| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
|
| | |
|
| |
|
|
|
|
|
| |
init_group_mapping() a static function and don't call it from any client
programs.
Not sure whether I've made a bigger mess here or not...
|
| |
|
|
|
|
|
|
|
|
|
| |
info3. These are RIDs, and it only makes sense to combine them with the domain
SID returned with them. This is important for trusted domains, where that sid
might be other than the one we currently reterive from the secrets.tdb.
Also remove the become_root()/unbecome_root() wrapper from around both
remaining TDB users: Both are now initialised at smbd startup.
Andrew Bartlett
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
Just leave the fstrcpy/pstrcpy bugfix, and conversion to pstr_sprintf
rather than manual calculation of length.
|
| |
|
|
|
|
|
|
|
|
|
| |
example of the scope of change the new pstrings would entail:
basically inserting PSTR() or FSTR() everywhere you need to coerce one
to a char*.
It's also a good example of the kind of bug we might catch: on about
line 540, we were doing a pstrcpy into an fstring, which might
overflow. It's not a problem in this particular case, but it is in
general.
|
| |
|
|
|
|
| |
of the connections db on smbd startup. This should fix the Solaris large
load bug.... (fingers crossed).
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This work was sponsored by Optifacio Software Services, Inc.
Andrew Bartlett
(various e-mails announcements merged into some form of commit message below:)
This patch which adds basics of universal groups support
into Samba 3. Currently, only Winbind with RPC calls supports this, ADS
support requires additional (possibly huge) work on KRB5 PAC. However,
basic infrastructure is here.
This patch adds:
1. Storing of universal groups for particular user logged into Samba
software (smbd/ two winbind-pam methods) into netlogon_unigrp.tdb as array
of uint32 supplemental group rids keyed as DOMAIN_SID/USER_RID in tdb.
2. Fetching of unversal groups for given user rid and domain sid from
netlogon_unigrp.tdb.
Since this is used in both smbd and winbindd, main code is in
source/lib/netlogon_uingrp.c. Dependencies are added to AUTH_OBJ as
UNIGRP_OBJ and WINBINDD_OBJ as UNIGRP_OBJ.
This patch has had a few versions, the final version in particular:
Many thanks to Andrew Bartlett for critics and comments, and partly
rewritten code.
New:
- updated fetching code to changed byte order macros
- moved functions to proper namespace
- optimized memory usage by reusing caller's memory context
- enhanced code to more follow Samba coding rules
Todo:
- proper universal group expiration after timeout
|
| |
|
|
|
| |
prompt dmalloc to log information about what happening, so you can see
in flight why smbd is getting bloated.
|
| |
|
|
|
|
|
|
|
|
| |
Also more insertion of parenthesis to handle struct members called
'free'.
You can now get useful dmalloc output, as long as it is compatible
with your C library. On RH7.1 it looks like you have to rebuild
dmalloc to allow free(0) by default, because something in libcrypt
does that. (sigh)
|
| |
|
|
| |
gcc warnings about unused parameters.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The auth_authsupplied_info typedef is now just a plain struct - auth_context,
but it has been modified to contain the function pointers to the rest
of the auth subsystem's components.
(Who needs non-static functions anyway?)
In working all this mess out, I fixed a number of memory leaks and moved the
entire auth subsystem over to talloc().
Note that the TALLOC_CTX attached to the auth_context can be rather long-lived,
it is provided for things that are intended to live as long. (The
global_negprot_auth_context lasts the whole life of the smbd).
I've also adjusted a few things in auth_domain.c, mainly passing the domain as
a paramater to a few functions instead of looking up lp_workgroup(). I'm
hopign to make this entire thing a bit more trusted domains (as PDC) freindly
in the near future.
Other than that, I moved a bit of the code around, hence the rather messy diff.
Andrew Bartlett
|
| |
|
|
| |
be information about memory usage, but this is not done yet.
|
| |
|
|
|
| |
signal management.
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
Fixed winbindd to finally stop leaving log. file droppings :-).
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
You can change them with either usermanager->policies->account
or from a command prompt on NT/W2K: net accounts /domain
we can add a rpc accounts to the net command. As the net_rpc.c is still
empty, I did not start. How should I add command to it ? Should I take the
rpcclient/cmd_xxx functions and call them from there ?
alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more
for jeremy ;-)
J.F.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
subystem.
The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.
This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality. While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.
This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists. It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.
Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.
While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.
The following parameters have changed:
- use rhosts =
This has been replaced by the 'rhosts' authentication method,
and can be specified like 'auth methods = guest rhosts'
- hosts equiv =
This needs both this parameter and an 'auth methods' entry
to be effective. (auth methods = guest hostsequiv ....)
- plaintext to smbpasswd =
This is replaced by specifying 'sam' rather than 'local'
in the auth methods.
