amitay/samba.git
8 years agoscript: add ctdb-import.* scripts
Stefan Metzmacher [Wed, 25 Sep 2013 22:00:53 +0000 (00:00 +0200)]
script: add ctdb-import.* scripts

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
8 years agoremove partial ctdb/ import
Stefan Metzmacher [Wed, 25 Sep 2013 21:49:58 +0000 (23:49 +0200)]
remove partial ctdb/ import

In preparation of moving ctdb code into the samba repository.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
8 years agos4:rpc-server: fix lsa_lookupsids return value for the domain sid
Michael Adam [Wed, 18 Sep 2013 07:33:07 +0000 (09:33 +0200)]
s4:rpc-server: fix lsa_lookupsids return value for the domain sid

We currently return type UNKNOWN and copy the domain sid to the name.
Instead we should return type DOMAIN and return NULL as name.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 13 13:34:16 CET 2013 on sn-devel-104

8 years agos4:rpc-server: fix use after free in dcesrv_lsa_lookup_sid()
Michael Adam [Fri, 8 Nov 2013 10:15:33 +0000 (11:15 +0100)]
s4:rpc-server: fix use after free in dcesrv_lsa_lookup_sid()

Authority name may be accessed after
state has gone away and take domain_name with it.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
8 years agowbinfo: fix output of wbinfo --sid-to-name for sids of type DOMAIN
Michael Adam [Sat, 21 Sep 2013 19:02:00 +0000 (21:02 +0200)]
wbinfo: fix output of wbinfo --sid-to-name for sids of type DOMAIN

to print only the domain name and not "DOMIN\<SID>".

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
8 years agowbinfo: fix output of "--lookup-sids" to use the configured winbind separator
Michael Adam [Sat, 21 Sep 2013 19:03:40 +0000 (21:03 +0200)]
wbinfo: fix output of "--lookup-sids" to use the configured winbind separator

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
8 years agowbinfo: fix ouptput of --lookup-sids for sids of type DOMAIN
Michael Adam [Sat, 21 Sep 2013 08:35:57 +0000 (10:35 +0200)]
wbinfo: fix ouptput of --lookup-sids for sids of type DOMAIN

To print only the domain name and not "DOMIN\<SID>".

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
8 years agorpcclient: fix output of lsalookupsids for sids of type DOMAIN
Michael Adam [Wed, 18 Sep 2013 07:32:17 +0000 (09:32 +0200)]
rpcclient: fix output of lsalookupsids for sids of type DOMAIN

For domain sids, don't print NAME\*unknown* but print NAME instead.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
8 years agoheimdal: Fix CID 240779 Allocation size mismatch
Volker Lendecke [Tue, 12 Nov 2013 21:00:54 +0000 (22:00 +0100)]
heimdal: Fix CID 240779 Allocation size mismatch

The error Coverity complains about is in the malloc. krb5_enctypes is
an enum, so it is usually smaller than the size of a pointer. So we
overallocate, but in the memcpy further down we copy from potentially
invalid memory.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 13 11:05:44 CET 2013 on sn-devel-104

8 years agotls: Fix CID 242014 Uninitialized scalar variable
Volker Lendecke [Mon, 11 Nov 2013 21:32:50 +0000 (21:32 +0000)]
tls: Fix CID 242014 Uninitialized scalar variable

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
8 years agotls: Fix some noblank line endings
Volker Lendecke [Mon, 11 Nov 2013 21:26:34 +0000 (21:26 +0000)]
tls: Fix some noblank line endings

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
8 years agoheimdal: Fix CID 241943 Uninitialized pointer read
Volker Lendecke [Mon, 11 Nov 2013 21:07:09 +0000 (21:07 +0000)]
heimdal: Fix CID 241943 Uninitialized pointer read

In the error case without EXTRA_ADDRESSES we access ignore_addresses
without initialization

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
8 years agolibsmb: Fix CID 242665 Out-of-bounds access
Volker Lendecke [Mon, 11 Nov 2013 20:37:48 +0000 (20:37 +0000)]
libsmb: Fix CID 242665 Out-of-bounds access

