| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Jeremy.
(This used to be commit e53a81261ed189881c0f07e1b46f97aa6770cab7)
|
|
our authenticaion code - removing some of the duplication from the current
code.
This also gets us *much* closer to supporting a real SAM backend, becouse the
SAM can give us the right info then.
This also changes our service.c code, so that we do a VUID (rather than uid)
cache on the connection struct, and do full NT ACL/NT_TOKEN checks (or cached
equivilant) on every packet, for the same r or rw mode the whole share was open
for.
Andrew Bartlett
(This used to be commit d8122cee059fc7098bfa7e42e638a9958b3ac902)
|
|
SMB_FILE_INTERNAL_INFORMATION possibly causing the failure of one of the
IFSKIT tests.
(This used to be commit ca73d24307fcf60e4b7bfe574287b2a84c5d86c8)
|
|
Jeremy.
(This used to be commit 81eacd926bd1f7054522351e1bd24a2192dcbbc1)
|
|
half second timout rounds to 1 not 0
(This used to be commit 282a64b085162a58560175d14e7ceaef3d6cc9cc)
|
|
(This used to be commit aed32eb412cab7f6d0959f9faaaebdb320b2b6a8)
|
|
Just now it is acommandline tool like smbclient and rpcclient that is able to
perform operations on the file system passing through the vfs layer
It is not complete yet, some functions have simply faked up data, but module
loading works yet and basic operations too.
Thanks to Eric Lorimer for helping out with the initial setup.
Simo.
(This used to be commit 42ae5eb82657d4905bdaf247286f95599380afbb)
|
|
(This used to be commit 01d35694ae0497ee11a7677eecc597336e6b59ca)
|
|
since 1998 and nobody noticed. It means that sometimes smbd would sit
there forever, and smbd would never get the timing part of blocking
locks right.
(This used to be commit 5d4df58b6d4de548d8aa0a49ec307dce7cd1515a)
|
|
we previously expected, rather than the LM based key.
A Win2k SPNEGO enabled join goes a *lot* further with this option on.
Andrew Bartlett
(This used to be commit b224938e4e843288630cdc7c3c3931b241bd0e1a)
|
|
(This used to be commit fb28abd120310a591bdf5fa1afc5521443c3d34c)
|
|
(This used to be commit 8955f3d63a9d9e5da76331996fba42dc105737da)
|
|
actually work. Also, the idea of 'loopback winbind' isn't that bad an idea
anyway (potential PDC/BDC applications).
Given all that, remove it...
Andrew Bartlett
(This used to be commit fc0d6e53fce1d05b16ec58c0bdc38aa8da4422c0)
|
|
with an empty string, not a NULL pointer...
Also, check for security=ads before giving a kerberos spnego response.
(This used to be commit 6eca417d1c29c7c18455f8290cad86fb1444e615)
|
|
Andrew Bartlett
(This used to be commit 23f332178526877e9670515eb7c614b81fca21a9)
|
|
exactly were you trying to do here?
Andrew Bartlett
(This used to be commit 81b675b54d86d196fb2035dc5d22781160518beb)
|
|
Tridge suggested a generic caching mechanism for Samba to avoid the
proliferation of little cache files hanging around limpet like in the
locks directory. Someone should probably implement this at some
stage.
(This used to be commit dad31483b3bd1790356ef1e40ac62624a403bce8)
|
|
from win2k AND still use SPNEGO (provided you don't build with kerberos...I
still have to fix that, as we are not properly falling back).
(This used to be commit 1f9b3d46c7c99e84b2983220f79613b7420c5ced)
|
|
check for POSIX errors in the blocking lock code as we may have never made
a POSIX call (could have denied lock before POSIX checked).
Jeremy.
(This used to be commit 8403253f277299f566f2931fdec53b6e4ece376e)
|
|
(This used to be commit cbb6e2fbdb42964107cf033c787a32cedd46e5d8)
|
|
the new accessor functions.
Andrew Bartlett
(This used to be commit f393de2310e997d05674eb7f1268655373e03647)
|
|
future.
