Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
p->mem_ctx is a relatively long lived context as it will not be freed until
a full request is served. In spoolss we do a lot of operations including
opening new pipes to connect to winreg.
Use more shortlived temporary contexts to avoid leaking a lot of memory on
p->mem_ctx and carrying it around untill all the operations in the current call
are done.
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
|
We reopen the hive and key so close them before reopen.
|
|
|
|
|
|
|
|
In ancient times, when ctdb had not support for persistent databases and
tdb2 was introduced as a two-layer solution and it was more important than
today to be able to change the location of the permanent database file
because it had to reside on shared storage.
But these were times when idmap_tdb2 was not even officially released.
Nowadays, with ctdb handling the persistent idmap2.tdb database, the path
is stripped anyways, so this undocumented option has become unnecessary
and is hence removed.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Jul 27 05:37:57 CEST 2011 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
: script" instead
With this patch, "idmap config * : script" will override "idmap : script".
If "idmap : script" is present, a deprecation warning will be printed in any
case. If "idmap config * : script" is not set, then the value of "idmap :script"
will be used for backwards compatibility.
|
|
Two uses of the setup array are not being correctly byte-swapped to little
endian.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jul 27 03:14:48 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Jul 27 02:03:49 CEST 2011 on sn-devel-104
|
|
|
|
|
|
|
|
In cli_echo with more than one response we ended up with more than one read_smb
request. One from the call to cli_smb_req_set_pending called from
cli_smb_received. The other one from cli_smb_received itself. I don't really
see another way to deal with this than to hold the read_smb request in the
cli_state.
Metze, please check!
Volker
|
|
In CGI mode, we don't get access to the user's password, which would
reduce the hash used so far to parameters an attacker can easily guess.
To work around this, read the nonce from secrets.tdb or generate one if
it's not there.
Also populate the C_user field so we can use that for token creation.
Signed-off-by: Kai Blin <kai@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Jul 26 23:33:24 CEST 2011 on sn-devel-104
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
Signed-off-by: Kai Blin <kai@samba.org>
|
|
Thanks to Simo for reporting!
Karolin
(cherry picked from commit 9f73c1990a19daa899fa5345530a867e69a5be94)
(cherry picked from commit bcb052c29212954a3ed10c9f095c51e4e0a96af5)
|
|
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.
This patch fixes the reflection issue by not printing user-specified content on
the website anymore.
Signed-off-by: Kai Blin <kai@samba.org>
|
|
This prevents errors about it by 'make SYMBOLCHECK=1' if there is a
system ldb present.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Tue Jul 26 18:21:48 CEST 2011 on sn-devel-104
|
|
when there is no share SD set, the default share SD that
is used e.g. for the output of sharesec -v defaults to a
value that is not equivalent to the desired FULL access.
This is a more or less a cosmetical follow-up for the patches
in Bug #8201 that makes them more consumeable by printing
FULL (that is what the user expects) instead of a bitmask
in hexadecimal form.
previous output:
REVISION:1
OWNER:(NULL SID)
GROUP:(NULL SID)
ACL:S-1-1-0:ALLOWED/0/0x101f01ff
with patch:
REVISION:1
OWNER:(NULL SID)
GROUP:(NULL SID)
ACL:S-1-1-0:ALLOWED/0/FULL
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Tue Jul 26 15:57:55 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Tue Jul 26 14:45:27 CEST 2011 on sn-devel-104
|
|
|
|
|
|
|
|
Winbind can't really cope with trusts that don't have a SID associated. This
happens with external MIT trusts for example. This filters them out when
sending the trust list from child to parent.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Jul 26 11:39:53 CEST 2011 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Jul 24 19:01:47 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Jul 24 16:37:19 CEST 2011 on sn-devel-104
|
|
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Jul 23 11:08:19 CEST 2011 on sn-devel-104
|
|
metze
|
|
metze
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|