commit 83e0c21831f32aad2dfb6ebe4a27c7a0d2adb692)
|
|
(This used to be commit 59f1a5e6fd783b977f787dae4ba4bb8b65c41e43)
|
|
(to match win2003 behaviour)
- added the STR_TERMINATE_ASCII flag from samba4 so we can get the
string termination right for the case where it is supposed to be
non-terminated for UCS2 and terminated when ASCII
(This used to be commit 791a4cc7cf84eca77116bca00aeb5f95560f6705)
|
|
(This used to be commit ff5e37ed293b61c2585c66e7366fae478754cca1)
|
|
found by samba4 smbtorture SEARCH test
(This used to be commit 5a5f59cf5eec39394b8aec4aab7f2c347d617255)
|
|
valgrind warning) causes us to return a completely wrong 8.3 filename
in directory searches!
come on guys, this close to a release you need to TEST CODE BEFORE COMMITTING
(This used to be commit 381cea68b81aeb42b088677d2a8bfd410a7da329)
|
|
Jeremy.
(This used to be commit 024de9213e414659296cb518a6753e510c64f614)
|
|
(This used to be commit 8f23ad3054febe47b667172d680d2d19ad141416)
|
|
(This used to be commit f7cd16ab58753be25bc9c7b487289361e3882da3)
|
|
IS_NAME_VALID QPATHINFO level
(This used to be commit 1634346e2a6e73af80d4e68d50c6398fb24869a5)
|
|
structure we were using was completely wrong after the first few
parameters.
found by samba4 testsuite. Lots of other stuff also fails, but is
harder to fix.
(This used to be commit 6f34bd423ebb805e1e5a3b61bb5b2ca8530ce69d)
|
|
Jeremy.
(This used to be commit b6ab9d73610861d225d72845d4df7cf970155e39)
|
|
copying clobbered buffer areas and doing hashes on them and sending
them onto the wire.
Jeremy.
(This used to be commit 7dfcf714ae2e81fece489640e2341f132c9f567d)
|
|
allow them to be changed. Works well with W2K and above.
Jeremy.
(This used to be commit 685e4e518236079f201650f26152f6f9ad3c61ab)
|
|
This gets us closer to W2k+ in what we return for file ACLs. Fix horribly
broken make_sec_desc() that screwed up the size when given a SD with no
owner or group (how did it get this bad... ?).
Jeremy.
(This used to be commit 183c9ed4052ab14e269ed1234ca557053f77e77a)
|
|
be applied to new ACE set calls. This is incorrect. Don't think this
has a bugzilla id.
Jeremy.
(This used to be commit cb70d8c9e87801c314d1b926d4e43ee451c04135)
|
|
Jeremy.
(This used to be commit 30bbf4c8c4cbed0f7980237ea9b78baa785dec3d)
|
|
around.
Jeremy.
(This used to be commit bf0916e1da442606311c74ac73ccec2e9710d663)
|
|
the flags field
(This used to be commit 48c8211084503172f053ad23b308901628f8a978)
|
|
(This used to be commit d594e60f926e5618cd61585383bee315757ba73a)
|
|
(This used to be commit 1b2b7766c8fa89f46f4d1c881ee91c4b0b15773a)
|
|
- Use absolute directories for $builddir and $srcdir in the Makefile
- Don't try and combine source files in $builddir and $srcdir to build
proto.h. It's just too hard to get it right across all targets we
wish to compile on. Use a hand created prototype for the single
function in smbd/build_options.c that we need. This allows us to ditch
all the extra sed work that was causing problems: \t not portable - hah!
- Fix bogus delheaders target to remove the correct files
This appears to work quite nicely now. Let's see how it goes on the
buildfarm machines.
(This used to be commit 456184463d35c18840c39cb3483b7136247ea764)
|
|
that file_find_dif will find them. Fixes a core dump in smbd/open.c.
Jeremy.
(This used to be commit 0e2165630d2ce31076fef6d7098e45c8fd327e23)
|
|
Jeremy.
(This used to be commit 84a7714eba801fefa7ad56493f20813de3943bc5)
|
|
Jeremy.
(This used to be commit 6d3b72b4994a5115a1e7f0ca3912692a33fc690e)
|
|
unicode plain text password if negoitated
(This used to be commit e7d635af80c844f17ff9f34c26c1e9c978951ce1)
|
|
(This used to be commit 73c686ab771b6c3e9a9335032f851083d44701c7)
|
