Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 9c6b930068d1e762fad78c9e36792764c280b85c)
|
|
(This used to be commit 11ddfd9cfa550dcd3186c8aaf0cc038ce7f1791f)
|
|
Back out last night's patch to to reduce -l dependencies until we can ensure
that *all* configurations/platforms work...
Andrew Bartlett
(This used to be commit 35eefe7a19b2b684d3ca05a665e9c13e9d17acc3)
|
|
(This used to be commit fe43c2ac2d2e1dd3b3a25c807d4dd379c5ac4960)
|
|
need all of them. Hopefully this will fix a few builds.
(This used to be commit 521eed1277956b0ebc47c3312edf57d386e026e6)
|
|
dependencies. This benifits packagers (like debian) becouse then our client
code won't have references to 'server only' libraries.
(In particular, it removes the client dependency on CUPS, which was raised in
a debian bug report).
Andrew Bartlett
(This used to be commit d5f2e33b34fe0e67153894b6bf582b7eaca40e7f)
|
|
(This used to be commit 0118e459b603a991f23d48cfd7f5e68c4374f950)
|
|
This also makes it a easier to see which paramaters are 'in', and which are
'out'.
Andrew Bartlett
(This used to be commit 122cf648d7f364c68ecb7a576a42e94a954e9e56)
|
|
Andrew Bartlett
(This used to be commit fd0ebf976eb6e5fc25bc75ff471c69c3f3761e32)
|
|
THis should fix the build.
(This used to be commit ef984b99614c07ef5934849a9ad85190b636d421)
|
|
if you have an ADS DC.
(This used to be commit 059a352ebb7c7286d205bc86a92f5fd26ab1ff8e)
|
|
existing connect (which I've been told is really connect2), with one
extra dword. We've only seen 0x00000002 there...
(This used to be commit 266344634944dff30f56453f9d86c490e7ac7a55)
|
|
Andrew Bartlett
(This used to be commit 0e420878f26bdd19b5defb78a5fe4c31662ec941)
|
|
upper cased already.
However, if you created your registry tdb in the very early versions of jerry's
patch, you could find that usrmgr doesn't function. Simply delete the
registry.tdb, it will be recreated on startup.
Andrew Bartlett
(This used to be commit 17136a88c326bf338f948a67c92bb048c5a148af)
|
|
(This used to be commit 3b0e60e522b669bad77e70d9c6f484a08ff84612)
|
|
we get a response from WINS for a PDC, if the PDC isn't responding.
(This used to be commit 57916316ffc70b0b6659f3ad9d14aad41fad4c71)
|
|
(This used to be commit 2ee0abb50f25e5a4529d8c9409c979a7a00e5984)
|
|
(This used to be commit 2f46bdeb4fa1d32fe948af5d7fa80480ff2d2c86)
|
|
(This used to be commit 3f6ca04003172c22d02111f2170ad60f0d7936d9)
|
|
unfortuately we don't seem to be able to auto-test the ADS join due to
a rather nasty property of the GSSAPI library.
(This used to be commit 87c34a974a91e940bd26078a68dd84f4341d6913)
|
|
(This used to be commit 28ba237a9e02e284fb541562270db758612e425a)
|
|
(This used to be commit 68e70b000b273ba72206c87ad1efd6efc2c7c487)
|
|
Andrew Bartlett
(This used to be commit ce6c8a647ca56dcbb60ff898d77c2df297c1fe79)
|
|
Andrew Bartlett
(This used to be commit 8405bccd4e7a5315e58890ffa5d481031636f88a)
|
|
setups.
- split up the ads structure into logical pieces. This makes it much
easier to keep things like the authentication realm and the server
realm separate (they can be different).
- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)
- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0
- completely rewrote the code for finding the LDAP server. Now try DNS
methods first, and try all DNS servers returned from the SRV DNS
query, sorted by closeness to our interfaces (using the same sort code
as we use in replies from WINS servers). This allows us to cope with
ADS DCs that are down, and ensures we don't pick one that is on the
other side of the country unless absolutely necessary.
- recognise dnsRecords as binary when displaying them
- cope with the realm not being configured in smb.conf (work it out
from the LDAP server)
- look at the trustDirection when looking up trusted domains and don't
include trusts that trust our domains but we don't trust
theirs.
- use LDAP to query the alternate (netbios) name for a realm, and make
sure that both and long and short forms of the name are accepted by
winbindd. Use the short form by default for listing users/groups.
- rescan the list of trusted domains every 5 minutes in case new trust
relationships are added while winbindd is running
- include transient trust relationships (ie. C trusts B, B trusts A,
so C trusts A) in winbindd.
- don't do a gratuituous node status lookup when finding an ADS DC (we
don't need it and it could fail)
- remove unused sid_to_distinguished_name function
- make sure we find the allternate name of our primary domain when
operating with a netbiosless ADS DC (using LDAP to do the lookup)
- fixed the rpc trusted domain enumeration to support up to approx
2000 trusted domains (the old limit was 3)
- use the IP for the remote_machine (%m) macro when the client doesn't
supply us with a name via a netbios session request (eg. port 445)
- if the client uses SPNEGO then use the machine name from the SPNEGO
auth packet for remote_machine (%m) macro
- add new 'net ads workgroup' command to find the netbios workgroup
name for a realm
(This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
|
|
from itself).
they where alo not clean after use!
