summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-11-03Fixed some missing flags and bugs in the security creation.Nadezhda Ivanova1-11/+47
Also, added some logging. It needs improvement, possibly ability to turn in on and off via configuration file.
2009-11-03Fixed a bug in object specific access checks.Nadezhda Ivanova1-2/+4
2009-11-03s3: Remove debug_ctx()Volker Lendecke13-86/+70
smbd just crashed on me: In a debug message I called a routine preparing a string that itself used debug_ctx. The outer routine also used it after the inner routine had returned. It was still referencing the talloc context that the outer debug_ctx() had given us, which the inner DEBUG had already freed.
2009-11-03Added some dn to the info in the log messages.Nadezhda Ivanova1-3/+3
2009-11-03Removed the default DACL from token, as we will not be using it.Nadezhda Ivanova1-1/+0
2009-11-02Convert from numbers to correct SMB_FIND_XX constant names.Jeremy Allison1-8/+12
Jeremy.
2009-11-03s3:registry: add an extra check for dsize==0 to regdb_fetch_keys_internal()Michael Adam1-1/+1
Don't only rely on dptr == NULL. I stumbled over this one when rewriting some of the dbwrap_ctdb code. Michael
2009-11-03s3:registry: add safety check for return value of tdb_unpack to ↵Michael Adam1-0/+4
regdb_fetch_keys_internal() Prevents segfaults in some situations. (For a non existent or empty record, we sometimes rely on the fetch operation to return dsize==0 and sometimes we rely on dptr==NULL.) Michael
2009-11-03s3:dbwrap_ctdb: add debug message to transaction_fetch_start()Michael Adam1-0/+4
for the case that another local process has started a transaction bewteen releasing the transaction_lock record and starting the transaction. Michael
2009-11-03s3:dbwrap_ctdb: split combined check in two and add descriptive debugMichael Adam1-1/+14
in db_ctdb_transaction_fetch_start() for error conditions when re-fetching the transaction_lock record inside the transaction Michael
2009-11-03s3:dbwrap_ctdb: fix race condition with concurrent transactions on the same ↵Michael Adam1-0/+12
node. In ctdb_transaction_commit(), when the trans2_commit control fails, there is a race condition in the 1 second sleep between the local transaction_cancel and the call to ctdb_replay_transaction(): The database is not locked, and neither is the transaction_lock record. So another client can start and possibly complete a new transaction in this gap, but only on the same node: The locking of the transaction_lock record on a different node which involves migration of the record to the other node has been disabled by introduction of the transaction_active flag on the db which closes precisely this gap from the start of the commit until the call to TRANS2_FINISH or TRANS2_ERROR. But this mechanism does not cover the case where a process on the same node tries to start a transaction: There is no obstacle to locking the transaction_lock record because the record does not need to be migrated. This commit closes this race condition in ctdb_transaction_fetch_start() by using the new ctdb_ctrl_transaction_active() call to ask the local ctdb daemon whether it has a transaction running on the database. If so, the check is repeated until the running transaction is done. This does introduce an additional call to the local ctdbd when starting transactions, but it does close the (hopefully) last race condition. Michael
2009-11-03s3:configure: add a check for the new CTDB_CONTROL_TRANS2_ACTIVEMichael Adam1-0/+17
Michael
2009-11-03s3:dbwrap_ctdb: add new db_ctdb_transaction_active() that calls ↵Michael Adam1-0/+21
CTDB_CONTROL_TRANS2_COMMIT Michael
2009-11-03s3:dbwrap_ctdb: fix a race in starting concurrent transactions on a single nodeMichael Adam1-0/+25
There are two races in concurrent transactions on a single node. One in starting a transaction and one with replay during commit. This commit closes the first race by storing the client pid in the transaction-lock record and comparing the stored pid against its own pid after releasing the lock and refetching the record inside the transaction. Michael
2009-11-03s3:dbwrap_ctdb: use db_ctdb_ltdb_fetch() inside db_ctdb_transaction_fetch_startMichael Adam1-6/+4
Michael
2009-11-03s3:dbwrap_ctdb: use db_ctdb_ltdb_fetch() inside db_ctdb_transaction_fetch()Michael Adam1-16/+6
Michael
2009-11-03s3:dbwrap_ctdb: add a function db_ctdb_ltdb_fetch()Michael Adam1-0/+53
This fetches a record from the db and splits out the ctdb header. Michael
2009-11-03s3:dbrwap_ctdb: add a function db_ctdb_ltdb_store()Michael Adam1-27/+39
and use it in db_ctdb_store() and db_ctdb_transaction_store(). Michael
2009-11-03s3:dbwrap_ctdb: reformat a comment slightly to enhance clearness.Michael Adam1-3/+5
Michael
2009-11-02Fix bug 6867 - trans2findnext returns reply_nterror(req, ntstatus) In a ↵Jeremy Allison1-12/+16
directory with a lot of files. Jeremy.
