8 years agoIntroduce system MIT krb5 build with --with-system-mitkrb5 option.
Alexander Bokovoy [Mon, 21 May 2012 09:45:12 +0000 (12:45 +0300)]
Introduce system MIT krb5 build with --with-system-mitkrb5 option.
System MIT krb5 build also enabled by specifying --without-ad-dc

When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level
configure in WAF build we are trying to detect and use system-wide MIT krb5
libraries. As result, Samba 4 DC functionality will be disabled due to the fact
that it is currently impossible to implement embedded KDC server with MIT krb5.

Thus, --with-system-mitkrb5/--without-ad-dc build will only produce
  * Samba 4 client libraries and their Python bindings
  * Samba 3 server (smbd, nmbd, winbindd from source3/)
  * Samba 3 client libraries

In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture.
This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.

8 years agos4: samba-tool is usable without export-keytab command, make sure it does not break
Alexander Bokovoy [Fri, 18 May 2012 12:24:38 +0000 (15:24 +0300)]
s4: samba-tool is usable without export-keytab command, make sure it does not break

When export_keytab is not compiled in (pure client-side Samba 4 build as with
system MIT krb5), export-keytab command of samba-tool will not be available.
Make sure it is not provided but its absence does not break the Python tool.

8 years agoauth-credentials: Support using pre-fetched ccache when obtaining kerberos credentials
Alexander Bokovoy [Fri, 18 May 2012 07:05:38 +0000 (10:05 +0300)]
auth-credentials: Support using pre-fetched ccache when obtaining kerberos credentials

When credentials API is used by a client-side program that already as fetched required
tickets into a ccache, we need to skip re-initializing ccache. This is used in FreeIPA
when Samba 4 Python bindings are run after mod_auth_kerb has obtained user tickets

8 years agos3-passdb: add unixid_from_uid/unixid_from_gid/unixid_from_both API
Alexander Bokovoy [Fri, 18 May 2012 07:00:58 +0000 (10:00 +0300)]
s3-passdb: add unixid_from_uid/unixid_from_gid/unixid_from_both API

struct unixid is defined in idmap.idl and therefore to use it one
would need generated headers from librpc/gen_ndr. Not all of these
files are installed and available as public headers. Also, they
pull in some support headers which requires them to be available
via specific locations like <librpc/gen_ndr/*> or <libcli/util>.

Instead of pulling the headers to get structure and enum definitions,
introduce three simple helpers to fill in 'struct unixid' based on
the type of id. This is sufficient for PASSDB users and does not
require exposing generated headers or code.

8 years agodns: fix comments and make s4/libcli/resolve dns resolver working
Alexander Bokovoy [Tue, 15 May 2012 13:28:44 +0000 (16:28 +0300)]
dns: fix comments and make s4/libcli/resolve dns resolver working

After migrating to use libaddns, reply_to_addrs() needed to change the
way answers are iterated through. Originally libroken implementation
gave all answers as separate records with last one being explicitly NULL.
libaddns unmarshalling code gives all non-NULL answers and should be
iterated with explicit reply->num_answers in use.

8 years agolib/krb5_wrap: implement krb5_cc_get_lifetime for MIT Kerberos
Alexander Bokovoy [Wed, 9 May 2012 21:00:03 +0000 (00:00 +0300)]
lib/krb5_wrap: implement krb5_cc_get_lifetime for MIT Kerberos

In case krb5_cc_get_lifetime is not available, iterate over
existing tickets in the keytab, find the one marked as TKT_FLAG_INITIAL,
and use its lifetime. This is how it is implemented in Heimdal and
how it was suggested to be done by MIT Kerberos developers.

8 years agogensec_gssapi: Make it possible to build with MIT krb5
Simo Sorce [Tue, 8 May 2012 16:38:20 +0000 (12:38 -0400)]
gensec_gssapi: Make it possible to build with MIT krb5

We need to ifdef out some minor things here because there is no available API
to set these options in MIT.
The realm and canonicalize options should be not interesting in the client
case. Same for the send_to_kdc hacks.
Also the OLD DES3 enctype is not at all interesting. I am not aware that
Windows will ever use DES3 and no modern implementation relies on that enctype
anymore as it has been fully deprecated long ago, so we can simply ignore it.

