1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

86084 Commits

Author SHA1 Message Date
Stefan Metzmacher
1d54d8c501 libcli/smb: use SMB1 MID=0 for the initial Negprot
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10144

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17 07:52:29 +02:00
Howard Chu
6ed5b1c159 Cleanup map return codes
-1 was never a valid LDB return code, just use OPERATIONS_ERROR

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Tue Sep 17 07:51:45 CEST 2013 on sn-devel-104
2013-09-17 07:51:45 +02:00
Howard Chu
dcbd4ede2f Fix OpenLDAP partition configs
Update to use LMDB backend, BDB is deprecated
Update to support DomainDNSZones and ForestDNSZones partitions.

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-17 05:56:56 +02:00
Andrew Bartlett
f2bccebd91 lib/ldb-samba/ldb_ildap: Also skip special base DNs
This is so we do not search for @REPLCHANGED against ldap

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-17 05:56:56 +02:00
Stefan Metzmacher
6ef3c98ade docs-xml: document SMB3_02 as available protocol for the client side
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 17 05:55:04 CEST 2013 on sn-devel-104
2013-09-17 05:55:04 +02:00
Stefan Metzmacher
4912378402 s3:torture: add PROTOCOL_SMB3_02 handling
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17 04:00:41 +02:00
Stefan Metzmacher
66d3064333 lib/param: add PROTOCOL_SMB3_02 handling
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17 04:00:37 +02:00
Stefan Metzmacher
f8b3c712f0 libcli/smb: negotiate SMB3_DIALECT_REVISION_302 if PROTOCOL_SMB3_02 is requested
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17 04:00:33 +02:00
Stefan Metzmacher
80623b8593 libcli/smb: add PROTOCOL_SMB3_02
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17 04:00:23 +02:00
Stefan Metzmacher
4a401d6fcc libcli/smb: add SMB3_DIALECT_REVISION_302
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17 04:00:14 +02:00
Andrew Bartlett
4dacaef2ea dsdb: Use credentials.get_forced_sasl_mech()
This will allow us to force the use of only DIGEST-MD5, for example,
which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking
to OpenLDAP and Cyrus-SASL.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
2013-09-17 01:41:41 +02:00
Andrew Bartlett
3f464ca1f5 auth/credentials: Add cli_credentials_{set,get}_forced_sasl_mech()
This will allow us to force the use of only DIGEST-MD5, for example, which is useful
to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-16 14:44:28 -07:00
Andrew Bartlett
68f7cd1724 samba-tool domain provision: Make ldap_backend_startup.sh +x and take optional arguments
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-16 14:43:44 -07:00
Andrew Bartlett
ef830f7e71 samba-tool domain join: Set server role correctly to "active directory domain controller"
We changed the magic string when we reworked the list of server roles.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 16 23:33:41 CEST 2013 on sn-devel-104
2013-09-16 23:33:40 +02:00
Andrew Bartlett
f75dc8f4a5 s4-rpc_server/drsuapi: Print ldb error showing why we failed to perform the access check
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:37:20 +02:00
Andrew Bartlett
1d92d5b19b samba-tool domian join: Only print adminpass warning on subdomain creation
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:37:12 +02:00
Andrew Bartlett
84dc9f8cc1 samba-tool domain join: Add --quite and --verbose
This means we now use logger consistently between doimin join, domain dcpromo
and domain provision.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:37:04 +02:00
Andrew Bartlett
35e56d2b71 dsdb: Use dsdb_next_callback() rather than a no-op per-module callback
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:36:52 +02:00
Andrew Bartlett
650eca0e06 join.py: Restore support for joining as a subdomain
This set of patches fixes up the errors that were introduced into the partial support
during the past couple of years.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:36:45 +02:00
Andrew Bartlett
cccc0dee04 dsdb: Add DSDB_SEARCH_ONE_ONLY support to dsdb_module_search*()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:36:36 +02:00
Andrew Bartlett
3af4f0377e join.py: Handle more error cases with useful exceptions
This will help track down strange failures in the future.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:36:28 +02:00
Andrew Bartlett
a5e4c4520a samba-tool domain join subdomain: Set "reveal_internals:0" control so we can see the ncName
The issue here is that we create the ncName remotely with DsAddEntry,
and then replicate it back.  However, at this point the naming context
pointed at by the ncName does not exist!  The issue is that the
extended_dn_out module then hides the link, because it points to a
missing object.  The reveal_internals control forces this link to be
returned, and so we can then find the GUID, to create the domain with
the right GUID.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:36:18 +02:00
Andrew Bartlett
347b2c65a4 ldb: Show the type of failing operation in default error message
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:35:49 +02:00
Andrew Bartlett
bbeca62ccf join.py: Show which database we failed to find the DN on (clarify local v remote)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:35:30 +02:00
Andrew Bartlett
ccb1beb9a3 join.py: Handle exceptions when looking for GUID in a DN
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:35:21 +02:00
Björn Jacke
20999fcaa1 tdb: Fix some typos in comments.
Thanks to Stewart A. Levin for reporting.

fixes bug #10136 (Documentation typos).

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Karolin Seeger <kseeger@samba.org>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Sep 12 13:54:41 CEST 2013 on sn-devel-104
2013-09-12 13:54:41 +02:00
Karolin Seeger
4af7b709e9 docs: Fix typos.
This is a follow-up patch for bug #10134 - Samba 4.0 is stricter in checking
acls for "open for execution".