2009-11-02s3: Fix a 100% CPU loop when ctdbd dies during a traverseVolker Lendecke1-0/+1
2009-11-02s3-gencache: restore gencache_get behavior with NULL args (with torture test).Günther Deschner2-4/+13
Without this, we panic in wins_srv_is_dead() and fail to start nmbd with wins support. Volker, please check. Guenther
2009-11-02s3: Make "debug hires timestamp" default to trueVolker Lendecke2-2/+2
It does not cost much and can help a lot when debugging
2009-11-02s4:dsdb Fix up after the MAP_ constants became LDB_MAP_Andrew Bartlett1-13/+13
2009-11-02s4:provision Remove LDB backend files in provisionAndrew Bartlett2-41/+12
Rather than try and remove the records in the LDB files, make the provision remove the whole file. This also removes the need to try and carry forward the old ldb filenames. Andrew Bartlett
2009-11-02s4:provision Split ProvisionBackend out of the main provision scriptAndrew Bartlett3-590/+631
This splits the code, while keeping the original behaviour. The provision.py file had become just too long. Andrew Bartlett
2009-11-02s4:provision Inline 'ldap_backend_shutdown' for clarityAndrew Bartlett1-15/+15
2009-11-02s4:provision Fix samdb test with new provision codeAndrew Bartlett1-3/+12
2009-11-02s4:provision Move 'Schema' into it's own fileAndrew Bartlett5-123/+160
2009-11-02s4:provision Make 'linked_attributes' and 'dnsyntax_attributes' a property ↵Andrew Bartlett1-17/+33
of the Schema
2009-11-02s4:provision Rework provision to always have a ProvisionBackendAndrew Bartlett2-166/+189
Rather than treat the LDAP backend as a special case, treat all backends the same, with different callbacks. Andrew Bartlett
2009-11-02s4 - SID allocation using FDS DNA pluginEndi S. Dewata11-18/+110
2009-11-02s4:dsdb - Removed redundant domain SID filter.Endi S. Dewata1-29/+1
2009-11-02s4:dsdb - Store SID as string in FDS.Endi S. Dewata4-7/+49
2009-11-02s4 - Mapped AD schema to existing FDS schema.Endi S. Dewata5-3/+235
2009-11-02s4:dsdb - Fixed attribute dereferencing for FDSEndi S. Dewata3-20/+126
2009-11-02Remove special case logic in 'samdb_relative_path'.Andrew Bartlett1-3/+0
While this logic (avoiding to prefix a non-filename with a path) is important in the code this was copied from (private_dir()), none of the callers of this function need it. Andrew Bartlett
2009-11-02s4:dsdb Revert back to using DN:filename in the partitions recordAndrew Bartlett2-46/+102
This allows us to change the escaping function without breaking existing installs. The new escaping function (used for new databases) is RFC1738 URI encoding, except for the trivial cases without special characters. The new databases are also placed in a subdirectory, sam.ldb.d per an earlier suggestion by metze. Andrew Bartlett
2009-11-02lib/util Use rfc1738.c from Squid for all our URL encode/decode needs.Andrew Bartlett5-70/+72
Andrew Bartlett
2009-11-02lib/util Add rfc1738 escape/unescape code from SquidAndrew Bartlett1-0/+209
This is intended to replace our rfc1738_unescape(), and give us an rfc1738_escape implementation (and hopefully is better tested and more secure). Andrew Bartlett
2009-11-02s4:credentials Put the 'secrets.keytab' in the same directory as secrets.ldbAndrew Bartlett1-1/+3
This avoids trouble when the secrets.ldb is updated with ldbedit but an smb.conf is not specified. Andrew Bartlett
2009-11-02s4: Create a script for updating a running provision with change introduced ↵Matthieu Patou1-0/+694
since the initial provision
2009-11-02s4:torture/raw/samba3misc - Add "discard_const_p" macro before a stringMatthias Dieter Wallnöfer1-1/+1
2009-11-02s4:ldb Remove debug traces duplicated by the new generic trace codeAndrew Bartlett1-3/+0
2009-11-02s3:ldap: don't search when no values where foundBjörn Jacke1-1/+1
2009-11-01uuid.c: Remove some dead codeVolker Lendecke1-1/+0
2009-10-31s3: Fix the RPC server SUBSYSTEM declarationVolker Lendecke1-1/+1
If I read SMB_SUBSYSTEM right then the 2nd argument needs to be the file where the static_init_rpc (in this case) is defined. This seems to have moved from server.c to process.c. Jelmer, please check! Volker
2009-10-31s3:Makefile: add LIBREPLACE_LIBS for talloc, tdb and wbclientBjörn Jacke1-3/+3
2009-10-31ѕ3:buildsystem: fix depenencies for libreplaceBjörn Jacke2-8/+7
This problem became visible after adding the picky -z defs linker option: On Solaris libreplace had unresolved symbols, which showed up in the libtalloc build. PAM_WINBIND_EXTRA_LIBS and WINBIND_NSS_EXTRA_LIBS had been workarounds to make things work at two placeѕ. These variables have been obsoleted now. This patch introduces LIBREPLACE_LIBS which contans the linker flags needed for linking anything using libreplace.
2009-10-31ѕ3:ldap: search for account policies in objectclass sambaDomain, not *Björn Jacke1-1/+6