Age | Commit message (Collapse) | Author | Files | Lines |
|
This work was sponsored by Optifacio Software Services, Inc.
Andrew Bartlett
(various e-mails announcements merged into some form of commit message below:)
This patch which adds basics of universal groups support
into Samba 3. Currently, only Winbind with RPC calls supports this, ADS
support requires additional (possibly huge) work on KRB5 PAC. However,
basic infrastructure is here.
This patch adds:
1. Storing of universal groups for particular user logged into Samba
software (smbd/ two winbind-pam methods) into netlogon_unigrp.tdb as array
of uint32 supplemental group rids keyed as DOMAIN_SID/USER_RID in tdb.
2. Fetching of unversal groups for given user rid and domain sid from
netlogon_unigrp.tdb.
Since this is used in both smbd and winbindd, main code is in
source/lib/netlogon_uingrp.c. Dependencies are added to AUTH_OBJ as
UNIGRP_OBJ and WINBINDD_OBJ as UNIGRP_OBJ.
This patch has had a few versions, the final version in particular:
Many thanks to Andrew Bartlett for critics and comments, and partly
rewritten code.
New:
- updated fetching code to changed byte order macros
- moved functions to proper namespace
- optimized memory usage by reusing caller's memory context
- enhanced code to more follow Samba coding rules
Todo:
- proper universal group expiration after timeout
(This used to be commit 80c2aefbe7c1aa363dd286a47d50c5d8b4595f43)
|
|
(This used to be commit 398b4ff0d40d89b3e96d481807f85f15b7a7966a)
|
|
wire... so.
Jeremy.
(This used to be commit b63b76297835ab8227b98925fa8120ffce1a37d9)
|
|
This should make things a little happier...
Andrew Bartlett
(This used to be commit 6ce467a65fdaabbcfac258a1b899c833602b6d92)
|
|
This brings passdb.c down to a much more manageable ~1100 lines and makes it a
little easier to comprehend whats going on here.
Andrew Bartlett
(This used to be commit 28d5ab269cfba5e8410163edb3e0c222ed7f0be1)
|
|
Jeremy.
(This used to be commit 4f1f5f28b514dda86f6f49465bd5887357e37bc6)
|
|
Jeremy.
(This used to be commit 2603ab3c6870f3697751b887e940910713f08985)
|
|
Jeremy.
(This used to be commit 24ee18c77e1b61004d8ed817118a481f3d43e34c)
|
|
Jeremy.
(This used to be commit 01ff6ce4963e1daff019f2b936cef218e1c93f67)
|
|
(This used to be commit 0b0b937b58f4bf4e005fb622f0db19175fc46a47)
|
|
when we free curr_ace_outer we need to not try to use it again :)
(This used to be commit 1c5e19a418136c0ae524e62a4907501212ebac3d)
|
|
with the local machine time changing
(This used to be commit 116c0a0e3baa6a100a816f1ff2722782941ac3dc)
|
|
when switching from rpc to ADS this now should make sense
(This used to be commit ec73d26c7f9a2bbd4b91e9c22850e032b91666e2)
|
|
(This used to be commit 73a59170e6fab3b0f91938a74302750915a04a7a)
|
|
(This used to be commit 4f4f898348c5719b745ff358463fd7d59e3da495)
|
|
(This used to be commit 490d3aaf20f04d04c91c4748896d7a021581a229)
|
|
Andrew Bartlett
(This used to be commit d7fca1806a304cb6eeecfe34d6c5c012c745114f)
|
|
the list received at startup or we get an out of date list. I thought
there might be some sequence number that is incremented when a trusted
domain is added or removed - perhaps there is but I just haven't found it
yet.
- Renamed get_domain_info() to init_domain_list()
- Made an accessor function to return the list of trusted domains rather
than using a global so we don't have to remember to put a magic init
function
- The getent state can not keep a pointer to a winbind_domain structure as
it may be freed if init_domain_list() is called again so we keep the
domain name instead
(This used to be commit 37216c649a394b449eaaaa6644709eafb3bf37ff)
|
|
Replace this with some flags that *we* define. We can do a mapping later
if we actually get some more reliable info about what passwords are actually
valid.
Andrew Bartlett
(This used to be commit 7f7a42c3e4d5798ac87ea16a42e4976c3778a76b)
|
|
(This used to be commit 78814664ef7d41c2f6637b508711ab45647a64f9)
|
|
This fixes up a problem where a machine would join (or downgrade by trust
password change) to NT4 membership and not be able to regain full ADS
membership until a 'net ads leave'.
Andrew Bartlett
(This used to be commit ab8ff85f03b25a0dfe4ab63886a10da81207393c)
|
|
(This used to be commit da4db0373b65d975d5129715d6b1fa725b188766)
|
|
this is actually a workaround for old broken nmbd daemons, especially
from Samba 2.0
(This used to be commit 12021a8de6a1dc2e43cc62f094a57c57283dfaf4)
|
|
swedish" test to client calls. This is putting a length field at the
start of a request so we can disconnect clients talking with an out of date
libnss_winbind.so rather than deadlock them.
