Andrew Bartlett [Mon, 27 Jul 2009 12:04:26 +0000 (22:04 +1000)]
s4:kerberos Add 'net export keytab' command for wireshark decryption
It is much easier to do decryption with wireshark when the keytab is
available for every host in the domain. Running 'net export keytab
<keytab name>' will export the current (as pointed to by the supplied
smb.conf) local Samba4 doamin.
(This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4,
and so has a good chance of keeping working in the long term).
Andrew Bartlett
Jeremy Allison [Mon, 27 Jul 2009 19:09:40 +0000 (12:09 -0700)]
Fix the build breakage by #including modules/vfs_acl_common.c
into acl_tdb and acl_xattr. Duplicates the code size, but keeps
the code in common so I don't have to do bug fixes in two places
(which is what I really cared about).
Jeremy.
Kai Blin [Mon, 27 Jul 2009 15:37:22 +0000 (17:37 +0200)]
s3: net ads user info should print primary group as well (bug #2658)
Thanks to Pavel V. Rochnyack <rpv@muma.tusur.ru> for reporting this and
offering an initial patch.
Shirish Pargaonkar [Mon, 27 Jul 2009 16:02:35 +0000 (12:02 -0400)]
umount.cifs: do not attempt to update /etc/mtab if it is symbolic link
If /etc/mtab is a symbolic link to e.g. /proc/mounts, do not update it.
This is a fix for a bug reported in 4675 on samba bugzilla
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
Stefan Metzmacher [Mon, 27 Jul 2009 14:03:03 +0000 (16:03 +0200)]
frstrans.idl: add definition of frstrans_InitializeFileTransferAsync()
metze
Stefan Metzmacher [Mon, 27 Jul 2009 14:02:09 +0000 (16:02 +0200)]
frstrans.idl: add definition of frstrans_AsyncPoll()
metze
Stefan Metzmacher [Mon, 27 Jul 2009 14:01:11 +0000 (16:01 +0200)]
frstrans.idl: add definition of frstrans_RequestVersionVector()
metze
Stefan Metzmacher [Mon, 27 Jul 2009 14:00:00 +0000 (16:00 +0200)]
frstrans.idl: add definition of frstrans_RequestUpdates()
metze
Stefan Metzmacher [Mon, 27 Jul 2009 13:57:32 +0000 (15:57 +0200)]
frstrans.idl: add definition of frstrans_EstablishSession
metze
Stefan Metzmacher [Mon, 27 Jul 2009 13:56:13 +0000 (15:56 +0200)]
frstrans.idl: add definition of frstrans_EstablishConnection()
metze
Stefan Metzmacher [Mon, 27 Jul 2009 13:55:37 +0000 (15:55 +0200)]
frstrans.idl: add definition of frstrans_CheckConnectivity()
metze
Stefan Metzmacher [Mon, 27 Jul 2009 15:35:54 +0000 (17:35 +0200)]
librpc: rerun "make idl_full"
metze
Stefan Metzmacher [Mon, 27 Jul 2009 15:34:37 +0000 (17:34 +0200)]
pidl: allow foo being on the wire after [length_is(foo)] uint8 *buffer
metze
Stefan Metzmacher [Mon, 27 Jul 2009 13:52:16 +0000 (15:52 +0200)]
pidl: add support for [string] on fixed size arrays.
midl also supports this:
struct {
long l1;
[string] wchar_t str[16];
long l2;
};
Where the wire size of str is encoded like a length_is() header:
4-byte offset == 0;
4-byte array length;
The strings are zero terminated.
metze
Stefan Metzmacher [Mon, 27 Jul 2009 15:25:12 +0000 (17:25 +0200)]
Revert "s4:kerberos Add 'net export keytab' command for wireshark decryption"
This reverts commit
a40ce5d0d9d06f592a8885162bbaf644006b9f0f.
This breaks the build...
Andrew, please repush it, when it's fixed:-)
metze
Volker Lendecke [Mon, 27 Jul 2009 12:28:52 +0000 (14:28 +0200)]
Lift the event loop in rpc_api_pipe_req() one level into cli_do_rpc_ndr
Volker Lendecke [Mon, 27 Jul 2009 12:47:41 +0000 (14:47 +0200)]
Fix a valgrind error in chain_reply
construct_reply() references the request after chain_reply has freed it.
