Karolin Seeger [Tue, 11 Mar 2014 11:00:52 +0000 (12:00 +0100)]
VERSION: Disable git snapshots for the 4.0.16 release.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
CVE-2013-4496: Enforce password lockout for SAMR password
changes.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327
CVE-2013-6442: ensure we don't lose an existing ACL when
setting owner or group owner.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 11 Mar 2014 10:42:21 +0000 (11:42 +0100)]
WHATSNEW: Add release notes for Samba 4.0.16.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
CVE-2013-4496: Password lockout not enforced for SAMR password
changes.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327
CVE-2013-6442: smbcacls --chown | --chgrp dacl regression
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Wed, 18 Dec 2013 21:56:18 +0000 (13:56 -0800)]
CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327
Bug 10327 - CVE-2013-6442: smbcacls --chown | --chgrp dacl regression
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 27 Nov 2013 17:50:01 +0000 (06:50 +1300)]
CVE-2013-4496:Revert remainder of
ce895609b04380bfc41e4f8fddc84bd2f9324340
Part of this was removed when ChangePasswordUser was unimplemented,
but remove the remainder of this flawed commit. Fully check the
password first, as extract_pw_from_buffer() already does a partial
check of the password because it needs a correct old password to
correctly decrypt the length.
Andrew Bartlett
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 5 Nov 2013 03:16:46 +0000 (16:16 +1300)]
CVE-2013-4496:samr: Remove ChangePasswordUser
This old password change mechanism does not provide the plaintext to
validate against password complexity, and it is not used by modern
clients.
The missing features in both implementations (by design) were:
- the password complexity checks (no plaintext)
- the minimum password length (no plaintext)
Additionally, the source3 version did not check:
- the minimum password age
- pdb_get_pass_can_change() which checks the security
descriptor for the 'user cannot change password' setting.
- the password history
- the output of the 'passwd program' if 'unix passwd sync = yes'.
Finally, the mechanism was almost useless, as it was incorrectly
only made available to administrative users with permission
to reset the password. It is removed here so that it is not
mistakenly reinstated in the future.
Andrew Bartlett
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 5 Nov 2013 13:04:20 +0000 (14:04 +0100)]
CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 1 Nov 2013 01:55:44 +0000 (14:55 +1300)]
CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Karolin Seeger [Sun, 16 Feb 2014 20:01:42 +0000 (21:01 +0100)]
VERSION: Bump version number up to 4.0.16...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
20d7ec8a7b1d39f5a93e58d22720d0a333079254)
Karolin Seeger [Sun, 16 Feb 2014 20:00:50 +0000 (21:00 +0100)]
VERSION: Disable git snapshots for the 4.0.15 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Sun, 16 Feb 2014 19:58:36 +0000 (20:58 +0100)]
WHATSNEW: Add release notes for Samba 4.0.15.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Stefan Metzmacher [Thu, 30 Jan 2014 15:12:44 +0000 (16:12 +0100)]
s3:smb2_notify: fix use after free on long living notify requests
This is a hack, but it should fix the bug:
change_notify_add_request() talloc moves smb_request away,
which is not expected by the smb2_notify.c code...
smbd_smb2_notify_reply() uses tevent_req_defer_callback()
(in older versions an immediate event) to defer the response.
This is needed as change_notify_reply() will do more things
after calling reply_fn() (smbd_smb2_notify_reply is this case)
and often change_notify_remove_request() is called after
change_notify_reply().
change_notify_remove_request() implicitly free's the smb_request
that was passed to change_notify_add_request().
smbd_smb2_fake_smb_request() added the smb_request as smb2req->smb1req,
which is expected to be available after smbd_smb2_notify_recv() returned.
The long term solution would be the following interface:
struct tevent_req *change_notify_request_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct files_struct *fsp,
uint32_t max_length,
uint32_t filter,
bool recursive);
NTSTATUS change_notify_request_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
DATA_BLOB *buffer);
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10442
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 14 11:18:15 CET 2014 on sn-devel-104
(cherry picked from commit
e0bf930f23fe20ee00d0006a5f6c2ba1a8f592a0)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Sun Feb 16 19:18:59 CET 2014 on sn-devel-104
Jeremy Allison [Fri, 7 Feb 2014 18:19:26 +0000 (10:19 -0800)]
s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames() is true.
