1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

11993 Commits

Author SHA1 Message Date
Tim Potter
62c48a7dbb Fix shadow parameter warning.
(This used to be commit 8d8d85ecd6)
2003-07-10 08:27:55 +00:00
Richard Sharpe
a7ef6aac3a Fix a small spelling mistake and push out the new version of aclocal.m4 to
properly handle iconv on FreeBSD ...

It works on Linux and FreeBSD ...
(This used to be commit 9302401f54)
2003-07-09 23:01:08 +00:00
Jelmer Vernooij
46d115148c Move find_missing_doc.pl to the docs system
(This used to be commit 087e9af450)
2003-07-09 18:51:18 +00:00
Jelmer Vernooij
dd663f3f6f Update for docbook XML
(This used to be commit a61804b5eb)
2003-07-09 18:31:03 +00:00
Gerald Carter
16ff7b26f6 Large set of changes to add UNIX account/group management
to winbindd.  See README.idmap-and-winbind-changes for details.
(This used to be commit 1111bc7b0c)
2003-07-09 16:44:47 +00:00
Gerald Carter
816724fb39 more compile fixes for become/unbecome_root()
(This used to be commit f005f1cf12)
2003-07-09 03:32:07 +00:00
Gerald Carter
a0d4664335 fix linking issues in winbindd with become/unbecome_root() in passdb.c
(This used to be commit 389fe1e51a)
2003-07-09 03:25:39 +00:00
Jeremy Allison
4072006fec Get rid of DISP_USER_INFO/DISP_GROUP_INFO as they serve no useful
purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries.
ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX
functions fail. Getting ready to add caching.
Jeremy.
(This used to be commit 9d0692a54f)
2003-07-09 00:23:42 +00:00
Jeremy Allison
2f0c3cd817 Fix up become_root/unbecome_root pairs needed around local passdb
lookups.
Jeremy.
(This used to be commit 6bd4788403)
2003-07-09 00:20:43 +00:00
Jeremy Allison
4f0b771af0 Ensure we correctly test for errors in uid/gid_to sid.
Jeremy.
(This used to be commit f3c2e73a8c)
2003-07-09 00:01:40 +00:00
Jeremy Allison
e4bfa0a460 Moved SAM_ACCOUNT marshall/unmarshall functions to make them externally
available. Removed extra auth_init (thanks metze).
Jeremy.
(This used to be commit 88135fbc49)
2003-07-08 21:58:29 +00:00
Gerald Carter
f637448150 standlone servers don't have any trusted domains
(This used to be commit 4acdfc5c94)
2003-07-08 17:19:37 +00:00
Gerald Carter
499b3e3315 fix bone head mistake when setting the uid in the server_info struct.
(This used to be commit 43f21078ec)
2003-07-08 17:04:11 +00:00
Tim Potter
0d0f89461e Initialise the uid and gid values to a safe default in make_server_info()
(This used to be commit 3a1f4f5ea5)
2003-07-08 05:37:13 +00:00
Gerald Carter
3912ca09ea fix some formatting
(This used to be commit fca08b1c87)
2003-07-08 03:16:28 +00:00
Gerald Carter
0c3d46f17f fix temporary bug so people can test 3.0 again; make sure to initialize the uid for the server_info struct
(This used to be commit 6a84297da5)
2003-07-08 02:19:16 +00:00
Tim Potter
e25785fbdc Spelling.
(This used to be commit a9a3339b2d)
2003-07-08 01:04:06 +00:00
Jeremy Allison
e5aa73dab1 Fix spotted by Nadav Danieli <nadavd@exanet.com> - ensure dev and inode
to fix open mode race condition.
Jeremy.
(This used to be commit cbde1c8dfc)
2003-07-07 22:29:40 +00:00
Jeremy Allison
755486e011 Fix the build...
Jeremy.
(This used to be commit 61e9c49cd6)
2003-07-07 21:00:33 +00:00
Jeremy Allison
45ac30db09 Fix from MORIYAMA Masayuki <msyk@mtg.biglobe.ne.jp> for new MB statcache
code. Bug #185.
Jeremy.
(This used to be commit 7a1ac7be42)
2003-07-07 20:22:35 +00:00
Gerald Carter
fbc5f7e207 another compile fix
(This used to be commit 8b52802e5d)
2003-07-07 20:13:59 +00:00
Gerald Carter
b9d503defa fix some compile problems. Can't get IDMAP_OBJ our of proto.h
just yet.

