IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
3_0_24 because I was explicitly asked to, although this needs close
review. Jeremy, I'm sure you will check this thoroughly :-)
In reply_open_and_X the separate "size" variable kills the calculation of the
SPARSE flag returned to the client in the attrib field. In getpathinfo we do
it correctly, and RAW-OPEN (correctly) complains about the difference.
Add the "set the write time" to mknew and create.
For trans2open we were missing the "ofun == 0" ->
NT_STATUS_OBJECT_NAME_COLLISION case, and we dropped the status returned in
favor of ACCESS_DENIED once too many.
Last change is a fix to trans2open: We were returning the attributes given by
the client, not the attributes of the new file.
Volker
(This used to be commit 84e6889632)
the child domain cannot always resolve SIDs in sibling domains.
Windows tries to contact a DC in its own domain and then the root
domain in the forest. This async changes makes winbindd's name2sid()
call do the same.
(This used to be commit 7b2bf0e5a6)
The only error path of can_delete() that we're interested in ntcreate&x is the
one of can_delete_file_in_directory(), so call that directly.
The only other one where we might get a NT_STATUS_ACCESS_DENIED is from the
lstat in can_delete, but this is covered later in the open_directory and
open_file_ntcreate calls. open_directory does a stat() in the open case which
also covers the (potential) symlink, and open_file_ntcreate does the open(2)
itself, so this should also work.
This makes can_delete() static to reply.c.
Volker
(This used to be commit d289037fdb)
first of the raw-notify subtests, the one-level test_notify_dir without any
flags around yet.
The tricky part was getting the data structures right, I hope the next tests
don't let that fall over.
fsp->notify is now by default NULL, meaning that nobody has issued a
changenotify call. This means nobody is interested in changes for this
directory.
If that has happened, notify_change_buf collects the changes if no current
request is outstanding, and it collects the requests if no change has happened
since the last request.
Happy New Year, somewhere on this planet it's already 2007 :-)
Volker
P.S: Jeremy, there's a question for you in smbd/files.c line 367.
(This used to be commit ce0ad24988)
call_nt_transact_notify_change() is now sync if there are changes around.
A notify_message does a direct reply from within the message, so
process_pending_change_notify_queue is not needed anymore for samba-generated
events. Next step is to restructure the kernel-mechanisms to generate
messages.
Volker
(This used to be commit c813f71d00)
is (effectively) in libc. Convert AC_LIBTESTFUNC to use the mystically
undocumented m4_ifval, which fixes some quoting problems when
providing shell code for the if-true and if-false branches.
(This used to be commit 5e1fbcc403)
As discussed with jerry at the CIFS conf: overriding the
administrator's wishes from the krb5.conf has only every given me
segfaults. We suggest leaving this up to the defaults from the
libraries anyway.
Andrew Bartlett
(This used to be commit 0b72c04906)
Checking in because Jeremy was bugging me. Potentially this becomes quite
intrusive, I'm not sure if I should open a temporary branch for this.
Jeremy, Jerry, do you think 3_0 is the right place for this?
Volker
(This used to be commit bcf5c751cb)
only try to find dlfcn.h if the dlopen symbol was found,
it hopefully fixes systems where dlfcn.h but no library with dlopen
metze
(This used to be commit b303e929d1)
wcards. I had forgotten this and had refused to allow
dest to contain wcards. We now pass all the normal
Samba4 smbtorture RAW-RENAME tests.
Jeremy
(This used to be commit 4183c1b49f)
by ensuring we pass in a valid src_len (or zero when appropriate).
Volker is correct in that this is a *horrible* interface and he is
now free to generally clean it up everywhere :-). Go for it Volker !
Jeremy.
(This used to be commit cd991fb839)
This involved passing the dirname as argument to a few routines instead of
calling parent_dirname() deep down.
Volker
(This used to be commit 7977fd7865)
error messages: We relied upon a stat that a directory did not exist to later
on then do the mkdir or not. This does the mkdir directly and copes with a
potential error.
The second one is more important: It's possible with Samba 3 to do a
ntcreate&x with NTCREATEX_OPTIONS_DIRECTORY and we happily do a NT_STATUS_OK.
Also move up the use_nt_status() logic a bit. I think this does not belong
into the core routines, the smb server as such should take care of it.
Jeremy, do you think this should go to 3.0.24?
I'll update samba4torture when the build farm has picked up this checkin.
Volker
(This used to be commit 472fb11f49)
after it's child died unexpectedly whilst the parent
was waiting for a reply. We need to clean up the request
we're not going to service, plus we still need to call
the continuation function with a "False" flag so it
can clean things up. Still testing this, but I think
I'm right.
Jeremy
(This used to be commit 9b04ac0c81)
the network cable out of the machine *exactly*
after the init_dc_connect() call in cm_connect_sam()
or cm_connect_lsa() call succeeded but before any
of the other calls fail, and they have debug level
10 set in the log, then we'd crash due to dereferencing
a now NULL pointer (conn->cli gets set to NULL when
the init_dc_connect() call called from cm_get_schannel_dcinfo()
fails). Yes, before you ask this *did* happen on a
customer site :-).
