| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Only compiled in when --enable-developer argument passed to configure.
(This used to be commit 017da9393bab276543d0d5c50df8c760780f2450)
|
|
rpcclient -S pdc -U% -c "samlogon user password"
and it should work with the schannel. Needs testing against platforms
different from NT4SP6.
Volker
(This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
|
|
from .NET RC2)
(This used to be commit e074cab810f9299d0b27881cddf8a74f10fe233e)
|
|
Jeremy.
(This used to be commit 183ce97d3719080b1b01932b96206b8ee4c5f5b0)
|
|
-------------------------------------------------------------------------
I think there are basically two problem:
1. Windows clients do not always send ACEs for SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ,
and SMB_ACL_OTHER.
The function ensure_canon_entry_valid() is prepared for that, but tries
to "guess" values from group or other permissions, respectively, otherwise
falling back to minimum r-- for the owner. Even if the owner had full
permissions before setting ACL. This is the problem with W2k clients.
2. Function set_nt_acl() always chowns *before* attempting to set POSIX ACLs.
This is ok in a take-ownership situation, but must fail if the file is
to be given away. This is the problem with XP clients, trying to transfer
ownership of the original file to the temp file.
The problem with NT4 clients (no ACEs are transferred to the temp file, thus
are lost after moving the temp file to the original name) is a client problem.
It simply doesn't attempt to.
I have played around with that using posic_acls.c from 3.0 merged into 2.2.
As a result I can now present two patches, one for each branch. They
basically modify:
1. Interpret missing SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, or SMB_ACL_OTHER
as "preserve current value" instead of attempting to build one ourself.
The original code is still in, but only as fallback in case current values
can't be retrieved.
2. Rearrange set_nt_acl() such that chown is only done before setting
ACLs if there is either no change of owning user, or change of owning
user is towards the current user. Otherwise chown is done after setting
ACLs.
It now seems to produce reasonable results. (Well, as far as it can. If
NT4 doesn't even try to transfer ACEs, only deliberate use of named default
ACEs and/or "force group" or the crystal ball can help :)
-------------------------------------------------------------------------
Jeremy.
(This used to be commit 1d3b8c528bebfa1971d1affe454a03453335786e)
|
|
* distinguish WinXP from Win2k
* add a 1/3 of a second delay in OpenPrinter
in order to trigger a LAN/WAN optimization in
2k clients.
(This used to be commit c7712fa054d21b4884a78b7ea6c0fb8b3d637c6b)
|
|
for smb -> smb lock release). Adds new PENDING_LOCK type to lockdb
(does not interfere with existing locks).
Jeremy.
(This used to be commit 766928bbba1e597c9c2b12458dd8d37e6080593e)
|
|
- user_ok() and user_in_group() now take a list of groups, instead of
looking for the user in the members of all groups.
- The 'server_info' returned from the authentication is now kept around
- in future we won't copy the sesion key, username etc, we will just
referece them directly.
- rhosts upgraded to use the SAM if possible, otherwise fake up based on
getpwnam().
- auth_util code to deal with groups upgraded to deal with non-winbind domain
members again.
Andrew Bartlett
(This used to be commit 74b5436c75114170ce7c780c19226103d0df9060)
|
|
(This used to be commit e9f56a157bd472914eebf64fde586104d8274717)
|
|
level 2 and a request for open with no oplock is received then the
smbd should send *synchronous* break messages, not asynchronous,
otherwise it spins very rapidly, releasing the lock, sending the
'break to none' messages and then re-acquiring the lock before
any other process has a chance to get the lock and remove it's own
oplock (at least on linux).
Jeremy
(This used to be commit 33e3e863eb7f35b852384e689f3272784261fc39)
|
|
Jeremy.
(This used to be commit 62038a0abf193d4dc4f37c31ac77216a10f6f326)
|
|
warnings. (Adds a lot of const).
Andrew Bartlett
(This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
|
|
server = DC1 *
(This used to be commit f49de4c5176bf635ac080e082fda412066b466c8)
|
|
jobid. This was causing Win9x client "set name" calls to fail.
Still need one cleanup fix to finish.
