summaryrefslogtreecommitdiff
path: root/source3/include
AgeCommit message (Collapse)AuthorFilesLines
2010-02-17Fix bug #7146 - Samba miss-parses authenticated RPC packets.Jeremy Allison1-0/+3
Parts of the Samba RPC client and server code misinterpret authenticated packets. DCE authenticated packets actually look like this : +--------------------------+ |header | | ... frag_len (packet len)| | ... auth_len | +--------------------------+ | | | Data payload | ... .... | | +--------------------------+ | | | auth_pad_len bytes | +--------------------------+ | | | Auth footer | | auth_pad_len value | +--------------------------+ | | | Auth payload | | (auth_len bytes long) | +--------------------------+ That's right. The pad bytes come *before* the footer specifying how many pad bytes there are. In order to read this you must seek to the end of the packet and subtract the auth_len (in the packet header) and the auth footer length (a known value). The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long as the pad alignment is on an 8 byte boundary (there are some special cases in the code for this). Tridge discovered there are some (DRS replication) cases where on 64-bit machines where the pad alignment is on a 16-byte boundary. This breaks the existing S3 hand-optimized rpc code. This patch removes all the special cases in client and server code, and allows the pad alignment for generated packets to be specified by changing a constant in include/local.h (this doesn't affect received packets, the new code always handles them correctly whatever pad alignment is used). This patch also works correctly with rpcclient using sign+seal from the 3.4.x and 3.3.x builds (testing with 3.0.x and 3.2.x to follow) so even as a server it should still work with older libsmbclient and winbindd code. Jeremy
2010-02-14s3-includes: enable TYPESAFE_QSORT() in s3Andrew Tridgell1-0/+1
2010-02-13s3: Remove unused comparison fn from "struct sorted_tree"Volker Lendecke1-1/+1
2010-02-13s3: Make adt_tree data definitions private to adt_tree.cVolker Lendecke1-16/+1
2010-02-13s3: SORTED_TREE -> struct sorted_treeVolker Lendecke1-6/+6
2010-02-13s3: TREE_NODE -> struct tree_nodeVolker Lendecke1-5/+5
2010-02-12s3:ctdb_conn: add ctdbd_conn_get_fd() to get the fd out of the ctdb connectionMichael Adam1-0/+2
Michael
2010-02-12s3: Add ctdb_conn_msg_ctx()Volker Lendecke1-0/+1
2010-02-12s3: Implement global locks in a g_lock tdbVolker Lendecke2-0/+57
This is the basis to implement global locks in ctdb without depending on a shared file system. The initial goal is to make ctdb persistent transactions deterministic without too many timeouts.
2010-02-11Remove lp_safe_widelinks() -> convert to just lp_widelinks. Suggestion from ↵Jeremy Allison1-1/+1
Volker. Create widelinks_warning(int snum) to cover the message needed in make_connection. Jeremy.
2010-02-11Introduce lp_safe_widelinks()Simo Sorce1-0/+1
This way we avoid any chance that a configuration reload may turn back on wide links when unix extensions are enabled.
2010-02-08s3:nmbd: change "nmbd:bind explicit broadcast" into "nmbd bind explicit ↵Stefan Metzmacher1-0/+1
broadcast" metze
2010-02-08s3:nmbd: also listen explicit on the subnet broadcast addressesStefan Metzmacher1-1/+4
And send replies always via the unicast address of the subnet. This behavior is off by default (as before) and can be enabled with "nmbd:bind explicit broadcast = yes". metze
2010-02-08s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches.Stefan Metzmacher1-0/+5
ldapsam_alias_memberships() does the same LDAP search twice, triggered via add_aliases() from create_local_nt_token(). This happens when no domain aliases are used. metze
2010-02-07s3: Make cli_get_fs_volume_info() use cli_trans()Volker Lendecke1-1/+2
2010-02-07s3: Remove some unused codeVolker Lendecke1-1/+0
2010-02-05s3: Make guest_user_info() staticVolker Lendecke1-1/+0
2010-02-02Change uint_t to unsigned int in source3Matt Kraai1-4/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-30Fix bug #7079 - cliconnect gets realm wrong with trusted domains.Jeremy Allison1-0/+2
Passing NULL as dest_realm for cli_session_setup_spnego() was always using our own realm (as for a NetBIOS name). Change this to look for the mapped realm using krb5_get_host_realm() if the destination machine name is a DNS name (contains a '.'). Could get fancier with DNS name detection (length, etc.) but this will do for now. Jeremy.
