Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 29874f4b8fecdc7cbd84d656dafce54cca49e0b1)
|
|
and we seem to have eliminated the segfault.
Unfortunetly I'm still at a bit of a loss as to why it did segfault, but
the patch is correct in any case.
Andrew Bartlett
(This used to be commit 70c16188c7a267f9f3f8de0b6830f66c9e68a2c7)
|
|
The aim of this execise is to give the 'security>=user' code a straight paper
path. Security=share will sill call authorise_login(), but otherwise we avoid
that mess.
This allow *much* more accurate error code reporting, beocuse we don't start
pretending that we can use the (nonexistant) password etc.
Also in this patch is code to create the 'homes' share at session setup time
(as we have done in the past - been broken recently) and to record this on
the user's vuser struct for later reference. The changes here should also
allow for much better use of %H (some more changes to come here).
The service.c changes move a lot of code around, but are not as drastric
as they look...
(Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not
'*total_entries' was compared).
This code is needs testing, but passes my basic tests.
I expect we have lost some functionality, but the stuff I had expected
to loose was already broken before I started. In particular, we don't 'fall
back' to guest if the user cannot access a share (for security=user). If you
want this kind of stuff then you really want security=share anyway.
Andrew Bartlett
(This used to be commit 4c0cbcaed95231f8cf11edb43f6adbec9a0d0b5c)
|
|
and renamed to str_list_* as it is a better name.
Elrond should be satisfied now :)
(This used to be commit 4ae260adb9505384fcccfb4c9929cb60a45f2e84)
|
|
Jeremy.
(This used to be commit 1712a7b34a73ad89965961c0db4dd198d6b257c6)
|
|
Jeremy.
(This used to be commit 5e2571f424a40df4d67fe279517a9b21184b78e1)
|
|
we leave the gid alone.
Jeremy.
(This used to be commit 3f72910cf954b127c0cc06d6616ca2b8cd0d41ad)
|
|
initialising function. This patch thanks to the work of
"Stefan (metze) Metzmacher" <metze@metzemix.de>
This is partly to enable the transition to SIDs in the the passdb.
Andrew Bartlett
(This used to be commit 96afea638e15d4cbadc57023a511094a770c6adc)
|
|
Novell client).
Jeremy.
(This used to be commit ac49fd297acf27384a5e133a5fd7a32c1ba27ca6)
|
|
is that there are some times when we should return an EINTR from a select,
some times when we should not. As we can take a signal at any time, we
have to eat EINTR's in some selects. This means we need to check for
kernel oplock breaks more often in the main loop, as well as add the
queuing mechanism needed for the changenotify code (due to the mistake
in understanding POSIX semantics w.r.t. setting a signal mask in a
signal handler). This code now passes all my tests.
However, (and IMHO and I know tridge disagrees) - the correct way to
fix this is to run with RT signals blocked and explicitly unblock
them just before the main select, block them after and then process
them all in one place. Just my 2cents :-).
Jeremy.
(This used to be commit a8c85372e2826a07117c89b39270cde8641ce55d)
|
|
Jeremy.
(This used to be commit db8932c297096e6e957677c4ed944e4c319db1d8)
|
|
is being ignored on sighandler exit. This means we have to have a small
array of fd's, not a single one.
Jeremy.
(This used to be commit b06862e2de8d3bafbc10a9807501ef5bf148a61c)
|
|
in RAP or RPC environment.
(This used to be commit 3eec0d64c7c4592d4f0d74108fb0be2b7a22bde6)
|
|
client state to implement smb signing - this is a test at present.
Jeremy.
(This used to be commit a234e303558a25c4ea26b7f6788006e4fee651bf)
|
|
The problem was the NTLMv2 uses extra data in order to make reply/lookup
more difficult. That extra data includes the hostname, and the domain.
This matches Win2k (sort of) by sending this information.
Win2k connects with LMCompatibilityLevel=5 without a problem.
We can change the negotiation bits if we want, this should allow us to make
NTLMv2 the default for other clients as well.
Some of the extra #defines were found in the squid source.
Andrew Bartlett
(This used to be commit 17a5f67b3d1935baf6197ae967624eb847b66ac8)
|
|
Importantly:
The removal of the silly 'delete user script' behaviour when secuity=domain.
I have left the name the same - as it still does the (previously documented,
but not in smb.conf(5)) sane behaviour of deleting users on request.
When we decide what to do with the 'add user' functionality, we might
rename it.
Andrew Bartlett
(This used to be commit cdcfe3671eb7570e15649b77f708e6579055e7bc)
|
|
didn't make any sense, and its was always just strlen(password) anyway.
This fixes it to be strlen(password)+1
Andrew Bartlett
(This used to be commit c205b18bd6b9b69200ff3db55f2c641631d4ab40)
|
|
Jeremy.
(This used to be commit f536ec62242c5c644e03afa19f4a3ebedf36f80d)
|
|
my removal of the goto. Oops !
Jeremy.
(This used to be commit 4d3679e03e0c30602b1345cbf2fbf8587dff1f26)
|
|
Jeremy.
(This used to be commit 5c8351228c55f2403214351f6fd16fe231aee917)
|
|
Jeremy.
(This used to be commit 490b95a35d1e2ccd3b80db5cfcf7b9804901d36e)
|
|
Jeremy.
(This used to be commit 7e6db250804e51ce0883b972831da455d389cdcd)
|
|
Make some code static, add some const to the PAM code, and make the plaintext
password code actually function - particulary without the requirement to
modify the 'struct passwd' (which it assumed was made up of fstrings)
This kills some particularly ugly code in lib/util_pw.c
Andrew Bartlett
(This used to be commit 302dad4990ba5194f072e435465d9adaa089ae06)
|
|
Jeremy.
