| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This fixes a crash bug hit when multiple mappings were found by
the ldap search. This crash was caused by an ldap asssertion
in ldap_next_entry because was set to NULL in each iteration.
The corresponding fix was applied to the idmap_ldap_sids_to_unixids()
by Jerry in 2007 (b066668b74768d9ed547f16bf7b6ba6aea5df20a).
This fixes the crash part of bug #6387.
There is a logic part, too:
The problem currently only occurs when multiple mappings are found
for one given unixid. Now winbindd does not crash any more but
it does not correctly handle this situation. It just returns the
last mapping from the ldap search results.
This needs fixing.
Michael
|
|
metze
|
|
pointing this out.
Jeremy.
|
|
was a bug in ldb in 3.2 which could return a freed pointer on
ret != LDAP_SUCCESS. The main thing we must ensure is that we
never talloc_steal until we know LDAP_SUCCESS was returned.
Jeremy.
|
|
an ldb_search.
Jeremy.
|
|
Don't indirect a potentially null pointer.
Jeremy.
|
|
|
|
|
|
This should also fix the build on some hosts.
metze
|
|
Guenther
|
|
client might have already closed the socket
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
trusted domains
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
domain when krb5 auth is enabled
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
Jeremy.
|
|
This is the first of a series of patches that change path based
operations to operate on a struct smb_filename instead of a char *.
This same concept already exists in source4.
My goals for this series of patches are to eventually:
1) Solve the stream vs. posix filename that contains a colon ambiguity
that currently exists.
2) Make unix_convert the only function that parses the stream name.
3) Clean up the unix_convert API.
4) Change all path based vfs operation to take a struct smb_filename.
5) Make is_ntfs_stream_name() a constant operation that can simply
check the state of struct smb_filename rather than re-parse the
filename.
6) Eliminate the need for split_ntfs_stream_name() to exist.
My strategy is to start from the inside at unix_convert() and work my
way out through the vfs layer, call by call. This first patch does
just that, by changing unix_convert and all of its callers to operate
on struct smb_filename. Since this is such a large change, I plan on
pushing the patches in phases, where each phase keeps full
compatibility and passes make test.
The API of unix_convert has been simplified from:
NTSTATUS unix_convert(TALLOC_CTX *ctx,
connection_struct *conn,
const char *orig_path,
bool allow_wcard_last_component,
char **pp_conv_path,
char **pp_saved_last_component,
SMB_STRUCT_STAT *pst)
to:
NTSTATUS unix_convert(TALLOC_CTX *ctx,
connection_struct *conn,
const char *orig_path,
struct smb_filename *smb_fname,
uint32_t ucf_flags)
Currently the smb_filename struct looks like:
struct smb_filename {
char *base_name;
char *stream_name;
char *original_lcomp;
SMB_STRUCT_STAT st;
};
One key point here is the decision to break up the base_name and
stream_name. I have introduced a helper function called
get_full_smb_filename() that takes an smb_filename struct and
allocates the full_name. I changed the callers of unix_convert() to
subsequently call get_full_smb_filename() for the time being, but I
plan to eventually eliminate get_full_smb_filename().
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
Some times we have to return a non-error response
with status != NT_STATUS_OK.
metze
|
|
MESSAGE_ID and SESSION_ID are both 64bit.
metze
|
|
the MS-LSA docs.
Jeremy.
|
|
Thanks Michael to provide some transparency :-)
|
|
metze
|
|
We create a dummy SMB2 Negotiate inbuf and pass the
connection to the SMB2 engine.
metze
|
|
This is not complete, but a start that makes the
samba4 smb2 client happy.
metze
|
|
metze
|
|
This is disabled by default and activated by
"max protocol = SMB2".
metze
|
|
metze
|
|
We have to drop the gpfs level share modes, regardless of whether we put
the file into the pending close queue.
|
|
Another one of those where you stare at logfiles for hours, and when you found
it, it's absolutely obvious what is happening...
|
|
Guenther
|
|
Jelmer, you might want to take a look at Andrew B's problem with
--enable-developer --disable-shared --disable-shared-libs
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Tim Prouty <tprouty@samba.org>
|
|
|
|
This is a follow up to 69d61453df6019caef4e7960fa78c6a3c51f3d2a to
adjust the API to allow the lower layers allocate memory. Now the
memory can explicitly be freed rather than relying on talloc_tos().
Signed-off-by: Tim Prouty <tprouty@samba.org>
|
|
These were found interally via code inspection.
1) fake_sendfile was incorrectly writing zeros over real data on a
short read.
2) sendfile_short_send was doing 4 byte writes instead of 1024 byte
writes due to an incorrect sizeof usage.
Jermey, Vl please check
|
|
Make map_max_allowed_access global. Change lsa_get_generic_sd
to add Everyone:LSA_POLICY_READ|LSA_POLICY_EXECUTE, not just
LSA_POLICY_EXECUTE.
Jeremy.
|
|
Guenther
|
|
Guenther
|
|
MAX_ACCESS to be mapped to what we're giving Everyone.
Jeremy.
|
|
Inspired by lsa server from Samba 4.
Just removing a user in SAMR does not remove a user in LSA. If you use
usermanager from windows, the "User Rights" management gui gets unaccessable as
soon as you delete a user that had privileges granted. With this fix, that
no longer existing user would properly appear as an unknown account in the GUI
(as it does while using usermanager with windows domains).
This almost makes Samba3 pass the RPC-SAMR-USERS-PRIVILEGES test.
Guenther
|
|
Certainly not the full story but this gets us closer to pass the
RPC-SAMR-USERS-PRIVILEGES test.
Guenther
|
|
The aio_fork module does not need this, as it does not communicate via signals
but with pipes. Watching a strace log with those become_root() calls in aio.c
is absolutely awful, and it does affect performance.
|