2010-01-26Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to ↵Jeremy Allison1-1/+2
respond to a read or write. Only works on Linux kernels 2.6.26 and above. Grants CAP_KILL capability to allow Linux threads under different euids to send signals to each other. Jeremy.
2010-01-24s3-libsmbclient: Add smbc_setOptionUseCCache()Volker Lendecke1-0/+11
Can we enable this by default? This would be a change in behaviour, but this feature is just too cool for everyone to catch up in the apps. The patch would be
2010-01-24s3: Add CLI_FULL_CONNECTION_USE_CCACHEVolker Lendecke1-0/+1
2010-01-24s3: Add -C (--use-ccache) to popt_common_credentialsVolker Lendecke2-0/+4
2010-01-24s3: Add ccache use to cli_session_setup_ntlmsspVolker Lendecke1-0/+1
2010-01-24s3: Add NTLMSSP_FEATURE_CCACHEVolker Lendecke1-0/+2
Uses the winbind ccache to do authentication if asked to do so
2010-01-23s3: Remove string_sid_tallocVolker Lendecke1-1/+0
All but one call were pointless, so I think this API should go
2010-01-21s3: Make "init_smb_request" static to process.cVolker Lendecke1-4/+0
2010-01-21s3: Move "yesno" to the only place where it is used: client.cVolker Lendecke1-1/+0
2010-01-14s3:smbldap: add smbldap_talloc_first_attribute()Stefan Metzmacher1-0/+3
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit c992127f8a96c37940a6d298c7c6859c47f83d9b)
2010-01-12Fix bug #6876 - Delete of an object whose parent folder does not have delete ↵Jeremy Allison1-0/+1
rights fails even if the delete right is set on the object. Final fix for the vfs_acl_xattr and vfs_acl_tdb code. Ensure we can delete a file even if the underlying POSIX permissions don't allow it, if the Windows permissions do. Jeremy.
2010-01-10s3: Remove unused samr_make_sam_obj_sdVolker Lendecke1-1/+0
2010-01-10s3: Remove the typedef for "auth_serversupplied_info"Volker Lendecke2-10/+12
2010-01-10s3: Remove the typedef for "auth_usersupplied_info"Volker Lendecke2-11/+11
2010-01-07s3: Factor password_in_history() out of check_passwd_history()Volker Lendecke1-0/+3
2010-01-07s3:lib/time: remoce null_mtime() - use null_time()Björn Jacke1-1/+0
2010-01-07s3:lib/time: remove unused nt_time_equalsBjörn Jacke1-1/+0
we have nt_time_equal doing the same in lib/util/
2010-01-06s3: Fix infinite loop in NCACN_IP_TCP asa there is no timeout. Assume ↵Bo Yang1-0/+5
lsa_pipe_tcp is ok but network is down, then send request is ok, but select() on writeable fds loops forever since there is no response. Signed-off-by: Bo Yang <boyang@samba.org>
2010-01-04s3: Happy New Year 2010Stefan Metzmacher1-1/+1
metze
2010-01-03s3: Convert cli_ulogoff to the async APIVolker Lendecke1-1/+5
2010-01-03s3: Convert cli_tdis to the async APIVolker Lendecke1-1/+5
2009-12-29s3:ntlmssp: change get_challange() to return NTSTATUSStefan Metzmacher1-2/+2
metze
2009-12-29s3:ntlmssp: remove unused ntlmssp_stored_response()Stefan Metzmacher2-7/+0
metze
2009-12-29s3:ntlmssp: remove unused ref_count from ntlmssp_stateStefan Metzmacher1-1/+0
metze
2009-12-29s3:ntlmssp: fix whitespace in ntlmssp.hStefan Metzmacher1-1/+1
metze
2009-12-29s3:ntlmssp: fix spellingStefan Metzmacher1-1/+1
metze
2009-12-29s3:ntlmssp: rename NTLM_MESSAGE_TYPE into ntlmssp_message_typeStefan Metzmacher1-1/+1
metze
2009-12-24s3: Remove unused delete_negative_conn_cache()Volker Lendecke1-1/+0
2009-12-24s3: Remove unused flush_negative_conn_cache()Volker Lendecke1-1/+0
2009-12-23The posix acl version of set_nt_acl() could set the stat_exJeremy Allison1-0/+4
struct in the fsp->fsp_name pointer incorrectly for a directory. Fix this. Make map_canon_ace_perms() public. Jeremy.
2009-12-22s3:ntlmssp: only include ntlmssp.h where actually neededAndrew Bartlett1-1/+3
Andrew Bartlett