8 years agoauth and s4-rpc_server: Do not use features we currently can't implement with MIT...
Simo Sorce [Wed, 2 May 2012 16:53:34 +0000 (12:53 -0400)]
auth and s4-rpc_server: Do not use features we currently can't implement with MIT Kerbros build

8 years agos4-resolve: Remove dependency on libroken
Simo Sorce [Sat, 5 May 2012 03:11:19 +0000 (23:11 -0400)]
s4-resolve: Remove dependency on libroken

Use available native samba resolver functions

8 years agoaddns: Make ads_dns_lookup_srv pulic
Simo Sorce [Sat, 5 May 2012 03:07:14 +0000 (23:07 -0400)]
addns: Make ads_dns_lookup_srv pulic

8 years agoMove source3/libads/dns.c to lib/addns
Simo Sorce [Fri, 4 May 2012 20:47:27 +0000 (16:47 -0400)]
Move source3/libads/dns.c to lib/addns

8 years agos3-ads-dns: Avoid unnecessary dependencies
Simo Sorce [Sat, 5 May 2012 02:32:47 +0000 (22:32 -0400)]
s3-ads-dns: Avoid unnecessary dependencies

8 years agos3-ads-dns: Break dependency on lp_parm
Simo Sorce [Fri, 4 May 2012 21:27:36 +0000 (17:27 -0400)]
s3-ads-dns: Break dependency on lp_parm

In preparation of making this code common to s3 and s4

8 years agos3-ad-dns: Use more standard uint and booleans defs
Simo Sorce [Fri, 4 May 2012 20:49:05 +0000 (16:49 -0400)]
s3-ad-dns: Use more standard uint and booleans defs

In preparation of making this code common to s3 and s4

8 years agoaddns: Fix talloc hiereachy
Simo Sorce [Mon, 7 May 2012 20:14:07 +0000 (16:14 -0400)]
addns: Fix talloc hiereachy

Attach request to local memory context not to potentially long lived connection

8 years agos3:smbd: use reply_force_doserror(req, ERRSRV, ERRbaduid) on SMBulogoff
Stefan Metzmacher [Thu, 3 May 2012 13:52:41 +0000 (15:52 +0200)]
s3:smbd: use reply_force_doserror(req, ERRSRV, ERRbaduid) on SMBulogoff

We don't support security = share anymore, so we should always have
a valid session.

Found by the raw.context test.


Autobuild-User: Stefan Metzmacher <>
Autobuild-Date: Wed May 23 12:47:37 CEST 2012 on sn-devel-104

8 years agoSecond part of fix for bug 8953 - winbind can hang as nbt_getdc() has no timeout.
Herb Lewis [Tue, 22 May 2012 23:40:17 +0000 (16:40 -0700)]
Second part of fix for bug 8953 - winbind can hang as nbt_getdc() has no timeout.

If we're running with SEC_ADS and we don't get a cldap response from
the server when querying its name, don't fall back to NetBIOS requests
as they're unlikely to succeed.

Signed-off-by: Jeremy Allison <>
Autobuild-User: Jeremy Allison <>
Autobuild-Date: Wed May 23 03:49:36 CEST 2012 on sn-devel-104

8 years agoFix bug #8953 - winbind can hang as nbt_getdc() has no timeout.
Jeremy Allison [Tue, 22 May 2012 23:25:14 +0000 (16:25 -0700)]
Fix bug #8953 - winbind can hang as nbt_getdc() has no timeout.

Add a timeout_in_seconds parameter to nbt_getdc() to make it fail
after that time with NT_STATUS_IO_TIMEOUT.

8 years agos3:smbd: remove unused 'connection_struct->used'
Michael Adam [Tue, 22 May 2012 09:56:36 +0000 (11:56 +0200)]
s3:smbd: remove unused 'connection_struct->used'

Pair-Programmed-With: Stefan Metzmacher <>

Autobuild-User: Stefan Metzmacher <>
Autobuild-Date: Tue May 22 16:42:22 CEST 2012 on sn-devel-104

8 years agoAdded torture test for bug #8910. Test remove_duplicate_addrs2().
Jeremy Allison [Mon, 21 May 2012 21:29:11 +0000 (14:29 -0700)]
Added torture test for bug #8910. Test remove_duplicate_addrs2().

Autobuild-User: Jeremy Allison <>
Autobuild-Date: Tue May 22 01:31:17 CEST 2012 on sn-devel-104

8 years agos3: Fix vfs_xattr_tdb.c
Volker Lendecke [Mon, 21 May 2012 12:41:40 +0000 (14:41 +0200)]
s3: Fix vfs_xattr_tdb.c

"size" is the maximum buffer, only copy what we actually got. For me, this
fixes valgrind errors in the DIR1 test that might potentially make DIR1
non-flaky again.

