sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
57,611 Commits 60 Branches 1,145 Tags 452 MiB
5a1606269a
Commit Graph

30544 Commits

Author SHA1 Message Date
Jeremy Allison
6747a91ca0 Fix bug 6891 - using windows explorer to change ownership on a folder fails with Bad File Descriptor. 
Jeremy.
 2009-11-12 13:08:04 -08:00
Jeremy Allison
83c2c177a5 Ensure every return path initializes presult as NULL. 
Ensures no crashes in calling code that forgets to
init return as null.
Jeremy.
 2009-11-12 11:49:54 -08:00
Günther Deschner
61f0b24763 s3-kerberos: remove smb_krb5_get_tkt_from_creds(). 
Now that cli_krb5_get_ticket() already handles S4U2SELF impersonation, remove
smb_krb5_get_tkt_from_creds() which is not required anymore.

Guenther
 2009-11-12 15:50:38 +01:00
Günther Deschner
0f8bf47d94 s3-kerberos: avoid using ERROR_TABLE_BASE_krb5 without checking. 
Guenther
 2009-11-12 15:50:37 +01:00
Volker Lendecke
8006e0e634 s3: Fix debug messages in check_reduced_name 2009-11-12 11:20:22 +01:00
Günther Deschner
b4e40958b7 s3-kerberos: add smb_krb5_principal_get_realm(). 
Guenther
 2009-11-12 10:22:39 +01:00
Jeremy Allison
a8769e6675 Second part of bugfix for 6865 - acl_xattr module: Has dependency that inherit acls = yes or xattrs are removed. 
We also need dos filemode = true set as well.
Jeremy.
 2009-11-11 18:35:18 -08:00
Jeremy Allison
8995d3d813 Fix bug 6878 - Cannot change ACL's inherit flag. 
Based on a patch submitted by Tsukasa Hamano <hamano@osstech.co.jp>,
this is a change in the POSIX ACL mapping to deal with the lossy
mapping for directory ACE entries:

 We have a lossy mapping: directory ACE entries
 CREATOR_OWNER ------\
     (map to)         +---> SMB_ACL_USER_OBJ
 owning sid    ------/

 CREATOR_GROUP ------\
     (map to)         +---> SMB_ACL_GROUP_OBJ
 primary group sid --/

 on set. And on read of a directory ACL

 SMB_ACL_USER_OBJ ----> CREATOR_OWNER
 SMB_ACL_GROUP_OBJ ---> CREATOR_GROUP.

 Deal with this on set by duplicating
 owning sid and primary group sid ACE
 entries into the directory ACL.

Jeremy.
 2009-11-11 12:17:47 -08:00
Michael Adam
73860163e7 s3:vfs_fs_capabilities: fix a debug message 
Michael
 2009-11-11 14:50:17 +01:00
Volker Lendecke
2b75933960 s3: Convert libsmb/cli_message to the async API 2009-11-10 23:48:22 +01:00
Günther Deschner
d241b9ae4c s3-rpc_client: make sure cli_rpc_pipe_open_schannel() does not always return NT_STATUS_OK. 
Guenther
 2009-11-10 13:10:12 +01:00
Günther Deschner
bbff69384e s3-samr: implement _samr_ValidatePassword(). 
Guenther
 2009-11-10 13:08:29 +01:00
Günther Deschner
46784b4d99 s3-chgpasswd: split out a check_password_complexity() function. 
Guenther
 2009-11-10 13:08:28 +01:00
Jeremy Allison
5d51618161 Fix bug 6880 - cannot list workgroup servers 
reported by Alban Browaeys <prahal@yahoo.com> with fix.
Revert 2e989bab07
with extra comments - this broke workgroup enumeration.
Jeremy.
 2009-11-09 12:44:47 -08:00
Günther Deschner
d7ce873391 s3-netlogon: enable RPC-NETLOGON-ADMIN test against s3. 
Guenther
 2009-11-09 17:36:53 +01:00
Volker Lendecke
a0b9e40b2c s3: Try to avoid dns searches with an empty site 2009-11-09 17:24:46 +01:00
Günther Deschner
8eac3075b6 s3-param: fix set_inherit_acls(). 
Jeremy, please check.

