1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00

1770 Commits

Author SHA1 Message Date
Jeremy Allison
6410f02fe5 r18199: Allow winbindd to delete a saf_ entry if it knows
it can't talk to it.
Jeremy.
(This used to be commit 7385a076f8fd351472d37d9363304948e88f9f99)
2007-10-10 11:51:15 -05:00
Volker Lendecke
f8a17bd8bd r18047: More C++ stuff
(This used to be commit 86f4ca84f2df2aa8977eb24828e3aa840dda7201)
2007-10-10 11:43:24 -05:00
Volker Lendecke
6655e1e997 r18029: More C++ stuff
(This used to be commit 089b51e28cc5e3674e4edf5464c7a15673c5ec0f)
2007-10-10 11:43:23 -05:00
Derrell Lipman
6fc90da054 r18014: revert a possibly unnecessary change
(This used to be commit 9c93abf25e391348fe3864fca0079f231b89467c)
2007-10-10 11:39:48 -05:00
Derrell Lipman
315f416211 r18013: Fix for "bug" (enhancement) 3684.
Provide a new option to specify the share mode to be used when opening a
file.
(This used to be commit 9b6fee5f6f60638ed80fdedcce4b3d29b091f7aa)
2007-10-10 11:39:48 -05:00
Derrell Lipman
44c1504c03 r18012: Should fix bug 4018.
NetApp filers expect paths in Open AndX Request to have a leading slash.
Windows clients send the leading slash, so we should too.
(This used to be commit fc5b6e4bd8a67994b0c56d1223c74d064164420f)
2007-10-10 11:39:48 -05:00
Derrell Lipman
40665edf5e r18011: Should fix bug 3835.
Jeremy: requires your eyes...

If the remote connection timed out while cli_list() was retrieving its list of
files, the error was not returned to the user, e.g. via smbc_opendir(), so the
user didn't have a way to know to set the timeout longer and try again.  This
problem would occur when a very large directory is being read with a too-small
timeout on the cli.

Jeremy, although there were a couple of areas that needed to be handled, I
needed to make one change that you should bless, in libsmb/clientgen.c.  It
was setting

  cli->smb_rw_error = smb_read_error;

but smb_read_error is zero, so this had no effect.  I'm now doing

  cli->smb_rw_error = READ_TIMEOUT;

instead, and according to the OP, these (cumulative) changes (in a slightly
different form) solve the problem.

Please confirm this smb_rw_error change will have no other adverse effects
that you can see.

Derrell
(This used to be commit fa664b24b829f973156486896575c1007b6d7b01)
2007-10-10 11:39:48 -05:00
Derrell Lipman
5e44fc4cd4 r18009: Fixes bug 4026.
This completes the work Jeremy began last week, disambiguating the meaning of
c_time.  (In POSIX terminology, c_time means "status Change time", not "create
time".)  All uses of c_time, a_time and m_time have now been replaced with
change_time, access_time, and write_time, and when creation time is intended,
create_time is used.

Additionally, the capability of setting and retrieving the create time have
been added to the smbc_setxattr() and smbc_getxattr() functions.  An example
of setting all four times can be seen with the program

  examples/libsmbclient/testacl

with the following command line similar to:

  testacl -f -S "system.*:CREATE_TIME:1000000000,ACCESS_TIME:1000000060,WRITE_TIME:1000000120,CHANGE_TIME:1000000180" 'smb://server/share/testfile.txt'

The -f option turns on the new mode which uses full time names in the
attribute specification (e.g. ACCESS_TIME vs A_TIME).
(This used to be commit 8e119b64f1d92026dda855d904be09912a40601c)
2007-10-10 11:39:47 -05:00
Volker Lendecke
b7a5e3de1e r18008: Ok, same fix as before. But this time also allocate the session key. This had
worked in one test, no idea what memory I've overwritten that time. This time
it survives the unpatched w2k password change.

Volker
(This used to be commit bf7bf8e4e9a279fe3ef1e9ff655b12f65c3c3e67)
2007-10-10 11:39:47 -05:00
Jeremy Allison
380c4183ee r18007: Ensure we don't namecache KDC entries with port 88
as a generic DC (that should be the LDAP port).
Jeremy.
(This used to be commit f16b41c3c92b1af5cf25d8d244b1f551573cb076)
2007-10-10 11:39:47 -05:00
Jeremy Allison
0f1bc28744 r18006: Actually a smaller change than it looks. Leverage
the get_dc_list code to get the _kerberos. names
for site support. This way we don't depend on one
KDC to do ticket refresh. Even though we know it's
up when we add it, it may go down when we're trying
to refresh.
Jeremy.
(This used to be commit 77fe2a3d7418012a8dbfb6aaeb2a8dd57c6e1a5d)
2007-10-10 11:39:47 -05:00
Volker Lendecke
bd5fca847a r18005: The ntlmssp fix is not correct yet, working on it
(This used to be commit 3e4da5541c24b3c3c5104fc5120a9be8a2f9ae69)
2007-10-10 11:39:47 -05:00
Volker Lendecke
27e37eab98 r17977: To be honest, I have NO idea whatsoever what this does, but it fixes what I
have been able to reproduce with smbtorture4 for bug number 4059. It's too
late here now to check with W2k native, I'll do that tomorrow or over the
weekend. I'll then also check in a samba4 torture test to walk this from now
on.