Coverity is confused by the dual-use of "pss" as an array of size 1. This
is not strictly a bug here, but it is admittedly a small subtlety. It
should fix a whole bunch of Coverity issues. Normally I would resist to
change our code in response to a deficient static checker, but here I
would vote for this compromise.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
8 years agos4-dsdb: Fix a use after free segfault.
Andreas Schneider [Tue, 12 Nov 2013 13:09:56 +0000 (14:09 +0100)]
s4-dsdb: Fix a use after free segfault.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Nov 12 19:22:28 CET 2013 on sn-devel-104

8 years agos4-torture: Relax time checking in CHECK_NTTIME.
Andreas Schneider [Tue, 12 Nov 2013 13:09:55 +0000 (14:09 +0100)]
s4-torture: Relax time checking in CHECK_NTTIME.

NTTIME has a nanosecond resolution. We should be tolerate if the system
is busy writing and reading the value. To reproduce this problem just
run the test under valgrind.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
8 years agos3-vfs: Fix stream_depot vfs module on btrfs.
Andreas Schneider [Fri, 8 Nov 2013 14:41:18 +0000 (15:41 +0100)]
s3-vfs: Fix stream_depot vfs module on btrfs.

Checking if the directory is empty using 'nlink == 2' only checks if
there are no subdirectories. It doesn't indicate if there are files in
the directory. However checking link count for no subdirectories is
wrong and applications shouldn't rely on it, see:

https://lkml.org/lkml/2012/2/1/756

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
8 years agoRevert "s3-vfs: Fix stream_depot vfs module on btrfs."
David Disseldorp [Tue, 12 Nov 2013 15:33:20 +0000 (16:33 +0100)]
Revert "s3-vfs: Fix stream_depot vfs module on btrfs."

This reverts commit 29f12e7d5960906935e3af1405e9759a07d64750.

The wrong patch was pushed, according to Andreas:
I sent a second version cause the first was not complete. I've
discussed with Volker after I sent the patch and then sent a new
patch which

a) also does the right thin in the unlink case
b) only tried to remove the server is the deletion of the file
   was successful.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
8 years agos3-libnetjoin: Fix Bug #10262: use upper-case realm when composing default upn.
Günther Deschner [Wed, 6 Nov 2013 17:21:32 +0000 (18:21 +0100)]
s3-libnetjoin: Fix Bug #10262: use upper-case realm when composing default upn.

In case we are about to generate a keytab during the join make sure the default
upn we create is usable with kinit -k.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10262

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Nov 12 16:39:03 CET 2013 on sn-devel-104

8 years agos4:torture/netlogon: Test netlogon with additional attrs
Benjamin Franzke [Thu, 31 Oct 2013 20:23:57 +0000 (21:23 +0100)]
s4:torture/netlogon: Test netlogon with additional attrs

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
se enter the commit message for your changes. Lines starting

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 12 00:57:19 CET 2013 on sn-devel-104

8 years agos4:torture/ldap: Add test for netlogon over tcp
Benjamin Franzke [Mon, 28 Oct 2013 13:21:20 +0000 (14:21 +0100)]
s4:torture/ldap: Add test for netlogon over tcp

This patch moves the udp netlogon tests from cldap.c
to netlogon.c and passes a generic netlogon-send
function as parameter.

