Age | Commit message (Collapse) | Author | Files | Lines |
|
If we are actually a DC, then the only SID we have is the domain SID,
and looking for it under the local name fails if we are a Samba4 AD DC.
Andrew Bartlett
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
|
This ensures that the translations and any embedded strings are in the
same charset. It won't be the one from the user's locale (we no
longer auto-detect that), but it will be self-consistent.
Thanks to Steve Langasek for pointing this function out!
Andrew Bartlett
|
|
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.
Andrew Bartlett
|
|
This is no different to the rest of dynconfig, and so should be dealt
with there.
Andrew Bartlett
|
|
This is a tool to check the consistency of an idmap tdb database.
The default mode is to scan the database and list invalid entries,
e.g. records with an invalid format, or records which are valid
but for which the reverse mapping entry is missing.
With the "--repair" switch, one can enter an interactive
repair mode which will prompt for each invalid entry found
with the option to delete, skip or edit the record.
There is also a non-interactive repair mode triggered by "--auto"
which will remove all records with invalid content and fill up
mappings which are missing the reverse entry.
The "--test" parameter lets "net idmap check" only list the
changes that would be written and not actually commit them to
the database.
The "--lock" option allows to lock the database already in the
first reading traverse, in order to remove the race when the
database has to be closed and reopened again before writing
the changes.
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Mon Apr 4 18:21:09 CEST 2011 on sn-devel-104
|
|
Guenther
|
|
Guenther
|
|
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Feb 2 14:58:52 CET 2011 on sn-devel-104
|
|
Someone wasn't careful about testing when not running as root :-).
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Dec 15 20:45:25 CET 2010 on sn-devel-104
|
|
By removing this global variable, the API between the two different
debug systems is made more similar. Both s3 and s4 now have
lp_set_cmdline() which ensures that the smb.conf cannot overwrite
these the user-specified log level.
Andrew Bartlett
|
|
This change improves the setup_logging() API so that callers which
wish to set up logging to stderr can simply ask for it, rather than
directly modify the dbf global variable.
Andrew Bartlett
|
|
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
|
|
Volker, please check.
Guenther
|
|
Guenther
|
|
|
|
Guenther
|
|
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
When a samba server process dies hard, it has no chance to clean up its entries
in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb.
For locking.tdb and brlock.tdb Samba is robust by checking every time we read
an entry from the database if the corresponding process still exists. If it
does not exist anymore, the entry is deleted. This is not 100% failsafe though:
On systems with a limited PID space there is a non-zero chance that between the
smbd's death and the fresh access, the PID is recycled by another long-running
process. This renders all files that had been locked by the killed smbd
potentially unusable until the new process also dies.
This patch is supposed to fix the problem the following way: Every process ID
in every database is augmented by a random 64-bit number that is stored in a
serverid.tdb. Whenever we need to check if a process still exists we know its
PID and the 64-bit number. We look up the PID in serverid.tdb and compare the
64-bit number. If it's the same, the process still is a valid smbd holding the
lock. If it is different, a new smbd has taken over.
I believe this is safe against an smbd that has died hard and the PID has been
taken over by a non-samba process. This process would not have registered
itself with a fresh 64-bit number in serverid.tdb, so the old one still exists
in serverid.tdb. We protect against this case by the parent smbd taking care of
deregistering PIDs from serverid.tdb and the fact that serverid.tdb is
CLEAR_IF_FIRST.
CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not
work when all smbds are restarted. For this, "net serverid wipe" has to be run
before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up
sessionid.tdb and connections.tdb.
While there, this also cleans up overloading connections.tdb with all the
process entries just for messaging_send_all().
Volker
|
|
|
|
This is the basis to implement global locks in ctdb without depending on a
shared file system. The initial goal is to make ctdb persistent transactions
deterministic without too many timeouts.
|
|
|
|
|
|
|
|
If we put strings like "Usage:" into separate _() macros and not the whole
"Usage:..." string we can cover much more messages by only one single
translation. The drawback is that the message in the sources looks less pretty.
|
|
Guenther
|
|
This was meant to support async winbind. But as the hairy parts of async
winbind (getgrent) are done without it, it can go again.
|
|
These replace the functionality of wbinfo --get-auth-user/--set-auth-user
|
|
bindtextdomain or textdomain. C'mon, this is what configure.in
is *FOR*.
Jeremy.
|
|
|
|
|
|
This reverts commit fb262f79fab00374023e59476e8d05a1015a7041
and related commits c36031778e1983ddb11d3e1fcab35e738dbf94bc
72fd5fa6bb78a054fad5e5ebe19a0c0387a7d45b and
38cd0e086f50ce54d88a19aa5a6803469af90489
This change caused more trouble than it solved. We need to do this differently.
Reverting so we don't accidently release this.
|
|
This provides a compromise between stability and performance: gencache is a
persistent database these days that for performance reasons can not use tdb
transactions for all writes. This patch splits up gencache into gencache.tdb
and gencache_notrans.tdb. gencache_notrans is used with CLEAR_IF_FIRST, writes
to it don't use transactions. By default every 5 minutes and when a program
exits, all entries from _notrans.tdb are transferred to gencache.tdb in one
transaction.
|
|
Attention:
The meaning of the -N flag changed.
To get the old meaning for net groupmap set, use the long option --ntname
The long option for using kerberos changed from --kerberos to --use-kerberos
net rpc commands will now prompt for a password if none is given.
As a benefit, net will now accept an authentication file like other samba
command line tools. So no need to specify the password on the command line in
scripts anymore.
This should fix bug #6357
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Guenther
|
|
metze
|
|
|
|
This allows to dump a native (non-wrapped) win32 *.evt eventlog file.
Guenther
|
|
This adds a lua command line interpreter with some sample code how to build
your own data types based on our internal data types.
Not meant as the final word, but as a playground for experiments for people.
Might be removed later when we find this turns out to be too awkward.
|
|
Also eliminates name conflicts with OneFS system libraries
|
|
This allows to control cleaning the keytab.
It will only clean old occurences of keys that are replicated in
this run. So if you want to ensure things are cleaned up, combine
this switch with --force-full-repl or --single-obj-repl (+dn list).
Michael
(This used to be commit 21385e1c635ea67215eb1da90e7dca97ae2f5d56)
|
|
This controls whether single object replication is to be used.
This only has an effect when at least one object dn is given
on the commandline.
NOTE: Now the default is to use normal replication with uptodateness
vectors and use object dns given on the command line as a positive
write filter. Single object replication is only performed when this
new switch is specified.
Michael
(This used to be commit 0f81111ea8c049eb60f98d4939e520a5a562d2e6)
|
|
This more clear.
Michael
(This used to be commit 0ddde9aae88e6244276e1c143056a4bfc7c7fcca)
|
|
I.e. replication without keeping track of the up to date vector.
Michael
(This used to be commit d4b36e447bce8692416e132ab9f53a6282f54cac)
|
|
Guenther
(This used to be commit 4cce94d464b16d29b638da3a581d98a237959b63)
|
|
This backs out the workaround Jerry added in
4c3bfea9f8d238f9100eaa264b9b2941dff5a6dd.
Thanks for the catch.
(This used to be commit 20e0bb4800938863cb0aac1a19473748132043fc)
|
|
(This used to be commit bb7c5fc4ec77db4073d3beccf12af12910b6bd07)
|