| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
Got report this is all ok form a tester. Close a loong
standing bug preventing people to freely use any character
in their password when printing via cups were involved.
|
| |
|
|
|
|
|
|
| |
Jeremy, I am always very confused about the different length arguments
in convert_string and friends. Can you take a look at the change in
string_replace and verify it's ok? Thanks!
While at it, remove the pstring limit for strhasupper and strhaslower.
|
| |
|
|
|
|
|
|
| |
Change rename_internals to open the file/directory and then call
rename_internals_fsp. Two reasons: Remove code duplication and remove a
race condition. The race condition was due to the fact that in
can_rename the share mode check closed the file and then after that did
the rename.
|
| |
|
|
|
|
|
| |
- when cleaning up invalid locks make sure we mark the lck
struct as modified so it'll get saved back correctly (that
was the original intent).
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
| |
Jeremy.
|
| |
|
|
|
|
| |
reg #defines use "REG_" prefix. Michael - please check
gcc warnings on compiles.
Jeremy.
|
| |
|
|
|
| |
Tidy calls to smb_panic by removing trailing newlines. Print the
failed expression in SMB_ASSERT.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The global options are stored as values in the subkey "global"
of the SMBCONF registry key.
The activation is accomplished in smb.conf though a new special
semantic of the "include" parameter: "include = registry" triggers
the processing of the registry global options exactly at the
position of the include statement. Options read from the registry
take the same precedence as parameters loaded from a file via
include. Need to reload the registry globals is detected by
watching the tdb sequence number.
Registry shares are automatically activated when the registry
globals are processed.
So a "registry only" configuration can be realized by an
smb.conf that looks as follows:
================================
[global]
include = registry
================================
The global options and registry shares can be conveniently
edited with the "net conf" utility.
Caveat:
A possible pitfall consists in using "include = registry"
together with the "lock directory" directive in the registry.
This problem will be addressed in the next time.
Note on the code:
Processing of the registry options is accomplished by a function
process_registry_globals() in loadparm.c The current version is
only an interim solution: It is handcoded instead of using the
infrastructure of reg_api.c. The reason for this is that using
reg_api still has too large linker dependencies, bloating virtually
all targets by PASSDB_OBJ, SMBLDAP_OBJ, GROUPDB_OBJ and LDB stuff.
A version of process_registry_globals that uses reg_api is
included but commented out. The goal is to eventually refactor
and restructure the registry code so that one can use the reg_api
to access only the registry tdb and not link all the dynamic
backends with all their linking implications.
|
| |
|
|
|
| |
on failure in the write path.
Jeremy.
|
| |
|
|
|
|
| |
(To be used in other place in subsequent commit.)
Michael
|
| |
|
|
|
|
|
| |
This eliminates the need of maintaining reg_db's own
reference counter for the tdb. Maybe as a next step...
Michael
|
| | |
|
| |
|
|
|
| |
With the target being open we have to return NT_STATUS_ACCESS_DENIED and
root_fid != 0 leads to NT_STATUS_INVALID_PARAMETER
|
| | |
|
| |
|
|
| |
default)
|
| |
|
|
| |
getgrnam() for machine and domain local groups.
|
| | |
|
| |
|
|
|
|
|
| |
Further reduce the diff between 3_0 and 3_0_26 by some reformatting
and rearrangements.
Michael
|
| |
|
|
|
|
| |
Add the tdbtorture test to the test script in 3_0 and 3_0_26.
Michael
|
| |
|
|
| |
Remove two local variables
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
activation of global registry options in loadparm.c, mainly to
extract functionality from net_conf.c to be made availabel elsewhere
and to minimize linker dependencies.
In detail:
* move functions registry_push/pull_value from lib/util_reg.c to new file
lib/util_reg_api.c
* create a fake user token consisting of builtin administrators sid and
se_disk_operators privilege by hand instead of using get_root_nt_token()
to minimize linker deps for bin/net.
+ new function registry_create_admin_token() in new lib/util_reg_smbconf.c
+ move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c
+ adapt net_conf.c and Makefile.in accordingly.
* split lib/profiles.c into two parts: new file lib/profiles_basic.c
takes all the low level mask manipulation and format conversion functions
(se_priv, privset, luid). the privs array is completely hidden from
profiles.c by adding some access-functions. some mask-functions are not
static anymore.
Generally, SID- and LUID-related stuff that has more dependencies
is kept in lib/profiles.c
* Move initialization of regdb from net_conf.c into a function
registry_init_regdb() in lib/util_reg_smbconf.c.
