summaryrefslogtreecommitdiffstats
path: root/source3
Commit message (Collapse)AuthorAgeFilesLines
* s3/getdcname: Fix 'net' crash.Kumar Thangavelu2009-06-021-2/+2
| | | | | | | | | | 'net' command crashed when attempting to join a domain. This occurred in a very specific case where the DC had multiple IPs and one of the IPs was invalid. Signed-off-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 795692bd9546b91647ea96cc43ebb5c8efc0aaf2) (cherry picked from commit 1b401a1b5374d037757954bb023287fa57b1c9b9)
* s3-selftest: use nss_wrapper.pl as "add user to group" and "delete user from ↵Günther Deschner2009-06-021-5/+7
| | | | | | | | group" script. Guenther (cherry picked from commit 7a5475f098c6a20f867adc081ca455e6c393755b) (cherry picked from commit 1a129e79baac7c7ebbc63c9e077ede4b123cf390)
* Fix bug #6419 - smbclient -L 127.0.0.1" displays "netbios name" instead of ↵Jeremy Allison2009-06-021-3/+26
| | | | | | | | | "workgroup" Unify the handling of the sessionsetup parsing so we don't get different results when parsing a guest reply than an ntlmssp reply. Jeremy. (cherry picked from commit 736c4dddef28d53b55e58a6f62784f068e88dc01)
* s3: make passdb backend defaults to tdbsamBjörn Jacke2009-06-021-1/+1
| | | | (cherry picked from commit f15af8bf2def12eedd967b6e0e411f690be2f804)
* Fix bug #6421 - POSIX read-only open fails on read-only shares.Jeremy Allison2009-06-022-8/+12
| | | | | | | | | | | The change to smbd/trans2.c opens up SETFILEINFO calls to POSIX_OPEN only. The change to first smbd/open.c closes 2 holes that would have been exposed by allowing POSIX_OPENS on readonly shares, and their ability to set arbitrary flags permutations. The O_CREAT -> O_CREAT|O_EXCL change removes an illegal combination (O_EXCL without O_CREAT) that previously was being passed down to the open syscall. Jeremy. (cherry picked from commit d49ae9c87d182f32702a0b6a1cc2a2038f31d81d)
* Simplify the dropbox patchJeremy Allison2009-06-021-5/+10
| | | | (cherry picked from commit 0d32230c17dbfa5e790d2023ba655f109938ef28)
* Re-Add the "dropbox" functionality with -wx rights on a directoryVolker Lendecke2009-06-021-3/+3
| | | | (cherry picked from commit 78aecba62195822f3edb6134548657cf7ba9037c)
* s3-netlogon: Fix _netr_LogonSamLogon{Ex} with validation level != 3.Günther Deschner2009-06-021-6/+7
| | | | | | Guenther (cherry picked from commit 90b38906541de554e3964d96ed83a7c71b5ea05c) (cherry picked from commit a8868d7fbf51e4706a7d2ee44a9066a8e1efcb4a)
* s3-netlogon: return proper error code for unsupported validation class.Günther Deschner2009-06-021-1/+1
| | | | | | Guenther (cherry picked from commit 65f86a644a8171a99c63b6cb32e01e22897174f6) (cherry picked from commit 745f8d37fffe9d2ac2938101b08ff39ebf50c94c)
* s3-rpc_server: increase max number of open policy handles per pipe to 2048.Günther Deschner2009-06-021-1/+1
| | | | | | Guenther (cherry picked from commit 9bd8b0a15773d3d5c0649bfb49bb16acfb4bb5f1) (cherry picked from commit aebc22c407c60588eabae324eb9cc06e73538dd4)
* s3/VERSION: Raise version number up to 3.4.0pre2.Karolin Seeger2009-05-291-1/+1
| | | | | Karolin (cherry picked from commit 51610de47bb709739ba84075395f5409be5ebc5c)
* Fix uninitialized variable use caught by valgrind.Jeremy Allison2009-05-291-1/+1
| | | | | Jeremy. (cherry picked from commit 62d767d57fafd869ec956cbcc84e8c866c6d665b)
* s3/auth map NULL domains to our global sam nameSteven Danneman2009-05-291-9/+3
