Age | Commit message (Collapse) | Author | Files | Lines |
|
patches:
Andrew Bartlett
From his e-mail:
Below I attach the following patches as a result of my work
on trusted domains support:
1) srv_samr_nt.c.diff
This fixes a bug which caused to return null string as
the first entry of enumerated accounts list (no matter what
entry, it was always null string and rid) and possibly
spoiled further names, depeding on their length.
I found that while testing my 'net rpc trustdom list'
against nt servers and samba server.
2) libsmb.diff
Now, fallback to anonymous connection works correctly.
3) smbpasswd.c.diff
Just a little fix which actually allows one to create
a trusting domain account using smbpasswd
4) typos.diff
As the name suggests, it's just a few typos fix :)
(This used to be commit 888d595fab4f6b28318b743f47378cb7ca35d479)
|
|
I'm not sure that we need that "dummy" talloc init, but anyway...
Also, add some 'const' to the table of smb reply functions.
Andrew Bartlett
(This used to be commit 790b7c9ab82f930da66426e7a932d7365bd27725)
|
|
As noticed by Lev Iserovich <lev@ciprico.com> this seems to fix a problem
with oplock breaks and Win2k, and we are protected from problems by existing
code in trans2.c and nttrans.c
Jeremy.
(This used to be commit e3f7d6c03f100962395763a5066313d60b4761d0)
|
|
(This used to be commit 29874f4b8fecdc7cbd84d656dafce54cca49e0b1)
|
|
is that there are some times when we should return an EINTR from a select,
some times when we should not. As we can take a signal at any time, we
have to eat EINTR's in some selects. This means we need to check for
kernel oplock breaks more often in the main loop, as well as add the
queuing mechanism needed for the changenotify code (due to the mistake
in understanding POSIX semantics w.r.t. setting a signal mask in a
signal handler). This code now passes all my tests.
However, (and IMHO and I know tridge disagrees) - the correct way to
fix this is to run with RT signals blocked and explicitly unblock
them just before the main select, block them after and then process
them all in one place. Just my 2cents :-).
Jeremy.
(This used to be commit a8c85372e2826a07117c89b39270cde8641ce55d)
|
|
Jeremy.
(This used to be commit 5c8351228c55f2403214351f6fd16fe231aee917)
|
|
Jeremy.
(This used to be commit d4dbb9cb1338332bda3651dc4b86abcf47e9c2d2)
|
|
This option was badly maintained, useless and confused our users and
distirbutors. (its SSL, therfore it must be good...)
No windows client uses this protocol without help from an SSL tunnel.
I can't see any reason why setting up a unix-side SSL wrapper would
be any more difficult than the > 10 config options this mess added
to samba in any case.
On the Samba client end, I think the LIBSMB_PROG hack should be
sufficient to start stunnel on the unix side. We might extend this
to take %i and %p (IP and port) if there is demand.
Andrew Bartlett
(This used to be commit b04561d3fd3ee732877790fb4193b20ad72a75f8)
|
|
Jeremy.
(This used to be commit cad82926a8baf7605cef81f0e0d4daa8e527e6ee)
|
|
(This used to be commit 3bf4b42771d115500941be374bfdd9b8c2fdba4a)
|
|
processing work correctly in winbindd. This is a really good patch
that gives full select semantics to the Samba modified select.
Jeremy.
(This used to be commit 3af16ade173cac24c1ac5eff4a36b439f16ac036)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
than only doing unicode. smbfs didn't work.
(This used to be commit 95857a3515d67effb1242ca07daa5643458bb2f0)
|
|
Jeremy.
(This used to be commit 832b9e7838afc0a48932dd0622c7e2f7b7e44a8f)
|
|
Jeremy.
(This used to be commit 01ff6ce4963e1daff019f2b936cef218e1c93f67)
|
|
Jeremy.
(This used to be commit 274b04d4a6123fbfe363afc214e908ab36c7e8a7)
|
|
The auth_authsupplied_info typedef is now just a plain struct - auth_context,
but it has been modified to contain the function pointers to the rest
of the auth subsystem's components.
(Who needs non-static functions anyway?)
In working all this mess out, I fixed a number of memory leaks and moved the
entire auth subsystem over to talloc().
Note that the TALLOC_CTX attached to the auth_context can be rather long-lived,
it is provided for things that are intended to live as long. (The
global_negprot_auth_context lasts the whole life of the smbd).
I've also adjusted a few things in auth_domain.c, mainly passing the domain as
a paramater to a few functions instead of looking up lp_workgroup(). I'm
hopign to make this entire thing a bit more trusted domains (as PDC) freindly
in the near future.
Other than that, I moved a bit of the code around, hence the rather messy diff.
