| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
rafal
(This used to be commit 836746beabda583f7d86bb7e6faa855f172a888d)
|
|
(This used to be commit 28f1d7b201932eb3864af3d71ec862670898822c)
|
|
IP and TCP checksums are not calculated, but that should not matter.
(This used to be commit aa96f780015c031e0c5a0e8773f192502c10c919)
|
|
(This used to be commit 398bd14fc6e2f8ab2f34211270e179b8928a6669)
|
|
same ads_verify_ticket routine that smbd uses, so in the current state
we have to be have the host password in secrets.tdb instead of the
keytab. This means we have to be an ADS member, but it's a start.
Volker
(This used to be commit dc2d2ad467927affbd1461df75f77f07ddfbc3b1)
|
|
from a samba log file and view it in ethereal, including the DCE/RPC, RAP, etc
calls that are contained in a packet, just like you would with a real
network sniff!
(This used to be commit 6a76750dc4d8b539b7571ac4939c003b6ffa86a9)
|
|
(This used to be commit 6ec683e24e220a40b02b203b918a0008d90264f0)
|
|
Actually let the user explicitly specify a rid...
Volker
(This used to be commit 3aed9c8a4ac97ef55772ddae1e1cb0a5a1a15767)
|
|
(This used to be commit b4499c8aab44e25cb4406498018bde0bc4ed4ca9)
|
|
10 for data contents as well) and creates a packet trace readable by
ethereal.
What does not work yet:
- SMB data contents (log level 5)
- SMB data contents beyond the 512 byte range (log level 99 or something?)
(This used to be commit 95b1d4933b0de63613fe041c273d413d86909b4b)
|
|
(This used to be commit e8dc799ffbc4e622eb6adf374bbafc34724c24ce)
|
|
Volker
(This used to be commit c8f4d7952ffbe0438e33c37ae1365e5dd4f1734a)
|
|
rafal
(This used to be commit 033ee6e68708f687ccd053eab4a7dac16937354b)
|
|
(This used to be commit 5522c79045dd9ee6804bc2bf2114178cbed6df48)
|
|
(This used to be commit f2c85595dae81e119d0f7f9ec769ff865916a052)
|
|
parameters. Fix return code for Samba 4 torture tester.
Jeremy.
(This used to be commit c043835c878ff062cb6eede02334f9e0ebb01050)
|
|
(This used to be commit 807b452a7fe7960acd0259a289f0c67011cb1aaf)
|
|
and workstation to utf8 before sending the winbindd request. Also, don't
continue when the call to pull_utf8() fails but rather return a winbind
error. (This is what was causing the crash)
(This used to be commit ca1c463360b75538a93b56a87cbb4a6ee7b6cec6)
|
|
I was storing the mid of the oplock break - I should have been
storing the mid from the open. There are thus 2 types of deferred
packet sequence returns - ones that increment the sequence number
(returns from oplock causing opens) and ones that don't (change notify
returns etc). Running with signing forced on does lead to some
interesting tests :-).
Jeremy.
(This used to be commit 85907f02cec566502d9e4adabbd414020a26064d)
|
|
Jeremy.
(This used to be commit cb326c2dbff1fad87d5c72df4a004d5a42d17472)
|
|
Volker
(This used to be commit 7ce94d39add6e056e3b1deea21bf0438ba61e4cc)
|
|
Now I know where the mechListMIC changes came from: Ethereal ;-)
Volker
(This used to be commit 4e9eed1273035d09ac3b427b9711327ba8c6ebfc)
|
|
module under http://samba.sernet.de/cyrus-gss-spnego.diff
Volker
(This used to be commit a82f6a00969f7ea377626c28ec05ace04f8135a9)
|
|
Volker
(This used to be commit 946695242f0a6db0e8c712f9bd97ac3cb99c4119)
|
|
connections. Overrides smb.conf parameter if set.
Jeremy.
(This used to be commit 879309671df6b530e0bff69559422a417da4a307)
|
|
from Jim McDonough. It is to enable cyrus sasl to provide the
gss-spnego support. For a preliminary patch to cyrus sasl see
http://samba.sernet.de/cyrus-gss-spnego.diff
Volker
(This used to be commit 45cef8f66e46abe4a25fd2b803a7d1051c1c6602)
|
|
(This used to be commit a4e342c20cbddbb4d9d6ac49258457751146d890)
|
|
Andrew Bartlett
(This used to be commit e6cc5ca780f24f19dda65a499fda95bd2d99ea93)
|
|
Jeremy.
(This used to be commit 0021c83ff645a1923b5a3d3c484d44b20d7813f0)
|
|
to pstr_sprintf() and fstr_sprintf() to try to standardize.
lots of snprintf() calls were using len-1; some were using
len. At least this helps to be consistent.
(This used to be commit 9f835b85dd38cbe655eb19021ff763f31886ac00)
|
|
first time.
(This used to be commit 6616485dbad74dab7506609c6bfd183fc9c1f93c)
|
|
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings
on some of the 64-bit build farm machines as well as help us out when 64-bit
uid/gid/pid values come along.
(This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
|
|
(This used to be commit 8b818ce381595cdcb36631a2440d6aa0038805f1)
|
|
ability to change it by command line instead of turn-off cmdline switch
for debug messages.
It's a bit more comfortable to use now.
(This used to be commit b65fe75bec8170ad48d1ad0a9017ccc4de651eba)
|
|
Jeremy.
