Volker Lendecke [Sun, 26 Sep 2010 23:44:06 +0000 (01:44 +0200)]
s3: Remove talloc_autofree_context() from receive_unexpected()
This is freed in this routine a few lines down
Stefan Metzmacher [Tue, 28 Sep 2010 02:50:32 +0000 (04:50 +0200)]
s4:gensec_tstream: remove plain socket handling
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Sep 28 04:54:24 UTC 2010 on sn-devel-104
Stefan Metzmacher [Wed, 3 Feb 2010 13:36:10 +0000 (14:36 +0100)]
s4:lib/tls: add gnutls backend for tstream
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104
Stefan Metzmacher [Wed, 22 Sep 2010 10:13:28 +0000 (12:13 +0200)]
s4:gensec: add gensec_create_tstream()
Based on the initial patch from Andreas Schneider <asn@redhat.com>.
metze
Stefan Metzmacher [Tue, 28 Sep 2010 00:33:23 +0000 (02:33 +0200)]
s4:wrepl_server: use SOCKET_FLAG_NOCLOSE instead of a dup()
The key thing is that we might have to turn the incomming
connection into a outgoing connection.
This change makes sense anyway, because we donate the fd to
tstream.
metze
Stefan Metzmacher [Tue, 28 Sep 2010 00:13:12 +0000 (02:13 +0200)]
s4:rpc_server: use SOCKET_FLAG_NOCLOSE to avoid calling close() on the socket fd twice.
metze
Jeremy Allison [Tue, 28 Sep 2010 01:24:01 +0000 (18:24 -0700)]
Add torture test BAD-NBT-SESSION as regression fix for bug 7698 - Assert causes smbd to panic on invalid NetBIOS session request.
Jeremy.
Jeremy Allison [Tue, 28 Sep 2010 01:21:46 +0000 (18:21 -0700)]
Small tweak to bugfix for 7698 - Assert causes smbd to panic on invalid NetBIOS session request.
Don't just fail to reply on a bad NBT name, just don't do the
internal action.
Jeremy.
Stefan Metzmacher [Mon, 27 Sep 2010 21:57:34 +0000 (23:57 +0200)]
tsocket: make sure we delete the fd event before calling close()
We got random double free errors, when getting events from
epoll_wait() and try to dereference the private talloc pointer
attached to it.
Before doing the close() in the tstream_disconnect_send() function
we need to delete the fd event.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Sep 28 01:02:55 UTC 2010 on sn-devel-104
Jeremy Allison [Mon, 27 Sep 2010 12:46:07 +0000 (05:46 -0700)]
Change to using TDB_INCOMPATIBLE_HASH (the jenkins hash) on all
TDB_CLEAR_IF_FIRST tdb's. For tdb's like gencache where we open
without CLEAR_IF_FIRST and then with CLEAR_IF_FIRST if corrupt
this is still safe to use as if opening an existing tdb the new
hash will be ignored - it's only used on creating a new tdb not
opening an old one.
Jeremy.
Andrew Tridgell [Mon, 27 Sep 2010 22:03:44 +0000 (15:03 -0700)]
s4-ildap: two more places that need talloc_reparent()
these contexts can have references
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Sep 28 00:04:03 UTC 2010 on sn-devel-104
Andrew Tridgell [Mon, 27 Sep 2010 21:56:04 +0000 (14:56 -0700)]
s4-kcc: don't print "Testing kcctpl_create_intersite_connections"
log level 0 is excessive for this!
Andrew Tridgell [Mon, 27 Sep 2010 21:42:13 +0000 (14:42 -0700)]
s4-drs: make getncchanges debug less verbose
quieten make test a little
Andrew Tridgell [Mon, 27 Sep 2010 21:34:43 +0000 (14:34 -0700)]
s4-dns: avoid search domains expansion in DNS resolver
add a '.' if the name contains a '.' already, but not at the end
Andrew Tridgell [Mon, 27 Sep 2010 21:34:06 +0000 (14:34 -0700)]
heimdal: avoid DNS search domain expansion
When you have a domain search list in resolv.conf, and one of the DNS
servers for a searched domain is uncontactable then we would timeout
resolving DNS names.
Avoid this by adding a '.' to the hostname if the hostname already has
a '.' in it, which we assume to mean it is fully qualified.
Günther Deschner [Mon, 27 Sep 2010 23:10:57 +0000 (01:10 +0200)]
samr: add three new ACB flags to IDL.
