summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2009-05-08s3/ldap: also handle DirX return codesBjörn Jacke1-0/+2
2009-05-08s3:configure: "test" only takes one "="Björn Jacke1-1/+1
2009-05-07Fix some type-punned warningsVolker Lendecke3-7/+13
2009-05-07Remove a misleading commentVolker Lendecke1-2/+0
2009-05-07Fix some nonempty blank linesVolker Lendecke1-11/+10
2009-05-07Convert lib/wb_reqtrans.c to unix calling conventionsVolker Lendecke3-97/+113
2009-05-07Adapt wb_reqtrans to "recent" coding conventionsVolker Lendecke1-44/+28
2009-05-07s3-auth: use full 16byte session key in make_user_info_netlogon_interactive().Günther Deschner2-3/+2
Patch from Jeremy. With this patch, I was able to join Windows 7 RC to a Samba3 DC, and login into a Samba 3 Domain. There are still two registry settings required: HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 Do *not* modify the other netlogon registry parameters that were passed around, they weaken security. Guenther (cherry picked from commit b5097d54cb74ca0ea328f9e029562f65f4a01134)
2009-05-07Async API needs all parameters to be kept around until sent,Jeremy Allison1-55/+15
ensure they're attached to the state structure. Thanks to Metze for pointing this out. Jeremy.
2009-05-07Fix a typoVolker Lendecke1-1/+1
2009-05-07Add simple test chaining up sesssetup and tconVolker Lendecke1-0/+53
2009-05-07Make cli_tcon_andx chainableVolker Lendecke2-15/+48
2009-05-07Make cli_session_setup_guest chainableVolker Lendecke2-9/+35
2009-05-07s3-samr: Fix _samr_Connect5(). In error case it still needs to return empty ↵Günther Deschner1-1/+2
info1. Guenther
2009-05-07s3-rpcclient: rework enumdrivers call a bit to allow queries like win7 does.Günther Deschner1-69/+97
Guenther
2009-05-07s3-credentials: protect netlogon_creds_server_step() against NULL creds.Günther Deschner1-0/+4
Found by SCHANNEL torture tests. Guenther
2009-05-07s3-selftest: run RPC-SCHANNEL, RPC-SCHANNEL2 and RPC-BENCH-SCHANNEL1 against ↵Günther Deschner1-0/+1
Samba3. Guenther
2009-05-07Fix bug 6336: "net groupmap set" segfaultsVolker Lendecke1-2/+4
2009-05-06Make cli_setatr async.Jeremy Allison7-8/+145
Jeremy.
2009-05-06After getting confirmation from Guenther, add 3 changes we'llJeremy Allison1-13/+23
ultimately need to fix bug #6099 Samba returns incurrate capabilities list. 1). Add a comment to point out that r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags. 2). Ensure we return NETLOGON_NEG_STRONG_KEYS in our flags return if the client requested it. 3). Clean up the error exits so we always return the same way. Signed off by Guenther. Jeremy.
2009-05-06Make cli_setattrE async.Jeremy Allison4-31/+112
Jeremy.
2009-05-06s3-netlogon: Fix NETLOGON credential chain. Fixes Bug #6099 (Windows 7 ↵Günther Deschner1-2/+6
joining Samba3) and probably many, many more. Jeremy, with 9a5d5cc1db0ee60486f932e34cd7961b90c70a56 you alter the in negotiate flags (which are a pointer to the out negotiate flags assigned in the generated netlogon server code). So, while you wanted to just set the *out* negflags, you did in fact reset the *in* negflags, effectively eliminating the NETLOGON_NEG_STRONG_KEYS bit (formerly known as NETLOGON_NEG_128BIT) which then caused creds_server_init() to generate 64bit creds instead of 128bit, causing the whole chain to break. *Please* check. Guenther
2009-05-06Fix Coverity ID 897: REVERSE_INULLVolker Lendecke1-1/+1
2009-05-06s3-rpcclient: print more infolevels in printer and driver info levels.Günther Deschner1-7/+238
Guenther
2009-05-06s3-printing: fix debug statement in virtual registry layerGünther Deschner1-1/+1
(key_driver_fetch_keys). Guenther
2009-05-06s3-printing: simplify print_queue helper functions and return WERROR.Günther Deschner4-42/+23
Guenther
2009-05-05Make cli_getatr() async.Jeremy Allison6-36/+149
Jeremy.
