| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
fixed tdbsam memory corruption (and segfault)
reducing calls to pdb_uid_to_user_rid and countrary to 0 to move to a non alghoritmic rid allocation with some passdb modules.
(This used to be commit 9836af7cd623357feaec07bc49cfb78f0aa01fc3)
|
|
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
|
|
(This used to be commit 7ba235c0fb4755092605743d575357602fd1ce05)
|
|
(This used to be commit 936df31df5bad9d457d3775d11b4e96a58093282)
|
|
(This used to be commit 539d0cc03035c126e2de82523a07ed91997100b8)
|
|
subcommand \n\t3) try oldstyle first, then more secure method\n to allow for autodetect between ads and rpc on net join
(This used to be commit c8a4a09b5648af2f1669a5a30acdf0a088077af9)
|
|
(This used to be commit 87ee4832312c9c65377500efd617bac086164834)
|
|
(This used to be commit 951006374e48d80a5128d870bdc255bf8c22cb6a)
|
|
nicely, and make 'net help rap user' the same as 'net rap user help'...stuff like that
(This used to be commit 17775dae28c724b11cc73f2aeac5f07f9656046c)
|
|
(This used to be commit 775404fe46f72925fb302e149b6f96fab0dbfcb8)
|
|
(This used to be commit a21ba95897531e7964c9e80a81cd5faa7394db77)
|
|
allowing more than 1000 (or whatever the query limit is on the server) objects to be returned. Printers will come next.
(This used to be commit 9c447920dfbae2e2d2343600401c1d860dad863b)
|
|
(This used to be commit a3cea5e9ae3b53ecbc45e61a39cbce0ca1b916aa)
|
|
(This used to be commit 19546bdd5541785dc8430f8ffa2afcdb42015b96)
|
|
(This used to be commit 00d3a064f16101fecebaeaaabaf841f0a5c91523)
|
|
(This used to be commit 2a42e91397d7871d326abed0e99af297e71dd77e)
|
|
This commit builds on the auth subsystem to give Samba support for trusting NT4
domains. It is off by default, but is enabled by adding 'trustdomain' to the
'auth methods' smb.conf paramater.
Tested against NT4 only - there are still some issues with the join code for
Win2k servers (spnego stuff).
The main work TODO involves enumerating the trusted domains (including the RPC
calls to match), and getting winbind to run on the PDC correctly.
Similarly, work remains on getting NT4 to trust Samba domains.
Andrew Bartlett
(This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
|
|
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
This adds the 'net' tools to manipulate the trusted domains.
Andrew Bartlett
(This used to be commit 770c8a31d9804d3339ffa0de8b5072a5c7eb02df)
|
|
Jeremy.
(This used to be commit 28d4e7a3e2bd8f15ef807b821e4300a72bbc6904)
|
|
(This used to be commit 0511589088dc3e990f7b1a38a06489814c49ec1b)
|
|
(This used to be commit 84c811ca57f7e1b7d9ee498d95b3b21bea47eb5e)
|
|
[PATCH] net ads error
Date:
Fri, 15 Feb 2002 20:03:32 +0200
From:
Alexander Bokovoy <a.bokovoy@sam-solutions.net>
To:
samba-technical@samba.org
Greetings!
Attached patch fixes a problem with non-working 'net ads -Uuser%pass'
in CVS HEAD.
(This used to be commit a21a951ff9493a6e33e4ff8388a95facdeacf7b4)
|
|
We now have error messages for most of the failure cases, and the
'sid' arguments for delete and change can now take the nt group name
as a string.
Also fix up all the internal functions to be static, keeping the
namespace clean.
Andrew Bartlett
(This used to be commit f1687587010a2390b65bd5efa37cc199b67587f8)
|
|
in the directory. Only publishes required fields right now.
(This used to be commit 1d326f8b7e68bcad6c35488f77b05c598ebaad5d)
|
|
processing work correctly in winbindd. This is a really good patch
that gives full select semantics to the Samba modified select.
Jeremy.
(This used to be commit 3af16ade173cac24c1ac5eff4a36b439f16ac036)
|
|
Andrew Bartlett
(This used to be commit f3f375dc6b7175d4dd4ce401815e5dfdd9747083)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
init_group_mapping() a static function and don't call it from any client
programs.
Not sure whether I've made a bigger mess here or not...
(This used to be commit 3c887d9021269aaa9fc0bc771af8589077e6208e)
|
|
much saner :-).
Change to pdb_init_sam()/pdb_free_sam() loop rather than reset based due to
the talloc basis.
