1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

22138 Commits

Author SHA1 Message Date
Günther Deschner
75a0171857 r22799: Fix the build.
Guenther
(This used to be commit 6e911c442b)
2007-10-10 12:21:59 -05:00
Günther Deschner
46c5da2fd6 r22798: Add the "apply group policy" access bit (as seen in type 0x05 ALLOWED OBJECT
ACEs).

Guenther
(This used to be commit e138cbc876)
2007-10-10 12:21:58 -05:00
Günther Deschner
9c170fce26 r22797: We are only interested in the DACL of the security descriptor, so search with
the SD_FLAGS control.

Guenther
(This used to be commit 648df57e53)
2007-10-10 12:21:57 -05:00
Günther Deschner
95bc08e954 r22796: Add security descriptor to GROUP_POLICY_OBJECT structure (in preparation of
adding GPO security filtering for libgpo).

Guenther
(This used to be commit b376a39fbf)
2007-10-10 12:21:57 -05:00
Günther Deschner
67a45aa26b r22794: Add "debug_state" and "silent" to pam_winbind.conf template. Honor the silent
argument when parsing pam configuration file options.

Guenther
(This used to be commit 5b4a4df26f)
2007-10-10 12:21:57 -05:00
Volker Lendecke
1cb8a948b3 r22787: More from Karolin: Make map_unix_group() static to net_sam.c, add "net
sam unmapunixgroup"
(This used to be commit 55e2f35fad)
2007-10-10 12:21:57 -05:00
Volker Lendecke
9e30a76c04 r22786: Some cleanup by Karolin Seeger: Remove unused pdb_find_alias, and change
return values of some alias-releated pdb functions from BOOL to NTSTATUS

Thanks :-)
(This used to be commit 590d2164b3)
2007-10-10 12:21:57 -05:00
Andrew Tridgell
2383ffce69 r22784: fixed change notify for delete on close
(This used to be commit 6f52435a72)
2007-10-10 12:21:57 -05:00
Steve French
a6bbf9f9bc r22779: Patch for not prompting for password on cifs mounts when "sec=none"
specified
(This used to be commit 9af97d8ead)
2007-10-10 12:21:56 -05:00
Michael Adam
0aab2a8251 r22777: Fix for [Bug 4543] - POSIX ACL support on FreeBSD.
This adds vfs_posixacl to the list of static modules and
makes use of HAVE_ACL_GET_PERM_NP.

This is just a quick fix. FreeBSD acl support is still
hardcoded in configure.in, but actually this could be
detected in a unified test for freebsd, linux, *,
as suggested in the bugreport. This has still to be
checked and elaborated.

Michael
(This used to be commit af94654772)
2007-10-10 12:21:56 -05:00
Volker Lendecke
4c185a6077 r22775: For the cluster code I've developed a wrapper around tdb to put different
database backends in place dynamically.

The main abstractions are db_context and db_record, it should be mainly
self-describing, see include/dbwrap.h.  You open the db just as you would open
a tdb, this time with db_open(). If you want to fetch a record, just do the
db->fetch() call, if you want to do operations on it, you need to get it with
fetch_locked().

I added dbwrap_file.c (not heavily tested lately) as an example for what can
be done with that abstraction, uses a file per key. So if anybody is willing
to shape that up, we might have a chance on reiserfs again.... :-)

This abstraction works fine for brlock.tdb, locking.tdb, connections.tdb and
sessionid.tdb. It should work fine for the others as well, I just did not yet
get around to convert them.

If nobody loudly screams NO, then I will import the code that uses this soon.

Volker
(This used to be commit e9d7484ca2)
2007-10-10 12:21:56 -05:00
Derrell Lipman
ad3bed14f1 r22773: - Clean up the the rest of the cruft from my earlier work on the readahead()
missing declaration problem.
(This used to be commit 44365130ce)
2007-10-10 12:21:56 -05:00
Derrell Lipman
1b55cf4384 r22772: - Still working on the fact that readahead() is not declared (on at least one
OS) but is available for linking.  Instead of running configure tests with
  -Werror-implicit-function-declaration in developer mode (which may lead to
  different library functions being used in developer mode than when not in
  developer mode), add tests for whether readahead is declared.  If not,
  provide a replacement declaration in lib/replace.
(This used to be commit 7d05fa8b32)
2007-10-10 12:21:56 -05:00
Simo Sorce
8ef8dab4fb r22771: One liner fix for idmap_ldap
Fixes the strange behavior we were seeing about idmap_ldap creating
a new connection for each query.

