summaryrefslogtreecommitdiff
path: root/source3/include
AgeCommit message (Collapse)AuthorFilesLines
2010-03-08Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail ↵Karolin Seeger1-2/+1
to respond to a read or write." This reverts commit a6ae7a552f851a399991262377cc0e062e40ac20. This fixes bug #7222 (All users have full rigths on all shares) (CVE-2010-0728). (cherry picked from commit 1c9494c76cc9686c61e0966f38528d3318f3176f)
2010-03-05Fix for bug #7189 - Open txt files with notepad on samba shares creates problem.Jeremy Allison4-11/+25
Ensure we don't use any of the create_options for Samba private use. Add a new parameter to the VFS_CREATE call (private_flags) which is only used internally. Renumber NTCREATEX_OPTIONS_PRIVATE_DENY_DOS and NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to match the S4 code). Rev. the VFS interface to version 28. Jeremy.
2010-03-05s3-rpcclient: fix rpcclient after spoolss_GetPrinterData{Ex} IDL change.Günther Deschner1-1/+2
Guenther
2010-03-03s3: build sddl.c in samba3Michael Adam1-0/+1
2010-03-01s3: Abstract access to sessionid.tdb, similar to conn_tdb.cVolker Lendecke1-0/+13
2010-03-01s3: Add connections_forall_read()Volker Lendecke1-0/+4
In a cluster, this makes a large difference: For r/w traverse, we have to do a fetch_locked on every record which for most users of connections_forall is just overkill.
2010-02-28s3: Remove unused count_all_current_connections()Volker Lendecke1-1/+0
2010-02-26s3: remove unused schannel_auth_struct.Günther Deschner1-6/+0
Guenther
2010-02-25Implement rename/move in SMB2 from Windows7.Jeremy Allison1-0/+1
Jeremy.
2010-02-24s3: Make connections_fetch_record() staticVolker Lendecke1-2/+0
2010-02-23s3:schannel streamline interfaceSimo Sorce2-11/+0
Make calling schannel much easier by removing the need to explicitly open the database. Let the abstraction do it instead.
2010-02-23s3 move the sitename cache in its own fileSimo Sorce1-3/+0
2010-02-23s3: Consolidate server_id_self into the equivalent procid_self()Volker Lendecke1-1/+0
2010-02-23s3-smb: Remove the obsolete signal type cast.Andreas Schneider1-4/+0
AC_SIGNAL_TYPE is already obsolete in autoconf. C89 requires signal handlers to return void, only K&R returned int.
2010-02-22s3: Add a talloc_move for the inbuf to cli_smb_recvVolker Lendecke1-2/+3
2010-02-20s3: Convert cli_qpathinfo_basic to use cli_trans()Volker Lendecke1-2/+2
2010-02-20s3: Add cli_smb()Volker Lendecke1-0/+7
This is a sync wrapper around cli_smb_send/cli_smb_recv. This is a hack to speed up converting libsmb/ away from cli_send_smb/cli_receive_smb. Some routines in libsmb/ are only called in one place in smbtorture for example, where making it async right now is not worth it. With cli_smb_send/cli_smb_recv in place, pushing the asynchronosity out one level is "just" boilerplate code that is easy to do should it become necessary.
2010-02-17Fix bug #7146 - Samba miss-parses authenticated RPC packets.Jeremy Allison1-0/+3
Parts of the Samba RPC client and server code misinterpret authenticated packets. DCE authenticated packets actually look like this : +--------------------------+ |header | | ... frag_len (packet len)| | ... auth_len | +--------------------------+ | | | Data payload | ... .... | | +--------------------------+ | | | auth_pad_len bytes | +--------------------------+ | | | Auth footer | | auth_pad_len value | +--------------------------+ | | | Auth payload | | (auth_len bytes long) | +--------------------------+ That's right. The pad bytes come *before* the footer specifying how many pad bytes there are. In order to read this you must seek to the end of the packet and subtract the auth_len (in the packet header) and the auth footer length (a known value). The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long as the pad alignment is on an 8 byte boundary (there are some special cases in the code for this). Tridge discovered there are some (DRS replication) cases where on 64-bit machines where the pad alignment is on a 16-byte boundary. This breaks the existing S3 hand-optimized rpc code. This patch removes all the special cases in client and server code, and allows the pad alignment for generated packets to be specified by changing a constant in include/local.h (this doesn't affect received packets, the new code always handles them correctly whatever pad alignment is used). This patch also works correctly with rpcclient using sign+seal from the 3.4.x and 3.3.x builds (testing with 3.0.x and 3.2.x to follow) so even as a server it should still work with older libsmbclient and winbindd code. Jeremy
2010-02-14s3-includes: enable TYPESAFE_QSORT() in s3Andrew Tridgell1-0/+1
2010-02-13s3: Remove unused comparison fn from "struct sorted_tree"Volker Lendecke1-1/+1
2010-02-13s3: Make adt_tree data definitions private to adt_tree.cVolker Lendecke1-16/+1
2010-02-13s3: SORTED_TREE -> struct sorted_treeVolker Lendecke1-6/+6
2010-02-13s3: TREE_NODE -> struct tree_nodeVolker Lendecke1-5/+5
2010-02-12s3:ctdb_conn: add ctdbd_conn_get_fd() to get the fd out of the ctdb connectionMichael Adam1-0/+2
Michael
2010-02-12s3: Add ctdb_conn_msg_ctx()Volker Lendecke1-0/+1
2010-02-12s3: Implement global locks in a g_lock tdbVolker Lendecke2-0/+57
This is the basis to implement global locks in ctdb without depending on a shared file system. The initial goal is to make ctdb persistent transactions deterministic without too many timeouts.
