nivanova/samba-autobuild/.git
10 years agos3 WHATSNEW: Mention the changes to net
Kai Blin [Tue, 26 May 2009 07:26:56 +0000 (09:26 +0200)]
s3 WHATSNEW: Mention the changes to net

10 years agoMerge branch 'master' of ssh://git.samba.org/data/git/samba
Andrew Tridgell [Tue, 26 May 2009 04:18:16 +0000 (14:18 +1000)]
Merge branch 'master' of ssh://git.samba.org/data/git/samba

10 years agos4:provision: Added ComPartitionSets entry.
Andrew Kroeger [Sun, 24 May 2009 08:37:37 +0000 (03:37 -0500)]
s4:provision: Added ComPartitionSets entry.

Without this entry, opening the COM+ tab under the properties of an OU within
ADUC results in the following error:

"Unable to retrieve all user properties, 0x80072030"

10 years agos4:Added Extended-Rights and subentries.
Andrew Kroeger [Sun, 24 May 2009 19:47:46 +0000 (14:47 -0500)]
s4:Added Extended-Rights and subentries.

Without these entries, using the 'Delegate Control' option in ADUC results in
the following error message in the Delegation of Control Wizard:

"The templates could not be applied.  One or more of the templates is not
applicable.  Click Back and select different templates, and then try again."

10 years agos4:provision: Update DisplaySpecifiers (#5139).
Andrew Kroeger [Fri, 22 May 2009 05:28:36 +0000 (00:28 -0500)]
s4:provision: Update DisplaySpecifiers (#5139).

The classDisplayName attribute controls the actual text displayed to the user
for the top-level menus, so added it to the existing entries.

The attributeDisplayNames attribute contains both the text displayed to the
user and a mapping to the internal directory attribute name for the particular
field, so added these to the existing entries as well.

Added new entries as appropriate to properly complete all menus and labels
within ADUC.

10 years agoDon't use crossRef records to find our own domain
Andrew Bartlett [Tue, 26 May 2009 02:31:39 +0000 (12:31 +1000)]
Don't use crossRef records to find our own domain

A single AD server can only host a single domain, so don't stuff about
with looking up our crossRef record in the cn=Partitions container.
We instead trust that lp_realm() and lp_workgroup() works correctly.

Andrew Bartlett

10 years agoAdd support for sendmsg() in socket_wrapper
Andrew Bartlett [Tue, 26 May 2009 01:43:37 +0000 (11:43 +1000)]
Add support for sendmsg() in socket_wrapper

This is required because the deferred connect code skips the connect()
until sending the packet, but unless we catch this call, the connect()
never happens.

Andrew Bartlett

10 years agoMerge branch 'master' of ssh://git.samba.org/data/git/samba
Andrew Tridgell [Mon, 25 May 2009 23:26:47 +0000 (09:26 +1000)]
Merge branch 'master' of ssh://git.samba.org/data/git/samba

10 years agoadded some more speed tests to tdbtool
Andrew Tridgell [Mon, 25 May 2009 23:24:37 +0000 (09:24 +1000)]
added some more speed tests to tdbtool

This adds 3 simple speed tests to tdbtool, for transaction store,
store and fetch.

On my laptop this shows transactions costing about 10ms

10 years agos3:dbwrap_tool: add listkeys operation
Michael Adam [Mon, 25 May 2009 22:47:15 +0000 (00:47 +0200)]
s3:dbwrap_tool: add listkeys operation

Michael

10 years agos3:dbwrap_tool: remove superfluous command mapping
Michael Adam [Mon, 25 May 2009 22:26:39 +0000 (00:26 +0200)]
s3:dbwrap_tool: remove superfluous command mapping

Michael

10 years agos3:dbwrap_tool: add "erase" opearation
Michael Adam [Mon, 25 May 2009 21:27:28 +0000 (23:27 +0200)]
s3:dbwrap_tool: add "erase" opearation

Michael

10 years agonet: Use samba default command line arguments.
Kai Blin [Thu, 14 May 2009 09:39:01 +0000 (11:39 +0200)]
net: Use samba default command line arguments.

Attention:

The meaning of the -N flag changed.
To get the old meaning for net groupmap set, use the long option --ntname
The long option for using kerberos changed from --kerberos to --use-kerberos

net rpc commands will now prompt for a password if none is given.

As a benefit, net will now accept an authentication file like other samba
command line tools. So no need to specify the password on the command line in
scripts anymore.