(This used to be commit d4dbb9cb1338332bda3651dc4b86abcf47e9c2d2)
|
|
another smbd and an incoming SIGUSR1 message arrived we'd break out of
the wait early - as we have to use sys_select() to wait for an oplock
response message, not sys_select_intr() (which ignores EINTR errors)
because of the real time signal kernel interface.
Jeremy.
(This used to be commit 3bb26957e3e7fb5059d21115546d189eaca34646)
|
|
Jeremy.
(This used to be commit fda7a11b093315a77ca1199119b5421a029ee883)
|
|
Jeremy.
(This used to be commit 174df5d914b149e52bf260e6502f2436c2720958)
|
|
(This used to be commit 37f1cd013da073ca23fd9b16ee8cfbf9a3e6cbd9)
|
|
cleanup some of the code in net_rpc_join re const warnings and
fstrings.
Passdb:
Make the %u and %U substituions in passdb work.
This is done by declaring these paramters to be 'const' and doing
the substitution manually. I'm told this is us going full circle,
but I can't really see a better way.
Finally these things actually seem to work properly...
Make the lanman code use the pdb's recorded values for homedir etc
rather than the values from lp_*()
Add code to set the plaintext password in the passdb, where it can
decide how to store/set it. For use with a future 'ldap password
change' option, or somthing like that...
Add pdb_unix, so as to remove the 'not in passdb' special cases from the
local_lookup_*() code. Quite small, as it uses the new 'struct passwd ->
SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd)
Other:
Fix up the adding of [homes] at session setup time to actually pass
the right string, that is the unix homedir, not the UNC path.
Fix up [homes] so that for winbind users is picks the correct name.
(bad interactions with the default domain code previously)
Change the rpc_server/srv_lsa_nt.c code to match NT when for the
SATUS_NONE_MAPPED reply: This was only being triggered on
no queries, now it is on the 'no mappings' (ie all mappings failed).
Checked against Win2k.
Policy Question: Should SID -> unix_user.234/unix_group.364 be
considered a mapping or not? Currently it isn't.
Andrew Bartlett
(This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34)
|
|
and there is no real reason for it to depend on more than the abilty
to compile the code.
(This used to be commit 64aaec137e39595e6e61b55eb525615683a1393c)
|
|
(This used to be commit 078e81530e9bc4e5f0b8e18aff0488386bce29a5)
|
|
This option was badly maintained, useless and confused our users and
distirbutors. (its SSL, therfore it must be good...)
No windows client uses this protocol without help from an SSL tunnel.
I can't see any reason why setting up a unix-side SSL wrapper would
be any more difficult than the > 10 config options this mess added
to samba in any case.
On the Samba client end, I think the LIBSMB_PROG hack should be
sufficient to start stunnel on the unix side. We might extend this
to take %i and %p (IP and port) if there is demand.
Andrew Bartlett
(This used to be commit b04561d3fd3ee732877790fb4193b20ad72a75f8)
|
|
funcitons.
(This used to be commit c37c1e39253d9d21f8ab38ab8d24f7e787008596)
|
|
that only contains an "everyone" DACL doesn't apply this to user and group
entries also.
Jeremy.
(This used to be commit 2f67f39d219bbe110d52ed2680fd8ac57946756f)
|
|
in '.' as invalid long filenames (special treatment for '.' and '..' which
are valid - yes Andrew I did this without strlen :-) :-).
Jeremy.
(This used to be commit 3180d8ba4ace9417033039d61d04c255da6f6a01)
|
|
check for OS/2 EA set. This caused Macromedia movie files to not export
correctly onto a Samba share. Originally spotted by Michel Stoop stoop@ncg.nl.
Jeremy.
(This used to be commit 6b4affde167104c760bd8dc3c8906511a7642853)
|
|
(This used to be commit d926cc989690684ec4799ebb3a3a01e8d4173de6)
|
|
Jeremy.
(This used to be commit 459f8634c1ced78abda30f1d5b7888f428aade6b)
|
|
Jeremy.
(This used to be commit a7768b9b6fa7522d6afebc43f41a495b8d8ab961)
|
|
name, pos, size easily.
Might help with access problem.
Jeremy.
(This used to be commit e08d72b3271ae1b155a59ae82acf9d619c22c81f)
|
|
the test revealed 15 collision with 1 Million long file names :-)
Simo.
(This used to be commit 77dc498b6f0c435f082eb2d934920d3f3bef0b65)
|
|
(This used to be commit 38fd99e84176106ed700f637e9292d2a4c1385b4)
|
|
(This used to be commit fb6ce175d479e5bddc239595320f5dc245ac2ec6)
|
|
to be printed, it just means file not found.
Jeremy.
(This used to be commit 25dea499b82da5e84412bf10781adbd240aa46f0)
|
|
what we do is map to the authenticated user when the sid is unmappable
and dos filemodes are enabled
(This used to be commit b6c2ef4f54e7b42125f8c89ee5a62b0ba6b52f59)
|
|
Jeremy.
(This used to be commit 65742067e07195048edcee46dae95a58a4a50950)
|
|
anymore a SNAP/DELL NAS to test.
from Kevin Stefanik.
J.F.
(This used to be commit d0ce52230b456108ad91361b51e30d9a9cb25dff)
|
|
for transfer_file.
Jeremy.
(This used to be commit c7ff521bab838c070931f2b0ece4be3371fbcdbf)
|
|
Jeremy.
(This used to be commit 64974fa334fd757ff5cfd1bd32d7300bf8a6208c)
|
|
Jeremy.
(This used to be commit 68c0eb5ca7bc96cfdc8df07bd84f3e49de024b81)
|