summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-05-25fixed interpretation of ACB_PWNOTREQAndrew Tridgell2-15/+6
This bit actually means that we should ignore the minimum password length field for this user. It doesn't mean that the password should be seen as empty
2009-05-25fixed the client side password change codeAndrew Tridgell1-61/+25
The client side code was not falling back to older routines correctly as it didn't check for the operation range error appropriately. It also used the old rpc semantics.
2009-05-25cope with lanman auth being disabled in old password change codeAndrew Tridgell1-8/+15
When lanman auth is disabled and a user calls a password change method that requires it we should give NT_STATUS_NOT_SUPPORTED
2009-05-24TALLOC_FREE happily lives with a NULL ptr. Tim, please check!Volker Lendecke3-48/+16
Thanks, Volker
2009-05-24Fix a race condition in winbind leading to a panicVolker Lendecke1-0/+1
In winbind, we do multiple events in one select round. This needs fixing, but as long as we're still using it, for efficiency reasons we need to do that. What can happen is the following: We have outgoing data pending for a client, thus state->fd_event.flags == EVENT_FD_WRITE Now a new client comes in, we go through the list of clients to find an idle one. The detection for idle clients in remove_idle_client does not take the pending data into account. We close the socket that has pending outgoing data, the accept(2) one syscall later gives us the same socket. In new_connection(), we do a setup_async_read, setting up a read fde. The select from before however had found the socket (that we had already closed!!) to be writable. In rw_callback we only want to see a readable flag, and we panic in the SMB_ASSERT(flags == EVENT_FD_READ). Found using bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient Volker
2009-05-24use epoll for local-wbclient testVolker Lendecke1-1/+1
2009-05-24Don't limit the number of retries in wb_trans.Volker Lendecke1-8/+0
This is better done with a tevent_req_set_endtime the caller should issue.
2009-05-24Don't set a timeout deep inside wb_connectVolker Lendecke1-5/+0
2009-05-24Change async_connect to use connect instead of getsockopt to get the errorVolker Lendecke1-14/+24
On my Linux box, this is definitely the more reliable strategy with unix domain sockets, and according to my tests it also works correctly with TCP sockets.
2009-05-24Do queueing in wbclient.cVolker Lendecke2-46/+59
The _trigger fn must know about wbc_context, while we were waiting in the queue the fd might have changed
2009-05-24Fix closed_fd(): select returning 0 means no fd listeningVolker Lendecke1-4/+7
2009-05-24Fix wb_simple_trans queueingVolker Lendecke1-16/+3
2009-05-24Add "err_on_readability" to writev_sendVolker Lendecke5-7/+19
A socket where the other side has closed only becomes readable. To catch errors early when sitting in a pure writev, we need to also test for readability.
2009-05-24Allow NULL queue to writev_sendVolker Lendecke1-6/+16
2009-05-22Ensure we return NT_STATUS_FILE_IS_A_DIRECTORY on a posix open on aJeremy Allison1-1/+1
directory name. Jeremy.
2009-05-22Test that POSIX open of a directory returns NT_STATUS_FILE_IS_A_DIRECTORY ↵Jeremy Allison1-1/+12
(ERRDOS, EISDIR). Jeremy.
2009-05-22s3:smbd: implement SMB2 Tree DisconnectStefan Metzmacher3-1/+38
metze
2009-05-22s3:smbd: implement SMB2 Tree ConnectStefan Metzmacher5-2/+286
For now this only checks if the share is present or not. metze
2009-05-22s3:smbd: SMB2 session ids are 64bit...Stefan Metzmacher2-3/+3
We only grand ids up to 0x0000000000FFFFFF, because that's what our idtree implementation can handle. But also 16777215 sessions on one tcp connection should be enough:-) metze
2009-05-22tsocket: allow empty vectors at the end for tstream_writev()/readv()Stefan Metzmacher1-0/+26
metze
2009-05-22s3:winbind:idmap_ldap: fix a crash bug in idmap_ldap_unixids_to_sids (#6387)Michael Adam1-1/+1
This fixes a crash bug hit when multiple mappings were found by the ldap search. This crash was caused by an ldap asssertion in ldap_next_entry because was set to NULL in each iteration. The corresponding fix was applied to the idmap_ldap_sids_to_unixids() by Jerry in 2007 (b066668b74768d9ed547f16bf7b6ba6aea5df20a). This fixes the crash part of bug #6387. There is a logic part, too: The problem currently only occurs when multiple mappings are found for one given unixid. Now winbindd does not crash any more but it does not correctly handle this situation. It just returns the last mapping from the ldap search results. This needs fixing. Michael
2009-05-22s3:smbd: implement SMB2 LogoffStefan Metzmacher3-1/+47
metze
2009-05-21Don't steal when we know the ptr will be null. Thanks to Simo forJeremy Allison1-2/+1
pointing this out. Jeremy.
2009-05-21Revert the last two commits (fix for #6386). The actual problemJeremy Allison1-7/+9
was a bug in ldb in 3.2 which could return a freed pointer on ret != LDAP_SUCCESS. The main thing we must ensure is that we never talloc_steal until we know LDAP_SUCCESS was returned. Jeremy.
2009-05-21Ensure all possible uses of indirection through res are checked afterJeremy Allison1-6/+6
an ldb_search. Jeremy.
