IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
site support in a network where many DC's are down.
I heard via Volker there is still a bug w.r.t the
wrong site being chosen with trusted domains but
we'll have to layer that fix on top of this.
Gd - complain if this doesn't work for you.
Jeremy.
(This used to be commit 97e248f89a)
This add a struct event_context and infrastructure for fd events to smbd. This
is step zero to import lib/events.
Jeremy, I rely on you to watch the change in receive_message_or_smb()
closely. For the normal code path this should be the only relevant change. The
rest is either not yet used or is cosmetic.
Volker
(This used to be commit cd07f93a8a)
watch carefully - so I'm doing it in one transaction so I can
roll back).
Change check_name(), reduce_name() and dptr_create() to
return NTSTATUS. This helps a lot in error path processing
and especially in reduce_name() allows us to ditch the flaky
and error-prone saving of errno and return errors directly.
Jeremy.
(This used to be commit 6133a694aa)
add [ref] pointers where necessary (top-level [ref] pointers,
by spec, don't appear on the wire).
This brings us closer to the DCE/RPC standard again.
(This used to be commit 580f2a7197)
in the next step we can store them in LDAP to be replicated across DCs.
Thanks to Michael Adam <ma@sernet.de>
Volker
(This used to be commit 3c879745cf)
This change is needed to make it possible to not expire
caches in disconnected mode.
Jerry, please can you look at this and confirm it is ok?
Simo.
(This used to be commit 9e8715e4e1)
The only difference between the two trees now w.r.t file
serving are the changes to smbd/open.c in this branch I need
to review.
Jeremy.
(This used to be commit f4474edf6a)
might be possible that we hang in the receive_smb() although that socket is
not the reason for the select() to return.
This immediately reacts to the fam socket to become readable, and goes into
the select loop again. This fixes delays in files showing up in Windows.
Jeremy, James please review this and merge to 3_0_24 if appropriate.
Thanks,
Volker
(This used to be commit c846153b2e)
comparisons here, not unsigned as we're eventually
casting into what it normall a signed 32 bit
value. Guenther please check (but I think I'm right here).
Jeremy.
(This used to be commit 31f8e0edc0)
Just try to log on in offline mode without the fix: all accounts are expired,
although they are set to never expire in the PAC/info3.
NTTIME "Never" needs to get (time_t) -1.
We were casting a uint64 to time_t before
comparing, and we should have been doing it
the other way around.
Guenther please check this fixes things.
Jeremy.
(This used to be commit f4e898b622)
The problem occurs like this:
1) running smbd as a domain member without winbindd
2) client1 connects, during auth smbd-1 calls update_trustdom_cache()
3) smbd-1 takes the trustdom cache timestamp lock, then starts
enumerate_domain_trusts
4) enumerate_domain_trusts hangs for some unknown reason
5) other clients connect, all block waiting for read lock on trustdom
cache
6) samba is now hung
The problem is the lock, and really its just trying to avoid a race
where the cure is worse than the problem. A race in updating the
trutdom cache is not a big issue. So I've just removed the lock.
It is still an open question why enumerate_domain_trusts() can
hang. Unfortunately I've not in a position to get a sniff at the site
that is affected. I suspect a full fix will involve ensuring that all
the rpc code paths have appropriate timeouts.
(This used to be commit ab8d410533)
In case a user authenticated sucessfully and his password just expired
while beeing disconnected, we should allow a user to logon (given a
clear warning). We currently forced the user into a password change
dialogue in that scenario; this did not make much sense while offline.
Guenther
(This used to be commit 668b278653)
We were incorrectly calculating the days until the password expires and
we also need to look at the info3 pass_must_change_time for expiry
calculation.
Guenther
(This used to be commit 22d7923712)
wcard unlink if bad_path was set. The error
returned here is almost certainly incorrect
and will need testing properly with smbtorture,
but I don't want to forget about this path
(yes Volker I know this is currently incorrect :-).
Jeremy.
(This used to be commit 06e20c2878)
particular the NT_STATUS_INVALID_PARAMETER thing was badly wrong. Remove the
changes based on it. Using gentest is much more effective in this respect, but
it will take a while to figure out the wildcard error handling of W2k3.
Volker
(This used to be commit 58b8a242a7)
under Linux we returned NT_STATUS_NOT_A_DIRECTORY. This is because in the
bad_path==True condition lstat(2) returns ENOTDIR and not ENOENT.
Not sure if we want to necessarily replicate the INVALID_PARAMETER here, but
this is what W2k3 does.
Jeremy, I tried to call you, but you were not around. So I'll leave it up to
you to merge this.