This should fix bug #6357

Signed-off-by: Kai Blin <kai@samba.org>
10 years agos3 ctags: ignore all proto.h files for tag generation
Kai Blin [Wed, 20 May 2009 10:07:07 +0000 (12:07 +0200)]
s3 ctags: ignore all proto.h files for tag generation

10 years agos3:winbind_util: remove trailing spaces
Michael Adam [Mon, 25 May 2009 09:55:51 +0000 (11:55 +0200)]
s3:winbind_util: remove trailing spaces

Michael

10 years agos3:dbwrap_ctdb: fix some function header comments
Michael Adam [Mon, 25 May 2009 19:59:40 +0000 (21:59 +0200)]
s3:dbwrap_ctdb: fix some function header comments

Michael

10 years agosource3/utils/log2pcaphex.c(main): fixed file descriptors leak.
Slava Semushin [Fri, 22 May 2009 18:10:05 +0000 (01:10 +0700)]
source3/utils/log2pcaphex.c(main): fixed file descriptors leak.

One of leaks found by cppcheck:
[./source3/utils/log2pcaphex.c:367]: (error) Resource leak: out

10 years agosource{3,4}/torture/smbiconv.c(main): fixed file descriptor leak.
Slava Semushin [Sat, 23 May 2009 13:51:53 +0000 (20:51 +0700)]
source{3,4}/torture/smbiconv.c(main): fixed file descriptor leak.

File descriptor leaks only when we use file instead of stdout.

Found by cppcheck:
[./source3/torture/smbiconv.c:219]: (error) Resource leak: out
[./source4/torture/smbiconv.c:211]: (error) Resource leak: out

10 years agonsswitch/winbind_nss_aix.c(fill_grent): fixed memory leak.
Slava Semushin [Sat, 23 May 2009 14:02:40 +0000 (21:02 +0700)]
nsswitch/winbind_nss_aix.c(fill_grent): fixed memory leak.

Found by cppcheck:
[./nsswitch/winbind_nss_aix.c:241]: (error) Memory leak: result

10 years agos3-selftest: fix typo.
Günther Deschner [Mon, 25 May 2009 13:55:26 +0000 (15:55 +0200)]
s3-selftest: fix typo.

Guenther

10 years agos3:winbind:idmap_ldap: warn about duplicate SID->XID mappings (bug #6387)
Michael Adam [Mon, 25 May 2009 09:54:43 +0000 (11:54 +0200)]
s3:winbind:idmap_ldap: warn about duplicate SID->XID mappings (bug #6387)

With the current infrastructure, we should not return error on
duplicate mappings but just warn instead (because an error would
trigger the attempt to create yet another mapping).

Michael

10 years agos3:winbind:idmap_ldap: warn about duplicate XID->SID mappings (bug #6387)
Michael Adam [Mon, 25 May 2009 09:29:14 +0000 (11:29 +0200)]
s3:winbind:idmap_ldap: warn about duplicate XID->SID mappings (bug #6387)

With the current infrastructure, we should not return error on
duplicate mappings but just warn instead (because an error would
trigger the attempt to create yet another mapping).

Michael

10 years agos3-samr: Fix Bug #6372, usermanager only displaying 1024 groups and aliases.
Günther Deschner [Mon, 25 May 2009 12:05:18 +0000 (14:05 +0200)]
s3-samr: Fix Bug #6372, usermanager only displaying 1024 groups and aliases.

This is now also verified with the RPC-SAMR-LARGE-DC test.

Guenther

10 years agos3-selftest: enable RPC-SAMR-LARGE-DC against Samba3.
Günther Deschner [Mon, 25 May 2009 12:03:16 +0000 (14:03 +0200)]
s3-selftest: enable RPC-SAMR-LARGE-DC against Samba3.

This will fail for alias creation as nss_wrapper does not yet wrap around
libnss_winbind.

Guenther

10 years agos4-smbtorture: add RPC-SAMR-LARGE-DC test.
Günther Deschner [Mon, 25 May 2009 11:08:58 +0000 (13:08 +0200)]
s4-smbtorture: add RPC-SAMR-LARGE-DC test.

This rather simple test creates 4500 objects on a domain controller and checks
the enum calls for the correct number of results.

Guenther

10 years agos4-smbtorture: rename test_EnumDomain{Users,Groups,Aliases} in RPC-SAMR.
Günther Deschner [Fri, 22 May 2009 17:04:25 +0000 (19:04 +0200)]
s4-smbtorture: rename test_EnumDomain{Users,Groups,Aliases} in RPC-SAMR.

