| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The global winbind file descriptor can cause havoc in some situations -
particulary when it becomes 0, 1 or 2. This patch (based on some very nice
work by Hannes Schmidt <mail@schmidt-net.via.t-online.de>) starts to recitfy
the problem by ensuring that the close-on-exec flag is set, and that we move
above 3 in the file descriptor table.
I've also decided that the PAM module can close it's pipe handle on every
request - this isn't performance-critical code.
The next step is to do the same for nss_winbind. (But things like getent()
might get in our way there).
This also cleans up some function prototypes, puts them in just one place.
Andrew Bartlett
(This used to be commit 442eb39657b98f67cd229ed3110b63aae8bf4e3c)
|
|
#ifdef mess...) in readline.c, we don't need or use them in the rest of Samba.
(This OK was of course conditional on 'if you break it, you better fix it...')
Andrew Bartlett
(This used to be commit 55ee289f587f107fa03c5f889491fdaab101df2d)
|
|
SAM_ASSERT if we are not going to crash.
(This used to be commit f91fcb166107e45ffb3de95a3da65c79992341eb)
|
|
of my own changes.
In particular: I've added a SAM_ASSERT macro. This expands to either
SMB_ASSERT() (which should help us track down bugs) or a return of
NT_STATUS_CHECK_FAIL.
Metze's changes are mostly to bring the code into line with current discussions
on things like adding users/groups, flags etc.
I've adjusted a fair bit of the 'const' in the SAM stuff. Const is currently
used only for pointers, not for local variables or non-pointer paramters. The
benifits and reasons for extending this further need discussion on
samba-technical.
Also, some of the 'context' paramters should not be const, to allow backend
modules to do fancy caching etc in them.
Andrew Bartlett
(This used to be commit e13bc432628a6131be082caedc75cd8a3d206e5a)
|
|
(This used to be commit 601b56e04fddd9ddfb9be5b0a625d6d279df7f4c)
|
|
to extend the ADS_STATUS system to include NTSTATUS, and to provide a better
general infrustructure for his sam_ads work.
I've also added some extra failure mode DEBUG()s to parts of the code.
NOTE: The ADS_ERR_OK() macro is rather sensitive to braketing issues - without
the final set of brakets, the test is essentially inverted - causing some
intersting 'error = success' messages...
Andrew Bartlett
(This used to be commit 5b9a7ab901bc311f3ad08462a8a68d133c34a8b4)
|
|
syslog() since Paul Green's POSIX patch.
(This used to be commit d3b29b0b2d2ffd5c050900ff8cae441b91f95526)
|
|
in includes.h
Andrew Bartlett
(This used to be commit ed184ed1905b49956528b6835f48a69ba3c1a045)
|
|
applicable any more.
Jeremy.
(This used to be commit 8828e2ea3c668aab6cda1b4be9a7e4ce1c23ca81)
|
|
sending broadcast messages. Also initial cut-down of printing notify
messages (not yet finished).
Jeremy.
(This used to be commit aca333719695b278843c59e1c6eb07d6655fd59c)
|
|
pointers.
(This used to be commit e9b71b354d923b2cd0f028dd197e7ca81339ec3a)
|
|
(This used to be commit f435bf0095694a283db47e33c9eb1b5b6df13d03)
|
|
we now do this:
- look for suported SASL mechanisms on the LDAP server
- choose GSS-SPNEGO if possible
- within GSS-SPNEGO choose KRB5 if we can do a kinit
- otherwise use NTLMSSP
This change also means that we no longer rely on having a gssapi
library to do ADS.
todo:
- add TLS/SSL support over LDAP
- change to using LDAP/SSL for password change in ADS
(This used to be commit b04e91f660d3b26d23044075d4a7e707eb41462d)
|
|
- Rename user -> account
- Add sam_* functions (api.c)
- Several small fixes
(This used to be commit eafcc387045f4f265631a952297caf3f6db779d8)
|
|
Jeremy.
