| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Patch from Jeremy.
With this patch, I was able to join Windows 7 RC to a Samba3 DC, and login into a
Samba 3 Domain.
There are still two registry settings required:
HKLM\System\CCS\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
Do *not* modify the other netlogon registry parameters that were passed around,
they weaken security.
Guenther
(cherry picked from commit b5097d54cb74ca0ea328f9e029562f65f4a01134)
|
|
ensure they're attached to the state structure. Thanks to Metze
for pointing this out.
Jeremy.
|
|
|
|
|
|
|
|
|
|
info1.
Guenther
|
|
|
|
Guenther
|
|
Found by SCHANNEL torture tests.
Guenther
|
|
Samba3.
Guenther
|
|
behaviour against Samba 3.
Guenther
|
|
|
|
metze
|
|
Jeremy.
|
|
ultimately need to fix bug #6099 Samba returns incurrate capabilities list.
1). Add a comment to point out that r->in.negotiate_flags is an aliased pointer to
r->out.negotiate_flags.
2). Ensure we return NETLOGON_NEG_STRONG_KEYS in our flags
return if the client requested it.
3). Clean up the error exits so we always return the same
way.
Signed off by Guenther.
Jeremy.
|
|
Jeremy.
|
|
joining Samba3) and probably many, many more.
Jeremy, with 9a5d5cc1db0ee60486f932e34cd7961b90c70a56 you alter the in negotiate
flags (which are a pointer to the out negotiate flags assigned in the generated
netlogon server code). So, while you wanted to just set the *out* negflags, you
did in fact reset the *in* negflags, effectively eliminating the
NETLOGON_NEG_STRONG_KEYS bit (formerly known as NETLOGON_NEG_128BIT) which then
caused creds_server_init() to generate 64bit creds instead of 128bit, causing
the whole chain to break. *Please* check.
Guenther
|
|
stylesheets if they are installed.
|
|
Karolin
|
|
Guenther
|
|
Guenther
|
|
|
|
Guenther
|
|
(key_driver_fetch_keys).
Guenther
|
|
Guenther
|
|
Jeremy.
|
|
This keeps the "browseable" and "browsable" aliases together.
|
|
Michael
|
|
|
|
Often times before creating a file, a client will first query to see
if it already exists. Since some systems have a case-insensitive stat
that is called from unix_convert, we can definitively return
STATUS_NO_SUCH_FILE to the client without scanning the whole
directory.
This code path is taken from trans2querypathinfo, but trans2findfirst
still does a full directory scan even though the get_real_filename
(the case-insensitive stat vfs call) can prevent this.
This patch adds the get_real_filename call to the trans2find* path,
and also changes the vfs_default behavior for
SMB_VFS_GET_REAL_FILENAME. Previously, in the absence of a
get_real_filename implementation, we would fallback to the full
directory scan. The default behavior now returns -1 and sets errno to
EOPNOTSUPP. This allows SMB_VFS_GET_REALFILENAME to be called from
trans2* and unix_convert.
|
|
Jeremy.
|
|
|
|
Addendum to c49730e1. Use newer cookie conversion names.
|
|
|
|
context.
Guenther
|
|
talloc_free on malloced memory.
Guenther
|
|
Guenther
|
|
Michael
|
|
|
|
Patch from Blindauer Emmanuel <samba@mooby.net>.
Guenther
|
|
Jeremy.
|
|
Jeremy.
|
|
This bug prompted several, fairly large changes to the of OneFS's
readdirplus() within Samba.
One fundamental problem is that we kept our cache cursor pointed at the
next entry to be returned from onefs_readdir(), while the resume cookie
needed to refill the cache such that our cursor would be on this entry,
was located in the previous cache entry. This meant that to correctly handle
seekdir() cases which could be found within the existing cache, and cases
where a cache reload was needed, required that the cache always hold
at least two entries: the entry we wished to return, and the previous entry
which held the resume cookie. Since the readdirplus() syscall gives us no
guarantee that it will always return these two direntries, there was a
fundamental problem with this design.
To fix this problem, I have rearchitected the onefs_readdir() path to keep
its pointer on the entry which contains the resume_cookie, not the entry
which will be returned next. Essentially, I changed onefs_readdir() from a
"return an entry then increment the cursor" model to "increment the cursor
then return an entry". By doing this, we only require that a single entry
be within the cache: the entry containing the resume cookie.
Second, there have been numerous off-by-one bugs in my implementation of
onefs_seekdir() which did a mapping between the 64-bit resume cookie
returned by readdirplus() and its own monotonically increasing "location"
offset. Furthermore, this design caused a somewhat frequent waste of
cycles, as in some cases we'd need to re-enumerate the entire directory to
recover the current "location" from an old resume cookie. As this code was
somewhat difficult to understand, prone to bugs, and innefficient in some
cases I decided it was better to wholesale replace it now, rather than later.
It is possible to algorithmically map the 64-bit resume cookies from
readdirplus() into 32-bit offset values which SMB requires. The onefs.so
module now calls into a system library to do this conversion. This greatly
simplifies both the seekdir() and telldir() paths and is more efficient.
|
|
|
|
|
|
Jeremy.
|
|
event.
Shows that doing a tdis with invalid uid succeeds.
Jeremy.
|
|
|
|
|
