1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

48 Commits

Author SHA1 Message Date
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Gerald Carter
9b78af1f64 r23244: Fix loop with nscd and NSS recusive calls.
> Here's the problem I hit:
>
> getgrnam("foo") -> nscd -> NSS -> winbindd ->
>   winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() ->
>   getgrnam("foo") -> nscd -> ....
>
> This is in the SAMBA_3_0 specifically but in theory could happen
> SAMBA_3_0_25 (or 26) for an unknown group.
>
> The attached patch passes down enough state for the
> name_to_sid() call to be able to determine the originating
> winbindd cmd that came into the parent.  So we can avoid
> making more NSS calls if the original call came in trough NSS
> so we don't deadlock ?  But you should still service
> lookupname() calls which are needed for example when
> doing the token access checks for a "valid groups" from
> smb.conf.
>
> I've got this in testing now.  The problem has shown up with the
> DsProvider on OS X and with nscd on SOlaris and Linux.
(This used to be commit bcc8a3290a)
2007-10-10 12:22:58 -05:00
James Peach
3972121063 r22633: Fix typo in debug message.
(This used to be commit 4c58b6b194)
2007-10-10 12:19:51 -05:00
Gerald Carter
026852b47a r22444: * Validate a SID before trying to convert it to a uid/gid via the public
winbindd interface

* Add nss_info/*so files to the RHEL/Fedora packaging
(This used to be commit 1787fcb8c1)
2007-10-10 12:19:34 -05:00
Gerald Carter
d27d6e822e r22430: Add SID validate to sid2uid() and sid2gid() public entry points in winbindd
(This used to be commit 0890cb941e)
2007-10-10 12:19:34 -05:00
Simo Sorce
4225f9a4bd r20116: Start merging in the work done to create the new idmap subsystem.
Simo.
(This used to be commit 50cd8bffee)
2007-10-10 12:16:25 -05:00
Gerald Carter
2b27c93a9a r18271: Big change:
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
  gen_ndr/ndr_security.c in SAMBA_4_0

The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28)
2007-10-10 11:51:18 -05:00
Volker Lendecke
0b56ff1ea3 r17605: Some C++ warnings
(This used to be commit 05268d7a73)
2007-10-10 11:38:42 -05:00
Simo Sorce
0511e8db1b r17469: remove unused variable
(This used to be commit c7d115a7d0)
2007-10-10 11:38:36 -05:00
Simo Sorce
3bb5b15801 r17459: As by Jerry's word commit this without his review.
This patch add some missing async functions to
solve UID/GID -> SID requests not just out of the cache,
but down the remote idmap if necessary.

This patch solves the problem of servers not showing users/groups names
for allocated UID/GIDs when joined to a group of servers that share a
prepopulated idmap backend.

Also correctly resolve UID/GIDs to SIDs when looking ACLs from the
windows security tab on teh same situation.

Simo.
(This used to be commit b8578bfab6)
2007-10-10 11:38:35 -05:00
Jeremy Allison
fbdcf2663b r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need
to do the upper layer directories but this is what
everyone is waiting for....

Jeremy.
(This used to be commit 9dafb7f48c)
2007-10-10 11:19:14 -05:00
Simo Sorce
99a0d5ca1e r16800: correct a probable cut&paste error
(This used to be commit c139a2293b)
2007-10-10 11:19:11 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Günther Deschner
f6e8106076 r12273: Fix copy paste error.
Guenther
(This used to be commit 266f5fc9af)
2007-10-10 11:05:51 -05:00
Jeremy Allison
19ca97a70f r7882: Looks like a large patch - but what it actually does is make Samba
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145)
2007-10-10 10:58:00 -05:00
Volker Lendecke
b62247f1ee r7785: This looks much larger than it is. It changes the top-level functions of the
parent winbind not to return winbindd_result. This is to hopefully fix all the
problems where a result has been scheduled for write twice.

The problematic ones have been the functions that might have been delayed as
well as under other circumstances immediately gets answered from the cache.

Now a request needs to be explicitly replied to with a request_error() or
request_ok().

Volker
(This used to be commit 7365c9accf)
2007-10-10 10:57:20 -05:00
Gerald Carter
fed660877c r7415: * big change -- volker's new async winbindd from trunk
(This used to be commit a0ac9a8ffd)
2007-10-10 10:57:08 -05:00
Volker Lendecke
cc146adb26 r2691: Increase a debug level for a quite frequent operation.
Optimization for 'idmap backend = ldap': When asking sid2id for the wrong
type, don't ask ldap when we have the opposite mapping in the local tdb.

