| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This allows us to control what groups should be added in what use
cases, and in particular to more carefully control the introduction of
the 'authenticated' group.
In particular, in the 'service_named_pipe' protocol, we do not have
control over the addition of the authenticated users group, so we key
of 'is this user the anonymous SID'.
This also takes more care to allocate the right length ptoken->sids
Andrew Bartlett
|
|
Obviously this isn't needed and in general site names shouldn't be hardcoded
anymore (except there is a good reason).
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
The auth context was in the past only for NTLM authentication, but we
need a SAM, an event context and and loadparm context for calculating
the local groups too, so re-use that infrustructure we already have in
place.
However, to avoid problems where we may not have an auth_context (in
torture tests, for example), allow a simpler 'session_info' to be
generated, by passing this via an indirection in gensec and an
generate_session_info() function pointer in the struct auth_context.
In the smb_server (for old-style session setups) we need to change the
async context to a new 'struct sesssetup_context'. This allows us to
use the auth_context in processing the authentication reply .
Andrew Bartlett
|
|
This works with both standalone lib builds and bundled builds
|
|
we won't be using the mk -> wscript generator again
|
|
them
|
|
Rewrote wafsamba using a new dependency handling system, and started
adding the waf test code
|
|
|
|
Re-using two of the create_options bits was bound to eventually
cause problems, and indeed, Windows7 now uses one of those bits
when opening text files.
Fixes bug 7189
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
metze
|
|
metze
|
|
It is just easier to fill in the known to be 8 byte challenge than
stuff about with allocated pointers.
Andrew Bartlett
|
|
|
|
|
|
metze
|
|
|
|
The lock.in.reserved field has been renamed lock_sequence in the
SMB 2.1 dialect. See MS-SMB 2.2.26.
|
|
Using common parameters means that the ldb_wrap code can return a
reference rather than a new database
|
|
Thanks to Metze for spotting this.
|
|
This helps with the CIFS NTVFS backend, but doesn't solve all problems
|
|
|
|
In order to implement root_fid in the s4 SMB server we need to declare
it as a handle type, just as for other fnum values in SMB. This
required some extensive (but simple) changes in many bits of code.
|
|
|
|
When one of our core tasks fails to initialise it can now ask for the
server as a whole to die, rather than limping along in a degraded
state.
|
|
see bug #6610
The MacOSX SMB client sets the BCC value in SMBwriteX calls to zero
instead of the correct size. Checking against WindowsXP, I've found
that Windows uses the maximum of the computed buffer size and the
given BCC value. I've changed Samba4 to do the same to allow MacOSX to
work.
I've limited this change to non-chained packets to ensure we don't get
the possibility of exploits based on overlapping chained requests
|
|
|
|
This fixes bug 6547, where smbclient in S3 reads more than 64k at a
time with readx.
|
|
|
|
compounded chain
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
We need to loop over all given dialects and check
if we can find SMB2_DIALECT_REVISION_202.
metze
|
|
This change brings ntvfs_connect into compliance with other ntvfs functions
which take an ntvfs module, an ntvfs request and an smb io union.
It now becomes the responsibility of ntvfs modules to examine
tcon->generic.level themselves and derive the share name and any other
options
directly; e.g.
const char *sharename;
switch (tcon->generic.level) {
case RAW_TCON_TCON:
sharename = tcon->tcon.in.service;
break;
case RAW_TCON_TCONX:
sharename = tcon->tconx.in.path;
break;
case RAW_TCON_SMB2:
default:
return NT_STATUS_INVALID_LEVEL;
}
if (strncmp(sharename, "\\\\", 2) == 0) {
char *p = strchr(sharename+2, '\\');
if (p) {
sharename = p + 1;
}
}
service.c smbsrv_tcon_backend() is called before ntvfs_connect and fills in
some of the tcon->..out values.
For the case of RAW_TCON_TCONX, it filles out tcon->tconx.out.tid and
tcon->tconx.out.options
For the case of RAW_TCON_TCON it fills out tcon->tcon.out.tid and
tcon->tcon.out.max_xmit
Thus the ntvfs_connect function for vfs modules may override these values
if desired, but are not required to.
ntvfs_connect functions are required to fill in the tcon->tconx.out.*_type
fields, for RAW_TCON_TCONX, perhaps something like:
if (tcon->generic.level == RAW_TCON_TCONX) {
tcon->tconx.out.fs_type = ntvfs->ctx->fs_type;
tcon->tconx.out.dev_type = ntvfs->ctx->dev_type;
}
Signed-off-by: Sam Liddicott <sam@liddicott.com>
(I fixed the ntvfs_connect() in the smb_server/smb2/
and the RAW_TCON_SMB2 switch case in the modules)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Stop packet_recv getting greedy and reading the whole socket
and then dispatching te extra packets in a timer loop
Signed-off-by: Sam Liddicott <sam@liddicott.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
smbsrv_tcon_backend no longer creates the ntvfs_request wrapper,
so smbsrv_reply_tcon* can now do this and then invoke ntvfs_connect
in the typical manner using SMBSRV_SETUP_NTVFS_REQUEST and
SMBSRV_CALL_NTVFS_BACKEND
Previously smbsrv_tcon_backend has been responsible for instantiating
the ntvfs_module_context to service a tree-connect request, and
then create an ntvfs_request wrapper around the smbsrv_request
and pass this to ntvfs_connect for the newly created ntvfs.
These actions could not be invoked asynchronously.
This meant that any client requests made while instantiating the
ntvfs module, including any composite's used during authentication
(or related client connections for the case of proxy modules)
would block other ntvfs modules and requests in the current process as
they executed a nested event loop to await completion.
Signed-off-by: Sam Liddicott <sam@liddicott.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
