summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2009-08-26s3 onefs: Canonicalize the ACL in the correct ordertprouty1-4/+8
2009-08-26s3: Allow full_audit to play nice with smbd if it's using syslogtprouty2-1/+17
Explictly pass the facility from both smbd and full_audit to syslog. Really the only major change is to not call openlog() in full_audit if WITH_SYSLOG is defined, which implies that smbd is already using syslog. This allows full audit to piggy-back on the same ident as smbd, while still differentiating the logging via the facility.
2009-08-26s3 audit: Change create_file in full_audit to print whether a directory or ↵tprouty1-2/+28
file was requested full_audit will now print out whether the createfile was requested for a file or directory. The create disposition is also printed out.
2009-08-26s3:winbind: Fix Coverity ID 942: Resource LeakVolker Lendecke1-0/+2
2009-08-26s3-netlogon: let get_md4pw() return a struct dom_sid.Günther Deschner1-7/+5
Guenther
2009-08-26Add a parameter to disable the automatic creation of krb5.conf filesVolker Lendecke3-1/+19
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of transitive AD trusts. The workaround is to add a [capaths] directive to /etc/krb5.conf, which we don't automatically put into the krb5.conf winbind creates. The alternative would have been something like a "krb5 conf include", but I think if someone has to mess with /etc/krb5.conf at this level, it should be easy to add the site-local KDCs as well. Next alternative is to correctly figure out the [capaths] parameter for all trusted domains, but for that I don't have the time right now. Sorry :-)
2009-08-26s3-netlogon: fix default case when _netr_LogonSamLogon is called from other ↵Günther Deschner1-1/+3
opcodes. Guenther
2009-08-26Revert "s3: Fix uninitialized const char *"Günther Deschner1-1/+0
Tim, I am reverting this as this eliminates "_netr_LogonSamLogonEx" from the debug messages completely. Followup fix to come immediately. This reverts commit add9b4afb14d3426d1f3bf5b8e7c86926f462578.
2009-08-26s3-netlogon: get rid of init_net_r_req_chal().Günther Deschner1-13/+1
Guenther
2009-08-26s3-netlogon: let get_md4pw() return a struct samr_Password.Günther Deschner2-8/+7
(in preparation of credential merge). Guenther
2009-08-26s3-netlogon: make _netr_ServerAuthenticate a callback to ↵Günther Deschner1-46/+16
_netr_ServerAuthenticate3. Guenther
2009-08-25Allow for name array strings that don't end in a slashZach Loafman1-12/+17
Fix set_namearray to allow for strings that don't end in a slash. Also remove unnecessary strdup()s. Signed-off-by: Tim Prouty <tprouty@samba.org>
2009-08-25Add some const to dsgetdcnameVolker Lendecke2-6/+6
2009-08-25Do an early TALLOC_FREEVolker Lendecke1-1/+2
2009-08-24Help debug for bug 6651 - smbd SIGSEGV when breaking oplocks.Jeremy Allison1-0/+4
Should help track if we get invoked with an invalid fd from the signal handler. Jeremy.
2009-08-24Second attempt at fix for bug 6529 - Offline files conflict with Vista and ↵Jeremy Allison19-133/+188
Office 2003. Confirmation from reporter that this fixes the issue in master on ext3/ext4. Back-ports to follow. Jeremy.
2009-08-24Use existing time_t rounding function, don't invent my own.Jeremy Allison1-1/+1
Jeremy.
2009-08-24s3-netlogon: Only hand out rid when netlogon credential chain has been setup ↵Günther Deschner1-1/+5
sucessfully. Guenther
2009-08-24Second part of fix for 6529 - Offline files conflict with Vista and Office 2003.Jeremy Allison3-0/+22
ext4 may be able to store ns timestamps, but the only API to *set* timestamps takes usec, not nsec. Round to usec on set requests. Jeremy.
2009-08-24make smbcontrol smbd ping work proper checking for arguments handle short ↵Olaf Flebbe2-14/+21
pid_t correctly
2009-08-24LIBREPLACEOBJ now contains the full pathAndrew Tridgell1-4/+1
2009-08-24s3:lib: setup talloc log and abort functionsStefan Metzmacher1-0/+7
metze
2009-08-24s3:configure: require talloc >= 2.0.0Stefan Metzmacher1-1/+1
metze
2009-08-23s3:winbind: Fallback to the forest root for lookupnameVolker Lendecke1-0/+49
Thanks to Steven Danneman for watching me closely :-)
2009-08-23s3:winbind: Even on a domain controller, "our" domain is internalVolker Lendecke1-6/+0
It happens to be what we also share out via NETLOGON/SAMR, but winbind has direct access to it via the passdb domain methods
2009-08-23s3:winbind: Do not drop the first user in sam_query_user_listVolker Lendecke1-3/+4
2009-08-23s3:winbind: For internal domains it is pointless to connect to a DCVolker Lendecke2-1/+11
2009-08-23s3:winbind: winbindd_dual_ndrcmd should output what it's doingVolker Lendecke1-0/+4
2009-08-23s3:winbind: Fix the talloc hierarchy in wb_queryuser_doneVolker Lendecke1-1/+1
We need to return state->userinfo beyond the end of wb_queryuser_recv, so the unmarshalled strings are children of that, not the state that is lost sooner. Metze, this scheme works fine as long as we only have a single malloc'ed entity that is returned. I think we need a different scheme in the future when we might have more than one independent object to be returned.
2009-08-22Implement Metze's suggestion of trying getpwuid(0) then getpwnam(root).Jeremy Allison1-9/+5
Jeremy.
