Age | Commit message (Collapse) | Author | Files | Lines |
|
Jeremy.
|
|
X.690 uses "BIT STRING" not "BIT FIELD".
|
|
This fixes two issues pointed out by Andrew. It adds a runtime
uwrap_enabled() call that wraps the skips needed for uid emulation. It
also makes the skip in the directory_create_or_exist() function only
change the uid checking code, not the permissions code
|
|
This library intercepts seteuid and related calls, and simulates them
in a manner similar to the nss_wrapper and socket_wrapper
libraries. This allows us to enable the vfs_unixuid NTVFS module in
the build farm, which means we are more likely to catch errors in the
token manipulation.
The simulation is not complete, but it is enough for Samba4 for
now. The major areas of incompleteness are:
- no emulation of setreuid, setresuid or saved uids. These would be
needed for use in Samba3
- no emulation of ruid changing. That would also be needed for Samba3
- no attempt to emulate file ownership changing, so code that (for
example) tests whether st.st_uid matches geteuid() needs special
handling
|
|
metze
|
|
|
|
|
|
Found by cppcheck:
[./lib/util/util_file.c:383]: (error) Resource leak: fd
|
|
This fixes broken password tests when the passwords contain non ASCII characters
(e.g. accentuated chars like ('e, `e, ...)
|
|
replace.h needs to be included first.
Michael
|
|
(when called from places with "#define NO_CONFIG_H" set, such as configure)
Michael
|
|
By adding a new common setup_logging_stdout() API, we no longer need to abuse the ABI compatability between the different setup_logging() calls in Samba3 and Samba4's DEBUG() subsystems.
The revert of 49a6d757b4d944cd22c91b2838beb83f04fbe1e9 works with this
to fix bug 6211.
Andrew Bartlett
|
|
The problem is that the enum was previously a 'rachet', that is, it
would only reset to a level higher than it was previouly set to.
Changing the order broke file-based logging for our production sites.
This reverts commit 49a6d757b4d944cd22c91b2838beb83f04fbe1e9.
|
|
|
|
|
|
|
|
|
|
Use the state to avoid recursion in reopen_logs(), as DEBUG() can call
this function.
Andrew Bartlett
|
|
Guenther
|
|
|
|
|
|
|
|
This function searches for a single record using a given filter,
adding the extended-dn control so that any returned DNs will have the
GUID and SID fields returned. This will be used in the sam auth code
to prevent us doing a member= search for the groups, which invokes an
unindexed search.
|
|
|
|
|
|
Guenther
|
|
|
|
|
|
|
|
- Now that we initialize for the non-thread-safe case in the macro, there's no
need to do it here too.
Derrell
|
|
- Create separate macros for lock and unlock so that it's easier to identify
which request is being made.
- Initialize *ponce in the SMB_THREAD_ONCE macro in the non-thread-safe case,
rather than requiring each init function to determine if it's in the
non-thread-safe case and manually initialize.
Derrell
|
|
- This should make life easier for ourselves. We're no longer constrained to
the semantics of pthread_once, so let's allow passing a parameter to the
initialization function. Some of Samba's init functions return a
value. Although I haven't searched, I suspect that some of the init
functions require in input parameters. The parameter added here can be used
for input, output, or both, as necessary... or ignored, as is now done in
talloc_stackframe_init().
Derrell
|
|
- It would help if smb_thread_once did, eventually, set the variable that
prevents the init function from being run again. Sigh. It must be getting
late.
Derrell
|
|
- We can't set *ponce=true before running the function because although other
threads wouldn't re-run the initialization function, they could potentially
proceed beyond the initialization point while the first thread was still
running the initialization function. If a second thread gets to an
SMB_THREAD_ONCE() call while one with the same ponce is running, we need to
ensure that it enters smb_thread_once() to await the mutex and then recheck
whether *ponce is set or not. My original comment about other "once"
functions possibly being called from within this "once" function is
irrelevant since those other ones would have their own unique ponce.
Derrell
|
|
it's used in a ? : comparison macro.
Jeremy.
|
|
Jeremy.
|
|
|
|
- The macro SMB_THREAD_ONCE now tests whether the "once" variable is already
set, and if so avoids calling smb_thread_once().
Derrell
|
|
- It's a serious error if we can't lock or unlock a mutex in
smb_thread_once(). Panic instead of just displaying a DEBUG message.
Derrell
|
|
- Internally, when locking or unlocking a mutex, we'll pass one of the
values of enum smb_thread_lock_type. That enum is not available to users
providing a thread implementation. Externally, we'll document the integer
values which will be passed to their lock_mutex function, but not require
them to access our internal header file.
Derrell
|
|
Jeremy, please check...
- I'm in the process of providing an interface in libsmbclient to the
recently-added threading capabilities. In the process, I discovered that
different thread implementations have varying types for the variable passed
to the thread_impl_once() function. pthreads, for example, uses type
pthread_once_t. Since Samba needs to internally declare these variables, it
would need to know the exact type required by each thread implementation's
function. After considering multiple methods of obtaining an appropriately
sized variable, I decided that for the basic "once" functionality required
by Samba, it would be much simpler to just implement our own "once"
functionality. We don't require cancellation points et all. This commit adds
an smb_thread_once() function that is implemented using an internal
mutex. The mutex itself uses the implementation's create_mutex
function. This eliminates the need for the user to provide a smb_thread_once
function pointer and the entire issue of that function's first parameter.
Derrell
|
|
|
|
|
|
Michael
|
|
|
|
|
|
versions.
Jeremy.
|
|
Jeremy.
|
|
this.
Jeremy.
|
|
What a difference a name makes... :-). Just because something is missnamed
SAMR_ACCESS_OPEN_DOMAIN, when it should actually be SAMR_ACCESS_LOOKUP_DOMAIN,
don't automatically use it for a security check in _samr_OpenDomain().
Jeremy.
|