IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
error code.
make_server_info_guest() requires an entry in the SAM at the moment, but
this will change before release.
Andrew Bartlett
(This used to be commit 6a956390fa)
reason, during a Win2003 installation, when you select 'domain join' it sends
one machine name in the name exchange, and litraly 'machinename' during the
NTLMSSP login.
Also fix up winbindd's logfile handling, so that it matches smbd and nmbd.
(This helps me, by seperating the logs by pid).
Andrew Bartlett
(This used to be commit afe5a3832f)
-------------------------------------------------------------------------
I think there are basically two problem:
1. Windows clients do not always send ACEs for SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ,
and SMB_ACL_OTHER.
The function ensure_canon_entry_valid() is prepared for that, but tries
to "guess" values from group or other permissions, respectively, otherwise
falling back to minimum r-- for the owner. Even if the owner had full
permissions before setting ACL. This is the problem with W2k clients.
2. Function set_nt_acl() always chowns *before* attempting to set POSIX ACLs.
This is ok in a take-ownership situation, but must fail if the file is
to be given away. This is the problem with XP clients, trying to transfer
ownership of the original file to the temp file.
The problem with NT4 clients (no ACEs are transferred to the temp file, thus
are lost after moving the temp file to the original name) is a client problem.
It simply doesn't attempt to.
I have played around with that using posic_acls.c from 3.0 merged into 2.2.
As a result I can now present two patches, one for each branch. They
basically modify:
1. Interpret missing SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, or SMB_ACL_OTHER
as "preserve current value" instead of attempting to build one ourself.
The original code is still in, but only as fallback in case current values
can't be retrieved.
2. Rearrange set_nt_acl() such that chown is only done before setting
ACLs if there is either no change of owning user, or change of owning
user is towards the current user. Otherwise chown is done after setting
ACLs.
It now seems to produce reasonable results. (Well, as far as it can. If
NT4 doesn't even try to transfer ACEs, only deliberate use of named default
ACEs and/or "force group" or the crystal ball can help :)
-------------------------------------------------------------------------
Jeremy.
(This used to be commit 8ec20cbae7)
* distinguish WinXP from Win2k
* add a 1/3 of a second delay in OpenPrinter
in order to trigger a LAN/WAN optimization in
2k clients.
(This used to be commit 96570699d1)
for smb -> smb lock release). Adds new PENDING_LOCK type to lockdb
(does not interfere with existing locks).
Jeremy.
(This used to be commit 22fc0d48ff)
cache the printer_info_2 with the open printer handle.
cache is invalidated on a mod_a_printer() call **on that smbd**.
Yes, this means that the window for admins to step on each other
from different clients just got larger, but since handles a generally
short lived this is probably ok.
(This used to be commit 33c7b75225)
When we look see if a user is in a list, and we try to 'expand' an @group, we
should lookup the user's own list of groups, rather than looking for all the
members of a group.
I'm sure this will fix some nasty performance issues, particularly on large
domains etc. In particular, this avoids contacting winbind at all, if the
group is not a winbind group.
(This caused a deadlock on my winbind-on-PDC setup).
The groups list always includes the user's primary group, as per the
getgrouplist manpage, and my recent changes to our implementation.
Andrew Bartlett
(This used to be commit 9be21976f7)
- Don't use pstrcpy into an allocated string - use safe_strcpy() directly
instead.
- Keep a copy of the 'server_info' attached to the vuid. In future use this
for things like the session key, homedir and full name instead of current
copies.
- Try to avoid memory leak/segfault on Realloc failure
- clear up #endif comments
Andrew Bartlett
(This used to be commit 162477bb08)
level 2 and a request for open with no oplock is received then the
smbd should send *synchronous* break messages, not asynchronous,
otherwise it spins very rapidly, releasing the lock, sending the
'break to none' messages and then re-acquiring the lock before
any other process has a chance to get the lock and remove it's own
oplock (at least on linux).
Jeremy.
(This used to be commit d1e8991a76)
testing :-). This gets the 'signiture' after the extended security blob,
rather than over the top of it.
Also move that code to the top of the file, with some of the other util functions.
Andrew Bartlett
(This used to be commit e5c67a0124)
The idea here is to seperate, as much as possible, the SPNEGO layer from the
NTLMSSP layer. This not only helps us with protocol correctness, but also
should allow further mechinisms to be added with relitive ease. I indend to
make the kerberos code use this shortly.
I've never seen the 'zero length blob' form of the anonymous login, so I've
removed that case.
Andrew Bartlett
(This used to be commit a8773c9f82)
- smbd/process.c: check log file sizes more often than in
timeout_processing()
- lib/debug.c: increment debug_count inside Debug1() instead of
when log file sizes are checked.
(This used to be commit 303710c206)
of the SWAT code, and adding a base64 encoder.
The main purpose of this patch is to add NTLMSSP support to 'ntlm_auth', for
use with Squid. Unfortunetly the squid side doesn't quite support what we need
yet.
Changes to winbind to get us the info we need, and a couple of consequential
changes/cleanups in the rest of the code.
Andrew Bartlett
(This used to be commit fe50ca8f54)
eliminate the dependency on the auth subsystem. The next step is to add
the required code to 'ntlm_auth', for export to Squid etc.
Andrew Bartlett
(This used to be commit 9e48ab86da)
This tries to extract our server-side code out of sessetup.c, and into a more
general lib. I hope this is only a temporay resting place - I indend to
refactor it again into an auth-subsystem independent lib, using callbacks.
Move some of our our NTLMSSP #defines into a new file, and add two that I found
in the COMsource docs - we seem to have a double-up, but I've verified from
traces that the NTLMSSP_TARGET_TYPE_{DOMAIN,SERVER} is real.
This code also copes with ASCII clients - not that we will ever see any here,
but I hope to use this for HTTP, were we can get them. Win2k authenticates
fine under forced ASCII, btw.
Tested with Win2k, NTLMv2 and Samba's smbclient.
Andrew Bartlett
(This used to be commit b6641badcb)
the commit to reply.c just matches a pstrcpy for the pstring. (harmless, fixes
it for the automated test).
Andrew Bartlett
(This used to be commit ef9c7586ac)
becouse that is what it's input (reply_tcon_and_x) uses, and becouse we really
don't want supprises for service names.
Also remove a legacy #define, in favor of the lp_ equiv.
Andrew Bartlett
(This used to be commit 7854a439ac)
stuff) with a call to read_socket_with_timeout() which does the same thing.
Passwd chat still works but I couldn't figure out the right arguments to
passwd chat to get it to work right but data was definitely getting
through.
(This used to be commit 88eb9e9486)
the loaded list on error). Also change some of the error returns, becouse
NT_STATUS_UNSUCCESSFUL gives a most useless error message on the client.
As for which error, my logic is that a share without a valid VFS module is
not a valid share, and therefore should return the same error as a non-existant
share.
Andrew Bartlett
(This used to be commit 41178afdbd)
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
(This used to be commit 92a777d0ea)
0x80000000 -> 0xFFFFFFFF would fail as they were being cast
from IVAL (uint32) to SMB_OFF_T (off_t or off64_t, both *signed* types).
The sign extension would cause the offset to be treated as negative.
Thanks to Herb for helping me track this one down (IRIX is good for large
file tests :-).
Jeremy.
PS. That horrid EXEXIST thing has broken configure.....
(This used to be commit fc7d3faed7)
