| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
return to correctly return NT_STATUS_INVALID_OWNER if it
should be disallowed. Matches better what W2K3R3 does.
NFSv4 ACL module owners, please examine these changes.
Jeremy.
|
|
|
|
|
|
|
|
|
|
| |
This was only affecting the newer versions of usrmgr.exe, because they
use a user_info_25 struct. The password is getting set separately
inside that code, so the password last set time was getting set from the
password change logic.
We also were not parsing a number of fields (like logon hours) from the
user_info_25. That should also be fixed.
|
|
|
|
| |
Guenther
|
|
|
|
|
|
|
| |
code into a generic tdb validation code.
In lib/util_tdb.c for a start.
Michael
|
|
|
|
|
|
|
| |
We were incorrectly using the renew_till timestamp instead of the renewed
ticket's endtime to calculate the next refreshing date.
Guenther
|
|
|
|
| |
Guenther
|
|
|
|
|
|
| |
reg #defines use "REG_" prefix. Michael - please check
gcc warnings on compiles.
Jeremy.
|
|
|
|
| |
failed expression in SMB_ASSERT.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The global options are stored as values in the subkey "global"
of the SMBCONF registry key.
The activation is accomplished in smb.conf though a new special
semantic of the "include" parameter: "include = registry" triggers
the processing of the registry global options exactly at the
position of the include statement. Options read from the registry
take the same precedence as parameters loaded from a file via
include. Need to reload the registry globals is detected by
watching the tdb sequence number.
Registry shares are automatically activated when the registry
globals are processed.
So a "registry only" configuration can be realized by an
smb.conf that looks as follows:
================================
[global]
include = registry
================================
The global options and registry shares can be conveniently
edited with the "net conf" utility.
Caveat:
A possible pitfall consists in using "include = registry"
together with the "lock directory" directive in the registry.
This problem will be addressed in the next time.
Note on the code:
Processing of the registry options is accomplished by a function
process_registry_globals() in loadparm.c The current version is
only an interim solution: It is handcoded instead of using the
infrastructure of reg_api.c. The reason for this is that using
reg_api still has too large linker dependencies, bloating virtually
all targets by PASSDB_OBJ, SMBLDAP_OBJ, GROUPDB_OBJ and LDB stuff.
A version of process_registry_globals that uses reg_api is
included but commented out. The goal is to eventually refactor
and restructure the registry code so that one can use the reg_api
to access only the registry tdb and not link all the dynamic
backends with all their linking implications.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
activation of global registry options in loadparm.c, mainly to
extract functionality from net_conf.c to be made availabel elsewhere
and to minimize linker dependencies.
In detail:
* move functions registry_push/pull_value from lib/util_reg.c to new file
lib/util_reg_api.c
* create a fake user token consisting of builtin administrators sid and
se_disk_operators privilege by hand instead of using get_root_nt_token()
to minimize linker deps for bin/net.
+ new function registry_create_admin_token() in new lib/util_reg_smbconf.c
+ move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c
+ adapt net_conf.c and Makefile.in accordingly.
* split lib/profiles.c into two parts: new file lib/profiles_basic.c
takes all the low level mask manipulation and format conversion functions
(se_priv, privset, luid). the privs array is completely hidden from
profiles.c by adding some access-functions. some mask-functions are not
static anymore.
Generally, SID- and LUID-related stuff that has more dependencies
is kept in lib/profiles.c
* Move initialization of regdb from net_conf.c into a function
registry_init_regdb() in lib/util_reg_smbconf.c.
Michael
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I'm 100% certain I've forgotten to merge something, but the main code
should be in. It's mainly in dbwrap_ctdb.c, ctdbd_conn.c and
messages_ctdbd.c.
There should be no changes to the non-cluster case, it does survive make
test on my laptop.
It survives some very basic tests with ctdbd enables, I did not do the
full test suite for clusters yet.
Phew...
Volker
|
|
|
|
|
|
|
|
|
|
|
| |
in a lookup_sidX reply isn't optional - like the
lookup_sidX query it needs to be defined in the
struct.
All this will go away with PIDL (thank goodness....).
Jerry - I think this is a showstopper to be merged
for 3.0.25b.
I'll be watching the build farm to see if anything broke.
Jeremy.
|
|
|
|
| |
Guenther
|
|
|
|
|
| |
are now identical, use the same version number (16) for both.
Jeremy.
|
|
|
|
|
|
| |
headers on HP-UX (lber_types.h defines _LBER_TYPES_H).
metze
|
|
|
|
|
|
|
| |
as we can't replace this function in libreplace and we do
the some stuff for other function in the same way.
metze
|
|
|
|
| |
if this is not correct.
|
|
|
|
| |
call renames for svcctl in the previous commit
|
|
|
|
| |
SAMBA_3_0_26
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
> Here's the problem I hit:
>
> getgrnam("foo") -> nscd -> NSS -> winbindd ->
> winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() ->
> getgrnam("foo") -> nscd -> ....
>
> This is in the SAMBA_3_0 specifically but in theory could happen
> SAMBA_3_0_25 (or 26) for an unknown group.
