IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is not finished yet, but this is a downpayment on the final task.
Based on an work that that was
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett
We don't resolve our own "Domain Local" groups since bug #7843 has been
fixed. So we need to add the add resource groups to the sid list too.
Before bug #7843 the "Domain Local" groups were added with a
lookupuseraliases call, but this isn't done anymore for our domain
so we need to resolve resource groups here.
When to use Resource Groups:
http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 23 22:12:30 CEST 2012 on sn-devel-104
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 23 18:19:00 CEST 2012 on sn-devel-104
CUPS 1.6 makes various structures private and
introduces these ippGet and ippSet functions
for all of the fields in these structures.
http://www.cups.org/str.php?L3928
We define our own accessors when CUPS < 1.6.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 20 22:35:55 CEST 2012 on sn-devel-104
This changes the default based on the #ifdef rather than an override
on a parameter value of ""
The less special override functions we have the easier it is to merge
the loadparm tables.
Andrew Bartlett
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jul 19 09:56:01 CEST 2012 on sn-devel-104
This allows this parameter, one of the few with differing declarations
between the loadparm systems, to be brought into common.
Andrew Bartlett
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
This was incorrect in commit 9dd7e7fc2d
as the RID was from the BUILTIN domain, but this creates a guest
account token for the real domain.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jul 19 05:56:28 CEST 2012 on sn-devel-104
This codepath would only be executed if we provided a partial session_info token
across the named pipe forwarding code.
The smbd file server always fills this in, and if the ntvfs file server ever
wants to use an smbd hosted pipe, it can do the same. Calling create_local_token
is always the wrong thing to do.
Andrew Bartlett
This reverts commit 00089fd74a.
The issue with this patch, which I did sign off on, is that for the
domain member case, we already know that the SID is reasonable and
valid, and we indeed rely on that, because we keep it as an additonal
group anyway. The primary group is not so special that we need to do
extra validation.
Calling this function may put a user into the domain 'domain users'
group, even if they are not in that group to start with.
Andrew Bartlett
This compares only the domain SIDs betwen the two servers, rather than
the full token, as well known and other SIDs may be added locally
in both cases.
This also expands the test environments this is run against to verify
this between our AD server and domain members.
Andrew Bartlett
The core smbd must have taken care of this. If we don't do this properly,
we have a race of the close(2) against a pwrite(2). We might end up
writing to the wrong file.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 19 03:40:17 CEST 2012 on sn-devel-104
To me it seems that we might have this functionality already somewere... I
just can't find it. Metze, do you have an idea?
Signed-off-by: Jeremy Allison <jra@samba.org>
Compile the basic aio engine always, it works via libasys/pthreadpool_sync
in a sync fashion even if no pthreads are around. Everything else (linux
aio, posix aio, aio fork) is now compiled as modules based on specific
system capabilities
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Wed Jul 18 17:45:05 CEST 2012 on sn-devel-104
this option skips all checks if the process for the record is still there
using it gives a huge performance benefit on busy systems and clusters while
it might display stale data if a smbd crashed
libnetapi_free() needs a stackframe too; looked like Andrew and Günther
missed this in a37de9a959.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
If you want a stack-style allocation, use talloc_stackframe(). If you
don't, don't use it. In particular, talloc_stackframe() here is actually
inside a pool, and stealing from pools is a bad idea.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
They use talloc_tos() internally: hoist that up to the callers, some
of whom don't want to us talloc_tos().
A simple patch, but hits a lot of files.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 17 21:22:31 CEST 2012 on sn-devel-104
By the time we've gotten to init_dc_connection_network() we shouldn't
be second guessing the caller by calling winbindd_can_contact_domain().
If for some reason we do need to restrict the contact list here we
can add a condition to only contact the primary domain or domains
listed in the tdc cache, but I don't think that's neccessary.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul 14 03:17:57 CEST 2012 on sn-devel-104
schedule_aio_smb2_write can return NT_STATUS_FILE_LOCK_CONFLICT.
This is a valid error code that smb2.lock.rw-shared expects and
checks for. The code before this patch maps this to NT_STATUS_FILE_CLOSED,
masking the real, correct error message.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 13 21:53:51 CEST 2012 on sn-devel-104
Because of the evolution in the way the auth handling has been done, we do not
need this code any more. Raw NTLM Session setup & X is done via the auth4 context
which returns a full session info.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 13 10:04:05 CEST 2012 on sn-devel-104
This boolean was only set if the old machine account store (with an
MD4 hash in it) was returned. We have not set that password type for
years. If this call ever worked, it would store a plaintext password,
so we could only ever be here if we had set a password using a version
of Samba so old as not to store plaintext, and then never honered the
flag anyway.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 13 07:52:40 CEST 2012 on sn-devel-104
Use initial_allocation_size to allocate on disk if sent. Ignore
failures (upper level will cope).
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 13 00:35:48 CEST 2012 on sn-devel-104
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 12 21:28:19 CEST 2012 on sn-devel-104
This does not check whether the given sid is in our domain, but
but whether it belongs to the local sam, which is a different
thing on a domain member server.
