IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
when there's no kernel or FAM change notify. If set to zero
this will turn off change notify for the share except when
we ourselves change something (renames / deletes etc. ).
Designed to help on large directory shares where a new
changenotify is issued between each delete. This will
be fixed correctly when we move to internal change notify
(eg. back-port Samba4 changenotify).
Jeremy.
(This used to be commit 5a17bffbcd)
just don't get why "guest ok" is not allowed in usershares.
Added "usershare allow guests" bool parameter that allows
this, reved usershare file version to VERSION#2 which
allows this. Updated user tools.
This should now be (finally) finished and I'll add
the new parameter docs and a HOWTO.
Jeremy.
(This used to be commit cdc3aa9d07)
into 3.0. Also merge the new POSIX lock code - this
is not enabled unless -DDEVELOPER is defined.
This doesn't yet map onto underlying system POSIX
locks. Updates vfs to allow lock queries.
Jeremy.
(This used to be commit 08e52ead03)
* depreacte 'acl group control' after discussion with Jeremy
and implement functionality as part of 'dos filemode'
* fix winbindd on a non-member server to expand local groups
* prevent code previously only used by smbd from blindly
turning _NO_WINBINDD back on
(This used to be commit 4ab372f4ca)
this allows us to experiment with ensuring the tdb hash
size for our open files and locking db are appropriately
sized. Make the hash size larger by default (10007 instead
of 1049) and make the locking db hash size the same as the
open file db hash size.
Jeremy.
(This used to be commit e7225f7e81)
* Finally fix parsing idmap uid/gid ranges not to break with spaces
surrounding the '-'
* Allow local groups to renamed by adding info level 2 to
_samr_set_aliasinfo()
* Fix parsing bug in _samr_del_dom_alias() reply
* Prevent root from being deleted via Samba
* Prevent builting groups from being renamed or deleted
* Fix bug in pdb_tdb that broke renaming user accounts
* Make sure winbindd is running when trying to create the Administrators
and Users BUILTIN groups automatically from smbd (and not just check the
winbind nexted groups parameter value).
* Have the top level rid allocator verify that the RID it is about to
grant is not already assigned in our own SAM (retries up to 250 times).
This fixes passdb with existing SIDs assigned to users from the RID algorithm
but not monotonically allocating the RIDs from passdb.
(This used to be commit db1162241f)
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a2)
* Finish prototype of the "add port command" implementation
Format is "addportcommand portname deviceURI"
* DeviceURI is either
- socket://hostname:port/
- lpr://hostname/queue
depending on what the client sent in the request
(This used to be commit 6d74de7a67)
Began the poet, his face as pale as death.
"I will go first, and you will follow me."
---
Adding XcvDataPort() to the spoolss code for remotely
add ports. The design is to allow an intuitive means
of creating a new CUPS print queue from the Windows 2000/XP
APW without hacks like specifying the deviceURI in the
location field of the printer properties dialog.
Also set 'default devmode = yes' as the new default
since it causes no harm and only is executed when you
have a NULL devmode anyways.
(This used to be commit 123e478ce5)
/tmp if there is no path in the share, make it unavailable.
All printer shares should have a path and IPC$ is already
explicitly set to tmpdir().
Jeremy.
(This used to be commit b1915a0591)
* remove pdb_context data structure
* set default group for DOMAIN_RID_GUEST user as RID 513 (just
like Windows)
* Allow RID 513 to resolve to always resolve to a name
* Remove auto mapping of guest account primary group given the
previous 2 changes
(This used to be commit 7a2da5f0cc)
internally in services_db.c now. This prevents internal services from
being listed twice (one internal and one external) when no
'svcctl list' parameter is explcitly set in smb.conf
(This used to be commit 6c4ede6cee)
lp_load() could not be called multiple times to modify parameter settings based
on reading from multiple configuration settings. Each time, it initialized all
of the settings back to their defaults before reading the specified
configuration file.
This patch adds a parameter to lp_load() specifying whether the settings should
be initialized. It does, however, still force the settings to be initialized
the first time, even if the request was to not initialize them. (Not doing so
could wreak havoc due to uninitialized values.)
(This used to be commit f2a24de769)
oplocks across the cluster. Adapt Samba to it.
The gpfs API is called via libgpfs.so. This code is written with dlopen(), so
that you can compile on a system with gpfs installed and later on run on
systems without gpfs available.
So to actually make Samba call gpfs share mode calls you need to compile with
gpfs.h and libgpfs.so around and set 'gpfs share = yes' on the shares you
export from GPFS.
Volker
(This used to be commit 2253b17a1a)
We came to the conclusion that changing the default is something that has to
wait one or two more releases, but it will happen one way or the other.
Volker
(This used to be commit 30fcdf84d8)
setup comes in with the vc (virtual connection) field set to zero. This is
done by Windows, probably you can tweak that by some registry key.
