IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We don't need to change the protocol version because:
1. An old client may provide the "initial_blob"
(which was and is still ignored when going
via the wbcCredentialCache() function)
and the new winbindd won't use new_spnego.
2. A new client will just get a zero byte
from an old winbindd. As it uses talloc_zero() to
create struct winbindd_response.
3. Changing the version number would introduce problems
with backports to older Samba versions.
New clients which are capable of using the new_spnego field
will use "negotiate_blob" instead of "initial_blob".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
While trying to disentangle this knot I could not stand to fix the obvious
typo. The whole comment is not really the whole story anymore, but that's a
commit for another day.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 30 21:54:40 CEST 2016 on sn-devel-144
We've had plural xid2sid idmap backends for a while. Start using
them.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is the plural version of idmap_backends_unixid_to_sid that expects all ids
to come from the same idmap domain. The singular version walks the domain list
itself, this one expects the domain name to be passed to it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This prepares the equivalent of 2b1dd01934 for xids2sids.
Collecting sids2xids per domain is a bit easier: SIDs carry their own domain
prefix. For the reverse, we need to scan the configuration for all the idmap
range definitions.
It has a separate effect: It enables overlapping idmap ranges. The per-domain
calls are done whenever a range matches. If the idmap child finds a successful
xid2sid mapping, this will be collected as one result. This means that every
range definition can contribute mappings.
If there are two rfc2307 sfu domains with overlapping ranges, the domains will
be queried one after the other for a specific mapping. If the defined ranges
overlap, the admin has to make sure that there are no conflicts, because in the
current code "the first writer wins", and the code does not specify an order
(yet).
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This simplifies _wbint_Sids2UnixIDs a bit and will be re-used in _wbint_UnixIDs2Sids
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This simplifies idmap_found_domain_backend() by moving the regex magic
somewhere else. Also, this routine will be useful soon somewhere else, thus
make it non-static to idmap.c.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 22 15:49:14 CET 2016 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786
This module only makes sense as the default idmap config
("idmap config * : backend = hash" ...)
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Check if the domain from the list is not already configured to use another idmap
backend. Not checking this makes the idmap_hash module map IDs for *all* domains
implicitly. This is quite dangeorous in multi-idmap-config setups.
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We should avoid using NULL.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Fixes a case I've seen where a user with 200 group memberships timed out and
can now log in.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Feb 24 01:17:25 CET 2016 on sn-devel-144
When asking a child domain process to list trusts on that domain,
return (along with trust domain names and SID) the trust properties -
flags, type, and attributes.
Use those attributes to initialize domain object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11691
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Feb 23 22:02:16 CET 2016 on sn-devel-144
Based on trust parameters, initialize the active_directory
member of domain object to true.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11691
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is purely a refactoring patch -
Add a routine that adds a winbindd domain object based on
domain trust cache entry. add_trusted_domain() becomes
a wrapper for this new routine.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11691
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Feb 22 23:39:13 CET 2016 on sn-devel-144
This will be part of parsing the socket protocols xids2sids request
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
The idmap backend function is doing multiple conversions in one run, but this
is not used so far. First step in exposing plural xid2sid. This is a fake
routine in that it does the one-element calls, but you have to start somewhere.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Same number of lines, but from my point of view quite a bit simpler now
that we only have to handle one domain.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is required to handle domain-specific error messages properly in the
parent. Currently unused, but I want to handle DOMAIN_CONTROLLER_NOT_FOUND
for the idmap_ad backend soon by doing a getdcname (RPC or ourselves or
so) from the parent context.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
nss_info_methods has "get_nss_info"'s p_gid parameter as
gid_t *, not uint32_t *. Probably that did not hurt due to
typedefs, but if we find a platform where gid_t is not
uint32_t, this would be VERY hard to debug
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>