Jerry we need this in for 3.0.25
(This used to be commit 4fb3e0f655)
2007-10-10 12:21:56 -05:00
Volker Lendecke
a0f9db7a16 r22767: Argl. Typed in 'svn ci' in the wrong branch. Revert.
(This used to be commit 2c5b951eba)
2007-10-10 12:21:55 -05:00
Volker Lendecke
16ae8eff93 r22766: Merge from 3_0:
r22412 | obnox | 2007-04-20 14:23:36 +0200 (Fr, 20 Apr 2007) | 5 lines

Add a "deletelocalgroup" subcommand to net sam.

Thanks to Karolin Seeger <ks@sernet.de>.
(This used to be commit fb6ac8a5b2)
2007-10-10 12:21:55 -05:00
Jeremy Allison
1e6e3f8279 r22765: Fix from Alison Winters <alisonw@sgi.com> for missing return
in sendfilereadbraw.
Jeremy.
(This used to be commit b523e782b0)
2007-10-10 12:21:55 -05:00
Volker Lendecke
4aa44f7475 r22761: This introduces lib/conn_tdb.c with two main functions: connections_traverse
and connections_forall. This centralizes all the routines that did individual
tdb_open("connections.tdb") and direct tdb_traverse.

Volker
(This used to be commit e43e94cda1)
2007-10-10 12:21:55 -05:00
Stefan Metzmacher
dcc2fe7cb6 r22759: sync lib/talloc with samba4
metze
(This used to be commit 86c510e319)
2007-10-10 12:21:54 -05:00
Volker Lendecke
87d18ac488 r22755: Second half of r22754. As it stands now, string_replace expects a
pstring. Give it one, although I hate putting it in :-)

Thanks to Tom Bork! :-)
(This used to be commit f4ea3fd365)
2007-10-10 12:21:54 -05:00
Jeremy Allison
798af9e0c8 r22754: When processing a string, ensure we don't write one past
the terminating NULL if we've already processed the null
in iconv. Jerry, once I get confirmation from Thomas Bork
this needs to be in 3.0.25 final. Tests fine with valgrind
here.
Jeremy.
(This used to be commit 14b167ef6e)
2007-10-10 12:21:54 -05:00
Volker Lendecke
76ce309234 r22751: Next step for the cluster merge: sessionid.tdb should contain a 'struct
server_id' instead of a 'uint32 pid'
(This used to be commit be7bac55c3)
2007-10-10 12:21:54 -05:00
Volker Lendecke
7192160599 r22747: Fix some C++ warnings
(This used to be commit a66a04e9f1)
2007-10-10 12:21:54 -05:00
Volker Lendecke
b1e866c3b7 r22745: Add local groups to the --required-membership-sid test. This needs
merging to 3_0_26 once Michael's net conf changes have been merged. It
depends on token_utils.c.
(This used to be commit a99ab3a2ed)
2007-10-10 12:21:54 -05:00
Volker Lendecke
f50ff7345d r22744: Fix a valgrind error. parse_domain_username does not necessarily fill in
the domain.
(This used to be commit f4f0d71377)
2007-10-10 12:21:53 -05:00
Volker Lendecke
d4799f5c7a r22740: Move debug_*_user_token to token_utils.c
(This used to be commit 4ad9f8aa61)
2007-10-10 12:21:53 -05:00
Michael Adam
f79a4b85f2 r22739: Make prototypes in include/util_tdb.h of some functions from
lib/util_tdb.c exactly match the definitions. (There were
some [u]int_32_t instead of [u]int32, which made a gcc 2.95
on an old AIX without system [u]int32[_t] types complain...)
(This used to be commit 7cae0d6117)
2007-10-10 12:21:53 -05:00
Volker Lendecke
deed2831c9 r22738: Fix a debug message.
Günther, please check this!

