summaryrefslogtreecommitdiffstats
path: root/source3
Commit message (Collapse)AuthorAgeFilesLines
...
* s3-samr: implement _samr_OemChangePasswordUser2().Günther Deschner2009-05-261-10/+48
| | | | | | Guenther (cherry picked from commit d17c6af57c6e5ec10d71a9fcbffc6ce4d34a553f) (cherry picked from commit ae7d88941121190ef999c281a0ddd972e2661321)
* s3-samr: disable check for ACB_DISABLED in check_oem_password().Günther Deschner2009-05-261-1/+4
| | | | | | | | | | | It is a bad idea to just tell everyone that an account is disabled without really having checked the password first. Found by torture test. Guenther (cherry picked from commit c400fc1e1e9a0c3db82c9a96e9684c8debfb3b74) (cherry picked from commit e754be3e03f96952ab1d8a4af1762a9f68562fa3)
* s3-samr: rework check_oem_password() to take a struct samu, not to return one.Günther Deschner2009-05-261-39/+27
| | | | | Guenther (cherry picked from commit 2c0238226e95101b193615fd122e0494480b746a)
* s3-samr: Let _samr_TestPrivateFunctionsUser() return not supported.Günther Deschner2009-05-261-1/+0
| | | | | | | | This is to get us closer to pass RPC-SAMR-USERS. Guenther (cherry picked from commit 6aca5fca8dd73ff33cfac5000480520def04e7fa) (cherry picked from commit e43120ebef1d3e4c9710d4d913fda41f9b727bb9)
* s3-samr: let set_user_info_16 and 20 follow the same pattern as all other ↵Günther Deschner2009-05-263-29/+40
| | | | | | | | levels. Guenther (cherry picked from commit f05d888d7ab910b3ed39e4d36eeb52cb86bd990e) (cherry picked from commit 970ccd28f32e4b67188629b99a0a1a2d6762b897)
* s3-samr: support some more info levels in samr_SetUserInfo calls.Günther Deschner2009-05-263-0/+468
| | | | | | Guenther (cherry picked from commit f93f713898f2208fda51f24121b060ee09f5fe3a) (cherry picked from commit 07f33f9d7d9401390eb304866e5e1010b6d5ff13)
* s3-samr: support some more info levels in samr_QueryUser calls.Günther Deschner2009-05-261-0/+266
| | | | | | Guenther (cherry picked from commit b0df0e8cc76e67a977129aca8b254fe38de85ebd) (cherry picked from commit 281d035ab2ca526dc7772a1124d2c612ea2a6e6c)
* s3-samr: Fix _samr_Connect5(). In error case it still needs to return empty ↵Günther Deschner2009-05-261-1/+2
| | | | | | | | info1. Guenther (cherry picked from commit 599b9fe86eba932171bb4ec13347ed28ea5edebd) (cherry picked from commit 48818f8e5ebd64efa9fd26508422db7feba7dc25)
* After getting confirmation from Guenther, add 3 changes we'llJeremy Allison2009-05-261-13/+23
| | | | | | | | | | | | | | ultimately need to fix bug #6099 Samba returns incurrate capabilities list. 1). Add a comment to point out that r->in.negotiate_flags is an aliased pointer to r->out.negotiate_flags. 2). Ensure we return NETLOGON_NEG_STRONG_KEYS in our flags return if the client requested it. 3). Clean up the error exits so we always return the same way. Signed off by Guenther. Jeremy. (cherry picked from commit 78fb479325ce7073ab8383ada3903080d12aef91) (cherry picked from commit 2ea00bf3a65c76211a42d29adfa3f71e06c813e8)
* s3-netlogon: Fix NETLOGON credential chain. Fixes Bug #6099 (Windows 7 ↵Günther Deschner2009-05-261-2/+6
| | | | | | | | | | | | | | | | joining Samba3) and probably many, many more. Jeremy, with 9a5d5cc1db0ee60486f932e34cd7961b90c70a56 you alter the in negotiate flags (which are a pointer to the out negotiate flags assigned in the generated netlogon server code). So, while you wanted to just set the *out* negflags, you did in fact reset the *in* negflags, effectively eliminating the NETLOGON_NEG_STRONG_KEYS bit (formerly known as NETLOGON_NEG_128BIT) which then caused creds_server_init() to generate 64bit creds instead of 128bit, causing the whole chain to break. *Please* check. Guenther (cherry picked from commit 78754ab2c9b28ea8ab09d3fd1f5450abe721a2c1) (cherry picked from commit e527a1aa73b3fdb86787e9c55f6a01660b4d1a0f)
* s3-rpcclient: rework enumdrivers call a bit to allow queries like win7 does.Günther Deschner2009-05-261-69/+97
| | | | | | Guenther (cherry picked from commit b8ddb8765c6421b595737dac8deaeb88546a847a) (cherry picked from commit d0854a690d1ce25a0c4f0ed92a3706a90f12305f)
