Alexander Bokovoy [Tue, 15 Jul 2003 17:21:21 +0000 (17:21 +0000)]
Add support for MSG_SMB_CONF_UPDATED and MSG_SHUTDOWN to all daemons (smbd, nmbd, winbindd). Reviewed by jerry and tridge.
(This used to be commit
02c5e2fc6f0721ebd82a9e6a2b34190607de55fe)
Volker Lendecke [Tue, 15 Jul 2003 17:00:11 +0000 (17:00 +0000)]
Volker Lendecke [Tue, 15 Jul 2003 16:46:20 +0000 (16:46 +0000)]
Volker Lendecke [Tue, 15 Jul 2003 16:07:50 +0000 (16:07 +0000)]
Jim, could you please look at this? smbpasswd -a <username> was broken
for me without this patch. I'm not sure if I interpreted your patch to
this code right.
Thanks,
Volker
(This used to be commit
46ec022f873416d2258fc8d84430b17319dce70f)
Gerald Carter [Tue, 15 Jul 2003 16:02:51 +0000 (16:02 +0000)]
Mandrake packaging updates from Buchan
(This used to be commit
3fec31d0fd91de6196d56fc7eae145f10c12483c)
Alexander Bokovoy [Tue, 15 Jul 2003 13:00:20 +0000 (13:00 +0000)]
Accept --with-expsam=no as valid option (do nothing on it). Simplifies automatic option generation for spec files
(This used to be commit
4042d965f26d8cc056792df50d0a2a6f3f640e50)
Alexander Bokovoy [Tue, 15 Jul 2003 12:12:15 +0000 (12:12 +0000)]
Fix cut&paste bug in strdup() usage example. Found by Metze
(This used to be commit
38f85593c41b5d9ea1c67beb626724b9e14a5dab)
Alexander Bokovoy [Tue, 15 Jul 2003 09:50:44 +0000 (09:50 +0000)]
Add mandir to installdir target. Otherwise installman fails for clean DESTDIR
(This used to be commit
bb31276c3dfd10bfbc41b7e77e1e1aca1f051453)
Gerald Carter [Tue, 15 Jul 2003 04:38:20 +0000 (04:38 +0000)]
odding some more docs
(This used to be commit
6fdf9f8cd53833294d34aa6dc8d660957c530ae5)
Gerald Carter [Tue, 15 Jul 2003 04:33:37 +0000 (04:33 +0000)]
adding docs on hew parameters I added.
(This used to be commit
7c91c4360ffd5683f063ac2ce8ebadb4b4db9342)
Gerald Carter [Tue, 15 Jul 2003 04:24:37 +0000 (04:24 +0000)]
update docs to reflect the change in default behavior for winbindd
(This used to be commit
140e2fd5d710f5c800399e20a64c8ac4349a7003)
Gerald Carter [Tue, 15 Jul 2003 04:19:57 +0000 (04:19 +0000)]
remove -B and default to dual-daemon mode (-Y to run as a single process)
(This used to be commit
369a914ebefd5625af19b76d71b502e5e13a7147)
Gerald Carter [Tue, 15 Jul 2003 02:27:00 +0000 (02:27 +0000)]
make sure to fallback to rid algoruthm for users not in smbpasswd (e.g. force user = foo)
(This used to be commit
399799c68cbc91cb3908b0d83ee4f51fa3bf3023)
Andrew Bartlett [Tue, 15 Jul 2003 01:07:12 +0000 (01:07 +0000)]
SPNEGO SMB signing is now fixed for NTLMSSP, with kerberos to follow shortly.
Andrew Bartlett
(This used to be commit
2b493813fc09ed9bf21f90bce708e6145cf1b4de)
Gerald Carter [Mon, 14 Jul 2003 19:51:34 +0000 (19:51 +0000)]
fix cache coherency bug in print handle print_info_2 cache.
Needs to be rewritten to use a reference counter, but this
will work for now.
also the memory allocation in the printing code needs to be cleaned
up to use talloc exclusively.
