Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 22a3ea40ac69fa3722abf28db845ab284a65ad97)
|
|
> Here's the problem I hit:
>
> getgrnam("foo") -> nscd -> NSS -> winbindd ->
> winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() ->
> getgrnam("foo") -> nscd -> ....
>
> This is in the SAMBA_3_0 specifically but in theory could happen
> SAMBA_3_0_25 (or 26) for an unknown group.
>
> The attached patch passes down enough state for the
> name_to_sid() call to be able to determine the originating
> winbindd cmd that came into the parent. So we can avoid
> making more NSS calls if the original call came in trough NSS
> so we don't deadlock ? But you should still service
> lookupname() calls which are needed for example when
> doing the token access checks for a "valid groups" from
> smb.conf.
>
> I've got this in testing now. The problem has shown up with the
> DsProvider on OS X and with nscd on SOlaris and Linux.
(This used to be commit bcc8a3290aaa0d2620e9d391ffbbf65541f6d742)
|
|
(This used to be commit b38dc5ffdfe9fdc2879c57dc181815f06b4747fe)
|
|
were using
netr_GetDcAnyName all the time (which is the correct thing to do).
Fix the naming and opcode mixup in all branches.
Guenther
(This used to be commit def6464c872a5939f0028837254f2c019d2d71c8)
|
|
branch, please check if it fulfils your needs.
Two changes: The validation is not done inside the brlock.c traverse_fn,
it's done as a separate routine.
Secondly, this patch does not call the checker routines in smbcontrol
directly but depends on a running smbd.
(This used to be commit 7e39d77c1f90d9025cab08918385d140e20ca25b)
|
|
(This used to be commit c91b2bdc160d76bf0b0770fe7f92cbc7124d6c3c)
|
|
This replaces the internal explicit dev/ino file id representation by a
"struct file_id". This is necessary as cluster file systems and NFS
don't necessarily assign the same device number to the shared file
system. With this structure in place we can now easily add different
schemes to map a file to a unique 64-bit device node.
Jeremy, you might note that I did not change the external interface of
smb_share_modes.c.
Volker
(This used to be commit 9b10dbbd5de8813fc15ebbb6be9b18010ffe8139)
|
|
(This used to be commit 84f9885cf8cc57dcf3c2738d6b245de314890a41)
|
|
(This used to be commit afe90224bf151acf6c7be8974408f79cfd459dbf)
|
|
Guenther
(This used to be commit 52fdbbda53df79461322b9d21aba998f19181df8)
|
|
netr_DsRGetDCNameEx2) and add new ds request and reply flags, also add some
more WERROR codes.
Guenther
(This used to be commit 37ae7f419702c563bcd0d9c27c02bde7efd34dd7)
|
|
This removes message_block / message_unblock. I've talked to Jeremy and
Günther, giving them my reasons why I believe they have no effect.
Neither could come up with a counter-argument, so they go :-)
(This used to be commit a925e0991ffbaea4a533bab3a5d61e5d367d46c8)
|
|
is now
replaced by MSG_FLAG_LOWPRIORITY or'ed into the msg_type. To enable this,
changed the msg_type definitions to hexadecimal.
This way we could theoretically add the MSG_FLAG_NODUPLICATES again, but I
would rather not do this, because that one is racy and can't be guaranteed at
all.
(This used to be commit 3f5eb8a9600839a9f9c44c553f0bda6df22b30b0)
|
|
Jeremy.
(This used to be commit 932523cbb508db869b726768e86bfa8e248f768b)
|
|
in Samba4 smbtorture. Fix rename on an open file handle.
Needed for 3.0.25a.
Jeremy.
(This used to be commit a301467d5f645dada27093ddfd74890b88bb4ce8)
|
|
doing this because for the clustering the marshalling is needed in more
than one place, so I wanted a decent routine to marshall a message_rec
struct which was not there before.
Tridge, this seems about the same speed as it used to be before, the
librpc/ndr overhead in my tests was under the noise.
Volker
(This used to be commit eaefd00563173dfabb7716c5695ac0a2f7139bb6)
|
|
with the Apple guys and Linux kernel guys. Still looking
at how to do writeX as there's no recvfile().
Jeremy.
(This used to be commit a53268fb2082de586e2df250d8ddfcff53379102)
|
|
(This used to be commit f65214be68c1a59d9598bfb9f3b19e71cc3fa07b)
|
|
replace all data_blob(NULL, 0) calls.
(This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
|
|
(This used to be commit 1351207626ee0f99aef93326ef96bf69651bf472)
|
|
(This used to be commit e522fb9bb72580a162c46db4e7ee8c7933705cee)
|
|
tokenGroup attribute.
Guenther
(This used to be commit e4e8f840605dfdf92ca60cc8fc6a4c85336565fb)
|
|
ALLOWED OBJECT
ACEs).
Guenther
(This used to be commit e138cbc876e50ae25cb15c5109a42bc8b800c1ba)
|
|
search with
the SD_FLAGS control.
Guenther
(This used to be commit 648df57e53ddabe74052e816b8eba95180736208)
|
|
preparation of
adding GPO security filtering for libgpo).
Guenther
(This used to be commit b376a39fbf42a6a541fd311418c4a980b9fd4b9e)
|
|
return values of some alias-releated pdb functions from BOOL to NTSTATUS
Thanks :-)
(This used to be commit 590d2164b3a33250410338771e160f6ebd1aa89d)
|
|
different
database backends in place dynamically.
The main abstractions are db_context and db_record, it should be mainly
self-describing, see include/dbwrap.h. You open the db just as you would open
a tdb, this time with db_open(). If you want to fetch a record, just do the
db->fetch() call, if you want to do operations on it, you need to get it with
fetch_locked().
