Jeremy Allison [Fri, 25 Jul 2014 19:46:46 +0000 (12:46 -0700)]
s3: winbindd: On new client connect, prune idle or hung connections older than "winbind request timeout"
Bug 3204 winbindd: Exceeding 200 client connections, no idle connection found
https://bugzilla.samba.org/show_bug.cgi?id=3204
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 29 23:31:14 CEST 2014 on sn-devel-104
(cherry picked from commit
f9588675ea3cb2f1fabd07a4ea8b2138d65aee83)
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Mon Sep 1 23:46:50 CEST 2014 on sn-devel-104
Jeremy Allison [Tue, 29 Jul 2014 21:53:11 +0000 (14:53 -0700)]
s3: winbindd: Add new parameter "winbind request timeout" set to 60 seconds with man page.
"This parameter specifies the number of seconds the winbindd
daemon will wait before disconnecting either a client connection
with no outstanding requests (idle) or a client connection with a
request that has remained outstanding (hung) for longer than this
number of seconds."
Bug 3204 winbindd: Exceeding 200 client connections, no idle connection found
https://bugzilla.samba.org/show_bug.cgi?id=3204
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
David Disseldorp [Wed, 27 Aug 2014 13:42:00 +0000 (15:42 +0200)]
dosmode: fix FSCTL_SET_SPARSE request validation
Check that FSCTL_SET_SPARSE requests does not refer to directories. Also
reject such requests when issued over IPC or printer share connections.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10787
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 28 04:22:37 CEST 2014 on sn-devel-104
(cherry picked from commit
0751495b1327d002b79482632b7c590cae6e3f9d)
Volker Lendecke [Tue, 19 Aug 2014 14:32:15 +0000 (14:32 +0000)]
smbd: Properly initialize mangle_hash
[Bug 10782] mangle_hash() can fail to initialize charset (smbd crash).
https://bugzilla.samba.org/show_bug.cgi?id=10782
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 26 01:30:38 CEST 2014 on sn-devel-104
Roel van Meer [Fri, 22 Aug 2014 13:11:04 +0000 (15:11 +0200)]
Don't discard result of checking grouptype
The pdb_samba_dsdb_getgrfilter() function first determines the security type
of a group and sets map->sid_name_use accordingly. A little later, this
variable is set again, undoing the previous work.
https://bugzilla.samba.org/show_bug.cgi?id=10777
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 23 02:48:52 CEST 2014 on sn-devel-104
Marc Muehlfeld [Wed, 6 Aug 2014 19:36:26 +0000 (21:36 +0200)]
docs: Fix typos in smb.conf (inherit acls)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10761
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Aug 7 00:52:42 CEST 2014 on sn-devel-104
(cherry picked from commit
4639f6d7bab9d8d6ee46bf5c65ff73a17a56cb17)
Shirish Pargaonkar [Sat, 26 Jul 2014 15:41:25 +0000 (10:41 -0500)]
samba: Retain case sensitivity of cifs client
When a client supports extended security but server does not,
and that client, in Flags2 field of smb header indicates that
- it supports extended security negotiation
- it does not support security signatures
- it does not require security signatures
Samba server treats a client as a Vista client.
That turns off case sensitivity and that is a problem for cifs vfs client.
So include remote cifs client along with remote samba client
to not do so otherwise.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10755
Signed-off-by: Shirish Pargaonkar <spargaonkar@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Aug 1 16:11:43 CEST 2014 on sn-devel-104
(cherry picked from commit
a0583976da2ba09da0fd94f739ed4f5851e2a858)
Volker Lendecke [Tue, 5 Aug 2014 09:21:07 +0000 (09:21 +0000)]
lib: strings: Simplify strcasecmp
This makes us fallback to strcasecmp early if any INVALID_CODEPOINT
appears. Without this patch we just continue to compare if both strings
happen to have an INVALID_CODEPOINT in the same spot.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10716
smbd constantly crashes when filename contains non-ascii character
Jeremy Allison [Mon, 4 Aug 2014 20:36:42 +0000 (13:36 -0700)]
s4: tests: Added local.charset test for Bug 10716 - smbd constantly crashes when filename contains non-ascii character
https://bugzilla.samba.org/show_bug.cgi?id=10716
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Sat, 2 Aug 2014 04:38:59 +0000 (21:38 -0700)]
lib: strings: Fix the behavior of strncasecmp_m_handle() in the face of bad conversions.
When either string has a bad conversion, we fall back to
doing raw ascii byte comparisons using strcasecmp(). This
is wrong - we should fall back to strncasecmp.
The problem is we've already stepped past the character
that failed the conversion, so we're not re-testing those
characters for comparison. This can have the effect of
causing strncasecmp_m_handle() to report that two strings
are identical when they are not, if the failed conversion
takes place at the end of the string.
The correct behavior is to step back to the point of
the string(s) that failed the conversion, and continue
the test from there.
This is a litle trickier than the previous fix, as
it requires converting the incoming n variable from
remaining characters to compare to remaining bytes to
compare.
As bytes are always the smallest character size
(1 byte) then it's safe to convert the remaining
characters to check by decrementing the source string
by the last character length (in bytes) and incrementing
the remaining bytes to scan by the same value, then
calling strncasecmp() with the stepped back strings
remaining.
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Sat, 2 Aug 2014 04:29:21 +0000 (21:29 -0700)]
lib: strings: Fix the behavior of strcasecmp_m_handle() in the face of bad conversions.
When either string has a bad conversion, we fall back to
doing raw ascii byte comparisons using strcasecmp().