2009-08-21Log debug message when hires timestamps are available on theJeremy Allison1-0/+4
share. Jeremy.
2009-08-21Fix bug 6529 - Offline files conflict with Vista and Office 2003Jeremy Allison6-1/+42
On filesystems that can't store less than one second timestamps, round the incoming timestamp set requests so the client can't discover that a time set request has been truncated by the filesystem. Needs backporting to 3.4, 3.3, 3.2 and (even) 3.0. Jeremy
2009-08-21Try and fix the buildfarm by using getpwnam(root) insteadJeremy Allison1-0/+7
of getpwuid(0) if DEVELOPER is defined. I'm hoping the build farm defines DEVELOPER... Jeremy.
2009-08-21Fix coverity CID: 932 - forward null.Jeremy Allison1-2/+4
Jeremy.
2009-08-21s3: fix bug #6650, authentication at member servers when winbindd is not runningMichael Adam1-1/+1
Authentication of domain users on the member server fails when winbindd is not running. This is because the is_trusted_domain() check behaves differently when winbindd is running and when it isn't: Since wb_is_trusted_domain() calls wbcDomainInfo(), and this will also give a result for our own domain, this succeeds for the member server's own domain when winbindd is running. When winbindd is not running, is_trusted_domain() checks (and possibly updates) the trustdom cache, and this does the lsa_EnumTrustDom() rpc call to the DC which does not return its own domain. In case of winbindd not running, before 3.4, the domain part was _silently_ mapped to the workgroup in auth_util.c:make_user_info_map(), which effectively did nothing in the member case. But then the parameter "map untrusted to domain" was introduced and the mapping was made to the workstation name instead of the workgroup name by default unless "map untrusted to domain = yes". (Commits d8c54fddda2dba3cbc5fc13e93431b152813892e, 5cd4b7b7c03df6e896186d985b6858a06aa40b3f, and fbca26923915a70031f561b198cfe2cc0d9c3aa6) This was ok as long as winbindd was running, but with winbindd not running, these changes actually uncovered the above logic bug in the check. So the correct check is to treat the workgroup as trusted / or known in the member case. This is most easily achieved by not comparing the domain name against get_global_sam_name() which is the host name unless for a DC but against my_sam_name() which is the workgroup for a DC and for a member, too. (These names are not very intuitive...) I admit that this is a very long commit message for a one-liner, but this has needed some tracking down, and I think the change deserves some justification. Michael
2009-08-21Add missing CreateFile flags to smb.hSteve French1-1/+12
2009-08-20Fix bug 6638 - ADS Domain Member: Computer Mgr can not set share ACLsJeremy Allison1-3/+19
Add good error message for share modification denial. Jeremy.
2009-08-20s3-idmap: fix two uninitialized variable warnings in idmap_tdb2.Günther Deschner1-3/+3
Guenther
2009-08-20s3:dsgetdcname: Fix a crash in dsgetdcnameVolker Lendecke1-0/+2
When returning NT_STATUS_OK we can't leave *info == NULL, this crashes in is_closest_site called from dsgetdcname(). Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-20s3:dsgetdcname: Inline dsgetdcname_cache_refreshVolker Lendecke1-26/+7
Signed-off-by: Günther Deschner <gd@samba.org>
2009-08-20s3-spoolss: add stubs for new idl opcodes in spoolss server.Günther Deschner1-0/+153
Guenther
2009-08-19Fix bug #6647 - get_root_nt_token: getpwnam("root") failed!Jeremy Allison1-2/+2
Not all systems may have a "root" user, but all must have a passwd entry for a uid of zero. Jeremy.
2009-08-19Fix Red Hat bugzilla bug : https://bugzilla.redhat.com/show_bug.cgi?id=516165Jeremy Allison1-1/+1
nautilus fails to copy files from an SMB share. This is a show-stopper for 3.4.1 (I'll open a Samba.org bug). Although gnome-vfs is doing *incredibly* stupid things by asking for a read size of 65535 - this translates on the wire to a 65534 byte read followed by a 1 byte read. Please send this back to the gnome developers that they will ge horrid on the wire performance for this. Jeremy.
2009-08-19s3:smbd: implement SMB2 Find (Query Directory)Stefan Metzmacher1-1/+197
metze
2009-08-19s3:smbd: store a dirptr on the files_struct for SMB2 Query DirectoryStefan Metzmacher2-0/+6
metze
2009-08-19s3:smbd: add a generic smbd_dirptr_lanman2_entry() functionStefan Metzmacher2-46/+214
This can we used by SMB2, the key difference between SMB1 and SMB2 is that with SMB2 entries are aligned to 8 bytes and there's no padding at the end of the last entry. metze
2009-08-19s3:smbd: implement all SMB2 Create contexts except "ExtA"Stefan Metzmacher1-8/+217
metze
2009-08-19s3:smbd: make smbd_check_open_rights() function non-static for use in SMB2Stefan Metzmacher2-8/+13
metze
2009-08-19s3 merged build: Don't build wbinfo twice.Kai Blin1-0/+3
Many, many thanks to Metze for telling me which chicken to sacrifice.
2009-08-19Make refusal of SEC_DESC_DACL_PROTECTED configurableVolker Lendecke1-1/+3
This adds a parameter "gpfs:refuse_dacl_protected" that defaults to false. GPFS has no place to store the SEC_DESC_DACL_PROTECTED ACL bit. With this parameter we give customers an option to either ignore this bit or refuse setting an ACL with it.