Fix bug : Bug 10429 - samba returns STATUS_OBJECT_NAME_NOT_FOUND when attempting to remove dangling symlink
https://bugzilla.samba.org/show_bug.cgi?id=10429
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Jeff Layton <jlayton@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 8 00:01:16 CET 2014 on sn-devel-104
(cherry picked from commit
17adbbcad7e401dd544dfa76f7ec9aeb6a847381)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Fri Feb 14 22:35:40 CET 2014 on sn-devel-104
Jeremy Allison [Tue, 11 Feb 2014 18:39:04 +0000 (10:39 -0800)]
s3: vfs_dirsort module.
Add raw.search torture test on a share definition with:
vfs objects = dirsort
https://bugzilla.samba.org/show_bug.cgi?id=10406
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
30cc8f41da58b87ff575860b7cde640520829923)
Jeremy Allison [Thu, 30 Jan 2014 01:01:30 +0000 (17:01 -0800)]
s3: vfs_dirsort module.
Allow dirsort to work when multiple simultaneous
directories are open. The old code only keeps one
active private data pointer on the connection struct, opening
a second directory on the same connection will overwrite it.
This modification turns the private data pointer
into a linked list of open directories on the
connection struct, and finds the correct one by searching
on the passed in DIR *.
With this code in place, smbd passes raw.search
torture test on a share definition with:
vfs objects = dirsort
https://bugzilla.samba.org/show_bug.cgi?id=10406
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(back-ported from commit
fd79652b0e598882e0c4d156bd897c29dae8ec04)
Volker Lendecke [Wed, 4 Sep 2013 11:57:00 +0000 (13:57 +0200)]
smbd: Fix an ancient oplock bug
If we get an oplock break response, we forgot to remove the oplock break
timeout.
Found by stopping raw.oplock.exclusive5 after the 2nd open and watching a debug
level 10 log. This amends
08a9de89 from 2007.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0670975261c5f29394f9e9d25f899a7de948dad1)
Fix bug #10436 - cancel fsp->oplock_timeout in downgrade_file_oplock().
Andrew Bartlett [Mon, 13 Jan 2014 22:23:04 +0000 (11:23 +1300)]
kdc: Add belts-and-braces check that we fail if the hdb version changes
This checks both if host system run-time Heimdal has changed version,
and that the build-time version is supported.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jan 20 22:26:49 CET 2014 on sn-devel-104
(cherry picked from commit
e758f4111356fafce5b5c8393648c9ea5c400601)
The last 3 patches address bug #10418 - INTERNAL ERROR: Signal 11 in the kdc
pid.
Jeffrey Clark [Fri, 10 Jan 2014 23:20:14 +0000 (17:20 -0600)]
Support for Heimdal's unified krb5 and hdb plugin system.
Fixes exportkeytab and a kdc crash when building against heimdal master.
Bug-Debian: http://bugs.debian.org/732342
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
(cherry picked from commit
368208069e33a6d9b78a90f7326d5ac1bdd204f7)
Jelmer Vernooij [Sat, 23 Nov 2013 19:46:29 +0000 (19:46 +0000)]
Cope with first element in hdb_method having a different name in different heimdal versions.
It's called `interface_version` in older Heimdal versions and
`version` in newer versions.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov 28 04:17:55 CET 2013 on sn-devel-104
(cherry picked from commit
92489bfed4e6350b6858d5e39d538f41768912ae)
Volker Lendecke [Mon, 10 Feb 2014 18:08:46 +0000 (10:08 -0800)]
smbd: Fix memory overwrites
SIVAL writes 32 bit, not 16
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Back-ported-from master git commit :
9088bde059e93a84745ec2158e2e640b5bb13844
Fix bug #10415 - *** glibc detected *** /usr/sbin/smbd: free(): invalid next
size (fast).
