IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Also the default should not be DCERPC_AUTH_LEVEL_CONNECT
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
On the server this check is deferred to the first request.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
They're always supported and using gensec_want_feature() on them would require
them in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
They're always supported and using gensec_want_feature() on them would require
them in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We need to calculate the signature length based on the negotiated
flags. This is most important on the server side where,
gss_accept_sec_context() doesn't get gss_want_flags, but fills
gss_got_flags.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We need to calculate the signature length based on the negotiated
flags. This is most important on the server side where,
gss_accept_sec_context() doesn't get gss_want_flags, but fills
gss_got_flags.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
When a the higher level does a TALLOC_FREE() on an already
queued request, we need to check whether we already sent a byte,
if not we can try to unwind the smb1 signing sequence number,
if there was only one pending request, in all other cases
we need to disconnect the connection.
I noticed that when seeing during an smb1cli_close()
from tstream_smbXcli_np_destructor().
TODO: we may want to have a similar smbXcli_conn_cancel_read_req() in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Fixes CID 242325 - dir state and the talloc frame are leaked on
user_auth_info_init() failure.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 26 00:58:41 CEST 2016 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Autobuild-User(master): Jim McDonough <jmcd@samba.org>
Autobuild-Date(master): Tue Oct 25 21:10:37 CEST 2016 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12392
Feature SCHED_RESET_ON_FORK is completely broken on RHEL6 and RHEL7
distributions. So do not rely on SCHED_RESET_ON_FORK for now.
This reverts commit 1be8564e55.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Oct 25 11:28:28 CEST 2016 on sn-devel-144
This fixes a regression introduced by commit
f98d10af2a
(smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open)
The main problem was that Windows client seem to verify
the access to user.V2\ntuser.ini is rejected with NT_STATUS_ACCESS_DENIED,
using the machine credentials.
Passing UCF_PREP_CREATEFILE to filename_convert() triggers a code path
that implements a dropbox behaviour. A dropbox is a directory with only -wx permissions,
so get_real_filename fails with EACCESS, it needs to list the directory.
EACCESS is ignored with UCF_PREP_CREATEFILE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 25 05:33:36 CEST 2016 on sn-devel-144
When mapping user and domain during NTLM authentication, an empty domain
is mapped to the local SAM db. However, an empty domain may legitimately
be used if the user field has both user and domain in upn@realm format.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12375
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When doing NTLM validation of credentials, do not modify the
credentials - they might be used in the calculation of
the response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12375
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
conn->cwd can change over the life of the connection,
conn->connectpath remains static.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12387
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Mon Oct 24 23:52:48 CEST 2016 on sn-devel-144
This makes us independent of the allocation
method used inside glfs_realpath.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 22 00:28:41 CEST 2016 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12384
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 21 04:48:52 CEST 2016 on sn-devel-144
By the time we get to SMB_VFS_UNLINK/SMB_VFS_RMDIR the ACL
checks have already been done.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12384
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Otherwise the following patch breaks vfstest stream-depot test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12384
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 20 02:48:30 CEST 2016 on sn-devel-144
h1.data is an array and as such always is != NULL, so it's always true
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 19 05:11:25 CEST 2016 on sn-devel-144
There's tons of those, but you have to start somewhere :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Analysis by: Rebecca Gellman <rebecca@starfleet-net.co.uk>
Ignore cldap_socket_init() failure when sending
multiple cldap netlogon requests. Allow cldap_netlogon_send()
to catch the bad address and correctly return through a
tevent subreq.
Make sure cldap_search_send() copes with cldap parameter == NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12381
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 18 02:16:20 CEST 2016 on sn-devel-144
Yes, there is one.... I've seen two flaky builds on sn-devel with
pthreadpool after the coverity checks went in. They were in the
ret = pthread_mutex_unlock(&pool->mutex);
assert(ret == 0);
in pthreadpool_parent() and pthreadpool_child(). No idea what that was,
I could not really reproduce that. A build attempt on FreeBSD also gave
an erratic error, this time it was an EINVAL in
ret = pthread_mutex_lock(&pool->mutex);
assert(ret == 0);
pthreadpool_parent(). EINVAL means that the mutex is not a proper
mutex. What happened: Someone (a detached thread) does the
pthreadpool_free behind our back, while we are in pthreadpool_parent,
preparing the fork. Unfortunately the mutex was already destroyed before
we came to lock it.
The fix is simple: Remove the obsolete struct pthreadpool from the
linked list before the mutex is destroyed.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
The patchset `git log -2 3031815f982e365be50148564d47d7d5afab46e0`
missed a change to vfs_gpfs_is_offline() which is now merely a helper
function that returns true or false and mustn't call into the VFS.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Oct 17 21:28:12 CEST 2016 on sn-devel-144
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 15 01:28:02 CEST 2016 on sn-devel-144
