Volker Lendecke [Mon, 9 Jul 2012 15:17:25 +0000 (17:17 +0200)]
s3-vfs: Add pwrite_send/recv to vfs modules
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 9 Jul 2012 15:17:25 +0000 (17:17 +0200)]
s3-vfs: Add pread_send/recv to vfs modules
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 9 Jul 2012 09:10:30 +0000 (11:10 +0200)]
s3: Convert aio_linux to pread/pwrite_send/recv
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 9 Jul 2012 09:10:30 +0000 (11:10 +0200)]
s3: Convert aio_fork to pread/pwrite_send/recv
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 9 Jul 2012 07:00:55 +0000 (09:00 +0200)]
s3-aio_fork: Convert get_idle_child from NTSTATUS to errno
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 9 Jul 2012 07:00:55 +0000 (09:00 +0200)]
s3-aio_fork: Convert create_aio_child from NTSTATUS to errno
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Jul 2012 13:33:47 +0000 (15:33 +0200)]
s3: Add vfs_aio_posix
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Jul 2012 13:05:02 +0000 (15:05 +0200)]
s3: Make smbd/aio.c not depend on aio.h anymore
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Jul 2012 11:19:20 +0000 (13:19 +0200)]
s3:vfs_aio_pthread: Convert to libasys
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Jul 2012 07:38:33 +0000 (09:38 +0200)]
s3: Remove the unused completion handling from aio.c
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Jul 2012 07:37:57 +0000 (09:37 +0200)]
s3: Properly handle shutdown with the _send/_recv based aio
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 2 Jul 2012 10:46:03 +0000 (12:46 +0200)]
s3: Use SMB_VFS_PWRITE_SEND in schedule_smb2_aio_write
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 2 Jul 2012 10:46:03 +0000 (12:46 +0200)]
s3: Use SMB_VFS_PREAD_SEND in schedule_smb2_aio_read
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 2 Jul 2012 10:46:03 +0000 (12:46 +0200)]
s3: Use SMB_VFS_PWRITE_SEND in schedule_aio_write_and_X
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 2 Jul 2012 10:46:03 +0000 (12:46 +0200)]
s3: Use SMB_VFS_PREAD_SEND in schedule_aio_read_and_X
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 26 Jun 2012 12:30:59 +0000 (14:30 +0200)]
s3-vfs: async pread
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 26 Jun 2012 12:30:59 +0000 (14:30 +0200)]
s3-vfs: async pwrite
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 21 Jun 2012 10:51:12 +0000 (12:51 +0200)]
libasys
Signed-off-by: Jeremy Allison <jra@samba.org>
Alexander Werth [Wed, 25 Apr 2012 13:10:54 +0000 (15:10 +0200)]
s3:Really ignore unknown special ids in NFSv4 ACLs.
Signed-off-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Wed Jul 18 17:45:05 CEST 2012 on sn-devel-104
Christian Ambach [Mon, 16 Jul 2012 15:09:24 +0000 (17:09 +0200)]
docs-xml: document smbstatus --notify
Christian Ambach [Mon, 16 Jul 2012 15:06:11 +0000 (17:06 +0200)]
docs-xml: document smbstatus --fast
Christian Ambach [Fri, 13 Jul 2012 15:24:02 +0000 (17:24 +0200)]
s3:smbstatus add --fast option
this option skips all checks if the process for the record is still there
using it gives a huge performance benefit on busy systems and clusters while
it might display stale data if a smbd crashed
Christian Ambach [Fri, 13 Jul 2012 15:10:05 +0000 (17:10 +0200)]
s3:smbstatus don't check if process exists twice
is_valid_share_mode_entry() already calls serverid_exists which calls process_exists()
Christian Ambach [Fri, 13 Jul 2012 15:14:09 +0000 (17:14 +0200)]
s3:smbstatus rename a function to make its purpose more clear
traverse_fn1 does not really intuitively make clear that it is used to traverse connections
Christian Ambach [Fri, 13 Jul 2012 15:32:19 +0000 (17:32 +0200)]
s3:smbstatus fix a compiler warning
about comparison of signed with unsigned
Andrew Bartlett [Wed, 18 Jul 2012 05:28:50 +0000 (15:28 +1000)]
s4-lib/tls: Try socket_send() multiple times to send partial packets
This works around an artificial limitation in socket_wrapper that breaks
some versions of GnuTLS when we return a short write.
