IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This uses 2 tdb files. One is permanent, and is in shared storage
on the cluster (using "tdb:idmap2.tdb =" in smb.conf). The other is a
temporary cache tdb on local storage.
Signed-off-by: Alexander Bokovoy <ab@samba.org>(This used to be commit b6df7e7709)
If we try to flush the caches and due to a corrupted tdb we and have no tdb
context close the tdb and validate it. Initialize the cache afterwards again.
(This used to be commit d0c0f91fb9)
Also *do not* clear the trust list when rescanning or else it is possible
to suffer from a race condition where no trusted domains can be found.
(This used to be commit e7164a252b)
A user logging in via GDM was not getting a complete list of supplementary
groups in his/her token. This is because getgroup() was not able to
find the winbindd_domain* using the DNS name. Fallback to matching the DNS
name is the short name match failes.
(This used to be commit 2030a8de19)
This allows us to deal with child domains in transitive forest trusts.
It also allows us to fill in the forest name to the target domain to the
struct winbindd_domain *.
(This used to be commit ed30516bb0)
This essentially re-establishes r14496 (2155bb0535)
which was undone in r17723 (43bd8c00ab) for
reasons that are unclear to me. Maybe I am being too naive.
Now we do again only retrieve the password policy when called from
the pam_winbind module. This fixes logons delegated to AD trusted
domain controllers: We need to connect to the sam to retrieve the
password policy. But auhtenticated session setup is not possible
when contacting the trusted domain dc and afterwards, SamrConnect
also fails with whatever credentials and method used.
Michael
(This used to be commit 6d765e0de5)
Don't fall back to schannel when trust creds could be obtained.
This is still not complete, but I am getting closer.
Michael
(This used to be commit 7c9fa597d6)
Make a copy of the machine_password and machine_account strings
in all conditional paths so that SAFE_FREE() will always be valid.
(This used to be commit 194c4640b1)
Even if the session setup was anonymous, try and collect
trust creds with get_trust_creds() and use these before
falling back to schannel.
This is the first attempt to fix interdomain trusts.
(get password policy and stuff)
Michael
(This used to be commit e180bbd454)
Do not attempt to do a session setup when in a trusted domain
situation (this gives STATUS_NOLOGON_TRUSTED_DOMAIN_ACCOUNT).
Use get_trust_pw_clear to get machine trust account.
Only call this when the results is really used.
Use the proper domain and account name for session setup.
Michael
(This used to be commit 18c66a364e)
Up to now each caller used its own logic.
This eliminates code paths where there was a special treatment
of the following situation: the domain given is not our workgroup
(i.e. our own domain) and we are not a DC (i.e. it is not a typical
trusted domain situation). In situation the given domain name was
previously used as the machine account name, resulting in an account
name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me.
get_trust_pw would not have obtained a password in this situation
anyways.
I hope I have not missed an important point here!
Michael
(This used to be commit 6ced4a7f88)
Also the design of this function was really bad,
instead do the dump into a file, the client should get
back the list of mappings.
metze
(This used to be commit ce7fe8acf4)
The number of domains should be counted as they are added and not assumed
to match the loop counter.
manually cherry-picked 8ad2826c48
(This used to be commit 99b75cada2)
one horror (pstring_clean_name()) which will have to
remain until I've removed all pstrings from the client code.
Jeremy.
(This used to be commit 1ea3ac8014)
Each cli struct has it's own local copy of this variable,
so use that in client code. In the smbd server, add one
static to smbd/proccess.c and use that inside smbd. Fix
a bunch of places where smb_rw_error could be set by
calling read_data() in places where we weren't reading
from the SMB client socket (ie. winbindd).
Jeremy.
(This used to be commit 255c2adf7b)
The point is doing the following associations:
- non discardable state data (all TDB files that may need to be backed
up) go to statedir
- shared data (codepage stuff) go to codepagedir
The patch *does not change* the default location for these
directories. So, there is no behaviour change when applying it.
The main change is for samba developers who have to think when dealing
with files that previously pertained to libdir whether they:
- go in statedir
- go in codepagedir
- stay in libdir
(This used to be commit d6cdbfd875)
Hi!
Can you check and push them?
Thanks,
Volker
From b488af5905e2dee12a1a72a3b40801ae5c26f24f Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@sernet.de>
Date: Sat, 27 Oct 2007 14:20:09 +0200
Subject: [PATCH] Fix some warnings and errors
(This used to be commit e17d3e10e8)
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c312)
the final goal is to have 3 child dispatch tables
'domain', 'idmap' and 'locator' instead of one.
metze
(cherry picked from commit 97c63f1b95)
(This used to be commit a1c354866c)
jra: POPT_ARG_VAL arguments need int values.
I assume there're more places like this
in the cmdline tools.
Please fix this properly, as my commit is just
a hack to get make test working again.
in samba4 we have a workaround for this see
smbd/server.c
metze
(This used to be commit 9cb1937fe8)
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
IPv6 in winbindd, but moves most of the socket functions that were
wrongly in lib/util.c into lib/util_sock.c and provides generic
IPv4/6 independent versions of most things. Still lots of work
to do, but now I can see how I'll fix the access check code.
Nasty part that remains is the name resolution code which is
used to returning arrays of in_addr structs.
Jeremy.
(This used to be commit 3f6bd0e1ec)
The translate_name() used by cli_session_setup_spnego() cann rely
Winbindd since it is needed by the join process (and hence before
Winbind can be run).
(This used to be commit 00a93ed336)
the maxeln parameter instead of sizeof(target_area) - 1 (or even
sizeof(fstring) - 1 in some places.
I hope these were really all there were.
Michael
(This used to be commit 9a28be220d)
when called for it's own domain. So we should use netlogon_getdcname() which
returns WERR_OK:-)
gd: feel free to usage rpccli_netlogon_dsr_getdcname(), but please make sure
the new WINBIND-STRUCT-GETDCNAME test is still passing.
metze
(This used to be commit 9a9c164366)
called with -1 (these calls were wrong anyway, target
was an fstring, not a pstring). Found by Michael Adam <ma@sernet.de>,
now to check all other uses.
Michael - this version uses sizeof(target) not sizeof(fstring).
This way is more future proof.
Jeremy.
(This used to be commit 9ed3046633)
Now BUILTIN is always the first domain followed
by the domain of our own SAM DB and the primary
domain (in member server mode).
metze
(This used to be commit b8d67b78aa)
and remove the old rpccli_lsa_lookup_sids() function. The old function would
fail due to server limits when requesting to resolve too many sids at once
(20480 for W2k3). The new version passes the list of sids in hunks to the
server. It has up to now been used (and tested) in the winbindd_ads
lookup_groupmem() function, and I think the time has come to replace the actual
function with this correct version.
Michael
(This used to be commit 1194d4f36e)