The problem is we've already stepped past the character
that failed the conversion, so we're not re-testing those
characters for comparison. This can have the effect of
causing strcasecmp_m_handle() to report that two strings
are identical when they are not, if the failed conversion
takes place at the end of the string.
The correct behavior is to step back to the point of
the string(s) that failed the conversion, and continue
the test from there.
Found by <lev@zadarastorage.com> when investigating bug
10716 - smbd constantly crashes when filename contains non-ascii character.
Given the normal character set of utf-8, and an on
disk filename of ISO-8859-1 of file-é on disk hex
value: 66 69 6c 65 2d e9, an incoming open given the
correct utf8 name of file-é will collide when it
should not.
Fixes:
Bug 10716 - smbd constantly crashes when filename contains non-ascii character
https://bugzilla.samba.org/show_bug.cgi?id=10716
Signed-off-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Tue, 5 Aug 2014 15:33:33 +0000 (17:33 +0200)]
printing: reload printer shares on OpenPrinter
The printer share inventory should be reloaded on open _and_
enumeration, as there are some clients, such as cupsaddsmb, that do not
perform an enumeration prior to access.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 8 16:33:50 CEST 2014 on sn-devel-104
(cherry picked from commit
1ad71f79eb473822d36d9629cf52c2fca4c53752)
David Disseldorp [Fri, 1 Aug 2014 14:25:59 +0000 (16:25 +0200)]
smbd: split printer reload processing
All printer inventory updates are currently done via
delete_and_reload_printers(), which handles registry.tdb updates for
added or removed printers, AD printer unpublishing on removal, as well
as share service creation and deletion.
This change splits this functionality into two functions such that
per-client smbd processes do not perform registry.tdb updates or printer
unpublishing. This is now only performed by the process that performs
the printcap cache update.
This change is similar to
ac6604868d1325dd4c872dc0f6ab056d10ebaecf from
the 3.6 branch.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
2706af4d78fc9a47a4ac45b373edf276e3a9b354)
David Disseldorp [Tue, 5 Aug 2014 16:45:24 +0000 (18:45 +0200)]
server: remove duplicate snum_is_shared_printer()
Only keep a single definition in server_reload.c
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
2685df1177ffd39b1af34eb116bd7b24d4b12974)
David Disseldorp [Wed, 23 Jul 2014 12:42:00 +0000 (14:42 +0200)]
smbd: only reprocess printer_list.tdb if it changed
The per-client smbd printer share inventory is currently updated from
printer_list.tdb when a client enumerates printers, via EnumPrinters or
NetShareEnum.
printer_list.tdb is populated by the background print process, based on
the latest printcap values retrieved from the printing backend (e.g.
CUPS) at regular intervals.
This change ensures that per-client smbd processes don't reparse
printer_list.tdb if it hasn't been updated since the last enumeration.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Suggested-by: Volker Lendecke <vl@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
a2182e03a061de6c1f111ce083cb5f668fe75e4e)
David Disseldorp [Wed, 23 Jul 2014 10:12:34 +0000 (12:12 +0200)]
printing: return last change time with pcap_cache_loaded()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
30ce835670a6aeca6fb960ea7c4fe1b982bdd5b0)
David Disseldorp [Fri, 25 Jul 2014 10:18:54 +0000 (12:18 +0200)]
printing: remove pcap_cache_add()
All print list updates are now done via pcap_cache_replace(), which can
call into the print_list code directly.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
6d75e20ca8acf1a55838694ac77940e21e9a1e6a)
David Disseldorp [Tue, 22 Jul 2014 18:17:38 +0000 (20:17 +0200)]
printing: reload printer_list.tdb from in memory list
This will allow in future for a single atomic printer_list.tdb update.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
e5e6e2c796f026ee6b04f99b327941d57b9bd026)
David Disseldorp [Fri, 11 Jul 2014 15:00:05 +0000 (17:00 +0200)]
printing: only reload printer shares on client enum
Currently, automatic printer share updates are handled in the following
way:
- Background printer process (BPP) forked on startup
- Parent smbd and per-client children await MSG_PRINTER_PCAP messages
- BPP periodically polls the printing backend for printcap data
- printcap data written to printer_list.tdb
- MSG_PRINTER_PCAP sent to all smbd processes following update
- smbd processes all read the latest printer_list.tdb data, and update
their share listings
This procedure is not scalable, as all smbd processes hit
printer_list.tdb in parallel, resulting in a large spike in CPU usage.
This change sees smbd processes only update their printer share lists
only when a client asks for this information, e.g. via NetShareEnum or
EnumPrinters.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Suggested-by: Volker Lendecke <vl@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
4f4501ac1f35ab15f25d207c0d33e7c4d1abdf38)
David Disseldorp [Wed, 9 Jul 2014 22:18:10 +0000 (00:18 +0200)]
printing: traverse_read the printer list for share updates
The printcap update procedure involves the background printer process
obtaining the printcap information from the printing backend, writing
this to printer_list.tdb, and then notifying all smbd processes of the
new list. The processes then all attempt to simultaneously traverse
printer_list.tdb, in order to update their local share lists.
With a large number of printers, and a large number of per-client smbd
processes, this traversal results in significant lock contention, mostly
due to the fact that the traversal is unnecessarily done with an
exclusive (write) lock on the printer_list.tdb database.
This commit changes the share update code path to perform a read-only
traversal.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Reported-by: Alex K <korobkin+samba@gmail.com>
Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
1e83435eac2cef03fccb4cf69ef5e0bfbd710410)
Jeremy Allison [Tue, 10 Jun 2014 22:58:15 +0000 (15:58 -0700)]
s3: smbd : SMB2 - fix SMB2_SEARCH when searching non wildcard string with a case-canonicalized share.
