Age | Commit message (Collapse) | Author | Files | Lines |
|
Make sure we honour the directive not to allow machine password changes.
(This used to be commit 436555f05ceae34d8df2356d1066b6b5e0a07c41)
|
|
live without valgrind :-).
Jeremy.
(This used to be commit 9b231149c78c8bbfb70c5675cffb652705ba2cd2)
|
|
You don't want to know what I discovered about Windows
ACLs to make this work :-(. See :
http://www.codeproject.com/win32/accessctrl2.asp
Search for "Q. How does Inheritance come into this?"
for details.
Jeremy.
(This used to be commit e1d3a80d2bff2e3540637fd741fc149eeca5fb9d)
|
|
we'll check it.
Jeremy.
(This used to be commit 1b73bf79f4f8a2bc408d52a1ce9df47f33fb3a87)
|
|
return to correctly return NT_STATUS_INVALID_OWNER if it
should be disallowed. Matches better what W2K3R3 does.
NFSv4 ACL module owners, please examine these changes.
Jeremy.
(This used to be commit fc6899a5506b272f8cd5f5837ca13300b4e69a5f)
|
|
on fsp close or removal of oplock. Mulitple removals
are safe.
Jeremy.
(This used to be commit 6de0970704b3eff2b71e6bf499c6dda45d4d5e2d)
|
|
CloseDir.
(This used to be commit 48cdafc10a0eb615d79057ec9e235ffe9a85e016)
|
|
make test
to break. The Solaris CC put the static char InBuffer[TOTAL_BUFFER_SIZE] on an
odd address, the malloc'ed one is always aligned. The problem showed up in
pull_ucs2, ucs2_align uses the address of InBuffer as an indication whether to
bump up the src of the string by one. Unfortunately in the trans calls the
data portion is malloced and thus has different alignment guarantees than a
static variable. This one is bigger....
Volker
(This used to be commit 6affd7818f6981be2a9f44fcf302e7fddb468347)
|
|
Remove the allocated inbuf/output. In async I/O we copy the buffers
explicitly now, so NewInBuffer is called exactly once. This does not
reduce memory footprint, but removes one of the larger chunks that
clobber the rest of the massif output
In getgroups_unix_user on Linux 2.6 we allocated 64k groups x 4 bytes
per group x 2 (once in the routine itself and once in libc) = 512k just
to throw it away directly again. This reduces it do a more typical limit
of 32 groups per user. We certainly cope with overflow fine if 32 is not
enough. Not 100% sure about this one, a DEVELOPER only thing?
(This used to be commit 009af0909944e0f303c5d496b56fb65ca40a41d5)
|
|
that....
Volker
(This used to be commit 1a45ea28ced3775acd6127e05e844873ed23d40b)
|
|
why check_path_syntax should not be able to run in-line. The destination
pointer either walks side by side with the source pointer or is
decremented. So as far as I can see s>=d is true throughout the whole
routine.
Jeremy, I'm checking this only into 3_0 for now. Please review and ack
or directly merge this to 3_0_26.
Thanks,
Volker
(This used to be commit 34a13c82a3b72d6900614b57c58fbaefeeca8fa7)
|
|
Jeremy, I am always very confused about the different length arguments
in convert_string and friends. Can you take a look at the change in
string_replace and verify it's ok? Thanks!
While at it, remove the pstring limit for strhasupper and strhaslower.
(This used to be commit e6e5703658aeaeb0cca5d7281095e17553001d4b)
|
|
Change rename_internals to open the file/directory and then call
rename_internals_fsp. Two reasons: Remove code duplication and remove a
race condition. The race condition was due to the fact that in
can_rename the share mode check closed the file and then after that did
the rename.
(This used to be commit aa16d8a649d1a38593edd5ca94ed2c7d4291911b)
|
|
failed expression in SMB_ASSERT.
(This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)
|
|
on failure in the write path.
Jeremy.
(This used to be commit cd3f7dbee809fb40194af0e7509142166e02b252)
|
|
we are idle and we timed out waiting for something to do.
(This used to be commit b4ab1a0cd992cf9e966b8edb9796d1eae53db744)
|
|
(This used to be commit 8d3828871c561cd05e6461e157db4c0ccddd5f22)
|
|
With the target being open we have to return NT_STATUS_ACCESS_DENIED and
root_fid != 0 leads to NT_STATUS_INVALID_PARAMETER
(This used to be commit b599e5b1e10bdf825b2ce53de4a6ec35726d00f6)
|
|
Remove two local variables
(This used to be commit 575e594e936c3cb197945063309f0b424dcdefc8)
|
|
(This used to be commit 1ce0c582bccc90e54a69b1e70973ed7ccb47cbbb)
|
|
not really needed.
(This used to be commit e068e38ef3b364f2c6477f9d8d6ef3b81a6207ca)
|
|
when verifying a ticket from winbindd_pam.c.
I've found during multiple, fast, automated SSH logins (such
as from a cron script) that the replay cache in MIT's krb5
lib will occasionally fail the krb5_rd_req() as a replay attack.
There seems to be a small window during which the MIT krb5
libs could reproduce identical time stamps for ctime and cusec
in the authenticator since Unix systems only give back
milli-seconds rather than the micro-seconds needed by the
authenticator. Checked against MIT 1.5.1. Have not
researched how Heimdal does it.
My thinking is that if someone can spoof the KDC and TDS
services we are pretty hopeless anyways.
