1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-14 19:24:43 +03:00

53991 Commits

Author SHA1 Message Date
Volker Lendecke
e2611e2b12 More pdb_ads stuff 2009-06-07 23:14:40 +02:00
Volker Lendecke
bee9fda243 Add tldap_pull_uint32 2009-06-07 23:14:40 +02:00
Jeff Layton
27fcab98e7 mount.cifs: update the mount.cifs manpage
Add a new section entitled FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS
that attempts to cover information about this topic. Change the uid=
and gid= options to refer to that section. Add new varlistentries for
forceuid, forcegid and dynperm.

Also update the information about how the program behaves when installed
as a setuid binary.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-06-07 08:38:25 -04:00
Volker Lendecke
14a2974092 Make "net sam list" work for groups, aliases and builtins 2009-06-07 12:32:29 +02:00
Volker Lendecke
f3b227c0d2 Return full info in pdb_ads_search_users() 2009-06-07 12:32:25 +02:00
Volker Lendecke
83dee900bc Fix syntax of sending a delete request 2009-06-07 11:50:50 +02:00
Volker Lendecke
d8f331778f req_del and req_abandon are ASN1_APPLICATION_SIMPLE
Ok, ASN1_APPLICATION everywhere was too easy :-)
2009-06-07 11:50:48 +02:00
Volker Lendecke
35492ada90 Fix after making tldap independent of ldap.h 2009-06-07 11:29:44 +02:00
Günther Deschner
f5e9e1954c s3-groupdb: fix enum_aliasmem in ldb branch.
It is totally valid to have an alias with no members.

Tridge, please check.

Found by RPC-SAMR torture test.

Guenther
2009-06-07 11:25:21 +02:00
Günther Deschner
fbb1e990ab s3-samr: fix return code of _samr_LookupRids when run with pdb_ldap.
when _samr_LookupRids is called with no rids, it needs to return
NT_STATUS_NONE_MAPPED (not NT_STATUS_NO_MEMORY).

Found by RPC-SAMR torture test.

Guenther
2009-06-07 02:24:21 +02:00
Günther Deschner
a783b1e4da s3-samr: SetGroupInfo level 1 should not return NT_STATUS_INVALID_INFO_CLASS.
Found by RPC-SAMR torture test.

Guenther
2009-06-07 02:24:21 +02:00
Jeff Layton
cc7b62269e mount.cifs: properly check for mount being in fstab when running setuid root (try#3)
This is the third attempt to clean up the checks when a setuid
mount.cifs is run by an unprivileged user. The main difference in this
patch from the last one is that it fixes a bug where the mount might
have failed if unnecessarily if CIFS_LEGACY_SETUID_CHECK was set.

When mount.cifs is installed setuid root and run as an unprivileged
user, it does some checks to limit how the mount is used. It checks that
the mountpoint is owned by the user doing the mount.

These checks however do not match those that /bin/mount does when it is
called by an unprivileged user. When /bin/mount is called by an
unprivileged user to do a mount, it checks that the mount in question is
in /etc/fstab, that it has the "user" option set, etc.

This means that it's currently not possible to set up user mounts the
standard way (by the admin, in /etc/fstab) and simultaneously protect
from an unprivileged user calling mount.cifs directly to mount a share
on any directory that that user owns.

Fix this by making the checks in mount.cifs match those of /bin/mount
itself. This is a necessary step to make mount.cifs safe to be installed
as a setuid binary, but not sufficient. For that, we'd need to give
mount.cifs a proper security audit.

Since some users may be depending on the legacy behavior, this patch
also adds the ability to build mount.cifs with the older behavior.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-06-06 19:46:24 -04:00
Günther Deschner
93e7970647 s3-samr: fix _QueryDisplayInformation r->out.returned_size.
*r->out.returned_size needs to be 0 if nothing was enumerated.

Found by RPC-SAMR torture test.

Guenther
2009-06-07 00:56:04 +02:00
Günther Deschner
c3f1f6cac9 s3-samr: remove total_data_size variable in _samr_QueryDisplayInfo.
Guenther
2009-06-07 00:55:45 +02:00
Günther Deschner
ee059e33d5 s3-samr: let _samr_SetGroupInfo level 3 just pass with success.
Guenther
2009-06-07 00:55:16 +02:00
Günther Deschner
6544264ac1 s3-samr: _samr_EnumDomain{Users,Groups} need to return an emtpy array even for builtin domain.
Found by RPC-SAMR torture test.

Guenther
2009-06-07 00:55:06 +02:00
Günther Deschner
0845db66e0 s4-smbtorture: skip samr MultipleMember alias tests for 3 as well as we do already for s4.
Guenther
2009-06-07 00:54:57 +02:00
Günther Deschner
447fe57584 s3-samr: cosmetic fixes for _samr_QueryDisplayInfo.
use the variables of the struct samr_QueryDisplayInfo directly to make
it easier to track where variables are defined from.

Guenther
2009-06-07 00:53:28 +02:00
Slava Semushin
3f5403220f testsuite/nsswitch/get{gr,pw}ent_r.c(dump_{gr,pw}ent): fixed wrong condition.
When fopen() fails it return NULL, so condition where return value
less than zero never evaluated to truth.

Found by cppcheck.
2009-06-06 22:45:02 +02:00
Slava Semushin
497b9e460b lib/tdb/tools/tdbtorture.c: fixed memory leak.
Found by cppcheck:
[lib/tdb/tools/tdbtorture.c:326]: (error) Memory leak: pids
2009-06-06 22:33:39 +02:00
Karolin Seeger
0fee798552 s3/docs: Fix example.
The 'ldap suffix' is not added automatically to the 'ldap admin dn'.
This fixes bug #5584.
Thanks to Stefan Bauer <stefan.bauer [at] plzk.de> for reporting!

