summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-05-25s3:winbind:idmap_ldap: warn about duplicate SID->XID mappings (bug #6387)Michael Adam1-2/+11
With the current infrastructure, we should not return error on duplicate mappings but just warn instead (because an error would trigger the attempt to create yet another mapping). Michael
2009-05-25s3:winbind:idmap_ldap: warn about duplicate XID->SID mappings (bug #6387)Michael Adam1-0/+8
With the current infrastructure, we should not return error on duplicate mappings but just warn instead (because an error would trigger the attempt to create yet another mapping). Michael
2009-05-25s3-samr: Fix Bug #6372, usermanager only displaying 1024 groups and aliases.Günther Deschner1-0/+12
This is now also verified with the RPC-SAMR-LARGE-DC test. Guenther
2009-05-25s3-selftest: enable RPC-SAMR-LARGE-DC against Samba3.Günther Deschner1-1/+1
This will fail for alias creation as nss_wrapper does not yet wrap around libnss_winbind. Guenther
2009-05-25s4-smbtorture: add RPC-SAMR-LARGE-DC test.Günther Deschner2-1/+332
This rather simple test creates 4500 objects on a domain controller and checks the enum calls for the correct number of results. Guenther
2009-05-25s4-smbtorture: rename test_EnumDomain{Users,Groups,Aliases} in RPC-SAMR.Günther Deschner1-11/+12
Guenther
2009-05-25s4-smbtorture: re-work test_Create{User,Group,Alias} a little.Günther Deschner1-14/+38
Guenther
2009-05-25s3-pamsmbpass: copy _pam_get_item and _pam_get_data from pam_winbind.Günther Deschner4-15/+42
Guenther
2009-05-25s3-rpcclient: use get_domain_handle() fn in enum domain users & groups.Günther Deschner1-12/+10
Guenther
2009-05-25Attempt to fix a debian build problemVolker Lendecke1-1/+1
2009-05-25s3/docs: Fix typos.Karolin Seeger1-4/+4
Thanks to Oota Toshiya <t-oota at dh.jp.nec.com> for reporting! Karolin
2009-05-25fixed interpretation of ACB_PWNOTREQAndrew Tridgell2-15/+6
This bit actually means that we should ignore the minimum password length field for this user. It doesn't mean that the password should be seen as empty
2009-05-25fixed the client side password change codeAndrew Tridgell1-61/+25
The client side code was not falling back to older routines correctly as it didn't check for the operation range error appropriately. It also used the old rpc semantics.
2009-05-25cope with lanman auth being disabled in old password change codeAndrew Tridgell1-8/+15
When lanman auth is disabled and a user calls a password change method that requires it we should give NT_STATUS_NOT_SUPPORTED
2009-05-24TALLOC_FREE happily lives with a NULL ptr. Tim, please check!Volker Lendecke3-48/+16
Thanks, Volker
2009-05-24Fix a race condition in winbind leading to a panicVolker Lendecke1-0/+1
In winbind, we do multiple events in one select round. This needs fixing, but as long as we're still using it, for efficiency reasons we need to do that. What can happen is the following: We have outgoing data pending for a client, thus state->fd_event.flags == EVENT_FD_WRITE Now a new client comes in, we go through the list of clients to find an idle one. The detection for idle clients in remove_idle_client does not take the pending data into account. We close the socket that has pending outgoing data, the accept(2) one syscall later gives us the same socket. In new_connection(), we do a setup_async_read, setting up a read fde. The select from before however had found the socket (that we had already closed!!) to be writable. In rw_callback we only want to see a readable flag, and we panic in the SMB_ASSERT(flags == EVENT_FD_READ). Found using bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient Volker
2009-05-24use epoll for local-wbclient testVolker Lendecke1-1/+1
2009-05-24Don't limit the number of retries in wb_trans.Volker Lendecke1-8/+0
This is better done with a tevent_req_set_endtime the caller should issue.
2009-05-24Don't set a timeout deep inside wb_connectVolker Lendecke1-5/+0
2009-05-24Change async_connect to use connect instead of getsockopt to get the errorVolker Lendecke1-14/+24
On my Linux box, this is definitely the more reliable strategy with unix domain sockets, and according to my tests it also works correctly with TCP sockets.
2009-05-24Do queueing in wbclient.cVolker Lendecke2-46/+59
The _trigger fn must know about wbc_context, while we were waiting in the queue the fd might have changed
2009-05-24Fix closed_fd(): select returning 0 means no fd listeningVolker Lendecke1-4/+7
2009-05-24Fix wb_simple_trans queueingVolker Lendecke1-16/+3
2009-05-24Add "err_on_readability" to writev_sendVolker Lendecke5-7/+19
A socket where the other side has closed only becomes readable. To catch errors early when sitting in a pure writev, we need to also test for readability.
2009-05-24Allow NULL queue to writev_sendVolker Lendecke1-6/+16
2009-05-22Ensure we return NT_STATUS_FILE_IS_A_DIRECTORY on a posix open on aJeremy Allison1-1/+1
directory name. Jeremy.
2009-05-22Test that POSIX open of a directory returns NT_STATUS_FILE_IS_A_DIRECTORY ↵Jeremy Allison1-1/+12
(ERRDOS, EISDIR). Jeremy.