(This used to be commit
3d293027563b36411b7f84ed9d8f47f926271c6f)
Alexander Bokovoy [Mon, 14 Jul 2003 15:03:19 +0000 (15:03 +0000)]
Small documentation fixes from Metze
(This used to be commit
3f63bcb47182f69a7524bf9fcd0198aa116a9c45)
Andrew Bartlett [Mon, 14 Jul 2003 12:56:30 +0000 (12:56 +0000)]
Fix compile error noticed by Ken Cross, use the utility function instead
of an inline replacement...
Andrew Bartlett
(This used to be commit
d941255a97fc6d0d62eae1602075b1aa0481cde5)
Andrew Bartlett [Mon, 14 Jul 2003 10:38:23 +0000 (10:38 +0000)]
Fix SMB signing when using NTLMSSP...
It's so simple now I know how it works - and it has nothing to do with
NTLMSSP (it's just a slightly different use of the old algorithm). :-).
Note: This is actually less secure then the non-NTLMSSP code, as there is
no per-session random data included for NTLM logins. (NTLMv2 is better,
fortunetly).
Andrew Bartlett
(This used to be commit
95ec8317d4c6817d192bcd52eec44a22286e10ee)
Andrew Bartlett [Mon, 14 Jul 2003 08:46:32 +0000 (08:46 +0000)]
Jeremy requested that I get my NTLMSSP patch into CVS. He didn't request
the schannel code, but I've included that anyway. :-)
This patch revives the client-side NTLMSSP support for RPC named pipes
in Samba, and cleans up the client and server schannel code. The use of the
new code is enabled by the 'sign', 'seal' and 'schannel' commands in
rpcclient.
The aim was to prove that our separate NTLMSSP client library actually
implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation,
in the hope that knowing this will assist us in correctly implementing
NTLMSSP signing for SMB packets. (Still not yet functional)
This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with
calls to libsmb/ntlmssp.c. In the process, we have gained the ability to
use the more secure NT password, and the ability to sign-only, instead of
having to seal the pipe connection. (Previously we were limited to sealing,
and could only use the LM-password derived key).
Our new client-side NTLMSSP code also needed alteration to cope with our
comparatively simple server-side implementation. A future step is to replace
it with calls to the same NTLMSSP library.
Also included in this patch is the schannel 'sign only' patch I submitted to
the team earlier. While not enabled (and not functional, at this stage) the
work in this patch makes the code paths *much* easier to follow. I have also
included similar hooks in rpccleint to allow the use of schannel on *any* pipe.
rpcclient now defaults to not using schannel (or any other extra per-pipe
authenticiation) for any connection. The 'schannel' command enables schannel
for all pipes until disabled.
This code is also much more secure than the previous code, as changes to our
cli_pipe routines ensure that the authentication footer cannot be removed
by an attacker, and more error states are correctly handled.
(The same needs to be done to our server)
Andrew Bartlett
(This used to be commit
5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
John Terpstra [Mon, 14 Jul 2003 05:17:52 +0000 (05:17 +0000)]
Typo fixes from Vorlon.
(This used to be commit
4cdadbbbe9d6311b32dfe8e9823ed55dab1c6f1c)
Tim Potter [Mon, 14 Jul 2003 05:13:30 +0000 (05:13 +0000)]
Don't bomb out when trying to unmarshall a zero length printerdata value.
Fixes remote printer publishing of shared printers from a Samba server.
(This used to be commit
7f363fa32d3b660567fc87d5d0b1e1d4dd58461a)
Tim Potter [Mon, 14 Jul 2003 01:49:07 +0000 (01:49 +0000)]
Delete obsolete comment.
(This used to be commit
5416c51133297e866210ec0d8454e04c25541d91)
Tim Potter [Mon, 14 Jul 2003 01:18:43 +0000 (01:18 +0000)]
Undo 'Fix compiler warning'. It didn't work because the value of inbuf changes so
we end up freeing a pointer we didn't mallocate.
Also, calling strdup() in a frequently called function just to clear up a
const compiler warning seems inelegant and inefficient.
(This used to be commit
a0da5ae1198082d0cf18707ed2cf05f728b00d0b)
Simo Sorce [Sun, 13 Jul 2003 21:41:23 +0000 (21:41 +0000)]
use the specific funtion we have to check if a SID belong to our domain
(This used to be commit
a926959391676d69bd7cbaf4ce0be0d3cb715418)
Rafal Szczesniak [Sun, 13 Jul 2003 16:25:55 +0000 (16:25 +0000)]
Fix compiler warning.
