Age | Commit message (Collapse) | Author | Files | Lines |
|
This bit actually means that we should ignore the minimum password
length field for this user. It doesn't mean that the password should
be seen as empty
|
|
The client side code was not falling back to older routines correctly
as it didn't check for the operation range error appropriately. It
also used the old rpc semantics.
|
|
When lanman auth is disabled and a user calls a password change
method that requires it we should give NT_STATUS_NOT_SUPPORTED
|
|
Thanks,
Volker
|
|
In winbind, we do multiple events in one select round. This needs fixing, but
as long as we're still using it, for efficiency reasons we need to do that.
What can happen is the following: We have outgoing data pending for a client,
thus
state->fd_event.flags == EVENT_FD_WRITE
Now a new client comes in, we go through the list of clients to find an idle
one. The detection for idle clients in remove_idle_client does not take the
pending data into account. We close the socket that has pending outgoing data,
the accept(2) one syscall later gives us the same socket.
In new_connection(), we do a setup_async_read, setting up a read fde. The
select from before however had found the socket (that we had already closed!!)
to be writable. In rw_callback we only want to see a readable flag, and we
panic in the SMB_ASSERT(flags == EVENT_FD_READ).
Found using
bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient
Volker
|
|
|
|
This is better done with a tevent_req_set_endtime the caller should issue.
|
|
|
|
On my Linux box, this is definitely the more reliable strategy with unix domain
sockets, and according to my tests it also works correctly with TCP sockets.
|
|
The _trigger fn must know about wbc_context, while we were waiting in the
queue the fd might have changed
|
|
|
|
|
|
A socket where the other side has closed only becomes readable. To catch
errors early when sitting in a pure writev, we need to also test for
readability.
|
|
|
|
directory name.
Jeremy.
|
|
(ERRDOS, EISDIR).
Jeremy.
|
|
metze
|
|
For now this only checks if the share is present or not.
metze
|
|
We only grand ids up to 0x0000000000FFFFFF,
because that's what our idtree implementation can handle.
But also 16777215 sessions on one tcp connection should be enough:-)
metze
|
|
metze
|
|
This fixes a crash bug hit when multiple mappings were found by
the ldap search. This crash was caused by an ldap asssertion
in ldap_next_entry because was set to NULL in each iteration.
The corresponding fix was applied to the idmap_ldap_sids_to_unixids()
by Jerry in 2007 (b066668b74768d9ed547f16bf7b6ba6aea5df20a).
This fixes the crash part of bug #6387.
There is a logic part, too:
The problem currently only occurs when multiple mappings are found
for one given unixid. Now winbindd does not crash any more but
it does not correctly handle this situation. It just returns the
last mapping from the ldap search results.
This needs fixing.
Michael
|
|
metze
|
|
pointing this out.
Jeremy.
|
|
was a bug in ldb in 3.2 which could return a freed pointer on
ret != LDAP_SUCCESS. The main thing we must ensure is that we
never talloc_steal until we know LDAP_SUCCESS was returned.
Jeremy.
|
|
an ldb_search.
Jeremy.
|
|
Don't indirect a potentially null pointer.
Jeremy.
|
|
|
|
|
|
|
|
This should also fix the build on some hosts.
metze
|
|
Guenther
|
|
Samba4 cannot pass this test currently as in Samba4 (unlike Samba3)
the LSA and SAMR account are stored in the same db.
Once you delete a SAMR user the LSA privilege account is deleted
at the same time (which is wrong).
Guenther
|
|
client might have already closed the socket
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
trusted domains
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
domain when krb5 auth is enabled
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
Jeremy.
|
|
This is the first of a series of patches that change path based
operations to operate on a struct smb_filename instead of a char *.
This same concept already exists in source4.
My goals for this series of patches are to eventually:
1) Solve the stream vs. posix filename that contains a colon ambiguity
that currently exists.
2) Make unix_convert the only function that parses the stream name.
3) Clean up the unix_convert API.
4) Change all path based vfs operation to take a struct smb_filename.
5) Make is_ntfs_stream_name() a constant operation that can simply
check the state of struct smb_filename rather than re-parse the
filename.
6) Eliminate the need for split_ntfs_stream_name() to exist.
My strategy is to start from the inside at unix_convert() and work my
way out through the vfs layer, call by call. This first patch does
just that, by changing unix_convert and all of its callers to operate
on struct smb_filename. Since this is such a large change, I plan on
pushing the patches in phases, where each phase keeps full
compatibility and passes make test.
The API of unix_convert has been simplified from:
NTSTATUS unix_convert(TALLOC_CTX *ctx,
connection_struct *conn,
const char *orig_path,
bool allow_wcard_last_component,
char **pp_conv_path,
char **pp_saved_last_component,
SMB_STRUCT_STAT *pst)
to:
NTSTATUS unix_convert(TALLOC_CTX *ctx,
connection_struct *conn,
const char *orig_path,
struct smb_filename *smb_fname,
uint32_t ucf_flags)
Currently the smb_filename struct looks like:
struct smb_filename {
char *base_name;
char *stream_name;
char *original_lcomp;
SMB_STRUCT_STAT st;
};
One key point here is the decision to break up the base_name and
stream_name. I have introduced a helper function called
get_full_smb_filename() that takes an smb_filename struct and
allocates the full_name. I changed the callers of unix_convert() to
subsequently call get_full_smb_filename() for the time being, but I
plan to eventually eliminate get_full_smb_filename().
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
Some times we have to return a non-error response
with status != NT_STATUS_OK.
metze
|
|
MESSAGE_ID and SESSION_ID are both 64bit.
metze
|
|
the MS-LSA docs.
Jeremy.
|
|
metze
|
|
metze
|
|
metze
|
|
Thanks Michael to provide some transparency :-)
|
|
metze
|