This boolean option controls whether an incoming session setup
should kill other connections coming from the same IP. This matches
the default Windows 2003 behaviour.
Setting this parameter to yes becomes necessary when you have a flaky
network and windows decides to reconnect while the old connection
still has files with share modes open. These files become inaccessible
over the new connection.
The client sends a zero VC on the new connection, and Windows 2003
kills all other connections coming from the same IP. This way the
locked files are accessible again.
Please be aware that enabling this option will kill connections behind
a masquerading router.
Volker
(This used to be commit 5629ca1623)
needs something along the lines of
if [ $LOGNAME == "jht" ]
then
CFLAGS="$CFLAGS -DDEVELOPER"
fi
But that goes a bit far I think.... :-)))
Volker
(This used to be commit 99d76042e9)
name stored in the array was normalized. This was causing
records to not be deleted on a reload. As a result,
I was getting the wrong path for various services.
Seems to be ok after this change.
Also converted canonicalize_servicename() to just
use strupper_m() rather than doing the conversion itself.
Jeremy, i think this should be ok but please check.
also cleaned up some things in the hash service code
and added debug messages for sanity purposes.
(This used to be commit e0bf0581f0)
was a O(n^2) loop: Whenever a service definition was found, we linearly
searched the already loaded share definitions, the patch adds an internal tdb
for this. For a smb.conf with 2000 shares this speeds up loading by about a
factor of 50.
Might be a fix for bug #1117.
Thanks to Michael Adam <ma@sernet.de>,
Volker
(This used to be commit d07343e0c4)
This does 2 things.
1). Makes dfree command a per-share parameter (it should be anyway IMHO).
2). Adds a "dfree cache time" parameter in seconds that specifies how long a
dfree command output should be cached for. Default is zero (no caching).
Jeremy.
(This used to be commit 49ef8b88a3)
added new parameter : map readonly = [yes|no|permissions]
If yes: map inverse of user "w" bit to mean readonly.
If no: never set DOS readonly bit.
If permissions: check file permissions for user and set readonly
bit if the current user cannot write.
If store dos attributes is set to yes then this parameter
is ignored.
Jeremy.
(This used to be commit da4238d18c)
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
Removing deprecated lp_min_password_length (the same functionality is
provided by the account policy).
Note that we now allow to set passwords less then 5 chars (if the admins
decides to do so by setting the account policy).
Thanks to Daniel Beschorner <db@unit-netz.de>
Guenther
(This used to be commit fd91378925)
upcoming changes for "unixinfo"-pipe.
Therefor (after speaking with Volker) replace "winbind sfu support" with
the list-parameter "winbind nss info" which defaults to "template". For
SFU-support set it to "winbind nss info = template sfu".
Note that nss_info_use() is just a dummy function at the moment.
Guenther
(This used to be commit 91596330ea)
homedirectory and the loginshell from Active Directory's "Services for Unix".
Enable it with:
winbind sfu support = yes
User-Accounts without SFU-Unix-Attributes will be assigned template-based
Shells and Homedirs as before.
Note that it doesn't matter which version of Services for Unix you use (2.0,
2.2, 3.0 or 3.5). Samba should detect the correct attributes (msSFULoginShell,
msSFU30LoginShell, etc.) automatically.
If you also want to share the same uid/gid-space as SFU then also use PADL's
ad-idmap-Plugin:
idmap backend = ad
When using the idmap-plugin only those accounts will appear in Name Service
Switch that have those UNIX-attributes which avoids potential uid/gid-space
clashes between SFU-ids and automatically assigned idmap-ids.
Guenther
(This used to be commit 28b5969942)
safe for using our headers and linking with C++ modules. Stops us
from using C++ reserved keywords in our code.
Jeremy
(This used to be commit 9506b8e145)
--show-all-parameters
Enumerates all available parameters, grouped in to sections
[local] and [global] by the class of the parameter. Each line
is formated name=type[,enum values],flags
--parameter-name
Display the setting of the named parameter. The global section
is assumed if no other is set with --section-name
--section-name
Limit the view of testparm to the named section. Use 'global'
to only view the settings of the global section.
This fixes bug #2767.
Lars
(This used to be commit a1b82624d7)
aruna.prabakar@hp.com).
This re-enables the Samba 2.2 behavior where a user that was
successfully authenticated by a remote DC would be mapped
to the guest account if there was not existing UNIX account
for that user and we could not create one.
(This used to be commit b7455fbf81)
checking for write access in a directory before delete. Also
controls checking for write access before labeling a file read-only
if DOS attributes are not being stored in EA's.
Docuementation to follow.
Jeremy.
