1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

43420 Commits

Author SHA1 Message Date
Stefan Metzmacher
838cb53962 s3:cli_pipe: pass down creds->computer_name to NL_AUTH_MESSAGE
We need to use the same computer_name value as in the netr_Authenticate3()
request.

We abuse cli->auth->user_name to pass the value down.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:57 +02:00
Stefan Metzmacher
e96142fc43 s3:cli_pipe: make use of netsec_create_state()
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:57 +02:00
Stefan Metzmacher
9f2e81ae02 libcli/auth: maintain the sequence number for the NETLOGON SSP as 64bit
See [MS-NPRC] 3.3.4.2 The Netlogon Signature Token.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:56 +02:00
Stefan Metzmacher
04938cbeec s3:rpc_client: remove unused cli_rpc_pipe_open_ntlmssp_auth_schannel()
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:55 +02:00
Stefan Metzmacher
3302356226 s3:rpc_client: remove netr_LogonGetCapabilities check from rpc_pipe_bind*
It's done in the caller now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:55 +02:00
Stefan Metzmacher
eecb5bafba s3:rpc_client: add netr_LogonGetCapabilities to cli_rpc_pipe_open_schannel_with_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:54 +02:00
Stefan Metzmacher
e9c8e3fb92 s3:rpc_client: use netlogon_creds_copy before rpc_pipe_bind
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:54 +02:00
Stefan Metzmacher
90e28c1825 s3:rpc_client: fix/add AES downgrade detection to rpc_pipe_bind_step_two_done()
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:54 +02:00
Stefan Metzmacher
e77a64f505 s3:rpcclient: try to use NETLOGON_NEG_SUPPORTS_AES
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:53 +02:00
Stefan Metzmacher
04600634b3 s3:rpc_client: try to use NETLOGON_NEG_SUPPORTS_AES
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:53 +02:00
Stefan Metzmacher
beba32619a s3:libnet_join: try to use NETLOGON_NEG_SUPPORTS_AES
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:53 +02:00
Stefan Metzmacher
d82ab70579 s3:auth_domain: try to use NETLOGON_NEG_SUPPORTS_AES
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:52 +02:00
Stefan Metzmacher
11e0be0e72 s3:libsmb: remove unused cli_state->is_guestlogin
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10 09:18:52 +02:00
Susant Kumar Palai
a973b1ce7a VFS plugin was sending the actual size of the volume instead of the total number of block units because of which windows was getting the wrong volume capacity.
Signed-off-by: Susant Kumar Palai <spalai@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christopher R. Hertel <crh@samba.org>
2013-08-09 10:51:24 -07:00
Andreas Schneider
8b1a2144fe s3-netlogon: Connecting with the system token should be sufficient.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Aug  6 18:22:06 CEST 2013 on sn-devel-104
2013-08-06 18:22:06 +02:00
Andreas Schneider
4520787080 s3-rpc_server: Grant the system token full access.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2013-08-06 14:42:14 +02:00
Christof Schmitt
eb50fb8f3b FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end
labels_data_count already accounts for the unicode null character at the
end of the array. There is no need in adding space for it again.

Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug  6 04:03:17 CEST 2013 on sn-devel-104
2013-08-06 04:03:17 +02:00
Christof Schmitt
30e724cbff FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero
Otherwise num_volumes and the end marker can return uninitialized data
to the client.

Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
2013-08-05 17:10:56 -07:00
Ralph Wuerthner
270d29a743 s3:smbd: allow info class SMB_QUERY_FS_ATTRIBUTE_INFO to return partial data
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
2013-08-05 16:46:06 -07:00
Ralph Wuerthner
ec46f6b919 s3:smbd: allow info class SMB_QUERY_FS_VOLUME_INFO to return partial data
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
2013-08-05 16:46:06 -07:00
Ralph Wuerthner
616777f029 s3:smbd: allow status code in smbd_do_qfsinfo() to be set by information class handler
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
2013-08-05 16:46:06 -07:00
Ralph Wuerthner
a91d2b05ba s3:smbd: allow GetInfo responses with STATUS_BUFFER_OVERFLOW to return partial, but valid data
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
2013-08-05 16:46:06 -07:00
Ralph Wuerthner
a93f9c3d33 s3:smbd: return NT_STATUS_INFO_LENGTH_MISMATCH for GetInfo in case output_buffer_length is too small
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
2013-08-05 16:46:05 -07:00
Jeremy Allison
c8d8bb257a Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS.
Ensure we never wrap whilst adding client provided input.

