summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-05-22s3:smbd: SMB2 session ids are 64bit...Stefan Metzmacher2-3/+3
We only grand ids up to 0x0000000000FFFFFF, because that's what our idtree implementation can handle. But also 16777215 sessions on one tcp connection should be enough:-) metze
2009-05-22tsocket: allow empty vectors at the end for tstream_writev()/readv()Stefan Metzmacher1-0/+26
metze
2009-05-22s3:winbind:idmap_ldap: fix a crash bug in idmap_ldap_unixids_to_sids (#6387)Michael Adam1-1/+1
This fixes a crash bug hit when multiple mappings were found by the ldap search. This crash was caused by an ldap asssertion in ldap_next_entry because was set to NULL in each iteration. The corresponding fix was applied to the idmap_ldap_sids_to_unixids() by Jerry in 2007 (b066668b74768d9ed547f16bf7b6ba6aea5df20a). This fixes the crash part of bug #6387. There is a logic part, too: The problem currently only occurs when multiple mappings are found for one given unixid. Now winbindd does not crash any more but it does not correctly handle this situation. It just returns the last mapping from the ldap search results. This needs fixing. Michael
2009-05-22s3:smbd: implement SMB2 LogoffStefan Metzmacher3-1/+47
metze
2009-05-21Don't steal when we know the ptr will be null. Thanks to Simo forJeremy Allison1-2/+1
pointing this out. Jeremy.
2009-05-21Revert the last two commits (fix for #6386). The actual problemJeremy Allison1-7/+9
was a bug in ldb in 3.2 which could return a freed pointer on ret != LDAP_SUCCESS. The main thing we must ensure is that we never talloc_steal until we know LDAP_SUCCESS was returned. Jeremy.
2009-05-21Ensure all possible uses of indirection through res are checked afterJeremy Allison1-6/+6
an ldb_search. Jeremy.
2009-05-21Attempt to fix bug #6386 - Samba Panic triggered by Sophos Control Centre.Jeremy Allison1-1/+1
Don't indirect a potentially null pointer. Jeremy.
2009-05-21Detect tight loop in tdb_find()Jim McDonough1-0/+5
2009-05-21s3 torture: Fix warningTim Prouty1-1/+1
2009-05-21s3 onefs: Fix invalid argument from the unix_convert smb_filename struct patchTim Prouty1-1/+1
2009-05-21s3:smbd: we want to get the next command offset and not set it...Stefan Metzmacher1-1/+1
This should also fix the build on some hosts. metze
2009-05-21s3-build: fix the build of ntlm_auth. Bo Yang, please check.Günther Deschner1-1/+1
Guenther
2009-05-21s4-selftest: adding RPC-SAMR-USERS-PRIVILEGES to knownfail list.Günther Deschner1-0/+1
Samba4 cannot pass this test currently as in Samba4 (unlike Samba3) the LSA and SAMR account are stored in the same db. Once you delete a SAMR user the LSA privilege account is deleted at the same time (which is wrong). Guenther
2009-05-22s3: ignore EPIPE error when winbind finally writes to wb client because ↵Bo Yang1-2/+8
client might have already closed the socket Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-22s3: Fix onlinestatus msg to return status of all domain instead of omitting ↵Bo Yang1-78/+51
trusted domains Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-22s3: set winbindd request flags in ntlm_auth to make it contact trusted ↵Bo Yang3-2/+58
domain when krb5 auth is enabled Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-22s3: Fix request flags in wbinfo when perform krb5 authenticationBo Yang1-1/+2
Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-20Make cli_posix_open() and cli_posix_mkdir() async.Jeremy Allison4-75/+243
Jeremy.
