Age | Commit message (Collapse) | Author | Files | Lines |
|
Correct the 'none mapped' behaviour, (so that it matches Win2k) and add a
function to make the SID types appear as text strings in logs/rpcclient.
Also, remove a silly case that would cause 'failure' to be 'success'. (Might
look at this a bit more in future).
Andrew Bartlett
(This used to be commit c20d057f8821d13d3de61b319de44db23773516b)
|
|
Jeremy.
(This used to be commit aad40894404d000b925024e2f63977f87ecb5a6b)
|
|
(This used to be commit 06529c0433bf75790aad27dd3cecf7005612c694)
|
|
via regedt32.exe. The regsitry.tdb is only a framework. It is not
intended to store values, only key/subkey structure. The data
will be retrieved from nt*tdb (for printers) creating a virtual view
of the data.
You can currently connect to a Samba box using regedt32.exe (haven't
tried regedit.exe). Some basic keys are created in registry.tdb
for use.
There are two problems....
* something is getting freed in the winreg code that causes heap
corruption later on. As long as you don't play with the winreg
server functionality, I don't think you'll be bitten by this.
* no access controls are currently implemented
* I can't browse HKLM because regedt32 greys out the SYSTEM subkey.
ok so that was three....
(This used to be commit 542d3c93a998083c07b2afa91a7c927c376caf54)
|
|
Went through and checked all string_subs I could to ensure they're being
used correctly.
Jeremy.
(This used to be commit 17cae0d683be404be69554cd0e84117bdcc56c87)
|
|
code
(This used to be commit 91ad9041e9507d36eb3f40c23c5d4df61f139ef0)
|
|
to a tdb per-queue for scalability.
Jeremy.
(This used to be commit e808eb2758ff4ad1eed7b50a02865b87ba0c068e)
|
|
to a Samba print server running HEAD in a while. This has been broken
since tridge's changes to make_connection() to not do the chdir()
to the connect_path. Sorry it took me so long to get around to fixing it.
The problem occured with our internal use of make_connection().
jerry
(This used to be commit b5bc8aa0f68ceebfb5c0ec15ff93b0172cec36d8)
|
|
(This used to be commit 4a7813711130625598e0ffe92e7938890b818d2f)
|
|
few more places to use it.
Andrew Bartlett
(This used to be commit 23689b0746d5ab030d8693abf71dd2e80ec1d7c7)
|
|
now supported in HEAD.
Jeremy.
(This used to be commit 082c5c084ef870709d3046f580eef597bb2aeef3)
|
|
Andrew Bartlett
(This used to be commit 5c0e4ecfaf9bf7e6e799dceeb275b5db2d4142dd)
|
|
Replaced with "unsigned int".
Jeremy.
(This used to be commit 5841ca54b6a8c36f3d76c12570ff8f2211ed2363)
|
|
(This used to be commit a905b5f49db6a12c9a562e1d5e3981dc3525fd27)
|
|
Added an auth_user field which denotes whether the api call can be made
anonymously. In combination with lp_restrict_anonymous() this can
decrease the amount of information that can be retrieved anonymously.
So far NetShareEnum, NetSessionEnum, NetGroupEnum, NetGroupGetUsers,
NetUserEnum, PrintQEnum, NetFileEnum cannot be called anonymously.
SamOEMChangePassword and NetServerEnum can be called anonymously.
All other functions can be called anonymously until it can be proven
that they can't to avoid breaking anything.
(This used to be commit ead6ab9602640aca5d1d8ac336f3a129f9466159)
|
|
(This used to be commit 29874f4b8fecdc7cbd84d656dafce54cca49e0b1)
|
|
and we seem to have eliminated the segfault.
Unfortunetly I'm still at a bit of a loss as to why it did segfault, but
the patch is correct in any case.
Andrew Bartlett
(This used to be commit 70c16188c7a267f9f3f8de0b6830f66c9e68a2c7)
|
|
The aim of this execise is to give the 'security>=user' code a straight paper
path. Security=share will sill call authorise_login(), but otherwise we avoid
that mess.
This allow *much* more accurate error code reporting, beocuse we don't start
pretending that we can use the (nonexistant) password etc.