Volker Lendecke [Sun, 26 Jul 2009 18:56:58 +0000 (20:56 +0200)]
Fix a typo
Volker Lendecke [Sun, 26 Jul 2009 18:20:50 +0000 (20:20 +0200)]
Fix a valgrind error in winbind
When looking for idle clients, we dereferenced state->response. As this is
dynamically allocated now, the proper test is whether state->response exists at
all. This is the case when an async operation is in process at that moment.
Andrew Bartlett [Mon, 27 Jul 2009 12:39:10 +0000 (22:39 +1000)]
s4:kerberos Add test to show that we actually export the keytab
While it is hard to prove it is correct, at least the new
'nettestuser' principal and the Administrator principal are correct.
We had to fix the case of 'Administrator' in the selftest code to
match the DB, as the keytab lookup is case sensitive.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Jul 2009 12:04:26 +0000 (22:04 +1000)]
s4:kerberos Add 'net export keytab' command for wireshark decryption
It is much easier to do decryption with wireshark when the keytab is
available for every host in the domain. Running 'net export keytab
<keytab name>' will export the current (as pointed to by the supplied
smb.conf) local Samba4 doamin.
(This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4,
and so has a good chance of keeping working in the long term).
Andrew Bartlett
Andrew Bartlett [Mon, 27 Jul 2009 06:09:25 +0000 (16:09 +1000)]
s4:kdc Push context to hdb_samba4 by way of the 'name' of the DB
This overloads the 'name' part of the keytab name to supply a context
pointer, and so avoids 3 global variables!
To do this, we had to stop putting the entry for kpasswd into the
secrets.ldb. (I don't consider this a big loss, and any entry left
there by an upgrade will be harmless).
Andrew Bartlett
Andrew Bartlett [Mon, 27 Jul 2009 06:07:04 +0000 (16:07 +1000)]
s4:setup add 'cn' attribute to Samba4 local schema
(We recently made the ms_schema.py script also add this attribute)
Andrew Bartlett [Mon, 27 Jul 2009 03:50:50 +0000 (13:50 +1000)]
s4:heimdal Extend the 'hdb as a keytab' code
This extends the hdb_keytab code to allow enumeration of all the keys.
The plan is to allow ktutil's copy command to copy from Samba4's
hdb_samba4 into a file-based keytab used in wireshark.
One day, with a few more hacks, we might even make this a loadable
module that can be used directly...
Andrew Bartlett
Andrew Bartlett [Mon, 27 Jul 2009 03:48:45 +0000 (13:48 +1000)]
s4:kdc Tidy up hdb_samba4 some more
This removes the last use of the prefix hdb_ldb and makes it clear
that we pass in 3 global variables to get state information into
hdb_samba4 when used as a keytab. (And that they belong to
hdb_samba4, not to the KDC)
Andrew Bartlett
Michael Adam [Mon, 27 Jul 2009 11:33:38 +0000 (13:33 +0200)]
docs: fix typos in the net man page.
Noted by Oota Toshiya <t-oota@dh.jp.nec.com> .
Michael
Volker Lendecke [Sun, 26 Jul 2009 21:20:54 +0000 (17:20 -0400)]
Fix some nonempty blank lines
Volker Lendecke [Mon, 27 Jul 2009 10:36:31 +0000 (12:36 +0200)]
Fix a valgrind error in cli_ctemp_done
For performance reasons cli_smb_recv does not make copies of the buffers we
received from the client, so both "vwv" and "bytes" vanish with
TALLOC_FREE(subreq). I know this is a bit counter-intuitive, but I think in
this case it's justified not to make copies.
Comments?
