| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| | |
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
vorlon@netexpress.net
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
<a.bokovoy@sam-solutions.net>.
The idea is the domain\username is rather harsh for unix systems - people don't
expect to have to FTP, SSH and (in particular) e-mail with a username like
that.
This 'corrects' that - but is not without its own problems.
As you can see from the changes to files like username.c and wb_client.c (smbd's
winbind client code) a lot of assumptions are made in a lot of places about
lp_winbind_seperator determining a users's status as a domain or local user.
The main change I will shortly be making is to investigate and kill off
winbind_initgroups() - as far as I know it was a workaround for an old bug in
winbind itself (and a bug in RH 5.2) and should no longer be relevent.
I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters
to determine a user/groups's 'local' status, rather than the presence of the
seperator.
As such, this functionality is recommended for servers providing unix services,
but is currently less than optimal for windows clients.
(TODO: remove all references to lp_winbind_seperator() and
lp_winbind_use_default_domain() from smbd)
Andrew Bartlett
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
<a.bokovoy@sam-solutions.net>
Jeremy.
|
| |
|
|
|
| |
we're not returning what the client gave us.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps
them around for a long time - often past the next call...
This adds a getpwnam_alloc and a getpwuid_alloc to the collection.
These function as expected, returning a malloced structure that can be
free()ed with passwd_free(&passwd).
This patch also cuts down on the number of calls to getpwnam - mostly by
taking advantage of the fact that the passdb interface is already
case-insensiteve.
With this patch most of the recursive cases have been removed (that I know
of) and the problems are reduced further by not using the sys_ interface
in the new code. This means that pointers to the cache won't be affected.
(This is a tempoary HACK, I intend to kill the password cache entirly).
The only change I'm a little worried about is the change to
rpc_server/srv_samr_nt.c for private groups. In this case we are getting
groups from the new group mapping DB. Do we still need to check for private
groups? I've toned down the check to a case sensitve match with the new code,
but we might be able to kill it entirly.
I've also added a make_modifyable_passwd() function, that copies a passwd
struct into the form that the old sys_getpw* code provided. As far as I can
tell this is only actually used in the pass_check.c crazies, where I moved
the final 'special case' for shadow passwords (out of _Get_Pwnam()).
The matching case for getpwent() is dealt with already, in lib/util_getent.c
Also included in here is a small change to register the [homes] share at vuid
creation rather than just in one varient of the session setup. (This picks
up the SPNEGO cases). The home directory is now stored on the vuid, and I
am hoping this might provide a saner way to do %H substitions.
TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change
the remaining sys_getpwnam() callers to use getpwnam_alloc() and move
Get_Pwnam to return an allocated struct.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
| |
to function again.
Add comment to warn anybody that wants to 'Alphabetize' the list to read crh's
existing comment on the issue.
Andrew Bartlett
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
oplocks and really shouldn't be used
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
| |
-> NT STATUS
maps. Fixes problem with disk full returning incorrect error.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
HEAD soon.
Jeremy.
|
| |
|
|
| |
and constness changes.
|
| | |
|
| | |
|
| |
|
|
|
| |
Just leave the fstrcpy/pstrcpy bugfix, and conversion to pstr_sprintf
rather than manual calculation of length.
|
| | |
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
| |
Anyway, this makes it slightly sane, but we may decide to smb_panic() here
instead.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
| |
example of the scope of change the new pstrings would entail:
basically inserting PSTR() or FSTR() everywhere you need to coerce one
to a char*.
It's also a good example of the kind of bug we might catch: on about
line 540, we were doing a pstrcpy into an fstring, which might
overflow. It's not a problem in this particular case, but it is in
general.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
after further testing in 2.2 branch.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Also set the default value of all the allocated strings to "" to avoid changing
the interface (becouse pdb_get...() would point to a null string, rather than a
null pointer and parts of samba rely on that).
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These strings are allocated using talloc(), either using its own memory context
stored on the SAM_ACCOUNT or one supplied by the caller.
The pdb_init_sam() and pdb_free_sam() function have been modifed so that a call
to pdb_free_sam() will either clean up (remove hashes from memory) and destroy
the TALLOC_CTX or just clean up depending on who supplied it.
The pdb_init_sam and pdb_free_sam functions now also return an NTSTATUS, and I
have modified the 3 places that actually checked these returns.
The only nasty thing about this patch is the small measure needed to maintin
interface compatability - strings set to NULL are actually set to "".
This is becouse there are too many places in Samba that do strlen() on these
strings without checking if they are NULL pointers.
A supp patch will follow to set all strings to "" in pdb_default_sam().
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
|
| |
screen-full of kerberos warnings.
This is almost as good, and I can actually see the Samba warnings.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
| |
memory.
The winbind connection caching code isn't exactly a plesent beast, and there is
more work that needs to be done to nail this properly.
Andrew Bartlett
|
| |
|
|
|
|
|
|
| |
This occured when the attempt to contact the PDC failed. The connection code
has already shut down the connection, and 'free'ed the cli or has never
initialised it in the first place.
Andrew Bartlett
|
| |
|
|
|
|
| |
of the connections db on smbd startup. This should fix the Solaris large
load bug.... (fingers crossed).
Jeremy.
|
| |
|
|
| |
otherwise all the memory will be seen as still reachable.
|
| | |
|
