Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 9d62f25f5d3c25d71d8b87801084d42ae9b66f8c)
|
|
(This used to be commit a034bfb9ef7a4c8a127ac91f4163cc6af98f29b3)
|
|
<a.bokovoy@sam-solutions.net>.
This patch is designed to remove the 'special cases' required for this support.
In particular this now kills off winbind_initgroups, as it appears no longer to
be required.
Andrew Bartlett
(This used to be commit f1d8d509766e9169d39332559162cfec249bfc70)
|
|
Andrew Bartlett
(This used to be commit 8cac618174365825e8b1824f70cb42afbce5e500)
|
|
group mapping init failures.
(This used to be commit cd6a2dad4e3092a19f784b6548fce49ecd8bb549)
|
|
much saner :-).
Change to pdb_init_sam()/pdb_free_sam() loop rather than reset based due to
the talloc basis.
Andrew Bartlett
(This used to be commit e40a0a7f27950bd0484fe7d6b67dce45cd75d25c)
|
|
(This used to be commit e3b87ffc8c26f9fd4c3e8181897b8812b7dc4ab6)
|
|
- Rework the name -> sid lookup function to always try local lookup first (for
local domain names) before trying winbind. This seems to eliminate my winbind
feedback loop problems. (I don't use winbind for nsswitch, where there are
almost certainly further issues).
Andrew Bartlett
(This used to be commit 25cadce67bc8effd4248ab993ae78e1d8511d994)
|
|
winbind default domains, particulary now I understand whats going on a lot
better. This ensures that the RPC client code does as little 'magic' as
possible - this is up to the application/user. (Where - for to name->sid code
- it was all along). This leaves the change that allows the sid->name code to
return domains and usernames in seperate paramaters.
Andrew Bartlett
(This used to be commit 5dfba2cf536f761b0aee314ed9e30dc53900b691)
|
|
this might need a bit more work - or at least documentation.
This is certainly a worthwile little hack, as it avoids the need to invert the
group database. I don't think we should allow unqualified domains here - as
that allows us to distinguish between (at least some) usernames and these
'special' groups.
(This used to be commit 151dd7bc6c61e19a993017e5e0b50314801e26de)
|
|
to the function. This fixes a nice little segfault the brute-force-casting
created. :-)
Andrew Bartlett
(This used to be commit c84fa7f5fd62940e397d3353fb688f283349393e)
|
|
varioius crazy 'if winbind didn't find it' cases. This makes winbind default
domain support easier to intergrate with smbd.
(This used to be commit 3e71521957d579f00249679de837490aca5ba92f)
|
|
and its new args.
(This used to be commit e7b3d64f6055b5d3b036f525f0ece3c9479d4f7a)
|
|
in become_root()/unbecome_root().
Also only allocate the memory the client reqests - and don't allow the client
to trigger an SMB_ASSERT if they ask for 'more'.
Up the maximum number of sids allowed, and note that this is an arbiary guess,
and can be raised without consequence.
Andrew Bartlett
(This used to be commit 6e7667125d142670db7393ed7a48386f3821d896)
|
|
just make it harder to debug (gcc stips optomises them away).
(This used to be commit 100d2705ddfa1fde73a0bb06e8e097b2b1cbf36a)
|
|
make its use clearer.
(This used to be commit d1ea20cc2392f8ba4ac4241f9b5ec14489e49147)
|
|
the sid->uid and uid->sid conversions.
Remove some duplicate arguments from these funcitons, and update the
request/response structures for this and the 'winbind domain name' feature.
As such 'winbindd_lookup_name' now takes both a domain and username.
(This used to be commit ce1b4d4c309e4a60bec5a53224585bd504264672)
|
|
(This used to be commit 85018fecfad1f7f6ef44b511bac937881a7bf937)
|
|
correctly) be no longer needed. This is in aid of the 'winbind default domain'
code - which works much better when smbd always goes via the standard unix
interfaces.
Andrew Bartlett
(This used to be commit a41fe2f6c845789c719de1d9a26a1374fb0e7fdb)
|
|
(This used to be commit e72e511935ce7f2b658a133bd536833864bc6a92)
|
|
info3. These are RIDs, and it only makes sense to combine them with the domain
SID returned with them. This is important for trusted domains, where that sid
might be other than the one we currently reterive from the secrets.tdb.
Also remove the become_root()/unbecome_root() wrapper from around both
remaining TDB users: Both are now initialised at smbd startup.
Andrew Bartlett
(This used to be commit 554842e0a55155193f25aefca6480b89d5c512ca)
|
|
(This used to be commit 8ffc024ebc73dee32a9dfc1873e824c996205475)
|
|
lp_load().
Andrew Bartlett
(This used to be commit 168c712bf3b8be19e6e72b7bf4563ed3ae87c176)
|
|
The previous code attempted to call winbind to find out the domain sid. This
couldn't work for a number of reasons - not the least of which was that both
the client and server ends would reject any name (in this case domain name)
without a \ in it (or lp_winbind_seperator()).
