Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 17f01f6959fb79ba11a56d6869ec9789e3ee2f74)
|
|
(This used to be commit dcf1705782f5d589120624c90b695b81a0332e6b)
|
|
Jeremy.
(This used to be commit 01727b0296ee407e49444b9d9c4e7993892cb537)
|
|
Jeremy.
(This used to be commit 69becdb563b2620513931811a6695481bebcceed)
|
|
The current locking scheme in winbind is a complete mess - indeed, the
next step should be to push the locking into cli_full_connection(), but
I'll leave it for now.
This patch works on the noted behaviour that 2 parts of the connection
process need protection - and independent protection. Tim Potter did
some work on this a little while back, verifying the second case.
The two cases are:
- between connect() and first session setup
- during the auth2 phase of the netlogon pipe setup.
I've removed the counter on the lock, as I fail to see what it gains us.
This patch also adds 'anonymous fallback' to our winbindd -> DC connection.
If the authenticated connection fails (wbinfo -A specifed) - say that
account isn't trusted by a trusted DC - then we try an anonymous.
Both tpot and mbp like the patch.
Andrew Bartlett
(This used to be commit 0620320002082298a15cbba72bd79aecfc607947)
|
|
Matches 2.2
Andrew Bartlett
(This used to be commit f6497fd639c5bb7d61eda0286c4c3c38609933b0)
|
|
Andrew Bartlett
(This used to be commit 4c6a2d8d28d1752d7fee52d253ce2829bd0a0671)
|
|
work...
Andrew Bartlett
(This used to be commit 5c1f1005907bf50b809dfae1f8251c7122103098)
|
|
Comments wellcome.
Simo.
(This used to be commit e1431424e7603d946f63cfe7fe669b0b32ac8095)
|
|
recent Valgrind relases and clashing with -DVALGRIND.
(This used to be commit 98479f1315cf8968152e1566966ac57e171008c3)
|
|
(This used to be commit 36c6f67d4af50d8fc4c8bd54486df315861d55c2)
|
|
(This used to be commit f283f71104319fa9f1e7d22fc91b8d7224ae157a)
|
|
(This used to be commit 7be44dbe009a8d831c0720a2649fc871b067beef)
|
|
(This used to be commit af415842b80f024ca26b4e3bc52fd73fce0a28f3)
|
|
(This used to be commit 71c8e90117f00f168416f2f35a1c25755e2d0ed4)
|
|
the open call to be the same as that of the existing tdb. The
specified hash_size is only used if the tdb needs to be (re)created.
With this patch in place, tdbtool can open the printing tdbs, which
are created with a hash_size of 5000. Before it would fail with EIO.
(This used to be commit e412dd6d7e5a41de94c07c64b186390ccce104cc)
|
|
(This used to be commit c5c1a7979385778c08d6dd7796cfe8be1815992f)
|
|
> when doing "enumdomusers", rpcclient prints each one preceded by the
> word "group" instead of "user"
(This used to be commit 17567dd1d510d4cf1dffa67be78510ae51571ec6)
|
|
Volker
(This used to be commit 329911e43681b724cb0579aad77b4a658759d7ba)
|
|
(This used to be commit 6fca29ddcdb111af24ee051b555ab4eec8cadd1d)
|
|
error code.
make_server_info_guest() requires an entry in the SAM at the moment, but
this will change before release.
Andrew Bartlett
(This used to be commit 6a956390fa253e87e38b3f1909f13595fbf2767a)
|
|
string as a configure parameter.
(This used to be commit 3285c80cb0e41d6736b4f74b01a65d55753a7920)
|
|
(This used to be commit cec1ef09e5009cdac22e6c9ca101a49c5ef36b1a)
|
|
(This used to be commit 0f4d1172a6add3f490fca22a45975d2588485146)
|
|
(This used to be commit 7717555438e4d74bb63d12abde3573933c15342a)
|
|
get Win2k to send a valid signiture in it's session setup reply - which it will
give to win2k clients.
So, I need to look at becoming 'more like MS', but for now I'll get this code
into the tree. It's actually based on the TNG cli_pipe_ntlmssp.c, as it was
slightly easier to understand than our own (but only the utility functions
remain in any way intact...).
This includes the mysical 'NTLM2' code - I have no idea if it actually works.
(I couldn't get TNG to use it for its pipes either).
Andrew Bartlett
(This used to be commit a034a5e381ba5612be21e2ba640d11f82cd945da)
|
|
lengths are correct. Attempts to pstrcpy into an fstring or allocated
string should fail in developer builds.
This builds on abartlet's earlier overflow probe for safe_strcpy, but
by clobbering the whole string with a nonzero value is more likely to
find overflows on the stack.
This is only used in -DDEVELOPER mode.
Reviewed by abartlet, tpot.
