1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

32 Commits

Author SHA1 Message Date
Simo Sorce
d19d3e7126 r25060: Fix formatting, remove trailing spaces and cut lines longer than 80 chars
(This used to be commit 7a4d465890)
2007-10-10 12:30:37 -05:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Michael Adam
9406f7d4d2 r23763: Fix a typo in DEBUG message.
Thanks to Karolin Seeger (ks@sernet.de)
(This used to be commit 0ae6ae4ee8)
2007-10-10 12:23:53 -05:00
Michael Adam
c8883bed7f r23340: Fix typo in debug ouput. Found by Karolin Seeger <ks@sernet.de>.
Michael
(This used to be commit 81c7d152b2)
2007-10-10 12:23:07 -05:00
Gerald Carter
224239d8e3 r23048: Simo is correct in that winbind_lookup{sid,name}_async() needs
to be able to handle SIDs in the S-1-22-{1,2} domain in order
for winbindd_sid_to_uid(), et. al. to succeed.  For 3.0.25a,
we will short circuit in the sid_to_uid() family of functions
so that smbd is ok.

For 3.0.26, we need to allow winbindd to handle all types of SIDs.
(This used to be commit d70cec3196)
2007-10-10 12:22:17 -05:00
Gerald Carter
c16059f1f0 r22713: Offline logon fixes for idmap manager:
(a) Ignore the negative cache when the domain is offline
(b) don't delete expired entries from the cache as these
    can be used when offline (same model as thw wcache entries)
(c) Delay idmap backend initialization when offline
    as the backend routines will not be called until we go
    online anyways.  This prevents idmap_init() from failing
    when a backend's init() function fails becuase of lack of
    network connectivity
(This used to be commit 4086ef15b3)
2007-10-10 12:21:49 -05:00
Jeremy Allison
f1d8c4da23 r22675: Simo's patch for 0 size allocation. Still need
to examine parse_misc.c fix.
Jeremy.
(This used to be commit 80d981265c)
2007-10-10 12:19:54 -05:00
Jeremy Allison
56a5d05b8b r22590: Make TALLOC_ARRAY consistent across all uses.
That should be it....
Jeremy.
(This used to be commit 603233a98b)
2007-10-10 12:19:49 -05:00
Jeremy Allison
12ba88574b r22542: Move over to using the _strict varients of the talloc
calls. No functional changes. Looks bigger than it is :-).
Jeremy.
(This used to be commit f6fa3080fe)
2007-10-10 12:19:44 -05:00
Gerald Carter
b9c4009037 r22473: Correct fix for setting a default compat tdb idmap backend.
Previous code would always fill in "idmap backend = tdb"
even if you defined idmap domains.  My fault.  I should
have tested the original patch more before committing.
(This used to be commit a60c3f6a5a)
2007-10-10 12:19:37 -05:00
Gerald Carter
da158ad6a2 r22447: Patch from Ying Li <ying.li2@hp.com> to default tdb idmap
plugin when neither idmap domains nor idmap backend have
been defined.
(This used to be commit 2fa12753da)
2007-10-10 12:19:34 -05:00
Gerald Carter
36da6cb584 r22390: Patchset sent to samba-technical to address the winbind
loop when allocating a new id for a SID:

auth_util.patch		Revert create_local_token() to
			the 3.0.24 codebase

idmap_type.patch	Have the caller fillin the
			id_map.xid.type field when
			resolving a SID so that if we allocate
			a new id, we know what type to use

winbindd_api.patch	Remove the WINBINDD_SIDS_TO_XIDS calls
			from the public winbindd interface
			for the 3.0.25 release

idmap_rid.patch		Cleanup the idmap_rid backend to not
			call back into winbindd to resolve
			the SID in order to verify it's type.
(This used to be commit 3b24dae9e7)
2007-10-10 12:19:30 -05:00
Simo Sorce
01be4914b3 r22343: Commit to 3_0 as well after adapting the patch.
(tdb_delete_bystring instead of tdb_delete is used here)
(This used to be commit ee40cead09)
2007-10-10 12:19:27 -05:00
Simo Sorce
0dd0aab2bc r22230: Let's just cast here, the 2 calls have different allocation mechanisms.
We just let domname and name hang on the mem ctx until the call returns,
and the context will be destroyed.

Simo.
(This used to be commit c38d8396c5)
2007-10-10 12:19:21 -05:00
Volker Lendecke
3e819bd22c r22214: Fix incompatible pointer type warnings. Simo, please check and merge to 3_0_25
if appropriate.

Volker
(This used to be commit 6a4f6c5177)
2007-10-10 12:19:20 -05:00
Simo Sorce
59523f55a9 r22204: Workaround to quickly close bug #4508
This hack makes thing work, but we will need to try again to
make the getpw* calls fully async, that's the real fix.
(This used to be commit 2552859b3d)
2007-10-10 12:19:19 -05:00
Gerald Carter
d1491cc500 r22173: BUG 4491, 4501: Additional fixes for protecting against
crashes in allocate_id().