Misc cleanups:
- made some int values uint32
- moved WINBIND_INTERFACE_VERSION to start of cmd list
(This used to be commit a4af65b9b93671f13f277d49279a85042a8fd1d5)
|
|
(This used to be commit c5e14d73dffee86ef2dabcf7031eea0da9e32f3d)
|
|
of a define you need to grep for the old name and change ALL places.
(This used to be commit 09e3276fb7207dff73f181072851bd542fb64263)
|
|
smb.conf to get it right.
While wb_client needs its lp_load() for samba dependency reasons, it now uses
the new method both to example and test the new code.
Also add an interface version function, and return the winbind's samba version
string.
In preperation for default domains, its now up to winbindd to reject plaintext
auths that don't have a seperator, but NTLM (CRAP) auths now have two feilds,
hence need parsing.
Andrew Bartlett
(This used to be commit 2bd2a092ee3d49a74d896385688d7c7256aa297e)
|
|
It adds a 'ping' request, just to check winbind is in fact alive
It also changes winbindd_pam_auth_crap to take usernames and domain seperatly.
(backward incompatible change, needs merge to 2.2, but this is not yet released
code, so no workarounds)
Finally, it adds some debugs and fixes a few memory leaks (uses talloc to do
it).
Andrew Bartlett
(This used to be commit 6df29bfe335144a968f5367f624ef2b4cf9e69b0)
|
|
(This used to be commit 63ea2bb0adf5ae742658f479613de90b1eec3db5)
|
|
when they are added or removed on the PDC.
- renamed GETPWNAM_FROM_{UID,USER} constants and functions to GETPW{NAM,UID}
- renamed GETGRNAM_FROM_{GID,GROUP} constants and functions to GETGR{NAM,GID}
- use SIGUSR2 in winbindd for debugging/logging instead of SIGUSR1 in
preparation for moving to smbcontrol type messages (not sure whether to
ditch this altogether or not)
- tidy debugging messages in top level winbind user and group routines
- convert talloc_init() to talloc_init_named()
- make enumerations of the domain list use the same local variable names
(This used to be commit eeb8af9c1a66bfcd80823d7b406acbab79857a16)
|
|
(This used to be commit 85d3ffb2709258e576191adade9c61b11e83eec5)
|
|
in any of these fields, they can corrupt the output. We
should remove them.
(This used to be commit 934aacdb39a0c21c43505dbba696b746f1333df3)
|
|
Jeremy.
(This used to be commit 02b18f2cca6d6d046d2d8fd7375b207d44031ddc)
|
|
Make it up as we go along... :-).
Jeremy.
(This used to be commit 4289fe3499e49c3ed356eff55ffbcfef4dca72af)
|
|
Jeremy.
(This used to be commit 2591361fa860b3f9480c0c29e433c15d45d9abe4)
|
|
Jeremy.
(This used to be commit ee8c8add7f83d7a794546769c59c85ef8bb5b89a)
|
|
I think configure.in just beat it to the repository so the timestamp of
configure.in is newer than configure. )-:
(This used to be commit ee0a6f8d26a594bb3d0ee266a0229f3046590270)
|
|
Jeremy
(This used to be commit 6210d4aa196c944e47076e316980f76ac9c6b02d)
|
|
the specifies the units that st_blocks is in. The reason for this is
that HPUX uses 8k, AIX uses a #defined constant and everyone else (tm)
uses 512 byte units.
Needed for the CIFS UNIX extensions - coming to a Samba server near
you soon.... :-).
Jeremy.
(This used to be commit 38cfffea5f0d7f5ff676f83204a2923247dce9d5)
|
|
Jeremy.
(This used to be commit a99e0cec1e2596c5bc89932e64de301f3fb9ae86)
|
|
Jeremy.
(This used to be commit 4f703b84cd7f258ae0169d52ca761b9404ccb348)
|
|
prompt dmalloc to log information about what happening, so you can see
in flight why smbd is getting bloated.
(This used to be commit bcb443c5c4bf97fe6b5b0993e42496c2e64f0124)
|
|
ahead of the service name (in standard Unix fashion) then smbclient
just spits out the usage message with no explanation of what in
particular was wrong. Is there any reason we can't just parse out the
service name and password after running getopt??
(This used to be commit 5f6feb55d7e7566549141ebb1786b6f2f9f2645b)
|
|
Also more insertion of parenthesis to handle struct members called
'free'.
You can now get useful dmalloc output, as long as it is compatible
with your C library. On RH7.1 it looks like you have to rebuild
dmalloc to allow free(0) by default, because something in libcrypt
does that. (sigh)
(This used to be commit 391cbb690196537c8b6292b42c2e27408cc7e249)
|
|
like strcat
(This used to be commit fb8ab69b6f638c41d734282488be91d85b4ec057)
|
|
(This used to be commit 7bbfb29842b27938862a63834eef9b60ac568256)
|
|
gcc warnings about unused parameters.
(This used to be commit b29775d442c36f667a6db5ba9dbe47d1a133525f)
|
|
gcc warnings about unused parameters.
msg_pool_usage: assert msg_type is as expected.
(This used to be commit 3ef135e91aaebf9648c4dd13f59686f57f4cff70)
|
|
change the version number also.
Jeremy.
(This used to be commit 3dec9cf99a82bd15626eb99e7d937ff00183cc05)
|
|
(This used to be commit a57e13b8b661dd41e8036f862c708b5d3ced82e6)
|