Volker
(This used to be commit b1edc3d053)
I'm checking in micro-steps to make them independently checkable. This code
just very severely needs cleanup, but I don't want to break anything. So, be
patient with me, please :-)
Volker
(This used to be commit c16775486b)
than lots of indented code. Change recursive_rmdir()
to return the smbd standards of True on success, False
on fail (it was doing the reverse, which was very confusing).
Jeremy.
(This used to be commit 27dc5bebda)
close_file() to NTSTATUS as well.
I'm not sure I got all the error codes right, but as I've never come across a
smb_copy() call in all my Samba work, I'm leaving it at that. If I'm
absolutely bored, I will write a thorough torture test.
As far as I can see, Samba4 even does not have a libcli implementation for
it... :-)
Volker
(This used to be commit 5ebdf02ba1)
"smbcli_setattr("") always returns ACCESS_DENIED, test extension to follow.
Merge to 3.0.24?"
Yep (with slight optimization).
Jeremy.
(This used to be commit dcc7bca1ad)
3_0_24 because I was explicitly asked to, although this needs close
review. Jeremy, I'm sure you will check this thoroughly :-)
In reply_open_and_X the separate "size" variable kills the calculation of the
SPARSE flag returned to the client in the attrib field. In getpathinfo we do
it correctly, and RAW-OPEN (correctly) complains about the difference.
Add the "set the write time" to mknew and create.
For trans2open we were missing the "ofun == 0" ->
NT_STATUS_OBJECT_NAME_COLLISION case, and we dropped the status returned in
favor of ACCESS_DENIED once too many.
Last change is a fix to trans2open: We were returning the attributes given by
the client, not the attributes of the new file.
Volker
(This used to be commit 84e6889632)
the child domain cannot always resolve SIDs in sibling domains.
Windows tries to contact a DC in its own domain and then the root
domain in the forest. This async changes makes winbindd's name2sid()
call do the same.
(This used to be commit 7b2bf0e5a6)
The only error path of can_delete() that we're interested in ntcreate&x is the
one of can_delete_file_in_directory(), so call that directly.
The only other one where we might get a NT_STATUS_ACCESS_DENIED is from the
lstat in can_delete, but this is covered later in the open_directory and
open_file_ntcreate calls. open_directory does a stat() in the open case which
also covers the (potential) symlink, and open_file_ntcreate does the open(2)
itself, so this should also work.
This makes can_delete() static to reply.c.
Volker
(This used to be commit d289037fdb)
first of the raw-notify subtests, the one-level test_notify_dir without any
flags around yet.
The tricky part was getting the data structures right, I hope the next tests
don't let that fall over.
fsp->notify is now by default NULL, meaning that nobody has issued a
changenotify call. This means nobody is interested in changes for this
directory.
If that has happened, notify_change_buf collects the changes if no current
request is outstanding, and it collects the requests if no change has happened
since the last request.
Happy New Year, somewhere on this planet it's already 2007 :-)
Volker
P.S: Jeremy, there's a question for you in smbd/files.c line 367.
(This used to be commit ce0ad24988)
call_nt_transact_notify_change() is now sync if there are changes around.
A notify_message does a direct reply from within the message, so
process_pending_change_notify_queue is not needed anymore for samba-generated
events. Next step is to restructure the kernel-mechanisms to generate
messages.
Volker
(This used to be commit c813f71d00)
is (effectively) in libc. Convert AC_LIBTESTFUNC to use the mystically
undocumented m4_ifval, which fixes some quoting problems when
providing shell code for the if-true and if-false branches.
(This used to be commit 5e1fbcc403)
As discussed with jerry at the CIFS conf: overriding the
administrator's wishes from the krb5.conf has only every given me
segfaults. We suggest leaving this up to the defaults from the
libraries anyway.
Andrew Bartlett
(This used to be commit 0b72c04906)
Checking in because Jeremy was bugging me. Potentially this becomes quite
intrusive, I'm not sure if I should open a temporary branch for this.
Jeremy, Jerry, do you think 3_0 is the right place for this?
Volker
(This used to be commit bcf5c751cb)
only try to find dlfcn.h if the dlopen symbol was found,
it hopefully fixes systems where dlfcn.h but no library with dlopen
metze
(This used to be commit b303e929d1)
wcards. I had forgotten this and had refused to allow
dest to contain wcards. We now pass all the normal
Samba4 smbtorture RAW-RENAME tests.
Jeremy
(This used to be commit 4183c1b49f)
by ensuring we pass in a valid src_len (or zero when appropriate).
