1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

109542 Commits

Author SHA1 Message Date
Amitay Isaacs
2cb5fdac42 ctdb-daemon: Add code to process ctdb_req_tunnel packets
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-10-10 11:45:19 +02:00
Amitay Isaacs
f4f5e7d2ad ctdb-protocol: Add req_tunnel counts to ctdb statistics
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-10-10 11:45:19 +02:00
Amitay Isaacs
9c51535775 ctdb-daemon: Add implementation of tunnel controls
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-10-10 11:45:18 +02:00
Amitay Isaacs
a41571a7da ctdb-protocol: Add controls to register/deregister tunnels
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-10-10 11:45:18 +02:00
Amitay Isaacs
c202b188bf ctdb-protocol: Add REQ_TUNNEL packet type
This allows to tunnel new protocols using ctdb transport.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-10-10 11:45:18 +02:00
Ralph Boehme
76a1c5a162 wbinfo: return "NOT MAPPED" instead of "S-0-0" for unmapped id-to-sid
Currently wbinfo --unix-ids-to-sids prints "S-0-0" for failed
mappings. Let it print "NOT MAPPED" instead.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 10 02:57:40 CEST 2017 on sn-devel-144
2017-10-10 02:57:40 +02:00
Ralph Boehme
0666093cb0 vfs_fake_acls: deny give-ownership
Windows doesn't allow giving ownership away unless the user has
SEC_PRIV_RESTORE privilege.

This follows from MS-FSA 2.1.5.1, so it's a property of the filesystem
layer, not the SMB layer. By implementing this restriction here, we can
now have test for this restriction.

Other filesystems may want to deliberately allow this behaviour --
although I'm not aware of any that does -- therefor I'm putting in this
restriction in the implementation of the chmod VFS function and not into
the caller.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-09 23:01:18 +02:00
Ralph Boehme
7e7afef819 vfs_acl_common: fix take ownership vs give ownership
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-09 23:01:18 +02:00
Ralph Boehme
e62f90a6d1 vfs_acl_common: factor out a variable declaration
Just some refactoring, no change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-09 23:01:18 +02:00
Ralph Boehme
cc555be4d0 s3/smbd/posix_acls: return correct status in try_chown
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-09 23:01:18 +02:00
Ralph Boehme
4b2e171e6b selftest: tests for change ownership on a file
This test verifies that SEC_STD_WRITE_OWNER only effectively grants
take-ownership permissions but NOT give-ownership. The latter requires
SeRestorePrivilege privilege.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-09 23:01:18 +02:00
Ralph Boehme
ff199d8e3e selftest: fix samba3.blackbox.inherit_owner.default test script test_inherit_owner.sh
Grant the test-user SeRestorePrivilege, this is needed for
give-ownership operations. And then granting SeRestorePrivilege requires
`net`, so add that as an additional argument to the script.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-09 23:01:17 +02:00
Ralph Boehme
3aff631509 selftest: fix acl_xattr test script test_acl_xattr.sh
The two "nt_affects_chgrp" tests called the wrong function so the
function nt_affects_chgrp() was never run.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-09 23:01:17 +02:00
Ralph Boehme
ea0ea829f5 selftest: fix acl_xattr test: sn-devel unreliable gid
The "nt_affects_chgrp" kept failing in a full autobuild on sn-devel
because the actual gid of the created file as returned by smbclient -c
getfacl was reliably the unix gid of my account. It should have been the
mapped domusers group for the primary users "Domain Users"
group. Running the test individually or even the full set of
"samba3.blackbox" tests didn't trigger the error.

Looks like an issue with vfs_fake_acls and vfs_xattr_tdb, but I wasn't
able to track it down. As the test only really want to ensure that
smbcacls -G set the gid to the requested value, just remove the check
for the actual initial gid.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-09 23:01:17 +02:00
Ralph Boehme
1fabe25339 selftest: fix acl_xattr test: grep ouput before munging
The check of the smbclient getfacl output for presence of a "^# group:"
line must be done before munging the saved output with a sed filter.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-09 23:01:17 +02:00
Ralph Boehme
71a2d06a1e selftest: fix acl_xattr test: group, not user
In nt_affects_chgrp() check for domadmins *group*, not user. This didn't
trigger an error as nt_affects_chgrp() isn't actually called, see next
commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-09 23:01:17 +02:00
Ralph Boehme
0f8de2dee5 selftest: fix acl_xattr test: changing owner
Don't give ownership to user "force_user" as user "$USERNAME", this
would fail with NT_STATUS_INVALID_OWNER, instead just take ownership as
user "force_user". Adding a corresponding ACE for "force_user" with FULL
rights ensures this works.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-09 23:01:17 +02:00
Jeremy Allison
272f1c9feb s3: smbd: Currently if getwd() fails after a chdir(), we panic.
Change this to return to the previous $cwd, and return -1 for the chdir().

