1
0
mirror of https://github.com/samba-team/samba.git synced 2025-10-19 23:33:15 +03:00
Commit Graph

410 Commits

Author SHA1 Message Date
Andrew Bartlett
4969f86ac2 r10148: Use samdb_base_dn() to find the local domain.
Andrew Bartlett
2007-10-10 13:38:03 -05:00
Jeremy Allison
26f63973e6 r10138: Fix the mapping table (as tested in smbtorture). EXEC_ACCESS
should map to SEC_RIGHTS_FILE_READ, not READ|WRITE.
Jeremy.
2007-10-10 13:38:02 -05:00
Andrew Tridgell
bf6558b897 r9794: r11627@blu: tridge | 2005-08-30 22:55:27 +1000
fill in correct error code for zero length and too large IPC reads
2007-10-10 13:35:02 -05:00
Jelmer Vernooij
200a8f6652 r9792: Rename StrCaseCmp -> strcasecmp_m. All these years I was thinking
StrCaseCmp was sys_strcasecmp, while it is in fact strcasecmp_m!
2007-10-10 13:35:01 -05:00
Stefan Metzmacher
27ec849718 r9517: fix compiler warning: status.v initialized variable used in line 375
tridge: what should be the correct error code?
        see rev 3239!

metze
2007-10-10 13:34:25 -05:00
Alexander Bokovoy
4b89d7c729 r9478: Fix NTVFS POSIX module to work with EA and blkid after build system changes 2007-10-10 13:34:20 -05:00
Andrew Tridgell
e8260a81cf r9369: an attempt to fix the build on HPUX. This is based on work by Don
McCall, but takes a slightly different approach that I hope will be
more generic
2007-10-10 13:33:28 -05:00
Alexander Bokovoy
127e06492a r9320: Fix premature dereference bug found by Coverty and also get rid of non-used memory context 2007-10-10 13:33:24 -05:00
Stefan Metzmacher
83d65d0d7e r9240: - move struct security_token to the idl file, with this we can
the ndr_pull/push/print functions for it in the ntacl-lsm module

- fix compiler warnings in the ldap_encode_ndr_* code

metze
2007-10-10 13:31:37 -05:00
Andrew Tridgell
dac0be64c7 r9074: cope with a null ntvfs context in disconnect, so the destructor that
runs on a failed ntvfs init works
2007-10-10 13:31:14 -05:00
Andrew Tridgell
c164ee5b19 r9054: removed incorrect paranoia check on opening streams (this caused RAW-STREAMS to fail) 2007-10-10 13:31:12 -05:00
Stefan Metzmacher
51ab751c61 r9031: don't use the global $LIBS variables for posix specific stuff
metze
2007-10-10 13:31:10 -05:00
Andrew Tridgell
dada509f5e r9009: directory not empty is not an error on failure to delete directory in delete on close 2007-10-10 13:31:06 -05:00
Andrew Tridgell
320ab3c93b r9007: fixed error code for setting delete on close on a non-empty directory 2007-10-10 13:31:06 -05:00
Andrew Tridgell
f48abaaaca r8753: fixed directory handling on systems that do not return . and .. as the
first two entries in a directory. This is what caused the FC3 system
shelob in the build farm to fail the RAW-UNLINK and RAW-SEARCH tests.
2007-10-10 13:30:02 -05:00
Andrew Tridgell
2e8d154e7d r8535: no longer rely on seekdir working after a closedir. Instead, keep
directories open, but close search states based on an inactivity
timer, with a default of a 5 minute timeout
2007-10-10 13:29:36 -05:00
Love Hörnquist Åstrand
56fd21c806 r8394: Make sure the argument to ctype is*(3) macros are unsigned char as
required by ISO C99.
2007-10-10 13:20:14 -05:00
Volker Lendecke
2c4fd3ff99 r8258: Release the opendb lock in pvfs_change_create_options.
Volker
2007-10-10 13:19:26 -05:00
Andrew Tridgell
b71fbcf5e2 r8122: more fixes from testing dos error code handling against w2k3 2007-10-10 13:19:11 -05:00
Andrew Tridgell
d77b3820d1 r8120: added in the newly found DOS locking error codes into the pvfs backend 2007-10-10 13:19:11 -05:00
Andrew Tridgell
87cdd11708 r8107: now that we properly separate DOS and NT status codes all the places
that relied on the mapping need to be fixed. The first thing is to get
all the torture tests working against w2k3 again with nt status codes
enabled. The 2nd step will be to make them pass with nt status
disabled.

