Age | Commit message (Collapse) | Author | Files | Lines |
|
case
anymore, we don't have to truncate the length to 255 anymore.
The test I did for this: I sent 50 times the NTLMSSP oid. With truncating
Vista said Access Denied, without truncating it liked the response.
Volker
(This used to be commit f1512cb43c69338d4f2cb806486c4f5db51cf695)
|
|
in passing
a pointer down to negprot_spnego().
Volker
(This used to be commit 18f47130b1ccf09873ca684ee0ea986e28f47d78)
|
|
0 as the
key length in the case of extended security. It does make sense because with
SPNEGO our beloved ASN1 structure gives us the length.
Next test I did to verify this: I modified the server to put in random
garbage, and W2kwks, XP, Vista and W2k3srv still talked to us.
Volker
(This used to be commit f19bd479cee57f064f63659c533ae108885d54a2)
|
|
(This used to be commit 56ccfe98b299e1569d59ef447ac486209aa84ca0)
|
|
descriptor
buffers.
Make security access masks simply a uint32 rather than a structure
with a uint32 in it.
(This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366)
|
|
and DLIST_DEMOTE() now take the type of the tmp pointer
not the tmp pointer itself anymore.
metze
(This used to be commit 2f58645b7094e81dff3734f11aa183ea2ab53d2d)
|
|
Sorry for the delay :-).
Jeremy.
(This used to be commit a52fa218952ffcd784ea31e947aa4d17dfdc8ee0)
|
|
look in the paths for wcard - always read directly
from incoming packet.
Jeremy.
(This used to be commit 3745a1af4ea9262fcda28931539fa6ab4c9060d1)
|
|
(This used to be commit 3f337c104d42321595161d0283b39357df252a8e)
|
|
Jeremy.
(This used to be commit d0fdd5eb1e0c8bf135c267d4ff8183899345beaa)
|
|
twice in spnego path. Jerry please check.
Jeremy.
(This used to be commit e872bacf2850cfb66be1c57be40484fe8e4c2da5)
|
|
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
|
|
removed immediately in the handler.
Extra debug info tracking down winbindd DC
selection.
Jeremy.
(This used to be commit 7ba9b6ce588f716589e9f88ed146fad36c4b3758)
|
|
(This used to be commit 779eba0a7cab3156b8580410cfe288609a288548)
|
|
just
silly :-)
Volker
(This used to be commit 8b6f5937db4b18db711dd0c4f1ae904087249000)
|
|
Stanford Checker fix.
Jeremy.
(This used to be commit 2d8bdd2dce633253780a5b0378f229893d049666)
|
|
Volker
(This used to be commit c0767c08d01a429e1abf7205c14acec5e103ca91)
|
|
Jeremy, you might want to look at the trans2 one.
Volker
(This used to be commit d727fc681c073a1b09accd31a07341b58e10eebb)
|
|
on the wire. This allows us to go to nsec resolution
for systems that support it. It should also now be
easy to add a correct "create time" (birth time)
for systems that support it (*BSD). I'll be watching
the build farm closely after this one for breakage :-).
Jeremy.
(This used to be commit 425280a1d23f97ef0b0be77462386d619f47b21d)
|
|
value into an auto on the stack that gets removed when
we return from the frame :-).
Jeremy.
(This used to be commit 85bf8a16116e5eb9d4400e809531737d45890abb)
|
|
Jeremy, please check this!
Volker
(This used to be commit 8117a7b3bf3f273dd018c42864b3136dec47ec79)
|
|
decrement a
tdb entry is not the most reliable way to count children correctly.
This increments the number of children after a fork and decrements it upon
SIGCLD. I'm keeping a list of children just for consistency checks, so that we
at least get a debug level 0 message if something goes wrong.
Volker
(This used to be commit eb45de167d24d07a218307ec5a48c0029ec097c6)
|
|
(This used to be commit 2a66abca02b5e95b66ab336f0d0e3977676d4540)
|
|
bytes returned" is less than the amount we want
to send, return what we can and set STATUS_BUFFER_OVERFLOW
(doserror ERRDOS,ERRbufferoverflow). Required by
OS/2 to handle EA's that are too large. It's hard
to test this in Samba4 smbtorture as the max data
bytes returned is hard coded at 0xffff (as it is
in the Samba3 client libraries also). I used a
custom version of Samba4 smbtorture to test this
out. Might add a "max data bytes" param to make
this testable in the build farm. Confirmed by
"Guenter Kukkukk (sambaos2)" <sambaos2@kukkukk.com>
and Andreas Taegener <atsamba11@eideltown.de>
that this fixes the issue.
Jeremy.
(This used to be commit ff2f1202b76991a404dae8df17c36f8135c8dc51)
|
|
* Remove "unknown" from dfs_Enum (samba4 dfs IDL updates to follow).
* When encountering an unsupported infolevel the rpc server must reply
with a dfs_info_0 structure and WERR_OK (observed from w2k3 when talking
to nt4).
Guenther
(This used to be commit f9bef1f08f7d2a4c95c28329ac73e8646f033998)
|
|
(This used to be commit e4b8c79a9d6f7323953121887af4f482d04a9228)
|
|
(This used to be commit c065341d3ffc9125514f563c63d416cf7c40375f)
|
|
lookup_name_smbconf, otherwise
force user = domain+administrator
can not work. Also attempt to fix the 'valid users = domain+group' bug at the
same time.