Signed-off-by: Jeremy Allison <>
Autobuild-User: Jeremy Allison <>
Autobuild-Date: Mon May 21 22:10:15 CEST 2012 on sn-devel-104

8 years agos3:smb2_ioctl: Fix Coverity ID 701771 Uninitialized scalar variable
Stefan Metzmacher [Mon, 21 May 2012 09:44:09 +0000 (11:44 +0200)]
s3:smb2_ioctl: Fix Coverity ID 701771 Uninitialized scalar variable


Autobuild-User: Stefan Metzmacher <>
Autobuild-Date: Mon May 21 19:27:44 CEST 2012 on sn-devel-104

8 years agos4-dsdb: allow modification of some deleted object if the show-deleted control is...
Matthieu Patou [Fri, 11 May 2012 21:25:49 +0000 (14:25 -0700)]
s4-dsdb: allow modification of some deleted object if the show-deleted control is presented

Autobuild-User: Matthieu Patou <>
Autobuild-Date: Sat May 19 20:28:01 CEST 2012 on sn-devel-104

8 years agos4-dsdb: naming context needs to have the extended-dn syntax too
Matthieu Patou [Wed, 9 May 2012 15:51:57 +0000 (08:51 -0700)]
s4-dsdb: naming context needs to have the extended-dn syntax too

8 years agolibcli: make it easier to understand that a control was not correctly encoded
Matthieu Patou [Tue, 15 May 2012 17:10:16 +0000 (10:10 -0700)]
libcli: make it easier to understand that a control was not correctly encoded

8 years agoMove the set_write_time() call to after get_existing_share_mode_lock() returns with...
Jeremy Allison [Sat, 19 May 2012 02:29:36 +0000 (19:29 -0700)]
Move the set_write_time() call to after get_existing_share_mode_lock() returns with a share mode.

get_existing_share_mode_lock() isn't really the right
call here, as we're being called after
close_remove_share_mode() inside close_normal_file()
so it's quite normal to not have an existing share
mode here. However, get_share_mode_lock() doesn't
work because that will create a new share mode if
one doesn't exist - so stick with this call (just
ignore any error we get if the share mode doesn't

The previous commit raised the error message debug
level inside get_share_mode_lock_internal() so
we don't always get a level 1 error message if
get_existing_share_mode_lock() fails.

Autobuild-User: Jeremy Allison <>
Autobuild-Date: Sat May 19 06:26:33 CEST 2012 on sn-devel-104

8 years agoRaise the debug level from 1 to 5 in get_share_mode_lock_internal()
Jeremy Allison [Sat, 19 May 2012 02:24:51 +0000 (19:24 -0700)]
Raise the debug level from 1 to 5 in get_share_mode_lock_internal()

This isn't a fatal condition, there is a valid codepath
that can cause this message.

8 years agos4:torture: Add raw.session.reauth2 test
Volker Lendecke [Wed, 2 May 2012 13:54:03 +0000 (15:54 +0200)]
s4:torture: Add raw.session.reauth2 test

Signed-off-by: Stefan Metzmacher <>
Autobuild-User: Stefan Metzmacher <>
Autobuild-Date: Fri May 18 18:25:42 CEST 2012 on sn-devel-104

8 years agos4:torture: rename raw.session.reauth => raw.session.reauth1
Stefan Metzmacher [Fri, 18 May 2012 11:39:48 +0000 (13:39 +0200)]
s4:torture: rename raw.session.reauth => raw.session.reauth1


8 years agos3:smbd: allow creating new spnego sessions only with a 0 vuid
Stefan Metzmacher [Thu, 3 May 2012 14:13:08 +0000 (16:13 +0200)]
s3:smbd: allow creating new spnego sessions only with a 0 vuid

Found by the raw.context test.


8 years agos3:smbd: SMBtdis should return ERRSRV, ERRinvnid instead of NETWORK_NAME_DELETED
Stefan Metzmacher [Thu, 3 May 2012 13:53:56 +0000 (15:53 +0200)]
s3:smbd: SMBtdis should return ERRSRV, ERRinvnid instead of NETWORK_NAME_DELETED

Found by the raw.context test.


