summaryrefslogtreecommitdiffstats
path: root/source3/lib
Commit message (Collapse)AuthorAgeFilesLines
* s3-netapi: remove pointless use_memory_krb5_ccache.Günther Deschner2011-10-262-20/+0
| | | | | | | | This breaks the ABI. Guenther See bug #7465 for more details.
* s3-netapi: allow to use default krb5 credential cache for libnetapi users.Günther Deschner2011-09-262-7/+23
| | | | Guenther
* s3: Make map_open_params_to_ntcreate() available in lib/Volker Lendecke2011-08-181-0/+141
|
* s3: Make is_executable() available in lib/Volker Lendecke2011-08-181-0/+17
|
* s3:smbldap: make smbldap_connect_system self containedGregor Beck2011-07-041-6/+11
| | | | The last 5 patches address bug #8253 (winbindd panics if verify_idpool() fails).
* s3:smbldap: add a destructor to smbldap_state, just in caseGregor Beck2011-07-041-0/+7
|
* s3:smbldap: let smbldap_free_struct do what it claims toGregor Beck2011-07-041-2/+1
|
* s3:smbldap: free the idle event scheduled in smbldap_open in smbldap_closeGregor Beck2011-07-041-1/+2
|
* s3:smbldap: use smbldap_state as memory context for idle eventGregor Beck2011-07-041-2/+2
| | | | | ensure the event is canceled if the smbldap_state gets freed this fixes a panic of winbindd if verify_idpool fails
* s3:lib/access: normalize IPv4 mapped IPv6 addresses in both directions (bug ↵Stefan Metzmacher2011-06-071-14/+17
| | | | | | | | | | #7383) metze (cherry picked from commit 4bfe2d5655d97fbc7e65744425b5a098e77f5ba1) (cherry picked from commit 62b2083c627abeb8a2fb7e5adc793c630d0d561c) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* Fix bug #7528 - Solaris with NIS autohome.Jeremy Allison2011-06-011-0/+3
|
* Fix is_myname_or_ipaddr() to be robust against strange DNS setups.Jeremy Allison2011-04-201-31/+57
| | | | | | | | | | | | | | | | If IPv6 DNS names are turned on, but Samba isn't configured to listen on an IPv6 interface, then is_myname_or_ipaddr() can return false on a valid DNS name that it should detect is our own. If the IPv6 addr is returned by preference, then looking at the first addr only causes is_myname_or_ipaddr() to fail. We need to look at all the addresses returned by the DNS lookup and check all of them against our interface list. This is an order N^2 lookup, but there shouldn't be enough addresses to make this a practical problem. Jeremy. Fix bug #8038 - Connecting to a printer can return INVALID_PARAMETER when IPv6 DNS names are turned on.
* alpha_strcpy() is a utility function which reportedly: Strips out all but ↵David Disseldorp2011-04-041-3/+9
| | | | | | | | | | 'a-Z0-9' and the character in other_safe_chars and replaces with '_'. This statement does not currently hold true in all cases (e.g. src = "ТАНЦЕВАТЬ"). Part of a fix for bug 8040 - smbclient segfaults when a Cyrillic netbios name or workgroup is configured.
* Fix bug 8040 - smbclient segfaults when a Cyrillic netbios name or workgroup ↵Jeremy Allison2011-04-041-2/+22
| | | | | | | | | | | | | | | | | | | | | | | | is configured. As discovered by David Disseldorp <ddiss@suse.de>, convert_string_talloc() doesn't always return consistent results for a zero length string. The API states an incoming string must *always* contain the terminating null, but unfotunately too much code expects passing in a zero source length to return a null terminated string, so at least ensure we return a correct null string in the required character set and return the correct length. Also ensure we cannot return a zero length for a converted string (we ensure that the returned buffer is always allocated and zero terminated anyway) as calling code depends on the fact that returning true from this function will *always* return a non-zero length (as it must include the terminating null). Note this is a different fix from what went into master (this is identical to the fix I'm planning for 3.5.x) as convert_string_talloc() has diverged between the two. Jeremy.
