1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-07 17:18:11 +03:00
Commit Graph

12108 Commits

Author SHA1 Message Date
Jeremy Allison
5b4a2dfd2b Formatting tidyups to match the rest of the source.
Jeremy.
(This used to be commit 86c5ebcf8f)
2003-07-17 18:55:40 +00:00
Volker Lendecke
9ec9df5fe4 Disconnect an idle LDAP connection after 150 seconds.
Not strictly a bugfix, but it should considerably reduce the load we
put on LDAP servers given that at least nss_ldap on Linux keeps a
connection open.

And it should also stress our reconnect-code a bit more ;-)

Thanks to metze for this!

Volker
(This used to be commit e68d8eabeb)
2003-07-17 11:24:54 +00:00
Volker Lendecke
0fe05982cd Ban getgrouplist on linux glibc systems with glibc <= 2.3.
This segfaults when you have to many group membership entries
in /etc/group.

Fixed in glibc CVS end of April 2003.

Volker
(This used to be commit 61bfdf0b12)
2003-07-17 10:03:37 +00:00
Tim Potter
7f7b754483 Fix for bug 222 from Marcin Owsiany.
Don't get stuck in an infinite loop listing directories recursively
if the server returns an empty directory name.  This can happen with
incorrect i18n configuration on a Samba server.
(This used to be commit f93a2831f1)
2003-07-17 04:17:58 +00:00
Tim Potter
bcd659f26a Don't use pstrcpy on non-pstrings.
(This used to be commit 3498624d94)
2003-07-17 03:53:43 +00:00
Andrew Bartlett
4c53bb6b90 In the presense of RPC fragments, schannel is not strictly request/reply,
so the shared sequence number will not be strictly odd/even.

Andrew Bartlett
(This used to be commit 77c3e69aef)
2003-07-17 01:34:05 +00:00
Jeremy Allison
583fc85078 Correctly toggle the signing state to what it was previosly when sending
an oplock break.
Jeremy.
(This used to be commit 9515de83a8)
2003-07-17 00:58:14 +00:00
Jeremy Allison
9ad4fbcf75 Don't allow read/write raw when signing is active.
Jeremy.
(This used to be commit 8d2a848052)
2003-07-17 00:53:37 +00:00
Jeremy Allison
f1b6cd794d Putting the framework for server signing in place. Ensure we don't use
sendfile when signing (I need to add this for readbraw/writebraw too...).
Jeremy.
(This used to be commit f2e84f1ba6)
2003-07-17 00:48:21 +00:00
Jeremy Allison
6ab5e14494 Refactor signing code to remove most dependencies on 'struct cli'.
Ensure a server can't do a downgrade attack if client signing is mandatory.
Add a lp_server_signing() function and a 'server signing' parameter that
will act as the client one does.
Jeremy
(This used to be commit 203e4bf0bf)
2003-07-16 22:57:56 +00:00
Jeremy Allison
4fbbaff415 Add API framework for server SMB signing.
Jeremy.
(This used to be commit 61fc9a7b2e)
2003-07-16 21:06:21 +00:00
Jeremy Allison
8c38bb75b7 Add krb5_princ_component to Heimdal. Remove cli_ from mark packet signed.
Jeremy.
(This used to be commit dd46f8b22d)
2003-07-16 19:17:33 +00:00
Jeremy Allison
1eff052300 Reformatting fixes to bring in line with the rest of the source.
Jeremy.
(This used to be commit 3c11d93623)
2003-07-16 18:06:27 +00:00
Gerald Carter
4c8863ab08 adding command for moving a record from one tdb to another
(This used to be commit d0d85dd49c)
2003-07-16 16:51:51 +00:00
Gerald Carter
2da3330555 make tdbtool deal with NULL and non-NULL terminated keys
(This used to be commit 5df7b9a3ef)
2003-07-16 16:26:40 +00:00
Volker Lendecke
658099b695 Fix memleak
(This used to be commit 42a59d6910)
2003-07-16 13:57:53 +00:00
Volker Lendecke
36d1df4413 typo
(This used to be commit 09e00970d4)
2003-07-16 13:35:23 +00:00
Tim Potter
aed434ea9b Spelling.
(This used to be commit 2750418752)
2003-07-16 05:51:10 +00:00
Gerald Carter
6810e37aee removing outdated scripts
(This used to be commit b47b6f5825)
2003-07-16 04:53:57 +00:00
Andrew Bartlett
8a4577cc22 Fix up our auth_pipe code to always cope with fragmented datagrams,
in both SCHANNEL and NTLMSSP.

