Age | Commit message (Collapse) | Author | Files | Lines |
|
Jeremy.
(This used to be commit 33b11d5eb53bdeb9d279d221fd5c01579253e1c7)
|
|
from .NET RC2)
(This used to be commit e074cab810f9299d0b27881cddf8a74f10fe233e)
|
|
Volker
(This used to be commit 54c99ee1fbaf4541fb3fa10a9b764da1367af6d3)
|
|
Jeremy.
(This used to be commit 183ce97d3719080b1b01932b96206b8ee4c5f5b0)
|
|
-------------------------------------------------------------------------
I think there are basically two problem:
1. Windows clients do not always send ACEs for SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ,
and SMB_ACL_OTHER.
The function ensure_canon_entry_valid() is prepared for that, but tries
to "guess" values from group or other permissions, respectively, otherwise
falling back to minimum r-- for the owner. Even if the owner had full
permissions before setting ACL. This is the problem with W2k clients.
2. Function set_nt_acl() always chowns *before* attempting to set POSIX ACLs.
This is ok in a take-ownership situation, but must fail if the file is
to be given away. This is the problem with XP clients, trying to transfer
ownership of the original file to the temp file.
The problem with NT4 clients (no ACEs are transferred to the temp file, thus
are lost after moving the temp file to the original name) is a client problem.
It simply doesn't attempt to.
I have played around with that using posic_acls.c from 3.0 merged into 2.2.
As a result I can now present two patches, one for each branch. They
basically modify:
1. Interpret missing SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, or SMB_ACL_OTHER
as "preserve current value" instead of attempting to build one ourself.
The original code is still in, but only as fallback in case current values
can't be retrieved.
2. Rearrange set_nt_acl() such that chown is only done before setting
ACLs if there is either no change of owning user, or change of owning
user is towards the current user. Otherwise chown is done after setting
ACLs.
It now seems to produce reasonable results. (Well, as far as it can. If
NT4 doesn't even try to transfer ACEs, only deliberate use of named default
ACEs and/or "force group" or the crystal ball can help :)
-------------------------------------------------------------------------
Jeremy.
(This used to be commit 1d3b8c528bebfa1971d1affe454a03453335786e)
|
|
(This used to be commit 52ef84b53495db1eac6ecfb0b926ef8df7ea5cc5)
|
|
(This used to be commit f5c9895f83277f01282587697c84d31dc77102f6)
|
|
the unix domain sockets used by winbindd (also solves FD_SETSIZE problem
in winbindd to boot !). Adds a "last_access" field to winbindd connections,
and will close the oldest idle connection once the number of open connections
goes over WINBINDD_MAX_SIMULTANEOUS_CLIENTS (defined in local.h as 200
currently).
Jeremy.
(This used to be commit 7a586552a3aeb4a26495f0965af4bd027456a011)
|
|
* distinguish WinXP from Win2k
* add a 1/3 of a second delay in OpenPrinter
in order to trigger a LAN/WAN optimization in
2k clients.
(This used to be commit c7712fa054d21b4884a78b7ea6c0fb8b3d637c6b)
|
|
for smb -> smb lock release). Adds new PENDING_LOCK type to lockdb
(does not interfere with existing locks).
Jeremy.
(This used to be commit 766928bbba1e597c9c2b12458dd8d37e6080593e)
|
|
cache the printer_info_2 with the open printer handle.
cache is invalidated on a mod_a_printer() call **on that smbd**.
Yes, this means that the window for admins to step on each other
from different clients just got larger, but since handles a generally
short lived this is probably ok.
(This used to be commit 31272d3b6bb9ec62fd666301c7adfa0c1720a99b)
|
|
(This used to be commit 935c66f6a02c7ba764fbcc643a91833deb588bc0)
|
|
(This used to be commit 723ce5c531a957f3ea67f6fe74d4263a35083dda)
|
|
- new kerberos code, allowing the account to change it's own password
without special SD settings required
- NTLMSSP client code, now seperated from cliconnect.c
- NTLMv2 client code
- SMB signing fixes
Andrew Bartlett
(This used to be commit 837680ca517982f2e5944730581a83012d4181ae)
|
|
- user_ok() and user_in_group() now take a list of groups, instead of
looking for the user in the members of all groups.
- The 'server_info' returned from the authentication is now kept around
- in future we won't copy the sesion key, username etc, we will just
referece them directly.
- rhosts upgraded to use the SAM if possible, otherwise fake up based on
getpwnam().
- auth_util code to deal with groups upgraded to deal with non-winbind domain
members again.
Andrew Bartlett
(This used to be commit 74b5436c75114170ce7c780c19226103d0df9060)
|
|
(This used to be commit 77e1178a888f0d380a5ef94911a8f07bf04a7ba3)
|
|
- setenv() replacement
- mimir's ASN1/SPNEGO typo fixes
- (size_t)-1 fixes for push_* returns
- function argument signed/unsigned correction
- ASN1 error handling (ensure we don't use initiailsed data)
- extra net ads join error checking
- allow 'set security discriptor' to fail
- escape ldap strings in libads.
- getgrouplist() correctness fixes (include primary gid)
Andrew Bartlett
(This used to be commit e9d6e2ea9a3dc01d3849b925c50702cda6ddf225)
|
|
* never save a pointer to an automatic variable (they go away)
implement a deep copy for SPOOLSS_NOTIFY_MSG to correct
messages being sent that have junk for strings;
fix in response to changes for CR 1504
(This used to be commit ffda9e2480414c7ed6156958f516e0d1f3c61350)
|
|
(This used to be commit fcc7a197b1ec85f9492e335a824317a904b0c919)
|
|
(This used to be commit d9c485b01017594d113502f9de2248d6c120cfa3)
|
|
(This used to be commit 3a912bee74ab8c3e66e9cb0f60e0964411763d8d)
|
|
(This used to be commit 7d48ad967cc767dba3301f81c1488f53107efa34)
|
|
Move configure and include/config.h.in out of CVS.