Abartlet, can you do me a favor and look over this? It is a 1:1 copy of the
corresponding Samba4 code.

Thanks,

Volker
(This used to be commit fb5ebab873ba5196f35a9801ab2e21811b0fa8a0)
2007-10-10 11:39:45 -05:00
Volker Lendecke
1e5996387a r17976: Fix typo
(This used to be commit 410d6b9de2ad059fe239c6f155e80a81952ed701)
2007-10-10 11:39:44 -05:00
Jeremy Allison
2fcd113f55 r17945: Store the server and client sitenames in the ADS
struct so we can see when they match - only create
the ugly krb5 hack when they do.
Jeremy.
(This used to be commit 9be4ecf24b6b5dacf4c2891bddb072fa7543753f)
2007-10-10 11:39:01 -05:00
Jeremy Allison
6fada7a82a r17943: The horror, the horror. Add KDC site support by
writing out a custom krb5.conf file containing
the KDC I need. This may suck.... Needs some
testing :-).
Jeremy.
(This used to be commit d500e1f96d92dfcc6292c448d1b399195f762d89)
2007-10-10 11:39:01 -05:00
Jeremy Allison
bc28b5c700 r17933: Don't print a NULL sitename.
Jeremy.
(This used to be commit 2829dbc3e01d967887e25d1bcacb1d538fc11e59)
2007-10-10 11:39:00 -05:00
Jeremy Allison
7b7ce43b40 r17929: Ok, I think I finally figured out where to put
the code to redo the CLDAP query to restrict DC
DNS lookups to the sitename. Jerry, please check
to stop me going insane :-).
Jeremy.
(This used to be commit 8d22cc111579c57aec65be8884b41564b79b133a)
2007-10-10 11:38:59 -05:00
Jeremy Allison
2abab7ee6d r17928: Implement the basic store for CLDAP sitename
support when looking up DC's. On every CLDAP
call store the returned client sitename (if
present, delete store if not) in gencache with
infinate timeout. On AD DNS DC lookup, try looking
for sitename DC's first, only try generic if
sitename DNS lookup failed.
I still haven't figured out yet how to ensure
we fetch the sitename with a CLDAP query before
doing the generic DC list lookup. This code is
difficult to understand. I'll do some experiments
and backtraces tomorrow to try and work out where
to force a CLDAP site query first.
Jeremy.
(This used to be commit ab3f0c5b1e9c5fd192c5514cbe9451b938f9cd5d)
2007-10-10 11:38:59 -05:00
Jeremy Allison
ed132d87ce r17902: Fix possible null deref caught by Stanford checker.
Jeremy.
(This used to be commit e8b0649fe167c3446eb6121ed666254fdf53aa58)
2007-10-10 11:38:58 -05:00
Jeremy Allison
a08ca7a0a0 r17900: Fix from Michael Adam <ma@sernet.de> - make internal_resolve_name
do what it's supposed to.
Jeremy.
(This used to be commit 4b7387a054bfc1587e0b9b7088f420a5bcf0bad9)
2007-10-10 11:38:57 -05:00
Volker Lendecke
c52b3fb89f r17881: Another microstep towards better error reporting: Make get_sorted_dc_list
return NTSTATUS.

If we want to differentiate different name resolution problems we might want
to introduce yet another error class for Samba-internal errors. Things like no
route to host to the WINS server, a DNS server explicitly said host not found
etc might be worth passing up.

Because we can not stash everything into the existing NT_STATUS codes, what
about a Samba-specific error class like NT_STATUS_DOS and NT_STATUS_LDAP?

