summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* s4-smbtorture: re-work test_Create{User,Group,Alias} a little.Günther Deschner2009-05-261-14/+38
| | | | | | Guenther (cherry picked from commit 05e6ebb7f812eed95b8407e65cf438e04d6e3789) (cherry picked from commit 5e726f1843cd8ecb29588f6a00196354c6bc6708)
* s3-pamsmbpass: copy _pam_get_item and _pam_get_data from pam_winbind.Günther Deschner2009-05-264-15/+42
| | | | | | Guenther (cherry picked from commit 1950e180caf707346300b83021624d586cc3776d) (cherry picked from commit 7e41fce5aa9b97eb4cf3c29bf6542b05051e1f27)
* s3-rpcclient: use get_domain_handle() fn in enum domain users & groups.Günther Deschner2009-05-261-12/+10
| | | | | | Guenther (cherry picked from commit 86d087fccc30a82cb1fe3a71d0353634496e72c4) (cherry picked from commit e172757782d17ba1066d1cefe18e2a8d55b3ce96)
* Attempt to fix a debian build problemVolker Lendecke2009-05-261-1/+1
| | | | (cherry picked from commit 31eec30c33b300d93f6d6895f6d0e6b06e0c2185)
* Fix a race condition in winbind leading to a panicVolker Lendecke2009-05-261-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | In winbind, we do multiple events in one select round. This needs fixing, but as long as we're still using it, for efficiency reasons we need to do that. What can happen is the following: We have outgoing data pending for a client, thus state->fd_event.flags == EVENT_FD_WRITE Now a new client comes in, we go through the list of clients to find an idle one. The detection for idle clients in remove_idle_client does not take the pending data into account. We close the socket that has pending outgoing data, the accept(2) one syscall later gives us the same socket. In new_connection(), we do a setup_async_read, setting up a read fde. The select from before however had found the socket (that we had already closed!!) to be writable. In rw_callback we only want to see a readable flag, and we panic in the SMB_ASSERT(flags == EVENT_FD_READ). Found using bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient Volker (cherry picked from commit bfeab3a0f621dbea50f43c98ba70b0ccd8323bff)
* Ensure we return NT_STATUS_FILE_IS_A_DIRECTORY on a posix open on aJeremy Allison2009-05-261-1/+1
| | | | | | directory name. Jeremy. (cherry picked from commit 689664ad7acf13b07409abd4c2820dbe10255b68)
* Test that POSIX open of a directory returns NT_STATUS_FILE_IS_A_DIRECTORY ↵Jeremy Allison2009-05-261-0/+12
| | | | | | | (ERRDOS, EISDIR). Jeremy. (cherry picked from commit 935a1a89c6c027e068f79e3686396c28812f9e67)
* s3:winbind:idmap_ldap: fix a crash bug in idmap_ldap_unixids_to_sids (#6387)Michael Adam2009-05-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | This fixes a crash bug hit when multiple mappings were found by the ldap search. This crash was caused by an ldap asssertion in ldap_next_entry because was set to NULL in each iteration. The corresponding fix was applied to the idmap_ldap_sids_to_unixids() by Jerry in 2007 (b066668b74768d9ed547f16bf7b6ba6aea5df20a). This fixes the crash part of bug #6387. There is a logic part, too: The problem currently only occurs when multiple mappings are found for one given unixid. Now winbindd does not crash any more but it does not correctly handle this situation. It just returns the last mapping from the ldap search results. This needs fixing. Michael (cherry picked from commit e9010fa366746ec1ae948dbcf3493d446e23b14c) Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit 2b6dbddb9cc723fcbd2e4e22a9404d6b4ff805d7)
* Don't steal when we know the ptr will be null. Thanks to Simo forJeremy Allison2009-05-261-2/+1
| | | | | | pointing this out. Jeremy. (cherry picked from commit b6769282d60d20301f085243b3e747efffe2d637)
* Revert the last two commits (fix for #6386). The actual problemJeremy Allison2009-05-261-7/+9