Therefore a tcp replacement for cldap_netlogon is also added.
The two variants tcp and udp are added as 2 new torture tests:

ldap.netlogon-udp & ldap.netlogon-tcp
Both tests succeed.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
8 years agolibcli/cldap: Add utility to create netlogon filter
Benjamin Franzke [Mon, 28 Oct 2013 13:19:57 +0000 (14:19 +0100)]
libcli/cldap: Add utility to create netlogon filter

This utility is splitted of from cldap_netlogon_send.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
8 years agos4:dsdb: Move cldap netlogon functions into samdb/ldb_modules
Benjamin Franzke [Tue, 5 Nov 2013 19:39:56 +0000 (20:39 +0100)]
s4:dsdb: Move cldap netlogon functions into samdb/ldb_modules

As netlogon is handled by the samdb now,
the corresponding functions should live there as well.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
8 years agos4:cldap_server: Do not handle netlogon ourself anymore
Benjamin Franzke [Fri, 1 Nov 2013 09:52:02 +0000 (10:52 +0100)]
s4:cldap_server: Do not handle netlogon ourself anymore

Netlogon is now handled by the ldb rootdse module.

The netlogon files will be moved to dsdb in the next commit.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
8 years agos4:dsdb/rootdse: Support netlogon request
Benjamin Franzke [Sun, 27 Oct 2013 05:55:48 +0000 (06:55 +0100)]
s4:dsdb/rootdse: Support netlogon request

This patch adds support for a netlogon ldap style request
over the tcp socket.  This is available since win2k3+ [1].

The automatic client join & configuration daemon "realmd" makes
use of this ability.
Realmd can now be used to join a computer to a samba 4 domain.
(See also:
https://lists.samba.org/archive/samba-technical/2013-October/095606.html)

Tested with:
ldapsearch -h samba-srv -x -b '' -s base "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon

And compared the result in wireshark with cldap request issued by
examples/misc/cldap.pl.

[1]: http://wiki.wireshark.org/MS-CLDAP?action=recall&rev=8

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
8 years agos4:dsdb/rootdse: Pass rootdse context to rootdse_add_dynamic
Benjamin Franzke [Fri, 1 Nov 2013 05:55:41 +0000 (06:55 +0100)]
s4:dsdb/rootdse: Pass rootdse context to rootdse_add_dynamic

This replaced the *module parameter, and uses ac->module in the function
instead, same for *req and *attrs.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
8 years agos4:cldap_server: Move netlogon parsing into utility function
Benjamin Franzke [Sun, 27 Oct 2013 15:07:04 +0000 (16:07 +0100)]
s4:cldap_server: Move netlogon parsing into utility function

To be used later by netlogon-request over ldap.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
8 years agoprovision: Fix string replacement ordering
Benjamin Franzke [Fri, 6 Sep 2013 14:20:43 +0000 (16:20 +0200)]
provision: Fix string replacement ordering

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
8 years agos4:torture/cldap: Fix a typo
Benjamin Franzke [Fri, 1 Nov 2013 09:24:43 +0000 (10:24 +0100)]
s4:torture/cldap: Fix a typo

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
8 years agogpo: Fix CID 1034880 Resource leak
Volker Lendecke [Sun, 10 Nov 2013 18:45:11 +0000 (19:45 +0100)]
gpo: Fix CID 1034880 Resource leak

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Mon Nov 11 22:59:10 CET 2013 on sn-devel-104

8 years agogpo: Fix CID 1034881 Resource leak
Volker Lendecke [Sun, 10 Nov 2013 18:43:48 +0000 (19:43 +0100)]
gpo: Fix CID 1034881 Resource leak

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agontvfs: Fix CID 1034883 Resource leak
Volker Lendecke [Sun, 10 Nov 2013 18:41:15 +0000 (19:41 +0100)]
ntvfs: Fix CID 1034883 Resource leak

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agobackupkey: Fix CID 1034885 Resource leak
Volker Lendecke [Sun, 10 Nov 2013 18:34:31 +0000 (19:34 +0100)]
backupkey: Fix CID 1034885 Resource leak

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agosmbd: Fix CID 1035365 Buffer not null terminated
Volker Lendecke [Sun, 10 Nov 2013 10:58:58 +0000 (11:58 +0100)]
smbd: Fix CID 1035365 Buffer not null terminated

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agosmbd: Fix CID 1035366 Buffer not null terminated
Volker Lendecke [Sun, 10 Nov 2013 10:57:37 +0000 (11:57 +0100)]
smbd: Fix CID 1035366 Buffer not null terminated