Andrew Bartlett
(This used to be commit e40a0a7f27950bd0484fe7d6b67dce45cd75d25c)
|
|
winbind default domains, particulary now I understand whats going on a lot
better. This ensures that the RPC client code does as little 'magic' as
possible - this is up to the application/user. (Where - for to name->sid code
- it was all along). This leaves the change that allows the sid->name code to
return domains and usernames in seperate paramaters.
Andrew Bartlett
(This used to be commit 5dfba2cf536f761b0aee314ed9e30dc53900b691)
|
|
lp_load().
Andrew Bartlett
(This used to be commit 168c712bf3b8be19e6e72b7bf4563ed3ae87c176)
|
|
Andrew Bartlett
(This used to be commit 6650b21ceabefab037cfd3b135039914fb75e3a9)
|
|
a username on the commandline. Also don't continue past the kinit if a password is entered and fails because existing tickets would be used, which may not be desired if the username was specified.
(This used to be commit 7e5d7dfa834c0161460bde8a2f0d4824c0a0d1fe)
|
|
idra has promised not to revert these this time :-)
(This used to be commit f556ad67e82518f5a024ffe9184ff9430ab5c541)
|
|
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
|
|
smbd, and also makes it much cleaner inside winbindd.
It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.
The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.
This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).
Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).
I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string. The actual structures are unchanged
- but the meaning of 'username' in the 'rid' will have changed. (The cache is
invalidated at startup, so on-disk formats are not an issue here).
Andrew Bartlett
(This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
|
|
(This used to be commit 7e876057d5e392f85e6fdb0f2c233b0fe76df688)
|
|
These strings are allocated using talloc(), either using its own memory context
stored on the SAM_ACCOUNT or one supplied by the caller.
The pdb_init_sam() and pdb_free_sam() function have been modifed so that a call
to pdb_free_sam() will either clean up (remove hashes from memory) and destroy
the TALLOC_CTX or just clean up depending on who supplied it.
The pdb_init_sam and pdb_free_sam functions now also return an NTSTATUS, and I
have modified the 3 places that actually checked these returns.
The only nasty thing about this patch is the small measure needed to maintin
interface compatability - strings set to NULL are actually set to "".
This is becouse there are too many places in Samba that do strlen() on these
strings without checking if they are NULL pointers.
A supp patch will follow to set all strings to "" in pdb_default_sam().
Andrew Bartlett
(This used to be commit 144345b41d39a6f68d01f62b7aee64ca0d328085)
|
|
(This used to be commit 63ea2bb0adf5ae742658f479613de90b1eec3db5)
|
|
prompt dmalloc to log information about what happening, so you can see
in flight why smbd is getting bloated.
(This used to be commit bcb443c5c4bf97fe6b5b0993e42496c2e64f0124)
|
|
of commands when specified on command line.
(This used to be commit 39d6b31e14144a3ff4b992d4286b706147e58566)
|
|
(This used to be commit 2fcdc520cee051631bbc2a0c06466d231390f8d5)
|
|
(This used to be commit faa1b222f170abe34f6930bb3493cbe8b4df4082)
|
|
(This used to be commit a9b9ae47e1a11492f036b308c408c6a239a690f6)
|
|
boring so far.
(This used to be commit 9b217dce7fe89d1e36a91d7d011c2a9fe185e0d3)
|
|
be information about memory usage, but this is not done yet.
(This used to be commit 830a126a442bdde28fc42e23e7260c344b6534b9)
|
|
Thou shalt not reference SAM_ACCOUNT members directly - always use
pdb_get/pdb_set.
This is achived by making the whole of SAM_ACCOUNT have a .private member,
where the real members live. This caught a pile of examples, and these have
beeen fixed.
The pdb_get..() functions are 'const' (have been for some time) and this
required a few small changes to constify other functions.
I've also added some debugs to the pdb get and set, they can be removed if
requested.
I've rewritten the copy_id2x_to_sam_pass() functions to use the new passdb
interface, but I need the flags info to do it properly.
The pdb_free_sam() funciton now blanks out the LM and NT hashes, and as such
I have removed many extra 'samr_clear_sam_passwd(smbpass)' calls as a result.
Finally, any and all testing is always appriciated - but the basics seem to
work.
Andrew Bartlett
(This used to be commit d3dd28f6c443187b8d820d5a39c7c5b3be2fa95c)
|
|
(This used to be commit 466f515240aaeca7b0fe2b7b3474ab23cab687cc)
|
|
These two little features are very useful, but the passing of options about
needs some serious work. The popt stuff in the shutdown code is #ifdef'ed out
until the main popt loop can be convinced not to chew on the options :-(
Andrew Bartlett
(This used to be commit 51c985be7fbfe5627c5b2590e7610653e7be98e3)
|
|
(This used to be commit c946c6bbc8192f5f0f3706d1b4a6cca0a994f36b)
|
