Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit bb1aa5e1d2e4f71dfaab0ade24ed15d1b5fdfc33)
|
|
Went through and checked all string_subs I could to ensure they're being
used correctly.
Jeremy.
(This used to be commit 17cae0d683be404be69554cd0e84117bdcc56c87)
|
|
code
(This used to be commit 91ad9041e9507d36eb3f40c23c5d4df61f139ef0)
|
|
(This used to be commit 514b91827a970a0041314af341b8c66a01668e4a)
|
|
warning
(This used to be commit 98a119ee58286b708a54dcba9ffcfbdcf8cb6bba)
|
|
'valid.dat' warning
(This used to be commit 57101ef770e34ef9fd2ddcb5d9c9e9ad050e5e3d)
|
|
(This used to be commit 9a3e323ec261a1ee3a83f8c558583c3d4a53e06a)
|
|
We now cope wiith multiple WINS groups and multiple failover servers
for release and refresh as well as registration. We also do the regitrations
in the same fashion as W2K does, where we don't try to register the next
IP in the list for a name until the WINS server has acked the previos IP.
This prevents us flooding the WINS server and also seems to make for much
more reliable multi-homed registration.
I also changed the dead WINS server code to mark pairs of IPs dead,
not individual IPs. The idea is that a WINS server might be dead from
the point of view of one of our interfaces, but not another, so we
need to keep talking to it on one while moving onto a failover WINS
server on the other interface. This copes much better with partial
LAN outages and weird routing tables.
(This used to be commit 313f2c9ff7a513802e4f893324865e70912d419e)
|
|
accept an extended syntax for 'wins server' like this:
wins server = group1:192.168.2.10 group2:192.168.3.99 group1:192.168.0.1
The tags before the IPs don't mean anything, they are just a way of
grouping IPs together. If you use the old syntax (ie. no ':') then
an implicit group name of '*' is used. In general I'd recommend people
use interface names for the group names, but it doesn't matter much.
When we register in nmbd we try to register all our IPs with each group
of WINS servers. We keep trying until all of them are registered with
every group, falling back to the failover WINS servers for each group
as we go.
When we do a WINS lookup we try each of the WINS servers for each group.
If a WINS server for a group gives a negative answer then we give up
on that group and move to the next group. If it times out then
we move to the next failover wins server in the group.
In either case, if a WINS server doesn't respond then we mark it dead
for 10 minutes, to prevent lengthy waits for dead servers.
(This used to be commit e125f06058b6b51382cf046b1dbb30728b8aeda5)
|
|
(This used to be commit d03efabc4dca842cafcd0edfa1eaa5b4d3e821b6)
|
|
(This used to be commit 68be27cfea938d7f91a8ce1da39eb86c577f7719)
|
|
cache the result!)
(This used to be commit fc8aa198b16da24b68e45982eb45dd7d5fd089e1)
|
|
gives us a good grounding to properly support multiple wins servers
for different interfaces (which will be coming soon ...)
- fixed our wins registration failover code to actually do failover!
We were not trying to register with a secondary wins server at all
when the primary was down. We now fallback correctly.
- fixed the multi-homed name registration packets so that they work
even in a non-connected network (ie. when one of our interfaces is not
routable from the wins server. Yes, this really happens in the real
world).
(This used to be commit a049360d5b0d95a935b06aad43efc17d34de46dc)
|
|
spinning if a signal is received at an inconvenient moment
(This used to be commit d8d7dd523d897ea25a572c8f21903e94e8485404)
|
|
(This used to be commit de00428ef12b597e5c29896bf961cfd7a1e122dd)
|
|
(This used to be commit c29cef7f3408714d4e6e18906760d74016c6748f)
|
|
(This used to be commit 897e64d2e0c1d04ab93441ccaffe369bf43be46e)
|
|
(This used to be commit 29874f4b8fecdc7cbd84d656dafce54cca49e0b1)
|
|
(This used to be commit 41f036ab37274ce7cdd782ead764dd1a36ecba1d)
|
|
paths handle the rest later.
Andrew Bartlett
(This used to be commit 09754ec797c4232d2016c7eff2e74044f28ebb7c)
|
|
(This used to be commit 957c865cee7f799145f9f1d30dfd0d0a25d826cf)
|
|
The aim of this execise is to give the 'security>=user' code a straight paper
path. Security=share will sill call authorise_login(), but otherwise we avoid
that mess.
This allow *much* more accurate error code reporting, beocuse we don't start
pretending that we can use the (nonexistant) password etc.
Also in this patch is code to create the 'homes' share at session setup time
(as we have done in the past - been broken recently) and to record this on
the user's vuser struct for later reference. The changes here should also
allow for much better use of %H (some more changes to come here).
The service.c changes move a lot of code around, but are not as drastric
as they look...
(Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not
'*total_entries' was compared).
This code is needs testing, but passes my basic tests.
I expect we have lost some functionality, but the stuff I had expected
to loose was already broken before I started. In particular, we don't 'fall
back' to guest if the user cannot access a share (for security=user). If you
want this kind of stuff then you really want security=share anyway.
Andrew Bartlett
(This used to be commit 4c0cbcaed95231f8cf11edb43f6adbec9a0d0b5c)
|
|
It extends the 'server mutex' to conver security=server, becouse the connection
race condition exists here too, and while people *should* use security=domain,
some sites don't....
(This probably should be done in 2.2 as well).
Also, start to actually extract and use the information that the remote
server returns in the info3 struct.
The server mutex code is now in a new file.
Andrew Bartlett
(This used to be commit 9b0dabdf4ec3bb45879caae76e03b57ccdad8b4b)
|
|
use the silly cache any more. Also add group functions and fix a few callers.
