IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The new string conversion wrappers detect and flag errors
which occured during the string to integer conversion.
Those modifications required an update of the callees
error checks.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 13 00:52:25 CET 2019 on sn-devel-144
It was initially removed in 78fd02cf31 but
is needed by the inf file parsing.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
With a preceding patch, cli_connect_nb() will return
NT_STATUS_NOT_SUPPORTED when 'disable netbios' is set in smb.conf.
Print an informative error message to indicate Netbios is disabled
if this occurs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13727
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Noel Power <nopower@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Jan 9 22:38:21 CET 2019 on sn-devel-144
This affects net rpc getsid and net rpc changetrustpw commands.
This avoids an anonymous IPC connection being made when -k is used,
this only affects net rpc getsid and net rpc changetrustpw commands.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13726
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Add a sleep command that pauses the target process for the specified
number of seconds
This command is only enabled on developer and self test builds.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add support of the smbcontrol inject fault command to the samba daemon.
This is useful for manual testing of process restart etc.
command is only enabled for developer and self test builds
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This command allows one to list allowed users, not modify them.
Signed-off-by: Olly Betts <olly@survex.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The help already implies that you can specify "targets" for net rpc
share allowedusers, but actually the tail end of the command line
is just ignored.
This patch allows a list of shares to be specified, and only those
shares are checked, which can be much faster if you're only interested
in a few shares on a server which exports lots.
This subcommand already accepts an optional filename for the output
of net usersidlist, with a default of stdin. Typically you'd just pipe
one command to the other so stdin is most likely what you want. This
patch adds support for a filename of "-" to mean stdin so that you can
specify stdin explicitly when you provide a list of shares, since in
this case the filename can't be omitted.
Signed-off-by: Olly Betts <olly@survex.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add support for the same -A authfile/--authentication-file authfile
option that most of the other tools already do.
Signed-off-by: Olly Betts <olly@survex.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Adhere to what we document in manual page for testparm that default
debug level is set to reasonable value 1.
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 29 11:52:22 CET 2018 on sn-devel-144
In case of error and at the end of processing the list
of realms have to be free'd again.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Nov 22 11:18:41 CET 2018 on sn-devel-144
In case of an error while processing and at the end of processing
the krb5 conext must be free'd.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
At more than one large site I've seen significant problems due to
gencache_stabilize. gencache_stabilize was mainly introduced to
survive machine crashes with the cache still being in place. Given
that most installations crash rarely and this is still a cache, this
safety is overkill and causes real problems.
With the recent changes to tdb, we should be safe enough to run on
completely corrupted databases and properly detect errors. A further
commit will introduce code that wipes the gencache.tdb if such a
corruption is detected.
There is one kind of corruption that we don't properly handle:
Orphaned space in the database. I don't have a good idea yet how to
handle this in a graceful and efficient way during normal operations,
but maybe this idea pops up at some point.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13199
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 26 09:58:07 CEST 2018 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 20 02:17:56 CEST 2018 on sn-devel-144
It's a pain to recompile the world if gencache.h changes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 19 18:52:50 CEST 2018 on sn-devel-144
[3762/3895] Compiling source3/utils/net_ads_gpo.c
../source3/utils/net_ads.c: In function ‘net_ads_cldap_netlogon_json’:
../source3/utils/net_ads.c:311:2: error: parameter name omitted
(ADS_STRUCT *, const char *,
^
../source3/utils/net_ads.c:311:2: error: parameter name omitted
../source3/utils/net_ads.c:312:16: error: parameter name omitted
const struct NETLOGON_SAM_LOGON_RESPONSE_EX *)
^
../source3/utils/net_ads.c: In function ‘net_ads_info_json’:
../source3/utils/net_ads.c:520:1: error: parameter name omitted
static int net_ads_info_json(ADS_STRUCT *)
^
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Sep 24 07:03:09 CEST 2018 on sn-devel-144
Use spaces and tabs consistently following the majority of the
printed output: tabs only for indenting, no space before the
colon separator, a single space after the separator.
The irregularities in formatting date back to the original commit
2c029a8b96..
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add JSON printer (option '--json') for the 'net ads lookup'
command. This outputs the same information as the plain version,
with integral ({LMNT,LM20} Token, NT Version) and boolean values
(Flags) not stringified.
