IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- smbd/process.c: check log file sizes more often than in
timeout_processing()
- lib/debug.c: increment debug_count inside Debug1() instead of
when log file sizes are checked.
(This used to be commit 303710c206)
of the SWAT code, and adding a base64 encoder.
The main purpose of this patch is to add NTLMSSP support to 'ntlm_auth', for
use with Squid. Unfortunetly the squid side doesn't quite support what we need
yet.
Changes to winbind to get us the info we need, and a couple of consequential
changes/cleanups in the rest of the code.
Andrew Bartlett
(This used to be commit fe50ca8f54)
eliminate the dependency on the auth subsystem. The next step is to add
the required code to 'ntlm_auth', for export to Squid etc.
Andrew Bartlett
(This used to be commit 9e48ab86da)
This tries to extract our server-side code out of sessetup.c, and into a more
general lib. I hope this is only a temporay resting place - I indend to
refactor it again into an auth-subsystem independent lib, using callbacks.
Move some of our our NTLMSSP #defines into a new file, and add two that I found
in the COMsource docs - we seem to have a double-up, but I've verified from
traces that the NTLMSSP_TARGET_TYPE_{DOMAIN,SERVER} is real.
This code also copes with ASCII clients - not that we will ever see any here,
but I hope to use this for HTTP, were we can get them. Win2k authenticates
fine under forced ASCII, btw.
Tested with Win2k, NTLMv2 and Samba's smbclient.
Andrew Bartlett
(This used to be commit b6641badcb)
the commit to reply.c just matches a pstrcpy for the pstring. (harmless, fixes
it for the automated test).
Andrew Bartlett
(This used to be commit ef9c7586ac)
becouse that is what it's input (reply_tcon_and_x) uses, and becouse we really
don't want supprises for service names.
Also remove a legacy #define, in favor of the lp_ equiv.
Andrew Bartlett
(This used to be commit 7854a439ac)
stuff) with a call to read_socket_with_timeout() which does the same thing.
Passwd chat still works but I couldn't figure out the right arguments to
passwd chat to get it to work right but data was definitely getting
through.
(This used to be commit 88eb9e9486)
the loaded list on error). Also change some of the error returns, becouse
NT_STATUS_UNSUCCESSFUL gives a most useless error message on the client.
As for which error, my logic is that a share without a valid VFS module is
not a valid share, and therefore should return the same error as a non-existant
share.
Andrew Bartlett
(This used to be commit 41178afdbd)
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
(This used to be commit 92a777d0ea)
0x80000000 -> 0xFFFFFFFF would fail as they were being cast
from IVAL (uint32) to SMB_OFF_T (off_t or off64_t, both *signed* types).
The sign extension would cause the offset to be treated as negative.
Thanks to Herb for helping me track this one down (IRIX is good for large
file tests :-).
Jeremy.
PS. That horrid EXEXIST thing has broken configure.....
(This used to be commit fc7d3faed7)
cache code.
This uses gencache, mimir's new caching code that stores at text-based cache
of various data.
Mimir has done a *lot* of work on this patch, and it is finally time to
get it in CVS.
Andrew Bartlett
(This used to be commit 47f3bfe956)
this follows the method used for remote_machine and also fixes the
problem of anonymous connections clobbering the string
(This used to be commit 9ead4fc3c3)
when opening truncate with current SYSTEM|HIDDEN -> NONE. It's fine to
truncate on open with current NONE -> SYSTEM | HIDDEN.
Jeremy.
(This used to be commit 801b87e0f7)
some basic usages like 'include = smb.conf.%U'
This changes fixes things again, by checking for reload after we setup
current_user in tconx.
(This used to be commit d664e6b4d2)
This is not 100% the same as what SuSE shipped in their Samba, there is
a crash bug fix, a race condition fix, and a few logic changes I'd like to
discuss with Andreas. Added Andreas to (C) notices for posix_acls.c
Jeremy.
(This used to be commit a81d700ae9)
removed the following parameters
* postscript
* printer driver
* printer driver location
* printer driver file
also removed the get_a_printer_driver_9x_compatible() function
(This used to be commit e7dd8cf903)
Currently this calls back to mapping.c, but we have the framework
to get the information into LDAP and the passdb.tdb (should we? I
think so..).
This has received moderate testing with net rpc vampire and
usrmgr. I found the add_groupmem segfault in add_aliasmem as
well, but that will be another checkin.
