Age | Commit message (Collapse) | Author | Files | Lines |
|
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
|
|
Volker, please check.
Guenther
|
|
Guenther
|
|
|
|
Guenther
|
|
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
When a samba server process dies hard, it has no chance to clean up its entries
in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb.
For locking.tdb and brlock.tdb Samba is robust by checking every time we read
an entry from the database if the corresponding process still exists. If it
does not exist anymore, the entry is deleted. This is not 100% failsafe though:
On systems with a limited PID space there is a non-zero chance that between the
smbd's death and the fresh access, the PID is recycled by another long-running
process. This renders all files that had been locked by the killed smbd
potentially unusable until the new process also dies.
This patch is supposed to fix the problem the following way: Every process ID
in every database is augmented by a random 64-bit number that is stored in a
serverid.tdb. Whenever we need to check if a process still exists we know its
PID and the 64-bit number. We look up the PID in serverid.tdb and compare the
64-bit number. If it's the same, the process still is a valid smbd holding the
lock. If it is different, a new smbd has taken over.
I believe this is safe against an smbd that has died hard and the PID has been
taken over by a non-samba process. This process would not have registered
itself with a fresh 64-bit number in serverid.tdb, so the old one still exists
in serverid.tdb. We protect against this case by the parent smbd taking care of
deregistering PIDs from serverid.tdb and the fact that serverid.tdb is
CLEAR_IF_FIRST.
CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not
work when all smbds are restarted. For this, "net serverid wipe" has to be run
before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up
sessionid.tdb and connections.tdb.
While there, this also cleans up overloading connections.tdb with all the
process entries just for messaging_send_all().
Volker
|
|
|
|
This is the basis to implement global locks in ctdb without depending on a
shared file system. The initial goal is to make ctdb persistent transactions
deterministic without too many timeouts.
|
|
|
|
|
|
|
|
If we put strings like "Usage:" into separate _() macros and not the whole
"Usage:..." string we can cover much more messages by only one single
translation. The drawback is that the message in the sources looks less pretty.
|
|
Guenther
|
|
This was meant to support async winbind. But as the hairy parts of async
winbind (getgrent) are done without it, it can go again.
|
|
These replace the functionality of wbinfo --get-auth-user/--set-auth-user
|
|
bindtextdomain or textdomain. C'mon, this is what configure.in
is *FOR*.
Jeremy.
|
|
|
|
|
|
This reverts commit fb262f79fab00374023e59476e8d05a1015a7041
and related commits c36031778e1983ddb11d3e1fcab35e738dbf94bc
72fd5fa6bb78a054fad5e5ebe19a0c0387a7d45b and
38cd0e086f50ce54d88a19aa5a6803469af90489
This change caused more trouble than it solved. We need to do this differently.
Reverting so we don't accidently release this.
|
|
This provides a compromise between stability and performance: gencache is a
persistent database these days that for performance reasons can not use tdb
transactions for all writes. This patch splits up gencache into gencache.tdb
and gencache_notrans.tdb. gencache_notrans is used with CLEAR_IF_FIRST, writes
to it don't use transactions. By default every 5 minutes and when a program
exits, all entries from _notrans.tdb are transferred to gencache.tdb in one
transaction.
|
|
Attention:
The meaning of the -N flag changed.
To get the old meaning for net groupmap set, use the long option --ntname
The long option for using kerberos changed from --kerberos to --use-kerberos
net rpc commands will now prompt for a password if none is given.
As a benefit, net will now accept an authentication file like other samba
command line tools. So no need to specify the password on the command line in
scripts anymore.
This should fix bug #6357
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Guenther
|
|
metze
|
|
|
|
This allows to dump a native (non-wrapped) win32 *.evt eventlog file.
Guenther
|
|
This adds a lua command line interpreter with some sample code how to build
your own data types based on our internal data types.
Not meant as the final word, but as a playground for experiments for people.
Might be removed later when we find this turns out to be too awkward.
|
|
Also eliminates name conflicts with OneFS system libraries
|
|
This allows to control cleaning the keytab.
It will only clean old occurences of keys that are replicated in
this run. So if you want to ensure things are cleaned up, combine
this switch with --force-full-repl or --single-obj-repl (+dn list).
Michael
(This used to be commit 21385e1c635ea67215eb1da90e7dca97ae2f5d56)
|
|
This controls whether single object replication is to be used.
This only has an effect when at least one object dn is given
on the commandline.
NOTE: Now the default is to use normal replication with uptodateness
vectors and use object dns given on the command line as a positive
write filter. Single object replication is only performed when this
new switch is specified.
Michael
(This used to be commit 0f81111ea8c049eb60f98d4939e520a5a562d2e6)
|
|
This more clear.
Michael
(This used to be commit 0ddde9aae88e6244276e1c143056a4bfc7c7fcca)
|
|
I.e. replication without keeping track of the up to date vector.
Michael
(This used to be commit d4b36e447bce8692416e132ab9f53a6282f54cac)
|
|
Guenther
(This used to be commit 4cce94d464b16d29b638da3a581d98a237959b63)
|
|
This backs out the workaround Jerry added in
4c3bfea9f8d238f9100eaa264b9b2941dff5a6dd.
Thanks for the catch.
(This used to be commit 20e0bb4800938863cb0aac1a19473748132043fc)
|
|
(This used to be commit bb7c5fc4ec77db4073d3beccf12af12910b6bd07)
|
|
(This used to be commit 0feb40bc8408412336c667df4f8bf57c77446ca7)
|
|
(This used to be commit 122dfe876d954ee3b3796951df16e1be9e9b0eb8)
|
|
(This used to be commit e9be24a2cbbd9bc7075c0fe75d44d51184f84dba)
|
|
(This used to be commit 73fb5f392dbc1966ec34217e39d565200e071aaf)
|
|
Kai, that one actually needs to stay a global external variable in order to
support debuglevel definition only on the commandline for net.
Guenther
(This used to be commit f6ba7333ab31332198b59651b4252cb3f897b6aa)
|
|
Guenther
(This used to be commit 60bce925746590aabf489f0c771afd732c32f5a0)
|
|
(This used to be commit 25d4c6f692cf50d675a1de7c6eaeed271f349289)
|
|
(This used to be commit 3f10527f79dddff703d31588cad3e9f37176565b)
|
|
(This used to be commit 0f5ebdf0bc5610bf93a4db67c9f9513683306c66)
|
|
(This used to be commit 84a116be9c849900678e6e0a4b012e819e697c78)
|
|
(This used to be commit 3ddd9c09e3b51df01ac34a9a1537e8954d2b1167)
|
|
(This used to be commit 4ca08a5acc90c77d56f8f3e38443f23f43f034e8)
|
|
(This used to be commit d0237a736858a48494583ce7f960ea980768aa6c)
|
|
(This used to be commit a8b567aac3b0e39cfe67fb97167b10312ca5e73a)
|