Also in this patch is code to create the 'homes' share at session setup time
(as we have done in the past - been broken recently) and to record this on
the user's vuser struct for later reference. The changes here should also
allow for much better use of %H (some more changes to come here).
The service.c changes move a lot of code around, but are not as drastric
as they look...
(Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not
'*total_entries' was compared).
This code is needs testing, but passes my basic tests.
I expect we have lost some functionality, but the stuff I had expected
to loose was already broken before I started. In particular, we don't 'fall
back' to guest if the user cannot access a share (for security=user). If you
want this kind of stuff then you really want security=share anyway.
Andrew Bartlett
(This used to be commit 4c0cbcaed95231f8cf11edb43f6adbec9a0d0b5c)
|
|
and renamed to str_list_* as it is a better name.
Elrond should be satisfied now :)
(This used to be commit 4ae260adb9505384fcccfb4c9929cb60a45f2e84)
|
|
Jeremy.
(This used to be commit 1712a7b34a73ad89965961c0db4dd198d6b257c6)
|
|
Jeremy.
(This used to be commit 5e2571f424a40df4d67fe279517a9b21184b78e1)
|
|
we leave the gid alone.
Jeremy.
(This used to be commit 3f72910cf954b127c0cc06d6616ca2b8cd0d41ad)
|
|
initialising function. This patch thanks to the work of
"Stefan (metze) Metzmacher" <metze@metzemix.de>
This is partly to enable the transition to SIDs in the the passdb.
Andrew Bartlett
(This used to be commit 96afea638e15d4cbadc57023a511094a770c6adc)
|
|
Novell client).
Jeremy.
(This used to be commit ac49fd297acf27384a5e133a5fd7a32c1ba27ca6)
|
|
is that there are some times when we should return an EINTR from a select,
some times when we should not. As we can take a signal at any time, we
have to eat EINTR's in some selects. This means we need to check for
kernel oplock breaks more often in the main loop, as well as add the
queuing mechanism needed for the changenotify code (due to the mistake
in understanding POSIX semantics w.r.t. setting a signal mask in a
signal handler). This code now passes all my tests.
However, (and IMHO and I know tridge disagrees) - the correct way to
fix this is to run with RT signals blocked and explicitly unblock
them just before the main select, block them after and then process
them all in one place. Just my 2cents :-).
Jeremy.
(This used to be commit a8c85372e2826a07117c89b39270cde8641ce55d)
|
|
Jeremy.
(This used to be commit db8932c297096e6e957677c4ed944e4c319db1d8)
|
|
is being ignored on sighandler exit. This means we have to have a small
array of fd's, not a single one.
Jeremy.
(This used to be commit b06862e2de8d3bafbc10a9807501ef5bf148a61c)
|
|
in RAP or RPC environment.
(This used to be commit 3eec0d64c7c4592d4f0d74108fb0be2b7a22bde6)
|
|
client state to implement smb signing - this is a test at present.
Jeremy.
(This used to be commit a234e303558a25c4ea26b7f6788006e4fee651bf)
|
|
The problem was the NTLMv2 uses extra data in order to make reply/lookup
more difficult. That extra data includes the hostname, and the domain.
This matches Win2k (sort of) by sending this information.
Win2k connects with LMCompatibilityLevel=5 without a problem.
We can change the negotiation bits if we want, this should allow us to make
NTLMv2 the default for other clients as well.
Some of the extra #defines were found in the squid source.
Andrew Bartlett
(This used to be commit 17a5f67b3d1935baf6197ae967624eb847b66ac8)
|
|
Importantly:
The removal of the silly 'delete user script' behaviour when secuity=domain.
I have left the name the same - as it still does the (previously documented,
but not in smb.conf(5)) sane behaviour of deleting users on request.
When we decide what to do with the 'add user' functionality, we might
rename it.
Andrew Bartlett
(This used to be commit cdcfe3671eb7570e15649b77f708e6579055e7bc)
|
|
didn't make any sense, and its was always just strlen(password) anyway.
This fixes it to be strlen(password)+1
Andrew Bartlett
(This used to be commit c205b18bd6b9b69200ff3db55f2c641631d4ab40)
|
|
Jeremy.
(This used to be commit f536ec62242c5c644e03afa19f4a3ebedf36f80d)
|
|
my removal of the goto. Oops !
Jeremy.