| | | | | | | | | | | | | | | | This is an addendum to d8c54fdd, which made make_user_info_map() match Windows behavior by mapping untrusted domains given to smbd on the wire with the users credentials to smbd's global sam name. This fix was being circumvented in the case where the client passed a NULL domain. Vista clients do this. In that case smbd was always remapping the name to the machine workgroup. The NULL domain case should also be mapped to the global sam name. Removing the code in this patch, causes us to fall down to the logic added in d8c54fdd and properly map the domain. (cherry picked from commit fbca26923915a70031f561b198cfe2cc0d9c3aa6) (cherry picked from commit 22b9d9d28d9acd68a9bc492530fcd0a565ff0aa3)
* s3:idmap_ldap: filter out of range mappings in default idmap configMichael Adam2009-05-291-16/+55
| | | | | | | | This fixes bug #6417 Michael (cherry picked from commit e381c13b023f2b512b3f6aec133db9f323bc8132) (cherry picked from commit 4ca03e3bb96518665c296ba2cf5aa1d91916897e)
* s3:idmap: fix a comment typoMichael Adam2009-05-291-1/+1
| | | | | | Michael (cherry picked from commit 3fe9859342c28fe9da7011fb18a5fb5de8b29fa6) (cherry picked from commit df4a0fabff06ea31149aac45d6477564cf96179b)
* s3:idmap_tdb2: filter out of range mappings in default idmap configMichael Adam2009-05-291-12/+49
| | | | | | | | This fixes bug #6416 Michael (cherry picked from commit e12670a1053edf57af137026bd3fdb9fc7dfb0b2) (cherry picked from commit b369902cddd55fab74ca6e0743e15e0f8cbfc4cc)
* s3:idmap_tdb: filter out of range mappings in default idmap configMichael Adam2009-05-291-16/+57
| | | | | | | | This fixes bug #6415 Michael (cherry picked from commit 3d3f39838261ddc401053dadcc5bd8e6317a3a8e) (cherry picked from commit 34500d59b6f35de2c3d273d3523708ec22df59ce)
* s3: Allow child processes to exit gracefully if we are out of fdsMarc VanHeyningen2009-05-299-25/+35
| | | | | | | | | | | When we run out of file descriptors for some reason, every new connection forks a child that immediately panics causing smbd to coredump. This seems unnecessarily harsh; with this code change we now catch that error and merely log a message about it and exit without the core dump. Signed-off-by: Tim Prouty <tprouty@samba.org> (cherry picked from commit 1c8f9892010ce8cc754089b25313c6bc8e622165)
* s3: zero an uninitialized arrayMarc VanHeyningen2009-05-291-1/+4
| | | | | | | | Invalid pointers were being dereferenced in lookup_sids causing occasional seg faults. Signed-off-by: Tim Prouty <tprouty@samba.org> (cherry picked from commit 5afacc0a65e52e73e3887545c4e5e1ad44264b66)
* s3:dbwrap_tool: add listkeys operationMichael Adam2009-05-271-2/+45
| | | | | | Michael (cherry picked from commit 714acfac013a46c3677c3eb72ad57db6d97c7d61) (cherry picked from commit 816776d2f81c1ae90e52612af76aaafeaeb04598)
* s3:dbwrap_tool: remove superfluous command mappingMichael Adam2009-05-271-1/+0
| | | | | | Michael (cherry picked from commit 11f07599006cf2ce6760095d07bfe22680c3744e) (cherry picked from commit 53dfa79e07b22325c0f290b05d4b87dde0cbf3cb)
* s3:dbwrap_tool: add "erase" opearationMichael Adam2009-05-271-6/+42
| | | | | | Michael (cherry picked from commit dfe06d21bdc4c715e02c9f80c4bc7144a0d9ee59) (cherry picked from commit 2e051ece16e7b18e9e82ef36f7d7e8e39d00e66d)
* s3:pam_smbpass: don't call openlog() or closelog() from pam_smbpassBjörn Jacke2009-05-275-80/+104
