1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-28 17:47:29 +03:00

59690 Commits

Author SHA1 Message Date
Günther Deschner
867daf6e0a s3-selftest: finally enable RPC-SPOOLSS-PRINTER against Samba 3.
Guenther
2010-02-18 02:27:08 +01:00
Günther Deschner
34ad5da5cd s3-selftest: include addprinter/deleteprinter command.
Guenther
2010-02-18 02:27:04 +01:00
Günther Deschner
43e3d8f51d s3-spoolss: fix return code of spoolss_DeletePrinter.
When the printer has been removed by the "deleteprinter command", we need to
check if it is still there and then fail, not fail if we successfully removed
it (found by RPC-SPOOLSS-PRINTER).

Guenther
2010-02-18 02:19:59 +01:00
Günther Deschner
8ce66fba03 s3-spoolss: in spoolss_EnumPrinters r->in.server is a *unique* pointer!
Guenther
2010-02-18 02:19:50 +01:00
Günther Deschner
2d2db2a822 s3-spoolss: more AddPrinter{Ex} checks.
Windows will allow to add a non-shared printer that is returned by EnumPrinters.
Samba has no notion of non-shared local printers yet, so just make sure to
behave like we do elsewhere: a printer autoloaded by samba or added to samba is
shared.

Guenther
2010-02-18 02:19:42 +01:00
Günther Deschner
5cff7e1692 s3-spoolss: add some printer info validation for AddPrinter calls.
Guenther
2010-02-18 02:19:33 +01:00
Günther Deschner
9ff2c1ea64 testprogs: print SDDL string of printer security descriptors 2010-02-18 02:18:59 +01:00
Günther Deschner
6cf10cc102 s3-modules: fix get_acl_blob in the acl_tdb VFS module.
Shuttle-reviewed by jra :)

Guenther
2010-02-18 02:17:50 +01:00
Günther Deschner
998a7b4e3f s4-smbtorture: skip printer info cross tests against samba 3 for now.
Not even w2k8r2 passes them atm.

Guenther
2010-02-18 01:49:02 +01:00
Günther Deschner
97d36377d3 s4-smbtorture: try more combinations to find printers in test_EnumPrinters_findname().
Also take a note of servers returning full UNC printer paths although we did not
set the servername.

Guenther
2010-02-18 01:48:52 +01:00
Günther Deschner
a1ba72f84c s4-smbtorture: simplify test_PrinterInfo_DevMode a bit.
Guenther
2010-02-18 01:48:45 +01:00
Günther Deschner
57847c2fee s4-smbtorture: avoid potential loop while adding a new printer in RPC-SPOOLSS-PRINTER.
Guenther
2010-02-18 01:48:36 +01:00
Günther Deschner
d5e30dec8b s3-rpcclient: fix uninitialized variable in wkssvc_enumerateusers.
Guenther
2010-02-18 01:47:57 +01:00
Jeremy Allison
38c50c7027 Got back to 16-byte padding on auth RPC. S3 clients and servers now cope with this. Jeremy 2010-02-17 16:43:11 -08:00
Andrew Bartlett
7202dcdcc0 s4:param Modify secrets_get_domain_sid to give more useful errors
This also moves the calls to secrets_get_domain_sid back into
winbind_task_init(), so that we can terminate with a much more
detailed error message.  (The previous message was simply
NT_STATUS_CANT_ACCESS_DOMAIN_INFO).

Andrew Bartlett
2010-02-18 10:58:24 +11:00
Jeremy Allison
7b4387f765 Fix bug #7146 - Samba miss-parses authenticated RPC packets.
Parts of the Samba RPC client and server code misinterpret authenticated
packets.

DCE authenticated packets actually look like this :

+--------------------------+
|header                    |
| ... frag_len (packet len)|
| ... auth_len             |
+--------------------------+
|                          |
| Data payload             |
...                     ....
|                          |
+--------------------------+
|                          |
| auth_pad_len bytes       |
+--------------------------+
|                          |
| Auth footer              |
| auth_pad_len value       |
+--------------------------+
|                          |
| Auth payload             |
| (auth_len bytes long)    |
+--------------------------+

That's right. The pad bytes come *before* the footer specifying how many pad
bytes there are. In order to read this you must seek to the end of the packet
and subtract the auth_len (in the packet header) and the auth footer length (a
known value).

The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long
as the pad alignment is on an 8 byte boundary (there are some special cases in
the code for this).

Tridge discovered there are some (DRS replication) cases where on 64-bit
machines where the pad alignment is on a 16-byte boundary. This breaks the
existing S3 hand-optimized rpc code.

