[SCM] Samba Shared Repository - branch v3-3-stable updated -
release-3-3-0pre1-362-ga251d1b
Karolin Seeger
kseeger at samba.org
Tue Sep 30 06:57:39 GMT 2008
The branch, v3-3-stable has been updated
via a251d1bf1499f2e9f717028ccd3a46ecef8928e3 (commit)
via 48191587dadcdf6b6568a53042b40b5c77d63f80 (commit)
via e3d5a06eedefcd26e99e8a6e10ebc28cadd0185e (commit)
via b408070acb02c6d10902b31dfe36d81047bb5e0e (commit)
via 963c58ca12f588e5348877b59123144453fa5d39 (commit)
via 6d7dd041c011be61124886654f1f8fd4684174da (commit)
via 1b15b8030b339c3ada9670fcb48fcb728ec83ad6 (commit)
via 840c2c28d4db4f068bad793621c793698f2b4db0 (commit)
via 5abfc75c81e3886604a2cec43f2b655ddb3b3978 (commit)
via 7245adbb471f3f764ea13b634b463625c4d5b9a3 (commit)
via 5148ab415e92562f749674d746a39e8fa695690c (commit)
via 6bf235ea2ecaefbeeaf6b8a1f29ecb1e39842eee (commit)
via 74e95758ffde46fca4baae7f8027cf7c21839ba0 (commit)
via 946fdda6cc8d9fa1b278f085e7bc81c0e862f4ae (commit)
via 48ad9f59d43514b67376b39b62c23826181185d2 (commit)
via 76b6815171ff72de58e32594bce8c5b4887884ca (commit)
via a0ea1531a47b4ad0273f5645eb4381fcdd7bb321 (commit)
via 6a0e10e4dc7573b375d5720e62b932dbeb5ce76c (commit)
via 076b2a51b59d6762bd45162c8d492b583e08ace3 (commit)
via 4bdc5b0d5fa6b620828f33f7b3d116d28ed0afdb (commit)
via 39e2b8835878e9e2239be66c01f362a40e165e9a (commit)
via fa7bfa1d58c3da7c989ad628825c12ae3b54f375 (commit)
via 1a56eef62ebb0ee88adbf2027f6a124407eefec3 (commit)
via ac1a13ca2a2eb02af819cea217457592cfdc6fda (commit)
via 2a9a5268061557755117736aa0ae1cbd4e503cc2 (commit)
via 8e119f08e03a32b38a258c165cdd1472b77b4af2 (commit)
via 099a70d79797282abbddcc0fb7e1377ceaa2a29a (commit)
via cb2360315e0f40f45b37b7030b42e836afe26ccd (commit)
via 588ec10a297acd3d39b32c699afd49898759b8c9 (commit)
via 61760fe5d85a5850e9aa43af846ac6df7757097a (commit)
via 238f02b35720b9a8d49a0defba7be8ddb1b107d9 (commit)
from b9c9bab8f732d1b63a7e07086742cb00d04dbbf0 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable
- Log -----------------------------------------------------------------
commit a251d1bf1499f2e9f717028ccd3a46ecef8928e3
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Sep 29 16:47:14 2008 +0200
WHATSNEW: Add Holger's VFS module to the list of changes.
Karolin
(cherry picked from commit c96dd7196606f53f60aff34b9358881fdd9d9f20)
commit 48191587dadcdf6b6568a53042b40b5c77d63f80
Author: Günther Deschner <gd at samba.org>
Date: Sat Sep 27 01:21:53 2008 +0200
libwbclient: fix doxygen warnings.
Guenther
(cherry picked from commit 461dfd9e4e225d4bf458baf1cc384be253c73e40)
commit e3d5a06eedefcd26e99e8a6e10ebc28cadd0185e
Author: Günther Deschner <gd at samba.org>
Date: Fri Aug 15 02:01:14 2008 +0200
wbinfo: add change-user-password command.
Guenther
(This used to be commit e572ede9995a66ae452ab25018b8df16101a2c2a)
(cherry picked from commit 1f0cd6a7443b08044d9fbc328fc729e3e2658e46)
(cherry picked from commit 410d69fde157a3bd7b3a92592e1e2741286b7cc5)
commit b408070acb02c6d10902b31dfe36d81047bb5e0e
Author: Günther Deschner <gd at samba.org>
Date: Fri Aug 15 02:00:46 2008 +0200
libwbclient: add wbcChangeUserPassword and wbcChangeUserPasswordEx.
