IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
A new wrapper tdb_validate_open() takes a filename an opens and closes
the tdb before and after calling tdb_validate() respectively.
winbindd_validata_cache_nobackup() now dynamically calls one of
the above functions depending on whether the cache tdb has already
been opened or not.
Michael
(This used to be commit dc0b08e659)
So there is a new subcommand "smbcontrol winbindd validate-cache" now.
This change provides the infrastructure:
The function currently returns "true" unconditionally.
The call of a real cache validation function will be incorporated
in subsequent changes.
Michael
(This used to be commit ef92d505c0)
This adds the two functions talloc_stackframe() and talloc_tos().
* When a new talloc stackframe is allocated with talloc_stackframe(), then
* the TALLOC_CTX returned with talloc_tos() is reset to that new
* frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse
* happens: The previous talloc_tos() is restored.
*
* This API is designed to be robust in the sense that if someone forgets to
* TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and
* resets the talloc_tos().
The original motivation for this patch was to get rid of the
sid_string_static & friends buffers. Explicitly passing talloc context
everywhere clutters code too much for my taste, so an implicit
talloc_tos() is introduced here. Many of these static buffers are
replaced by a single static pointer.
The intended use would thus be that low-level functions can rather
freely push stuff to talloc_tos, the upper layers clean up by freeing
the stackframe. The more of these stackframes are used and correctly
freed the more exact the memory cleanup happens.
This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and
lp_talloc_ctx (did I forget any?)
So, never do a
tmp_ctx = talloc_init("foo");
anymore, instead, use
tmp_ctx = talloc_stackframe()
:-)
Volker
(This used to be commit 6585ea2cb7)
"not_defined_in_RFC4178@please_ignore" case to make at least LDAP SASL binds
succeed with windows server 2008.
Guenther
(This used to be commit f5b3de4d30)
Ronnie. If a lock timeout expires, we must check we can get the
lock before responding with failure. Volker is writing a torture test.
Jeremy.
(This used to be commit 45380f356b)
pipe used when connecting to win2k and newer domain controllers. The
server may be configured to deny anonymous netlogon connections which
would stop domain join verification step. Still, winnt domains require
such smb sessions not to be authenticated using machine credentials.
Creds employed in smb session cannot have a username in upn form, so
provide the separate function to use machine account.
rafal
(This used to be commit 30d99d8ac3)
The lockup could happen when packet_read_sync() gets two packets in a row, the
first one being an async message, and the second one being the response to a
ctdb request.
Also add some debug msg to ctdb_conn.c, and cut off the "locking key" messages
to only dump 20 hex chars at debug level 10. >10 will dump everything.
(This used to be commit 0a55880a24)
into a tiny winbindd DsGetDcName client. This still does not solve the case of
using the locator from within winbindd itself but at least gencache.tdb and
others are no longer corrupted.
Guenther
(This used to be commit 908e7963b8)
specfic and generic flags in a winbindd_request.
It turns out that the WBFLAG_RECURSE flag is the only non-PAM specific flag we
put into the "flags" field of a winbind request anyway. Now each request
command can use the entire space of the "flags" field.
Guenther
(This used to be commit 18b29763d1)
commit fb52f971986dd298abbcd9745ddf702820ce0184
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Mon Aug 27 13:50:26 2007 -0500
Check correct return type for pam_winbind_request_log() wnibind_upn_to_username
which is an int and not NSS_STATUS.
commit 7382edf6fc0fe555df89d5b2a94d12b35049b279
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Mon Aug 27 13:30:26 2007 -0500
Allow wbinfo -n to convert a UPN to a SID
commit 8266c0fe1ccf2141e5a983f3213356419e626dda
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Fri Aug 3 09:53:16 2007 -0500
Merge some of Guenther UPN work for pam_winbind.c (check the winbind separator
and better pam logging when converting a upn to a username).
commit 15156c17bc81dbcadf32757015c4e5158823bf3f
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Fri Aug 3 08:52:50 2007 -0500
Include Universal groups from the cached PAC/SamLogon info when
generating the list of domain group SIDs for a user's token.
commit 979053c0307b051954261d539445102c55f309c7
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Thu Aug 2 17:35:41 2007 -0500
merge upnlogon patch from my tree
(This used to be commit 98fb5bcd57)
Swat has not been built by default for a while, so I did not notice that
the _ macro is actually used. Re-add the lang_msg_rotate function, this
time only to swat so that this is the only binary that has to take the
16k penalty.