Guenther

10 years agos4-smbtorture: re-work test_Create{User,Group,Alias} a little.
Günther Deschner [Thu, 21 May 2009 16:12:29 +0000 (18:12 +0200)]
s4-smbtorture: re-work test_Create{User,Group,Alias} a little.

Guenther

10 years agos3-pamsmbpass: copy _pam_get_item and _pam_get_data from pam_winbind.
Günther Deschner [Fri, 22 May 2009 15:56:37 +0000 (17:56 +0200)]
s3-pamsmbpass: copy _pam_get_item and _pam_get_data from pam_winbind.

Guenther

10 years agos3-rpcclient: use get_domain_handle() fn in enum domain users & groups.
Günther Deschner [Fri, 22 May 2009 14:48:01 +0000 (16:48 +0200)]
s3-rpcclient: use get_domain_handle() fn in enum domain users & groups.

Guenther

10 years agoAttempt to fix a debian build problem
Volker Lendecke [Mon, 25 May 2009 10:36:30 +0000 (12:36 +0200)]
Attempt to fix a debian build problem

10 years agos3/docs: Fix typos.
Karolin Seeger [Mon, 25 May 2009 08:50:23 +0000 (10:50 +0200)]
s3/docs: Fix typos.

Thanks to Oota Toshiya <t-oota at dh.jp.nec.com> for reporting!

Karolin

10 years agofixed interpretation of ACB_PWNOTREQ
Andrew Tridgell [Mon, 25 May 2009 05:23:54 +0000 (15:23 +1000)]
fixed interpretation of ACB_PWNOTREQ

This bit actually means that we should ignore the minimum password
length field for this user. It doesn't mean that the password should
be seen as empty

10 years agofixed the client side password change code
Andrew Tridgell [Mon, 25 May 2009 03:40:52 +0000 (13:40 +1000)]
fixed the client side password change code

The client side code was not falling back to older routines correctly
as it didn't check for the operation range error appropriately. It
also used the old rpc semantics.

10 years agocope with lanman auth being disabled in old password change code
Andrew Tridgell [Mon, 25 May 2009 03:39:56 +0000 (13:39 +1000)]
cope with lanman auth being disabled in old password change code

When lanman auth is disabled and a user calls a password change
method that requires it we should give NT_STATUS_NOT_SUPPORTED

10 years agoTALLOC_FREE happily lives with a NULL ptr. Tim, please check!
Volker Lendecke [Sun, 24 May 2009 20:13:07 +0000 (22:13 +0200)]
TALLOC_FREE happily lives with a NULL ptr. Tim, please check!

Thanks,

Volker

10 years agoFix a race condition in winbind leading to a panic
Volker Lendecke [Sun, 24 May 2009 16:57:13 +0000 (18:57 +0200)]
Fix a race condition in winbind leading to a panic

In winbind, we do multiple events in one select round. This needs fixing, but
as long as we're still using it, for efficiency reasons we need to do that.

What can happen is the following: We have outgoing data pending for a client,
thus

state->fd_event.flags == EVENT_FD_WRITE

Now a new client comes in, we go through the list of clients to find an idle
one. The detection for idle clients in remove_idle_client does not take the
pending data into account. We close the socket that has pending outgoing data,
the accept(2) one syscall later gives us the same socket.

In new_connection(), we do a setup_async_read, setting up a read fde. The
select from before however had found the socket (that we had already closed!!)
to be writable. In rw_callback we only want to see a readable flag, and we
panic in the SMB_ASSERT(flags == EVENT_FD_READ).

Found using

bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient

Volker

10 years agouse epoll for local-wbclient test
Volker Lendecke [Wed, 20 May 2009 12:18:23 +0000 (14:18 +0200)]
use epoll for local-wbclient test

10 years agoDon't limit the number of retries in wb_trans.
Volker Lendecke [Sun, 24 May 2009 11:22:26 +0000 (13:22 +0200)]
Don't limit the number of retries in wb_trans.

This is better done with a tevent_req_set_endtime the caller should issue.