I added dbwrap_file.c (not heavily tested lately) as an example for what can
be done with that abstraction, uses a file per key. So if anybody is willing
to shape that up, we might have a chance on reiserfs again.... :-)
This abstraction works fine for brlock.tdb, locking.tdb, connections.tdb and
sessionid.tdb. It should work fine for the others as well, I just did not yet
get around to convert them.
If nobody loudly screams NO, then I will import the code that uses this soon.
Volker
(This used to be commit e9d7484ca246cfca4a1fd23be35edc2783136ebe)
|
|
server_id' instead of a 'uint32 pid'
(This used to be commit be7bac55c37676a8137c59a22dfb2e4c4821ac21)
|
|
lib/util_tdb.c exactly match the definitions. (There were
some [u]int_32_t instead of [u]int32, which made a gcc 2.95
on an old AIX without system [u]int32[_t] types complain...)
(This used to be commit 7cae0d61170485eb220f546899dfa78f1805a272)
|
|
patch.
This changes "struct process_id" to "struct server_id", keeping both is
just too much hassle. No functional change (I hope ;-))
Volker
(This used to be commit 0ad4b1226c9d91b72136310d3bbb640d2c5d67b8)
|
|
Vista. Vista provides a plethora of kludges to simulate older versions of
Windows. The kludges are in the form of shortcuts (or more likely symbolic
links, but I don't know enough about Vista to determine that definitively)
and in most cases, attempts to access them get back an "access denied"
error. On one particular folder, however, "<share>/Users/All Users", it
returns an unknown (to ethereal and the Samba3 code) NT status code:
0x8000002d. Although this code does not have a high byte of 0xc0 indicating
that it is an error, it appears to be an alternate form of "access denied".
Without this patch, libsmbclient times out on an attempt to enumerate that
folder rather than returning an error to the caller. This patch corrects
that problem.
(This used to be commit cc0cd3a12f76b8cd711e3165d4cfe920552f256d)
|
|
and the krb5 tkt cache could not be created due to clock skew.
(This used to be commit 24616f7d6be40b090dc74851b1ea7d09d6976811)
|
|
(a) Query our primary domain for trusts
(b) Query all tree roots in our forest
(c) Query all forest roots in trusted forests.
This will give us a complete trust topology including
domains via transitive Krb5 trusts. We also store the
trust type, flags, and attributes so we can determine
one-way trusted domains (outgoing only trust path).
Patch for one-way trusts coming in a later check-in.
"wbinfo -m" now lists all domains in the domain_list() as held
by the main winbindd process.
(This used to be commit 9cf6068f1e0a1063d331af17aa493140497b96ef)
|
|
lock_struct *
(This used to be commit 8e0e278961ebf2fa4301874d522636699ace1b9b)
|
|
NTSTATUS
codes directly out of the krb5_error edata.
Guenther
(This used to be commit dcd902f24a59288bbb7400d59c0afc0c8303ed69)
|
|
and out of talloc at tridge's request.
Jeremy.
(This used to be commit da78488b86c464b6861d36398cca7524ad5906fe)
|
|
Should fix build farm breakage.
Jeremy.
(This used to be commit efb43432b01f0b55df409225c7526ff232c00171)
|
|
calls. No functional changes. Looks bigger than it is :-).
Jeremy.
(This used to be commit f6fa3080fee1b20df9f1968500840a88cf0ee592)
|
|
Jeremy.
(This used to be commit d3df922038032b65f52e1e0ac1f2dd53a6933fb7)
|
|
Guenther
(This used to be commit 9ec76c542775ae58ff03f42ebfa1acc1a63a1bb1)
|
|
hidden by
KRB5_PRIVATE in MIT and doesn't exist on Heimdal).
Guenther
(This used to be commit 664db1cff674073c8eeaf69256a73d11e7ed9e3c)
|
|
Guenther
(This used to be commit f6ade770bdd3e2b14e8db367c40167f49d6c6fa0)
|
|
Guenther
(This used to be commit 4984af2c66754e9b6eed3020b3056ccf14d19617)
|
|
sockets to listen on a little, because in the launchd case these
are provided for us. We also add an idle timeout so that a daemon
can exit after a period of inactivity.
(This used to be commit fc8589a3371d396197fae508e563f814899c2beb)
|
|
of the various flags explicit.
(This used to be commit 19c929c6330a50f278ac322ac5fcb83d03734ea2)
|
|
to all callers of smb_setlen (via set_message()
calls). This will allow the server to reflect back
the correct encryption context.
Jeremy.
(This used to be commit 2d80a96120a5fe2fe726f00746d36d85044c4bdb)
|
|
loop when allocating a new id for a SID:
auth_util.patch Revert create_local_token() to
the 3.0.24 codebase
idmap_type.patch Have the caller fillin the
id_map.xid.type field when
resolving a SID so that if we allocate
a new id, we know what type to use
winbindd_api.patch Remove the WINBINDD_SIDS_TO_XIDS calls
from the public winbindd interface
for the 3.0.25 release
idmap_rid.patch Cleanup the idmap_rid backend to not
call back into winbindd to resolve
the SID in order to verify it's type.
(This used to be commit 3b24dae9e73b244540a68b631b428a4d0f57440b)
|
|
(tdb_delete_bystring instead of tdb_delete is used here)
(This used to be commit ee40cead097ed2c005f5f80b24c9f681e054849a)
|
|
and make the functions static.
also use libreplace headers in tdbbackup.c
metze
(This used to be commit 1ca12b1c9e7e8267fa13a40ebeb2bdcd199237de)
|
|
metze
(This used to be commit 8a7d2e633b98aa9c73cf1f7d1369015b294cf2e1)
|