(This used to be commit dd1a5e6e49)
can be taken out of it, so I decided to commit this in one lump. It changes
the passdb enumerating functions to use ldap paged results where possible. In
particular the samr calls querydispinfo, enumdomusers and friends have
undergone significant internal changes. I have tested this extensively with
rpcclient and a bit with usrmgr.exe. More tests and the merge to trunk will
follow later.
The code is based on a first implementation by Günther Deschner, but has
evolved quite a bit since then.
Volker
(This used to be commit f0bb44ac58)
Added provision for overloading some global configuration options via the new,
per-user file ~/.smb/smb.conf.append which is read after the global config
file is read (and only if the global config file was read). This leave the
original, BC behavior of ~/.smb/smb.conf which, if found, is read but causes
the global config file to not be read.
Also fixed a potential seg fault in to lp_dump_one().
(This used to be commit 2c5a6305bd)
pulling back all recent rpc changes from trunk into
3.0. I've tested a compile and so don't think I've missed
any files. But if so, just mail me and I'll clean backup
in a couple of hours.
Changes include \winreg, \eventlog, \svcctl, and
general parse_misc.c updates.
I am planning on bracketing the event code with an
#ifdef ENABLE_EVENTLOG until I finish merging Marcin's
changes (very soon).
(This used to be commit 4e0ac63c36)
will be owned by the same uid as the containing directory. Doing this for directories
in a race-free mannor has only been tested on Linux (it depends on being able to open
a directory and then do a fchown on that file descriptor). If this functionality is
not available then the code silently downgrades to not changing the ownership of a
new directory. This new parameter (docs to follow) finally makes it possible to create
"drop boxes" on Samba, which requires all files within a directory to be commonly owned.
A HOWTO on how to use this will follow.
Jeremy.
(This used to be commit 2e1f727184)
"allocation roundup size", by default set as 1Mb. From
advice by BlueArc about Windows client behaviour. VC++
people can set this to zero to turn it off.
Jeremy.
(This used to be commit 833ca10177)
Add 'log nt token command' parameter. If set, %s is replaced with the user
sid, and %t takes all the group sids.
Volker
(This used to be commit e7dc9fde45)
(noty enfornced yet though)
* add 'enable privileges (off by default) to control whether or
not any privuleges can be assigned to SIDs
(This used to be commit cf63519169)
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
the effect that I could not list printers with smbclient -L. I have cups
libraries but no running cups server, so remove_stale_printers() removed all
my printer definitions from the share list. So I said 'printing = bsd' but it
still would not work.
This happened because init_globals() would initialize Globals.szPrintcapname
to "cups", and the explicit 'printing = bsd' did not reset it. 'printing=bsd'
can't reset it, as this might overwrite an explicit setting. Thus I separated
the lp_printcapname into a function of its own, looking at
Globals.szPrintcapname and subsequently at sDefault.iPrinting.
Please revisit, there are just too many cases to cover.
Thanks,
Volker
(This used to be commit 3cdde7071b)
2 related problems - 1). DOS uses chained commands - when we
are replying with sendfile we neglect to send the chained header. 2). Win9x and
DOS TCP stacks blow up when getting data back from a Linux sendfile - "The
engines canna take the strain cap'n". Don't use sendfile for anything less than NT1.
Jeremy.
(This used to be commit 3cd88f48af)
parameter a list instead of a string. This makes
idmap backend = ldap:"ldap://localhost/ ldap://fallback/"
possible.
Volker
(This used to be commit ea71834793)
descriptor for a file, if the owner sid is not known, the owner uid is set to
the current uid. Same for group sid.
This makes xcopy /o possible for files that are owned by local users/groups
(local administrators for example).
Thanks to Guenther for his persistence :-)
Volker
(This used to be commit 80e57d2790)
this is the correct thing to do on a train in Germany :-).
Turn on sendfile by default ! It's about time.....
Jeremy.
(This used to be commit ec614a8f7d)
by default set to "yes" (to correctly emulate Windows). I've added this to
ensure if we find a critical problem with this new code when 3.0.5 ships
it can be turned off to test for bugs.
Jeremy.
(This used to be commit bee0619cc4)
loads the initial config file and overwrites the written logfile name with
zeros in init_globals(). Ensure we do a string_free() on Globals.szLogFile
if it isn't NULL.
Jeremy.
(This used to be commit c378f3c325)
haven't broken krb5 ticket verification in the mainline code path,
also need to check with valgrind. Everything now compiles (MIT, need
to also check Heimdal) and the "net keytab" utility code will follow.
Jeremy.
(This used to be commit f0f2e28958)
then is the client supports it (current clients supported are Samba and
CIFSVFS - detected by the negprot strings "Samba", "POSIX 2" and a bare
"NT LM 0.12" string) then the setting of the per packet flag smb_flag
FLAG_CASELESS_PATHNAMES is taken into account per packet. This allows
the linux CIFS client to use Samba in a case sensitive manner.
Additional command in smbclient "case_sensitive", toggles the
flag in subsequent packets.
