| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
Part of Samuel Ziegler's patch to get winbind password changing working
again in HEAD.
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
| |
init_group_mapping() a static function and don't call it from any client
programs.
Not sure whether I've made a bigger mess here or not...
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
<a.bokovoy@sam-solutions.net>.
This patch is designed to remove the 'special cases' required for this support.
In particular this now kills off winbind_initgroups, as it appears no longer to
be required.
Andrew Bartlett
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
| |
group mapping init failures.
|
| |
|
|
|
|
|
|
|
| |
much saner :-).
Change to pdb_init_sam()/pdb_free_sam() loop rather than reset based due to
the talloc basis.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
|
|
| |
- Rework the name -> sid lookup function to always try local lookup first (for
local domain names) before trying winbind. This seems to eliminate my winbind
feedback loop problems. (I don't use winbind for nsswitch, where there are
almost certainly further issues).
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
| |
winbind default domains, particulary now I understand whats going on a lot
better. This ensures that the RPC client code does as little 'magic' as
possible - this is up to the application/user. (Where - for to name->sid code
- it was all along). This leaves the change that allows the sid->name code to
return domains and usernames in seperate paramaters.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
| |
this might need a bit more work - or at least documentation.
This is certainly a worthwile little hack, as it avoids the need to invert the
group database. I don't think we should allow unqualified domains here - as
that allows us to distinguish between (at least some) usernames and these
'special' groups.
|
| |
|
|
|
|
|
| |
to the function. This fixes a nice little segfault the brute-force-casting
created. :-)
Andrew Bartlett
|
| |
|
|
|
| |
varioius crazy 'if winbind didn't find it' cases. This makes winbind default
domain support easier to intergrate with smbd.
|
| |
|
|
| |
and its new args.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
in become_root()/unbecome_root().
Also only allocate the memory the client reqests - and don't allow the client
to trigger an SMB_ASSERT if they ask for 'more'.
Up the maximum number of sids allowed, and note that this is an arbiary guess,
and can be raised without consequence.
Andrew Bartlett
|
| |
|
|
| |
just make it harder to debug (gcc stips optomises them away).
|
| |
|
|
| |
make its use clearer.
|
| |
|
|
|
|
|
|
|
| |
the sid->uid and uid->sid conversions.
Remove some duplicate arguments from these funcitons, and update the
request/response structures for this and the 'winbind domain name' feature.
As such 'winbindd_lookup_name' now takes both a domain and username.
|
| | |
|
| |
|
|
|
|
|
|
| |
correctly) be no longer needed. This is in aid of the 'winbind default domain'
code - which works much better when smbd always goes via the standard unix
interfaces.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
info3. These are RIDs, and it only makes sense to combine them with the domain
SID returned with them. This is important for trusted domains, where that sid
might be other than the one we currently reterive from the secrets.tdb.
Also remove the become_root()/unbecome_root() wrapper from around both
remaining TDB users: Both are now initialised at smbd startup.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
| |
lp_load().
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous code attempted to call winbind to find out the domain sid. This
couldn't work for a number of reasons - not the least of which was that both
the client and server ends would reject any name (in this case domain name)
without a \ in it (or lp_winbind_seperator()).
I think this is what was intended to occour. If there is still some need to
contact winbind for this information, I suggest a new call be created for this
- as it the server-side code doesn't allow for this information to be extracted
easily in any case.
Finally, it gets in the way of the default domain code a bit - hence why I was
actually looking at it...
Andrew Bartlett
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
| |
calls from rpc_parse/parse_net.c - instead these values are passed as a
paramater.
Unfortunetly some there is still some samr work to be done before this is
actually useful.
Andrew Bartlett
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
there are still some work to do on it but it's already functionnal.
J.F.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changed the way the wins record are handled in memory. Now they are living
much longer with the different states: active, released and tombstone.
Also added a version ID, some wins flags and the wins owner ip address to
the namrec->data struct, and a function to process messages sent by the
wins replication daemon.
the initiate_wins_processing() function is not correct, I'll fix it later.
J.F.
|
| |
|
|
|
|
|
|
|
|
|
| |
This matches the lookup failure case in 2.2, and seems to make more sense than
giving the printer to 'world'. (Avoiding this lookup makes some of my other
changes - including winbind default domains - a little easier).
In any case, tpot has promised to look at this and test it when he gets back to
work. :-)
Andrew Bartlett
|
| |
|
|
| |
a username on the commandline. Also don't continue past the kinit if a password is entered and fails because existing tickets would be used, which may not be desired if the username was specified.
|
| |
|
|
|
| |
case.
Jeremy.
|
| |
|
|
|
| |
Benjamin (Bj) Kuit bj@it.uts.edu.au.
Jeremy.
|
| |
|
|
| |
J.F.
|
| |
|
|
| |
J.F.
|
| |
|
|
| |
J.F.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Modules now name themselves, which should allow for sane behaviour when we get
an 'extern' passdb module (which in turn loads a .so).
Fix up tdbsam for non-unix-accounts. Not sure if this fixes idra's bug, but
its a start...
Andrew Bartlett
|
| | |
|
| |
|
|
| |
Andrew Bartlett
|
| | |
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
| |
the "password server" smb.conf parameter when choosing a DC to connect to.
Due to the origin of the code in cm_get_dc_name() it wouldn't try
additional DCs if the first DC didn't work. This would wedge winbindd if you
had "password server = foo1, foo2" and foo1 was down.
|
| |
|
|
|
| |
Added TODO about perhaps doing a SAMLOGON udp/138 request before a
cli_full_connection in connect_to_domain_password_server()
|
