| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
fragmented into "max xmit" size security blob
chunks. Bug #4400. Needs limits adding, and also
a client-side version.
Jeremy.
(This used to be commit aa69f2481aafee5dccc3783b8a6e23ca4eb0dbfa)
|
|
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
(This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
|
|
string
server_len is usually 256 (fstring).
Correctly terminate saving the lenght
(This used to be commit e7e44554bf7c61020e2c5c652e3f8f37a296d3aa)
|
|
Move more error code returns to NTSTATUS.
Client test code to follow... See if this
passes the build-farm before I add it into
3.0.25.
Jeremy.
(This used to be commit 83dbbdff345fa9e427c9579183f4380004bf3dd7)
|
|
\\server\share\path
DFS referrals. This doesn't appear to break anything in the non-DFS case,
but I don't have an environment to test DFS referrals. Need confirmation
from OP that this solves the problem.
(This used to be commit e479a9c094fa42354aad7aa76a712bf67d3d4d45)
|
|
- Should fix bug 4115 (but needs confirmation from OP). If the kerberos use
flag is set in the context, then also pass it to smbc_attr_server for use by
cli_full_connection()
- Should fix bug 4309 (but needs confirmation from OP). We no longer send a
keepalive packet unconditionally. Instead, we assume (yes, possibly
incorrectly, but it's the best guess we can make) that if the connection is
on port 139, it's netbios and otherwise, it isn't. If netbios is in use, we
send a keepalive packet. Otherwise, we check that the connection is alive
using getpeername().
(This used to be commit 2f9be59c10ef991a51cc858ab594187b5ca61382)
|
|
crashed. So
it needs the specific error message.
Make messages.c return NTSTATUS and specificially NT_STATUS_INVALID_HANDLE if
sending to a non-existent process.
Volker
(This used to be commit 3f620d181da0c356c8ffbdb5b380ccab3645a972)
|
|
Guenther
(This used to be commit ea38e1f8362d75e7ac058a7c4aa06f1ca92ec108)
|
|
as this is causing the WRONG_PASSWORD error in the SetUserInfo()
call during net ads join).
We are now back to always list RC4-HMAC first if supported by
the krb5 libraries.
(This used to be commit 4fb57bce87588ac4898588ea4988eadff3a7f435)
|
|
works - even with the strange "initial delete on close"
semantics. The "initial delete on close" flag isn't
committed to the share mode db until the handle is
closed, and is discarded if any real "delete on close"
was set. This allows me to remove the "initial_delete_on_close"
flag from the share db, and move it into a BOOL in files_struct.
Warning ! You must do a make clean after this. Cope with
the wrinkle in directory delete on close which is done
differently from files. We now pass all Samba4 smbtortute
BASE-DELETE tests except for the one checking that files
can't be created in a directory which has the delete on
close set (possibly expensive to fix).
Jeremy.
(This used to be commit f2df77a1497958c1ea791f1d2f4446b5fc3389b3)
|
|
the stored client sitename with the sitename from each sucessfull CLDAP
connection.
Guenther
(This used to be commit 6a13e878b5d299cb3b3d7cb33ee0d51089d9228d)
|
|
for a PDC.
Guenther
(This used to be commit 0944c7861004bee2a9d0ac787f022f5bf1d181ac)
|
|
site support in a network where many DC's are down.
I heard via Volker there is still a bug w.r.t the
wrong site being chosen with trusted domains but
we'll have to layer that fix on top of this.
Gd - complain if this doesn't work for you.
Jeremy.
(This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3)
|
|
Instead,
add [ref] pointers where necessary (top-level [ref] pointers,
by spec, don't appear on the wire).
This brings us closer to the DCE/RPC standard again.
(This used to be commit 580f2a7197b1bc9db14a643fdd112b40ef37aaef)
|
|
Jeremy.
(This used to be commit 89b7a0630de0bd95a56263b36d433b4e73517a70)
|
|
The problem occurs like this:
1) running smbd as a domain member without winbindd
2) client1 connects, during auth smbd-1 calls update_trustdom_cache()
3) smbd-1 takes the trustdom cache timestamp lock, then starts
enumerate_domain_trusts
4) enumerate_domain_trusts hangs for some unknown reason
5) other clients connect, all block waiting for read lock on trustdom
cache
6) samba is now hung
The problem is the lock, and really its just trying to avoid a race
where the cure is worse than the problem. A race in updating the
trutdom cache is not a big issue. So I've just removed the lock.