We need to go through filename_convert() in order for the filename
canonicalization to be done on a non-wildcard search string (as is
done in the SMB1 findfirst code path).
Fixes Bug #10650 - "case sensitive = True" option doesn't work with "max protocol = SMB2" or higher in large directories.
https://bugzilla.samba.org/show_bug.cgi?id=10650
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 10 Jun 2014 21:41:45 +0000 (14:41 -0700)]
s3: smbd - SMB[2|3]. Ensure a \ or / can't be found anywhere in a search path, not just at the start.
Signed-off-by: Jeremy Allison <jra@samba.org>
Björn Baumbach [Thu, 27 Mar 2014 10:17:30 +0000 (11:17 +0100)]
s3: enforce a positive allocation_file_size for non-empty files (bug #10543)
Some file systems do not allocate a block for very
small files. But for non-empty file should report a
positive size.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 5 03:09:00 CEST 2014 on sn-devel-104
(cherry picked from commit
c35b31f45244a8339684c3b83a7d86eefb80e0da)
Arvid Requate [Thu, 17 Jan 2013 15:44:28 +0000 (16:44 +0100)]
passdb: fix NT_STATUS_NO_SUCH_GROUP
Share options like "force group" and "valid users = @group1"
triggered a NT_STATUS_NO_SUCH_GROUP. While the group was found in
the SAM backend, its objectclass was not retrived.
This fix also revealed a talloc access after free in the group
branch of pdb_samba_dsdb_getgrfilter.
[Bug 9570] Access failure for shares with "force group" or "valid users = @group"
https://bugzilla.samba.org/show_bug.cgi?id=9570
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ross Lagerwall [Thu, 21 Aug 2014 06:32:36 +0000 (07:32 +0100)]
s3:libsmb: Set a max charge for SMB2 connections
Set a max charge for SMB2 connections so that larger request sizes can
be used and more requests can be in flight.
Signed-off-by: Ross Lagerwall <rosslagerwall@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 21 17:31:11 CEST 2014 on sn-devel-104
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10778
libsmbclient with SMB2 doesn't pipeline or use large blocks
Jeremy Allison [Thu, 21 Aug 2014 23:28:42 +0000 (16:28 -0700)]
s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common().
Tidy-up of code obsoleted by fixes for bug #10773 (SECINFO_PROTECTED_DACL is not ignored).
We now never pass SECINFO_PROTECTED_DACL in security_information flags to this layer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 22 11:26:57 CEST 2014 on sn-devel-104
Stefan Metzmacher [Wed, 20 Aug 2014 13:00:59 +0000 (15:00 +0200)]
libcli/security: add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 22 02:52:50 CEST 2014 on sn-devel-104
Stefan Metzmacher [Wed, 20 Aug 2014 11:58:38 +0000 (13:58 +0200)]
s3:smbd: mask security_information input values with SMB_SUPPORTED_SECINFO_FLAGS
Sometimes Windows clients doesn't filter SECINFO_[UN]PROTECTED_[D|S]ACL flags
before sending the security_information to the server.
security_information = SECINFO_PROTECTED_DACL| SECINFO_DACL
results in a NULL dacl being returned from an GetSecurityDecriptor
request. This happens because posix_get_nt_acl_common()
has the following logic:
if ((security_info & SECINFO_DACL) && !(security_info & SECINFO_PROTECTED_DACL)) {
... create DACL ...
}
I'm not sure if the logic is correct or wrong in this place (I guess it's
wrong...).
But what I know is that the SMB server should filter the given
security_information flags before passing to the filesystem.
[MS-SMB2] 3.3.5.20.3 Handling SMB2_0_INFO_SECURITY
...
The server MUST ignore any flag value in the AdditionalInformation field that
is not specified in section 2.2.37.
Section 2.2.37 lists:
OWNER_SECURITY_INFORMATION
GROUP_SECURITY_INFORMATION
DACL_SECURITY_INFORMATION
SACL_SECURITY_INFORMATION
LABEL_SECURITY_INFORMATION
ATTRIBUTE_SECURITY_INFORMATION
SCOPE_SECURITY_INFORMATION
BACKUP_SECURITY_INFORMATION
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 20 Aug 2014 11:43:13 +0000 (13:43 +0200)]
security.idl: add SMB_SUPPORTED_SECINFO_FLAGS
A SMB server should only care about specific SECINFO flags
and ignore others e.g. SECINFO_PROTECTED_DACL.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Har Gagan Sahai [Wed, 6 Aug 2014 09:02:35 +0000 (14:32 +0530)]
Fixed a memory leak in cli_set_mntpoint().
Fixes bug #10759 - Memory leak in libsmbclient in cli_set_mntpoint function
https://bugzilla.samba.org/show_bug.cgi?id=10759
Signed-off-by: Har Gagan Sahai <SHarGagan@novell.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 13 04:36:50 CEST 2014 on sn-devel-104
Volker Lendecke [Mon, 4 Aug 2014 05:29:14 +0000 (07:29 +0200)]
lib: Remove unused nstrcpy
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10758
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Aug 4 09:58:16 CEST 2014 on sn-devel-104
Signed-off-by: Volker Lendecke <vl@samba.org>
Michael Adam [Mon, 18 Aug 2014 09:42:27 +0000 (11:42 +0200)]
build: fix configure to honour --without-dmapi
Previously, --without-dmapi would still autodetect and link a useable dmapi
library. This change allows to build without dmapi support even when a dmapi
library is found.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10369
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
2afacf940f21759c08bcc4a6e906428595966a19)
Amitay Isaacs [Mon, 28 Jul 2014 08:09:37 +0000 (18:09 +1000)]
tests: dnsserver: Add a update test with name set to '.'
