1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Commit Graph

81733 Commits

Author SHA1 Message Date
Michael Adam
5231d70fe5 build: fix waf checks for seteuid on non-Linux platforms
An indentation error had linux-specific checks called on non-linux
with the effect that "#define USE_LINUX_THREAD_CREDENTIALS 1"
was effective.
2012-07-11 08:44:45 -07:00
Jeremy Allison
8ee30be431 Add in the threaded async open engine.
Fixes all issues raised originally. This code
will only do threaded opens with thread-specific
credentials (Linux for now) and changes credentials
before doing the call. Also only fires on O_CREAT|O_EXCL
so will only create new files, never open old ones
async.

Volker, this is isolated enough that it shouldn't
prevent you from refactoring it into a new module
when the aio pread/pwrite code is moved into the
default aio path.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 11 08:04:56 CEST 2012 on sn-devel-104
2012-07-11 08:04:56 +02:00
Jeremy Allison
d81e20653b Move set_thread_credentials_permanently() to set_thread_credentials()
as we need to keep the saved set uid/gid otherwise there is an
interaction with open[at]() and NO_ATIME returning EPERM. As this
is meant for threaded code inside the process we don't need
to do an irreverisble change anyway.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 11 03:54:00 CEST 2012 on sn-devel-104
2012-07-11 03:54:00 +02:00
Jeremy Allison
b25619175f Fix typo we've had for a long time in set_re_uid() in the USE_SETRESUID case.
We only set the real euid, not the effective one. This is not
a security issue as this is *only* used in the quota code, and
only between code that brackets it with save_re_uid()/restore_re_uid(),
Also this is not used on most platforms (we use USE_SETREUID by
preference) but it's better to have this right. Bug to follow to get this
fixed in 3.6.next and 3.5.next.
2012-07-10 16:50:51 -07:00
Jeremy Allison
6d903bf189 Cope with a (non-security) open race we've had for ever as NTCreateX isn't atomic on POSIX.
On open without create, the file did exist, but some
other (local or NFS) process either renamed/unlinked
and re-created the file with different dev/ino after
we walked the path, but before we did the open. We
could retry the open but it's a rare enough case it's
easier to just fail the open to prevent creating any
problems in the open file db having the wrong dev/ino
key.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 10 21:57:33 CEST 2012 on sn-devel-104
2012-07-10 21:57:33 +02:00
Jeremy Allison
69a3e947b6 Now we have a guaranteed indication of a file being created, use it to set the create disposition correctly. 2012-07-10 09:39:36 -07:00
Jeremy Allison
02d42be258 Add function fd_open_atomic() which uses O_CREAT|O_EXCL to return a guaranteed indication of creation of a new file. 2012-07-10 09:39:29 -07:00
Jeremy Allison
3aa186f1d4 Simplify the logic in open_file() some more.
Move the inheritance work into the if block
where we created the file. We can never have
created the file (and thus need no inheritance)
for a stat-open.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 10 03:30:22 CEST 2012 on sn-devel-104
2012-07-10 03:30:22 +02:00
Jeremy Allison
3a705e5f3d Simplify the logic in open_file().
Move the fstat call into the block which opens a file descriptor.
Remove the stat() call in the stat-open case. We already failed
the open if !file_existed.
2012-07-09 16:20:45 -07:00
Jeremy Allison
1144b0dc04 Use new common function. 2012-07-09 12:28:48 -07:00
Jeremy Allison
9d5e026bde Make check_same_stat() and check_same_dev_ino() common functions. 2012-07-09 12:26:56 -07:00
Jeremy Allison
1f37ed7a52 Factor out check_same_dev_ino() from check_same_stat() so it can be called separately. 2012-07-09 11:35:20 -07:00
Andrew Bartlett
7b1fb36ad0 lib/ldb: Bump ldb release due to pyldb changes
We strictly need these changes to pass make test, and the concat change is
backwards incompatible, so we really want to use the right version.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul  9 04:34:06 CEST 2012 on sn-devel-104
2012-07-09 04:34:06 +02:00
Günther Deschner
4cafbb4e74 s4-torture: add ntprinting ndr operations testsuite.
Guenther