| | | | | | | | | | Patch from Steve Langasek with tiny fixes by me to make it apply to master. Also see Debian bug #434372 and bugzilla #4831. Calling openlog() or closelog() inside a pam module is not good as these functions are not stackable and no program won't re-do openlog() just because a pam module might have called closelog(). (cherry picked from commit 5c34ea94bdf9e3efb6743e52dd3c0c0088cff7d8)
* net: Use samba default command line arguments.Kai Blin2009-05-2611-209/+135
| | | | | | | | | | | | | | | | | | | | Attention: The meaning of the -N flag changed. To get the old meaning for net groupmap set, use the long option --ntname The long option for using kerberos changed from --kerberos to --use-kerberos net rpc commands will now prompt for a password if none is given. As a benefit, net will now accept an authentication file like other samba command line tools. So no need to specify the password on the command line in scripts anymore. This should fix bug #6357 Signed-off-by: Kai Blin <kai@samba.org> (cherry picked from commit fb262f79fab00374023e59476e8d05a1015a7041) (cherry picked from commit c039bc15ba597d955d0ccbf5642388b0a03ba40b)
* source3/utils/log2pcaphex.c(main): fixed file descriptors leak.Slava Semushin2009-05-261-0/+8
| | | | | | One of leaks found by cppcheck: [./source3/utils/log2pcaphex.c:367]: (error) Resource leak: out (cherry picked from commit 8987ca29062db53db117d6c9d9ce2ad01ed17d22)
* source{3,4}/torture/smbiconv.c(main): fixed file descriptor leak.Slava Semushin2009-05-261-0/+1
| | | | | | | | | File descriptor leaks only when we use file instead of stdout. Found by cppcheck: [./source3/torture/smbiconv.c:219]: (error) Resource leak: out [./source4/torture/smbiconv.c:211]: (error) Resource leak: out (cherry picked from commit 61cca8aa5f5e3ad665c3b1acfab20802dd0f3f3a)
* s3-selftest: fix typo.Günther Deschner2009-05-261-2/+2
| | | | | | Guenther (cherry picked from commit 4258750e4f112040b3537c2c479f62b6e59b32e3) (cherry picked from commit b9344264c0d2108fbbb6ed9b19da9a56b6444211)
* s3:winbind:idmap_ldap: warn about duplicate SID->XID mappings (bug #6387)Michael Adam2009-05-261-2/+11
| | | | | | | | | | With the current infrastructure, we should not return error on duplicate mappings but just warn instead (because an error would trigger the attempt to create yet another mapping). Michael (cherry picked from commit 3111d78001f458cfcaf81123a1d1c23d5927a6c2) (cherry picked from commit 5328f600bbc6535d8880b1b0c74bcfbd9b7a162a)
* s3:winbind:idmap_ldap: warn about duplicate XID->SID mappings (bug #6387)Michael Adam2009-05-261-0/+8
| | | | | | | | | | With the current infrastructure, we should not return error on duplicate mappings but just warn instead (because an error would trigger the attempt to create yet another mapping). Michael (cherry picked from commit 35c3f4162d15f9846a645444e623178b78c52994) (cherry picked from commit 751b6b07c5ea25809b1766a01fc859d580304ae9)
* s3-samr: Fix Bug #6372, usermanager only displaying 1024 groups and aliases.Günther Deschner2009-05-261-0/+12
| | | | | | | | This is now also verified with the RPC-SAMR-LARGE-DC test. Guenther (cherry picked from commit fca7dce1a908570e463ddcbd663955fcafd1d843) (cherry picked from commit 69907810fee3253096958bf174a052d3cb3b385c)
* s3-selftest: enable RPC-SAMR-LARGE-DC against Samba3.Günther Deschner2009-05-261-1/+1