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 29 19:33:19 CEST 2014 on sn-devel-104
(cherry picked from commit
6d104182d9667e4f996439d24cfa052f34098ce4)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10742
samba-tool dns add 172.31.9.161 s4xdom.base . NS mydns.org. => NO_MEMORY
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Thu Aug 7 18:54:28 CEST 2014 on sn-devel-104
Amitay Isaacs [Mon, 28 Jul 2014 03:07:58 +0000 (13:07 +1000)]
s4-rpc: dnsserver: Allow . to be specified for @ record
Windows allow both . and @ to be specified with modifying @ record.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10742
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
4b4e30b780345c74f9983ba77f04c616b3d034b7)
Jeremy Allison [Tue, 29 Jul 2014 21:12:31 +0000 (14:12 -0700)]
s3: net time - fix usage and core dump.
Bug 10728 - 'net time system' segfaults
https://bugzilla.samba.org/show_bug.cgi?id=10728
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 29 Jul 2014 19:29:37 +0000 (12:29 -0700)]
s3: xml-docs. Ensure users of 'net time' know the remote server must be specified with -S.
Bug 10728 - 'net time system' segfaults
https://bugzilla.samba.org/show_bug.cgi?id=10728
Signed-off-by: Jeremy Allison <jra@samba.org>
Michael Adam [Thu, 17 Jul 2014 15:27:17 +0000 (17:27 +0200)]
s3: remove stat_ex.vfs_private completely
It is not used any more.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 24 14:23:11 CEST 2014 on sn-devel-104
(cherry picked from commit
cd95937369b1729e2417d78f3c903bce5d32da93)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10741
Michael Adam [Thu, 17 Jul 2014 15:06:32 +0000 (17:06 +0200)]
s3:vfs:gpfs: remove a block and reduce indentation in gpfs_is_offline()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
eb0577dca04a2fde4691094a006954d417d1cf22)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10741
Michael Adam [Thu, 17 Jul 2014 21:35:58 +0000 (23:35 +0200)]
s3:vfs:gpfs: remove all writing uses of stat_ex.vfs_private from vfs_gpfs.
Now that the vfs_private cache is never read in vfs_gpfs, there is
no need any more to write it.
With this change, vfs_gpfs does not use vfs_private any more.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
d87d13f4c2a77c03bbffcd0fe4fc9464d9024cae)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10741
Michael Adam [Thu, 17 Jul 2014 15:22:09 +0000 (17:22 +0200)]
s3:vfs:gpfs: Remove all reading uses of stat_ex.vfs_private from vfs_gfs.
This was used as a cache for offline-info in the stat buffer.
But as the implementation of gpfs_is_offline() showed, this cache
does not always carry valid information when the stat itself is valid
(since at least one call goes to fstatat() directly, circumventing
the vfs).
So the correct thing is to always call SMB_VFS_IS_OFFLINE()
when checking whether a file is offline. For the pread and pwrite
calls, we need to call IS_OFFLINE before the actual read
and check afterwards if the file was offline before (as a basis
whether to send notifications).
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
16a040f8ef7f2f594505ef07e6f9b77df8f1d725)
Conflicts:
source3/modules/vfs_gpfs.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10741
Michael Adam [Thu, 3 Jul 2014 08:10:11 +0000 (10:10 +0200)]
s3:vfs:gpfs: fix flapping offline: always get winAttrs from gpfs for is_offline
There is a problem of flapping offline due to uninitialized
stat buffers. Due to a optimization in vfswrap_readdir which
directly calling fastatat (i.e. not through vfs), marking the
stat buffer valid, there is nothing this module can do about
it and hence can not currently not rely on the vaildity of
the stat buffer.
By always calling out to GPFS even when the stat buffer is
flagged valid, we can always return correct offline information,
thereby sacrificing the readdir optimization.
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
31e67507144aae8d5a8ec49587ac89d2d94636f0)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10741
Michael Adam [Thu, 3 Jul 2014 08:07:37 +0000 (10:07 +0200)]
s3:vfs:gpfs: store the winAttrs in the struct_ex when we got them in vfs_gpfs_fstat()
This may (e.g.) have lead to some occurrences of flapping offline bits.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
573ca6ef6b8376800d8fc988d67909e103b74656)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10741
Michael Adam [Sun, 20 Jul 2014 09:49:37 +0000 (11:49 +0200)]
s3:idmap: don't log missing range config if range checking not requested
idmap_init_domain() is called with check_range == false from
idmap_passdb_domain(). In this case, we usually don't have an
idmap range at all, and we don't want to level 1 debug
messages complaining about the fact are irritating at least.
This patch removes the debug in the case of check_range == false.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10737
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
3c6ec8908a697ac95536b35d242ccd64e524a0a5)
Daniel Kobras [Mon, 21 Jul 2014 08:47:53 +0000 (10:47 +0200)]
sys_poll_intr: fix timeout arithmetic
Callers of sys_poll_intr() assume timeout to be in milliseconds like
poll(2) expects, but implementation used nanosecond units. Also make
sure timeout doesn't become infinite by mistake during time arithmetic.