Andrew Bartlett
(This used to be commit 482465bbaf4088c06caeaab5b9fe42f11a7e2470)
|
|
(This used to be commit f91d4c8fd3820da751b13babc6b8f98a610fcc6e)
|
|
(This used to be commit e9f56a157bd472914eebf64fde586104d8274717)
|
|
Jeremy.
(This used to be commit e79dc0dade1ab1c9f8b3af5c01248bda70cfd582)
|
|
the dog again.
(This used to be commit 6f89ee2c9dc7f03e3dbe7aa734bf67c6a434d135)
|
|
level 2 and a request for open with no oplock is received then the
smbd should send *synchronous* break messages, not asynchronous,
otherwise it spins very rapidly, releasing the lock, sending the
'break to none' messages and then re-acquiring the lock before
any other process has a chance to get the lock and remove it's own
oplock (at least on linux).
Jeremy
(This used to be commit 33e3e863eb7f35b852384e689f3272784261fc39)
|
|
Jeremy
(This used to be commit 49739be1e2f047fa2cc2fd42eadb190a82114485)
|
|
Jeremy.
(This used to be commit 30a33920b4d834edc877cc0080291fbda983083a)
|
|
- NTLMSSP over SPENGO (sesssion-setup-and-x) cleanup and code refactor.
- also consequential changes to the NTLMSSP and SPNEGO parsing functions
- and the client code that uses the same functions
- Add ntlm_auth, a NTLMSSP authentication interface for use by applications
like Squid and Apache.
- also consquential changes to use common code for base64 encode/decode.
- Winbind changes to support ntlm_auth (I don't want this program to need
to read smb.conf, instead getting all it's details over the pipe).
- nmbd changes for fstrcat() instead of fstrcpy().
Andrew Bartlett
(This used to be commit fbb46da79cf322570a7e3318100c304bbf33409e)
|
|
Jeremy.
(This used to be commit 1b71786c161cd8ec4c3c0c6b178370ed50feeef4)
|
|
Jeremy.
(This used to be commit 85dda434763bbcea260c800599e4b6b73afcf174)
|
|
kerberos_verify...
Jeremy.
(This used to be commit e8c4098da619a1429cc4c8251761333a7c0f3458)
|
|
if no kerberos selected. Noticed by Metze.
Jeremy.
(This used to be commit 0c98f779f05431ac4d298c9f021fca85d16aebae)
|
|
Jeremy.
(This used to be commit a7ee6ed64500a0d949849da6996b7dc837518f00)
|
|
to add a function without an explicit #ifdef HEIMDAL which I'm trying
to avoid.
Jeremy.
(This used to be commit 92ecd0bf0fe2cc4f6c86ca48e6e458e726470a50)
|
|
Jeremy.
(This used to be commit daf179bcd6297b525bfc644efb154734723f4d58)
|
|
Jeremy.
(This used to be commit 4333be5732de07786254382a4aa41333783d81b5)
|
|
detect for now, I still have vague hopes of hiding the differences
between MIT and Heimdal with a compatibility layer....
Jeremy.
(This used to be commit 54d83de8a23937f1d8179a7e2596df3c50785618)
|
|
(This used to be commit 1df9f3e259b5ba190de7a123a79b3afcd2bfe489)
|
|
*sync up configure.in
*don't build torture tools in make all
*make sure to remove torture tools as part of make clean
(This used to be commit 0fb724b3216eeeb97e61ff12755ca3a31bcad6ef)
|
|
(This used to be commit 7a4c87484237308cb3ad0d671687da7e0f6e733b)
|
|
used to be commit 619877ce031f3193065b51b8684ffbbe893b132f)
|
|
eliminate the dependency on the auth subsystem. The next step is to add
the required code to 'ntlm_auth', for export to Squid etc.
Andrew Bartlett
(This used to be commit 9e48ab86da40e4c1cafa70c04fb9ebdcce23dfab)
|
|
principal similar to the existing cli_lsa_enum_privsaccount() call,
except that cli_lsa_enum_account_rights() doesn't require a call to
open_account first. There is also the minor matter that
cli_lsa_enum_account_rights() works whereas
cli_lsa_enum_privsaccount() doesn't!
this call can be used to find what privileges an account or group
has. This is a first step towards proper privileges support in Samba.
(This used to be commit 65bac11d716f873dcdbda528313c33634c26a072)
|
|
(This used to be commit 82e4bb598c9fc26eaa090687d0daa6505fa0d550)
|
|
- fstring/pstring mixups
- the detection code that found them (disabled)
- a bit of whitespace
- a static
Andrew Bartlett
(This used to be commit 9b70fa868e7d9481f584c83fc4046174e1dedfd9)
|
|
We need to fix some 'overmalloc' cases before it can be enabled by default.
Andrew Bartlett
(This used to be commit 2c2c52a18be1bd0a5ae1f4a48b1d9e18f4887dda)
|
|
1. reboot in parse_reg and cli_reg was shadowing a definition on FreeBSD
4.3 from system includes.
2. Added a bit of const to places.
3. Made sure internal functions were declared where needed.
(This used to be commit fd847aa93690eb72f0437a8d22c03b222eb2a016)
|