Age | Commit message (Collapse) | Author | Files | Lines |
|
as the ntlmssp case.
Jeremy.
(This used to be commit 79e0bf829875fc985f1940dc31ee418aad910ed6)
|
|
time. )-:
(This used to be commit 59dae1da66a5eb7e128263bd578f167d8746e9f0)
|
|
(This used to be commit ba4d334b822248d8ab929c9568533431603d967e)
|
|
shares in some circumstances.
Jeremy.
(This used to be commit b826e8c8980d26e932da55384f109f0fe6a124c7)
|
|
due to w2k bug. I think this code is now working.... Need more testing of course
but works on all the obvious cases I can think of.
Jeremy.
(This used to be commit a6e537f6611cc1357fffea0b69901fba7c9ad6ea)
|
|
wasn't found)
(This used to be commit 422dffdc40742091df027fcffbc074eb2b1396dc)
|
|
in oplock break state, change notify queue) we also push the MID onto
the deferred signing queue. Tomorrow I will test this with valgrind and
oplock tests.
Jeremy.
(This used to be commit 33a377f3726c85379ba5b962dd7c8ead337b892f)
|
|
when bad signature received, plus check the oplock breaks....
Jermey.
(This used to be commit dd83931a00ec0a2c4b78b939c54bc101ec82312f)
|
|
next....
Jeremy.
(This used to be commit eff74a1fcc597497a4c70589a44c1b70e93ab549)
|
|
to pstr_sprintf() and fstr_sprintf() to try to standardize.
lots of snprintf() calls were using len-1; some were using
len. At least this helps to be consistent.
(This used to be commit 9f835b85dd38cbe655eb19021ff763f31886ac00)
|
|
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings
on some of the 64-bit build farm machines as well as help us out when 64-bit
uid/gid/pid values come along.
(This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
|
|
(This used to be commit 8409cf3e470df79f219f9a21c0cb780e9257186c)
|
|
wildcard characters. I've only put this in mkdir at the moment, but I
suspect this will apply to all places that can create new filenames.
We need to allow the opening of existing filenames that contain
wildcards, but not allow the creation of new ones.
(This used to be commit 2fd5569938b8970f3e9d761eecad5bc0b8bb267e)
|
|
incomplete directory listings. The problem was the exact_match
optimisation that short circuited directory listings on exact
matches. This optimisation doesn't work when the unix filename
contains Microsoft wildcard characters.
(This used to be commit 84cee2c3fcc34fe6356e842821a5f0a361477637)
|
|
I think (my changes haven't affected this I believe). Initial support on the
server side for smbclient. Still doesn't work for w2k clients I think...
Work in progress..... (don't change).
Jeremy.
(This used to be commit e5714edc233424c2f74edb6d658f32f8e0ec9275)
|
|
Jeremy.
(This used to be commit 86c5ebcf8f5eb57e9885627b3da4e486ee3f62d9)
|
|
an oplock break.
Jeremy.
(This used to be commit 9515de83a864250c417cf490b7be714c8e1e127e)
|
|
Jeremy.
(This used to be commit 8d2a848052df03dad7bfeb5e7be96f8e9a509bbf)
|
|
sendfile when signing (I need to add this for readbraw/writebraw too...).
Jeremy.
(This used to be commit f2e84f1ba67b13ff29e24a38099b559d9033a680)
|
|
Jeremy.
(This used to be commit 61fc9a7b2eafdf8cbed1f8d9aae016b828c91a08)
|
|
Jeremy.
(This used to be commit 3c11d9362379f16bb0d14449f64e731efad97ffe)
|
|
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing
to add signing on server side.
Jeremy.
(This used to be commit c390b3e4cd68cfc233ddf14d139e25d40f050f27)
|
|
Still testing this, but I'm checking it in
so Volker can test it as well. Should be right.
(This used to be commit 8edf193722f699cc33baed410917a78a5e28d0a4)
|
|
(This used to be commit c9d6782e091406ed105b7dc34c8c83e53bfe515e)
|
|
properly handle iconv on FreeBSD ...