Volker Lendecke [Sun, 26 Jul 2009 20:04:59 +0000 (22:04 +0200)]
Fix valgrind errors in DeleteDomainGroup and DeleteDomAlias
Volker Lendecke [Sun, 26 Jul 2009 13:38:10 +0000 (15:38 +0200)]
Fix a valgrind error in _samr_DeleteUser
The close_handle invalidates uinfo
Volker Lendecke [Sat, 25 Jul 2009 17:21:57 +0000 (13:21 -0400)]
Fix a 32/64bit stack corruption bug
Volker Lendecke [Sat, 25 Jul 2009 17:11:08 +0000 (13:11 -0400)]
Cleanup patch after "new VFS"
Volker Lendecke [Sat, 25 Jul 2009 17:10:55 +0000 (13:10 -0400)]
Cleanup patch after "struct stat_ex"
Volker Lendecke [Sat, 25 Jul 2009 16:57:46 +0000 (12:57 -0400)]
Remove a pointless static fstring
Volker Lendecke [Sat, 25 Jul 2009 16:56:06 +0000 (12:56 -0400)]
No explicit initialization necessary for a zero blob
Volker Lendecke [Fri, 24 Jul 2009 23:47:39 +0000 (19:47 -0400)]
Move 16 bytes from data to r/o text segment
Volker Lendecke [Fri, 24 Jul 2009 23:03:45 +0000 (19:03 -0400)]
Fix a winbind memleak
Volker Lendecke [Fri, 24 Jul 2009 18:58:36 +0000 (14:58 -0400)]
Use a switch statement in charset_name()
Volker Lendecke [Fri, 24 Jul 2009 17:28:48 +0000 (13:28 -0400)]
Fix some nonempty blank lines
Volker Lendecke [Sat, 25 Jul 2009 16:33:11 +0000 (12:33 -0400)]
First patch for "new VFS" portability
Tim Prouty [Sat, 25 Jul 2009 01:38:40 +0000 (18:38 -0700)]
s3: Convert a few callers of unix_convert() over to filename_convert()
This patch also changes the unix convert flags to make sure the
correct semantics are preservered for allowing/disallowing wildcards
in the last component of the path.
Tim Prouty [Fri, 24 Jul 2009 23:05:44 +0000 (16:05 -0700)]
s3: Remove a few callers of get_full_smb_filename()
Tim Prouty [Sat, 25 Jul 2009 00:09:42 +0000 (17:09 -0700)]
s3 onefs: Fix the onefs modules after the big refactoring
Jeremy Allison [Sat, 25 Jul 2009 00:06:41 +0000 (17:06 -0700)]
Factor out common code into vfs_acl_common.c.
Jeremy.
Tim Prouty [Fri, 24 Jul 2009 18:39:56 +0000 (11:39 -0700)]
s3: Simplify rename_internals() by passing in smb_filename structs
Tim Prouty [Fri, 24 Jul 2009 19:13:07 +0000 (12:13 -0700)]
s3: Allow filename_convert() to pass through unix_convert_flags and let the caller know if the path has a wildcard
This also eliminates the need for resolve_dfspath().
Jeremy Allison [Fri, 24 Jul 2009 21:47:52 +0000 (14:47 -0700)]
Make acl_tdb match acl_xattr. Large duplication of
code here needs tidying up. Compiles but not yet tested.
Jeremy.
Jeremy Allison [Fri, 24 Jul 2009 21:13:42 +0000 (14:13 -0700)]
For some strange reason using :
uint8 hash[XATTR_SD_HASH_SIZE];
doesn't have the same effect as :
uint8 hash[64];
Jeremy.
Jeremy Allison [Fri, 24 Jul 2009 21:09:42 +0000 (14:09 -0700)]
Fix hash function in acl_xattr to be SHA256, make
the hash function selectable. Upgrade version.
Compiles but not fully tested yet (coming). Make
vfs_acl_tdb.c compile - this needs updating to
match acl_xattr (also coming soon).
Jeremy.
Volker Lendecke [Fri, 24 Jul 2009 17:21:45 +0000 (13:21 -0400)]
add my copyright after the VFS rewrite
Volker Lendecke [Fri, 24 Jul 2009 14:43:02 +0000 (10:43 -0400)]
Move the "enum _vfs_op_type" to full_audit
It's only used there now. Someone should now go in and simplify full_audit...