2010-02-11Remove lp_safe_widelinks() -> convert to just lp_widelinks. Suggestion from ↵Jeremy Allison1-1/+1
Volker. Create widelinks_warning(int snum) to cover the message needed in make_connection. Jeremy.
2010-02-11Introduce lp_safe_widelinks()Simo Sorce1-0/+1
This way we avoid any chance that a configuration reload may turn back on wide links when unix extensions are enabled.
2010-02-08s3:nmbd: change "nmbd:bind explicit broadcast" into "nmbd bind explicit ↵Stefan Metzmacher1-0/+1
broadcast" metze
2010-02-08s3:nmbd: also listen explicit on the subnet broadcast addressesStefan Metzmacher1-1/+4
And send replies always via the unicast address of the subnet. This behavior is off by default (as before) and can be enabled with "nmbd:bind explicit broadcast = yes". metze
2010-02-08s3:pdb_ldap: optimize ldapsam_alias_memberships() and cache ldap searches.Stefan Metzmacher1-0/+5
ldapsam_alias_memberships() does the same LDAP search twice, triggered via add_aliases() from create_local_nt_token(). This happens when no domain aliases are used. metze
2010-02-07s3: Make cli_get_fs_volume_info() use cli_trans()Volker Lendecke1-1/+2
2010-02-07s3: Remove some unused codeVolker Lendecke1-1/+0
2010-02-05s3: Make guest_user_info() staticVolker Lendecke1-1/+0
2010-02-02Change uint_t to unsigned int in source3Matt Kraai1-4/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-30Fix bug #7079 - cliconnect gets realm wrong with trusted domains.Jeremy Allison1-0/+2
Passing NULL as dest_realm for cli_session_setup_spnego() was always using our own realm (as for a NetBIOS name). Change this to look for the mapped realm using krb5_get_host_realm() if the destination machine name is a DNS name (contains a '.'). Could get fancier with DNS name detection (length, etc.) but this will do for now. Jeremy.
2010-01-26Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to ↵Jeremy Allison1-1/+2
respond to a read or write. Only works on Linux kernels 2.6.26 and above. Grants CAP_KILL capability to allow Linux threads under different euids to send signals to each other. Jeremy.
2010-01-24s3-libsmbclient: Add smbc_setOptionUseCCache()Volker Lendecke1-0/+11
Can we enable this by default? This would be a change in behaviour, but this feature is just too cool for everyone to catch up in the apps. The patch would be
2010-01-24s3: Add CLI_FULL_CONNECTION_USE_CCACHEVolker Lendecke1-0/+1
2010-01-24s3: Add -C (--use-ccache) to popt_common_credentialsVolker Lendecke2-0/+4
2010-01-24s3: Add ccache use to cli_session_setup_ntlmsspVolker Lendecke1-0/+1
2010-01-24s3: Add NTLMSSP_FEATURE_CCACHEVolker Lendecke1-0/+2
Uses the winbind ccache to do authentication if asked to do so
2010-01-23s3: Remove string_sid_tallocVolker Lendecke1-1/+0
All but one call were pointless, so I think this API should go
2010-01-21s3: Make "init_smb_request" static to process.cVolker Lendecke1-4/+0
2010-01-21s3: Move "yesno" to the only place where it is used: client.cVolker Lendecke1-1/+0
2010-01-14s3:smbldap: add smbldap_talloc_first_attribute()Stefan Metzmacher1-0/+3
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit c992127f8a96c37940a6d298c7c6859c47f83d9b)
2010-01-12Fix bug #6876 - Delete of an object whose parent folder does not have delete ↵Jeremy Allison1-0/+1
rights fails even if the delete right is set on the object. Final fix for the vfs_acl_xattr and vfs_acl_tdb code. Ensure we can delete a file even if the underlying POSIX permissions don't allow it, if the Windows permissions do. Jeremy.
2010-01-10s3: Remove unused samr_make_sam_obj_sdVolker Lendecke1-1/+0
2010-01-10s3: Remove the typedef for "auth_serversupplied_info"Volker Lendecke2-10/+12
2010-01-10s3: Remove the typedef for "auth_usersupplied_info"Volker Lendecke2-11/+11