IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- Make passdb work with absolute paths (passdb backend = /path/to/smbpasswd.so works now). vfs, rpc and charset will follow
(This used to be commit 794d3ed03619a4e41558d9ff65783a1aa1b2be90)
are 'SET' when adding the account.
I really don't like passing flags down to inner routines and
complicated if/else conditions, but this time he might be right. ;-)
Volker
(This used to be commit 80d2578108da14f60133df3a308b867beb27e920)
* pdbedit -i -e sets all SAM_ACCOUNT elements
to CHANGED to satisfy the new pdb_ldap.c handling
* pdbedit -g transfers group mappings. I made this
separate from the user database, as current installations
have to live with a split backend.
So, if you are running 3_0 alphas with LDAP as a backend
and upgrade to the next 3_0 alpha, you should call
pdbedit -i tdbsam -e ldapsam -g
to transfer your group mapping database to LDAP.
You certainly have to have all your groups as posixGroup
objects in LDAP and adapt the LDAP schema before this
call.
Volker
(This used to be commit 6d3faeaef6c77e389d39b6d4660ffea13e7f25f2)
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
(This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
The actual design change is relitivly small however:
It all goes back to jerry's 'BOOL store', added to many of the elements in a
SAM_ACCOUNT. This ensured that smb.conf defaults did not get 'fixed' into
ldap. This was a great win for admins, and this patch follows in the same way.
This patch extends the concept - we don't store values back into LDAP unless
they have been changed. So if we read a value, but don't update it, or we
read a value, find it's not there and use a default, we will not update
ldap with that value. This reduced clutter in our LDAP DB, and makes it
easier to change defaults later on.
Metze's particular problem was that when we 'write back' an unchanged value,
we would clear any muliple values in that feild. Now he can still have his
mulitivalued 'uid' feild, without Samba changing it for *every* other
operation.
This also applies to many other attributes, and helps to eliminate a nasty
race condition. (Time between get and set)
This patch is big, and needs more testing, but metze has tested usrmgr, and
I've fixed some pdbedit bugs, and tested domain joins, so it isn't compleatly
flawed ;-).
The same system will be introduced into the SAM code shortly, but this fixes
bugs that people were coming across in production uses of Samba 3.0/HEAD, hence
it's inclusion here.
Andrew Bartlett
(This used to be commit 7f237bde212eb188df84a5d8adb598a93fba8155)
only the interface has been fully moved to NTSTATUS
not all the plugins make full use of it, but have been all converted.
My testings passed completely, however a bit of more testing is welcome
Simo.
(This used to be commit 102a26e06591928a03b49cd312a65811ed46314f)
Update account_pol.c to use just uint32, rather then uint32 for paramaters,
int32 for storage. (The int32 functions didn't have seperate return/status
values, uint32 functions use a pointer-paramater).
Move the #define -> string from a swtich to a table, so we can look it up
both ways.
Andrew Bartlett
(This used to be commit c5b5e3d653f5c38a283d901a409be6603d5103f7)
rather than a string when configuring mulitple backends.
Also adjust some of the users of get_global_sam_sid() to cope with the fact
that it just might not exist (uninitialised, can't access secrets.tdb).
More places need conversion.
Add some const and remove silly casts.
Andrew Bartlett
(This used to be commit c264bf2ec93037d2a9927c00295fa60c88b7219d)
to using SIDs instead of RIDs.
The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument.
The idea here is to prevent mistakes where the SID is implict, but isn't
the same one that we have in the struct.
Andrew Bartlett
(This used to be commit 04f9a8ff4c7982f6597c0f6748f85d66d4784901)
- convert net to popt
- convert status to popt
- adapt examples/pdb/ to multiple passdb system
- add dynamic debug class example to examples/pdb/
and some reformatting to better match the samba coding style.
Andrew Bartlett
(This used to be commit 2498bc69d4e5c38ec385f640489daa94c508c726)
this is a first step only passdb stuff has beein "classized".