* s3: use getgrset() when it is availableChristian Ambach2011-03-291-2/+57
| | | | | | | | | | | | | | When getgrouplist() is not defined, use getgrset() if it is defined instead of using the initgroups() + getgroups() combo Major contributions from Yannick Bergeron <yaberger@ca.ibm.com> Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sat Mar 19 10:09:38 CET 2011 on sn-devel-104 (cherry picked from commit ed46dfc4f16e230645fae5f3b3b21c462694c30a) Fix bug #8012 (Use getgrset() instead of initgroups() + getgroups() when getgrouplist() is not defined).
* s3:util_seaccess: make sure that we don't grant SEC_STD_DELETE to the owner ↵Stefan Metzmacher2011-03-251-13/+11
| | | | | | | | | | | | | by default In the file server SEC_STD_DELETE is granted on the file/directory or by FILE_DELETE_CHILD on the parent directory. metze (similar to commit c7d10179108a3ae8af15c838042294f3fdced03c) The last 2 patches address bug #8034 (SEC_STD_DELETE is always granted to the owner of a file).
* Fix inode generation so nautilus can count total dir size correctlyNikolay Martynov2011-03-232-11/+372
| | | | | Fix bug #8010 (str_checksum often returns same value for different strings [Patch]).
* Fix bug #8005 - smbtorture4 BASE-TCONDEV fails when tested on SambaJeremy Allison2011-03-231-2/+6
| | | | | | | | | | | | When pulling non-aligned ucs2 strings, we neglected to add in the pad byte to the buffer length we've eaten. This caused the device string in TCONX (which seems to be one of the few places that uses non-aligned ucs2 strings) to be incorrectly read. Volker please check. Jeremy. (cherry picked from commit e59a950c049679f0394ea41b463dbb9837eb5e63)
* Fix denial of service - memory corruption.Jeremy Allison2011-02-286-4/+45
| | | | | | | | | | | | | | | | | | | | | | | CVE-2011-0719 Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open). All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date. (cherry picked from commit c3ad6eb506623435d3d9ce62d6f34ed1c960d4be)
* s3:lib/events: use DLIST_DEMOTE() for fd eventsStefan Metzmacher2011-02-051-0/+1
| | | | | | | | | | | | | | | This makes sure that fd events doesn't dry out, because a fd with a lower number is busy. metze The last 3 patches address bug #7942 (inotify can somehow cause endless loops in with select()). Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jan 31 16:59:44 CET 2011 on sn-devel-104 (cherry picked from commit ad10289ebcc78ab62ec86abb29f81eb769d17f4e) (cherry picked from commit 3d2f72844a221dbdfe94fbf6e2b45c98ee158a9b)
* s3:lib/events: don't loop over fd events is select gave -1Stefan Metzmacher2011-02-051-1/+1
| | | | | | metze (cherry picked from commit 1f2be10ebf4cc06e3b7aac41ea35bfc4a41ce828) (cherry picked from commit d506b574bb94fdc23c5a62c5326cd478b5b63a11)
* s3:lib/netapi: don't set SAMR_FIELD_FULL_NAME if we just want to set the ↵Stefan Metzmacher2011-01-081-3/+0
| | | | | | | | | | account name (bug #7896) metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Dec 30 18:09:13 CET 2010 on sn-devel-104 (cherry picked from commit f1d15ea54c313e71fc032b2ed191bdecad868858)
* v3-5-test: Pull in tevent_req_poll_ntstatus from masterVolker Lendecke2010-12-261-0/+11
|
* Fix our privileges code to display privileges with the "high" 32-bit value set.Jeremy Allison2010-11-241-11/+15
| | | | | | | | | | SeSecurityPrivilege is the first LUID we have added that has a non-zero "high" value, ensure our LUID code correctly supports it. Jeremy. The last 14 patches address bug #7716 (acl_xattr and acl_tdb modules don't store unmodified copies of security descriptors).
* Add SeSecurityPrivilige.Jeremy Allison2010-11-242-5/+4
| | | | Jeremy.