2009-05-20s3: Change unix_convert (and its callers) to use struct smb_filenameTim Prouty10-383/+588
This is the first of a series of patches that change path based operations to operate on a struct smb_filename instead of a char *. This same concept already exists in source4. My goals for this series of patches are to eventually: 1) Solve the stream vs. posix filename that contains a colon ambiguity that currently exists. 2) Make unix_convert the only function that parses the stream name. 3) Clean up the unix_convert API. 4) Change all path based vfs operation to take a struct smb_filename. 5) Make is_ntfs_stream_name() a constant operation that can simply check the state of struct smb_filename rather than re-parse the filename. 6) Eliminate the need for split_ntfs_stream_name() to exist. My strategy is to start from the inside at unix_convert() and work my way out through the vfs layer, call by call. This first patch does just that, by changing unix_convert and all of its callers to operate on struct smb_filename. Since this is such a large change, I plan on pushing the patches in phases, where each phase keeps full compatibility and passes make test. The API of unix_convert has been simplified from: NTSTATUS unix_convert(TALLOC_CTX *ctx, connection_struct *conn, const char *orig_path, bool allow_wcard_last_component, char **pp_conv_path, char **pp_saved_last_component, SMB_STRUCT_STAT *pst) to: NTSTATUS unix_convert(TALLOC_CTX *ctx, connection_struct *conn, const char *orig_path, struct smb_filename *smb_fname, uint32_t ucf_flags) Currently the smb_filename struct looks like: struct smb_filename { char *base_name; char *stream_name; char *original_lcomp; SMB_STRUCT_STAT st; }; One key point here is the decision to break up the base_name and stream_name. I have introduced a helper function called get_full_smb_filename() that takes an smb_filename struct and allocates the full_name. I changed the callers of unix_convert() to subsequently call get_full_smb_filename() for the time being, but I plan to eventually eliminate get_full_smb_filename().
2009-05-20s3:smbd: check the incoming session id for SMB2 requestsStefan Metzmacher3-2/+98
metze
2009-05-20s3:smbd: implement SMB2 Session Setup with raw NTLMSSPStefan Metzmacher4-1/+221
metze
2009-05-20s3:smbd: for now indicate raw NTLMSSP in the SMB2 Negotiate responseStefan Metzmacher1-0/+3
metze
2009-05-20s3:smbd: move the callback functions of smbd_smb2_request_reply() closer itselfStefan Metzmacher1-42/+42
metze
2009-05-20s3:smbd: add smbd_smb2_request_done_ex()Stefan Metzmacher2-5/+16
Some times we have to return a non-error response with status != NT_STATUS_OK. metze
2009-05-20s3:smbd: fix initialized memory in SMB2 responsesStefan Metzmacher1-4/+4
MESSAGE_ID and SESSION_ID are both 64bit. metze
2009-05-20Add a security model to LSA. Similar to the SAMR code - usingJeremy Allison1-88/+227
the MS-LSA docs. Jeremy.
2009-05-20s4:libcli/smb2: fix session setup with raw NTLMSSPStefan Metzmacher1-13/+17
metze
2009-05-20s4:libcli/smb2: use raw ntlmssp if the server didn't provide a sec blobStefan Metzmacher1-1/+8
metze
2009-05-20s4:libcli/smb2: fill in transport->negotiate.secblob with the correct dataStefan Metzmacher1-0/+2
metze
2009-05-20Use SMB_VFS_NEXT_CLOSE. This VFS stuff is really opaque to me...Volker Lendecke1-5/+1
Thanks Michael to provide some transparency :-)
2009-05-20s3:smbd: add support for SMB2 Keepalive (SMB2 Echo)Stefan Metzmacher4-0/+93
metze
2009-05-20s3:smbd: allow SMB 2.002 dialect in SMB1 negprotStefan Metzmacher3-0/+38
We create a dummy SMB2 Negotiate inbuf and pass the connection to the SMB2 engine. metze
2009-05-20s3:smbd: add support for SMB2 NegotiateStefan Metzmacher4-1/+132
This is not complete, but a start that makes the samba4 smb2 client happy. metze
2009-05-20s3:smbd: make negprot_spnego() non staticStefan Metzmacher2-1/+3
metze
2009-05-20s3:smbd: add infrastructure for SMB2 supportStefan Metzmacher4-0/+1050
This is disabled by default and activated by "max protocol = SMB2". metze
2009-05-20s3:param: add PROTOCOL_SMB2Stefan Metzmacher2-1/+10
metze
2009-05-20SMB2-LOCK: let the test pass against samba4Stefan Metzmacher1-1/+7
metze
2009-05-20Fix bug disclosed by lock8 torture testVolker Lendecke1-0/+17
We have to drop the gpfs level share modes, regardless of whether we put the file into the pending close queue.
