summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r18772: Now that we don't have a one-byte keylength in the extended security ↵Volker Lendecke1-4/+0
case anymore, we don't have to truncate the length to 255 anymore. The test I did for this: I sent 50 times the NTLMSSP oid. With truncating Vista said Access Denied, without truncating it liked the response. Volker (This used to be commit f1512cb43c69338d4f2cb806486c4f5db51cf695)
2007-10-10r18771: Sequel to r18761: If we always set the keylen to 0 there's no point ↵Volker Lendecke1-6/+3
in passing a pointer down to negprot_spnego(). Volker (This used to be commit 18f47130b1ccf09873ca684ee0ea986e28f47d78)
2007-10-10r18761: Even if only offering NTLMSSP Windows (tested with Vista & XP) sends ↵Volker Lendecke1-5/+2
0 as the key length in the case of extended security. It does make sense because with SPNEGO our beloved ASN1 structure gives us the length. Next test I did to verify this: I modified the server to put in random garbage, and W2kwks, XP, Vista and W2k3srv still talked to us. Volker (This used to be commit f19bd479cee57f064f63659c533ae108885d54a2)
2007-10-10r18760: Fix typos, remove unneeded codeVolker Lendecke1-10/+2
(This used to be commit 56ccfe98b299e1569d59ef447ac486209aa84ca0)
2007-10-10r18745: Use the Samba4 data structures for security descriptors and security ↵Jelmer Vernooij2-31/+31
descriptor buffers. Make security access masks simply a uint32 rather than a structure with a uint32 in it. (This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366)
2007-10-10r18605: sync dlinklist.h with samba4, that means DLIST_ADD_END()Stefan Metzmacher5-22/+14
and DLIST_DEMOTE() now take the type of the tmp pointer not the tmp pointer itself anymore. metze (This used to be commit 2f58645b7094e81dff3734f11aa183ea2ab53d2d)
2007-10-10r18603: Add in the NFSv4 ACL mapping code from IBM.Jeremy Allison1-3/+3
Sorry for the delay :-). Jeremy. (This used to be commit a52fa218952ffcd784ea31e947aa4d17dfdc8ee0)
2007-10-10r18547: Add in fixes to mangling dir code - ensure don'tJeremy Allison2-45/+56
look in the paths for wcard - always read directly from incoming packet. Jeremy. (This used to be commit 3745a1af4ea9262fcda28931539fa6ab4c9060d1)
2007-10-10r18481: Use pidl-generated server side code for dfs.Jelmer Vernooij1-5/+6
(This used to be commit 3f337c104d42321595161d0283b39357df252a8e)
2007-10-10r18403: Revert until we get this sorted out correctly.Jeremy Allison1-1/+1
Jeremy. (This used to be commit d0fdd5eb1e0c8bf135c267d4ff8183899345beaa)
2007-10-10r18398: Fix bug #4095 - username composed into domain\userJeremy Allison1-1/+1
twice in spnego path. Jerry please check. Jeremy. (This used to be commit e872bacf2850cfb66be1c57be40484fe8e4c2da5)
2007-10-10r18271: Big change:Gerald Carter3-3/+3
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r18224: Paranoia - ensure the oplock event handler isJeremy Allison1-0/+6
removed immediately in the handler. Extra debug info tracking down winbindd DC selection. Jeremy. (This used to be commit 7ba9b6ce588f716589e9f88ed146fad36c4b3758)
2007-10-10r17909: ensure we do not call map_username() twice on Krb5 session setupsGerald Carter1-1/+5
(This used to be commit 779eba0a7cab3156b8580410cfe288609a288548)
2007-10-10r17896: Reformatting. I did not want to do it anymore, but these ones looked ↵Volker Lendecke1-12/+19
just silly :-) Volker (This used to be commit 8b6f5937db4b18db711dd0c4f1ae904087249000)
2007-10-10r17879: Make it explicit that we can never pass NULL for buflen or stringlen.Jeremy Allison1-6/+2
Stanford Checker fix. Jeremy. (This used to be commit 2d8bdd2dce633253780a5b0378f229893d049666)
2007-10-10r17836: Don't create zombies in the children, thanks to Jeremy!Volker Lendecke1-0/+4
Volker (This used to be commit c0767c08d01a429e1abf7205c14acec5e103ca91)
2007-10-10r17835: Fix Coverity bugs 306, 309, 310.Volker Lendecke1-1/+1
Jeremy, you might want to look at the trans2 one. Volker (This used to be commit d727fc681c073a1b09accd31a07341b58e10eebb)
2007-10-10r17800: Start using struct timespec internally for file timesJeremy Allison2-120/+115
on the wire. This allows us to go to nsec resolution for systems that support it. It should also now be easy to add a correct "create time" (birth time) for systems that support it (*BSD). I'll be watching the build farm closely after this one for breakage :-). Jeremy. (This used to be commit 425280a1d23f97ef0b0be77462386d619f47b21d)
2007-10-10r17676: Fix printing bug found by kukks. Don't copy a returnJeremy Allison1-1/+1