Volker Lendecke [Thu, 16 Jan 2014 15:10:25 +0000 (16:10 +0100)]
s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jan 16 20:17:24 CET 2014 on sn-devel-104
(cherry picked from commit
1a43778433934530d77791edd1af538de8b1d8a3)
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Fri Feb 14 00:04:34 CET 2014 on sn-devel-104
Alistair Leslie-Hughes [Thu, 26 Sep 2013 22:31:00 +0000 (08:31 +1000)]
Stop use after free
Fixes bug #10087
Thanks to Man Min Yan for their analysis and providing a solution to the issue.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 27 14:29:46 CEST 2013 on sn-devel-104
(cherry picked from commit
6bf9a774718917c3429fa1492f5b0268ae5e01c3)
Jeremy Allison [Mon, 13 Jan 2014 18:20:25 +0000 (10:20 -0800)]
s3:dir - We now pass the previously spinning directory tests on ext4.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 15 11:39:12 CET 2014 on sn-devel-104
(cherry picked from commit
0f9a189e36d8e30dfd40e42130329a0984938ddd)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Wed Jan 29 21:39:55 CET 2014 on sn-devel-104
Jeremy Allison [Sat, 11 Jan 2014 23:45:48 +0000 (15:45 -0800)]
s3:dir - Introduce a 64-bit directory offset <-> 32 bit wire offset map using memcache.
Should fix the DOS clients against 64-bit smbd's bug.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
97cd9c6729a3821faa2dbc1588a40c5e03b9fd4f)
Jeremy Allison [Sat, 11 Jan 2014 21:58:46 +0000 (13:58 -0800)]
s3:dir - Add a new memcache type (non-talloc) - SMB1_SEARCH_OFFSET_MAP.
We will use this in mapping 64-bit directory offset
cookies to a 32-bit counter.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
4e0c41a321b2683610748c8c176fc46aaa8d114d)
Jeremy Allison [Sat, 11 Jan 2014 23:04:38 +0000 (15:04 -0800)]
s3:dir - Map wire offsets to native directory cookies.
Take care of the special offsets.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
42c80358c83dca65cdde78f442056ec0f55ecbb1)
Jeremy Allison [Sat, 11 Jan 2014 22:59:00 +0000 (14:59 -0800)]
s3:dir - Cope with fixed mapping of 'special' values.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
81df4123ca6fae6e9d901c59a12407f3f89dc335)
Jeremy Allison [Sat, 11 Jan 2014 22:56:57 +0000 (14:56 -0800)]
s3: dir - Introduce 32-bit wire versions of the 'special' values.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
51a115b62048735b4c8ec79211ce45600cfa5c01)
Jeremy Allison [Sat, 11 Jan 2014 22:48:00 +0000 (14:48 -0800)]
s3:dir - Introduce a function to map a directory cookie to a 32-bit wire cookie.
Make this an identity for now.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
5afc25eceb0c0e031bbe162617309178f3bcc425)
Jeremy Allison [Sat, 11 Jan 2014 22:36:17 +0000 (14:36 -0800)]
s3:dir - In the old SMB1 search code, rename offset to wire_offset to distinguish between wire and native offsets.
Rename uint32 type to correct uint32_t.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
584de2078d3320ba2e232e5f504191616347d0d7)
Michael Adam [Wed, 11 Dec 2013 08:41:38 +0000 (09:41 +0100)]
shadow_copy2: add a comment explaining why we don't talloc_zero_array().
Since I stumbled over this slighly sublte point, I thought it is
worthwile to point it our in a comment.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Dec 11 19:55:20 CET 2013 on sn-devel-104
(cherry picked from commit
27baff0ec96cded0446ecd7739e9d31aaeb90868)
The last 36 patches address bug #10259 - shadow_copy2 module "Previous Version"
not working in Windows 7.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Mon Jan 13 12:13:18 CET 2014 on sn-devel-104
Michael Adam [Wed, 11 Dec 2013 08:34:47 +0000 (09:34 +0100)]
shadow_copy2: revert expensive and unnecessary zero-initialization
I was being overly cautious. This is initialization is not
necessary, since further down in the for-loop, the memory
always gets fully initialized because the insert string is
inserted at various slash positions.
So this talloc_zero_array can be skipped: this an expensive
thing to do in virtually every VFS call.
This essentially reverts commit
249e9b4a34d8959bd94735c1921ecfc24d6a2705.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
71318d7d685f8e1e112076f84ef2d788acb83547)
Karolin Seeger [Tue, 10 Dec 2013 14:24:31 +0000 (15:24 +0100)]
docs: Fix typos in vfs_shadow_copy2.8.xml.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Dec 10 18:49:21 CET 2013 on sn-devel-104
(cherry picked from commit
c16afddeef2938e218df63b1c669caa5fb65d39c)
Michael Adam [Wed, 4 Dec 2013 09:27:24 +0000 (10:27 +0100)]
docs: update the manpage of vfs_shadow_copy2
Document the configuration and all the options
available for the shadow_copy2 module.
