| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(based on Simo's code in trunk). Rewritten with the
following changes:
* privilege set is based on a 32-bit mask instead of strings
(plans are to extend this to a 64 or 128-bit mask before
the next 3.0.11preX release).
* Remove the privilege code from the passdb API
(replication to come later)
* Only support the minimum amount of privileges that make
sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
instead of the 'is a member of "Domain Admins"?' check that started
all this.
Still todo:
* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
Samba DC to another.
* Come up with some management tool for manipultaing privileges
instead of user manager since it is buggy when run on a 2k client
(haven't tried xp). Works ok on NT4.
|
| |
|
|
|
|
|
| |
return the appropriate reg value. Enforcement to be added soon.
Also, fix account policy tdb upgrade so it doesn't just wipe out everything
that was in there from a a previous version.
|
| |
|
|
|
| |
when we have it in smb_msleep.
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
* In an application with signals, it was possible for functions to block
indefinitely while awaiting timeouts. This patch ensures that if a system
call with a timeout is aborted and needs to be restarted, it is restarted
with a timeout which is adjusted for the amount of time already waited.
Jeremy.
|
| |
|
|
|
| |
to prevent uninitialized creds being freed.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
earlier malloc changes.
Jeremy.
|
| |
|
|
|
| |
configure.in tests and code for sendfile on AIX.
Jeremy.
|
| |
|
|
| |
Jeremy
|
| |
|
|
|
|
|
|
|
|
|
|
| |
retry-loop.
This fixes a deadlock-situation when ldapsam is used with the ldapi
interface: getpeername won't fail while trying to detect dead
connections on unix domain sockets. When the ldapi-connection was closed
server-side (due to OpenLDAP's idletimeout) we *never* got a new LDAP
connection.
Guenther
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
tells the
AFS client when to throw away a token.
Thanks,
Volker
|
| |
|
|
|
|
| |
Thanks,
Volker
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
This was a missing merge from HEAD or rather a commit to 3_0 from the wrong
source. Fixed slightly over HEAD, HEAD merge will follow.
Deal with connection refused according to the specs.
Volker
|
| |
|
|
|
| |
is reset to C to get ASCII-compatible toupper/lower functions.
Jeremy.
|
| |
|
|
|
|
|
| |
been in the
bitmap code for ever. Remove silly extra space in paranoid malloc.
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
| |
change the way we check for errors after a dlopen (which
may set internal warnings which get picked up by mistake
in dlsym).
Jeremy
|
| |
|
|
|
|
|
| |
consistent
enum type for Protocol extern.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
already sent the
header using send(). As our implementation of sendfile can't return EINTR (it
restarts in that case) use an errno of EINTR to signal the linux sendfile fail
after header case. When that happens send the rest of the data and then turn
off sendfile. Sendfile should be safe to enable on all systems now (even though
it may not help in all performance cases).
Jeremy.
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
| |
simultaeneously to all
DCs found. The first one to reply wins.
Volker
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
abartlet, I'd like to ask you to take a severe look at this!
We have solved the problem to find the global groups a user is in twice: Once
in auth_util.c and another time for the corresponding samr call. The attached
patch unifies these and sends them through the passdb backend (new function
pdb_enum_group_memberships). Thus it gives pdb_ldap.c the chance to further
optimize the corresponding call if the samba and posix accounts are unified by
issuing a specialized ldap query.
The parameter to activate this ldapsam behaviour is
ldapsam:trusted = yes
Volker
|
| |
|
|
|
|
| |
backends such as nss_ldap.
Volker
|
| |
|
|
| |
Jeremy
|
| |
|
|
| |
Guenther
|
| |
|
|
|
|
| |
fix the modules too... First step in fixing out large directories
problem.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
session
setups on its way to open a pipe. This gets rid of many round-trips to the
LDAP server during logon by setting up the server_info_guest once and not
asking the LDAP server and nss every time. Make sure that the ldap connection
is reopened in the child. (I did not look at the sql backends.)
Volker
|
| |
|
|
|
|
|
|
|
|
|
| |
is not
correct anymore. If we actually open the tdb before the fork, we end up
opening the tdb twice. Jerry, jra, this also happens in the locking and
printing subsystems. You might want to check it there (not that it actually
happens right now, but this gave me some confusion lately...).
Volker
|
| |
|
|
| |
standard_sub_snum() to use the current user's gid; add some (snum == -1) checks to standard_sub_advanced()
|
| |
|
|
|
|
| |
<bill+samba@bfccomputing.com>.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I've been grumbling about under-efficient calls in SAMR, and finally
got around to fixing some of them.
We now call sys_getgroups() (which in turn calls initgroups(), until
glibc 3.4 is released) to figure out a user's group membership. This
is far, far more efficient than scanning all the groups looking for a
match, and is still the 'posix way', just using an effiecient call.
The seperate issue of 'who is in this group' remains, but this one has
been biting some people.
I need to talk to VL about how best to exersise nasty corner cases,
but my initial tests hold strong. (The code is also much simpiler
than before, which has to count for something :-)
Andrew Bartlett
|
| |
|
|
|
| |
very rarely used, but we sohuldn't be removing a feature in a minor
release of this kind.
|
| |
|
|
|
|
|
| |
At least temporarily, since I've got the impression that _real_ fix
is more complex...
rafal
|
| |
|
|
| |
Russel for some help in designing the new algorithm.
|
| |
|
|
| |
reuse when filling in the spolss replies (also gets rid of get_called_name()
|
| |
|
|
| |
Volker
|
| |
|
|
|
|
|
|
| |
info level. Outputs data on the file in the same format the the
stat command in Linux. Should be useful to people wanting to learn
how to parse the UNIX extension output.
Yes I will add the docs later :-).
Jeremy.
|
| |
|
|
|
| |
we still need to set errno = E2BIG when we overflow.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
corruption.
|
| |
|
|
|
|
|
|
| |
- I recently found out that charaters below 0x3F are guaranteed not to
occur as secondary bytes in any multi-byte character set. This
allows for a very simple optimisation in strchr_m() and
strrchr_m(). It might be a good idea to pick this up for Samba3.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
attributes to
delete.
Richard, IMHO this is the better solution to the problem you currently
have. Please review.
Thanks,
Volker
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