It is still an open question why enumerate_domain_trusts() can
hang. Unfortunately I've not in a position to get a sniff at the site
that is affected. I suspect a full fix will involve ensuring that all
the rpc code paths have appropriate timeouts.
(This used to be commit ab8d41053347a5b342ed5b59a0b0dd4983ca91e6)
|
|
(This used to be commit 44f9d25a9026df29fcaae8723ef52b1d3101628b)
|
|
(This used to be commit e4dea0e64747912da899e846b944c24804772259)
|
|
As discussed with jerry at the CIFS conf: overriding the
administrator's wishes from the krb5.conf has only every given me
segfaults. We suggest leaving this up to the defaults from the
libraries anyway.
Andrew Bartlett
(This used to be commit 0b72c04906b1c25e80b217a8f34fd3a8e756b9ca)
|
|
NULL dereference
(This used to be commit f9edfffeb5aa1fe0700c17cd1c8141c906080188)
|
|
only do it for our primary domain.
Jeremy.
(This used to be commit 61d31ce0089fe906d052c971321ce99fede0e240)
|
|
more no previous prototype warnings
(This used to be commit 41be182f78762372ae13759ede5d2bd40a71d7f5)
|
|
(This used to be commit ac3eb7813e33b9a2e78c9158433f7ed62c3b62bb)
|
|
(This used to be commit f53983079bc285ad8ced8fc4dd40df66fad13718)
|
|
match Windows NTLMSSP flags.
Jeremy.
(This used to be commit 786318f84bef76c6acffa1ddf7cdba947509fbac)
|
|
(This used to be commit bc4e0a388a2859d2ddcfb8f07920f3b121a37894)
|
|
string the clis_state struct. So call saf_store() after we
have the short domain name in the lsa_query_inof_policy code.
* Remove unused server string in saf_delete()
(This used to be commit 3eddae2f2080f8dafec883cb9ffa2e578c242607)
|
|
Jeremy.
(This used to be commit 78c1c43523d787825bdb6d52e128bf0af5eccaae)
|
|
in the affinity cache (which happens all the time here).
Guenther
(This used to be commit 45d6d300767d5b99aff332bdfb0a8f464fd103e0)
|
|
Directory:
When having DC-less sites, AD assigns DCs from other sites to that site
that does not have it's own DC. The most reliable way for us to identify
the nearest DC - in that and all other cases - is the closest_dc flag in
the CLDAP reply.
Guenther
(This used to be commit ff004f7284cb047e738ba3d3ad6602e8aa84e883)
|
|
Jeremy.
(This used to be commit 3b5ab8ab8296339ad0e62d8564d706b5a446dcf3)
|
|
(This used to be commit 3a1be1626c1e285da70a8fd688a494eb633eee2f)
|
|
Guenther
(This used to be commit b076c39b6ac87a078feae30a4384c881c46e81ac)
|
|
metze
(This used to be commit a813c7595541e31dfa77915d80235de4402bfeca)
|
|
opened.
Guenther
(This used to be commit 49e9e1a3e7f6ac1a9cf584c88f3c640ca9d15554)
|
|
metze
(This used to be commit 785ab128c4d630819f141ede8bcf5fc0c705aebb)
|
|
x, so we can't get at them even if we wanted to.
Kerberos experts, please take a look to make sure I've done the
right thing!
(This used to be commit 9b8e179fcc1fb877e8601bfd242ee1fd615b554c)
|
|
The protocol negotiation string "LANMAN2.1" was not listed in the set of
negotiatiable possibilities, so non-optimal negotiation was taking place.
(This used to be commit a0dfa60fc5146ea6af0b88d91e030a4ec3d7f01e)
|
|
- "The problem is, with a fresh system, we don't know our sitename,
therefor we do a stupid DNS query for all DCs. The reply we get is a
round-robin list of all 21 DCs, we just pick the first, contact that
and safe that INET.COM#1C query in the name cache for later use...
What we need to do if we don't yet know our sitename, is to contact to
any DC, get the CLDAP reply to tell us in which site we are, then flush
the namecache and requery DNS including the sitename"
Implement the flushing of the #1C entries for a given NetBIOS name/realm
when looking up the site value.
Jeremy.