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jul  6 20:55:26 CEST 2012 on sn-devel-104
2012-07-06 20:55:25 +02:00
Günther Deschner
8835eab013 ntprinting: mark the final 4 byte null pointer for printer data in ndr_pull_ntprinting_printer as read.
Guenther
2012-07-06 19:03:19 +02:00
David Disseldorp
0d3249b927 ndr: fix push/pull DATA_BLOB with NDR_NOALIGN
This change addresses bug 9026.
There are 3 use cases for DATA_BLOB marshalling/unmarshalling:

1)
ndr_push_DATA_BLOB and ndr_pull_DATA_BLOB when called with
LIBNDR_FLAG_ALIGN* alignment flags set, are used to push/pull padding
bytes _only_. The length is determined by the alignment required and
the current ndr offset.
e.g. dcerpc.idl:
        typedef struct {
...
                [flag(NDR_ALIGN8)]    DATA_BLOB _pad;
        } dcerpc_request;

2)
When called with the LIBNDR_FLAG_REMAINING flag, all remaining bytes in
the ndr buffer are pushed/pulled.
e.g. dcerpc.idl:
        typedef struct {
...
                [flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
        } dcerpc_request;

3)
When called without alignment flags, push/pull a uint32 length _and_ a
corresponding byte array to/from the ndr buffer.
e.g. drsblobs.idl
        typedef [public] struct {
...
                DATA_BLOB data;
        } DsCompressedChunk;

The fix for bug 8373 changed the definition of "alignment flags", such
that when called with LIBNDR_FLAG_NOALIGN ndr_push/pull_DATA_BLOB
behaves as (1: padding bytes) rather than (3: uint32 length + byte
array).

This breaks marshalling/unmarshalling for the following structures.
eventlog.idl:
        typedef [flag(NDR_NOALIGN|NDR_PAHEX),public] struct {
...
                DATA_BLOB sid;
...
        } eventlog_Record_tdb;

ntprinting.idl:
        typedef [flag(NDR_NOALIGN),public] struct {
...
                DATA_BLOB *nt_dev_private;
        } ntprinting_devicemode;

        typedef [flag(NDR_NOALIGN),public] struct {
...
                DATA_BLOB data;
        } ntprinting_printer_data;

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-06 19:03:19 +02:00
Günther Deschner
66514f8bbe ntprinting: make decode_ntprinting helpers public in idl.
Guenther
2012-07-06 19:03:19 +02:00
Volker Lendecke
d27a9c4e43 s3: Fix Coverity ID 709470 Uninitialized scalar variable
Signed-off-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jul  6 18:46:06 CEST 2012 on sn-devel-104
2012-07-06 18:46:06 +02:00
Andrew Bartlett
4654dcaae7 s4-selftest: do a dbcheck on our two vampire DCs
However, due to using --domain-critical-only we have to knownfail the
vampire DC here, as we do not fill in the backlinks on non-critical
objects correctly.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul  6 16:54:10 CEST 2012 on sn-devel-104
2012-07-06 16:54:09 +02:00
Andrew Bartlett
f9d90922f5 s4-dbcheck: Check for an object without a parent
Such objects are then moved to the appropriate LostAndFound container,
just as they would be if replicated.

Andrew Bartlett
2012-07-06 22:55:50 +10:00
Andrew Bartlett
7782e334b9 s4-dsdb: Remove unused variables in py_dsdb_get_partitions_dn 2012-07-06 22:55:50 +10:00
Andrew Bartlett
023508ed17 pydsdb: Add bindings for dsdb_wellknown_dn() 2012-07-06 22:55:50 +10:00
Andrew Bartlett
979215ad59 pyldb: Add bindings for ldb_dn_remove_base_components 2012-07-06 22:55:49 +10:00
Andrew Bartlett
e4077a8ca5 s4-pydsdb: Add bindings for dsdb_find_nc_root() 2012-07-06 22:45:34 +10:00
Andrew Bartlett
507e6fdce5 s4-pydsdb: Improve PyErr_LDB_{DN,}_OR_RAISE to use py_check_dcerpc_type
This checks the type rather than just dereferencing the pointer.