Guenther
 2009-11-09 16:03:38 +01:00
Volker Lendecke
bb283af16f Revert "s3: Do not directly reference the ndr_table_* in rpcclient" 
This reverts commit 70c698fd54.
 2009-11-08 19:43:47 +01:00
Volker Lendecke
e181b88978 Revert "s3: Do not reference ndr_table_<pipe> in the cli_ routines directly" 
This reverts commit daa964013b.
 2009-11-08 19:43:47 +01:00
Volker Lendecke
27847e8386 Revert "s3: Consolidate getting the name out of a pipes_struct" 
This reverts commit 9621306351.
 2009-11-08 19:43:47 +01:00
Volker Lendecke
47455b4d1a Revert "s3: Do not reference the ndr_tables in the server calls directly" 
This reverts commit 98fb71782e.
 2009-11-08 19:43:46 +01:00
Volker Lendecke
82c35e460e Revert "s3: Do not reference ndr_table when calling rpc_srv_register" 
This reverts commit 494b2aff88.
 2009-11-08 19:43:46 +01:00
Volker Lendecke
b02c46bef9 Revert "s3: Make run_rpc_command take strings instead of a ndr_interface_table" 
This reverts commit 53f2a1595e.
 2009-11-08 19:43:46 +01:00
Volker Lendecke
6a650d7d16 Revert "s3: Make libnetapi_open_pipe take strings instead of a ndr_interface_table" 
This reverts commit 5fc9d93408.
 2009-11-08 19:43:46 +01:00
Volker Lendecke
5fc9d93408 s3: Make libnetapi_open_pipe take strings instead of a ndr_interface_table 2009-11-08 13:12:16 +01:00
Volker Lendecke
53f2a1595e s3: Make run_rpc_command take strings instead of a ndr_interface_table 2009-11-08 13:12:15 +01:00
Volker Lendecke
494b2aff88 s3: Do not reference ndr_table when calling rpc_srv_register 2009-11-08 13:12:15 +01:00
Volker Lendecke
98fb71782e s3: Do not reference the ndr_tables in the server calls directly 
This involves storing the interface table in the pipes_struct
 2009-11-08 13:12:14 +01:00
Volker Lendecke
9621306351 s3: Consolidate getting the name out of a pipes_struct 2009-11-08 13:12:14 +01:00
Volker Lendecke
daa964013b s3: Do not reference ndr_table_<pipe> in the cli_ routines directly 2009-11-08 13:12:13 +01:00
Volker Lendecke
70c698fd54 s3: Do not directly reference the ndr_table_* in rpcclient 2009-11-08 00:28:36 +01:00
Volker Lendecke
5cdee7ae05 s3: Do the printing for DEBUGLEVEL>=10 centrally 
12 insertions(+), 10651 deletions(-)

