1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-18 06:04:06 +03:00

53799 Commits

Author SHA1 Message Date
Günther Deschner
86d087fccc s3-rpcclient: use get_domain_handle() fn in enum domain users & groups.
Guenther
2009-05-25 13:52:50 +02:00
Volker Lendecke
2d689ad9fc Attempt to fix a debian build problem 2009-05-25 12:43:22 +02:00
Karolin Seeger
f3df38362c s3/docs: Fix typos.
Thanks to Oota Toshiya <t-oota at dh.jp.nec.com> for reporting!

Karolin
2009-05-25 10:53:38 +02:00
Andrew Tridgell
b335618d17 fixed interpretation of ACB_PWNOTREQ
This bit actually means that we should ignore the minimum password
length field for this user. It doesn't mean that the password should
be seen as empty
2009-05-25 15:23:54 +10:00
Andrew Tridgell
4dcc058ea1 fixed the client side password change code
The client side code was not falling back to older routines correctly
as it didn't check for the operation range error appropriately. It
also used the old rpc semantics.
2009-05-25 13:40:52 +10:00
Andrew Tridgell
2bf1e8b5e1 cope with lanman auth being disabled in old password change code
When lanman auth is disabled and a user calls a password change
method that requires it we should give NT_STATUS_NOT_SUPPORTED
2009-05-25 13:39:56 +10:00
Volker Lendecke
5302db6326 TALLOC_FREE happily lives with a NULL ptr. Tim, please check!
Thanks,

Volker
2009-05-24 22:13:07 +02:00
Volker Lendecke
68c5c6df0e Fix a race condition in winbind leading to a panic
In winbind, we do multiple events in one select round. This needs fixing, but
as long as we're still using it, for efficiency reasons we need to do that.

What can happen is the following: We have outgoing data pending for a client,
thus

	state->fd_event.flags == EVENT_FD_WRITE

Now a new client comes in, we go through the list of clients to find an idle
one. The detection for idle clients in remove_idle_client does not take the
pending data into account. We close the socket that has pending outgoing data,
the accept(2) one syscall later gives us the same socket.

In new_connection(), we do a setup_async_read, setting up a read fde. The
select from before however had found the socket (that we had already closed!!)
to be writable. In rw_callback we only want to see a readable flag, and we
panic in the SMB_ASSERT(flags == EVENT_FD_READ).

Found using

bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient

Volker
2009-05-24 18:57:13 +02:00
Volker Lendecke
e744b0af68 use epoll for local-wbclient test 2009-05-24 13:51:32 +02:00
Volker Lendecke
7043ef2a79 Don't limit the number of retries in wb_trans.
This is better done with a tevent_req_set_endtime the caller should issue.
2009-05-24 13:51:07 +02:00
Volker Lendecke
f528dbcf2e Don't set a timeout deep inside wb_connect 2009-05-24 13:51:01 +02:00
Volker Lendecke
9de2efaa5b Change async_connect to use connect instead of getsockopt to get the error
On my Linux box, this is definitely the more reliable strategy with unix domain
sockets, and according to my tests it also works correctly with TCP sockets.
2009-05-24 13:50:54 +02:00
Volker Lendecke
4906d7fc67 Do queueing in wbclient.c
The _trigger fn must know about wbc_context, while we were waiting in the
queue the fd might have changed
2009-05-24 13:50:43 +02:00
Volker Lendecke
e337124c55 Fix closed_fd(): select returning 0 means no fd listening 2009-05-24 13:50:35 +02:00
Volker Lendecke
6492ffd8df Fix wb_simple_trans queueing 2009-05-24 13:49:59 +02:00
Volker Lendecke
a8e02b591b Add "err_on_readability" to writev_send
A socket where the other side has closed only becomes readable. To catch
errors early when sitting in a pure writev, we need to also test for
readability.
2009-05-24 13:47:29 +02:00
Volker Lendecke
1a69ba8945 Allow NULL queue to writev_send 2009-05-24 13:45:35 +02:00
Jeremy Allison
8c39931eb3 Ensure we return NT_STATUS_FILE_IS_A_DIRECTORY on a posix open on a
directory name.
Jeremy.
2009-05-22 15:55:27 -07:00
Jeremy Allison
e3851a9110 Test that POSIX open of a directory returns NT_STATUS_FILE_IS_A_DIRECTORY (ERRDOS, EISDIR).
Jeremy.
2009-05-22 15:21:55 -07:00
Stefan Metzmacher
202509a347 s3:smbd: implement SMB2 Tree Disconnect
metze
2009-05-22 14:03:14 +02:00
Stefan Metzmacher
7dfbb2835f s3:smbd: implement SMB2 Tree Connect
For now this only checks if the share is present or not.