:-)
Volker Lendecke [Fri, 24 Jul 2009 00:28:58 +0000 (20:28 -0400)]
Make the smbd VFS typesafe
Volker Lendecke [Sun, 19 Jul 2009 18:53:11 +0000 (14:53 -0400)]
Fix the chain2 test
Volker Lendecke [Sun, 19 Jul 2009 18:52:07 +0000 (14:52 -0400)]
In chain_reply, copy the subrequests' error to the main request
Volker Lendecke [Fri, 24 Jul 2009 14:21:07 +0000 (10:21 -0400)]
Fix a few uninitialized variable warnings
I know those warnings are bogus, but both Coverity and gcc don't get it.
Stefan Metzmacher [Fri, 24 Jul 2009 07:37:12 +0000 (09:37 +0200)]
s4:gensec_gssapi: pass the correct oid to the gssapi layer.
metze
Stefan Metzmacher [Fri, 24 Jul 2009 07:33:06 +0000 (09:33 +0200)]
s4:gensec/spengo: make sure we send the blob with the micListMech signature to the peer
We should even do this if the submech has no more data to send.
metze
Volker Lendecke [Sun, 19 Jul 2009 01:29:15 +0000 (21:29 -0400)]
Some more VFS type errors
Volker Lendecke [Sat, 18 Jul 2009 16:27:28 +0000 (18:27 +0200)]
Fix some nonempty blank lines
Volker Lendecke [Sun, 19 Jul 2009 01:28:54 +0000 (21:28 -0400)]
Fix some C++ warnings
Stefan Metzmacher [Thu, 23 Jul 2009 15:54:02 +0000 (17:54 +0200)]
s4:ldb: add support for the new Recycle Bin Feature LDAP controls
LDB_CONTROL_SHOW_RECYCLED_OID 1.2.840.113556.1.4.2064
LDB_CONTROL_SHOW_DEACTIVATED_LINK_OID 1.2.840.113556.1.4.2065
metze
Stefan Metzmacher [Thu, 23 Jul 2009 15:52:23 +0000 (17:52 +0200)]
s4:libcli/ldap: add support for new Recycle Bin Feature LDAP Controls
LDAP_SERVER_SHOW_RECYCLED_OID 1.2.840.113556.1.4.2064
LDAP_SERVER_SHOW_DEACTIVATED_LINK_OID 1.2.840.113556.1.4.2065
metze
Stefan Metzmacher [Thu, 23 Jul 2009 11:02:56 +0000 (13:02 +0200)]
frsrpc.idl: add definition of frsrpc_FrsNOP()
metze
Stefan Metzmacher [Thu, 23 Jul 2009 11:01:42 +0000 (13:01 +0200)]
frsrpc.idl: add idl for frsrpc_FrsVerifyPromotionParent()
metze
John H Terpstra [Thu, 23 Jul 2009 14:50:04 +0000 (09:50 -0500)]
Fix typos reported by OPC Oota.
John H Terpstra [Thu, 23 Jul 2009 14:33:06 +0000 (09:33 -0500)]
Merge branch 'master' of ssh://jht@git.samba.org/data/git/samba
Matthias Dieter Wallnöfer [Wed, 22 Jul 2009 18:15:58 +0000 (20:15 +0200)]
[SAMBA 4 / NETLOGON] Modify type of SAM contexts
In the SAMBA 4 DCE/RPC NETLOGON server the SAM context references have generally
the type "void *". But we know that those context objects are based on the "struct
ldb_context" type. We've always to cast for using a SAM/LDB call.
This I didn't find very appealing and so I assigned the right (detailed) type to each "sam_ctx".
Therefore, the casts could disappear.
Also this change is only cosmetic.
Stefan Metzmacher [Wed, 22 Jul 2009 08:55:39 +0000 (10:55 +0200)]
frstrans.idl: add new DFS-R FrsTransport interface with dummy functions
metze
Stefan Metzmacher [Wed, 22 Jul 2009 13:48:32 +0000 (15:48 +0200)]
frsrpc.idl: add definition for frsrpc_FrsStartPromotionParent()
metze
Tim Prouty [Wed, 22 Jul 2009 16:52:09 +0000 (09:52 -0700)]
s3: Change unix_convert to use an smb_filename struct internally
This allows SMB_VFS_[L]STAT to be called directly. Additionally, I
changed NTSTATUS result to be named status for consistency.