I think this is what was intended to occour. If there is still some need to
contact winbind for this information, I suggest a new call be created for this
- as it the server-side code doesn't allow for this information to be extracted
easily in any case.
Finally, it gets in the way of the default domain code a bit - hence why I was
actually looking at it...
Andrew Bartlett
(This used to be commit 5fe1ea7f11a314a42f867a4f159c1c63c516568f)
|
|
Andrew Bartlett
(This used to be commit 6650b21ceabefab037cfd3b135039914fb75e3a9)
|
|
calls from rpc_parse/parse_net.c - instead these values are passed as a
paramater.
Unfortunetly some there is still some samr work to be done before this is
actually useful.
Andrew Bartlett
(This used to be commit 4fc9e16ad7a77cf2e37b27640c0dec2052e9cda0)
|
|
(This used to be commit 3db417c2ebfda0d5872dee39e36edc4fb6299b9a)
|
|
Jeremy.
(This used to be commit 27f65b3aad13ecd33bbb84048d70e3dde212f278)
|
|
there are still some work to do on it but it's already functionnal.
J.F.
(This used to be commit 2506c98d19263bd5f367a488c2238dcdfec46ee9)
|
|
Changed the way the wins record are handled in memory. Now they are living
much longer with the different states: active, released and tombstone.
Also added a version ID, some wins flags and the wins owner ip address to
the namrec->data struct, and a function to process messages sent by the
wins replication daemon.
the initiate_wins_processing() function is not correct, I'll fix it later.
J.F.
(This used to be commit b902e087d06c32797af19021a7f56895d86d7364)
|
|
This matches the lookup failure case in 2.2, and seems to make more sense than
giving the printer to 'world'. (Avoiding this lookup makes some of my other
changes - including winbind default domains - a little easier).
In any case, tpot has promised to look at this and test it when he gets back to
work. :-)
Andrew Bartlett
(This used to be commit f0137ac126f782e83ed15d8e905def708cdb6c64)
|
|
a username on the commandline. Also don't continue past the kinit if a password is entered and fails because existing tickets would be used, which may not be desired if the username was specified.
(This used to be commit 7e5d7dfa834c0161460bde8a2f0d4824c0a0d1fe)
|
|
case.
Jeremy.
(This used to be commit 248770d73072e36fd9812ec5986dce5380dfab33)
|
|
Benjamin (Bj) Kuit bj@it.uts.edu.au.
Jeremy.
(This used to be commit 5f4de275a3a63a95e76d077ffc94321a078833bf)
|
|
J.F.
(This used to be commit 5fef8a5ad29074bcf02904a1cca72133d57cc3e4)
|
|
J.F.
(This used to be commit ca7665c6b3618d3160bbd8e55ab56a8783cf8934)
|
|
J.F.
(This used to be commit 873dba59cf4e1f7ebb3593d890b9de7c8cd25653)
|
|
(This used to be commit 7dc1c34145d66f4bbc5c6ce0bca4b224088366af)
|
|
Modules now name themselves, which should allow for sane behaviour when we get
an 'extern' passdb module (which in turn loads a .so).
Fix up tdbsam for non-unix-accounts. Not sure if this fixes idra's bug, but
its a start...
Andrew Bartlett
(This used to be commit 7d576d89d7b4a7b95e87a844568d7d7cd89f0542)
|
|
(This used to be commit 56be51d648da971bcf1250470b29918e43dc622b)
|
|
Andrew Bartlett
(This used to be commit c796799afd69fe627b1c8e51fb47957d30da9fae)
|
|
(This used to be commit 8929f07a15e7c6f6dbc72b1c50b45eb4c321d516)
|
|
(This used to be commit 1f7172b48e77dcda8bfd20d8e79a90b523727493)
|
|
Jeremy.
(This used to be commit 0db93d8752197e213f0974edae53e2dafdd77b51)
|
|
the "password server" smb.conf parameter when choosing a DC to connect to.
Due to the origin of the code in cm_get_dc_name() it wouldn't try
additional DCs if the first DC didn't work. This would wedge winbindd if you
had "password server = foo1, foo2" and foo1 was down.
(This used to be commit fc7ed1b4a8774a6a07a8d8fd08d9d2f15cd5c1dc)
|
|
Added TODO about perhaps doing a SAMLOGON udp/138 request before a
cli_full_connection in connect_to_domain_password_server()
(This used to be commit b61e40a5be3b8bacc74399902169755dbc4c7fca)
|
|
(This used to be commit 97b243c488e8b976e40c6d873282a153f80c06e4)
|
|
(This used to be commit 7c2d7205938ddd958b8399599febbf63ac4c8a88)
|
|
(This used to be commit 04f492980b73800b60dde764fdeb43f2eab79624)
|
|
(This used to be commit 05adb30eabceea0ebbd7a7831533e2d4f20e58c8)
|