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add the switch '--json' to 'net' to format the output as JSON.
The rationale is to supply the information in a machine-readable
fashion to complement the text version of the output which is
neither particularly well defined nor locale-safe.
The output differs from that of plain 'info' in that times are
not formatted as timestamps.
Currently affects only the 'net ads info' subcommand.
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This reflects that the event context is also used outside of the server
processes.
The command used for the rename:
find . -name '*.[hc]' -print0 | xargs -0 sed -i 's/server_event_context/global_event_context/'
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Initialize the messaging context through cmdline_messaging_context to
allow access to config in clustered Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13465
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Initialize the messaging context through cmdline_messaging_context to
allow access to config in clustered Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13465
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Initialize the messaging context through cmdline_messaging_context to
allow access to config in clustered Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13465
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Initialize the messaging context through cmdline_messaging_context to
allow access to config in clustered Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13465
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Use cmdline_messaging_context with its error checking instead of open
coding the same steps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13465
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Use cmdline_messaging_context to initialize a messaging context instead
of open coding the same steps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13465
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
smbpasswd does not use POPT_CREDENTIALS. Call cmdline_messaging_context
to initialize a messaging_context with proper error checking before
calling lp_load_global.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13465
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is only used by command line utilities and has additional
dependencies. Move to a separate file to contain the dependencies to the
command line tools.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13465
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Fix a confusing API: Many places TALLOC_FREE the path where it's not
clear you have to do it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 17 14:28:51 CEST 2018 on sn-devel-144
Fix a confusing API: Many places TALLOC_FREE the path where it's not
clear you have to do it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Fix a confusing API: Many places TALLOC_FREE the path where it's not
clear you have to do it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Found by covsan.
error[invalidScanfFormatWidth]: Width 128 given in format string (no. 2)
is larger than destination buffer 'sid_string[128]', use %127s to
prevent overflowing it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567
Pair-Programmed-With: Justin Stephenson <jstephen@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The eventlogadm binary needs write access to the registry which, by
default, is only possible as root.
https://bugzilla.samba.org/show_bug.cgi?id=13561
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 7 01:49:34 CEST 2018 on sn-devel-144
Usually you need to be root on a linux server to modify quotas. Even
with a linux server joined to a windows AD you could always log in as
local root with smbcquotas. However in recent builds this has changed.
This patch fixes this
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Jul 31 19:45:59 CEST 2018 on sn-devel-144
Add the ability to leave the domain with --keep-account argument to avoid
removal of the host machine account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13498
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Quite a bit of the contents have been passed explicitly anyway.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
../source3/utils/smbget.c: In function ‘smb_download_file’:
../source3/utils/smbget.c:97:27: error: ‘b’ directive output may be truncated writing 1 byte into a region of size between 0 and 19 [-Werror=format-truncation=]
snprintf(buffer, l, "%jdb", (intmax_t)s);
^
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
../source3/utils/smbpasswd.c: In function ‘process_root’:
../source3/utils/smbpasswd.c:414:37: error: ‘$’ directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
^
In file included from ../source3/include/includes.h:23,
from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between 2 and 257 bytes into a destination of size 255
#define slprintf snprintf
../source3/utils/smbpasswd.c:414:3: note: in expansion of macro ‘slprintf’
slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
^~~~~~~~
../source3/utils/smbpasswd.c:397:35: error: ‘$’ directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
slprintf(buf, sizeof(buf)-1, "%s$", user_name);
^
In file included from ../source3/include/includes.h:23,
from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between 2 and 257 bytes into a destination of size 255
#define slprintf snprintf
../source3/utils/smbpasswd.c:397:3: note: in expansion of macro ‘slprintf’
slprintf(buf, sizeof(buf)-1, "%s$", user_name);
^~~~~~~~
cc1: some warnings being treated as errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May 9 10:38:57 CEST 2018 on sn-devel-144
This only works right now because wb_common always tries privileged
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Not really performance critical, but I think it's worth establishing sample
code to use more stack variables than going out to talloc.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is a pure testing utility that will garble the netlogon_creds_cli
session_key. This creates a similar effect to our schannel credentials
as does a domain controller reboot.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Modify default behaviour of 'net ads keytab create'
The change modifies the behaviour of 'net ads keytab create' such
that only the keytab file is modified. The current behaviour doesn't
make sense, existing SPN(s) pulled from the computer AD object have
the format 'serviceclass/host:port/servicename'.