Instead, keep pushing until the OS will not take it.
The correct solution will be to use tls_tstream, but the client code
for this is not yet tested and needs the ldap client layer changed
to use it.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 18 11:23:55 CEST 2012 on sn-devel-104
Andrew Bartlett [Mon, 9 Jul 2012 04:37:28 +0000 (14:37 +1000)]
s4-librpc: Ensure we do not call call the decrpc timeout handler during gensec_update()
This avoids a situation where we could destroy pointers on the stack due to
a nested event loop.
This is certainly not a final, generic solution, but it is a minimal change
while we work to make gensec and gensec_gssapi async.
Andrew Bartlett
Andrew Bartlett [Tue, 17 Jul 2012 01:10:41 +0000 (11:10 +1000)]
s4-dbcheck: Check for and correct incorrect instanceType values
Andrew Bartlett [Wed, 18 Jul 2012 07:13:30 +0000 (17:13 +1000)]
dsdb: Allocate new OID to allow updates of a read-only replica
Normally this would be a very bad idea, but the specific case of fixing the instanceType
is the only case where this makes sense.
Andrew Bartlett
Andrew Bartlett [Tue, 17 Jul 2012 01:10:12 +0000 (11:10 +1000)]
s4-dsdb: Allow dbcheck to correct an incorrect instanceType
Andrew Bartlett [Tue, 17 Jul 2012 05:48:15 +0000 (15:48 +1000)]
s4-dsdb: Ensure we never write read-only objects onto a read-write replica
We should prevent this much further up the stack, but at least add a choke
at this point for now.
Additionally, this avoids administrator-forced replications causing
considerable damange to the directory.
Andrew Bartlett
Rusty Russell [Wed, 18 Jul 2012 05:37:28 +0000 (15:07 +0930)]
source4/torture: add talloc_stackframe()
We need a stackframe to call lp_load().
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Wed Jul 18 09:31:07 CEST 2012 on sn-devel-104
Rusty Russell [Wed, 18 Jul 2012 05:37:28 +0000 (15:07 +0930)]
source3/netapi: fix only caller which doesn't set up a talloc_stackframe()
libnetapi_free() needs a stackframe too; looked like Andrew and Günther
missed this in
a37de9a95974c138d264d9cb0c7829bb426bb2d6.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 18 Jul 2012 05:37:28 +0000 (15:07 +0930)]
source3/passdb/py_passdb.c: wrap all calls in talloc_stackframe()
dbwrap needs it. Some calls were already wrapped, but they checked the
talloc_stackframe() return unnecessarily: it can never be NULL.
This is the coccinelle patch I used:
// Add in a stackframe to every function: be sure to free it on (every) return
@rule0@
identifier func;
@@
func(...) {
+TALLOC_CTX *frame = talloc_stackframe();
<...
+talloc_free(frame);
return ...;
...>
}
// Get rid of tframe allocation/frees, replace usage with frame.
@rule1@
identifier func;
identifier oldframe;
@@
func(...) {
...
-TALLOC_CTX *oldframe;
...
-if ((oldframe = talloc_stackframe()) == NULL) {
- ...
-}
<...
-talloc_free(oldframe);
...>
}
// Get rid of tframe (variant 2)
@rule2@
identifier func;
identifier oldframe;
@@
func(...) {
...
-TALLOC_CTX *oldframe;
...
-oldframe = talloc_stackframe();
-if (oldframe == NULL) {
- ...
-}
<...
-talloc_free(oldframe);
...>
}
// Change tframe to frame
@rule3@
identifier func;
@@
func(...) {
<...
-tframe
+frame
...>
}
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 18 Jul 2012 05:37:28 +0000 (15:07 +0930)]
source3/passdb/py_passdb.c: don't steal from talloc_stackframe().