I also removed the stat_cache_add() from build_stream_path() because
stat_cache_lookup() is never actually called on a file with a stream.
There is no reason why the stat cache couldn't be consulted for
streams in the future.
Jeremy/Volker, please take a look at this one when you get a chance.
Tim Prouty [Tue, 21 Jul 2009 22:55:25 +0000 (15:55 -0700)]
s3: Convert some callers of vfs_lstat_smb_fname to SMB_VFS_LSTAT()
Tim Prouty [Tue, 21 Jul 2009 20:57:56 +0000 (13:57 -0700)]
s3: Convert some callers of vfs_stat_smb_fname to SMB_VFS_STAT()
Stefan Metzmacher [Wed, 22 Jul 2009 09:05:21 +0000 (11:05 +0200)]
librpc: fix the merged build of ndr_frsrpc.c
metze
Kai Blin [Sun, 5 Jul 2009 07:21:07 +0000 (09:21 +0200)]
Revert "net: Use samba default command line arguments."
This reverts commit
fb262f79fab00374023e59476e8d05a1015a7041
and related commits
c36031778e1983ddb11d3e1fcab35e738dbf94bc
72fd5fa6bb78a054fad5e5ebe19a0c0387a7d45b and
38cd0e086f50ce54d88a19aa5a6803469af90489
This change caused more trouble than it solved. We need to do this differently.
Reverting so we don't accidently release this.
Andrew Bartlett [Wed, 22 Jul 2009 08:04:58 +0000 (18:04 +1000)]
s4:provision Fix provision on FreeBSD
We were missing the 'cn' attribute, which we then prepare a sorted
list based on. On Linux, strcmp(NULL, NULL) does not segfault, where
it does on FreeBSD.
Reported by Timur I. Bakeyev <timur@com.bat.ru>
Andrew Bartlett
Tim Prouty [Tue, 21 Jul 2009 18:37:51 +0000 (11:37 -0700)]
s3: plumb smb_filename through some of the trans2 posix_* functions
Tim Prouty [Tue, 21 Jul 2009 18:35:17 +0000 (11:35 -0700)]
s3: Remove unnecessary callers of get_full_smb_filename
This often times means explicitly denying certain operations on a stream
as they are not supported or don't make sense at a particular level. At
some point in the future these can be enabled, but for now it's better to
remove ambiguity
Tim Prouty [Tue, 21 Jul 2009 17:28:28 +0000 (10:28 -0700)]
s3: Remove the now unused fname parameter from filename_convert()
Tim Prouty [Tue, 21 Jul 2009 17:19:00 +0000 (10:19 -0700)]
s3: Fix RENAME_FLAG_RENAME path to stop calling unix_convert twice
Tim Prouty [Tue, 21 Jul 2009 17:18:10 +0000 (10:18 -0700)]
s3: Remove unnecessary fname argument from callers of filename_convert
Tim Prouty [Tue, 21 Jul 2009 16:29:59 +0000 (09:29 -0700)]
s3: Plumb smb_filename through map_open_params_to_ntcreate
Stefan Metzmacher [Tue, 21 Jul 2009 14:48:06 +0000 (16:48 +0200)]
frsrpc.idl: make the chunk array in frsrpc_CommPktChunkCtr dynamic
We add an extra num_chunks to the frsrpc_CommPktChunkCtr structure
and use hand modified ndr_push/pull functions to let it not appear
on the wire.
metze
Stefan Metzmacher [Tue, 21 Jul 2009 14:05:44 +0000 (16:05 +0200)]
frsrpc.idl: almost complete the idl for the frsrpc_FrsSendCommPkt() function
TODO: The amount of chunks is dynamic, we need to fix that
metze
Stefan Metzmacher [Tue, 21 Jul 2009 14:04:35 +0000 (16:04 +0200)]
frsapi.idl: fill the frsapi_WriterCommand() function
metze
Stefan Metzmacher [Tue, 21 Jul 2009 14:04:07 +0000 (16:04 +0200)]
frsapi.idl: fix some unknown field names
metze
Christian Ambach [Tue, 21 Jul 2009 11:56:17 +0000 (13:56 +0200)]
do not log chdir with level 0 if reason is access denied
this changes the level of logs caused by users trying to access shares
or subdirectories for which they do not have access to in the ACL
this can fill up the samba log even with log level 0 and is more an
expected kind of logs that IMHO should not be logged with such a high
level.
