Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 73b7a25ba8a2f7471c07a912da8b6968b41b4f1d)
|
|
Add proper debug to all possible setfilepathinfo
functions.
Jeremy.
(This used to be commit 3c47a5ef258d536504759a02f6d84c0ab0af7224)
|
|
We're not yet deleting open files on unlink. Investigating...
Jeremy.
(This used to be commit 334b34f131578c2a889caa90aa2425f41883cafd)
|
|
Jeremy.
(This used to be commit 6a0f6fde0a19bfb4af4c7fa6f29d7015e884d86e)
|
|
Jeremy.
(This used to be commit 6457d66b9a04c421fc43e131c825c7555c16a1ea)
|
|
Patch from Zack Kirsch <zack.kirsch@isilon.com>.
Jeremy.
(This used to be commit df07a662e32367a52c1e8473475423db2ff5bc51)
|
|
Jeremy.
(This used to be commit 4a04555e23b5fa53fbeb5b65a7c83cff1b0f9640)
|
|
(This used to be commit 5ef0286b56b368abd4da2cbe3d826a3438f3acc3)
|
|
removed).
Jeremy.
(This used to be commit 645b0438dde0dad26e950b3184cc412d3d87560a)
|
|
to allow client to fragment large SPNEGO blobs (large krb5
tickets). Tested against W2K3R2. Should fix bug #4400.
Jeremy.
(This used to be commit b81c5c6adce51cec06df0e993534064b20666a8e)
|
|
fragmented into "max xmit" size security blob
chunks. Bug #4400. Needs limits adding, and also
a client-side version.
Jeremy.
(This used to be commit aa69f2481aafee5dccc3783b8a6e23ca4eb0dbfa)
|
|
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
(This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
|
|
string
server_len is usually 256 (fstring).
Correctly terminate saving the lenght
(This used to be commit e7e44554bf7c61020e2c5c652e3f8f37a296d3aa)
|
|
Move more error code returns to NTSTATUS.
Client test code to follow... See if this
passes the build-farm before I add it into
3.0.25.
Jeremy.
(This used to be commit 83dbbdff345fa9e427c9579183f4380004bf3dd7)
|
|
\\server\share\path
DFS referrals. This doesn't appear to break anything in the non-DFS case,
but I don't have an environment to test DFS referrals. Need confirmation
from OP that this solves the problem.
(This used to be commit e479a9c094fa42354aad7aa76a712bf67d3d4d45)
|
|
- Should fix bug 4115 (but needs confirmation from OP). If the kerberos use
flag is set in the context, then also pass it to smbc_attr_server for use by
cli_full_connection()
- Should fix bug 4309 (but needs confirmation from OP). We no longer send a
keepalive packet unconditionally. Instead, we assume (yes, possibly
incorrectly, but it's the best guess we can make) that if the connection is
on port 139, it's netbios and otherwise, it isn't. If netbios is in use, we
send a keepalive packet. Otherwise, we check that the connection is alive
using getpeername().
(This used to be commit 2f9be59c10ef991a51cc858ab594187b5ca61382)
|
|
crashed. So
it needs the specific error message.
Make messages.c return NTSTATUS and specificially NT_STATUS_INVALID_HANDLE if
sending to a non-existent process.
Volker
(This used to be commit 3f620d181da0c356c8ffbdb5b380ccab3645a972)
|
|
Guenther
(This used to be commit ea38e1f8362d75e7ac058a7c4aa06f1ca92ec108)
|
|
as this is causing the WRONG_PASSWORD error in the SetUserInfo()
call during net ads join).
We are now back to always list RC4-HMAC first if supported by
the krb5 libraries.
(This used to be commit 4fb57bce87588ac4898588ea4988eadff3a7f435)
|
|
works - even with the strange "initial delete on close"
semantics. The "initial delete on close" flag isn't
committed to the share mode db until the handle is
closed, and is discarded if any real "delete on close"
was set. This allows me to remove the "initial_delete_on_close"
flag from the share db, and move it into a BOOL in files_struct.
Warning ! You must do a make clean after this. Cope with
the wrinkle in directory delete on close which is done
differently from files. We now pass all Samba4 smbtortute
BASE-DELETE tests except for the one checking that files
can't be created in a directory which has the delete on
close set (possibly expensive to fix).
Jeremy.
(This used to be commit f2df77a1497958c1ea791f1d2f4446b5fc3389b3)
|
|
the stored client sitename with the sitename from each sucessfull CLDAP
connection.
Guenther
(This used to be commit 6a13e878b5d299cb3b3d7cb33ee0d51089d9228d)
|
|
for a PDC.
Guenther
(This used to be commit 0944c7861004bee2a9d0ac787f022f5bf1d181ac)
|
|
site support in a network where many DC's are down.
I heard via Volker there is still a bug w.r.t the
wrong site being chosen with trusted domains but
we'll have to layer that fix on top of this.
Gd - complain if this doesn't work for you.
Jeremy.
(This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3)
|
|
Instead,
add [ref] pointers where necessary (top-level [ref] pointers,
by spec, don't appear on the wire).
This brings us closer to the DCE/RPC standard again.