Guenther
(cherry picked from commit 62e7b4aa32051bce34c890cb41270e5fe31111ca)
(cherry picked from commit 8627f684c64d0185245dea9b6b73aa2e2633a8f6)
commit 963c58ca12f588e5348877b59123144453fa5d39
Author: Günther Deschner <gd at samba.org>
Date: Sat Sep 27 00:55:42 2008 +0200
libgpo: add gpext_security module build to configure.
Guenther
(cherry picked from commit 1861a8b8e1958c3118008f536817e93cca410fa4)
commit 6d7dd041c011be61124886654f1f8fd4684174da
Author: Günther Deschner <gd at samba.org>
Date: Sat Sep 27 00:44:22 2008 +0200
libgpo: fix copyright.
Guenther
(cherry picked from commit ff503694ff3db57e1b7e98f752e3c989a79f46bd)
commit 1b15b8030b339c3ada9670fcb48fcb728ec83ad6
Author: Günther Deschner <gd at samba.org>
Date: Sat Sep 27 00:43:07 2008 +0200
libgpo: add security CSE skeleton.
Guenther
(cherry picked from commit 49fb18eaab6fb852cd5ba5971cbaa5e15d542654)
commit 840c2c28d4db4f068bad793621c793698f2b4db0
Author: Jeremy Allison <jra at samba.org>
Date: Fri Sep 26 15:13:41 2008 -0700
Fix bug #5797 - Moving readonly files fails. Reported by infomail at lordb.de.
We don't need to deny a DELETE open on a readonly file (I'm also adding a s4
torture test for this), the set_file_disposition call will return
NT_STATUS_CANNOT_DELETE if the delete-on-close bit is set
on a readonly file (and we already do this).
Jeremy.
(cherry picked from commit 14fec47f7171591e5799b81c90c3f5a856002ed0)
commit 5abfc75c81e3886604a2cec43f2b655ddb3b3978
Author: Günther Deschner <gd at samba.org>
Date: Fri Sep 26 23:36:07 2008 +0200
libgpo: fix invalid cast in scripts CSE.
Guenther
(cherry picked from commit af1878009e0bb7ef43bf445f5c167f3bbcc43fd2)
commit 7245adbb471f3f764ea13b634b463625c4d5b9a3
Author: Kai Blin <kai at samba.org>
Date: Wed Sep 24 23:23:01 2008 +0200
net: Make share type lookup a function.
(cherry picked from commit 5db15bc0f67b478ef95ec3e327f7a40d90c535bd)
commit 5148ab415e92562f749674d746a39e8fa695690c
Author: Günther Deschner <gd at samba.org>
Date: Fri Sep 26 01:32:16 2008 +0200
s3-srvsvc: fix _srvsvc_NetShareAdd segfault.
parm_err is not a ref pointer.
Guenther
(cherry picked from commit 29942b7043c1a31ad4fb76d01ab19fd3dbf26f0a)
commit 6bf235ea2ecaefbeeaf6b8a1f29ecb1e39842eee
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 25 12:01:47 2008 -0700
Use IPv4/v6 independent calls. Change safe_strcpy/cat to strlcpy/cat (this
needs changing to talloc_sprintf) and fix file descriptor resource leaks
in error paths. Jim and Holger please check !
Jeremy.
(cherry picked from commit eb249830ae4037244de6616b4ec8771568da34c6)
commit 74e95758ffde46fca4baae7f8027cf7c21839ba0
Author: Gerald W. Carter <jerry at samba.org>
Date: Thu Sep 25 10:43:56 2008 -0700
idmap: Fix typo is gid2sid() that was caching using idmap_cache_set_sid2uid()
(cherry picked from commit 89fa178011c44dc5c4bcfafc6643234e01b2d536)
commit 946fdda6cc8d9fa1b278f085e7bc81c0e862f4ae
Author: Gerald W. Carter <jerry at samba.org>
Date: Thu Sep 25 10:42:31 2008 -0700
WHATSNEW: Add summary of the idmap_hash plugin and Winbind's "name aliasing"
(cherry picked from commit bddc2956634194d7daedbf5cd18964811ef6fe5e)
commit 48ad9f59d43514b67376b39b62c23826181185d2
Author: Jeremy Allison <jra at samba.org>
Date: Thu Sep 25 10:05:01 2008 -0700
Remove these no longer used include files.
Jeremy.
(cherry picked from commit 18cf398870e4d7cb336c9cf50f863611862af874)
commit 76b6815171ff72de58e32594bce8c5b4887884ca
Author: Gerald W. Carter <jerry at samba.org>
Date: Thu Sep 25 09:41:49 2008 -0700
idmap_hash: Fix the nss_info link during "make install"
(cherry picked from commit 701b9f34c986283fdead9ddd42147dd49d5e481e)
commit a0ea1531a47b4ad0273f5645eb4381fcdd7bb321
Author: Gerald W. Carter <jerry at samba.org>
Date: Thu Sep 25 09:14:58 2008 -0700
idmap_adex: Fix the nss_info install link.
