Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 8929f07a15e7c6f6dbc72b1c50b45eb4c321d516)
|
|
(This used to be commit 1f7172b48e77dcda8bfd20d8e79a90b523727493)
|
|
Jeremy.
(This used to be commit 0db93d8752197e213f0974edae53e2dafdd77b51)
|
|
the "password server" smb.conf parameter when choosing a DC to connect to.
Due to the origin of the code in cm_get_dc_name() it wouldn't try
additional DCs if the first DC didn't work. This would wedge winbindd if you
had "password server = foo1, foo2" and foo1 was down.
(This used to be commit fc7ed1b4a8774a6a07a8d8fd08d9d2f15cd5c1dc)
|
|
Added TODO about perhaps doing a SAMLOGON udp/138 request before a
cli_full_connection in connect_to_domain_password_server()
(This used to be commit b61e40a5be3b8bacc74399902169755dbc4c7fca)
|
|
(This used to be commit 97b243c488e8b976e40c6d873282a153f80c06e4)
|
|
(This used to be commit 7c2d7205938ddd958b8399599febbf63ac4c8a88)
|
|
(This used to be commit 04f492980b73800b60dde764fdeb43f2eab79624)
|
|
(This used to be commit 05adb30eabceea0ebbd7a7831533e2d4f20e58c8)
|
|
than only doing unicode. smbfs didn't work.
(This used to be commit 95857a3515d67effb1242ca07daa5643458bb2f0)
|
|
(This used to be commit 9b63a872239bf7757c802bb3db3761cf3ec66e85)
|
|
idra has promised not to revert these this time :-)
(This used to be commit f556ad67e82518f5a024ffe9184ff9430ab5c541)
|
|
This due for abstraction into chgpasswd.c shortly.
Andrew Bartlett
(This used to be commit 635942ae21793136814a84b1d344f411a5d6e242)
|
|
(This used to be commit 6025ab201aa34bbf4a7e897149ef6ba370a89703)
|
|
(This used to be commit 8ed7c1ffad2df03c66151c1dfe7477301bd3ebad)
|
|
Jeremy.
(This used to be commit 6406a42d012184f5289d4a2b1c07a55556635fe4)
|
|
(This used to be commit 38d2d26af9ef4d90dcb57fa940267f7136876191)
|
|
* PRINTER_ATTRIBUTE's
* "default devmode" parameter
(This used to be commit 90a7a1840b4823d4ebe047130a95dd15a824500b)
|
|
Jeremy.
(This used to be commit 443d2530a7fe32392bdb8c7d38a10b7071392b13)
|
|
in clirap2.
(This used to be commit 935955b50ff503d18265f745e6e0df90d3e5dd4b)
|
|
routines can work. The code was copied into both convert_string and
convert_string_allocate -- I split it into a little static function,
and removed an apparently duplicate call to init_valid_table().
(This used to be commit 7f7d22880d40c7344bc402203dd150255fc694cf)
|
|
Sometimes an open error is OK.
(This used to be commit 5fb3be62910faf91e0e8381ba91f314f2092cb8e)
|
|
(This used to be commit 96c36e51ee4df4c46e5e9e611844dfa83260f606)
|
|
(This used to be commit e05c9b34f084874fef3d9e6f39484242ed541940)
|
|
(This used to be commit fa05a7de6d2311293242825dc98596d8e42c6249)
|
|
(This used to be commit 025a0ea8bac876633b790b62558a8ec1b7460e1b)
|
|
Jeremy.
(This used to be commit 61b4ce7aef53ab82bdc5bc214e50c1891e097c11)
|
|
work from Juergen.Hasch@de.bosch.com in tracking this down.
Jermy.
(This used to be commit 40060fe3459cf103a143c324f99c2233a8e53825)
|
|
same reason as per pdb_tdb.c
there isn't (and will never be probably) another call to any getpw* fn,
let's use getpwnam_alloc only when needed.