Volker
(This used to be commit 255475901c13fde29b1b476560d969cc99712767)
|
|
up names from smb.conf. If the name is unqualified it
causes the lookup to be done in WORKGROUP\name, then
"Unix [users|groups]"\name rather than searching the
domain. Should fix the problems with "force user"
selecting a domain user by preference.
Jeremy.
(This used to be commit 1e1fcb5eb2ac4bd360461b29f85c07dbf460025d)
|
|
netbios aliases. Reported by Björn Jacke <bjoern@j3e.de>.
Probably needs to be in 3.0.23b (if Björn approves
of the fix).
Jeremy.
(This used to be commit e9e711fe37d9aec28b329dbfe2ad3ebfc1771825)
|
|
code is wrong or bad or anything, just that it
needs to be discussed & reviewed on the samba-technical
list before we add a platform-specific NFSv4 mapping.
That way lies a lot of future pain :-).
Jeremy.
(This used to be commit 330899ec30ffceb798e3a8362d20e103e20b2897)
|
|
examples directory.
(This used to be commit c085355c323c65ee782516859eed8a76b53e6035)
|
|
code will be released.
(This used to be commit 5b1db0151461af18d994359e86c649922fc6de65)
|
|
(This used to be commit 72312cb2e255301f978455a559461ad83b13b6cb)
|
|
(This used to be commit ae6b9b34e59167e3958bfdb9997fa25340b9a0a3)
|
|
(This used to be commit 641dac4f85c0e00484d90726bea1a4cb58c8235c)
|
|
(This used to be commit 1e4ee728df7eeafc1b4d533240acb032f73b4f5c)
|
|
a POSIX lock (applying a read-lock) and we overlap
pending read locks then send them an unlock message,
we may have allowed them to proceed.
Jeremy.
(This used to be commit a7a0b6ba50f4cf7c5a0a29809fdff9e1266a29e7)
|
|
code with become_root_uid_only()/unbecome_root_uid_only()
pairs. This code needs working on.....
Jeremy.
(This used to be commit 0661d4e26614180636bc57de0c48adf8b9ce7a21)
|
|
acls code. I'm pretty sure this was safe, but become_root()
does other things to the token stack that become_root_uid_only()
does not, and as we're going into a vfs redirectred function
I decided it wasn't safe for now.
Jeremy.
(This used to be commit b3e0f45488595aa96c852dab8e1349631a85dded)
|
|
calls make it :
become_root_uid_only()
operation
unbecome_root_uid_only()
saving errno across the second call. Most of our internal
change calls can be replaced with these simple calls.
Jeremy
(This used to be commit 4143aa83c029848d8ec741d9218b3fa6e3fd28dd)
|
|
fix the messaging code to call the efficient calls :
save_re_uid()
set_effective_uid(0);
messaging_op
restore_re_uid();
instead of using heavyweight become_root()/unbecome_root()
pairs around all messaging code. Fixup the messaging
code to ensure sec_init() is called (only once) so that non-root
processes still work when sending messages.
This is a lighter weight solution to become_root()/unbecome_root()
(which swaps all the supplemental groups) and should be more
efficient. I will migrate all server code over to using this
(a similar technique should be used in the passdb backend
where needed).
Jeremy.
(This used to be commit 4ace291278d9a44f5c577bdd3b282c1231e543df)
|
|
Jeremy, I'm sure you will look at this nevertheless :-)
Volker
(This used to be commit 3ef34468b55771b6f6b54454fa6c9decc183c565)
|
|
in one place.
Jeremy.
(This used to be commit f326bae3e269046b6f087626240cddbb5dafb0e4)
|
|
Jeremy.
(This used to be commit 8eed82d5d5ba34cc0a6b99b9d0df45eec5f788fa)
|
|
to copy over the copy of the access_mask, open_access_mask.
Jerry - this is a definate fix for a 3.0.23b and should also
be on the patches page. CIFSFS breaks without this.
Jeremy.
(This used to be commit d11e71ebcccf6907f2404a04aa6bf61b12ab2709)
|
|
(This used to be commit 2e400fb0077ccef38fff28ef037f982624b7815b)
|
|
(This used to be commit 640b4297a400fe23418e9c1c01d4c14ce3bde5b4)
|
|
sure we return -1.
Jeremy.
(This used to be commit 89b83237b03066785ca4bf3b9d120519bddeffad)
|
|
modularizes our interface into the special posix API used on
the system. Without this patch the specific API flavor is
determined at compile time, something which severely limits
usability on systems with more than one file system. Our
first targets are AIX with its JFS and JFS2 APIs, at a later
stage also GPFS. But it's certainly not limited to IBM
stuff, this abstraction is also necessary for anything that
copes with NFSv4 ACLs. For this we will check in handling
very soon.
Major contributions can be found in the copyright notices as
well as the checkin log of the vl-posixacls branch. The
final merge to 3_0 post-3.0.23 was done by Peter Somogyi
<psomogyi@gamax.hu>
(This used to be commit ca0c73f281a2a65a988094a46bb3e46a94011a53)
|