(This used to be commit b2d1e44f59d32c91b1d48eacd1a158ba7b65762d)
|
|
Guenther
(This used to be commit 4b9d79147ae81fb701abf02dc046076f606443b6)
|
|
metze
(This used to be commit d91041d4b6973fd9779d355cd6f9634e207b7653)
|
|
browser for its
workgroup, decided periodically to stop sending recognized responses to a
NetServerEnum2 request for the workgroup. Instead of returning the list of
servers (only itself; nothing else in the workgroup), it returns a status code
of 8 which is unsupported by samba3, samba4, and ethereal.
The code for this request assumed that if an unexpected status code was
received, the connection had a problem, i.e. that cli_errno() would show a
problem. That turns out not to be the case.
This patch changes the behavior so tha any time a response is received and
cli_errno() == 0, we continue processing the reply and base our response on
the returned count (zero). The pre-existing code then converts this count=0
into an ENOENT errno which can be properly handled by the application (whereas
an error return with errno=0 can't be).
This packet dump has only 2 frames. Sorry about the text version but it's
most easily attached to this log message. I also have it saved as .pcap if
anyone wants it.
Derrell
No. Time Source Destination Protocol Info
1 14:31:59.802668 192.168.1.106 192.168.1.100 LANMAN NetServerEnum2 Request, Server, SQL Server, Domain Controller, Backup Controller, Time Source, Apple Server, Novell Server, Domain Member Server, Print Queue Server, Dialin Server, Xenix Server, NT Workstation, Windows for Workgroups, Unknown server type:14, NT Server
Frame 1 (196 bytes on wire, 196 bytes captured)
Arrival Time: Oct 10, 2006 14:31:59.802668000
Time delta from previous packet: 0.000000000 seconds
Time since reference or first frame: 0.000000000 seconds
Frame Number: 1
Packet Length: 196 bytes
Capture Length: 196 bytes
Protocols in frame: eth:ip:tcp:nbss:smb
Ethernet II, Src: IntelCor_4a:47:bb (00:13:20:4a:47:bb), Dst: Micro-St_74:16:e7 (00:0c:76:74:16:e7)
Destination: Micro-St_74:16:e7 (00:0c:76:74:16:e7)
Source: IntelCor_4a:47:bb (00:13:20:4a:47:bb)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.106 (192.168.1.106), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 182
Identification: 0xb838 (47160)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xfdea [correct]
Good: True
Bad : False
Source: 192.168.1.106 (192.168.1.106)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: 44932 (44932), Dst Port: netbios-ssn (139), Seq: 851982066, Ack: 1274726157, Len: 130
Source port: 44932 (44932)
Destination port: netbios-ssn (139)
Sequence number: 851982066
Next sequence number: 851982196
Acknowledgement number: 1274726157
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 6432
Checksum: 0xb4e0 [correct]
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 1184074739, tsecr 11576161
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 126
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 2
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x08
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc801
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 12967
User ID: 2048
Multiplex ID: 6
Trans Request (0x25)
Word Count (WCT): 14
Total Parameter Count: 36
Total Data Count: 0
Max Parameter Count: 8
Max Data Count: 65535
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 36
Parameter Offset: 90
Data Count: 0
Data Offset: 126
Setup Count: 0
Reserved: 00
Byte Count (BCC): 63
Transaction Name: \PIPE\LANMAN
SMB Pipe Protocol
Microsoft Windows Lanman Remote API Protocol
Function Code: NetServerEnum2 (104)
Parameter Descriptor: WrLehDz
Return Descriptor: B16BBDz
Detail Level: 1
Receive Buffer Length: 65535
Server Type: 0x0000fffe
.... .... .... .... .... .... .... ...0 = Workstation: This is NOT a Workstation
.... .... .... .... .... .... .... ..1. = Server: This is a Server
.... .... .... .... .... .... .... .1.. = SQL: This is an SQL server
.... .... .... .... .... .... .... 1... = Domain Controller: This is a Domain Controller
.... .... .... .... .... .... ...1 .... = Backup Controller: This is a Backup Controller
.... .... .... .... .... .... ..1. .... = Time Source: This is a Time Source
.... .... .... .... .... .... .1.. .... = Apple: This is an Apple host
.... .... .... .... .... .... 1... .... = Novell: This is a Novell server
.... .... .... .... .... ...1 .... .... = Member: This is a Domain Member server
