IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
These will be used separately in the full initialization function.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
All ctdb specific code is isolated in samba-cluster-support.so now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 24 19:08:44 CET 2014 on sn-devel-104
gencache_parse calling tdb shows up in profiles when we do a lot of open/close
traffic with large ACLs. For every file we convert unix ids to sids, and in the
domain member case this goes through gencache.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 11 19:56:47 CET 2014 on sn-devel-104
Add stream name defines that are usable with Samba's way of storing
stream names internally.
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 5 22:53:34 CET 2014 on sn-devel-104
If it returns true the passed ip address matched and we
let a nested ctdb operation fail with NT_STATUS_ADDRESS_CLOSED.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
With the use of the shared globals structure, lp_dnsdomain is no longer used in the code and removing it would remove a notable special case
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Change-Id: I59526c40c58e132a134d67fa7944dfeacd05f4c6
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
This is not used in other parts of source3, so this patch improves
modularity and isolation of features.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This parameter is renamed because it does not normally return the current smb.conf file, but
instead returns the next one, as found in a config file = directive, to be loaded.
This avoids a conflict with the lpcfg_configfile from lib/param, which does refer to the
current smb.conf path.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Michael Adam <obnox@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
The build system gives these two parameters different defaults
(compared with lock dir) in both the --enable-fhs and default mode, so
the logic to use lock dir no longer applies unless the build has been
very specially constructed.
Therefore, remove the special case handling and make these normal
parameters again.
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
They have been changed to function like normal parameters,
removing a special case in the loadparm system.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Michael Adam <obnox@samba.org>
Tests show that Samba's smbd uses 38 open files at startup.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
This is made to replace the msg_channel abstraction.
msg_channel was created to not miss any messages. For this, some
complex queueing was installed. This complexity has caused quite a
few problems in the past (see bug 10284 for example).
messaging_read_send/recv is able to achieve the same goal with a
lot less complexity. The messaging_read_send atomically installs
the reader into the messaging_context, we will not miss any messages
while this installed. messaging_send_recv will deinstall that
listener, but in the callback function you can directly call
messaging_read_send again without going through the tevent_loop_once.
As long as this is always made sure, no messages will be lost.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We will use this in mapping 64-bit directory offset
cookies to a 32-bit counter.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This protects the password change using a domain specific g_lock,
so multiple parts 'net rpc', 'rpcclient', 'winbindd', 'wbinfo --change-secret'
even on multiple cluster nodes doesn't race anymore.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Dec 12 17:58:24 CET 2013 on sn-devel-104
The VFS interfaces are sychronous, as the operations only modify
meta-data.
These hooks are dependent on support for transparent compression by the
underlying filesystem - vfs_default returns INVALID_DEVICE_REQUEST.
Support for other filesystems providing transparent comression, such as
Btrfs and ZFS, can be added in future.
The get_compression function takes fsp and smb_fname arguments. The
smb_fname argument is needed due to the current dosmode() code-path.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
printing.c was the last user of this syslog wrapper.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Nov 20 10:19:32 CET 2013 on sn-devel-104
print_access_check() currently returns a bool based on whether access is
granted or denied. Errno is set on failure, but none of the callers use
it.
This change converts print_access_check() to return a WERROR.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Print job notifications currently carry the system print job identifier
from the queue structure. Instead, the spoolss job identifier should be
resolved and returned.
Print clients can use notification job-ids in subsequent spoolss SetJob
requests. Returning an incorrect identifier can result in the failure of
such requests, e.g. spoolss_SetJob(SPOOLSS_JOB_CONTROL_DELETE).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10271
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
The pathinfo2 call might fail against NetApp because it is sending broken
packages.
