Age | Commit message (Collapse) | Author | Files | Lines |
|
With the target being open we have to return NT_STATUS_ACCESS_DENIED and
root_fid != 0 leads to NT_STATUS_INVALID_PARAMETER
(This used to be commit b599e5b1e10bdf825b2ce53de4a6ec35726d00f6)
|
|
Remove two local variables
(This used to be commit 575e594e936c3cb197945063309f0b424dcdefc8)
|
|
(This used to be commit 1ce0c582bccc90e54a69b1e70973ed7ccb47cbbb)
|
|
not really needed.
(This used to be commit e068e38ef3b364f2c6477f9d8d6ef3b81a6207ca)
|
|
when verifying a ticket from winbindd_pam.c.
I've found during multiple, fast, automated SSH logins (such
as from a cron script) that the replay cache in MIT's krb5
lib will occasionally fail the krb5_rd_req() as a replay attack.
There seems to be a small window during which the MIT krb5
libs could reproduce identical time stamps for ctime and cusec
in the authenticator since Unix systems only give back
milli-seconds rather than the micro-seconds needed by the
authenticator. Checked against MIT 1.5.1. Have not
researched how Heimdal does it.
My thinking is that if someone can spoof the KDC and TDS
services we are pretty hopeless anyways.
(This used to be commit cbd33da9f78373e29729325bbab1ae9040712b11)
|
|
(This used to be commit 47cc9359aa1b4d5fcd9469be0b1378030ac388fc)
|
|
first ask for existence of a file when we do the open_file_ntcreate in
can_rename later on anyway. That also gets us the right error message in
case the file is not there automatically.
(This used to be commit f3d582cb908f95c1b557bda5d41b5a8aff75b124)
|
|
inside close_file() already.
(This used to be commit 0b29e3ad0f2b1759eb195fb37f1f8667d87f5670)
|
|
The attached patch removes a little race condition for
people with real kernel oplock support, and reduces some
code paths. It changes reply_unlink to open_file_ntcreate,
set_delete_on_close and close_file.
The race condition happens if we break the oplock in
can_delete via open_file_ntcreate, we close the file,
someone else gets a batch oplock and we try to unlink.
It reduces code paths by calling SMB_VFS_UNLINK in 2 fewer
places.
(This used to be commit 0342ce7057045a362134281bcc7030111276dea0)
|
|
request. Ignore it. Should fix bug #4689 but more tests and
valgrinding will follow.
Jeremy.
(This used to be commit c23e08cc09b8de860ab9c7ac9d0e7c2502dfccd9)
|
|
if the name wasn't changed.
Jeremy.
(This used to be commit 7a9629365eb4eb2829982fe2b2bfffd840648e6f)
|
|
I'm 100% certain I've forgotten to merge something, but the main code
should be in. It's mainly in dbwrap_ctdb.c, ctdbd_conn.c and
messages_ctdbd.c.
There should be no changes to the non-cluster case, it does survive make
test on my laptop.
It survives some very basic tests with ctdbd enables, I did not do the
full test suite for clusters yet.
Phew...
Volker
(This used to be commit 15553d6327a3aecdd2b0b94a3656d04bf4106323)
|
|
to the
dynamic group resolution mechanism when switching UNIX credentials.
(This used to be commit b5cb21e951550fe836b0ef5febc037af9a7f51ec)
|
|
always
passed as the first GID when calling setgroups(2).
(This used to be commit 6ebaf856c1d27f2fbfa0444a5c6c17c4331d2780)
|
|
Change the sequence :
gain_root();
sys_setgroups(ngroups, groups);
become_id(uid, gid);
to a function call :
set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups)
James - should be safe for you to create a Darwin-specific
version of this function now.
Jeremy.
(This used to be commit 8ee982b3678be41ce8b4f4c1df428dcbf897ccbe)
|
|
Doing this in two stages to make it very easy to
review. Context switching must look like :
gain_root();
sys_setgroups(ngroups, groups);
become_id(uid, gid);
Re-arrange order so these three calls are always
seen together.
Next will be to turn these into a function.
Jeremy.
(This used to be commit eb537185ee4a3f460709267c843c9303a9bb61b5)
|
|
(This used to be commit c592b562fa793c9fb3bd0d84074d4ffaa8f63b64)
|
|
in storing the access mask. I shouldn't have made this
mistake. Damn. Fixes bug #4673.
Jeremy
(This used to be commit 84801d4e83786b9de3d0875a317ca9ed8ff5b3e4)
|
|
(This used to be commit 87b92e7ebda018f1d6a588748e282dc1a2c50613)
|
|
Jeremy.
(This used to be commit dfb4cb5d2bd6c50ad2ecfa729d76daccfc43925a)
|
|
respond to events.c style events.
(This used to be commit 476080df3ff19c3c4742928ff50293935e171f99)
|
|
session_claim. Jerry, this fixes the hanging smbstatus.
