Age | Commit message (Collapse) | Author | Files | Lines |
|
We need to be able to give sensible error messages when a kerberos
calls fails. This propogates the kerberos error up the stack to the
caller.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Current implementation synchronizes processing for
all types of LDAP request, not only LDAP_Search ones.
Synchronization for ldap replies processing is done
locally in ldb_ildap module as this concerns only
ildb_callback() function.
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
|
|
Allow UNC lists like this:
192.168.2.1
192.168.2.2
192.168.2.3
the share name will be taken from the command line
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
Signed-off-by: Andreas Schneider <asn@redhat.com>
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
This will take the some full_request callback function
as the Samba4 packet code.
metze
|
|
I think this completes commit 50feca550eed7828198b7c0fc5f0e5ddc863313d.
Now result should be handled correctly both for systems that
support EAI_NODATA but returns EAI_NONAME (as my Ubuntu 9.x)
and systems that doesn't support EAI_NODATA at all.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
DRS replication with w2k8-r2 fails with a schema mismatch error if we
set the revision to NT4
|
|
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with
the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights
to an account over itself.
|
|
We need to create a blob of the right length
|
|
|
|
|
|
- Add a torture_setup_dir() equivalent in SMB2, called smb2_util_setup_dir().
- Add verify_sd() and verify_attrib() helper functions for SMB2.
|
|
|
|
Signed-off-by: Tim Prouty <tprouty@samba.org>
|
|
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
- Reoder them
- Add some new ones (needed for the security descriptor in the provision script)
|
|
The lock.in.reserved field has been renamed lock_sequence in the
SMB 2.1 dialect. See MS-SMB 2.2.26.
|
|
Set the SMB pid to the Unix pid of the client process.
|
|
|
|
This macro encompasses all possible file notifications that can
be raised.
|
|
|
|
Fixed sd creation not working on LDAP modify.
Fixed incorrect replacement of CO and CG.
Fixed incorrect access check on modify for SD modification.
Fixed failing sec_descriptor test and enabled it.
Fixed failing sd add test in ldap.python
|
|
This patch, inspired by a patche by Endi S. Dewata
<edewata@redhat.com>, allows this control to be passed to the LDAP
backend.
Andrew Bartlett
|
|
At this point, support for checks on LDAP add, delete, rename and modify.
Old kludge_acl is still there to handle the searches.
This module is synchronous as the async version was impossible to debug,
will be converted to async after some user testing.
|
|
Also, added some logging. It needs improvement, possibly ability to
turn in on and off via configuration file.
|
|
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
This one didn't matter until the root_fid changed the alignment of the
two structures.
|
|
In order to implement root_fid in the s4 SMB server we need to declare
it as a handle type, just as for other fnum values in SMB. This
required some extensive (but simple) changes in many bits of code.
|
|
For KERBEROS applications the realm should be upcase (function "lp_realm") but
for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch
implements the use of both in the right way.
|
|
|
|
* Add chained NTCREATEX_READX test which first tries to open/read
a non-existant file failing on the open, then attempts the same
operation on a file that does exist, opening and reading
successfully.
* Add test for open_dispositions on directories.
|
|
I've ported all applicable SMB oplock torture tests to SMB2, giving us
a good base for SMB2 oplock testing.
There are several differences between oplocks in SMB and SMB2, mostly
because of differences in W2K3 and W2K8. The existing SMB oplock
tests all pass against W2K3, but several fail against W2K8. These
same tests were failing in SMB2, util I reworked them.
BATCH19, BATCH20: In W2K3/SMB a setfileinfo - rename command wouldn't
cause a sharing violation or break an existing oplock. It appears that
in W2K8/SMB2 a sharing violation is raised.
BATCH22: In W2K3/SMB when a second opener was waiting the full timeout
of an oplock break, it would receive NT_STATUS_SHARING_VIOLATION after
about 35 seconds. This bug has been fixed in W2K8/SMB2 and instead
the second opener succeeds.
LEVELII500: Added 1 new test checking that the server returns a proper
error code when a client improperly replies to a levelII to none break
notification.
STREAM1: W2K8 now grants oplocks on alternate data streams.
|
|
Thanks for Nadya and Metze for this. The SDs were being created with
invalid fields (noticed by w2k8-r2 client when joining our domain)
|
|
|
|
Currently disabled. The search will be greatly modified,
also the object tree stuff will be simplified.
|
|
TODO's:
ACE sorting and clarifying the inheritance of object specific ace's.
|
|
We were creating the name resolution context as a child of lp_ctx,
which meant when we gave up on a connection the timer on name
resolution kept running, and when it timed out the callback crashed as
the socket was already removed.
|
|
Fix bug #6723
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This will be used as a simple way to lock down DRS replication to
administrators and domain controllers
|
|
This starts the process to have Samba4 use lmhosts.
Andrew Bartlett
|