.... .... .... .... .... ..1. .... .... = Print: This is a Print Queue server
.... .... .... .... .... .1.. .... .... = Dialin: This is a Dialin server
.... .... .... .... .... 1... .... .... = Xenix: This is a Xenix server
.... .... .... .... ...1 .... .... .... = NT Workstation: This is an NT Workstation
.... .... .... .... ..1. .... .... .... = WfW: This is a WfW host
.... .... .... .... 1... .... .... .... = NT Server: This is an NT Server
.... .... .... ...0 .... .... .... .... = Potential Browser: This is NOT a Potential Browser
.... .... .... ..0. .... .... .... .... = Backup Browser: This is NOT a Backup Browser
.... .... .... .0.. .... .... .... .... = Master Browser: This is NOT a Master Browser
.... .... .... 0... .... .... .... .... = Domain Master Browser: This is NOT a Domain Master Browser
.... .... ...0 .... .... .... .... .... = OSF: This is NOT an OSF host
.... .... ..0. .... .... .... .... .... = VMS: This is NOT a VMS host
.... .... .0.. .... .... .... .... .... = Windows 95+: This is NOT a Windows 95 or above host
.0.. .... .... .... .... .... .... .... = Local: This is NOT a local list only request
0... .... .... .... .... .... .... .... = Domain Enum: This is NOT a Domain Enum request
Enumeration Domain: WORKGROUP
No. Time Source Destination Protocol Info
2 14:31:59.803918 192.168.1.100 192.168.1.106 LANMAN NetServerEnum2 Response
Frame 2 (134 bytes on wire, 134 bytes captured)
Arrival Time: Oct 10, 2006 14:31:59.803918000
Time delta from previous packet: 0.001250000 seconds
Time since reference or first frame: 0.001250000 seconds
Frame Number: 2
Packet Length: 134 bytes
Capture Length: 134 bytes
Protocols in frame: eth:ip:tcp:nbss:smb
Ethernet II, Src: Micro-St_74:16:e7 (00:0c:76:74:16:e7), Dst: IntelCor_4a:47:bb (00:13:20:4a:47:bb)
Destination: IntelCor_4a:47:bb (00:13:20:4a:47:bb)
Source: Micro-St_74:16:e7 (00:0c:76:74:16:e7)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.106 (192.168.1.106)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 120
Identification: 0xea10 (59920)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x8c50 [correct]
Good: True
Bad : False
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.106 (192.168.1.106)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 44932 (44932), Seq: 1274726157, Ack: 851982196, Len: 68
Source port: netbios-ssn (139)
Destination port: 44932 (44932)
Sequence number: 1274726157
Next sequence number: 1274726225
Acknowledgement number: 851982196
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64606
Checksum: 0x1e0d [correct]
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 11576161, tsecr 1184074739
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 64
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 1
Time from request: 0.001250000 seconds
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x88
1... .... = Request/Response: Message is a response to the client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc801
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 12967
User ID: 2048
Multiplex ID: 6
Trans Response (0x25)
Word Count (WCT): 10
Total Parameter Count: 8
Total Data Count: 0
Reserved: 0000
Parameter Count: 8
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 0
Data Offset: 64
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 9
Padding: 00
SMB Pipe Protocol
Microsoft Windows Lanman Remote API Protocol
Function Code: NetServerEnum2 (104)
Status: Unknown (8)
Convert: 0
Entry Count: 0
Available Entries: 0
(This used to be commit 88fa5ac7347cbae92abe17da8d3af00e85110c43)
|
|
Implement 'net rap server name'.
Volker
(This used to be commit 919385ed2a2a07e848bc0baaac9ed3d1964d4386)
|
|
Guenther
(This used to be commit 78b0124a6e7051da2df3157f02593f06f7f31a1b)
|
|
with
asn1_pop_tag.
Volker
(This used to be commit d18e9f1da9a22aa16860aa2a91e7c788d28d3314)
|
|
KRB5 in
SPNEGO, as long as we don't make use of it without krb libs. Makes the code a
bit simpler.
Volker
(This used to be commit 23549e6c082e92e45ced4eee215bcc0094b2a88b)
|
|
Volker
(This used to be commit b601fc42cb289366b7c522f41aa4c66920006890)
|
|
patch some
weeks ago.
We have some work before us, when in AD mode Vista sends
"not_defined_in_RFC4178@please_ignore" as the principal.....
Volker
(This used to be commit af85d8ec02b36b765ceadf0a342c7eda2410034b)
|
|
(This used to be commit 1c18ebe67500a59d4bf08c7e2e2c2af416bfa084)
|
|
Guenther
(This used to be commit 1308a842716bc3bd1a9853b9b206dc7308a8c1dd)
|
