IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The ->get_ntlm_challenge and ->check_ntlm_password elements of struct auth_context
were only ever initialised to a single value. Make it easier to follow by
just calling the function directly.
Andrew Bartlett
This patch ensures consistency in behaviour between NTLMSSP and NTLM
session setup handlers. By calling the same layer that auth_ntlmssp
calls, we can not only allow redirection of all authentication to the
AD DC, we ensure that map to guest and username map handling is
consistent, even in the file server alone.
Andrew Bartlett
Since the piddir got moved from the lockdir by default, the default piddir
wasn't getting created, stopping some configurations from running.
Signed-off-by: Jeremy Allison <jra@samba.org>
Since the piddir got moved from the lockdir by default, the default piddir
wasn't getting created stopping some configurations from running.
Signed-off-by: Jeremy Allison <jra@samba.org>
The end point mapper is primarily in support of lsasd, and the key
SAMR, LSA and NETLOGON services being accessed over TCP/IP. The end
point mapper does not appear to be used for the well-known mappings to
named pipes, and we have a problem with how to safely register the
embedded pipes. For now, disable this to avoid re-registration storms
in production, until we sort out a better way.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Mar 7 14:27:38 CET 2012 on sn-devel-104
Embedded RPC services are those not launched in the preforked lsasd
and spoolssd children.
The reason that these child processes were created is that is is not
possible to correctly listen for ncalrpc and TCP connections without
creating a child process. Therefore, we should not have these
embedded RPC services to listen on these sockets just because the
endpoint mapper has been enabled.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Mar 7 01:34:05 CET 2012 on sn-devel-104
The plan is to have files_struct as some kind of low level
abstraction for a smb1/smb2 opens, that can be used by SMB_VFS modules.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Mar 6 23:04:01 CET 2012 on sn-devel-104
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Mar 5 23:14:33 CET 2012 on sn-devel-104
This consults the two definitions for embedded, that is if the deamon is forking
or if the rpc_server:<interface> line is set to embedded.
Andrew Bartlett
Signed-off-by: Andreas Schneider <asn@samba.org>
Both read_from_internal_pipe and tstream_readv_pdu_queue_recv return
ssize_t.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon Mar 5 17:38:16 CET 2012 on sn-devel-104
Because revoking read-only copies of records is expensive, we only
want ctdbd to do it for high-turnover records. A basic heuristic is
that if we don't find a local copy of the record, don't ask for a
read-only copy.
The fetch itself will cause ctdbd to migrate the record, so eventually
we will have a local copy. Next time it gets migrated away, we'll
call ctdbd_fetch() with local_copy = true.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
The new read-only record flags make determining if we can use a record
a bit more complex, so extract it into its own function.
The OLD logic was:
1) If the record doesn't exist, we can't use it.
2) If we are the dmaster for the record, we can use it.
The new logic is:
1) If the record doesn't exist, we can't use it.
2) If we are the dmaster for the record, we can use it IF we only
want read-only access, OR there are no read-only delegations.
3) If we are not dmaster, we can only use it if we want read-only
access and it is marked as a read-only copy.
This logic is unused until the next patches which begin to ask
for read-only copies of records.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.
The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok. This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server
At the same time, this closes the door on one of the most arcane areas
of Samba authentication.
Naturally, full user-name/password authentication remain available in
security=user and above.
This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.
Andrew Bartlett
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SHARE |
| security=share |
| |
| |
| 5 March |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Sun Mar 4 13:31:25 CET 2012 on sn-devel-104