2009-05-05s3 Reorder loadparm to keep aliases togetherSteven Danneman1-6/+6
This keeps the "browseable" and "browsable" aliases together.
2009-05-06s3:loadparm: handle registry config source in file_list - fixes bug #6320Michael Adam1-34/+44
Michael
2009-05-05s3 onefs: Turn up the debug level for non-error casestprouty1-3/+3
2009-05-05s3: Fix trans2 path to use case-insensitive stat optimizationtprouty3-8/+57
Often times before creating a file, a client will first query to see if it already exists. Since some systems have a case-insensitive stat that is called from unix_convert, we can definitively return STATUS_NO_SUCH_FILE to the client without scanning the whole directory. This code path is taken from trans2querypathinfo, but trans2findfirst still does a full directory scan even though the get_real_filename (the case-insensitive stat vfs call) can prevent this. This patch adds the get_real_filename call to the trans2find* path, and also changes the vfs_default behavior for SMB_VFS_GET_REAL_FILENAME. Previously, in the absence of a get_real_filename implementation, we would fallback to the full directory scan. The default behavior now returns -1 and sets errno to EOPNOTSUPP. This allows SMB_VFS_GET_REALFILENAME to be called from trans2* and unix_convert.
2009-05-05Make cli_getattrE async.Jeremy Allison7-44/+156
Jeremy.
2009-05-05s3:onefs.so Change system function namesSteven Danneman1-4/+4
Addendum to c49730e1. Use newer cookie conversion names.
2009-05-05Fix bug 6302: Give the VFS a chance to read from 0-byte filesVolker Lendecke1-8/+9
2009-05-05s3-ldap: fix more callers of smbldap_dn_talloc() that were passing a NULL ↵Günther Deschner2-2/+2
context. Guenther
2009-05-05s3-ldapsam: Fix Bug #6313: ldapsam_update_sam_account() crashes while doing ↵Günther Deschner1-1/+1
talloc_free on malloced memory. Guenther
2009-05-05s3:loadparm: use the returnvalue of service_ok() in process_smbconf_service().Michael Adam1-1/+1
Michael
2009-05-04Turn on POSIX test (small test) on buildfarm.Jeremy Allison1-1/+1
Jeremy.
2009-05-04Fix the async calls for the posix_unlink and posix_rmdir.Jeremy Allison2-14/+50
Jeremy.
2009-05-04s3:onefs.so fix issue with missing entries when enumerating directoriesSteven Danneman1-130/+75
This bug prompted several, fairly large changes to the of OneFS's readdirplus() within Samba. One fundamental problem is that we kept our cache cursor pointed at the next entry to be returned from onefs_readdir(), while the resume cookie needed to refill the cache such that our cursor would be on this entry, was located in the previous cache entry. This meant that to correctly handle seekdir() cases which could be found within the existing cache, and cases where a cache reload was needed, required that the cache always hold at least two entries: the entry we wished to return, and the previous entry which held the resume cookie. Since the readdirplus() syscall gives us no guarantee that it will always return these two direntries, there was a fundamental problem with this design. To fix this problem, I have rearchitected the onefs_readdir() path to keep its pointer on the entry which contains the resume_cookie, not the entry which will be returned next. Essentially, I changed onefs_readdir() from a "return an entry then increment the cursor" model to "increment the cursor then return an entry". By doing this, we only require that a single entry be within the cache: the entry containing the resume cookie. Second, there have been numerous off-by-one bugs in my implementation of onefs_seekdir() which did a mapping between the 64-bit resume cookie returned by readdirplus() and its own monotonically increasing "location" offset. Furthermore, this design caused a somewhat frequent waste of cycles, as in some cases we'd need to re-enumerate the entire directory to recover the current "location" from an old resume cookie. As this code was somewhat difficult to understand, prone to bugs, and innefficient in some cases I decided it was better to wholesale replace it now, rather than later. It is possible to algorithmically map the 64-bit resume cookies from readdirplus() into 32-bit offset values which SMB requires. The onefs.so module now calls into a system library to do this conversion. This greatly simplifies both the seekdir() and telldir() paths and is more efficient.
