summaryrefslogtreecommitdiff
path: root/source3/include
AgeCommit message (Collapse)AuthorFilesLines
2010-03-19s3:librpc: remove unused stuffStefan Metzmacher1-11/+0
metze
2010-03-16s3: Make login_cache_write take a pointerVolker Lendecke1-1/+2
2010-03-16s3: Make login_cache_read take a pointer, avoid a mallocVolker Lendecke1-1/+1
2010-03-16s3: Remove a typedefVolker Lendecke2-4/+4
2010-03-15Remove the bool admin_user from conn struct. We no longer look at this to ↵Jeremy Allison1-2/+0
make access decisions. Jeremy.
2010-03-15Pass "connection_struct *conn" into functions that currently use ↵Jeremy Allison1-1/+1
"current_user.XXX" Will allow me to replace them with accessor functions. Jeremy.
2010-03-15Add accessor functions for current uid, gid, unix token, NT token and vuid.Jeremy Allison1-0/+5
Jeremy.
2010-03-15Rever e80ceb1d7355c8c46a2ed90d5721cf367640f4e8 "Remove more uses of "extern ↵Jeremy Allison1-6/+1
struct current_user current_user;"." As requested by Volker, split this into smaller commits. Jeremy.
2010-03-14s3: Remove some unused #definesVolker Lendecke1-8/+0
2010-03-14s3: Remove some unused codeVolker Lendecke1-4/+0
2010-03-14s3: Fix some nonempty blank linesVolker Lendecke4-13/+12
2010-03-13s3: Make tdb_wrap_open more robustVolker Lendecke1-2/+0
This hides the use of talloc_reference from the caller, making it impossible to wrongly call talloc_free() on the result.
2010-03-12Missed a couple more uses of conn->server_info->ptok that need to be ↵Jeremy Allison1-4/+5
get_current_nttok(conn) Centralize the root check into smb1_file_se_access_check() so this is used by modules/vfs_acl_common.c also. Jeremy.
2010-03-12Remove more uses of "extern struct current_user current_user;".Jeremy Allison1-1/+6
Use accessor functions to get to this value. Tidies up much of the user context code. Volker, please look at the changes in smbd/uid.c to familiarize yourself with these changes as I think they make the logic in there cleaner. Cause smbd/posix_acls.c code to look at current user context, not stored context on the conn struct - allows correct use of these function calls under a become_root()/unbecome_root() pair. Jeremy.
2010-03-12s3: Add "g_lock_do" as a convenience wrapper functionVolker Lendecke1-0/+4
2010-03-12s3: Fix a commentVolker Lendecke1-1/+1
2010-03-11Move prototype to header of common code for set_sockaddr_portAndrew Bartlett1-1/+0
2010-03-10s3: Fix a long-standing problem with recycled PIDsVolker Lendecke4-0/+69
When a samba server process dies hard, it has no chance to clean up its entries in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb. For locking.tdb and brlock.tdb Samba is robust by checking every time we read an entry from the database if the corresponding process still exists. If it does not exist anymore, the entry is deleted. This is not 100% failsafe though: On systems with a limited PID space there is a non-zero chance that between the smbd's death and the fresh access, the PID is recycled by another long-running process. This renders all files that had been locked by the killed smbd potentially unusable until the new process also dies. This patch is supposed to fix the problem the following way: Every process ID in every database is augmented by a random 64-bit number that is stored in a serverid.tdb. Whenever we need to check if a process still exists we know its PID and the 64-bit number. We look up the PID in serverid.tdb and compare the 64-bit number. If it's the same, the process still is a valid smbd holding the lock. If it is different, a new smbd has taken over. I believe this is safe against an smbd that has died hard and the PID has been taken over by a non-samba process. This process would not have registered itself with a fresh 64-bit number in serverid.tdb, so the old one still exists in serverid.tdb. We protect against this case by the parent smbd taking care of deregistering PIDs from serverid.tdb and the fact that serverid.tdb is CLEAR_IF_FIRST. CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not work when all smbds are restarted. For this, "net serverid wipe" has to be run before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up sessionid.tdb and connections.tdb. While there, this also cleans up overloading connections.tdb with all the process entries just for messaging_send_all(). Volker
2010-03-08Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail ↵Karolin Seeger1-2/+1
to respond to a read or write." This reverts commit a6ae7a552f851a399991262377cc0e062e40ac20. This fixes bug #7222 (All users have full rigths on all shares) (CVE-2010-0728). (cherry picked from commit 1c9494c76cc9686c61e0966f38528d3318f3176f)
2010-03-05Fix for bug #7189 - Open txt files with notepad on samba shares creates problem.Jeremy Allison4-11/+25
Ensure we don't use any of the create_options for Samba private use. Add a new parameter to the VFS_CREATE call (private_flags) which is only used internally. Renumber NTCREATEX_OPTIONS_PRIVATE_DENY_DOS and NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to match the S4 code). Rev. the VFS interface to version 28. Jeremy.
2010-03-05s3-rpcclient: fix rpcclient after spoolss_GetPrinterData{Ex} IDL change.Günther Deschner1-1/+2
Guenther
2010-03-03s3: build sddl.c in samba3Michael Adam1-0/+1
2010-03-01s3: Abstract access to sessionid.tdb, similar to conn_tdb.cVolker Lendecke1-0/+13
2010-03-01s3: Add connections_forall_read()Volker Lendecke1-0/+4
In a cluster, this makes a large difference: For r/w traverse, we have to do a fetch_locked on every record which for most users of connections_forall is just overkill.