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Sep 12 11:59:56 CEST 2013 on sn-devel-104
2013-09-12 11:59:55 +02:00
Volker Lendecke
8f411425f6 smbd: Properly protect against invalid lock data
If someone messes with brlock.tdb and inserts an invalid record length,
this will lead to memcpy overwriting a few bytes behind malloc'ed data.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 12 03:26:45 CEST 2013 on sn-devel-104
2013-09-12 03:26:45 +02:00
Jeremy Allison
776db7d385 Fix is_legal_name() to not emit character conversion error messages.
Using next_codepoint() does the same check, but without the conversion
message.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-09-11 16:38:43 -07:00
David Disseldorp
40db563791 selftest: change to src dir for panic backtrace
When running selftest against a Samba3 target, the working directory is
set to st/s3dc/share. The existing "panic action" script attempts
obtain a backtrace for a paniced smbd process using GDB, which does not
locate debug info relative to the working directory.

This commit changes the S3 selftest panic action to first enter
the base source directory before attempting to obtain the backtrace,
ensuring that GDB can locate the debug info.

Signed-off-by: David Disseldorp <ddiss@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 12 00:19:39 CEST 2013 on sn-devel-104
2013-09-12 00:19:39 +02:00
Andrew Bartlett
403ddac6c8 dsdb: When using an LDAP backend, force use of the password from secrets.ldb
This makes testing from the command line much easier, as ldbsearch -H
sam.ldb will now just work as well as it did with a tdb-based
provision.

This code was removed from it's previous location outside the ldb
module stack in aabda85a2f.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Wed Sep 11 21:15:50 CEST 2013 on sn-devel-104
2013-09-11 21:15:50 +02:00
Volker Lendecke
73278cd19b smbd: Convert br_lck->lock_data to talloc
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Sep 11 10:15:38 CEST 2013 on sn-devel-104
2013-09-11 10:15:38 +02:00
Volker Lendecke
20cc710920 smbd: Move "struct byte_range_lock" definition to brlock.c 2013-09-11 08:27:11 +02:00
Volker Lendecke
07948ef6e1 smbd: Add brl_fsp access function 2013-09-11 08:27:11 +02:00
Volker Lendecke
6bcfc1a9da smbd: Add brl_num_locks access function 2013-09-11 08:27:11 +02:00
Volker Lendecke
635c35dc8d smbd: Use ZERO_STRUCT instead of memset 2013-09-11 08:27:11 +02:00
Volker Lendecke
e2bb3b0c4a smbd: Fix a typo 2013-09-11 08:27:11 +02:00
Volker Lendecke
2aa684453a smbd: Make brl_lock_failed static 2013-09-11 08:27:11 +02:00
Volker Lendecke
cca8faa621 smbd: Make brl_same_context static 2013-09-11 08:27:11 +02:00
Volker Lendecke
e533bf3ef1 smbd: Fix blank line endings 2013-09-11 08:27:10 +02:00
Korobkin
d809cf653b Raise the level of a debug.
Bug #10118 - Samba is chatty about being unable to open a printer

Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 11 03:10:08 CEST 2013 on sn-devel-104
2013-09-11 03:10:08 +02:00
Michael Adam
a2a3c9f36d docs: document "acl allow execute always"
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Sep 11 01:21:00 CEST 2013 on sn-devel-104
2013-09-11 01:20:59 +02:00
Michael Adam
1e29d73066 s3:smbd: ease file server upgrades from 3.6 and earlier with "acl allow execute aways"
3.6 and earlier allowed open for execution when execute permissions are
not present on a file. This has been fixed in Samba 4.0.

This patch changes smbd to skip the execute bit from the ACL check
in the open code if "acl allow execute always = yes", hence
re-establishing the old behaviour in this case.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-09-10 23:33:12 +02:00
Michael Adam
de3bc10ef6 loadparm: add new parameter "acl allow execute always"
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-09-10 23:30:19 +02:00
Christof Schmitt
c8c0632c87 s3:smb2_find: Return that timestamps do not exist as directories
When a Windows client receives a large directory listing while
querying snapshots, it sends a find request asking for the
timestamp as a directory. A Windows server returns NO_SUCH_FILE,
so make sure Samba returns the same. Otherwise the client will
get confused and display timestamps in the 'previous versions' dialog.

Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 10 22:38:51 CEST 2013 on sn-devel-104
2013-09-10 22:38:50 +02:00
Volker Lendecke
6bd5fef77d lib: serverid.h needs "struct db_record" declaration
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-10 11:33:39 -07:00
Shekhar Amlekar
2d14ab32bf s3: rpc_server/srvsvc: use find_sessions() in NetSessDel
instead of using list_sessions(), use find_sessions() that
builds the list of only the sessions of interest.

Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-10 11:32:50 -07:00
Shekhar Amlekar
69470a2efd s3:smbd/session: Added a routine find_sessions()
this routine builds a list of sessions from a
particular remote machine or user.

Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-10 11:32:46 -07:00
Shekhar Amlekar
340f7f125d s3:smbd/session: add filters to gather_sessioninfo()
added capability to filter sessions based on remote
machine name and user name.

Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-10 11:32:27 -07:00
Andreas Schneider
f942d019d1 doc: Update documentation of pam_winbind krb5 support.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Sep 10 15:35:20 CEST 2013 on sn-devel-104
2013-09-10 15:35:20 +02:00