Age | Commit message (Collapse) | Author | Files | Lines |
|
When we look see if a user is in a list, and we try to 'expand' an @group, we
should lookup the user's own list of groups, rather than looking for all the
members of a group.
I'm sure this will fix some nasty performance issues, particularly on large
domains etc. In particular, this avoids contacting winbind at all, if the
group is not a winbind group.
(This caused a deadlock on my winbind-on-PDC setup).
The groups list always includes the user's primary group, as per the
getgrouplist manpage, and my recent changes to our implementation.
Andrew Bartlett
(This used to be commit 9be21976f7662ebe6eb92fff7cecbdb352eca334)
|
|
caching code. Reduces load on winbindd. Probably should be moved to
use gencache at some future date.
Jeremy.
(This used to be commit 19f577e23ba3dd9101fb3e77a729906fdb8f5df7)
|
|
file. This is a regression that was damaged by other code.
Jeremy.
(This used to be commit 5cdc957ea6335d8bb4248065a3b60a0a26e766a8)
|
|
(not implemented yet)
(This used to be commit bceac9cdde04a57d661b6a7ece329fa6d5a169bd)
|
|
Thanks to Nir Livni <nirl@cyber-ark.com> for giving me the test case to
track it down.
Jeremy.
(This used to be commit c98ebb3031649203e607264ecb15722adf55af58)
|
|
- Don't use pstrcpy into an allocated string - use safe_strcpy() directly
instead.
- Keep a copy of the 'server_info' attached to the vuid. In future use this
for things like the session key, homedir and full name instead of current
copies.
- Try to avoid memory leak/segfault on Realloc failure
- clear up #endif comments
Andrew Bartlett
(This used to be commit 162477bb086827950b6cb71afa9bef62c2753c2e)
|
|
(This used to be commit 786d91d75c909f6d407b8466c89181f26e62e68f)
|
|
Thanks to Andrew Bartlett for spotting this.
(This used to be commit b4c210ccb05e71a8ddf1c25d028452dd5cd93c72)
|
|
Jeremy.
(This used to be commit dfb596b01288b7035c4448fd395e160a54144732)
|
|
Apparently acl_type is #defined to acl_common.entry_type in their acl.h....
Andrew Bartlett
(This used to be commit 3dfdaa0208ee538631378aa921300d95c596b70c)
|
|
Jeremy.
(This used to be commit 2110901b381f2a749605c8e8b262fa5ceba11169)
|
|
Jeremy.
(This used to be commit 651db9f242bb649f5efa4f4e59fe1ac0afe82981)
|
|
it work properly on 2.2 and the patch apply so I think it should be ok.
(This used to be commit 36b2f6c9320fe46a1b5d2c4e90117b7839c35f21)
|
|
(This used to be commit 69e94440cd89a19bbcebc49d87836153b452da47)
|
|
messages. Stops build-up of large numbers of smbd's waiting to terminate
on large print throughput.
Jeremy.
(This used to be commit 4ae130bfa82be60de6a6f357f65207fcb24f45fb)
|
|
level 2 and a request for open with no oplock is received then the
smbd should send *synchronous* break messages, not asynchronous,
otherwise it spins very rapidly, releasing the lock, sending the
'break to none' messages and then re-acquiring the lock before
any other process has a chance to get the lock and remove it's own
oplock (at least on linux).
Jeremy.
(This used to be commit d1e8991a76a57b7d96dd7db3c1d9bbf5b28da88e)
|
|
identical behaviour with previous versions
(This used to be commit 7cbb194b58a4313497541c1f8153533c5034b928)
|
|
testing :-). This gets the 'signiture' after the extended security blob,
rather than over the top of it.
Also move that code to the top of the file, with some of the other util functions.
Andrew Bartlett
(This used to be commit e5c67a012424e71cee340b16946babe2399c0fa1)
|
|
The idea here is to seperate, as much as possible, the SPNEGO layer from the
NTLMSSP layer. This not only helps us with protocol correctness, but also
should allow further mechinisms to be added with relitive ease. I indend to
make the kerberos code use this shortly.
I've never seen the 'zero length blob' form of the anonymous login, so I've
removed that case.
Andrew Bartlett
(This used to be commit a8773c9f825539c5bc17e4200b16d7ebbe0b7620)
|
|
(This used to be commit 9180e2d062ac18dc5e7e8d0737973dc9e806e412)
|
|
(This used to be commit c39c54e6b6adcdab7647e36e6c1b0acbdeeaf111)
|
|
- smbd/process.c: check log file sizes more often than in
timeout_processing()
- lib/debug.c: increment debug_count inside Debug1() instead of
when log file sizes are checked.
(This used to be commit 303710c2065850beebef678e657633497e4d8452)
|
|
open resources.
Jeremy.
(This used to be commit 0173d6fe164568a73247fa542895443fad6c20c3)
|
|
(This used to be commit 60c13a767523e3ec4db7ee5f5c6b20ca07d2a00a)
|
|
of the SWAT code, and adding a base64 encoder.