* s3-credentials: protect netlogon_creds_server_step() against NULL creds.Günther Deschner2009-05-261-0/+4
| | | | | | | | Found by SCHANNEL torture tests. Guenther (cherry picked from commit 8e490d2fa1c52be5da331df0b314508f77ec1f6e) (cherry picked from commit 80e1a92ae770fbf97b22e6e99103def755294992)
* s3-selftest: run RPC-SCHANNEL, RPC-SCHANNEL2 and RPC-BENCH-SCHANNEL1 against ↵Günther Deschner2009-05-261-0/+1
| | | | | | | | Samba3. Guenther (cherry picked from commit 949cd77ca2529249dc8cd04740c2ca342fb0c283) (cherry picked from commit 707be96878c5618f42470e10ec68ce859c307678)
* s3-auth: use full 16byte session key in make_user_info_netlogon_interactive().Günther Deschner2009-05-262-3/+2
| | | | | Guenther (cherry picked from commit b5097d54cb74ca0ea328f9e029562f65f4a01134)
* Fix bug 6336: "net groupmap set" segfaultsVolker Lendecke2009-05-261-2/+4
| | | | (cherry picked from commit 33a53cb98a5f66d56ca1e0633297065f05d12a48)
* s3-rpcclient: print more infolevels in printer and driver info levels.Günther Deschner2009-05-261-7/+238
| | | | | | Guenther (cherry picked from commit d77c45675744895b01d905f7f27ae55e64264c26) (cherry picked from commit 133a98abd58ccecb15f493bf74f6e3e076b87dcd)
* s3-printing: fix debug statement in virtual registry layerGünther Deschner2009-05-261-1/+1
| | | | | | | | (key_driver_fetch_keys). Guenther (cherry picked from commit 7ac1ae8d1c3bcf4d001e29fdc1ee314dcbe3df76) (cherry picked from commit 5ebe6755699fb970368580d4394289f9028ce9a8)
* s3-printing: simplify print_queue helper functions and return WERROR.Günther Deschner2009-05-264-42/+23
| | | | | | Guenther (cherry picked from commit 9966541f89b45834cdf63060202621f885bf9f5c) (cherry picked from commit 4d67491ef558c96fd57a959bb58df9efa5e83ceb)
* s3:loadparm: handle registry config source in file_list - fixes bug #6320Michael Adam2009-05-261-34/+44
| | | | | | Michael (cherry picked from commit 4842e45d59dbd6c9ac138e796d30fcf747807d1c) (cherry picked from commit a2c023c5511d5f07def53da7e72cc32c52434ccf)
* Fix Coverity ID 897: REVERSE_INULLVolker Lendecke2009-05-261-1/+1
| | | | (cherry picked from commit c4a15b70b894e413ac76f4c8d7c04d8eedeba723)
* s3 onefs: Turn up the debug level for non-error casestprouty2009-05-261-3/+3
| | | | (cherry picked from commit e4628c6fc7348f56666adc69722809ea539c4fe7)
* s3: Fix trans2 path to use case-insensitive stat optimizationtprouty2009-05-263-8/+57
| | | | | | | | | | | | | | | | | | | | | Often times before creating a file, a client will first query to see if it already exists. Since some systems have a case-insensitive stat that is called from unix_convert, we can definitively return STATUS_NO_SUCH_FILE to the client without scanning the whole directory. This code path is taken from trans2querypathinfo, but trans2findfirst still does a full directory scan even though the get_real_filename (the case-insensitive stat vfs call) can prevent this. This patch adds the get_real_filename call to the trans2find* path, and also changes the vfs_default behavior for SMB_VFS_GET_REAL_FILENAME. Previously, in the absence of a get_real_filename implementation, we would fallback to the full directory scan. The default behavior now returns -1 and sets errno to EOPNOTSUPP. This allows SMB_VFS_GET_REALFILENAME to be called from trans2* and unix_convert. (cherry picked from commit 92558a875ebf842e652614a5519ae101dd62ffd1)
* s3:onefs.so Change system function namesSteven Danneman2009-05-261-4/+4
| | | | | Addendum to c49730e1. Use newer cookie conversion names. (cherry picked from commit f4e2f7bc23da5f73311bb7adeab2838af14bdeaf)
* Fix bug 6302: Give the VFS a chance to read from 0-byte filesVolker Lendecke2009-05-261-8/+9
| | | | (cherry picked from commit 651ae5c705c15c84882f6c1c3d73292794c63aa9)
* s3:loadparm: use the returnvalue of service_ok() in process_smbconf_service().Michael Adam2009-05-261-1/+1
| | | | | | Michael (cherry picked from commit 0ca795ef4fab1f880c2b76d7fe8f0aabb302b6e2) (cherry picked from commit e606a32d2981a67290379e7b2d4da7237746731a)
