kai/samba.git
7 years agovfs: Use posix_sys_acl_blob_get_file in vfs_aixacl
Andrew Bartlett [Wed, 10 Oct 2012 05:52:02 +0000 (16:52 +1100)]
vfs: Use posix_sys_acl_blob_get_file in vfs_aixacl

7 years agovfs: Use a blocking function in vfs_afsacl for system ACL blobs
Andrew Bartlett [Wed, 10 Oct 2012 05:45:44 +0000 (16:45 +1100)]
vfs: Use a blocking function in vfs_afsacl for system ACL blobs

This is important, as we need to avoid asking any lower module for a
possible libear ACL blob.  We may implement a linearisation in the
future.

Andrew Bartlett

7 years agovfs: Implement a sys_acl_blob_get_{fd,file} for POSIX ACL backends
Andrew Bartlett [Wed, 10 Oct 2012 05:49:59 +0000 (16:49 +1100)]
vfs: Implement a sys_acl_blob_get_{fd,file} for POSIX ACL backends

This simply linearlises the SMB_ACL_T (default and access acl for
directories) and the file owner, group and mode into a blob.

It will be useful for an improved vfs_acl_common.c that uses this sets
that, rather than the hash of the NT ACL, in the xattr

This will in turn insulate the stored hash from changes in the ACL
mapping.

Andrew Bartlett

7 years agovfs: Remove type parameter from sys_acl_blob_get_{fd,file}
Andrew Bartlett [Wed, 10 Oct 2012 05:44:41 +0000 (16:44 +1100)]
vfs: Remove type parameter from sys_acl_blob_get_{fd,file}

This interface actually needs to match the get_nt_acl interface in
that the system ACL implmenetation may not be posix ACLs, and the blob
is not meant to be enforced to be of a particular system ACL
structure.

Andrew Bartlett

7 years agosmbd: Add mem_ctx to {f,}get_nt_acl VFS call
Andrew Bartlett [Wed, 10 Oct 2012 00:50:27 +0000 (11:50 +1100)]
smbd: Add mem_ctx to {f,}get_nt_acl VFS call

This makes it clear which context the returned SD is allocated on, as
a number of callers do not want it on talloc_tos().

As the ACL transformation allocates and then no longer needs a great
deal of memory, a talloc_stackframe() call is used to contain the
memory that is not returned further up the stack.

Andrew Bartlett

7 years agosmbd: Add mem_ctx to sys_acl_init() and all callers
Andrew Bartlett [Tue, 9 Oct 2012 23:18:32 +0000 (10:18 +1100)]
smbd: Add mem_ctx to sys_acl_init() and all callers

This changes from allocation on NULL to allocation on the supplied
memory context.

Currently that supplied context is talloc_tos() at the the final consumer of
the ACL.

Andrew Bartlett

7 years agobuild: Add vfs_media_harmony to the waf build
Andrew Bartlett [Wed, 10 Oct 2012 01:44:14 +0000 (12:44 +1100)]
build: Add vfs_media_harmony to the waf build

7 years agoposixacls: Add IDL changes for vfs_acl_xattr using hash of the sys acl
Andrew Bartlett [Wed, 10 Oct 2012 05:42:38 +0000 (16:42 +1100)]
posixacls: Add IDL changes for vfs_acl_xattr using hash of the sys acl

This will isolate the hash of the ACL from any intermediate mapping that
the POSIX -> NT mapping subsystem might need to do, and which might
change if we need to correct that mapping.

Andrew Bartlett

7 years agos3-rpc_server: fix build warning
David Disseldorp [Wed, 10 Oct 2012 08:47:20 +0000 (10:47 +0200)]
s3-rpc_server: fix build warning

enum dcerpc_transport_t is undeclared, include required headers.

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Oct 10 12:41:28 CEST 2012 on sn-devel-104

7 years agoMake sure the returned sd is on the right context, and if not it's always freed.
Jeremy Allison [Tue, 9 Oct 2012 19:46:57 +0000 (12:46 -0700)]
Make sure the returned sd is on the right context, and if not it's always freed.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct  9 23:35:50 CEST 2012 on sn-devel-104

7 years agoMove setting of psd->dacl->revision and protect against null SD's.
Jeremy Allison [Tue, 9 Oct 2012 19:45:30 +0000 (12:45 -0700)]
Move setting of psd->dacl->revision and protect against null SD's.

7 years agodocs: Add '-V' to the list of options.
Karolin Seeger [Tue, 9 Oct 2012 09:56:19 +0000 (11:56 +0200)]
docs: Add '-V' to the list of options.

