Stefan Metzmacher [Wed, 13 Nov 2013 13:17:32 +0000 (14:17 +0100)]
Merge branch 'master' of ctdb into 'master' of samba
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Wed, 25 Sep 2013 22:00:53 +0000 (00:00 +0200)]
script: add ctdb-import.* scripts
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Wed, 25 Sep 2013 21:49:58 +0000 (23:49 +0200)]
remove partial ctdb/ import
In preparation of moving ctdb code into the samba repository.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Wed, 18 Sep 2013 07:33:07 +0000 (09:33 +0200)]
s4:rpc-server: fix lsa_lookupsids return value for the domain sid
We currently return type UNKNOWN and copy the domain sid to the name.
Instead we should return type DOMAIN and return NULL as name.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 13 13:34:16 CET 2013 on sn-devel-104
Michael Adam [Fri, 8 Nov 2013 10:15:33 +0000 (11:15 +0100)]
s4:rpc-server: fix use after free in dcesrv_lsa_lookup_sid()
Authority name may be accessed after
state has gone away and take domain_name with it.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Michael Adam [Sat, 21 Sep 2013 19:02:00 +0000 (21:02 +0200)]
wbinfo: fix output of wbinfo --sid-to-name for sids of type DOMAIN
to print only the domain name and not "DOMIN\<SID>".
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Michael Adam [Sat, 21 Sep 2013 19:03:40 +0000 (21:03 +0200)]
wbinfo: fix output of "--lookup-sids" to use the configured winbind separator
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Michael Adam [Sat, 21 Sep 2013 08:35:57 +0000 (10:35 +0200)]
wbinfo: fix ouptput of --lookup-sids for sids of type DOMAIN
To print only the domain name and not "DOMIN\<SID>".
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Michael Adam [Wed, 18 Sep 2013 07:32:17 +0000 (09:32 +0200)]
rpcclient: fix output of lsalookupsids for sids of type DOMAIN
For domain sids, don't print NAME\*unknown* but print NAME instead.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Tue, 12 Nov 2013 21:00:54 +0000 (22:00 +0100)]
heimdal: Fix CID 240779 Allocation size mismatch
The error Coverity complains about is in the malloc. krb5_enctypes is
an enum, so it is usually smaller than the size of a pointer. So we
overallocate, but in the memcpy further down we copy from potentially
invalid memory.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 13 11:05:44 CET 2013 on sn-devel-104
Volker Lendecke [Mon, 11 Nov 2013 21:32:50 +0000 (21:32 +0000)]
tls: Fix CID 242014 Uninitialized scalar variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Mon, 11 Nov 2013 21:26:34 +0000 (21:26 +0000)]
tls: Fix some noblank line endings
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Mon, 11 Nov 2013 21:07:09 +0000 (21:07 +0000)]
heimdal: Fix CID 241943 Uninitialized pointer read
In the error case without EXTRA_ADDRESSES we access ignore_addresses
without initialization
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Mon, 11 Nov 2013 20:37:48 +0000 (20:37 +0000)]
libsmb: Fix CID 242665 Out-of-bounds access
Coverity is confused by the dual-use of "pss" as an array of size 1. This
is not strictly a bug here, but it is admittedly a small subtlety. It
should fix a whole bunch of Coverity issues. Normally I would resist to
change our code in response to a deficient static checker, but here I
would vote for this compromise.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Tue, 12 Nov 2013 13:09:56 +0000 (14:09 +0100)]
s4-dsdb: Fix a use after free segfault.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Nov 12 19:22:28 CET 2013 on sn-devel-104
Andreas Schneider [Tue, 12 Nov 2013 13:09:55 +0000 (14:09 +0100)]
s4-torture: Relax time checking in CHECK_NTTIME.
NTTIME has a nanosecond resolution. We should be tolerate if the system
is busy writing and reading the value. To reproduce this problem just
run the test under valgrind.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Andreas Schneider [Fri, 8 Nov 2013 14:41:18 +0000 (15:41 +0100)]
s3-vfs: Fix stream_depot vfs module on btrfs.