Guenther
Günther Deschner [Mon, 27 Sep 2010 22:10:54 +0000 (00:10 +0200)]
s3-spoolss: Fix _spoolss_EnumPrintProcDataTypes error handling
Günther Deschner [Mon, 27 Sep 2010 22:10:31 +0000 (00:10 +0200)]
s4-smbtorture: rework spoolss_EnumPrintProcDataTypes test.
Guenther
Günther Deschner [Mon, 27 Sep 2010 22:10:17 +0000 (00:10 +0200)]
s3-spoolss: Fix _spoolss_EnumPrintProcessors error handling
Günther Deschner [Mon, 27 Sep 2010 21:33:52 +0000 (23:33 +0200)]
s4-smbtorture: rework test_EnumPrintProcessors to let it test more combinations.
Guenther
Günther Deschner [Mon, 27 Sep 2010 06:10:58 +0000 (08:10 +0200)]
s3-waf: add NDR_PERFCOUNT subsystem.
Guenther
Andrew Tridgell [Mon, 27 Sep 2010 19:54:26 +0000 (12:54 -0700)]
s4-ildap: fixed a talloc_steal with references error
We need talloc_reparent() instead
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 20:38:00 UTC 2010 on sn-devel-104
Nadezhda Ivanova [Mon, 27 Sep 2010 17:01:09 +0000 (10:01 -0700)]
s4-ldb: Added ldb_request_replace_control
It is the same as ldb_request_add_control, except it will replace
an existing control.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 19:00:38 UTC 2010 on sn-devel-104
Anatoliy Atanasov [Mon, 27 Sep 2010 00:05:13 +0000 (17:05 -0700)]
s4/irpc: Add security token to the binding handle when doing irp call forwarding
Anatoliy Atanasov [Mon, 27 Sep 2010 00:04:43 +0000 (17:04 -0700)]
s4/irpc: Add function to add security token to the binding handle
Stefan Metzmacher [Sun, 26 Sep 2010 23:42:26 +0000 (01:42 +0200)]
s4:irpc: optionaly pass the security_token via IRPC requests.
metze
Volker Lendecke [Mon, 27 Sep 2010 00:32:50 +0000 (02:32 +0200)]
s3: Make file_fnum static
Volker Lendecke [Sun, 26 Sep 2010 23:49:01 +0000 (01:49 +0200)]
s3: Remove some unused code
Volker Lendecke [Mon, 27 Sep 2010 00:32:27 +0000 (02:32 +0200)]
s3: Fix some comments
Volker Lendecke [Mon, 27 Sep 2010 05:16:14 +0000 (22:16 -0700)]
Remove talloc_autofree_context() from pm_process
This would be a classic for talloc_tos(), InFile is freed a few lines down. But
unfortunately S4 does not support talloc_tos().
Volker Lendecke [Mon, 27 Sep 2010 05:15:40 +0000 (22:15 -0700)]
Lift talloc_autofree_context() from OpenConfFile()
Michael Adam [Mon, 27 Sep 2010 10:43:39 +0000 (12:43 +0200)]
libsmbconf: parse an empty share as empty share, not as NULL.
This fixes a segfault in net conf import:
Importing a text file with an empty share resulted in a segfault.
Now this creates an empty share in registry config, just as it
should.
Thanks to Gregor Beck <gbeck@sernet.de> for reporting.
Gregor Beck [Fri, 24 Sep 2010 09:29:09 +0000 (11:29 +0200)]
s3:registry: proposed aix build fix for reg_parse_internal
Signed-off-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Mon, 27 Sep 2010 06:14:54 +0000 (08:14 +0200)]
s4:torture/ldap: close connections with an UnbindRequest
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Sep 27 07:14:23 UTC 2010 on sn-devel-104
Stefan Metzmacher [Mon, 27 Sep 2010 06:13:50 +0000 (08:13 +0200)]
LDAP-BASIC: test AbandonRequest
metze
Stefan Metzmacher [Sun, 26 Sep 2010 20:34:37 +0000 (22:34 +0200)]
s4:libcli/ldap: fix sending oneway requests
metze
Stefan Metzmacher [Mon, 27 Sep 2010 04:46:33 +0000 (06:46 +0200)]
libcli/ldap: correctly marshall LDAP Unbind PDUs
metze
Günther Deschner [Mon, 27 Sep 2010 05:46:52 +0000 (07:46 +0200)]
s3-waf: fix dependencies to NDR_XATTR.