8 years agoselftest/Samba3: add 'smbd:suicide mode = yes'
Stefan Metzmacher [Wed, 16 May 2012 23:06:29 +0000 (01:06 +0200)]
selftest/Samba3: add 'smbd:suicide mode = yes'


8 years agos3:idmap_cache: improve checks for format of value string in idmap_cache_find_sid2uni...
Michael Adam [Fri, 18 May 2012 09:37:18 +0000 (11:37 +0200)]
s3:idmap_cache: improve checks for format of value string in idmap_cache_find_sid2unixid()

Autobuild-User: Michael Adam <>
Autobuild-Date: Fri May 18 16:34:27 CEST 2012 on sn-devel-104

8 years agos3:idmap_cache: add common exit point to idmap_cache_find_sid2unixid()
Michael Adam [Wed, 16 May 2012 21:10:04 +0000 (23:10 +0200)]
s3:idmap_cache: add common exit point to idmap_cache_find_sid2unixid()

8 years agos3:idmap_cache: improve debug messages in idmap_cache_find_sid2unixid()
Michael Adam [Wed, 16 May 2012 15:49:47 +0000 (17:49 +0200)]
s3:idmap_cache: improve debug messages in idmap_cache_find_sid2unixid()

8 years agos3: Revert the serverid changes, they need more work
Volker Lendecke [Fri, 18 May 2012 07:10:02 +0000 (09:10 +0200)]
s3: Revert the serverid changes, they need more work

Autobuild-User: Volker Lendecke <>
Autobuild-Date: Fri May 18 13:12:14 CEST 2012 on sn-devel-104

8 years agos4-torture: Improve torture test boilerplate, use torture_assert()
Andrew Bartlett [Fri, 18 May 2012 05:43:31 +0000 (15:43 +1000)]
s4-torture: Improve torture test boilerplate, use torture_assert()

This ensures that if this fails, it is reported as a subunit error correctly.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <>
Autobuild-Date: Fri May 18 09:35:13 CEST 2012 on sn-devel-104

8 years agos4-torture: Always use torture_assert() to handle failures
Andrew Bartlett [Fri, 18 May 2012 05:06:28 +0000 (15:06 +1000)]
s4-torture: Always use torture_assert() to handle failures

8 years agos4-torture: provide correct torture failures for failure to connect
Andrew Bartlett [Fri, 18 May 2012 04:22:27 +0000 (14:22 +1000)]
s4-torture: provide correct torture failures for failure to connect

8 years agobuild: Also look for iconv in /usr/local by default
Andrew Bartlett [Thu, 17 May 2012 22:28:18 +0000 (08:28 +1000)]
build: Also look for iconv in /usr/local by default

This should help the build find iconv on FreeBSD and similar systems,
and make it possible to operate with 8-bit character sets.

Andrew Bartlett

8 years agoAdd include/lib folders from the commandline
Thomas Nagy [Thu, 17 May 2012 12:49:08 +0000 (14:49 +0200)]
Add include/lib folders from the commandline

By using opt.add_option(..., match=['Checking for library iconv'], dest='iconvdir'),
all configuration tests displaying 'Checking for library iconv' will get
$(iconvdir)/lib and $(iconvdir)/include

8 years agos4-torture: Fix rpc.samr.priv test to use torture_assert() macros
Andrew Bartlett [Thu, 17 May 2012 03:10:31 +0000 (13:10 +1000)]
s4-torture: Fix rpc.samr.priv test to use torture_assert() macros

8 years agoautobuild: Run ABI check on samba4-libs as well.
Andrew Bartlett [Thu, 17 May 2012 03:21:57 +0000 (13:21 +1000)]
autobuild: Run ABI check on samba4-libs as well.

Because this build is without the developer options (so as to check that we build without those)
we do not do an ABI check by default.

Andrew Bartlett

8 years agobuild: Move generated files out of the normal build tree
Andrew Bartlett [Thu, 17 May 2012 01:12:07 +0000 (11:12 +1000)]
build: Move generated files out of the normal build tree

This avoids some dual-build-system interactions.

Andrew Bartlett

8 years agobuild: Move generated version.h to a waf-invisible location
Andrew Bartlett [Thu, 17 May 2012 06:43:48 +0000 (16:43 +1000)]
build: Move generated version.h to a waf-invisible location

Generally, it is better if our generated header files for the autoconf
build do not end up in places that the waf build can see.

Andrew Bartlett

8 years agopygensec: Fix init of variable if not specified.
Jelmer Vernooij [Thu, 17 May 2012 21:48:26 +0000 (23:48 +0200)]
pygensec: Fix init of variable if not specified.

Thanks to Wolfgang Sourdeau for reporting this.