(This used to be commit 191e1ef840)
Jeremy, there are two remaining diffs in sesssetup.c which I don't really
know which one is right. Can you take a look?
Thanks,
Volker
(This used to be commit d82f354487)
Samba's own registry, the access mask for opening the
registry for the write operations needs to be
SEC_RIGHTS_MAXIMUM_ALLOWED instead of REG_WRITE: we can
not open e.g. HKLM read write explicitly, since we can
not write to this virtual part of the registry, only
to the subkeys like 'HKLM\Software\Samba\smbconf' that
are stored on disk.
Note that MAXIMUM_ALLOWED is also what windows' regedit
passed to the open calls.
Michael
(This used to be commit 57c30f7319)
This prevents creation of problematic configurations from registry editors
like regedit or "net rpc registry".
I will refactor the code to be somewhat more concise,
but I wanted to have this in the tree, now I got it working... :-)
Michael
(This used to be commit 4424a03032)
as TALLOC_ABORT() is defined to abort() by default
wrap it into a function so that the function name
in the backtrace shows what happens.
metze
(This used to be commit ddbe971030)
TODO: don't allow '-i -D' and '-D -i' on all
server binaries in the SAMBA_3_2 branch!
The &server_mode patch makes this difficult to check...
metze
(This used to be commit 102bb0fc17)
if parsing of the boolean string was successful.
Also, initialize the local result variable
(although not strictly necessary anymore, now.)
(This used to be commit bf0daa74fa)
instead of a 2-byte zero character. I can't recall what
rode me when I put that "2" there. But now I think I
have got it right... :-)
Michael
(This used to be commit fa010bef11)
contains a correct representation of a boolean value (in the
understanding of loadparm.c).
Make set_boolean() catch passing NULL for the boolean target.
Michael
(This used to be commit d13eaa60f5)
smbd, nmbd and winbindd can be started with invalid options currently.
The first patch attached would be a possible solution.
It contains an exit if an invalid option has been used. The main problem
is, that existing setups with wrong options or missing arguments in start
scripts will break (which is the right behaviour from my point of view).
metze
(This used to be commit 8532e3182a)
and make that the primary context for the request
which the implementations can also use.
- go via functions pointers in the ndr_interface_table
instead of calling functions directly.
metze
(This used to be commit 5c4d998300)
vuid that was allocated whilst the connection is
being constructed and after the connection has been set up.
This is what Windows does and at least one client
(and HP printer) depends on this behaviour. As it
depends on the req struct not yet ported to SAMBA_3_2_0
(Volker, hint hint.... :-) I am not yet adding this
to that branch, but will investigate that tomorrow.
Jeremy.
(This used to be commit a54f2805df)
be called with inverse == NULL.
Add a new function lp_parameter_is_canonical() to check whether a
parameter name is the canonical name (as apposed to an alias).
Michael
(This used to be commit 07dc0fecf5)
rename dcerpc_interface_table -> ndr_interface_table
rename dcerpc_interface_list -> ndr_interface_list
and move them to libndr.h
metze
(This used to be commit f57d23d0f1)
This API will change anyway when moving away from pstrings.
It took so long to fix, because that rename bug I just fixed gave make
test failures that had nothing to do with this one.
I have samba4 tests for both bugs, will check them in when the build
farm has caught up
(This used to be commit d4f442ed9b)
This was broken when I changed reply_mv to wrap in a open_file_ntcreate
call, unix_convert on the destination was called twice
(This used to be commit fddc9db911)
rename struct dcerpc_endpoint_list/struct dcerpc_authservice_list
into ndr_interface_string_array and move it to libndr.h
metze
(This used to be commit 9fec0d6c2c)
a parameter and value into the canonical paramter with the value
inverted if it was in invers boolean synonym.
Make net conf use this function when storing parameters.
Michael
(This used to be commit 3b762ab183)
Also simplify lp_canonicalize_parameter by making use of
the new function "is_synonym_of".
