| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
source/rpc_parse/parse_lsa.c
- off by one unistr length bug in init_lsa_trans_name()
source/lib/util_sid.c
- resolve more BUILTIN sid values to names.
source/nsswitch/wb_client.c
- fix typo in debug message
- set errno on error so we don't get bogus value from last failure.
source/rpc_server/srv_spoolss_nt.c
- add debug to track number of open printer handles for ease of
tracking handle leaks in the future.
source/rpc_server/srv_lsa.c
- fix off-by-one string bug. This was preventing NT from
displaying names for well-know SIDs in printer permissions
dialog.
(This used to be commit 59229b9025cff54cbdd05e374616ffbf9c6fee33)
|
|
source/nsswitch/winbindd_idmap.c
- convert tdb key to unix code-page when generating
(This used to be commit 3b9e68d6806b039d284533b64f9c41c9d4790a8b)
|
|
testsuite/printing/psec.c
- Use lock directory from smb.conf parameter when peeking at the
ntdrivers.tdb file.
source/rpc_parse/parse_sec.c
- fix typo in debug message
source/script/installbin.sh
- create private directory as part of 'make install'.
source/nsswitch/winbindd_cache.c
source/nsswitch/winbindd_idmap.c
source/passdb/secrets.c
source/smbd/connection.c
- always convert tdb key to unix code-page when generating.
source/printing/nt_printing.c
- always convert tdb key to unix code-page when generating.
- don't prepend path to a filename that is NULL in
add_a_printer_driver_3().
source/rpc_server/srv_spoolss_nt.c
- always convert tdb key to unix code-page when generating.
- don't prepend server name to a path/filename that is NULL in the
fill_printer_driver_info functions.
source/printing/printing.c
- always convert tdb key to unix code-page when generating.
- move access check for print_queue_purge() outside of job delete
loop.
source/smbd/unix_acls.c
- fix for setting ACLs (this got missed earlier)
source/lib/messages.c
- trivial sync with appliance_head
(This used to be commit 376601d17d53ef7bfaafa576bd770e554516e808)
|
|
source/Makefile.in
- changes to ctags and etags rules that somehow got lost along the way.
source/include/proto.h
- make proto
source/smbd/sec_ctx.c
source/smbd/password.c
- merge debugs for debugging user groups and NT token stuff.
source/lib/util_str.c
- capitalise domain name returned from parse_domain_user()
source/nsswitch/wb_client.c
- fix broken conditional in debug statement.
source/include/rpc_secdes.h
source/include/rpc_spoolss.h
source/printing/nt_printing.c
source/lib/util_seaccess.c
- fix printer permission bugs related to ACE masks for printers.
This adds mapping of generic access rights to object specific
rights for NT printers. Still need to work out whether or not to
ignore ACEs with certain flags set, though. See comments in
util_seaccess.c:check_ace() for details.
source/printing/nt_printing.c
source/printing/printing.c
- use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER
until we sort out printer/printjob permission stuff.
(This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0)
|
|
printer_access_check to break in a domain environment.
Jeremy.
(This used to be commit 0fc1a461504f87c145f5f91189bd767989c488f2)
|
|
(This used to be commit 7b8c03de1fd1461d4c65c0d7100f9519e08d1b24)
|
|
falling back to the UNIX calls on error. This should fix all problems with
smbd enumerating all users in all groups in all trusted domains via winbindd.
Also changed GETDC to query 1C name rather than 1b name as only the PDC
registers 1b.
Jeremy.
(This used to be commit 5b0038a2afd8abbd6fd4a58f5477a40d1926d498)
|
|
Jeremy.
(This used to be commit c7c90c83372df53eac0f3779dffedd4b28c8c757)
|
|
when looking up the WINS server address.
Please *don't* use lp_wins_server() any more!
The wins_srv_ip() function has the following features:
- If the WINS server was entered as a DNS name then the translation to an
IP address will already have taken place. We used to do this every time
a call to the WINS server was made. Ick.
- The return value of wins_srv_ip() is a struct in_addr. Ready to go.
- When WINS failover is fully implemented, you'll be able to enter a colon-
separated list of WINS servers via the WINS SERVER parameter. Using
lp_wins_server() directly will fail if this syntax is used.
Chris -)-----
(This used to be commit 56be7c2a49a8a918318a70843fff4e89ec10d0d3)
|
|
(This used to be commit 5f3cf2eb78bfa6fb00890d449d38e9f13964712c)
|
|
functionality. This is much faster than inverting the group database.
Added client side command for this to wbinfo.
(This used to be commit e87b2d3d1fb84311d83d21a76900f994e4ff71dd)
|
|
Jeremy.
(This used to be commit 6696bf203c90dc20c00b47737f5ea1d9b8e23d75)
|
|
(This used to be commit 3fb2e94c4430c570639c0e4d1caeed3a19bbd09b)
|
|
(This used to be commit 178e6971005505d2debd74b761ecfaa982336a53)
|
|
(This used to be commit ec7f7e350dc1dfa757436cb0efe777c3e0719877)
|
|
Jeremy.
(This used to be commit d131ad1ce3f6e72e295f865a463f8dcbfa6f8d42)
|
|
The motivation for this system is to replace the UDP message for
oplocks, but this commit only does the "set debug level" message.