This starts on the first task, fixing the assumption that
NT_STATUS_INVALID_LOCK_SEQUENCE is a valid substitute for
ERRDOS:ERRbadaccess
2007-10-10 13:19:08 -05:00
Andrew Tridgell
14f51a99bc r8059: fixed handling of delete on close fir directories 2007-10-10 13:19:04 -05:00
Stefan Metzmacher
66d6b1d578 r8036: revert rev 8023/8024 as they have a bugs.
metze
2007-10-10 13:19:01 -05:00
Stefan Metzmacher
078f42bc3f r8024: avoid one memcpy in the ipc_trans dcesrv_output() callback
we now can reference the DATA_BLOB that is used inside the dcesrv subsystem

metze
2007-10-10 13:19:00 -05:00
Stefan Metzmacher
fe483dcd87 r8021: we only need to return STATUS_BUFFER_OVERFLOW for the ipc_trans replies
and not for the ipc_read() replies as here the client explicit says how much data it wants

the write_fn() in dcesrv_output() now returns NTSTATUS

and the ipc specific implementations are moved to the ntvfs_ipc module

metze
2007-10-10 13:19:00 -05:00
Andrew Tridgell
447d5fcc1b r7931: fixed a bug in the cifs backend found with the new test code 2007-10-10 13:18:52 -05:00
Andrew Tridgell
d40bc2fa8d r7860: switch our ldb storage format to use a NDR encoded objectSid. This is
quite a large change as we had lots of code that assumed that
objectSid was a string in S- format.

metze and simo tried to convince me to use NDR format months ago, but
I didn't listen, so its fair that I have the pain of fixing all the
code now :-)

This builds on the ldb_register_samba_handlers() and ldif handlers
code I did earlier this week. There are still three parts of this
conversion I have not finished:

 - the ltdb index records need to use the string form of the objectSid
   (to keep the DNs sane). Until that it done I have disabled indexing on
   objectSid, which is a big performance hit, but allows us to pass
   all our tests while I rejig the indexing system to use a externally
   supplied conversion function

 - I haven't yet put in place the code that allows client to use the
   "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3
   supports this, presumably by looking for the "S-" prefix to
   determine what type of objectSid form is being used by the client. I
   have been working on ways to handle this, but am not happy with
   them yet so they aren't part of this patch

 - I need to change pidl to generate push functions that take a
   "const void *" instead of a "void*" for the data pointer. That will
   fix the couple of new warnings this code generates.

Luckily it many places the conversion to NDR formatted records
actually simplified the code, as it means we no longer need as many
calls to dom_sid_parse_talloc(). In some places it got more complex,
but not many.
2007-10-10 13:18:44 -05:00
Jelmer Vernooij
bf85fdd015 r7850: Support mkdir() with just one parameter. Patch from
Steven Edwards <steven_ed4153@yahoo.com>.

I've moved the Win32-specific tests to win32.m4 so it does not
make any of the POSIX configure stuff more complicated.
2007-10-10 13:18:42 -05:00
Andrew Tridgell
9adacb0d16 r7795: use a share specific allocation rounding 2007-10-10 13:18:37 -05:00
Andrew Tridgell
1f35642bed r7792: make the allocation size rounding in pvfs configurable 2007-10-10 13:18:36 -05:00
Volker Lendecke
da78ed1a4d r7621: Trivial reformatting while trying to understand share modes. Still survives
smbtorture *DENY* .

Volker
2007-10-10 13:18:14 -05:00
Andrew Tridgell
71e281ae2f r7557: trigger a probe at tconx time to see if xattrs are really supported by
the filesystem
2007-10-10 13:18:08 -05:00
Stefan Metzmacher
e27c1ab89b r7488: update the mode in the struct too,
that fixes the RAW-RENAME test

metze
2007-10-10 13:17:59 -05:00
Andrew Tridgell
a4f17fcd92 r7459: fixed pvfs for the RAW-MUX test
when you cancel a lock, w2k3 gives NT_STATUS_FILE_LOCK_CONFLICT not
NT_STATUS_CANCELLED. Strange.
2007-10-10 13:17:55 -05:00
Stefan Metzmacher
c214996391 r7458: don't look at components[-1] :-)
we now survive the RAW-UNLINK test without crashing

metze
2007-10-10 13:17:55 -05:00
Andrew Tridgell
d1c5eb3693 r7361: fixed the 'file becomes a directory' bug that marc kapland found.
Thanks Marc!
2007-10-10 13:17:46 -05:00
Andrew Tridgell
3d589a0995 r7294: implemented the irpc messaging system. This is the core of the
management system I proposed on samba-technical a couple of days
ago. Essentially it is a very lightweight way for any code in Samba to
make IDL based rpc calls to anywhere else in the code, without the
client or server having to go to the trouble of setting up a full rpc
service.