(This used to be commit
3a71b4873034b3fe9dc7b23a95e56c865e857507)
Volker Lendecke [Sun, 13 Jul 2003 09:43:58 +0000 (09:43 +0000)]
Argl. Thinking twice and looking at the rest of callers of sid_compare_domain
proved the last patch wrong.
Sorry.
Volker
(This used to be commit
d8695eccc7acdee69ca0d0593b56a417f1f89167)
Volker Lendecke [Sun, 13 Jul 2003 09:38:55 +0000 (09:38 +0000)]
We have an API to compare the domain parts of two SIDs, so use it.
Volker
(This used to be commit
39308ff138da88c1a4c0958cd4c7a9090261d3d5)
Jeremy Allison [Sat, 12 Jul 2003 00:27:22 +0000 (00:27 +0000)]
Fixed memory leaks, added krb5 replay cache. Now I need to add code to check
the incoming addresses....
Jeremy.
(This used to be commit
4e9359a1f67a44b2981579383327ba774e1c31f9)
Gerald Carter [Fri, 11 Jul 2003 18:12:24 +0000 (18:12 +0000)]
patch for domain groups with no members (rpc only) from Ken Cross
(This used to be commit
05ec9c40f40be4d4dbb10b33e0def2374468ff8a)
Richard Sharpe [Fri, 11 Jul 2003 17:50:59 +0000 (17:50 +0000)]
Fix a small typo in a comment and pretty it up a bit.
(This used to be commit
3b5ddd8e1f021f6a38434c0d9a47317ab6ff2614)
Gerald Carter [Fri, 11 Jul 2003 16:37:23 +0000 (16:37 +0000)]
fix sid_to_[uid|gid] (spotted by Volker).
Still testing this, but I'm checking it in
so Volker can test it as well. Should be right.
(This used to be commit
8edf193722f699cc33baed410917a78a5e28d0a4)
Gerald Carter [Fri, 11 Jul 2003 15:17:06 +0000 (15:17 +0000)]
fix unitialised variable
(This used to be commit
5efa0d7cc28d903c1986b8e40072ae49e9532a88)
Gerald Carter [Fri, 11 Jul 2003 15:09:57 +0000 (15:09 +0000)]
fix winbindd init sctipt
(This used to be commit
018b222f9248e6baa02e74e36adbf2332aa4431e)
Herb Lewis [Fri, 11 Jul 2003 14:33:13 +0000 (14:33 +0000)]
use names from enumerated type to get rid of compiler warnings
(This used to be commit
c9d6782e091406ed105b7dc34c8c83e53bfe515e)
Jim McDonough [Fri, 11 Jul 2003 14:33:03 +0000 (14:33 +0000)]
Doesn't re-prompt for password when it is specified on the cmdline
(This used to be commit
6ebe87d318658f28ad9b9f8169fc4400856d5812)
Herb Lewis [Fri, 11 Jul 2003 14:20:12 +0000 (14:20 +0000)]
get rid of CFLAGS from LDSHFLAGS and WINBIND_NSS_LDSHFLAGS and instead
define it in SHLD for those systems the use CC for SHLD.
(This used to be commit
d0e2f3d1098ac0b8fa9165b3a93cd8d325a7a0d9)
Gerald Carter [Fri, 11 Jul 2003 05:33:40 +0000 (05:33 +0000)]
moving more code around.
* move rid allocation into IDMAP. See comments in _api_samr_create_user()
* add winbind delete user/group functions
I'm checking this in to sync up with everyone. But I'm going to split
the add a separate winbindd_allocate_rid() function for systems
that have an 'add user script' but need idmap to give them a RID.
Life would be so much simplier without 'enable rid algorithm'.
The current RID allocation is horrible due to this one fact.
Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow.
Nothing has changed in the way a samba domain is represented, stored,
or search in the directory so things should be ok with previous installations.
going to bed now.