It works on Linux and FreeBSD ...
(This used to be commit 9302401f543bd3684657b38f046dc52a5a732035)
|
|
to winbindd. See README.idmap-and-winbind-changes for details.
(This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
|
|
purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries.
ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX
functions fail. Getting ready to add caching.
Jeremy.
(This used to be commit 9d0692a54fe2cb087f25796ec2ab5e1d8433e388)
|
|
Jeremy.
(This used to be commit f3c2e73a8c1c592d407542c12c0a445103415bc0)
|
|
available. Removed extra auth_init (thanks metze).
Jeremy.
(This used to be commit 88135fbc4998c266052647f8b8e437ac01cf50ae)
|
|
to fix open mode race condition.
Jeremy.
(This used to be commit cbde1c8dfcd9d3bef956fe073e7108a54b48844b)
|
|
code. Bug #185.
Jeremy.
(This used to be commit 7a1ac7be42dfb90fd44f2c51810eedcea052386b)
|
|
Jeremy.
(This used to be commit e9fb6e45086a6170b6f6d5d3295398708ab1af58)
|
|
* remove idmap_XX_to_XX calls from smbd. Move back to the
the winbind_XXX and local_XXX calls used in 2.2
* all uid/gid allocation must involve winbindd now
* move flags field around in winbindd_request struct
* add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id()
to prevent automatic allocation for unknown SIDs
* add 'winbind trusted domains only' parameter to force a domain member
server to use matching users names from /etc/passwd for its domain
(needed for domain member of a Samba domain)
* rename 'idmap only' to 'enable rid algorithm' for better clarity
(defaults to "yes")
code has been tested on
* domain member of native mode 2k domain
* ads domain member of native mode 2k domain
* domain member of NT4 domain
* domain member of Samba domain
* Samba PDC running winbindd with trusts
Logons tested using 2k clients and smbclient as domain users
and trusted users. Tested both 'winbind trusted domains only = [yes|no]'
This will be a long week of changes. The next item on the list is
winbindd_passdb.c & machine trust accounts not in /etc/passwd (done
via winbindd_passdb)
(This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
|
|
Samba will now use the user's UNIX primary group, as the primary group when
dealing with the filesystem. The NT primary group is ignored in unix.
For the NT_TOKEN, the primary group is the NT priamry group, and the unix
primary group is added to the NT_TOKEN as a supplementary group.
This should fix bug #109, but will need to be revisited when we get a full
NT group database.
Also in this commit:
- Fix debug statements in service.c
- Make idmap_ldap show if it's adding, or modifying an existing DN
- Make idmap_ldap show both the error message and error string
(This used to be commit 32e455a714b2090fcfd1f6d73daccf600c15d51b)
|
|
We now always read the Domain SID out of LDAP. If the local secrets.tdb
is ever different to LDAP, it is overwritten out of LDAP. We also
store the 'algorithmic rid base' into LDAP, and assert if it changes.
(This ensures cross-host synchronisation, and allows for possible
integration with idmap). If we fail to read/add the domain entry, we just
fallback to the old behaviour.
We always use an existing DN when adding IDMAP entries to LDAP, unless
no suitable entry is available. This means that a user's posixAccount
will have a SID added to it, or a user's sambaSamAccount will have a UID
added. Where we cannot us an existing DN, we use
'sambaSid=S-x-y-z,....' as the DN.
The code now allows modifications to the ID mapping in many cases.
Likewise, we now check more carefully when adding new user entires to LDAP,
to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount
onto the idmap entry for that user, if it is already established (ensuring
we do not duplicate sambaSid entries in the directory).
The allocated UID code has been expanded to take into account the space
between '1000 - algorithmic rid base'. This much better fits into what
an NT4 does - allocating in the bottom part of the RID range.
On the code cleanup side of things, we now share as much code as
possible between idmap_ldap and pdb_ldap.
We also no longer use the race-prone 'enumerate all users' method for
finding the next RID to allocate. Instead, we just start at the bottom
of the range, and increment again if the user already exists. The first
time this is run, it may well take a long time, but next time will just
be able to use the next Rid.