Andrew Bartlett
2012-07-06 22:45:34 +10:00
Andrew Bartlett
8d99b398d9 pyldb: Fix dn concat operation to be the other way around
This now concatonates Dn(ldb, "cn=config") + Dn(ldb, "dc=samba,dc=org") as "cn=config,dc=samba,dc=org"

Andrew Bartlett
2012-07-06 22:45:33 +10:00
Christof Schmitt
7285ed586f auth: Common function for retrieving PAC_LOGIN_INFO from PAC
Several functions use the same logic as kerberos_pac_logon_info. Move
kerberos_pac_logon_info to common code and reuse it to remove the code
duplication.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-07-06 20:45:51 +10:00
Andreas Schneider
a49eb60e04 s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcp
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul  6 11:50:40 CEST 2012 on sn-devel-104
2012-07-06 11:50:40 +02:00
Andreas Schneider
1744e99d0a s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for np 2012-07-06 10:00:58 +02:00
Andreas Schneider
997c780d24 s4-lsarpc: Restrict LookupSids3 to crypto connections only. 2012-07-06 10:00:58 +02:00
Andreas Schneider
1a12bbd5d8 s4-lsarpc: Restrict LookupNames4 to crypto connections only. 2012-07-06 10:00:58 +02:00
Andreas Schneider
13a7f98f9f s4-lsarpc: Don't call lsa_OpenPolicy2 in lsa_LookupSids3. 2012-07-06 10:00:58 +02:00
Andreas Schneider
9fa979c934 s4-lsaprc: Don't call lsa_OpenPolicy2 in lsa_LookupNames4. 2012-07-06 10:00:58 +02:00
Andreas Schneider
8e32715d5d selftest: Update knownfail list for samba4.rpc.lsalookup. 2012-07-06 10:00:58 +02:00
Andreas Schneider
de54047c05 s4-selftest: Don't run lsarpc requiring a named pipe over tcpip. 2012-07-06 10:00:58 +02:00
Andreas Schneider
48b30bfce6 s4-selftest: Don't plan lsa.secrets tests over tcpip.
These will only work over a named pipe or ncalrpc.
2012-07-06 10:00:58 +02:00
Andreas Schneider
0b93587b7e s4-libnet: Skip calling lsarpc functions over a wrong pipe. 2012-07-06 10:00:58 +02:00
Andreas Schneider
027b913a25 s4-torture: Call lsarpc tests over the correct pipe. 2012-07-06 10:00:58 +02:00
Andreas Schneider
a070ce3555 s4-torture: Don't consider NONE_MAPPED an error in LookupSids3. 2012-07-06 10:00:57 +02:00
Andreas Schneider
2a46c7fff2 s4-torture: Don't consider NONE_MAPPED an error in LookupNames4. 2012-07-06 10:00:57 +02:00
Andreas Schneider
eeba5ad9fa s4-torture: Add a lsarpc test_GetUserName_fail function. 2012-07-06 10:00:57 +02:00
Andreas Schneider
5dc5cdaa6c s4-torture: Add a lsarpc test_OpenPolicy2_fail function. 2012-07-06 10:00:57 +02:00
Andreas Schneider
39a13d1981 s4-torture: Add a lsarpc test_OpenPolicy_fail function. 2012-07-06 10:00:57 +02:00
Andreas Schneider
4ece074f25 s4-torture: Add a lsarpc test_LookupNames4_fail function. 2012-07-06 10:00:57 +02:00
Andreas Schneider
ed7be198c4 s4-torture: Add a lsarpc test_LookupSids3_fail function. 2012-07-06 10:00:57 +02:00
Andreas Schneider
d37643c204 s3-lsarpc: Enforce a secure connection for LookupSids3 and LookupNames4.
http://thread.gmane.org/gmane.network.protocol.cifs.general/291
2012-07-06 10:00:57 +02:00
Andreas Schneider
d1e829bbab s3-lsarpc: Restrict lsa_LookupNames4 to ncacn_ip_tcp connections.
See MS-LAT, Section 2.1 Transport.
2012-07-06 10:00:57 +02:00
Andreas Schneider
426cf362ed s3-lsarpc: Restrict lsa_LookupSids3 to ncacn_ip_tcp connections.
See MS-LAT, Section 2.1 Transport.
2012-07-06 10:00:57 +02:00
Andreas Schneider
bbf70e793c s3-lsarpc: Restrict the transport for ncacn_np functions.
See MS-LAT, section 2.1 Transport.
2012-07-06 10:00:57 +02:00
Andreas Schneider
a866dcc4f6 s3-rpc: Return the correct ntstatus depending on the transport. 2012-07-06 10:00:57 +02:00