2010-02-28s3: Remove unused count_all_current_connections()Volker Lendecke1-1/+0
2010-02-26s3: remove unused schannel_auth_struct.Günther Deschner1-6/+0
Guenther
2010-02-25Implement rename/move in SMB2 from Windows7.Jeremy Allison1-0/+1
Jeremy.
2010-02-24s3: Make connections_fetch_record() staticVolker Lendecke1-2/+0
2010-02-23s3:schannel streamline interfaceSimo Sorce2-11/+0
Make calling schannel much easier by removing the need to explicitly open the database. Let the abstraction do it instead.
2010-02-23s3 move the sitename cache in its own fileSimo Sorce1-3/+0
2010-02-23s3: Consolidate server_id_self into the equivalent procid_self()Volker Lendecke1-1/+0
2010-02-23s3-smb: Remove the obsolete signal type cast.Andreas Schneider1-4/+0
AC_SIGNAL_TYPE is already obsolete in autoconf. C89 requires signal handlers to return void, only K&R returned int.
2010-02-22s3: Add a talloc_move for the inbuf to cli_smb_recvVolker Lendecke1-2/+3
2010-02-20s3: Convert cli_qpathinfo_basic to use cli_trans()Volker Lendecke1-2/+2
2010-02-20s3: Add cli_smb()Volker Lendecke1-0/+7
This is a sync wrapper around cli_smb_send/cli_smb_recv. This is a hack to speed up converting libsmb/ away from cli_send_smb/cli_receive_smb. Some routines in libsmb/ are only called in one place in smbtorture for example, where making it async right now is not worth it. With cli_smb_send/cli_smb_recv in place, pushing the asynchronosity out one level is "just" boilerplate code that is easy to do should it become necessary.
2010-02-17Fix bug #7146 - Samba miss-parses authenticated RPC packets.Jeremy Allison1-0/+3
Parts of the Samba RPC client and server code misinterpret authenticated packets. DCE authenticated packets actually look like this : +--------------------------+ |header | | ... frag_len (packet len)| | ... auth_len | +--------------------------+ | | | Data payload | ... .... | | +--------------------------+ | | | auth_pad_len bytes | +--------------------------+ | | | Auth footer | | auth_pad_len value | +--------------------------+ | | | Auth payload | | (auth_len bytes long) | +--------------------------+ That's right. The pad bytes come *before* the footer specifying how many pad bytes there are. In order to read this you must seek to the end of the packet and subtract the auth_len (in the packet header) and the auth footer length (a known value). The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long as the pad alignment is on an 8 byte boundary (there are some special cases in the code for this). Tridge discovered there are some (DRS replication) cases where on 64-bit machines where the pad alignment is on a 16-byte boundary. This breaks the existing S3 hand-optimized rpc code. This patch removes all the special cases in client and server code, and allows the pad alignment for generated packets to be specified by changing a constant in include/local.h (this doesn't affect received packets, the new code always handles them correctly whatever pad alignment is used). This patch also works correctly with rpcclient using sign+seal from the 3.4.x and 3.3.x builds (testing with 3.0.x and 3.2.x to follow) so even as a server it should still work with older libsmbclient and winbindd code. Jeremy
2010-02-14s3-includes: enable TYPESAFE_QSORT() in s3Andrew Tridgell1-0/+1
2010-02-13s3: Remove unused comparison fn from "struct sorted_tree"Volker Lendecke1-1/+1
2010-02-13s3: Make adt_tree data definitions private to adt_tree.cVolker Lendecke1-16/+1
2010-02-13s3: SORTED_TREE -> struct sorted_treeVolker Lendecke1-6/+6
2010-02-13s3: TREE_NODE -> struct tree_nodeVolker Lendecke1-5/+5
2010-02-12s3:ctdb_conn: add ctdbd_conn_get_fd() to get the fd out of the ctdb connectionMichael Adam1-0/+2
Michael
2010-02-12s3: Add ctdb_conn_msg_ctx()Volker Lendecke1-0/+1
2010-02-12s3: Implement global locks in a g_lock tdbVolker Lendecke2-0/+57
This is the basis to implement global locks in ctdb without depending on a shared file system. The initial goal is to make ctdb persistent transactions deterministic without too many timeouts.
2010-02-11Remove lp_safe_widelinks() -> convert to just lp_widelinks. Suggestion from ↵Jeremy Allison1-1/+1
Volker. Create widelinks_warning(int snum) to cover the message needed in make_connection. Jeremy.
2010-02-11Introduce lp_safe_widelinks()Simo Sorce1-0/+1
This way we avoid any chance that a configuration reload may turn back on wide links when unix extensions are enabled.
2010-02-08s3:nmbd: change "nmbd:bind explicit broadcast" into "nmbd bind explicit ↵Stefan Metzmacher1-0/+1
broadcast" metze
2010-02-08s3:nmbd: also listen explicit on the subnet broadcast addressesStefan Metzmacher1-1/+4
And send replies always via the unicast address of the subnet. This behavior is off by default (as before) and can be enabled with "nmbd:bind explicit broadcast = yes". metze
2010-02-08s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches.Stefan Metzmacher1-0/+5
ldapsam_alias_memberships() does the same LDAP search twice, triggered via add_aliases() from create_local_nt_token(). This happens when no domain aliases are used. metze
2010-02-07s3: Make cli_get_fs_volume_info() use cli_trans()Volker Lendecke1-1/+2