IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
groupmap'. The correct way to implement this stuff is via a function
table, as exampled in all the other parts of 'net'.
This also moves the idmap code into a new file. Volker, is this your
code? You might want to put your name on it.
Andrew Bartlett
(This used to be commit 477f2d9e39)
This replaces the universal group caching code (was originally
based on that code). Only applies to the the RPC code.
One comment: domain local groups don't show up in 'getent group'
that's easy to fix.
Code has been tested against 2k domain but doesn't change anything
with respect to NT4 domains.
netsamlogon caching works pretty much like the universal group
caching code did but has had much more testing and puts winbind
mostly back in sync between branches.
(This used to be commit aac01dc7bc)
fails to build on a ton of platforms as it completely bypasses all of
our portability code.
if you want it then use 'make bin/editreg'. If some distros want to
add that to their spec files then thats up to them, but we really
can't have non-portable code unconditionally built in our main tree.
(This used to be commit 3c66111f32)
* remove 'winbind uid' and 'winbind gid' parameters (replaced
by current idmap parameter)
* create the sambaUnixIdPool entries automatically in the 'ldap
idmap suffix'
* add new 'ldap idmap suffix' and 'ldap group suffix' parametrer
* "idmap backend = ldap" now accepts 'ldap:ldap://server/' format
(parameters are passed to idmap init() function
(This used to be commit 1665926281)
Includes sambaUnixIdPool objectclass
Still needs cleaning up wrt to name space.
More changes to come, but at least we now have a
a working distributed winbindd solution.
(This used to be commit 8241758544)
- Use absolute directories for $builddir and $srcdir in the Makefile
- Don't try and combine source files in $builddir and $srcdir to build
proto.h. It's just too hard to get it right across all targets we
wish to compile on. Use a hand created prototype for the single
function in smbd/build_options.c that we need. This allows us to ditch
all the extra sed work that was causing problems: \t not portable - hah!
- Fix bogus delheaders target to remove the correct files
This appears to work quite nicely now. Let's see how it goes on the
buildfarm machines.
(This used to be commit 456184463d)
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.
Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.
The code has been tested and seem to work right, more testing is needed for
corner cases.
Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)
Simo.
(This used to be commit 0e58085978)
1. Allows to change quota settings for shared mount points from Win2K and WinXP from Explorer properties tab
2. Disabled by default and when requested, will be probed and enabled only on Linux where it works
3. Was tested for approx. two weeks now on Linux by two independent QA teams, have not found any bugs so far
Documentation to follow
(This used to be commit 4bf022ce9e)
source file. I will be making changes to sock_exec to work on VOS, which
has a blocking connect() call, but first I want to get it in its own source
file so that it can be called from a test program.
(This used to be commit 10bf65d335)
build options, so we will always have the right values for how and when
an smbd was built.
In particular, this is indended to address bitrot caused by configure.in
changes.
Andrew Bartlett
(This used to be commit 2be258071c)
This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code,
the winbind_idmap abstraction (not idmap proper, but the stuff that held up
the winbind LDAP backend in HEAD).
Andrew Bartlett
(This used to be commit d4d5e6c2ee)
Need to check on where the privilege code is sitting
and update the docs.
Examples:
root# bin/net help groupmap
net groupmap add
Create a new group mapping
net groupmap modify
Update a group mapping
net groupmap delete
Remove a group mapping
net groupmap list
List current group map
# bin/net groupmap add
Usage: net groupmap add rid=<int> name=<string> type=<domain|local|builtin> [comment=<string>]
# bin/net groupmap delete
Usage: net groupmap delete name=<string|SID>
# bin/net groupmap modify
Usage: net groupmap modify name=<string|SID> [comment=<string>] [type=<domain|local>
(This used to be commit f2fd0ab41f)
- whitespace syncup
- winbind nss client cleanups
- new rpc echo pipe
- prettier warnings for out of date autoconf scripts
(This used to be commit bb812d1670)
Small clenaup patches:
- safe_string.h - don't assume that __FUNCTION__ is available
- process.c - use new workaround from safe_string.h for the same
- util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc()
- gencache.c - Keep valgrind quiet by always null terminating.
- clistr.c - Add copyright
- srvstr.h - move srvstr_push into a .c file again, as a real function.
- srvstr.c - revive, with 'safe' checked srvstr_push
- loadparm.c - set a default for the display charset.
- connection.c - use safe_strcpy()
Andrew Bartlett
(This used to be commit c91e76bddb)
- pdb_guest (including change defaults)
- 'default' passdb actions (instead of 'not implemented' stubs in each module)
- net_rpc_samsync no longer assumes pdb_unix
Andrew Bartlett
(This used to be commit 4bec53c8c8)
This patch catches up on the rest of the work - as much string checking
as is possible is done at compile time, and the rest at runtime.
Lots of code converted to pstrcpy() etc, and other code reworked to correctly
call sizeof().
Andrew Bartlett
(This used to be commit c5b604e2ee)
- NTLMSSP over SPENGO (sesssion-setup-and-x) cleanup and code refactor.
- also consequential changes to the NTLMSSP and SPNEGO parsing functions
- and the client code that uses the same functions
- Add ntlm_auth, a NTLMSSP authentication interface for use by applications
like Squid and Apache.
- also consquential changes to use common code for base64 encode/decode.
- Winbind changes to support ntlm_auth (I don't want this program to need
to read smb.conf, instead getting all it's details over the pipe).
- nmbd changes for fstrcat() instead of fstrcpy().