(Try not to deal with a general case as individual special cases...)

Andrew Bartlett
(This used to be commit 6ca77bd28f)
2003-07-16 03:22:43 +00:00
Gerald Carter
2ff85e2f0a fix typo in debug log
(This used to be commit 074da42670)
2003-07-16 02:51:28 +00:00
Gerald Carter
a84270ce11 fixes for 'net rpc vampire'. I can now take a blank Samba host
and migrate an NT4 domain and still logon from domain members
(tested logon scripts, system policies, profiles, & home directories)
(passdb backend = tdbsam)

removed call to idmap_init_wellknown_sids() from winbindd.c
since the local domain should be handled by the guest passdb backend
(and you don't really always want the Administrator account to be root)
...and we didn't pay attention to this anyways now.
(This used to be commit 837d7c54d3)
2003-07-16 02:20:53 +00:00
Gerald Carter
6b814c9908 Volker's patch for open_socket_out() to speed up connections
(This used to be commit 7d63b69000)
2003-07-16 02:17:55 +00:00
Tim Potter
bd9a42fa8d Fix from Dragan Krnic for handling files in tar archives > 8GB.
Fixes bug 102.
(This used to be commit b54183a7b2)
2003-07-16 00:13:40 +00:00
Jeremy Allison
c44a9d25a2 Added the "required" keyword to the "client signing" parameter to force it
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing
to add signing on server side.
Jeremy.
(This used to be commit c390b3e4cd)
2003-07-15 23:05:57 +00:00
Jeremy Allison
39de3249b0 Add a cli_ prefix to a few functions to ensure everything that takes a struct cli_state
is so marked.
Jeremy
(This used to be commit 0b8724ed65)
2003-07-15 22:26:47 +00:00
Gerald Carter
b8ddc6238b fix schannel processing on fragmented PDUs. 'net rpc vampire' works again.
(This used to be commit ff0c71148e)
2003-07-15 21:33:28 +00:00
Volker Lendecke
c9d6c786a1 Fix memleak
(This used to be commit 517bb4d0df)
2003-07-15 17:27:39 +00:00
Volker Lendecke
e9e3421db9 We should report if a group mapping fails. This should fix bug#225.
Jerry, this is assigned to you. Do you want to answer it?

However, we have to decide what to do if a mapping is to be done for a
unix group not in LDAP....

Volker
(This used to be commit bf449d467c)
2003-07-15 17:23:36 +00:00
Alexander Bokovoy
8c4be2bbc9 Add support for MSG_SMB_CONF_UPDATED and MSG_SHUTDOWN to all daemons (smbd, nmbd, winbindd). Reviewed by jerry and tridge.
(This used to be commit 02c5e2fc6f)
2003-07-15 17:21:21 +00:00
Volker Lendecke
cf8628e585 Fix memleaks
(This used to be commit 26134ac302)
2003-07-15 17:00:11 +00:00
Volker Lendecke
032232bd66 Fix memleak
(This used to be commit 6770d69942)
2003-07-15 16:46:20 +00:00
Volker Lendecke
7a88267a6a Jim, could you please look at this? smbpasswd -a <username> was broken
for me without this patch. I'm not sure if I interpreted your patch to
this code right.

Thanks,

Volker
(This used to be commit 46ec022f87)
2003-07-15 16:07:50 +00:00
Alexander Bokovoy
98af0e01b3 Accept --with-expsam=no as valid option (do nothing on it). Simplifies automatic option generation for spec files
(This used to be commit 4042d965f2)
2003-07-15 13:00:20 +00:00
Alexander Bokovoy
5c327041d6 Add mandir to installdir target. Otherwise installman fails for clean DESTDIR
(This used to be commit bb31276c3d)
2003-07-15 09:50:44 +00:00
Gerald Carter
e8b4a1f8bc remove -B and default to dual-daemon mode (-Y to run as a single process)
(This used to be commit 369a914ebe)
2003-07-15 04:19:57 +00:00
Gerald Carter
8582358d54 make sure to fallback to rid algoruthm for users not in smbpasswd (e.g. force user = foo)
(This used to be commit 399799c68c)
2003-07-15 02:27:00 +00:00
Gerald Carter
eb2b683022 fix cache coherency bug in print handle print_info_2 cache.
Needs to be rewritten to use a reference counter, but this
will work for now.

also the memory allocation in the printing code needs to be cleaned
up to use talloc exclusively.
(This used to be commit 3d29302756)
2003-07-14 19:51:34 +00:00
Andrew Bartlett
0b0fa60900 Fix compile error noticed by Ken Cross, use the utility function instead
of an inline replacement...

