| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
dereferencing
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
from .NET RC2)
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
error code.
make_server_info_guest() requires an entry in the SAM at the moment, but
this will change before release.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
| |
reason, during a Win2003 installation, when you select 'domain join' it sends
one machine name in the name exchange, and litraly 'machinename' during the
NTLMSSP login.
Also fix up winbindd's logfile handling, so that it matches smbd and nmbd.
(This helps me, by seperating the logs by pid).
Andrew Bartlett
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-------------------------------------------------------------------------
I think there are basically two problem:
1. Windows clients do not always send ACEs for SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ,
and SMB_ACL_OTHER.
The function ensure_canon_entry_valid() is prepared for that, but tries
to "guess" values from group or other permissions, respectively, otherwise
falling back to minimum r-- for the owner. Even if the owner had full
permissions before setting ACL. This is the problem with W2k clients.
2. Function set_nt_acl() always chowns *before* attempting to set POSIX ACLs.
This is ok in a take-ownership situation, but must fail if the file is
to be given away. This is the problem with XP clients, trying to transfer
ownership of the original file to the temp file.
The problem with NT4 clients (no ACEs are transferred to the temp file, thus
are lost after moving the temp file to the original name) is a client problem.
It simply doesn't attempt to.
I have played around with that using posic_acls.c from 3.0 merged into 2.2.
As a result I can now present two patches, one for each branch. They
basically modify:
1. Interpret missing SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, or SMB_ACL_OTHER
as "preserve current value" instead of attempting to build one ourself.
The original code is still in, but only as fallback in case current values
can't be retrieved.
2. Rearrange set_nt_acl() such that chown is only done before setting
ACLs if there is either no change of owning user, or change of owning
user is towards the current user. Otherwise chown is done after setting
ACLs.
It now seems to produce reasonable results. (Well, as far as it can. If
NT4 doesn't even try to transfer ACEs, only deliberate use of named default
ACEs and/or "force group" or the crystal ball can help :)
-------------------------------------------------------------------------
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
| |
differently to W2K, cope with this.
Jeremy.
|
| | |
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
| |
Jeremy.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
is..."
don't use pstrcpy() when you are not dealing with pstrings.
|
| | |
|
| |
|
|
|
|
|
| |
* distinguish WinXP from Win2k
* add a 1/3 of a second delay in OpenPrinter
in order to trigger a LAN/WAN optimization in
2k clients.
|
| |
|
|
|
|
| |
- Add smb_probe_module()
- Add init_modules()
- Call these functions
|
| |
|
|
|
|
| |
for smb -> smb lock release). Adds new PENDING_LOCK type to lockdb
(does not interfere with existing locks).
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
cache the printer_info_2 with the open printer handle.
cache is invalidated on a mod_a_printer() call **on that smbd**.
Yes, this means that the window for admins to step on each other
from different clients just got larger, but since handles a generally
short lived this is probably ok.
|
| |
|
|
|
|
| |
keys for kerberos authentication.
Andrew Bartlett
|
| |
|
|
|
|
| |
make x_fwrite() match fwrite() in returning a size_t.
Andrew Bartlett
|
| |
|
|
|
| |
must not be freed afterwards.
Jeremy.
|
| | |
|
| |
|
|
|
|
| |
This needs to change, to be a SID->UID lookup from the PAC.
Andrew Bartlett
|
| |
|
|
| |
Jeremy.
|
| | |
|
| |
|
|
|
| |
perms.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we look see if a user is in a list, and we try to 'expand' an @group, we
should lookup the user's own list of groups, rather than looking for all the
members of a group.
I'm sure this will fix some nasty performance issues, particularly on large
domains etc. In particular, this avoids contacting winbind at all, if the
group is not a winbind group.
(This caused a deadlock on my winbind-on-PDC setup).
The groups list always includes the user's primary group, as per the
getgrouplist manpage, and my recent changes to our implementation.
Andrew Bartlett
|
| |
|
|
|
|
| |
caching code. Reduces load on winbindd. Probably should be moved to
use gencache at some future date.
Jeremy.
|
| |
|
|
|
| |
file. This is a regression that was damaged by other code.
Jeremy.
|
| |
|
|
| |
(not implemented yet)
|
| |
|
|
|
|
| |
Thanks to Nir Livni <nirl@cyber-ark.com> for giving me the test case to
track it down.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Don't use pstrcpy into an allocated string - use safe_strcpy() directly
instead.
- Keep a copy of the 'server_info' attached to the vuid. In future use this
for things like the session key, homedir and full name instead of current
copies.
- Try to avoid memory leak/segfault on Realloc failure
- clear up #endif comments
Andrew Bartlett
|
| | |
|
| |
|
|
| |
Thanks to Andrew Bartlett for spotting this.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
Apparently acl_type is #defined to acl_common.entry_type in their acl.h....
Andrew Bartlett
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
it work properly on 2.2 and the patch apply so I think it should be ok.
|
| | |
|
| |
|
|
|
|
| |
messages. Stops build-up of large numbers of smbd's waiting to terminate
on large print throughput.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
| |
level 2 and a request for open with no oplock is received then the
smbd should send *synchronous* break messages, not asynchronous,
otherwise it spins very rapidly, releasing the lock, sending the
'break to none' messages and then re-acquiring the lock before
any other process has a chance to get the lock and remove it's own
oplock (at least on linux).
Jeremy.
|
| |
|
|
| |
identical behaviour with previous versions
|
| |
|
|
|
|
|
|
|
| |
testing :-). This gets the 'signiture' after the extended security blob,
rather than over the top of it.
Also move that code to the top of the file, with some of the other util functions.
Andrew Bartlett
|