10 years agoDon't set a timeout deep inside wb_connect
Volker Lendecke [Sun, 24 May 2009 11:18:34 +0000 (13:18 +0200)]
Don't set a timeout deep inside wb_connect

10 years agoChange async_connect to use connect instead of getsockopt to get the error
Volker Lendecke [Sun, 24 May 2009 11:14:12 +0000 (13:14 +0200)]
Change async_connect to use connect instead of getsockopt to get the error

On my Linux box, this is definitely the more reliable strategy with unix domain
sockets, and according to my tests it also works correctly with TCP sockets.

10 years agoDo queueing in wbclient.c
Volker Lendecke [Fri, 22 May 2009 20:30:09 +0000 (22:30 +0200)]
Do queueing in wbclient.c

The _trigger fn must know about wbc_context, while we were waiting in the
queue the fd might have changed

10 years agoFix closed_fd(): select returning 0 means no fd listening
Volker Lendecke [Fri, 22 May 2009 17:29:46 +0000 (19:29 +0200)]
Fix closed_fd(): select returning 0 means no fd listening

10 years agoFix wb_simple_trans queueing
Volker Lendecke [Sun, 10 May 2009 08:49:39 +0000 (10:49 +0200)]
Fix wb_simple_trans queueing

10 years agoAdd "err_on_readability" to writev_send
Volker Lendecke [Sat, 23 May 2009 14:10:54 +0000 (16:10 +0200)]
Add "err_on_readability" to writev_send

A socket where the other side has closed only becomes readable. To catch
errors early when sitting in a pure writev, we need to also test for
readability.

10 years agoAllow NULL queue to writev_send
Volker Lendecke [Sun, 10 May 2009 08:49:18 +0000 (10:49 +0200)]
Allow NULL queue to writev_send

10 years agoEnsure we return NT_STATUS_FILE_IS_A_DIRECTORY on a posix open on a
Jeremy Allison [Fri, 22 May 2009 22:55:27 +0000 (15:55 -0700)]
Ensure we return NT_STATUS_FILE_IS_A_DIRECTORY on a posix open on a
directory name.
Jeremy.

10 years agoTest that POSIX open of a directory returns NT_STATUS_FILE_IS_A_DIRECTORY (ERRDOS...
Jeremy Allison [Fri, 22 May 2009 22:21:55 +0000 (15:21 -0700)]
Test that POSIX open of a directory returns NT_STATUS_FILE_IS_A_DIRECTORY (ERRDOS, EISDIR).
Jeremy.

10 years agos3:smbd: implement SMB2 Tree Disconnect
Stefan Metzmacher [Fri, 22 May 2009 10:42:24 +0000 (12:42 +0200)]
s3:smbd: implement SMB2 Tree Disconnect

metze

10 years agos3:smbd: implement SMB2 Tree Connect
Stefan Metzmacher [Fri, 15 May 2009 09:50:20 +0000 (11:50 +0200)]
s3:smbd: implement SMB2 Tree Connect

For now this only checks if the share is present or not.

metze

10 years agos3:smbd: SMB2 session ids are 64bit...
Stefan Metzmacher [Fri, 22 May 2009 09:06:54 +0000 (11:06 +0200)]
s3:smbd: SMB2 session ids are 64bit...

We only grand ids up to 0x0000000000FFFFFF,
because that's what our idtree implementation can handle.
But also 16777215 sessions on one tcp connection should be enough:-)

metze

10 years agotsocket: allow empty vectors at the end for tstream_writev()/readv()
Stefan Metzmacher [Fri, 22 May 2009 10:28:17 +0000 (12:28 +0200)]
tsocket: allow empty vectors at the end for tstream_writev()/readv()

metze

10 years agos3:winbind:idmap_ldap: fix a crash bug in idmap_ldap_unixids_to_sids (#6387)
Michael Adam [Fri, 22 May 2009 09:58:00 +0000 (11:58 +0200)]
s3:winbind:idmap_ldap: fix a crash bug in idmap_ldap_unixids_to_sids (#6387)

This fixes a crash bug hit when multiple mappings were found by
the ldap search. This crash was caused by an ldap asssertion
in ldap_next_entry because was set to NULL in each iteration.

The corresponding fix was applied to the idmap_ldap_sids_to_unixids()
by Jerry in 2007 (b066668b74768d9ed547f16bf7b6ba6aea5df20a).

This fixes the crash part of bug #6387.

There is a logic part, too:
The problem currently only occurs when multiple mappings are found
for one given unixid. Now winbindd does not crash any more but
it does not correctly handle this situation. It just returns the
last mapping from the ldap search results.
This needs fixing.