(This used to be commit f12361b1327306e6a3fcf8ff138413ad9a6c69a3)
|
|
(This used to be commit 57a145bff6b382e6dc9a9af96451175d81462c8d)
|
|
(This used to be commit 7f7a15e09a53a03dd423d40201f037f8da049cd7)
|
|
We are not going to reuse any getpw* call, so the extra alloc,copy and free
only uses extra memory and extra cpu time for nothing.
(This used to be commit 5c0bb0487bec00df494b72b64ddf274f42bfefea)
|
|
smbclient -L //nautilus1/
should definitely not say "unknown host "nautilus1/". Sheesh.
(This used to be commit 1cd431b8f17e5ac394436d31f64032387ca11930)
|
|
(This used to be commit 6380f9ff7a57975b9827fb7252439ee28a25970d)
|
|
(This used to be commit 59905d44e51d83f2d4a7b6844e0ae764e0b35c0c)
|
|
(This used to be commit f8208458b3ac05743932d96e4d0a919adc0d9e55)
|
|
(the passdb backend is case-insensitive, so there isn't any point to this).
Andrew Bartlett
(This used to be commit 5e868b403340d84d68c1831a09bf1a4dd710da90)
|
|
Andrew Bartlett
(This used to be commit a96503475d9c1d91c2dfcdebb4f60183432d9aff)
|
|
I *love* automated testing - this one got picked up by the build farm.
Andew Bartlett
(This used to be commit b19296172a75449a27eb9f674c74c462b146e717)
|
|
(This used to be commit e67c7c5852624bcdd5c565ea5f00b143aaf7fee4)
|
|
(This used to be commit e8a891354d307b2352eac375b9be02d7616cdb61)
|
|
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
|
|
This time its the pdb_getsampwuid() function - which was only being used by the
SAMR rpc subsystem to gain a 'user session key'. This 'user session key' is
actually generated at login time, and the other changes here simply move that
data around.
This also means that (when I check some details) we will be able to use the
user session key, even when we are not actually the DC, becouse its one of the
components of the info3 struct returned on logon.
Andrew Bartlett
(This used to be commit 799ac01fe08a338e4e94289f5d6767ebf905c1fa)
|
|
conversion across to the pdb_set...() interface.
Now we only set strings that are non-null. This allows Win2k to join the
domain again, particularly when using tdbsam.
Andrew Bartlett
(This used to be commit 6d0b3d051f8f74ea6235173a89e96f5934aff4f3)
|
|
committed in auth/auth_compat.c and use the new version to make the plaintext
password change slightly sane... (Needs testing).
Andrew Bartlett
(This used to be commit 996d0cd89cf9da5e9749f136f013cc4a8b977ee0)
|
|
password check into its own helper funciton. (This will allow it to be called
from other places).
Andrew Bartlett
(This used to be commit 9e96f438057da21254f40facdd9a31dd20652f35)
|
|
case.
Thanks to Nigel Williams <nigel@wednesday.demon.co.uk> for spotting these!
Andrew Bartlett
(This used to be commit 20e0b562283f75606ac9a36f3f104c6aaa294c40)
|
|
degree of seperation betwen reading/writing the raw NamedPipe SMB packets
and the matching operations inside smbd's RPC components.
This patch is designed for no change in behaviour, and my tests hold that to be
true. This patch does however allow for the future loadable modules interface
to specify function pointers in replacement of the fixed state.
The pipes_struct has been split into two peices, with smb_np_struct taking the
information that should be generic to where the data ends up.
Some other minor changes are made: we get another small helper function in
util_sock.c and some of the original code has better failure debugs and
variable use. (As per on-list comments).
Andrew Bartlett
(This used to be commit 8ef13cabdddf58b741886782297fb64b2fb7e489)
|
|
smbd, and also makes it much cleaner inside winbindd.
It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.
The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.
This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).
Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).
I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string. The actual structures are unchanged
- but the meaning of 'username' in the 'rid' will have changed. (The cache is
invalidated at startup, so on-disk formats are not an issue here).
Andrew Bartlett
(This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
|
|
Jeremy.
(This used to be commit 7c5c035e417b45acebc3580c4fdc80a7ef3306ce)
|