(This used to be commit
0463045cc7ff177fab44b25faffad5bf7140244d)
Tim Potter [Fri, 11 Jul 2003 05:05:08 +0000 (05:05 +0000)]
Fix yet another place where we store a Samba version number. )-:
(This used to be commit
caa36c2f0a935f90472caff3e48fb298067d1447)
Tim Potter [Fri, 11 Jul 2003 04:51:52 +0000 (04:51 +0000)]
Ignore autogenerated files.
(This used to be commit
be28d126a944075949821d6b4af3402be2cd86d6)
Tim Potter [Fri, 11 Jul 2003 04:48:08 +0000 (04:48 +0000)]
Remove references to obsolete codepage binaries, codepages and unicode
map files.
Other part of fix for bug 218.
(This used to be commit
00551b12c7736050fe53592d3955624e67f04994)
Tim Potter [Fri, 11 Jul 2003 04:45:33 +0000 (04:45 +0000)]
Fix references to plain password registry files pointing at an old
location. These files are now in docs/Registry. For some reason only
the PlainPassword files are included in the packaging, not some of the
other useful Samba related registry mods such as sign or seal and
terminal server.
I also removed the reference to checkinstall as it doesn't seem to
exist on the Solaris system in the build farm and I can't figure out
what it is supposed to do (always a good reason to delete something).
docs.solaris.com says "The checkinstall script is only available with
the Solaris(TM) 2.5 and compatible releases" so maybe this file is
obsolete.
Part of fix for bug 218.
(This used to be commit
0699f362c524dc07b84ad23c57e559ec5e4681f8)
Tim Potter [Fri, 11 Jul 2003 03:32:11 +0000 (03:32 +0000)]
Fix for bug 203. Avoid using an autoconf expanded variable preceeded by a backslash
in case the variable is empty. This apparently confuses some makes.
(This used to be commit
1e4043d54c2135b09be8c329f50f132779b4b776)
Tim Potter [Fri, 11 Jul 2003 03:30:18 +0000 (03:30 +0000)]
Rafal Szczesniak [Thu, 10 Jul 2003 23:22:09 +0000 (23:22 +0000)]
Just a few formatting fixed caught while testing.
rafal
(This used to be commit
156554738cf4e4ffa5a811d9979acd19418e7908)
Jelmer Vernooij [Thu, 10 Jul 2003 23:12:00 +0000 (23:12 +0000)]
Document 'security = ads'
(This used to be commit
f197e458b59d7d0c271514bedb9ff3063023cf6f)
Jelmer Vernooij [Thu, 10 Jul 2003 22:40:56 +0000 (22:40 +0000)]
Gerald Carter [Thu, 10 Jul 2003 20:37:01 +0000 (20:37 +0000)]
i guess i'm the only one this ever annyoed...
fix the confusion when we tdb_lock_bystring() but
we retrieve an entry using tdb_fetch_by_string.
It's now always tdb.*bystring()
(This used to be commit
66359531b89368939f0e8f584a45844b5f2f99e7)
Richard Sharpe [Thu, 10 Jul 2003 17:39:05 +0000 (17:39 +0000)]
Final piece of support needed to find iconv libraries on FreeBSD.
This has been tested on RedHat 9.0 with libiconv built in as well as
FreeBSD 4.6.2 with iconv-2.0.3 and biconv.g/libbiconv.
We should perhaps also check for other conversions that just ASCII<-->UCS-2LE
especially because those two names do not appear in charset.aliases for
iconv-2.0.3.
(This used to be commit
53d953da10dbfaf778907f19115e127c5aac1da8)
Richard Sharpe [Thu, 10 Jul 2003 15:23:09 +0000 (15:23 +0000)]
Fix a small problem I seem to have introduced into aclocal.m4
(This used to be commit
b6bb70ea1e2eefbb538290a987390728f002ceac)
Volker Lendecke [Thu, 10 Jul 2003 14:21:43 +0000 (14:21 +0000)]
pdbedit should not call idmap anymore. Otherwise pdbedit -L would
allocate id's.
Volker
(This used to be commit
0358cc76757e7ef06dada94ec3a73cd90a525ba9)
Volker Lendecke [Thu, 10 Jul 2003 14:12:37 +0000 (14:12 +0000)]
Tim Potter [Thu, 10 Jul 2003 08:27:55 +0000 (08:27 +0000)]
Fix shadow parameter warning.