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agosmbd: Use fstring in conn_tdb.c
Volker Lendecke [Sun, 10 Nov 2013 10:56:06 +0000 (11:56 +0100)]
smbd: Use fstring in conn_tdb.c

It might be legacy, but as long as we have it, we can make use of it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agosmbd: Use fstring in conn_tdb.h
Volker Lendecke [Sun, 10 Nov 2013 10:56:06 +0000 (11:56 +0100)]
smbd: Use fstring in conn_tdb.h

It might be legacy, but as long as we have it, we can make use of it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agosmbd: Fix CID 1035478 Negative array index read
Volker Lendecke [Sun, 10 Nov 2013 10:48:17 +0000 (11:48 +0100)]
smbd: Fix CID 1035478 Negative array index read

lp_parm_enum can return -1. Add error checking.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agosamdb: Fix CID 241968 Uninitialized pointer read
Volker Lendecke [Sun, 10 Nov 2013 09:06:18 +0000 (10:06 +0100)]
samdb: Fix CID 241968 Uninitialized pointer read

Interestingly gcc does not catch this at all.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agoheimdal: Fix 241482 Resource leak
Volker Lendecke [Sun, 10 Nov 2013 08:45:38 +0000 (09:45 +0100)]
heimdal: Fix 241482 Resource leak

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agoldb: Fix CID 241329 Array compared against 0
Volker Lendecke [Sat, 9 Nov 2013 20:29:24 +0000 (21:29 +0100)]
ldb: Fix CID 241329 Array compared against 0

u.generate.remote_names is an array, not a pointer

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agolibsmb: Fix CID 241313 Array compared against 0
Volker Lendecke [Sat, 9 Nov 2013 20:11:41 +0000 (21:11 +0100)]
libsmb: Fix CID 241313 Array compared against 0

userinfo->passwrd is not a pointer, no point in checking for !=NULL

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agosmbd: Fix CID 1035434 Same on both sides
Volker Lendecke [Sat, 9 Nov 2013 20:02:10 +0000 (21:02 +0100)]
smbd: Fix CID 1035434 Same on both sides

Looks scary, but the only effect of this bug is too many UNLOCK messages

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agoiniparser: Fix CID 241908 Copy into fixed size buffer
Volker Lendecke [Sat, 9 Nov 2013 19:37:01 +0000 (20:37 +0100)]
iniparser: Fix CID 241908 Copy into fixed size buffer

strcpy is never a good idea....

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agolibsmb: Fix CID 1127343 Dead default in switch
Volker Lendecke [Sat, 9 Nov 2013 18:14:15 +0000 (19:14 +0100)]
libsmb: Fix CID 1127343 Dead default in switch

We have checked sec_channel_type a few lines above already

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agonetapi: Fix CID 1127344 Uninitialized scalar variable
Volker Lendecke [Sat, 9 Nov 2013 18:11:41 +0000 (19:11 +0100)]
netapi: Fix CID 1127344 Uninitialized scalar variable

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agonet: Fix CID 1035403 Unchecked return value
Volker Lendecke [Sat, 9 Nov 2013 17:50:16 +0000 (18:50 +0100)]
net: Fix CID 1035403 Unchecked return value

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agoregistry: Fix Coverity ID 1034918 Wrong sizeof argument
Volker Lendecke [Sat, 9 Nov 2013 17:40:08 +0000 (18:40 +0100)]
registry: Fix Coverity ID 1034918 Wrong sizeof argument

sizeof(data_val) is the size of the pointer. This might well be 8 bytes
where the string is only 4 bytes long

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agoregistry: Fix Coverity ID 1034917 Wrong sizeof argument
Volker Lendecke [Sat, 9 Nov 2013 17:40:08 +0000 (18:40 +0100)]
registry: Fix Coverity ID 1034917 Wrong sizeof argument

sizeof(data_val) is the size of the pointer. This might well be 8 bytes
where the string is only 4 bytes long