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This will avoid panic calls when smbd and winbind is started in cluster
mode before ctdb is functional. It still logs something sane at debug
level 0, but it does not panic and core anymore.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
The function already used 'uint8_t' instead of 'uint8'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This also ensures we remove prototypes from parameters we remove or
rename, and easily see how many special cases we have left.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This autogenerates the parameters so that we can keep everything in sync easier,
particularly when adding new parameters. This will also make it easier to move
to a fully autogenerated system in the future, as it reduces special cases.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
FAKE_LEVEL_II_OPLOCK was an indicator to break level2 oplock holders
on write. This information is now being held in brlock.tdb, which makes
the FAKE_LEVEL_II_OPLOCK type unnecessary.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This uses the documeted "winbindd socket directory" parameter instead.
This came about due to the merge of the two smb.conf tables in s3 and
s4 for the Samba 4.0 release. The s4 code used a real parameter,
which caused this to be documented, whereas no automatic procedure
existed to notice the parametric option and the need to document that.
The fact that this was not used consistently in both codebases is one
of the many areas of technical debt we still need to pay off here.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This uses the new idmap_autorid_iterate_domain_ranges() function.
Based on earlier patch by Atul Kulkarni <atul.kulkarni@in.ibm.com>.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Functions to perform an action on all domain range mappings for
a given domain, specified by the domain sid.
Inspired by a previous patch by Atul Kulkarni <atul.kulkarni@in.ibm.com>.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Delete a range mapping as specified by domain SID and range index.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Store a configuration as provided by a config string
after parsing and validating the string.
Based on similar patch by Atul Kulkarni <atul.kulkarni@in.ibm.com>.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This allows to directly set a range for a domsid#index pair.
It fails if a stored range is found which is different from
the requested one.
Pair-Programmed-With: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
This is just used to change the behaviour of the function.
Making it more suitable to be used at other places.
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
global config is not part of range config.
By removing this, autorid_range_config becomes more suitable
for using it elsewhere.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This will be used for other purposes as well.
Pair-Programmed-with: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
This is in preparation of adding "net idmap autorid" functionality.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
When a Windows client receives a large directory listing while
querying snapshots, it sends a find request asking for the
timestamp as a directory. A Windows server returns NO_SUCH_FILE,
so make sure Samba returns the same. Otherwise the client will
get confused and display timestamps in the 'previous versions' dialog.
Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 10 22:38:51 CEST 2013 on sn-devel-104
changing smb server version from 4.9 to 6.1 to
mimic win2k8r2.
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 6 19:41:51 CEST 2013 on sn-devel-104
This flag existed to break an exclusive or batch oplock in just one
instead of two steps down to "no oplock" when we did an allocation or file
size change. Running raw.oplock against W2k12 differs in this respect
from W2k3: W2k12 takes two steps (via level2) to break to none. This
removes the special flag that we only had for compatibility with systems
older than W2k12...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 6 00:47:07 CEST 2013 on sn-devel-104
Windows overloads the EA Length field in the DIRECTORY INFO leves of FIND FIRST/FIND NEXT.
This field indicates either the REPARSE_TAG if the file/folder has a reparse proint or
the EA Length if it has EAs, and is the fundamental reason you cannot have both on a
file or folder.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 19 22:21:34 CEST 2013 on sn-devel-104
These create a synchronous cli_smb2_XXX() style interface
designed to plug directly into the libsmb/cliXXXX.c code.
https://bugzilla.samba.org/show_bug.cgi?id=9974
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Set to PROTOCOL_NT1, PROTOCOL_CORE by default.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9829
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Invalid character list probed from Windows Server 2012.
Bug 9992: Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jun 21 19:57:06 CEST 2013 on sn-devel-104
make it possible to skip the allocation of a new gid from winbind
by specifying the gid to be used
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
this one first tries to map the principal before
allocating a new gid
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
allows PDB modules to specify for which special domains they
are responsible when it comes to SID->xid conversion
By default, passdb modules will be responsible for local BUILTIN,
local SAM and Unix Users/Groups
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
make it possible for each backend to specify for which domains
it should be asked for SID->xid mappings
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Samba currently always responds to GetPrinter(level = 7) requests with
DSPRINT_UNPUBLISH, regardless of the AD publish status tracked via the
PRINTER_ATTRIBUTE_PUBLISHED flag. This is due to erroneous "objectGUID"
unmarshalling in is_printer_published().