(This used to be commit df3e467eb7cce059782870bfec222293577c4f69)
|
|
(This used to be commit 6395c34f2f981d59b761d8615851a8fd54c1c304)
|
|
might be ugly, etc - please don't blame me for anything but instead try to fix
the code :-). Compiling of the new sam system can be enabled with the
configure option --with-sam
Removing passdb/passgrp.c as it's unused
fix typo in utils/testparm.c
(This used to be commit 4b7de5ee236c043e6169f137992baf09a95c6f2c)
|
|
(This used to be commit a760bca56a55b119cf399c5ac6f8b0db418be2e0)
|
|
Jeremy.
(This used to be commit 095e2bf9469a4c26814fb049f2870983c090ed81)
|
|
- SAM_DELTA_RENAME{USER,GROUP,ALIAS}
- SAM_DELTA_DELETE{USER,GROUP}
Renamed some of the unknown delta types and their unmarshalling functions:
- SAM_DELTA_TRUST_DOMS
- SAM_DELTA_SECRET_INFO
(This used to be commit 1f29276c2ff450c4ca3705c27fb0be71ddcda4ad)
|
|
(This used to be commit 78cfbebc69fb15326d8f6dbbce1090c301a1f270)
|
|
(This used to be commit 9b49d97b94a7e3842cdcbfa4ebfa961586857aea)
|
|
J.F.
(This used to be commit 2f68d6f5ec925f07a387f784db6de0cfbaa53278)
|
|
(This used to be commit addf29e6765393b25c35bd833d29e29e4581c233)
|
|
(Wrapping to zero does not create problems in this cache)
Andrew Bartlett
(This used to be commit c58e3d5c7d78dd02584b1490a27f7007e11b8712)
|
|
Jeremy.
(This used to be commit e53a81261ed189881c0f07e1b46f97aa6770cab7)
|
|
(This used to be commit c9ffc416aeee2610fdc896a9d41dac182039a5f9)
|
|
our authenticaion code - removing some of the duplication from the current
code.
This also gets us *much* closer to supporting a real SAM backend, becouse the
SAM can give us the right info then.
This also changes our service.c code, so that we do a VUID (rather than uid)
cache on the connection struct, and do full NT ACL/NT_TOKEN checks (or cached
equivilant) on every packet, for the same r or rw mode the whole share was open
for.
Andrew Bartlett
(This used to be commit d8122cee059fc7098bfa7e42e638a9958b3ac902)
|
|
(This used to be commit 341bb9fb78a2e750f05a902e020ba352e26ca030)
|
|
we still need to parse the core of the structure
(This used to be commit 6780ae25bf7ca291f612682dec7ee7ff44c24bef)
|
|
than SPOOL_PRINTERDATA_KEY
* created an internal set/get_printer_dataex() call for reuse in
Set/GetPrinterData()
(This used to be commit 4eb8ffba032971cf83a0fcec7ca3730b4ded0bf0)
|
|
(This used to be commit 227472286f479bddfac7ea958b779fc4459a9e1e)
|
|
(This used to be commit be5a649ed4c06aa1ffb709f1d3ff8ed26919bf1c)
|
|
add SPOOL_PNPDATA_KEY define
(This used to be commit cdaa3f55e1fcc38b1d7a63d502a9fea3b92bf193)
|
|
* removed support for PHANTOM_DEVMODE printer data
* s/NT_PRINTER_PARAM/REGISTRY_VALUE/g - This was a good bit
of work. Everything seems stable, but is not complete.
* support for printer data keys other than PrinterDriverData
in the store and fetch routines. Still needs to be plugged
into the XxxPrinterDataEx() calls.
Tested against NT4.0 & 2k. Like I said, it's not done, but doesn't
crash so it shouldn't upset anyone (unless you're trying to build
a Samba printer server off of HEAD). More work to come. Should
settle by Monday.
jerry
(This used to be commit 7ba7c04c0e961618c82c2112b9627af114c6cc42)
|
|
Remove 9th place leading zero from some constants.
(This used to be commit 876e7b2bf45aad40282fd0ccddadf01df23d8d41)
|
|
(This used to be commit 11ddfd9cfa550dcd3186c8aaf0cc038ce7f1791f)
|
|
(This used to be commit 0118e459b603a991f23d48cfd7f5e68c4374f950)
|
|
if you have an ADS DC.
(This used to be commit 059a352ebb7c7286d205bc86a92f5fd26ab1ff8e)
|
|
existing connect (which I've been told is really connect2), with one
extra dword. We've only seen 0x00000002 there...