(This used to be commit
8d8d85ecd62dba075d90e54ec75da9b1328784fb)
Richard Sharpe [Wed, 9 Jul 2003 23:01:08 +0000 (23:01 +0000)]
Fix a small spelling mistake and push out the new version of aclocal.m4 to
properly handle iconv on FreeBSD ...
It works on Linux and FreeBSD ...
(This used to be commit
9302401f543bd3684657b38f046dc52a5a732035)
Jelmer Vernooij [Wed, 9 Jul 2003 19:11:38 +0000 (19:11 +0000)]
Don't print status message for every smb.conf option processed - it makes tracking down errors difficult
(This used to be commit
bfa1a247b088735a5a5b891a831acdd9188b78c7)
Jelmer Vernooij [Wed, 9 Jul 2003 19:07:06 +0000 (19:07 +0000)]
First results of 'make undocumented' - fix some typos and remove obsolete option
(This used to be commit
522e5cca1b44a0295bce928a2d2e13017204536b)
Jelmer Vernooij [Wed, 9 Jul 2003 18:51:18 +0000 (18:51 +0000)]
Move find_missing_doc.pl to the docs system
(This used to be commit
087e9af450109d749bfcc3016494d920b6028bf1)
Jelmer Vernooij [Wed, 9 Jul 2003 18:50:17 +0000 (18:50 +0000)]
Add make target 'undocumented'
(This used to be commit
2eaaa3fe69b282f54922b05d20d59f326740f662)
Jelmer Vernooij [Wed, 9 Jul 2003 18:31:43 +0000 (18:31 +0000)]
Be less verbose, support outputting all types of variables(both G and S)
(This used to be commit
20e07f8bfa09031bc1c852444f33c2fc4fa52654)
Jelmer Vernooij [Wed, 9 Jul 2003 18:31:03 +0000 (18:31 +0000)]
Update for docbook XML
(This used to be commit
a61804b5ebc48ac9b9eb5f9b82d47fb4cf78f944)
Gerald Carter [Wed, 9 Jul 2003 16:44:47 +0000 (16:44 +0000)]
Large set of changes to add UNIX account/group management
to winbindd. See README.idmap-and-winbind-changes for details.
(This used to be commit
1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
Gerald Carter [Wed, 9 Jul 2003 03:32:07 +0000 (03:32 +0000)]
more compile fixes for become/unbecome_root()
(This used to be commit
f005f1cf12b839f3985ab00315da63c584ce803e)
Gerald Carter [Wed, 9 Jul 2003 03:25:39 +0000 (03:25 +0000)]
fix linking issues in winbindd with become/unbecome_root() in passdb.c
(This used to be commit
389fe1e51abb533a781f69731a75771cb846d850)
Jeremy Allison [Wed, 9 Jul 2003 00:23:42 +0000 (00:23 +0000)]
Get rid of DISP_USER_INFO/DISP_GROUP_INFO as they serve no useful
purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries.
ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX
functions fail. Getting ready to add caching.
Jeremy.
(This used to be commit
9d0692a54fe2cb087f25796ec2ab5e1d8433e388)
Jeremy Allison [Wed, 9 Jul 2003 00:20:43 +0000 (00:20 +0000)]
Fix up become_root/unbecome_root pairs needed around local passdb
lookups.
Jeremy.
(This used to be commit
6bd47884030c9c124c4bba1f0d57cb8dd916530d)
Jeremy Allison [Wed, 9 Jul 2003 00:01:40 +0000 (00:01 +0000)]
Ensure we correctly test for errors in uid/gid_to sid.
Jeremy.
(This used to be commit
f3c2e73a8c1c592d407542c12c0a445103415bc0)
Jeremy Allison [Tue, 8 Jul 2003 21:58:29 +0000 (21:58 +0000)]
Moved SAM_ACCOUNT marshall/unmarshall functions to make them externally
available. Removed extra auth_init (thanks metze).
Jeremy.
(This used to be commit
88135fbc4998c266052647f8b8e437ac01cf50ae)
Gerald Carter [Tue, 8 Jul 2003 17:19:37 +0000 (17:19 +0000)]
standlone servers don't have any trusted domains
(This used to be commit
4acdfc5c944aa8830d6cec7bd1225200448e45c5)
Gerald Carter [Tue, 8 Jul 2003 17:04:11 +0000 (17:04 +0000)]
fix bone head mistake when setting the uid in the server_info struct.