Volker
(This used to be commit 60a166f0347170dff38554bed46193ce1226c8c1)
2007-10-10 11:38:57 -05:00
Jeremy Allison
41d1f322f8 r17874: Fix possible null deref found by Stanford checker.
Jeremy.
(This used to be commit 2894310cc8cddaec2a67f1af0ab62cc559283e77)
2007-10-10 11:38:56 -05:00
Jeremy Allison
6ee700bd65 r17863: Fix unneeded NULL check on pointer parameters causing the
Stanford checker to flag null deref.
Jeremy.
(This used to be commit b7fc023e9025127855fab71002d556e5f84e00b4)
2007-10-10 11:38:54 -05:00
Volker Lendecke
cb3e14d5a2 r17855: Fix the build on systems without LDAP
(This used to be commit 2e9f5c520a843ad22088388d155a172a63c140d5)
2007-10-10 11:38:54 -05:00
Volker Lendecke
4bbb995e8d r17854: Steal the LDAP in NTSTATUS trick from Samba4
Thanks to Michael Adam <ma@sernet.de>

Volker
(This used to be commit 91878f9b6fbe5187fb7d0464008ea0abe7f11a73)
2007-10-10 11:38:54 -05:00
Jeremy Allison
a64925ddff r17800: Start using struct timespec internally for file times
on the wire. This allows us to go to nsec resolution
for systems that support it. It should also now be
easy to add a correct "create time" (birth time)
for systems that support it (*BSD). I'll be watching
the build farm closely after this one for breakage :-).
Jeremy.
(This used to be commit 425280a1d23f97ef0b0be77462386d619f47b21d)
2007-10-10 11:38:48 -05:00
Gerald Carter
8cac7c1399 r17795: Finally track down the "ads_connect: Interrupted system call"
error.  Fix our DNS SRV lookup code to deal with multi-homed hosts.
We were noly remembering one IP address per host from the Additional
records section in the SRV response which could have been an unreachable
address.
(This used to be commit 899179d2b9fba13cc6f4dab6efc3c22e44e062bc)
2007-10-10 11:38:47 -05:00
Jeremy Allison
aee6b5942a r17761: Handle times consistently across all client utils.
Fixes bugs reported in libsmbclient.
Jeremy.
(This used to be commit 42a417fb75313b093948602c3be8e2f386048b5f)
2007-10-10 11:38:47 -05:00
Gerald Carter
fddeed8adb r17760: The DNS SRV lookup already sorts by priority and weight so don't
use the generic IP list sort in get_sorted_dc_list().
(This used to be commit 03a767539d5b09ebd6564c0c9157de2a6e0e6b89)
2007-10-10 11:38:47 -05:00
Günther Deschner
58247fea05 r17677: There is no need for a 2nd krb5_to_nt_status function, is there?
Michael Adam/Volker, please check.

Guenther
(This used to be commit d0feb85781f69325ee70aff98370cfac037c4cc2)
2007-10-10 11:38:46 -05:00
Gerald Carter
232569c1f1 r17672: remove duplicate description on NT_STATUS_INVALID_PARAMETER (from Michael Adam <ma@sernet.de>)
(This used to be commit 7b51e27d026f2511edcde054f0d2deb9932d2fe8)
2007-10-10 11:38:46 -05:00
Volker Lendecke
7119823403 r17620: Fix two C++ Warnings and a memleak
(This used to be commit d7246284e0117f7a97b3cbb80ff45b532559bf63)
2007-10-10 11:38:44 -05:00
Jeremy Allison
ffa590854a r17612: Modify NTLMSSP session code so that it doesn't store
a copy of the plaintext password, only the NT and LM
hashes (all it needs). Fix smbencrypt to expose hash
verions of plaintext function. Andrew Bartlett, you
might want to look at this for gensec.
This should make it easier for winbindd to store
cached credentials without having to store plaintext
passwords in an NTLM-only environment (non krb5).
Jeremy.
(This used to be commit 629faa530f0422755823644f1c23bea74830912f)
2007-10-10 11:38:43 -05:00
Volker Lendecke
41a4496b20 r17606: Introduce krb5_to_ntstatus.
Thanks to Michael Adam <ma@sernet.de>