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agoregistry: Fix Coverity ID 1034916 Wrong sizeof argument
Volker Lendecke [Sat, 9 Nov 2013 17:40:08 +0000 (18:40 +0100)]
registry: Fix Coverity ID 1034916 Wrong sizeof argument

sizeof(data_val) is the size of the pointer. This might well be 8 bytes
where the string is only 4 bytes long

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agodsdb: Fix Coverity ID 1034907 Dereference before null check
Volker Lendecke [Sat, 9 Nov 2013 17:32:21 +0000 (18:32 +0100)]
dsdb: Fix Coverity ID 1034907 Dereference before null check

"module" has already been dereferenced by ldb_module_get_private(module)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agooLschema2ldif: Add some NULL checks
Volker Lendecke [Sat, 9 Nov 2013 15:40:18 +0000 (16:40 +0100)]
oLschema2ldif: Add some NULL checks

This should fix Coverity ID 1034812

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
8 years agos4:torture:smb2: add new lease.upgrade3 test to test the contended upgrade
Michael Adam [Tue, 5 Nov 2013 17:17:58 +0000 (18:17 +0100)]
s4:torture:smb2: add new lease.upgrade3 test to test the contended upgrade

Test what upgrades work when there is another lease already held,
in addition to the lease to be upgraded.

 The summary of the behaviour is this:
 -------------------------------------

 If we have two leases (lease1 and lease2) on the same file,
 then attempt to upgrade lease1 results in a change if and only
 if the requested lease state:
 - is valid,
 - is strictly a superset of lease1, and
 - can held together with lease2.

 In that case, the resuling lease state of the upgraded lease1
 is the state requested in the upgrade. lease2 is not broken
 and remains unchanged.

 Note that this contrasts the case of directly opening with
 an initial requested lease state, in which case you get that
 portion of the requested state that can be shared with the
 already existing leases (or the states that they get broken to).

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Nov 11 18:04:47 CET 2013 on sn-devel-104

8 years agos4:torture:smb2: add comment explaining lease upgrade in the non-contended case
Michael Adam [Tue, 5 Nov 2013 17:10:25 +0000 (18:10 +0100)]
s4:torture:smb2: add comment explaining lease upgrade in the non-contended case

The summary of the behaviour is this:
-------------------------------------
An uncontended lease upgrade results in a change
if and only if the requested lease state is
- valid, and
- strictly a superset of the lease state already held.

In that case the resulting lease state is the one
requested in the upgrade.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
8 years agoREADME.Coding: Add __func__
Volker Lendecke [Fri, 1 Nov 2013 12:04:38 +0000 (12:04 +0000)]
README.Coding: Add __func__

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Nov 11 16:08:09 CET 2013 on sn-devel-104

8 years agosmbd: Fix DEBUG in do_break_to_none
Volker Lendecke [Fri, 1 Nov 2013 11:55:43 +0000 (11:55 +0000)]
smbd: Fix DEBUG in do_break_to_none

The name of this function has changed, but the DEBUG statements have
not been adapted. This is the case in a lot of our code. With __func__
this problem goes away: __func__ is C99, and we also use it already.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
8 years agoCVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key...
Björn Baumbach [Tue, 29 Oct 2013 16:53:59 +0000 (17:53 +0100)]
CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem)

If the tls key is not owned by root or has not mode 0600 samba will not
start up.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Nov 11 13:07:16 CET 2013 on sn-devel-104

8 years agoCVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600
Björn Baumbach [Tue, 29 Oct 2013 16:52:39 +0000 (17:52 +0100)]
CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 years agoCVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()
Stefan Metzmacher [Wed, 30 Oct 2013 13:48:36 +0000 (14:48 +0100)]
CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()

