| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
number of *bytes*. >= check was correct, the len=0 case needed changing
to len = ls + 1.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
|
|
| |
It complained about an overflow of 0 bytes.
Jeremy please check since you modified this last.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
effective gid which could mean that the user gets group 0 in their
group list for acl interpretation
this is a replacement fix for the one richard did in 2.2 (which didn't
cope wiith variable behaviour depending on which nss module was in
use)
|
| |
|
|
|
| |
they will get a const string and return a (t)alloced epanded one.
also modified passdb/* stuff to use this one.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
marshalling/unmarshalling of
security descriptors. We need to calculate the maximum offset and set the offset
back after reading/writing every field in the SEC_DESC.
This was *nasty* to find....
Jeremy.
|
| |
|
|
|
|
|
| |
a separate tdb per printer, but only keeps (currently one) tdb open at
a time (although this is easily changed by changing a #define). Needs
scalability testing with large numbers of printers now....
Jeremy.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
server. The real problem is all the special cases we had for when we
are a wins server as opposed to when we are using a 'real' wins
server.
This patch removes the special cases. We now accept non-broadcast
packets from ourselves and we use ourselves as a wins server when we
are one. This gets rid of the special cases and simplifies things
quite a bit.
It all seems to work, but there are bound to be problems found later.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Add a function to display 'sid types' as strings - makes rpcclient outptut
and DEBUG() logs much eaiser to understand.
Move the enum for SID types to smb.h, becouse is really isn't LSA specific any
more.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
| |
Went through and checked all string_subs I could to ensure they're being
used correctly.
Jeremy.
|
| |
|
|
| |
code
|
| | |
|
| |
|
|
| |
warning
|
| |
|
|
| |
'valid.dat' warning
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We now cope wiith multiple WINS groups and multiple failover servers
for release and refresh as well as registration. We also do the regitrations
in the same fashion as W2K does, where we don't try to register the next
IP in the list for a name until the WINS server has acked the previos IP.
This prevents us flooding the WINS server and also seems to make for much
more reliable multi-homed registration.
I also changed the dead WINS server code to mark pairs of IPs dead,
not individual IPs. The idea is that a WINS server might be dead from
the point of view of one of our interfaces, but not another, so we
need to keep talking to it on one while moving onto a failover WINS
server on the other interface. This copes much better with partial
LAN outages and weird routing tables.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
accept an extended syntax for 'wins server' like this:
wins server = group1:192.168.2.10 group2:192.168.3.99 group1:192.168.0.1
The tags before the IPs don't mean anything, they are just a way of
grouping IPs together. If you use the old syntax (ie. no ':') then
an implicit group name of '*' is used. In general I'd recommend people
use interface names for the group names, but it doesn't matter much.
When we register in nmbd we try to register all our IPs with each group
of WINS servers. We keep trying until all of them are registered with
every group, falling back to the failover WINS servers for each group
as we go.
When we do a WINS lookup we try each of the WINS servers for each group.
If a WINS server for a group gives a negative answer then we give up
on that group and move to the next group. If it times out then
we move to the next failover wins server in the group.
In either case, if a WINS server doesn't respond then we mark it dead
for 10 minutes, to prevent lengthy waits for dead servers.
|
| | |
|
| | |
|
| |
|
|
| |
cache the result!)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
gives us a good grounding to properly support multiple wins servers
for different interfaces (which will be coming soon ...)
- fixed our wins registration failover code to actually do failover!
We were not trying to register with a secondary wins server at all
when the primary was down. We now fallback correctly.
- fixed the multi-homed name registration packets so that they work
even in a non-connected network (ie. when one of our interfaces is not
routable from the wins server. Yes, this really happens in the real
world).
|
| |
|
|
| |
spinning if a signal is received at an inconvenient moment
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
paths handle the rest later.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The aim of this execise is to give the 'security>=user' code a straight paper
path. Security=share will sill call authorise_login(), but otherwise we avoid
that mess.
This allow *much* more accurate error code reporting, beocuse we don't start
pretending that we can use the (nonexistant) password etc.
Also in this patch is code to create the 'homes' share at session setup time
(as we have done in the past - been broken recently) and to record this on
the user's vuser struct for later reference. The changes here should also
allow for much better use of %H (some more changes to come here).
The service.c changes move a lot of code around, but are not as drastric
as they look...
(Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not
'*total_entries' was compared).
This code is needs testing, but passes my basic tests.
I expect we have lost some functionality, but the stuff I had expected
to loose was already broken before I started. In particular, we don't 'fall
back' to guest if the user cannot access a share (for security=user). If you
want this kind of stuff then you really want security=share anyway.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It extends the 'server mutex' to conver security=server, becouse the connection
race condition exists here too, and while people *should* use security=domain,
some sites don't....
(This probably should be done in 2.2 as well).
Also, start to actually extract and use the information that the remote
server returns in the info3 struct.
The server mutex code is now in a new file.
Andrew Bartlett
|
| |
|
|
|
|
| |
use the silly cache any more. Also add group functions and fix a few callers.
Andrew Bartlett
|
| |
|
|
|
| |
and renamed to str_list_* as it is a better name.
Elrond should be satisfied now :)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
rather than a string when configuring mulitple backends.
Also adjust some of the users of get_global_sam_sid() to cope with the fact
that it just might not exist (uninitialised, can't access secrets.tdb).
More places need conversion.
Add some const and remove silly casts.
Andrew Bartlett
|
| |
|
|
|
|
| |
modifications required to suppress the const warnings.
Andrew Bartlett
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
| |
to using SIDs instead of RIDs.
The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument.
The idea here is to prevent mistakes where the SID is implict, but isn't
the same one that we have in the struct.
Andrew Bartlett
|
| |
|
|
| |
O'Connor(billy@oconnoronline.net)
|
| |
|
|
|
|
|
|
|
| |
the (now static) global_sam_sid.
The only place it was being used was to return global_sid_NULL to some
uid->sid functions - and I'm not convinced this is correct in any case.
Andrew Bartlett
|