| | | | | | | | | This will fail for alias creation as nss_wrapper does not yet wrap around libnss_winbind. Guenther (cherry picked from commit f0139e3b69a866a6154d0b349410fc0b3bfc30af) (cherry picked from commit e9ed9e7f90c39d38dd40871bb915adda2e9951ff)
* s3-pamsmbpass: copy _pam_get_item and _pam_get_data from pam_winbind.Günther Deschner2009-05-264-15/+42
| | | | | | Guenther (cherry picked from commit 1950e180caf707346300b83021624d586cc3776d) (cherry picked from commit 7e41fce5aa9b97eb4cf3c29bf6542b05051e1f27)
* s3-rpcclient: use get_domain_handle() fn in enum domain users & groups.Günther Deschner2009-05-261-12/+10
| | | | | | Guenther (cherry picked from commit 86d087fccc30a82cb1fe3a71d0353634496e72c4) (cherry picked from commit e172757782d17ba1066d1cefe18e2a8d55b3ce96)
* Attempt to fix a debian build problemVolker Lendecke2009-05-261-1/+1
| | | | (cherry picked from commit 31eec30c33b300d93f6d6895f6d0e6b06e0c2185)
* Fix a race condition in winbind leading to a panicVolker Lendecke2009-05-261-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | In winbind, we do multiple events in one select round. This needs fixing, but as long as we're still using it, for efficiency reasons we need to do that. What can happen is the following: We have outgoing data pending for a client, thus state->fd_event.flags == EVENT_FD_WRITE Now a new client comes in, we go through the list of clients to find an idle one. The detection for idle clients in remove_idle_client does not take the pending data into account. We close the socket that has pending outgoing data, the accept(2) one syscall later gives us the same socket. In new_connection(), we do a setup_async_read, setting up a read fde. The select from before however had found the socket (that we had already closed!!) to be writable. In rw_callback we only want to see a readable flag, and we panic in the SMB_ASSERT(flags == EVENT_FD_READ). Found using bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient Volker (cherry picked from commit bfeab3a0f621dbea50f43c98ba70b0ccd8323bff)
* Ensure we return NT_STATUS_FILE_IS_A_DIRECTORY on a posix open on aJeremy Allison2009-05-261-1/+1
| | | | | | directory name. Jeremy. (cherry picked from commit 689664ad7acf13b07409abd4c2820dbe10255b68)
* Test that POSIX open of a directory returns NT_STATUS_FILE_IS_A_DIRECTORY ↵Jeremy Allison2009-05-261-0/+12
| | | | | | | (ERRDOS, EISDIR). Jeremy. (cherry picked from commit 935a1a89c6c027e068f79e3686396c28812f9e67)
* s3:winbind:idmap_ldap: fix a crash bug in idmap_ldap_unixids_to_sids (#6387)Michael Adam2009-05-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | This fixes a crash bug hit when multiple mappings were found by the ldap search. This crash was caused by an ldap asssertion in ldap_next_entry because was set to NULL in each iteration. The corresponding fix was applied to the idmap_ldap_sids_to_unixids() by Jerry in 2007 (b066668b74768d9ed547f16bf7b6ba6aea5df20a). This fixes the crash part of bug #6387. There is a logic part, too: The problem currently only occurs when multiple mappings are found for one given unixid. Now winbindd does not crash any more but it does not correctly handle this situation. It just returns the last mapping from the ldap search results. This needs fixing. Michael (cherry picked from commit e9010fa366746ec1ae948dbcf3493d446e23b14c) Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit 2b6dbddb9cc723fcbd2e4e22a9404d6b4ff805d7)
* Don't steal when we know the ptr will be null. Thanks to Simo forJeremy Allison2009-05-261-2/+1