The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.
The available auth methods are:
guest
rhosts
hostsequiv
sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)
Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.
Andrew Bartlett
|
| |
|
|
|
| |
in smbd/process.c where the timezone is reinitialised. Was replaced with
check for a static is_initialised boolean.
|
| |
|
|
| |
default, rather than in preprocessor macros.
|
| |
|
|
|
|
|
| |
all the calls go through a compatibility interface will
change that soon
a new mangle.tdb file will be set in the lock directory
it contains a static mapping longname<->manglename
|
| |
|
|
|
| |
Ensure make_conection() can only be called as root.
Jeremy.
|
| |
|
|
|
|
|
| |
THIS WAS A DISASTER!
it created hundreds of processes on the build farm machines, which we
can't kill.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
To speed up operations with the lpq command, it's now run in a separate
asynchronous process.
Opening the Printers folder on NT is now fast ;-) I think even faster than
with a ** server
Jeremy, you should look at that patch to include it in 2.2.3
J.F.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
for unicode strings. The new method relies on 3 files that are mmap'd
at startup to provide the mapping tables. The upcase.dat and
lowcase.dat tables should be the same on all systems. The valid.dat
table says what characters are valid in 8.3 names, and differs between
systems. I'm committing the japanese valid.dat here, in future we need
some way of automatically installing and choosing a appropriate table.
This commit also adds my mini tdb based gettext replacement in
intl/lang_tdb.c. I have not enabled this yet and have not removed the
old gettext code as the new code is still being looked at by Monyo.
Right now the code assumes that the upcase.dat, lowcase.dat and
valid.dat files are installed in the Samba lib directory. That is not
a good choice, but I'll leave them there until we work out the new
install directory structure for Samba 3.0.
simo - please look at the isvalid_w() function and think about using
it in your new mangling code. That should be the final step to
correctly passing the chargen test code from monyo.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DEBUG(). Also included are details like build date/time, location and
compiler.
This should get most of the options we set, except those that don't affect
smbd, like WITH_PAM_SMBPASSWD or WITH_WINBINDD.
This work due to Vance Lankhaar <vlankhaar@hotmail.com>
Some work needs to be done to make it only rebuild when needed (ie smbd being
rebuilt) but its in pretty good shape already.
Also fix up some printf() -> d_printf().
Andrew Bartlett
|
| | |
|
| |
|
|
| |
this prevents the fd seek pointer problem
|
| |
|
|
|
|
|
|
|
| |
replacemnt of stdio that doesn't suffer from the 8-bit filedescriptor
limit that we hit with nasty consequences on some systems
I would eventually prefer us to have a configure test to see if we need
to replace stdio, but for now this code needs to be tested widely so
I'm enabling it by default.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
drop paramaters:
status
utmp hostname
change session code to always record each vuid current on the server. The sessionid struct is no longer packed, as I couldn't get that to work ;-)
change smbstatus to show this info and less of the connections.tdb info (its not actualy that accurate).
I'll get swat doing some of this shortly.
|
| |
|
|
|
|
| |
can't be set after the listen().
Andrew Bartlett
|
| |
|
|
|
| |
consistently.
Jeremy.
|
| |
|
|
|
| |
code not to do lookups for a particular domain. This allows winbind to
operate on a Samba PDC
|
| |
|
|
| |
can't redefine them. damn.
|
| |
|
|
|
|
|
| |
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
|
| |
|
|
| |
instead of a define
|
| |
|
|
|
| |
allow us to have test targets without special configure options
- fixed make proto so that it actually does something
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
that libsmb/ creates a local tcp socket then launches smbd as a subprocess
attached to that socket. smbd thinks it is being launched from inetd.
to use it do the following:
- compile with -DSMB_REGRESSION_TEST
- run like this (also works with smbtorture etc)
export SMBD_TEST=1
export LIBSMB_PROG=bin/smbd
smbclient //server/share -Uuser%pass
obviously you need to setup a smb.conf etc. Using --prefix to configure
is useful.
The aim of all this stuff is to add a decent set of regression tests
to the build farm, so we know if smbd actually runs correctly on all the
platforms, not just builds. We can run smbtorture, masktest, locktest etc,
plus a bunch of smbclient scripts and any new tests we write.
This doesn't help much with nmbd (at least not yet) but its a good start.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
%I getpeername() failure.
Jeremy.
|
| | |
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
J.F.
|
| |
|
|
|
|
| |
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
of nmb so we write to same log file that
was originally created as log.nmbd
samba/source/smbd/server.c change remote_machine name to smbd instead
of smb so we write to same log file that
was originally created as log.smbd
samba/source/lib/interface.c allow binding to all interface IP addresses
even if on same subnet. This allows you to
specify which IP's you want in interfaces
line and use bind interfaces only
|
