| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This patch is relevant for Samba4 source mostly. The way, how readline
compiled under FreeBSD makes it require stdio.h to get all the necessary
declarations. Without this addition rl_event_hook is not properly detected.
With regards,
Timur Bakeyev.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
We now pass it :-)
Guenther
|
|
alias enumeration in NSS is not done properly done atm and needs to be fixed.
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting!
|
|
|
|
Thanks to TAKAHASHI Motonobu <monyo@samba.gr.jp> for reporting!
|
|
This hopefully fixes the build on IRIX.
metze
|
|
metze
|
|
metze
|
|
Please update this file with things you have worked on, if you want
them to be mentioned in the release.
Andrew Bartlett
|
|
|
|
|
|
|
|
Add a new section entitled FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS
that attempts to cover information about this topic. Change the uid=
and gid= options to refer to that section. Add new varlistentries for
forceuid, forcegid and dynperm.
Also update the information about how the program behaves when installed
as a setuid binary.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
|
|
|
|
|
|
Ok, ASN1_APPLICATION everywhere was too easy :-)
|
|
|
|
It is totally valid to have an alias with no members.
Tridge, please check.
Found by RPC-SAMR torture test.
Guenther
|
|
when _samr_LookupRids is called with no rids, it needs to return
NT_STATUS_NONE_MAPPED (not NT_STATUS_NO_MEMORY).
Found by RPC-SAMR torture test.
Guenther
|
|
Found by RPC-SAMR torture test.
Guenther
|
|
(try#3)
This is the third attempt to clean up the checks when a setuid
mount.cifs is run by an unprivileged user. The main difference in this
patch from the last one is that it fixes a bug where the mount might
have failed if unnecessarily if CIFS_LEGACY_SETUID_CHECK was set.
When mount.cifs is installed setuid root and run as an unprivileged
user, it does some checks to limit how the mount is used. It checks that
the mountpoint is owned by the user doing the mount.
These checks however do not match those that /bin/mount does when it is
called by an unprivileged user. When /bin/mount is called by an
unprivileged user to do a mount, it checks that the mount in question is
in /etc/fstab, that it has the "user" option set, etc.
This means that it's currently not possible to set up user mounts the
standard way (by the admin, in /etc/fstab) and simultaneously protect
from an unprivileged user calling mount.cifs directly to mount a share
on any directory that that user owns.
Fix this by making the checks in mount.cifs match those of /bin/mount
itself. This is a necessary step to make mount.cifs safe to be installed
as a setuid binary, but not sufficient. For that, we'd need to give
mount.cifs a proper security audit.
Since some users may be depending on the legacy behavior, this patch
also adds the ability to build mount.cifs with the older behavior.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
*r->out.returned_size needs to be 0 if nothing was enumerated.
Found by RPC-SAMR torture test.
Guenther
|
|
Guenther
|
|
Guenther
|
|
for builtin domain.
Found by RPC-SAMR torture test.
Guenther
|
|
already for s4.
Guenther
|
|
use the variables of the struct samr_QueryDisplayInfo directly to make
it easier to track where variables are defined from.
Guenther
|
|
When fopen() fails it return NULL, so condition where return value
less than zero never evaluated to truth.
Found by cppcheck.
|
|
Found by cppcheck:
[lib/tdb/tools/tdbtorture.c:326]: (error) Memory leak: pids
|
|
The 'ldap suffix' is not added automatically to the 'ldap admin dn'.
This fixes bug #5584.
Thanks to Stefan Bauer <stefan.bauer [at] plzk.de> for reporting!
Karolin
|
|
I really tried, but I knew I would miss something... :-)
|
|
This is aiming bug #6351.
Karolin
|
|
The purpose of this module is to connect to a locally running samba4 ldap
server for an alternative "Franky" setup. Right now it contains a couple of
gross hacks: For example it just takes the s4-chosed RID directly as uid/gid...
Checking in tldap and pdb_ads now, I think 3777 insertions are enough for a
start...
|
|
This patch creates ldap_priv/ as a subdirectory under the private dir with the
appropriate permissions to only allow the same access as the privileged winbind
socket allows. Connecting to ldap_priv/ldapi gives SYSTEM access to the ldap
database.
|
|
|
|
There's a lot of things this does not do yet: For example it does not parse the
reply blob in the sasl bind, it does not do anything with controls yet, a lot
of the ldap requests are not covered yet. But it provides a basis for me to
play with a pdb_ads passdb module.
|
|
metze
|
|
metze
|
|
|
|
|
|
|