Thanks to metze and AB for double-checking parts of this.
Andrew Bartlett
(This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e)
|
|
strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
|
|
'unix username' from the NT username, in the auth subsystem at least.
Andrew Bartlett
(This used to be commit df1aa2a669edc9f26007595411720742d7dff5d9)
|
|
This is the first part of the fix that at least allows configure to
walk the list of supplied locations where libiconv etc might be found.
aclocal.m4 also needs a fix, as does a later test.
(This used to be commit 20786543139c546d112f8f6b6d4d796ee7fed609)
|
|
size on upper casing. Based on patch from monyo@home.monyo.com.
Jeremy.
(This used to be commit 72e382e99b92666acdaf50a040b14aa16d48b80d)
|
|
Jeremy.
(This used to be commit bbe1276b516e1803a4a9285691674784b989b72f)
|
|
call for Japanese characters.
Jeremy.
(This used to be commit c6de5df01d470c2dab48cdd6298f450fa94f9a8e)
|
|
CREATOR_OWNER/CREATOR_GROUP uid/gid entries in the SAMBA_PAI attribute.
Creator Owner and Creator group now show up as inherited correctly (I
think :-). Jim please test.
Jeremy.
(This used to be commit dbbd8dd15582f95fb9c160c6c42ce9f0971ac4b7)
|
|
not sorting returned ACE's correctly w.r.t. W2K - implemented the correct
algorithm.
Jeremy.
(This used to be commit fa23a4158ec23c0b8dbdc6c53f29958243107dee)
|
|
idmap backend is specified cause smbd to ask winbindd (use winbindd if
you want a consistant remote backend solution).
Should work well enough for next beta now...
Jeremy.
(This used to be commit 8f830c509af5976d988a30f0b0aee4ec61dd97a3)
|
|
*) consolidates the dc location routines again (dns
and netbios) get_dc_list() or get_sorted_dc_list()
is the authoritative means of locating DC's again.
(also inludes a flag to get_dc_list() to define
if this should be a DNS only lookup or not)
(however, if you set "name resolve order = hosts wins"
you could still get DNS queries for domain name IFF
ldap_domain2hostlist() fails. The answer? Fix your DNS
setup)
*) enabled DOMAIN<0x1c> lookups to be funneled through
resolve_hosts resulting in a call to ldap_domain2hostlist()
if lp_security() == SEC_ADS
*) enables name cache for winbind ADS backend
*) enable the negative connection cache for winbind
ADS backend
*) removes some old dead code
*) consolidates some duplicate code
*) moves the internal_name_resolve() to use an IP/port pair
to deal with SRV RR dns replies. The namecache code
also supports the IP:port syntax now as well.
*) removes 'ads server' and moves the functionality back
into 'password server' (which can support "hostname:port"
syntax now but works fine with defaults depending on
the value of lp_security())
(This used to be commit d7f7fcda425bef380441509734eca33da943c091)
|
|
Hopefully will fix jcmd bugs :-).
Jeremy.
(This used to be commit 482e6c79edefc8aaacbb37f807d2076e59b40e26)
|
|
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK
This patch will cure the problem.
Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is
used correctly, but I'm not 100% sure, coders should check the use of
NT_STATUS_IS_ERR() in samba is ok now.
Simo.
(This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
|
|
(This used to be commit 75081860af5ace873f53c361ec34d029b7864ff7)
|
|
This replaces the universal group caching code (was originally
based on that code). Only applies to the the RPC code.
One comment: domain local groups don't show up in 'getent group'
that's easy to fix.
Code has been tested against 2k domain but doesn't change anything
with respect to NT4 domains.
netsamlogon caching works pretty much like the universal group
caching code did but has had much more testing and puts winbind
mostly back in sync between branches.
(This used to be commit aac01dc7bc95c20ee21c93f3581e2375d9a894e1)
|
|
Jeremy.
(This used to be commit fa8ca20ed440673d02ac5669f8d4c6623c1fdb6d)
|