Andrew Bartlett
(This used to be commit d941255a97)
2003-07-14 12:56:30 +00:00
Andrew Bartlett
236702e15c Fix SMB signing when using NTLMSSP...
It's so simple now I know how it works - and it has nothing to do with
NTLMSSP (it's just a slightly different use of the old algorithm). :-).

Note:  This is actually less secure then the non-NTLMSSP code, as there is
no per-session random data included for NTLM logins.  (NTLMv2 is better,
fortunetly).

Andrew Bartlett
(This used to be commit 95ec8317d4)
2003-07-14 10:38:23 +00:00
Andrew Bartlett
456f51bcbe Jeremy requested that I get my NTLMSSP patch into CVS. He didn't request
the schannel code, but I've included that anyway. :-)

This patch revives the client-side NTLMSSP support for RPC named pipes
in Samba, and cleans up the client and server schannel code.  The use of the
new code is enabled by the 'sign', 'seal' and 'schannel' commands in
rpcclient.

The aim was to prove that our separate NTLMSSP client library actually
implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation,
in the hope that knowing this will assist us in correctly implementing
NTLMSSP signing for SMB packets.  (Still not yet functional)

This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with
calls to libsmb/ntlmssp.c.  In the process, we have gained the ability to
use the more secure NT password, and the ability to sign-only, instead of
having to seal the pipe connection.  (Previously we were limited to sealing,
and could only use the LM-password derived key).

Our new client-side NTLMSSP code also needed alteration to cope with our
comparatively simple server-side implementation.  A future step is to replace
it with calls to the same NTLMSSP library.

Also included in this patch is the schannel 'sign only' patch I submitted to
the team earlier.  While not enabled (and not functional, at this stage) the
work in this patch makes the code paths *much* easier to follow.  I have also
included similar hooks in rpccleint to allow the use of schannel on *any* pipe.

rpcclient now defaults to not using schannel (or any other extra per-pipe
authenticiation) for any connection.  The 'schannel' command enables schannel
for all pipes until disabled.

This code is also much more secure than the previous code, as changes to our
cli_pipe routines ensure that the authentication footer cannot be removed
by an attacker, and more error states are correctly handled.

(The same needs to be done to our server)

Andrew Bartlett
(This used to be commit 5472ddc9ea)
2003-07-14 08:46:32 +00:00
Tim Potter
9e51951e6e Don't bomb out when trying to unmarshall a zero length printerdata value.
Fixes remote printer publishing of shared printers from a Samba server.
(This used to be commit 7f363fa32d)
2003-07-14 05:13:30 +00:00
Tim Potter
31e6ed17a3 Delete obsolete comment.
(This used to be commit 5416c51133)
2003-07-14 01:49:07 +00:00
Tim Potter
4b25a46624 Undo 'Fix compiler warning'. It didn't work because the value of inbuf changes so
we end up freeing a pointer we didn't mallocate.

Also, calling strdup() in a frequently called function just to clear up a
const compiler warning seems inelegant and inefficient.
(This used to be commit a0da5ae119)
2003-07-14 01:18:43 +00:00
Simo Sorce
5345a5d721 use the specific funtion we have to check if a SID belong to our domain
(This used to be commit a926959391)
2003-07-13 21:41:23 +00:00
Rafal Szczesniak
ce12b32c4a Fix compiler warning.
(This used to be commit 3a71b48730)
2003-07-13 16:25:55 +00:00
Volker Lendecke
9bcc3886d0 Argl. Thinking twice and looking at the rest of callers of sid_compare_domain
proved the last patch wrong.

Sorry.