Autobuild-User: Jelmer Vernooij <>
Autobuild-Date: Fri May 18 04:50:17 CEST 2012 on sn-devel-104

8 years agoNote that "keepalive" only applies to SMB1 connections.
Jeremy Allison [Thu, 17 May 2012 21:54:03 +0000 (14:54 -0700)]
Note that "keepalive" only applies to SMB1 connections.

Autobuild-User: Jeremy Allison <>
Autobuild-Date: Fri May 18 02:59:34 CEST 2012 on sn-devel-104

8 years agoFix the waf build with the new "cleans up stale processes" test.
Jeremy Allison [Thu, 17 May 2012 00:16:17 +0000 (17:16 -0700)]
Fix the waf build with the new "cleans up stale processes" test.

Autobuild-User: Jeremy Allison <>
Autobuild-Date: Fri May 18 00:20:36 CEST 2012 on sn-devel-104

8 years agos3: Check for serverid_exists in close_directory
Volker Lendecke [Mon, 7 May 2012 13:23:29 +0000 (15:23 +0200)]
s3: Check for serverid_exists in close_directory

Signed-off-by: Jeremy Allison <>
8 years agos3: Check for serverid_exists in close_remove_share_mode
Volker Lendecke [Mon, 7 May 2012 13:23:29 +0000 (15:23 +0200)]
s3: Check for serverid_exists in close_remove_share_mode

Signed-off-by: Jeremy Allison <>
8 years agos3: Be less picky on stale share mode entries
Volker Lendecke [Mon, 14 May 2012 12:57:34 +0000 (14:57 +0200)]
s3: Be less picky on stale share mode entries

If a process died, the share mode entry might be bogus. Ignore those entries.

Signed-off-by: Jeremy Allison <>
8 years agos3: Check for serverid_exists in find_oplock_types
Volker Lendecke [Wed, 16 May 2012 23:51:26 +0000 (16:51 -0700)]
s3: Check for serverid_exists in find_oplock_types
Signed-off-by: Jeremy Allison <>
8 years agos3: Test whether get_share_mode_lock cleans up stale processes
Volker Lendecke [Fri, 11 May 2012 12:39:42 +0000 (14:39 +0200)]
s3: Test whether get_share_mode_lock cleans up stale processes

Signed-off-by: Jeremy Allison <>
8 years agos3: Check for serverid_exists in rename_share_filename
Volker Lendecke [Mon, 7 May 2012 13:23:10 +0000 (15:23 +0200)]
s3: Check for serverid_exists in rename_share_filename

Signed-off-by: Jeremy Allison <>
8 years agos3: Do not check the PIDs is parse_share_modes
Volker Lendecke [Mon, 7 May 2012 14:34:11 +0000 (16:34 +0200)]
s3: Do not check the PIDs is parse_share_modes

We do that when conflicts arise

Signed-off-by: Jeremy Allison <>
8 years agos3: Check for serverid_exists in smb_posix_unlink
Volker Lendecke [Mon, 7 May 2012 13:23:29 +0000 (15:23 +0200)]
s3: Check for serverid_exists in smb_posix_unlink

Signed-off-by: Jeremy Allison <>
8 years agos3: Check for serverid_exists in open_mode_check
Volker Lendecke [Mon, 7 May 2012 13:23:10 +0000 (15:23 +0200)]
s3: Check for serverid_exists in open_mode_check

Signed-off-by: Jeremy Allison <>
8 years agos3: Check for serverid_exists in notify_deferred_opens
Volker Lendecke [Mon, 7 May 2012 10:22:50 +0000 (12:22 +0200)]
s3: Check for serverid_exists in notify_deferred_opens

We will remove the check in parse_share_modes soon

Signed-off-by: Jeremy Allison <>
8 years agos3: Add "share_mode_stale_server"
Volker Lendecke [Mon, 7 May 2012 10:57:07 +0000 (12:57 +0200)]
s3: Add "share_mode_stale_server"

This is a helper routine that prunes a dead share mode entry on demand. This
prepares for removing the serverids_exist call in parse_share_modes.

Signed-off-by: Jeremy Allison <>
8 years agos4:torture: add smb2.session.expire1
Stefan Metzmacher [Thu, 17 May 2012 16:32:49 +0000 (18:32 +0200)]
s4:torture: add smb2.session.expire1


Autobuild-User: Stefan Metzmacher <>
Autobuild-Date: Thu May 17 21:53:11 CEST 2012 on sn-devel-104

8 years agos4:torture: add smb2.session.reconnect2 test
Stefan Metzmacher [Mon, 30 Apr 2012 14:40:14 +0000 (16:40 +0200)]
s4:torture: add smb2.session.reconnect2 test

This uses just one transport connection
and demonstrates the implicit logoff of the previous session.