Karolin

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Oct  9 18:53:12 CEST 2012 on sn-devel-104

7 years agosamba-tool: Some more unifications...
Karolin Seeger [Tue, 9 Oct 2012 09:53:21 +0000 (11:53 +0200)]
samba-tool: Some more unifications...

in the usage message.

Karolin

7 years agopackaging: Add config for systemd-tmpfiles.
Andreas Schneider [Tue, 9 Oct 2012 12:25:29 +0000 (14:25 +0200)]
packaging: Add config for systemd-tmpfiles.

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct  9 17:10:53 CEST 2012 on sn-devel-104

7 years agosamba-tool: skip chown in sysvolreset when it would fail on a GID
Andrew Bartlett [Fri, 5 Oct 2012 00:19:17 +0000 (10:19 +1000)]
samba-tool: skip chown in sysvolreset when it would fail on a GID

This skips the chown of the files if (for example) the domain Admins group
were to own the file and not be able to because the group maps only to a GID.

This essentially papers over the problem, but may be enough to get us past
the Samba 4.0 release.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct  9 15:24:44 CEST 2012 on sn-devel-104

7 years agos3: Pass down smb_filename to smbacl4_fill_ace4
Volker Lendecke [Tue, 9 Oct 2012 07:41:41 +0000 (09:41 +0200)]
s3: Pass down smb_filename to smbacl4_fill_ace4

A full fsp is a bit overkill here

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Oct  9 13:38:49 CEST 2012 on sn-devel-104

7 years agos4-rpc: dnsserver: Ignore DNS zones that are not used by RPC dnsserver
Amitay Isaacs [Tue, 2 Oct 2012 03:02:07 +0000 (13:02 +1000)]
s4-rpc: dnsserver: Ignore DNS zones that are not used by RPC dnsserver

..TrustAnchors zone is not interpreted by RPC dnsserver code.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Oct  9 03:21:07 CEST 2012 on sn-devel-104

7 years agos4-dns: dlz_bind9: Ignore zones that are not used by BIND9 DLZ plugin
Amitay Isaacs [Tue, 2 Oct 2012 03:00:50 +0000 (13:00 +1000)]
s4-dns: dlz_bind9: Ignore zones that are not used by BIND9 DLZ plugin

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
7 years agos4:scripting/python: add '-V' as alias for '--version'
Stefan Metzmacher [Mon, 8 Oct 2012 10:50:52 +0000 (12:50 +0200)]
s4:scripting/python: add '-V' as alias for '--version'

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Oct  8 17:52:52 CEST 2012 on sn-devel-104

7 years agos4:samba-tool: allow 'samba-tool --version'
Stefan Metzmacher [Mon, 8 Oct 2012 10:50:33 +0000 (12:50 +0200)]
s4:samba-tool: allow 'samba-tool --version'

metze

7 years agos4:samba-tool: use normal option parsing in SuperCommand
Stefan Metzmacher [Mon, 8 Oct 2012 10:47:47 +0000 (12:47 +0200)]
s4:samba-tool: use normal option parsing in SuperCommand

We use the epilog to print the subcommands.

metze

7 years agos4:samba-tool: add optional epilog to _create_parser()
Stefan Metzmacher [Mon, 8 Oct 2012 10:45:20 +0000 (12:45 +0200)]
s4:samba-tool: add optional epilog to _create_parser()

metze

7 years agos3fs-printing: Fix RAW printing for normal users.
Andreas Schneider [Mon, 8 Oct 2012 10:32:49 +0000 (12:32 +0200)]
s3fs-printing: Fix RAW printing for normal users.

This fixes bug #8769.

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Oct  8 16:11:51 CEST 2012 on sn-devel-104

7 years agosamba-tool: Unify usage messages.
Karolin Seeger [Mon, 8 Oct 2012 10:32:58 +0000 (12:32 +0200)]
samba-tool: Unify usage messages.

Karolin

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Oct  8 14:26:52 CEST 2012 on sn-devel-104

7 years agodocs: Add man 8 samba-tool.
Karolin Seeger [Mon, 8 Oct 2012 09:57:40 +0000 (11:57 +0200)]
docs: Add man 8 samba-tool.

Addresses bug #8802 - Create missing manpages for new binaries.

Please note that it's a very basic version. Please feel free
to extend.

Karolin

7 years agosamba-tool: Clarify usage of --help.
Karolin Seeger [Mon, 8 Oct 2012 09:47:22 +0000 (11:47 +0200)]
samba-tool: Clarify usage of --help.