If the return to the previous $cwd fails, still panic as we
can't return an unknown state.

Also do early return from failing SMB_VFS_CHDIR, reducing indentation level

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13027

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Böhme <slow@samba.org>
2017-10-09 23:01:17 +02:00
Ralph Boehme
a826394a2f smbcacls: no need to fetch the sd when changing ownership
Reading the SD may be denied but changing ownership could be allowed. As
we don't really need the server SD for the change ownership request,
don't fetch it.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct  7 00:04:54 CEST 2017 on sn-devel-144
2017-10-07 00:04:54 +02:00
Samuel Cabrero
fc03049ca1 s3: spoolss: Fix GUID string format on GetPrinter info
Fix regression introduced by commit a4157e7c5d which removed the braces
around the printer GUID in the printer info level 7 structure.

MS-RPRN section 2.2 says this protocol uses curly-braced GUIDs so printers
are deleted from the directory by the domain controller's pruning service.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12993

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct  6 05:21:25 CEST 2017 on sn-devel-144
2017-10-06 05:21:25 +02:00
Martin Schwenke
e1a8c9b270 ctdb-common: Make parse_ip() and parse_ipv4() static
parse_ip() has interface checking for IPv6 that is still used
indirectly by the IP takeover code via parse_ip_mask().  This will be
removed eventually.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Oct  5 09:19:31 CEST 2017 on sn-devel-144
2017-10-05 09:19:31 +02:00
Martin Schwenke
c98691c340 ctdb-common: Replace parse_ip() -> ctdb_sock_addr_from_string()
... and ctdb_sock_addr_set_port().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-10-05 05:19:21 +02:00
Martin Schwenke
330436bd6c ctdb-tests: Replace parse_ip() -> ctdb_sock_addr_from_string()
... and ctdb_sock_addr_set_port() where required.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-10-05 05:19:21 +02:00
Martin Schwenke
a0051b80d5 ctdb-tools: Replace parse_ip() -> ctdb_sock_addr_from_string()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-10-05 05:19:21 +02:00
Martin Schwenke
4683ef28ab ctdb-common: Remove unused function parse_ip_port()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-10-05 05:19:21 +02:00
Martin Schwenke
3ee9822f9d ctdb-tools: Replace parse_ip_port() -> ctdb_sock_addr_from_string()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-10-05 05:19:21 +02:00
Martin Schwenke
cadd0d51fb ctdb-common: Remove unused function ctdb_parse_connections()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-10-05 05:19:21 +02:00
Martin Schwenke
96e3ea5462 ctdb-tools: Use ctdb_connection_list_read()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-10-05 05:19:21 +02:00
Amitay Isaacs
ddd97553f0 ctdb-common: Do not queue a packet if queue does not have valid fd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13056

The only time a ctdb_queue is created without valid fd is when CTDB
is trying to establish connections with other nodes in the cluster.
All the other uses always create a ctdb_queue with valid fd.

This avoids queueing up packets for dead nodes or nodes that are not
running in the cluster and stops consuming memory.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-10-05 05:19:21 +02:00
Amitay Isaacs
bf11bea5db ctdb-tests: Send broadcast to connected nodes, not configured nodes
https://bugzilla.samba.org/show_bug.cgi?id=13056

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-10-05 05:19:21 +02:00
Amitay Isaacs
70d306373e ctdb-daemon: Send broadcast to connected nodes, not configured nodes
https://bugzilla.samba.org/show_bug.cgi?id=13056

Database recovery takes care of attaching missing databases on all the nodes.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-10-05 05:19:21 +02:00
Jeremy Allison
b07f22158d s3: VFS: Ensure default SMB_VFS_GETWD() call can't return a partially completed struct smb_filename.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13068

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Oct  4 14:05:33 CEST 2017 on sn-devel-144
2017-10-04 14:05:33 +02:00
Jeremy Allison
4800ed3595 s3: VFS: Protect errno if sys_getwd() fails across free() call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13069

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-10-04 10:06:15 +02:00
Jeremy Allison
fb9ce0685e s3: VFS: Ensure sys_getwd() doesn't leak memory on error on really old systems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13069

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-10-04 10:06:15 +02:00
Jorge Schrauwen via samba-technical
d774aeba5e vfs_solarisacl: fix build for samba 4.7 and up
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13049

Signed-off-by: Jorge Schrauwen <sjorge@blackdot.be>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-04 10:06:15 +02:00
Omri Mor
127b18eb96 s3/smbd: register Time Machine shares with Avahi
Adds support for automatically registering the required _adisk._tcp
mDNS record based on the setting of "fruit:time machine".

