| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Parts of the Samba RPC client and server code misinterpret authenticated
packets.
DCE authenticated packets actually look like this :
+--------------------------+
|header |
| ... frag_len (packet len)|
| ... auth_len |
+--------------------------+
| |
| Data payload |
... ....
| |
+--------------------------+
| |
| auth_pad_len bytes |
+--------------------------+
| |
| Auth footer |
| auth_pad_len value |
+--------------------------+
| |
| Auth payload |
| (auth_len bytes long) |
+--------------------------+
That's right. The pad bytes come *before* the footer specifying how many pad
bytes there are. In order to read this you must seek to the end of the packet
and subtract the auth_len (in the packet header) and the auth footer length (a
known value).
The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long
as the pad alignment is on an 8 byte boundary (there are some special cases in
the code for this).
Tridge discovered there are some (DRS replication) cases where on 64-bit
machines where the pad alignment is on a 16-byte boundary. This breaks the
existing S3 hand-optimized rpc code.
This patch removes all the special cases in client and server code, and allows
the pad alignment for generated packets to be specified by changing a constant
in include/local.h (this doesn't affect received packets, the new code always
handles them correctly whatever pad alignment is used).
This patch also works correctly with rpcclient using sign+seal from
the 3.4.x and 3.3.x builds (testing with 3.0.x and 3.2.x to follow)
so even as a server it should still work with older libsmbclient and
winbindd code.
Jeremy
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Michael
|
| | |
|
| |
|
|
|
|
| |
This is the basis to implement global locks in ctdb without depending on a
shared file system. The initial goal is to make ctdb persistent transactions
deterministic without too many timeouts.
|
| |
|
|
|
|
|
|
| |
Volker.
Create widelinks_warning(int snum) to cover the message needed in make_connection.
Jeremy.
|
| |
|
|
|
| |
This way we avoid any chance that a configuration reload may turn
back on wide links when unix extensions are enabled.
|
| |
|
|
|
|
| |
broadcast"
metze
|
| |
|
|
|
|
|
|
|
| |
And send replies always via the unicast address of the subnet.
This behavior is off by default (as before)
and can be enabled with "nmbd:bind explicit broadcast = yes".
metze
|
| |
|
|
|
|
|
|
|
| |
ldapsam_alias_memberships() does the same LDAP search twice, triggered
via add_aliases() from create_local_nt_token().
This happens when no domain aliases are used.
metze
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Passing NULL as dest_realm for cli_session_setup_spnego() was
always using our own realm (as for a NetBIOS name). Change this
to look for the mapped realm using krb5_get_host_realm() if
the destination machine name is a DNS name (contains a '.').
Could get fancier with DNS name detection (length, etc.) but
this will do for now.
Jeremy.
|
| |
|
|
|
|
|
|
|
| |
respond to a read or write.
Only works on Linux kernels 2.6.26 and above. Grants CAP_KILL capability
to allow Linux threads under different euids to send signals to each other.
Jeremy.
|
| |
|
|
|
|
|
| |
Can we enable this by default? This would be a change in behaviour, but this
feature is just too cool for everyone to catch up in the apps.
The patch would be
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Uses the winbind ccache to do authentication if asked to do so
|
| |
|
|
| |
All but one call were pointless, so I think this API should go
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit c992127f8a96c37940a6d298c7c6859c47f83d9b)
|
| |
|
|
|
|
|
|
|
|
| |
rights fails even if the delete right is set on the object.
Final fix for the vfs_acl_xattr and vfs_acl_tdb code.
Ensure we can delete a file even if the underlying POSIX
permissions don't allow it, if the Windows permissions do.
Jeremy.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
we have nt_time_equal doing the same in lib/util/
|
| |
|
|
|
|
| |
lsa_pipe_tcp is ok but network is down, then send request is ok, but select() on writeable fds loops forever since there is no response.
Signed-off-by: Bo Yang <boyang@samba.org>
|
| |
|
|
| |
metze
|
| | |
|
| | |
|
| |
|
|
| |
metze
|
| |
|
|
| |
metze
|
| |
|
|
| |
metze
|
| |
|
|
| |
metze
|
| |
|
|
| |
metze
|
| |
|
|
| |
metze
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
struct in the fsp->fsp_name pointer incorrectly for a directory.
Fix this. Make map_canon_ace_perms() public.
Jeremy.
|
| |
|
|
| |
Andrew Bartlett
|