All other errors while chdir() will still be logged with level 0
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
Michael Adam [Tue, 21 Jul 2009 10:35:48 +0000 (12:35 +0200)]
s3:dbwrap: use the transaction wrapper in dbwrap_trans_store().
Now dbwrap_util.c contains only one call to each of
transaction_start, transaction_commit and transaction_cancel.
Michael
Michael Adam [Tue, 21 Jul 2009 10:26:14 +0000 (12:26 +0200)]
s3:dbwrap: use the transaction wrapper in dbwrap_trans_delete().
Michael
Rusty Russell [Tue, 21 Jul 2009 06:53:35 +0000 (16:23 +0930)]
tdb: fix locking error
54a51839ea65aa788b18fce8de0ae4f9ba63e4e7 "Make tdb transaction lock
recursive (samba version)" was broken: I "cleaned it up" and prevented
it from ever unlocking.
To see the problem:
$ bin/tdbtorture -s
1248142523
tdb_brlock failed (fd=3) at offset 8 rw_type=1 lck_type=14 len=1
tdb_transaction_lock: failed to get transaction lock
tdb_transaction_start failed: Resource deadlock avoided
My testcase relied on the *count* being correct, which it was. Fixing that
now.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Michael Adam <obnox@samba.org>
Tim Prouty [Mon, 20 Jul 2009 21:32:32 +0000 (14:32 -0700)]
s3: Add some asserts to the filename util functions
In the smb_filename struct stream_name must equal NULL if there
is no stream name. These asserts should catch any future offenders
of this invariant early.
Tim Prouty [Fri, 10 Jul 2009 22:43:21 +0000 (15:43 -0700)]
s3: Plumb smb_filename through open_fake_file
Tim Prouty [Fri, 10 Jul 2009 22:35:08 +0000 (15:35 -0700)]
s3: Separate out a new file: filename_utils.c
This is to ease the linking pain of everything that links LOCKING_OBJ
Tim Prouty [Fri, 10 Jul 2009 22:10:35 +0000 (15:10 -0700)]
s3: Move is_ntfs_stream*() to filename.c
Tim Prouty [Sat, 11 Jul 2009 01:11:32 +0000 (18:11 -0700)]
s3: Finish plumbing the fsp->fsp_name smb_fname conversion through the modules.
Tim Prouty [Fri, 10 Jul 2009 21:50:37 +0000 (14:50 -0700)]
s3: Change fsp->fsp_name to be an smb_filename struct!
Tim Prouty [Fri, 10 Jul 2009 18:50:30 +0000 (11:50 -0700)]
s3 onefs oplocks: Replace static fstring with talloc'd dbg_ctx()
Tim Prouty [Fri, 10 Jul 2009 17:38:56 +0000 (10:38 -0700)]
s3: Change file_structs to be allocated with talloc instead of malloc
Tim Prouty [Mon, 20 Jul 2009 22:37:18 +0000 (15:37 -0700)]
lib util: Fix const warning
Jeremy Allison [Mon, 20 Jul 2009 22:15:08 +0000 (15:15 -0700)]
Make cli_send_mailslot() static. Preparing to do away with unexpected.tdb....
Jeremy.
Rusty Russell [Sat, 18 Jul 2009 05:58:58 +0000 (15:28 +0930)]
Make tdb transaction lock recursive (samba version)
This patch replaces
6ed27edbcd3ba1893636a8072c8d7a621437daf7 and
1a416ff13ca7786f2e8d24c66addf00883e9cb12, which fixed the bug where traversals
inside transactions would release the transaction lock early.
This solution is more general, and solves the more minor symptom that nested
traversals would also release the transaction lock early. (It was also suggestd in
Volker's comment in
6ed27ed).
This patch also applies to ctdb, if the traverse.c part is removed (ctdb's tdb
code never received the previous two fixes).
Tested using the testsuite from ccan (adapted to the samba code). Thanks to
Michael Adam for feedback.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Michael Adam <obnox@samba.org>