Age | Commit message (Collapse) | Author | Files | Lines |
|
Michael
(This used to be commit f0992c0d79bb6a5810c84a9eac208d83390bb047)
|
|
(This used to be commit ec22c30581f0809b6a008982abceb97b4f9cd12e)
|
|
(This used to be commit 1d941961e0739c22d32720bac4ecd6beef6d74c5)
|
|
(This used to be commit 13c6eacff02b55b9fd6201406802f271dcf13e8e)
|
|
CloseDir.
(This used to be commit 48cdafc10a0eb615d79057ec9e235ffe9a85e016)
|
|
make test
to break. The Solaris CC put the static char InBuffer[TOTAL_BUFFER_SIZE] on an
odd address, the malloc'ed one is always aligned. The problem showed up in
pull_ucs2, ucs2_align uses the address of InBuffer as an indication whether to
bump up the src of the string by one. Unfortunately in the trans calls the
data portion is malloced and thus has different alignment guarantees than a
static variable. This one is bigger....
Volker
(This used to be commit 6affd7818f6981be2a9f44fcf302e7fddb468347)
|
|
Michael
(This used to be commit d90aa8368af624761a19cd1e55ed9f18bc64f45d)
|
|
In make_server_info_pw() we assign a user SID in our
authoritative SAM, even though this may be from a
pure "Unix User" that doesn't exist in the SAM.
This causes lookups on "[in]valid users" to fail as they
will lookup this name as a "Unix User" SID to check against
the user token. Fix this by adding the "Unix User"\unix_username
SID to the sid array. The correct fix should probably be
changing the server_info->sam_account user SID to be a
S-1-22 Unix SID, but this might break old configs where
plaintext passwords were used with no SAM backend.
Jeremy
(This used to be commit 80d1da7e6cce451d3934751feaa6ad60a337e3db)
|
|
Remove the allocated inbuf/output. In async I/O we copy the buffers
explicitly now, so NewInBuffer is called exactly once. This does not
reduce memory footprint, but removes one of the larger chunks that
clobber the rest of the massif output
In getgroups_unix_user on Linux 2.6 we allocated 64k groups x 4 bytes
per group x 2 (once in the routine itself and once in libc) = 512k just
to throw it away directly again. This reduces it do a more typical limit
of 32 groups per user. We certainly cope with overflow fine if 32 is not
enough. Not 100% sure about this one, a DEVELOPER only thing?
(This used to be commit 009af0909944e0f303c5d496b56fb65ca40a41d5)
|
|
(This used to be commit 9dcbef9615aec7cfe8f72e6f21f01af4e4fcc90e)
|
|
This closes #4624 for me.
(This used to be commit 3635b304155299ac93fda57e5e9ece0acd605e77)
|
|
Got report this is all ok form a tester. Close a loong
standing bug preventing people to freely use any character
in their password when printing via cups were involved.
(This used to be commit 54ca011212982cf1d94a76ca9d39c391783da04f)
|
|
that....
Volker
(This used to be commit 1a45ea28ced3775acd6127e05e844873ed23d40b)
|
|
why check_path_syntax should not be able to run in-line. The destination
pointer either walks side by side with the source pointer or is
decremented. So as far as I can see s>=d is true throughout the whole
routine.
Jeremy, I'm checking this only into 3_0 for now. Please review and ack
or directly merge this to 3_0_26.
Thanks,
Volker
(This used to be commit 34a13c82a3b72d6900614b57c58fbaefeeca8fa7)
|
|
Jeremy, I am always very confused about the different length arguments
in convert_string and friends. Can you take a look at the change in
string_replace and verify it's ok? Thanks!
While at it, remove the pstring limit for strhasupper and strhaslower.
(This used to be commit e6e5703658aeaeb0cca5d7281095e17553001d4b)
|
|
Change rename_internals to open the file/directory and then call
rename_internals_fsp. Two reasons: Remove code duplication and remove a
race condition. The race condition was due to the fact that in
can_rename the share mode check closed the file and then after that did
the rename.
(This used to be commit aa16d8a649d1a38593edd5ca94ed2c7d4291911b)
|
|
- when cleaning up invalid locks make sure we mark the lck
struct as modified so it'll get saved back correctly (that
was the original intent).
