Age | Commit message (Collapse) | Author | Files | Lines |
|
Jeremy.
(This used to be commit 13ab94fa73dbaf54da0169bbcf4d027d5c07d207)
|
|
Jeremy.
(This used to be commit c0930e6d15eb68f06453d9b67142ccd7fb1370a0)
|
|
Jeremy.
(This used to be commit e81427c2d69be166afad94bc083e750e8f48fba7)
|
|
-------------------------------------------------------------------------
I think there are basically two problem:
1. Windows clients do not always send ACEs for SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ,
and SMB_ACL_OTHER.
The function ensure_canon_entry_valid() is prepared for that, but tries
to "guess" values from group or other permissions, respectively, otherwise
falling back to minimum r-- for the owner. Even if the owner had full
permissions before setting ACL. This is the problem with W2k clients.
2. Function set_nt_acl() always chowns *before* attempting to set POSIX ACLs.
This is ok in a take-ownership situation, but must fail if the file is
to be given away. This is the problem with XP clients, trying to transfer
ownership of the original file to the temp file.
The problem with NT4 clients (no ACEs are transferred to the temp file, thus
are lost after moving the temp file to the original name) is a client problem.
It simply doesn't attempt to.
I have played around with that using posic_acls.c from 3.0 merged into 2.2.
As a result I can now present two patches, one for each branch. They
basically modify:
1. Interpret missing SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, or SMB_ACL_OTHER
as "preserve current value" instead of attempting to build one ourself.
The original code is still in, but only as fallback in case current values
can't be retrieved.
2. Rearrange set_nt_acl() such that chown is only done before setting
ACLs if there is either no change of owning user, or change of owning
user is towards the current user. Otherwise chown is done after setting
ACLs.
It now seems to produce reasonable results. (Well, as far as it can. If
NT4 doesn't even try to transfer ACEs, only deliberate use of named default
ACEs and/or "force group" or the crystal ball can help :)
-------------------------------------------------------------------------
Jeremy.
(This used to be commit 8ec20cbae7ca7e685b1a4186d8482c7405915dc3)
|
|
Jeremy.
(This used to be commit 1cbd53dc3cd2d56f5e62d42fed5d589efcecb8f8)
|
|
differently to W2K, cope with this.
Jeremy.
(This used to be commit 172f415c9eaa4d310a52794e3dc1a6bc92206ce4)
|
|
(This used to be commit d8d2d5e75503ae2b6532a25e4c9bbcdf20cc60af)
|
|
Andrew Bartlett
(This used to be commit bd0c84d60b703e89081838a7cfa1eb1b4f45ad0a)
|
|
Jeremy.
(This used to be commit 3ad62ebe26d8c6b82f8618eea11d104b3ab0ec18)
|
|
(This used to be commit e8ec2b118071ce1d8cbfbcebce3781ac753c5c22)
|
|
(This used to be commit f80610120483c929afbec83d2b8649cb3e5111b0)
|
|
is..."
don't use pstrcpy() when you are not dealing with pstrings.
(This used to be commit 7d547f50f914747291acc71fd3544ad92ce91f0e)
|
|
(This used to be commit 6631984b12a3f74b93f7031c433dd81d6586a5df)
|
|
* distinguish WinXP from Win2k
* add a 1/3 of a second delay in OpenPrinter
in order to trigger a LAN/WAN optimization in
2k clients.
(This used to be commit 96570699d1b715f47c35aa211da6ec18f6fc4109)
|
|
- Add smb_probe_module()
- Add init_modules()
- Call these functions
(This used to be commit f8f21653225792c0001d183c6efe8b7d89a0785d)
|
|
for smb -> smb lock release). Adds new PENDING_LOCK type to lockdb
(does not interfere with existing locks).
Jeremy.
(This used to be commit 22fc0d48ff2052b4274c65f85050c58b235bf4e4)
|
|
cache the printer_info_2 with the open printer handle.
cache is invalidated on a mod_a_printer() call **on that smbd**.
Yes, this means that the window for admins to step on each other
from different clients just got larger, but since handles a generally
short lived this is probably ok.
(This used to be commit 33c7b7522504fb15989f32add8e9a087c8d9d0fa)
|
|
keys for kerberos authentication.
Andrew Bartlett
(This used to be commit 8b798f03dbbdd670ff9af4eb46f7b0845c611e0f)
|
|
make x_fwrite() match fwrite() in returning a size_t.
Andrew Bartlett
(This used to be commit 2943c695787b742e9a96b2eefe2d75f681bacf7c)
|
|
must not be freed afterwards.
Jeremy.
(This used to be commit 80bad908c0235a57446c70b9632d3415c9d2fcf5)
|
|
(This used to be commit b3f9cf8c1c293e905a536dfa5bb6a827627b7024)
|
|
This needs to change, to be a SID->UID lookup from the PAC.
Andrew Bartlett
(This used to be commit 4071ed06a051f87f27e10510427a69fcdf45ddac)
|
|
Jeremy.
(This used to be commit 634f20dff63d255c317f9dcc9f4caf4e8e79123c)
|
|
(This used to be commit 53b8f8a44141a9f6d36ed1b237ff65c67119edd0)
|
|
perms.
Jeremy.
