Age | Commit message (Collapse) | Author | Files | Lines |
|
The change to protocol version 1 was not intentional, and broke the
protocol established with the ntp.org project.
Andrew Bartlett
|
|
Jeremy.
|
|
Based on a patch submitted by Petr Vandrovec <petr@vandrovec.name>.
Multiple pending signals with siginfo_t's weren't being handled correctly
leading to smbd abort with kernel oplock signals.
Jeremy
|
|
Authentication of domain users on the member server fails when winbindd
is not running. This is because the is_trusted_domain() check behaves
differently when winbindd is running and when it isn't:
Since wb_is_trusted_domain() calls wbcDomainInfo(), and this will also
give a result for our own domain, this succeeds for the member
server's own domain when winbindd is running. When winbindd is not
running, is_trusted_domain() checks (and possibly updates) the trustdom
cache, and this does the lsa_EnumTrustDom() rpc call to the DC which
does not return its own domain.
In case of winbindd not running, before 3.4, the domain part was _silently_
mapped to the workgroup in auth_util.c:make_user_info_map(),
which effectively did nothing in the member case.
But then the parameter "map untrusted to domain" was introduced
and the mapping was made to the workstation name instead of
the workgroup name by default unless "map untrusted to domain = yes".
(Commits
d8c54fddda2dba3cbc5fc13e93431b152813892e,
5cd4b7b7c03df6e896186d985b6858a06aa40b3f, and
fbca26923915a70031f561b198cfe2cc0d9c3aa6)
This was ok as long as winbindd was running, but with winbindd not running,
these changes actually uncovered the above logic bug in the check.
So the correct check is to treat the workgroup as trusted / or known
in the member case. This is most easily achieved by not comparing the
domain name against get_global_sam_name() which is the host name unless
for a DC but against my_sam_name() which is the workgroup for a DC and for
a member, too. (These names are not very intuitive...)
I admit that this is a very long commit message for a one-liner, but this has
needed some tracking down, and I think the change deserves some justification.
Michael
|
|
Put was assuming that the remote name was always absolute, and not relative to
the current remote directory.
Signed-off-by: Sam Liddicott <sam@liddicott.com>
|
|
|
|
|
|
This should ensure the debug messages do not have random characters at
their ends.
Andrew Bartlett
|
|
This is a small start on (ie, the only trivial part of) the work shown in:
http://k5wiki.kerberos.org/wiki/Projects/Samba4_Port#Samba.27s_use_of_Heimdal_symbols.2C_with_MIT_differences
(a table of all Kerberos symbols used in Samba4, and notes on where
they differ from those provided with MIT Kerberos)
Andrew Bartlett
|
|
Add good error message for share modification denial.
Jeremy.
|
|
Guenther
|
|
When returning NT_STATUS_OK we can't leave *info == NULL, this crashes
in is_closest_site called from dsgetdcname().
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
(spoolss_GetPrinterDriverPackagePath and spoolss_GetCorePrinterDrivers).
Guenther
|
|
Not all systems may have a "root" user, but all must have a passwd
entry for a uid of zero.
Jeremy.
|
|
nautilus fails to copy files from an SMB share. This is a show-stopper
for 3.4.1 (I'll open a Samba.org bug). Although gnome-vfs is doing
*incredibly* stupid things by asking for a read size of 65535 - this
translates on the wire to a 65534 byte read followed by a 1 byte
read. Please send this back to the gnome developers that they
will ge horrid on the wire performance for this.
Jeremy.
|
|
metze
|
|
metze
|
|
This can we used by SMB2, the key difference between
SMB1 and SMB2 is that with SMB2 entries are aligned
to 8 bytes and there's no padding at the end of the last entry.
metze
|
|
metze
|
|
metze
|
|
Many, many thanks to Metze for telling me which chicken to sacrifice.
|
|
Michael
|
|
This adds a parameter "gpfs:refuse_dacl_protected" that defaults to false.
GPFS has no place to store the SEC_DESC_DACL_PROTECTED ACL bit. With this
parameter we give customers an option to either ignore this bit or refuse
setting an ACL with it.
|
|
metze
|
|
Added simple DRS rename support in replication. This should be done
async, and I'm not sure if we should also do any repl data updates to
indicate the rename. I'm still learning how this stuff works, but at
least this allows a rename on a DC to propogate correctly
|
|
When objects are deleted they get renamed to this container. The
container needs to exist when we provision
|
|
|
|
|
|
With the switch to libwbclient the previously stubbed out
--trusted-domains and --all-domains calls now fail. Set them to knownfail.
The previously knownfail -D test is now stubbed out, test it now.
This does not fix the issues with wbinfo -a and wbinfo -K not working on the
build farm. I have no idea whatsoever what is causing this, as those are broken
on my local machine even without my changes.
|
|
|
|
|
|
There can be only one....wbinfo that is.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Point to the corresponding commands in "net" instead.
|
|
These replace the functionality of wbinfo --get-auth-user/--set-auth-user
|
|
This commit also fixes a lot of line lengths to make the file more readable.
|
|
|
|
|