Checking if the directory is empty using 'nlink == 2' only checks if
there are no subdirectories. It doesn't indicate if there are files in
the directory. However checking link count for no subdirectories is
wrong and applications shouldn't rely on it, see:
https://lkml.org/lkml/2012/2/1/756
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Tue, 12 Nov 2013 15:33:20 +0000 (16:33 +0100)]
Revert "s3-vfs: Fix stream_depot vfs module on btrfs."
This reverts commit
29f12e7d5960906935e3af1405e9759a07d64750.
The wrong patch was pushed, according to Andreas:
I sent a second version cause the first was not complete. I've
discussed with Volker after I sent the patch and then sent a new
patch which
a) also does the right thin in the unlink case
b) only tried to remove the server is the deletion of the file
was successful.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Wed, 6 Nov 2013 17:21:32 +0000 (18:21 +0100)]
s3-libnetjoin: Fix Bug #10262: use upper-case realm when composing default upn.
In case we are about to generate a keytab during the join make sure the default
upn we create is usable with kinit -k.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10262
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Nov 12 16:39:03 CET 2013 on sn-devel-104
Benjamin Franzke [Thu, 31 Oct 2013 20:23:57 +0000 (21:23 +0100)]
s4:torture/netlogon: Test netlogon with additional attrs
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
se enter the commit message for your changes. Lines starting
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 12 00:57:19 CET 2013 on sn-devel-104
Benjamin Franzke [Mon, 28 Oct 2013 13:21:20 +0000 (14:21 +0100)]
s4:torture/ldap: Add test for netlogon over tcp
This patch moves the udp netlogon tests from cldap.c
to netlogon.c and passes a generic netlogon-send
function as parameter.
Therefore a tcp replacement for cldap_netlogon is also added.
The two variants tcp and udp are added as 2 new torture tests:
ldap.netlogon-udp & ldap.netlogon-tcp
Both tests succeed.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Benjamin Franzke [Mon, 28 Oct 2013 13:19:57 +0000 (14:19 +0100)]
libcli/cldap: Add utility to create netlogon filter
This utility is splitted of from cldap_netlogon_send.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Benjamin Franzke [Tue, 5 Nov 2013 19:39:56 +0000 (20:39 +0100)]
s4:dsdb: Move cldap netlogon functions into samdb/ldb_modules
As netlogon is handled by the samdb now,
the corresponding functions should live there as well.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Benjamin Franzke [Fri, 1 Nov 2013 09:52:02 +0000 (10:52 +0100)]
s4:cldap_server: Do not handle netlogon ourself anymore
Netlogon is now handled by the ldb rootdse module.
The netlogon files will be moved to dsdb in the next commit.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Benjamin Franzke [Sun, 27 Oct 2013 05:55:48 +0000 (06:55 +0100)]
s4:dsdb/rootdse: Support netlogon request
This patch adds support for a netlogon ldap style request
over the tcp socket. This is available since win2k3+ [1].
The automatic client join & configuration daemon "realmd" makes
use of this ability.
Realmd can now be used to join a computer to a samba 4 domain.
(See also:
https://lists.samba.org/archive/samba-technical/2013-October/095606.html)
Tested with:
ldapsearch -h samba-srv -x -b '' -s base "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon
And compared the result in wireshark with cldap request issued by
examples/misc/cldap.pl.