(cherry picked from commit ba2c14e8474a20a9aabb07486a3c4e322980f96a)
commit 6a0e10e4dc7573b375d5720e62b932dbeb5ce76c
Author: Gerald W. Carter <jerry at samba.org>
Date: Tue Sep 23 11:43:05 2008 -0700
Document the new hash and adex idmap/nss_info plugins.
(cherry picked from commit 77bc0be0536bcd6a3ce8283a708828bebbbffee3)
commit 076b2a51b59d6762bd45162c8d492b583e08ace3
Author: Gerald W. Carter <jerry at samba.org>
Date: Tue Sep 23 11:40:28 2008 -0700
Document how to enable the name aliasing support in Winbind.
(cherry picked from commit 6dc81eb85b11851794619a1f2769d68cd9a54fb6)
commit 4bdc5b0d5fa6b620828f33f7b3d116d28ed0afdb
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Sep 24 18:52:04 2008 -0700
s3:lib/ldb: Don't return already freed pointer on error.
metze
Signed-off-by: Karolin Seeger <kseeger at samba.org>
(cherry picked from commit 508cd214ef9abf0d69fbc7f5408d004162092b39)
commit 39e2b8835878e9e2239be66c01f362a40e165e9a
Author: Jim McDonough <jmcd at samba.org>
Date: Wed Sep 24 20:47:03 2008 -0400
Fix the new vfs_smb_traffic_analyzer build for static links
(cherry picked from commit 41887550fbacae887d9ad28559cc8bdcc6ac84ac)
commit fa7bfa1d58c3da7c989ad628825c12ae3b54f375
Author: Holger Hetterich <hhetter at novell.com>
Date: Wed Sep 24 19:01:00 2008 -0400
SMB traffic analyzer vfs module from Holger Hetterich <hhetter at novell.com>
Used to gather data to feed to a database for live and historical
analysis of usage per user, per share, etc.
Helper apps to read the data still to come. This one still needs to be
made ipv6 enabled (connection is made to the helper app).
(cherry picked from commit bd9499baa078ce3ea3640ce441a0e078b59a423f)
commit 1a56eef62ebb0ee88adbf2027f6a124407eefec3
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Sep 24 15:12:51 2008 -0700
WHATSNEW: Update changes since 3.3.0pre1.
Karolin
(cherry picked from commit c8d5a9088f6a120e2da8c404b269d47a235fb933)
commit ac1a13ca2a2eb02af819cea217457592cfdc6fda
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Sep 24 09:53:21 2008 -0700
printing: Rename new parameter "cups timeout" to "cups connection timeout".
Karolin
(cherry picked from commit 417071214370e1d87417556af9e1410ef06403c7)
commit 2a9a5268061557755117736aa0ae1cbd4e503cc2
Author: Günther Deschner <gd at samba.org>
Date: Wed Sep 24 19:57:24 2008 +0200
pam_winbind: fix bug #5784, build issue on solaris.
Guenther
(cherry picked from commit 8b5745d5caa2f41ab4b1717872f2ab0c23fbba2c)
commit 8e119f08e03a32b38a258c165cdd1472b77b4af2
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Sep 23 19:49:35 2008 -0700
WHATSNEW: Update changes since 3.3.0pre1.
Karolin
(cherry picked from commit 58e15a9d0fbf096b6b1587a34772c68f8c99393a)
commit 099a70d79797282abbddcc0fb7e1377ceaa2a29a
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Sep 23 16:54:05 2008 -0700
printing: Add new parameter "cups timeout".
The default timeout for connections to CUPS servers is set
to 5 minutes in the CUPS libraries. The smbd hangs on startup
until the timeout is reached if the CUPS server is unreachable.
This parameter makes the timeout configurable. The default value
is set to 30 seconds.
Karolin
(cherry picked from commit 263cacf1f2dd4003862184ea3a2716ace0dbb086)
commit cb2360315e0f40f45b37b7030b42e836afe26ccd
Author: Jeremy Allison <jra at samba.org>
Date: Tue Sep 23 16:40:16 2008 -0700
Fix winbindd crash in an unusual failure mode. Bug #5737. Based on original patch from shargagan at novell.com
Jeremy.