`
(This used to be commit 6f0b5d474a)
2003-07-07 20:11:53 +00:00
Gerald Carter
5895dfb89b Cleaning up linking issues. sam/idmap*.c only links in
winbindd now.  Also removing an unused file.
(This used to be commit 688369c23c)
2003-07-07 20:00:29 +00:00
Jeremy Allison
436555aaa7 Fixed a couple of const issues with the new code.
Jeremy.
(This used to be commit e9fb6e4508)
2003-07-07 17:04:48 +00:00
Gerald Carter
5365869b68 temporarily disable a sanity check to prevent winbindd from deadlocking
on a Samba PDC.  Will be re-enabled after winbind_passdb is done.
(This used to be commit c4762aa3bc)
2003-07-07 05:28:51 +00:00
Gerald Carter
0b18acb841 and so it begins....
* remove idmap_XX_to_XX calls from smbd.  Move back to the
  the winbind_XXX and local_XXX calls used in 2.2

* all uid/gid allocation must involve winbindd now

* move flags field around in winbindd_request struct

* add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id()
  to prevent automatic allocation for unknown SIDs

* add 'winbind trusted domains only' parameter to force a domain member
  server to use matching users names from /etc/passwd for its domain
  (needed for domain member of a Samba domain)

* rename 'idmap only' to 'enable rid algorithm' for better clarity
  (defaults to "yes")

code has been tested on

  * domain member of native mode 2k domain
  * ads domain member of native mode 2k domain
  * domain member of NT4 domain
  * domain member of Samba domain
  * Samba PDC running winbindd with trusts

Logons tested using 2k clients and smbclient as domain users
and trusted users. Tested both 'winbind trusted domains only = [yes|no]'

This will be a long week of changes.  The next item on the list is
winbindd_passdb.c & machine trust accounts not in /etc/passwd (done
via winbindd_passdb)
(This used to be commit 8266dffab4)
2003-07-07 05:11:10 +00:00
Tim Potter
b5cd4a8643 Call the synchronous version of the ldap delete function otherwise we end up
treating the returned message id as an error code.
(This used to be commit 42fdcef324)
2003-07-07 02:50:09 +00:00
Andrew Bartlett
cd2c5e1f63 Fix ldapsam_getsampwsid to correctly only say 'no such user' when indeed there
is no such user...

Thanks to jerry for spotting this.

Also clean up the function a bit, to avoid this happening again...

Andrew Bartlett
(This used to be commit d9a6859e2b)
2003-07-06 06:18:54 +00:00
Andrew Bartlett
b475d0b889 This changes our Unix primary GID behaviour back to what most people expect:
Samba will now use the user's UNIX primary group, as the primary group when
dealing with the filesystem.  The NT primary group is ignored in unix.

For the NT_TOKEN, the primary group is the NT priamry group, and the unix
primary group is added to the NT_TOKEN as a supplementary group.

This should fix bug #109, but will need to be revisited when we get a full
NT group database.

Also in this commit:
 - Fix debug statements in service.c
 - Make idmap_ldap show if it's adding, or modifying an existing DN
 - Make idmap_ldap show both the error message and error string
(This used to be commit 32e455a714)
2003-07-06 05:51:20 +00:00
Andrew Bartlett
fcf115a939 This parameter is unused.
Andrew Bartlett
(This used to be commit 3dd7678416)
2003-07-05 13:51:54 +00:00
Andrew Bartlett
14ec078615 Fix comment
(This used to be commit f7bf48114c)
2003-07-05 11:04:09 +00:00
Andrew Bartlett
85921dbd6f Add some debug statments to our vampire code - try to make it easier to track
down failures.

Add a 'auto-add on modify' feature to guestsam

Fix some segfault bugs on no-op idmap modifications, and on new idmappings that
do not have a DN to tack onto.

Make the 'private data' a bit more robust.

Andrew Bartlett
(This used to be commit 6c48309cda)
2003-07-05 10:39:41 +00:00
Andrew Bartlett
a3ddfa5069 Fixes to our LDAP/vampire codepaths:
- Try better to add the appropriate mapping between UID and SIDs, based
   on Get_Pwnam()
 - Look for previous users (lookup by SID) and correctly modify the existing
   entry in that case
 - Map the root user to the Admin SID as a 'well known user'
 - Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update'
   call on that user.  This means that VL's very nice work on atomic LDAP
   updates now really gets used properly!
 - This also means that we know the right DN to update, without the extra
   round-trips to the server.

Andrew Bartlett
(This used to be commit c7118cb31d)
2003-07-05 09:46:12 +00:00
Andrew Bartlett
d809ad1d19 PAM should operate on the Unix username, not the NT username (which might not
have the domain\ qualification).

Andrew Bartlett
(This used to be commit 7cfa1e7c4a)
2003-07-05 08:05:06 +00:00
Andrew Bartlett
94a6091893 Allow modification of an existing entry.
We still have a lot of work to do to allow this in quite the same way as we
have in the TDB, but it certainly is getting closer.

Andrew Bartlett
(This used to be commit b9ef4e1388)
2003-07-05 05:19:28 +00:00
Jelmer Vernooij
2e31bdaeb1 Add smb_event_id to list of return types (patch from metze)
(This used to be commit 95c4c801fe)
2003-07-04 21:24:31 +00:00
Jeremy Allison
ce0709666c More conversions I missed. Thanks metze.
Jeremy.
(This used to be commit 4f78d747e6)
2003-07-04 18:52:31 +00:00
Jeremy Allison
9bcbaeee32 Fixed strlower changes I missed. Pointed out by metze.
Jeremy
(This used to be commit da5ee2b765)
2003-07-04 18:50:21 +00:00
Andrew Bartlett
f8b3306913 Don't allow RIDs (in our domain) below 1000 (or algorithmic rid base) to be
mapped with the rid algorithm.