Guenther
Günther Deschner [Mon, 27 Sep 2010 05:33:09 +0000 (07:33 +0200)]
s3-waf: link PReg parser only in registry client side extension.
Guenther
Günther Deschner [Mon, 27 Sep 2010 05:18:16 +0000 (07:18 +0200)]
s3-waf: NDR_SRVSVC is defined now from the main librpc wscript_build.
Guenther
Günther Deschner [Mon, 27 Sep 2010 01:55:40 +0000 (03:55 +0200)]
waf: add more NDR subsystems for shared IDL files.
Guenther
Günther Deschner [Mon, 27 Sep 2010 05:07:24 +0000 (07:07 +0200)]
s4-waf: remove NDR-SRVSVC alias.
Thanks tridge, this was driving me nuts...
Guenther
Günther Deschner [Mon, 27 Sep 2010 04:57:36 +0000 (06:57 +0200)]
s4-smbtorture: remove unneeded dcerpc_mgmt alias.
Guenther
Andrew Tridgell [Mon, 27 Sep 2010 04:12:02 +0000 (21:12 -0700)]
s4-drs: fixed comment in getncchanges code
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 04:54:43 UTC 2010 on sn-devel-104
Andrew Tridgell [Mon, 27 Sep 2010 04:11:42 +0000 (21:11 -0700)]
s4-gensec: fixed a valgrind error in gensec
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sun, 26 Sep 2010 09:14:19 +0000 (11:14 +0200)]
lib/util: change tevent_req_nterror() to a macro
This way we can record where a tevent_req was finished by
tevent_req_nterror().
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Sep 27 03:18:14 UTC 2010 on sn-devel-104
Andrew Tridgell [Mon, 27 Sep 2010 00:40:05 +0000 (17:40 -0700)]
s4-dns: use the generated krb5.conf in samba_dnsupdate
this gives one less thing that an admin can get wrong
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 02:35:29 UTC 2010 on sn-devel-104
Andrew Tridgell [Mon, 27 Sep 2010 00:39:33 +0000 (17:39 -0700)]
s4-provision: fixed the generation of the krb5.conf for vampire
we need a correct krb5.conf for nsupdate from bind9
Günther Deschner [Mon, 27 Sep 2010 01:47:15 +0000 (03:47 +0200)]
s3-waf: move SERVICES into a subsystem.
Guenther
Günther Deschner [Mon, 27 Sep 2010 01:39:41 +0000 (03:39 +0200)]
s3-waf: add PRINTING subsystems.
Guenther
Günther Deschner [Mon, 27 Sep 2010 01:31:19 +0000 (03:31 +0200)]
s3-waf: add two more REGF based subsystems.
Guenther
Rusty Russell [Mon, 27 Sep 2010 01:36:51 +0000 (11:06 +0930)]
tdb: fix non-WAF build, commit 1.2.6 ABI file.
Sorry Jeremy.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Fri, 24 Sep 2010 06:15:11 +0000 (15:45 +0930)]
tdb: TDB_INCOMPATIBLE_HASH, to allow safe changing of default hash.
This flag to tdb_open/tdb_open_ex effects creation of a new database:
1) Uses the Jenkins lookup3 hash instead of the old gdbm hash if none is
specified,
2) Places a non-zero field in header->rwlocks, so older versions of TDB will
refuse to open it.
This means that the caller (ie Samba) can set this flag to safely
change the hash function. Versions of TDB from this one on will either
use the correct hash or refuse to open (if a different hash is specified).
Older TDB versions will see the nonzero rwlocks field and refuse to open
it under any conditions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Fri, 24 Sep 2010 06:09:43 +0000 (15:39 +0930)]
tdb: automatically identify Jenkins hash tdbs
If the caller to tdb_open_ex() doesn't specify a hash, and tdb_old_hash
doesn't match, try tdb_jenkins_hash.
This was Metze's idea: it makes life simpler, especially with the upcoming
TDB_INCOMPATIBLE_HASH flag.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Fri, 24 Sep 2010 06:04:06 +0000 (15:34 +0930)]
tdb: add Bob Jenkins lookup3 hash as helper hash.
This is a better hash than the default: shipping it with tdb makes it easy
for callers to use it as the hash by passing it to tdb_open_ex().
