Age | Commit message (Collapse) | Author | Files | Lines |
|
in the right state when called. For example, when we use the unixuid
handler in the chain of handlers, and a backend decides to continue a
call asynchronously then we need to ensure that the continuation
happens with the right security context.
The solution is to add a new ntvfs operation ntvfs_async_setup(),
which calls all the way down through the layers, setting up anything
that is required, and takes a private pointer. The backend wanting to
make a async calls can use ntvfs_async_setup() to ensure that the
modules above it are called when doing async processing.
(This used to be commit a256e71029727fa1659ade6257085df537308c7d)
|
|
backends to open databases and perform any other privileged
operations that might be needed.
(This used to be commit 54fd395025656d9b264ba1c1fab6e3ce8ca3d357)
|
|
server supplied info structure.
- added SID_WORLD and SID_NETWORK to the foreign sids in the
provisioning, as these are auto-added to the nt_user_token (why is
that done? Andrew?)
(This used to be commit 1dff12fba88827660a2647457867bf4ff6bc8d3d)
|
|
doesn't actually leave us in the requested sec context between
requests yet, but it does prevent us from doing the samdb lookup on
every packet.
This change speeds up the BASE-MANGLE test against Samba4 with 5000
operations from 61 seconds to 16 seconds. For reference, Samba3 takes
27 seconds for the same test (the string and filename handling in
Samba4 is much more efficient than Samba3)
(This used to be commit da0481ac75a01270897da5aa24dbb2b431928b30)
|
|
(This used to be commit f522728728fa523ce7d9e73c93b27e71f3757d50)
|
|
"unixName" to be more ldap traditional
- register the unixuid module as all 3 ntvfs backend types, as it doesn't care what type of backend
it filters
(This used to be commit cd43def6ce280442306f14ca61508b4f7eb92cb6)
|
|
conjunction with the posix backend this gives us a way to correctly
setup the unix security context in Samba4.
I chose the following method to determine the unix uid's and gid's to
use given the list of SIDs from the login process
- look for a "UnixID" field in the sam record. If present, then use it
(check if the record is of the right type as well)
- if UnixID is not present, then look for the "UnixName" sam
field. If it is present then use getpwnam() or getgrnam() to find
the unix id.
- if UnixID and UnixName are not present, then look for a unix
account of the right type called by the same name as the sAMAccountName field.
- if none of the above work then fail the operation with NT_STATUS_ACCESS_DENIED
obviously these steps only work well with a local SAM. It will need to
be more sophisticated in future.
I did not put any cache in place at all. That will need to be added
for decent performance.
(This used to be commit 78b67d19b9766131f0270e451089ee5bb1aa8bd9)
|