This moves us from fstrcpy() and global variables to 'get' and 'set' functions.
In particular, the 'set' function sainity-checks the input, in the same way as
we always have.
Andrew Bartlett
(This used to be commit e57a896f06b16fe7e336e1ae63a0c9e4cc75fd36)
|
|
setups.
- split up the ads structure into logical pieces. This makes it much
easier to keep things like the authentication realm and the server
realm separate (they can be different).
- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)
- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0
- completely rewrote the code for finding the LDAP server. Now try DNS
methods first, and try all DNS servers returned from the SRV DNS
query, sorted by closeness to our interfaces (using the same sort code
as we use in replies from WINS servers). This allows us to cope with
ADS DCs that are down, and ensures we don't pick one that is on the
other side of the country unless absolutely necessary.
- recognise dnsRecords as binary when displaying them
- cope with the realm not being configured in smb.conf (work it out
from the LDAP server)
- look at the trustDirection when looking up trusted domains and don't
include trusts that trust our domains but we don't trust
theirs.
- use LDAP to query the alternate (netbios) name for a realm, and make
sure that both and long and short forms of the name are accepted by
winbindd. Use the short form by default for listing users/groups.
- rescan the list of trusted domains every 5 minutes in case new trust
relationships are added while winbindd is running
- include transient trust relationships (ie. C trusts B, B trusts A,
so C trusts A) in winbindd.
- don't do a gratuituous node status lookup when finding an ADS DC (we
don't need it and it could fail)
- remove unused sid_to_distinguished_name function
- make sure we find the allternate name of our primary domain when
operating with a netbiosless ADS DC (using LDAP to do the lookup)
- fixed the rpc trusted domain enumeration to support up to approx
2000 trusted domains (the old limit was 3)
- use the IP for the remote_machine (%m) macro when the client doesn't
supply us with a name via a netbios session request (eg. port 445)
- if the client uses SPNEGO then use the machine name from the SPNEGO
auth packet for remote_machine (%m) macro
- add new 'net ads workgroup' command to find the netbios workgroup
name for a realm
(This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
|
|
(This used to be commit 7bf9ca6ca36fa319a57eab05567d49a003237bb5)
|
|
(This used to be commit 81322f4d63095d828be7983eb4b47775abe8d33f)
|
|
(This used to be commit cf2abf677ed9942d841ef61ffb2565244c8979ac)
|
|
longer than the buffer they claim to be in.
Many thanks to tridge for explaining the macros.
Andrew Bartlett
(This used to be commit 3efd462bf2f1ed50c108c2b8ddecc461d002745d)
|
|
for spotting this)
(This used to be commit d4c905e5a0a67c8e01a4fcf78aa992a3b7beff02)
|
|
Andrew Bartlett
(This used to be commit bc17b91c2f1a1df58614b67bff94f228be6b9bb2)
|
|
on both by default, and you can specify a list of ports to listen on
either with "smb ports = " in smb.conf or using the -p option to smbd.
this is needed for proper netbiosless operation.
(This used to be commit 5dee0a7b5e0fcb298a9d36661c80e60d8b9bcc3a)
|
|
there were 2 bugs:
1) we were sending a null challenge when we should have sent an empty
challenge
2) the password can be in unicode if unicode is negotiated. This means
our client code was wrong too :(
(This used to be commit 1a6dfddf6788b30fc81794b1bfe749693183b2c1)
|
|
(This used to be commit deff1f96232b328fb5f5bb49a23eb4cda11fd330)
|
|
Finally the cascaded VFS patch is in.
Testing is very welcome, specially with layered multiple vfs modules.
A big thank to Alexander Bokovoy for his work and patience :)
Simo.
(This used to be commit 56283601afe1836dafe0580532f014e29593c463)
|
|
- That we never call winbind recursivly
- That we never use an 'algorithmic' RID when we have a fixed uid or gid mapping
in either the passdb or the group mapping db.
Also, remove restrictions that say 'this domain only'. If we have a mapping
configured, allow it to be returned. If we later decide certian mappings are
invalid, then we sould put that in the code that actually does the map.