If you want a stack-style allocation, use talloc_stackframe(). If you
don't, don't use it. In particular, talloc_stackframe() here is actually
inside a pool, and stealing from pools is a bad idea.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 18 Jul 2012 05:37:28 +0000 (15:07 +0930)]
source3/torture/pdbtest: allocate talloc_stackframe()
Avoid talloc_tos() without a stackframe.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 18 Jul 2012 05:37:27 +0000 (15:07 +0930)]
talloc_stack: abort in developer me if no stackframe on talloc_tos()
Don't tolerate leaks in developer mode.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 18 Jul 2012 05:37:23 +0000 (15:07 +0930)]
loadparm: make the source3/ lp_ functions take an explicit TALLOC_CTX *.
They use talloc_tos() internally: hoist that up to the callers, some
of whom don't want to us talloc_tos().
A simple patch, but hits a lot of files.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 17 Jul 2012 19:39:31 +0000 (05:09 +0930)]
source3/utils/net_conf.c: fix stackframe leak
net_conf_wrap_function() doesn't free its stackframe.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 17 Jul 2012 19:38:31 +0000 (05:08 +0930)]
source3/winbindd/winbindd_pam.c: fix stackframe leak
check_info3_in_group() doesn't always free its stackframe.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 17 Jul 2012 19:37:31 +0000 (05:07 +0930)]
source3/lib/smbconf/testsuite.c: fix stackframe leak
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 17 Jul 2012 19:36:31 +0000 (05:06 +0930)]
source3/registry/reg_backend_db.c: fix stackframe leak
regdb_store_values_internal() doesn't always free its stackframe.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 17 Jul 2012 19:35:31 +0000 (05:05 +0930)]
source3/winbindd/idmap_tdb_common.c: fix stackframe leak
idmap_tdb_common_sid_to_unixid() doesn't always free its stackframe.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 17 Jul 2012 19:34:31 +0000 (05:04 +0930)]
source3/rpc_server/svcctl/srv_svcctl_reg.c: fix stackframe leak
svcctl_init_winreg() doesn't free its stackframe.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 17 Jul 2012 19:33:31 +0000 (05:03 +0930)]
source3/modules/vfs_xattr_tdb.c: fix stackframe leak
xattr_tdb_getxattr() doesn't free its stackframe.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 17 Jul 2012 19:32:31 +0000 (05:02 +0930)]
lib/util/modules.c: fix stackframe leak.
do_smb_load_module() doesn't free its stackframe on success.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 17 Jul 2012 19:31:31 +0000 (05:01 +0930)]
source3/winbindd/winbindd_util.c: fix stackframe leak
winbindd_can_contact_domain() doesn't always free its stackframe.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 17 Jul 2012 19:30:31 +0000 (05:00 +0930)]
nt_printing_tdb_migrate(): fix stackframe leak.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 17 Jul 2012 19:29:31 +0000 (04:59 +0930)]
source3/client/client.c: fix stackframe leak.
do_message_op() doesn't free its stackframe in various paths.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 17 Jul 2012 19:28:31 +0000 (04:58 +0930)]
smbpasswd: always free frame.
We're about to exit, so it doesn't really matter, but might as well
unify the paths.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 17 Jul 2012 19:27:31 +0000 (04:57 +0930)]
talloc_stack: report lazy freeing (panic if DEVELOPER).
talloc_stackframe() stacks, so if you forget to free one, the outer
one will free it. However, it's not a good idea to rely too heavily
on this behaviour: it can lead to delays in the release of memory or
destructors.
I had an elaborate hack to make sure every talloc_stackframe() was
freed in the exact same function it was allocated, however all bugs it
caught were simply lazy freeing, so this patch just checks for that.
This doesn't check for stackframes we don't free up on exit: that would
be nice, but uncovers some uncomfortable (but probably harmless) cases.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 17 Jul 2012 19:26:31 +0000 (04:56 +0930)]
talloc_stack: always include the location when creating a talloc_stackframe().
Much better for debugging.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 17 Jul 2012 19:25:31 +0000 (04:55 +0930)]
talloc_stack: handle more than one talloc_stackframe_pool()
The only reason we make one stackframe parent of the next is so we use
our parent's pool. That doesn't make sense if we're a new pool, and
wouldn't work anyway.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 17 Jul 2012 19:24:31 +0000 (04:54 +0930)]
talloc: don't allow a talloc_pool inside a talloc_pool.
We explicitly call free() on a pool which falls to zero, assuming it's
not inside another pool (we crash). Check on creation and explicitly
document this case.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Tue, 17 Jul 2012 19:23:31 +0000 (04:53 +0930)]
talloc: use a struct for pool headers.