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 6 22:26:31 CET 2013 on sn-devel-104
(cherry picked from commit
f6ac6f20540f81257e1f180454b6a2c1239e85fa)
Michael Adam [Wed, 4 Dec 2013 14:55:19 +0000 (15:55 +0100)]
s3:modules:shadow_copy2: remove redundant documentation comment block
and refer to the manual page instead
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
6685e6512e03d9420439a730a40fcca3411a48db)
Michael Adam [Wed, 4 Dec 2013 14:50:26 +0000 (15:50 +0100)]
s3:modules:shadow_copy2: improve headline comment
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
bffaf17d482cb1ad88698ea1a00aa7e4ddb0c0e7)
Michael Adam [Wed, 4 Dec 2013 12:40:14 +0000 (13:40 +0100)]
s3:module:shadow_copy2: add my (C)
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
b5b5674287c935bf923cf570cf218ffb0ae7ce78)
Michael Adam [Thu, 30 May 2013 22:46:01 +0000 (00:46 +0200)]
shadow_copy2: use stored mount_point instead of recalculating.
In the case of snapdirseverywhere but NOT crossmountpoints.
This spares stat calls.
And is the only correct thing to do if the mount point was
specified in the configuration.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
6ccbc1347d3240fc3c874a1957b654456fb6234c)
Michael Adam [Thu, 30 May 2013 22:45:16 +0000 (00:45 +0200)]
shadow_copy2: improve debug in shadow_copy2_convert() in snapdirseverywhere mode
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
935120dbc01890e313e2902b13141d4a13fe96d5)
Michael Adam [Thu, 23 May 2013 14:23:03 +0000 (16:23 +0200)]
shadow_copy2: fix shadow_copy2_convert() in the classical case.
I.e. the non-snapdirseverywhere case.
This in particular fixes the case of a snapdir hierarchy
that is parallel to the share or mountpoint and not subordinate.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
9ab89371c8eddad2f274736b508866e2a92b74a3)
Michael Adam [Wed, 29 May 2013 13:06:22 +0000 (15:06 +0200)]
shadow_copy2: add some blank lines for visual separation to shadow_copy2_convert()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
86988db1f0ebd170d2bc91b6ed78f8845bfd270c)
Michael Adam [Tue, 28 May 2013 14:59:25 +0000 (16:59 +0200)]
shadow_copy2: initialize "converted" string to null in shadow_copy2_convert()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
249e9b4a34d8959bd94735c1921ecfc24d6a2705)
Michael Adam [Wed, 29 May 2013 15:16:23 +0000 (17:16 +0200)]
shadow_copy2: fix shadow_copy2_strip_snapshot() in the classical case
I.e., fix detection of already converted names.
This is done by using the shadow_copy2_snapshot_path() function
and comparing if the input string starts with that.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
4b8d9c65f45db426716763629f1e22b0eb859a99)
Michael Adam [Wed, 29 May 2013 21:57:30 +0000 (23:57 +0200)]
shadow_copy2: add some debug to shadow_copy2_strip_snapshot()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
afcb84e69f46671030710bdda1c8798235b9ace7)
Michael Adam [Wed, 29 May 2013 15:14:49 +0000 (17:14 +0200)]
shadow_copy2: add comments explaining decisions in shadow_copy2_strip_snapshot()
This should make it more easy to understand what the cases are.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
3d053b1ab3e0b918509e06086a54834a9ae9cdb7)
Michael Adam [Thu, 30 May 2013 22:18:52 +0000 (00:18 +0200)]
shadow_copy2: introduce shadow_copy2_snapshot_path()
This builds the posix snapshot path for the connection
at the provided timestamp. For the non-snapdirseverywhere case.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
38e108563d7e9e14203bf4dabfda09bd1408e980)
Michael Adam [Thu, 30 May 2013 21:51:02 +0000 (23:51 +0200)]
shadow_copy2: factor shadow_copy2_posix_gmt_string() out of shadow_copy2_insert_string()
for re-use..
