Age | Commit message (Collapse) | Author | Files | Lines |
|
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
|
|
removed immediately in the handler.
Extra debug info tracking down winbindd DC
selection.
Jeremy.
(This used to be commit 7ba9b6ce588f716589e9f88ed146fad36c4b3758)
|
|
(This used to be commit 779eba0a7cab3156b8580410cfe288609a288548)
|
|
just
silly :-)
Volker
(This used to be commit 8b6f5937db4b18db711dd0c4f1ae904087249000)
|
|
Stanford Checker fix.
Jeremy.
(This used to be commit 2d8bdd2dce633253780a5b0378f229893d049666)
|
|
Volker
(This used to be commit c0767c08d01a429e1abf7205c14acec5e103ca91)
|
|
Jeremy, you might want to look at the trans2 one.
Volker
(This used to be commit d727fc681c073a1b09accd31a07341b58e10eebb)
|
|
on the wire. This allows us to go to nsec resolution
for systems that support it. It should also now be
easy to add a correct "create time" (birth time)
for systems that support it (*BSD). I'll be watching
the build farm closely after this one for breakage :-).
Jeremy.
(This used to be commit 425280a1d23f97ef0b0be77462386d619f47b21d)
|
|
value into an auto on the stack that gets removed when
we return from the frame :-).
Jeremy.
(This used to be commit 85bf8a16116e5eb9d4400e809531737d45890abb)
|
|
Jeremy, please check this!
Volker
(This used to be commit 8117a7b3bf3f273dd018c42864b3136dec47ec79)
|
|
decrement a
tdb entry is not the most reliable way to count children correctly.
This increments the number of children after a fork and decrements it upon
SIGCLD. I'm keeping a list of children just for consistency checks, so that we
at least get a debug level 0 message if something goes wrong.
Volker
(This used to be commit eb45de167d24d07a218307ec5a48c0029ec097c6)
|
|
(This used to be commit 2a66abca02b5e95b66ab336f0d0e3977676d4540)
|
|
bytes returned" is less than the amount we want
to send, return what we can and set STATUS_BUFFER_OVERFLOW
(doserror ERRDOS,ERRbufferoverflow). Required by
OS/2 to handle EA's that are too large. It's hard
to test this in Samba4 smbtorture as the max data
bytes returned is hard coded at 0xffff (as it is
in the Samba3 client libraries also). I used a
custom version of Samba4 smbtorture to test this
out. Might add a "max data bytes" param to make
this testable in the build farm. Confirmed by
"Guenter Kukkukk (sambaos2)" <sambaos2@kukkukk.com>
and Andreas Taegener <atsamba11@eideltown.de>
that this fixes the issue.
Jeremy.
(This used to be commit ff2f1202b76991a404dae8df17c36f8135c8dc51)
|
|
* Remove "unknown" from dfs_Enum (samba4 dfs IDL updates to follow).
* When encountering an unsupported infolevel the rpc server must reply
with a dfs_info_0 structure and WERR_OK (observed from w2k3 when talking
to nt4).
Guenther
(This used to be commit f9bef1f08f7d2a4c95c28329ac73e8646f033998)
|
|
(This used to be commit e4b8c79a9d6f7323953121887af4f482d04a9228)
|
|
(This used to be commit c065341d3ffc9125514f563c63d416cf7c40375f)
|
|
lookup_name_smbconf, otherwise
force user = domain+administrator
can not work. Also attempt to fix the 'valid users = domain+group' bug at the
same time.
Volker
(This used to be commit 255475901c13fde29b1b476560d969cc99712767)
|
|
up names from smb.conf. If the name is unqualified it
causes the lookup to be done in WORKGROUP\name, then
"Unix [users|groups]"\name rather than searching the
domain. Should fix the problems with "force user"
selecting a domain user by preference.
Jeremy.
(This used to be commit 1e1fcb5eb2ac4bd360461b29f85c07dbf460025d)
|
|
netbios aliases. Reported by Björn Jacke <bjoern@j3e.de>.
Probably needs to be in 3.0.23b (if Björn approves
of the fix).
Jeremy.
(This used to be commit e9e711fe37d9aec28b329dbfe2ad3ebfc1771825)
|
|
code is wrong or bad or anything, just that it
needs to be discussed & reviewed on the samba-technical
list before we add a platform-specific NFSv4 mapping.
That way lies a lot of future pain :-).
Jeremy.
(This used to be commit 330899ec30ffceb798e3a8362d20e103e20b2897)
|
|
examples directory.
(This used to be commit c085355c323c65ee782516859eed8a76b53e6035)
|
|
code will be released.
(This used to be commit 5b1db0151461af18d994359e86c649922fc6de65)
|
|
(This used to be commit 72312cb2e255301f978455a559461ad83b13b6cb)
|
|
(This used to be commit ae6b9b34e59167e3958bfdb9997fa25340b9a0a3)
|
|
(This used to be commit 641dac4f85c0e00484d90726bea1a4cb58c8235c)
|
|
(This used to be commit 1e4ee728df7eeafc1b4d533240acb032f73b4f5c)
|
|
a POSIX lock (applying a read-lock) and we overlap
pending read locks then send them an unlock message,
we may have allowed them to proceed.
Jeremy.
(This used to be commit a7a0b6ba50f4cf7c5a0a29809fdff9e1266a29e7)
|
|
code with become_root_uid_only()/unbecome_root_uid_only()
pairs. This code needs working on.....