This change splits "objectGUID" retrieval into a separate function, and
adds a pull_reg_sz() call to correctly unmarshall the GUID.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Samba PDC may manage a forest containing DNS domains in addition to the primary one.
Information about them is advertised via netr_DsRGetForestTrustInformation when
trusted_domain_name is NULL, according to MS-NRPC and MS-LSAD, and
via netr_GetForestTrustInformation.
This changeset only expands PASSDB API; how suffixes are maintained is left
to specific PDB modules. Set function is added so that suffixes could be
managed through 'net' and other Samba utilities, if possible.
One possible implementation is available for ipasam module in FreeIPA:
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cc56723151c9ebf58d891e85617319d861af14a4
Reviewed-by: Andreas Schneider <asn@samba.org>
forgot to bump this earlier when removing the counters for setdir
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
set dir seems to have been a special SMB command used by Pathworks clients
the supporting code for it was already removed in 2007, so just remove all
remnants related to it (smb.conf parameter, documentation, ...)
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 12 01:03:37 CET 2013 on sn-devel-104
Since we open with dbwrap, it auto-converts old tdbs (which it will
rename to secrets.tdb.bak once it's done).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Wed Feb 20 07:09:19 CET 2013 on sn-devel-104
For simplicity, we use this in the caller to choose between filenames.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
copy_chunk copies n bytes from a source file at a specific offset to a
destination file at a given offset. This interface will be used in
handling smb2 FSCTL_SRV_COPYCHUNK ioctl requests.
Use a pread/pwrite loop in vfs_default, so that requests referring to
the same src and dest file are possible.
Provide send and receive hooks for copy chunk VFS interface, allowing
asynchronous behaviour.
Check whether the request source offset + length exceeds the current
size. Return STATUS_INVALID_VIEW_SIZE under such a condition, matching
Windows server behaviour.
Reviewed by: Jeremy Allison <jra@samba.org>
Change VFS ABI to 31 for 4.1.0.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The definitions for default client timeout values have been moved to client.h. When initializing a client struct we use this value instead of the old hardcoded value. The timeout value remains 20 seconds.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Dec 6 03:25:58 CET 2012 on sn-devel-104
The special treatment of the "Unix User" and "Unix Group" pseudo domains
can be reused.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Change can_delete_directory() to can_delete_directory_fsp(), as
we only ever call this from an open directory file handle.
This allows us to use OpenDir_fsp() instead of OpenDir().
OpenDir() re-checks the ACL on the directory, which may
refuse DIR_LIST permissions. OpenDir_fsp() does not. As
this is a file-server internal check to see if the directory
actually contains any files before setting delete on close,
we can ignore the ACL here (Windows does).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Nov 20 01:46:28 CET 2012 on sn-devel-104
it is only used in loadparm.c
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Nov 16 03:33:34 CET 2012 on sn-devel-104
NT4 is long dead, and we should not change which ACL we return based
on what we think the client is. The reason we should not do this, is
that if we are using vfs_acl_xattr then the hash will break if we do.
Additionally, it would require that the python VFS interface set the
global remote_arch to fake up being a modern client.
This instead seems cleaner and removes untested code (the tests are
updated to then handle the results of the modern codepath).
The supporting 'acl compatability' parameter is also removed.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
This interface actually needs to match the get_nt_acl interface in
that the system ACL implmenetation may not be posix ACLs, and the blob
is not meant to be enforced to be of a particular system ACL
structure.
Andrew Bartlett
This makes it clear which context the returned SD is allocated on, as
a number of callers do not want it on talloc_tos().