[1]: http://wiki.wireshark.org/MS-CLDAP?action=recall&rev=8
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Benjamin Franzke [Fri, 1 Nov 2013 05:55:41 +0000 (06:55 +0100)]
s4:dsdb/rootdse: Pass rootdse context to rootdse_add_dynamic
This replaced the *module parameter, and uses ac->module in the function
instead, same for *req and *attrs.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Benjamin Franzke [Sun, 27 Oct 2013 15:07:04 +0000 (16:07 +0100)]
s4:cldap_server: Move netlogon parsing into utility function
To be used later by netlogon-request over ldap.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Benjamin Franzke [Fri, 6 Sep 2013 14:20:43 +0000 (16:20 +0200)]
provision: Fix string replacement ordering
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Benjamin Franzke [Fri, 1 Nov 2013 09:24:43 +0000 (10:24 +0100)]
s4:torture/cldap: Fix a typo
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Volker Lendecke [Sun, 10 Nov 2013 18:45:11 +0000 (19:45 +0100)]
gpo: Fix CID
1034880 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Mon Nov 11 22:59:10 CET 2013 on sn-devel-104
Volker Lendecke [Sun, 10 Nov 2013 18:43:48 +0000 (19:43 +0100)]
gpo: Fix CID
1034881 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sun, 10 Nov 2013 18:41:15 +0000 (19:41 +0100)]
ntvfs: Fix CID
1034883 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sun, 10 Nov 2013 18:34:31 +0000 (19:34 +0100)]
backupkey: Fix CID
1034885 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sun, 10 Nov 2013 10:58:58 +0000 (11:58 +0100)]
smbd: Fix CID
1035365 Buffer not null terminated
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sun, 10 Nov 2013 10:57:37 +0000 (11:57 +0100)]
smbd: Fix CID
1035366 Buffer not null terminated
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sun, 10 Nov 2013 10:56:06 +0000 (11:56 +0100)]
smbd: Use fstring in conn_tdb.c
It might be legacy, but as long as we have it, we can make use of it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sun, 10 Nov 2013 10:56:06 +0000 (11:56 +0100)]
smbd: Use fstring in conn_tdb.h
It might be legacy, but as long as we have it, we can make use of it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sun, 10 Nov 2013 10:48:17 +0000 (11:48 +0100)]
smbd: Fix CID
1035478 Negative array index read
lp_parm_enum can return -1. Add error checking.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sun, 10 Nov 2013 09:06:18 +0000 (10:06 +0100)]
samdb: Fix CID 241968 Uninitialized pointer read
Interestingly gcc does not catch this at all.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sun, 10 Nov 2013 08:45:38 +0000 (09:45 +0100)]
heimdal: Fix 241482 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sat, 9 Nov 2013 20:29:24 +0000 (21:29 +0100)]
ldb: Fix CID 241329 Array compared against 0
u.generate.remote_names is an array, not a pointer
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sat, 9 Nov 2013 20:11:41 +0000 (21:11 +0100)]
libsmb: Fix CID 241313 Array compared against 0
userinfo->passwrd is not a pointer, no point in checking for !=NULL
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sat, 9 Nov 2013 20:02:10 +0000 (21:02 +0100)]
smbd: Fix CID
1035434 Same on both sides
Looks scary, but the only effect of this bug is too many UNLOCK messages
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sat, 9 Nov 2013 19:37:01 +0000 (20:37 +0100)]
iniparser: Fix CID 241908 Copy into fixed size buffer
strcpy is never a good idea....
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sat, 9 Nov 2013 18:14:15 +0000 (19:14 +0100)]
libsmb: Fix CID
1127343 Dead default in switch
We have checked sec_channel_type a few lines above already
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sat, 9 Nov 2013 18:11:41 +0000 (19:11 +0100)]
netapi: Fix CID
1127344 Uninitialized scalar variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sat, 9 Nov 2013 17:50:16 +0000 (18:50 +0100)]
net: Fix CID
1035403 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sat, 9 Nov 2013 17:40:08 +0000 (18:40 +0100)]
registry: Fix Coverity ID
1034918 Wrong sizeof argument
sizeof(data_val) is the size of the pointer. This might well be 8 bytes
where the string is only 4 bytes long
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sat, 9 Nov 2013 17:40:08 +0000 (18:40 +0100)]
registry: Fix Coverity ID
1034917 Wrong sizeof argument
sizeof(data_val) is the size of the pointer. This might well be 8 bytes
where the string is only 4 bytes long
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sat, 9 Nov 2013 17:40:08 +0000 (18:40 +0100)]
registry: Fix Coverity ID
1034916 Wrong sizeof argument
sizeof(data_val) is the size of the pointer. This might well be 8 bytes
where the string is only 4 bytes long
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sat, 9 Nov 2013 17:32:21 +0000 (18:32 +0100)]
dsdb: Fix Coverity ID
1034907 Dereference before null check
"module" has already been dereferenced by ldb_module_get_private(module)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sat, 9 Nov 2013 15:40:18 +0000 (16:40 +0100)]
oLschema2ldif: Add some NULL checks
This should fix Coverity ID
1034812
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Michael Adam [Tue, 5 Nov 2013 17:17:58 +0000 (18:17 +0100)]
s4:torture:smb2: add new lease.upgrade3 test to test the contended upgrade
Test what upgrades work when there is another lease already held,
in addition to the lease to be upgraded.