Volker
(This used to be commit f30095852f)
characters used in the prefix for 8.3 names in the hash2
algorithm. The longer the prefix the more readable the 8.3 names will
be, but the weaker the hash.
this was added because of someone complaining that the new hashing
algorithm was unreadable but the old one was broken :)
(This used to be commit 3ca3cc838e)
The actual design change is relitivly small however:
It all goes back to jerry's 'BOOL store', added to many of the elements in a
SAM_ACCOUNT. This ensured that smb.conf defaults did not get 'fixed' into
ldap. This was a great win for admins, and this patch follows in the same way.
This patch extends the concept - we don't store values back into LDAP unless
they have been changed. So if we read a value, but don't update it, or we
read a value, find it's not there and use a default, we will not update
ldap with that value. This reduced clutter in our LDAP DB, and makes it
easier to change defaults later on.
Metze's particular problem was that when we 'write back' an unchanged value,
we would clear any muliple values in that feild. Now he can still have his
mulitivalued 'uid' feild, without Samba changing it for *every* other
operation.
This also applies to many other attributes, and helps to eliminate a nasty
race condition. (Time between get and set)
This patch is big, and needs more testing, but metze has tested usrmgr, and
I've fixed some pdbedit bugs, and tested domain joins, so it isn't compleatly
flawed ;-).
The same system will be introduced into the SAM code shortly, but this fixes
bugs that people were coming across in production uses of Samba 3.0/HEAD, hence
it's inclusion here.
Andrew Bartlett
(This used to be commit 7f237bde21)
a mangled name without a valid stat struct if the file existed. This would
then cause open_file_shared1() to erroneously think the file open was new,
thus not check for oplock break, thus causing a spurious EAGAIN reply to
the open on a file we already had kernel oplocked.... (phew - that was fun
to track down :-).
Jeremy.
(This used to be commit e23210e473)
for all sorts of AD things in lp_realm(). We need to get some non-Win2k
NTLMSSP and chase this up a bit, but this will do for now.
(Hmm, this might affect NTLMv2 as well)
Andrew Bartlett
(This used to be commit 0e6babc306)
that just don't apply any more - now that we always keep username and domain
seperate. Also, the policy it was trying to permit is now implemented by the
auth code.
Andrew Bartlett
(This used to be commit 760c0740ca)
NT_TOKEN and the unix credentials - as we incresingly use the NT stuff we want
to make it easy to check they don't get out of wack.
Andrew Bartlett
(This used to be commit a3882a1925)
and doesn't actually call sendfile. Needs to be vectored through the
VFS and tested on all supported platforms (Solaris/HPUX/FreeBSD/Linux).
Linux doesn't actually work (2.4.19 kernel) at the moment because it
doesn't have a 64-bit clean sendfile.
Jeremy.
(This used to be commit fd772ca7b1)
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
It includes a conversion of make_user_info*() to NTSTATUS and some minor
changes to other files.
It also picks up on a nasty segfault that can occour in some security=domain
cases.
Andrew Bartlett
(This used to be commit d1e1fc3e4b)
to extend the ADS_STATUS system to include NTSTATUS, and to provide a better
general infrustructure for his sam_ads work.
I've also added some extra failure mode DEBUG()s to parts of the code.
NOTE: The ADS_ERR_OK() macro is rather sensitive to braketing issues - without
the final set of brakets, the test is essentially inverted - causing some
intersting 'error = success' messages...
Andrew Bartlett
(This used to be commit 5b9a7ab901)
option (set to false by default). Made checking for hide unreadable/writable
more efficient (less stat calls, less allocating printf calls).
Jeremy.
(This used to be commit 15ff5a48f9)
- Don't print an uninitialised buffer in service.c
- Change some charcnv.c functions to take smb_ucs2_t ** instead of void **
- Update NTLMv2 code to use dynamic buffers
- Update experimental SMB signing code - still more work to do
- Move sys_getgrouplist() to SAFE_FREE() and do a DEBUG() on initgroups()
failure.
Andrew Bartlett
(This used to be commit de1964f7fa)
our authenticaion code - removing some of the duplication from the current
code.
This also gets us *much* closer to supporting a real SAM backend, becouse the
SAM can give us the right info then.
This also changes our service.c code, so that we do a VUID (rather than uid)
cache on the connection struct, and do full NT ACL/NT_TOKEN checks (or cached
equivilant) on every packet, for the same r or rw mode the whole share was open
for.
Andrew Bartlett
(This used to be commit d8122cee05)
Just now it is acommandline tool like smbclient and rpcclient that is able to
perform operations on the file system passing through the vfs layer
It is not complete yet, some functions have simply faked up data, but module
loading works yet and basic operations too.
Thanks to Eric Lorimer for helping out with the initial setup.
Simo.
(This used to be commit 42ae5eb826)
