Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
(This used to be commit d430fc278b8782f625cfafbff2a4efb936fdea36)
|
|
metze
(This used to be commit 48842cd9abcff744851ad1481309fb901be3a73b)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|
|
metze
(This used to be commit 5054890b6871f1e25938ae76a2d660ce168877e8)
|
|
metze
(This used to be commit 0ed07057d37ec6684a01ba699073b4ba6d671697)
|
|
now $privatedir/wins_config.ldb contains the wins partners
and $lockdir/wins.ldb contains the name records
metze
(This used to be commit baa4a7a9d4f16adf476846850a63dfbfd51b10b3)
|
|
Add the kpasswd server to our KDC, implementing the 'original' and
Microsoft versions of the protocol.
This works with the Heimdal kpasswd client, but not with MIT, I think
due to ordering issues. It may not be worth the pain to have this
code go via GENSEC, as it is very, very tied to krb5.
This gets us one step closer to joins from Apple, Samba3 and other
similar implementations.
Andrew Bartlett
(This used to be commit ab5dbbe10a162286aa6694c7e08de43b48e34cdb)
|
|
because
--user-sids required the extension to trusted domains.
Implement "winbind sealed pipes" parameter for debugging purposes.
Volker
(This used to be commit 3821a17bdb68b2f1389b5a150502c057d28569d2)
|
|
metze
(This used to be commit d49a1d2b15c7d17a5d6928a971fbe87d13686c2d)
|
|
(This used to be commit d2f80c0457f7404b2cac9df59a400130e9ad025f)
|
|
use pstring is next_token() now.
(This used to be commit a5b88bcd420eb7ae42283293541519e142be36e3)
|
|
works now
(This used to be commit 22f18a84242e5e68a2d57b6d7ff77c089ee7434a)
|
|
(This used to be commit 0963ab9c148772b961f17ec779213b0eb861e1dd)
|
|
the list:
This patch removes the 'domain logon' and 'domain master' controls from
Samba4, in favour of a 'server role =' that users can actually
understand.
We can expand the list of roles as needed, and nobody has to figure out
what a 'domain master' actually means.
Andrew Bartlett
(This used to be commit 31e755c2ced64dbd2681d5f6ef021a87dbeda689)
|
|
Samba to use the target principal name supplied in the mechTokenMIC of
an SPNEGO negTokenInit.
This isn't a great idea for security reasons, but is how Samba3 behaves,
and allows kerberos to function more often in some environments. It is
only available for CIFS session setups, due to the ordering of the
exchange.
Andrew Bartlett
(This used to be commit f6a645644127ae695a9f7288e0a469f2eb7f3066)
|
|
Fix a couple of bugs
Move samba3sam backend to lib/ldb/
Remove some more unused parameters
(This used to be commit 7f864d446d6af7cfd9fb8dbc496a29b36ec57ce9)
|
|
(This used to be commit 4a51a31571d12078e3c2c78641c0c844fc26925d)
|
|
Add userdata argument to function pointers for pm_process()
(This used to be commit 84b2fb34675fa557173621433838c5a7ec0f1283)
|
|
presented by regedt32. I think this hive is dynamically generated
from SAM information.
(This used to be commit feb341969e59540bc22e78df0d44b4d42c336d31)
|
|
retrieval of the smb.conf parameter categories. This will make writing
a smb.conf editor easier.
(This used to be commit 8db549b1506b5260c9eb16f40bbdae6a7c006fa2)
|
|
- get rid of redundeny dyn_CONFIGFILE argument to lp_load()
- fixed provisioning to work with completely pristine install,
creating an initial smb.conf is none is present
- added lp.set() and lp.reload() to loadparm ejs object interface
(This used to be commit c2691ef7126ddcee5f95970b78759b40a049d0a7)
|
|
required by ISO C99.
(This used to be commit 56fd21c806e816cf4c3d23881f26474f858b45e2)
|
|
template files
(This used to be commit c842144cbf642b10df21c979d3c4b9fe94384b96)
|
|
searches a js library
path set in "js include" in smb.conf.
This will allow us to start building up a library of common js code,
while avoiding the problem of hard-coding include paths in scripts
(This used to be commit ff60529ba2515df29a20b4a417327a3565ec8ee9)
|
|
have kerberos.
Andrew Bartlett
(This used to be commit 3d82b1417b9f2e31089cb8ee7e4f98bd226f2e75)
|
|
- make not finding smb.conf a level 1 message, not level 0. Most of our
tools handle no smb.conf, and those that don't should check for the
specific parameters they need, or use the defaults
(This used to be commit 8c17b61f8e0f6eefa6a1f853abc06d023627bbbb)
|
|
sam database = sam.ldb
and it will know to put it in the private dir, but if you use
sam database = ldap://server
it knows to use it as-is
(This used to be commit c5bccbc366db144d3e1cb7b21f0e3284d841dd06)
|
|
(This used to be commit ce6257b316bc66a3fc554487099976a853d25ddd)
|
|
Session Setup code.
Add a mem_ctx argument to a few of the NTLMv2 support functions, and
add smb.conf options to control client NTLMv2 behaviour.