This version taken from CCAN and modified, which took it from
http://www.burtleburtle.net/bob/c/lookup3.c.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Günther Deschner [Sun, 26 Sep 2010 22:24:47 +0000 (00:24 +0200)]
s3-waf: rework static and shared list handling a little.
Guenther
Günther Deschner [Sun, 26 Sep 2010 22:24:04 +0000 (00:24 +0200)]
waf: add delimiter argument to TO_LIST.
Guenther
Günther Deschner [Sun, 26 Sep 2010 21:38:36 +0000 (23:38 +0200)]
s3-waf: add missing IDMAP modules.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:58:58 +0000 (21:58 +0200)]
s3-waf: rework CLDAP and LIBCLI_LDAP subsystems.
Guenther
Günther Deschner [Sun, 26 Sep 2010 18:30:36 +0000 (20:30 +0200)]
s3-waf: move gpext subsystem to libgpo/gpext/wscript_build.
Guenther
Günther Deschner [Sun, 26 Sep 2010 18:10:49 +0000 (20:10 +0200)]
s3-waf: move perfcount subsystem to modules/wscript_build.
Guenther
Günther Deschner [Sun, 26 Sep 2010 18:07:03 +0000 (20:07 +0200)]
s3-waf: move charset subsystem to modules/wscript_build.
Guenther
Günther Deschner [Sun, 26 Sep 2010 17:59:18 +0000 (19:59 +0200)]
s3-waf: move idmap subsystem to winbindd/wscript_build.
Guenther
Günther Deschner [Sun, 26 Sep 2010 17:51:40 +0000 (19:51 +0200)]
s3-waf: move pdb subsystem to pdb/wscript_build.
Guenther
Günther Deschner [Sun, 26 Sep 2010 17:43:43 +0000 (19:43 +0200)]
s3-waf: move auth subsystem to auth/wscript_build.
Guenther
Günther Deschner [Sun, 26 Sep 2010 08:56:09 +0000 (10:56 +0200)]
s3-waf: support --with-acl-support, at least for posix acls.
Guenther
Günther Deschner [Sun, 26 Sep 2010 01:11:01 +0000 (03:11 +0200)]
s3-waf: move VFS subsystem to modules/wscript_build.
Guenther
Günther Deschner [Sun, 26 Sep 2010 08:44:27 +0000 (10:44 +0200)]
s3-waf: add some module specific functions for s3 waf build.
Thanks to Kai.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:28:36 +0000 (21:28 +0200)]
s3-waf: convert VFS into a subsystem.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:27:22 +0000 (21:27 +0200)]
s3-waf: convert GPEXT into a subsystem.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:26:23 +0000 (21:26 +0200)]
s3-waf: convert PERFCOUNT into a subsystem.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:25:16 +0000 (21:25 +0200)]
s3-waf: convert CHARSET into a subsystem.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:23:40 +0000 (21:23 +0200)]
s3-waf: convert IDMAP into subsystem.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:22:02 +0000 (21:22 +0200)]
s3-waf: convert PDB into subsystem.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:21:38 +0000 (21:21 +0200)]
s3-waf: convert AUTH into subsystem.
Guenther
Nadezhda Ivanova [Sun, 26 Sep 2010 18:47:47 +0000 (11:47 -0700)]
s4-ldbmodules: Added new module aclread to handle access checks on LDAP search
It is currently enabled only if the request comes from the LDAP server, and is
disabled by default. Use acl:search=true in smb.conf to enable it.
It filters out all objects the user is not allowed to see, and all attributes
the user does not have RP on. Extended access not supported yet.
Nadezhda Ivanova [Sun, 26 Sep 2010 18:39:36 +0000 (11:39 -0700)]
s4-tests: Added tests for search checks on attributes
The ACL reach tests are in the knowfail because aclread module is not
enabled by default
Nadezhda Ivanova [Sun, 26 Sep 2010 18:37:00 +0000 (11:37 -0700)]
s4-tests: Removed search tests with anonymous credentials as they fail againts Windows
These tests will fail in make test as well if the acl_read module is enabled.
Nadezhda Ivanova [Sun, 26 Sep 2010 18:32:22 +0000 (11:32 -0700)]
s4-dsdb: Added a function to check access on a particular object by its guid
Similar to dsdb_check_access_on_dn, only it searches by guid.