Andrew Bartlett
(This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
|
|
(This used to be commit 9a473ecf96fca35d146756c0c313b156aba8d9d9)
|
|
(This used to be commit b46d874f4736493bdc4244ec6cdf95e77347e7d5)
|
|
(This used to be commit e5b484451a37a9ac940b342d70791b09362070ee)
|
|
security
(This used to be commit 00e4f0c803c6376387c31efd01cf3437c589da9d)
|
|
(This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
|
|
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
(This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
|
|
(This used to be commit dfb8566220c3e90ca2b757ea124f53aed103269e)
|
|
(This used to be commit b16a15a13ed7d267c6366abaeeb3ccafa5776f5e)
|
|
Jeremy.
(This used to be commit 7c1688fd67c1bda1477aaf870371c825280db870)
|
|
Ensure make_conection() can only be called as root.
Jeremy.
(This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba)
|
|
loses things like username mapping. I wanted to get this in then
discuss it a bit to see how we want to split up the existing
session setup code
(This used to be commit b74fda69bf23207c26d8b2af23910d8f2eb89875)
|
|
Noticed by albert chin (china@thewrittenword.com) .
Jeremy.
(This used to be commit f5781f11eb924bdf32d20819c58a782493f4b239)
|
|
Jeremy.
(This used to be commit d1adaee373f08020d350af2aa65b7651da94bdae)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
(This used to be commit a95943fde0ad89ae3f2deca2f7ba9cb5ab612b74)
|
|
simultaneously.
Jeremy.
(This used to be commit 227325b2d63dad55cbcda9608fba676fb6ce5584)
|
|
that oplock break messages get priority over incoming client messages.
Jeremy.
(This used to be commit 1779f6a223dad87c3b8451d09b9808b46495a8b6)
|
|
major changes include:
- added NSTATUS type
- added automatic mapping between dos and nt error codes
- changed all ERROR() calls to ERROR_DOS() and many to ERROR_NT()
these calls auto-translate to the client error code system
- got rid of the cached error code and the writebmpx code
We eventually will need to also:
- get rid of BOOL, so we don't lose error info
- replace all ERROR_DOS() calls with ERROR_NT() calls
but that is too much for one night
(This used to be commit 83d9896c1ea8be796192b51a4678c2a3b87f7518)
|
|
smbds. This should fix one case of logs not getting rotated properly.
We may need to test this to make sure there is no big performance hit from
the extra stat call.
(This used to be commit 2501fe7c0436fc00f35271e2dce17fe541e97424)
|
|
fails.
Jeremy.
(This used to be commit 1f6e3d18cdf460eb2569b737813f94d22680553e)
|
|
lockingX calls - use that instead of smb_pid in the packet.
Jeremy.
(This used to be commit a3925cb9c6303ce24e5fecad6c8f3a0ba78b9ee0)
|
|
instead of a define
(This used to be commit e2ecff419fdc0a0dc7551b33b377dc11061ef2a3)
|
|
<ying@almaden.ibm.com>.
Jeremy.
(This used to be commit 08c168242364bf4d415f49d134e507a7e234611b)
|
|
(to allow unmount)
(This used to be commit 15b17a80db605a55f667c95fb7e316877a441887)
|
|
cleaned on clients abending connections. Thanks Andrew !
Jeremy.
(This used to be commit 1b3977c5367a0b713b194f369abd9872ae01ac2a)
|
|
Jeremy.
(This used to be commit cf5015f15935605cf69078bc15251db61ddc48c7)
|
|
we already have space for this we just need to understand the length correctly).
Jeremy.
(This used to be commit 19145bae720bbcc32dcab380c62a33d1f0e3eef0)
|
|
Jeremy.
(This used to be commit 94747b4639ed9b19f7d0fb896e43aa392a84989a)
|
|
- removes SMB_ALIGNMENT. That macro caused all sorts of problems with
getting unicode aligned right in sub-protocols (such as SMBtrans and
SMBtrans2). I believe the performance reasons for having
SMB_ALIGNMENT has gone away with the new variants of the SMB
protocol anyway, as newer commands tend to have their own internal
alignment.
- fix the locations where we set smb_flg2 to absolute values. We must
never do this if we want a hope of coping with unicode.
- add initial support for unicode on the wire in smbd. Currently
enabled using SMBD_USE_UNICODE environment variable.
(This used to be commit b98b1435e9d8f8622444c9ff33082977e661f16b)
|
|
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
(This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
|
|
pool is getting bloated. Also added a talloc_zero function to return zeroed memory.
Added debug in rpc_server/srv_pipe_hnd.c so we know when a talloc pool is being
freed. Syncup with srv_pipe_hnd.c from 2.2 so we are freeing memory at the same time.
Jeremy.
(This used to be commit d3a56c6042acf037bbd53de88d7636a5803ead20)
|
|
updated the POSIX_ACL code to be in sync.
Jeremy.
(This used to be commit c0517d6f4e3079feca1309fd1ea7b21e83f0de02)
|
|
smbd/reply.c smbd/service.c: cause all "add home service" calls to go through a
winbindd aware function.
Jeremy.
(This used to be commit a72d12e992e2755e925032aef1aa99be74bf6652)
|