Instead, a uid/gid from the UID/GID range will be allocated for this RID.

Andrew Bartlett
(This used to be commit 68245e9cfa)
2003-07-04 14:03:29 +00:00
Andrew Bartlett
4168d61fb2 This patch cleans up some of our ldap code, for better behaviour:
We now always read the Domain SID out of LDAP.  If the local secrets.tdb
is ever different to LDAP, it is overwritten out of LDAP.   We also
store the 'algorithmic rid base' into LDAP, and assert if it changes.
(This ensures cross-host synchronisation, and allows for possible
integration with idmap).  If we fail to read/add the domain entry, we just
fallback to the old behaviour.

We always use an existing DN when adding IDMAP entries to LDAP, unless
no suitable entry is available.  This means that a user's posixAccount
will have a SID added to it, or a user's sambaSamAccount will have a UID
added.  Where we cannot us an existing DN, we use
'sambaSid=S-x-y-z,....' as the DN.

The code now allows modifications to the ID mapping in many cases.

Likewise, we now check more carefully when adding new user entires to LDAP,
to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount
onto the idmap entry for that user, if it is already established (ensuring
we do not duplicate sambaSid entries in the directory).

The allocated UID code has been expanded to take into account the space
between '1000 - algorithmic rid base'.  This much better fits into what
an NT4 does - allocating in the bottom part of the RID range.

On the code cleanup side of things, we now share as much code as
possible between idmap_ldap and pdb_ldap.

We also no longer use the race-prone 'enumerate all users' method for
finding the next RID to allocate.  Instead, we just start at the bottom
of the range, and increment again if the user already exists.  The first
time this is run, it may well take a long time, but next time will just
be able to use the next Rid.

Thanks to metze and AB for double-checking parts of this.

Andrew Bartlett
(This used to be commit 9c595c8c23)
2003-07-04 13:29:42 +00:00
Alexander Bokovoy
cd6687673a Fix memleak in groupdb. Spotted by Metze
(This used to be commit 5280c69531)
2003-07-04 09:56:50 +00:00
Tim Potter
2ceea00187 Display libraries detected by configure but before configure
summary as suggested by abartlet.
(This used to be commit 7b2c6181b1)
2003-07-04 03:03:47 +00:00
Jeremy Allison
ce72beb2b5 Removed strupper/strlower macros that automatically map to strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a0)
2003-07-03 19:11:31 +00:00
Gerald Carter
6b31240391 Fix for bug #199 (xp driver uploads). Needed to support
the "OSVersion" print server data value.
(This used to be commit 02bc7be1ac)
2003-07-03 17:18:07 +00:00
Gerald Carter
62370b093a fix for bug #200. flush connections if the machine trsut account
changed underneath us.
(This used to be commit 6a1ad1ded1)
2003-07-03 16:23:11 +00:00
Andrew Bartlett
6dc3885999 Missed this in the previous patch - we now have a seperate idea of the
'unix username' from the NT username, in the auth subsystem at least.

Andrew Bartlett
(This used to be commit df1aa2a669)
2003-07-03 14:56:04 +00:00
Andrew Bartlett
61116049ca This patch takes the work the jerry did for beta2, and generalises it:
- The 'not implmented' checks are now done by all auth modules
 - the ntdomain/trustdomain/winbind modules are more presise as to
   what domain names they can and cannot handle
 - The become_root() calls are now around the winbind pipe opening only,
   not the entire auth call
 - The unix username is kept seperate from the NT username, removing the
   need for 'clean off the domain\' in parse_net.c
 - All sid->uid translations are now validated with getpwuid() to put a very
   basic stop to logins with 'half deleted' accounts.

Andrew Bartlett
(This used to be commit 85f88191b9)
2003-07-03 14:36:42 +00:00
Tim Potter
ecb86e5e88 Some fixes for ads printer publish:
- check error return for cli_full_connection() when trying to obtain
    printer data

  - check error return on ads_find_machine_acct()

  - Minor reformatting to separate fetching printer data from publishing it
(This used to be commit 94fe3b2cdf)
2003-07-03 05:58:55 +00:00
Tim Potter
baf439cd55 Implemented 'net ads printer search' which searches the directory for
published printers.

At the moment we don't search using any parameters but this can be
fixed by changing the LDAP search string.  Also we should contact
the global catalog at SRV _gc._tcp instead of the ldap server we
get back from ads_startup().
(This used to be commit 814519c5de)
2003-07-03 05:08:51 +00:00
Gerald Carter
d304a61cc7 fix bug #190; WINS server was getting marked as dead when it was not.
(This used to be commit fa354f3cee)
2003-07-03 04:54:49 +00:00