| | | | | | | | was a bug in ldb in 3.2 which could return a freed pointer on ret != LDAP_SUCCESS. The main thing we must ensure is that we never talloc_steal until we know LDAP_SUCCESS was returned. Jeremy. (cherry picked from commit f3c3ee0f5dc6266f58e96606b73f55b812fe5171)
* Ensure all possible uses of indirection through res are checked afterJeremy Allison2009-05-261-6/+6
| | | | | | an ldb_search. Jeremy. (cherry picked from commit 64f6bd6c9b24e985fcd56765190046d3e9a5344e)
* Attempt to fix bug #6386 - Samba Panic triggered by Sophos Control Centre.Jeremy Allison2009-05-261-1/+1
| | | | | | Don't indirect a potentially null pointer. Jeremy. (cherry picked from commit b4f6bb84d1bcd5a09d7c20c2a7dac0bfb11f199f)
* Detect tight loop in tdb_find()Jim McDonough2009-05-261-0/+5
| | | | (cherry picked from commit dbd5dd808f14b1df0ed3dabd0553baddad2d186b)
* Add a security model to LSA. Similar to the SAMR code - usingJeremy Allison2009-05-261-88/+227
| | | | | | the MS-LSA docs. Jeremy. (cherry picked from commit c57de2c23d4208d4d7d06decdb1663670faa228d)
* Use SMB_VFS_NEXT_CLOSE. This VFS stuff is really opaque to me...Volker Lendecke2009-05-261-5/+1
| | | | | Thanks Michael to provide some transparency :-) (cherry picked from commit db9f5e1d7bb5a2ee3a42428dd1406f27c09d671f)
* Fix bug disclosed by lock8 torture testVolker Lendecke2009-05-261-0/+17
| | | | | | We have to drop the gpfs level share modes, regardless of whether we put the file into the pending close queue. (cherry picked from commit 0eaf040f469972d1dfd2b53d8df97bb135e3e4d4)
* s3-selftest: add add and delete group scripts using nss_wrapper.Günther Deschner2009-05-262-0/+4
| | | | | | Guenther (cherry picked from commit e11f9b46c6345471cca76b9772080d3bfd687852) (cherry picked from commit f6b0448f814e47ea9eccf895c5182565104acae7)
* nsswrapper: implement group_del() in nss_wrapper.pl.Günther Deschner2009-05-261-1/+22
| | | | | | Guenther (cherry picked from commit 3bd360c73de77559593e11301d247fd53c4ce128) (cherry picked from commit 28ed6d144647c4f0181e9a2650cabba91eb56f3e)
* nsswrapper: implement group_add() in nss_wrapper.pl.Günther Deschner2009-05-261-4/+105
| | | | | | Guenther (cherry picked from commit b3cc01fd68e30ebd616897982e0d8befd2a2a7e0) (cherry picked from commit e8c9731d5ffa1503dd695e2ab89450973c8a7acb)
* Added mapping table for account object in lsa.Jeremy Allison2009-05-262-0/+24
| | | | | Jeremy. (cherry picked from commit 1a219740537319c4369a10572c46949de566ce49)
* s3 onefs: Removing an incorrect TALLOC_FREEAravind Srinivasan2009-05-261-1/+0
| | | | | | Signed-off-by: Tim Prouty <tprouty@samba.org> (cherry picked from commit bb454b5fd95185a1456ea120b3a7c56f4a4f1c78) (cherry picked from commit d3bb598e656c22955dcb2f34dabcdc4946b61725)
* s3: Always allocate memory in dptr_ReadDirNameAravind Srinivasan2009-05-263-18/+45
| | | | | | | | | This is a follow up to 69d61453df6019caef4e7960fa78c6a3c51f3d2a to adjust the API to allow the lower layers allocate memory. Now the memory can explicitly be freed rather than relying on talloc_tos(). Signed-off-by: Tim Prouty <tprouty@samba.org> (cherry picked from commit bfe7383d7f0349fec796d04772d42d566f7f083b)
* s4 torture: Fix typoTim Prouty2009-05-261-1/+1
| | | | (cherry picked from commit 52d26c3a3a8914a608d8b318e01fee636cc83042)
* s3 sendfile: Fix two bugs in sendfileTim Prouty2009-05-261-3/+4
| | | | | | | | | | | | | These were found interally via code inspection. 1) fake_sendfile was incorrectly writing zeros over real data on a short read. 2) sendfile_short_send was doing 4 byte writes instead of 1024 byte writes due to an incorrect sizeof usage. Jermey, Vl please check (cherry picked from commit 7cd8dfc7bdbc6e0715bbd8eddf1ef11c622a8f72)