8 years agos4:torture: rename smb2.session.reconnect to smb2.session.reconnect1
Stefan Metzmacher [Mon, 30 Apr 2012 12:46:54 +0000 (14:46 +0200)]
s4:torture: rename smb2.session.reconnect to smb2.session.reconnect1


8 years agos4:torture: remove unused vars in smb2.session.reauth*
Stefan Metzmacher [Thu, 17 May 2012 16:32:16 +0000 (18:32 +0200)]
s4:torture: remove unused vars in smb2.session.reauth*


8 years agos4:auth/gensec_gssapi: add "gensec_gssapi:requested_life_time" option
Stefan Metzmacher [Fri, 20 Apr 2012 11:51:22 +0000 (13:51 +0200)]
s4:auth/gensec_gssapi: add "gensec_gssapi:requested_life_time" option


8 years agos3:gse: implement gensec_gse_expire_time()
Stefan Metzmacher [Sat, 3 Mar 2012 03:34:19 +0000 (04:34 +0100)]
s3:gse: implement gensec_gse_expire_time()


8 years agos4:auth/gensec: implement gensec_gssapi_expire_time()
Stefan Metzmacher [Sat, 3 Mar 2012 03:33:55 +0000 (04:33 +0100)]
s4:auth/gensec: implement gensec_gssapi_expire_time()


8 years agoauth/gensec: implement gensec_spnego_expire_time()
Stefan Metzmacher [Sat, 3 Mar 2012 03:33:15 +0000 (04:33 +0100)]
auth/gensec: implement gensec_spnego_expire_time()


8 years agoauth/gensec: add gensec_expire_time()
Stefan Metzmacher [Sat, 3 Mar 2012 03:32:45 +0000 (04:32 +0100)]
auth/gensec: add gensec_expire_time()


8 years agos4:auth/gensec_gssapi: add missing 'break' statements
Stefan Metzmacher [Thu, 17 May 2012 15:31:09 +0000 (17:31 +0200)]
s4:auth/gensec_gssapi: add missing 'break' statements


8 years agos4:auth/gensec_gssapi: remember the expire time
Stefan Metzmacher [Fri, 2 Mar 2012 21:02:36 +0000 (22:02 +0100)]
s4:auth/gensec_gssapi: remember the expire time


8 years agos3:gse: remember the expire time
Stefan Metzmacher [Thu, 26 Jan 2012 16:32:12 +0000 (17:32 +0100)]
s3:gse: remember the expire time


8 years agos3:smb2_sesssetup: make use of nt_status_squash() in smbd_smb2_session_setup_recv()
Stefan Metzmacher [Wed, 16 May 2012 13:32:08 +0000 (15:32 +0200)]
s3:smb2_sesssetup: make use of nt_status_squash() in smbd_smb2_session_setup_recv()


8 years agoCheck the return from create_acl_blob
Richard Sharpe [Thu, 17 May 2012 03:21:34 +0000 (20:21 -0700)]
Check the return from create_acl_blob

Autobuild-User: Richard Sharpe <>
Autobuild-Date: Thu May 17 07:17:29 CEST 2012 on sn-devel-104

8 years agos3-smbd: Avoid creating a UID ACL entry for SIDs that are mapped as ID_TYPE_BOTH...
Andrew Bartlett [Wed, 16 May 2012 20:07:17 +0000 (13:07 -0700)]
s3-smbd: Avoid creating a UID ACL entry for SIDs that are mapped as ID_TYPE_BOTH The GID ACL entry is what will be mapped in most cases, and so is sufficient.

Andrew Bartlett

Signed-off-by: Jeremy Allison <>
Autobuild-User: Andrew Bartlett <>
Autobuild-Date: Thu May 17 05:08:44 CEST 2012 on sn-devel-104

8 years agos3-smbd: Consider a group with the same SID as sufficient duplication
Andrew Bartlett [Thu, 10 May 2012 01:05:41 +0000 (11:05 +1000)]
s3-smbd: Consider a group with the same SID as sufficient duplication

This code is to ensure that the user does not loose rights when their file
ownership is taken away.  If the owner (an IDMAP_BOTH SID) appears as a group
then a duplicate user is not required.