Michael
Note: If anything depends on the exact former output format of
show_parameter list, I would trigger the output of synonym information
by a boolean verbose switch (that could be passed to testparm
via the "-v" command line switch).
(This used to be commit fd2dbae825)
When storing parameters in the smbconf portion of the registry,
up to now, synonyms could be misused to store a parameter twice.
Now this is prevented by canonicalizing the paramter name first.
Also, the value for a boolean parameter checked for validity
before storing the bool in registry.
(The canonicalization should finally go into the registry smbconf
code to also prevent e.g. "regedit" or "net rpc registry" from
storing synonyms. - This is in the making.)
Michael
(This used to be commit 95447dde86)
and produces the "canonical" (or main) name of the parameter (the one
synonym that does not have the flag FLAG_HIDE). The function also sets
a flag as to whether the synonym is a reverse boolean synonym.
Add some functions for the handling of string representations of boolean
values: return the canonical string representation of a bool, invert
a bool given as a string, canonicalize a bool given as a string.
Michael
(This used to be commit 113ac07199)
the request, presumably due to the PROTECTED flag not being set. Setting
that flag (in make_sec_desc()) has much wider implications than just to
libsmbclient, so instead of modifying that, we'll remove security
descriptors by setting the number of ACEs to zero. At some point, we might
want to look into whether we should actually be setting the PROTECTED flag
in the DACL.
Reference http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsce_ctl_qxju.mspx?mfr=true
Derrell
(This used to be commit 319df380e5)
Jeremy, I really apologize for doing this, but I just wanted to enjoy
converting the last SMB call :-)
I've left one little task for you there, I'm not certain that checking
the inbuf length is correct here.
Volker
(This used to be commit 1e08fddafd)
Talked to both Tridge and Jeremy about this, Tridge said that there is a
special error message persuading OS/2 to fall back to other methods.
The calls now checked in always return the error message we used to
return when "read bmpx = False" was set (the default): ERRSRV, ERRuseSTD.
If someone has a reproducable test case where this is really needed, we
can always dig it up from version control and convert it to the new API.
But that time without that silly parameter, and with a torture test case
for "make test" please :-)
Volker
(This used to be commit d941aae2df)
length_is() isn't supported without size_is().
I assume what we need is an array of strings,
so the code isn't used and broken anyway without
a testsuite...just get rid of the pidl warning
metze
(This used to be commit a3fd68d485)
prs_mem_free() is not the function to be called to free memory allocated by
prs_alloc_mem(). I've added a comment so others may not get bitten too.
- Remove incorrect memory free calls added yesterday to replace SAFE_FREE.
The memory is actually now on a talloc context, so gets freed by the caller
when that context is freed. We don't need to free it iternally.
Derrell
(This used to be commit 2fde343150)
incremented too far in some circumstances. In these cases, only the first
of multiple concatenated strings would be seen.
- Working on bug 4649 pertaining to delete an ACL, this fixes the reported
crash. It appears to have been an incomplete switchover from malloc to
talloc, as the memory was still being freed with SAFE_FREE.
Deleting ACLs still doesn't work. Although a valid request is sent to the
server and a SUCCESS response is returned, the method that's used in
libsmbclient for deleting ACLs seems to be incorrect. In looking at the
samba4 torture tests, it appears that we should be turning on the INHERIT
flag if we want to delete the ACL. (I could use some assistance on the
proper flags to send, from anyone familiar with this stuff.)
- Apply patch from SATOH Fumiyasu to fix bug 4750. smbc_telldir_ctx() was not
returning a value useful to smbc_lseekdir_ctx().
Derrell
(This used to be commit 2ac502e29b)
In the future, we might put the new Linux splice(2) syscall here. This
should also work for reply_write, but getting that in is a bit trickier.
We need to decide very early before fetching the whole buffer that we
have a write call.
(This used to be commit 32921c878a)
enums are not necessarily represented as 32-bit uints. On assignment
(see line 1029) implicit conversion happens, but not when pointers are
taken.
(This used to be commit 67ec6863dd)
The argument to smb_setlen does not contain the nbt header of 4 bytes
The chained function might allocate outbuf itself (as now happens with
reply_read_and_X). This would erroneously overwrite the caller's outbuf.