Karolin

7 years agodocs: fix opening and ending tag mismatch: para
Björn Baumbach [Mon, 8 Oct 2012 08:42:34 +0000 (10:42 +0200)]
docs: fix opening and ending tag mismatch: para

in forcedirectorysecuritymode.xml.

7 years agodocs: fix opening and ending tag mismatch: para
Björn Baumbach [Mon, 8 Oct 2012 08:42:34 +0000 (10:42 +0200)]
docs: fix opening and ending tag mismatch: para

in directorysecuritymask.xml.

7 years agosamba-tool: Fix typo in usage.
Karolin Seeger [Mon, 8 Oct 2012 07:47:37 +0000 (09:47 +0200)]
samba-tool: Fix typo in usage.

Karolin

7 years agos4-dns: fix a warning
Matthieu Patou [Wed, 3 Oct 2012 07:37:34 +0000 (00:37 -0700)]
s4-dns: fix a warning

Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Mon Oct  8 10:45:41 CEST 2012 on sn-devel-104

7 years agos4-dns: Ignore zones that shouldn't be returned currently
Matthieu Patou [Tue, 2 Oct 2012 04:36:34 +0000 (21:36 -0700)]
s4-dns: Ignore zones that shouldn't be returned currently

RootDNSServers should never be returned (Windows DNS server don't)
..TrustAnchors should never be returned as is, (Windows returns
TrustAnchors) and for the moment we don't support DNSSEC so we'd better
not return this zone.

7 years agos4-join: factorize code, add info
Matthieu Patou [Sat, 29 Sep 2012 17:15:05 +0000 (10:15 -0700)]
s4-join: factorize code, add info

7 years agos4-join: add some documentation
Matthieu Patou [Mon, 8 Oct 2012 04:52:25 +0000 (21:52 -0700)]
s4-join: add some documentation

7 years agos4-repl: make dreplsrv_partition_find_for_nc return BAD_NC only
Matthieu Patou [Fri, 28 Sep 2012 01:38:29 +0000 (18:38 -0700)]
s4-repl: make dreplsrv_partition_find_for_nc return BAD_NC only

7 years agodrsuapi: Validate the input parameters for the drsuapi_UpdateRefs function
Matthieu Patou [Thu, 27 Sep 2012 22:22:00 +0000 (15:22 -0700)]
drsuapi: Validate the input parameters for the drsuapi_UpdateRefs function

7 years agodrsuapi: check more carefully the validity of the NC
Matthieu Patou [Thu, 27 Sep 2012 22:02:06 +0000 (15:02 -0700)]
drsuapi: check more carefully the validity of the NC

Check that both the GUID and DN are the GUID/DN of a NC if not return
WERR_DS_DRA_BAD_NC

7 years agodrsuapi-idl: Fix the encoding of the source_dsa_dns
Matthieu Patou [Thu, 27 Sep 2012 21:20:26 +0000 (14:20 -0700)]
drsuapi-idl: Fix the encoding of the source_dsa_dns

astring is not aligned and is not conformant

7 years agodrs-replica-info: level_not_supported is wrong when we do support (partialy the level)
Matthieu Patou [Thu, 27 Sep 2012 08:27:50 +0000 (01:27 -0700)]
drs-replica-info: level_not_supported is wrong when we do support (partialy the level)

7 years agolib-addns: ensure that allocated buffer are pre set to 0
Matthieu Patou [Thu, 27 Sep 2012 08:22:57 +0000 (01:22 -0700)]
lib-addns: ensure that allocated buffer are pre set to 0

It avoid bugs when one of the buffer is supposed to contain a string
that is not null terminated (ie. label->label) and that we don't force
the last byte to 0.

7 years agoldap-server: sscanf result was never used to mistyped var
Matthieu Patou [Thu, 27 Sep 2012 01:32:28 +0000 (18:32 -0700)]
ldap-server: sscanf result was never used to mistyped var

7 years agoldap-server: remove warning for the ret not being used
Matthieu Patou [Thu, 27 Sep 2012 01:31:39 +0000 (18:31 -0700)]
ldap-server: remove warning for the ret not being used

7 years agos4-drs: fix the logic to allow REPL_SECRET if the account has GET_ALL_CHANGES
Matthieu Patou [Wed, 26 Sep 2012 18:49:07 +0000 (11:49 -0700)]
s4-drs: fix the logic to allow REPL_SECRET if the account has GET_ALL_CHANGES

7 years agos4-drs: EXOP_REPL_SECRETS can be called by RW DC as well
Matthieu Patou [Wed, 26 Sep 2012 18:44:58 +0000 (11:44 -0700)]
s4-drs: EXOP_REPL_SECRETS can be called by RW DC as well