(This used to be commit cbd33da9f78373e29729325bbab1ae9040712b11)
|
|
(This used to be commit 47cc9359aa1b4d5fcd9469be0b1378030ac388fc)
|
|
first ask for existence of a file when we do the open_file_ntcreate in
can_rename later on anyway. That also gets us the right error message in
case the file is not there automatically.
(This used to be commit f3d582cb908f95c1b557bda5d41b5a8aff75b124)
|
|
inside close_file() already.
(This used to be commit 0b29e3ad0f2b1759eb195fb37f1f8667d87f5670)
|
|
The attached patch removes a little race condition for
people with real kernel oplock support, and reduces some
code paths. It changes reply_unlink to open_file_ntcreate,
set_delete_on_close and close_file.
The race condition happens if we break the oplock in
can_delete via open_file_ntcreate, we close the file,
someone else gets a batch oplock and we try to unlink.
It reduces code paths by calling SMB_VFS_UNLINK in 2 fewer
places.
(This used to be commit 0342ce7057045a362134281bcc7030111276dea0)
|
|
request. Ignore it. Should fix bug #4689 but more tests and
valgrinding will follow.
Jeremy.
(This used to be commit c23e08cc09b8de860ab9c7ac9d0e7c2502dfccd9)
|
|
if the name wasn't changed.
Jeremy.
(This used to be commit 7a9629365eb4eb2829982fe2b2bfffd840648e6f)
|
|
I'm 100% certain I've forgotten to merge something, but the main code
should be in. It's mainly in dbwrap_ctdb.c, ctdbd_conn.c and
messages_ctdbd.c.
There should be no changes to the non-cluster case, it does survive make
test on my laptop.
It survives some very basic tests with ctdbd enables, I did not do the
full test suite for clusters yet.
Phew...
Volker
(This used to be commit 15553d6327a3aecdd2b0b94a3656d04bf4106323)
|
|
to the
dynamic group resolution mechanism when switching UNIX credentials.
(This used to be commit b5cb21e951550fe836b0ef5febc037af9a7f51ec)
|
|
always
passed as the first GID when calling setgroups(2).
(This used to be commit 6ebaf856c1d27f2fbfa0444a5c6c17c4331d2780)
|
|
Change the sequence :
gain_root();
sys_setgroups(ngroups, groups);
become_id(uid, gid);
to a function call :
set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups)
James - should be safe for you to create a Darwin-specific
version of this function now.
Jeremy.
(This used to be commit 8ee982b3678be41ce8b4f4c1df428dcbf897ccbe)
|
|
Doing this in two stages to make it very easy to
review. Context switching must look like :
gain_root();
sys_setgroups(ngroups, groups);
become_id(uid, gid);
Re-arrange order so these three calls are always
seen together.
Next will be to turn these into a function.
Jeremy.
(This used to be commit eb537185ee4a3f460709267c843c9303a9bb61b5)
|
|
(This used to be commit c592b562fa793c9fb3bd0d84074d4ffaa8f63b64)
|
|
in storing the access mask. I shouldn't have made this
mistake. Damn. Fixes bug #4673.
Jeremy
(This used to be commit 84801d4e83786b9de3d0875a317ca9ed8ff5b3e4)
|
|
(This used to be commit 87b92e7ebda018f1d6a588748e282dc1a2c50613)
|
|
Jeremy.
(This used to be commit dfb4cb5d2bd6c50ad2ecfa729d76daccfc43925a)
|
|
respond to events.c style events.
(This used to be commit 476080df3ff19c3c4742928ff50293935e171f99)
|
|
session_claim. Jerry, this fixes the hanging smbstatus.
Sorry for that,
Volker
(This used to be commit 86ff82a5df998045185682cf09b2db3d37f01004)
|
|
(This used to be commit 2e2415655d352708b9799ae5ff4d9276c49cfb3b)
|
|
(This used to be commit b38dc5ffdfe9fdc2879c57dc181815f06b4747fe)
|
|
(This used to be commit 6e2bb4836fab5e548429613dea431007af3a7995)
|
|
branch, please check if it fulfils your needs.
Two changes: The validation is not done inside the brlock.c traverse_fn,
it's done as a separate routine.
Secondly, this patch does not call the checker routines in smbcontrol
directly but depends on a running smbd.
(This used to be commit 7e39d77c1f90d9025cab08918385d140e20ca25b)
|
|
Change notify.tdb to use dbwrap
(This used to be commit 3a089403871df88f4a3bf86c3db0d169cd4fb434)
|
|
(This used to be commit 5360e6405b170137e558fd0696ebd6030e0f5deb)
|
|
This replaces the internal explicit dev/ino file id representation by a
"struct file_id". This is necessary as cluster file systems and NFS
don't necessarily assign the same device number to the shared file
system. With this structure in place we can now easily add different
schemes to map a file to a unique 64-bit device node.
Jeremy, you might note that I did not change the external interface of
smb_share_modes.c.
Volker
(This used to be commit 9b10dbbd5de8813fc15ebbb6be9b18010ffe8139)
|
|
it brings across the tdb-based list_sessions
(This used to be commit 0153386c1a3625b2f699863991893f399c40af48)
|
|
session_traverse.
(This used to be commit ccb5eb245e962b0264b337c2d0275c22e2a36830)
|
|
(This used to be commit 80a1f43825063bbbda896175d99700ede5a4757a)
|
|
(This used to be commit 4afe37d431b6eb475769a2057025da9aa8d1bb14)
|