(cherry picked from commit d5c490d79024ee41544512f7968999a6b3a313dc)
commit 588ec10a297acd3d39b32c699afd49898759b8c9
Author: Jeremy Allison <jra at samba.org>
Date: Tue Sep 23 15:04:14 2008 -0700
Fix bug #5783 FindFirst fails where search pattern == mangled filename.
That was an old and subtle bug.
Jeremy.
(cherry picked from commit 86a0c271ef467810810d1adda982bbb0dc8b928e)
commit 61760fe5d85a5850e9aa43af846ac6df7757097a
Author: Gerald (Jerry) Carter <jerry at samba.org>
Date: Fri Sep 19 12:27:15 2008 -0500
idmap_adex: Add new idmap plugin for support RFC2307 enabled AD forests.
The adex idmap/nss_info plugin is an adapation of the Likewise
Enterprise plugin with support for OU based cells removed
(since the Windows pieces to manage the cells are not available).
This plugin supports
* The RFC2307 schema for users and groups.
* Connections to trusted domains
* Global catalog searches
* Cross forest trusts
* User and group aliases
Prerequiste: Add the following attributes to the Partial Attribute
Set in global catalog:
* uidNumber
* uid
* gidNumber
A basic config using the current trunk code would look like
[global]
idmap backend = adex
idmap uid = 10000 - 29999
idmap gid = 10000 - 29999
winbind nss info = adex
winbind normalize names = yes
winbind refresh tickets = yes
template homedir = /home/%D/%U
template shell = /bin/bash
(cherry picked from commit 62785b8e2aa862b7eb85e20a11f7a29e1e8b2825)
commit 238f02b35720b9a8d49a0defba7be8ddb1b107d9
Author: Volker Lendecke <vl at samba.org>
Date: Sun Sep 21 20:39:17 2008 +0200
Attempt to fix bug 5778
Jeff, Steve, please check!
(cherry picked from commit 110756cc7bcaed5a9d6aa58f3b3fe4481f8d1f31)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 109 +-
docs-xml/manpages-3/idmap_adex.8.xml | 89 +
docs-xml/manpages-3/idmap_hash.8.xml | 76 +
.../smbdotconf/winbind/winbindnormalizenames.xml | 27 +-
source/Makefile.in | 25 +
source/client/mount.cifs.c | 10 +
source/configure.in | 5 +-
source/include/libmsrpc.h | 3045 --------------------
source/include/libmsrpc_internal.h | 73 -
source/include/printing.h | 1 +
source/include/proto.h | 1 +
source/lib/ldb/common/ldb.c | 1 +
source/libgpo/gpext/scripts.c | 2 +-
source/libgpo/gpext/security.c | 267 ++
source/modules/vfs_smb_traffic_analyzer.c | 365 +++
source/nsswitch/libwbclient/wbc_idmap.c | 2 +-
source/nsswitch/libwbclient/wbc_pam.c | 271 ++
source/nsswitch/libwbclient/wbc_pwd.c | 2 +-
source/nsswitch/libwbclient/wbc_sid.c | 6 +-
source/nsswitch/libwbclient/wbc_util.c | 2 +-
source/nsswitch/libwbclient/wbclient.c | 2 +
source/nsswitch/libwbclient/wbclient.h | 78 +-
source/nsswitch/pam_winbind.c | 8 +
source/nsswitch/wbinfo.c | 34 +-
source/param/loadparm.c | 13 +
source/printing/print_cups.c | 34 +-
source/rpc_server/srv_srvsvc_nt.c | 4 +-
source/smbd/filename.c | 3 +-
source/smbd/open.c | 4 +-
source/smbd/trans2.c | 13 +-
source/utils/net_proto.h | 2 +
source/utils/net_rap.c | 11 +-
source/utils/net_rpc.c | 4 +-
source/utils/net_util.c | 12 +
source/winbindd/idmap_adex/cell_util.c | 292 ++
source/winbindd/idmap_adex/domain_util.c | 278 ++
source/winbindd/idmap_adex/gc_util.c | 848 ++++++
source/winbindd/idmap_adex/idmap_adex.c | 460 +++
source/winbindd/idmap_adex/idmap_adex.h | 257 ++
source/winbindd/idmap_adex/likewise_cell.c | 425 +++
source/winbindd/idmap_adex/provider_unified.c | 1180 ++++++++
source/winbindd/idmap_util.c | 2 +-
source/winbindd/winbindd_dual.c | 14 +-
43 files changed, 5183 insertions(+), 3174 deletions(-)
create mode 100644 docs-xml/manpages-3/idmap_adex.8.xml
create mode 100644 docs-xml/manpages-3/idmap_hash.8.xml
delete mode 100644 source/include/libmsrpc.h
delete mode 100644 source/include/libmsrpc_internal.h
create mode 100644 source/libgpo/gpext/security.c
create mode 100644 source/modules/vfs_smb_traffic_analyzer.c
create mode 100644 source/winbindd/idmap_adex/cell_util.c
create mode 100644 source/winbindd/idmap_adex/domain_util.c
create mode 100644 source/winbindd/idmap_adex/gc_util.c
create mode 100644 source/winbindd/idmap_adex/idmap_adex.c
create mode 100644 source/winbindd/idmap_adex/idmap_adex.h
create mode 100644 source/winbindd/idmap_adex/likewise_cell.c
create mode 100644 source/winbindd/idmap_adex/provider_unified.c
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index bca14a7..8a11744 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -18,7 +18,8 @@ Major enhancements in Samba 3.3.0 include:
o Extended Cluster support.