Sorry for that,
Volker
(This used to be commit 86ff82a5df998045185682cf09b2db3d37f01004)
|
|
(This used to be commit 2e2415655d352708b9799ae5ff4d9276c49cfb3b)
|
|
(This used to be commit b38dc5ffdfe9fdc2879c57dc181815f06b4747fe)
|
|
(This used to be commit 6e2bb4836fab5e548429613dea431007af3a7995)
|
|
branch, please check if it fulfils your needs.
Two changes: The validation is not done inside the brlock.c traverse_fn,
it's done as a separate routine.
Secondly, this patch does not call the checker routines in smbcontrol
directly but depends on a running smbd.
(This used to be commit 7e39d77c1f90d9025cab08918385d140e20ca25b)
|
|
Change notify.tdb to use dbwrap
(This used to be commit 3a089403871df88f4a3bf86c3db0d169cd4fb434)
|
|
(This used to be commit 5360e6405b170137e558fd0696ebd6030e0f5deb)
|
|
This replaces the internal explicit dev/ino file id representation by a
"struct file_id". This is necessary as cluster file systems and NFS
don't necessarily assign the same device number to the shared file
system. With this structure in place we can now easily add different
schemes to map a file to a unique 64-bit device node.
Jeremy, you might note that I did not change the external interface of
smb_share_modes.c.
Volker
(This used to be commit 9b10dbbd5de8813fc15ebbb6be9b18010ffe8139)
|
|
it brings across the tdb-based list_sessions
(This used to be commit 0153386c1a3625b2f699863991893f399c40af48)
|
|
session_traverse.
(This used to be commit ccb5eb245e962b0264b337c2d0275c22e2a36830)
|
|
(This used to be commit 80a1f43825063bbbda896175d99700ede5a4757a)
|
|
(This used to be commit 4afe37d431b6eb475769a2057025da9aa8d1bb14)
|
|
(This used to be commit 3452a870d58cdddf03ddf6ee698bca8416e05cbf)
|
|
"file existed" case above. This has no functional
change but is easier to see that it's doing the
same thing.
Jeremy.
(This used to be commit 0a7d8362be8379b77e6afb803ab88d726ae7877d)
|
|
file was being created and we go into the race condition check,
we were testing for compatible open modes, but were not breaking
oplocks in the same way as if the file existed. This meant that
we weren't going into the code path that sets fsp->oplock = FAKE_LEVEL_II_OPLOCK
if the client didn't ask for an oplock on file create. We need
to do this as internally it's what Windows does.
Jeremy.
(This used to be commit 9b9513856e9e9f84d5acd94e3e3d6e73358ee7dc)
|
|
target. Needs merging for 3.0.25a (sorry).
Jeremy.
(This used to be commit a56bce3d44e89b4fd7806cc5b464c7481ec0197f)
|
|
Jeremy.
(This used to be commit b98175440b2c235fe223b4375441f15ea027a5b2)
|
|
in Samba4 smbtorture. Fix rename on an open file handle.
Needed for 3.0.25a.
Jeremy.
(This used to be commit a301467d5f645dada27093ddfd74890b88bb4ce8)
|
|
3.0.25a.
Jeremy.
(This used to be commit 02e4f6b0f1f1a1cc6bfe5fed7866eb5b18ab87e0)
|
|
Still missing lchown (will add this for 3.0.26).
Don't merge for 3.0.25a - possibly 3.0.25b (if it
exists).
Jeremy.
(This used to be commit f546750176a22cdd7298a73afc81587923baaff9)
|
|
doing this because for the clustering the marshalling is needed in more
than one place, so I wanted a decent routine to marshall a message_rec
struct which was not there before.
Tridge, this seems about the same speed as it used to be before, the
librpc/ndr overhead in my tests was under the noise.
Volker
(This used to be commit eaefd00563173dfabb7716c5695ac0a2f7139bb6)
|
|
Jeremy.
(This used to be commit c2c970fd50b293031390358d72aaa7bd94da6e6d)
|
|
(This used to be commit a8082a3c7c3d1e68c27fc3bf42f3d44402cc6f9f)
|
|
lock we know nothing about that we retry the lock every
10 seconds instead of waiting for the standard select
timeout. This is how we used to (and are supposed to)
work.
Jeremy.
(This used to be commit fa18fc25a50cf13c687ae88e7e5e2dda1120e017)
|
|
packet size.
Jeremy.
(This used to be commit 5d465dd2d559df29d18a844137c8e14ffbb1a269)
|
|
since any SID/uid/gid translation calls will reset the struct when
popping the security ctx. This should fix the standalone server
configuration issues reported by David Rankin (thanks for the logs).
(This used to be commit 63cb25bad19d9600399a6ee2221497d71e805320)
|
|
(This used to be commit 9b8df24107ffe3016031e5257c5680689f061886)
|
|
(This used to be commit 65335a420645202fc79c599a1177838ec19a4075)
|
|
Jeremy.
(This used to be commit e1052c0e3d50473a9ded6092b6a85d78590a00e7)
|