2009-05-21Attempt to fix bug #6386 - Samba Panic triggered by Sophos Control Centre.Jeremy Allison1-1/+1
Don't indirect a potentially null pointer. Jeremy.
2009-05-21Detect tight loop in tdb_find()Jim McDonough1-0/+5
2009-05-21s3 torture: Fix warningTim Prouty1-1/+1
2009-05-21s3 onefs: Fix invalid argument from the unix_convert smb_filename struct patchTim Prouty1-1/+1
2009-05-21s3:smbd: we want to get the next command offset and not set it...Stefan Metzmacher1-1/+1
This should also fix the build on some hosts. metze
2009-05-21s3-build: fix the build of ntlm_auth. Bo Yang, please check.Günther Deschner1-1/+1
Guenther
2009-05-21s4-selftest: adding RPC-SAMR-USERS-PRIVILEGES to knownfail list.Günther Deschner1-0/+1
Samba4 cannot pass this test currently as in Samba4 (unlike Samba3) the LSA and SAMR account are stored in the same db. Once you delete a SAMR user the LSA privilege account is deleted at the same time (which is wrong). Guenther
2009-05-22s3: ignore EPIPE error when winbind finally writes to wb client because ↵Bo Yang1-2/+8
client might have already closed the socket Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-22s3: Fix onlinestatus msg to return status of all domain instead of omitting ↵Bo Yang1-78/+51
trusted domains Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-22s3: set winbindd request flags in ntlm_auth to make it contact trusted ↵Bo Yang3-2/+58
domain when krb5 auth is enabled Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-22s3: Fix request flags in wbinfo when perform krb5 authenticationBo Yang1-1/+2
Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-20Make cli_posix_open() and cli_posix_mkdir() async.Jeremy Allison4-75/+243
Jeremy.
2009-05-20s3: Change unix_convert (and its callers) to use struct smb_filenameTim Prouty10-383/+588
This is the first of a series of patches that change path based operations to operate on a struct smb_filename instead of a char *. This same concept already exists in source4. My goals for this series of patches are to eventually: 1) Solve the stream vs. posix filename that contains a colon ambiguity that currently exists. 2) Make unix_convert the only function that parses the stream name. 3) Clean up the unix_convert API. 4) Change all path based vfs operation to take a struct smb_filename. 5) Make is_ntfs_stream_name() a constant operation that can simply check the state of struct smb_filename rather than re-parse the filename. 6) Eliminate the need for split_ntfs_stream_name() to exist. My strategy is to start from the inside at unix_convert() and work my way out through the vfs layer, call by call. This first patch does just that, by changing unix_convert and all of its callers to operate on struct smb_filename. Since this is such a large change, I plan on pushing the patches in phases, where each phase keeps full compatibility and passes make test. The API of unix_convert has been simplified from: NTSTATUS unix_convert(TALLOC_CTX *ctx, connection_struct *conn, const char *orig_path, bool allow_wcard_last_component, char **pp_conv_path, char **pp_saved_last_component, SMB_STRUCT_STAT *pst) to: NTSTATUS unix_convert(TALLOC_CTX *ctx, connection_struct *conn, const char *orig_path, struct smb_filename *smb_fname, uint32_t ucf_flags) Currently the smb_filename struct looks like: struct smb_filename { char *base_name; char *stream_name; char *original_lcomp; SMB_STRUCT_STAT st; }; One key point here is the decision to break up the base_name and stream_name. I have introduced a helper function called get_full_smb_filename() that takes an smb_filename struct and allocates the full_name. I changed the callers of unix_convert() to subsequently call get_full_smb_filename() for the time being, but I plan to eventually eliminate get_full_smb_filename().
2009-05-20s3:smbd: check the incoming session id for SMB2 requestsStefan Metzmacher3-2/+98
metze
2009-05-20s3:smbd: implement SMB2 Session Setup with raw NTLMSSPStefan Metzmacher4-1/+221
metze
2009-05-20s3:smbd: for now indicate raw NTLMSSP in the SMB2 Negotiate responseStefan Metzmacher1-0/+3
metze
2009-05-20s3:smbd: move the callback functions of smbd_smb2_request_reply() closer itselfStefan Metzmacher1-42/+42
metze
2009-05-20s3:smbd: add smbd_smb2_request_done_ex()Stefan Metzmacher2-5/+16
Some times we have to return a non-error response with status != NT_STATUS_OK. metze
2009-05-20s3:smbd: fix initialized memory in SMB2 responsesStefan Metzmacher1-4/+4
MESSAGE_ID and SESSION_ID are both 64bit. metze
2009-05-20Add a security model to LSA. Similar to the SAMR code - usingJeremy Allison1-88/+227
the MS-LSA docs. Jeremy.
2009-05-20s4:libcli/smb2: fix session setup with raw NTLMSSPStefan Metzmacher1-13/+17
metze
2009-05-20s4:libcli/smb2: use raw ntlmssp if the server didn't provide a sec blobStefan Metzmacher1-1/+8
metze
2009-05-20s4:libcli/smb2: fill in transport->negotiate.secblob with the correct dataStefan Metzmacher1-0/+2
metze
2009-05-20Use SMB_VFS_NEXT_CLOSE. This VFS stuff is really opaque to me...Volker Lendecke1-5/+1
Thanks Michael to provide some transparency :-)
2009-05-20s3:smbd: add support for SMB2 Keepalive (SMB2 Echo)Stefan Metzmacher4-0/+93
metze