(This used to be commit 580f2a7197b1bc9db14a643fdd112b40ef37aaef)
|
|
Jeremy.
(This used to be commit 89b7a0630de0bd95a56263b36d433b4e73517a70)
|
|
The problem occurs like this:
1) running smbd as a domain member without winbindd
2) client1 connects, during auth smbd-1 calls update_trustdom_cache()
3) smbd-1 takes the trustdom cache timestamp lock, then starts
enumerate_domain_trusts
4) enumerate_domain_trusts hangs for some unknown reason
5) other clients connect, all block waiting for read lock on trustdom
cache
6) samba is now hung
The problem is the lock, and really its just trying to avoid a race
where the cure is worse than the problem. A race in updating the
trutdom cache is not a big issue. So I've just removed the lock.
It is still an open question why enumerate_domain_trusts() can
hang. Unfortunately I've not in a position to get a sniff at the site
that is affected. I suspect a full fix will involve ensuring that all
the rpc code paths have appropriate timeouts.
(This used to be commit ab8d41053347a5b342ed5b59a0b0dd4983ca91e6)
|
|
(This used to be commit 44f9d25a9026df29fcaae8723ef52b1d3101628b)
|
|
(This used to be commit e4dea0e64747912da899e846b944c24804772259)
|
|
As discussed with jerry at the CIFS conf: overriding the
administrator's wishes from the krb5.conf has only every given me
segfaults. We suggest leaving this up to the defaults from the
libraries anyway.
Andrew Bartlett
(This used to be commit 0b72c04906b1c25e80b217a8f34fd3a8e756b9ca)
|
|
NULL dereference
(This used to be commit f9edfffeb5aa1fe0700c17cd1c8141c906080188)
|
|
only do it for our primary domain.
Jeremy.
(This used to be commit 61d31ce0089fe906d052c971321ce99fede0e240)
|
|
more no previous prototype warnings
(This used to be commit 41be182f78762372ae13759ede5d2bd40a71d7f5)
|
|
(This used to be commit ac3eb7813e33b9a2e78c9158433f7ed62c3b62bb)
|
|
(This used to be commit f53983079bc285ad8ced8fc4dd40df66fad13718)
|
|
match Windows NTLMSSP flags.
Jeremy.
(This used to be commit 786318f84bef76c6acffa1ddf7cdba947509fbac)
|
|
(This used to be commit bc4e0a388a2859d2ddcfb8f07920f3b121a37894)
|
|
string the clis_state struct. So call saf_store() after we
have the short domain name in the lsa_query_inof_policy code.
* Remove unused server string in saf_delete()
(This used to be commit 3eddae2f2080f8dafec883cb9ffa2e578c242607)
|
|
Jeremy.
(This used to be commit 78c1c43523d787825bdb6d52e128bf0af5eccaae)
|
|
in the affinity cache (which happens all the time here).
Guenther
(This used to be commit 45d6d300767d5b99aff332bdfb0a8f464fd103e0)
|
|
Directory:
When having DC-less sites, AD assigns DCs from other sites to that site
that does not have it's own DC. The most reliable way for us to identify
the nearest DC - in that and all other cases - is the closest_dc flag in
the CLDAP reply.
Guenther
(This used to be commit ff004f7284cb047e738ba3d3ad6602e8aa84e883)
|
|
Jeremy.
(This used to be commit 3b5ab8ab8296339ad0e62d8564d706b5a446dcf3)
|
|
(This used to be commit 3a1be1626c1e285da70a8fd688a494eb633eee2f)
|
|
Guenther
(This used to be commit b076c39b6ac87a078feae30a4384c881c46e81ac)
|
|
metze
(This used to be commit a813c7595541e31dfa77915d80235de4402bfeca)
|
|
opened.
Guenther
(This used to be commit 49e9e1a3e7f6ac1a9cf584c88f3c640ca9d15554)
|
|
metze
(This used to be commit 785ab128c4d630819f141ede8bcf5fc0c705aebb)
|
|
x, so we can't get at them even if we wanted to.
Kerberos experts, please take a look to make sure I've done the
right thing!
(This used to be commit 9b8e179fcc1fb877e8601bfd242ee1fd615b554c)
|
|
The protocol negotiation string "LANMAN2.1" was not listed in the set of
negotiatiable possibilities, so non-optimal negotiation was taking place.
(This used to be commit a0dfa60fc5146ea6af0b88d91e030a4ec3d7f01e)
|
|
- "The problem is, with a fresh system, we don't know our sitename,
therefor we do a stupid DNS query for all DCs. The reply we get is a
round-robin list of all 21 DCs, we just pick the first, contact that
and safe that INET.COM#1C query in the name cache for later use...
What we need to do if we don't yet know our sitename, is to contact to
any DC, get the CLDAP reply to tell us in which site we are, then flush
the namecache and requery DNS including the sitename"
Implement the flushing of the #1C entries for a given NetBIOS name/realm
when looking up the site value.
Jeremy.
(This used to be commit b2d1e44f59d32c91b1d48eacd1a158ba7b65762d)
|
|
Guenther
(This used to be commit 4b9d79147ae81fb701abf02dc046076f606443b6)
|