2009-05-22s3:smbd: implement SMB2 Tree DisconnectStefan Metzmacher3-1/+38
metze
2009-05-22s3:smbd: implement SMB2 Tree ConnectStefan Metzmacher5-2/+286
For now this only checks if the share is present or not. metze
2009-05-22s3:smbd: SMB2 session ids are 64bit...Stefan Metzmacher2-3/+3
We only grand ids up to 0x0000000000FFFFFF, because that's what our idtree implementation can handle. But also 16777215 sessions on one tcp connection should be enough:-) metze
2009-05-22tsocket: allow empty vectors at the end for tstream_writev()/readv()Stefan Metzmacher1-0/+26
metze
2009-05-22s3:winbind:idmap_ldap: fix a crash bug in idmap_ldap_unixids_to_sids (#6387)Michael Adam1-1/+1
This fixes a crash bug hit when multiple mappings were found by the ldap search. This crash was caused by an ldap asssertion in ldap_next_entry because was set to NULL in each iteration. The corresponding fix was applied to the idmap_ldap_sids_to_unixids() by Jerry in 2007 (b066668b74768d9ed547f16bf7b6ba6aea5df20a). This fixes the crash part of bug #6387. There is a logic part, too: The problem currently only occurs when multiple mappings are found for one given unixid. Now winbindd does not crash any more but it does not correctly handle this situation. It just returns the last mapping from the ldap search results. This needs fixing. Michael
2009-05-22s3:smbd: implement SMB2 LogoffStefan Metzmacher3-1/+47
metze
2009-05-21Don't steal when we know the ptr will be null. Thanks to Simo forJeremy Allison1-2/+1
pointing this out. Jeremy.
2009-05-21Revert the last two commits (fix for #6386). The actual problemJeremy Allison1-7/+9
was a bug in ldb in 3.2 which could return a freed pointer on ret != LDAP_SUCCESS. The main thing we must ensure is that we never talloc_steal until we know LDAP_SUCCESS was returned. Jeremy.
2009-05-21Ensure all possible uses of indirection through res are checked afterJeremy Allison1-6/+6
an ldb_search. Jeremy.
2009-05-21Attempt to fix bug #6386 - Samba Panic triggered by Sophos Control Centre.Jeremy Allison1-1/+1
Don't indirect a potentially null pointer. Jeremy.
2009-05-21Detect tight loop in tdb_find()Jim McDonough1-0/+5
2009-05-21s3 torture: Fix warningTim Prouty1-1/+1
2009-05-21s3 onefs: Fix invalid argument from the unix_convert smb_filename struct patchTim Prouty1-1/+1
2009-05-21s3:smbd: we want to get the next command offset and not set it...Stefan Metzmacher1-1/+1
This should also fix the build on some hosts. metze
2009-05-21s3-build: fix the build of ntlm_auth. Bo Yang, please check.Günther Deschner1-1/+1
Guenther
2009-05-21s4-selftest: adding RPC-SAMR-USERS-PRIVILEGES to knownfail list.Günther Deschner1-0/+1
Samba4 cannot pass this test currently as in Samba4 (unlike Samba3) the LSA and SAMR account are stored in the same db. Once you delete a SAMR user the LSA privilege account is deleted at the same time (which is wrong). Guenther
2009-05-22s3: ignore EPIPE error when winbind finally writes to wb client because ↵Bo Yang1-2/+8
client might have already closed the socket Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-22s3: Fix onlinestatus msg to return status of all domain instead of omitting ↵Bo Yang1-78/+51
trusted domains Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-22s3: set winbindd request flags in ntlm_auth to make it contact trusted ↵Bo Yang3-2/+58
domain when krb5 auth is enabled Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-22s3: Fix request flags in wbinfo when perform krb5 authenticationBo Yang1-1/+2
Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-20Make cli_posix_open() and cli_posix_mkdir() async.Jeremy Allison4-75/+243
Jeremy.
2009-05-20s3: Change unix_convert (and its callers) to use struct smb_filenameTim Prouty10-383/+588
This is the first of a series of patches that change path based operations to operate on a struct smb_filename instead of a char *. This same concept already exists in source4. My goals for this series of patches are to eventually: 1) Solve the stream vs. posix filename that contains a colon ambiguity that currently exists. 2) Make unix_convert the only function that parses the stream name. 3) Clean up the unix_convert API. 4) Change all path based vfs operation to take a struct smb_filename. 5) Make is_ntfs_stream_name() a constant operation that can simply check the state of struct smb_filename rather than re-parse the filename. 6) Eliminate the need for split_ntfs_stream_name() to exist. My strategy is to start from the inside at unix_convert() and work my way out through the vfs layer, call by call. This first patch does just that, by changing unix_convert and all of its callers to operate on struct smb_filename. Since this is such a large change, I plan on pushing the patches in phases, where each phase keeps full compatibility and passes make test. The API of unix_convert has been simplified from: NTSTATUS unix_convert(TALLOC_CTX *ctx, connection_struct *conn, const char *orig_path, bool allow_wcard_last_component, char **pp_conv_path, char **pp_saved_last_component, SMB_STRUCT_STAT *pst) to: NTSTATUS unix_convert(TALLOC_CTX *ctx, connection_struct *conn, const char *orig_path, struct smb_filename *smb_fname, uint32_t ucf_flags) Currently the smb_filename struct looks like: struct smb_filename { char *base_name; char *stream_name; char *original_lcomp; SMB_STRUCT_STAT st; }; One key point here is the decision to break up the base_name and stream_name. I have introduced a helper function called get_full_smb_filename() that takes an smb_filename struct and allocates the full_name. I changed the callers of unix_convert() to subsequently call get_full_smb_filename() for the time being, but I plan to eventually eliminate get_full_smb_filename().
2009-05-20s3:smbd: check the incoming session id for SMB2 requestsStefan Metzmacher3-2/+98
metze