Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 53b8f8a44141a9f6d36ed1b237ff65c67119edd0)
|
|
When we look see if a user is in a list, and we try to 'expand' an @group, we
should lookup the user's own list of groups, rather than looking for all the
members of a group.
I'm sure this will fix some nasty performance issues, particularly on large
domains etc. In particular, this avoids contacting winbind at all, if the
group is not a winbind group.
(This caused a deadlock on my winbind-on-PDC setup).
The groups list always includes the user's primary group, as per the
getgrouplist manpage, and my recent changes to our implementation.
Andrew Bartlett
(This used to be commit 9be21976f7662ebe6eb92fff7cecbdb352eca334)
|
|
the commit to reply.c just matches a pstrcpy for the pstring. (harmless, fixes
it for the automated test).
Andrew Bartlett
(This used to be commit ef9c7586ac152304cacaf2c16115adc2bccefc22)
|
|
the loaded list on error). Also change some of the error returns, becouse
NT_STATUS_UNSUCCESSFUL gives a most useless error message on the client.
As for which error, my logic is that a share without a valid VFS module is
not a valid share, and therefore should return the same error as a non-existant
share.
Andrew Bartlett
(This used to be commit 41178afdbd2b3de94cf272ce32764a1947e73ea8)
|
|
(This used to be commit 9df93b1ffc9ce98302540cc3d2cbd66787abc4fd)
|
|
this follows the method used for remote_machine and also fixes the
problem of anonymous connections clobbering the string
(This used to be commit 9ead4fc3c3f8b83f03c762a4dab77a64aabccbf9)
|
|
some basic usages like 'include = smb.conf.%U'
This changes fixes things again, by checking for reload after we setup
current_user in tconx.
(This used to be commit d664e6b4d20d545b31910666d9cea7384fd40a73)
|
|
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
|
|
sending broadcast messages. Also initial cut-down of printing notify
messages (not yet finished).
Jeremy.
(This used to be commit aca333719695b278843c59e1c6eb07d6655fd59c)
|
|
- Don't print an uninitialised buffer in service.c
- Change some charcnv.c functions to take smb_ucs2_t ** instead of void **
- Update NTLMv2 code to use dynamic buffers
- Update experimental SMB signing code - still more work to do
- Move sys_getgrouplist() to SAFE_FREE() and do a DEBUG() on initgroups()
failure.
Andrew Bartlett
(This used to be commit de1964f7fa855022258a84556b266100b917444b)
|
|
our authenticaion code - removing some of the duplication from the current
code.
This also gets us *much* closer to supporting a real SAM backend, becouse the
SAM can give us the right info then.
This also changes our service.c code, so that we do a VUID (rather than uid)
cache on the connection struct, and do full NT ACL/NT_TOKEN checks (or cached
equivilant) on every packet, for the same r or rw mode the whole share was open
for.
Andrew Bartlett
(This used to be commit d8122cee059fc7098bfa7e42e638a9958b3ac902)
|
|
(This used to be commit fb28abd120310a591bdf5fa1afc5521443c3d34c)
|
|
the new accessor functions.
Andrew Bartlett
(This used to be commit f393de2310e997d05674eb7f1268655373e03647)
|
|
session setup, it would not correctly pick up the [homes] share on a subsequent
session setup.
The new rules are: If you want to connect to [homes], then it must have been
available at session setup time, or you must be in security=share. At each
session setup, the user's copy of [homes] is updated to ensure it has the right
path etc.
Andrew Bartlett
(This used to be commit 5d2c7816a3ea02a67c5b501626d91d43557e9dd9)
|
|
Andrew Bartlett
(This used to be commit 2febc7ce1aa6b01ec68bd007ce0286813dff301d)
|
|
(This used to be commit 0229f610a8cf9e82618cc6850a431ac89ffc7630)
|
|
Jeremy.
(This used to be commit 44410af397c386f58067679012856150b07b47e8)
|
|
(This used to be commit 61c524e8102d4f5cdcf7c949b55b5dc67a320c74)
|
|
* DeletePrinterDriverEx() now has the ability to delete
driver files. I need to do some more testing
tro veriofy that we are in fact not deleting a file out from
under another driver, but it looks ok so far.
* DeletePrinterDriver() noiw deletes all versions of the
specified driver (cversion == 0, 1, 2, 3)
(This used to be commit 17bb780e1327663fa2fcd6a3cb25dd461a29c537)
|
|
Jeremy.
(This used to be commit aad40894404d000b925024e2f63977f87ecb5a6b)
|
|
(This used to be commit 06529c0433bf75790aad27dd3cecf7005612c694)
|
|
Went through and checked all string_subs I could to ensure they're being
used correctly.
Jeremy.
(This used to be commit 17cae0d683be404be69554cd0e84117bdcc56c87)
|
|
to a Samba print server running HEAD in a while. This has been broken
since tridge's changes to make_connection() to not do the chdir()
to the connect_path. Sorry it took me so long to get around to fixing it.
The problem occured with our internal use of make_connection().
jerry
(This used to be commit b5bc8aa0f68ceebfb5c0ec15ff93b0172cec36d8)
|
|
and we seem to have eliminated the segfault.
Unfortunetly I'm still at a bit of a loss as to why it did segfault, but
the patch is correct in any case.
Andrew Bartlett
(This used to be commit 70c16188c7a267f9f3f8de0b6830f66c9e68a2c7)
|
|
The aim of this execise is to give the 'security>=user' code a straight paper
path. Security=share will sill call authorise_login(), but otherwise we avoid
that mess.
This allow *much* more accurate error code reporting, beocuse we don't start
pretending that we can use the (nonexistant) password etc.