Signed-off-by: Jeremy Allison <jra@samba.org>
2013-08-05 12:49:17 +02:00
Andreas Schneider
6659f0164c s3-libads: Print a message if no realm has been specified.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Aug  5 12:24:44 CEST 2013 on sn-devel-104
2013-08-05 12:24:43 +02:00
Stefan Metzmacher
94be8d63cd s3:rpc_client: rename same variables in cli_rpc_pipe_open_schannel_with_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:02 +02:00
Stefan Metzmacher
8a302fc353 s3:rpc_client: use the correct context for netlogon_creds_copy() in rpccli_schannel_bind_data()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:02 +02:00
Stefan Metzmacher
6ce645e03c s3:rpc_client: make rpccli_schannel_bind_data() static
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:02 +02:00
Stefan Metzmacher
7b3ddd1a0b s3:netlogon: make use of netlogon_creds_decrypt_samlogon_logon()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:01 +02:00
Stefan Metzmacher
d54c908ff5 s3:rpcclient: use talloc_stackframe() in do_cmd()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:01 +02:00
Stefan Metzmacher
05d9b4165a s3-net: avoid confusing output in net_rpc_oldjoin() if NET_FLAGS_EXPECT_FALLBACK is passed
"net rpc join" tries net_rpc_oldjoin() first and falls back to
net_rpc_join_newstyle(). We should not print the join failed
if just net_rpc_oldjoin() failed.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:01 +02:00
Günther Deschner
3e4ded48bb s3-net: use libnetjoin for "net rpc join" newstyle.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:01 +02:00
Günther Deschner
9cfa625160 s3-net: use libnetjoin for "net rpc testjoin".
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:01 +02:00
Stefan Metzmacher
1242ab0cb3 s3:libnet: let the caller truncate the pw in libnet_join_joindomain_rpc_unsecure()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:01 +02:00
Günther Deschner
d398a12f79 s3-libnetjoin: move "net rpc oldjoin" to use libnetjoin.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:01 +02:00
Günther Deschner
c4d6d75cf4 s3-libnetjoin: add machine_name length check.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:01 +02:00
Günther Deschner
cc0cbd4fdc s3: libnet_join: use admin_domain in libnetjoin.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:01 +02:00
Günther Deschner
c11a79c5a0 s3: libnet_join: add admin_domain.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:00 +02:00
Günther Deschner
a9d5b2fdf0 libcli/auth: also set secure channel type in netlogon_creds_client_init().
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:00 +02:00
Günther Deschner
b19e7e6638 s3-rpc_cli: pass down ndr_interface_table to rpc_transport_np_init_send().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:00 +02:00
Günther Deschner
c41b6e5c5e s3-rpc_cli: pass down ndr_interface_table to rpc_transport_np_init().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:00 +02:00
Günther Deschner
7bdcfcb37c s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_tcp_port().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:00 +02:00
Günther Deschner
0ff8c2d508 s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_get_tcp_port().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:00 +02:00
Günther Deschner
5c5cff0a72 s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_tcp().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:00 +02:00
Günther Deschner
8cd3a06051 s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_np().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:00 +02:00
Günther Deschner
34cc4b4095 s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:00 +02:00
Günther Deschner
9aa99c3cfb s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth_transport().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:00 +02:00
Günther Deschner
9813fe2b04 s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:00 +02:00
Günther Deschner
3dc3a6c848 s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_schannel_with_key().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:00 +02:00
Günther Deschner
7f169474fc s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_ntlmssp_auth_schannel().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:00 +02:00
Günther Deschner
f6d61b571d s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_schannel().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:29:59 +02:00
Günther Deschner
6886cff0a7 s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_interface().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:29:59 +02:00
Günther Deschner
9b4fb5b074 s3-rpc_cli: pass down ndr_interface_table to rpc_pipe_open_ncalrpc().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:29:59 +02:00
Günther Deschner
0ce2178f2f s3-libnetapi: pass down ndr_interface_table to pipe_cm() and friends.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:29:59 +02:00
Günther Deschner
77f7f2a976 s3-libnetapi: pass down ndr_interface_table to libnetapi_open_pipe().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:29:59 +02:00
Günther Deschner
fa37bbd9d0 s3-libnetapi: pass down ndr_interface_table to libnetapi_get_binding_handle().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:29:59 +02:00
Günther Deschner
a1368ca6ef s3-rpc_cli: remove prototype of nonexisting cli_rpc_pipe_open_krb5().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:29:59 +02:00
Günther Deschner
93e92faca9 s3-net: pass down ndr_interface_table to connect_dst_pipe().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:29:59 +02:00
Günther Deschner
6dc7c63efa s3-libads: Fail create_local_private_krb5_conf_for_domain() if parameters missing.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:29:59 +02:00
Stefan Metzmacher
cfeeb3ce3d s3:ntlm_auth: remove pointless credentials->priv_data = NULL;
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-05 17:48:02 +12:00
Jeremy Allison
b35a27b779 Ensure we can never integer wrap when working on client-supplied max_data_bytes.
This would only be possible with SMB2, and is already checked in the upper
SMB2 layers, but it really doesn't hurt to have these extra checks at time
of use also.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Sun Aug  4 16:54:04 CEST 2013 on sn-devel-104
2013-08-04 16:54:04 +02:00
Richard Sharpe
852c9ac34d There are tests all over the SMB1 code to check that srv_send_smb fails, but it never returns false.
Even if the write to the socket/fd fails, we never return false and
will keep reading stuff off of the input buffer until it is exhausted
and then we will exit.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Sat Aug  3 17:41:22 CEST 2013 on sn-devel-104
2013-08-03 17:41:22 +02:00
Christian Ambach
ba40d0d9d3 s3:lib/system fix build on AIX 7
AIX uses struct stat64 with struct timespec64, so direct assignment does
not work any more.

Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Aug  2 09:47:43 CEST 2013 on sn-devel-104
2013-08-02 09:47:43 +02:00
Gregor Beck
f556e71db7 Fix bug 9678 - Windows 8 Roaming profiles fail
Windows 8 tries to set 'ATTRIBUTE_SECURITY_INFORMATION' on some
dirs. Ignoring it makes roaming profiles work again.
Just like w2k3 gracefully ignore all the other bits.

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug  1 20:58:25 CEST 2013 on sn-devel-104
2013-08-01 20:58:25 +02:00
Ralph Wuerthner
f9d19c459f Ensure gpfs kernel leases are wrapped in a become_root()/unbecome_root() pair.
Ensures correct lease owner for signal delivery.

Signed-off-by: Ralph Wuerthner <ralphw@de.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug  1 03:57:11 CEST 2013 on sn-devel-104
2013-08-01 03:57:11 +02:00
Jeremy Allison
1af8b07929 Wrap setting leases in become_root()/unbecome_root() to ensure correct delivery of signals.
Remove workaround for Linux kernel bug https://bugzilla.kernel.org/show_bug.cgi?id=43336
as we don't need to set capabilities when we're already root.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
2013-07-31 17:07:58 -07:00
Jeff Layton
63db0694c4 torture: add LOCAL-sid_to_string testcase
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-31 15:16:18 -07:00
Jeff Layton
1a21bc0483 torture: add more string_to_sid torture testcases
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-31 15:16:15 -07:00
Michael Adam
8f8e843267 s3:winbind: add a warning DEBUG message when skipping a sid from the mapped GID list
This presents a potential security problem when ACLs contain DENY ACEs.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Jul 29 14:42:27 CEST 2013 on sn-devel-104
2013-07-29 14:42:27 +02:00
Michael Adam
482212e3d3 s3:winbind: change getgroups to only do one sids2xids call instead of many
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-07-29 12:53:55 +02:00
Michael Adam
6e41745173 s3:winbind: fix the getgroups implementation to include the user sid's GID in case of ID_TYPE_BOTH
This is important for acl checks on the unix level where only a group ace
has been added to the ACL for the user sid, e.g. when accessing Files with
nfs or local unix processes.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-07-29 12:53:54 +02:00
Michael Adam
f62219e71a s3:winbind: fix gid counting and error handling in the getgroups implementation
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-07-29 12:53:54 +02:00
Günther Deschner
7ad3a367d5 s3-winbindd: support the DIR pragma for raw kerberos user pam authentication.
It is currently only available in MIT. In addition, allow to define custom
filepaths for FILE, WRFILE and DIR pragmas and substitute one occurence of the
%u pattern.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-23 15:39:29 -07:00
Volker Lendecke
fe06e1b0a3 smbd: Fix CID 1035536 Uninitialized pointer read
rpc_pipe_open_interface just returns okay if the pipe in question is
already open. For this, it needs to read the value.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 23 02:05:19 CEST 2013 on sn-devel-104
2013-07-23 02:05:16 +02:00
Volker Lendecke
d7da8dabaa smbd: Fix CID 1035537 Uninitialized pointer read
rpc_pipe_open_interface just returns okay if the pipe in question is
already open. For this, it needs to read the value.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-22 15:07:55 -07:00
Volker Lendecke
a1e0accc5f smbd: Fix CID 1035538 Uninitialized pointer read
rpc_pipe_open_interface just returns okay if the pipe in question is
already open. For this, it needs to read the value.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-22 15:07:37 -07:00
Andreas Schneider
b5051111d2 s3-waf: Rename regedit to samba-regedit.
This is needed cause wine already provides a binary with the name
regedit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10040