7 years agodrs-getncchanges: do not set the highestUsn to 0
Matthieu Patou [Tue, 25 Sep 2012 21:02:55 +0000 (14:02 -0700)]
drs-getncchanges: do not set the highestUsn to 0

Paragraph 4.1.10.5 says that
         if err = 0 then
         msgOut.pNC := msgIn.pNC
         msgOut.usnvecFrom := msgIn.usnvecFrom
so no need to set the highestUsn to 0

7 years agokcc: return invalid parameter if the taskId is not 0
Matthieu Patou [Tue, 25 Sep 2012 20:27:04 +0000 (13:27 -0700)]
kcc: return invalid parameter if the taskId is not 0

7 years agodrs-crackname: if there is no sid do not return the domain
Matthieu Patou [Tue, 25 Sep 2012 17:51:47 +0000 (10:51 -0700)]
drs-crackname: if there is no sid do not return the domain

7 years agodevel-crackname: Print if count > 0
Matthieu Patou [Tue, 25 Sep 2012 09:00:23 +0000 (02:00 -0700)]
devel-crackname: Print if count > 0

7 years agoImplement the LIST_INFO_FOR_SERVER input format
Matthieu Patou [Tue, 25 Sep 2012 04:34:02 +0000 (21:34 -0700)]
Implement the LIST_INFO_FOR_SERVER input format

7 years agogetdcinfo: Check that the server object has a serverreference objects pointing to...
Matthieu Patou [Tue, 25 Sep 2012 06:12:25 +0000 (23:12 -0700)]
getdcinfo: Check that the server object has a serverreference objects pointing to a DC object

The problem was found by the DRSR testsuite where server objects were
created in the Site container without serverrefrence attribute
triggering error in the testsuite.

7 years agontdb: remove unused local variable.
Rusty Russell [Mon, 8 Oct 2012 00:56:43 +0000 (11:26 +1030)]
ntdb: remove unused local variable.

Reported-by: Matthieu Patou <mat@samba.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Mon Oct  8 04:43:37 CEST 2012 on sn-devel-104

7 years agos3: Add two tests a CLEAR_IF_FIRST crash
Volker Lendecke [Tue, 2 Oct 2012 13:44:41 +0000 (15:44 +0200)]
s3: Add two tests a CLEAR_IF_FIRST crash

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Oct  6 17:16:39 CEST 2012 on sn-devel-104

7 years agotdb: Make tdb robust against improper CLEAR_IF_FIRST restart save-diskspace-tags/tdb-1.2.11
Volker Lendecke [Tue, 2 Oct 2012 13:26:14 +0000 (15:26 +0200)]
tdb: Make tdb robust against improper CLEAR_IF_FIRST restart

When winbind is restarted, there is a potential crash in tdb. Following
situation: We are in a cluster with ctdb. A winbind child hangs
in a request to the DC. Cluster monitoring decides the node has a
problem. Cluster monitoring decides to kill ctdbd. winbind child
still hangs in a RPC request. winbind parent figures that ctdb is
dead and immediately commits suicide. winbind parent is restarted by
cluster management, overwriting gencache.tdb with CLEAR_IF_FIRST. The
CLEAR_IF_FIRST logic as implemented now will not see that a child still
has the tdb open, only the parent holds the ACTIVE_LOCK due to performance
reasons. During the CLEAR_IF_FIRST logic is done, there is a very small
window where we ftruncate(tfd, 0) the file and re-write a proper header
without a lock. When during this small window the winbind child comes
back, wanting to store something into gencache.tdb, that winbind child
will crash with a SIGBUS.

Sounds unlikely? See:

[2012/09/29 07:02:31.871607,  0] lib/util.c:1183(smb_panic)
  PANIC (pid 1814517): internal error
[2012/09/29 07:02:31.877596,  0] lib/util.c:1287(log_stack_trace)
  BACKTRACE: 35 stack frames:
   #0 winbindd(log_stack_trace+0x1a) [0x7feb7d4ca18a]
   #1 winbindd(smb_panic+0x2b) [0x7feb7d4ca25b]
   #2 winbindd(+0x1a3cc4) [0x7feb7d4bacc4]
   #3 /lib64/libc.so.6(+0x32900) [0x7feb7a929900]
   #4 /lib64/libc.so.6(memcpy+0x35) [0x7feb7a97f355]
   #5 /usr/lib64/libtdb.so.1(+0x6e76) [0x7feb7b0b0e76]
   #6 /usr/lib64/libtdb.so.1(+0x3d37) [0x7feb7b0add37]
   #7 /usr/lib64/libtdb.so.1(+0x863d) [0x7feb7b0b263d]
   #8 /usr/lib64/libtdb.so.1(+0x8700) [0x7feb7b0b2700]
   #9 /usr/lib64/libtdb.so.1(+0x2505) [0x7feb7b0ac505]
   #10 /usr/lib64/libtdb.so.1(+0x25b7) [0x7feb7b0ac5b7]
   #11 /usr/lib64/libtdb.so.1(tdb_fetch+0x13) [0x7feb7b0ac633]
   #12 winbindd(gencache_set_data_blob+0x259) [0x7feb7d4d8449]
   #13 winbindd(gencache_set+0x53) [0x7feb7d4d85b3]
   #14 winbindd(gencache_del+0x5e) [0x7feb7d4d879e]
   #15 winbindd(saf_delete+0x93) [0x7feb7d54b693]
   #16 winbindd(+0xe507e) [0x7feb7d3fc07e]
   #17 winbindd(+0xe85e5) [0x7feb7d3ff5e5]
   #18 winbindd(+0xe65be) [0x7feb7d3fd5be]
   #19 winbindd(+0xe7562) [0x7feb7d3fe562]
   #20 winbindd(init_dc_connection+0x2e) [0x7feb7d3fe5be]
   #21 winbindd(+0xe75d9) [0x7feb7d3fe5d9]
   #22 winbindd(cm_connect_netlogon+0x58) [0x7feb7d3fe658]
   #23 winbindd(_wbint_PingDc+0x61) [0x7feb7d410991]
   #24 winbindd(+0x103175) [0x7feb7d41a175]
   #25 winbindd(winbindd_dual_ndrcmd+0xb7) [0x7feb7d4107d7]
   #26 winbindd(+0xf8609) [0x7feb7d40f609]
   #27 winbindd(+0xf9075) [0x7feb7d410075]
   #28 winbindd(tevent_common_loop_immediate+0xe8) [0x7feb7d4db198]
   #29 winbindd(run_events_poll+0x3c) [0x7feb7d4d93fc]
   #30 winbindd(+0x1c2b52) [0x7feb7d4d9b52]
   #31 winbindd(_tevent_loop_once+0x90) [0x7feb7d4d9f60]
   #32 winbindd(main+0x7b3) [0x7feb7d3e7aa3]
   #33 /lib64/libc.so.6(__libc_start_main+0xfd) [0x7feb7a915cdd]
   #34 winbindd(+0xce2a9) [0x7feb7d3e52a9]

This is in a winbind child, logfiles surrounding indicate the parent
was restarted.

This patch takes all chain locks around the CLEAR_IF_FIRST introduced
tdb_new_database.

7 years agotdb: Make robust against shrinking tdbs
Rusty Russell [Sat, 6 Oct 2012 11:23:05 +0000 (13:23 +0200)]
tdb: Make robust against shrinking tdbs

When probing for a size change (eg. just before tdb_expand, tdb_check,
tdb_rescue) we call tdb_oob(tdb, tdb->map_size, 1, 1).  Unfortunately
this does nothing if the tdb has actually shrunk, which as Volker
demonstrated, can actually happen if a "longlived" parent crashes.

So move the map/update size/remap before the limit check.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
7 years agoWe should never just assign an st_mode to an ace->perms field, theoretically
Jeremy Allison [Fri, 5 Oct 2012 22:51:19 +0000 (15:51 -0700)]
We should never just assign an st_mode to an ace->perms field, theoretically
they are different so should go through a mapping function. Ensure this is so.

Practically this does not matter, as for user permissions the mapping
function is an identity, and the extra bits we may add are ignored
anyway, but this makes the intent clear.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct  6 03:04:14 CEST 2012 on sn-devel-104

7 years agoModify ensure_canon_entry_valid() into ensure_canon_entry_valid_on_set() - makes...
Jeremy Allison [Fri, 5 Oct 2012 22:48:07 +0000 (15:48 -0700)]
Modify ensure_canon_entry_valid() into ensure_canon_entry_valid_on_set() - makes the logic clearer.

7 years agoSimplify ensure_canon_entry_valid by splitting out the _get codepath.
Jeremy Allison [Fri, 5 Oct 2012 22:09:06 +0000 (15:09 -0700)]
Simplify ensure_canon_entry_valid by splitting out the _get codepath.