(This used to be commit 8d915e266cd8ccc8b27e9c7ea8e9d003d05f8182)
|
|
(This used to be commit 65ba78c6bd4c5ab7ec9bf4d15e4410482e82588d)
|
|
(This used to be commit 0ece70d631bf095bf9c8819180b6c59990159cd0)
|
|
(This used to be commit 05cffbee56f0556f550b4d14f3111bd7db972621)
|
|
(This used to be commit ef6cb3ec1aa943d4e52ea08e7b43a47d781d3273)
|
|
(This used to be commit 998537ca398100974075d11e28d5199997424f15)
|
|
The intention is to allow for NTLMSSP and kerberos signing of packets, but
for now it's just what I call 'simple' signing. (aka SMB signing per the SNIA
spec)
Andrew Bartlett
(This used to be commit b9cf95c3dc04a45de71fb16e85c1bfbae50e6d8f)
|
|
(for example, query to non-dc)
Andrew Bartlett
(This used to be commit d1dde5f684652f86e63ac6cfa34ff42a680693de)
|
|
(This used to be commit 25d210b90b6c0377046d89a1dce7a32f94fd7859)
|
|
two layers structure with
- local tdb cache
- remote idmap repository
compiles
(This used to be commit 8fb4e210bc7564ed491d121c20d598ba0bfbddff)
|
|
samba user database.
(This used to be commit 957c11e40e0aedc24d2dce2aaae9888673d68e01)
|
|
(This used to be commit 7dc2b10215c2b015a36e78c3b9b8f13cecfdfeba)
|
|
(This used to be commit 30ba31e6355b5dfb902e42d2b5edc71630db2923)
|
|
reason, during a Win2003 installation, when you select 'domain join' it sends
one machine name in the name exchange, and litraly 'machinename' during the
NTLMSSP login.
Also fix up winbindd's logfile handling, so that it matches smbd and nmbd.
(This helps me, by seperating the logs by pid).
Andrew Bartlett
(This used to be commit afe5a3832f79131fb74461577f1db0e5e8bf4b6d)
|
|
(This used to be commit c2a266b7b661d319e13982bfdbc3a86e8502b8a4)
|
|
Jeremy.
(This used to be commit 13ab94fa73dbaf54da0169bbcf4d027d5c07d207)
|
|
(not tested yet)
(This used to be commit 0d6cec90c13731827abcbc61974efc993e794003)
|
|
(This used to be commit 8338e74ac4e5f31150c96f459a67e52090dc6013)
|
|
Jeremy.
(This used to be commit c0930e6d15eb68f06453d9b67142ccd7fb1370a0)
|
|
(This used to be commit b20bcf8d336b4b2079eb42342a96d1fe714709de)
|
|
Jeremy.
(This used to be commit e81427c2d69be166afad94bc083e750e8f48fba7)
|
|
-------------------------------------------------------------------------
I think there are basically two problem:
1. Windows clients do not always send ACEs for SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ,
and SMB_ACL_OTHER.
The function ensure_canon_entry_valid() is prepared for that, but tries
to "guess" values from group or other permissions, respectively, otherwise
falling back to minimum r-- for the owner. Even if the owner had full
permissions before setting ACL. This is the problem with W2k clients.
2. Function set_nt_acl() always chowns *before* attempting to set POSIX ACLs.
This is ok in a take-ownership situation, but must fail if the file is
to be given away. This is the problem with XP clients, trying to transfer
ownership of the original file to the temp file.
The problem with NT4 clients (no ACEs are transferred to the temp file, thus
are lost after moving the temp file to the original name) is a client problem.
It simply doesn't attempt to.
I have played around with that using posic_acls.c from 3.0 merged into 2.2.
As a result I can now present two patches, one for each branch. They
basically modify:
1. Interpret missing SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, or SMB_ACL_OTHER
as "preserve current value" instead of attempting to build one ourself.
The original code is still in, but only as fallback in case current values
can't be retrieved.
2. Rearrange set_nt_acl() such that chown is only done before setting
ACLs if there is either no change of owning user, or change of owning
user is towards the current user. Otherwise chown is done after setting
ACLs.
It now seems to produce reasonable results. (Well, as far as it can. If
NT4 doesn't even try to transfer ACEs, only deliberate use of named default
ACEs and/or "force group" or the crystal ball can help :)
-------------------------------------------------------------------------
Jeremy.
(This used to be commit 8ec20cbae7ca7e685b1a4186d8482c7405915dc3)
|
|
genparser works fine, and it is a marvelous tool to store objects in tdb :)
(This used to be commit 4c6d461a8572f03cd33cba95500cc837638b732c)
|
|
for name->sid.
(This used to be commit 0ebccc0dbeecc10d423529909a2563fbc3bf9857)
|