| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
| |
that app-head does.
Jeremy.
|
| |
|
|
| |
Added directory specific access mask bits.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The actual design change is relitivly small however:
It all goes back to jerry's 'BOOL store', added to many of the elements in a
SAM_ACCOUNT. This ensured that smb.conf defaults did not get 'fixed' into
ldap. This was a great win for admins, and this patch follows in the same way.
This patch extends the concept - we don't store values back into LDAP unless
they have been changed. So if we read a value, but don't update it, or we
read a value, find it's not there and use a default, we will not update
ldap with that value. This reduced clutter in our LDAP DB, and makes it
easier to change defaults later on.
Metze's particular problem was that when we 'write back' an unchanged value,
we would clear any muliple values in that feild. Now he can still have his
mulitivalued 'uid' feild, without Samba changing it for *every* other
operation.
This also applies to many other attributes, and helps to eliminate a nasty
race condition. (Time between get and set)
This patch is big, and needs more testing, but metze has tested usrmgr, and
I've fixed some pdbedit bugs, and tested domain joins, so it isn't compleatly
flawed ;-).
The same system will be introduced into the SAM code shortly, but this fixes
bugs that people were coming across in production uses of Samba 3.0/HEAD, hence
it's inclusion here.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
| |
also try to uniform names to a clean scheme.
first part.
|
| |
|
|
| |
the ones for debuglevel and configuration file in pdbedit
|
| |
|
|
|
| |
MAX_PRINT_JOBS in a queue.
Jeremy.
|
| | |
|
| |
|
|
| |
from APP_HEAD
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
<belanger@yahoo.com>.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to reduce complexity, this patch removes the upper layer of the SAM
API. Also, we remove the function pointers on the sam context - there really
is no point making these replaceable - that's for the modules.
Move a number of functions in include/interface.c around to allow for use of
'static' and to keep the external API in one chunk, at the bottem. All these
functions were renamed to remove the context_sam -> sam
Consequential changes in the samtest module, and back out metze's change for
ACB filtering, becouse I think it belongs in the SAM backeds. (But I will take
debate on this one).
Changes to the lib/util_sid.c code to create a 'system' token, and make it a
SAM_ASSERT() enforced requirement to have a token on those calls that specify
it. samtest now uses this.
We should have a samtest call to set your own token.
We also need to extend our se_access code to cover the things that Win2k is
returning in it's access tokens. Currently our system token doesn't pass, due
to unexpected flags. (When running sam_ads against Win2k)
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This module, primarilly the work of "Stefan (metze) Metzmacher"
<metze@metzemix.de>, uses the Active Directory schema to store the
user/group/other information. I've been testing it against a real AD server,
and it is intended to work with OpenLDAP as well.
I've moved a few functions around in our other libads code, which has made it
easier to tap into that existing code.
Also, I've made some changes to the SAM interface, I hope there are not too
many objections... To ensure we don't get silly bugs in the skel module, it
is now in the default compile. This way you should not forget to update it :-)
Andrew Bartlett
|
| |
|
|
|
|
|
|
| |
a 3.0 based PDC.
Change defaults to use SSL, so that this also matches.
Andrew Bartlett
|
| |
|
|
| |
branch.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
control bits right on the SAMR pipe.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
better job of working with usrmgr. Previously we were blanking out entires,
and all sort of mischif.
The new patch (which I've now had a chance to test/modify) also takes care not
to expand % values (ie we go \\%L\%U -> \\server\user, we don't want to store
\\server\user back) and to correctly notice 'not set' compared to 'null string'
etc.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pdb_ldap and adds a 'ldap passwd sync' option.
The idea with this option is to do allow an ldap backend to do all the fancy
password hashing etc - and to tell smbd no to try and double-up. Using 'ldap
passwd sync = only' will do this, but is not recommended unless such a backend
is in place...
Running 'ldap passwd sync = yes' just gets you the same as doing 'pam passwd
sync = yes' and having both PAM and pam_ldap correctly configured for 'magic
root' behaviour, but only using ldap connection, and one set of credentials.
This also gets us closer to allowing ldap to say 'password too short' etc,
which might assist in maintaining a consistant password policy.
Andrew Bartlett
|
| |
|
|
| |
See mx-ldap.sf.net for his current progress.
|
| |
|
|
| |
if we ever want to get rid of the magic macros.
|
| |
|
|
|
|
|
|
| |
and domainname
- Allocate sam_methods, set domain_sid, domain_name and backend_name in make_sam_methods_backend_entry instead of in the backend
- Remove sam_context and domain_sid pointers from the sam_init_function - we don't need those arguments anymore since they're
available in sam_methods as well
|
| |
|
|
| |
Volker
|
| |
|
|
|
| |
Fix small bug in sam/interface.c
Make sam backend to default to a define
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
the DC being out of sync with the local machine.
|
| |
|
|
|
| |
--with-ads=no or ./configure --without-ads Samba will build without
linking to the various kerberos libraries.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
still needs more work. Don't add --with-sendfile-support yet...
Jeremy.
|
| |
|
|
| |
Added new SWAT Flags for Advanced and Developer modes.
|
| | |
|
| |
|
|
| |
field.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
| |
and doesn't actually call sendfile. Needs to be vectored through the
VFS and tested on all supported platforms (Solaris/HPUX/FreeBSD/Linux).
Linux doesn't actually work (2.4.19 kernel) at the moment because it
doesn't have a 64-bit clean sendfile.
Jeremy.
|
| |
|
|
|
| |
pushing it onto the blocking queue.
Jeremy.
|
| | |
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The global winbind file descriptor can cause havoc in some situations -
particulary when it becomes 0, 1 or 2. This patch (based on some very nice
work by Hannes Schmidt <mail@schmidt-net.via.t-online.de>) starts to recitfy
the problem by ensuring that the close-on-exec flag is set, and that we move
above 3 in the file descriptor table.
I've also decided that the PAM module can close it's pipe handle on every
request - this isn't performance-critical code.
The next step is to do the same for nss_winbind. (But things like getent()
might get in our way there).
This also cleans up some function prototypes, puts them in just one place.
Andrew Bartlett
|
| |
|
|
|
|
|
|
| |
#ifdef mess...) in readline.c, we don't need or use them in the rest of Samba.
(This OK was of course conditional on 'if you break it, you better fix it...')
Andrew Bartlett
|
| |
|
|
| |
SAM_ASSERT if we are not going to crash.
|