This neatens the code a bit (we should do a similar thing for all the
TALLOC_CHUNK macros).
Two subtler changes:
(1) As a result of the struct, we actually pack object_count into the
talloc header on 32-bit platforms (since the header is 40 bytes, but
needs to be 16-byte aligned).
(2) I avoid VALGRIND_MAKE_MEM_UNDEFINED on memmove when we resize the
only entry in a pool; that's done later anyway.
With -O2 on my 11.04 Ubuntu 32-bit x86 laptop, the talloc_pool speed as
measured by testsuite.c actually increases 10%.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Volker Lendecke [Tue, 17 Jul 2012 15:26:42 +0000 (17:26 +0200)]
s3-linux-aio: Fix error handling
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 17 21:22:31 CEST 2012 on sn-devel-104
Jeremy Allison [Tue, 17 Jul 2012 17:04:03 +0000 (10:04 -0700)]
Add debug message when SD hash doesn't match.
Günther Deschner [Wed, 27 Jun 2012 16:17:34 +0000 (18:17 +0200)]
s3-autoconf: Fix the build.
Guenther
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul 17 16:17:06 CEST 2012 on sn-devel-104
Andreas Schneider [Tue, 10 Jan 2012 15:45:13 +0000 (16:45 +0100)]
Enable AES in winbind.
Signed-off-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Tue, 10 Jan 2012 15:38:16 +0000 (16:38 +0100)]
s3-rpc_client: Fix updating netlogon credentials.
Signed-off-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Mon, 2 Jan 2012 17:54:47 +0000 (18:54 +0100)]
s3-rpc_client: Add capabilities check for AES encrypted connections.
Signed-off-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Tue, 17 Jul 2012 08:50:48 +0000 (10:50 +0200)]
s4-auth: Make sure we use the correct credential state.
If we create a copy of the credential state we miss updates to the
credentials.
To establish a netlogon schannel connection we create client credentials
and authenticate with them using
dcerpc_netr_ServerAuthenticate2()
For this we call netlogon_creds_client_authenticator() which increases
the sequence number and steps the credentials. Lets assume the sequence
number is 1002.
After a successful authentication we get the server credentials and we
send bind a auth request with the received creds. This sets up gensec
and the gensec schannel module created a copy of the client creds and
stores it in the schannel auth state. So the creds stored in gensec have
the sequence number 1002.
After that we continue and need the client credentials to call
dcerpc_netr_LogonGetCapabilities()
to verify the connection. So we need to increase the sequence number of
the credentials to 1004 and step the credentials to the next state. The
server always does the same and everything is just fine here.
The connection is established and we want to do another netlogon call.
So we get the creds from gensec and want to do a netlogon call e.g.
dcerpc_netr_SamLogonWithFlags.
We get the needed creds from gensec. The sequence number is 1002 and
we talk to the server. The server is already ahead cause we are already
at sequence number 1004 and the server expects it to be 1006. So the
server gives us ACCESS_DENIED cause we use a copy in gensec.
Signed-off-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Mon, 2 Jan 2012 17:22:25 +0000 (18:22 +0100)]
s4-librpc: Add capabilities check for AES encrypted connections.
Signed-off-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Tue, 17 Jul 2012 08:55:58 +0000 (10:55 +0200)]
s4-torture: Improve samlogon test.
Andreas Schneider [Mon, 2 Jan 2012 15:27:45 +0000 (16:27 +0100)]
s4-torture: Add DCERPC_SCHANNEL_AES tests.