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
4cc5140bbe207f08d9b4fb0d119e74cc839e55dd)
Michael Adam [Wed, 29 May 2013 15:12:21 +0000 (17:12 +0200)]
shadow_copy2: shadow_copy2_insert_string(): do not prepend a "/" in absolute mode
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
304a0f531caa5f33f205739470f17e983d25a6b5)
Michael Adam [Tue, 28 May 2013 15:01:20 +0000 (17:01 +0200)]
shadow_copy2: make shadow_copy2_find_snapdir() return const char *
instead of char *. This eliminates compiler warnings.
snapdir is a const string in all occasions.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
e86923eb52633c5b6133c45678355ce69bb43a54)
Michael Adam [Thu, 23 May 2013 14:21:46 +0000 (16:21 +0200)]
shadow_copy2: in the classical case, use configured path in shadow_copy2_find_snapdir()
There is no point in searching for snapdir if not in snapdirseverywhere mode.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
dbdb436a80e2fb75d9fd8ae17192702123c3b530)
Michael Adam [Sat, 1 Jun 2013 00:14:41 +0000 (02:14 +0200)]
shadow_copy2: implement disk_free
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ea898ea1ac1cc9364c5b7396db3902aeb114cfb8)
Michael Adam [Fri, 31 May 2013 15:17:27 +0000 (17:17 +0200)]
shadow_copy2: log resulting config at the end of shadow_copy2_connect()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
c4f9954ebb04da94a5bcd2cb328fb2fbaf9fa062)
Michael Adam [Thu, 3 Oct 2013 22:07:15 +0000 (00:07 +0200)]
shadow_copy2: add snapshot_basepath to the config.
This is the absolute version of snapdir.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
a7ca55c8da6fbe6452a7a0bfc3c84b5941b8aa27)
Michael Adam [Thu, 3 Oct 2013 22:04:06 +0000 (00:04 +0200)]
shadow_copy2: add rel_connectpath to config.
This is the share root, relative to the basedir.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
d34dc1b0025d18afc9ce638c7000b702f98b5d03)
Michael Adam [Fri, 31 May 2013 14:36:33 +0000 (16:36 +0200)]
shadow_copy2: introduce "shadow:mountpoint" option
Possiblity to explicitly set the share's mount point.
This is useful mainly for debugging and testing purposes.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
2d5a3af4bc44d13877a26fa1857b3ceafe138de8)
Michael Adam [Thu, 30 May 2013 15:26:44 +0000 (17:26 +0200)]
shadow_copy2: re-add the basedir option.
Disable basedir if it is not an absolute path or if
snapdirseverywhere or crossmountpoints is enabled.
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ed751b9ee49d8e4a319759640321e8b49be4f154)
Michael Adam [Thu, 30 May 2013 11:19:50 +0000 (13:19 +0200)]
shadow_copy2: disable "snapdir:crossmountpoints" if the snapdir is absolute.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
1e887fcda097b93a879df726f2b7c2c8d3c4cf54)
Michael Adam [Wed, 29 May 2013 15:10:51 +0000 (17:10 +0200)]
shadow_copy2: introduce the bool "snapdir_absolute" in the config.
Not exposed but to be used internally.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
843954989cbec6640d2565d0d23a48f296740a23)
Michael Adam [Thu, 23 May 2013 23:35:44 +0000 (01:35 +0200)]
shadow_copy2: introduce config struct and function shadow_copy2_connect()
This moves the parsing of the config to a central place.