metze
2009-05-22 14:03:13 +02:00
Stefan Metzmacher
7749647740 s3:smbd: SMB2 session ids are 64bit...
We only grand ids up to 0x0000000000FFFFFF,
because that's what our idtree implementation can handle.
But also 16777215 sessions on one tcp connection should be enough:-)

metze
2009-05-22 14:03:13 +02:00
Stefan Metzmacher
edd9bd9b16 tsocket: allow empty vectors at the end for tstream_writev()/readv()
metze
2009-05-22 14:01:22 +02:00
Michael Adam
e9010fa366 s3:winbind:idmap_ldap: fix a crash bug in idmap_ldap_unixids_to_sids (#6387)
This fixes a crash bug hit when multiple mappings were found by
the ldap search. This crash was caused by an ldap asssertion
in ldap_next_entry because was set to NULL in each iteration.

The corresponding fix was applied to the idmap_ldap_sids_to_unixids()
by Jerry in 2007 (b066668b74768d9ed547f16bf7b6ba6aea5df20a).

This fixes the crash part of bug #6387.

There is a logic part, too:
The problem currently only occurs when multiple mappings are found
for one given unixid. Now winbindd does not crash any more but
it does not correctly handle this situation. It just returns the
last mapping from the ldap search results.
This needs fixing.

Michael
2009-05-22 12:06:59 +02:00
Stefan Metzmacher
1f59788516 s3:smbd: implement SMB2 Logoff
metze
2009-05-22 10:28:37 +02:00
Jeremy Allison
53de3b136e Don't steal when we know the ptr will be null. Thanks to Simo for
pointing this out.
Jeremy.
2009-05-21 18:48:17 -07:00
Jeremy Allison
5dd82fb675 Revert the last two commits (fix for #6386). The actual problem
was a bug in ldb in 3.2 which could return a freed pointer on
ret != LDAP_SUCCESS. The main thing we must ensure is that we
never talloc_steal until we know LDAP_SUCCESS was returned.
Jeremy.
2009-05-21 18:37:36 -07:00
Jeremy Allison
87504b27d8 Ensure all possible uses of indirection through res are checked after
an ldb_search.
Jeremy.
2009-05-21 18:00:54 -07:00
Jeremy Allison
d4d06a4ef9 Attempt to fix bug #6386 - Samba Panic triggered by Sophos Control Centre.
Don't indirect a potentially null pointer.
Jeremy.
2009-05-21 17:27:25 -07:00
Jim McDonough
a91bcbccf8 Detect tight loop in tdb_find() 2009-05-21 16:29:48 -04:00
Tim Prouty
96ede10cfb s3 torture: Fix warning 2009-05-21 12:17:53 -07:00
Tim Prouty
cfc68fc9d9 s3 onefs: Fix invalid argument from the unix_convert smb_filename struct patch 2009-05-21 12:17:33 -07:00
Stefan Metzmacher
c3f6eff4f5 s3:smbd: we want to get the next command offset and not set it...
This should also fix the build on some hosts.

metze
2009-05-21 16:21:57 +02:00
Günther Deschner
cbcee123b2 s3-build: fix the build of ntlm_auth. Bo Yang, please check.
Guenther
2009-05-21 12:50:20 +02:00
Günther Deschner
686e60581b s4-selftest: adding RPC-SAMR-USERS-PRIVILEGES to knownfail list.
Samba4 cannot pass this test currently as in Samba4 (unlike Samba3)
the LSA and SAMR account are stored in the same db.
Once you delete a SAMR user the LSA privilege account is deleted
at the same time (which is wrong).