- so what can you do?
set debug level to: 1 poasdb:10
that will make all the code run at debug level 1 except the code in
passdb/* files that will run at level 10
TODO: fix the man page
- also smbcontrol has this nice feature so smbcontrol smbd debug 3 passdb:5
will set every smbd to have a default log level of 3 while passdb stuff
will be at level 5
and so no..
minor cosmetic fix to pdbedit is there too
(This used to be commit be5c3b3f5781ddc002ffcc98df04ab024dcef4ca)
Doco for pdbedit and (ugly, but the best we could come up with) fix
for compiling pdbedit on some non-gcc compilers.
Andrew Bartlett
(This used to be commit 80adf1dbb56cf8bdbfbcc2c8c7b670c0a23c97f8)
<jelmer@nl.linux.org>.
This patch also includes major rework of pdbedit to use popt, and the addition
of -i paramter (allowing the user to specify which PDBs is being
operated on) and -e to export a pdb - useful for backup and testing etc.
Use of -i and -e gets us pdb2pdb functionality for transition between backends,
much like the sam2sam in TNG.
Andrew Bartlett
(This used to be commit c10def37f506d3f2bab442418ac08fdb62659b02)
fixed tdbsam memory corruption (and segfault)
reducing calls to pdb_uid_to_user_rid and countrary to 0 to move to a non alghoritmic rid allocation with some passdb modules.
(This used to be commit 9836af7cd623357feaec07bc49cfb78f0aa01fc3)
much saner :-).
Change to pdb_init_sam()/pdb_free_sam() loop rather than reset based due to
the talloc basis.
Andrew Bartlett
(This used to be commit e40a0a7f27950bd0484fe7d6b67dce45cd75d25c)
Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem. In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.
This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime. The 'passdb backend' paramater
has been created (and documented!) to support this.
As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.
This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.
While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly). Most of this was
to do with % macro expansion on stored data. It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them. tdbsam needs
to use a similar system to pdb_ldap in this regard.
This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these. I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.
Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.
The non-unix-account support in this patch has been proven! It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!
Other changes:
Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.
pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend). Extra checks have been added in
some places.
Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.
pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.
The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly. This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.
Doco:
I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.
(This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
These strings are allocated using talloc(), either using its own memory context
stored on the SAM_ACCOUNT or one supplied by the caller.
The pdb_init_sam() and pdb_free_sam() function have been modifed so that a call
to pdb_free_sam() will either clean up (remove hashes from memory) and destroy
the TALLOC_CTX or just clean up depending on who supplied it.
The pdb_init_sam and pdb_free_sam functions now also return an NTSTATUS, and I
have modified the 3 places that actually checked these returns.
The only nasty thing about this patch is the small measure needed to maintin
interface compatability - strings set to NULL are actually set to "".
This is becouse there are too many places in Samba that do strlen() on these
strings without checking if they are NULL pointers.
A supp patch will follow to set all strings to "" in pdb_default_sam().
Andrew Bartlett
(This used to be commit 144345b41d39a6f68d01f62b7aee64ca0d328085)
Thou shalt not reference SAM_ACCOUNT members directly - always use
pdb_get/pdb_set.
This is achived by making the whole of SAM_ACCOUNT have a .private member,
where the real members live. This caught a pile of examples, and these have
beeen fixed.
The pdb_get..() functions are 'const' (have been for some time) and this
required a few small changes to constify other functions.
I've also added some debugs to the pdb get and set, they can be removed if
requested.
I've rewritten the copy_id2x_to_sam_pass() functions to use the new passdb
interface, but I need the flags info to do it properly.
The pdb_free_sam() funciton now blanks out the LM and NT hashes, and as such
I have removed many extra 'samr_clear_sam_passwd(smbpass)' calls as a result.
Finally, any and all testing is always appriciated - but the basics seem to
work.
Andrew Bartlett
(This used to be commit d3dd28f6c443187b8d820d5a39c7c5b3be2fa95c)