The summary of the behaviour is this:
-------------------------------------
If we have two leases (lease1 and lease2) on the same file,
then attempt to upgrade lease1 results in a change if and only
if the requested lease state:
- is valid,
- is strictly a superset of lease1, and
- can held together with lease2.
In that case, the resuling lease state of the upgraded lease1
is the state requested in the upgrade. lease2 is not broken
and remains unchanged.
Note that this contrasts the case of directly opening with
an initial requested lease state, in which case you get that
portion of the requested state that can be shared with the
already existing leases (or the states that they get broken to).
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Nov 11 18:04:47 CET 2013 on sn-devel-104
Michael Adam [Tue, 5 Nov 2013 17:10:25 +0000 (18:10 +0100)]
s4:torture:smb2: add comment explaining lease upgrade in the non-contended case
The summary of the behaviour is this:
-------------------------------------
An uncontended lease upgrade results in a change
if and only if the requested lease state is
- valid, and
- strictly a superset of the lease state already held.
In that case the resulting lease state is the one
requested in the upgrade.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Volker Lendecke [Fri, 1 Nov 2013 12:04:38 +0000 (12:04 +0000)]
README.Coding: Add __func__
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Nov 11 16:08:09 CET 2013 on sn-devel-104
Volker Lendecke [Fri, 1 Nov 2013 11:55:43 +0000 (11:55 +0000)]
smbd: Fix DEBUG in do_break_to_none
The name of this function has changed, but the DEBUG statements have
not been adapted. This is the case in a lot of our code. With __func__
this problem goes away: __func__ is C99, and we also use it already.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Björn Baumbach [Tue, 29 Oct 2013 16:53:59 +0000 (17:53 +0100)]
CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem)
If the tls key is not owned by root or has not mode 0600 samba will not
start up.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Nov 11 13:07:16 CET 2013 on sn-devel-104
Björn Baumbach [Tue, 29 Oct 2013 16:52:39 +0000 (17:52 +0100)]
CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 30 Oct 2013 13:48:36 +0000 (14:48 +0100)]
CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()
We should generate private keys with 0600.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 29 Oct 2013 16:49:55 +0000 (17:49 +0100)]
CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 29 Oct 2013 16:48:11 +0000 (17:48 +0100)]
CVE-2013-4476: lib-util: split out file_save_mode() from file_save()
file_save_mode() writes files with specified mode.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 29 Oct 2013 16:43:17 +0000 (17:43 +0100)]
CVE-2013-4476: lib-util: add file_check_permissions()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Wed, 6 Nov 2013 11:37:07 +0000 (12:37 +0100)]
xattr: fix listing EAs on *BSD for non-root users
Thanks to Stefan Rompf for reporting.
This fixes bug #10247
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 8 20:43:30 CET 2013 on sn-devel-104
Andreas Schneider [Fri, 8 Nov 2013 15:14:35 +0000 (16:14 +0100)]
s4-smb_server: Fix a use after free.
If we haven't allocated the smbsrv_session then we should not free it.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 8 Nov 2013 14:10:03 +0000 (15:10 +0100)]
s3-vfs: Fix stream_depot vfs module on btrfs.