Guenther
2009-05-21 12:19:56 +02:00
Bo Yang
d7480a91b4 s3: ignore EPIPE error when winbind finally writes to wb client because client might have already closed the socket
Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-22 03:22:52 +08:00
Bo Yang
cbe3dabb9d s3: Fix onlinestatus msg to return status of all domain instead of omitting trusted domains
Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-22 02:12:59 +08:00
Bo Yang
8c7a579bdc s3: set winbindd request flags in ntlm_auth to make it contact trusted domain when krb5 auth is enabled
Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-22 02:03:32 +08:00
Bo Yang
e65aa34078 s3: Fix request flags in wbinfo when perform krb5 authentication
Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-22 01:39:03 +08:00
Jeremy Allison
000da55dd9 Make cli_posix_open() and cli_posix_mkdir() async.
Jeremy.
2009-05-20 18:31:36 -07:00
Tim Prouty
c1a21d085d s3: Change unix_convert (and its callers) to use struct smb_filename
This is the first of a series of patches that change path based
operations to operate on a struct smb_filename instead of a char *.
This same concept already exists in source4.

My goals for this series of patches are to eventually:

1) Solve the stream vs. posix filename that contains a colon ambiguity
   that currently exists.
2) Make unix_convert the only function that parses the stream name.
3) Clean up the unix_convert API.
4) Change all path based vfs operation to take a struct smb_filename.
5) Make is_ntfs_stream_name() a constant operation that can simply
   check the state of struct smb_filename rather than re-parse the
   filename.
6) Eliminate the need for split_ntfs_stream_name() to exist.

My strategy is to start from the inside at unix_convert() and work my
way out through the vfs layer, call by call.  This first patch does
just that, by changing unix_convert and all of its callers to operate
on struct smb_filename.  Since this is such a large change, I plan on
pushing the patches in phases, where each phase keeps full
compatibility and passes make test.

The API of unix_convert has been simplified from:

NTSTATUS unix_convert(TALLOC_CTX *ctx,
		      connection_struct *conn,
		      const char *orig_path,
		      bool allow_wcard_last_component,
		      char **pp_conv_path,
		      char **pp_saved_last_component,
		      SMB_STRUCT_STAT *pst)
to:

NTSTATUS unix_convert(TALLOC_CTX *ctx,
		      connection_struct *conn,
		      const char *orig_path,
		      struct smb_filename *smb_fname,
		      uint32_t ucf_flags)

Currently the smb_filename struct looks like:

struct smb_filename {
       char *base_name;
       char *stream_name;
       char *original_lcomp;
       SMB_STRUCT_STAT st;
};

One key point here is the decision to break up the base_name and
stream_name.  I have introduced a helper function called
get_full_smb_filename() that takes an smb_filename struct and
allocates the full_name.  I changed the callers of unix_convert() to
subsequently call get_full_smb_filename() for the time being, but I
plan to eventually eliminate get_full_smb_filename().
2009-05-20 17:40:15 -07:00
Stefan Metzmacher
5d3d51e9ad s3:smbd: check the incoming session id for SMB2 requests
metze
2009-05-20 20:53:39 +02:00
Stefan Metzmacher
1ecdc8588d s3:smbd: implement SMB2 Session Setup with raw NTLMSSP
metze
2009-05-20 20:53:34 +02:00
Stefan Metzmacher
dafc1e0c8d s3:smbd: for now indicate raw NTLMSSP in the SMB2 Negotiate response
metze
2009-05-20 20:53:32 +02:00
Stefan Metzmacher
f9da4fb71a s3:smbd: move the callback functions of smbd_smb2_request_reply() closer itself
metze
2009-05-20 20:53:32 +02:00
Stefan Metzmacher
eac1235519 s3:smbd: add smbd_smb2_request_done_ex()
Some times we have to return a non-error response
with status != NT_STATUS_OK.

metze
2009-05-20 20:53:31 +02:00
Stefan Metzmacher
c4b41c5649 s3:smbd: fix initialized memory in SMB2 responses
MESSAGE_ID and SESSION_ID are both 64bit.

metze
2009-05-20 20:53:31 +02:00
Jeremy Allison
d649a46078 Add a security model to LSA. Similar to the SAMR code - using
the MS-LSA docs.
Jeremy.
2009-05-20 11:52:11 -07:00
Stefan Metzmacher
04ceabf56f s4:libcli/smb2: fix session setup with raw NTLMSSP
metze
2009-05-20 19:58:37 +02:00
Stefan Metzmacher
540b713075 s4:libcli/smb2: use raw ntlmssp if the server didn't provide a sec blob
metze
2009-05-20 19:58:37 +02:00