Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
|
|
Guenther
|
|
Well known rids don't really belong into an rpc header, just use the ones
defined in security.idl.
Guenther
|
|
Guenther
|
|
|
|
|
|
All the callers just want the PAC_LOGON_INFO, so search for that in
ads_verify_ticket(), and don't bother the callers with the rest of the
PAC.
This change makes sense on it's own (removing boilerplate wrappers
that just confuse the code), but it also makes it much easier to
implement a matching ads_verify_ticket() function in Samba4 for the
s3compat proposal.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
where required.
Guenther
|
|
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time
as follows:
ccache build w/o patch
real 4m21.529s
ccache build with patch
real 3m6.402s
pch build w/o patch
real 4m26.318s
pch build with patch
real 3m6.932s
Guenther
|
|
Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> to point out that this does
not work and to agree it's not worth fixing :-)
|
|
Guenther
|
|
|
|
|
|
changing common code.
Jeremy.
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
|
|
Thanks gd
|
|
When something goes wrong, such as a typo in a parameter
name, we'll now display the failure instead of just returning
with -1 and no message.
|
|
Guenther
|
|
|
|
Updates usershare files in a backwards compatible way.
I don't intend to back port this fix to 3.5.x as it
depends on a version upgrade in the share_info.tdb share security database.
Jeremy.
|
|
This fixes bug #7290
Thanks to Mohan <mohann@silver-peak.com> for the bug report.
|
|
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
ntlmssp_state
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Address bug #7285 (NetBIOS Namespace Clash Handling).
Karolin
|
|
Guenther
|
|
|
|
|
|
This program allows the administrator to enable or disable AES
encryption when using vfs_smb_traffic_analyzer. It also generates new
keys, stores them to a file, so that the file can be reused on another
client or server.
|
|
Michael
|
|
A convenience function to increment a DWORD value under a (cluster-wide) lock
|
|
|
|
|
|
|
|
When a samba server process dies hard, it has no chance to clean up its entries
in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb.
For locking.tdb and brlock.tdb Samba is robust by checking every time we read
an entry from the database if the corresponding process still exists. If it
does not exist anymore, the entry is deleted. This is not 100% failsafe though:
On systems with a limited PID space there is a non-zero chance that between the
smbd's death and the fresh access, the PID is recycled by another long-running
process. This renders all files that had been locked by the killed smbd
potentially unusable until the new process also dies.
This patch is supposed to fix the problem the following way: Every process ID
in every database is augmented by a random 64-bit number that is stored in a
serverid.tdb. Whenever we need to check if a process still exists we know its
PID and the 64-bit number. We look up the PID in serverid.tdb and compare the
64-bit number. If it's the same, the process still is a valid smbd holding the
lock. If it is different, a new smbd has taken over.
I believe this is safe against an smbd that has died hard and the PID has been
taken over by a non-samba process. This process would not have registered
itself with a fresh 64-bit number in serverid.tdb, so the old one still exists
in serverid.tdb. We protect against this case by the parent smbd taking care of
deregistering PIDs from serverid.tdb and the fact that serverid.tdb is
CLEAR_IF_FIRST.
CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not
work when all smbds are restarted. For this, "net serverid wipe" has to be run
before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up
sessionid.tdb and connections.tdb.
While there, this also cleans up overloading connections.tdb with all the
process entries just for messaging_send_all().
Volker
|
|
Thanks to Geza Gemes <geza@kzsdabas.hu> for filing this bug
|
|
|
|
Guenther
|
|
Guenther
|
|
|
|
This permits to set the security descriptor of a registry
key from the unix command line.
Michael
|
|
Michael
|
|
Michael
|
|
sddl format
Michael
|