The main purpose of this patch is to add NTLMSSP support to 'ntlm_auth', for
use with Squid. Unfortunetly the squid side doesn't quite support what we need
yet.
Changes to winbind to get us the info we need, and a couple of consequential
changes/cleanups in the rest of the code.
Andrew Bartlett
(This used to be commit fe50ca8f54ded2e119bde08831785fbe0db2ee99)
|
|
(This used to be commit 7ed8046d043743d1a7af70eaa1d215e8c04e7700)
|
|
(This used to be commit 9ac196dad4893b0ceef13281a140be5d85391e6c)
|
|
eliminate the dependency on the auth subsystem. The next step is to add
the required code to 'ntlm_auth', for export to Squid etc.
Andrew Bartlett
(This used to be commit 9e48ab86da40e4c1cafa70c04fb9ebdcce23dfab)
|
|
(This used to be commit 099e844571975eecde7aea342c64d3f768110e03)
|
|
(This used to be commit 54b054c1edd44096c7158993a886f915d7a07493)
|
|
null terminated.
Thanks to Metze for finding this.
(This used to be commit e4ce26332b8f876e25ff9baf06d4767a473e2676)
|
|
This tries to extract our server-side code out of sessetup.c, and into a more
general lib. I hope this is only a temporay resting place - I indend to
refactor it again into an auth-subsystem independent lib, using callbacks.
Move some of our our NTLMSSP #defines into a new file, and add two that I found
in the COMsource docs - we seem to have a double-up, but I've verified from
traces that the NTLMSSP_TARGET_TYPE_{DOMAIN,SERVER} is real.
This code also copes with ASCII clients - not that we will ever see any here,
but I hope to use this for HTTP, were we can get them. Win2k authenticates
fine under forced ASCII, btw.
Tested with Win2k, NTLMv2 and Samba's smbclient.
Andrew Bartlett
(This used to be commit b6641badcbb2fb3bfec9d00a6466318203ea33e1)
|
|
valgrind).
Andrew Bartlett
(This used to be commit f8d9880c5f5321f4dba6b42896419412284c3e7b)
|
|
the commit to reply.c just matches a pstrcpy for the pstring. (harmless, fixes
it for the automated test).
Andrew Bartlett
(This used to be commit ef9c7586ac152304cacaf2c16115adc2bccefc22)
|
|
becouse that is what it's input (reply_tcon_and_x) uses, and becouse we really
don't want supprises for service names.
Also remove a legacy #define, in favor of the lp_ equiv.
Andrew Bartlett
(This used to be commit 7854a439ac601d3c23703b115cd5a8d4257c7717)
|
|
(harmless) fstring/pstring mixup.
Andrew Bartlett
(This used to be commit 5ff5f540ccc2ee2c9859213b84598baa400f57a5)
|
|
Andrew Bartlett
(This used to be commit 3b2e5f68cd4e1ff07dbd0032f521b3ba6e53746a)
|
|
to send notify events; CR 1491
(This used to be commit 142c5029c701e7a82074e301278846c02843f46f)
|
|
stuff) with a call to read_socket_with_timeout() which does the same thing.
Passwd chat still works but I couldn't figure out the right arguments to
passwd chat to get it to work right but data was definitely getting
through.
(This used to be commit 88eb9e9486bca55a38e40ae53aed35ee338a68d7)
|
|
so that bin/vfstest can link.
(This used to be commit 812ce0368c69922612ac001560a111016d0e568e)
|
|
Jeremy.
(This used to be commit 6a2b7fd82c868d517301f8566cd86e9e4b31546f)
|
|
fails.
Jeremy.
(This used to be commit 99e69fd74d5a2e7396e7f24924d72374d5cb32c2)
|
|
memory is being returned).
Jeremy
(This used to be commit b0d547b7396beff861bb116051ed06b7b9749005)
|
|
on work by <steve@griffin.sio2.nl>.
Jeremy.
(This used to be commit 465d86d95fbdeda423d1f4b06cee46c119a31447)
|
|
(This used to be commit 4bc82624f6f2d3745a1528c56b9dcf04613a6a1d)
|
|
Jeremy.
(This used to be commit ddf741c7178e33914dea6031f1a32800af402630)
|
|
the loaded list on error). Also change some of the error returns, becouse
NT_STATUS_UNSUCCESSFUL gives a most useless error message on the client.
As for which error, my logic is that a share without a valid VFS module is
not a valid share, and therefore should return the same error as a non-existant
share.
Andrew Bartlett
(This used to be commit 41178afdbd2b3de94cf272ce32764a1947e73ea8)
|
|
the silly stuff.
(fixes password changes from RAP based clients like smbpasswd)
Andrew Bartlett
(This used to be commit 066e4f9a4bdd432b3b2b7830c0ac1421f6086df4)
|
|
Jeremy.
(This used to be commit 6e0cfec16594ade6e6c499f521781348fee25040)
|
|
(This used to be commit 4c48c475a28450ad4fd8dcc8263e841c0c39a80e)
|