Checking if the directory is empty using 'nlink == 2' only checks if
there are no subdirectories. It doesn't indicate if there are files in
the directory. However checking link count for no subdirectories is
wrong and applications shouldn't rely on it, see:
https://lkml.org/lkml/2012/2/1/756
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Fri, 8 Nov 2013 12:56:23 +0000 (13:56 +0100)]
vfstest: fix uninitialised variable usage in open
The vfstest open command currently fails intermittently due to a read of
a potentially uninitialised status variable.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Atul Kulkarni [Thu, 3 Oct 2013 10:47:47 +0000 (16:17 +0530)]
net: remove net idmap secret
This is moved to net idmap set secret for consistency.
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 8 01:03:25 CET 2013 on sn-devel-104
Atul Kulkarni [Thu, 3 Oct 2013 16:44:53 +0000 (22:14 +0530)]
doc: update the net manpage for net idmap set, get and delete
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Abhidnya Joshi [Fri, 25 Oct 2013 05:06:01 +0000 (07:06 +0200)]
idmap_autorid: fix failure in reverse lookup if ID is from domain range index #0
Domain range index #0 is not included in the database record.
So in this special case we only have the SID, not SID#IDX...
Signed-off-by: Abhidnya Joshi <achirmul@in.ibm.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Michael Adam [Tue, 5 Nov 2013 12:46:15 +0000 (13:46 +0100)]
idmap_autorid: fix status code when trying to load range for an invalid input
The "sid" input needs to be verified (it can currently be a SID or "ALLOC").
When handing in string that is valid for other kinds of records,
but not for the SID[#IDX]-->RANGE direction of mappings, like for instance
a range number, then we get "NT_STATUS_INTERNAL_DB_CORRUPTION" because
parse records finds the record, but it does not have the expected size...
This patch fixes this problem by pre-validating the input before fetching
the record from the database.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Atul Kulkarni [Thu, 3 Oct 2013 18:45:19 +0000 (00:15 +0530)]
net: correct typos in net idmap delete ranges help message
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Atul Kulkarni [Wed, 2 Oct 2013 14:44:04 +0000 (20:14 +0530)]
idmap_autorid: add space between two words in a debug message
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 7 Nov 2013 15:55:53 +0000 (16:55 +0100)]
s4-lsa: Make sure we also duplicate the domain_name.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 7 18:58:44 CET 2013 on sn-devel-104
Andreas Schneider [Thu, 7 Nov 2013 14:57:51 +0000 (15:57 +0100)]
s4-lsa: Add missing null checks in dcesrv_lsa_lookup_name().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Thu, 7 Nov 2013 14:55:29 +0000 (15:55 +0100)]
s4-lsa: Fix a user after free in dcesrv_lsa_lookup_name().
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Amitay Isaacs [Thu, 7 Nov 2013 05:01:49 +0000 (16:01 +1100)]
tests: Fix calling of ctdb tool from test
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
(This used to be ctdb commit
9381c33dfd40192b7532d942059c2959dfae059d)
Amitay Isaacs [Thu, 7 Nov 2013 04:54:28 +0000 (15:54 +1100)]
Revert "tests: If transaction_start fails, try again"
This reverts commit
ed7d999214ee009e480c26410a04fa105028cb8e.
This is not necessary since ctdb_transaction_start() now will return NULL
only when there is a failure and not when another transaction is currently
active.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
(This used to be ctdb commit
46615c8e0e63291605d76a6d35f1a93180718c36)
Amitay Isaacs [Thu, 7 Nov 2013 04:54:20 +0000 (15:54 +1100)]
client: Make g_lock_lock() wait till lock is obtained
This makes the behaviour of g_lock_lock() similar to that implemented in
Samba. Now ctdb_transaction_start() will return NULL only when there are
failures and not when another transaction is active.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
(This used to be ctdb commit
59489019ad15a5ad6b0f295e742fc9832745a842)
David Disseldorp [Tue, 29 Oct 2013 11:08:57 +0000 (12:08 +0100)]
test_smbclient_tarmode.pl: remove unneccesary arg defaults
The host, share and localpath arguments should not take default values.