I think that says it all :-)
 2009-11-07 11:07:37 +01:00
Volker Lendecke
cd16e38e32 s3: Register the ndr_interfaces dynamically 2009-11-07 09:14:16 +01:00
Volker Lendecke
268df12ab6 s3: Get rid of a NULL terminator 2009-11-07 09:14:16 +01:00
Volker Lendecke
a32c425f91 s3: Get rid of explicit pipe names 2009-11-07 09:14:16 +01:00
Volker Lendecke
2aa0af9867 s3: get_pipe_name_from_iface -> get_pipe_name_from_syntax 2009-11-07 09:14:15 +01:00
Jeremy Allison
bd2ffb1c7a Fix bug 6865 - acl_xattr module: Has dependency that inherit acls = yes or xattrs are removed. 
Jeremy.
 2009-11-06 21:53:07 -08:00
Jeremy Allison
afc5924020 Fix bug 6841 - "map acl inherit = yes" not working. 
The code to read the new V2 SAMBA_PAI entries had
two errors.
Jeremy.
 2009-11-06 17:03:29 -08:00
Günther Deschner
11687e84e3 s3-kerberos: let smb_krb5_get_tkt_from_creds() compile with older heimdal libs. 
Guenther
 2009-11-06 15:01:39 +01:00
Günther Deschner
53d49bb728 s3-netlogon: implement _netr_GetDcName and _netr_GetAnyDcName. 
Guenther
 2009-11-06 15:01:39 +01:00
Günther Deschner
440db5a94e Revert "s3-kerberos: add smb_krb5_parse_name_flags()." 
This reverts commit 17ef153b68.
 2009-11-06 13:48:23 +01:00
Günther Deschner
9e48dc2b78 s3-kerberos: support S4U2SELF impersionation through cli_krb5_get_ticket(). 
Guenther
 2009-11-06 13:35:20 +01:00
Günther Deschner
bb01aae1b9 s3-kerberos: use smb_krb5_get_credentials in ads_krb5_mk_req. 
Guenther
 2009-11-06 13:34:04 +01:00
Günther Deschner
60bf0eb607 s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg. 
Guenther
 2009-11-06 13:31:17 +01:00
Günther Deschner
6ca8a40976 s3-net: better use memory credential cache in net_ads_kerberos_pac(). 
Guenther
 2009-11-06 12:51:29 +01:00
Günther Deschner
58184b5fd4 s3-net: allow to call "net ads kerberos pac <impersonation principal> -P". 
Guenther
 2009-11-06 12:44:45 +01:00
Günther Deschner
5e26622510 s3-kerberos: add impersonate_principal for kerberos_return_pac_X calls. 
Guenther
 2009-11-06 12:44:15 +01:00
Günther Deschner
4ffbfc4475 s3-kerberos: add smb_krb5_get_tkt_from_creds(). 
Guenther
 2009-11-06 12:43:46 +01:00
Günther Deschner
bb75f713d6 s3-kerberos: fix some build warnings when building against heimdal. 
Guenther
 2009-11-06 12:43:33 +01:00
Günther Deschner
35dcc133c9 s3-kerberos: add smb_krb5_get_{creds,credentials} incl. support for S4U2SELF impersonation. 
Guenther
 2009-11-06 12:43:03 +01:00
Günther Deschner
0729df3661 s3-kerberos: remove duplicate prototype. 
Guenther
 2009-11-06 12:43:03 +01:00
Günther Deschner
17ef153b68 s3-kerberos: add smb_krb5_parse_name_flags(). 
Guenther
 2009-11-06 12:43:03 +01:00
Günther Deschner
2cd507fe14 s3-kerberos: add configure checks for krb5_get_creds_X api. 
Guenther
 2009-11-06 12:43:02 +01:00
Jeremy Allison
c99dd5c23e Got the logic simplification worked out so we still pass 
BASE-DELAYWRITE and also RAW-CLOSE.
Jeremy.
 2009-11-05 22:58:12 -08:00
Jeremy Allison
977fa4e377 Revert commit "0551284dc08eb93ef7b2b2227a45e5ec21d482fb" - simplify 
the logic. This was incorrect (I'll revisit this tomorrow).
Jeremy.
 2009-11-05 21:27:25 -08:00
Jeremy Allison
e434934526 Remove the smbd:writetimeupdatedelay change Metze added. Metze please 
explain why you added this. Change --maximum-runtime=900 for smbtorture4
with BASE-DELAYWRITE. Should allow it to successfully complete now.
Jeremy.
 2009-11-05 17:43:33 -08:00
Jeremy Allison
0551284dc0 Simplify the logic - remove extraneous argument and calls to set_close_write_time(). 
We were treating a file time set on close as a sticky write time set, and I don't
think it is. I will add a torture test later to RAW-CLOSE to confirm this.
Jeremy.
 2009-11-05 17:40:01 -08:00
Jeremy Allison
2f09516a6b Fix explicit set of write time on close. 
Jeremy.
 2009-11-05 17:12:11 -08:00
Jeremy Allison
7f9fe127ba Get closer to an accurate model of Windows timestamp changes. 
"Normal" non truncate writes always cause the timestamp to
be set on close. Once a close is done on a handle this can
reset the sticky write time to current time also.
Updated smbtorture4 confirms this.
Jeremy.
 2009-11-05 16:20:11 -08:00
Volker Lendecke
b6303f0372 s3: Fix a crash in notify_remove_onelevel when "change notify = no" 2009-11-05 15:08:57 +01:00
Volker Lendecke
b5afbb687d s3: Fix the talloc hierarchy in notify_remove_onelevel 
We want to free the record early, not when talloc_tos() is free'ed.
 2009-11-05 14:44:25 +01:00
Volker Lendecke
d415d4d32f s3: Add parameter "ctdb timeout" 
When something in the cluster blocks, it can happen that we wait indefinitely
long for ctdb, just adding to the blocking condition. In theory, nothing should
block, but as someone said "In practice the difference between theory and
practice is larger than in theory". This adds a timeout parameter in seconds,
after which we stop waiting for ctdb and panic.
 2009-11-05 12:05:36 +01:00
Bo Yang
dde1c42003 s3: Fix kerberos refresh chain. 
Signed-off-by: Bo Yang <boyang@samba.org>
 2009-11-06 08:24:51 +08:00
Jeremy Allison
170d6a3084 Fix debug comment (brain wasn't working...). 
Jeremy.
 2009-11-04 16:04:41 -08:00
Jeremy Allison
f44d3754ee Filter the returned DOS attributes by 0xFF for clients 
using older protocols (LANMAN2 or below).
Jeremy.
 2009-11-04 15:25:15 -08:00
Jeremy Allison
cbafe17bb3 Remove "Protocol" as an extern, and add accessor functions. 
Jeremy.
 2009-11-04 15:15:50 -08:00
Björn Jacke
51cb96271b s3: add support for full windows timestamps resolution on files 
setting nanosecond timestamps using utimensat() was first supported by Linux
kernel 2.6.22 and glibc 2.6. It's specified in POSIX.1-2008.