Michael

10 years agos3:smbd: implement SMB2 Logoff
Stefan Metzmacher [Fri, 15 May 2009 09:40:19 +0000 (11:40 +0200)]
s3:smbd: implement SMB2 Logoff

metze

10 years agoDon't steal when we know the ptr will be null. Thanks to Simo for
Jeremy Allison [Fri, 22 May 2009 01:48:17 +0000 (18:48 -0700)]
Don't steal when we know the ptr will be null. Thanks to Simo for
pointing this out.
Jeremy.

10 years agoRevert the last two commits (fix for #6386). The actual problem
Jeremy Allison [Fri, 22 May 2009 01:37:36 +0000 (18:37 -0700)]
Revert the last two commits (fix for #6386). The actual problem
was a bug in ldb in 3.2 which could return a freed pointer on
ret != LDAP_SUCCESS. The main thing we must ensure is that we
never talloc_steal until we know LDAP_SUCCESS was returned.
Jeremy.

10 years agoEnsure all possible uses of indirection through res are checked after
Jeremy Allison [Fri, 22 May 2009 01:00:54 +0000 (18:00 -0700)]
Ensure all possible uses of indirection through res are checked after
an ldb_search.
Jeremy.

10 years agoAttempt to fix bug #6386 - Samba Panic triggered by Sophos Control Centre.
Jeremy Allison [Fri, 22 May 2009 00:27:25 +0000 (17:27 -0700)]
Attempt to fix bug #6386 - Samba Panic triggered by Sophos Control Centre.
Don't indirect a potentially null pointer.
Jeremy.

10 years agoDetect tight loop in tdb_find()
Jim McDonough [Thu, 21 May 2009 20:26:26 +0000 (16:26 -0400)]
Detect tight loop in tdb_find()

10 years agos3 torture: Fix warning
Tim Prouty [Thu, 21 May 2009 19:17:53 +0000 (12:17 -0700)]
s3 torture: Fix warning

10 years agos3 onefs: Fix invalid argument from the unix_convert smb_filename struct patch
Tim Prouty [Thu, 21 May 2009 19:17:33 +0000 (12:17 -0700)]
s3 onefs: Fix invalid argument from the unix_convert smb_filename struct patch

10 years agos3:smbd: we want to get the next command offset and not set it...
Stefan Metzmacher [Thu, 21 May 2009 14:17:53 +0000 (16:17 +0200)]
s3:smbd: we want to get the next command offset and not set it...

This should also fix the build on some hosts.

metze

10 years agos3-build: fix the build of ntlm_auth. Bo Yang, please check.
Günther Deschner [Thu, 21 May 2009 10:50:20 +0000 (12:50 +0200)]
s3-build: fix the build of ntlm_auth. Bo Yang, please check.

Guenther

10 years agos4-selftest: adding RPC-SAMR-USERS-PRIVILEGES to knownfail list.
Günther Deschner [Thu, 21 May 2009 10:15:07 +0000 (12:15 +0200)]
s4-selftest: adding RPC-SAMR-USERS-PRIVILEGES to knownfail list.

Samba4 cannot pass this test currently as in Samba4 (unlike Samba3)
the LSA and SAMR account are stored in the same db.
Once you delete a SAMR user the LSA privilege account is deleted
at the same time (which is wrong).

Guenther

10 years agos3: ignore EPIPE error when winbind finally writes to wb client because client might...
Bo Yang [Thu, 21 May 2009 19:22:52 +0000 (03:22 +0800)]
s3: ignore EPIPE error when winbind finally writes to wb client because client might have already closed the socket

Signed-off-by: Bo Yang <boyang@samba.org>
10 years agos3: Fix onlinestatus msg to return status of all domain instead of omitting trusted...
Bo Yang [Thu, 21 May 2009 18:12:59 +0000 (02:12 +0800)]
s3: Fix onlinestatus msg to return status of all domain instead of omitting trusted domains

Signed-off-by: Bo Yang <boyang@samba.org>
10 years agos3: set winbindd request flags in ntlm_auth to make it contact trusted domain when...
Bo Yang [Thu, 21 May 2009 18:03:32 +0000 (02:03 +0800)]
s3: set winbindd request flags in ntlm_auth to make it contact trusted domain when krb5 auth is enabled

Signed-off-by: Bo Yang <boyang@samba.org>
10 years agos3: Fix request flags in wbinfo when perform krb5 authentication
Bo Yang [Thu, 21 May 2009 17:39:03 +0000 (01:39 +0800)]
s3: Fix request flags in wbinfo when perform krb5 authentication

Signed-off-by: Bo Yang <boyang@samba.org>
10 years agoMake cli_posix_open() and cli_posix_mkdir() async.
Jeremy Allison [Thu, 21 May 2009 01:31:36 +0000 (18:31 -0700)]
Make cli_posix_open() and cli_posix_mkdir() async.
Jeremy.