* Fix bug #7743 - Inconsistent use of system name lookup can cause a domain ↵Jeremy Allison2010-11-111-1/+1
| | | | | | | | | | joined machine to fail to find users. Ensure all username lookups go through Get_Pwnam_alloc(), which is the correct wrapper function. We were using it *some* of the time anyway, so this just makes us properly consistent. Jeremy.
* s3: Attempt to fix bug 7665Volker Lendecke2010-11-1111-136/+295
| | | | | | | Quite a few of our internal routines put stuff on talloc_tos() these days. In top-level netapi routines, properly allocate a stackframe and clean it again. Also, don't leak memory in the rpccli_ callers onto the libnetapi context.
* s3:lib/util_str: add strlen_m_ext_term() - variant of strlen_m_ext() ↵Michael Adam2010-11-111-0/+8
| | | | counting terminator
* s3:lib/util_str: add strlen_m_ext() that takes the dest charset as a parameter.Michael Adam2010-11-111-12/+52
|
* s3: Remove a global variable in bugfix for bug 7665Volker Lendecke2010-09-252-7/+11
|
* s3-libnetapi: Fix Bug #7665, memory leak in netapi connection manager.Günther Deschner2010-09-251-30/+65
| | | | | Guenther (cherry picked from commit 6f47a24bc55be0ea907594a748774675a105b5e3)
* s3: fix build on platforms without st_blocks and st_blksize stat struct membersBjörn Jacke2010-09-251-0/+9
| | | | This fixes bug 7474.
* Fix bug #7669.Jeremy Allison2010-09-151-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in Samba4). CVE-2010-3069: =========== Description =========== All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. A connection to a file share is needed to exploit this vulnerability, either authenticated or unauthenticated (guest connection). (cherry picked from commit a34c3e999bb1ea61da31c5b3e845b19663039358)
* Fix bug 7590 - offline login fails because winbind deletes cache on every ↵Jeremy Allison2010-08-161-1/+1
| | | | | | | | | | | startup. Sync lib/tdb_validate.c with the change in current master. Change tdb_validate_open() to always use O_RDWR instead of O_RDONLY, as (from the bug report): "db_check() will always return failure for a read-only database. Silently, without any log output, when _tdb_lockall() fails." Jeremy.
* s3-netdomjoin-gui: Fix Bug #7500. Fix 'not a string literal' warning in ↵Günther Deschner2010-06-091-1/+1
| | | | | | | | | | | netdomjoin-gui. Patch from Buchan Milne <bgmilne@mandriva.org>. Thanks! Guenther (cherry picked from commit 575b1018c65312e9eab562cf4851524cf2f8f24a)
* s3:lib/time: remove TIME_T_MIN/MAX definesBjörn Jacke2010-04-121-8/+0
| | | | | | | we already get them from lib/util/time.h (cherry picked from commit f5729dbb6e720cb6076ea053f1ad0680259e6b39) The last two patches address bug #7352 (TIME_T_MAX defines inconsistent).
* s3: Remove the unused parameter "persistent" from fetch_locked_internal ↵Volker Lendecke2010-03-311-8/+2
| | | | | | (cherry picked from commit a5db27936e9c6aad99300ea46808481803f57e08) The last 32 patches address bug #7232 (CTDB persistent transactions are racy).
