1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00

39 Commits

Author SHA1 Message Date
Jeremy Allison
0fc1a46150 Fix for uidtoname not returning DOMAIN\name but just name. This caused
printer_access_check to break in a domain environment.
Jeremy.
-
Tim Potter
7b8c03de1f Fixed merging mess. -
Jeremy Allison
5b0038a2af Fix to allow smbd to call winbindd if it is running for all group enumeration,
falling back to the UNIX calls on error. This should fix all problems with
smbd enumerating all users in all groups in all trusted domains via winbindd.
Also changed GETDC to query 1C name rather than 1b name as only the PDC
registers 1b.
Jeremy.
-
Jeremy Allison
c7c90c8337 Use sys_setgroups - systems with broken getgroups need this.
Jeremy.
-
Christopher R. Hertel
56be7c2a49 Converted to call lib/wins_srv.c:wins_srv_ip() instead of lp_wins_server()
when looking up the WINS server address.

Please *don't* use lp_wins_server() any more!

The wins_srv_ip() function has the following features:

- If the WINS server was entered as a DNS name then the translation to an
  IP address will already have taken place.  We used to do this every time
  a call to the WINS server was made.  Ick.

- The return value of wins_srv_ip() is a struct in_addr.  Ready to go.

- When WINS failover is fully implemented, you'll be able to enter a colon-
  separated list of WINS servers via the WINS SERVER parameter.  Using
  lp_wins_server() directly will fail if this syntax is used.

Chris -)-----
-
Tim Potter
5f3cf2eb78 Renamed WINBINDD_INITGROUPS constant to WINBINDD_GETGROUPS. -
Tim Potter
e87b2d3d1f Modified initgroups to provide a get groups a user is a member of
functionality.  This is much faster than inverting the group database.

Added client side command for this to wbinfo.
-
Jeremy Allison
6696bf203c Added debug so we can see how winbindd converts SIDS.
Jeremy.
-
John Terpstra
3fb2e94c44 Fixes to allow wins.c to compile to allow building of libnss_wins.so. -
Tim Potter
178e697100 Spelling flames. (-: -
Tim Potter
ec7f7e350d Fixed compiler warnings. -
Jeremy Allison
d131ad1ce3 Adding Herb's compile warning fixes to HEAD.
Jeremy.
-
Andrew Tridgell
2a34ee95f3 the first cut of the internal messaging system.
The motivation for this system is to replace the UDP message for
oplocks, but this commit only does the "set debug level" message.
-
Jeremy Allison
8317d70a35 Fix from John Reilly @ HP for my typo with the parameters being reversed. Ooops.
Jeremy.
-
Tim Potter
156e17dea4 Updated file with version in TNG. -
Jeremy Allison
81c5380f91 Added code to do SID to uid/gid conversion. Needed for ACL support.
Jeremy.
-
Jeremy Allison
5e5cc6efe2 Started to canonicalize our handling of uid -> sid code in order to
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.

All Samba should use these rather than trying to call winbindd code
directly.

Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.

se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.

More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.

More thoughts needed - but we're almost there...

Jeremy.
-
Christopher R. Hertel
73aa188320 Instead of handing back a string (which might be a DNS name or an IP
string), the wins_srv module now hands back a struct in_addr when it's
called.  It caches the IP address once it has been looked up.  The IP
is cleared (and must be looked up again) if the 'wins server' parameter
is reread, or if the node is marked 'dead'.  A dead node will not be
re-tried for 10 minutes (per a #define in wins_srv.c).

As it was, the code was reading the WINS server name or IP directly from
lp_wins_server.  That's okay, except that if the value was expressed as
a name, then a DNS lookup would be done every time the client wanted to
talk to the server.

I still need to work out the implications of failover regarding the
'unicast subnet' list.

Chris -)-----
-
Christopher R. Hertel
cc08bdc74f First cut toward adding WINS server failover.
*Note: failover doesn't actually work yet!*  It's just that the code I'm
adding provides all of the pieces necessary.

I do have one big question.  Something that I'll have to ask Jeremy, I'm
thinkin'.  In nmbd/nmbd_subnetdb.c the IP of the WINS server is used to
set up the Unicast subnet.

...so what happens if the WINS server changes?

My guess is either:
  a) nothing.
  b) I'd have to change the unicast subnet entry whenever the WINS server
     changes.

Urq.

BTW, the lp_wins_server() function no longer returns the WINS server name
or IP.  It returns the list of WINS servers entered in smb.conf.  To get
the currently 'live' WINS server, use the wins_srv() function.

Fun, eh?

Chris -)-----
-
Tim Potter
587c8e58fd Renamed a parameter in init_request() function.
Initialise response structure correctly.
-
Jeremy Allison
d85deb9e4e Add local fallback for name lookup if no winbindd running...
Jeremy.
-
Tim Potter
f866c18f6b Moved winbind client functions from various odd locations to
nsswitch/wb_client.c

Merge of nsswitch/common.c rename to nsswitch/wb_common.c from TNG.
-
Tim Potter
659e4d88ff Merge of wbinfo program from TNG. -
Tim Potter
d904195855 Renamed generic_request() to winbindd_request() -
Tim Potter
b46fc0ed04 Merge from TNG. -
Jeremy Allison
711f15ac23 Fixes for IRIX kernel oplocks and systems that don't have nss.h
Jeremy.
-
Tim Potter
e5cb97dda8 Merge from TNG. -
Andrew Tridgell
e49550b975 moved secrets handling into secrets.c -
Tim Potter
a423c7c5f2 While we're all making incompatible tdb changes, I changed the implementation
of tdb_{store,get}_int() to store the length of the string key + 1 so the
stored key contains the trailing NULL character.  This allows normal
string library routines to manipulate keys.

Also renamed tdb_get_int() to tdb_fetch_int() to keep the set of verbs
consistent.
-
Andrew Tridgell
0189af5442 use "winbind separator" in tng as well -
Andrew Tridgell
ada483cb56 - changed smb_getpwnam() to use winbind style usernames
- finished ntdom -> winbind rename in head
-
Andrew Tridgell
80f85b5359 in head as well ...
renamed ntdom to winbind
I think that using winbind in /etc/nsswitch.conf is better than ntdom
-
Andrew Tridgell
5a617c013c treat a blank "password server =" line as a "*" if in domain security -
Andrew Tridgell
92109d7b3c more merging voodoo
this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic -
this isn't permanent, it should go after another few merge steps have
been done
-
Andrew Tridgell
d178c00aae more merging
it is now at the stage that winbindd can compile in the head branch,
but not link
-
Andrew Tridgell
3cac3ccf04 fixed some winbind cache bugs -
Andrew Tridgell
3fb862531a brought the winbindd code into head
this does not yet compile, but I'm working on that.
-
Andrew Tridgell
c78deb1d22 remove scope parameter here too -
Andrew Tridgell
4058eb5bff added basic nsswitch support - this allows you to use a "wins" entry
in a /etc/nsswitch.conf hosts line.

Only tested on RH6.1, but should work on a broad range of Linux
distributions. It could probably be made to work with Solaris pretty
easily.

It does not build by default. Build it with "make nsswitch"
-