Give it an outbuf pointer of it's own
(This used to be commit f923bba908)
and alters the device id depending on the configured algorithm.
The algorithm is configured via "fileid:algorithm":
- "fsname" (default) uses a uint64 hash over the mount point
- "fsid" uses the fsid returned from statfs()
This is needed for "clustering = yes" on some clusterfilesystems
metze
(This used to be commit 30f9171cca)
left as nonzero as returned by the failed cli_session_setup_spnego. When we then try
to authenticate as the user in cli_session_setup this returns an
error "Bad userid" (as seen in wireshark).
"We should only leave cli->vuid != 0 on success. Looks like it's
getting set in the cli_session_setup_blob_receive() call and not
cleared again on error."
Jeremy.
(This used to be commit fa8e66dd8d)
This makes it possible to set the default hashsize for any tdb. I would
like to remove the "open files database hash size" in favor of this one.
I'll check that removal in with the next commit, please complain/revert
if it's not ok.
Volker
(This used to be commit e9bd7a63a8)
The really pure bugfix would have replaced pparam by *pparam, but we pulled
the fid anyway.
Metze, in line 2421 the FSP_BELONGS_CONN is commented out, is that intended?
The FSCTL_CREATE_OR_GET_OBJECT_ID ioctl did not have it.
Volker
(This used to be commit 2c1376225b)
----------------------------------------------------------
In rare cases, Samba 3.0.25b shows directory contents at the wrong
position in the file tree when displaying a subdirectory of a DFS link.
The problem occurs whenever Windows XP asks for a DFS referral for a
subdirectory of a DFS link with a trailing backslash.
Windows does not do this very often, but we saw it several times per day
on our central DFS server.
smbd/msdfs.c, dfs_path_lookup() does the following with the requested
path:
- in line 390, the local copy 'localpath' is 'unix_convert'ed; the
trailing backslash is removed inside unix_convert
- in lines 417-20, 'dfspath' (another copy of the requested path) is
mangled another way without removing trailing backslashes
That's why the following loop (lines 435-461) that is meant to
synchronously cut off the last path component from both strings until it
comes to a DFS link, does not handle both strings the same. When the
original path ended with a backslash, 'canon_dfspath' has always one
component more than 'localpath', so that *consumedcntp gets too big in
line 446. This value is reported to the client.
----------------------------------------------------------
Bug #4860.
Jeremy.
(This used to be commit 42d1c6713a)
Heimdal doesn't accept all OIDs and gss_import_name() fails with
GSS_S_BAD_NAMETYPE using this one. Use the GSS_KRB5_NT_PRINCIPAL_NAME OID
instead (which works with at least MIT 1.6.1 and Heimdal 1.0.1).
Guenther
(This used to be commit f783b32b65)
It did not use inbuf anyway. Outbuf was used for alignment and to the
flags2. The alignment works ok if we align relative to base_data because this
and outbuf are both malloc'ed, and we put send_trans2_replies aligns out_data
properly relative to the start of the outbuf.
I don't know if the explicit align_string() calls in get_lanman2_dir_entry are
really necessary. I think that srvstr_push also does the same.
Please also note that this changes dst_len in srvstr_push from -1 to the real
length remaining.
Volker
(This used to be commit 9b1614f8cb)
This itself won't help much, because send_trans2_replies_new still allocates
the big buffers, but stay tuned :-)
Also add/update my copyright on stuff I recently touched.
Volker
(This used to be commit 248f15ff14)
When starting to convert the individual trans2 subcalls, I need the new
API conventions to be present there. This means that those calls fill in
req->outbuf when there's something to ship
(This used to be commit d9eef977dc)
- with the "GSSAPI" sasl mech the plain, sign or seal negotiation
is independed from the req_flags and ret_flags
- verify the server supports the wrapping type we want
- better handling on negotiated buffer sizes
metze
(This used to be commit d0ec732387)
also for the "GSSAPI" sasl mech.
- also use the ads_kinit_password() fallback logic
from the "GSS-SPNEGO" sasl mech.
metze
(This used to be commit cbaf44de1e)
nt_open_pipe_new() is a copy of nt_open_pipe(). It will stick for a bit
until do_nt_transact_create_pipe is converted as well.
(This used to be commit 247d6baaed)