'ads_keytab_create_default' calls ads_keytab_add_entry passing
'serviceclass' for each SPN retrieved from the AD. For each
serviceclass passed in a new pair of SPN(s) is generated as follows
i) long form 'param/full_qualified_dns'
ii) short form 'param/netbios_name'
This doesn't make sense as we are creating a new SPN(s) from an existing
one probably replacing the existing host with the 'client' machine.
If the keytab file exists then additionally each kerberos principal in the
keytab file is parsed to strip out the primary, then 'ads_keytab_add_entry'
is called which then tries by default to generate a SPN from any primary
that doesn't end in '$'. By default those SPNs are then added to the AD
computer account for the client running the command.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This change modifies the behaviour of 'net ads keytab add' such
that only the keytab file is modified.
A new command 'net ads keytab add_update_ads' has been added that
preserves the legacy behaviour which can update the AD computer
object with Winows SPN(s) as appropriate. Alternatively the new
command 'net ads setspn add' can be used to manually add the
windows SPN(s) that previously would have been added.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
'net ads keytab add' currently in addition to adding to the
keytab file this command also can update AD computer objects
via ldap. This behaviour isn't very intuitive or expected given
the command name. By default we shouldn't write to the ADS.
Prepare to change the default behaviour by modifying the function
'ads_keytab_add_entry' to take a paramater to modify the existing
behaviour to optionally update the AD (or not).
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This patch adds 'delete' to the 'net ads setspn' subcommand
(see https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731241(v=ws.11)
Usage:
net ads setspn delete <computer> <SPN>
Note: <computer> is optional, if not specified the computer account
associated with value returned by lp_netbios_name() is used instead.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This patch adds 'add' to the 'net ads setspn' subcommand
(see https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731241(v=ws.11)
Usage:
net ads setspn add <computer> <SPN>
Note: <computer> is optional, if not specified the computer account
associated with value returned by lp_netbios_name() is used instead.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This patch adds basic functionality not unlike the setspn.exe
command that is provided by windows for adminsistering SPN on
the AD. (see https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731241(v=ws.11)
Only the basic list operation (that corresponds to the -l
switch for setspn.exe is implemented)
Usage:
net ads setspn list <computer>
Note: <computer> is optional, if not specified the computer account
associated with value returned by lp_netbios_name() is used instead.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
At present we don't detect errors, but when we do we'll return NULL.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
messaging already provides the sender id
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 16 00:56:36 CET 2018 on sn-devel-144
It's also in the share_entry, but that is redundant and will go
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Feb 8 14:50:49 CET 2018 on sn-devel-144
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Traversing a clustered tdb is a pretty expensive operation. If someone
really needs this command-line interface, we can re-add it for the local
node using messaging_dgm_forall. If someone needs that globally, there's
the "onnode all" script that could be used. Alternatively, we could
implement an enhanced ping broadcast message also returning a processes
unique id.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This used to be a hygiene command for clustered node startup. In
clustered mode, CLEAR_IF_FIRST does not work, records can stay alive
by means of recovery. serverid.tdb will soon die, so remove this
command.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The only user of this is an informative message in smbcontrol. I don't think
that's worth the effort.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
namemap_cache.c saves these as strv lists: An array of 0-terminated strings.
"net cache list" only printfs the values, so they would be cut off.
We might want to do this with other gencache values too in the future.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Currently for sessions where authentication is still in progress we
print uid and gid as -1.
With this change we nicely list them like this:
PID Username Group Machine Protocol Version ....
6604 (auth in progress) 127.0.0.1 (ipv4:127.0.0.1:47930) SMB3_11 ....