value into an auto on the stack that gets removed when we return from the frame :-). Jeremy. (This used to be commit 85bf8a16116e5eb9d4400e809531737d45890abb)
2007-10-10r17604: Fix a bug caught by g++.Volker Lendecke1-1/+1
Jeremy, please check this! Volker (This used to be commit 8117a7b3bf3f273dd018c42864b3136dec47ec79)
2007-10-10r17569: Make 'max smbd processes' more robust. Counting on the child to ↵Volker Lendecke2-80/+78
decrement a tdb entry is not the most reliable way to count children correctly. This increments the number of children after a fork and decrements it upon SIGCLD. I'm keeping a list of children just for consistency checks, so that we at least get a debug level 0 message if something goes wrong. Volker (This used to be commit eb45de167d24d07a218307ec5a48c0029ec097c6)
2007-10-10r17568: Reformatting -- more than 100 cols is too much :-)Volker Lendecke1-3/+6
(This used to be commit 2a66abca02b5e95b66ab336f0d0e3977676d4540)
2007-10-10r17541: When returning a trans2 request, if the "max dataJeremy Allison3-27/+45
bytes returned" is less than the amount we want to send, return what we can and set STATUS_BUFFER_OVERFLOW (doserror ERRDOS,ERRbufferoverflow). Required by OS/2 to handle EA's that are too large. It's hard to test this in Samba4 smbtorture as the max data bytes returned is hard coded at 0xffff (as it is in the Samba3 client libraries also). I used a custom version of Samba4 smbtorture to test this out. Might add a "max data bytes" param to make this testable in the build farm. Confirmed by "Guenter Kukkukk (sambaos2)" <sambaos2@kukkukk.com> and Andreas Taegener <atsamba11@eideltown.de> that this fixes the issue. Jeremy. (This used to be commit ff2f1202b76991a404dae8df17c36f8135c8dc51)
2007-10-10r17453: Fix msdfs RPC management (this broke with the autogenerated dfs rpcs).Günther Deschner1-0/+1
* Remove "unknown" from dfs_Enum (samba4 dfs IDL updates to follow). * When encountering an unsupported infolevel the rpc server must reply with a dfs_info_0 structure and WERR_OK (observed from w2k3 when talking to nt4). Guenther (This used to be commit f9bef1f08f7d2a4c95c28329ac73e8646f033998)
2007-10-10r17452: Some C++ warningsVolker Lendecke1-5/+5
(This used to be commit e4b8c79a9d6f7323953121887af4f482d04a9228)
2007-10-10r17408: Let us use netgroups even without a NIS domain but just using filesSimo Sorce1-4/+3
(This used to be commit c065341d3ffc9125514f563c63d416cf7c40375f)
2007-10-10r17406: We need to do a translation of winbind separator -> '\\' inVolker Lendecke1-2/+2
lookup_name_smbconf, otherwise force user = domain+administrator can not work. Also attempt to fix the 'valid users = domain+group' bug at the same time. Volker (This used to be commit 255475901c13fde29b1b476560d969cc99712767)
2007-10-10r17402: Added lookup_name_smbconf() to be called when lookingJeremy Allison1-2/+2
up names from smb.conf. If the name is unqualified it causes the lookup to be done in WORKGROUP\name, then "Unix [users|groups]"\name rather than searching the domain. Should fix the problems with "force user" selecting a domain user by preference. Jeremy. (This used to be commit 1e1fcb5eb2ac4bd360461b29f85c07dbf460025d)
2007-10-10r17376: Fix bug #3985 - ensure in msdfs we check for ourJeremy Allison1-14/+8
netbios aliases. Reported by Björn Jacke <bjoern@j3e.de>. Probably needs to be in 3.0.23b (if Björn approves of the fix). Jeremy. (This used to be commit e9e711fe37d9aec28b329dbfe2ad3ebfc1771825)
2007-10-10r17367: Reverting the ab code. Note I'm not saying thisJeremy Allison1-3/+3
code is wrong or bad or anything, just that it needs to be discussed & reviewed on the samba-technical list before we add a platform-specific NFSv4 mapping. That way lies a lot of future pain :-). Jeremy. (This used to be commit 330899ec30ffceb798e3a8362d20e103e20b2897)
2007-10-10r17358: Re-add JFS2 NFS4 ACLs support, move readme for it into AIX-specific ↵Alexander Bokovoy1-3/+3
examples directory. (This used to be commit c085355c323c65ee782516859eed8a76b53e6035)
2007-10-10r17354: Revert -r 17353 per Volker request while gpfs compatibility layer ↵Alexander Bokovoy1-3/+3
code will be released. (This used to be commit 5b1db0151461af18d994359e86c649922fc6de65)
2007-10-10r17353: Add support for JFS2 NFS4/AIXC and GPFS acls based on NFSv4 ACLs.Alexander Bokovoy1-3/+3
(This used to be commit 72312cb2e255301f978455a559461ad83b13b6cb)
2007-10-10r17348: Some C++ warningsVolker Lendecke5-10/+11
(This used to be commit ae6b9b34e59167e3958bfdb9997fa25340b9a0a3)