We should generate private keys with 0600.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Pair-Programmed-With: Björn Baumbach <bb@sernet.de>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 years agoCVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700
Björn Baumbach [Tue, 29 Oct 2013 16:49:55 +0000 (17:49 +0100)]
CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 years agoCVE-2013-4476: lib-util: split out file_save_mode() from file_save()
Björn Baumbach [Tue, 29 Oct 2013 16:48:11 +0000 (17:48 +0100)]
CVE-2013-4476: lib-util: split out file_save_mode() from file_save()

file_save_mode() writes files with specified mode.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 years agoCVE-2013-4476: lib-util: add file_check_permissions()
Björn Baumbach [Tue, 29 Oct 2013 16:43:17 +0000 (17:43 +0100)]
CVE-2013-4476: lib-util: add file_check_permissions()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 years agoxattr: fix listing EAs on *BSD for non-root users
Björn Jacke [Wed, 6 Nov 2013 11:37:07 +0000 (12:37 +0100)]
xattr: fix listing EAs on *BSD for non-root users

Thanks to Stefan Rompf for reporting.

This fixes bug #10247

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov  8 20:43:30 CET 2013 on sn-devel-104

8 years agos4-smb_server: Fix a use after free.
Andreas Schneider [Fri, 8 Nov 2013 15:14:35 +0000 (16:14 +0100)]
s4-smb_server: Fix a use after free.

If we haven't allocated the smbsrv_session then we should not free it.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 years agos3-vfs: Fix stream_depot vfs module on btrfs.
Andreas Schneider [Fri, 8 Nov 2013 14:10:03 +0000 (15:10 +0100)]
s3-vfs: Fix stream_depot vfs module on btrfs.

Checking if the directory is empty using 'nlink == 2' only checks if
there are no subdirectories. It doesn't indicate if there are files in
the directory. However checking link count for no subdirectories is
wrong and applications shouldn't rely on it, see:

https://lkml.org/lkml/2012/2/1/756

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 years agovfstest: fix uninitialised variable usage in open
David Disseldorp [Fri, 8 Nov 2013 12:56:23 +0000 (13:56 +0100)]
vfstest: fix uninitialised variable usage in open

The vfstest open command currently fails intermittently due to a read of
a potentially uninitialised status variable.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 years agonet: remove net idmap secret
Atul Kulkarni [Thu, 3 Oct 2013 10:47:47 +0000 (16:17 +0530)]
net: remove net idmap secret

This is moved to net idmap set secret for consistency.

Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov  8 01:03:25 CET 2013 on sn-devel-104

8 years agodoc: update the net manpage for net idmap set, get and delete
Atul Kulkarni [Thu, 3 Oct 2013 16:44:53 +0000 (22:14 +0530)]
doc: update the net manpage for net idmap set, get and delete

Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 years agoidmap_autorid: fix failure in reverse lookup if ID is from domain range index #0
Abhidnya Joshi [Fri, 25 Oct 2013 05:06:01 +0000 (07:06 +0200)]
idmap_autorid: fix failure in reverse lookup if ID is from domain range index #0

Domain range index #0 is not included in the database record.
So in this special case we only have the SID, not SID#IDX...

Signed-off-by: Abhidnya Joshi <achirmul@in.ibm.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 years agoidmap_autorid: fix status code when trying to load range for an invalid input
Michael Adam [Tue, 5 Nov 2013 12:46:15 +0000 (13:46 +0100)]
idmap_autorid: fix status code when trying to load range for an invalid input

The "sid" input needs to be verified (it can currently be a SID or "ALLOC").
When handing in string that is valid for other kinds of records,
but not for the SID[#IDX]-->RANGE direction of mappings, like for instance
a range number, then we get "NT_STATUS_INTERNAL_DB_CORRUPTION" because
parse records finds the record, but it does not have the expected size...