Jeremy.
(This used to be commit cbf0829abcc3689edd7ab225054dfc79d43c6309)
|
|
Jeremy.
(This used to be commit 5b2836e2d5f9081b5e39637538d8f2d19e1115c4)
|
|
Jeremy.
(This used to be commit 03763bc5287fef5f100c911041668e23d4305f8d)
|
|
Jeremy.
(This used to be commit fca5637dc6c91a57c4e087670068688557e5bf32)
|
|
reg #defines use "REG_" prefix. Michael - please check
gcc warnings on compiles.
Jeremy.
(This used to be commit 7885b68bb5df0ebe290feca0e74b4a20ef59e718)
|
|
failed expression in SMB_ASSERT.
(This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)
|
|
The global options are stored as values in the subkey "global"
of the SMBCONF registry key.
The activation is accomplished in smb.conf though a new special
semantic of the "include" parameter: "include = registry" triggers
the processing of the registry global options exactly at the
position of the include statement. Options read from the registry
take the same precedence as parameters loaded from a file via
include. Need to reload the registry globals is detected by
watching the tdb sequence number.
Registry shares are automatically activated when the registry
globals are processed.
So a "registry only" configuration can be realized by an
smb.conf that looks as follows:
================================
[global]
include = registry
================================
The global options and registry shares can be conveniently
edited with the "net conf" utility.
Caveat:
A possible pitfall consists in using "include = registry"
together with the "lock directory" directive in the registry.
This problem will be addressed in the next time.
Note on the code:
Processing of the registry options is accomplished by a function
process_registry_globals() in loadparm.c The current version is
only an interim solution: It is handcoded instead of using the
infrastructure of reg_api.c. The reason for this is that using
reg_api still has too large linker dependencies, bloating virtually
all targets by PASSDB_OBJ, SMBLDAP_OBJ, GROUPDB_OBJ and LDB stuff.
A version of process_registry_globals that uses reg_api is
included but commented out. The goal is to eventually refactor
and restructure the registry code so that one can use the reg_api
to access only the registry tdb and not link all the dynamic
backends with all their linking implications.
(This used to be commit 24b0cbcb3741dd14b04728448a85cc04a057e7d0)
|
|
on failure in the write path.
Jeremy.
(This used to be commit cd3f7dbee809fb40194af0e7509142166e02b252)
|
|
(To be used in other place in subsequent commit.)
Michael
(This used to be commit 6fd71140499e30b8fd0f083301512db7b8c2f236)
|
|
This eliminates the need of maintaining reg_db's own
reference counter for the tdb. Maybe as a next step...
Michael
(This used to be commit 31d64767fc8a73be1f6b81e2712d687897f812a0)
|
|
we are idle and we timed out waiting for something to do.
(This used to be commit b4ab1a0cd992cf9e966b8edb9796d1eae53db744)
|
|
(This used to be commit 8d3828871c561cd05e6461e157db4c0ccddd5f22)
|
|
With the target being open we have to return NT_STATUS_ACCESS_DENIED and
root_fid != 0 leads to NT_STATUS_INVALID_PARAMETER
(This used to be commit b599e5b1e10bdf825b2ce53de4a6ec35726d00f6)
|
|
libmsrpc (unmaintained).
(This used to be commit 13d78ace49d0f7c5330c5297ef563284f573239a)
|
|
getgrnam() for machine and domain local groups.
(This used to be commit 4d4c1eca30ce57b4072e9f8c59fcc49bf3a5c48e)
|
|
(This used to be commit 2041c35a305e0d6ee015b54fb17fe416dc14a8bc)
|
|
Further reduce the diff between 3_0 and 3_0_26 by some reformatting
and rearrangements.
Michael
(This used to be commit 02685358d104775e6b8cad156aa70458ab3a55f6)
|
|
Add the tdbtorture test to the test script in 3_0 and 3_0_26.
Michael
(This used to be commit 30d71cf4b8decd6fad0c44a3eb57e29ea7d898a0)
|
|
Remove two local variables
(This used to be commit 575e594e936c3cb197945063309f0b424dcdefc8)
|
|
activation of global registry options in loadparm.c, mainly to
extract functionality from net_conf.c to be made availabel elsewhere
and to minimize linker dependencies.