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 29 Sep 2009 07:29:00 +0000 (09:29 +0200)]
s3:rpc_server: add support for AES bases netlogon schannel
metze
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 29 Sep 2009 07:47:51 +0000 (09:47 +0200)]
s4:rpc_server/netlogon: add support for AES based netlogon schannel
metze
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 23 Dec 2011 14:20:26 +0000 (15:20 +0100)]
s4:librpc/rpc: add DCERPC_SCHANNEL_AES support
metze
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2009 01:09:30 +0000 (03:09 +0200)]
libcli/auth: add support for AES/HMAC-SHA256 to the netlogon schannel sign/seal
metze
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 27 Aug 2009 15:28:35 +0000 (17:28 +0200)]
libcli/auth: add support for AES/HMAC-SHA256 schannel session key support
metze
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 29 Sep 2009 07:47:51 +0000 (09:47 +0200)]
s4:rpc_server/netlogon: only return STRONG_KEYS if the client asked for it
metze
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 18 Sep 2009 18:24:16 +0000 (20:24 +0200)]
s4:rpc_server/netlogon: implement netr_LogonGetCapabilities
This is also needed to support AES.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 23 Dec 2011 14:26:07 +0000 (15:26 +0100)]
s4:librpc/rpc/dcerpc_schannel: just append NETLOGON_NEG_RODC_PASSTHROUGH as rodc
The RODC stuff doesn't depend on the schannel algorithm.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 23 Dec 2011 14:22:06 +0000 (15:22 +0100)]
s4:librpc/rpc/dcerpc_schannel: rework downgrade logic
metze
Signed-off-by: Günther Deschner <gd@samba.org>
Andrew Bartlett [Tue, 17 Jul 2012 02:02:25 +0000 (12:02 +1000)]
VERSION: Move on to beta5!
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 17 06:10:52 CEST 2012 on sn-devel-104
Andrew Bartlett [Tue, 17 Jul 2012 02:01:38 +0000 (12:01 +1000)]
VERSION: Mark as the beta4 release
Andrew Bartlett [Tue, 17 Jul 2012 02:00:49 +0000 (12:00 +1000)]
WHATSNEW: prepare for 4.0 beta4
Jelmer Vernooij [Mon, 16 Jul 2012 12:26:50 +0000 (14:26 +0200)]
Revert "Remove XSLT script to generate image dependencies, instead rely on make"
This reverts commit
c4493c22f129b2c94f361e6f8657adc7cd2dc1c6.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7562
Conflicts:
docs-xml/Makefile
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Mon Jul 16 16:18:46 CEST 2012 on sn-devel-104
Andrew Bartlett [Mon, 16 Jul 2012 09:43:15 +0000 (19:43 +1000)]
pytdb: Check if the database is closed before we touch it
If .close() has already been called, we have to play dead - the
self->ctx is just not valid any more, as we have been shut down to
allow some other part of Samba to open the tdb.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 16 13:51:52 CEST 2012 on sn-devel-104
Andrew Bartlett [Mon, 16 Jul 2012 09:03:40 +0000 (19:03 +1000)]
pytdb: Check for errors parsing strings into TDB_DATA
The call to PyStringAsString() can raise an exception, and we
want to return that rather than following a NULL pointer later.
Andrew Bartlett
Andrew Bartlett [Sat, 14 Jul 2012 12:23:41 +0000 (22:23 +1000)]
auth/credentials: Look in the secrets.tdb for the machine account
This is for use with the -P/--machine-pass option.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jul 15 05:41:28 CEST 2012 on sn-devel-104
Andrew Bartlett [Sat, 14 Jul 2012 12:22:37 +0000 (22:22 +1000)]
s4-param: Use a unique header name
Andrew Bartlett [Sat, 14 Jul 2012 12:18:29 +0000 (22:18 +1000)]
s3-secrets: Use C99 types
Jeremy Allison [Fri, 13 Jul 2012 23:25:23 +0000 (16:25 -0700)]
Fix bug #9016 - Connection to outbound trusted domain goes offline.
By the time we've gotten to init_dc_connection_network() we shouldn't
be second guessing the caller by calling winbindd_can_contact_domain().
If for some reason we do need to restrict the contact list here we
can add a condition to only contact the primary domain or domains
listed in the tdc cache, but I don't think that's neccessary.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul 14 03:17:57 CEST 2012 on sn-devel-104
Volker Lendecke [Fri, 13 Jul 2012 06:38:07 +0000 (08:38 +0200)]
s3: Make us survive smb2.lock.rw-shared with aio enabled
schedule_aio_smb2_write can return NT_STATUS_FILE_LOCK_CONFLICT.