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 22 14:12:38 CEST 2013 on sn-devel-104
2013-07-22 14:12:38 +02:00
Günther Deschner
44429f948b s3-printing: avoid KRB5CCNAME overwrite in printer publishing (Bug #7444).
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jul 19 17:53:08 CEST 2013 on sn-devel-104
2013-07-19 17:53:08 +02:00
Jeremy Allison
5d54ac414f Reply with correct trans2 message on a setpathinfo with a bad EA name.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"

Signed-off-by: Jeremy Allison <jra@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-19 17:52:47 +10:00
Jeremy Allison
b50b006ace Ensure we do pathname processing before SD and EA processing in NTTRANS_CREATE.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"

Signed-off-by: Jeremy Allison <jra@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-19 17:52:45 +10:00
Jeremy Allison
4a43600705 Ensure we can't create a file using NTTRANS with an invalid EA list.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"

Signed-off-by: Jeremy Allison <jra@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-19 17:52:44 +10:00
Jeremy Allison
66fb5eeb96 Ensure we can't create a file using TRANS2_OPEN with an invalid EA list.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"

Signed-off-by: Jeremy Allison <jra@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-19 17:52:43 +10:00
Jeremy Allison
50a288cb6a Add the ability to send an NTSTATUS result back with a trans2 reply so we can return a parameter block with an error code.
This is needed when returning a STATUS_INVALID_NAME result (tested
from Windows 2012).

Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"

Signed-off-by: Jeremy Allison <jra@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-19 17:52:39 +10:00
Jeremy Allison
21c92969b8 Ensure we can't create a file using SMB2_CREATE with an invalid EA list.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"

Signed-off-by: Jeremy Allison <jra@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-19 17:52:38 +10:00
Jeremy Allison
66e7b15982 Ensure we never return an EA name to a Windows client it can't handle.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"

Signed-off-by: Jeremy Allison <jra@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-19 17:52:36 +10:00
Jeremy Allison
f246d69b9e Ensure set_ea cannot set invalid Windows EA names.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"

Signed-off-by: Jeremy Allison <jra@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-19 17:52:34 +10:00
Jeremy Allison
1766f9e387 Add ea_list_has_invalid_name() function.
Invalid character list probed from Windows Server 2012.

Bug 9992: Windows error 0x800700FE when copying files with xattr names containing ":"

Signed-off-by: Jeremy Allison <jra@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-19 17:52:32 +10:00
Richard Sharpe
7420574c74 Fix memory leak in error code path.
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 18 03:22:37 CEST 2013 on sn-devel-104
2013-07-18 03:22:37 +02:00
Alexander Werth
9b2aa351ce s3: Remove old mode special substitution.
The mode special substitution now happens in a separate function.
The substitution at this point is unnecessary.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>

Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Tue Jul 16 00:52:26 CEST 2013 on sn-devel-104
2013-07-16 00:52:26 +02:00
Volker Lendecke
4a9e5d2474 s3:idmap_autorid: Add a NULL check in idmap_autorid_preallocate_wellknown
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-07-08 06:00:42 +02:00
Volker Lendecke
ca9068189e s3:idmap_autorid: Don't zero in idmap_autorid_preallocate_wellknown
We initialize everything later anyway

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-07-08 06:00:34 +02:00
Volker Lendecke
a061b6fe43 s3:idmap_autorid: Use ARRAY_SIZE where appropriate
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-07-08 05:59:54 +02:00
Andreas Schneider
0529b59fbe s3-winbind: Do not delete an existing valid credential cache.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9994

Thanks to David Woodhouse <dwmw2@infradead.org>.

Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 15 12:48:46 CEST 2013 on sn-devel-104
2013-07-15 12:48:46 +02:00
Volker Lendecke
940395d38b smbd: Fix a 100% loop at shutdown time
In the destructor of fsp->aio_requests[0] we put another request into
fsp->aio_requests[0]. Don't overwrite that with TALLOC_FREE.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 11 20:56:42 CEST 2013 on sn-devel-104
2013-07-11 20:56:42 +02:00
Volker Lendecke
02ff6ab5e7 srvsvc: Use a symbolic constant where we have one
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-11 10:02:36 -07:00
Björn Baumbach
577cef82c7 s3-smbstatus: display [u|g]id of -1 as "-1" in connection list
In order to avoid displayed uid or gid of "4294967295" instead of "-1", we
need to fetch the special case -1.
The id can be -1 if we are reading e.g. incomplete session information.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 10 01:18:30 CEST 2013 on sn-devel-104
2013-07-10 01:18:30 +02:00
Stefan Metzmacher
c52e61f7ba s3-lib: hide incomplete smbXsrv_tcon_global records
Part of fix for bug #10003

Pair-programmed-with: Björn Baumbach <bb@sernet.de>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-09 14:20:08 -07:00
Björn Baumbach
53aa069b97 s3-lib: fix segf while reading incomplete session info (bug #10003)
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-09 14:19:51 -07:00
Volker Lendecke
aef8aad638 smbd: Fix a profile problem
When trying to read a profile, under certain circumstances Windows tries
to read with its machine account first. The profile previously written
was stored with an ACL that only allows access for the user and not
the machine. Windows should get an NT_STATUS_ACCESS_DENIED when using
the machine account, making it retry with the user account (which would
then succeed).

Samba under these circumstances erroneously gives
NT_STATUS_OBJECT_PATH_NOT_FOUND, which makes Windows give up and not
retry. The reasons is the "dropbox" patch in unix_convert, turning EACCESS
on the last path component to OBJECT_PATH_NOT_FOUND. This patch makes
the dropbox behaviour only kick in when we are creating a file. I think
this is an abstraction violation. unix_convert() should not have to know
about the create_disposition, but given that we have pathname resolution
separated from the core open code right now this is the best we can do.