2007-10-10r17347: Some C++ warnings -- 271 leftVolker Lendecke1-16/+20
(This used to be commit 641dac4f85c0e00484d90726bea1a4cb58c8235c)
2007-10-10r17316: More C++ warnings -- 456 leftVolker Lendecke3-9/+9
(This used to be commit 1e4ee728df7eeafc1b4d533240acb032f73b4f5c)
2007-10-10r17314: Optimisation for POSIX locking. If we're downgradingJeremy Allison1-1/+1
a POSIX lock (applying a read-lock) and we overlap pending read locks then send them an unlock message, we may have allowed them to proceed. Jeremy. (This used to be commit a7a0b6ba50f4cf7c5a0a29809fdff9e1266a29e7)
2007-10-10r17296: Replace the understandable parts of the quotaJeremy Allison1-17/+13
code with become_root_uid_only()/unbecome_root_uid_only() pairs. This code needs working on..... Jeremy. (This used to be commit 0661d4e26614180636bc57de0c48adf8b9ce7a21)
2007-10-10r17295: Back out the become_root_uid_only change on the POSIXJeremy Allison2-13/+12
acls code. I'm pretty sure this was safe, but become_root() does other things to the token stack that become_root_uid_only() does not, and as we're going into a vfs redirectred function I decided it wasn't safe for now. Jeremy. (This used to be commit b3e0f45488595aa96c852dab8e1349631a85dded)
2007-10-10r17294: Make the code a little cleaner. Instead of using the twoJeremy Allison1-12/+12
calls make it : become_root_uid_only() operation unbecome_root_uid_only() saving errno across the second call. Most of our internal change calls can be replaced with these simple calls. Jeremy (This used to be commit 4143aa83c029848d8ec741d9218b3fa6e3fd28dd)
2007-10-10r17293: After the results from the cluster tests in Germany,Jeremy Allison4-18/+0
fix the messaging code to call the efficient calls : save_re_uid() set_effective_uid(0); messaging_op restore_re_uid(); instead of using heavyweight become_root()/unbecome_root() pairs around all messaging code. Fixup the messaging code to ensure sec_init() is called (only once) so that non-root processes still work when sending messages. This is a lighter weight solution to become_root()/unbecome_root() (which swaps all the supplemental groups) and should be more efficient. I will migrate all server code over to using this (a similar technique should be used in the passdb backend where needed). Jeremy. (This used to be commit 4ace291278d9a44f5c577bdd3b282c1231e543df)
2007-10-10r17254: Simple flattening of an if-statement, no logic change.Volker Lendecke1-21/+27
Jeremy, I'm sure you will look at this nevertheless :-) Volker (This used to be commit 3ef34468b55771b6f6b54454fa6c9decc183c565)
2007-10-10r17249: Ensure we only set the FILE_WRITE_DATA on O_TRUNCJeremy Allison1-3/+0
in one place. Jeremy. (This used to be commit f326bae3e269046b6f087626240cddbb5dafb0e4)
2007-10-10r17248: Ensure we definately add the WRITE_DATA on O_TRUNC.Jeremy Allison1-3/+4
Jeremy. (This used to be commit 8eed82d5d5ba34cc0a6b99b9d0df45eec5f788fa)
2007-10-10r17247: When we map generic to specific we need to rememberJeremy Allison1-2/+5
to copy over the copy of the access_mask, open_access_mask. Jerry - this is a definate fix for a 3.0.23b and should also be on the patches page. CIFSFS breaks without this. Jeremy. (This used to be commit d11e71ebcccf6907f2404a04aa6bf61b12ab2709)
2007-10-10r17229: Indent-style reformatting -- getting used to the code again :-)Volker Lendecke1-51/+53
(This used to be commit 2e400fb0077ccef38fff28ef037f982624b7815b)
2007-10-10r17228: Modest reformattingVolker Lendecke1-17/+24
(This used to be commit 640b4297a400fe23418e9c1c01d4c14ce3bde5b4)
2007-10-10r17220: If we're going to fail a write with an errno, makeJeremy Allison2-1/+5
sure we return -1. Jeremy. (This used to be commit 89b83237b03066785ca4bf3b9d120519bddeffad)
2007-10-10r17179: Merge the vl-posixacls tmp branch into mainline. ItJim McDonough1-11/+3
modularizes our interface into the special posix API used on the system. Without this patch the specific API flavor is determined at compile time, something which severely limits usability on systems with more than one file system. Our first targets are AIX with its JFS and JFS2 APIs, at a later stage also GPFS. But it's certainly not limited to IBM stuff, this abstraction is also necessary for anything that copes with NFSv4 ACLs. For this we will check in handling very soon. Major contributions can be found in the copyright notices as well as the checkin log of the vl-posixacls branch. The final merge to 3_0 post-3.0.23 was done by Peter Somogyi <psomogyi@gamax.hu> (This used to be commit ca0c73f281a2a65a988094a46bb3e46a94011a53)