| | | | | | pointing this out. Jeremy. (cherry picked from commit b6769282d60d20301f085243b3e747efffe2d637)
* Revert the last two commits (fix for #6386). The actual problemJeremy Allison2009-05-261-7/+9
| | | | | | | | was a bug in ldb in 3.2 which could return a freed pointer on ret != LDAP_SUCCESS. The main thing we must ensure is that we never talloc_steal until we know LDAP_SUCCESS was returned. Jeremy. (cherry picked from commit f3c3ee0f5dc6266f58e96606b73f55b812fe5171)
* Ensure all possible uses of indirection through res are checked afterJeremy Allison2009-05-261-6/+6
| | | | | | an ldb_search. Jeremy. (cherry picked from commit 64f6bd6c9b24e985fcd56765190046d3e9a5344e)
* Attempt to fix bug #6386 - Samba Panic triggered by Sophos Control Centre.Jeremy Allison2009-05-261-1/+1
| | | | | | Don't indirect a potentially null pointer. Jeremy. (cherry picked from commit b4f6bb84d1bcd5a09d7c20c2a7dac0bfb11f199f)
* Add a security model to LSA. Similar to the SAMR code - usingJeremy Allison2009-05-261-88/+227
| | | | | | the MS-LSA docs. Jeremy. (cherry picked from commit c57de2c23d4208d4d7d06decdb1663670faa228d)
* Use SMB_VFS_NEXT_CLOSE. This VFS stuff is really opaque to me...Volker Lendecke2009-05-261-5/+1
| | | | | Thanks Michael to provide some transparency :-) (cherry picked from commit db9f5e1d7bb5a2ee3a42428dd1406f27c09d671f)
* Fix bug disclosed by lock8 torture testVolker Lendecke2009-05-261-0/+17
| | | | | | We have to drop the gpfs level share modes, regardless of whether we put the file into the pending close queue. (cherry picked from commit 0eaf040f469972d1dfd2b53d8df97bb135e3e4d4)
* s3-selftest: add add and delete group scripts using nss_wrapper.Günther Deschner2009-05-261-0/+2
| | | | | | Guenther (cherry picked from commit e11f9b46c6345471cca76b9772080d3bfd687852) (cherry picked from commit f6b0448f814e47ea9eccf895c5182565104acae7)
* s3 onefs: Removing an incorrect TALLOC_FREEAravind Srinivasan2009-05-261-1/+0
| | | | | | Signed-off-by: Tim Prouty <tprouty@samba.org> (cherry picked from commit bb454b5fd95185a1456ea120b3a7c56f4a4f1c78) (cherry picked from commit d3bb598e656c22955dcb2f34dabcdc4946b61725)
* s3: Always allocate memory in dptr_ReadDirNameAravind Srinivasan2009-05-263-18/+45
| | | | | | | | | This is a follow up to 69d61453df6019caef4e7960fa78c6a3c51f3d2a to adjust the API to allow the lower layers allocate memory. Now the memory can explicitly be freed rather than relying on talloc_tos(). Signed-off-by: Tim Prouty <tprouty@samba.org> (cherry picked from commit bfe7383d7f0349fec796d04772d42d566f7f083b)
* s3 sendfile: Fix two bugs in sendfileTim Prouty2009-05-261-3/+4
| | | | | | | | | | | | | These were found interally via code inspection. 1) fake_sendfile was incorrectly writing zeros over real data on a short read. 2) sendfile_short_send was doing 4 byte writes instead of 1024 byte writes due to an incorrect sizeof usage. Jermey, Vl please check (cherry picked from commit 7cd8dfc7bdbc6e0715bbd8eddf1ef11c622a8f72)
* Change access_check_samr_object -> access_check_object.Jeremy Allison2009-05-263-24/+25
| | | | | | | | Make map_max_allowed_access global. Change lsa_get_generic_sd to add Everyone:LSA_POLICY_READ|LSA_POLICY_EXECUTE, not just LSA_POLICY_EXECUTE. Jeremy. (cherry picked from commit 86e10fee0284bc1b9e68c0fc9720b80df3580517)
generated by cgit (git 2.34.1) at 2025-09-02 10:34:51 +0000