Winbind:
- o Simplyfied idmap configuration.
+ o Simplified idmap configuration.
+ o New idmap backends "adex" and "hash".
o Added new parameter "winbind reconnect delay".
o Added support for user and group aliasing.
@@ -72,6 +73,85 @@ daemon will wait between attempts to contact a Domain controller for a domain
that is determined to be down or not contactable.
+Winbind's Name Aliasing
+=======================
+
+Name aliasing in Winbind is a feature that allows an administrator to
+map a fully qualified user or group name from a Windows domain to a
+convenient short name for Unix access. This is similar to the username
+map functionality supported by smbd but is primary intended for
+clients and servers making use of Winbind's PAM and NSS libraries.
+
+For example, the user "DOMAIN\fred" has been mapped to the Unix name
+"freddie".
+
+ $ getent passwd "DOMAIN\fred"
+ freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash
+
+ $ getent passwd freddie
+ freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash
+
+The name aliasing support is provided by individual nss_info plugins.
+For example, the new "adex" plugin reads the uid attribute from Active
+Directory to make a short login name to the fully qualified name.
+While the new "hash" module utilizes a local file to map "short_name
+= QUALIFIED\name". Both user and group name mapping is supported.
+Please refer to the "winbind nss info" option in smb.conf(5) and
+to individual plugin man pages for further details.
+
+
+idmap_hash
+==========
+
+The idmap_hash plugin provides similar support as the idmap_rid
+module. However, uids and gids are generated from the full domain
+SID using a hashing algorithm that maps the lower 19 bits from the user
+or group RID to bits 0 - 19 in the Unix id and hashes 96 bits from
+the domain SID to bits 20 - 30 in the Unix id. The result is a 31 bit
+uid or gid that is consistent across machines and provides support for
+trusted domains.
+
+Please refer to the idmap_hash(8) man page for more details.
+
+
+idmap_adex
+==========
+
+The adex idmap/nss_info plugin is an adaptation of the Likewise
+Enterprise plugin with support for OU based cells removed
+(since the Windows pieces to manage the cells are not available).
+
+This plugin supports
+
+ * The RFC2307 schema for users and groups.
+ * Connections to trusted domains
+ * Global catalog searches
+ * Cross forest trusts
+ * User and group aliases
+
+Prerequisite: Add the following attributes to the Partial Attribute
+Set in global catalog:
+
+ * uidNumber
+ * uid
+ * gidNumber
+
+A basic config using the current trunk code would look like:
+
+[global]
+ idmap backend = adex
+ idmap uid = 10000 - 29999
+ idmap gid = 10000 - 29999
+ winbind nss info = adex
+
+ winbind normalize names = yes
+ winbind refresh tickets = yes
+ template homedir = /home/%D/%U
+ template shell = /bin/bash
+
+Please refer to the idmap_adex(8) man page for more details.
+
+
######################################################################
Changes
#######
@@ -81,6 +161,7 @@ smb.conf changes
Parameter Name Description Default
-------------- ----------- -------
+ cups connection timeout New 30
idmap domains Removed
init logon delayed hosts New ""
init logon delay New 100
@@ -98,9 +179,13 @@ o Michael Adam <obnox at samba.org>
o Jeremy Allison <jra at samba.org>
* BUG 5729: Explicitly allow "-valid".
+ * BUG 5737: Fix winbindd crash in an unusual failure mode.
* BUG 5751: Fix showing of ACLs on DFS in (lib)smbclient.
* BUG 5762: Fix opening of mangled directory name (resulted
'is a stream name').
+ * BUG 5783: Fix FindFirst where search pattern == mangled filename.
+ * BUG 5790: Fix returning of STATUS_OBJECT_NAME_NOT_FOUND on set file
+ disposition.
* Fix crashes when looking up a non-existant uid.