So users of configuation don't need to call lp_parm_... all the time.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
1ecef5743583cf617f5506bc2fca3baa70cfb9b3)
Michael Adam [Wed, 29 May 2013 15:11:44 +0000 (17:11 +0200)]
shadow_copy2: add comment explaining the SMB level GMT format pattern
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
6da7375cd881f85f2873578db7fcfb368deab94f)
Michael Adam [Tue, 28 May 2013 23:13:57 +0000 (01:13 +0200)]
shadow_copy2: add comment block explaining shadow_copy2_convert()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
5c900fd930edd45e9f23b36c1e68e5c2d8b96867)
Michael Adam [Fri, 24 May 2013 15:20:42 +0000 (17:20 +0200)]
shadow_copy2: add comment block explaining shadow_copy2_insert_string()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
5da5512985cf65c09abb33abaf5e8dc28167dac3)
Michael Adam [Thu, 23 May 2013 22:01:14 +0000 (00:01 +0200)]
shadow_copy2: add comment block explaining shadow_copy2_find_snapdir()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
b90d1e6ac06fd4c1aaaceadcb711800499334117)
Michael Adam [Thu, 23 May 2013 21:59:49 +0000 (23:59 +0200)]
shadow_copy2: add header comment explaining have_snapdir()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
5b494b3dea559f632d57c9d33172e46e459e852f)
Michael Adam [Thu, 23 May 2013 21:32:15 +0000 (23:32 +0200)]
shadow_copy2: add comment header describing shadow_copy2_strip_snapshot()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
9361824ddd291cb0e543a5a0829246831fcb9e84)
Michael Adam [Fri, 4 Oct 2013 11:15:34 +0000 (13:15 +0200)]
shadow_copy2: break overly long lines in shadow_copy2_snapshot_to_gmt()
According to coding guidelines.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
01cb88977da5bc44443407b100345531d047c77c)
Jeremy Allison [Mon, 6 Jan 2014 23:22:59 +0000 (15:22 -0800)]
s3: winbindd: Move calling setup_domain_child() into add_trusted_domain().
Ensure it only gets called when a new domain is allocated
and added to the list.
This should fix problems with the previous logic where
setup_domain_child() was called in places where an existing
domain was returned.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 8 20:46:55 CET 2014 on sn-devel-104
(cherry picked from commit
ca931e460460ffe46735f98b31db47220772d566)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Fri Jan 10 11:45:03 CET 2014 on sn-devel-104
Jeremy Allison [Mon, 6 Jan 2014 23:15:37 +0000 (15:15 -0800)]
s3: winbindd: Move the logic of whether to set 'domain->primary' into add_trusted_domain().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
cfa6a36467f5679a88e49419e8af32b724c242bd)
Christian Ambach [Mon, 16 Sep 2013 11:18:17 +0000 (13:18 +0200)]
s3:winbindd fix use of uninitialized variables
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10280
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
7393781a57891687b464762b0954e6c936f750bb)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Tue Jan 7 12:25:51 CET 2014 on sn-devel-104
Karolin Seeger [Tue, 31 Dec 2013 19:31:30 +0000 (20:31 +0100)]
VERSION: Bump version number up to 4.0.15...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 31 Dec 2013 19:30:34 +0000 (20:30 +0100)]
VERSION: Disable git snapshots for the 4.0.14 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Sat, 4 Jan 2014 19:19:14 +0000 (20:19 +0100)]
WHATSNEW: Add release notes for Samba 4.0.14.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Fri, 6 Dec 2013 23:58:02 +0000 (15:58 -0800)]
ldb: bad if test in ldb_comparison_fold()
Found by David Binderman <dcb314@hotmail.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10305
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sat Dec 7 11:10:47 CET 2013 on sn-devel-104
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Sat Dec 28 23:21:12 CET 2013 on sn-devel-104
Jeremy Allison [Thu, 12 Dec 2013 17:37:25 +0000 (09:37 -0800)]
s3: smbpasswd - fix crashes on invalid input.
get_pass can return NULL on error. Ensure that
this is always the case and fix all callers to cope
(some already did).
Reported by Joonas Kuorilehto <joneskoo@codenomicon.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10320
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Dec 16 15:17:58 CET 2013 on sn-devel-104
(cherry picked from commit
ef5a3bedab74420baf0c653cf8e304fe6c2a13b4)
Stefan Metzmacher [Tue, 17 Dec 2013 11:57:53 +0000 (12:57 +0100)]
s3:configure: require tevent >= 0.9.18 as external library
0.9.16 might be enough, but this matches the waf build.
So 0.9.18 is less likely to produce regressions in the future.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10330
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Wed, 4 Dec 2013 01:26:26 +0000 (17:26 -0800)]
smbtorture: New torture test for bug #9870.
Not fetching the latest modification time on a folder if we have read locks on it.