This patch removes all the special cases in client and server code, and allows
the pad alignment for generated packets to be specified by changing a constant
in include/local.h (this doesn't affect received packets, the new code always
handles them correctly whatever pad alignment is used).

This patch also works correctly with rpcclient using sign+seal from
the 3.4.x and 3.3.x builds (testing with 3.0.x and 3.2.x to follow)
so even as a server it should still work with older libsmbclient and
winbindd code.

Jeremy
2010-02-17 15:27:59 -08:00
Jeremy Allison
5564e7147f Fix bug #6557 - Do not work VFS full_audit
Re-arrange the operations order so SMB_VFS_CONNECT is done
first as root (to allow modules to correctly initialize themselves).

Reviewed modules to check if they needed CONNECT invoked as
a user (which we previously did) and it turns out any of them
that cared needed root permissions anyway.

Jeremy.
2010-02-17 11:13:35 -08:00
Lars Müller
94074eb2e6 s3: go straight to winbindd_dual_pam_auth() in case of !NT_STATUS_OK
At the formerly used process_result statement we have alone one
NT_STATUS_IS_OK() which never could be hit in our case as we only go here
if NT_STATUS_EQUAL is not ok.
2010-02-17 19:00:01 +01:00
Lars Müller
bc0b152889 s3: let the pam_winbind po files reference the correct location 2010-02-17 18:46:35 +01:00
Jeremy Allison
936828de71 Fix commit d07cd37b993d3c9beded20323174633b806196b5
Which was:

    tsocket/bsd: fix bug #7115 FreeBSD includes the UDP header in FIONREAD

Metze, this has to have been wrong - you are throwing away the talloc_realloc
pointer returned. Also no error checking. Please review.

Thank goodness for gcc warnings :-).

Jeremy.
2010-02-17 09:24:34 -08:00
Anatoliy Atanasov
968bd16b49 s4/rodc: change the libnet_become_dc code to do RODC join 2010-02-17 18:03:32 +02:00
Anatoliy Atanasov
55f7c74cea s4/drs: add DRSUAPI_ATTRIBUTE_options attribute 2010-02-17 18:03:31 +02:00
Anatoliy Atanasov
0e8fe821c9 s4/drs:kccdrs_replica_get_info_obj_metadata implementation
Fix the names of the drsuapi_DsReplicaInfoType enum and rebuild the .idl
The get_info_obj_metadata implementation is ported from implementation
i developed and tested at the samba io lab 2009
2010-02-17 18:03:31 +02:00
Kamen Mazdrashki
8078614814 s4/ldap: Refactor the fix for ldap nested searches
Current implementation synchronizes processing for
all types of LDAP request, not only LDAP_Search ones.

Synchronization for ldap replies processing is done
locally in ldb_ildap module as this concerns only
ildb_callback() function.

Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2010-02-17 18:03:31 +02:00
Stefan Metzmacher
d07cd37b99 tsocket/bsd: fix bug #7115 FreeBSD includes the UDP header in FIONREAD
metze
2010-02-17 14:46:39 +01:00
Stefan Metzmacher
1ffcb991a9 tsocket/bsd: set IPV6_V6ONLY on AF_INET6 sockets
Some system already have this as default. It's easier
to behave the same way on all systems and handle ipv6
and ipv4 sockets separate.

metze
2010-02-17 14:46:39 +01:00
Stefan Metzmacher
8a0949dfc8 tsocket/bsd: fix bug #7140 autodetect ipv4 and ipv6 based on the remote address if the local address is any
metze
2010-02-17 14:46:08 +01:00
Stefan Metzmacher
6637b2f4b0 tsocket/bsd: fix bug #7140 use calculated sa_socklen for bind() in tstream_bsd_connect_send()
This is needed because, we can't use sizeof(sockaddr_storage) for AF_UNIX
sockets. Also some platforms require exact values for AF_INET and AF_INET6.

metze
2010-02-17 14:45:34 +01:00
Stefan Metzmacher
135543b4c3 tsocket/bsd: fix do_bind logic for AF_INET
We want the explicit bind() when we don't use the any address.

metze
2010-02-17 14:13:57 +01:00
Stefan Metzmacher
0b3e950731 socket_wrapper: also ignore AF_INET6 in swrap_setsockopt()
metze
2010-02-17 14:13:55 +01:00
Jeff Layton
a8cc2fa09e cifs.upcall: allocate a talloc context for smb_krb5_unparse_name
cifs.upcall calls smb_krb5_unparse_name with a NULL talloc context.
Older versions of this function though will conditionally use
SMB_REALLOC instead of TALLOC_REALLOC when a NULL context is passed
in. To make it more consistent, just spawn a talloc context that
we can pass into this function.

Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=565446
https://bugzilla.samba.org/show_bug.cgi?id=6868

Reported-by: Ludek Finstrle <luf@seznam.cz>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Günther Deschner <gd@samba.org>
2010-02-17 12:15:50 +01:00
Volker Lendecke
8aef63d243 s3: Fix bug 7139
To provide the user with the same SID when doing Kerberos logins, attempt to do
a make_server_info_sam instead of a make_server_info_pw.
2010-02-17 11:32:30 +01:00
Günther Deschner
3a9dc490b4 s4-smbtorture: unify test list to run against single created printers in RPC-SPOOLSS-PRINTER.
This is to make sure we run the same tests for printers created via AddPrinter
and via AddPrinterEx.

Guenther
2010-02-17 11:29:37 +01:00
Günther Deschner
b32c1e2975 s4-smbtorture: also test level 2 sets for devicemodes and see if they persist.
Guenther
2010-02-17 11:29:37 +01:00
Günther Deschner
ff5bfb9708 s4-smbtorture: refactor setprinter devicemode calls in RPC-SPOOLSS-PRINTER.
Guenther
2010-02-17 11:29:36 +01:00
Andrew Tridgell
986627cd67 s4-provision: freeze the DNS zone before creating the zone file
This prevents bind from getting confused if it has a journal for the
zone.
2010-02-17 19:43:33 +11:00
Andrew Tridgell
fd2556317f s4-dnsupdate: use samba_runcmd() in the dns update task
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-17 19:43:32 +11:00
Andrew Tridgell
8633d8126b s4-param: added "rndc command" smb.conf option 2010-02-17 19:43:32 +11:00
Andrew Tridgell
8756e13009 util: added samba_runcmd()
This allows us to run a child command in an async fashion, with
control over logging of stdout and stderr (which appears in the Samba
log file). This is useful for ensuring we don't miss important
messages from rndc commands (for example).

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-17 19:43:32 +11:00
Andrew Tridgell
5c716146e8 examples: add bind9 patches for TSIG-GSS support
We will point at these from the Samba4 HOWTO
2010-02-17 19:43:32 +11:00
Andrew Tridgell
72c0cd75e4 s4-provision: fix permissions on generated DNS zone file
The zone file needs to be writeable by bind to allow for it to flush
its journal on dynamic updates

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-17 19:43:32 +11:00
Simo Sorce
d14c3756e8 s3:rpc streamline memory handling 2010-02-16 19:15:56 -05:00
Andrew Tridgell
eb8800e611 s4-rpc: paranoid check for auth_length
This is not strictly needed as the ndr_pull_advance() checks it a few
lines further down, but I want to save Jeremy getting more grey hairs :-)
2010-02-17 10:54:05 +11:00
Günther Deschner
77fc30b481 testprogs: add rather simple device mode tests to spoolss test.
Guenther
2010-02-16 17:28:02 +01:00
Volker Lendecke
f8b246e44c s3: Fix timeout calculation if g_lock_lock is given a timeout < 60s
Detected while showing this code to obnox :-)
2010-02-16 15:28:42 +01:00
Volker Lendecke
83542d973c s3: Slightly increase parallelism in g_lock
There's no need to still hold the g_lock tdb-level lock while telling the
waiters to retry
2010-02-16 13:21:10 +01:00
Volker Lendecke
be919d6fae s3: Avoid starving locks when many processes die at the same time
In g_lock_unlock we have a little race between the process_exists and
messaging_send call: We only send to 5 waiters now, they all might have died
between us checking their existence and sending the message. This change makes
g_lock_lock retry at least once every minute.
2010-02-16 13:21:10 +01:00
Volker Lendecke
725b3654f8 s3: Avoid a thundering herd in g_lock_unlock
Only notify the first 5 pending lock waiters. This avoids a thundering herd
problem that is really nasty in a cluster. It also makes acquiring a lock a bit
more FIFO, lock waiters are added to the end of the array.
2010-02-16 13:21:10 +01:00
Volker Lendecke
07978bd175 s3: Optimize g_lock_lock for a heavily contended case
Only check the existence of the lock owner in g_lock_parse, check the rest of
the records only when we got the lock successfully. This reduces the load on
process_exists which can involve a network roundtrip in the clustered case.
2010-02-16 13:21:10 +01:00
Volker Lendecke
f3bdb163f4 s3: Fix handling of processes that died in g_lock
g_lock_parse might have thrown away entries from the locks array because the
processes were not around anymore. Don't store the orphaned entries.
2010-02-16 13:21:10 +01:00