In detail:
* move functions registry_push/pull_value from lib/util_reg.c to new file
lib/util_reg_api.c
* create a fake user token consisting of builtin administrators sid and
se_disk_operators privilege by hand instead of using get_root_nt_token()
to minimize linker deps for bin/net.
+ new function registry_create_admin_token() in new lib/util_reg_smbconf.c
+ move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c
+ adapt net_conf.c and Makefile.in accordingly.
* split lib/profiles.c into two parts: new file lib/profiles_basic.c
takes all the low level mask manipulation and format conversion functions
(se_priv, privset, luid). the privs array is completely hidden from
profiles.c by adding some access-functions. some mask-functions are not
static anymore.
Generally, SID- and LUID-related stuff that has more dependencies
is kept in lib/profiles.c
* Move initialization of regdb from net_conf.c into a function
registry_init_regdb() in lib/util_reg_smbconf.c.
Michael
(This used to be commit efd3e2bfb756ac5c4df7984791c67e7ae20a582e)
|
|
(This used to be commit 1ce0c582bccc90e54a69b1e70973ed7ccb47cbbb)
|
|
not really needed.
(This used to be commit e068e38ef3b364f2c6477f9d8d6ef3b81a6207ca)
|
|
(This used to be commit 4cdc7eaac78f04f19f1ed738fd918862bd2f7d4c)
|
|
emited to the Makefile in the DEVELOPER_CFLAGS variable. This makes
it easy to turn developer mode on and off without waiting for
configure to run. The developer flags are only added to CFLAGS for
the --enable-developer and --enable-krb5developer cases.
(This used to be commit 4b392a76eb392375f369c8c64fccd138833dcb52)
|
|
context flags.
(This used to be commit 903145e957cd05b219fdf7d5fc1e35430938a24e)
|
|
truncation a bit more verbosely.
(This used to be commit e3ea997289f9f2613c304c016b42b2d35af48c84)
|
|
when verifying a ticket from winbindd_pam.c.
I've found during multiple, fast, automated SSH logins (such
as from a cron script) that the replay cache in MIT's krb5
lib will occasionally fail the krb5_rd_req() as a replay attack.
There seems to be a small window during which the MIT krb5
libs could reproduce identical time stamps for ctime and cusec
in the authenticator since Unix systems only give back
milli-seconds rather than the micro-seconds needed by the
authenticator. Checked against MIT 1.5.1. Have not
researched how Heimdal does it.
My thinking is that if someone can spoof the KDC and TDS
services we are pretty hopeless anyways.
(This used to be commit cbd33da9f78373e29729325bbab1ae9040712b11)
|
|
(This used to be commit 1f80f9d14553650fb9d24f1d4c36e5cf7986ce23)
|
|
in the winbindd_getgrnam() call. Couple of comments:
* Adds "winbind expand groups" parameter which defines the
max depth winbindd will expand group members. The default
is the current behavior of one level of expansion.
* The entire getrgnam() interface should be async. I
haven't done that.
* Refactors the domain users hack in fill_grent_mem() into
its own function.
(This used to be commit 3d3a8130351753dc5caa2a270d130e2150da6b54)
|
|
the correct group list length and only truncate to NGROUPS_MAX if
it is too long.
(This used to be commit 07f562be7a64a2ded7ec0e6f5910447dc5b8b85f)
|
|
(This used to be commit 47cc9359aa1b4d5fcd9469be0b1378030ac388fc)
|
|
Add a function to retrieve the registry db sequence number.
This is in preparation of loadparm integration of registry global
smb.conf options: this will allow to detect changes in order to trigger reload.
Michael
(This used to be commit ebe2ea8f22bfe0855beee087af771c690db443c1)
|
|
first ask for existence of a file when we do the open_file_ntcreate in
can_rename later on anyway. That also gets us the right error message in
case the file is not there automatically.
(This used to be commit f3d582cb908f95c1b557bda5d41b5a8aff75b124)
|
|
inside close_file() already.
(This used to be commit 0b29e3ad0f2b1759eb195fb37f1f8667d87f5670)
|