7 years agotalloc: Convert error cecking macros into fns save-diskspace-tags/talloc-2.0.8
Simo Sorce [Fri, 5 Oct 2012 14:32:32 +0000 (10:32 -0400)]
talloc: Convert error cecking macros into fns

This will avoid 'surprise returns' and makes the code cleare to readers.
These macros were complex enough to warrant a full function anyway not
just for readability but also for debuggability.

Thanks David for pointing out this issue.

Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Fri Oct  5 23:24:17 CEST 2012 on sn-devel-104

7 years agoAdd tests for talloc_memlimit
Simo Sorce [Sat, 22 Sep 2012 20:35:21 +0000 (16:35 -0400)]
Add tests for talloc_memlimit

Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Fri Oct  5 07:36:38 CEST 2012 on sn-devel-104

7 years agoAdd memory limiting capability to talloc
Simo Sorce [Sat, 22 Sep 2012 20:15:47 +0000 (16:15 -0400)]
Add memory limiting capability to talloc

By calling talloc_set_memlimit() we can now set a max memory limit
for a whole talloc hierarchy.
ANy attempt to allocate memory beyond the max allowed for the whole
hierarchy wil cause an allocation failure.

Stealing memory correctly accounts for used memory in the old and the new
hierarchy but exceeding the memory limit in the new parent will not cause
a failure.

7 years agoEnsure the masks don't conflict with the ACL checks.
Jeremy Allison [Thu, 4 Oct 2012 20:50:51 +0000 (13:50 -0700)]
Ensure the masks don't conflict with the ACL checks.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct  5 00:36:40 CEST 2012 on sn-devel-104

7 years agoUpdate WHATSNEW.txt with removed parameters.
Jeremy Allison [Thu, 4 Oct 2012 19:03:27 +0000 (12:03 -0700)]
Update WHATSNEW.txt with removed parameters.

7 years agoRemove the parameters:
Jeremy Allison [Wed, 3 Oct 2012 23:04:18 +0000 (16:04 -0700)]
Remove the parameters:

security mask
force security mode
directory security mask
force directory security mode

and update the docs.

7 years agoRemove all uses of lp_security_mask/lp_force_security_mode/lp_dir_security_mask/lp_fo...
Jeremy Allison [Wed, 3 Oct 2012 21:49:01 +0000 (14:49 -0700)]
Remove all uses of lp_security_mask/lp_force_security_mode/lp_dir_security_mask/lp_force_dir_security_mode
and replace with the normal masks. Now these parameters can be removed.

7 years agoRevert "Add functions to programatically set the security mask and directory security...
Jeremy Allison [Wed, 3 Oct 2012 20:59:43 +0000 (13:59 -0700)]
Revert "Add functions to programatically set the security mask and directory security mask parameters."

This reverts commit 8f0ecbbbeebff0174579a78827d384067cd4cbb7.

Not now needed as part of the move to remove security mask parameters.

7 years agoRevert "When creating a new file/directory, we need to obey the create mask/directory...
Jeremy Allison [Wed, 3 Oct 2012 20:58:53 +0000 (13:58 -0700)]
Revert "When creating a new file/directory, we need to obey the create mask/directory mask parameters."

This reverts commit c251a6b0442abc13bc8be4ff8de324c1d7706a78.

Remove this as we're planning to remove the security mask,
directory security mask parameters and only use create mask/directory mask.

7 years agohtml docs: Remove link to Using Samba.
Karolin Seeger [Thu, 4 Oct 2012 09:43:20 +0000 (11:43 +0200)]
html docs: Remove link to Using Samba.

Thanks to Christian Perrier <bubulle@debian.org> for reporting!

Fix bug #7826 - HTML docs index file still points to Using Samba.

Karolin

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Oct  4 13:48:00 CEST 2012 on sn-devel-104

7 years agodocs: Remove duplicate synonym min protocol.
Karolin Seeger [Thu, 4 Oct 2012 08:00:44 +0000 (10:00 +0200)]
docs: Remove duplicate synonym min protocol.

Karolin

7 years agos3fs-smbd: Make sure the registry is set up before we init printing.
Andreas Schneider [Tue, 2 Oct 2012 13:51:08 +0000 (15:51 +0200)]
s3fs-smbd: Make sure the registry is set up before we init printing.

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Oct  4 12:06:29 CEST 2012 on sn-devel-104

7 years agowaf: Build pam_smbpass module only if enabled.
Andreas Schneider [Tue, 2 Oct 2012 12:25:40 +0000 (14:25 +0200)]
waf: Build pam_smbpass module only if enabled.

7 years agotdb: add -e option to tdbdump (and docment it).
Rusty Russell [Wed, 3 Oct 2012 23:34:23 +0000 (09:04 +0930)]
tdb: add -e option to tdbdump (and docment it).