Prove we should just rely on the mtime value from the underlying
filesystem, even with an open handle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9870
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Dec 5 10:05:06 CET 2013 on sn-devel-104
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9870
Not fetching the latest modification time on a folder if we have read locks
on it.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Tue Dec 10 20:24:01 CET 2013 on sn-devel-104
Jeremy Allison [Wed, 4 Dec 2013 01:22:19 +0000 (17:22 -0800)]
smbd - allow updates on directory write times on open handles.
If we set a non-null 'old timestamp' in the share mode database
when creating a directory handle, this prevents mtime (write time)
updates from being seen by clients, as we will always return the
timestamp stored in the database whilst the handle is open.
For files this is ok, as we update the stored timestamp
ourselves when we write to the handle. For directories
we should just rely on the mtime value from the underlying
filesystem.
Torture test to follow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9870
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Thu, 5 Dec 2013 14:50:58 +0000 (15:50 +0100)]
smbd: Fix a panic when a smb2 brlock times out
Found by Peter Somogyi.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Dec 5 21:21:35 CET 2013 on sn-devel-104
Fix bug #10311 - SMB2 server can panic when a smb2 brlock times out.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Tue Dec 10 15:06:45 CET 2013 on sn-devel-104
Christof Schmitt [Thu, 5 Dec 2013 22:53:47 +0000 (15:53 -0700)]
selftest: Remove samba3.smb2.lock.*.rw-exclusive from flapping file
This test demonstrates a problem with byte range locks and AIO.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 6 05:19:37 CET 2013 on sn-devel-104
(cherry picked from commit
8c3bf7b84950fbb0305bcccd49ecfc202e08901a)
The last 5 patches address bug #10310 - Fix AIO with SMB2 and locks.
Christof Schmitt [Thu, 5 Dec 2013 22:22:13 +0000 (15:22 -0700)]
selftest: Run smb2.lock tests also against AIO share
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
d551d5256f9b1ca57b8018d816ea665c9b847ced)
Christof Schmitt [Thu, 5 Dec 2013 22:20:06 +0000 (15:20 -0700)]
selftest: Introduce share for testing AIO
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
63727c15450e1db2be49ade758c369aa4599657a)
Christof Schmitt [Thu, 5 Dec 2013 23:20:26 +0000 (16:20 -0700)]
s3: Return correct error code from SMB2 AIO read failure
This is similar to commit
27e20d5d60ea8aa526bcb7c2dfc18dd2de0bb97b which
fixed the same case for SMB2 writes: When sending the AIO read fails,
return the real error instead of mapping it to NT_STATUS_FILE_CLOSED.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
eadb2a54d1733a482999eb770182156dad1e184d)
Christof Schmitt [Thu, 5 Dec 2013 22:57:54 +0000 (15:57 -0700)]
s3-aio: Use correct locking context for SMB2
The synchronous SMB2 reads and writes use open_persistent_id. The AIO
codepathes have to use the same, otherwise a write will conflict with a
lock on the same open file.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
dfef0701c398982226dde8a8e15ff97bba0fef53)
Stefan Metzmacher [Tue, 19 Nov 2013 04:21:05 +0000 (05:21 +0100)]
s3:smb2_server: avoid calling set_current_user_info() for each request
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Nov 27 16:31:44 CET 2013 on sn-devel-104
(cherry picked from commit
3cc0651d9feda00b6a04f84b76744b2acc3a0446)
The last 6 patches address bug #10298 - smb2_server processing overhead.
Stefan Metzmacher [Mon, 14 Oct 2013 12:18:26 +0000 (14:18 +0200)]
s3:smb2_server: generate a header blob for the sendfile path
We need to pass the NBT header, SMB2 header and SMB2 Read header
as header blob to SMB_VFS_SENDFILE(). This allows the usage
of MSG_SEND or other tricks to avoid multiple TCP packets
on the wire.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
36efaac2597d2d36826c02f23be15e7323b09784)
Stefan Metzmacher [Wed, 16 Oct 2013 07:15:12 +0000 (09:15 +0200)]
s3:smb2_server: allocate smbd_smb2_request on talloc_tos()
This matches the behavior for smb1 requests
and avoids an additional malloc() per request.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
9d33a3f3e814e2924a423496ccc133c6c73fcd12)
Stefan Metzmacher [Sat, 12 Oct 2013 00:40:12 +0000 (02:40 +0200)]
s3:smb2_server: use tevent_req_notify_callback() in smbd_smb2_request_pending_queue()
If the request is already done we can avoid one iteration
of tevent_loop_once(), which means we avoids one
talloc_stackframe_pool/talloc_free pair.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
acfd4b068a5b99ac1d3fe716afff34cb7d2a0147)
Stefan Metzmacher [Mon, 14 Oct 2013 08:33:57 +0000 (10:33 +0200)]
s3:smb2_server: for performance reasons we use tevent_fd and readv/writev directly
Going via tevent_req_create/talloc_free at multiple layer costs
too much cpu cycles per request.