Jeremy.
(This used to be commit 6c23d2030ab8dddff4c849903c529f0012b94027)
|
|
Jeremy.
(This used to be commit 379e719e983fb71f94cd2b691f8b194c109496c3)
|
|
should actual functional differences between HEAD and 3.0.
- Mostly reformatting
- Removal of unecessary #include "smb.h"
- Merge of dyn_DRIVERFILE removal
- Silly bug fix for python code
(This used to be commit d3998307adc50ba50defe610cb656c73799ae3b9)
|
|
(This used to be commit 1a25dc776ddc36de9a214e023becff1ceb10290c)
|
|
(This used to be commit 645c2d5c30a79d4aa28f477dbf0fc44d319fd35d)
|
|
Jeremy.
(This used to be commit 13995fc0499798e546b019eb44a98614df0ded97)
|
|
Thanks to Andrew Brtlet for the diff :-)
(This used to be commit cf67981e73cf52803eae589a6b86e1274bf72d2c)
|
|
The work here includes:
- metze' set/changed patch, which avoids making changes to ldap on unmodified
attributes.
- volker's group mapping in passdb patch
- volker's samsync stuff
- volkers SAMR changes.
- mezte's connection caching patch
- my recent changes (fix magic root check, ldap ssl)
Andrew Bartlett
(This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)
|
|
(This used to be commit 5dfc073305003fabf6d54bf99b1281f266db292d)
|
|
(This used to be commit 2adaceea55d098dcd633b5ffb8f446a9ca6b4e94)
|
|
(This used to be commit 028477e35208e76fedbc7c743426fd9be94b7cf0)
|
|
from APP_HEAD
(This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e)
|
|
Jeremy.
(This used to be commit d8d351eb01ea7c84828dbc96224d7b13d643b558)
|
|
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
|
|
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
cases for rename and unlink. Had to add desired_access into the share mode record.
Jeremy.
(This used to be commit 3b1b8ac43535fb0839c5474fa55bf7150f6cde31)
|
|
Jeremy.
(This used to be commit 2be9b253ad40e125169725ea79e6723cb40c5e6a)
|
|
bugs with opening and renaming mp3 files, also the word rename
problems that people have had for a while.
Needs a make clean :-) make.
Also added JohnR's printing fix.
Jeremy.
(This used to be commit 504e5ef0494c54efbd0357e334cb2aa5a9eb9c14)
|
|
Jeremy.
(This used to be commit 2e3133fbe5531b9bbc9bf46a04b27fa58e555f5a)
|
|
Jeremy.
(This used to be commit ad1e858d8e72adf924ff435eab8da3e60842e2e6)
|
|
in the reverse).
* add in new printer change notify code from SAMBA_2_2
* add in se_map_standard() from 2.2 in _spoolss_open_printer_ex()
* sync up the _print_queue_struct in smb.h (why did someone change the
user/file names in fs_user/fs_file (or vice-versa) ? )
* sync up some cli_spoolss_XXX functions
(This used to be commit 5760315c1de4033fdc22684c940f18010010924f)
|
|
Jeremy.
(This used to be commit 7d59445b6962547a8938928a9371651a09e26516)
|
|
<a.kotovich@sam-solutions.net> that adds the security decsriptor code
for ADS workstation accounts
thanks for your patience Cat, and thanks to Andrew Bartlett for
extensive reviews and suggestions about this code.
(This used to be commit 6891393b5db868246fe52ff62b3dc6aa5ca6f726)
|
|
values so we can see what's going on.
Jeremy.
(This used to be commit 5ba4ba36339269b2059da7c103e63ecd948f7938)
|
|
The main change here is to move ldap into the new pluggable passdb subsystem
and to take the LDAP location as a 'location' paramter on the 'passdb backend'
line in the smb.conf. This is an LDAP URL, parsed by OpenLDAP where supported,
and by hand where it isn't.
It also adds the ldap user suffix and ldap machine suffix smb.conf options,
so that machines added to the LDAP dir don't get mixed in with people.
Non-unix account support is also added. This means that machines don't need to
be in /etc/passwd or in nss_ldap's scope.