Volker
(This used to be commit 6e641c90b8f52a822a83701cdf305c60416d7f0c)
2007-10-10 11:38:42 -05:00
Jeremy Allison
b4f39f4a9e r17595: Fix from Ben Winslow <rain@bluecherry.net> to allow
client smb signing to be correctly turned off.
Jeremy.
(This used to be commit 61f052b0a67b8a05b5d925bf8bbad73369ac03bd)
2007-10-10 11:38:41 -05:00
Volker Lendecke
aa2138ed5b r17583: Change internal cli_session_setup functions to NTSTATUS.
Volker
(This used to be commit 990da03f0940371d20f89c145b7ebdbe8e9bf4c4)
2007-10-10 11:38:40 -05:00
Volker Lendecke
b29915d611 r17571: Change the return code of cli_session_setup from BOOL to NTSTATUS
Volker
(This used to be commit 94817a8ef53589011bc4ead4e17807a101acf5c9)
2007-10-10 11:38:39 -05:00
Volker Lendecke
3fc9b7e626 r17556: Remove duplicate entries. Thanks to Michael Adam <ma@sernet.de>
Volker
(This used to be commit ea83001d3ed0b5da67cf367c17fdef662bc01681)
2007-10-10 11:38:39 -05:00
Jeremy Allison
a8627a8576 r17431: Fix bug #4003, reported by dale-keyword-samba.c7b741@codefu.org.
NTcancel doesn't send a reply, so in this case the signing
sequence number is only incremented by 1, not 2.
Jeremy.
(This used to be commit 85841a01987e653a085af00c7c437145686a332b)
2007-10-10 11:38:33 -05:00
Volker Lendecke
467ec2a32b r17363: Some C++ warnings
(This used to be commit fd82f185a2e0f94bfb75f4eee072556ad94bf27d)
2007-10-10 11:38:28 -05:00
Volker Lendecke
02eea79624 r17333: Some C++ warnings
(This used to be commit be9aaffdaccae06c8c035eaf31862e34b7cfbe38)
2007-10-10 11:38:26 -05:00
Jeremy Allison
321b0a3a63 r17292: Try and fix bug #3967 - signing problems on trans
calls introduced by signing code simplification.
Please test if you've seen signing problems with
3.0.23a.
Jeremy.
(This used to be commit f462daf02c12cfba634f92e681eb23a09e7d0acf)
2007-10-10 11:38:23 -05:00
Jeremy Allison
9d9c90f31a r17291: Fix memory leaks on early exit path.
Jeremy.
(This used to be commit deaac5bd463e5b8fd0b9915b553fdac3a4271293)
2007-10-10 11:38:23 -05:00
Jeremy Allison
8f93665bb5 r17262: After messages from Metze and traces from Karolin Seeger,
turns out that EDQUOTA must map to NT_STATUS_DISK_FULL
for Windows apps to work correctly. My mistake.
Jeremy.
(This used to be commit de1e3f7a7ae9e8a41b45130e2cdfc22f43cf53b5)
2007-10-10 11:38:23 -05:00
Jeremy Allison
74cd692d9b r17234: Fix error mappings for EQUOTA and ENOBUFS.
Based on an idea from Shlomi Yaakobovich <Shlomi@exanet.com>.
Jeremy.
(This used to be commit 9c440925f879d1e4ef99d04e2dfbe41077869204)
2007-10-10 11:38:21 -05:00
Andrew Bartlett
fe348fdb28 r17216: From Kai Blin <kai.blin@gmail.com>:
A patch to make ntlm_auth recognize three new commands in
ntlmssp-client-1 and squid-2.5-ntlmssp:

The commands are the following:

Command: SF <hex number>
Reply: OK
Description: Takes feature request flags similar to samba4's
gensec_want_feature() call. So far, only NTLMSSP_FEATURE_SESSION_KEY,
NTLMSSP_FEATURE_SIGN and NTLMSSP_FEATURE_SEAL are implemented, using the same
values as the corresponding GENSEC_FEATURE_* flags in samba4.

Command: GF
Reply: GF <hex number>
Description: Returns the negotiated flags.

Command: GK
Reply: GK <base64 encoded session key>
Description: Returns the negotiated session key.

(These commands assist a wine project to use ntlm_auth for signing and
sealing of bulk data).

Andrew Bartlett
(This used to be commit bd3e06a0e4435f1c48fa3b7862333efe273119ee)
2007-10-10 11:38:19 -05:00
Gerald Carter
bd8556c8dd r17162: Fix typo small typos noticed by Paul Green.
(This used to be commit 1a5874588686fb4ece9be70059ff75b975ed2bd5)
2007-10-10 11:38:17 -05:00
Andrew Tridgell
f2faf11204 r17124: fixed a bug which caused resolve_ads() to spin forever if one of the
DCs isn't resolvable in DNS. The fix is to leave that DC out of the
returned list of DCs. I think the original code intended that anyway,
just didn't quite get it right ('i' wasn't incremented in that code
path, so the loop didn't terminate)
(This used to be commit d7ec9f3cc0439e9e0f4c98988b14ae2155d931b9)
2007-10-10 11:38:13 -05:00
Volker Lendecke
5fe140babc r17060: Some c++ warnings
(This used to be commit 2e7afa9e19b117d7a8ce1238c1b9b80ececec729)
2007-10-10 11:19:22 -05:00