| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
| |
processing work correctly in winbindd. This is a really good patch
that gives full select semantics to the Samba modified select.
Jeremy.
|
| | |
|
| |
|
|
| |
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
winbind default domains, particulary now I understand whats going on a lot
better. This ensures that the RPC client code does as little 'magic' as
possible - this is up to the application/user. (Where - for to name->sid code
- it was all along). This leaves the change that allows the sid->name code to
return domains and usernames in seperate paramaters.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
| |
info3. These are RIDs, and it only makes sense to combine them with the domain
SID returned with them. This is important for trusted domains, where that sid
might be other than the one we currently reterive from the secrets.tdb.
Also remove the become_root()/unbecome_root() wrapper from around both
remaining TDB users: Both are now initialised at smbd startup.
Andrew Bartlett
|
| | |
|
| |
|
|
| |
in clirap2.
|
| | |
|
| |
|
|
|
|
|
|
| |
case.
Thanks to Nigel Williams <nigel@wednesday.demon.co.uk> for spotting these!
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
smbd, and also makes it much cleaner inside winbindd.
It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.
The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.
This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).
Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).
I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string. The actual structures are unchanged
- but the meaning of 'username' in the 'rid' will have changed. (The cache is
invalidated at startup, so on-disk formats are not an issue here).
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
<a.bokovoy@sam-solutions.net>.
The idea is the domain\username is rather harsh for unix systems - people don't
expect to have to FTP, SSH and (in particular) e-mail with a username like
that.
This 'corrects' that - but is not without its own problems.
As you can see from the changes to files like username.c and wb_client.c (smbd's
winbind client code) a lot of assumptions are made in a lot of places about
lp_winbind_seperator determining a users's status as a domain or local user.
The main change I will shortly be making is to investigate and kill off
winbind_initgroups() - as far as I know it was a workaround for an old bug in
winbind itself (and a bug in RH 5.2) and should no longer be relevent.
I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters
to determine a user/groups's 'local' status, rather than the presence of the
seperator.
As such, this functionality is recommended for servers providing unix services,
but is currently less than optimal for windows clients.
(TODO: remove all references to lp_winbind_seperator() and
lp_winbind_use_default_domain() from smbd)
Andrew Bartlett
|
| | |
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
| |
-> NT STATUS
maps. Fixes problem with disk full returning incorrect error.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
| |
functions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This work was sponsored by Optifacio Software Services, Inc.
Andrew Bartlett
(various e-mails announcements merged into some form of commit message below:)
This patch which adds basics of universal groups support
into Samba 3. Currently, only Winbind with RPC calls supports this, ADS
support requires additional (possibly huge) work on KRB5 PAC. However,
basic infrastructure is here.
This patch adds:
1. Storing of universal groups for particular user logged into Samba
software (smbd/ two winbind-pam methods) into netlogon_unigrp.tdb as array
of uint32 supplemental group rids keyed as DOMAIN_SID/USER_RID in tdb.
2. Fetching of unversal groups for given user rid and domain sid from
netlogon_unigrp.tdb.
Since this is used in both smbd and winbindd, main code is in
source/lib/netlogon_uingrp.c. Dependencies are added to AUTH_OBJ as
UNIGRP_OBJ and WINBINDD_OBJ as UNIGRP_OBJ.
This patch has had a few versions, the final version in particular:
Many thanks to Andrew Bartlett for critics and comments, and partly
rewritten code.
New:
- updated fetching code to changed byte order macros
- moved functions to proper namespace
- optimized memory usage by reusing caller's memory context
- enhanced code to more follow Samba coding rules
Todo:
- proper universal group expiration after timeout
|
| |
|
|
| |
Jeremy.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This fixes up a problem where a machine would join (or downgrade by trust
password change) to NT4 membership and not be able to regain full ADS
membership until a 'net ads leave'.
Andrew Bartlett
|
| |
|
|
|
| |
this is actually a workaround for old broken nmbd daemons, especially
from Samba 2.0
|
| |
|
|
|
|
|
| |
- put in some level 10 debugs so we can see what internal_resolve_name()
is doing
- remove duplicates from returned ip list of internal_resolve_name()
|
| |
|
|
| |
(invalid handle) though. )-:
|
| |
|
|
| |
Make the offered and needed buffer size into parameters.
|
| |
|
|
| |
Patch from Alexander Bokovoy <a.bokovoy@sam-solutions.net>
|
| |
|
|
|
| |
- converted OpenPrinterEx and ClosePrinter to WERROR instead of NT_STATUS
- doc
|
| | |
|
| | |
|
| |
|
|
|
| |
One day I'll get around to refactoring the DOS error handling so it mirrors
the NT error handling code.
|
| |
|
|
| |
to NT_STATUS_UNSUCCESSFUL according to AB's funky new error map.
|
| | |
|
| | |
|
| |
|
|
|
| |
This applies only to the NT->Dos map, I'm still trying to come up with a way to
do the reverse.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This new table is rather different to the old one (see diff posted to the
list for a sorted list of differences) and needs a *lot* of testing.
It does however seem to line up much better with what NT is using, as
exampled by the change to the OBJECT_NAME_COLLISION DOS error, it now matches
win2k where it didn't before.
I can't see any critical errors we now get wrong, and I know that the auth
errors are correct as per my on-the-wire observations.
This table was produced (and I hope to comment this better later) by
using the ERRMAPEXTRACT smbtorture tool, a Win2k domain member and the
'name_to_ntstatus' auth module on the HEAD PDC. This module returned
the username as the error, and the NT box was forced to give me a dos
error becouse thats all I negotiated on that connection. Hence the map.
Andrew Bartlett
|
| |
|
|
| |
stuck in an infinite loop.
|
| |
|
|
|
|
|
|
| |
commands in rpcclient. Replacing ERROR_INSUFFICIENT_BUFFER with
NT_STATUS_BUFFER_TOO_SMALL fixes it. Yay!
I always thought the caller (i.e cmd_spoolss.c) should take care of the
whole requested/needed buffer size thingy though...
|
| |
|
|
|
|
|
| |
I'll post the changes to the actual map to the list for comment, but this fixes
the 'unknown' case.
Andrew Bartlett
|
| |
|
|
|
|
| |
code.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
| |
presupplied challange-response pairs, and only using the 'network' version.
This will be used to move the auth subsystem over to a libsmb (rather than
rpc_client) base.
Andrew Bartlett
|
| | |
|
| | |
|
| |
|
|
|
|
| |
cli_reg.c - indentation
pdb_ldap.c - some checks on init fns parameters
pdb_tdb.c - some checks on init fns parameters + make sure we close the db on failure
|
| | |
|
| |
|
|
| |
- don't display Domain=[] for auth protocols that don't give us a domain
|