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 12 18:36:02 CEST 2012 on sn-devel-104
This does not check whether the given sid is the domain sid,
but whether it is the sid of the local sam, which is different
for a domain member server.
This fixes a build error in source3/smbd/trans2.c when
SAMBA_VERSION_VENDOR_PATCH is set (as integer value).
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Jul 12 04:03:08 CEST 2012 on sn-devel-104
GPFS 3.5 introduces ACL enhancements which are breaking our ACL length
calculations.
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Wed Jul 11 21:28:23 CEST 2012 on sn-devel-104
gpfs_quotactl can return a non-zero softquota gracetime even when no
softquota has been set. This could lead to "disk full" being reported to
a client. The easiest fix is to check for a valid softquota before
checking the softquota gracetime.
Fixes all issues raised originally. This code
will only do threaded opens with thread-specific
credentials (Linux for now) and changes credentials
before doing the call. Also only fires on O_CREAT|O_EXCL
so will only create new files, never open old ones
async.
Volker, this is isolated enough that it shouldn't
prevent you from refactoring it into a new module
when the aio pread/pwrite code is moved into the
default aio path.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 11 08:04:56 CEST 2012 on sn-devel-104
as we need to keep the saved set uid/gid otherwise there is an
interaction with open[at]() and NO_ATIME returning EPERM. As this
is meant for threaded code inside the process we don't need
to do an irreverisble change anyway.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 11 03:54:00 CEST 2012 on sn-devel-104
We only set the real euid, not the effective one. This is not
a security issue as this is *only* used in the quota code, and
only between code that brackets it with save_re_uid()/restore_re_uid(),
Also this is not used on most platforms (we use USE_SETREUID by
preference) but it's better to have this right. Bug to follow to get this
fixed in 3.6.next and 3.5.next.
On open without create, the file did exist, but some
other (local or NFS) process either renamed/unlinked
and re-created the file with different dev/ino after
we walked the path, but before we did the open. We
could retry the open but it's a rare enough case it's
easier to just fail the open to prevent creating any
problems in the open file db having the wrong dev/ino
key.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 10 21:57:33 CEST 2012 on sn-devel-104
Move the inheritance work into the if block
where we created the file. We can never have
created the file (and thus need no inheritance)
for a stat-open.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 10 03:30:22 CEST 2012 on sn-devel-104
Move the fstat call into the block which opens a file descriptor.
Remove the stat() call in the stat-open case. We already failed
the open if !file_existed.
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jul 6 18:46:06 CEST 2012 on sn-devel-104
Several functions use the same logic as kerberos_pac_logon_info. Move
kerberos_pac_logon_info to common code and reuse it to remove the code
duplication.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
A few lines before we did check for x != NULL. I think this might
fix a potential remote crash.
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Jul 3 15:30:17 CEST 2012 on sn-devel-104
This is still needed as long as smbXsrv_open/_tcon are referenced
in files_struct and connection_struct respectively. Eventually,
these structures should not have a backlink to the smb world any more.
This is currently needed for files_struct and connection_struct
that contain backlinks to smbXsrv_open and smbXsrv_tcon, respectively.
Finally, these backlinks to the smb level structures should be removed.
With NTLMSSP, for NTLM2 we need to be able to set the effective challenge,
so if we ever did use a module that needed this functionlity, we would
downgrade to just NTLM.
Now that security=server has been removed, we have no such module.
This will make it easier to make the auth subsystem async, as we will
not need to consider making .get_challenge async.
Andrew Bartlett
Call pidfile_pid() with process name instead of pid file name.
pidfile_pid does create the pid file name by itself.
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Jul 2 19:19:21 CEST 2012 on sn-devel-104
32-bit and 64-bit versions.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 2 03:02:47 CEST 2012 on sn-devel-104
Their AC_TRY_RUN doesn't include any current CPPFLAGS. Make
the set[res]uid checks independent of this. Needs a small
change to the waf build in order to code with the change.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 30 00:32:36 CEST 2012 on sn-devel-104
This makes sure we generate unique persistent file ids,
which are stored in smbXsrv_open_global.tdb.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 29 21:01:11 CEST 2012 on sn-devel-104
struct smbXsrv_open will represent a SMB 1 or SMB 2
open file handle, while 'files_struct' will be changed
to handle just the protocol independent glue for the SMB_VFS layer.
Note: the format is not stable yet, we need to add more things
when we start to support durable handles.
metze
use return instead of exit in configure tests to fix those warnings:
warning: incompatible implicit declaration of built-in function 'exit'
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Jun 29 19:08:54 CEST 2012 on sn-devel-104
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jun 29 17:06:05 CEST 2012 on sn-devel-104
This matches the function's intention much closer, since it
also tests whether we have a valid local read only copy.
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
The introduction of read only copies has broken the algorithm for
deteting whether we can use the local record copy for fetch_locked
and fetch: For fetch locked the new code always uses the local copy
if there is one...
This patch re-establish the original algorithm for the build against
a ctdb without read only record copies.
Reported-by: Gregor Beck <gbeck@sernet.de>
Don't expose a libccan.so; it would produce clashes if someone else
does the same thing. Unfortunately, if we just change it from a
SAMBA_LIBRARY to a SAMBA_SUBSYSTEM, it doesn't create a static library
as we'd like, but links all the object files in. This means we get
many duplicates (eg. everyone gets a copy of tally, even though only
ntdb wants it).
