Age | Commit message (Collapse) | Author | Files | Lines |
|
ldapi://).
Andrew Bartlett
(This used to be commit 556a21faeed0b6e3cc6efcfa8e0939b151a802de)
|
|
Andrew Bartlett
(This used to be commit 1920cb8b3978f745cba7e854410deb9174de2dc0)
|
|
OpenLDAP backend.
Andrew Bartlett
(This used to be commit da66b53e6ac39c5f020781830ee69d460aa0cae5)
|
|
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
|
|
(This used to be commit bb393603707ada3d4b917f8374b7738f16c78f46)
|
|
snprintf seems
to be broken. The %lu modifies apparently can not cope with the high
bit==1. In dom_sid_string I added some printfs and got:
auth: 21
auth: 2666793276
auth: 679821296
auth: 2310223117
auth: 1206
sid=S-1-5-21-8446744072081377596-679821296-8446744071724807437-1206
The "auth:" values are direct printfs, the sid= is the resulting code from
dom_sid_string.
I could not reproduce it with a simple test program, and #ifdef'ing out
HAVE_SNPRINTF in config.h manually does not help either, probably because the
dynamic linker overwrites the symbol in lib/replace.
Checking it in because it fixes the RPC-SAMBA3-SHARESEC test directly on host
"sunx", I would like to see whether it also fixes IRIX and AIX.
Volker
(This used to be commit 1a9401738f652a87d377a32086342f5f98525fc2)
|
|
configure check for the interfaces.
should fix the build on some old sun boxes
metze
(This used to be commit f20e251bfd9f1eb7ce5c00739631b1625a2aa467)
|
|
when I don't use the DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
flag on DsBind
metze
(This used to be commit 8458ee72c5c1005ab80b9f7ea6efe617e5c76106)
|
|
metze
(This used to be commit 96259f0f24b114e505241c9d2deb702a8b40f1b6)
|
|
metze
(This used to be commit 40dc7c1787c16bfc15ac87fee81d2d2d1f3d2fde)
|
|
metze
(This used to be commit 84e74a759cfa49ebc8b4ba1b8e729d6d920fc55a)
|
|
with this you can limit a search to a specific partitions
or a search over all partitions without getting referrals.
(Witch is the default behavior on the Global Catalog Port)
metze
(This used to be commit 4ccd0f8171f3748ee6efe1abd3f894d2cdf46bf4)
|
|
metze
(This used to be commit 23759a1e9b05c4fde475a9016cb0b7447656d7e7)
|
|
metze
(This used to be commit e15a015a1d9aa3872271c0c5542e7d055a6f673a)
|
|
metze
(This used to be commit 8f9e201b9a797c0772672efab0f8e6a7a6312eb0)
|
|
metze
(This used to be commit 683fc25f6524a3821ba70529251aabe97bad9370)
|
|
the composite_context structue, we should try to convert all code
to use this because there're a lot of places where the we have
bugs with this task...
- add a composite_continue_smb2() helper
We should try to hide the internals of the composite code from the users
to avoid errors (and I found a lot of them... and will fix then step by step)
metze
(This used to be commit a16180f20246844d05996d385fcb71893e08f589)
|
|
metze
(This used to be commit fe463bc568e8ac78ca161bcba3e867d33bb828b3)
|
|
otherwise the callers callback function will not be called
and the caller is hanging forever...
metze
(This used to be commit e231eba828486e68c9d3a246e1e0c943fdb8301c)
|
|
metze
(This used to be commit f2196bf9b662d3f38d59eceb8c54f9d2e3f7b505)
|
|
routines to return an NTSTATUS. This should help track down errors.
Use a bit of talloc_steal and talloc_unlink to get the real socket to
be a child of the GENSEC or TLS socket.
Always return a new socket, even for the 'pass-though' case.
Andrew Bartlett
(This used to be commit 003e2ab93c87267ba28cd67bd85975bad62a8ea2)
|
|
contexts from the application layer into the socket layer.
This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets. It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default. It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.
This patch mirrors the earlier work done to move TLS into the socket
layer.
Unusual in this pstch is the extra read callback argument I take. As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data. This would leave the system without an event
to restart the read (as the socket is dry).
As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop. I believe that
the TLS code does require a similar callback.
In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:
+-----------------+---------------------+
| SASL Packet #1 | SASL Packet #2 |
----------------------------------------+
| LDAP Packet #1 | LDAP Packet #2 |
----------------------------------------+
In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP. Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.
Without data on the socket, read events stop. That is why I add timed
events, until the SASL buffer is drained.
Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).
In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code. The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length. (1 + n/2). This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.