* s3: db->persistent==true was handled earlier, make this more obvious (cherry ↵Volker Lendecke2010-03-311-1/+1
| | | | picked from commit c7835a4845bbc7e4d340a75229866b2d4946f6eb)
* s3: Add "g_lock_do" as a convenience wrapper function (cherry picked from ↵Volker Lendecke2010-03-311-0/+64
| | | | commit 79100c242153ea174a4405afd45cbf635da313aa)
* s3: Fix timeout calculation if g_lock_lock is given a timeout < 60sVolker Lendecke2010-03-311-1/+6
| | | | | Detected while showing this code to obnox :-) (cherry picked from commit f8b246e44c819b909b23b4b98ef0999c84d2f4ff)
* s3: Slightly increase parallelism in g_lockVolker Lendecke2010-03-311-1/+7
| | | | | | There's no need to still hold the g_lock tdb-level lock while telling the waiters to retry (cherry picked from commit 83542d973ca771353109c7da4b0391d6ba910f53)
* s3: Avoid starving locks when many processes die at the same timeVolker Lendecke2010-03-311-6/+4
| | | | | | | | In g_lock_unlock we have a little race between the process_exists and messaging_send call: We only send to 5 waiters now, they all might have died between us checking their existence and sending the message. This change makes g_lock_lock retry at least once every minute. (cherry picked from commit be919d6faed198cdc29322a4d9491946c0b044b3)
* s3: Avoid a thundering herd in g_lock_unlockVolker Lendecke2010-03-311-1/+16
| | | | | | | Only notify the first 5 pending lock waiters. This avoids a thundering herd problem that is really nasty in a cluster. It also makes acquiring a lock a bit more FIFO, lock waiters are added to the end of the array. (cherry picked from commit 725b3654f831fbe0388cc09f46269903c9eef1d7)
* s3: Optimize g_lock_lock for a heavily contended caseVolker Lendecke2010-03-311-3/+36
| | | | | | | Only check the existence of the lock owner in g_lock_parse, check the rest of the records only when we got the lock successfully. This reduces the load on process_exists which can involve a network roundtrip in the clustered case. (cherry picked from commit 07978bd175395e0dc770f68fff5b8bd8b0fdeb51)
* s3: Fix handling of processes that died in g_lockVolker Lendecke2010-03-311-3/+5
| | | | | | g_lock_parse might have thrown away entries from the locks array because the processes were not around anymore. Don't store the orphaned entries. (cherry picked from commit f3bdb163f461175c50b4930fa3464beaee30f4a8)
* s3: Fix a typo (cherry picked from commit ↵Volker Lendecke2010-03-311-1/+1
| | | | bac235dd302570850bb25194ff4bd39b6d653f0d)
* Fix warning messages on compile in g_lock.c Volker & Michael please check.Jeremy Allison2010-03-311-14/+4
| | | | | Jeremy. (cherry picked from commit 10e54fb422d9f1ae6d33e5fabbf8c651b0e57a8c)
* s3:g_lock: remove a nested event loop, replacing the inner loop by selectMichael Adam2010-03-311-38/+101
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This made smbd crash in g_lock_lock() when trying to start a transaction on a db with an already started transaction, e.g. in a tcon_and_X where the share_info.tdb was not yet initialized but share_info.tdb was already locked by another process or writing acces to the winreg rpc pipe where the registry tdb was already locked by another process. What we really _want_ to do here by design is to react to MSG_DBWRAP_G_LOCK_RETRY messages that are either sent by a client doing g_lock_unlock or by ourselves when we receive a CTDB_SRVID_SAMBA_NOTIFY or CTDB_SRVID_RECONFIGURE message from ctdbd, i.e. when either a client holding a lock or a complete node has died. Doing this properly involves calling tevent_loop_once(), but doing this here with the main ctdbd messaging context creates a nested event loop when g_lock_lock() is called from the main event loop. So as a quick fix, we act a little corasely here: we do a select on the ctdb connection fd and when it is readable or we get EINTR, then we retry without actually parsing any ctdb packages or dispatching messages. This means that we retry more often than necessary and intended by design, but this does not harm and it is unobtrusive. When we have finished, the main loop will pick up all the messages and ctdb packets. The only extra twist is that we cannot use timed events here but have to handcode a timeout for select. Michael (cherry picked from commit 83fffbeb44441a87569e543054af21d975eb20ae)
* s3:ctdb_conn: add ctdbd_conn_get_fd() to get the fd out of the ctdb connectionMichael Adam2010-03-311-0/+5
| | | | | Michael (cherry picked from commit e4af0bc5af2c3ee025ca7fac251c3672ba2c8dd5)
* s3:g_lock: remove an unreached code path.Michael Adam2010-03-311-4/+0
| | | | | Michael (cherry picked from commit 8e306b51b79d3dacd68be9f13aa8455e2eb4c03f)
generated by cgit (git 2.34.1) at 2025-08-28 14:13:15 +0000