Jeremy.
(This used to be commit 0661d4e26614180636bc57de0c48adf8b9ce7a21)
|
|
acls code. I'm pretty sure this was safe, but become_root()
does other things to the token stack that become_root_uid_only()
does not, and as we're going into a vfs redirectred function
I decided it wasn't safe for now.
Jeremy.
(This used to be commit b3e0f45488595aa96c852dab8e1349631a85dded)
|
|
calls make it :
become_root_uid_only()
operation
unbecome_root_uid_only()
saving errno across the second call. Most of our internal
change calls can be replaced with these simple calls.
Jeremy
(This used to be commit 4143aa83c029848d8ec741d9218b3fa6e3fd28dd)
|
|
fix the messaging code to call the efficient calls :
save_re_uid()
set_effective_uid(0);
messaging_op
restore_re_uid();
instead of using heavyweight become_root()/unbecome_root()
pairs around all messaging code. Fixup the messaging
code to ensure sec_init() is called (only once) so that non-root
processes still work when sending messages.
This is a lighter weight solution to become_root()/unbecome_root()
(which swaps all the supplemental groups) and should be more
efficient. I will migrate all server code over to using this
(a similar technique should be used in the passdb backend
where needed).
Jeremy.
(This used to be commit 4ace291278d9a44f5c577bdd3b282c1231e543df)
|
|
Jeremy, I'm sure you will look at this nevertheless :-)
Volker
(This used to be commit 3ef34468b55771b6f6b54454fa6c9decc183c565)
|
|
in one place.
Jeremy.
(This used to be commit f326bae3e269046b6f087626240cddbb5dafb0e4)
|
|
Jeremy.
(This used to be commit 8eed82d5d5ba34cc0a6b99b9d0df45eec5f788fa)
|
|
to copy over the copy of the access_mask, open_access_mask.
Jerry - this is a definate fix for a 3.0.23b and should also
be on the patches page. CIFSFS breaks without this.
Jeremy.
(This used to be commit d11e71ebcccf6907f2404a04aa6bf61b12ab2709)
|
|
(This used to be commit 2e400fb0077ccef38fff28ef037f982624b7815b)
|
|
(This used to be commit 640b4297a400fe23418e9c1c01d4c14ce3bde5b4)
|
|
sure we return -1.
Jeremy.
(This used to be commit 89b83237b03066785ca4bf3b9d120519bddeffad)
|
|
modularizes our interface into the special posix API used on
the system. Without this patch the specific API flavor is
determined at compile time, something which severely limits
usability on systems with more than one file system. Our
first targets are AIX with its JFS and JFS2 APIs, at a later
stage also GPFS. But it's certainly not limited to IBM
stuff, this abstraction is also necessary for anything that
copes with NFSv4 ACLs. For this we will check in handling
very soon.
Major contributions can be found in the copyright notices as
well as the checkin log of the vl-posixacls branch. The
final merge to 3_0 post-3.0.23 was done by Peter Somogyi
<psomogyi@gamax.hu>
(This used to be commit ca0c73f281a2a65a988094a46bb3e46a94011a53)
|
|
reschedule.
Jeremy.
(This used to be commit 11bab9d57958659c71f053fe8dc0f9156c9f3c1f)
|
|
from the client requested access mask.
Jeremy.
(This used to be commit 12490fafc7f98952bf709c4c504f8f2b5646f197)
|
|
that create dispositions that cause O_TRUNC break
oplocks. This simplifies the code - although we have
to keep separate the client requested access mask and
the access mask we actually use to open the file.
Jeremy.
(This used to be commit 3bcd52a4752ec6c2a8f678afa3b7b3646103ad60)
|
|
(This used to be commit 40e267981174840f4f36d1863985ee010ef5074a)
|
|
file unless we really have to (ie. O_CREAT and file
doesn't exist).
Jeremy.
(This used to be commit 788aa15ea24e6dfb61820465b5b881829a64297a)
|
|
Jeremy.
(This used to be commit b3b5aec0eef3bdcae75ce79ffd3ecf21fb1279e7)
|
|
oplocks that were granted when we had released the lock. Fix
strange case where stat open grants a batch oplock on file
create, but grants no oplock on file open.
Jeremy.
(This used to be commit b7374835e6ec0c98fc4020623f0a37c0c173b8aa)
|
|
no way to get all the cases where kernel oplocks are
on and we can't open the file and get the correct
semantics (think about the open with truncate with
an attribute only open - we'd need a vfs change to
add the truncate(fname, len) call). So always drop
the share mode lock before doing any real fd opens and
then re-acquire it afterwards. We're already dealing
with the race in the create case, and we deal with
any other races in the same way. Volker, please
examine *carefully* :-). This should fix the problems
people reported with kernel oplocks being on.
Jeremy.
(This used to be commit 8171c4c404e9f382880c65daa0232f89e560f399)
|
|
be lp_lock_spin(). lock spin count is no longer
used. I'll update the man pages.
Jeremy.
(This used to be commit 0451a170c9be88399202abd225af35ddc45023f0)
|
|
Might need to be a parameter ?
Jeremy.
(This used to be commit 98d8d9399bb287319578daaf2a2fb42f3c48f858)
|
|
Jeremy.
(This used to be commit b5aaff665937313370e0e87225e146f9af7b7e67)
|