* Fix getting/setting of NT ACLs on a file.
* Add st_birthtime and friends for accurate create times on *BSD
@@ -119,6 +204,7 @@ o Gerald W. Carter <jerry at samba.org>
* Add the idmap/nss-info provider from Likewise Open.
* Allow an admin to define the "uid" attribute for a RFC2307
user object in AD to be the username alias.
+ * Add new idmap backend "adex" to support RFC2307 enabled AD forests.
o Steven Danneman <steven.danneman at isilon.com>
@@ -128,6 +214,7 @@ o Steven Danneman <steven.danneman at isilon.com>
o Günther Deschner <gd at samba.org>
* BUG 5710: Fix changing of machine account passwords.
+ * BUG 5784: Fix pam_winbind build issue on Solaris.
* Fix invalid sid copy (hit when enumerating sibling domains) in Winbind.
* Fix double installation of cifs.upcall.
@@ -140,14 +227,20 @@ o Ephi Dror <Ephi.Dror at datadomain.com>
* Correct the netsamlogon_clear_cached_user function.
+o Holger Hetterich <hhetter at novell.com>
+ * Add new VFS module to analyze SMB traffic to record write and read
+ operations on the Samba server.
+
+
o Jeff Layton <jlayton at redhat.com>
* Fix build warnings in cifs.upcall.
o Volker Lendecke <vl at sernet.de>
+ * BUG 5707: Do proper error handling if the socket is closed.
+ * BUG 5778: Don't define 'strlcat' and 'strlcpy' if it's already defined.
* Fix Coverity IDs 587 and 589.
* Increase the default positive idmap cache time to a week.
- * BUG 5707: Do proper error handling if the socket is closed.
* Fix calculation of useable_space for trans2 and nttrans replies.
* Add mapping of generic bits when setting an NFSv4 ACL.
@@ -156,6 +249,10 @@ o Stefan Metzmacher <metze at samba.org>
* Some write time fixes.
+o Karolin Seeger <kseeger at samba.org>
+ * Add new parameter "cups connection timeout".
+
+
o Simo Sorce <idra at samba.org>
* Fix enumeration of nested group memberships in Winbind.
This affected only setups using "security = ads".
@@ -198,6 +295,14 @@ o Jeremy Allison <jra at samba.org>
and "smbd" to mean the main smb daemon.
+o Gerald W. Carter <jerry at samba.org>
+ * Add support for name aliasing in Winbind.
+ * Add the idmap/nss-info provider from Likewise Open.
+ * Allow an admin to define the "uid" attribute for a RFC2307
+ user object in AD to be the username alias.
+ * Add new idmap backend "adex" to support RFC2307 enabled AD forests.
+
+
o Guenther Deschner <gd at samba.org>
* BUG 5710: Fix changing of machine account passwords.
* Add "net rpc vampire keytab" and "net rpc vampire ldif".
diff --git a/docs-xml/manpages-3/idmap_adex.8.xml b/docs-xml/manpages-3/idmap_adex.8.xml
new file mode 100644
index 0000000..9eb2ff7
--- /dev/null
+++ b/docs-xml/manpages-3/idmap_adex.8.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="idmap_adex.8">
+
+<refmeta>
+ <refentrytitle>idmap_adex</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">3.2</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>idmap_adex</refname>
+ <refpurpose>Samba's idmap_adex Backend for Winbind</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <title>DESCRIPTION</title>
+ <para>
+ The idmap_adex plugin provides a way for Winbind to read
+ id mappings from an AD server that uses RFC2307 schema
+ extensions. This module implements both the idmap and nss_info
+ APIs and supports domain trustes as well as two-way cross
+ forest trusts. It is a read-only plugin requiring that the
+ administrator provide mappings in advance by adding the
+ POSIX attribute information to the users and groups objects
+ in AD. The most common means of doing this is using "Identity
+ Services for Unix" support on Windows 2003 R2 and later.
+ </para>
+
+ <para>
+ Note that you must add the uidNumber, gidNumber, and uid
+ attributes to the partial attribute set of the forest global
+ catalog servers. This can be done using the Active Directory Schema
+ Management MMC plugin (schmmgmt.dll).
+ </para>
+</refsynopsisdiv>
+
+<refsynopsisdiv>
+ <title>NSS_INFO</title>
+ <para>
+ The nss_info plugin supports reading the unixHomeDirectory,
+ gidNumber, loginShell, and uidNumber attributes from the user
+ object and the gidNumber attribute from the group object to
+ fill in information required by the libc getpwnam() and
+ getgrnam() family of functions. Group membership is filled in
+ according to the Windows group membership and not the
+ msSFU30PosixMember attribute.