(This used to be commit
43f21078ec0f885d4d1a0b90476b55f8f92de9e7)
Tim Potter [Tue, 8 Jul 2003 05:37:13 +0000 (05:37 +0000)]
Initialise the uid and gid values to a safe default in make_server_info()
(This used to be commit
3a1f4f5ea5379b0deb6dc6b8ed81dedc3a08f70e)
Gerald Carter [Tue, 8 Jul 2003 03:16:28 +0000 (03:16 +0000)]
fix some formatting
(This used to be commit
fca08b1c8766ef1961a9dedc127224249cac9543)
Gerald Carter [Tue, 8 Jul 2003 02:19:16 +0000 (02:19 +0000)]
fix temporary bug so people can test 3.0 again; make sure to initialize the uid for the server_info struct
(This used to be commit
6a84297da53e8658f4bcfa4951ceed011b69201f)
Tim Potter [Tue, 8 Jul 2003 01:04:06 +0000 (01:04 +0000)]
Jeremy Allison [Mon, 7 Jul 2003 22:29:40 +0000 (22:29 +0000)]
Fix spotted by Nadav Danieli <nadavd@exanet.com> - ensure dev and inode
to fix open mode race condition.
Jeremy.
(This used to be commit
cbde1c8dfcd9d3bef956fe073e7108a54b48844b)
Jeremy Allison [Mon, 7 Jul 2003 21:00:33 +0000 (21:00 +0000)]
Fix the build...
Jeremy.
(This used to be commit
61e9c49cd67e73260738ca2482aa8f8dc5ce7366)
Jeremy Allison [Mon, 7 Jul 2003 20:22:35 +0000 (20:22 +0000)]
Fix from MORIYAMA Masayuki <msyk@mtg.biglobe.ne.jp> for new MB statcache
code. Bug #185.
Jeremy.
(This used to be commit
7a1ac7be42dfb90fd44f2c51810eedcea052386b)
Gerald Carter [Mon, 7 Jul 2003 20:13:59 +0000 (20:13 +0000)]
another compile fix
(This used to be commit
8b52802e5d27bfc2d9dff2f4700e182c33f2b130)
Gerald Carter [Mon, 7 Jul 2003 20:11:53 +0000 (20:11 +0000)]
fix some compile problems. Can't get IDMAP_OBJ our of proto.h
just yet.
`
(This used to be commit
6f0b5d474a051db512db2f73a8097c80964ec513)
Gerald Carter [Mon, 7 Jul 2003 20:00:29 +0000 (20:00 +0000)]
Cleaning up linking issues. sam/idmap*.c only links in
winbindd now. Also removing an unused file.
(This used to be commit
688369c23c604e9b6654fcf07190d2e27c1138cf)
Jeremy Allison [Mon, 7 Jul 2003 17:04:48 +0000 (17:04 +0000)]
Fixed a couple of const issues with the new code.
Jeremy.
(This used to be commit
e9fb6e45086a6170b6f6d5d3295398708ab1af58)
Gerald Carter [Mon, 7 Jul 2003 05:28:51 +0000 (05:28 +0000)]
temporarily disable a sanity check to prevent winbindd from deadlocking
on a Samba PDC. Will be re-enabled after winbind_passdb is done.
(This used to be commit
c4762aa3bc0d5d2dc5161b543b22808a369e0698)
Gerald Carter [Mon, 7 Jul 2003 05:11:10 +0000 (05:11 +0000)]
and so it begins....