(This used to be commit 2a34ee95f3929cff131db6c5a2b4820194c05b2d)
|
|
Jeremy.
(This used to be commit 8317d70a35086c5539e67d60cbcf937b6ce0932c)
|
|
(This used to be commit 156e17dea48962bca98a3f7d1e876eb6047ebc8a)
|
|
Jeremy.
(This used to be commit 81c5380f91839b6416c8a42739dadf00e7388528)
|
|
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.
All Samba should use these rather than trying to call winbindd code
directly.
Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.
se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.
More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.
More thoughts needed - but we're almost there...
Jeremy.
(This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
|
|
string), the wins_srv module now hands back a struct in_addr when it's
called. It caches the IP address once it has been looked up. The IP
is cleared (and must be looked up again) if the 'wins server' parameter
is reread, or if the node is marked 'dead'. A dead node will not be
re-tried for 10 minutes (per a #define in wins_srv.c).
As it was, the code was reading the WINS server name or IP directly from
lp_wins_server. That's okay, except that if the value was expressed as
a name, then a DNS lookup would be done every time the client wanted to
talk to the server.
I still need to work out the implications of failover regarding the
'unicast subnet' list.
Chris -)-----
(This used to be commit 73aa188320fd3bf10b5dfc057323f40aff2c13bd)
|
|
*Note: failover doesn't actually work yet!* It's just that the code I'm
adding provides all of the pieces necessary.
I do have one big question. Something that I'll have to ask Jeremy, I'm
thinkin'. In nmbd/nmbd_subnetdb.c the IP of the WINS server is used to
set up the Unicast subnet.
...so what happens if the WINS server changes?
My guess is either:
a) nothing.
b) I'd have to change the unicast subnet entry whenever the WINS server
changes.
Urq.
BTW, the lp_wins_server() function no longer returns the WINS server name
or IP. It returns the list of WINS servers entered in smb.conf. To get
the currently 'live' WINS server, use the wins_srv() function.
Fun, eh?
Chris -)-----
(This used to be commit cc08bdc74f4cd111fdc582ee7babef47ed8a950d)
|
|
Initialise response structure correctly.
(This used to be commit 587c8e58fdd79dce47fb59ce702596ea58c8b4a6)
|
|
Jeremy.
(This used to be commit d85deb9e4e9c9784006292d3cb5a6b7b408ff972)
|
|
nsswitch/wb_client.c
Merge of nsswitch/common.c rename to nsswitch/wb_common.c from TNG.
(This used to be commit f866c18f6be65db67d9d2a6c0b42e1af3b421e6c)
|
|
(This used to be commit 659e4d88ff9dbf1fa9cd8904470c4a8d02d8674b)
|
|
(This used to be commit d9041958558fc8e3c7b0491eb0f7e45bee9d19c5)
|
|
(This used to be commit b46fc0ed040ff24bb4e348904fdb0e9788364837)
|
|
Jeremy.
(This used to be commit 711f15ac230092bac000e63f99e8dfaa4a644847)
|
|
(This used to be commit e5cb97dda89fe23612b75861232591e4831733e0)
|
|
(This used to be commit e49550b975dd407a1a8538c9885e036e400b7714)
|
|
of tdb_{store,get}_int() to store the length of the string key + 1 so the
stored key contains the trailing NULL character. This allows normal
string library routines to manipulate keys.
Also renamed tdb_get_int() to tdb_fetch_int() to keep the set of verbs
consistent.
(This used to be commit a423c7c5f21dc4046530b85482dee88dcfcbf070)
|
|
(This used to be commit 0189af544244d7d20e4042cd1238f370968cb7a9)
|
|
- finished ntdom -> winbind rename in head
(This used to be commit ada483cb56453afc6df4ec4be18bfe5e943c7150)
|
|
renamed ntdom to winbind
I think that using winbind in /etc/nsswitch.conf is better than ntdom
(This used to be commit 80f85b5359c26dc26f8f88b984f27cfa4ac34e61)
|
|
(This used to be commit 5a617c013cce65434d315dc33279a4bc28dc63de)
|
|
this adds "#define OLD_NTDOMAIN 1" in lots of places. Don't panic -
this isn't permanent, it should go after another few merge steps have
been done
(This used to be commit 92109d7b3c06f240452d39f669ecb8c9c86ab610)
|
|
it is now at the stage that winbindd can compile in the head branch,
but not link
(This used to be commit d178c00aae77710ae6ff20a7f54a30e3bd8232bb)
|
|
(This used to be commit 3cac3ccf047ce9a5c28916f9a2b1b3d38741e373)
|
|
this does not yet compile, but I'm working on that.
(This used to be commit 3fb862531a4e78dca13d16d958517b16e5bdd4e2)
|
|
(This used to be commit c78deb1d229bd301be483a256f1fd2047cec6120)
|
|
in a /etc/nsswitch.conf hosts line.
Only tested on RH6.1, but should work on a broad range of Linux
distributions. It could probably be made to work with Solaris pretty
easily.
It does not build by default. Build it with "make nsswitch"
(This used to be commit 4058eb5bffeec539f71786580376419ea5749351)
|