10 years agos3: Change unix_convert (and its callers) to use struct smb_filename
Tim Prouty [Tue, 7 Apr 2009 20:39:57 +0000 (13:39 -0700)]
s3: Change unix_convert (and its callers) to use struct smb_filename

This is the first of a series of patches that change path based
operations to operate on a struct smb_filename instead of a char *.
This same concept already exists in source4.

My goals for this series of patches are to eventually:

1) Solve the stream vs. posix filename that contains a colon ambiguity
   that currently exists.
2) Make unix_convert the only function that parses the stream name.
3) Clean up the unix_convert API.
4) Change all path based vfs operation to take a struct smb_filename.
5) Make is_ntfs_stream_name() a constant operation that can simply
   check the state of struct smb_filename rather than re-parse the
   filename.
6) Eliminate the need for split_ntfs_stream_name() to exist.

My strategy is to start from the inside at unix_convert() and work my
way out through the vfs layer, call by call.  This first patch does
just that, by changing unix_convert and all of its callers to operate
on struct smb_filename.  Since this is such a large change, I plan on
pushing the patches in phases, where each phase keeps full
compatibility and passes make test.

The API of unix_convert has been simplified from:

NTSTATUS unix_convert(TALLOC_CTX *ctx,
      connection_struct *conn,
      const char *orig_path,
      bool allow_wcard_last_component,
      char **pp_conv_path,
      char **pp_saved_last_component,
      SMB_STRUCT_STAT *pst)
to:

NTSTATUS unix_convert(TALLOC_CTX *ctx,
      connection_struct *conn,
      const char *orig_path,
      struct smb_filename *smb_fname,
      uint32_t ucf_flags)

Currently the smb_filename struct looks like:

struct smb_filename {
       char *base_name;
       char *stream_name;
       char *original_lcomp;
       SMB_STRUCT_STAT st;
};

One key point here is the decision to break up the base_name and
stream_name.  I have introduced a helper function called
get_full_smb_filename() that takes an smb_filename struct and
allocates the full_name.  I changed the callers of unix_convert() to
subsequently call get_full_smb_filename() for the time being, but I
plan to eventually eliminate get_full_smb_filename().

10 years agos3:smbd: check the incoming session id for SMB2 requests
Stefan Metzmacher [Wed, 20 May 2009 18:51:10 +0000 (20:51 +0200)]
s3:smbd: check the incoming session id for SMB2 requests

metze

10 years agos3:smbd: implement SMB2 Session Setup with raw NTLMSSP
Stefan Metzmacher [Fri, 15 May 2009 09:20:34 +0000 (11:20 +0200)]
s3:smbd: implement SMB2 Session Setup with raw NTLMSSP

metze

10 years agos3:smbd: for now indicate raw NTLMSSP in the SMB2 Negotiate response
Stefan Metzmacher [Wed, 20 May 2009 17:45:28 +0000 (19:45 +0200)]
s3:smbd: for now indicate raw NTLMSSP in the SMB2 Negotiate response

metze

10 years agos3:smbd: move the callback functions of smbd_smb2_request_reply() closer itself
Stefan Metzmacher [Wed, 20 May 2009 17:48:47 +0000 (19:48 +0200)]
s3:smbd: move the callback functions of smbd_smb2_request_reply() closer itself

metze

10 years agos3:smbd: add smbd_smb2_request_done_ex()
Stefan Metzmacher [Wed, 20 May 2009 17:35:39 +0000 (19:35 +0200)]
s3:smbd: add smbd_smb2_request_done_ex()

Some times we have to return a non-error response
with status != NT_STATUS_OK.

metze

10 years agos3:smbd: fix initialized memory in SMB2 responses
Stefan Metzmacher [Wed, 20 May 2009 17:32:55 +0000 (19:32 +0200)]
s3:smbd: fix initialized memory in SMB2 responses

MESSAGE_ID and SESSION_ID are both 64bit.

metze

10 years agoAdd a security model to LSA. Similar to the SAMR code - using
Jeremy Allison [Wed, 20 May 2009 18:52:11 +0000 (11:52 -0700)]
Add a security model to LSA. Similar to the SAMR code - using
the MS-LSA docs.
Jeremy.