Nadezhda Ivanova [Wed, 22 Sep 2010 19:50:51 +0000 (12:50 -0700)]
s4-dsdb: A helper to determine if an attribute is part of the search filter
Nadezhda Ivanova [Wed, 22 Sep 2010 19:41:44 +0000 (12:41 -0700)]
s4-dsdb: Moved some helper functions to a separate file
We need these to be accessible to the aclread module as well.
Nadezhda Ivanova [Tue, 14 Sep 2010 07:51:14 +0000 (10:51 +0300)]
s4-ldap: Added a control to apply the access checks on read via LDAP
Andrew Tridgell [Sun, 26 Sep 2010 19:50:06 +0000 (12:50 -0700)]
autobuild: use killbysubdir if available
this will reduce the spurious test output while processes are being
killed
Andrew Tridgell [Sun, 26 Sep 2010 18:46:01 +0000 (11:46 -0700)]
autobuild: exit immediately if no changes from master
we don't need to test master in autobuild
Günther Deschner [Sun, 26 Sep 2010 18:25:15 +0000 (20:25 +0200)]
s3-waf: convert LIBGPO into a subsystem.
Guenther
Günther Deschner [Sun, 26 Sep 2010 17:44:53 +0000 (19:44 +0200)]
s3-waf: convert PLAINTEXT_AUTH, SLCACHE and DCUTIL into subsystems.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:04:39 +0000 (21:04 +0200)]
s3-vfs: fix the build of nfs4_acls.c
Guenther
Andreas Schneider [Sun, 26 Sep 2010 17:28:07 +0000 (19:28 +0200)]
s3-waf: Link smbd against RPCECHO.
Volker Lendecke [Sun, 26 Sep 2010 02:21:56 +0000 (19:21 -0700)]
s3: Remove talloc_autofree_context() from nametouid()
pass is freed a few lines down
Volker Lendecke [Sun, 26 Sep 2010 02:18:46 +0000 (19:18 -0700)]
s3: Remove talloc_autofree_context() from guest_user_info()
pwd is freed a few lines down
Volker Lendecke [Sun, 26 Sep 2010 02:16:53 +0000 (19:16 -0700)]
s3: Remove talloc_autofree_context() from getpwnam_alloc()
This is given to the memcache a few lines down
Volker Lendecke [Sun, 26 Sep 2010 01:34:03 +0000 (18:34 -0700)]
s3: Remove talloc_autofree_context() from notify_internal_parent_init()
Jeremy Allison [Sun, 26 Sep 2010 09:59:32 +0000 (02:59 -0700)]
Fix bug #7698 - Assert causes smbd to panic on invalid NetBIOS session request.
Found by the CodeNomicon test suites at the SNIA plugfest.
http://www.codenomicon.com/
If an invalid NetBIOS session request is received the code in name_len() in
libsmb/nmblib.c can hit an assert.
Re-write name_len() and name_extract() to use "buf/len" pairs and
always limit reads.
Jeremy.
Stefan Metzmacher [Wed, 22 Sep 2010 04:23:17 +0000 (06:23 +0200)]
s4:schannel: handle move flag combinations in the server
This fixes some testsuites in the CIFS plugfest.
metze
Andrew Tridgell [Sun, 26 Sep 2010 02:14:42 +0000 (19:14 -0700)]
s4-auth: fixed the SID list for DCs in the PAC
the S-1-5-9 SID is added in the PAC by the KDC, not on the server that
receives the PAC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Sep 26 07:09:08 UTC 2010 on sn-devel-104
Andrew Tridgell [Sun, 26 Sep 2010 02:43:13 +0000 (19:43 -0700)]
autobuild: fixed detection of master changes
Andrew Tridgell [Sun, 26 Sep 2010 02:23:02 +0000 (19:23 -0700)]
s3-selftest: added samba3.posix_s3.rap.printing as a knownfail
this fails intermittently on sn-devel, Günther suggests adding this to
knownfail for now
Andrew Tridgell [Sun, 26 Sep 2010 02:13:28 +0000 (19:13 -0700)]
idl-pac: add a decoder for the pac info ctr
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Sun, 26 Sep 2010 00:53:14 +0000 (17:53 -0700)]
s4-drs: use the system sam_ctx for updaterefs
this is needed for RODC clients calling updaterefs
Andrew Tridgell [Sun, 26 Sep 2010 00:52:43 +0000 (17:52 -0700)]
s4-spn: don't try to do SPN updates as a RODC
we don't have the permissions to do it