Signed-off-by: Jeremy Allison <>
8 years agos3-smbd: Handle ID_TYPE_BOTH by mapping to both a group ACL entry and file ownership...
Andrew Bartlett [Tue, 15 May 2012 19:33:18 +0000 (12:33 -0700)]
s3-smbd: Handle ID_TYPE_BOTH by mapping to both a group ACL entry and file ownership This will allow groups, such as domain administrators, to own files while correctly handling the rest of the ACL permissions.

Andrew Bartlett

Signed-off-by: Jeremy Allison <>
8 years agoWe need to split things up into a new helper function add_current_ace_to_acl() in...
Andrew Bartlett [Tue, 15 May 2012 00:11:09 +0000 (17:11 -0700)]
We need to split things up into a new helper function add_current_ace_to_acl() in order for there to be more posix ACL elements than NT ACL elements (so a group SID can own a file, but also get the group permissions that will be honoured)

Andrew Bartlett

Slightly modified by Jeremy to reduce diff size.

Signed-off-by: Jeremy Allison <>
8 years agoThis covers a case where an ID_TYPE_BOTH mapping creates group permissions, but must...
Jeremy Allison [Mon, 14 May 2012 19:34:39 +0000 (12:34 -0700)]
This covers a case where an ID_TYPE_BOTH mapping creates group permissions, but must own the file. Based on an original patch by Andrew Bartlett.

8 years agos3-smbd: Do not merge UID ACE values with GID ACE values for posix ACL
Andrew Bartlett [Wed, 9 May 2012 02:11:45 +0000 (12:11 +1000)]
s3-smbd: Do not merge UID ACE values with GID ACE values for posix ACL

This might happen when we get a SID mapped to IDMAP_BOTH.

Andrew Bartlett

Signed-off-by: Jeremy Allison <>
8 years agos3:onefs: remove all onefs related code as it not maintained anymore
Stefan Metzmacher [Wed, 16 May 2012 07:26:12 +0000 (09:26 +0200)]
s3:onefs: remove all onefs related code as it not maintained anymore

for the discussion.


Autobuild-User: Stefan Metzmacher <>
Autobuild-Date: Wed May 16 11:23:05 CEST 2012 on sn-devel-104

8 years agoFix the overwriting of errno before use in a DEBUG statement and use the return value...
Richard Sharpe [Tue, 15 May 2012 14:47:14 +0000 (07:47 -0700)]
Fix the overwriting of errno before use in a DEBUG statement and use the return value from store_acl_blob_fsp rather than ignoring it.

Autobuild-User: Richard Sharpe <>
Autobuild-Date: Wed May 16 03:43:41 CEST 2012 on sn-devel-104

8 years agobuild: Add explicit mention of --abi-check-disable to ABI checker
Andrew Bartlett [Tue, 15 May 2012 13:03:31 +0000 (23:03 +1000)]
build: Add explicit mention of --abi-check-disable to ABI checker

This information has always been in the linked wiki page, but put it
in the build to unblock developers using platforms with slightly
different GDB output.

We can also assist this by improving the string normalisiation in the
ABI checker when example errors are provided.

It is better to build with the waf build and the full testsuite than
to avoid the waf build or not to use the developer options simply to
skip the ABI checker.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <>
Autobuild-Date: Wed May 16 01:53:42 CEST 2012 on sn-devel-104

8 years agolibwbclient: Fix an invalid free()
Volker Lendecke [Tue, 15 May 2012 17:58:26 +0000 (19:58 +0200)]
libwbclient: Fix an invalid free()

Autobuild-User: Volker Lendecke <>
Autobuild-Date: Wed May 16 00:00:00 CEST 2012 on sn-devel-104

8 years agowbinfo: Fix Coverity ID 242684 Resource leak
Volker Lendecke [Tue, 15 May 2012 17:49:31 +0000 (19:49 +0200)]
wbinfo: Fix Coverity ID 242684 Resource leak

8 years agowbinfo: Fix Coverity ID 242685 Resource leak
Volker Lendecke [Tue, 15 May 2012 17:48:42 +0000 (19:48 +0200)]
wbinfo: Fix Coverity ID 242685 Resource leak

8 years agos3: Fix Coverity ID 242710 Untrusted pointer read
Volker Lendecke [Tue, 15 May 2012 17:26:48 +0000 (19:26 +0200)]
s3: Fix Coverity ID 242710 Untrusted pointer read

According to susv3 we have to make sure that we call isupper with
values only in the range of an unsigned char. This is best achieved
by automatic narrowing through assignment.