Volker
(This used to be commit c91cff3bd3)
2007-10-10 10:52:49 -05:00
Volker Lendecke
5fe0142ec8 r2566: Fix creation of aliases via usrmgr. Winbind was too strict checking the type
of sids.

Volker
(This used to be commit d3b2921a8f)
2007-10-10 10:52:46 -05:00
Volker Lendecke
7f53bb13da r2340: Solve the problem of user sids ending up with gid's and vice versa: This
belongs into winbind itself, not into wbinfo.

Volker
(This used to be commit 75e5c13d5d)
2007-10-10 10:52:40 -05:00
Gerald Carter
f7cf0aaa6f r294: checking in volker's winbindd patches; tested on domain members (Samba and AD) as well as on a Samba DC
(This used to be commit 157d53782d)
2007-10-10 10:51:17 -05:00
Gerald Carter
7af3777ab3 r116: volker's patch for local group and group nesting
(This used to be commit b393469d95)
2007-10-10 10:51:10 -05:00
Andrew Bartlett
88d8644ef7 Move more of winbind to use 'find_our_domain()' rather than the dangerous
find_domain_from_name(lp_workgroup()).

(as find_domain_from_name() can change the data in lp_workgroup())

Andrew Bartlett
(This used to be commit 2e6eaad9ce)
2004-01-08 02:15:46 +00:00
Andrew Tridgell
53dfaac5fb as discussed on irc, this is a small patch that allows a few more
winbind functions to be accessed via NSS. This provides a much cleaner
way for applications that need (for example) to provide name->sid
mappings to do this via NSS rather than having to know the winbindd
pipe protocol (as this might change).

This patch also adds a varient of the winbindd_getgroups() call called
winbindd_getusersids() that provides direct SID->SIDs listing of a
users supplementary groups. This is enough to allow non-Samba
applications to do ACL checking.

A test program for the new functionality will be committed shortly.

I also added the 'wbinfo --user-sids' option to expose the new
function in wbinfo.
(This used to be commit 702b35da0a)
2003-11-19 08:11:14 +00:00
Andrew Tridgell
e1c468477c a small include file rearrangement that doesn't affect normal
compilation, but that allows Samba3 to take advantage of pre-compiled
headers in gcc if available.
(This used to be commit b3e024ce1d)
2003-11-12 01:51:10 +00:00
Gerald Carter
84ca7ad00c fix for bug 680 (heads up). This gist is to map the
UNIX entity foo to DOMAIN\foo instead of SERVER\foo
on members of a Samba domain when all UNIX accounts
are shared via NIS, et. al.

  * allow winbindd to match local accounts to domain SID
    when 'winbind trusted domains only = yes'

  * remove code in idmap_ldap that searches the user
    suffix and group suffix.  It's not needed and
    provides inconsistent functionality from the tdb backend.

This has been tested.  I'm still waiting on some more feedback
but This needs to be in 3.0.1pre2 for widespread use.
(This used to be commit ee272414e9)
2003-11-07 14:39:47 +00:00
Gerald Carter
5faf3ba9af 2 fixes
* bug #280 (my fault) - initialize sambaNextUserRid and
   sambaNextGroupRid

 * Unix users shared vis LDAP or NIS between a samba domain member
   of a Samba domain are not seen as domain users on the member servers.
   not as local users.
(This used to be commit a030fa373a)
2003-08-13 00:08:28 +00:00
Tim Potter
c9bc4b27b7 Another round of uid/gid/pid format string changes I missed the
first time.
(This used to be commit 6616485dba)
2003-07-22 06:52:39 +00:00
Tim Potter
80c1f1d865 Fixup a bunch of printf-style functions and debugs to use unsigned long when
displaying pid_t, uid_t and gid_t values.  This removes a whole lot of warnings
on some of the 64-bit build farm machines as well as help us out when 64-bit
uid/gid/pid values come along.
(This used to be commit f93528ba00)
2003-07-22 04:31:20 +00:00
Gerald Carter
0b18acb841 and so it begins....
* remove idmap_XX_to_XX calls from smbd.  Move back to the
  the winbind_XXX and local_XXX calls used in 2.2

* all uid/gid allocation must involve winbindd now

* move flags field around in winbindd_request struct

* add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id()
  to prevent automatic allocation for unknown SIDs