* s3-ldap: fix more callers of smbldap_dn_talloc() that were passing a NULL ↵Günther Deschner2009-05-262-2/+2
| | | | | | | | context. Guenther (cherry picked from commit fee4c99be494b9679c414d6ba1938aa88adeacd3) (cherry picked from commit 10c009cec59358ec11a9d25242fe395f31f671a6)
* s3-ldapsam: Fix Bug #6313: ldapsam_update_sam_account() crashes while doing ↵Günther Deschner2009-05-261-1/+1
| | | | | | | | talloc_free on malloced memory. Guenther (cherry picked from commit 5b37df21f6af52d20ad3a25361b1d7faa51308d1) (cherry picked from commit 079c52a2c39ca2723402e7c6e2f8fd5825c2c40f)
* s3-printing: Fix driver upload for Xerox 4110 PS printer driver.Günther Deschner2009-05-261-0/+2
| | | | | | | | | | | | | | | | | | | | | | | We need to allow to set filesystem capabilities from the default vfs in create_conn_struct() in order to find mixed-case filenames. Thanks Volker! This one was hard to find, so a little longer explanation: When a Windows client tries to upload e.g. the Xerox 4110 PS driver, the client first uploads the driver files to the [print$] share. Some of them (in this case the Windows Postscript drivers) are with uppercase filenames while some of them (like the PPD file) are in lowercase. After the driver upload the client issues the spoolss_AddPrinterDriverEx() call with level 6. There the client tries to add the PPD file with an uppercase filename (while having stored it in lowercase on the server). The internal spoolss add driver functions then could not find the appropriate filename while trying to move them to the version subdirectory (in this case W32X86/3) and fails then entire spoolss_AddPrinterDriverEx() call. With this fix, the convert_unix_name() name finds the correct file and the spoolss_AddPrinterDriverEx() succeeds. Guenther (cherry picked from commit fe839b65a7b4e8d5e085287b7d33ee1f970fe7c2) (cherry picked from commit d9233f534e9087cf6b35db5b72aefdd396b772e0)
* s3:onefs.so fix issue with missing entries when enumerating directoriesSteven Danneman2009-05-261-130/+75
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This bug prompted several, fairly large changes to the of OneFS's readdirplus() within Samba. One fundamental problem is that we kept our cache cursor pointed at the next entry to be returned from onefs_readdir(), while the resume cookie needed to refill the cache such that our cursor would be on this entry, was located in the previous cache entry. This meant that to correctly handle seekdir() cases which could be found within the existing cache, and cases where a cache reload was needed, required that the cache always hold at least two entries: the entry we wished to return, and the previous entry which held the resume cookie. Since the readdirplus() syscall gives us no guarantee that it will always return these two direntries, there was a fundamental problem with this design. To fix this problem, I have rearchitected the onefs_readdir() path to keep its pointer on the entry which contains the resume_cookie, not the entry which will be returned next. Essentially, I changed onefs_readdir() from a "return an entry then increment the cursor" model to "increment the cursor then return an entry". By doing this, we only require that a single entry be within the cache: the entry containing the resume cookie. Second, there have been numerous off-by-one bugs in my implementation of onefs_seekdir() which did a mapping between the 64-bit resume cookie returned by readdirplus() and its own monotonically increasing "location" offset. Furthermore, this design caused a somewhat frequent waste of cycles, as in some cases we'd need to re-enumerate the entire directory to recover the current "location" from an old resume cookie. As this code was somewhat difficult to understand, prone to bugs, and innefficient in some cases I decided it was better to wholesale replace it now, rather than later. It is possible to algorithmically map the 64-bit resume cookies from readdirplus() into 32-bit offset values which SMB requires. The onefs.so module now calls into a system library to do this conversion. This greatly simplifies both the seekdir() and telldir() paths and is more efficient. (cherry picked from commit aeb7de50b51840bddcdd4cbe6d96a4066b5116f0)
