| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This patch ensures consistency in behaviour between NTLMSSP and NTLM
session setup handlers. By calling the same layer that auth_ntlmssp
calls, we can not only allow redirection of all authentication to the
AD DC, we ensure that map to guest and username map handling is
consistent, even in the file server alone.
Andrew Bartlett
|
|
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Mar 7 22:41:21 CET 2012 on sn-devel-104
|
|
Since the piddir got moved from the lockdir by default, the default piddir
wasn't getting created, stopping some configurations from running.
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
uuid_t is not defined without including sys/uuid.h, configure+waf checks added.
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Since the piddir got moved from the lockdir by default, the default piddir
wasn't getting created stopping some configurations from running.
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
The end point mapper is primarily in support of lsasd, and the key
SAMR, LSA and NETLOGON services being accessed over TCP/IP. The end
point mapper does not appear to be used for the well-known mappings to
named pipes, and we have a problem with how to safely register the
embedded pipes. For now, disable this to avoid re-registration storms
in production, until we sort out a better way.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Mar 7 14:27:38 CET 2012 on sn-devel-104
|
|
This ensures that these services are not accidentally registered in
these child processes.
Andrew Bartlett
|
|
Embedded RPC services are those not launched in the preforked lsasd
and spoolssd children.
The reason that these child processes were created is that is is not
possible to correctly listen for ncalrpc and TCP connections without
creating a child process. Therefore, we should not have these
embedded RPC services to listen on these sockets just because the
endpoint mapper has been enabled.
Andrew Bartlett
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Mar 7 01:34:05 CET 2012 on sn-devel-104
|
|
The plan is to have files_struct as some kind of low level
abstraction for a smb1/smb2 opens, that can be used by SMB_VFS modules.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Mar 6 23:04:01 CET 2012 on sn-devel-104
|
|
smbd_server_connection
The plan is to have connection_struct as some kind of low level
abstraction for a smb1/smb2 tree connects, that can be used by SMB_VFS modules.
metze
|
|
The plan is to have users_struct as some kind of low level
abstraction for a smb1/smb2 session, that can be used by SMB_VFS modules.
metze
|
|
metze
|
|
This is only used for AS_GUEST requests
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Tue Mar 6 14:29:50 CET 2012 on sn-devel-104
|
|
We were printing nmb->header.name_trn_id with %hu, which denotes a
short. However, header.name_trn_id is an int for the better or
worse.
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Mar 5 23:14:33 CET 2012 on sn-devel-104
|
|
This consults the two definitions for embedded, that is if the deamon is forking
or if the rpc_server:<interface> line is set to embedded.
Andrew Bartlett
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Both read_from_internal_pipe and tstream_readv_pdu_queue_recv return
ssize_t.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon Mar 5 17:38:16 CET 2012 on sn-devel-104
|
|
That's the only case where this can happen, so we should not clutter the main
code path.
|
|
|
|
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon Mar 5 15:13:49 CET 2012 on sn-devel-104
|
|
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Mar 5 09:50:17 CET 2012 on sn-devel-104
|
|
|
|
This checks not only the behaviour of the NTVFS file server, but also the
client library and authentication stack.
Andrew Bartlett
|
|
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Mon Mar 5 02:47:36 CET 2012 on sn-devel-104
|
|
Because revoking read-only copies of records is expensive, we only
want ctdbd to do it for high-turnover records. A basic heuristic is
that if we don't find a local copy of the record, don't ask for a
read-only copy.
The fetch itself will cause ctdbd to migrate the record, so eventually
we will have a local copy. Next time it gets migrated away, we'll
call ctdbd_fetch() with local_copy = true.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
This means we try to get a read-only copy of a record, which we can
then place in the local tdb.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
The new read-only record flags make determining if we can use a record
a bit more complex, so extract it into its own function.
The OLD logic was:
1) If the record doesn't exist, we can't use it.
2) If we are the dmaster for the record, we can use it.
The new logic is:
1) If the record doesn't exist, we can't use it.
2) If we are the dmaster for the record, we can use it IF we only
want read-only access, OR there are no read-only delegations.
3) If we are not dmaster, we can only use it if we want read-only
access and it is marked as a read-only copy.
This logic is unused until the next patches which begin to ask
for read-only copies of records.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Mar 5 01:10:01 CET 2012 on sn-devel-104
|
|
The callers always supply it. (this is a hold-over from the
security=share removal).
Andrew Bartlett
|
|
This uses a helper function to reduce duplication.
Andrew Bartlett
|
|
|
|
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.
The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok. This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server
At the same time, this closes the door on one of the most arcane areas
of Samba authentication.
Naturally, full user-name/password authentication remain available in
security=user and above.
This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.
Andrew Bartlett
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SHARE |
| security=share |
| |
| |
| 5 March |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Mar 4 23:18:10 CET 2012 on sn-devel-104
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Sun Mar 4 13:31:25 CET 2012 on sn-devel-104
|
|
This will help avoid runaway processes in the test env, particularly when
the whole selftest.pl is killed.
Andrew Bartlett
|
|
This will help avoid runaway processes in the test env, particularly
when the whole selftest.pl is killed.
Andrew Bartlett
|
|
We now only close fds 0, 1, 2 when we are a forked daemon, and take
care not to close a file descriptor that we might need for foreground
stdin monitoring.
This should fix stdout logging in the lsa and epmapper deamons (ie in
make test).
Andrew Bartlett
|
|
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sun Mar 4 10:13:24 CET 2012 on sn-devel-104
|
|
do net rpc keytab vampire
|
|
On some platforms socklen_t might be unsigned, so comparing for <0
always returns true. Also, tsocket_address_bsd_sockaddr returns
ssize_t.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Sat Mar 3 23:38:31 CET 2012 on sn-devel-104
|
|
metze
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
|
|
|
|
it makes the code easier to understand if it uses the names specified in MS-SMB2 instead
of just the underlying values
|
|
|
|
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Sat Mar 3 03:41:03 CET 2012 on sn-devel-104
|