This allows for an emergency best-effort dump.  It's a little better than
strings(1).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Thu Oct  4 03:16:06 CEST 2012 on sn-devel-104

7 years agotdb: tdbdump should log errors, and fail in that case.
Rusty Russell [Wed, 3 Oct 2012 23:34:23 +0000 (09:04 +0930)]
tdb: tdbdump should log errors, and fail in that case.

Dumping a corrupt database should not exit silently with 0 status!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
7 years agotdb: add tdb_rescue()
Rusty Russell [Wed, 3 Oct 2012 23:34:19 +0000 (09:04 +0930)]
tdb: add tdb_rescue()

This allows for an emergency best-effort dump.  It's a little better than
strings(1).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
7 years agoCorrect fix for bug #9222 - smbd ignores the "server signing = no" setting for SMB2.
Jeremy Allison [Wed, 3 Oct 2012 19:58:00 +0000 (12:58 -0700)]
Correct fix for bug #9222 - smbd ignores the "server signing = no" setting for SMB2.

Signing cannot be disabled for SMB2 by design, so fix the documentation
instead.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct  3 23:47:23 CEST 2012 on sn-devel-104

7 years agoRevert "Fix bug #9222 - smbd ignores the "server signing = no" setting for SMB2."
Jeremy Allison [Wed, 3 Oct 2012 19:50:42 +0000 (12:50 -0700)]
Revert "Fix bug #9222 - smbd ignores the "server signing = no" setting for SMB2."

This reverts commit dfd3c31a3f9eea96854b2d22574856368e86b245.

As Metze pointed out:

From MS-SMB2 section 2.2.4:

SMB2_NEGOTIATE_SIGNING_ENABLED

When set, indicates that security signatures are enabled
on the server. The server MUST set this bit, and the client MUST return
STATUS_INVALID_NETWORK_RESPONSE if the flag is missing.

I'll submit a documentation bug to fix #9222 that way.

7 years agoFix bug #9214 - Bad user supplied SMB2 credit value can cause smbd to call smb_panic.
Jeremy Allison [Wed, 3 Oct 2012 00:30:54 +0000 (17:30 -0700)]
Fix bug #9214 - Bad user supplied SMB2 credit value can cause smbd to call smb_panic.

Terminate the connection cleanly instead.

7 years agos3-docs: add delete_lost option to vfs_streams_depot.8
Björn Baumbach [Tue, 2 Oct 2012 09:37:11 +0000 (11:37 +0200)]
s3-docs: add delete_lost option to vfs_streams_depot.8

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct  3 18:10:14 CEST 2012 on sn-devel-104

7 years agos3-docs: Fix opening and ending tag mismatch in Samba3-HOWTO (Bug #9235)
Björn Baumbach [Tue, 2 Oct 2012 08:53:15 +0000 (10:53 +0200)]
s3-docs: Fix opening and ending tag mismatch in Samba3-HOWTO (Bug #9235)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos4: samba_backup: Fix typos.
Björn Baumbach [Wed, 19 Sep 2012 10:03:21 +0000 (12:03 +0200)]
s4: samba_backup: Fix typos.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos4:tortore/rpc/lsa: make more use of torture_assert*
Stefan Metzmacher [Mon, 1 Oct 2012 06:51:47 +0000 (08:51 +0200)]
s4:tortore/rpc/lsa: make more use of torture_assert*

Currently samba3.rpc.lsa.privileges.lsa.Privileges(s3dc)
seems to be flakey.

We may be able to find the bug with this,
or at least mark it as flapping.

metze

7 years agowintest: Give dcpromo more time
Andrew Bartlett [Tue, 2 Oct 2012 22:22:27 +0000 (08:22 +1000)]
wintest: Give dcpromo more time

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct  3 16:04:44 CEST 2012 on sn-devel-104

7 years agowintest: Give netdom join more time to complete
Andrew Bartlett [Tue, 2 Oct 2012 08:45:39 +0000 (18:45 +1000)]
wintest: Give netdom join more time to complete

7 years agowintest: Add config file for a second host
Andrew Bartlett [Tue, 2 Oct 2012 02:34:10 +0000 (12:34 +1000)]
wintest: Add config file for a second host

7 years agowintest: bump version to 4.1
Andrew Bartlett [Tue, 2 Oct 2012 02:33:48 +0000 (12:33 +1000)]
wintest: bump version to 4.1

7 years agonsswitch: Build nss_winbind on all supported platforms
Andrew Bartlett [Mon, 1 Oct 2012 22:12:16 +0000 (08:12 +1000)]
nsswitch: Build nss_winbind on all supported platforms

This matches what the autoconf build can do.