This is a valid error code that smb2.lock.rw-shared expects and
checks for. The code before this patch maps this to NT_STATUS_FILE_CLOSED,
masking the real, correct error message.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 13 21:53:51 CEST 2012 on sn-devel-104
Andrew Bartlett [Fri, 13 Jul 2012 05:51:49 +0000 (15:51 +1000)]
s3-auth_samba4: Explain that check_samba4_security is actually unused
Because of the evolution in the way the auth handling has been done, we do not
need this code any more. Raw NTLM Session setup & X is done via the auth4 context
which returns a full session info.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 13 10:04:05 CEST 2012 on sn-devel-104
Andrew Bartlett [Fri, 13 Jul 2012 05:42:08 +0000 (15:42 +1000)]
lib/util: Allocate enough space to reference blob->data[len]
Found by Thomas Hood <jdthood@gmail.com> using valgrind.
Thanks!
Andrew Bartlett
Andrew Bartlett [Fri, 13 Jul 2012 01:01:47 +0000 (11:01 +1000)]
s3-auth Remove unused global_machine_account_needs_changing
This boolean was only set if the old machine account store (with an
MD4 hash in it) was returned. We have not set that password type for
years. If this call ever worked, it would store a plaintext password,
so we could only ever be here if we had set a password using a version
of Samba so old as not to store plaintext, and then never honered the
flag anyway.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 13 07:52:40 CEST 2012 on sn-devel-104
Andrew Bartlett [Fri, 13 Jul 2012 00:01:44 +0000 (10:01 +1000)]
s3-auth Remove confusing reference to global_machine_password_needs_changing
This is in the trusted domain codepath, not the primary domain code path.
Andrew Bartlett
Geza Gemes [Thu, 12 Jul 2012 14:05:04 +0000 (16:05 +0200)]
s4-provision: Provide YP/NIS subtree to allow ADUC to see and set rfc2307 attrs
When provisioning with --use_rfc2307=yes populate the subtree:
CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN} This makes it
possible to manipulate the posix attributes via ADUC
(commit message adjusted by abartlet)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Fri, 13 Jul 2012 00:20:51 +0000 (17:20 -0700)]
Use HAVE_FSYNC, we bothered to test for it.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 13 04:44:42 CEST 2012 on sn-devel-104
Michael Adam [Thu, 12 Jul 2012 22:29:14 +0000 (00:29 +0200)]
s4:registry:regdiff: use existing talloc context for the event context
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jul 13 02:51:44 CEST 2012 on sn-devel-104
Michael Adam [Thu, 12 Jul 2012 22:20:03 +0000 (00:20 +0200)]
s4:registry:regdiff: add TALLOC_CTX * argument to open_backend()
Michael Adam [Thu, 12 Jul 2012 22:16:09 +0000 (00:16 +0200)]
s4:registry: add a TALLOC_CTX argument to reg_open_remote()
Jeremy Allison [Thu, 12 Jul 2012 17:10:32 +0000 (10:10 -0700)]
Linux-specific optimization in aio_open code.
Use initial_allocation_size to allocate on disk if sent. Ignore
failures (upper level will cope).
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 13 00:35:48 CEST 2012 on sn-devel-104
Jeremy Allison [Thu, 12 Jul 2012 17:09:37 +0000 (10:09 -0700)]
Set fsp->initial_allocation_size before calling open_file_ntcreate().
Allows an SMB_VFS_OPEN() vfs module to do something interesting with
the request.
Jeremy Allison [Wed, 11 Jul 2012 23:35:32 +0000 (16:35 -0700)]
Make sure we reset fsp->initial_allocation_size to zero if we didn't create the file.
This will become important as we set fsp->initial_allocation_size before
create.
Jeremy Allison [Thu, 12 Jul 2012 17:57:47 +0000 (10:57 -0700)]
Add an optimization to pthread aio writes to also do fsync if requested.
Should help by ensuring complete writes done in sub-thread, not in
the main thread.
Volker Lendecke [Thu, 12 Jul 2012 16:47:42 +0000 (18:47 +0200)]
s3: Make us survive base-delaywrite with aio enabled
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 12 21:28:19 CEST 2012 on sn-devel-104
Volker Lendecke [Thu, 12 Jul 2012 14:28:11 +0000 (16:28 +0200)]
s3: Factor out "mark_file_modified"
This is in preparation of making us survive base-delaywrite with async I/O activated
Signed-off-by: Jeremy Allison <jra@samba.org>