* Fix bug #6315 smbd crashes doing vfs_full_audit on IPC$ close event.Jeremy Allison2009-05-261-3/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The underlying problem is that once SMBulogoff is called, all server_info contexts associated with the vuid should become invalid, even if that's the context being currently used by the connection struct (tid). When the SMBtdis comes in it doesn't need a valid vuid value, but the code called inside vfs_full_audit always assumes that there is one (and hence a valid conn->server_info pointer) available. This is actually a bug inside the vfs_full_audit and other code inside Samba, which should only indirect conn->server_info on calls which require AS_USER to be set in our process table. I could fix all these issues, but there's no guarentee that someone might not add more code that fails this assumption, as it's a hard assumption to break (it's usually true). So what I've done is to ensure that on SMBulogoff the previously used conn->server_info struct is kept around to be used for print debugging purposes (it won't be used to change to an invalid user context, as such calls need AS_USER set). This isn't strictly correct, as there's no association with the (now invalid) context being freed and the call that causes conn->server_info to be indirected, but it's good enough for most cases. The hard part was to ensure that once a valid context is used again (via new sessionsetupX calls, or new calls on a still valid vuid on this tid) that we don't leak memory by simply replacing the stored conn->server_info pointer. We would never actually leak the memory (as all conn->server_info pointers are talloc children of conn), but with the previous patch a malicious client could cause many server_info structs to be talloced by the right combination of SMB calls. This new patch introduces free_conn_server_info_if_unused(), which protects against the above. Jeremy. (cherry picked from commit 4b3bd6d0ba3348659615e69b3508969aa41e7de4)
* Do not crash in ctdbd_traverse if ctdbd is not aroundVolker Lendecke2009-05-261-0/+5
| | | | (cherry picked from commit 7ad42cc74322a1435c9cce9b286b13cd9b490ec6)
* Increase debug level of "create_connection_server_info failed" messageVolker Lendecke2009-05-261-1/+1
| | | | | | I don't think we should unconditionally send every refused connection attempt to a share to syslog, that's where all debug level 0 messages end up. (cherry picked from commit 8c7afce8bb86cda773c713459bb18233dc4848a3)
* Fix bug 6136: New AFS syscall conventionsGeza Gemes2009-05-263-4/+24
| | | | | | | | | Haven't checked this myself, but as I've already got several reports that Samba won't compile against current OpenAFS anymore, I just believe Geza Gemes. This patch only affects AFS code, so it should not hurt anything else. Volker (cherry picked from commit 70231f2d88b96da365e56c8d077749366509a4e1)
* Fix bug #6291 - force user stop working.Jeremy Allison2009-05-261-1/+37
| | | | | | | | A previous fix broke the invariant that *uid is always initialized on return from create_token_from_username(). Restore it. Jeremy. (cherry picked from commit e178c02a216fefc8295a7fd2d623c888c81f8734)
* s3:config.sub: clean some space/tab mixup that git complains aboutMichael Adam2009-05-261-1/+1
| | | | | | Michael (cherry picked from commit 384c1aaa8ee8879b6cc4bc34dfc4d3c9fa11667b) (cherry picked from commit ec02a0c1ceea2afc9324f6f069941deaed38c22d)
* s3:config.sub: replace old FSF address by the web site url.Michael Adam2009-05-261-3/+1
| | | | | | Michael (cherry picked from commit f3308b91d75356a83e99aade7e88d2cd1edc2042) (cherry picked from commit c14f81738b64377e978a87681b5e687fa9d4d2a2)
* s3:config.sub: move to GPLv3Michael Adam2009-05-261-1/+1