Allow 'sid->name' transtations on the fixed 'well known' groups for NT, even
if they are not represented by Unix groups yet.
Andrew Bartlett
(This used to be commit d5bafb224337e393420c2ce9c0a787405314713c)
|
|
experiment with file size returns
(This used to be commit c529cee0b2925184376e3a14e83fa99b3636d4ce)
|
|
This gets my test code working, where we previously failed with files
above 20G in size.
I'm still not completely happy with this. There are just too many
fields in trans2.c that we don't fill in.
(This used to be commit 7dfdb456d4c9bcf6ecb1f7e5c5e79989f95e5627)
|
|
hide only unwriteable files and not dirs with this one.
may be a hide unwriteable dirs param will follow.
(This used to be commit 161dd6d963ea1c11891278af2483c925e508767e)
|
|
null before close
this one fixes swat not working with browsers that set more then one language.
along the way implemented language priority in web/neg_lang.c with bubble sort
also changet str_list_make to be able to use a different separator string
Simo.
(This used to be commit 69765e4faa8aaae74c97afc917891fc72d80703d)
|
|
samba-patches 820
(This used to be commit ea0a12fb60791553109f732079d971987538abd6)
|
|
sys_dup2() in a couple more places.
Andrew Bartlett
(This used to be commit e69b476626c802b1e1920f241733d0dd6d06a06e)
|
|
Remove the n^2 search for valid 'tty' names from the sesion code when we
don't actually need it. Its main value is in getting 'well behaved'
numbers for use with utmp, so when we are not doing utmp we don't need
this to get in the way.
Andrew Bartlett
(This used to be commit 50507e131dac19485a2561f3448da7334e357f50)
|
|
session setup, it would not correctly pick up the [homes] share on a subsequent
session setup.
The new rules are: If you want to connect to [homes], then it must have been
available at session setup time, or you must be in security=share. At each
session setup, the user's copy of [homes] is updated to ensure it has the right
path etc.
Andrew Bartlett
(This used to be commit 5d2c7816a3ea02a67c5b501626d91d43557e9dd9)
|
|
add also hide unwriteable as per user request
(This used to be commit e6b38a881b67af5365f84e52f9cd6dcfec82bf2f)
|
|
patches:
Andrew Bartlett
From his e-mail:
Below I attach the following patches as a result of my work
on trusted domains support:
1) srv_samr_nt.c.diff
This fixes a bug which caused to return null string as
the first entry of enumerated accounts list (no matter what
entry, it was always null string and rid) and possibly
spoiled further names, depeding on their length.
I found that while testing my 'net rpc trustdom list'
against nt servers and samba server.
2) libsmb.diff
Now, fallback to anonymous connection works correctly.
3) smbpasswd.c.diff
Just a little fix which actually allows one to create
a trusting domain account using smbpasswd
4) typos.diff
As the name suggests, it's just a few typos fix :)
(This used to be commit 888d595fab4f6b28318b743f47378cb7ca35d479)
|
|
Andrew Bartlett
(This used to be commit 2febc7ce1aa6b01ec68bd007ce0286813dff301d)
|
|
have become_root()/unbecome_root() wrappers.
(this should be the last of them, the rest were done ages ago).
Andrew Bartlett
(This used to be commit 83360b211a7e834306d3e549c18bc41576534417)
|
|
(This used to be commit 0229f610a8cf9e82618cc6850a431ac89ffc7630)
|
|
(This used to be commit 993ee671cc11a95d0d0aa6d60883e03bb473290d)
|
|
Andrew Bartlett
(This used to be commit 6465c6727be15cd2e915710bdc3e2f4244ad2083)
|
|
I don't like the idea of muliple netprots - becouse I see potential problems
with people being able to maniplate internal samba variables.
This applies in particular to remote names, so don't allow muliple session
requests either.
Also remove a pstrcpy() from the tcon code, we really don't need it.
Andrew Bartlett
(This used to be commit 2afa291404cfd8dae11120e5e470c38ba067c4b2)
|
