Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
This bug has been found with uid wrapper.
|
|
process every once in a while.
Don't just use the first entry in back_channels as a talloc context
to allocate a long-lived chan entry on - must be NULL. It's already
correctly deleted when the last reference goes away.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 26 02:42:35 CEST 2011 on sn-devel-104
|
|
once in a while.
Remove the copy of the binding handle from struct notify_back_channel, use
the direct pointer in struct rpc_pipe_client instead. Ensure we can't call
the functions with a NULL binding handle.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Oct 24 22:56:40 CEST 2011 on sn-devel-104
|
|
Change some misleading variable names to reflect the actual function.
Add missing field name/types previously marked as unkown.
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
|
|
We always dereferenced auth_ntlmssp_state->gensec_security, so now we
do not bother passing around the whole auth_ntlmssp_state.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
We now just call the gensec_want_feature() directly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
auth_ntlmssp_negotiated_seal()
We now just call the gensec_have_feature() directly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
We now just call gensec_update directly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Instead, call gensec_session_info() directly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This brings in the code from both libcli/auth and
source4/auth/ntlmssp.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will allow us to pass this down to the tdb_wrap layer.
Andrew Bartlett
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Oct 12 19:28:12 CEST 2011 on sn-devel-104
|
|
Avoid direct use of the db_record and db_context structs.
|
|
Not a security issue as we also check inside _samr_CreateUser2.
Thanks to Andreas Schneider <asn@samba.org> for finding and testing this.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 7 21:51:27 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Sep 26 19:56:04 CEST 2011 on sn-devel-104
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Sep 26 16:33:30 CEST 2011 on sn-devel-104
|
|
|
|
|
|
We force using a MEMORY ccache though in the wkssvc server.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Sep 21 19:13:33 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Sep 15 19:23:43 CEST 2011 on sn-devel-104
|
|
We should return the same in all places.
metze
|
|
struct lsa_TrustDomainInfoAuthInfo and struct
trustAuthInOutBlob can store the same information for different usage. The added
routines can convert one struct into the other.
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Sep 12 15:52:17 CEST 2011 on sn-devel-104
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Sep 3 02:58:42 CEST 2011 on sn-devel-104
|
|
We need to raise an exception so we need to set the rng_fault_state for
epm_Insert and epm_Delete if someone connects over a transport other
than NCALRPC.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Sep 1 15:59:50 CEST 2011 on sn-devel-104
|
|
The configuration should only use the default pipe name to configure all
of them correctly.
|
|
We need more testing in the real world. We need to be sure that if a
Windows client can access port 135 it doesn't require that a service is
available via ncacn_ip_tcp. If possible please enable it using the
following smb.conf options for testing:
rpc_daemon:epmd = fork
rpc_server:epmapper = external
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Aug 31 16:29:20 CEST 2011 on sn-devel-104
|
|
The following LSA calls are added:
- _lsa_SetInformationTrustedDomain()
- _lsa_SetTrustedDomainInfo()
-_lsa_SetTrustedDomainInfoByName()
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
We always have a valid session info and if it is a anonymous connection
we have a session info of the guest user. This means we should always
call become_authenticated_pipe_user() else and anonymous user could do
things as root.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Aug 30 20:50:54 CEST 2011 on sn-devel-104
|
|
(copy and paste from eventlog?)
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Mon Aug 29 15:30:33 CEST 2011 on sn-devel-104
|
|
The create_pipe_sock() function should only create the socket as the
name states and not start to listen on it too. We should start to listen
on in the individual places as we need different backlog values.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Aug 29 13:21:43 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Aug 24 00:34:04 CEST 2011 on sn-devel-104
|
|
lsasd.c uses basename(3), which according to susv3
requires libgen.h and without which the FreeBSD build breaks.
|
|
When deleting a user send a message to all interested parties so they can
purge their caches. Otherwise some processes may positively respond with a
cached getpwnam, when the user have actully been removed.
Without this some tests that remove and then immediately create users are
flakey.
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
If we *really* are a bout to exit (PF_WORKER_EXITING) then the event will not
be called as the loop will exit. Otherwise PF_SRV_MSG_EXIT may not be honoured
for a long time if we have cients connected, therefore keep handling SIGHUP
properly in those cases.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
We can't have a clear idea of wether the worker is IDLE or BUSY.
The only things we can tell is if it is Alive, whether it is currently
Accepting connections or wether it is Exiting soon.
Remove PF_WORKER_IDLE, PF_WORKER_BUSY and replace their use with
PF_WORKER_ALIVE. Also properly assign PF_WORKER_ACCEPTING so that
users of the API can rely on the flag.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
We used a lock mimicking what apache does for preforked children.
But it doesn't work properly in our case because we do not stop once a request
has been served. Clients are allowed to perform multiple requests and keep the
connection open.
This means that if we allow multiple clients per children, then a child could
take the lock and then be asked to do a long or even locking operation by a
client it already is serving. This woulkd cause the whole server to deadlock,
as the child is now busy and also holding on the lock.
Using a race on accept() by having a tevent_fd on the listening socket wait
for read events we never deadlock. At most we cause a bit of contention among
children. But in the generic case connections are much less frequent for us as
clients tend to be long lived. So the little contention we may have is not a
big deal.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
|