Andrew Bartlett
(This used to be commit 41d4b94077c118ecde2bf8792b9bb7ab71c6403e)
|
|
and renamed to str_list_* as it is a better name.
Elrond should be satisfied now :)
(This used to be commit 4ae260adb9505384fcccfb4c9929cb60a45f2e84)
|
|
rather than a string when configuring mulitple backends.
Also adjust some of the users of get_global_sam_sid() to cope with the fact
that it just might not exist (uninitialised, can't access secrets.tdb).
More places need conversion.
Add some const and remove silly casts.
Andrew Bartlett
(This used to be commit c264bf2ec93037d2a9927c00295fa60c88b7219d)
|
|
modifications required to suppress the const warnings.
Andrew Bartlett
(This used to be commit ec4f1e9e2f6c162a475b424d63b9802387ad905e)
|
|
Andrew Bartlett
(This used to be commit 29490f214750acd44cee6c4ab1354722d82d853a)
|
|
Jeremy.
(This used to be commit aa0a6f5532a2689409426eef9a4b66a28fb97635)
|
|
to using SIDs instead of RIDs.
The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument.
The idea here is to prevent mistakes where the SID is implict, but isn't
the same one that we have in the struct.
Andrew Bartlett
(This used to be commit 04f9a8ff4c7982f6597c0f6748f85d66d4784901)
|
|
O'Connor(billy@oconnoronline.net)
(This used to be commit 88718883e031a3249152861300432dfc895ac587)
|
|
the (now static) global_sam_sid.
The only place it was being used was to return global_sid_NULL to some
uid->sid functions - and I'm not convinced this is correct in any case.
Andrew Bartlett
(This used to be commit e2a76a7fc94dd59c09bba3cda91446fad9f8c0e0)
|
|
initialising function. This patch thanks to the work of
"Stefan (metze) Metzmacher" <metze@metzemix.de>
This is partly to enable the transition to SIDs in the the passdb.
Andrew Bartlett
(This used to be commit 96afea638e15d4cbadc57023a511094a770c6adc)
|
|
a file that is linked with the passdb.
This is to avoid linking insanity when this global becomes a self-initing
function.
(This used to be commit 743afd96cb54b4966e3afad11ea987f968b98651)
|
|
(This used to be commit ce2ddb70411b30a0d6b2d6dded13c3b94895c1dd)
|
|
(This used to be commit 39ec94bffe536de5950611d6e4b28621b6aff844)
|
|
see any include file that is guaranteed to be here, so I'm defining it
locally. Fixes AIX and Solaris builds.
(This used to be commit ca6bb47c22385a2c32be6ac3f8d9ffbfda45359b)
|
|
functions
(This used to be commit 1cf3228fdc20f0314d1f8e71ad710a5e548b3f72)
|
|
to correctly allow password changes on expired passwords. (No security
implications, as its just a 'will I let you talk to the server' check).
pam_winbind checks the password prior to changing it, so that users don't
have to make up and type their new password when they havn't even got the
old one right. This also helps with stacking etc.
Andrew Bartlett
(This used to be commit 2b78d493002a3ba13533429c6a14f5c0a92f43d1)
|
|
(This used to be commit 44df5a13bc83dc331caa6788cf0805333ed79f8d)
|
|
Importantly:
The removal of the silly 'delete user script' behaviour when secuity=domain.
I have left the name the same - as it still does the (previously documented,
but not in smb.conf(5)) sane behaviour of deleting users on request.
When we decide what to do with the 'add user' functionality, we might
rename it.
Andrew Bartlett
(This used to be commit cdcfe3671eb7570e15649b77f708e6579055e7bc)
|
|
Make it static (till sombody needs its...)
(This used to be commit 89dc15732062b46276d1d7a155954ee565070491)
|
|
Jeremy.
(This used to be commit 5c8351228c55f2403214351f6fd16fe231aee917)
|
|
These might be reimplmented as simple pass-through functions, but all users
really should be doing 'getpwnam_alloc' or 'getpwuid_alloc' to ensure that
there are not shared static buffers.
I don't beleive we actually need a getpw*() cache inside samba - if we do
then I think we should look at our code design first.
(some of these changes are for platforms I don't have access to, but
they look sane)
Andrew Bartlett
(This used to be commit 9d8431b04f41dceffe4c45cc969472ee59f7282f)
|
|
Make some code static, add some const to the PAM code, and make the plaintext
password code actually function - particulary without the requirement to
modify the 'struct passwd' (which it assumed was made up of fstrings)
This kills some particularly ugly code in lib/util_pw.c
Andrew Bartlett
(This used to be commit 302dad4990ba5194f072e435465d9adaa089ae06)
|
|
the DATA_BLOB code into its own file.
It would be nice to go over some of the other util.c functions, and check
that we still use them all, and that we use them in more than one place.
Andrew Bartlett
(This used to be commit d0ea70fce55df9a5b5878f50fce7bc115ffb37c2)
|
|
(This used to be commit 2424578c298ea11f67415bcfe2928353cd95819b)
|
|
(This used to be commit 793d9306e29ddd23e3f52736b5cd558b5d058611)
|
|
(This used to be commit 84ea2a434b510ed49838a04a4b30bd2fc9ec5673)
|
|
this is a first step only passdb stuff has beein "classized".
- so what can you do?
set debug level to: 1 poasdb:10
that will make all the code run at debug level 1 except the code in
passdb/* files that will run at level 10
TODO: fix the man page
- also smbcontrol has this nice feature so smbcontrol smbd debug 3 passdb:5
will set every smbd to have a default log level of 3 while passdb stuff
will be at level 5
and so no..
minor cosmetic fix to pdbedit is there too
(This used to be commit be5c3b3f5781ddc002ffcc98df04ab024dcef4ca)
|