10 years agos4:libcli/smb2: fix session setup with raw NTLMSSP
Stefan Metzmacher [Wed, 20 May 2009 17:57:37 +0000 (19:57 +0200)]
s4:libcli/smb2: fix session setup with raw NTLMSSP

metze

10 years agos4:libcli/smb2: use raw ntlmssp if the server didn't provide a sec blob
Stefan Metzmacher [Wed, 20 May 2009 15:17:07 +0000 (17:17 +0200)]
s4:libcli/smb2: use raw ntlmssp if the server didn't provide a sec blob

metze

10 years agos4:libcli/smb2: fill in transport->negotiate.secblob with the correct data
Stefan Metzmacher [Wed, 20 May 2009 17:51:40 +0000 (19:51 +0200)]
s4:libcli/smb2: fill in transport->negotiate.secblob with the correct data

metze

10 years agoUse SMB_VFS_NEXT_CLOSE. This VFS stuff is really opaque to me...
Volker Lendecke [Mon, 18 May 2009 04:18:57 +0000 (06:18 +0200)]
Use SMB_VFS_NEXT_CLOSE. This VFS stuff is really opaque to me...

Thanks Michael to provide some transparency :-)

10 years agos3:smbd: add support for SMB2 Keepalive (SMB2 Echo)
Stefan Metzmacher [Fri, 15 May 2009 10:07:28 +0000 (12:07 +0200)]
s3:smbd: add support for SMB2 Keepalive (SMB2 Echo)

metze

10 years agos3:smbd: allow SMB 2.002 dialect in SMB1 negprot
Stefan Metzmacher [Tue, 19 May 2009 08:47:51 +0000 (10:47 +0200)]
s3:smbd: allow SMB 2.002 dialect in SMB1 negprot

We create a dummy SMB2 Negotiate inbuf and pass the
connection to the SMB2 engine.

metze

10 years agos3:smbd: add support for SMB2 Negotiate
Stefan Metzmacher [Thu, 14 May 2009 13:32:02 +0000 (15:32 +0200)]
s3:smbd: add support for SMB2 Negotiate

This is not complete, but a start that makes the
samba4 smb2 client happy.

metze

10 years agos3:smbd: make negprot_spnego() non static
Stefan Metzmacher [Tue, 19 May 2009 08:46:35 +0000 (10:46 +0200)]
s3:smbd: make negprot_spnego() non static

metze

10 years agos3:smbd: add infrastructure for SMB2 support
Stefan Metzmacher [Thu, 14 May 2009 12:17:28 +0000 (14:17 +0200)]
s3:smbd: add infrastructure for SMB2 support

This is disabled by default and activated by
"max protocol = SMB2".

metze

10 years agos3:param: add PROTOCOL_SMB2
Stefan Metzmacher [Tue, 19 May 2009 08:45:38 +0000 (10:45 +0200)]
s3:param: add PROTOCOL_SMB2

metze

10 years agoSMB2-LOCK: let the test pass against samba4
Stefan Metzmacher [Wed, 20 May 2009 13:23:51 +0000 (15:23 +0200)]
SMB2-LOCK: let the test pass against samba4

metze

10 years agoFix bug disclosed by lock8 torture test
Volker Lendecke [Mon, 18 May 2009 04:02:07 +0000 (06:02 +0200)]
Fix bug disclosed by lock8 torture test

We have to drop the gpfs level share modes, regardless of whether we put
the file into the pending close queue.

10 years agoDemonstrate a bug we have when dealing with real os-level share modes
Volker Lendecke [Wed, 20 May 2009 12:56:04 +0000 (14:56 +0200)]
Demonstrate a bug we have when dealing with real os-level share modes

Another one of those where you stare at logfiles for hours, and when you found
it, it's absolutely obvious what is happening...

10 years agos4: try to fix privileges implementation in order to pass the RPC-SAMR-USERS-PRIVILEG...
Günther Deschner [Wed, 20 May 2009 11:32:25 +0000 (13:32 +0200)]
s4: try to fix privileges implementation in order to pass the RPC-SAMR-USERS-PRIVILEGES test.