Check that these required arguments are specified.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Autobuild-User(master): Jim McDonough <jmcd@samba.org>
Autobuild-Date(master): Tue Nov 5 16:40:20 CET 2013 on sn-devel-104
Aurélien Aptel [Mon, 12 Aug 2013 14:29:41 +0000 (16:29 +0200)]
test_smbclient_tarmode.pl: depend only on perl v5.10
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Mon, 5 Aug 2013 16:58:39 +0000 (18:58 +0200)]
test_smbclient_tarmode.pl: remove all ./ prefix when dealing with remote files
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Mon, 5 Aug 2013 16:57:54 +0000 (18:57 +0200)]
test_smbclient_tarmode.pl: sanitize $DIR + whitespace
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Mon, 5 Aug 2013 16:56:04 +0000 (18:56 +0200)]
test_smbclient_tarmode.pl: use -n flag for specifiying hostname (was ambiguous with help)
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Mon, 28 Oct 2013 17:07:25 +0000 (18:07 +0100)]
test_smbclient_tarmode.pl: enable create with exclude tests
[ddiss@samba.org: split from clitar implementation commit]
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Mon, 5 Aug 2013 16:55:25 +0000 (18:55 +0200)]
test_smbclient_tarmode.pl: add subunit output flag
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Wed, 24 Jul 2013 14:49:06 +0000 (16:49 +0200)]
test_smbclient_tarmode.pl: add test for interactive session
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Mon, 22 Jul 2013 16:49:51 +0000 (18:49 +0200)]
test_smbclient_tarmode.pl: add extraction regex tests, verbose flag
* reset_remote() now removes the whole share content
* verbose flag to control stdout of each test
* extraction with regex test
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Fri, 25 Oct 2013 13:12:27 +0000 (15:12 +0200)]
test_smbclient_tarmode.pl: test regex flag behaviour
[ddiss@samba.org: split from clitar implementation commit]
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Wed, 17 Jul 2013 16:54:07 +0000 (18:54 +0200)]
test_smbclient_tarmode.pl: add large file and long path tests
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Wed, 17 Jul 2013 14:27:01 +0000 (16:27 +0200)]
test_smbclient_tarmode.pl: add simple wildcard test
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Fri, 25 Oct 2013 12:55:47 +0000 (14:55 +0200)]
test_smbclient_tarmode.pl: test interactive command
[ddiss@samba.org: split from clitar implementation commit]
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Tue, 16 Jul 2013 13:52:51 +0000 (15:52 +0200)]
test_smbclient_tarmode.pl: whitespace
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Tue, 16 Jul 2013 12:46:02 +0000 (14:46 +0200)]
test_smbclient_tarmode.pl: let --test run multiple tests
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Mon, 15 Jul 2013 22:34:41 +0000 (00:34 +0200)]
test_smbclient_tarmode.pl: sanitize input, use File::Temp instead of hardcoding temp dir
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Mon, 15 Jul 2013 22:10:09 +0000 (00:10 +0200)]
test_smbclient_tarmode.pl: cosmetic changes
- Add whitespace around paren in if/for/while/... blocks
- Don't split if/elsif/else cascade
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Mon, 15 Jul 2013 21:41:15 +0000 (23:41 +0200)]
test_smbclient_tarmode.pl: add copyright header
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Mon, 15 Jul 2013 17:04:43 +0000 (19:04 +0200)]
test_smbclient_tarmode.pl: samba 3.6.9 can print a empty attribute string
While changing my setup, I discovered that for some unknown reasons
samba (serv/client) doesn't print any attributes for normal files.
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Mon, 15 Jul 2013 17:04:07 +0000 (19:04 +0200)]
test_smbclient_tarmode.pl: disable failing tests for now
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Aurélien Aptel [Mon, 15 Jul 2013 17:01:58 +0000 (19:01 +0200)]
test_smbclient_tarmode.pl: make script work on older Perl (now only need 5.14)
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
David Disseldorp [Sun, 14 Jul 2013 13:22:36 +0000 (15:22 +0200)]
test_smbclient_tarmode.pl: fix a few minor typos
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>