Michael
|
| | |
|
| |
|
|
| |
not really needed.
|
| |
|
|
|
|
|
|
| |
Change the handling of the developer CFLAGS so that they are always
emited to the Makefile in the DEVELOPER_CFLAGS variable. This makes
it easy to turn developer mode on and off without waiting for
configure to run. The developer flags are only added to CFLAGS for
the --enable-developer and --enable-krb5developer cases.
|
| |
|
|
| |
context flags.
|
| |
|
|
|
| |
Fix the prototype for sys_broken_setgroups and log *BSD group list
truncation a bit more verbosely.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
when verifying a ticket from winbindd_pam.c.
I've found during multiple, fast, automated SSH logins (such
as from a cron script) that the replay cache in MIT's krb5
lib will occasionally fail the krb5_rd_req() as a replay attack.
There seems to be a small window during which the MIT krb5
libs could reproduce identical time stamps for ctime and cusec
in the authenticator since Unix systems only give back
milli-seconds rather than the micro-seconds needed by the
authenticator. Checked against MIT 1.5.1. Have not
researched how Heimdal does it.
My thinking is that if someone can spoof the KDC and TDS
services we are pretty hopeless anyways.
|
| |
|
|
|
|
| |
Fix supplementary group list truncation for *BSD. We need to pass
the correct group list length and only truncate to NGROUPS_MAX if
it is too long.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
in the winbindd_getgrnam() call. Couple of comments:
* Adds "winbind expand groups" parameter which defines the
max depth winbindd will expand group members. The default
is the current behavior of one level of expansion.
* The entire getrgnam() interface should be async. I
haven't done that.
* Refactors the domain users hack in fill_grent_mem() into
its own function.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Add a function to retrieve the registry db sequence number.
This is in preparation of loadparm integration of registry global
smb.conf options: this will allow to detect changes in order to trigger reload.
Michael
|
| |
|
|
|
|
| |
first ask for existence of a file when we do the open_file_ntcreate in
can_rename later on anyway. That also gets us the right error message in
case the file is not there automatically.
|
| |
|
|
| |
inside close_file() already.
|
| |
|
|
|
|
|
|
|
|
|
| |
before writing to secdesc_buf->sd,
3_0 checked secdesc_buf->sd while 3_0_26 checked secdesc_buf->sd_size.
This patch makes both revisions check _both_ befor writing.
Jerry / Jeremy : please check if this is correct!
Michael
|
| |
|
|
| |
Fix a const warning.
|
| |
|
|
| |
fix a memleak, add a const, update a link
|
| |
|
|
| |
Fix two memleaks.
|
| |
|
|
|
|
| |
little cosmetic change to remove a local var that's not really needed
Michael
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The attached patch removes a little race condition for
people with real kernel oplock support, and reduces some
code paths. It changes reply_unlink to open_file_ntcreate,
set_delete_on_close and close_file.
The race condition happens if we break the oplock in
can_delete via open_file_ntcreate, we close the file,
someone else gets a batch oplock and we try to unlink.
It reduces code paths by calling SMB_VFS_UNLINK in 2 fewer
places.
|
| |
|
|
| |
Fix a memleak in reg_createkey
|
| |
|
|
|
|
|
|
|
| |
only used in rpc_server/srv_winreg_nt.c.
By moving them to a module of their own, this patch reduces the
diff between the registry code of 3_0 and 3_0_26 even more.
Michael
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Refactor the code in registry/ essentially by moving functions
around and creating a new reg_frontend_hilvl.c to minimize the
linker dependencies for parts of the registry code.
This initial refactoring allows to link registry code to e.g. "bin/net"
* Add the "net conf" utility: It gives convenient local acces to the
HKLM\Software\Samba\smconf key in the registry, where the samba
registry shares are stored.
* make reg_enumvalue return WERR_NO_MORE_ITEMS instead of
WERR_BAD_FILE when all items have been successfully enumerated.
Besides seeming the reasonable code to return,
this is what I have seen from w2k3, w2k, wxp. (r22496)
Michael
|
| |
|
|
|
|
| |
Fix a memleak found by the IBM checker.
Michael
|
| |
|
|
|
|
| |
request. Ignore it. Should fix bug #4689 but more tests and
valgrinding will follow.
Jeremy.
|
| |
|
|
|
| |
kill call as that sets pid = 0 ! :-).
Jeremy.
|
| |
|
|
|
| |
to Jerry add to 3.0.25b.
Jeremy.
|
| | |
|
| |
|
|
|
| |
if the name wasn't changed.
Jeremy.
|