Signed-off-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-09 12:22:00 -07:00
Volker Lendecke
e322420dc7 rpc_cli: Remove some unnecessary initializations
tevent_req_create already initializes "state" to 0

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Jul  8 17:04:20 CEST 2013 on sn-devel-104
2013-07-08 17:04:19 +02:00
Andreas Schneider
caf3af33de s3-winbind: Allow sec_initial_uid() to store creds.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul  2 23:26:24 CEST 2013 on sn-devel-104
2013-07-02 23:26:24 +02:00
Jeremy Allison
59462f2e01 winbindd and nmbd don't set their umask to zero on startup like smbd does.
Fix this - we already control tightly what permissions are
on the files we create. Ensure we don't get surprised.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jun 27 02:02:24 CEST 2013 on sn-devel-104
2013-06-27 02:02:24 +02:00
Volker Lendecke
780e2b092d sharesec: Implement --view-all
Listing individual shares can be quite slow when you have a lot of shares. This
implements a --view-all option that prints something like

[share1]
REVISION:1
OWNER:(NULL SID)
GROUP:(NULL SID)
ACL:S-1-1-0:ALLOWED/0/FULL

[share2]
REVISION:1
OWNER:(NULL SID)
GROUP:(NULL SID)
ACL:S-1-1-0:ALLOWED/0/FULL

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-26 16:49:33 +02:00
Christian Ambach
4ee73fd97b s3:smbd/close remove filesystem lock before removing sharemode
otherwise we are open for a race condition:

opener 1 opens file and closes it
- during the close, the share mode entry will be removed from
  locking.tdb, but share mode in the file system will be dropped later
  after delete_on_close and write time updates have been done

opener 2 requests open of same file with file overwrite
- locking.tdb does not list original entry, but file system share mode
  is still around
- VFS_FTRUNCATE will fail and error was converted to STATUS_ACCESS_DENIED

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Tue Jun 25 14:48:44 CEST 2013 on sn-devel-104
2013-06-25 14:48:44 +02:00
Christian Ambach
935992fc55 s3:smbd/close use common exit path
do not return early here, but use the common exit path that will
remove the share mode from the record

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-06-25 12:54:06 +02:00
Christian Ambach
245b5ffdde s3:lib add mapping for ETXTBSY
add ETXTBSY to the errno->STATUS conversion table.
It will be mapped to STATUS_SHARING_VIOLATION

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-06-25 12:54:00 +02:00
Daniel Gan-Levi
526f0dff96 s3-ctdb: Fix auto-enabling of CTDB readonly support
This fixes Bug 9957

Bug: https://bugzilla.samba.org/show_bug.cgi?id=9957
Signed-off-by: Daniel Gan-Levi <danielg@il.ibm.com>
Reviewed-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-06-25 12:53:54 +02:00
Christian Ambach
c9924ebccd s3:smbd/aio mark file as modified in the SMB2 case
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-06-25 12:53:46 +02:00
Jeremy Allison
b00d9d2453 Use existing "acl map full control" parameter to control the adding of the DELETE_CHILD parameter on NFSv4/ZFS/GPFS file ACE's.
Windows maps an open request of GENERIC_ALL on files to 0x1FF specific bits, which
includes DELETE_CHILD even though this has no meaning on file ACE's. If a returned
NFSv4 ACE entry for a file has all other specific bits set except for DELETE (which
comes from the containing directory) and DELETE_CHILD (which has no meaning) then
optionally add it into the returned ACE entry.

This is using the same parameter in the same way as it is currently used
in smbd/posix_acls.c. Note that as this parameter is on by default, it
is already being tested in the existing raw.acl tests.

Fixes issue with Microsoft SMB2 torture test suite found at the interop event
in Redmond, WA.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-06-24 19:33:34 +02:00
David Disseldorp
398ee49bda s3/smbclient: fix incorrect command tab completions
smbclient commands can offer tab-completion for local and remote paths.
This behaviour is specified for the first two arguments using the
compl_args entry in the commands struct.
This change fixes a number of incorrectly specified compl_args values.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Jun 24 19:32:54 CEST 2013 on sn-devel-104
2013-06-24 19:32:53 +02:00
Jeremy Allison
6c49f90965 Fix glusterfs backend crash found at the Microsoft interop event.
Based on a fix originally from Raghavendra Talur <rtalur@redhat.com>.

When a new document is created in explorer, a check for file_exist is made.
vfs_gluster_get_real_filename was returning 0 even when the file did not
exist.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Christopher R. Hertel" <crh@ubiqx.mn.org>
2013-06-21 10:58:47 -07:00
Volker Lendecke
b96cea4aa5 Fix some blank line endings
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jun 21 19:57:06 CEST 2013 on sn-devel-104
2013-06-21 19:57:06 +02:00
Christian Ambach
ad86e2a599 s3:passdb/pdb_util make pdb_create_builtin consider whether backend deals with BUILTIN
when creating a BUILTIN group, make the strategy dependent on passdb backend behavior
1. if passdb is responsible for BUILTIN (normal case), call pdb_create_builtin_alias with gid=0 argument
so it asks winbindd for a gid to be used
2. if passdb is not responsible, ask for a mapping for the group first and let pdb_create_builtin_alias
create the mapping based on the gid that was determined in the mapping request

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jun 21 12:49:10 CEST 2013 on sn-devel-104
2013-06-21 12:49:10 +02:00
Christian Ambach
2d2d13ee61 s3:passdb add a gid argument to pdb_create_builtin_alias
make it possible to skip the allocation of a new gid from winbind
by specifying the gid to be used

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:24 +02:00
Christian Ambach
212baedcd5 s3:utils/net_sam make use of pdb_create_builtin helper function
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:24 +02:00
Christian Ambach
df41835eea s3:passdb expose pdb_create_builtin function
this one first tries to map the principal before
allocating a new gid

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:23 +02:00
Christian Ambach
6a048b424a s3:passdb/pdb_tdb add parameter to control handling of BUILTIN
with tdbsam:map builtin, one can control if tdbsam should
be used to map entries from BUILTIN or not.
By default, they will be mapped (as in older releases)

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:23 +02:00
Christian Ambach
324b3cc00c s3:passdb/pdb_ldap remove an unnecessary check
as general passdb code already verifies for which
idmap domains the module is responsible, requests for
other domains should not come in here any more

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:22 +02:00
Christian Ambach
01e094b53f s3:passdb/pdb_ldap make the module handle well-known
overwrite the passdb defaults and let this module handle well-knowns

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:21 +02:00
Christian Ambach
987de8a971 s3:passdb make pdb_sid_to_id honor backend responsibilities
only ask passdb backend for mapping if it is responsible

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:21 +02:00
Christian Ambach
55dd9e6a9c s3:passdb/pdb_samba_dsdb make the module handle well-known
overwrite the passdb defaults and let this module handle well-knowns

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:20 +02:00
Christian Ambach
56df37d332 s3:lib/util_sid_passdb make use of pdb_is_responsible_for_* functions
ask passdb to determine if sid/object should be handled by passdb or not

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:20 +02:00
Christian Ambach
0ad38d777f s3:passdb add pdb_*_is_responsible_for* functions
allows PDB modules to specify for which special domains they
are responsible when it comes to SID->xid conversion

By default, passdb modules will be responsible for local BUILTIN,
local SAM and Unix Users/Groups

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:19 +02:00
Christian Ambach
9eb67f259f s3:passdb add idmap control functions
make it possible for each backend to specify for which domains
it should be asked for SID->xid mappings

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:19 +02:00
Christian Ambach
0ad89c3cc9 s3:passdb/samba_dsdb fix some compiler warnings
about gids and group_sids being potentially uninitialized

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:18 +02:00
Christian Ambach
e211b5c5d2 s3:passdb/samba_dsdb fix a compiler warning
about discarding const modifier

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:18 +02:00
Christian Ambach
e17bc56caf s3:utils/net_lookup fix a format-error
clang complains about short being used for unsigned as format-error

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21 10:44:17 +02:00
Jeremy Allison
d4091c5809 Fix bug #9166 - Starting smbd or nmbd with stdin from /dev/null results in "EOF on stdin"
Only install the stdin handler if it's a pipe or fifo.