(This used to be commit 61fc9a7b2eafdf8cbed1f8d9aae016b828c91a08)
|
|
and migrate an NT4 domain and still logon from domain members
(tested logon scripts, system policies, profiles, & home directories)
(passdb backend = tdbsam)
removed call to idmap_init_wellknown_sids() from winbindd.c
since the local domain should be handled by the guest passdb backend
(and you don't really always want the Administrator account to be root)
...and we didn't pay attention to this anyways now.
(This used to be commit 837d7c54d3ca780160aa0d6a2f0a109bb691948e)
|
|
(This used to be commit 517bb4d0df4cd120ef0ffc3cd879897971f0982e)
|
|
nmbd, winbindd). Reviewed by jerry and tridge.
(This used to be commit 02c5e2fc6f0721ebd82a9e6a2b34190607de55fe)
|
|
for me without this patch. I'm not sure if I interpreted your patch to
this code right.
Thanks,
Volker
(This used to be commit 46ec022f873416d2258fc8d84430b17319dce70f)
|
|
(This used to be commit 6ebe87d318658f28ad9b9f8169fc4400856d5812)
|
|
* move rid allocation into IDMAP. See comments in _api_samr_create_user()
* add winbind delete user/group functions
I'm checking this in to sync up with everyone. But I'm going to split
the add a separate winbindd_allocate_rid() function for systems
that have an 'add user script' but need idmap to give them a RID.
Life would be so much simplier without 'enable rid algorithm'.
The current RID allocation is horrible due to this one fact.
Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow.
Nothing has changed in the way a samba domain is represented, stored,
or search in the directory so things should be ok with previous installations.
going to bed now.
(This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
|
|
rafal
(This used to be commit 156554738cf4e4ffa5a811d9979acd19418e7908)
|
|
allocate id's.
Volker
(This used to be commit 0358cc76757e7ef06dada94ec3a73cd90a525ba9)
|
|
to winbindd. See README.idmap-and-winbind-changes for details.
(This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
|
|
(This used to be commit f005f1cf12b839f3985ab00315da63c584ce803e)
|
|
* remove idmap_XX_to_XX calls from smbd. Move back to the
the winbind_XXX and local_XXX calls used in 2.2
* all uid/gid allocation must involve winbindd now
* move flags field around in winbindd_request struct
* add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id()
to prevent automatic allocation for unknown SIDs
* add 'winbind trusted domains only' parameter to force a domain member
server to use matching users names from /etc/passwd for its domain
(needed for domain member of a Samba domain)
* rename 'idmap only' to 'enable rid algorithm' for better clarity
(defaults to "yes")
code has been tested on
* domain member of native mode 2k domain
* ads domain member of native mode 2k domain
* domain member of NT4 domain
* domain member of Samba domain
* Samba PDC running winbindd with trusts
Logons tested using 2k clients and smbclient as domain users
and trusted users. Tested both 'winbind trusted domains only = [yes|no]'
This will be a long week of changes. The next item on the list is
winbindd_passdb.c & machine trust accounts not in /etc/passwd (done
via winbindd_passdb)
(This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
|
|
down failures.
Add a 'auto-add on modify' feature to guestsam
Fix some segfault bugs on no-op idmap modifications, and on new idmappings that
do not have a DN to tack onto.
Make the 'private data' a bit more robust.
Andrew Bartlett
(This used to be commit 6c48309cda9538da5a32f3d88a7bb9c413ae9e8e)
|
|
- Try better to add the appropriate mapping between UID and SIDs, based
on Get_Pwnam()
- Look for previous users (lookup by SID) and correctly modify the existing
entry in that case
- Map the root user to the Admin SID as a 'well known user'
- Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update'
call on that user. This means that VL's very nice work on atomic LDAP
updates now really gets used properly!
- This also means that we know the right DN to update, without the extra
round-trips to the server.
Andrew Bartlett
(This used to be commit c7118cb31dac24db3b762fe68ce655b17ea102e0)
|
|
We now always read the Domain SID out of LDAP. If the local secrets.tdb
is ever different to LDAP, it is overwritten out of LDAP. We also
store the 'algorithmic rid base' into LDAP, and assert if it changes.
(This ensures cross-host synchronisation, and allows for possible
integration with idmap). If we fail to read/add the domain entry, we just
fallback to the old behaviour.
We always use an existing DN when adding IDMAP entries to LDAP, unless
no suitable entry is available. This means that a user's posixAccount
will have a SID added to it, or a user's sambaSamAccount will have a UID
added. Where we cannot us an existing DN, we use
'sambaSid=S-x-y-z,....' as the DN.
The code now allows modifications to the ID mapping in many cases.
Likewise, we now check more carefully when adding new user entires to LDAP,
to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount
onto the idmap entry for that user, if it is already established (ensuring
we do not duplicate sambaSid entries in the directory).
The allocated UID code has been expanded to take into account the space
between '1000 - algorithmic rid base'. This much better fits into what
an NT4 does - allocating in the bottom part of the RID range.
On the code cleanup side of things, we now share as much code as
possible between idmap_ldap and pdb_ldap.
We also no longer use the race-prone 'enumerate all users' method for
finding the next RID to allocate. Instead, we just start at the bottom
of the range, and increment again if the user already exists. The first
time this is run, it may well take a long time, but next time will just
be able to use the next Rid.
Thanks to metze and AB for double-checking parts of this.
Andrew Bartlett
(This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e)
|
|
strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
|