Also in this patch is code to create the 'homes' share at session setup time
(as we have done in the past - been broken recently) and to record this on
the user's vuser struct for later reference. The changes here should also
allow for much better use of %H (some more changes to come here).
The service.c changes move a lot of code around, but are not as drastric
as they look...
(Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not
'*total_entries' was compared).
This code is needs testing, but passes my basic tests.
I expect we have lost some functionality, but the stuff I had expected
to loose was already broken before I started. In particular, we don't 'fall
back' to guest if the user cannot access a share (for security=user). If you
want this kind of stuff then you really want security=share anyway.
Andrew Bartlett
(This used to be commit 4c0cbcaed95231f8cf11edb43f6adbec9a0d0b5c)
|
|
and renamed to str_list_* as it is a better name.
Elrond should be satisfied now :)
(This used to be commit 4ae260adb9505384fcccfb4c9929cb60a45f2e84)
|
|
cleanup some of the code in net_rpc_join re const warnings and
fstrings.
Passdb:
Make the %u and %U substituions in passdb work.
This is done by declaring these paramters to be 'const' and doing
the substitution manually. I'm told this is us going full circle,
but I can't really see a better way.
Finally these things actually seem to work properly...
Make the lanman code use the pdb's recorded values for homedir etc
rather than the values from lp_*()
Add code to set the plaintext password in the passdb, where it can
decide how to store/set it. For use with a future 'ldap password
change' option, or somthing like that...
Add pdb_unix, so as to remove the 'not in passdb' special cases from the
local_lookup_*() code. Quite small, as it uses the new 'struct passwd ->
SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd)
Other:
Fix up the adding of [homes] at session setup time to actually pass
the right string, that is the unix homedir, not the UNC path.
Fix up [homes] so that for winbind users is picks the correct name.
(bad interactions with the default domain code previously)
Change the rpc_server/srv_lsa_nt.c code to match NT when for the
SATUS_NONE_MAPPED reply: This was only being triggered on
no queries, now it is on the 'no mappings' (ie all mappings failed).
Checked against Win2k.
Policy Question: Should SID -> unix_user.234/unix_group.364 be
considered a mapping or not? Currently it isn't.
Andrew Bartlett
(This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34)
|
|
(This used to be commit e75e4ad7d3af5beee48b3001fd904eede8df033f)
|
|
tconx, so win2000 clients don't expect a permissions error in
tconx. We now match this behaviour, by only checking that the
directory exists during tconx and relying on the permissions on other
calls to protect directories
(This used to be commit 4fc476686476da31cc2b45badb05cb0765259f98)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
<a.bokovoy@sam-solutions.net>.
This patch is designed to remove the 'special cases' required for this support.
In particular this now kills off winbind_initgroups, as it appears no longer to
be required.
Andrew Bartlett
(This used to be commit f1d8d509766e9169d39332559162cfec249bfc70)
|
|
Andrew Bartlett
(This used to be commit 8cac618174365825e8b1824f70cb42afbce5e500)
|
|
Jeremy.
(This used to be commit c1b97226db63daf64359e79083a4754e7c7f8054)
|
|
and constness changes.
(This used to be commit cee0ec72746122c962e6c5278a736266a7f2c424)
|
|
of the connections db on smbd startup. This should fix the Solaris large
load bug.... (fingers crossed).
Jeremy.
(This used to be commit 5b2b9c25af28543e67762805d1387524cbb6c39d)
|
|
(This used to be commit 490d3aaf20f04d04c91c4748896d7a021581a229)
|
|
Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
(This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
|
|
code.
In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.
Major Changes:
- Fully malloc'ed structures.
- Massive rework of the code so that all structures are made and destroyed
using malloc and free, rather than hanging around on the stack.
- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
to be declared 'invalid' without the chance that people might get ROOT by
default.
- kill off some of the "DOMAIN\user" lookups. These can be readded at a more
appropriate place (probably domain_client_validate.c) in the future. They
don't belong in session setups.
- Massive introduction of DATA_BLOB structures, particularly for passwords.
- Use NTLMSSP flags to tell the backend what its getting, rather than magic
lenghths.
- Fix winbind back up again, but tpot is redoing this soon anyway.
- Abstract much of the work in srv_netlog_nt back into auth helper functions.
This is a LARGE change, and any assistance is testing it is appriciated.
Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.
Needs testing with a wide variety of MS clients.
Andrew Bartlett
(This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
|
|
In particular this commit focuses on:
Changing the Get_Pwnam code so that it can work in a const-enforced
environment.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes allow for 'const' in the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
(This used to be commit e7634f81c5116ff4addfb7e495f54b6bb78e8f77)
|
|
(This used to be commit 96f910bae510fb45e2f1181c1e3ad607a50a64d7)
|
|
Ensure make_conection() can only be called as root.
Jeremy.
(This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba)
|
|
(This used to be commit 7c3542ba8764be48b88255dd7f73ea6d87be10ac)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
some sainity, avoiding things like 'root preexec' when the connection would
otherwise already be denied (max connections).
This does change behaviour, but I think its for the best.
Andrew Bartlett
(This used to be commit 99e8a263ada41de2662a0290fda3dd9df3ac0cd4)
|
|
(This used to be commit 0deae6c407faa86ea871a219ad52fdd285166274)
|
|
This should help make much of this code simpiler.
Andrew Bartlett
(This used to be commit fb0c3629c360fd0c57129500474960e6da6f9ef0)
|
|
Andrew Bartlett
(This used to be commit d47016de52e9e5c468edf4c87dc60535a9796b99)
|
|
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
|
|
time :-)
(This used to be commit 8c3cf2db95a0fcf48b21274cac93f13abb42d4bf)
|
|
(You don't have to clean up somthing you haven't done yet...)
(This used to be commit ba76564c2a06bf7feefdaf9ef06cbf77c776b6e6)
|