>
> The attached patch passes down enough state for the
> name_to_sid() call to be able to determine the originating
> winbindd cmd that came into the parent. So we can avoid
> making more NSS calls if the original call came in trough NSS
> so we don't deadlock ? But you should still service
> lookupname() calls which are needed for example when
> doing the token access checks for a "valid groups" from
> smb.conf.
>
> I've got this in testing now. The problem has shown up with the
> DsProvider on OS X and with nscd on SOlaris and Linux.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
were using
netr_GetDcAnyName all the time (which is the correct thing to do).
Fix the naming and opcode mixup in all branches.
Guenther
|
|
|
|
|
|
|
|
|
|
| |
branch, please check if it fulfils your needs.
Two changes: The validation is not done inside the brlock.c traverse_fn,
it's done as a separate routine.
Secondly, this patch does not call the checker routines in smbcontrol
directly but depends on a running smbd.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This replaces the internal explicit dev/ino file id representation by a
"struct file_id". This is necessary as cluster file systems and NFS
don't necessarily assign the same device number to the shared file
system. With this structure in place we can now easily add different
schemes to map a file to a unique 64-bit device node.
Jeremy, you might note that I did not change the external interface of
smb_share_modes.c.
Volker
|
| |
|
| |
|
|
|
|
| |
Guenther
|
|
|
|
|
|
|
| |
netr_DsRGetDCNameEx2) and add new ds request and reply flags, also add some
more WERROR codes.
Guenther
|
|
|
|
|
|
| |
This removes message_block / message_unblock. I've talked to Jeremy and
Günther, giving them my reasons why I believe they have no effect.
Neither could come up with a counter-argument, so they go :-)
|
|
|
|
|
|
|
|
|
|
|
| |
is now
replaced by MSG_FLAG_LOWPRIORITY or'ed into the msg_type. To enable this,
changed the msg_type definitions to hexadecimal.
This way we could theoretically add the MSG_FLAG_NODUPLICATES again, but I
would rather not do this, because that one is racy and can't be guaranteed at
all.
|
|
|
|
| |
Jeremy.
|
|
|
|
|
|
| |
in Samba4 smbtorture. Fix rename on an open file handle.
Needed for 3.0.25a.
Jeremy.
|
|
|
|
|
|
|
|
|
|
|
| |
doing this because for the clustering the marshalling is needed in more
than one place, so I wanted a decent routine to marshall a message_rec
struct which was not there before.
Tridge, this seems about the same speed as it used to be before, the
librpc/ndr overhead in my tests was under the noise.
Volker
|
|
|
|
|
|
| |
with the Apple guys and Linux kernel guys. Still looking
at how to do writeX as there's no recvfile().
Jeremy.
|
| |
|
|
|
|
| |
replace all data_blob(NULL, 0) calls.
|
| |
|
| |
|
|
|
|
|
|
| |
tokenGroup attribute.
Guenther
|
|
|
|
|
|
|
|
| |
ALLOWED OBJECT
ACEs).
Guenther
|
|
|
|
|
|
|
|
| |
search with
the SD_FLAGS control.
Guenther
|
|
|
|
|
|
|
|
| |
preparation of
adding GPO security filtering for libgpo).
Guenther
|
|
|
|
|
|
| |
return values of some alias-releated pdb functions from BOOL to NTSTATUS
Thanks :-)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
different
database backends in place dynamically.
The main abstractions are db_context and db_record, it should be mainly
self-describing, see include/dbwrap.h. You open the db just as you would open
a tdb, this time with db_open(). If you want to fetch a record, just do the
db->fetch() call, if you want to do operations on it, you need to get it with
fetch_locked().
I added dbwrap_file.c (not heavily tested lately) as an example for what can
be done with that abstraction, uses a file per key. So if anybody is willing
to shape that up, we might have a chance on reiserfs again.... :-)
This abstraction works fine for brlock.tdb, locking.tdb, connections.tdb and
sessionid.tdb. It should work fine for the others as well, I just did not yet
get around to convert them.
If nobody loudly screams NO, then I will import the code that uses this soon.
Volker
|
|
|
|
| |
server_id' instead of a 'uint32 pid'
|
|
|
|
|
|
| |
lib/util_tdb.c exactly match the definitions. (There were
some [u]int_32_t instead of [u]int32, which made a gcc 2.95
on an old AIX without system [u]int32[_t] types complain...)
|
|
|
|
|
|
|
|
|
| |
patch.
This changes "struct process_id" to "struct server_id", keeping both is
just too much hassle. No functional change (I hope ;-))
Volker
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vista. Vista provides a plethora of kludges to simulate older versions of
Windows. The kludges are in the form of shortcuts (or more likely symbolic
links, but I don't know enough about Vista to determine that definitively)
and in most cases, attempts to access them get back an "access denied"
error. On one particular folder, however, "<share>/Users/All Users", it
returns an unknown (to ethereal and the Samba3 code) NT status code:
0x8000002d. Although this code does not have a high byte of 0xc0 indicating
that it is an error, it appears to be an alternate form of "access denied".
Without this patch, libsmbclient times out on an attempt to enumerate that
folder rather than returning an error to the caller. This patch corrects
that problem.
|