* s4-smbtorture: Fix build warning in RPC-SAMR tests.Günther Deschner2009-05-261-2/+2
| | | | | | Guenther (cherry picked from commit 518666102367ce21782cb0f597c136ac125cef05) (cherry picked from commit e14d0a1b3b4875db08d967131efb4e300d22bc12)
* s3: re-run make samba3-idl.Günther Deschner2009-05-263-0/+106
| | | | | | Guenther (cherry picked from commit d7142fb1b56073ca0d078d0214f70c2c77186fce) (cherry picked from commit 3f9e43e026d904798998a3d94e7f2e9318fd4d85)
* lsa: add access_masks for accounts, secrets and trusted domains to IDL.Günther Deschner2009-05-261-1/+24
| | | | | | Guenther (cherry picked from commit 7c22eed419fe877c51c6c4d1fecea0e2e4aa0b1b) (cherry picked from commit 3821bd0dec854e4ded4f01f58a13a65068be5643)
* Change access_check_samr_object -> access_check_object.Jeremy Allison2009-05-263-24/+25
| | | | | | | | Make map_max_allowed_access global. Change lsa_get_generic_sd to add Everyone:LSA_POLICY_READ|LSA_POLICY_EXECUTE, not just LSA_POLICY_EXECUTE. Jeremy. (cherry picked from commit 86e10fee0284bc1b9e68c0fc9720b80df3580517)
* s3-lsa: let _lsa_OpenPolicy() just call _lsa_OpenPolicy2().Günther Deschner2009-05-261-37/+6
| | | | | | Guenther (cherry picked from commit d06051cc51ded9649d4c201afdf338c2426e6f5f) (cherry picked from commit 966faaf60758cfc112a5779e357d434b4d045f9c)
* s3-selftest: enable RPC-SAMR-USERS-PRIVILEGES.Günther Deschner2009-05-261-1/+1
| | | | | | Guenther (cherry picked from commit 9e741b34b29eebfa3c0ca664a48e806007d572da) (cherry picked from commit 34da4e42cf077b4a8e4788156b7d7a980e1eefc7)
* s3-lsa: let _lsa_GetSystemAccessAccount() call into _lsa_EnumPrivsAccount().Günther Deschner2009-05-261-3/+23
| | | | | | | | | | | | | | | | Inspired by lsa server from Samba 4. Just removing a user in SAMR does not remove a user in LSA. If you use usermanager from windows, the "User Rights" management gui gets unaccessable as soon as you delete a user that had privileges granted. With this fix, that no longer existing user would properly appear as an unknown account in the GUI (as it does while using usermanager with windows domains). This almost makes Samba3 pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther (cherry picked from commit 6ab0c83570b2e60e0cd3bd5f5bfb1923fd359994) (cherry picked from commit 7303efac8438c17290d66ef48ba6321e57b7bdf9)
* s3-lsa: start a very basic implementation of _lsa_DeleteObject().Günther Deschner2009-05-261-1/+23
| | | | | | | | | Certainly not the full story but this gets us closer to pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther (cherry picked from commit 4724fef8979c3f0e66cb8e41936af270901093b4) (cherry picked from commit 0792ff10d5d7379bd5da81a05c642db1e66c6f4b)
* s4-smbtorture: add RPC-SAMR-USERS-PRIVILEGES test.Günther Deschner2009-05-262-9/+387
| | | | | | | | | This test demonstrates the independence of the lsa and samr accounts while remove a samr users that still has privileges granted. Guenther (cherry picked from commit 0a9049be872a0eaf56c1449f8b362b6d91dd781b) (cherry picked from commit 53324b397ed17a08eb093c8f98e8d645da68aac5)
* s3-privileges: add privilege_delete_account().Günther Deschner2009-05-262-0/+29
| | | | | | Guenther (cherry picked from commit dccecdf33850ec4d763b8b0e7ba7be7a8eb873de) (cherry picked from commit e3be289df092f3b16bdd06904cd543920e3da307)
* s3-privileges: remove trailing whitespace from privileges codes.Günther Deschner2009-05-262-105/+105
| | | | | | Guenther (cherry picked from commit 118f343b05ba86a1f8fd28394433aa6e961e2d6c) (cherry picked from commit 0f6e4c62c97e983a99ff2c917b0c7f2db3ca289b)
* Fix SAMR server for winbindd access. Ensure we allowJeremy Allison2009-05-261-2/+2
| | | | | | MAX_ACCESS to be mapped to what we're giving Everyone. Jeremy. (cherry picked from commit cb49ceb25d8be05148e3081a73f8db10915963f0)
