| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| | |
Missing break statements meant that no info
levels would ever be returned correctly from
POSIX open/mkdir.
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
changing the FindFirst response for the UNIX_INFO2 level to include
a length field before the name. The name is not required to be null
terminated. The length field does not count any null.
Also add call to chflags(2) in the default VFS module so that this
will work be default on BSD-derived platform. Add UNIX-INFO2 test
to the build farm to get some non-BSD coverage.
Jeremy and Jerry, please review for inclusion in 3.0.25.
|
| | |
| |
| |
| |
| | |
using an uninitialized buffer for read/write tests.
Jeremy.
|
| | |
| |
| |
| |
| | |
by valgrind on the build farm.
Jeremy.
|
| | |
| |
| |
| |
| |
| | |
jeremy: please merge this to 3.0.25:-)
metze
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
were not able to connect to the rewritten dfs code as
they set the dfs flag bit but then send local paths.
Now that our dfs code is a *lot* more robust in
detecting this sort of braindamage we can just
call into it directly on getting a DFS flag
and let the parser sort it out without having
to check it's actually connecting to a dfs
enabled share (I'm proud of this code :-).
Jeremy.
|
| | | |
|
| | |
| |
| |
| |
| | |
We can talk about this later if you still feel that strongly
but I need to fix the build for now.
|
| | |
| |
| |
| |
| |
| | |
broke the build farm. Thanks to
Metze for the heads up.
Jeremy.
|
| | |
| |
| |
| | |
I am afraid I was basically off the net for the day
|
| | |
| |
| |
| | |
metze
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
to not request a privileged pipe operation for everything
as this cannot be done from a process running under the
context of a user (e.g. screensaver).
Thanks to Danilo Almeida <dalmeida@centeris.com> for the help
in pointing out the change to write_sock().
|
| | |
| |
| |
| |
| |
| | |
maybe also for 3.0.25
metze
|
| | |
| |
| |
| |
| |
| |
| | |
I'm not sure if this should go into 3.0.25... it fixes a compiler warning about
a missing acl_get_perm() prototype
metze
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| | |
Thanks Don !
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| | |
to restructure libsmb/smb_signing.c so it isn't in
the base libs path but lives in libsmb instead (like
smb_seal.c does).
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
always
point to the passdb module, remove this comment and move the explanation in
the dimap_ad man page.
Simo.
|
| | |
| |
| |
| |
| | |
find_builtin_domain(). This all needs more testing
before anyone starts changing these lookup routines again.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| | |
Ensure we ignore reqests to free keepalive buffers
as we only copied these.
Jeremy.
|
| | |
| |
| |
| | |
sid_peek_check_rid() when trying to find a matching domain
|
| | |
| |
| |
| |
| |
| |
| | |
this already has to be right. This makes the
signed+sealed area the same as it will be with
gss calls. Now to go implement them.
Jeremy.
|
| | |
| |
| |
| |
| | |
idmap expire time -> idmap cache time
idmap negative time -> idmap negative cache time
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
the 4 byte length isn't included in the length :-).
We now have working NTLMSSP transport encryption
with sign+seal. W00t!
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| | |
client encrypt fail ?
Jeremy.
|
| | |
| |
| |
| |
| | |
exchange. Still not working but closer.
Jeremy.
|
| | |
| |
| |
| |
| | |
Now to investigate why it doesn't work :-).
Jeremy.
|
| | |
| |
| |
| |
| | |
for testing.
Jeremy.
|
| | |
| |
| |
| |
| | |
"raw" NTLM auth (no spnego).
Jeremy.
|
| | |
| |
| |
| | |
rafal
|
| | | |
|
| | |
| |
| |
| |
| | |
Now for the client part, and testing.
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
on the samba-technical ml.
I'll add a 'net ads set attribute=value' utility later
rather than the original 'net ads setmachineupn' patch that
was also posted to the tech ml.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
PAM_DELETE_CREDS flag set) any user could delete krb5 credential caches.
Make sure that only root can do this.
Jerry, Jeremy, please check.
Guenther
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
idmap domains as these should only be handled by the
winbindd_passdb.c backend
* Allow the alloc init to fail for backwards compatible
configurations like
idmap backend = ad
idmap uid = 1000-100000
....
* Remove the deprecated flags from idmap backend, et. al.
These are mutually exclusive with the new configuration
options (idmap domains). Logging annoying messages
about deprecated parameters is confusing. So we'll try
this apprpach for now.
|
| | |
| |
| |
| |
| | |
functions that take a gss context handle in includes.h
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
not just an NTLMSSP - grr. This complicates the re-use of
common client and server code but I think I've got it right.
Not turned on of valgrinded yet, but you can see it start
to take shape !
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
handle a
particular SID. Make sure that the passdb backend will accept the same set
range of local SIDs that the idmap system sends it.
Simo, Jerry - this is a 3_0_25 candidate. Can you please review?
|
| | |
| |
| |
| |
| | |
depending on encryption context pointer.
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The idea is that we have blocking.c:brl_timeout as a timed
event that is present whenever we do have a blocking lock
pending. It fires brl_timeout_fn() which calls
process_blocking_lock_queue().
Whenever we make changes to blocking_lock_queue, we trigger
a recalc_brl_timeout() which sets a new brl_timout event if
necessary. This makes the call to
blocking_locks_timeout_ms() in setup_select_timeout()
unnecessary, this is implicitly done in
event_add_to_select_args() from the timed events.
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
decides smbd
to be idle it might happen that smbd needs to do a winbind operation (for
example sid2name) as non-root. This then fails to get the privileged
pipe. When later on on the same connection another authentication request
comes in, we try to do the CRAP auth via the non-privileged pipe.
This adds a winbindd_priv_request_response() request that kills the existing
winbind pipe connection if it's not privileged.
Volker
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
for the server side enc. (doesn't break anything).
I'll keep updating this until I've got NTLM seal working
on both client and server, then add in the gss level
seal.
Jeremy.
|