This patch fixes this problem by pre-validating the input before fetching
the record from the database.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 years agonet: correct typos in net idmap delete ranges help message
Atul Kulkarni [Thu, 3 Oct 2013 18:45:19 +0000 (00:15 +0530)]
net: correct typos in net idmap delete ranges help message

Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 years agoidmap_autorid: add space between two words in a debug message
Atul Kulkarni [Wed, 2 Oct 2013 14:44:04 +0000 (20:14 +0530)]
idmap_autorid: add space between two words in a debug message

Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 years agos4-lsa: Make sure we also duplicate the domain_name.
Andreas Schneider [Thu, 7 Nov 2013 15:55:53 +0000 (16:55 +0100)]
s4-lsa: Make sure we also duplicate the domain_name.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov  7 18:58:44 CET 2013 on sn-devel-104

8 years agos4-lsa: Add missing null checks in dcesrv_lsa_lookup_name().
Andreas Schneider [Thu, 7 Nov 2013 14:57:51 +0000 (15:57 +0100)]
s4-lsa: Add missing null checks in dcesrv_lsa_lookup_name().

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
8 years agos4-lsa: Fix a user after free in dcesrv_lsa_lookup_name().
Andreas Schneider [Thu, 7 Nov 2013 14:55:29 +0000 (15:55 +0100)]
s4-lsa: Fix a user after free in dcesrv_lsa_lookup_name().

Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
8 years agotest_smbclient_tarmode.pl: remove unneccesary arg defaults
David Disseldorp [Tue, 29 Oct 2013 11:08:57 +0000 (12:08 +0100)]
test_smbclient_tarmode.pl: remove unneccesary arg defaults

The host, share and localpath arguments should not take default values.
Check that these required arguments are specified.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Autobuild-User(master): Jim McDonough <jmcd@samba.org>
Autobuild-Date(master): Tue Nov  5 16:40:20 CET 2013 on sn-devel-104

8 years agotest_smbclient_tarmode.pl: depend only on perl v5.10
Aurélien Aptel [Mon, 12 Aug 2013 14:29:41 +0000 (16:29 +0200)]
test_smbclient_tarmode.pl: depend only on perl v5.10

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: remove all ./ prefix when dealing with remote files
Aurélien Aptel [Mon, 5 Aug 2013 16:58:39 +0000 (18:58 +0200)]
test_smbclient_tarmode.pl: remove all ./ prefix when dealing with remote files

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: sanitize $DIR + whitespace
Aurélien Aptel [Mon, 5 Aug 2013 16:57:54 +0000 (18:57 +0200)]
test_smbclient_tarmode.pl: sanitize $DIR + whitespace

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: use -n flag for specifiying hostname (was ambiguous with...
Aurélien Aptel [Mon, 5 Aug 2013 16:56:04 +0000 (18:56 +0200)]
test_smbclient_tarmode.pl: use -n flag for specifiying hostname (was ambiguous with help)

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: enable create with exclude tests
Aurélien Aptel [Mon, 28 Oct 2013 17:07:25 +0000 (18:07 +0100)]
test_smbclient_tarmode.pl: enable create with exclude tests

[ddiss@samba.org: split from clitar implementation commit]
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: add subunit output flag
Aurélien Aptel [Mon, 5 Aug 2013 16:55:25 +0000 (18:55 +0200)]
test_smbclient_tarmode.pl: add subunit output flag

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: add test for interactive session
Aurélien Aptel [Wed, 24 Jul 2013 14:49:06 +0000 (16:49 +0200)]
test_smbclient_tarmode.pl: add test for interactive session

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: add extraction regex tests, verbose flag
Aurélien Aptel [Mon, 22 Jul 2013 16:49:51 +0000 (18:49 +0200)]
test_smbclient_tarmode.pl: add extraction regex tests, verbose flag

* reset_remote() now removes the whole share content
* verbose flag to control stdout of each test
* extraction with regex test

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: test regex flag behaviour
Aurélien Aptel [Fri, 25 Oct 2013 13:12:27 +0000 (15:12 +0200)]
test_smbclient_tarmode.pl: test regex flag behaviour

[ddiss@samba.org: split from clitar implementation commit]
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: add large file and long path tests
Aurélien Aptel [Wed, 17 Jul 2013 16:54:07 +0000 (18:54 +0200)]
test_smbclient_tarmode.pl: add large file and long path tests