Jeremy.
(This used to be commit a0278a0cb0)
stuff & friends.
Survives raw-mkdir. I'll activate that tomorrow when all build farm machines
have picked up the changed samba4 torture test.
Volker
(This used to be commit 37e7a3f35f)
* fail on invalid credential flags in pam_sm_setcred
* parse config file for pam_sm_acct_mgmt and pam_sm_open_session
Guenther
(This used to be commit 2a428ac814)
Make sure we route all request to remote DCs via the main process
so that IDMAP can correctly reuse DC connections and use the
async interface.
This fixes also idmap_nss so that it is able to resolve local
group names (requires patch on the samba dc earlier committed
to SAMBA_3_0 to make it resolve both the mapped and the unmapped
name).
Simo.
(This used to be commit 4297510f22)
still needs to contact the DC's for non async requests
like enumerate users/groups etc. Now that online
DC detection is tied to async events we must enable
the processing of events in the main loop of winbindd.
Finally got rid of the last hard coded domain->initialized = 1
code in init_child_recv() - now all domain->initialized = True
gets done only in the connection manager code when either
we're online and have spoken to the DC or are offline and
we know we can't talk to the DC.
Jeremy.
(This used to be commit b3c98057fb)
ncreate does. This is a bit slower (about 10-20%), because it goes touches the
share mode db, but I think not having to call change_owner_to_parent and
friends in fewer places outweighs this. And, mkdir is not the way current
Windows boxes create directories, they do it via the ncreate call.
Volker
(This used to be commit ddae494fbe)
don't have a check online event handler set.
We need to add one once we're been asked to
go back online as this is the only way to actually
go into the online state. Doh ! :-).
Jeremy.
(This used to be commit 5d36c4e031)
A reversed check made it impossile to fallback to the Unix Domain mapping code.
Also fix a potential use of a freed array.
Jerry,
my tests shows that this code now correctly handle the fallback to Unix Domain
when our Domain member is asked for a mapped group that has a unix name different
from the Windows name against a Samba DC and we do not use winbindd but share
users/groups by other means (ldap / sync of passwd and group files)
Immediate Fix would be to discuss if we should answer back when DOMAIN\unixgroup -> SID
is asked for, in the case the unixgroup name is mapped to a different name.
IE: DOMAIN\Domain Admins -> ntadmins
Currently if we are asked for "DOMAIN\Domain Admins" we return the dom admins SID
If we are asked for "DOMAIN\ntadmins we return "not found", but we may consider to
return the Domain admins SID in this case too.
Comments are welcome on this point!
Long term fix I think is the unixinfo pipe and of course an idmap_unixinfo moudle.
Simo.
(This used to be commit 07bdbb4c21)
I think "anonimous" is correctly spelled "anonymous". The Solaris compile is
referring to this as "anonymous" in line 814 of smbldap.c. Simo, please check.
Thanks,
Volker
(This used to be commit a77d8fa08e)
- make most static functions inline
- handle NULL pointers in talloc_parent_chunk()
- use talloc_parent_chunk() in talloc_parent_name()
to fix a bug found by the IBM checker
metze
(This used to be commit c718eb7a7c)
response_extra_sent() expects to free a malloced
extra_data.data while the add_XX_to_array functions all return talloced
memory now. Jeremy, please check.
Guenther
(This used to be commit 9f34c9f369)
off conn->mem_ctx, not the null context so we can
safefy free everything on conn close. Should fix
possible memleak.
Jeremy.
(This used to be commit b33bde7b39)
* Fix DNS updates for multi-homed hosts
* Child domains often don't have an NS record in
DNS so we have to fall back to looking up the the NS
records for the forest root.
* Fix compile warning caused by mismatched 'struct in_addr'
and 'in_addr_t' parameters called to DoDNSUpdate()
(This used to be commit 3486acd3c3)
Wnidows 2000 DNS which expects the TKEY payload to
be in the answer section and not in the additional
set of records (like Windows 2003 and the RFC).
(This used to be commit a3b6734fda)
per type - this is all we use right now and makes
re-entrancy problems with deleting handlers with
a message dispatch loop go away.
Jeremy.
(This used to be commit 2e9b6faeae)
in tdb message processing. If we're inside a dispatch
function and we delete our own handler we'd walk onto
the next pointer from a deleted memory block. Fixes
crash bug in winbindd (and goodness knows where else).
Jeremy.
(This used to be commit 27a4c11214)
Now I've done this I might be able to reduce the probe
timeout and reduce the backoff algorithm, going back
to checking every cache time seconds (5 mins by default),
as the parent or forked domain child will never block.
Jeremy.
(This used to be commit d0add5f946)
reported by James. Ensure that this function allocates
everything on the temporary context except the return
memory. Never call this with a null mem context, and
now use conn->mem_ctx instead in smbd/service.c.