This code has stood up well under my production environment, so it relitivly
well tested.
I'm commiting this now becouse others have shown interest in using it, and
there is no point 'hording' the code :-).
Andrew Bartlett
(This used to be commit cd5234d7dd7309d88944b83d807c1f1c2ca0460a)
|
|
using it anymore. This also removes an early #include of smb.h, making it
slightly easier to track whats being included where.
Andrew Bartlett
(This used to be commit 9d25e3023272a55a39f80305f0f336c655833d55)
|
|
Jeremy.
(This used to be commit 9243a9778e52999d5c62cba484640637b24994d8)
|
|
(This used to be commit 60e84540fd8c27975066f7c7984d30bc88f6da5f)
|
|
(This used to be commit 3fb3bc0a1546dadb24231065b422349bd199e1bf)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
(This used to be commit 04f492980b73800b60dde764fdeb43f2eab79624)
|
|
This time its the pdb_getsampwuid() function - which was only being used by the
SAMR rpc subsystem to gain a 'user session key'. This 'user session key' is
actually generated at login time, and the other changes here simply move that
data around.
This also means that (when I check some details) we will be able to use the
user session key, even when we are not actually the DC, becouse its one of the
components of the info3 struct returned on logon.
Andrew Bartlett
(This used to be commit 799ac01fe08a338e4e94289f5d6767ebf905c1fa)
|
|
Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps
them around for a long time - often past the next call...
This adds a getpwnam_alloc and a getpwuid_alloc to the collection.
These function as expected, returning a malloced structure that can be
free()ed with passwd_free(&passwd).
This patch also cuts down on the number of calls to getpwnam - mostly by
taking advantage of the fact that the passdb interface is already
case-insensiteve.
With this patch most of the recursive cases have been removed (that I know
of) and the problems are reduced further by not using the sys_ interface
in the new code. This means that pointers to the cache won't be affected.
(This is a tempoary HACK, I intend to kill the password cache entirly).
The only change I'm a little worried about is the change to
rpc_server/srv_samr_nt.c for private groups. In this case we are getting
groups from the new group mapping DB. Do we still need to check for private
groups? I've toned down the check to a case sensitve match with the new code,
but we might be able to kill it entirly.
I've also added a make_modifyable_passwd() function, that copies a passwd
struct into the form that the old sys_getpw* code provided. As far as I can
tell this is only actually used in the pass_check.c crazies, where I moved
the final 'special case' for shadow passwords (out of _Get_Pwnam()).
The matching case for getpwent() is dealt with already, in lib/util_getent.c
Also included in here is a small change to register the [homes] share at vuid
creation rather than just in one varient of the session setup. (This picks
up the SPNEGO cases). The home directory is now stored on the vuid, and I
am hoping this might provide a saner way to do %H substitions.
TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change
the remaining sys_getpwnam() callers to use getpwnam_alloc() and move
Get_Pwnam to return an allocated struct.
Andrew Bartlett
(This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
|
|
-> NT STATUS
maps. Fixes problem with disk full returning incorrect error.
Jeremy.
(This used to be commit 16fcbf3c1ccf1d704765653f68395dd596c0d841)
|
|
(This used to be commit 04e3082f7d45c1b304adff5a46106136cff0e09e)
|
|
These strings are allocated using talloc(), either using its own memory context
stored on the SAM_ACCOUNT or one supplied by the caller.
The pdb_init_sam() and pdb_free_sam() function have been modifed so that a call
to pdb_free_sam() will either clean up (remove hashes from memory) and destroy
the TALLOC_CTX or just clean up depending on who supplied it.
The pdb_init_sam and pdb_free_sam functions now also return an NTSTATUS, and I
have modified the 3 places that actually checked these returns.
The only nasty thing about this patch is the small measure needed to maintin
interface compatability - strings set to NULL are actually set to "".
This is becouse there are too many places in Samba that do strlen() on these
strings without checking if they are NULL pointers.
A supp patch will follow to set all strings to "" in pdb_default_sam().
Andrew Bartlett
(This used to be commit 144345b41d39a6f68d01f62b7aee64ca0d328085)
|
