| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| | |
committed in auth/auth_compat.c and use the new version to make the plaintext
password change slightly sane... (Needs testing).
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| | |
password check into its own helper funciton. (This will allow it to be called
from other places).
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| | |
case.
Thanks to Nigel Williams <nigel@wednesday.demon.co.uk> for spotting these!
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
degree of seperation betwen reading/writing the raw NamedPipe SMB packets
and the matching operations inside smbd's RPC components.
This patch is designed for no change in behaviour, and my tests hold that to be
true. This patch does however allow for the future loadable modules interface
to specify function pointers in replacement of the fixed state.
The pipes_struct has been split into two peices, with smb_np_struct taking the
information that should be generic to where the data ends up.
Some other minor changes are made: we get another small helper function in
util_sock.c and some of the original code has better failure debugs and
variable use. (As per on-list comments).
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
smbd, and also makes it much cleaner inside winbindd.
It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.
The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.
This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).
Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).
I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string. The actual structures are unchanged
- but the meaning of 'username' in the 'rid' will have changed. (The cache is
invalidated at startup, so on-disk formats are not an issue here).
Andrew Bartlett
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| | |
where stdin is !isatty to allow stripts to work.
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Andrew Bartlett
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| | |
vorlon@netexpress.net
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
<a.bokovoy@sam-solutions.net>.
The idea is the domain\username is rather harsh for unix systems - people don't
expect to have to FTP, SSH and (in particular) e-mail with a username like
that.
This 'corrects' that - but is not without its own problems.
As you can see from the changes to files like username.c and wb_client.c (smbd's
winbind client code) a lot of assumptions are made in a lot of places about
lp_winbind_seperator determining a users's status as a domain or local user.
The main change I will shortly be making is to investigate and kill off
winbind_initgroups() - as far as I know it was a workaround for an old bug in
winbind itself (and a bug in RH 5.2) and should no longer be relevent.
I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters
to determine a user/groups's 'local' status, rather than the presence of the
seperator.
As such, this functionality is recommended for servers providing unix services,
but is currently less than optimal for windows clients.
(TODO: remove all references to lp_winbind_seperator() and
lp_winbind_use_default_domain() from smbd)
Andrew Bartlett
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| | |
<a.bokovoy@sam-solutions.net>
Jeremy.
|
| | |
| |
| |
| |
| | |
we're not returning what the client gave us.
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps
them around for a long time - often past the next call...
This adds a getpwnam_alloc and a getpwuid_alloc to the collection.
These function as expected, returning a malloced structure that can be
free()ed with passwd_free(&passwd).
This patch also cuts down on the number of calls to getpwnam - mostly by
taking advantage of the fact that the passdb interface is already
case-insensiteve.
With this patch most of the recursive cases have been removed (that I know
of) and the problems are reduced further by not using the sys_ interface
in the new code. This means that pointers to the cache won't be affected.
(This is a tempoary HACK, I intend to kill the password cache entirly).
The only change I'm a little worried about is the change to
rpc_server/srv_samr_nt.c for private groups. In this case we are getting
groups from the new group mapping DB. Do we still need to check for private
groups? I've toned down the check to a case sensitve match with the new code,
but we might be able to kill it entirly.
I've also added a make_modifyable_passwd() function, that copies a passwd
struct into the form that the old sys_getpw* code provided. As far as I can
tell this is only actually used in the pass_check.c crazies, where I moved
the final 'special case' for shadow passwords (out of _Get_Pwnam()).
The matching case for getpwent() is dealt with already, in lib/util_getent.c
Also included in here is a small change to register the [homes] share at vuid
creation rather than just in one varient of the session setup. (This picks
up the SPNEGO cases). The home directory is now stored on the vuid, and I
am hoping this might provide a saner way to do %H substitions.
TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change
the remaining sys_getpwnam() callers to use getpwnam_alloc() and move
Get_Pwnam to return an allocated struct.
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
to function again.
Add comment to warn anybody that wants to 'Alphabetize' the list to read crh's
existing comment on the issue.
Andrew Bartlett
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
smbd/nttrans.c:
smbd/open.c: Fixes for delete on close semantics.
Jeremy.
|
| | | |
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| | |
Should allow the buggy spoolss code on NT to work against us.
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
as a key in winbindd_cache.tdb. This meant that a lookupsid of that user's
sid would return the name specified by the user in the previous lookupname
which can result in weird capitalisation issues.
The fix is to do a lookupsid immediately after the lookupname and store the
name returned in the cache file. We also store the username in the
name/sid cache lowercased so as to avoid multiple entries for different
capitalisations of names.
Test case:
rpcclient jonquille -U% -c 'lookupnames npsd-test2\administraTOR'
npsd-test2\administraTOR S-1-5-21-1067277791-1719175008-3000797951-500 (1)
rpcclient jonquille -U% -c 'lookupsids S-1-5-21-1067277791-1719175008-3000797951-500'
S-1-5-21-1067277791-1719175008-3000797951-500 [NPSD-TEST2]\[Administrator] (1)
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Jeremy.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
structure for srv_spoolss_sendnotify(). This will make it easier
to add information to specify changed values.
I'll merge this into HEAD a little later. Not quite done.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| | |
Added aDIR mask for setfileinfo.
Jeremy.
|
| | |
| |
| |
| |
| | |
Found by Andrew at connectathon with some new tests
Jeremy.
|
| | | |
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| | |
code already in HEAD and app-head.
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