8 years agodbwrap: Fix Coverity ID 242750 Incorrect sizeof expression
Volker Lendecke [Tue, 15 May 2012 16:51:06 +0000 (18:51 +0200)]
dbwrap: Fix Coverity ID 242750 Incorrect sizeof expression

Taking the size of "db" is correct, but a bit fishy. Silence Coverity.

8 years agolibcli/smb: move smb2cli_ioctl.c from source3 to the toplevel
Björn Baumbach [Tue, 15 May 2012 10:24:38 +0000 (12:24 +0200)]
libcli/smb: move smb2cli_ioctl.c from source3 to the toplevel

Signed-off-by: Stefan Metzmacher <>
Autobuild-User: Stefan Metzmacher <>
Autobuild-Date: Tue May 15 20:17:01 CEST 2012 on sn-devel-104

8 years agolibcli/smb: move smb2cli_query_directory.c from source3 to the toplevel
Björn Baumbach [Tue, 15 May 2012 10:19:11 +0000 (12:19 +0200)]
libcli/smb: move smb2cli_query_directory.c from source3 to the toplevel

Signed-off-by: Stefan Metzmacher <>
8 years agolibcli/smb: move smb2cli_query_info.c from source3 to the toplevel
Björn Baumbach [Tue, 15 May 2012 10:14:47 +0000 (12:14 +0200)]
libcli/smb: move smb2cli_query_info.c from source3 to the toplevel

Signed-off-by: Stefan Metzmacher <>
8 years agolibcli/smb: move smb2cli_set_info.c from source3 to the toplevel
Björn Baumbach [Tue, 15 May 2012 10:05:50 +0000 (12:05 +0200)]
libcli/smb: move smb2cli_set_info.c from source3 to the toplevel

Signed-off-by: Stefan Metzmacher <>
8 years agolibcli/smb: move smb2cli_flush.c from source3 to the toplevel
Björn Baumbach [Tue, 15 May 2012 10:00:19 +0000 (12:00 +0200)]
libcli/smb: move smb2cli_flush.c from source3 to the toplevel

Signed-off-by: Stefan Metzmacher <>
8 years agolibcli/smb: move smb2cli_write.c from source3 to the toplevel
Björn Baumbach [Tue, 15 May 2012 09:11:24 +0000 (11:11 +0200)]
libcli/smb: move smb2cli_write.c from source3 to the toplevel

Signed-off-by: Stefan Metzmacher <>
8 years agolibcli/smb: move smb2cli_read.c from source3 to the toplevel
Björn Baumbach [Tue, 15 May 2012 08:50:49 +0000 (10:50 +0200)]
libcli/smb: move smb2cli_read.c from source3 to the toplevel

Signed-off-by: Stefan Metzmacher <>
8 years agolibcli/smb: move smb2cli_close.c from source3 to the toplevel
Stefan Metzmacher [Tue, 15 May 2012 08:26:25 +0000 (10:26 +0200)]
libcli/smb: move smb2cli_close.c from source3 to the toplevel


8 years agolibcli/smb: move smb2cli_create.c from source3 to the toplevel
Stefan Metzmacher [Tue, 15 May 2012 08:23:54 +0000 (10:23 +0200)]
libcli/smb: move smb2cli_create.c from source3 to the toplevel


8 years agos3:libsmb: avoid interpret_long_date() in smb2cli_create
Stefan Metzmacher [Tue, 15 May 2012 09:27:23 +0000 (11:27 +0200)]
s3:libsmb: avoid interpret_long_date() in smb2cli_create


8 years agos3:cli_np_tstream: include smbXcli_base.h, because we'll use functions from there
Stefan Metzmacher [Tue, 15 May 2012 10:41:55 +0000 (12:41 +0200)]
s3:cli_np_tstream: include smbXcli_base.h, because we'll use functions from there


8 years agos3: Remove some unused code
Volker Lendecke [Tue, 15 May 2012 11:37:25 +0000 (13:37 +0200)]
s3: Remove some unused code

Autobuild-User: Volker Lendecke <>
Autobuild-Date: Tue May 15 18:24:10 CEST 2012 on sn-devel-104

8 years agos3: Fix a likely cut&paste error
Volker Lendecke [Mon, 14 May 2012 17:48:16 +0000 (19:48 +0200)]
s3: Fix a likely cut&paste error