Karolin
2009-06-06 15:59:07 +02:00
Volker Lendecke
afbe383c40 Attempt to fix the build without system-ldap.
I really tried, but I knew I would miss something... :-)
2009-06-06 15:32:30 +02:00
Karolin Seeger
c94d1cd7b1 s3/passdb: Fix debug message: 'net setmaxrid' does not exist.
This is aiming bug #6351.

Karolin
2009-06-06 15:11:16 +02:00
Volker Lendecke
23b501e02a Add an early prototyp of pdb_ads.c.
The purpose of this module is to connect to a locally running samba4 ldap
server for an alternative "Franky" setup. Right now it contains a couple of
gross hacks: For example it just takes the s4-chosed RID directly as uid/gid...

Checking in tldap and pdb_ads now, I think 3777 insertions are enough for a
start...
2009-06-06 13:10:30 +02:00
Volker Lendecke
256b227b27 Allow access as SYSTEM on a privileged ldapi connection
This patch creates ldap_priv/ as a subdirectory under the private dir with the
appropriate permissions to only allow the same access as the privileged winbind
socket allows. Connecting to ldap_priv/ldapi gives SYSTEM access to the ldap
database.
2009-06-06 13:10:30 +02:00
Volker Lendecke
1769c8d81b Add some samba-style tldap utility functions 2009-06-06 13:10:30 +02:00
Volker Lendecke
7194937eea Add the early start of an async ldap library
There's a lot of things this does not do yet: For example it does not parse the
reply blob in the sasl bind, it does not do anything with controls yet, a lot
of the ldap requests are not covered yet. But it provides a basis for me to
play with a pdb_ads passdb module.
2009-06-06 13:10:30 +02:00
Stefan Metzmacher
0e261d0e9c s3:smbd: FSCTL_PIPE_TRANSCEIVE on a none IPC$ share should give NOT_SUPPORTED
metze
2009-06-06 11:01:44 +02:00
Stefan Metzmacher
21ac549e96 s3:smbd: return the same things as Windows 7 for SMB2 Ioctl responses
metze
2009-06-06 11:01:43 +02:00
Volker Lendecke
b4d7607a52 Fix some nonempty blank lines 2009-06-06 10:42:55 +02:00
Volker Lendecke
537b257cca Use data_blob_null instead of data_blob(NULL, 0) 2009-06-06 10:42:55 +02:00
Volker Lendecke
a731eb64d9 Fix an uninitialized variable read in async_connect_send 2009-06-06 10:42:55 +02:00
Volker Lendecke
3cd03b229b Allow AF_UNIX for open_socket_out 2009-06-06 10:42:54 +02:00
Günther Deschner
f19c9147a5 s3-winbindd: add some debug statements while tracking down a bug.
Guenther
2009-06-06 02:00:36 +02:00
Günther Deschner
0bf56f5cb3 nss_wrapper: rename nwrap_cache_{re,un}load as per metzes request.
Guenther
2009-06-06 02:00:36 +02:00
Jeremy Allison
64a1f17aff Make cli_ftruncate async. Also add a simple test.
Jeremy.
2009-06-05 16:06:05 -07:00
Günther Deschner
68a1ef2197 nss_wrapper: add support for loading nss_winbind.so via WINBIND_SO_PATH env.
Guenther
2009-06-06 01:01:25 +02:00
Günther Deschner
a845cb5ed3 nss_wrapper: fill in module nwrap_backend.
Guenther
2009-06-06 00:59:51 +02:00
Günther Deschner
2e78bc7b53 nss_wrapper: add missing return in nwrap_module_init().
Guenther
2009-06-05 23:10:58 +02:00
Günther Deschner
f3aa2a2b73 nss_wrapper: add skeleton for module nwrap_backend.
Guenther
2009-06-05 23:04:14 +02:00
Günther Deschner
6985f3995f nss_wrapper: add capability to load nss modules.
Guenther
2009-06-05 23:04:10 +02:00
Günther Deschner
47b5a55239 nss_wrapper: add struct nwrap_backend.
Guenther
2009-06-05 23:01:05 +02:00
Stefan Metzmacher
4f56d87cc8 s3:smbd: split smbd_smb2_flush() into a tevent_req based _send()/_recv() pair
metze
2009-06-05 21:38:36 +02:00
Stefan Metzmacher
d5e4463266 s3:smbd: split smbd_smb2_create() into a tevent_req based _send()/_recv() pair
metze
2009-06-05 21:09:05 +02:00
Stefan Metzmacher
b25227a177 s3:smbd: fix the build in smb2_ioctl.c
metze
2009-06-05 21:05:40 +02:00
Stefan Metzmacher
140fe782a9 s3:smbd: add support for SMB2 Ioctl FSCTL_DFS_GET_REFERRALS
metze
2009-06-05 20:17:45 +02:00
Stefan Metzmacher
d1db140a73 s3:smbd: add support for STATUS_BUFFER_OVERFLOW to SMB2 Ioctl
metze
2009-06-05 20:17:44 +02:00
Stefan Metzmacher
76acd7bfad s3:smbd: keep the chain_fsp for SMB2 requests
metze
2009-06-05 20:17:43 +02:00
Stefan Metzmacher
ee83d1aead s3:smbd: fix the logic for compounded requests
metze
2009-06-05 20:17:43 +02:00
Stefan Metzmacher
014ee5d0c2 s3:smbd: only setup the dyn iovec if a a dyn blob is given
Otherwise leave the default in there, which takes care of
padding for compounded requests.

metze
2009-06-05 20:17:42 +02:00