(This used to be commit ac96fa173cc3bd1c3226634154d6f99e4034179f)
|
|
When we look see if a user is in a list, and we try to 'expand' an @group, we
should lookup the user's own list of groups, rather than looking for all the
members of a group.
I'm sure this will fix some nasty performance issues, particularly on large
domains etc. In particular, this avoids contacting winbind at all, if the
group is not a winbind group.
(This caused a deadlock on my winbind-on-PDC setup).
The groups list always includes the user's primary group, as per the
getgrouplist manpage, and my recent changes to our implementation.
Andrew Bartlett
(This used to be commit 9be21976f7662ebe6eb92fff7cecbdb352eca334)
|
|
caching code. Reduces load on winbindd. Probably should be moved to
use gencache at some future date.
Jeremy.
(This used to be commit 19f577e23ba3dd9101fb3e77a729906fdb8f5df7)
|
|
file. This is a regression that was damaged by other code.
Jeremy.
(This used to be commit 5cdc957ea6335d8bb4248065a3b60a0a26e766a8)
|
|
(not implemented yet)
(This used to be commit bceac9cdde04a57d661b6a7ece329fa6d5a169bd)
|
|
Thanks to Nir Livni <nirl@cyber-ark.com> for giving me the test case to
track it down.
Jeremy.
(This used to be commit c98ebb3031649203e607264ecb15722adf55af58)
|
|
- Don't use pstrcpy into an allocated string - use safe_strcpy() directly
instead.
- Keep a copy of the 'server_info' attached to the vuid. In future use this
for things like the session key, homedir and full name instead of current
copies.
- Try to avoid memory leak/segfault on Realloc failure
- clear up #endif comments
Andrew Bartlett
(This used to be commit 162477bb086827950b6cb71afa9bef62c2753c2e)
|
|
(This used to be commit 786d91d75c909f6d407b8466c89181f26e62e68f)
|
|
Thanks to Andrew Bartlett for spotting this.
(This used to be commit b4c210ccb05e71a8ddf1c25d028452dd5cd93c72)
|
|
Jeremy.
(This used to be commit dfb596b01288b7035c4448fd395e160a54144732)
|
|
Apparently acl_type is #defined to acl_common.entry_type in their acl.h....
Andrew Bartlett
(This used to be commit 3dfdaa0208ee538631378aa921300d95c596b70c)
|
|
Jeremy.
(This used to be commit 2110901b381f2a749605c8e8b262fa5ceba11169)
|
|
Jeremy.
(This used to be commit 651db9f242bb649f5efa4f4e59fe1ac0afe82981)
|
|
it work properly on 2.2 and the patch apply so I think it should be ok.
(This used to be commit 36b2f6c9320fe46a1b5d2c4e90117b7839c35f21)
|
|
(This used to be commit 69e94440cd89a19bbcebc49d87836153b452da47)
|
|
messages. Stops build-up of large numbers of smbd's waiting to terminate
on large print throughput.
Jeremy.
(This used to be commit 4ae130bfa82be60de6a6f357f65207fcb24f45fb)
|
|
level 2 and a request for open with no oplock is received then the
smbd should send *synchronous* break messages, not asynchronous,
otherwise it spins very rapidly, releasing the lock, sending the
'break to none' messages and then re-acquiring the lock before
any other process has a chance to get the lock and remove it's own
oplock (at least on linux).
Jeremy.
(This used to be commit d1e8991a76a57b7d96dd7db3c1d9bbf5b28da88e)
|
|
identical behaviour with previous versions
(This used to be commit 7cbb194b58a4313497541c1f8153533c5034b928)
|
|
testing :-). This gets the 'signiture' after the extended security blob,
rather than over the top of it.
Also move that code to the top of the file, with some of the other util functions.
Andrew Bartlett
(This used to be commit e5c67a012424e71cee340b16946babe2399c0fa1)
|
|
The idea here is to seperate, as much as possible, the SPNEGO layer from the
NTLMSSP layer. This not only helps us with protocol correctness, but also
should allow further mechinisms to be added with relitive ease. I indend to
make the kerberos code use this shortly.
I've never seen the 'zero length blob' form of the anonymous login, so I've
removed that case.
Andrew Bartlett
(This used to be commit a8773c9f825539c5bc17e4200b16d7ebbe0b7620)
|
|
(This used to be commit 9180e2d062ac18dc5e7e8d0737973dc9e806e412)
|
|
(This used to be commit c39c54e6b6adcdab7647e36e6c1b0acbdeeaf111)
|
|
- smbd/process.c: check log file sizes more often than in
timeout_processing()
- lib/debug.c: increment debug_count inside Debug1() instead of
when log file sizes are checked.
(This used to be commit 303710c2065850beebef678e657633497e4d8452)
|
|
open resources.
Jeremy.
(This used to be commit 0173d6fe164568a73247fa542895443fad6c20c3)
|
|
(This used to be commit 60c13a767523e3ec4db7ee5f5c6b20ca07d2a00a)
|
|
of the SWAT code, and adding a base64 encoder.
The main purpose of this patch is to add NTLMSSP support to 'ntlm_auth', for
use with Squid. Unfortunetly the squid side doesn't quite support what we need
yet.
Changes to winbind to get us the info we need, and a couple of consequential
changes/cleanups in the rest of the code.
Andrew Bartlett
(This used to be commit fe50ca8f54ded2e119bde08831785fbe0db2ee99)
|