Volker is correct in that this is a *horrible* interface and he is
now free to generally clean it up everywhere :-). Go for it Volker !
Jeremy.
(This used to be commit cd991fb839)
This involved passing the dirname as argument to a few routines instead of
calling parent_dirname() deep down.
Volker
(This used to be commit 7977fd7865)
error messages: We relied upon a stat that a directory did not exist to later
on then do the mkdir or not. This does the mkdir directly and copes with a
potential error.
The second one is more important: It's possible with Samba 3 to do a
ntcreate&x with NTCREATEX_OPTIONS_DIRECTORY and we happily do a NT_STATUS_OK.
Also move up the use_nt_status() logic a bit. I think this does not belong
into the core routines, the smb server as such should take care of it.
Jeremy, do you think this should go to 3.0.24?
I'll update samba4torture when the build farm has picked up this checkin.
Volker
(This used to be commit 472fb11f49)
after it's child died unexpectedly whilst the parent
was waiting for a reply. We need to clean up the request
we're not going to service, plus we still need to call
the continuation function with a "False" flag so it
can clean things up. Still testing this, but I think
I'm right.
Jeremy
(This used to be commit 9b04ac0c81)
the network cable out of the machine *exactly*
after the init_dc_connect() call in cm_connect_sam()
or cm_connect_lsa() call succeeded but before any
of the other calls fail, and they have debug level
10 set in the log, then we'd crash due to dereferencing
a now NULL pointer (conn->cli gets set to NULL when
the init_dc_connect() call called from cm_get_schannel_dcinfo()
fails). Yes, before you ask this *did* happen on a
customer site :-).
Jeremy.
(This used to be commit a0278a0cb0)
stuff & friends.
Survives raw-mkdir. I'll activate that tomorrow when all build farm machines
have picked up the changed samba4 torture test.
Volker
(This used to be commit 37e7a3f35f)
* fail on invalid credential flags in pam_sm_setcred
* parse config file for pam_sm_acct_mgmt and pam_sm_open_session
Guenther
(This used to be commit 2a428ac814)
Make sure we route all request to remote DCs via the main process
so that IDMAP can correctly reuse DC connections and use the
async interface.
This fixes also idmap_nss so that it is able to resolve local
group names (requires patch on the samba dc earlier committed
to SAMBA_3_0 to make it resolve both the mapped and the unmapped
name).
Simo.
(This used to be commit 4297510f22)
still needs to contact the DC's for non async requests
like enumerate users/groups etc. Now that online
DC detection is tied to async events we must enable
the processing of events in the main loop of winbindd.
Finally got rid of the last hard coded domain->initialized = 1
code in init_child_recv() - now all domain->initialized = True
gets done only in the connection manager code when either
we're online and have spoken to the DC or are offline and
we know we can't talk to the DC.
Jeremy.
(This used to be commit b3c98057fb)
ncreate does. This is a bit slower (about 10-20%), because it goes touches the
share mode db, but I think not having to call change_owner_to_parent and
friends in fewer places outweighs this. And, mkdir is not the way current
Windows boxes create directories, they do it via the ncreate call.
Volker
(This used to be commit ddae494fbe)
don't have a check online event handler set.
We need to add one once we're been asked to
go back online as this is the only way to actually
go into the online state. Doh ! :-).
Jeremy.
(This used to be commit 5d36c4e031)
A reversed check made it impossile to fallback to the Unix Domain mapping code.
Also fix a potential use of a freed array.
Jerry,
my tests shows that this code now correctly handle the fallback to Unix Domain
when our Domain member is asked for a mapped group that has a unix name different
from the Windows name against a Samba DC and we do not use winbindd but share
users/groups by other means (ldap / sync of passwd and group files)
Immediate Fix would be to discuss if we should answer back when DOMAIN\unixgroup -> SID
is asked for, in the case the unixgroup name is mapped to a different name.
IE: DOMAIN\Domain Admins -> ntadmins
Currently if we are asked for "DOMAIN\Domain Admins" we return the dom admins SID
If we are asked for "DOMAIN\ntadmins we return "not found", but we may consider to
return the Domain admins SID in this case too.
Comments are welcome on this point!
Long term fix I think is the unixinfo pipe and of course an idmap_unixinfo moudle.
Simo.
(This used to be commit 07bdbb4c21)
I think "anonimous" is correctly spelled "anonymous". The Solaris compile is
referring to this as "anonymous" in line 814 of smbldap.c. Simo, please check.
Thanks,
Volker
(This used to be commit a77d8fa08e)