Andrew Bartlett

7 years agoselftest: Always build a linux-style nss_winbind for nss_wrapper
Andrew Bartlett [Wed, 3 Oct 2012 06:36:34 +0000 (16:36 +1000)]
selftest: Always build a linux-style nss_winbind for nss_wrapper

7 years agoprovision: Use logger rather than print.
Jelmer Vernooij [Wed, 3 Oct 2012 08:26:55 +0000 (10:26 +0200)]
provision: Use logger rather than print.

Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Wed Oct  3 14:24:09 CEST 2012 on sn-devel-104

7 years agos4-provision: do not skip setting the acls on sysvol
Matthieu Patou [Tue, 2 Oct 2012 21:30:25 +0000 (14:30 -0700)]
s4-provision: do not skip setting the acls on sysvol

Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Wed Oct  3 10:26:06 CEST 2012 on sn-devel-104

7 years agoFix bug #9222 - smbd ignores the "server signing = no" setting for SMB2.
Jeremy Allison [Tue, 2 Oct 2012 21:10:21 +0000 (14:10 -0700)]
Fix bug #9222 - smbd ignores the "server signing = no" setting for SMB2.

Still sign if client request is signed, just don't negotiate it in
negprot or sessionsetup.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct  3 00:59:42 CEST 2012 on sn-devel-104

7 years agoWhen creating a new file/directory, we need to obey the create mask/directory mask...
Jeremy Allison [Tue, 2 Oct 2012 17:25:14 +0000 (10:25 -0700)]
When creating a new file/directory, we need to obey the create mask/directory mask parameters.

Currently we call FSET_NT_ACL to inherit any ACLs on create. However
FSET_NT_ACL uses the security mask/directory security mask parameters
instead of the create mask/directory mask parameters.

Swap them temporarily when creating to ensure the correct masks
are applied.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct  2 22:27:17 CEST 2012 on sn-devel-104

7 years agoAdd functions to programatically set the security mask and directory security mask...
Jeremy Allison [Tue, 2 Oct 2012 17:22:39 +0000 (10:22 -0700)]
Add functions to programatically set the security mask and directory security mask parameters.

7 years agoWhen setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_A...
Jeremy Allison [Tue, 2 Oct 2012 17:15:54 +0000 (10:15 -0700)]
When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries.

7 years agoOnly apply masks on non-default ACL entries when setting the ACL.
Jeremy Allison [Tue, 2 Oct 2012 17:12:45 +0000 (10:12 -0700)]
Only apply masks on non-default ACL entries when setting the ACL.

7 years agoUse is_default_acl variable in canonicalise_acl().
Jeremy Allison [Tue, 2 Oct 2012 16:55:09 +0000 (09:55 -0700)]
Use is_default_acl variable in canonicalise_acl().

7 years agoReformat spacing to be even.
Jeremy Allison [Tue, 2 Oct 2012 16:21:17 +0000 (09:21 -0700)]
Reformat spacing to be even.

7 years agotdb: Fix a typo
Volker Lendecke [Tue, 2 Oct 2012 10:21:20 +0000 (12:21 +0200)]
tdb: Fix a typo

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Oct  2 19:52:16 CEST 2012 on sn-devel-104

7 years agos3-net: Fix DEBUG() location.
Günther Deschner [Mon, 1 Oct 2012 14:19:28 +0000 (16:19 +0200)]
s3-net: Fix DEBUG() location.

Guenther

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Oct  2 18:06:17 CEST 2012 on sn-devel-104

7 years agos3-net: give more control how to update/register DNS entries.
Günther Deschner [Tue, 25 Sep 2012 09:09:45 +0000 (11:09 +0200)]
s3-net: give more control how to update/register DNS entries.

Guenther

7 years agos3-net: pass down a flags field to DoDNSUpdate().
Günther Deschner [Tue, 25 Sep 2012 09:08:48 +0000 (11:08 +0200)]
s3-net: pass down a flags field to DoDNSUpdate().

Guenther

7 years agos3-net: move out some prototypes to net_dns.h.
Günther Deschner [Wed, 19 Sep 2012 13:35:15 +0000 (15:35 +0200)]
s3-net: move out some prototypes to net_dns.h.

Guenther

7 years agos3-net: pass down struct net_context to the dns update calls.
Günther Deschner [Wed, 19 Sep 2012 13:31:57 +0000 (15:31 +0200)]
s3-net: pass down struct net_context to the dns update calls.

Guenther