This effectively makes us use Windows' full 100ns timestamp resolution -
actually just an improvement from 10^-6 to 10^-7.

For now Linux CIFS vfs will also just be able to make use of 100ns resolution,
not 1ns.
 2009-11-04 15:54:51 +01:00
Andrew Bartlett
b5ce97511a libcli/nbt Move more of lmhosts lookup into common code 
This aims to eventually share this with Samba4.

Andrew Bartlett
 2009-11-04 14:58:25 +11:00
Günther Deschner
ccdd1462cc s3-netlogon: make sure we protect some function codes in _netr_LogonControl2Ex(). 
Guenther
 2009-11-04 00:55:49 +01:00
Günther Deschner
bb2e1ff631 s3-netlogon: let s3 pass against RPC-NETLOGON-S3 again. 
Guenther
 2009-11-04 00:55:45 +01:00
Günther Deschner
40f3f456bc s3-netlogon: implement _netr_NETLOGON_INFO_4 in netr_LogonControl2Ex() and friends as well. 
Guenther
 2009-11-04 00:55:18 +01:00
Günther Deschner
b3a2147497 s3-netlogon: implement remote trust account changing in netr_LogonControl2Ex() and friends. 
Guenther
 2009-11-04 00:55:09 +01:00
Günther Deschner
97496bb3ca s3-lsa: fill in some more info levels in _lsa_QueryInfoPolicy(). 
Add dummys (just like s4 does) and fill in some more appropriate error codes.

Guenther
 2009-11-03 22:19:26 +01:00
Günther Deschner
463b1eb2b5 s3-passdb: cleanup some callers of pdb_get_trusteddom_pw(). 
Guenther
 2009-11-03 22:10:31 +01:00
Jeremy Allison
31ce8eeb44 Fix debug statements to use correct function name. 
Jeremy.
 2009-11-03 11:22:19 -08:00
Jeremy Allison
7ae10fb892 requires_resume_key is a bool not int. 
Jeremy.
 2009-11-03 11:21:02 -08:00
Jeremy Allison
6a61befe37 Fix more of the RAW-SEARCH test. Older info levels are 
not 4 byte aligned (levels 1 - 3).
Jeremy.
 2009-11-03 11:19:24 -08:00
Volker Lendecke
b067a5e4e8 s3: Remove debug_ctx() 
smbd just crashed on me: In a debug message I called a routine preparing a
string that itself used debug_ctx. The outer routine also used it after the
inner routine had returned. It was still referencing the talloc context
that the outer debug_ctx() had given us, which the inner DEBUG had already
freed.
 2009-11-03 11:30:00 +01:00
Jeremy Allison
f9c9dee013 Convert from numbers to correct SMB_FIND_XX constant names. 
Jeremy.
 2009-11-02 16:17:36 -08:00
Michael Adam
cc5b22a016 s3:registry: add an extra check for dsize==0 to regdb_fetch_keys_internal() 
Don't only rely on dptr == NULL.
I stumbled over this one when rewriting some of the dbwrap_ctdb code.

Michael
 2009-11-03 01:02:39 +01:00
Michael Adam
f6f2151a39 s3:registry: add safety check for return value of tdb_unpack to regdb_fetch_keys_internal() 
Prevents segfaults in some situations.

(For a non existent or empty record, we sometimes rely on the fetch operation
 to return dsize==0 and sometimes we rely on dptr==NULL.)

Michael
 2009-11-03 01:02:38 +01:00
Michael Adam
25bdf27eaa s3:dbwrap_ctdb: add debug message to transaction_fetch_start() 
for the case that another local process has started a transaction
bewteen releasing the transaction_lock record and starting the
transaction.

Michael
 2009-11-03 01:02:38 +01:00
Michael Adam
9fef6a6666 s3:dbwrap_ctdb: split combined check in two and add descriptive debug 
in db_ctdb_transaction_fetch_start() for error conditions when re-fetching
the transaction_lock record inside the transaction

Michael
 2009-11-03 01:02:38 +01:00
Michael Adam
f37439efd2 s3:dbwrap_ctdb: fix race condition with concurrent transactions on the same node. 
In ctdb_transaction_commit(), when the trans2_commit control fails, there
is a race condition in the 1 second sleep between the local transaction_cancel
and the call to ctdb_replay_transaction(): The database is not locked, and
neither is the transaction_lock record. So another client can start and possibly
complete a new transaction in this gap, but only on the same node: The locking
of the transaction_lock record on a different node which involves migration of
the record to the other node has been disabled by introduction of the
transaction_active flag on the db which closes precisely this gap from the start
of the commit until the call to TRANS2_FINISH or TRANS2_ERROR.
But this mechanism does not cover the case where a process on the same node
tries to start a transaction: There is no obstacle to locking the transaction_lock
record because the record does not need to be migrated.