* remove idmap_XX_to_XX calls from smbd. Move back to the
the winbind_XXX and local_XXX calls used in 2.2
* all uid/gid allocation must involve winbindd now
* move flags field around in winbindd_request struct
* add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id()
to prevent automatic allocation for unknown SIDs
* add 'winbind trusted domains only' parameter to force a domain member
server to use matching users names from /etc/passwd for its domain
(needed for domain member of a Samba domain)
* rename 'idmap only' to 'enable rid algorithm' for better clarity
(defaults to "yes")
code has been tested on
* domain member of native mode 2k domain
* ads domain member of native mode 2k domain
* domain member of NT4 domain
* domain member of Samba domain
* Samba PDC running winbindd with trusts
Logons tested using 2k clients and smbclient as domain users
and trusted users. Tested both 'winbind trusted domains only = [yes|no]'
This will be a long week of changes. The next item on the list is
winbindd_passdb.c & machine trust accounts not in /etc/passwd (done
via winbindd_passdb)
(This used to be commit
8266dffab4aedba12a33289ff32880037ce950a8)
Tim Potter [Mon, 7 Jul 2003 02:50:09 +0000 (02:50 +0000)]
Call the synchronous version of the ldap delete function otherwise we end up
treating the returned message id as an error code.
(This used to be commit
42fdcef324d7a04e69c0078482e1a6b8a67ade94)
John Terpstra [Sun, 6 Jul 2003 06:56:58 +0000 (06:56 +0000)]
Adding profile acls man entry for smb.conf.5
(This used to be commit
80709d4304a02ca99853df009c5641e65b0ab12b)
Andrew Bartlett [Sun, 6 Jul 2003 06:18:54 +0000 (06:18 +0000)]
Fix ldapsam_getsampwsid to correctly only say 'no such user' when indeed there
is no such user...
Thanks to jerry for spotting this.
Also clean up the function a bit, to avoid this happening again...
Andrew Bartlett
(This used to be commit
d9a6859e2bd963f28cf3c3a62e483e868822597f)
Andrew Bartlett [Sun, 6 Jul 2003 05:51:20 +0000 (05:51 +0000)]
This changes our Unix primary GID behaviour back to what most people expect:
Samba will now use the user's UNIX primary group, as the primary group when
dealing with the filesystem. The NT primary group is ignored in unix.
For the NT_TOKEN, the primary group is the NT priamry group, and the unix
primary group is added to the NT_TOKEN as a supplementary group.
This should fix bug #109, but will need to be revisited when we get a full
NT group database.
Also in this commit:
- Fix debug statements in service.c
- Make idmap_ldap show if it's adding, or modifying an existing DN
- Make idmap_ldap show both the error message and error string
(This used to be commit
32e455a714b2090fcfd1f6d73daccf600c15d51b)
Andrew Bartlett [Sat, 5 Jul 2003 13:51:54 +0000 (13:51 +0000)]
This parameter is unused.
Andrew Bartlett
(This used to be commit
3dd767841666068a1b32c71b03a8e7bc797087be)
Andrew Bartlett [Sat, 5 Jul 2003 11:04:09 +0000 (11:04 +0000)]
Andrew Bartlett [Sat, 5 Jul 2003 10:39:41 +0000 (10:39 +0000)]
Add some debug statments to our vampire code - try to make it easier to track
down failures.
Add a 'auto-add on modify' feature to guestsam
Fix some segfault bugs on no-op idmap modifications, and on new idmappings that
do not have a DN to tack onto.
Make the 'private data' a bit more robust.
Andrew Bartlett
(This used to be commit
6c48309cda9538da5a32f3d88a7bb9c413ae9e8e)
Andrew Bartlett [Sat, 5 Jul 2003 09:46:12 +0000 (09:46 +0000)]
Fixes to our LDAP/vampire codepaths:
- Try better to add the appropriate mapping between UID and SIDs, based
on Get_Pwnam()
- Look for previous users (lookup by SID) and correctly modify the existing
entry in that case
- Map the root user to the Admin SID as a 'well known user'
- Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update'
call on that user. This means that VL's very nice work on atomic LDAP
updates now really gets used properly!
- This also means that we know the right DN to update, without the extra
round-trips to the server.
Andrew Bartlett
(This used to be commit
c7118cb31dac24db3b762fe68ce655b17ea102e0)
Andrew Bartlett [Sat, 5 Jul 2003 08:05:06 +0000 (08:05 +0000)]
PAM should operate on the Unix username, not the NT username (which might not
have the domain\ qualification).
Andrew Bartlett
(This used to be commit
7cfa1e7c4abee10fe8c75e36aee68ee9f557656e)
Andrew Bartlett [Sat, 5 Jul 2003 05:19:28 +0000 (05:19 +0000)]
Allow modification of an existing entry.