As the ACL transformation allocates and then no longer needs a great
deal of memory, a talloc_stackframe() call is used to contain the
memory that is not returned further up the stack.
Andrew Bartlett
This changes from allocation on NULL to allocation on the supplied
memory context.
Currently that supplied context is talloc_tos() at the the final consumer of
the ACL.
Andrew Bartlett
Avoid overriding default ccache for ads operations.
Nowadays various samba components may need to use GSSAPI and a default cred
cache to perform their tasks.
This code was completely overriding the whole process default ccache name, thus
altering the current credentials and sometimes hijacking them (or getting
preemptively hijaked).
By using gss_krb5_import_cred we can instead use a private ccache (necessary
sometimes to use a different set of credentials fromt he default
cifs/fqdn@realm one, for example when contacting foreign DCs using trust
credentials) that does not affect the rest of the process.
For the kerberos versions which don't have gss_krb5_import_cred
we fallback to temp override of KRB5CCNAME and gss_acquire_cred.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Sep 12 21:18:09 CEST 2012 on sn-devel-104
This will allow us to hash this, rather than the NT ACL it maps to.
This will in turn allow us to know if the NT ACL is valid even if we
have to change the mapping code.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 12 07:06:01 CEST 2012 on sn-devel-104
that is what Samba 4.0.0 will ship with
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Mon Sep 10 19:40:01 CEST 2012 on sn-devel-104
This is in order to be able to turn durable handles off and on on a per share
basis.
Note: This is only used in combination with:
kernel share modes = no
kernel oplocks = no
posix locking = no
Which means CIFS/SMB2 only access.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
PDB modules store domain sid and guid in secrets.tdb to cooperate
with other parts of smbd. If PDB module is built outside Samba
source code it has to be linked against internal libsecrets.
Wrap required secrets_* calls to avoid direct linking. libpdb
is linked against libsecrets by itself and this is enough.
secrets_tdb_sync will be a new ldb module designed to sync secrets.ldb
entries with the secrets.tdb file.
While not ideal to keep two copies of this data, this routine will
assist in allowing the samba-tool domain join code to operate
correctly in most cases where winbindd and smbd are used.
Andrew Bartlett
We no longer do struct smb_acl_t manipuations via the VFS layer,
which is now reduced to handling the get/set functions.
The only backend that implemented these functions (aside from audit)
was the vfs_default module calling the sys_acl code. The various ACL
implementation modules either worked on the fully initilaised
smb_acl_t object or on NT ACLs.
This not only makes the operation of the posix ACL code more efficient
(as allocation and free is not put via the VFS), it makes it easier to
test and removes the fantasy that a module could safely redefine this
structure or the behaviour here.
The smb_acls.idl now defines the structure, and it is now allocated
with talloc.
These operations were originally added to the VFS in commit
3bb219161a.
Andrew Bartlett
This will allow us to marshall this into and from an NDR blob on disk, which will
allow us to fake up ACL support during make test, and to test the NT ACL emulation
using python bindings via the VFS.
Andrew Bartlett
The acl element is changed to be a talloc child, and is no longer one element
longer than requested by virtue of the acl[1] base pointer.
This also avoids one of the few remaining cases of over-allocation of a structure.
Andrew Bartlett
The only user, so make them static inside loadparm.c
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This parameter is only used in our NBT client code and in nmbd as a
fallback when we fail to select a better interface from "interfaces"
to use directly.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 27 12:16:25 CEST 2012 on sn-devel-104
We don't resolve our own "Domain Local" groups since bug #7843 has been
fixed. So we need to add the add resource groups to the sid list too.
Before bug #7843 the "Domain Local" groups were added with a
lookupuseraliases call, but this isn't done anymore for our domain
so we need to resolve resource groups here.
When to use Resource Groups:
http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 23 22:12:30 CEST 2012 on sn-devel-104
This allows this parameter, one of the few with differing declarations
between the loadparm systems, to be brought into common.
Andrew Bartlett
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
