When looking for idle clients, we dereferenced state->response. As this is
dynamically allocated now, the proper test is whether state->response exists at
all. This is the case when an async operation is in process at that moment.
Andrew Bartlett [Mon, 27 Jul 2009 12:04:26 +0000 (22:04 +1000)]
s4:kerberos Add 'net export keytab' command for wireshark decryption
It is much easier to do decryption with wireshark when the keytab is
available for every host in the domain. Running 'net export keytab
<keytab name>' will export the current (as pointed to by the supplied
smb.conf) local Samba4 doamin.
(This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4,
and so has a good chance of keeping working in the long term).
Andrew Bartlett [Mon, 27 Jul 2009 06:09:25 +0000 (16:09 +1000)]
s4:kdc Push context to hdb_samba4 by way of the 'name' of the DB
This overloads the 'name' part of the keytab name to supply a context
pointer, and so avoids 3 global variables!
To do this, we had to stop putting the entry for kpasswd into the
secrets.ldb. (I don't consider this a big loss, and any entry left
there by an upgrade will be harmless).
Andrew Bartlett [Mon, 27 Jul 2009 03:48:45 +0000 (13:48 +1000)]
s4:kdc Tidy up hdb_samba4 some more
This removes the last use of the prefix hdb_ldb and makes it clear
that we pass in 3 global variables to get state information into
hdb_samba4 when used as a keytab. (And that they belong to
hdb_samba4, not to the KDC)
For performance reasons cli_smb_recv does not make copies of the buffers we
received from the client, so both "vwv" and "bytes" vanish with
TALLOC_FREE(subreq). I know this is a bit counter-intuitive, but I think in
this case it's justified not to make copies.
Tim Prouty [Sat, 25 Jul 2009 01:38:40 +0000 (18:38 -0700)]
s3: Convert a few callers of unix_convert() over to filename_convert()
This patch also changes the unix convert flags to make sure the
correct semantics are preservered for allowing/disallowing wildcards
in the last component of the path.
Jeremy Allison [Fri, 24 Jul 2009 21:09:42 +0000 (14:09 -0700)]
Fix hash function in acl_xattr to be SHA256, make
the hash function selectable. Upgrade version.
Compiles but not fully tested yet (coming). Make
vfs_acl_tdb.c compile - this needs updating to
match acl_xattr (also coming soon).
Jeremy.
In the SAMBA 4 DCE/RPC NETLOGON server the SAM context references have generally
the type "void *". But we know that those context objects are based on the "struct
ldb_context" type. We've always to cast for using a SAM/LDB call.
This I didn't find very appealing and so I assigned the right (detailed) type to each "sam_ctx".
Therefore, the casts could disappear.
Tim Prouty [Wed, 22 Jul 2009 16:52:09 +0000 (09:52 -0700)]
s3: Change unix_convert to use an smb_filename struct internally
This allows SMB_VFS_[L]STAT to be called directly. Additionally, I
changed NTSTATUS result to be named status for consistency.
I also removed the stat_cache_add() from build_stream_path() because
stat_cache_lookup() is never actually called on a file with a stream.
There is no reason why the stat cache couldn't be consulted for
streams in the future.
Jeremy/Volker, please take a look at this one when you get a chance.
Andrew Bartlett [Wed, 22 Jul 2009 08:04:58 +0000 (18:04 +1000)]
s4:provision Fix provision on FreeBSD
We were missing the 'cn' attribute, which we then prepare a sorted
list based on. On Linux, strcmp(NULL, NULL) does not segfault, where
it does on FreeBSD.
Tim Prouty [Tue, 21 Jul 2009 18:35:17 +0000 (11:35 -0700)]
s3: Remove unnecessary callers of get_full_smb_filename
This often times means explicitly denying certain operations on a stream
as they are not supported or don't make sense at a particular level. At
some point in the future these can be enabled, but for now it's better to
remove ambiguity
Rusty Russell [Tue, 21 Jul 2009 06:53:35 +0000 (16:23 +0930)]
tdb: fix locking error
54a51839ea65aa788b18fce8de0ae4f9ba63e4e7 "Make tdb transaction lock
recursive (samba version)" was broken: I "cleaned it up" and prevented
it from ever unlocking.
To see the problem:
$ bin/tdbtorture -s 1248142523
tdb_brlock failed (fd=3) at offset 8 rw_type=1 lck_type=14 len=1
tdb_transaction_lock: failed to get transaction lock
tdb_transaction_start failed: Resource deadlock avoided
My testcase relied on the *count* being correct, which it was. Fixing that
now.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Michael Adam <obnox@samba.org>
Tim Prouty [Mon, 20 Jul 2009 21:32:32 +0000 (14:32 -0700)]
s3: Add some asserts to the filename util functions
In the smb_filename struct stream_name must equal NULL if there
is no stream name. These asserts should catch any future offenders
of this invariant early.
This solution is more general, and solves the more minor symptom that nested
traversals would also release the transaction lock early. (It was also suggestd in
Volker's comment in 6ed27ed).
This patch also applies to ctdb, if the traverse.c part is removed (ctdb's tdb
code never received the previous two fixes).
Tested using the testsuite from ccan (adapted to the samba code). Thanks to
Michael Adam for feedback.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Michael Adam <obnox@samba.org>
Andrew Bartlett [Sat, 18 Jul 2009 00:15:55 +0000 (10:15 +1000)]
s4:kdc Add in a simple check for constrained delegation to self
To do this properly, we must use the PAC, but for now this is enough
to check that we are delegating to another name on the same host
(which must be safe).
(Windows 7 does this a lot, also noted in bug 6273)
[SAMBA 4 directory] Refactoring and clean up of directory structure
- Adds more system objects which make sense to have them in SAMBA 4 also to
have them when we add more and more services related to the directory (volume
support, DFS, replication service, COM...)
- Make sure that "isCriticalSystemObject" and "showInAdvancedViewOnly" attributes
are set correctly on each object