We still have a lot of work to do to allow this in quite the same way as we
have in the TDB, but it certainly is getting closer.
Andrew Bartlett
(This used to be commit
b9ef4e138843e3a9d1157e197de0964daf29f0dd)
Jelmer Vernooij [Sat, 5 Jul 2003 01:52:55 +0000 (01:52 +0000)]
Jelmer Vernooij [Sat, 5 Jul 2003 01:50:16 +0000 (01:50 +0000)]
Update from Andrew Bartlett with documentation for
'client lanman auth' and 'client ntlmv2 auth'
(This used to be commit
60f0934a6dc7a34dad42ba86744a1e3426e99967)
Andrew Bartlett [Sat, 5 Jul 2003 01:25:10 +0000 (01:25 +0000)]
Clear up the difference between 'smb signing' and 'sign&seal' - which has to
this point referred to schannel.
Andrew Bartlett
(This used to be commit
b67479076ddf0c51bc7e319d7fc91a5da52eb8bf)
Jelmer Vernooij [Fri, 4 Jul 2003 21:24:31 +0000 (21:24 +0000)]
Add smb_event_id to list of return types (patch from metze)
(This used to be commit
95c4c801fe80a4d8fce366e63b7f92cbf24930e5)
Jeremy Allison [Fri, 4 Jul 2003 18:52:31 +0000 (18:52 +0000)]
More conversions I missed. Thanks metze.
Jeremy.
(This used to be commit
4f78d747e66b38edcd2a5754681f9a01aeaf7864)
Jeremy Allison [Fri, 4 Jul 2003 18:50:21 +0000 (18:50 +0000)]
Fixed strlower changes I missed. Pointed out by metze.
Jeremy
(This used to be commit
da5ee2b765fc321b14e92eb27bde8ec8930b61d4)
Andrew Bartlett [Fri, 4 Jul 2003 14:03:29 +0000 (14:03 +0000)]
Don't allow RIDs (in our domain) below 1000 (or algorithmic rid base) to be
mapped with the rid algorithm.
Instead, a uid/gid from the UID/GID range will be allocated for this RID.
Andrew Bartlett
(This used to be commit
68245e9cfae9a8cb663503301c21498dd9a3a560)
Andrew Bartlett [Fri, 4 Jul 2003 13:35:35 +0000 (13:35 +0000)]
Update WHATSNEW with the further LDAP schema changes in previous commit.
Andrew Bartlett
(This used to be commit
81f84cc57fb39cc8d5edf8cf1005159c67031142)
Andrew Bartlett [Fri, 4 Jul 2003 13:29:42 +0000 (13:29 +0000)]
This patch cleans up some of our ldap code, for better behaviour:
We now always read the Domain SID out of LDAP. If the local secrets.tdb
is ever different to LDAP, it is overwritten out of LDAP. We also
store the 'algorithmic rid base' into LDAP, and assert if it changes.
(This ensures cross-host synchronisation, and allows for possible
integration with idmap). If we fail to read/add the domain entry, we just
fallback to the old behaviour.
We always use an existing DN when adding IDMAP entries to LDAP, unless
no suitable entry is available. This means that a user's posixAccount
will have a SID added to it, or a user's sambaSamAccount will have a UID
added. Where we cannot us an existing DN, we use
'sambaSid=S-x-y-z,....' as the DN.
The code now allows modifications to the ID mapping in many cases.
Likewise, we now check more carefully when adding new user entires to LDAP,
to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount
onto the idmap entry for that user, if it is already established (ensuring
we do not duplicate sambaSid entries in the directory).
The allocated UID code has been expanded to take into account the space
between '1000 - algorithmic rid base'. This much better fits into what
an NT4 does - allocating in the bottom part of the RID range.
On the code cleanup side of things, we now share as much code as
possible between idmap_ldap and pdb_ldap.
We also no longer use the race-prone 'enumerate all users' method for
finding the next RID to allocate. Instead, we just start at the bottom
of the range, and increment again if the user already exists. The first
time this is run, it may well take a long time, but next time will just
be able to use the next Rid.
Thanks to metze and AB for double-checking parts of this.
Andrew Bartlett
(This used to be commit
9c595c8c2327b92a86901d84c3f2c284dabd597e)