Signed-off-by: Daniel Kobras <d.kobras@science-computing.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10731
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 22 00:12:24 CEST 2014 on sn-devel-104
Stefan Metzmacher [Thu, 17 Jul 2014 14:05:12 +0000 (16:05 +0200)]
s4:torture/rpc: add rpc.netlogon.ServerReqChallengeGlobal
This demonstrates that the challenge table should be global.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10723
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jul 19 12:51:39 CEST 2014 on sn-devel-104
(cherry picked from commit
d90f3323ee001080645dcd25da8b8ce1367b1377)
Stefan Metzmacher [Thu, 17 Jul 2014 12:20:58 +0000 (14:20 +0200)]
s4:rpc_server/netlogon: keep a global challenge table
Some clients call netr_ServerReqChallenge() and netr_ServerAuthenticate3()
on different connections. This works against Windows DCs as they
have a global challenge table.
A VMware provisioning task for Windows VMs seemy to rely on this behavior.
As a fallback we're storing the challenge in a global memcache with a fixed
size. This should allow these strange clients to work against a
Samba AD DC.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10723
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(similar to commit
321ebc99b5a00f82265aee741a48aa84b214d6e8)
Stefan Metzmacher [Thu, 17 Jul 2014 10:58:34 +0000 (12:58 +0200)]
lib/util: move memcache.[ch] to the toplevel 'samba-util' library
This is generic enough that it could be used in all code.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jul 18 15:43:33 CEST 2014 on sn-devel-104
(cherry picked from commit
45807028d478c082fef6f3a3d5a142d96d63fb50)
Stefan Metzmacher [Thu, 17 Jul 2014 10:49:48 +0000 (12:49 +0200)]
s3:lib/memcache: only include the required header files
We don't need the full "includes.h".
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
b560fac7f78b761ee279d8e87a749125665eb5d1)
Stefan Metzmacher [Thu, 17 Jul 2014 10:48:51 +0000 (12:48 +0200)]
s3:lib/memcache: make use of talloc for memcache_elements
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
91105d1057c29c5878f50678baeb1bd1a6f1abe3)
Stefan Metzmacher [Thu, 17 Jul 2014 10:41:20 +0000 (12:41 +0200)]
s3:lib/memcache: use uint8_t instead of uint8
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
d7cbc63dc7537fc9562da985b77f6d62dc41fd84)
Stefan Metzmacher [Fri, 10 Jan 2014 11:19:08 +0000 (12:19 +0100)]
s4:torture/rpc: add invalidAuthenticate2
This add 'rpc.netlogon.netlogon.invalidAuthenticate2' as new test
it demonstrates the STATUS_BUFFER_OVERFLOW on computer names
larger than 15 characters.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jan 22 19:07:12 CET 2014 on sn-devel-104
(cherry picked from commit
38f8788d6bf7fac509dcf492214a66a8bb3ac3fc)
Stefan Metzmacher [Fri, 18 Jul 2014 09:06:50 +0000 (11:06 +0200)]
selftest/knownfail: add ^samba4.rpc.netlogon.*.invalidAuthenticate2 for v4-1-*
This works in master (>= 4.2), but not in 4.1.x.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 19 Dec 2012 12:53:23 +0000 (13:53 +0100)]
libcli/auth: also set secure channel type in netlogon_creds_client_init().
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
a9d5b2fdf03a25e7669258de6c83288be3335cef)
Jeremy Allison [Wed, 30 Jul 2014 16:56:54 +0000 (09:56 -0700)]
lib: tevent: make TEVENT_SIG_INCREMENT atomic.
On arm platforms incrementing a variable is not
an atomic operation, so may be interrupted by
signal processing (if a signal interrupts another
signal handler).
Use compiler built-ins to make this atomic.
__sync_fetch_and_add() works on gcc, llvm,
IBM xlC on AIX, and Intel icc (10.1 and
above).
atomic_add_32() works on Oracle Solaris.
Based on an inital patch from kamei@osstech.co.jp.
Bug #10640 - smbd is not responding - tevent_common_signal_handler() increments non-atomic variables
https://bugzilla.samba.org/show_bug.cgi?id=10640
Back-ported from master
536c799f00d7bdd6a574b6bdbc0e9c742eeef8b5
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Karolin Seeger [Fri, 1 Aug 2014 11:17:17 +0000 (13:17 +0200)]
VERSION: Bump version up to 4.1.12.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 31 Jul 2014 13:00:27 +0000 (15:00 +0200)]
VERSION: Disable git snapshots for the 4.1.11 release.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10735
CVE-2014-3560: unstrcpy macro length is invalid
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 31 Jul 2014 12:48:01 +0000 (14:48 +0200)]
WHATSNEW: Add release notes for Samba 4.1.11.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10735
CVE-2014-3560: unstrcpy macro length is invalid
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Volker Lendecke [Tue, 22 Jul 2014 05:02:00 +0000 (07:02 +0200)]
fix unstrcpy
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10735
CVE-2014-3560: unstrcpy macro length is invalid
Stefan Metzmacher [Mon, 28 Jul 2014 08:07:54 +0000 (10:07 +0200)]
Merge tag 'samba-4.1.10' into v4-1-test
samba: tag release samba-4.1.10
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Karolin Seeger [Mon, 28 Jul 2014 07:13:45 +0000 (09:13 +0200)]
Merge commit 'origin/v4-1-test^' into v4-1-stable
This was needed because of a changed commit message (fixed version number)
in v4-1-stable after generating the 'samba-4.1.9' tag.