Signed-off-by: Jeremy Allison <jra@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-20 13:41:01 +02:00
Andrew Bartlett
fc13489c91 build: Build with system md5.h on OpenIndiana
This changes (again...) our system md5 detection to cope with how
OpenIndiana does md5.  I'm becoming increasingly convinced this isn't
worth our while (we should have just done samba_md5...), but for now
this change seems to work on FreeBSD, OpenIndiana and Linux with
libbsd.

This needs us to rename struct MD5Context -> MD5_CTX, but we provide a
config.h define to rename the type bad if MD5_CTX does not exist (it does
however exist in the md5.h from libbsd).

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
2013-06-19 21:32:36 +02:00
Jeremy Allison
5c4772ec1d Re-add umask(0) code removed by commit 3a7c2777ee
Without the umask code the pipe permissions are affected by the
umask of the calling process. As only smbd currently sets its
umask to zero (nmbd and winbindd should do the same) this causes
the winbindd pipe to be unavailable to the nss library code unless
winbindd is run from an init process that explicitly sets umask
to zero. When testing from the command line this can be hard to
track down :-).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 18 04:31:27 CEST 2013 on sn-devel-104
2013-06-18 04:31:27 +02:00
Jeremy Allison
fcc43cfbe3 Fix xx_path() - return check from mkdir() is incorrect.
This is very old code, but mkdir() fails with -1, not 0.
Only print the error message is mkdir failed with anything
other than EEXIST.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-06-18 02:41:10 +02:00
David Disseldorp
8d759658a0 vfs_catia: use translate direction enum instead of int
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-17 12:26:36 -07:00
Christof Schmitt
4cd7e1d283 vfs_streams_xattr: Do not attempt to write empty attribute twice
The create disposition FILE_OVERWRITE_IF is mapped to the flags
O_CREAT|O_TRUNC. In vfs_streams_xattr, this triggers two calls to
SMB_VFS_SETXATTR. The second can fail if O_EXCL is also set, resulting
in an unnecessary error.

Merge the identical code to handle O_CREAT and O_TRUNC to avoid setting
an empty attribute twice. Also add the flags parameter to the debug
message.

Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2013-06-17 10:41:46 -07:00
Volker Lendecke
20bede7baa libsmbclient: Fix typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-14 20:30:33 +02:00
Volker Lendecke
cf86f3e81b gencache: Simplify gencache_init a bit
Use the implicit cleanup facility CLEAR_IF_FIRST provides

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-14 20:30:33 +02:00
Christof Schmitt
5c488cfb79 Initialize the file descriptor in the files_struct before trying to close it. Otherwise, if one of the SETXATTR calls had failed, the close() call will return EBADF.
Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 13 01:43:18 CEST 2013 on sn-devel-104
2013-06-13 01:43:17 +02:00
Andreas Schneider
7bad9d1fcd s3-libads: Print the debug string of a failed call with LDAP_OTHER.
Signed-off-by: Andreas Schneider <asn@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 12 13:46:57 CEST 2013 on sn-devel-104
2013-06-12 13:46:57 +02:00
Volker Lendecke
e2a08e54dd smbd: Remove an unused variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 12 01:00:44 CEST 2013 on sn-devel-104
2013-06-12 01:00:44 +02:00
Volker Lendecke
1b740e5033 smbd: Fix a const warning
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-11 13:21:08 -07:00
Volker Lendecke
fc5e584536 smbd: Fix a const warning
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-11 13:21:00 -07:00
Volker Lendecke
606622c101 smbd: Remove unused code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-11 13:20:42 -07:00
Volker Lendecke
4cd0e38fe0 lib: Remove an unused variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 11 21:52:09 CEST 2013 on sn-devel-104
2013-06-11 21:52:09 +02:00
Volker Lendecke
61f59d84ae winreg3: Fix a const warning
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-11 10:54:30 -07:00
David Disseldorp
9c95110b67 libsmb: add ABI/smbclient-0.2.1.sigs
Required following ABI vnum bump for smbc_get/setPort changes.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-11 10:50:41 -07:00
Jeremy Allison
2252d78123 Add smbc_getPort(), smbc_setPort(). Bump the .so minor number.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-06-11 10:50:41 -07:00
Jeremy Allison
47471c82d0 Plumb the 'port' parameter into the connect code.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-06-11 10:50:41 -07:00
Jeremy Allison
ccb5c2d693 Add the port argument to SMBC_server().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-06-11 10:50:41 -07:00
Jeremy Allison
da6c84aff0 Add port argument to SMBC_attr_server(). Does nothing as yet.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-06-11 10:50:41 -07:00
Jeremy Allison
534cf516ed Add the ability to parse out the port to SMBC_parse_path().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-06-11 10:50:41 -07:00
Andrew Bartlett
26279a9698 auth: Remove "password level"
We now only lowercase the password, we do not attempt to find another case
combination that the password might be in.

This option is already depricated, so it is now time to remove it.

Andrew Bartlett

Reviewed-by: Simo Sorce <idra@samba.org>
2013-06-11 08:35:21 -04:00
Jeremy Allison
2a65e8befe Optimization on POSIX platforms that have fstatat.
Tests show significant speedup in directory listings
by using fstatat instead of a full pathname walk.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jun 10 20:14:12 CEST 2013 on sn-devel-104
2013-06-10 20:14:12 +02:00
Jeremy Allison
da2cf8a947 Check for fstatat.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-06-10 17:56:23 +02:00
Christof Schmitt
7d8354c719 smbd: Change logging when SET_OFFLINE is not supported
A client can send a request to set the OFFLINE attribute. In the default
code this is not supported and triggers a log message each time. Change
this to only log with level 0 when an actual errors occurs, and log
ENOTSUP with level 10.

Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun  6 04:30:26 CEST 2013 on sn-devel-104
2013-06-06 04:30:26 +02:00
Michael Adam
ad383ac888 s3:smbd: explain parameters in call to SMB_VFS_DURABLE_RECONNECT()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun  4 21:58:16 CEST 2013 on sn-devel-104
2013-06-04 21:58:16 +02:00
Michael Adam
63ac88d402 s3:smbd: remove code duplication in smb2_create_send()
Move the calls to smb2srv_open_recreate() from the parsing of
the create blobs (DHNC and DH2C) to a central place in the
open execution phase.
This is also where it should be called: in the durable reconnect
part, right before the call to SMB_VFS_DURABLE_RECONNECT()

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-04 11:07:11 -07:00
Michael Adam
e6beae4471 s3:smbd: remove old comment about scavenger timer from vfs_default_durable_reconnect()
scavenger functionality belongs to the smb layer (and is meanwhile
implemented there).