Thanks,

Volker
(This used to be commit 8a038b8cd3)
2007-10-10 12:21:52 -05:00
Günther Deschner
2e1acc4f5a r22737: Fix crash bug (info3 is now talloced).
Guenther
(This used to be commit 08a7ee8d96)
2007-10-10 12:21:52 -05:00
Volker Lendecke
e6383f4762 r22736: Start to merge the low-hanging fruit from the now 7000-line cluster patch.
This changes "struct process_id" to "struct server_id", keeping both is
just too much hassle. No functional change (I hope ;-))

Volker
(This used to be commit 0ad4b1226c)
2007-10-10 12:21:52 -05:00
Derrell Lipman
d1153fc790 r22732: - Testing of libsmbclient against Vista revealed what is likely a bug in
Vista.  Vista provides a plethora of kludges to simulate older versions of
  Windows.  The kludges are in the form of shortcuts (or more likely symbolic
  links, but I don't know enough about Vista to determine that definitively)
  and in most cases, attempts to access them get back an "access denied"
  error.  On one particular folder, however, "<share>/Users/All Users", it
  returns an unknown (to ethereal and the Samba3 code) NT status code:
  0x8000002d.  Although this code does not have a high byte of 0xc0 indicating
  that it is an error, it appears to be an alternate form of "access denied".

  Without this patch, libsmbclient times out on an attempt to enumerate that
  folder rather than returning an error to the caller.  This patch corrects
  that problem.
(This used to be commit cc0cd3a12f)
2007-10-10 12:21:52 -05:00
Derrell Lipman
3a9a3ad8f9 r22731: - Fix bug #4594.
configure.in determines if -Werror-implicit-function-declaration is
  available, and if so it enables that flag if --enable-developer is
  specified.  Since the configure tests themselves did not use that flag, it
  was possible for a configure test to succeed, followed by a failed
  compilation due to a facility being available but not having a proper
  declaration in a header file.  (This bit me with readahead().)  This patch
  ensures that if implicit function declarations will kill the build, the
  feature being tested is deselected so the build will succeed.

  The autoconf manual suggests using return instead of exit in configure
  tests because the declaration for exit is often missing.  We require this
  now, since we error if prototypes are missing.  See section 5.5.1 of
  http://www.gnu.org/software/autoconf/manual/autoconf.html.  This patch makes
  these changes, because in fact, an external declaration for exit is missing
  here (and likely elsewhere).

  I've verified that the features selected (here) with the original
  configure.in and the new one are the same except for, in my case,
  readahead.  I've also confirmed that the generated Makefile is identical.

  These changes are not being applied to the 3.0.26 branch because it does not
  exhibit the initial problem this patch is supposed to solve since it doesn't
  attempt to use -Werror-implicit-function-declaration.
(This used to be commit 4d42720915)
2007-10-10 12:21:51 -05:00
Gerald Carter
63456681da r22730: Fix password changes via pam_winbindd when using "winbind normalize names"
and the username has been munged.  Make sure to munge it back before
performing the change_password() request.
(This used to be commit ff025d451e)
2007-10-10 12:21:51 -05:00
Gerald Carter
cfc4946ebf r22729: add help text for osver and osname options to 'net ads join' (patch from Dnailo A.)
(This used to be commit 3f588e0b65)
2007-10-10 12:21:51 -05:00
Gerald Carter
3eca3af1bc r22728: Patch from Danilo Almeida <dalmeida@centeris.com>:
When asked to create a machine account in an OU as part
of "net ads join" and the account already exists in another
OU, simply move the machine object to the requested OU.
(This used to be commit 3004cc6e59)
2007-10-10 12:21:51 -05:00
Gerald Carter
3df5bc8728 r22727: remove outdated comment about templatre shell and homedir
(This used to be commit e8f9bd6558)
2007-10-10 12:21:51 -05:00
Gerald Carter
c473d9e47f r22726: When performing an offline logon for a user in a trusted domain,
take care not to expire the name2sid cache entry just because
that child does not know that the primary domain is offline.
(This used to be commit 0399f52a1c)
2007-10-10 12:21:51 -05:00
Gerald Carter
78c27bb770 r22725: * Don't try to update the sequence_number when offline
* Log the NTSTATUS when saving name/sid cache entry
* Allow the backend loolkup_usergroups() call in winbindd_{rpc,ads}.c
  to inform the wcache manager that the group list should not be cached
  (needed for one-way trusts).
(This used to be commit 693ab48408)
2007-10-10 12:21:50 -05:00
Gerald Carter
189b694ee9 r22724: Call an nss_info backend's init() function if the
previous call was unsuccessful.  needed for offline
logons.
(This used to be commit c3a8dc5d13)
2007-10-10 12:21:50 -05:00
Gerald Carter
215e033e82 r22720: Fixes for offline auth when using krb5_auth = yes in pam_winbind.
Assume that "NO_DOMAIN_CONTROLLERS_FOUND" means that the domain
is offline.
(This used to be commit 30f9cc52bf)
2007-10-10 12:21:50 -05:00
Gerald Carter
cf4f314fb3 r22719: Missed change for one-way trust support. Ignore password policy
settings from one trusted domain with no incoming trust path.

