1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

94425 Commits

Author SHA1 Message Date
David Disseldorp
1e1b7b1021 torture: add local verification trailer parsing test
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr  9 03:44:15 CEST 2014 on sn-devel-104
2014-04-09 03:44:15 +02:00
Jeremy Allison
4f59580331 s3-lib/util: fix logic inside set_namearray loops.
Additional fix for bug #10544 - s3-lib/util: set_namearray reads across end of namelist string.

Not strictly needed as the initial fix addresses
the problem, but corrects the internal logic
inside the loops.

https://bugzilla.samba.org/show_bug.cgi?id=10544

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
2014-04-09 01:29:07 +02:00
Björn Baumbach
8f46b130c5 s3-lib/util: fix read across end of namelist string
If the namelist is not terminated with a '/', we try to read
the next character after the string termination '\0'.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr  8 21:44:16 CEST 2014 on sn-devel-104
2014-04-08 21:44:15 +02:00
Ralph Boehme
85041c88d8 wafsamba: replace dots in library names
Certain libraries use a version number with a dot in the library name,
eg libtracker-sparql-0.16. The dot is passed to the HAVE_LIBXXX macro
but dots aren't allowed in C macros, compiler diagnostic:

  warning: missing whitespace after the macro name

Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-08 19:26:13 +02:00
Andrew Bartlett
9d91f01b7b s4-wbclient: Cope with winbind returning an error
Change-Id: I8eaf858f9e9e55eec20aa2c585db5459fb73b887
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Apr  8 12:53:13 CEST 2014 on sn-devel-104
2014-04-08 12:53:13 +02:00
Amitay Isaacs
01de7818de ctdb-daemon: Always update database priority cluster wide
Database priority is a global property and all the nodes should have the
priority set for the databases.  Just setting priority on one node can
lead to problems in the recovery as a database can be frozen at wrong
priority and then freezing database would not succeed.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Apr  7 14:06:26 CEST 2014 on sn-devel-104
2014-04-07 14:06:26 +02:00
Jeremy Allison
5963519ec3 s3: smbd/nmbd/winbindd - fix append on trailing slash on system paths.
The xx_path() function incorrectly uses talloc_asprintf_append()
instead of talloc_asprintf() on a path that may have been modified
by the trim_string() call previously. talloc_asprintf_append()
always sticks the new text at the *end* of the allocated buffer,
not at the end of the string.

Fix bug #10538 - Daemons crashing when lock/state/cache directory parameter has a trailing slash

https://bugzilla.samba.org/show_bug.cgi?id=10538

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Apr  5 13:40:30 CEST 2014 on sn-devel-104
2014-04-05 13:40:29 +02:00
Björn Baumbach
c35b31f452 s3: enforce a positive allocation_file_size for non-empty files
Some file systems do not allocate a block for very
small files. But for non-empty file should report a
positive size.

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr  5 03:09:00 CEST 2014 on sn-devel-104
2014-04-05 03:09:00 +02:00
Alexander Werth
69b7631ca7 vfs: Store ACL control flags in gpfs vfs module.
Use literals to allow a compile and execution on gpfs 3.4.

Signed-off-by: Alexander Werth <alexander.werth@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-05 00:50:14 +02:00
Alexander Werth
a5d5bdc36b vfs: Support NFS control flags in nfs4_acls.c.
The ACL control flags stores in particular the dacl protected bit
which is responsible for the "Include inherited permissions from
this object's parent" checkbox. This stores the information in the
ACL struct passed to and from file system specific vfs modules.

Signed-off-by: Alexander Werth <alexander.werth@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-05 00:50:14 +02:00
Lukas Slebodnik
e1df75b5a9 talloc: Update flags in pytalloc-util pkgconfig file
After exapnding, @LIB_RPATH@ will be -Wl,-rpatch,/usr/local/lib if rpath is
used on install. But "-Wl," will be passed to linker and should not be among
CFLAGS. Other pkgconfig files have @LIB_RPATH@ in the right place.
    @see commit 735c1cd2da

Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr  4 23:50:25 CEST 2014 on sn-devel-104
2014-04-04 23:50:25 +02:00
Lukas Slebodnik
a83c5240b1 tevent: Update flags in tevent pkgconfig file
After exapnding, @LIB_RPATH@ will be -Wl,-rpatch,/usr/local/lib if rpath is
used on install. But "-Wl," will be passed to linker and should not be among
CFLAGS. Other pkgconfig files have @LIB_RPATH@ in the right place.
    @see commit 735c1cd2da

Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-04 21:35:34 +02:00
Günther Deschner
5f8f1be7a8 s3-kerberos: make ipv6 support for generated krb5 config files more robust.
Older MIT Kerberos libraries will add any secondary ipv6 address as
ipv4 address, defining the (default) krb5 port 88 circumvents that.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Apr  4 16:33:12 CEST 2014 on sn-devel-104
2014-04-04 16:33:12 +02:00
Shekhar Amlekar
fc4845f481 s3: rpc_server/srvsvc: count open files in NetConnEnum
Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr  3 21:19:43 CEST 2014 on sn-devel-104
2014-04-03 21:19:43 +02:00
Shekhar Amlekar
fe6ec8c111 s3: rpc_server/srvsvc: count share connections in NetConnEnum
Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2014-04-03 19:01:12 +02:00
Shekhar Amlekar
e68547204f s3: rpc_server/srvsvc: added routines to compute opens on share connections.
Added routines count_share_opens() and share_file_fn() to count
opens on share connections.

Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2014-04-03 19:01:12 +02:00
Shekhar Amlekar
992c86d715 s3: rpc_server/srvsvc: Added routines to count share connections.
Added routines count_share_conns() and share_conn_fn() to count
connections to a share.

Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2014-04-03 19:01:12 +02:00
Michael Adam
375d46791c autorid: use the db argument in the initialize traverse action.
By a copy and paste error, the global autorid_db was used.
This was not currently a problem in behaviour, because this
autorid_db is passed as the argument.

This change fixes the callback function for consistency.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr  3 08:36:55 CEST 2014 on sn-devel-104
2014-04-03 08:36:55 +02:00
Jeremy Allison
837671f476 s3: messages: Implement cleanup of dead records.
When a smbd process dies, pending messages.tdb records for this process
might not get cleaned up. Implement a cleanup for dead records that is
triggered after a smbd dies uncleanly; the records for that PID are
deleted.

Based on a patchset from Christof Schmitt <cs@samba.org>.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2014-04-03 06:22:13 +02:00
Michael Adam
5cf6e9c852 autorid: make the whole initialization atomic with one transaction.
Originally, there were several writing operations:

- store the range HWM
- store the alloc uid HWM
- store the alloc gid HWM
- store the config
- create mappings for a whole list of wellknown sids

Each of these consisted of its own transaction,
the wellknown preallocation even of one transaction per sid.

This change wrapps all of these in one big transaction.
Thereby making the whole initialization atomic, and
with respect to the creation of the wellknown mappings
also more deterministic.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr  3 02:41:25 CEST 2014 on sn-devel-104
2014-04-03 02:41:25 +02:00
Michael Adam
fc987cf289 autorid: initialize: fix typo in and further improve a debug message.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
e9796edaa8 autorid: initialize: use the split db_open and init_hwms function instead of db_init
This way, we can later put all of the storing functions inside one transaction.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
90d8e0f8bc autorid: initialize: open the autorid db as late as possible.
But make sure to link the db context to commonconfig afterwards.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
3aaaef40d5 autorid: initialize: link config to commonconfig as soon as it is allocated.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
20a2e7f0a9 autorid: initialize: link commonconfig to dom as soon as it is allocated
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
963a05b7e8 autorid: initialize: store config directly before allocating well knowns.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
9e519d97c3 autorid: split idmap_autorid_db_open and idmap_autorid_init_hwms out of idmap_autorid_db_init
These will be used separately in the full initialization function.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
801556fbfd autorid: in idmap_autorid_saveconfig, add a debug msg when loading gives error
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
d9c216343b autorid: improve the precision of the DEBUG at the end of add_range
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
fd56a63a87 autorid: add a DEBUG upon talloc fail in the add_range function.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
38157a093b autorid: when storing a new range, always check it does not exist.
Also check for existence when the range is >= the HWM,
typically the "acquire" case where we bump the HWM.
In case of external modification, we would previously
simply overwrite an an existing range mapping. Now we
check and throw INTERNAL_DB_CORRUPTION in this case.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
0bfb078719 autorid: fix a potential for data corruption.
The initialization of the HWM values in autorid.tdb was racy:

It did:

1. fetch the HWM value
2. if it did not exist, store 0 in a transaction.

This can be racy if two processes at the same time try to
run the initialization code, especially in a cluster, when
winbindd and smbd are started simultaneously on all nodes.
The race is that the HWM is not re-fetched inside the transaction.

Assume both processes see that the HWM does not exist.
Both try to start a transaction. Process 1 gets the lock
and process 2 blocks. After Process 1 has stored the
HWM, it proceeds and manages to start subsequent transactions
which also bump the HWM value (e.g. a range allocation,
which is also triggered from allocation code). When
process 2 finally manages to start the transaction, the
HWM value is aready > 0. But process 2 does not look again
and simply overwrites the HWM with 0.

So the next allocation will overwrite an existing mapping,
at least partially.

This patch changes the mechanism to:

1. fetch the hwm value
2. if it does not exist start a transaction
3.   fetch the hwm value
4.   if it does not exist, store 0
5. commit the transaction.

Note: this is not theoretical. Corruptions have been
seen in cluster environments.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
758308c25a autorid: print debug message when a HWM key has been created
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
6ec437ccb5 autorid: reverse logic flow in idmap_autorid_init_hwm(), decreasing indentation.
I.e. move writing case to the end.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:28 +02:00
Michael Adam
70cfe221b0 autorid: store hwm as uint32_t in idmap_autorid_init_hwm()
The HWM is treated as uint32_t all the times.
This was just a leftover from old code.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:27 +02:00
Arvid Requate
c3719a6fee dfs_server: get_dcs: fix pointer list termination
Should fix a potential SEGV e.g. in case searched_site == NULL and no
objects with objectClass=site are found.

Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-04-03 00:26:27 +02:00
Noel Power
32b35b8d92 script to generate content for libcli/util/nterr.c & libcli/util/ntstatus.h
A ropey script to generate some missing NT_STATUS error codes and
and descriptions. The script generates ntstatus.c & ntstatus.h
whose contents are used to extend the existing contents of
libcli/util/nterr.c & libcli/util/ntstatus.h

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr  2 22:40:06 CEST 2014 on sn-devel-104
2014-04-02 22:40:06 +02:00
Noel Power
e9522b5ee3 Add error codes and message descriptions for NTSTATUS
Error codes and descriptions were autogenerated from [MS-ERREF]
see http://msdn.microsoft.com/en-us/library/cc704588.aspx
Additionally some missing error descriptions for existing errors were
identified and generated.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-02 20:25:07 +02:00
Noel Power
983fc4e4a4 Use correct error code value for NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-02 20:25:07 +02:00
Noel Power
4f9dd94819 script to generate libcli/util/hresult.c & libcli/util/hresult.h
This hacky script was used to generate the contents of libcli/util/hresult.c
& libcli/util/hresult.h. It expects the table contents of
http://msdn.microsoft.com/en-us/library/cc704587.aspx cut'n'pasted into
the text file specified as it's single required input param

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-02 20:25:07 +02:00
Noel Power
57a4319baa Allow FSRVP access generic HRESULT error message descriptions
FSRVP can possibly return any HRESULT error in addition to it's own
specific errors. This change searches the HRESULT errors for a description
if the error doesn't match any of the known FSRVP ones.
Also removed some errors defined in fsrvp.idl (now that they are defined
in hresult.h)

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-02 20:25:07 +02:00
Noel Power
027afd11ca Add autogenerated HRESULT error codes and descriptions from MS_ERREF
error codes & string descriptions are generated from
http://msdn.microsoft.com/en-us/library/cc704587.aspx, additionally there
is a function to return the error description from the error code,
this function will also try to determine the error description
associated with a W_ERROR code translated as a HRESULT.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-02 20:25:07 +02:00
Andrew Bartlett
85f57ebda3 torture-samr: Add testing of account lockout and password change behaviour
This is the regression test to avoid a repeat of CVE-2013-4496

This includes confirming that badPwdCount is updated on login, not just on first failure

However the badPwdCount is not updated if the account is disabled

Note: that samr_QueryUserInfo return the effective bad_password_count in level
5, 16 and 21, while it returns the raw value in level 3.

(Sadly the s3 code does not do this correctly, so a knownfail is added)

Change-Id: I4fd8ac5c3b1357e7a98386756dac2a43eb778ecf
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr  2 19:30:59 CEST 2014 on sn-devel-104
2014-04-02 19:30:59 +02:00
Andrew Bartlett
311de5fb4a selftest: Run rpc.samr.passwords.badpwdcount against s3dc
Change-Id: I9529def954521bf8ab05212759a2ef6bbe9913f8
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-02 17:12:48 +02:00
Andrew Bartlett
6a4bedd36a torture-samr: Add test for lockout with and without a password history
Change-Id: I6f4b3e92feabe4ff09839329b0db3d33cc6c73b4
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-02 17:12:48 +02:00
Andrew Bartlett
3c731783e0 torture-samr: Improve rpc.samr.passwords.badpwdcount test
Change-Id: I89ac30d715e89f14aca049e0e5c5043a39ab93c7
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-02 17:12:48 +02:00
Andrew Bartlett
e266f610db selftest: Add test for password lockout
Change-Id: Ia690b83f82b5ad7b02b203ffdecd2e05066b6711
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2014-04-02 17:12:48 +02:00
Andrew Bartlett
05c2f83f26 dsdb: Allow SAMR server to return the computed, not actual badPwdCount
This matters after the lockout observation period has expired.

Note: that QueryUserInfo level 3 returns the raw badPwdCount value.

Andrew Bartlett

Change-Id: I7b304a50984072bc6cb1daf3315b4427443632a9
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-02 17:12:47 +02:00
Stefan Metzmacher
6ac62b3000 s4:rpc_server/samr: passdown unmodified acct_flags to the ldb layer.
The samldb module will handle the verification and magic.

Change-Id: If38e0ed229b98eac4db9b39988de4a25f9a352f2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-04-02 17:12:47 +02:00
Stefan Metzmacher
50b9748fc5 s4:dsdb/samldb: rework samldb_user_account_control_change()
- Removing ACB_AUTOLOCK/UF_LOCKOUT from the effective userAccountControl flags
  (combined with msDS-User-Account-Control-Computed) results in
  lockoutTime=0 (implying badPadCount=0).

- We also do more validation of the account type flags now.

Change-Id: If7f224cf60920037a0ae19a10d116ac265771a4c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-04-02 17:12:47 +02:00