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-04 11:07:11 -07:00
Peng Haitao
55add52f42 smbcquotas.c: fix a bug of -t
'r' should be replaced with 't'.

Signed-off-by: Peng Haitao <penght@cn.fujitsu.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Jun  4 13:06:52 CEST 2013 on sn-devel-104
2013-06-04 13:06:52 +02:00
Christian Ambach
b2380081e2 s3:lib/ctdb_packet use sys_send in packet_fd_write
use the signal safe variant here to prevent spurious errors when running
with CTDB and a signal comes in

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Mon Jun  3 20:01:22 CEST 2013 on sn-devel-104
2013-06-03 20:01:21 +02:00
David Disseldorp
002d1a4467 Fix bug 9900: is_printer_published GUID retrieval
Samba currently always responds to GetPrinter(level = 7) requests with
DSPRINT_UNPUBLISH, regardless of the AD publish status tracked via the
PRINTER_ATTRIBUTE_PUBLISHED flag. This is due to erroneous "objectGUID"
unmarshalling in is_printer_published().

This change splits "objectGUID" retrieval into a separate function, and
adds a pull_reg_sz() call to correctly unmarshall the GUID.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-06-03 14:10:07 +02:00
David Disseldorp
f9b6b09e4e printing: explicitly clear PUBLISHED attribute
Currently nt_printer_publish(DSPRINT_UNPUBLISH) flips (via xor) the
info2->attributes PRINTER_ATTRIBUTE_PUBLISHED flag, rather than
explicitly clearing it.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-06-03 14:10:07 +02:00
Anand Avati
0b8b6fdc96 vfs_glusterfs: Samba VFS module for glusterfs
Implement a Samba VFS plugin for glusterfs based on gluster's gfapi.
This is a "bottom" vfs plugin (not something to be stacked on top of
another module), and translates (most) calls into closest actions
on gfapi.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Signed-off-by: Anand Avati <avati@redhat.com>
2013-05-30 10:57:35 +10:00
Michael Adam
89edff08db net: use smbconf_create_set_share() in "net conf import"
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue May 28 20:01:12 CEST 2013 on sn-devel-104
2013-05-28 20:01:12 +02:00
Andrew Bartlett
667651132b build: Remove unused mkbuildoptions.awk
This is not used by the waf build.

Andrew Bartlett

Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-28 12:17:12 +10:00
Andrew Bartlett
f073401abf passdb-machine_account_secrets: Remove #if SAMBA_BUILD_ == 4 now we only have the waf build
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-28 12:17:12 +10:00
Andrew Bartlett
11aab8a348 build: Remove unused preproc-dummy.c
This was used by autogen.sh

Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-28 12:17:11 +10:00
Andrew Bartlett
53c61a3a18 build: Remove unused linkmodules.sh script
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-28 12:17:11 +10:00
Andrew Bartlett
69c09e7a34 build: Remove unused revert.sh script
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-28 12:17:11 +10:00
Andrew Bartlett
26ff1f2167 build: Remove unused uninstall*.sh scripts
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-28 12:17:11 +10:00
Andrew Bartlett
d98f107544 build: Remove unused install*.sh scripts
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-28 12:17:11 +10:00
Andrew Bartlett
167b8bddad build: Remove unused build_idl.sh
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-28 12:17:11 +10:00
Andrew Bartlett
c5bde69568 Remove lib/netapi autoconf build system, this is now build with waf
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-28 12:17:11 +10:00
Andrew Bartlett
af443d0017 Remove now-unused s3-selftest.sh wrapper
This is now always invokes via waf.

Andrew Bartlett

Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-28 12:17:11 +10:00
Andrew Bartlett
8bcaa145f2 Remove stub ldb_version.h and source3/include/autoconf as no longer needed
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-28 12:17:10 +10:00
Andrew Bartlett
8b2590c311 build: Remove autoconf directory no longer needed
This was only needed to avoid autoconf and waf builds colliding.

Andrew Bartlett

Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-28 12:17:10 +10:00
Andrew Bartlett
0b5c23b522 build: Remove unused script/mkversion.sh
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-28 12:17:10 +10:00
Andrew Bartlett
a768e6b0f8 build: Remove unused install-sh
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-28 12:17:10 +10:00
Andrew Bartlett
cd4b413cb0 build: Remove autoconf build system
We are now confident that that waf build system meets enough of our needs
that we will work to improve it, rather than maintain two build systems.

Andrew Bartlett

Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-28 12:17:10 +10:00
Andrew Bartlett
1754b52204 build: Install smbtar in waf build
Reviewed-by: Kai Blin <kai@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon May 27 12:55:05 CEST 2013 on sn-devel-104
2013-05-27 12:55:04 +02:00
Andrew Bartlett
99c1c2b8d3 build: Remove duplicate call to bld.SYMBOL_CHECK()
This was missed when we merged the two waf systems.

Andrew Bartlett

Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon May 27 10:30:06 CEST 2013 on sn-devel-104
2013-05-27 10:30:06 +02:00
Andrew Bartlett
e78e156d95 build: Remove mkinstalldirs
This is not used in the waf build.

Andrew Bartlett

Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2013-05-27 16:37:26 +10:00
Andrew Bartlett
7926330060 build: Remove unused expand-includes.pl
We no longer have makefiles with includes.

Andrew Bartlett

Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2013-05-27 11:57:06 +10:00
Andrew Bartlett
cbb833d78e smbd: Fix build on platforms that will not support var = {} initialisation
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2013-05-27 11:57:00 +10:00
Andrew Bartlett
dfe73e7885 build: Build all of samba in autoconf make test
The test system actually depends on far more than smbtorture these days
and this was masked by the build groups.  Rather than try and specify
everything that could be used, just build the lot (which is what was
essentially being done anyway).

This prepares for the removal of the libraries and binaries build
groups, to assist in improving waf performance for single-binary builds.

Andrew Bartlett

Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2013-05-27 11:56:44 +10:00
Christof Schmitt
c134171e39 winbind: Print error code on connection error in ping_dc
For debugging, it is useful to include the error code in the message.

Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com>

Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sat May 25 23:11:23 CEST 2013 on sn-devel-104
2013-05-25 23:11:23 +02:00
Richard Sharpe
bea2af9369 Revert my accidental commit.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>

Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Thu May 23 06:53:17 CEST 2013 on sn-devel-104
2013-05-23 06:53:17 +02:00
Peng Haitao
7174b2e18e When message-type is drvupgrade, MSG_DEBUG should be replaced with MSG_PRINTER_DRVUPGRADE.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-05-22 17:00:47 -07:00
Peng Haitao
9a9949f92f When '--policies-reset' is success, the exit code should be 0.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-05-22 17:00:41 -07:00
Andrew Bartlett
30a2243675 build: Update md5.h detection in waf and autoconf to use sys/md5.h and -lmd
This brings the two build systems in sync, without using md5.h (which is a problem name)

Tested on FreeBSD

Andrew Bartlett

Reviewed-by: Richard Sharpe <rsharpe@samba.org>

Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Wed May 22 10:06:40 CEST 2013 on sn-devel-104
2013-05-22 10:06:40 +02:00
Richard Sharpe
27df444d0b Make sure that if an smbd is exiting because of an error we let the user know.
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
2013-05-21 23:16:59 -07:00
Günther Deschner
5a5ed68d0a spoolss: add idl for spoolss_RpcSendRecvBidiData.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-05-20 18:50:00 +02:00
Kai Blin
61a2ad3c02 swat: Remove swat.
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Sat May 18 16:32:38 CEST 2013 on sn-devel-104
2013-05-18 16:32:38 +02:00
Volker Lendecke
1c9ef675d1 smbd: Fix a ISO C90 forbids mixed declarations and code warning
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>

Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Sat May 18 01:40:04 CEST 2013 on sn-devel-104
2013-05-18 01:40:03 +02:00
Christian Ambach
c29447f2b8 s3:lib/ctdb_conn make sure we are root before connecting to CTDB
CTDB socket is only reachable for root, make sure we are root when trying to connect to it

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Fri May 17 13:16:37 CEST 2013 on sn-devel-104
2013-05-17 13:16:37 +02:00
Volker Lendecke
d67e614a07 lib: Add before/after hooks to async_connect
This will facilitiate [un]become_root for smbd to connect safely to ctdbd.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-17 11:22:45 +02:00
Christian Ambach
272a58afff waf: build vfs_aixacl2 module by default on AIX
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-17 11:16:42 +02:00
Christian Ambach
9910b8050c s3:lib/dbwrap add missing curly braces
violation of README.Coding

Signed-off-by: Christian Ambach <ambi@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-16 23:22:19 +02:00
Christian Ambach
bdc3e9acaf s3:include remove non-blank line endings
Signed-off-by: Christian Ambach <ambi@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-16 23:22:19 +02:00
Andrew Bartlett
2ed6b0818a auth: Ensure auth_sam is not used on the AD DC
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 16 22:51:26 CEST 2013 on sn-devel-104
2013-05-16 22:51:26 +02:00
Andrew Bartlett
1165776d86 pdb_ldap: Do not skip accounts without a sambaAcctFlags value
We allow this to mean a sambaAcctFlags value of zero in other parts of the code
and by allowing these users to show up in a search, we can read and correct them
during the classicupgrade, rather than not know they exist at all.

Most parts of the code do not look for ACB_NORMAL, which is why
these users appear to work.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16 19:02:02 +02:00
Andrew Bartlett
10f6926aaa s3-rpc_server: Ensure we are root when starting and usiing gensec
This fixes bug 9465.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16 19:02:00 +02:00
Karolin Seeger
8673d0d16b source3/utils/ntlm_auth.c: Fix typo in debug message.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-15 21:04:42 -07:00
Karolin Seeger
dcbe45b945 source3/modules/vfs_catia.c: Fix typo in comment.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-15 21:04:42 -07:00
Karolin Seeger
c2ab0ad8d0 source3/libsmb/ntlmssp.c: Fix typo.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-15 21:04:41 -07:00
Björn Jacke
f08205be70 winbind/idmap_ad: be verbose about the user that we fail to map
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-14 19:53:29 +02:00
Volker Lendecke
5868accc71 vfs_gpfs: slightly simplify connect()
DISCONNECT can be arbitrarily complex, TALLOC_FREE of a simple struct
is easier.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 14 18:11:29 CEST 2013 on sn-devel-104
2013-05-14 18:11:29 +02:00
Shekhar Amlekar
6c5158e3de s3:rpc_server/srvsvc check access before doing work
Before doing the (potentially) costly enumerations,
check if the user has necessary privileges first

Signed-off-by: Shekhar Amlekar <samlekar@in.ibm.com>
Reviewed-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Tue May 14 16:22:24 CEST 2013 on sn-devel-104
2013-05-14 16:22:24 +02:00
Volker Lendecke
1cd20441a7 torture: Remove some unused code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-14 14:34:20 +02:00
Volker Lendecke
7d8a1b1e04 smbd: Remove a pointless variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 14 13:19:44 CEST 2013 on sn-devel-104
2013-05-14 13:19:44 +02:00
Andrew Bartlett
fde1757f80 build: Add missing dep from vfs_nfs4acl_xattr to NDR_NFS4ACL
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May 14 01:23:17 CEST 2013 on sn-devel-104
2013-05-14 01:23:17 +02:00
Volker Lendecke
09d3f577c8 lib: Fix CID 241650 Sizeof not portable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun May 12 17:44:55 CEST 2013 on sn-devel-104
2013-05-12 17:44:55 +02:00
Volker Lendecke
7027c6aca9 pthreadpool: Fix CID 710828 Sizeof not portable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-05-12 15:56:32 +02:00
Christian Ambach
e0ca7c4cff s3:modules/vfs_aixacl2 fix compile errors
fix various compile errors that were introduced with latest ACL changes

Signed-off-by: Christian Ambach <ambi@samba.org>
Pair-Programmed-With: Alexander Werth <alexander.werth@de.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Jeremy Allison
c1c9b99054 Fix missing TALLOC_FREE of stackframes.
Signed-off-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Jeremy Allison
fb1847f41c Tidy up old bool usage. False -> false, True -> true.
Signed-off-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Andrew Bartlett
00cb6354cf vfs: Allow CREATOR GROUP to be used with vfs_zfsacl
The solaris acl() code requires that both ACE_GROUP|ACE_IDENTIFIER_GROUP be
set to indicate the @group permissions.

Otherwise, it would return Invalid Paramter to clients.

Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
6fa3f7d0f4 s4-smbtorture: Run tests for nfs4:modes simple and special.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
dae5f1943e s3: Update README.nfs4acls.txt
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
a9f75bd3b7 s3: Use mode bits in some cases in mode simple.
Non inheriting ACL entries will show mode bits.
With this an file owner change does affect the effective ACL because
the special owner acl will now refer to the new owner.
This could be fixed by updating the ACL on a file owner change.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
ec138b2f82 s3: Add changes that keep nfs4:mode special behavior.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
877f833af4 s3: Mapping of cifs creator owner to nfs owner@ ace.
This is ignored in nfs4mode special for compatibility.
Also ensure that we drop non inheriting creator owner
aces since these don't contribute to who can access
a file.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
83774a8bc2 s3: Mapping of special entries to creator owner in mode simple.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
4a3bf4dd9b s3: Add params parameter to smbacl4_nfs42win function.
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
7978fe2584 s3: Change smbacl4_get_vfs_params to use connection_struct instead of fsp.
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
be0e269246 s3: Move up declaration of params struct and related function.
We need the parameters earlier in the code so we move up
    the declaration of the params struct. Since reading the
    parameters is closely related the definition of the function
    smbacl4_get_vfs_params has also been moved up.

Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Alexander Werth
97eb8f73e5 vfs: Add inheritance emulation to vfs_nfs4acl_xattr.
Recursively inherit ACL from parent directory if no acl xattr is
found on the current file.
Use a default ACL if a non-inheriting ACL is encountered.
With this the nfs4acl_xattr.dynamic test passes.
But the nfs4acl_xattr.inheritance test results in an error because
of warnings that cause the test to pass a failed result.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Andrew Bartlett
fe8a1fcda7 selftest: Run raw.acls test against the nfs4acl_xattr module
This is the first time we have tested the NFSv4 ACL mapping code.
Sadly most tests fail but these can be fixed from here.

This at least shows that the code does not segfault.

Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Andrew Bartlett
a0d1685039 build: Add vfs_nfs4acl to the autoconf build
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Andrew Bartlett
76969abba0 vfs: Add new VFS module vfs_nfs4acl_xattr to use nfs4acl.idl
This uses the xattr format used by the patches at http://users.suse.com/~agruen/nfs4acl/

Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:20 +02:00
Andrew Bartlett
5d517f4166 vfs: Remove unused security_info argument in vfz_zfsacl.c
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:20 +02:00
Alexander Werth
188d0f0975 vfs: Fix compile of vfs_gpfs.c.
Since the smb4acl is now correctly allocated on mem_ctx and not
the talloc stack frame we can free the stack frame correctly.
And the chmod emulation code now needs the vfs handle since
that is now required by the callback function to set the smb4acl.

Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:20 +02:00
Andrew Bartlett
a65568750b vfs: Allocate SMB4ACL_T on an explict memory context
This ensures the caller knows exactly what the memory lifetime of this
returned object is.  This makes the NFSv4 ACL code consistent with the
POSIX and NT ACL code, to avoid supprising developers who have worked
on those other parts of the ACL code.

Most of this patch is adding a memory context to the callers and passing it in.

Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:20 +02:00
Andrew Bartlett
67bb7d93ba vfs: Add vfs_handle_struct argument to smb_set_nt_acl_nfs4 and the callback
This allows the callback to call xattr based storage functions that need this argument.

Andrew Bartlett

Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:20 +02:00
Jeremy Allison
cbff488550 Remove the compound_related_in_progress state from the smb2 global state.
And also remove the restriction that we can't read a new
request whilst we're in this state.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@samba.org>
2013-05-07 17:58:45 +02:00
Jeremy Allison
10cbcfd167 The core of the fix to allow opens to go async inside a compound request.
This is only allowed for opens that cause an oplock break, otherwise it
is not allowed. See [MS-SMB2].pdf note <194> on Section 3.3.5.2.7.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2013-05-07 17:58:45 +02:00
Jeremy Allison
1102e73832 Move a variable into the area of code where it's used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2013-05-07 17:58:45 +02:00
Jeremy Allison
a026fc6b69 Ensure we don't try and cancel anything that is in a compound-related request.
Too hard to deal with splitting off the replies.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2013-05-07 17:58:45 +02:00
Jeremy Allison
4111fcfd4f Only do the 1 second delay for sharing violations for SMB1, not SMB2.
Match Windows behavior.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2013-05-07 17:58:45 +02:00
Volker Lendecke
637887c079 Makefile: Fix bug 9868 - Don't know how to make LIBNDR_PREG_OBJ.
Thanks to Lucs for finding the issue

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May  7 17:57:57 CEST 2013 on sn-devel-104
2013-05-07 17:57:57 +02:00
Volker Lendecke
8c1283a89f winbind: Fix bug 9854 -- NULL pointer dereference
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue May  7 14:49:07 CEST 2013 on sn-devel-104
2013-05-07 14:49:07 +02:00
Jeremy Allison
d25ba3f5a6 Allow "store dos attributes" to override the other "map XXX" parameters.
Makes us consistent with what is described in the man pages.

Signed-off-by: Jeremy Allison <jra@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-06 23:37:20 +02:00
Michael Adam
9f36d0c447 build: default --with-regedit to "auto" instead of "yes"
This means we don't build regedit when there is no ncurses
and this is not an error for the overall build.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Mon May  6 20:11:09 CEST 2013 on sn-devel-104
2013-05-06 20:11:09 +02:00
Michael Adam
431eeef931 build: fix --with-regedit to properly honour the yes/no/auto scheme
I.e. fail configure when ncurses support is not found but
regedit build was requested.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
2013-05-06 18:24:58 +02:00
Michael Adam
356b825838 build: simplify ncurses checks: --with-regedit does not take a path list
--with-regedit is defined using SAMBA3_ADD_OPTION(), and can hence
take the values "yes", "no", and "auto". So it is not possible to
hand in paths to look for ncurses-config via this option.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
2013-05-06 18:24:58 +02:00
Michael Adam
7bc9563c96 s3:idmap:autorid: add a comment block explaining the calculations
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06 16:33:40 +02:00
Michael Adam
9c6594dadb s3:idmap:autorid: simplify the id->sid calculation
To make it more intutive.

rid = reduced_rid + domain_range_index * range_size

where

reduced_rid = (id - id_low) % range_size

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06 16:33:40 +02:00
Michael Adam
7b9a567b89 s3:idmap:autorid: calculate the range's low_id in idmap_autorid_get_domainrange()
This way, the calculation needs to be don only in one central place and
the formulas get simpler.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06 16:33:39 +02:00
Michael Adam
30a27ba428 s3:idmap:autorid: make calculation in idmap_autorid_sid_to_id much more obvious
This is my attempt to make the sid->unix-id calculation much more obvious.
Especially with the introduction of the multi-range support an the originally
named "multiplier", the calculation

id = low_id + range_size * domain_number + rid - range_size * multiplier

was rather opaque to me.

What really happens here is this:
The rid is split into a reduced_rid part that is < rangesize and
a multiple of rangesize. This is given by the formula

rid = rid % range_size + (rid / range_size) * range_size

We define
 reduced_rid := rid % range_size
and
 domain_range_index := rid / range_size ( == the original multiplier)

and the original formula is equivalent to:

id = reduced_rid + low_id + range_number * range_size;

and reads

id = reduced_rid + range_minvalue

if we set range_minvalue := low_id + range_number * range_size.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06 16:33:39 +02:00
Michael Adam
a0ea6c2536 s3:idmap:autorid: rename range.multiplier to domain_range_index
The name multiplier is very confusing (at least for me).
This is an index that is used to reference the various
per-domain ranges.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06 16:33:39 +02:00
Michael Adam
196aa1dea7 s3:idmap:autorid: rename autorid_range_config.sid to domsid, along with instances
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06 16:33:39 +02:00
Michael Adam
2a258747b6 s3:idmap:autorid: rename autorid_domain_config --> autorid_range_config and instances to "range"
This describes it better with the new support for multiple ranges for domains.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06 16:33:39 +02:00