* add 'winbind trusted domains only' parameter to force a domain member
  server to use matching users names from /etc/passwd for its domain
  (needed for domain member of a Samba domain)

* rename 'idmap only' to 'enable rid algorithm' for better clarity
  (defaults to "yes")

code has been tested on

  * domain member of native mode 2k domain
  * ads domain member of native mode 2k domain
  * domain member of NT4 domain
  * domain member of Samba domain
  * Samba PDC running winbindd with trusts

Logons tested using 2k clients and smbclient as domain users
and trusted users. Tested both 'winbind trusted domains only = [yes|no]'

This will be a long week of changes.  The next item on the list is
winbindd_passdb.c & machine trust accounts not in /etc/passwd (done
via winbindd_passdb)
(This used to be commit 8266dffab4)
2003-07-07 05:11:10 +00:00
Simo Sorce
f5974dfaae Found out a good number of NT_STATUS_IS_ERR used the wrong way.
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK

This patch will cure the problem.
Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is
used correctly, but I'm not 100% sure, coders should check the use of
NT_STATUS_IS_ERR() in samba is ok now.

Simo.
(This used to be commit c501e84d41)
2003-06-22 10:09:52 +00:00
Simo Sorce
c823b191ab And finally IDMAP in 3_0
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.

Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.

The code has been tested and seem to work right, more testing is needed for
corner cases.

Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)

Simo.
(This used to be commit 0e58085978)
2003-05-12 18:12:31 +00:00
Gerald Carter
4ae2e47b93 remove convert_smbpasswd and addtosmbpass from tree; people can get them from 2.2. if they still need them
(This used to be commit 237857a760)
2003-04-29 15:27:06 +00:00
Gerald Carter
0e15bf6f6a winbindd merges from HEAD
(This used to be commit 8bd91a50d4)
2003-01-15 17:39:47 +00:00
Jelmer Vernooij
b2edf254ed sync 3.0 branch with head
(This used to be commit 3928578b52)
2002-08-17 17:00:51 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Tim Potter
15bc8b1471 Make debug statment less confusing.
(This used to be commit 301a7f56dd)
2002-03-22 05:43:08 +00:00
Tim Potter
9776d11ad4 Merge of Richard's lookupsid fix.
(This used to be commit 3c587384cb)
2002-03-20 00:56:36 +00:00
Andrew Tridgell
276ff4df82 this allows us to support foreign SIDs in winbindd and smbd
this means "xcopy /o" has a chance of working with ACLs that contain
ACEs that use SIDs that the Samba server has no knowledge of.

It's a bit hackish, Tim, can you look at my uid.c changes?
(This used to be commit fe2db31485)
2002-02-27 23:51:25 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
Andrew Bartlett
06c79a1757 Change the winbind interface to use seperate 'domain' and 'username' feilds for
the sid->uid and uid->sid conversions.

Remove some duplicate arguments from these funcitons, and update the
request/response structures for this and the 'winbind domain name' feature.

As such 'winbindd_lookup_name' now takes both a domain and username.
(This used to be commit ce1b4d4c30)
2002-01-26 09:55:38 +00:00
Andrew Bartlett
93a8358910 This patch makes the 'winbind use default domain' code interact better with
smbd, and also makes it much cleaner inside winbindd.

It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>.  ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.

The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.

This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).

Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).

I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string.  The actual structures are unchanged
 - but the meaning of 'username' in the 'rid' will have changed.  (The cache is
invalidated at startup, so on-disk formats are not an issue here).

Andrew Bartlett
(This used to be commit e870f0e727)
2002-01-20 01:24:59 +00:00
Jeremy Allison
f8abe6eba4 Fixed parse_domain_user to be bool.
Jeremy.
(This used to be commit 9563de2ef8)
2001-12-05 04:17:39 +00:00
Andrew Tridgell
c868fe502b added name_to_sid to the backend
(This used to be commit 816e40a51a)
2001-12-03 08:17:46 +00:00
Tim Potter
5bcd434e6e Compile fixes for dynamic samr_query_userinfo() stuff.
(This used to be commit a92a0d061b)
2001-05-14 03:58:49 +00:00
Tim Potter
a17c702a70 Use sid_peek_rid() instead of sid_split_rid().
(This used to be commit 0e03209af6)
2001-05-10 05:19:47 +00:00
Tim Potter
ebb900cf3e iAdditional files for winbind merge.
(This used to be commit 38ab3b31b5)
2001-05-07 05:03:40 +00:00