IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
abartlet, I'd like to ask you to take a severe look at this!
We have solved the problem to find the global groups a user is in twice: Once
in auth_util.c and another time for the corresponding samr call. The attached
patch unifies these and sends them through the passdb backend (new function
pdb_enum_group_memberships). Thus it gives pdb_ldap.c the chance to further
optimize the corresponding call if the samba and posix accounts are unified by
issuing a specialized ldap query.
The parameter to activate this ldapsam behaviour is
ldapsam:trusted = yes
Volker
(This used to be commit b94838aff1a009f8d8c2c3efd48756a5b8f3f989)
Limit share names returned by RAP based on windows character width, not unix
character width.
(This used to be commit 5d57058d912a42d55879352e904f0bcaa6531075)
the as_root parameter has bugger all to do with who you *currently*
are, and everything to do with who you run the script as. Doh !
Jeremy.
(This used to be commit 17a241d9f788b63fec091001cb72d34c09cf32a4)
(also fixed the call to return the real groups and not a mocked
up list)
Fixed simple compiler warning in srv_lsa_ds.c
(This used to be commit 6b0e38e01a44d87b844d973318accc456abef857)
to allow UNIX password change scripts to work correctly. This is safe as
the old password has been checked as correct before invoking this.
Jeremy.
(This used to be commit 1734d43eb55561d46a6ffb5d806afedfd3746f9f)
The code was nice, but put in the wrong place (group mapping) and not
supported by most of the code, thus useless.
We will put back most of the code when our infrastructure will be changed
so that privileges actually really make sense to be set.
This is a first patch of a set to enhance all our mapping code cleaness and
stability towards a sane next beta for 3.0 code base
Simo.
(This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
cache the printer_info_2 with the open printer handle.
cache is invalidated on a mod_a_printer() call **on that smbd**.
Yes, this means that the window for admins to step on each other
from different clients just got larger, but since handles a generally
short lived this is probably ok.
(This used to be commit 31272d3b6bb9ec62fd666301c7adfa0c1720a99b)
- fstring/pstring mixups
- the detection code that found them (disabled)
- a bit of whitespace
- a static
Andrew Bartlett
(This used to be commit 9b70fa868e7d9481f584c83fc4046174e1dedfd9)
- const for PACKS() in lanman.c
- change auth to 'account before password'
- add help to net rpc {vampire,samsync}
- configure updates for sun workshop cc
- become_root() around pdb_ calls in auth_util for guest login.
Andrew Bartlett
(This used to be commit 43e90eb6e331d478013a9c038292f245edc51bd0)
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
The work here includes:
- metze' set/changed patch, which avoids making changes to ldap on unmodified
attributes.
- volker's group mapping in passdb patch
- volker's samsync stuff
- volkers SAMR changes.
- mezte's connection caching patch
- my recent changes (fix magic root check, ldap ssl)
Andrew Bartlett
(This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)
- off-by-one fix - fixes warnings about insufficent space in buffer.
- fix a memleak in uid.c - we forgot to free() the allocated struct.
(This used to be commit b8951a6551b352e4aac7e8b0ecf7fec3f2d9634e)
* postscript
* printer driver
* printer driver location
* printer driver file
also removed the get_a_printer_driver_9x_compatible() function
(This used to be commit 743f2b8025effe57d8f075ff14a9357123c507a8)
in the reverse).
* add in new printer change notify code from SAMBA_2_2
* add in se_map_standard() from 2.2 in _spoolss_open_printer_ex()
* sync up the _print_queue_struct in smb.h (why did someone change the
user/file names in fs_user/fs_file (or vice-versa) ? )
* sync up some cli_spoolss_XXX functions
(This used to be commit 5760315c1de4033fdc22684c940f18010010924f)
been seing since the unicode conversion. It looks like a simple oversight in
the move away from StrnCpy (which takes amount of space -1 as an arg) to
push_ascii etc which take the absolute amount of space.
Andrew Bartlett
(This used to be commit 4447c6bd4d9c273ef5bf4eb23726923ee58bf38d)
(the passdb backend is case-insensitive, so there isn't any point to this).
Andrew Bartlett
(This used to be commit 5e868b403340d84d68c1831a09bf1a4dd710da90)
committed in auth/auth_compat.c and use the new version to make the plaintext
password change slightly sane... (Needs testing).
Andrew Bartlett
(This used to be commit 996d0cd89cf9da5e9749f136f013cc4a8b977ee0)
In particular this commit focuses on:
Changing the Get_Pwnam code so that it can work in a const-enforced
environment.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes allow for 'const' in the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
(This used to be commit e7634f81c5116ff4addfb7e495f54b6bb78e8f77)
The big one is a global change to allow us to NULLify the free'ed pointer to a
former passdb object. This was done to allow idra's SAFE_FREE() macro to do
its magic, and to satisfy the input test in pdb_init_sam() for a NULL pointer
to start with.
This NULL pointer test was what was breaking the adding of accounts up until
now, and this code has been reworked to avoid duplicating work - I hope this
will avoid a similar mess-up in future.
Finally, I fixed a few nasty bugs where the pdb_ fuctions's return codes were
being ignored. Some of these functions malloc() and are permitted to fail.
Also, this caught a nasty bug where pdb_set_lanman_password(sam, NULL) acheived
precisely didilly-squat, just returning False. Now that we check the returns
this bug was spotted. This could allow different LM and NT passwords.
- the pdbedit code needs to start checking these too, but I havn't had a
chance to fix it.
I have also fixed up where some of the password changing code was using the
pdb_set functions to store *internal* data. I assume this is from a previous
lot of mass conversion work...
Most likally (and going on past experience) I have missed somthing, probably in
the LanMan password change code which I havn't yet been able to test, but this
lot is in much better shape than it was before.
If all this is too much to swallow (particularly for 2.2.2) then just adding a
sam_pass = NULL to the particular line of passdb.c should do the trick for the
ovbious bug.
Andrew Bartlett
(This used to be commit 762c8758a7869809d89b4da9c2a5249678942930)
This whole area needs to be cleaned up. Should this kind of passowrd
change/check be permitted with encrypt passwords = yes?
In any case I've also had trouble testing this, as I can't find the right
software/configuration to exersise this behaviour. But its better than the
previous situation. Any assistance greatly appriciated.
Andrew Bartlett
(This used to be commit 37655b42897031f754d436435e64a2548de756b5)