This commit closes this race condition in ctdb_transaction_fetch_start()
by using the new ctdb_ctrl_transaction_active() call to ask the local
ctdb daemon whether it has a transaction running on the database.
If so, the check is repeated until the running transaction is done.

This does introduce an additional call to the local ctdbd when starting
transactions, but it does close the (hopefully) last race condition.

Michael
 2009-11-03 01:02:37 +01:00
Michael Adam
08d2a3f4bf s3:configure: add a check for the new CTDB_CONTROL_TRANS2_ACTIVE 
Michael
 2009-11-03 01:02:37 +01:00
Michael Adam
9be4d3dd4f s3:dbwrap_ctdb: add new db_ctdb_transaction_active() that calls CTDB_CONTROL_TRANS2_COMMIT 
Michael
 2009-11-03 01:02:37 +01:00
Michael Adam
9bd6b9d9f6 s3:dbwrap_ctdb: fix a race in starting concurrent transactions on a single node 
There are two races in concurrent transactions on a single node.
One in starting a transaction and one with replay during commit.

This commit closes the first race by storing the client pid in the
transaction-lock record and comparing the stored pid against its own
pid after releasing the lock and refetching the record inside the
transaction.

Michael
 2009-11-03 01:02:36 +01:00
Michael Adam
8d61b8abbc s3:dbwrap_ctdb: use db_ctdb_ltdb_fetch() inside db_ctdb_transaction_fetch_start 
Michael
 2009-11-03 01:02:36 +01:00
Michael Adam
0ec476fca1 s3:dbwrap_ctdb: use db_ctdb_ltdb_fetch() inside db_ctdb_transaction_fetch() 
Michael
 2009-11-03 01:02:36 +01:00
Michael Adam
4973ff66ac s3:dbwrap_ctdb: add a function db_ctdb_ltdb_fetch() 
This fetches a record from the db and splits out the ctdb header.

Michael
 2009-11-03 01:02:35 +01:00
Michael Adam
6a898348fa s3:dbrwap_ctdb: add a function db_ctdb_ltdb_store() 
and use it in db_ctdb_store() and db_ctdb_transaction_store().

Michael
 2009-11-03 01:02:35 +01:00
Michael Adam
d5aa758482 s3:dbwrap_ctdb: reformat a comment slightly to enhance clearness. 
Michael
 2009-11-03 01:02:35 +01:00
Jeremy Allison
494d8271d4 Fix bug 6867 - trans2findnext returns reply_nterror(req, ntstatus) In a directory with a lot of files. 
Jeremy.
 2009-11-02 12:15:25 -08:00
Volker Lendecke
d9bdd17522 s3: Fix a 100% CPU loop when ctdbd dies during a traverse 2009-11-02 17:02:20 +01:00
Günther Deschner
f35a1b95aa s3-gencache: restore gencache_get behavior with NULL args (with torture test). 
Without this, we panic in wins_srv_is_dead() and fail to start nmbd with
wins support.

Volker, please check.

Guenther
 2009-11-02 13:04:26 +01:00
Volker Lendecke
ad6ee94950 s3: Make "debug hires timestamp" default to true 
It does not cost much and can help a lot when debugging
 2009-11-02 10:08:39 +01:00
Andrew Bartlett
7a290130bd lib/util Use rfc1738.c from Squid for all our URL encode/decode needs. 
Andrew Bartlett
 2009-11-02 16:36:52 +11:00
Björn Jacke
7006352206 s3:ldap: don't search when no values where found 2009-11-02 01:55:27 +01:00
Volker Lendecke
9ab1f793ff s3: Fix the RPC server SUBSYSTEM declaration 
If I read SMB_SUBSYSTEM right then the 2nd argument needs to be the file where
the static_init_rpc (in this case) is defined. This seems to have moved from
server.c to process.c.

Jelmer, please check!

Volker
 2009-10-31 11:28:55 +01:00
Björn Jacke
a80a0b7728 s3:Makefile: add LIBREPLACE_LIBS for talloc, tdb and wbclient 2009-10-31 10:37:44 +01:00