It can be used with any of our existing IDL, but I expect it will
mostly be used for a new set of Samba specific management calls.

The LOCAL-IRPC torture test demonstrates how it can be used by calling
the echo_AddOne() call over this transport.
2007-10-10 13:17:37 -05:00
Alexander Bokovoy
c623cc6054 r6599: Fix formating using 'linux' C style
Fix memory handling for blkid caches which need to be cleared when session is
done.
2007-10-10 13:16:29 -05:00
Alexander Bokovoy
660d6e3915 r6597: Make use of libblkid (part of e2fsprogs) for reporting volume GUID, if possible.
Implement smbclient's 'fsinfo' comand family which allows you to query file
system information in all known levels.
2007-10-10 13:16:29 -05:00
Andrew Tridgell
aa82b105d5 r6580: fixed the bug that caused the truncation of the main file on a stream
open with openx and the 'truncate if exists' flag
2007-10-10 13:16:27 -05:00
Andrew Tridgell
dffeb3c3d4 r6579: improved the handling of lock timeouts and cancels in the pvfs locking
code. On lock cancel don't retry the lock.
2007-10-10 13:16:27 -05:00
Andrew Tridgell
2acc069185 r6342: fixed a bad union assumption that caused ACLs to fail on 64 bit machines
Thanks to lars and agruen for finding this
2007-10-10 13:11:33 -05:00
Richard Sharpe
321fbae512 r6229: Back out these changes ... 2007-10-10 13:11:28 -05:00
Richard Sharpe
3034b22670 r6219: This change allows us to fall back to authenticating without
DCERPC_SCHANNEL_128 if we fail. Thus, it allows us to work with Windows
NT DCs ...
2007-10-10 13:11:27 -05:00
Andrew Bartlett
2301a4b38a r6028: A MAJOR update to intergrate the new credentails system fully with
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.

GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.

In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.

In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).

This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.

The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as.  This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.

To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.

In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module.  The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.

The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there.  This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.

The auth_domain module continues to be developed, but is now just as
functional as auth_winbind.  The changes here are consequential to the
schannel changes.

The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').

Andrew Bartlett
2007-10-10 13:11:15 -05:00
Andrew Bartlett
e13c671619 r5988: Fix the -P option (use machine account credentials) to use the Samba4
secrets system, and not the old system from Samba3.

This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.

In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v().  The vast majority of this patch is the simple
rename that followed,

(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).

Andrew Bartlett
2007-10-10 13:11:12 -05:00
Andrew Bartlett
824289dcc2 r5902: A rather large change...
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.

With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind.  This changes a lot of files, and these will again
be changed when jelmer does the credentials work.

I also correct some schannel IDL to distinguish between workstation
names and account names.  The distinction matters for domain trust
accounts.

Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.

In the schannel DB, we now store both the domain and computername, and
query on both.  This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.

In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.

This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.

The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.

The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests.  This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.

In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL.  This has been re-added, until the underlying pidl issues are
solved.
2007-10-10 13:11:07 -05:00
Andrew Tridgell
439ce2efbf r5666: winxp will use a NTTIME of -1 to mean "don't change" in setfileinfo
basic_info. Add null_nttime() as the equivalent of the existing
null_time() call for cheecking for valid NTTIME values
2007-10-10 13:10:58 -05:00
Stefan Metzmacher
9ec6c0e977 r5501: check the return of talloc with the NT_STATUS_HAVE_NO_MEMORY()
macro...

metze
2007-10-10 13:10:51 -05:00
Stefan Metzmacher
e8b081d5d1 r5500: ntvfs modules that are the final backend needs to set the
dev and fs types

this prevents the main smbsrv code from crashing when someone does a
tree connect on a print share

metze
2007-10-10 13:10:51 -05:00