Volker
(This used to be commit d8695eccc7)
2003-07-13 09:43:58 +00:00
Volker Lendecke
e9681cc658 We have an API to compare the domain parts of two SIDs, so use it.
Volker
(This used to be commit 39308ff138)
2003-07-13 09:38:55 +00:00
Jeremy Allison
9c15a65dc3 Fixed memory leaks, added krb5 replay cache. Now I need to add code to check
the incoming addresses....
Jeremy.
(This used to be commit 4e9359a1f6)
2003-07-12 00:27:22 +00:00
Gerald Carter
531caf6b5d patch for domain groups with no members (rpc only) from Ken Cross
(This used to be commit 05ec9c40f4)
2003-07-11 18:12:24 +00:00
Richard Sharpe
9b9f1697ee Fix a small typo in a comment and pretty it up a bit.
(This used to be commit 3b5ddd8e1f)
2003-07-11 17:50:59 +00:00
Gerald Carter
733f767b94 fix sid_to_[uid|gid] (spotted by Volker).
Still testing this, but I'm checking it in
so Volker can test it as well.  Should be right.
(This used to be commit 8edf193722)
2003-07-11 16:37:23 +00:00
Gerald Carter
24ce328662 fix unitialised variable
(This used to be commit 5efa0d7cc2)
2003-07-11 15:17:06 +00:00
Herb Lewis
5359b8dc97 use names from enumerated type to get rid of compiler warnings
(This used to be commit c9d6782e09)
2003-07-11 14:33:13 +00:00
Jim McDonough
e1725f0c04 Doesn't re-prompt for password when it is specified on the cmdline
(This used to be commit 6ebe87d318)
2003-07-11 14:33:03 +00:00
Herb Lewis
5cd3b7c71c get rid of CFLAGS from LDSHFLAGS and WINBIND_NSS_LDSHFLAGS and instead
define it in SHLD for those systems the use CC for SHLD.
(This used to be commit d0e2f3d109)
2003-07-11 14:20:12 +00:00
Gerald Carter
03d5867d52 moving more code around.
* move rid allocation into IDMAP.  See comments in _api_samr_create_user()
  * add winbind delete user/group functions

I'm checking this in to sync up with everyone.  But I'm going to split
the add a separate winbindd_allocate_rid() function for systems
that have an 'add user script' but need idmap to give them a RID.
Life would be so much simplier without 'enable rid algorithm'.
The current RID allocation is horrible due to this one fact.
Tested idmap_tdb but not idmap_ldap yet.  Will do that tomorrow.

Nothing has changed in the way a samba domain is represented, stored,
or search in the directory so things should be ok with previous installations.

going to bed now.
(This used to be commit 0463045cc7)
2003-07-11 05:33:40 +00:00
Tim Potter
5a02bb60e0 Fix for bug 203. Avoid using an autoconf expanded variable preceeded by a backslash
in case the variable is empty.  This apparently confuses some makes.
(This used to be commit 1e4043d54c)
2003-07-11 03:32:11 +00:00
Tim Potter
d1ea2f9957 Ignore *.po
(This used to be commit bc4af3bdb1)
2003-07-11 03:30:18 +00:00
Rafal Szczesniak
5af1d7cc9c Just a few formatting fixed caught while testing.
rafal
(This used to be commit 156554738c)
2003-07-10 23:22:09 +00:00
Gerald Carter
c674e411c7 i guess i'm the only one this ever annyoed...
fix the confusion when we tdb_lock_bystring() but
we retrieve an entry using tdb_fetch_by_string.
It's now always tdb.*bystring()
(This used to be commit 66359531b8)
2003-07-10 20:37:01 +00:00
Richard Sharpe
c56bf515ce Final piece of support needed to find iconv libraries on FreeBSD.
This has been tested on RedHat 9.0 with libiconv built in as well as
FreeBSD 4.6.2 with iconv-2.0.3 and biconv.g/libbiconv.

We should perhaps also check for other conversions that just ASCII<-->UCS-2LE
especially because those two names do not appear in charset.aliases for
iconv-2.0.3.
(This used to be commit 53d953da10)
2003-07-10 17:39:05 +00:00
Richard Sharpe
d2d1bd3d7c Fix a small problem I seem to have introduced into aclocal.m4
(This used to be commit b6bb70ea1e)
2003-07-10 15:23:09 +00:00
Volker Lendecke
7f3f878abb pdbedit should not call idmap anymore. Otherwise pdbedit -L would
allocate id's.

Volker
(This used to be commit 0358cc7675)
2003-07-10 14:21:43 +00:00
Volker Lendecke
0b07d432cc Add const
(This used to be commit 2f7658d9ba)
2003-07-10 14:12:37 +00:00
Tim Potter
62c48a7dbb Fix shadow parameter warning.
(This used to be commit 8d8d85ecd6)
2003-07-10 08:27:55 +00:00
Richard Sharpe
a7ef6aac3a Fix a small spelling mistake and push out the new version of aclocal.m4 to
properly handle iconv on FreeBSD ...