So, the solution is twofold:
1) Make the ccan modules separate.
2) Make the ccan modules SAMBA_SUBSYSTEMs not SAMBA_LIBRARYs so we don't
build shared libraries which we can't share.
3) Make the places which uses ccan explicit.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Fri Jun 29 06:22:44 CEST 2012 on sn-devel-104
Will allow thread-specific credentials to be added by modifying
the central definitions. Deliberately left the setXX[ug]id()
call in popt as this is not used in Samba.
If the client hasn't consumed the lowest seqnum, but the distance
between lowest and highest seqnum has reached max credits.
In that case we should stop granting credits.
metze
This should also fix the build on Tru64. Tru64 has a POSIX compliant statvfs()
function while most *BSD systems ignore POSIX.
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Thu Jun 28 23:07:23 CEST 2012 on sn-devel-104
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Thu Jun 28 16:43:13 CEST 2012 on sn-devel-104
This is SMB1 code...
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jun 28 14:47:45 CEST 2012 on sn-devel-104
All calls which take an file handle have the same,
so we should also log it, when we create a handle.
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jun 28 12:41:49 CEST 2012 on sn-devel-104
fsp->fnum and lock->fnum are uint64_t already and we should not truncate the value here.
Currently this doesn't matter as we only use 16-bit.
But as 'int' is int32_t and we later compare fnum with lock->fnum == fnum,
the cast from int32_t to uint64_t goes via int64_t instead of uint32_t.
This means even if fsp->fnum just uses 32-bit of the uint64_t
we'll get the wrong result, as the implicit cast from a negative int32_t
value to uint64_t adds 0xFFFFFFFF00000000.
metze
This helps clarify the role of this structure and wrapper function.
The purpose here is to provide helper functions to the lib/param
loadparm_context that point back at the s3 lp_ functions. This allows
a struct loadparm_context to be passed to any point in the code, and
always refer to the correct loadparm system. If this has not been
set, the variables loaded in the lib/param code will be returned.
As requested by Michael Adam.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 27 17:11:16 CEST 2012 on sn-devel-104
If these were left as defaults, they cause issues when the backend (pdb_samba4)
returns the internal defaults from the directory, not the defaults from samu_new()
Andrew Bartlett
grep -E doesn't work on Solaris /usr/bin/grep e.g.
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Jun 27 02:18:07 CEST 2012 on sn-devel-104
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Jun 26 21:43:49 CEST 2012 on sn-devel-104
This is the code that is executed in a registry transaction.
The purpose of the refactoring is to be able to simplify and
untangle the code structure in the sequel.
Change the generic print backend to fill the printing backend job
identifier (sysjob) on submission of a new job.
This is needed to ensure correct mapping of spoolss jobs and entries in
the backend print queue.
This and the last 13 commits attempt to address bug 8719.
Currently the generic print backend does not fill the printing backend
job identifier (sysjob) on submission of a new job. The sysjob
identifier is required to correctly map jobs in the printer queue to
corresponding spoolss print jobs.
Passing the lpq command to job_submit allows the generic print backend
to check the printer queue for the new job following submission. This
behaviour will come in a later commit.
print_job_find() currently returns print jobs to callers via a
statically allocated variable, this is particularly messy as the
device mode is talloced under the static variable.
This change adds or passes a talloc context to all callers, giving them
ownership of the returned print job.
Print jobs maintain two job identifiers, the jobid allocated by the
spoolss layer (pj->jobid), and the job identifier defined by the
printing backend (pj->sysjob).
Printer job queues currently only contain a single job identifier
variable (queue->job), the variable is sometimes representative of the
spoolss layer job identifier, and more often representative of the
printing backend id.
This change renames the queue job identifier from queue->job to
queue->sysjob, in preparation for a change to only store the printing
backend identifier.
The spoolss print job identifier is now passed to the cups layer via
struct printjob, therefore it is no longer necessary to parse the job
filename to determine it.
Printing code in some places relies upon the spool-file format to
retrieve the print jobid. By storing the jobid as part of struct
printjob, and hence in the printing TDB, we can move away from this ugly
behaviour.
eff3609 moved the async signal handler initialization to later in the process
to enable aio_fork and aio_pthread on platforms without realtime signals. This
commit broke the use of the native aio interface. aio_pending_size is
initialized to 0, so aio.c will not allow async i/0 at all if modules do not
set that variable correctly. Initialize to 100 right from the start.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jun 26 14:08:22 CEST 2012 on sn-devel-104
prefer to use function syntax with (...) to make variables local
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Tue Jun 26 00:32:11 CEST 2012 on sn-devel-104
Note: raw.session.reauth2 still fails:
failure: samba3.raw.session.reauth2(s3dc) [
_StringException: _StringException: ../source4/torture/raw/session.c:186: status
was NT_STATUS_ACCESS_DENIED, expected NT_STATUS_OK: 2nd open failed
But it's not critical as real clients won't reauth as anonymous.
metze