Guenther

10 years agoHave ntvfs_connect() accept union smb_tcon *tcon instead of char* sharename
Sam Liddicott [Thu, 14 May 2009 07:58:50 +0000 (08:58 +0100)]
Have ntvfs_connect() accept union smb_tcon *tcon instead of char* sharename

This change brings ntvfs_connect into compliance with other ntvfs functions
which take an ntvfs module, an ntvfs request and an smb io union.

It now becomes the responsibility of ntvfs modules to examine
tcon->generic.level themselves and derive the share name and any other
options
directly; e.g.

const char *sharename;

switch (tcon->generic.level) {
case RAW_TCON_TCON:
sharename = tcon->tcon.in.service;
break;
case RAW_TCON_TCONX:
sharename = tcon->tconx.in.path;
break;
case RAW_TCON_SMB2:
default:
return NT_STATUS_INVALID_LEVEL;
}

if (strncmp(sharename, "\\\\", 2) == 0) {
char *p = strchr(sharename+2, '\\');
if (p) {
sharename = p + 1;
}
}

service.c smbsrv_tcon_backend() is called before ntvfs_connect and fills in
some of the tcon->..out values.
For the case of RAW_TCON_TCONX, it filles out tcon->tconx.out.tid and
tcon->tconx.out.options

For the case of RAW_TCON_TCON it fills out tcon->tcon.out.tid and
tcon->tcon.out.max_xmit

Thus the ntvfs_connect function for vfs modules may override these values
if desired, but are not required to.

ntvfs_connect functions are required to fill in the tcon->tconx.out.*_type
fields, for RAW_TCON_TCONX, perhaps something like:

if (tcon->generic.level == RAW_TCON_TCONX) {
tcon->tconx.out.fs_type = ntvfs->ctx->fs_type;
tcon->tconx.out.dev_type = ntvfs->ctx->dev_type;
}

Signed-off-by: Sam Liddicott <sam@liddicott.com>
(I fixed the ntvfs_connect() in the smb_server/smb2/
 and the RAW_TCON_SMB2 switch case in the modules)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
10 years agos3-selftest: add add and delete group scripts using nss_wrapper.
Günther Deschner [Wed, 20 May 2009 00:12:17 +0000 (02:12 +0200)]
s3-selftest: add add and delete group scripts using nss_wrapper.

Guenther

10 years agonsswrapper: implement group_del() in nss_wrapper.pl.
Günther Deschner [Wed, 20 May 2009 00:10:12 +0000 (02:10 +0200)]
nsswrapper: implement group_del() in nss_wrapper.pl.

Guenther

10 years agonsswrapper: implement group_add() in nss_wrapper.pl.
Günther Deschner [Wed, 20 May 2009 00:06:22 +0000 (02:06 +0200)]
nsswrapper: implement group_add() in nss_wrapper.pl.

Guenther

10 years agos4:smb_server: initialy read the first 4 bytes only
Sam Liddicott [Tue, 19 May 2009 14:42:39 +0000 (15:42 +0100)]
s4:smb_server: initialy read the first 4 bytes only

Stop packet_recv getting greedy and reading the whole socket
and then dispatching te extra packets in a timer loop

Signed-off-by: Sam Liddicott <sam@liddicott.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
10 years agos4:libcli/raw: initialy read the first 4 bytes only
Stefan Metzmacher [Tue, 19 May 2009 14:18:38 +0000 (16:18 +0200)]
s4:libcli/raw: initialy read the first 4 bytes only

metze

10 years agoDo not do a merged build without shared libs
Volker Lendecke [Wed, 20 May 2009 06:58:13 +0000 (08:58 +0200)]
Do not do a merged build without shared libs

Jelmer, you might want to take a look at Andrew B's problem with

--enable-developer --disable-shared --disable-shared-libs

10 years agoOnly build the krb5 locator when building shared libs
Volker Lendecke [Wed, 20 May 2009 06:39:45 +0000 (08:39 +0200)]
Only build the krb5 locator when building shared libs

10 years agoSet errno=ENOMEM if tevent_add_fd fails
Volker Lendecke [Tue, 19 May 2009 21:48:41 +0000 (23:48 +0200)]
Set errno=ENOMEM if tevent_add_fd fails

tevent_add_fd does not properly set that. At least in epoll and select this is
the only error condition.

Metze, please check!

10 years agoAdded mapping table for account object in lsa.
Jeremy Allison [Tue, 19 May 2009 21:47:25 +0000 (14:47 -0700)]
Added mapping table for account object in lsa.
Jeremy.