It works on Linux and FreeBSD ...
(This used to be commit 9302401f54)
2003-07-09 23:01:08 +00:00
Jelmer Vernooij
46d115148c Move find_missing_doc.pl to the docs system
(This used to be commit 087e9af450)
2003-07-09 18:51:18 +00:00
Jelmer Vernooij
dd663f3f6f Update for docbook XML
(This used to be commit a61804b5eb)
2003-07-09 18:31:03 +00:00
Gerald Carter
16ff7b26f6 Large set of changes to add UNIX account/group management
to winbindd.  See README.idmap-and-winbind-changes for details.
(This used to be commit 1111bc7b0c)
2003-07-09 16:44:47 +00:00
Gerald Carter
816724fb39 more compile fixes for become/unbecome_root()
(This used to be commit f005f1cf12)
2003-07-09 03:32:07 +00:00
Gerald Carter
a0d4664335 fix linking issues in winbindd with become/unbecome_root() in passdb.c
(This used to be commit 389fe1e51a)
2003-07-09 03:25:39 +00:00
Jeremy Allison
4072006fec Get rid of DISP_USER_INFO/DISP_GROUP_INFO as they serve no useful
purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries.
ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX
functions fail. Getting ready to add caching.
Jeremy.
(This used to be commit 9d0692a54f)
2003-07-09 00:23:42 +00:00
Jeremy Allison
2f0c3cd817 Fix up become_root/unbecome_root pairs needed around local passdb
lookups.
Jeremy.
(This used to be commit 6bd4788403)
2003-07-09 00:20:43 +00:00
Jeremy Allison
4f0b771af0 Ensure we correctly test for errors in uid/gid_to sid.
Jeremy.
(This used to be commit f3c2e73a8c)
2003-07-09 00:01:40 +00:00
Jeremy Allison
e4bfa0a460 Moved SAM_ACCOUNT marshall/unmarshall functions to make them externally
available. Removed extra auth_init (thanks metze).
Jeremy.
(This used to be commit 88135fbc49)
2003-07-08 21:58:29 +00:00
Gerald Carter
f637448150 standlone servers don't have any trusted domains
(This used to be commit 4acdfc5c94)
2003-07-08 17:19:37 +00:00
Gerald Carter
499b3e3315 fix bone head mistake when setting the uid in the server_info struct.
(This used to be commit 43f21078ec)
2003-07-08 17:04:11 +00:00
Tim Potter
0d0f89461e Initialise the uid and gid values to a safe default in make_server_info()
(This used to be commit 3a1f4f5ea5)
2003-07-08 05:37:13 +00:00
Gerald Carter
3912ca09ea fix some formatting
(This used to be commit fca08b1c87)
2003-07-08 03:16:28 +00:00
Gerald Carter
0c3d46f17f fix temporary bug so people can test 3.0 again; make sure to initialize the uid for the server_info struct
(This used to be commit 6a84297da5)
2003-07-08 02:19:16 +00:00
Tim Potter
e25785fbdc Spelling.
(This used to be commit a9a3339b2d)
2003-07-08 01:04:06 +00:00
Jeremy Allison
e5aa73dab1 Fix spotted by Nadav Danieli <nadavd@exanet.com> - ensure dev and inode
to fix open mode race condition.
Jeremy.
(This used to be commit cbde1c8dfc)
2003-07-07 22:29:40 +00:00
Jeremy Allison
755486e011 Fix the build...
Jeremy.
(This used to be commit 61e9c49cd6)
2003-07-07 21:00:33 +00:00
Jeremy Allison
45ac30db09 Fix from MORIYAMA Masayuki <msyk@mtg.biglobe.ne.jp> for new MB statcache
code. Bug #185.
Jeremy.
(This used to be commit 7a1ac7be42)
2003-07-07 20:22:35 +00:00
Gerald Carter
fbc5f7e207 another compile fix
(This used to be commit 8b52802e5d)
2003-07-07 20:13:59 +00:00
Gerald Carter
b9d503defa fix some compile problems. Can't get IDMAP_OBJ our of proto.h
just yet.