Andrew Bartlett
(This used to be commit 3f35cdb218a3dae08a05e77452ca9f73716ceb28)
|
|
(This used to be commit 023fc567badba38b87895ea73515b2ce0b703a8c)
|
|
- this is an abstraction layer for print services,
like out NTVFS subsystem for file services
- all protocol specific details are still in rpc_server/spoolss/
- like the stupid in and out Buffer handling
- checking of the r->in.server_name
- ...
- this subsystem can have multiple implementation
selected by the "ntptr providor" global-section parameter
- I currently added a "simple_ldb" backend,
that stores Printers, Forms, Ports, Monitors, ...
in the spoolss.db, and does no real printing
this backend is basicly for testing, how the spoolss protocol
works
- the interface is just a prototype and will be changed a bit
the next days or weeks, till the simple_ldb backend can
handle all calls that are used by normal w2k3/xp clients
- I'll also make the api async, as the ntvfs api
this will make things like the RemoteFindFirstPrinterChangeNotifyEx(),
that opens a connection back to the client, easier to implement,
as we should not block the whole smbd for that
- the idea is to later implement a "unix" backend
that works like the current samba3 code
- and maybe some embedded print server vendors can write there own
backend that can directly talk to a printer without having cups or something like this
- the default settings are (it currently makes no sense to change them :-):
ntptr providor = simple_ldb
spoolss database = $private_dir/spoolss.db
metze
(This used to be commit 455b5536d41bc31ebef8290812f45d4a38afa8e9)
|
|
to globals only (no shares).
Andrew Bartlett
(This used to be commit 9e6112eee37927cd4deaa078ea09813e07c7c386)
|
|
This always loads all the services, as we now don't have an easy way
to split out smbd.
Andrew Bartlett
(This used to be commit 990e061939c76b559c4f5914c5fc6ca1b13e19dd)
|
|
included Heimdal) to Samba4.
Andrew Bartlett
(This used to be commit 51ba3ea60c265b837821b6c3e031dfe229c10d6a)
|
|
- by default enable tls if the certfile is set in smb.conf and gnutls library
was compiled in
(This used to be commit bbafdeae3a68c0ff1170b0a4ecc568664ec1a925)
|
|
web tls keyfile
web tls certfile
web tls cafile
web tls crlfile
(This used to be commit abfa3e9179557cf1853f490a479a0003ce4e11f7)
|
|
be accessed externally
- moved esp_lpGet() to web_server/calls.c
- attempt to fixup ejs build with includes.h again
(This used to be commit 592a81c347981420154ddf3b8d4252d3bb08bc86)
|
|
in esp scripts
lpGet takes 4 forms
v = lpGet("type:parm"); gets a parametric variable
v = lpGet("share", "type:parm"); gets a parametric variable on a share
v = lpGet("parm"); gets a global variable
v = lpGet("share", "parm"); gets a share variable
in all cases a ejs object of the appropriate type for the variable is returned.
This commit also adds the function typeof() which returns the type of an object
(This used to be commit 5537a0d38d4805cbc2dad0d6f76db15173b1fd60)
|
|
(This used to be commit 31543e1eae03d22343ea8c970494af36eb07b41f)
|
|
This includes an embedded server side scripting system called 'esp'
(see http://www.appwebserver.org/products/esp/esp.html) and javascript
based scripting language called 'esj' (see
http://www.appwebserver.org/products/ejs/ejs.html)
The justification for including this scripting language is that it
should make it much easier to write a high quality web interface for
Samba4. The scripting language can call into any Samba4 library code
(so for example it will be able to make ldb and loadparm calls), plus
it provides easy support for forms, cookies, sessions etc.
There is still quite a bit more work to do on the web server, but
there is enough here now for people to look at and comment. I will be
committing some sample web pages that test esp functionality shortly.
(This used to be commit 26f0ba92c0c565ac9e4cb5a079d795d4262497dd)
|
|
(no ACL support)
Andrew Bartlett
(This used to be commit 9f895f6482e45dd975baea7114748b65dbe6e688)
|
|
(This used to be commit 04af0e7c5de467a24b965ce1de2fb07621133164)
|
|
(This used to be commit 93e70717c7cb6aa591d3d83a70e5df03822fa17c)
|
|
server. Currently just listens on port 138 and parses the packets
(using IDL like the rest of NBT). This allows me to develop the
structures and test with real packets
(This used to be commit 10d64a525349ff96695ad961a3cfeb5bc7c8844f)
|
|
metze
(This used to be commit ac062a29799665121c15f60a8f5d25a3c68e51ae)
|
|
(This used to be commit e2cbe16c1e4e3912ecdccc6480a147478fff3d9e)
|
|
(This used to be commit b75f8fe1844c539d8a4e369225bcbe0e6f81e9de)
|
|
(This used to be commit ee61fab163ed7faccef908d7458a2038fdad0887)
|
|
- more NBT packet asserts, to ensure that incoming requests have all
the elements we depend on
- open the WINS database at startup if we are configured as a WINS server
- split out the nbtd server reply packet generation code so it can be
shared by the WINS server
- re-did the logic of what is answered by the WINS server and what by
the B node server. It now always tries to answer by the B node, and
only "recurses" to the WINS server for names that are not found.
(This used to be commit 5613e6b8ad9b32639caf5055f793dbc4d0a2fc19)
|
|
(This used to be commit bf43c9bdcf9e654d123f6a2b29feb9189ca9e561)
|