(This used to be commit 4d3679e03e0c30602b1345cbf2fbf8587dff1f26)
|
|
Jeremy.
(This used to be commit 5c8351228c55f2403214351f6fd16fe231aee917)
|
|
Jeremy.
(This used to be commit 490b95a35d1e2ccd3b80db5cfcf7b9804901d36e)
|
|
Jeremy.
(This used to be commit 7e6db250804e51ce0883b972831da455d389cdcd)
|
|
Make some code static, add some const to the PAM code, and make the plaintext
password code actually function - particulary without the requirement to
modify the 'struct passwd' (which it assumed was made up of fstrings)
This kills some particularly ugly code in lib/util_pw.c
Andrew Bartlett
(This used to be commit 302dad4990ba5194f072e435465d9adaa089ae06)
|
|
Jeremy.
(This used to be commit d4dbb9cb1338332bda3651dc4b86abcf47e9c2d2)
|
|
another smbd and an incoming SIGUSR1 message arrived we'd break out of
the wait early - as we have to use sys_select() to wait for an oplock
response message, not sys_select_intr() (which ignores EINTR errors)
because of the real time signal kernel interface.
Jeremy.
(This used to be commit 3bb26957e3e7fb5059d21115546d189eaca34646)
|
|
Jeremy.
(This used to be commit fda7a11b093315a77ca1199119b5421a029ee883)
|
|
Jeremy.
(This used to be commit 174df5d914b149e52bf260e6502f2436c2720958)
|
|
(This used to be commit 37f1cd013da073ca23fd9b16ee8cfbf9a3e6cbd9)
|
|
cleanup some of the code in net_rpc_join re const warnings and
fstrings.
Passdb:
Make the %u and %U substituions in passdb work.
This is done by declaring these paramters to be 'const' and doing
the substitution manually. I'm told this is us going full circle,
but I can't really see a better way.
Finally these things actually seem to work properly...
Make the lanman code use the pdb's recorded values for homedir etc
rather than the values from lp_*()
Add code to set the plaintext password in the passdb, where it can
decide how to store/set it. For use with a future 'ldap password
change' option, or somthing like that...
Add pdb_unix, so as to remove the 'not in passdb' special cases from the
local_lookup_*() code. Quite small, as it uses the new 'struct passwd ->
SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd)
Other:
Fix up the adding of [homes] at session setup time to actually pass
the right string, that is the unix homedir, not the UNC path.
Fix up [homes] so that for winbind users is picks the correct name.
(bad interactions with the default domain code previously)
Change the rpc_server/srv_lsa_nt.c code to match NT when for the
SATUS_NONE_MAPPED reply: This was only being triggered on
no queries, now it is on the 'no mappings' (ie all mappings failed).
Checked against Win2k.
Policy Question: Should SID -> unix_user.234/unix_group.364 be
considered a mapping or not? Currently it isn't.
Andrew Bartlett
(This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34)
|
|
and there is no real reason for it to depend on more than the abilty
to compile the code.
(This used to be commit 64aaec137e39595e6e61b55eb525615683a1393c)
|
|
(This used to be commit 078e81530e9bc4e5f0b8e18aff0488386bce29a5)
|
|
This option was badly maintained, useless and confused our users and
distirbutors. (its SSL, therfore it must be good...)
No windows client uses this protocol without help from an SSL tunnel.
I can't see any reason why setting up a unix-side SSL wrapper would
be any more difficult than the > 10 config options this mess added
to samba in any case.
On the Samba client end, I think the LIBSMB_PROG hack should be
sufficient to start stunnel on the unix side. We might extend this
to take %i and %p (IP and port) if there is demand.
Andrew Bartlett
(This used to be commit b04561d3fd3ee732877790fb4193b20ad72a75f8)
|
|
funcitons.
(This used to be commit c37c1e39253d9d21f8ab38ab8d24f7e787008596)
|
|
that only contains an "everyone" DACL doesn't apply this to user and group
entries also.
Jeremy.
(This used to be commit 2f67f39d219bbe110d52ed2680fd8ac57946756f)
|
|
in '.' as invalid long filenames (special treatment for '.' and '..' which
are valid - yes Andrew I did this without strlen :-) :-).
Jeremy.
(This used to be commit 3180d8ba4ace9417033039d61d04c255da6f6a01)
|