I tested downloading a 16GB (sparse) file with smbclient -b1 -mNT1,
and -mSMB2_02. Using smb2 max read = 64512, which means smb1 and smb2
will use the same read size.
I build with -O3 -g and compared the results with valgrind --tool=callgrind.
With -mNT1 the server uses about 2.000.000.000 cpu cycles.
This patch reduces the userspace cpu cycles for -mSMB2_02
from about ~ 8.000.000.000 down to ~ 4.000.000.000.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
4244a2686cddcdc754c284df884ae497afa4053a)
Stefan Metzmacher [Mon, 14 Oct 2013 14:42:55 +0000 (16:42 +0200)]
s3:smb2_server: fix drain_socket error handling
smbd_smb2_request_error_ex() should return NTSTATUS and the caller
will terminate the connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
9393e28df59954414313bfae70ffb796d3e332fe)
Jeremy Allison [Tue, 3 Dec 2013 18:21:16 +0000 (10:21 -0800)]
smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 9 21:02:21 CET 2013 on sn-devel-104
(cherry picked from commit
f98d10af2a05f0261611f4cabdfe274cd9fe91c0)
Jeremy Allison [Tue, 3 Dec 2013 18:19:09 +0000 (10:19 -0800)]
smbd: change flag name from UCF_CREATING_FILE to UCF_PREP_CREATEFILE
In preparation to using it for all open calls.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
874318a97868e08837a1febb1be8e8a167b5ae0f)
Volker Lendecke [Tue, 3 Dec 2013 12:20:17 +0000 (13:20 +0100)]
smbd: Fix regression for the dropbox case.
We need to allow to save a file to a directory with perm -wx.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
5b49fe24c906cbae12beff7a1b45de6809258cab)
Karolin Seeger [Mon, 9 Dec 2013 06:09:02 +0000 (07:09 +0100)]
VERSION: Bump version up to 4.0.14
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 9 Dec 2013 06:08:22 +0000 (07:08 +0100)]
Merge tag 'samba-4.0.13' into v4-0-test
samba: tag release samba-4.0.13
Karolin Seeger [Tue, 3 Dec 2013 10:56:10 +0000 (11:56 +0100)]
VERSION: Disable git snapshots for the 4.0.13 release.
Bug 10185 - CVE-2013-4408: DCERPC frag_len not checked
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10185
Bug 10306 - CVE-2012-6150: Fail authentication if user isn't member of *any*
require_membership_of specified groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10306
(BUG: https://bugzilla.samba.org/show_bug.cgi?id=10300)
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 6 Dec 2013 19:04:54 +0000 (20:04 +0100)]
WHATSNEW: Add release notes for Samba 4.0.13.
Bug 10185 - CVE-2013-4408: DCERPC frag_len not checked
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10185
Bug 10306 - CVE-2012-6150: Fail authentication if user isn't member of *any*
require_membership_of specified groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10306
(BUG: https://bugzilla.samba.org/show_bug.cgi?id=10300)
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Noel Power [Wed, 16 Oct 2013 15:30:55 +0000 (16:30 +0100)]
CVE-2012-6150: fail authentication for single group name which cannot be converted to sid
furthermore if more than one name is supplied and no sid is converted
then also fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10300
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10306
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
[ddiss@samba.org: fixed incorrect bugzilla tag I added to master commit]
Jeremy Allison [Fri, 8 Nov 2013 06:41:22 +0000 (22:41 -0800)]
CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Fri, 8 Nov 2013 05:40:55 +0000 (21:40 -0800)]
CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Fri, 8 Nov 2013 04:38:01 +0000 (20:38 -0800)]
CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 17 Oct 2013 21:44:35 +0000 (14:44 -0700)]
CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
git.samba.org / vlendec / samba-autobuild / .git / log