2009-05-04s3 torture: Only close if open was successfulTim Prouty1-4/+12
2009-05-04Ensure we use UID-REGRESSION-TEST. It's a very short test.Jeremy Allison1-1/+1
Jeremy.
2009-05-04Torture test for bug #6315 - smbd crashes doing vfs_full_audit on IPC$ close ↵Jeremy Allison1-2/+28
event. Shows that doing a tdis with invalid uid succeeds. Jeremy.
2009-05-04s3 torture: Fix comparison is always true warningTim Prouty1-2/+2
2009-05-04Fix bug #6315 smbd crashes doing vfs_full_audit on IPC$ close event.Jeremy Allison1-3/+44
The underlying problem is that once SMBulogoff is called, all server_info contexts associated with the vuid should become invalid, even if that's the context being currently used by the connection struct (tid). When the SMBtdis comes in it doesn't need a valid vuid value, but the code called inside vfs_full_audit always assumes that there is one (and hence a valid conn->server_info pointer) available. This is actually a bug inside the vfs_full_audit and other code inside Samba, which should only indirect conn->server_info on calls which require AS_USER to be set in our process table. I could fix all these issues, but there's no guarentee that someone might not add more code that fails this assumption, as it's a hard assumption to break (it's usually true). So what I've done is to ensure that on SMBulogoff the previously used conn->server_info struct is kept around to be used for print debugging purposes (it won't be used to change to an invalid user context, as such calls need AS_USER set). This isn't strictly correct, as there's no association with the (now invalid) context being freed and the call that causes conn->server_info to be indirected, but it's good enough for most cases. The hard part was to ensure that once a valid context is used again (via new sessionsetupX calls, or new calls on a still valid vuid on this tid) that we don't leak memory by simply replacing the stored conn->server_info pointer. We would never actually leak the memory (as all conn->server_info pointers are talloc children of conn), but with the previous patch a malicious client could cause many server_info structs to be talloced by the right combination of SMB calls. This new patch introduces free_conn_server_info_if_unused(), which protects against the above. Jeremy.
2009-05-04Do not crash in ctdbd_traverse if ctdbd is not aroundVolker Lendecke1-0/+5
2009-05-04Increase debug level of "create_connection_server_info failed" messageVolker Lendecke1-1/+1
I don't think we should unconditionally send every refused connection attempt to a share to syslog, that's where all debug level 0 messages end up.
2009-05-04s3-printing: Fix driver upload for Xerox 4110 PS printer driver.Günther Deschner1-0/+2
We need to allow to set filesystem capabilities from the default vfs in create_conn_struct() in order to find mixed-case filenames. Thanks Volker! This one was hard to find, so a little longer explanation: When a Windows client tries to upload e.g. the Xerox 4110 PS driver, the client first uploads the driver files to the [print$] share. Some of them (in this case the Windows Postscript drivers) are with uppercase filenames while some of them (like the PPD file) are in lowercase. After the driver upload the client issues the spoolss_AddPrinterDriverEx() call with level 6. There the client tries to add the PPD file with an uppercase filename (while having stored it in lowercase on the server). The internal spoolss add driver functions then could not find the appropriate filename while trying to move them to the version subdirectory (in this case W32X86/3) and fails then entire spoolss_AddPrinterDriverEx() call. With this fix, the convert_unix_name() name finds the correct file and the spoolss_AddPrinterDriverEx() succeeds. Guenther
2009-05-03Fix Coverity ID 913 (NEGATIVE_RETURNS) -- gd, please check!Volker Lendecke1-2/+2
2009-05-03Fix an invalid type warningVolker Lendecke1-1/+1