* s3-samr: Fix samr access checks in _samr_SetUserInfo().Guenther Deschner2009-05-261-15/+110
| | | | | Guenther (cherry picked from commit c79ceb3345c56cff28b5e828188611c5fc80b1a7)
* s3-samr: Fix samr access checks in _samr_QueryUserInfo().Guenther Deschner2009-05-261-3/+71
| | | | | Guenther (cherry picked from commit 5c3c7f6921c9cff58cf4f85c0b691566bf4cd02e)
* Ensure users with SeAddUser privs get full access toJeremy Allison2009-05-261-2/+2
| | | | | | groups/aliases when opening. Jeremy. (cherry picked from commit 72f90581a78443efd6cf24bac635fe9032df18fd)
* Add extra abilities for a user with SeAddUsers, so theyJeremy Allison2009-05-261-2/+15
| | | | | | can manipulate groups and aliases. Jeremy. (cherry picked from commit 361caafeebb37f6247f7ede38a50a70323fdd107)
* DeleteUser doesn't need the priv checks, this is done at OpenUser time.Jeremy Allison2009-05-261-20/+0
| | | | | Jeremy. (cherry picked from commit c0ff7e5459bdf1351f6cb69e58a1f8105bcfd3dc)
* s3-samr: Fix samr access checks in _samr_RemoveMemberFromForeignDomain().Guenther Deschner2009-05-261-1/+1
| | | | | Guenther (cherry picked from commit 6d0981845ec005a48a82280e2ebfe85ac9b72537)
* s3-samr: Fix samr access checks in _samr_SetDomainInfo().Guenther Deschner2009-05-261-7/+22
| | | | | Guenther (cherry picked from commit c7e6db566ad2bd5ea6473753a720a9ccc9772b59)
* s3-samr: Fix samr access checks in _samr_QueryDomainInfo().Guenther Deschner2009-05-261-1/+31
| | | | | Guenther (cherry picked from commit 42ad75c9d31f6101103870e1055a7cd4b7f149fd)
* Fix the core of the SAMR access functions. This passes make test, butJeremy Allison2009-05-261-197/+156
| | | | | | | | | | | usrmgr fails against it. The core of this patch is to move all the access mask setup into the _samr_OpenXXX functions, and then have each specific function check the attached access_mask against the required bits. We can then go through the MS-SAMR doc and match things up. Signed off by Guenther, and writespace cleanup removal by Volker. Jeremy. (cherry picked from commit bdc797135151d4f85e6368d016bfb26389c6f055)
* s3-netdomjoin-gui: allow to switch between workgroups/domains with the same ↵Günther Deschner2009-05-261-2/+4
| | | | | | | | name. Guenther (cherry picked from commit d800ee50335ecbd2dbd3b451a18a00780ac28f04) (cherry picked from commit 9db1fc45786872d938939bd33b3b867ee599c9a2)
* s3-netdomjoin-gui: cosmetic fix for empty hostnames.Günther Deschner2009-05-261-0/+1
| | | | | | Guenther (cherry picked from commit 8c74d31962eb82f7dcc07000aeb27a84a633a225) (cherry picked from commit c03287c2f8d03363a26b0518b6370ddfaa7b5915)
* s3-netdomjoin-gui: only gray out labels when not root and not connecting toGünther Deschner2009-05-261-3/+3
| | | | | | | | remote machines. Guenther (cherry picked from commit 473bf41d20b25bd7d98ea6647e6295b3fb6f34e1) (cherry picked from commit 7115126d0f7d97c3633b62e76e2fdc681dedb36d)
* Fix bug 5681: Do not limit the number of network interfacesVolker Lendecke2009-05-264-25/+40
| | | | | | | | | | | Jeremy as far as I can see there is no real technical reason to limit the number of interfaces. If you like this patch, can you please merge it to 3.4? If you don't please tell me :-) Thanks, Volker (cherry picked from commit 71e835942522992c08267da74d480ad6552c6508)
* Move down the become_root()/unbecome_root() calls into the VFS modulesVolker Lendecke2009-05-262-8/+22
| | | | | | | The aio_fork module does not need this, as it does not communicate via signals but with pipes. Watching a strace log with those become_root() calls in aio.c is absolutely awful, and it does affect performance. (cherry picked from commit b8d12d3ffce304b4086488d999f85d80667e196e)
generated by cgit (git 2.34.1) at 2025-08-31 19:11:49 +0000