Simo.
(This used to be commit 5a257096e9afdcd1dea863dff43952457a74a9f1)
|
|
to check for uppercased strings when we store them not uppercased.
jerry, this fix is needed to make usrmgr.exe work again.
meanwhile we found out that NT_STATUS code may not be appropriate there.
In particular it seem that an NT PDC will send back 02 as error
(ERRbadfile) not 0xc000000f (NT_STATUS_NO_SUCH_FILE NT)
I think further investigation is need to understand which are aprropriate
return codes here.
(This used to be commit 2ad0e81c8da62b7e15ab3e414b5e15a94fe5de87)
|
|
from some of the callers.
Andrew Bartlett
(This used to be commit eb3354aa6c7293df9a728565a6774049b2e6d57f)
|
|
name status query to 14 bytes, so we could not join a DC who had a
netbios name of 15 bytes in length.
(This used to be commit a7588f21c24dac833f098c48e2337c100cf75ba4)
|
|
parm_struct.ptr
this one also fixes log level not shown in swat
fix swat help system
(This used to be commit 7532e828966f3baaa418b528a5b7fe450c488401)
|
|
(This used to be commit 8e906a948196be7d630a9b20f3c3d2cbafd545f1)
|
|
(This used to be commit cb946b5dadf3cfd21bf584437c6a8e9425f6d5a7)
|
|
(This used to be commit 76eacaa28546d65b9ddb7ff356f0bd2aaf2f86d8)
|
|
dictionary into a separate function.
(This used to be commit 10889241d5f5813f499501a45edccc4acd3e9f74)
|
|
(This used to be commit 7bf9ca6ca36fa319a57eab05567d49a003237bb5)
|
|
(This used to be commit 81322f4d63095d828be7983eb4b47775abe8d33f)
|
|
(This used to be commit cf2abf677ed9942d841ef61ffb2565244c8979ac)
|
|
*somthing* in the directory. (Stops cvs update -P eating it).
This is the combined effort of many from #samba-technical, kai, metze,
ctrlsoft, idra and abartlet in particular. It will no doubt change :-)
Andrew Bartlett
(This used to be commit 40fc43296def1f5ac3c23aba8b283a91f1d10239)
|
|
Authenticaions will now attempt to use winbind, and only fall back to
'ntdomain' (the old security=domain) code if that fails (for any reason,
including wrong password).
I'll fix up the authenticaion code to better handle the different types of
failures in the near future.
Andrew Bartlett
(This used to be commit 78f0d4337bd263d26d7b349eaf8148e863c62f69)
|
|
This updates the 'winbind' authentication module and winbind's 'PAM' (actually
netlogon) code to allow smbd to cache connections to the DC.
This is particulary relevent when we need mutex locks already - there is no
parallelism to be gained anyway.
The winbind code authenticates the user, and if successful, passes back the
'info3' struct describing the user. smbd then interprets that in exactly the
same way as an 'ntdomain' logon.
Also, add parinoia to winbind about null termination.
Andrew Bartlett
(This used to be commit 167f122b670d4ef67d78e6f79a2bae3f6e8d67df)
|
|
longer than the buffer they claim to be in.
Many thanks to tridge for explaining the macros.
Andrew Bartlett
(This used to be commit 3efd462bf2f1ed50c108c2b8ddecc461d002745d)
|
|
for spotting this)
(This used to be commit d4c905e5a0a67c8e01a4fcf78aa992a3b7beff02)
|
|
(This used to be commit 0e2207c9c1ce573098f764e85a65c17cc1f1d284)
|
|
Andrew Bartlett
(This used to be commit bc17b91c2f1a1df58614b67bff94f228be6b9bb2)
|
|
Andrew Bartlett
(This used to be commit f77335b6f86c736e72b66eab6a2aee046ddbee41)
|
|
code.
(This used to be commit 3929532e3bfb98b925d73d331c8cbb319fdc8b9a)
|
|
(This used to be commit 9f9e0cbd2c9920b730286f8bf560dc3415c29aa6)
|
|
(This used to be commit aa5beb63f1b1133c4ad28118ddd33e21198d79bb)
|
|
When this option is disabled we should not do *any* netbios
operations. You should also not start nmbd at all. I have put initial
checks in at the major points we do netbios operations in smbd but
there are bound to be more needed. Right now I've disabled all netbios
name queries, all WINS lookups and node status queries in smbd and
winbindd.
I've been testing this option and the most noticable thing is how much
more responsive things are! wthout those damn netbios timeouts things
certainly are much slicker.
(This used to be commit 12e7953bf2497eeb7c0bc6585d9fe58b3aabc240)
|
|
(This used to be commit ced5dc4e05badfb07cbae7a2880825b9bad4e68d)
|