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reading the SD may be denied but changing ownership could be allowed. As
we don't really need the server SD for the change ownership request,
don't fetch it.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 7 00:04:54 CEST 2017 on sn-devel-144
This uses the NT4 replication commands. Samba does not have a server
for this, no tests, and whoever needs to migrate a native domain can
use an old Samba version
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
If a local user wants to change his password using smbpasswd and the
machine is a domain member, we need to make sure we authenticate against
our SAM and not ask winbind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12629
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 23 03:23:55 CEST 2017 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12974
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 18 14:01:27 CEST 2017 on sn-devel-144
GCC 7.1 produces an error:
‘snprintf’ output between 47 and 66 bytes into a destination of size 40
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 9 13:37:47 CEST 2017 on sn-devel-144
uint16_t get_fileinfo(...) returns file attributes, this function
called
cli_qfileinfo_basic(cli, fnum, &mode, NULL, NULL, NULL,
NULL, NULL, NULL);
which was failing with NT_STATUS_ACCESS_DENIED errors when fnum above
was obtained via (when using protocol > SMB). Note: This only seems to be
an issue when run against a windows server, with smbd SMB1 & SMB2 work fine.
status = cli_ntcreate(cli, filename, 0, CREATE_ACCESS_READ,
0, FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN, 0x0, 0x0, &fnum, NULL);
The failing cli_qfileinfo_basic call above is unnecessary as we can already
obtain the required information from the cli_ntcreate call
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Don't print the table header for every entry.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12875
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jul 4 00:12:46 CEST 2017 on sn-devel-144
secrets_delete_entry() fails if the key doesn't exist.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
4d404f2 added user-data for a g_lock. Print it in net g_lock dump.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
To be honest, it did not really make sense to just pass in
lock holders individually. You could argue that it made sense
with in reality only G_LOCK_WRITE around, but soon we will have
G_LOCK_READ and thus multiple lock holders on a single lock.
Now that we also have userdata, change the g_lock_dump API
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We should warn about security sensitive settings where we can,
client ipc signing has 2 values that can allow connections to proceed
without SMB signing. This may be unavoidable (e.g. connecting to legacy
systems) but nevertheless it is worthwhile to warn.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 6 22:40:12 CEST 2017 on sn-devel-144
Only access through utility functions. Remove all the local pointer aliases
that were just being set to cmdline_auth_info in the client tools.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The main purpose is to debug "hot" records from ctdb. ctdb tracks
contended records and identifies them by key in the dbstatistics:
DB Statistics: locking.tdb
[...]
Num Hot Keys: 1
Count:3 Key:6a4128e3ced4681b02a00000000000000000000000000000
This command allows querying additional information for the associated
key to identify the affected file. For now this only adds a subcommand
for the locking.tdb, but could be extended to others:
net tdb locking 6a4128e3ced4681b02a00000000000000000000000000000
Share path: /test/share
Name: testfile
Number of share modes: 2
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
if no password was given, ask for one
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12765
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Thu May 4 20:36:50 CEST 2017 on sn-devel-144
In ntlm_auth.c and authdata.c, the session info will be incomplete
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
This allows this use case to be clearly found when logged.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
lsa_LookupPrivDisplayName on Windows 2012R2 can return success and still return
a NULL name:
rpc_api_pipe: got frag len of 36 at offset 0: NT_STATUS_OK
rpc_api_pipe: host 172.18.103.80 returned 12 bytes.
lsa_LookupPrivDisplayName: struct lsa_LookupPrivDisplayName
out: struct lsa_LookupPrivDisplayName
disp_name : *
disp_name : NULL
returned_language_id : *
returned_language_id : 0x0000 (0)
result : NT_STATUS_OK
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 23 07:43:57 CET 2017 on sn-devel-144
Now that ea support is not required for vfs_fruit, drop the
check that it's enabled in shares using vfs_fruit.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Usage: mvxattr -s STRING -d STRING PATH [PATH ...]
-s, --from=STRING xattr source name
-d, --to=STRING xattr destination name
-l, --follow-symlinks follow symlinks, the default is to ignore them
-p, --print print files where the xattr got renamed
-v, --verbose print files as they are checked
-f, --force force overwriting of destination xattr
Help options:
-?, --help Show this help message
--usage Display brief usage message
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12490
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 10 22:24:59 CET 2017 on sn-devel-144
All users of POPT_COMMON_CREDENTIALS basically need the same logic,
while some ignore a broken smb.conf and some complain about it.
This will allow the future usage of config options in the
credential post processing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows SMB3 encryption instead of returning NT_STATUS_NOT_SUPPORTED.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Dec 19 13:41:15 CET 2016 on sn-devel-144
There're no callers which try to pass a raw lm_response directly anymore.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Dec 9 13:09:37 CET 2016 on sn-devel-144