Guenther, I think this is ok as we only need the pw policy
to give feedback on upcoming expiration times.
(This used to be commit c79ae57388)
2007-10-10 12:21:50 -05:00
Gerald Carter
2a9c7462c7 r22717: Add Everyone and AuthenticatedUsers to the user's token
for use by the require-membership-of pam_winbind option.
(This used to be commit 11f81c5997)
2007-10-10 12:21:50 -05:00
Gerald Carter
8bbf274f07 r22716: Clarify comment in winbindd_domain structure
(This used to be commit 32fd8558bd)
2007-10-10 12:21:50 -05:00
Gerald Carter
09fee9aa18 r22715: When our primary domain does on or offline, make sure to send a msg
to the idmap child.

Also remove the check for the global offline state in child_msg_offline()
as this means we cannot mark domains offline due to network outages.
(This used to be commit 1b99e8b521)
2007-10-10 12:21:49 -05:00
Gerald Carter
89fd4444af r22714: Prevent DNS lookup storms when the DNS servers are unreachable.
Helps when transitioning from offline to online mode.

Note that this is a quick hack and a better solution
would be to start the DNS server's state between processes
(similar to the namecache entries).
(This used to be commit 4f05c6fe26)
2007-10-10 12:21:49 -05:00
Gerald Carter
c16059f1f0 r22713: Offline logon fixes for idmap manager:
(a) Ignore the negative cache when the domain is offline
(b) don't delete expired entries from the cache as these
    can be used when offline (same model as thw wcache entries)
(c) Delay idmap backend initialization when offline
    as the backend routines will not be called until we go
    online anyways.  This prevents idmap_init() from failing
    when a backend's init() function fails becuase of lack of
    network connectivity
(This used to be commit 4086ef15b3)
2007-10-10 12:21:49 -05:00
Gerald Carter
fd5ff711b6 r22712: Inform the user when logging in via pam_winbind
and the krb5 tkt cache could not be created due to clock skew.
(This used to be commit 24616f7d6b)
2007-10-10 12:21:49 -05:00
Gerald Carter
80dca03aae r22711: Fix a compile warnign in query_user(). Ensure that user_rid
is initialized.
(This used to be commit ef03042682)
2007-10-10 12:21:49 -05:00
Gerald Carter
391a72f3df r22710: Support one-way trusts.
* Rely on the fact that name2sid will work for any name
  in a trusted domain will work against our primary domain
  (even in the absense of an incoming trust path)

* Only logons will reliably work and the idmap backend
  is responsible for being able to manage id's without contacting
  the trusted domain

* "getent passwd" and "getent group" for trusted users and groups
  will work but we cannot get the group membership of a user in any
  fashion without the user first logging on (via NTLM or krb5)
  and the netsamlogon_cache being updated.
(This used to be commit dee2bce2af)
2007-10-10 12:21:49 -05:00
Gerald Carter
044f1b4a99 r22709: we can only use tschannel when commectcing to our primary (might need some fixing here for a Samba DC)
(This used to be commit 3d2123383d)
2007-10-10 12:21:48 -05:00