Docs to follow.
Jeremy.
(This used to be commit cf84c0fe1a)
to connection struct entries (as they should have been from
the start). Jerry, once you've cut over to 3.0.4 release
branch I'll add this to 3.0 also.
- Jerry cut over :-).
Jeremy.
(This used to be commit 578a508509)
New protocol option "ea support" to turn them on (off by default). Conrad
at Apple may like this as it allows MacOS resource forks to be stored on
a file. Passes valgrind. Documentation to follow.
Jeremy.
(This used to be commit 8cc10a6c05)
patch removes the 'unicode' smb.conf option.
Clients are as always free not to negotiate unicode, but Samba will always
accept unicode in smbd.
Setting 'unicode = no' caused me more client BSODs than any other option
I have seen, and I really want to protect some of our more silly users, who
will, no matter what, select and change every option...
Andrew Bartlett
(This used to be commit 3f9177bd5d)
This adds a configure test, that tries to find out if we have a working
cracklib installation, and tries to pick up the debian hints on where
the dictionary might be found. Default is per my Fedora Core 1 system -
I'm not sure how much it changes.
Andrew Bartlett
(This used to be commit bc770edb78)
While machine accounts cannot use an NTLM login (NT4 style), they are
otherwise full and valid members of the domain, and expect to be able to
use kerberos to connect to CIFS servers.
This means that the LocalSystem account, used by various services, can
perform things like backups, without the admin needing to enter further
passwords.
This particular issue (bug 722) has started to come up a lot on the lists.
I have only enabled it for winbindd-based systems, as the macros use use
to call the 'add user script' will strip the $ from the username for
security reasons.
Andrew Bartlett
(This used to be commit 6a9bbd1da3)
When smb.conf tells us to write to a read-only LDAP replica and we are
redirected by the LDAP server, the replication might take some seconds,
especially over slow links. This patch delays the next read after a rebind for
'ldap rebind sleep' milliseconds.
Metze, thanks for your patience.
Volker
(This used to be commit 63ffa770b6)
actually used.... 'afs username map' should not show up in the swat basic
view. :-)
Maybe I should use swat from time to time....
Volker
(This used to be commit d4e071d14b)
are written out surrounded by single quotes. This means that
both double and single quotes are now used to surround
strings in smb.conf. This is a slight change from the previous
behavior but needed or else things like
printer admin = +ntadmin, 'VALE\Domain, Admin'
get written to smb.conf by SWAT.
(This used to be commit 5bf91c79d6)
(not /etc/group) even when doing local aliases
* remove "hide local users" parameter; we have this
behavior built into 3.0
(This used to be commit a7685a0697)
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at
all and I really want to discourage that.
Jeremy.
(This used to be commit d7e35dfb92)
bunch of updates to bug 413 from Monyo:
1) pick up proper strings to call msg strings for example to add
strings in wizard menu in web/swat.c, web/statuspage.c and
param/loadparm.c.
2) define N_() macro in include/intl.h to pick up some strings
in param/loadparm.c
3) quote all name and value tag with '"'
For example in swat.c:720 the "Edit Parameter Values" string is
displayd only as "Edit" because value tag is not quoted like:
value=Edit Parameter Values
These tags should be quoted though it sometimes works well
without quotation.
4) modify the msg strings not to contain HTML tags or other
non-message strings. For example
dprintf(_("test\n")); is modified to dprintf("%s\n", _("test"));
(This used to be commit 351d16956d)
afs share -- this is an AFS share, do AFS magic things
afs username map -- We need a way to specify the cell and possibly
weird username codings for several windows domains
in the afs cell
Volker
(This used to be commit 4a3f7a9356)
portion of NTLMv2 key exchange. Also revert the default for
'client ntlmv2 auth' to no. This caused no ends of grief in
different cases.
And based on abartlet's mail....
> All I care about at this point is that we use NTLMv2
> in our client code when connecting to a server that
> supports it.
There is *no* way to tell this. The server can't tell us, because it
doesn't know what it's DC supports. The DC can't tell us, because it
doesn't know what the trusted DC supports. One DC might be Win2k, and
the PDC could be an older NT4.
(This used to be commit fe585d49cc)
iconv wasn't re-initialised on reading of "charset" parameters. This
caused workgroup name to be set incorrectly if it contained an
extended character.
Jeremy.
(This used to be commit 84ae44678a)
Now we are:
1. Try to find correct name for default character sets for the platform
2. Use DEFAULT_{DOS|DISPLAY|UNIX}_CHARSET defines set during configure phase as defaults
This should fix CP850 problem on Solaris (at least) because it actually has IBM850 which
is the same but under different name
(This used to be commit 836b9fffa0)
No change to what is displayed has been made at this time. I do intend to
change the display order before 3.0.0 ships.
(This used to be commit de7d3063d9)