Andrew Bartlett
(This used to be commit fbb46da79c)
*sync up configure.in
*don't build torture tools in make all
*make sure to remove torture tools as part of make clean
(This used to be commit 0fb724b321)
>Add -a flag to setup.py when making python_clean. This will delete the
>python compiled binaries and .so files rather than only the temporary
>compile directory.
>
>This fixes a PSA build bug.
Merge from HEAD, Revision 1.587:
>Link less with smbmnt and smbumount. Also change from a pstrcpy() to a
>strncpy() to make it clear that we must operate on a PATH_MAX sized buffer.
>
>Andrew Bartlett
Plus some bits from the AC_SUBST target cleanup that got missed last time
I ran dirdiff.
(This used to be commit 9b94c82958)
- Target selection cleanup
- Some formatting merges
- Merged some Pythong bits&pieces that were missed previously
Original commit message for target selection cleanup:
>Here's a bit of a cleanup of the {configure,Makefile}.in files. I've
>now combined all the ad-hoc AC_SUBST variables into three generalised
>ones:
>
> EXTRA_BIN_PROGS Additional programs to install in ${prefix}/sbin
> EXTRA_SBIN_PROGS Additional programs to install in ${prefix}/bin
> EXTRA_ALL_TARGETS Additional targets to build by default
> SHLIB_PROGS Shared library objects (pam, winbind) to build
>
>We also build some extra stuff by default: the python extensions (if
>--with-python specified), smbmount related binaries (if
>--with-smbmount specified), and the samba torture suite.
>
>The idea behind this is to have everything that is configured built by
>default to detect breakage as soon as possible when people make low
>level changes.
(This used to be commit 6000caf5da)
* updating Makefile & configure script to use CONFIGDIR & VFSLIBDIR
* set LIBDIR to ${prefix}/lib/samba when --with-fhs is enabled
* make installdirs take an arbitrary number of arguements
(This used to be commit f0d09cf676)
* fixing change notify on print server handle
* adding change notify support into smbcontrol for sending comment
changes, etc...
All part of CR 1159/1160
(This used to be commit f1062e79de)
- Fix segfaults in the 'net ads' commands when no password is provided
- Readd --with-ldapsam for 2.2 compatability. This conditionally compiles the
old options, but the actual code is available on all ldap systems.
- Fix shadow passwords (as per work with vl)
- Fix sending plaintext passwords to unicode servers (again vl)
- Add a bit of const to secrets.c functions
- Fix some spelling and grammer by vance.
- Document the -r option in smbgroupedit.
There are more changes in HEAD, I'm only merging the changes I've been involved
with.
Andrew Bartlett
(This used to be commit 83973c3893)
the hash for this scheme is *much* larger (approximately 31 bits) and
the code is written to be very fast, correctly handling multibyte
while not doing any actual multi-byte conversions in the vast majority
of cases
you can select this scheme using "mangling method = hash2", although I
may make it the default if it works out well.
(This used to be commit bb173c1a7e)
mangling implementation, selectable using "mangling method = " in smb.conf
It also tidies the interface a little, although it is still nasty.
(This used to be commit be23d87a17)
directory so we don't keep getting these stupid error messages about
incorrect size for valid.dat upcase.dat and lowcase.dat
(This used to be commit 4af0c7a93f)
does not imply that all source will be rebuilt when prototypes change,
merely that the prototypes will be updated.
make proto, clean, delheaders, headers, etc all behave equivalently to
before.
Intended new behaviour for proto.h, whenever source is being
compiled:
If proto.h does not exist, it is built.
If any source files have changed since proto.h was last checked
(.proto.check), then proto.h is checked. If there are no actual
changes since last time, its mtime is not changed, but we do
remember the time at which it was checked.
Whenever we try to build a .o, we need to check the headers are up
to date. However, rebuilding the prototypes does not imply
rebuilding all object files.
Also to allow people to build on machines without Awk, we never try
to use it unless a source file has changed. I guess if we wanted,
we could have lack of Awk only cause a warning, not failure.
The point of all of this is to be easier on people who don't
understand or forget to type "make proto", and to reduce the chance of
build breakage by having prototypes out of sync.
I also rolled back JF's changes to put proto.h into builddir rather
than srcdir. There are good arguments in both directions, but since
we keep proto.h in CVS, it seems important that the up-to-date copy by
in srcdir where it can be checked back in. If people are fussed about
having srcdir be readonly you could change this -- but since proto.h
is only rebuilt when there are changes, it's not a big deal.
I also fixed an apparent race condition in "make headers" that would
make it unsafe if you did 'make -j2', and made 'make clean' not kill
proto.h, since people may not be able to rebuild it.
I reckon there's nothing gnumake-specific here but we shall see.
I also have this great idea about rewriting libtool in C++...
(This used to be commit 8a61a810e5)
into its own. The 'installdirs' makefile entry didn't do anything on my laptop,
so it has been replaced with the section from installbin.sh.
This also fixes the bug that we ignored the setting of $(PRIVATEDIR) when
making the directories.
Finally, link pam_winbind with .po objects only, not a mix of .o and .po
(as per Don Mccall's request).
Andrew Bartlett
(This used to be commit c7a883df28)
<a.kotovich@sam-solutions.net> that adds the security decsriptor code
for ADS workstation accounts
thanks for your patience Cat, and thanks to Andrew Bartlett for
extensive reviews and suggestions about this code.
(This used to be commit 6891393b5d)
when complete, this will be used to backup critical tdbs at samba
startup and possibly periodically while Samba is running so that if
tdb corruption is caused by a power failure Samba can restore from the
backup.
(This used to be commit f619330082)