2009-05-20Demonstrate a bug we have when dealing with real os-level share modesVolker Lendecke1-0/+75
Another one of those where you stare at logfiles for hours, and when you found it, it's absolutely obvious what is happening...
2009-05-20s4: try to fix privileges implementation in order to pass the ↵Günther Deschner3-3/+10
RPC-SAMR-USERS-PRIVILEGES test. Guenther
2009-05-20Have ntvfs_connect() accept union smb_tcon *tcon instead of char* sharenameSam Liddicott14-47/+202
This change brings ntvfs_connect into compliance with other ntvfs functions which take an ntvfs module, an ntvfs request and an smb io union. It now becomes the responsibility of ntvfs modules to examine tcon->generic.level themselves and derive the share name and any other options directly; e.g. const char *sharename; switch (tcon->generic.level) { case RAW_TCON_TCON: sharename = tcon->tcon.in.service; break; case RAW_TCON_TCONX: sharename = tcon->tconx.in.path; break; case RAW_TCON_SMB2: default: return NT_STATUS_INVALID_LEVEL; } if (strncmp(sharename, "\\\\", 2) == 0) { char *p = strchr(sharename+2, '\\'); if (p) { sharename = p + 1; } } service.c smbsrv_tcon_backend() is called before ntvfs_connect and fills in some of the tcon->..out values. For the case of RAW_TCON_TCONX, it filles out tcon->tconx.out.tid and tcon->tconx.out.options For the case of RAW_TCON_TCON it fills out tcon->tcon.out.tid and tcon->tcon.out.max_xmit Thus the ntvfs_connect function for vfs modules may override these values if desired, but are not required to. ntvfs_connect functions are required to fill in the tcon->tconx.out.*_type fields, for RAW_TCON_TCONX, perhaps something like: if (tcon->generic.level == RAW_TCON_TCONX) { tcon->tconx.out.fs_type = ntvfs->ctx->fs_type; tcon->tconx.out.dev_type = ntvfs->ctx->dev_type; } Signed-off-by: Sam Liddicott <sam@liddicott.com> (I fixed the ntvfs_connect() in the smb_server/smb2/ and the RAW_TCON_SMB2 switch case in the modules) Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-05-20s3-selftest: add add and delete group scripts using nss_wrapper.Günther Deschner2-0/+4
Guenther
2009-05-20nsswrapper: implement group_del() in nss_wrapper.pl.Günther Deschner1-1/+22
Guenther
2009-05-20nsswrapper: implement group_add() in nss_wrapper.pl.Günther Deschner1-4/+105
Guenther
2009-05-20s4:smb_server: initialy read the first 4 bytes onlySam Liddicott1-0/+1
Stop packet_recv getting greedy and reading the whole socket and then dispatching te extra packets in a timer loop Signed-off-by: Sam Liddicott <sam@liddicott.com> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-05-20s4:libcli/raw: initialy read the first 4 bytes onlyStefan Metzmacher1-0/+1
metze
2009-05-20Do not do a merged build without shared libsVolker Lendecke1-0/+1
Jelmer, you might want to take a look at Andrew B's problem with --enable-developer --disable-shared --disable-shared-libs
2009-05-20Only build the krb5 locator when building shared libsVolker Lendecke1-1/+3
2009-05-19Set errno=ENOMEM if tevent_add_fd failsVolker Lendecke1-0/+4
tevent_add_fd does not properly set that. At least in epoll and select this is the only error condition. Metze, please check!