Remove separate free functions for conn->ngroups
and conn->nt_user_token as they are now always
talloc'ed off the conn->mem_ctx. Future optimization
will be to remove conn->mem_ctx and make all objects
pointed to in the conn struct talloc'ed off conn itself.
Easy to free then :-).
Jeremy.
(This used to be commit f83b6de44f)
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e)
the child inherits *all* active check_online timout handlers.
This is bad when it's not our domain (ie. BUILTIN).
Jeremy.
(This used to be commit 8d815ec4c1)
a network but not one on which any home DC's can
be found (hotel network problem). Still testing
but this is getting close.
Jeremy.
(This used to be commit 369c9e4138)
on write-only files. Jim please check. Should not affect
Windows clients - I ensured all the relevent Samba4
torture tests still pass.
Jeremy.
(This used to be commit 6df3cac44f)
The main thing here is a rewrite of srv_winreg_nt.c. The core functionality
has moved to registry/reg_api.c which is then usable by the rest of Samba as
well.
On that way it fixes creating keys with more than one element in the
path. This did not work before.
Two things that sneaked in (sorry :-) is the change of some routines from
NTSTATUS to WERROR the removed "parent" argument to regkey_open_internal.
Volker
(This used to be commit fea52801de)
Metze: as noted by "shattered" and discussed on the irc,
here is a patch to lib/sysquotas_linux.c replacing some
"get"s by "set"s. The other lib/sysquotas*.c files look
ok to me. But in the linux variant, the problem is not
in the actual call of quotactl but in the preparation of
the respective "D" structs. This makes the difference
between the get and set calls for SMB_USER_FS_QUOTA_TYPE
and SMB_GROUP_FS_QUOTA_TYPE.
metze
(This used to be commit d303cc7e62)
Fix code that mistakenly assumed tdb_traverse
returned 0 or -1, it actually returns -1 or the
number of entries traversed. Add a static as another
way to return the bad cache value.
Jeremy.
(This used to be commit 5266a70ae9)
against tdb corruption. Needs fleshing out
(and I forgot one record type) and needs helpful
suggestion from Volker to validate freelist,
but should give an idea of how this will look.
Jeremy.
(This used to be commit 8eb53f74e4)
With more than 5 different trees I can't swear that I did test this properly
yesterday. Sorry for the noise.
Volker
(This used to be commit 978a6196bf)
other StringBufs, otherwise clicking on a key with this value being set leads
to regedit.exe on w2k3 chew all memory.
(This used to be commit b148cde7f3)
considerably here.
This temporarily removes a cache for the tdb based registry, I'll re-add that
in srv_winreg_nt.c in the next step.
This fixes creating/renaming values from the windows regedit.exe, as "New
Value #1" was not entering the cache after being created.
Volker
(This used to be commit c8c81f0e86)
length in *bytes* for UTF-16, not the string length. This got lost during the
conversion.
This took a while to figure out :-)
Thanks to Chetan!
Volker
(This used to be commit 8df6544fa8)
waiting for comments. This is what version control is for, and it does fix a
segfault I ran into ;-)
Nevertheless, Jelmer & Jerry, please take a look!
Thanks,
Volker
(This used to be commit 95c14a822c)
W2k3. The server requires that size==0 in the [in] name. Somehow I get the
feeling that something is badly wrong here....
I did not yet recreate the gen_ndr equivalent, see next mail.
Volker
(This used to be commit 016ddce120)
(http://www.centeris.com/) under my copyright.
* Rework error reporting to use DNS_ERROR instead
of int32
* Convert memory allocation to use talloc()
* Generalize the DNS request/response packet marshalling
* Fix the secure update requests
(This used to be commit c787983336)
string the clis_state struct. So call saf_store() after we
have the short domain name in the lsa_query_inof_policy code.
* Remove unused server string in saf_delete()
(This used to be commit 3eddae2f20)
we're just doing strchr on a const string there's
no need to strdup it before, we're never modifying
it. Just remove the variable "parm".
Jeremy.
(This used to be commit 1af18f613b)
because of this. Probably a show-stopper for 3.0.23d.
Thanks to Alain GORLIER <alain.gorlier@altissemiconductor.com>
for the fix.
Jeremy.
(This used to be commit b167785cbd)
Jerry, please check this. The way I understood alpha_strcpy the last arg needs
to be the size of the target, not of the source.
Thanks,
Volker
(This used to be commit 287d68daab)
prints the hash on every record for easier awk'ing, and tdbbackup allows a
different hash chain length on the backed up tdb.
Jeremy, Günther, this might be interesting for you huge domains. Not only
locking.tdb, also the winbind ones might grow huge.
In the installation I fixed with this winbind spent a huge amount of CPU
spinning through a degenerated winbindd_idmap.tdb with entries for more than
15.000 users. With a default number of hash chains of 131 on that tdb you can
imagine that the lists get large.
Not merging to 4, I don't get tdbbackup to compile there right now.
What about changing the global default hash chain number to be dramatically
larger? Disk is cheap these days.
Volker
(This used to be commit 577d0ff658)