Karolin
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Karolin Seeger [Mon, 28 Jul 2014 07:00:36 +0000 (09:00 +0200)]
Merge tag 'samba-4.1.9' into v4-1-stable
samba: tag release samba-4.1.9
Karolin Seeger [Mon, 28 Jul 2014 06:44:32 +0000 (08:44 +0200)]
VERSION: Bump version number up to 4.1.11...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 28 Jul 2014 06:43:45 +0000 (08:43 +0200)]
VERSION: Disable git snapshots for the 4.1.10 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 28 Jul 2014 06:42:15 +0000 (08:42 +0200)]
WHATSNEW: Add release notes for Samba 4.1.10.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Stefan Metzmacher [Wed, 16 Jul 2014 14:17:56 +0000 (16:17 +0200)]
ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory()
Searches for '(objectCategory=Person)' will leak a ldb_dn structure
on the ldb_context. These searches are typically used by Zarafa.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10469
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 17 00:51:57 CEST 2014 on sn-devel-104
(cherry picked from commit
8d33cddcb001a5a78aca036161d6223268274211)
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Sat Jul 19 05:25:12 CEST 2014 on sn-devel-104
Jeremy Allison [Thu, 26 Jun 2014 19:08:46 +0000 (12:08 -0700)]
s3: SMB2 : Fix leak of blocking lock records in the database.
Based on a fix from Hemanth Thummala <hemanth.thummala@gmail.com>
Bug #10673 - Increasing response times for byte range unlock requests.
The previous refactoring makes it obvious we need to call
remove_pending_lock() in all places where we are returning
from the SMB2 blocking lock call.
https://bugzilla.samba.org/show_bug.cgi?id=10673
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jun 30 14:59:16 CEST 2014 on sn-devel-104
(cherry picked from commit
cee1531e551e5ccd5ccd4a55de226ad686919486)
Jeremy Allison [Thu, 26 Jun 2014 19:01:56 +0000 (12:01 -0700)]
s3: smb2: Simplify logic in reprocess_blocked_smb2_lock().
SMB2 blocking locks can only have one lock per request, so
there can never be any other locks to wait for.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
1a02a1e6aa15c028a848585d66cecbbdda8015b3)
Jeremy Allison [Thu, 26 Jun 2014 00:10:45 +0000 (17:10 -0700)]
s3: smb2: Remove unused code from remove_pending_lock().
SMB2 blocking locks can only have one lock per request, so
there can never be any previous locks to remove.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
508c09c6a019458bb0290fbf284e73c24feddb0e)
Stefan Metzmacher [Tue, 15 Jul 2014 10:57:29 +0000 (12:57 +0200)]
selftest/knownfail: ignore samba3.smb2.oplock.exclusive5 failures in v4-1-*
This is fixed by
20669d4a75386eef4fdcea07fb99812c4e09de13 in master.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10671
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Thu Jul 17 11:07:08 CEST 2014 on sn-devel-104
Volker Lendecke [Wed, 25 Jun 2014 08:36:47 +0000 (08:36 +0000)]
smbd: Remove 2 indentation levels
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
1dc5c20c8f7d8aa96fa0601bf5bf6dc69fb79d9f)
Jeremy Allison [Tue, 24 Jun 2014 21:19:30 +0000 (14:19 -0700)]
s3: smbd - Prevent file truncation on an open that fails with share mode violation.
Fix from Volker, really - just tidied up a little.
The S_ISFIFO check may not be strictly neccessary,
but doesn't hurt (might make the code a bit more complex
than it needs to be).
Fixes bug #10671 - Samba file corruption as a result of failed lock check.
https://bugzilla.samba.org/show_bug.cgi?id=10671
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
31b3427a417217e5e869baafdf63e633efc39d12)
[ddiss@samba.org: 4.1 backport]
Stefan Metzmacher [Mon, 7 Jul 2014 21:51:31 +0000 (23:51 +0200)]
s4:dsdb/repl_meta_data: make sure objectGUID can't be deleted
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9763
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
d64bc6c9af24109e89632db9133070f2ab827c46)
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Tue Jul 15 15:01:25 CEST 2014 on sn-devel-104
Stefan Metzmacher [Thu, 10 Jul 2014 12:28:56 +0000 (14:28 +0200)]
selftest: teardown the environments also on getting SIGPIPE
make test uses
selftest.pl | subuntu-filter.py ...
FAIL_IMMEDIATELY=1 lets subuntu-filter.py exit,
which generates SIGPIPE in selftest.pl.
We should handle this just like any other signal
and teardown all environments.
This should make the teardown process more reliable/verbose.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
b2803950fc439017680069813fc49255a3f0cbbf)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10696
backport autobuild/selftest fixes from master
Stefan Metzmacher [Thu, 10 Jul 2014 03:28:36 +0000 (05:28 +0200)]
libwbclient: allow only one initial_blob/challenge_blob in wbcCredentialCache()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10692
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 8 Jul 2014 23:36:30 +0000 (16:36 -0700)]
s3: libwbclient: Don't break out of loop too soon - find all parameters.
Fix bug #10692: wbcCredentialCache fails if challenge_blob is not first
https://bugzilla.samba.org/show_bug.cgi?id=10692
Signed-off-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 8 Jul 2014 14:19:09 +0000 (16:19 +0200)]
s4:dsdb/samldb: don't allow 'userParameters' to be modified over LDAP for now
For now it's safer to reject setting 'userParameters' via LDAP,
as we'll not provide the same behavior as a Windows Server.
If someone requires that feature please report this in the following
bug reports!
Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10130
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 9 11:07:51 CEST 2014 on sn-devel-104
(cherry picked from commit
04e9d020c97c2dcd360b1845907f4c396d5671dc)
Andrew Bartlett [Tue, 17 Jun 2014 04:00:57 +0000 (16:00 +1200)]
dbcheck: Add check and test for various invalid userParameters values
Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077
Change-Id: I6f2f4169856ce78c62e3a7e74b48520cca9cb9ae
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
9bfbff65436a088fab5d564b6c0bb122a76492bc)
Andrew Bartlett [Tue, 17 Jun 2014 04:03:22 +0000 (16:03 +1200)]
dsdb: Always store and return the userParameters as a array of LE 16-bit values
This is not allowed to be odd length, as otherwise we can not send it over the SAMR transport correctly.
Allocating one byte less memory than required causes malloc() heap corruption
and then a crash or lockup of the SAMR server.
Andrew Bartlett
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10130
Change-Id: I5c0c531c1d660141e07f884a4789ebe11c1716f6
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
d7b4d10aba90f4a1acf01d1d5ab62161862f62f7)
Andrew Bartlett [Tue, 24 Sep 2013 17:12:24 +0000 (10:12 -0700)]
dsdb: Set syntax of userParameters to binary string, not unicode string
This means we continue to store the values as given on SAMR, assuming
that the SAMR buffer is little endian. The syntax for this specific
object is forced to be a binary blob, so that it is not converted on
DRSUAPI.
This commit does not fix existing databases, nor pdb_samba_dsdb (used
by classicupgrade).
Andrew Bartlett
Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077
Change-Id: I10bb6aaecc381194e3c0ce6b9163f961acbdcee1
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
1592eaa5c781af83aa64bc4e7211339e1d1eafce)
Volker Lendecke [Thu, 3 Jul 2014 10:05:55 +0000 (10:05 +0000)]
torture4: Make raw.lock.multilock fail after 20 seconds
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 4 00:04:10 CEST 2014 on sn-devel-104
(cherry picked from commit
0c97b7eb5359b95c0d51a3b5524e82e34243d2d1)
The last 7 patches address bug #10684 - SMB1 blocking locks can fail
notification on unlock, causing client timeout.
Volker Lendecke [Thu, 3 Jul 2014 10:05:39 +0000 (10:05 +0000)]
torture4: Adapt comment to code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4205463ef1815d6e86e1d1f1f57651ca30407469)
Jeremy Allison [Tue, 1 Jul 2014 19:05:07 +0000 (12:05 -0700)]
s4: smbtorture: Add multi-lock test. Regression test for bug #10684.
Bug #10684 - SMB1 blocking locks can fail notification on unlock, causing client timeout.
https://bugzilla.samba.org/show_bug.cgi?id=10684
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
(cherry picked from commit
64346a134dac2bd023f7473202ca38d35ffd3c89)
Jeremy Allison [Thu, 3 Jul 2014 03:51:24 +0000 (20:51 -0700)]
s3: smbd: Locking - re-add pending lock records if we fail to acquire a lock (and the lock hasn't timed out).
Keep the blocking lock record and the pending lock records consistent
if we are dealing with multiple blocking lock requests in one SMB1 LockingX
request.
Ensure we re-add the records under the record lock, to avoid race
conditions.
Bug #10684 - SMB1 blocking locks can fail notification on unlock, causing client timeout.
https://bugzilla.samba.org/show_bug.cgi?id=10684
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
(cherry picked from commit
954401f8b2b16b3e2ef9655e8ce94d657becce36)
Jeremy Allison [Thu, 3 Jul 2014 03:40:49 +0000 (20:40 -0700)]
s3: smbd: Locking - treat lock timeout the same as any other error.
Allows the special case in process_blocking_lock_queue()
that talks back to the client to be removed.
Bug #10684 - SMB1 blocking locks can fail notification on unlock, causing client timeout.
https://bugzilla.samba.org/show_bug.cgi?id=10684
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
(cherry picked from commit
cc9de6eb091159a84228b988c49261c46c301233)
Jeremy Allison [Thu, 3 Jul 2014 03:18:42 +0000 (20:18 -0700)]
s3: smbd: Locking - add and use utility function lock_timed_out().
Bug #10684 - SMB1 blocking locks can fail notification on unlock, causing client timeout.
https://bugzilla.samba.org/show_bug.cgi?id=10684
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
(cherry picked from commit
12be57ef3b2d1b670be7a83f29cd580938030015)
Jeremy Allison [Thu, 3 Jul 2014 00:25:22 +0000 (17:25 -0700)]
s3: smbd: Locking - convert to using utility macro used elsewhere.
Bug #10684 - SMB1 blocking locks can fail notification on unlock, causing client timeout.
https://bugzilla.samba.org/show_bug.cgi?id=10684
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
(cherry picked from commit
517fa80bd385c6adcfee03ea6b25599013ad88f5)
Stefan Metzmacher [Mon, 7 Jul 2014 10:00:14 +0000 (12:00 +0200)]
s4:dsdb/extended_dn_in: don't force DSDB_SEARCH_SHOW_RECYCLED
We should take the controls the caller provided when we search
for existing objects.