+ </para>
+
+ <para>
+ Username aliases are implement by setting the uid attribute
+ on the user object. While group name aliases are implemented
+ by reading the displayname attribute from the group object.
+ </para>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>EXAMPLES</title>
+ <para>
+ The following example shows how to retrieve idmappings and NSS data
+ from our principal and trusted AD domains.
+ </para>
+
+ <programlisting>
+ [global]
+ idmap backend = adex
+ idmap uid = 1000-4000000000
+ idmap gid = 1000-4000000000
+
+ winbind nss info = adex
+ winbind normalize names = yes
+ </programlisting>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>
+ The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.
+ </para>
+</refsect1>
+
+</refentry>
diff --git a/docs-xml/manpages-3/idmap_hash.8.xml b/docs-xml/manpages-3/idmap_hash.8.xml
new file mode 100644
index 0000000..8e452b3
--- /dev/null
+++ b/docs-xml/manpages-3/idmap_hash.8.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="idmap_hash.8">
+
+<refmeta>
+ <refentrytitle>idmap_hash</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">3.2</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>idmap_hash</refname>
+ <refpurpose>Samba's idmap_hash Backend for Winbind</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <title>DESCRIPTION</title>
+ <para>The idmap_hash plugin implements a hashing algorithm used
+ map SIDs for domain users and groups to a 31-bit uid and gid.
+ This plugin also implements the nss_info API and can be used
+ to support a local name mapping files if enabled via the
+ "winbind normlaize names" and "winbind nss info"
+ parameters in smb.conf.
+ </para>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>IDMAP OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>name_map</term>
+ <listitem><para>
+ Specifies the absolute path to the name mapping
+ file used by the nss_info API. Entries in the file
+ are of the form "<replaceable>unix name</replaceable>
+ = <replaceable>qualified domain name</replaceable>"e;.
+ Mapping of both user and group names is supported.
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+ <para>The following example utilizes the idmap_hash plugin for
+ the idmap and nss_info information.
+ </para>
+
+ <programlisting>
+ [global]
+ idmap backend = hash
+ idmap uid = 1000-4000000000
+ idmap gid = 1000-4000000000
+
+ winbind nss info = hash
+ winbind normalize names = yes
+ idmap_hash:name_map = /etc/samba/name_map.cfg
+ </programlisting>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>
+ The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.
+ </para>
+</refsect1>
+
+</refentry>
diff --git a/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml b/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml
index 28826cf..5b68bca 100644
--- a/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml
+++ b/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml
@@ -5,14 +5,25 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This parameter controls whether winbindd will replace
- whitespace in user and group names with an underscore (_) character.
- For example, whether the name "Space Kadet" should be
- replaced with the string "space_kadet".
- Frequently Unix shell scripts will have difficulty with usernames
- contains whitespace due to the default field separator in the shell.
- Do not enable this option if the underscore character is used in
- account names within your domain
- </para>
+ whitespace in user and group names with an underscore (_) character.
+ For example, whether the name "Space Kadet" should be
+ replaced with the string "space_kadet".
+ Frequently Unix shell scripts will have difficulty with usernames
+ contains whitespace due to the default field separator in the shell.
+ If your domain possesses names containing the underscore character,
+ this option may cause problems unless the name aliasing feature
+ is supported by your nss_info plugin.
+ </para>
+
+ <para>This feature also enables the name aliasing API which can
+ be used to make domain user and group names to a non-qlaified
+ version. Please refer to the manpage for the configured
+ idmap and nss_info plugin for the specifics on how to configure
+ name aliasing for a specific configuration. Name aliasing takes
+ precendence (and is mutually exclusive) over the whitespace
+ replacement mechanism discussed previsouly.