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: add simple wildcard test
Aurélien Aptel [Wed, 17 Jul 2013 14:27:01 +0000 (16:27 +0200)]
test_smbclient_tarmode.pl: add simple wildcard test

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: test interactive command
Aurélien Aptel [Fri, 25 Oct 2013 12:55:47 +0000 (14:55 +0200)]
test_smbclient_tarmode.pl: test interactive command

[ddiss@samba.org: split from clitar implementation commit]
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: whitespace
Aurélien Aptel [Tue, 16 Jul 2013 13:52:51 +0000 (15:52 +0200)]
test_smbclient_tarmode.pl: whitespace

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: let --test run multiple tests
Aurélien Aptel [Tue, 16 Jul 2013 12:46:02 +0000 (14:46 +0200)]
test_smbclient_tarmode.pl: let --test run multiple tests

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: sanitize input, use File::Temp instead of hardcoding temp dir
Aurélien Aptel [Mon, 15 Jul 2013 22:34:41 +0000 (00:34 +0200)]
test_smbclient_tarmode.pl: sanitize input, use File::Temp instead of hardcoding temp dir

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: cosmetic changes
Aurélien Aptel [Mon, 15 Jul 2013 22:10:09 +0000 (00:10 +0200)]
test_smbclient_tarmode.pl: cosmetic changes

- Add whitespace around paren in if/for/while/... blocks
- Don't split if/elsif/else cascade

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: add copyright header
Aurélien Aptel [Mon, 15 Jul 2013 21:41:15 +0000 (23:41 +0200)]
test_smbclient_tarmode.pl: add copyright header

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: samba 3.6.9 can print a empty attribute string
Aurélien Aptel [Mon, 15 Jul 2013 17:04:43 +0000 (19:04 +0200)]
test_smbclient_tarmode.pl: samba 3.6.9 can print a empty attribute string

While changing my setup, I discovered that for some unknown reasons
samba (serv/client) doesn't print any attributes for normal files.

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: disable failing tests for now
Aurélien Aptel [Mon, 15 Jul 2013 17:04:07 +0000 (19:04 +0200)]
test_smbclient_tarmode.pl: disable failing tests for now

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: make script work on older Perl (now only need 5.14)
Aurélien Aptel [Mon, 15 Jul 2013 17:01:58 +0000 (19:01 +0200)]
test_smbclient_tarmode.pl: make script work on older Perl (now only need 5.14)

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: fix a few minor typos
David Disseldorp [Sun, 14 Jul 2013 13:22:36 +0000 (15:22 +0200)]
test_smbclient_tarmode.pl: fix a few minor typos

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: refactor, cleanup and document in POD
Aurélien Aptel [Thu, 4 Jul 2013 15:54:43 +0000 (17:54 +0200)]
test_smbclient_tarmode.pl: refactor, cleanup and document in POD

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: add tests for wildcard pattern (cI, cX, cF, xF).
Aurélien Aptel [Wed, 3 Jul 2013 14:09:03 +0000 (16:09 +0200)]
test_smbclient_tarmode.pl: add tests for wildcard pattern (cI, cX, cF, xF).

* add some test for wildcard pattern and r switch, when possible (-r
  is very buggy)
* change default DIR to "tar_test_dir"
* add tests for attributes (nohidden, nosystem which are undocumented)

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: add a first simple wildcard test
Aurélien Aptel [Tue, 2 Jul 2013 21:22:24 +0000 (23:22 +0200)]
test_smbclient_tarmode.pl: add a first simple wildcard test

* File::list() now takes an absolute path
* check_remote() now takes the dir to check
* added an optional File destructor
* added cleanpath() to remove unecessary slashes
* File::new_remote() can take an absolute path
* File->{dir} is now absolute from the localpath

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
8 years agotest_smbclient_tarmode.pl: add a clean option to erase the local path
Aurélien Aptel [Tue, 2 Jul 2013 21:20:53 +0000 (23:20 +0200)]
test_smbclient_tarmode.pl: add a clean option to erase the local path

Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>