A search with a basedn of '<GUID=....>' should result in LDB_ERR_NO_SUCH_OBJECT
is the object has isDeleted=TRUE.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10694
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
9e6349f81edb3914d18bc50473d65c0c1f5bc113)
Stefan Metzmacher [Mon, 7 Jul 2014 20:53:19 +0000 (22:53 +0200)]
s4:dsdb/kcc: use SHOW_RECYCLED instead of SHOW_DELETED in when deleting tombstone/deleted objects
SHOW_RECYCLED implies SHOW_DELETED.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10694
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
fa177273b87d980f81f19acb2f1a9154f8c6bfd9)
Stefan Metzmacher [Thu, 3 Jul 2014 14:00:48 +0000 (16:00 +0200)]
s4:dsdb/schema_load: make error message more verbose
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
26fa0b97d0270456becb86d93723a3c8e5d58585)
Andrew Bartlett [Thu, 27 Feb 2014 02:17:35 +0000 (15:17 +1300)]
dbcheck: Ensure dbcheck can operate with --attrs set
This also includes a test to ensure we do not regress on this point.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
f596dc94e1ab839f13e2a9edbcec774635b5c211)
Andrew Bartlett [Thu, 17 Apr 2014 10:35:33 +0000 (22:35 +1200)]
kerberos: Remove un-used event context argument from smb_krb5_init_context()
The event context here was only specified in the server or admin-tool
context, which does not do network communication, so this only caused
a talloc_reference() and never any useful result.
The actual network communication code sets an event context directly
before making the network call.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Apr 28 02:24:57 CEST 2014 on sn-devel-104
(cherry picked from commit
086c06e361962e1c118d8eed2316e9df7834ae8b)
Andrew Bartlett [Thu, 17 Apr 2014 09:48:30 +0000 (21:48 +1200)]
dsdb: Specify no event context to smb_krb5_init_context() in dsdb
These routines parse principals and generate keys only, no network
communication is done.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
7a26989d4c62f38dcafc2a688b8cbaccc6499480)
Andrew Bartlett [Fri, 6 Sep 2013 03:39:50 +0000 (15:39 +1200)]
dsdb: Add DSDB_SEARCH_ONE_ONLY support to dsdb_module_search*()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
cccc0dee04e2e3aecd82ed4cf887f9e36dd4962d)
Andrew Bartlett [Thu, 17 Apr 2014 03:39:56 +0000 (15:39 +1200)]
dsdb: Do not permit nested event loops when in a transaction, use a nested event context
It is never safe to execute arbitary code inside a transaction - we
need to get in and get out, not run other events for the rest of the
server.
This patch avoids that by creating a private event loop during
transactions, so no unexpected operations fire, and returning the
original one when we finish it.
If an event fires during an LDB transaction, an unrelated operation
can occur during the transaction, and if the transaction were to be
cancelled, there would be a silent rollback (despite the client having
been indicated success).
Additionally, other processes could be called via IRPC that need to
operate on the database but are locked out due to the ongoing
transaction.
Andrew Bartlett
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10582
Change-Id: I22322fc006e61d7291da17cdf6431416ebb7b30f
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 6 13:36:20 CEST 2014 on sn-devel-104
(cherry picked from commit
401f555c28aee861385b75c371b5f44cded1d391)
Andrew Bartlett [Thu, 17 Apr 2014 03:38:14 +0000 (15:38 +1200)]
dsdb: Rename private_data to rootdse_private_data in rootdse
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10582
Change-Id: I349a2be67333ada86c19cd6d2ed283cd5bbeb2aa
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
543c5bf94187473271767ad782439abbfccda00d)
Andrew Bartlett [Wed, 5 Feb 2014 03:22:11 +0000 (16:22 +1300)]
dsdb: Add more tests for DN+String and DN+Binary comparisons
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb 5 10:41:37 CET 2014 on sn-devel-104
(cherry picked from commit
741e5dca09053d0fc9a6e2a112113f1828a95759)
Andrew Bartlett [Thu, 3 Apr 2014 21:40:35 +0000 (10:40 +1300)]
selftest: Add tests for dbcheck detection and removal of partial objects
To avoid listing all the provision snapshots, we use a broader blacklist for waf dist
and a whitelist for dbcheck-oldrelease.sh
Andrew Bartlett
Change-Id: Iab0ff4be0b4287dc128a49302836a6f0f7b39678
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
7c2bf8d2bc5230e4bd98cc5a0f1b8f3cc56a3f77)
Andrew Bartlett [Thu, 3 Apr 2014 01:50:05 +0000 (14:50 +1300)]
dsdb: Make it harder to corrupt the database by requiring DBCHECK or RELAX for final object deletion
This kind of deletion can cause us to then replicate back a partial
object. We allow dbcheck to directly remove totally corrupt objects
(missing an objectclass) by specifying both DBCHECK and RELAX, and the
tombstone sweep after 180 days is done with the RELAX control.
Andrew Bartlett
Change-Id: Ic21f68e507ba9b65e035ca568430e35e2d001c7d
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
b19d80d0a97faffc165f068612f74d4ef8d7e5da)
Andrew Bartlett [Mon, 3 Mar 2014 01:26:36 +0000 (14:26 +1300)]
build: Exclude source4/selftest/provisions/release-4-1-0rc3 from the tarball
Change-Id: Id4ddaabb91363174d2fbef09e823f53b13912a51
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 21 10:06:04 CET 2014 on sn-devel-104
(cherry picked from commit
efad13addca918e18e3df341cc38405a93028940)
Andrew Bartlett [Tue, 29 Apr 2014 21:38:34 +0000 (09:38 +1200)]
dbcheck: Directly call dn.get_rdn_{val,name}() for clarity and consistency
When looking for incorrect name values, this improves the previous
code by avoiding one more manual parse step, and uses less cryptic
variable names.
Andrew Bartlett
Change-Id: Iff8e571a6359a67bf173f729dc12b8787292b3cb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
(cherry picked from commit
393348d11ed781d9f42049d5f996b0bab8b15d58)