`
(This used to be commit 6f0b5d474a)
2003-07-07 20:11:53 +00:00
Gerald Carter
5895dfb89b Cleaning up linking issues. sam/idmap*.c only links in
winbindd now.  Also removing an unused file.
(This used to be commit 688369c23c)
2003-07-07 20:00:29 +00:00
Jeremy Allison
436555aaa7 Fixed a couple of const issues with the new code.
Jeremy.
(This used to be commit e9fb6e4508)
2003-07-07 17:04:48 +00:00
Gerald Carter
5365869b68 temporarily disable a sanity check to prevent winbindd from deadlocking
on a Samba PDC.  Will be re-enabled after winbind_passdb is done.
(This used to be commit c4762aa3bc)
2003-07-07 05:28:51 +00:00
Gerald Carter
0b18acb841 and so it begins....
* remove idmap_XX_to_XX calls from smbd.  Move back to the
  the winbind_XXX and local_XXX calls used in 2.2

* all uid/gid allocation must involve winbindd now

* move flags field around in winbindd_request struct

* add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id()
  to prevent automatic allocation for unknown SIDs

* add 'winbind trusted domains only' parameter to force a domain member
  server to use matching users names from /etc/passwd for its domain
  (needed for domain member of a Samba domain)

* rename 'idmap only' to 'enable rid algorithm' for better clarity
  (defaults to "yes")

code has been tested on

  * domain member of native mode 2k domain
  * ads domain member of native mode 2k domain
  * domain member of NT4 domain
  * domain member of Samba domain
  * Samba PDC running winbindd with trusts

Logons tested using 2k clients and smbclient as domain users
and trusted users. Tested both 'winbind trusted domains only = [yes|no]'

This will be a long week of changes.  The next item on the list is
winbindd_passdb.c & machine trust accounts not in /etc/passwd (done
via winbindd_passdb)
(This used to be commit 8266dffab4)
2003-07-07 05:11:10 +00:00
Tim Potter
b5cd4a8643 Call the synchronous version of the ldap delete function otherwise we end up
treating the returned message id as an error code.
(This used to be commit 42fdcef324)
2003-07-07 02:50:09 +00:00
Andrew Bartlett
cd2c5e1f63 Fix ldapsam_getsampwsid to correctly only say 'no such user' when indeed there
is no such user...

Thanks to jerry for spotting this.

Also clean up the function a bit, to avoid this happening again...

Andrew Bartlett
(This used to be commit d9a6859e2b)
2003-07-06 06:18:54 +00:00
Andrew Bartlett
b475d0b889 This changes our Unix primary GID behaviour back to what most people expect:
Samba will now use the user's UNIX primary group, as the primary group when
dealing with the filesystem.  The NT primary group is ignored in unix.

For the NT_TOKEN, the primary group is the NT priamry group, and the unix
primary group is added to the NT_TOKEN as a supplementary group.

This should fix bug #109, but will need to be revisited when we get a full
NT group database.

Also in this commit:
 - Fix debug statements in service.c
 - Make idmap_ldap show if it's adding, or modifying an existing DN
 - Make idmap_ldap show both the error message and error string
(This used to be commit 32e455a714)
2003-07-06 05:51:20 +00:00
Andrew Bartlett
fcf115a939 This parameter is unused.
Andrew Bartlett
(This used to be commit 3dd7678416)
2003-07-05 13:51:54 +00:00
Andrew Bartlett
14ec078615 Fix comment
(This used to be commit f7bf48114c)
2003-07-05 11:04:09 +00:00
Andrew Bartlett
85921dbd6f Add some debug statments to our vampire code - try to make it easier to track
down failures.

Add a 'auto-add on modify' feature to guestsam

Fix some segfault bugs on no-op idmap modifications, and on new idmappings that
do not have a DN to tack onto.

Make the 'private data' a bit more robust.

Andrew Bartlett
(This used to be commit 6c48309cda)
2003-07-05 10:39:41 +00:00
Andrew Bartlett
a3ddfa5069 Fixes to our LDAP/vampire codepaths:
- Try better to add the appropriate mapping between UID and SIDs, based
   on Get_Pwnam()
 - Look for previous users (lookup by SID) and correctly modify the existing
   entry in that case
 - Map the root user to the Admin SID as a 'well known user'
 - Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update'
   call on that user.  This means that VL's very nice work on atomic LDAP
   updates now really gets used properly!
 - This also means that we know the right DN to update, without the extra
   round-trips to the server.

Andrew Bartlett
(This used to be commit c7118cb31d)
2003-07-05 09:46:12 +00:00
Andrew Bartlett
d809ad1d19 PAM should operate on the Unix username, not the NT username (which might not
have the domain\ qualification).

Andrew Bartlett
(This used to be commit 7cfa1e7c4a)
2003-07-05 08:05:06 +00:00
Andrew Bartlett
94a6091893 Allow modification of an existing entry.
We still have a lot of work to do to allow this in quite the same way as we
have in the TDB, but it certainly is getting closer.

Andrew Bartlett
(This used to be commit b9ef4e1388)
2003-07-05 05:19:28 +00:00