Author: vlendec Date: 2006-01-15 19:11:35 +0000 (Sun, 15 Jan 2006) New Revision: 12949
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12949 Log: Sunday night checkin.... Change handling of 'force user' and 'force group'. My tests show that this work as expected from the docs, but I need to do further cross-testing with 3_0 vs trunk. create_token_from_username in auth_util.c does its best to create a token given just a username. See comments & the samba-technical thread about the winbind restrictions. Introduce routines find_forced_[user|group]. These create the NT token, the unix groups are calculated some lines below them in make_connection_snum. S-1-22 pays off here, we *always* have reliable SIDs. Both routines use lookup_name. An effect is that even for forced users the aliases are reliably applied. pdb_enum_group_memberships now takes a SAM_ACCOUNT as an argument. One step closer to SAMR semantics... In uid.c I directly overwrite the primary group, creating the token is unnecessarily expensive. Jeremy, we need to talk about that change. initialise_groups (another getgroups implementation) is gone. Re-add jerry's trick to add the local admin if we're a domain administrator. Only do this if 'winbind nested groups = no'. Jerry, is this ok? Fix some stuff, in particular memleaks, with init_sam_talloc. It should now correctly clean up if the talloc context is freed. Does not wipe out passwords yet. TODO. Remove some algorithmic fallback stuff Fix a segfault in winbind. G?\195?\188nther, there's children without a domain... Volker Modified: trunk/source/auth/auth_util.c trunk/source/include/passdb.h trunk/source/lib/system_smbd.c trunk/source/nsswitch/winbindd_dual.c trunk/source/passdb/pdb_get_set.c trunk/source/passdb/pdb_interface.c trunk/source/passdb/pdb_ldap.c trunk/source/passdb/pdb_nds.c trunk/source/rpc_server/srv_samr_nt.c trunk/source/smbd/lanman.c trunk/source/smbd/sec_ctx.c trunk/source/smbd/service.c trunk/source/smbd/uid.c Changeset: Sorry, the patch is too large (1625 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12949