Andrew Bartlett
(This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
|
|
- the 0xffffffffffffffff seqnum is reserved for SMB2 Break (oplock breaks)
so don't use it in a request. we should someday try to test this...
metze
(This used to be commit 730cdc4475822e28cb400116641294a7f98ad0b5)
|
|
security
descriptor. This is something that W2k3 does _not_ pass and probably is not
expected to, it seems the don't check access at tconX time.
Thanks to metze for the hint how in the srvsvc_NetShareInfo1501 struct the
length of the sd can be encoded in idl.
As metze says, there's probably more to the share secdesc, this needs more
testing. This one is here to walk the samba3 code.
Volker
(This used to be commit 67185508229a8d7f144c22cb194f573c932d6de5)
|
|
metze
(This used to be commit 1f48e7dca6a06078f3655a7f7a8f109bd6c0cb8e)
|
|
metze
(This used to be commit 49b96ac44a883c020c69df7a12df154dc4faa4d5)
|
|
metze
(This used to be commit 8d4fd35b10b176d31f986bbca5848091dffcd657)
|
|
RAW_NOTIFY_NTTRANS,RAW_NOTIFY_SMB2
- parse SMB2 Notify reponse
metze
(This used to be commit de50e0ccddfad16ad7b254770f4c52c1abe707b9)
|
|
metze
(This used to be commit a455dc7a8392230395c0e444f76a4ca13192f871)
|
|
metze
(This used to be commit e40d62363c2123fff37b35c1c7004e85a6786c2a)
|
|
the operation doesn't need a valid file handle in that case
metze
(This used to be commit d41a83d55945b07020349339888f3a34ac4eff4e)
|
|
metze
(This used to be commit 58bed7322c7e552d0462a11ce5d46a282c31f8f7)
|
|
preallocated
- body_size doesn't contain the preallocated byte so don't remove it
metze
(This used to be commit 3cf50e26b7dc11d85c46ef81a36c74acf97085c0)
|
|
(found by valgrind)
metze
(This used to be commit 283bec8295b6302dfe3dc12c82d7870bdfee8b37)
|
|
of smb_search_data
metze
(This used to be commit 78c201db8a47a71908698c4dda2add4cf85694d9)
|
|
Guenther
(This used to be commit 075242b97614202ee265577c9e5dd499e56bd768)
|
|
rafal
(This used to be commit 48a9f822442c8b115fd61d9c6781d8100df2bf9e)
|
|
is no padding...
the following patch is needed for vista beta2 to connect to samba4
metze
(This used to be commit 58baae8fc463cd2c4e4ce532c153ad80313b03eb)
|
|
there're 8 more unknown bytes...
Note:
- vista-CTP also support this as a server,
but uses the old format as client
- but vista-beta2 only uses and accept the new format
metze
(This used to be commit b3bdd4afdefc9ad3550f86a0aa6e6c90bf8ab416)
|
|
as we setup the 1 padding byte for non present dynamic part,
we need to overwrite it when we're getting a real dynamic part,
so we need to remove the buf->size +=1 when we do the first
push to the dynamic part (when buf->dynamic is still but->body + buf->body_fixed)
metze
(This used to be commit f309209629ad1b63a76fc06163a3eeb07dce4c86)
|
|
so we know that the 9th bytes is just uninitialized padding
metze
(This used to be commit f97a21b970ed23973cced2c67b5bc9ecd7afee88)
|
|
metze
(This used to be commit 429215113bd999466141df0a2e3b3097d677df1f)
|
|
simpler
- use ndr_push_struct_blob() for RAW_SFILEINFO_SEC_DESC
metze
(This used to be commit 79e51f033e680303431e56e818346b66a836d044)
|
|
metze
(This used to be commit f099fcb6e3a38d6df22cb3a0c7c666333e41f11b)
|
|
metze
(This used to be commit 81702c36c28e9e32860c5d91887d2ad2121ce306)
|
|
metze
(This used to be commit 6164d1e22e0545f558315591d49f862de06ea945)
|
|
metze
(This used to be commit dcc02df8297162a7fd913560194d9e821798dbe0)
|
|
correct grammar
(This used to be commit 26a2fa97e4c819e630bc9b50e11c8d5328c7b8c8)
|
|
the "92" to
"100" will give funny permissions...
Volker
(This used to be commit b76a3d4f590963d48eae8a9899d17ae3833c3dfa)
|
|
correct, or we try and do a memcmp on the trailing '\0'.
This happens because we now use memcmp for the prefix matching.
I just wish I had a test other than a particular invocation of the OSX
client. (I've tried and failed so far)
Andrew Bartlett
(This used to be commit 36aa8390807581442c68ac3ee9dd6eb05d89b86d)
|