IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We should only use GSS_C_DELEG_POLICY_FLAG in order to let
the KDC decide if we should send delegated credentials to
a remote server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
This way we can have a very simple get_cmdline_auth_info_creds() function,
which can be used pass cli_credentials down the stack instead of
constantly translating from user_auth_info to cli_credentials, while
loosing information.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 20 04:57:05 CET 2016 on sn-devel-144
All users of POPT_COMMON_CREDENTIALS basically need the same logic,
while some ignore a broken smb.conf and some complain about it.
This will allow the future usage of config options in the
credential post processing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows SMB3 encryption instead of returning NT_STATUS_NOT_SUPPORTED.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Dec 19 13:41:15 CET 2016 on sn-devel-144
This allows SMB3 encryption instead of returning NT_STATUS_NOT_SUPPORTED.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This can be used temporarily to do the required kinit if we use kerberos
and the password has been specified.
In future this should be done in the gensec layer on demand, but there's
more work attached to doing it in the gensec_gse module.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Dec 17 12:58:07 CET 2016 on sn-devel-144
This is now handled by the vfs_gpfs_(f)get_dos_attributes. Getting rid
of this in the stat VFS functions is a huge performance saver. perf
report found that in a kernel copy workload smbd was spending
considerable CPU time in vfs_gpfs_(f|l)stat -> gpfs_get_winattrs.
Most of the time the VFS stat caller is not interested in the btime. The
SMB frontend processing around btime is designed to fetch btime together
with DOS attributes via dos_mode() in all places that need these
attributes. That's the way it is implemented in the default VFS module
and that's what vfs_gpfs now does as well for performance reasons.
This makes vfs_gpfs_fstat a null op and I'm therefor removing it.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
This paves the way for removing btime updates from the stat VFS
functions.
This way we behave like the default VFS module where DOS attributes and
btime are fetched from the same backing store and the frontend is
designed around using dos_mode() -> SMB_VFS_GET_ATTRIBUTES to update
both attributes as necessary in the SMB processing.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
autorid_global_config is a fixed small structure that can be stack-allocated.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Dec 16 21:30:28 CET 2016 on sn-devel-144
Here we are in a transaction to create a range, but we already found
one to exist. We need to return the information about this range to the
caller, just as we do when actually allocating the range. This does not
hit us with current code, as we just have one idmap child. However, if
we parallelize that, two children might have found a domain to not exist
and call idmap_autorid_acquire_range simultaneously. One will create
the range, the other one will find it to already exist. The second child
will also have to pass the info up.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
idmap_autorid_get_domainrange is reading again for an existing mapping. We
know we need to allocate here, so avoid passing down that r/o boolean :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The tdc cache is not reliable. The main dynamic check is
netsamlogon_cache_have: The only reliable way to see a domain as valid
for allocating a range for is a successful login. With a recent addition
to netsamlogon_cache_store, we can now reliably tell from there whether
a domain is trusted.
This also adds a few heuristic checks, such as allocation for the local
domains and additional ranges where we already have a mapping for range
index 0 for.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
If autorid.tdb already has a mapping for a domain range, we can just
return that. Even if the volatile tdc cache at this point does not have
the domain, we should return a correct mapping.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Simplification -- from the callers perspective looks like a complex
routine which it is not
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Simplification -- from the callers perspective looks like a complex
routine which it is not
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We should only allow '#' as a sid/range-number separator in autorid.tdb.
The logic might be a bit clumsy. But the switch statement with failure
fall thru was the clearest I could come up with.
Signed-off-by: Volker Lendecke <vl@samba.org>
A non-null terminated record would make string_to_sid read beyond the
end of allocated data.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is no longer just a user, we can also check for domains
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This will be used by autorid and possibly others instead of the tdc
cache. The only reliable way to find a domain to be trusted is via a
successful login. We indicate successful login via a netsamlogon_cache.tdb
entry. This patch also adds the user's domain sid with an entry, so we
can check for that existence without traversing the cache.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We're interested in existence only, we should be able to trust the data
format consistency for this type of query.
netsamlogon_cache_get calls netsamlogon_cache_init for us, now we have
to do it directly.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Fix a memory leak in out-of-memory condition
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 13 22:30:44 CET 2016 on sn-devel-144
Needs to be done even on success (cli_is_error() checks if
cli->raw_status was NT_STATUS_OK).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12468
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
This prevents renaming a file over an existing one with SMB2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12468
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Unfortunately this is a larger patch. Doing it in small pieces would
have been pretty difficult, as everybody calls everybody else.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>