(This used to be commit 266344634944dff30f56453f9d86c490e7ac7a55)
|
|
setups.
- split up the ads structure into logical pieces. This makes it much
easier to keep things like the authentication realm and the server
realm separate (they can be different).
- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)
- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0
- completely rewrote the code for finding the LDAP server. Now try DNS
methods first, and try all DNS servers returned from the SRV DNS
query, sorted by closeness to our interfaces (using the same sort code
as we use in replies from WINS servers). This allows us to cope with
ADS DCs that are down, and ensures we don't pick one that is on the
other side of the country unless absolutely necessary.
- recognise dnsRecords as binary when displaying them
- cope with the realm not being configured in smb.conf (work it out
from the LDAP server)
- look at the trustDirection when looking up trusted domains and don't
include trusts that trust our domains but we don't trust
theirs.
- use LDAP to query the alternate (netbios) name for a realm, and make
sure that both and long and short forms of the name are accepted by
winbindd. Use the short form by default for listing users/groups.
- rescan the list of trusted domains every 5 minutes in case new trust
relationships are added while winbindd is running
- include transient trust relationships (ie. C trusts B, B trusts A,
so C trusts A) in winbindd.
- don't do a gratuituous node status lookup when finding an ADS DC (we
don't need it and it could fail)
- remove unused sid_to_distinguished_name function
- make sure we find the allternate name of our primary domain when
operating with a netbiosless ADS DC (using LDAP to do the lookup)
- fixed the rpc trusted domain enumeration to support up to approx
2000 trusted domains (the old limit was 3)
- use the IP for the remote_machine (%m) macro when the client doesn't
supply us with a name via a netbios session request (eg. port 445)
- if the client uses SPNEGO then use the machine name from the SPNEGO
auth packet for remote_machine (%m) macro
- add new 'net ads workgroup' command to find the netbios workgroup
name for a realm
(This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
|
|
on both by default, and you can specify a list of ports to listen on
either with "smb ports = " in smb.conf or using the -p option to smbd.
this is needed for proper netbiosless operation.
(This used to be commit 5dee0a7b5e0fcb298a9d36661c80e60d8b9bcc3a)
|
|
is netbios and dns domain info. Also add code to set/fetch the domain GUID
from secrets.tdb (although set is not yet called by anyone).
(This used to be commit 31d7168530ccce2c5e9e7f96464b47f4d9771a25)
|
|
very useful in scripts
(This used to be commit fc0d5479b575c1f495b9251413eed18ec1e37e02)
|
|
Finally the cascaded VFS patch is in.
Testing is very welcome, specially with layered multiple vfs modules.
A big thank to Alexander Bokovoy for his work and patience :)
Simo.
(This used to be commit 56283601afe1836dafe0580532f014e29593c463)
|
|
is. I'm calling it REG_SAVE_KEY, because 2k preps a regedt32.exe
Registry->Save Key with this call.
Done in the process of tracking down a PrinterDriverData issue.
(This used to be commit 66104a361424f10cc986c597b91afa6f12b3cd8a)
|
|
This gets my test code working, where we previously failed with files
above 20G in size.
I'm still not completely happy with this. There are just too many
fields in trans2.c that we don't fill in.
(This used to be commit 7dfdb456d4c9bcf6ecb1f7e5c5e79989f95e5627)
|
|
(This used to be commit 4c664a0de89676cfb2b14a93d4e30aed04e29fe9)
|
|
Remove the n^2 search for valid 'tty' names from the sesion code when we
don't actually need it. Its main value is in getting 'well behaved'
numbers for use with utmp, so when we are not doing utmp we don't need
this to get in the way.
Andrew Bartlett
(This used to be commit 50507e131dac19485a2561f3448da7334e357f50)
|
|
to the Samba tree.
Originally written by Nigel Williams" <nigel@veritas.com>, I've been
trying to keep it in some form of shape for the last 6 months. In particular
I think some of the code got committed a few months ago, and others have made
changes to the CVS version over time.
anyway, its finally in - and doesn't appear to have broken anything.
Now to try the client-side patches :-)
Andrew Bartlett
(This used to be commit f9bac7c5c2c4ddf0bf39d596a7b922fbb17c6b16)
|