BUG 4501: Fix segv in idmap_ad caused by resetting the
entry iterator when parsing search results.
(This used to be commit bd6ebbfb9f)
2007-10-10 12:19:18 -05:00
Gerald Carter
330985ebb5 r22159: BUG 4501 (second half of fix): Just disable the
uid/gid allocation if no idmap alloca backend has been
defined and we are not using a 3.0.24 idmap backend
compatible configuration.
(This used to be commit 0b700456f4)
2007-10-10 12:19:18 -05:00
Simo Sorce
ca70c3cde7 r22109: Readonly is automatically set in the generic init code, let's just log the fact there
and remove the specific, but redundant, code in idmap_ad.c
(This used to be commit f127803734)
2007-10-10 12:19:13 -05:00
Gerald Carter
3bdd0e3650 r22066: Ensure that winbind can resolve SIDs in the S-1-22-{1,2}
domain to a uid.gid using the idmap_passdb backend.
(This used to be commit fc1aeee52d)
2007-10-10 12:19:09 -05:00
Gerald Carter
52d5e2a935 r21884: * Blacklist BUILTIN and MACHINE domains from the
idmap domains as these should only be handled by the
  winbindd_passdb.c backend

* Allow the alloc init to fail for backwards compatible
  configurations like

     idmap backend = ad
     idmap uid = 1000-100000
	....

* Remove the deprecated flags from idmap backend, et. al.
  These are mutually exclusive with the new configuration
  options (idmap domains).  Logging annoying messages
  about deprecated parameters is confusing.  So we'll try
  this apprpach for now.
(This used to be commit 5e30807b4e)
2007-10-10 12:18:44 -05:00
Gerald Carter
b1f4259cd5 r21616: Delay initialization of idmap and nss_info backends until necessary
so they can honor the offline logon state.
(This used to be commit 15b13dfe81)
2007-10-10 12:18:18 -05:00
Herb Lewis
bdc612a098 r21548: prevent segv (reference to -1 element of array)
(This used to be commit b5fd72282d)
2007-10-10 12:18:12 -05:00
Gerald Carter
b5114650cf r21284: Fix some unitilized variable warnings pointed out by Volker.
(This used to be commit 5c3edad860)
2007-10-10 12:17:54 -05:00
Gerald Carter
e7d2f46229 r21182: * Refactor the code to obtain the LDAP connection credentials
from both idmap_ldap_{alloc,db}_init()
* Fix the backwards compat support in idmap_ldap.c
* Fix a spelling error in the idmap_fetch_secret() function name
(This used to be commit 615a104356)
2007-10-10 12:17:46 -05:00
Gerald Carter
d3b3e02881 r21180: fix backwards compatible idmap backends parameter parsing
(This used to be commit 01af19cc9d)
2007-10-10 12:17:46 -05:00
Gerald Carter
37cc3e3d62 r20951: Remove the DOM_SID field in the struct idmap_domain and bounce
domain SID lookups through the struct winbindd_domain *domain_list
by searching by name.

Refactor the order lookup when searching for the correct idmap_domain
to a single function and remove the requirement that the default
domain be listed first in the config file.

I would still like to make the idmap_domain array a linked list and
remove the existing code which makes use of indexes into the list.

Basic testing with tdb pans out ok.
(This used to be commit e6c300829f)
2007-10-10 12:17:21 -05:00
Simo Sorce
c50c8d0dc3 r20774: I thought I committed this before Xmas holidays ...
This change is needed to make it possible to not expire
caches in disconnected mode.

Jerry, please can you look at this and confirm it is ok?

Simo.
(This used to be commit 9e8715e4e1)
2007-10-10 12:17:08 -05:00
Simo Sorce
ced5c1f9aa r20289: IDMAP is part of winbind but not the main process.
Make sure we route all request to remote DCs via the main process
so that IDMAP can correctly reuse DC connections and use the
async interface.

This fixes also idmap_nss so that it is able to resolve local
group names (requires patch on the samba dc earlier committed
to SAMBA_3_0 to make it resolve both the mapped and the unmapped
name).

Simo.
(This used to be commit 4297510f22)
2007-10-10 12:16:39 -05:00
Simo Sorce
b1de1a6eab r20216: Fix fallback code.
A reversed check made it impossile to fallback to the Unix Domain mapping code.
Also fix a potential use of a freed array.

Jerry,
my tests shows that this code now correctly handle the fallback to Unix Domain
when our Domain member is asked for a mapped group that has a unix name different
from the Windows name against a Samba DC and we do not use winbindd but share
users/groups by other means (ldap / sync of passwd and group files)

Immediate Fix would be to discuss if we should answer back when DOMAIN\unixgroup -> SID
is asked for, in the case the unixgroup name is mapped to a different name.
IE: DOMAIN\Domain Admins -> ntadmins

Currently if we are asked for "DOMAIN\Domain Admins" we return the dom admins SID
If we are asked for "DOMAIN\ntadmins we return "not found", but we may consider to
return the Domain admins SID in this case too.

Comments are welcome on this point!

Long term fix I think is the unixinfo pipe and of course an idmap_unixinfo moudle.

Simo.
(This used to be commit 07bdbb4c21)
2007-10-10 12:16:33 -05:00
Simo Sorce
4225f9a4bd r20116: Start merging in the work done to create the new idmap subsystem.
Simo.
(This used to be commit 50cd8bffee)
2007-10-10 12:16:25 -05:00