+ </para>
+
</description>
<value type="default">no</value>
diff --git a/source/Makefile.in b/source/Makefile.in
index 1b2339e..5aed254 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -624,6 +624,7 @@ VFS_FILEID_OBJ = modules/vfs_fileid.o
VFS_AIO_FORK_OBJ = modules/vfs_aio_fork.o
VFS_SYNCOPS_OBJ = modules/vfs_syncops.o
VFS_ACL_XATTR_OBJ = modules/vfs_acl_xattr.o
+VFS_SMB_TRAFFIC_ANALYZER_OBJ = modules/vfs_smb_traffic_analyzer.o
PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o
@@ -989,6 +990,14 @@ IDMAP_HASH_OBJ = \
winbindd/idmap_hash/idmap_hash.o \
winbindd/idmap_hash/mapfile.o
+IDMAP_ADEX_OBJ = \
+ winbindd/idmap_adex/idmap_adex.o \
+ winbindd/idmap_adex/cell_util.o \
+ winbindd/idmap_adex/likewise_cell.o \
+ winbindd/idmap_adex/provider_unified.o \
+ winbindd/idmap_adex/gc_util.o \
+ winbindd/idmap_adex/domain_util.o
+
WINBINDD_OBJ1 = \
winbindd/winbindd.o \
winbindd/winbindd_user.o \
@@ -1132,6 +1141,8 @@ pam_smbpass: SHOWFLAGS bin/pam_smbpass. at SHLIBEXT@
pam_winbind: SHOWFLAGS bin/pam_winbind. at SHLIBEXT@
+gpext_modules:: $(GPEXT_MODULES)
+
torture:: SHOWFLAGS $(TORTURE_PROGS)
smbtorture : SHOWFLAGS bin/smbtorture at EXEEXT@
@@ -2224,6 +2235,10 @@ bin/hash. at SHLIBEXT@: $(BINARY_PREREQS) $(IDMAP_HASH_OBJ)
@echo "Building plugin $@"
@$(SHLD_MODULE) $(IDMAP_HASH_OBJ)
+bin/adex. at SHLIBEXT@: $(BINARY_PREREQS) $(IDMAP_ADEX_OBJ)
+ @echo "Building plugin $@"
+ @$(SHLD_MODULE) $(IDMAP_ADEX_OBJ)
+
bin/tdb2. at SHLIBEXT@: $(BINARY_PREREQS) winbindd/idmap_tdb2.o
@echo "Building plugin $@"
@$(SHLD_MODULE) winbindd/idmap_tdb2.o
@@ -2403,6 +2418,14 @@ bin/scripts. at SHLIBEXT@: $(BINARY_PREREQS) libgpo/gpext/scripts.o
@echo "Building plugin $@"
@$(SHLD_MODULE) libgpo/gpext/scripts.o
+bin/smb_traffic_analyzer. at SHLIBEXT@: $(BINARY_PREREQS) $(VFS_SMB_TRAFFIC_ANALYZER_OBJ)
+ @echo "Building plugin $@"
+ @$(SHLD_MODULE) $(VFS_SMB_TRAFFIC_ANALYZER_OBJ)
+
+bin/security. at SHLIBEXT@: $(BINARY_PREREQS) libgpo/gpext/security.o
+ @echo "Building plugin $@"
+ @$(SHLD_MODULE) libgpo/gpext/security.o
+
#########################################################
## IdMap NSS plugins
@@ -2525,6 +2548,8 @@ installmodules:: modules installdirs
@$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(AUTHLIBDIR) domain. at SHLIBEXT@ trustdomain. at SHLIBEXT@ ntdomain. at SHLIBEXT@
@$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(AUTHLIBDIR) builtin. at SHLIBEXT@ guest. at SHLIBEXT@ fixed_challenge. at SHLIBEXT@ name_to_ntstatus. at SHLIBEXT@
@$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(NSSINFOLIBDIR) ../idmap/ad. at SHLIBEXT@ rfc2307. at SHLIBEXT@ sfu. at SHLIBEXT@ sfu20. at SHLIBEXT@
+ @$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(NSSINFOLIBDIR) ../idmap/adex. at SHLIBEXT@ adex. at SHLIBEXT@
+ @$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(NSSINFOLIBDIR) ../idmap/hash. at SHLIBEXT@ hash. at SHLIBEXT@
installscripts:: installdirs
@$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS_BIN) $(DESTDIR)$(BINDIR) $(SCRIPTS)
diff --git a/source/client/mount.cifs.c b/source/client/mount.cifs.c
index 3b56e5f..b7a76c6 100644
--- a/source/client/mount.cifs.c
+++ b/source/client/mount.cifs.c
@@ -56,6 +56,10 @@
#endif /* _SAMBA_BUILD_ */
#endif /* MOUNT_CIFS_VENDOR_SUFFIX */
+#ifdef _SAMBA_BUILD_
+#include "include/config.h"
+#endif
+
#ifndef MS_MOVE
#define MS_MOVE 8192
#endif
@@ -94,6 +98,8 @@ char * prefixpath = NULL;
/* like strncpy but does not 0 fill the buffer and always null
* terminates. bufsize is the size of the destination buffer */
+
+#ifndef HAVE_STRLCPY
static size_t strlcpy(char *d, const char *s, size_t bufsize)
{
size_t len = strlen(s);
@@ -104,10 +110,13 @@ static size_t strlcpy(char *d, const char *s, size_t bufsize)
d[len] = 0;
return ret;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list