Signed-off-by: Omri Mor <omri50@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-04 10:06:15 +02:00
Kevin Anderson
4d6544593b docs/vfs_fruit: Add Time Machine support
Add the capability to advertise FULLSYNC volume capabilities
to clients that request them. This is mainly used for supporting
Mac OS Time Machine backups from clients. The capability does
not perform any additional action.

Signed-off-by: Kevin Anderson <andersonkw2@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-04 10:06:15 +02:00
Kevin Anderson
174e6cb5e6 vfs_fruit: Add Time Machine support
Add a configuration option to disable/enable Time Machine support via
the FULLSYNC AAPL flag.

Signed-off-by: Kevin Anderson <andersonkw2@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-10-04 10:06:15 +02:00
Ralph Boehme
064e17c0d6 net: groupmap cleanup should not delete BUILTIN mappings
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13065

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Oct  2 15:17:00 CEST 2017 on sn-devel-144
2017-10-02 15:17:00 +02:00
Ralph Boehme
6539cc8a24 lib/util/run_cmd: use a cleanup function instead of a destructor
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13062

Pair-programmed-with: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Sep 30 12:14:57 CEST 2017 on sn-devel-144
2017-09-30 12:14:56 +02:00
Ralph Boehme
94a8331e54 lib/util/run_cmd: remove a printf
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13062

Pair-programmed-with: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
2017-09-30 08:01:25 +02:00
Ralph Boehme
4aaf072d1f lib/util/run_cmd: ensure fd_stdin gets set to -1 in the destructor
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13062

Pair-programmed-with: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
2017-09-30 08:01:24 +02:00
Ralph Boehme
9a8eeabd95 lib/util/run_cmd: prevent zombies in samba_runcmd_send on timeout
Ensure the state desctructor calls tfork_destroy to reap the waiter and
worker processes. Otherwise we leave the waiter process as a zombie
behind us as we never call waitpid on it in case of a timeout
or talloc_free() from the caller.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13062

Pair-programmed-with: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
2017-09-30 08:01:24 +02:00
Volker Lendecke
ac521c2d7d lib: Fix a signed/unsigned hickup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-09-30 08:01:24 +02:00
Volker Lendecke
197304c922 lib: Remove talloc_dict
Looked like a good idea at its time, but its only user did not need
it anyway

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-09-30 08:01:24 +02:00
Volker Lendecke
762fba44d7 winbind: Remove the use of "talloc_dict"
As members we only collect names, indexed by sids. This is served
well by just a simple dbwrap_rbt.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-09-30 08:01:24 +02:00
Pooja Mahadik
3794fa0a98 Changes in samba vxfs plugin.
Implemented two VFS operations(set/fset dos attribute) for vxfs plugin.

Trapping set/clear of read-only attribute.

Signed-off-by: Pooja Mahadik <pooja.mahadik@veritas.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep 30 06:42:10 CEST 2017 on sn-devel-144
2017-09-30 06:42:10 +02:00
Marc Muehlfeld
0e9fcc3e75 vfs_snapper man page: Fixed typo
This commit corrects a small typo in vfs_snapper manpage.

Signed-off-by: Yvan Masson <yvan@masson-informatique.fr>
Reviewed-by: Marc Muehlfeld <mmuehlfeld@samba.org>

Autobuild-User(master): Marc Muehlfeld <mmuehlfeld@samba.org>
Autobuild-Date(master): Sat Sep 30 02:41:46 CEST 2017 on sn-devel-144
2017-09-30 02:41:46 +02:00
Noel Power
2c50bdfed0 docs: Improve wording around 'winbind expand groups' param
Signed-off-by: Noel Power <noel.power@suse.com>

Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>

Autobuild-User(master): Jim McDonough <jmcd@samba.org>
Autobuild-Date(master): Fri Sep 29 22:37:08 CEST 2017 on sn-devel-144
2017-09-29 22:37:08 +02:00
Ralph Wuerthner
05beefd50a s3:winbind: unmapped Unix users must be resolved locally
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Sep 29 18:33:21 CEST 2017 on sn-devel-144
2017-09-29 18:33:21 +02:00