| | | | | | Michael (cherry picked from commit 62a69994f252f7cc98ef12bc39a25a2ee25afb0a) (cherry picked from commit 1b4ab194a9f20ee1392bd54dbb82a6384c4b8b3d)
* s3:update config.sub from gnu.org (2009-04-17)Michael Adam2009-05-261-48/+157
| | | | | | | | | | | as requested in bug #6292. This is taken from http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD Michael (cherry picked from commit f81c02c3f31a4700d32aff884254fcd752797be7) (cherry picked from commit 09192e196bb20e7b8e4203debf9a7e4dc51e1c36)
* s3:config.guess: clean some whitespace/tab mixtures that git complains aboutMichael Adam2009-05-261-2/+2
| | | | | | Michael (cherry picked from commit faaa306c6ae7b00fa5e53321203f072776eefa0a) (cherry picked from commit c59d97195dc8002b6837e17f5e37be26c7ee5dd3)
* s3:config.guess: replace old FSF address by the web site url.Michael Adam2009-05-261-3/+1
| | | | | | Michael (cherry picked from commit d230ac7b322827930de2e1b922cd4b6a597c933f) (cherry picked from commit 198736e1f17c43853f200435f1c1969e13aed77d)
* s3:config.guess: move to GPLv3Michael Adam2009-05-261-1/+1
| | | | | (cherry picked from commit fee78294589a02090887233ad112c69d3a5bd383) (cherry picked from commit 76a8b17f4f2a48baa6d847648b2d7442b63888bc)
* s3:update config.guess form gnu.org (version 2009-04-27)Michael Adam2009-05-261-27/+125
| | | | | | | | | | | as requested in bug #6292. This is taken from http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD Michael (cherry picked from commit 1188c78f53fb7d56f4bf61c41fe635b639a311fd) (cherry picked from commit 20fcbc85ddb59c7972422471705841cb8595d7ec)
* s3-netapi: Fix Bug #6309: support remote unjoining of Windows 2003 or greater.Günther Deschner2009-05-262-2/+4
| | | | | | | | Found by David Markey <admin@dmarkey.com>. Thanks! Guenther (cherry picked from commit ab4b8c9c0438bc5afca17e3ebf05dde6f98bc0aa) (cherry picked from commit 942d47e5ed583e29afaa005f9ca6251373db8e2f)
* s3-printing: rework move_driver_file_to_download_area() a bit for clarity.Günther Deschner2009-05-261-32/+40
| | | | | | Guenther (cherry picked from commit baf78506895b8bd50433058ba0f18e1aaf8aeee5) (cherry picked from commit 492b5cfea364c60376245962a8777e04e31e8392)
* s3-lsa: use LSA_POLICY_MODE flags in _lsa_GetSystemAccessAccount().Günther Deschner2009-05-262-7/+2
| | | | | | Guenther (cherry picked from commit af5a71d5280984a7d707e39fb522ecc7e1b71436) (cherry picked from commit c89fdbed5286806d9a9b0b4a5d35870f7989baf7)
* s3-nss_wins: Fix unresolved ldb symbols in libnss_wins.so.Günther Deschner2009-05-261-1/+1
| | | | | | | | The objects for this module should probably be cleaned up once. Guenther (cherry picked from commit eee446a94841a5df97b3a47c7076ef52fb5ccdcf) (cherry picked from commit d5da80b175b8e7e12070577abdab4f57917727a3)
* s3-spoolss: avoid referring to uid 0 in spoolss server (use ↵Günther Deschner2009-05-261-3/+3
| | | | | | | | sec_initial_uid() instead). Guenther (cherry picked from commit d22965e2e596c8ad78f5330398d43d96bf564773) (cherry picked from commit 6ca91ff2d56f33a96e013cc3ab796ba38aa10dcd)
* s3-printing: use move_driver_file_to_download_area() to avoid code duplication.Günther Deschner2009-05-261-144/+54
| | | | | | Guenther (cherry picked from commit 233bfb25c9443688f74c506348b0a7b34489e1d1) (cherry picked from commit bbeefe338e654cb0f43281d9dabe77b59fa931d6)
* s3-printing: add move_driver_file_to_download_area().Günther Deschner2009-05-261-0/+40
| | | | | | Guenther (cherry picked from commit a2a155bee59c7e849a492933d1ea5769e409bac5) (cherry picked from commit be680b2aae289cc7e173c4a76802fe09ff7882f6)
* Re-import the v3-3 version of str_list_make().Volker Lendecke2009-05-261-7/+59
| | | | | | | | | | | | | | | The merged version behaves differently: "Domain Users" is parsed into two values, as it does not look at quotes. Samba3 users depend on the ability do say for example valid users = "domain users" which would not work anymore with the merged version. Thanks to Björn Jacke for testing this! Volker (cherry picked from commit 5b9477f9930d0c6511c70409561c04c5729bcc05)
generated by cgit (git 2.34.1) at 2025-09-04 15:58:24 +0000