summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* s3:winbind: add a warning DEBUG message when skipping a sid from the mapped ↵Michael Adam2013-07-291-0/+18
| | | | | | | | | | | | | | GID list This presents a potential security problem when ACLs contain DENY ACEs. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Jul 29 14:42:27 CEST 2013 on sn-devel-104
* s3:winbind: change getgroups to only do one sids2xids call instead of manyMichael Adam2013-07-291-26/+42
| | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:winbind: fix the getgroups implementation to include the user sid's GID ↵Michael Adam2013-07-291-3/+5
| | | | | | | | | | | in case of ID_TYPE_BOTH This is important for acl checks on the unix level where only a group ace has been added to the ACL for the user sid, e.g. when accessing Files with nfs or local unix processes. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:winbind: fix gid counting and error handling in the getgroups implementationMichael Adam2013-07-291-6/+10
| | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* dns: Update TODO listKai Blin2013-07-291-8/+5
| | | | | | | | | | | A lot of the todo items have been resolved, avoid confusing people. Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Jul 29 09:12:17 CEST 2013 on sn-devel-104
* selftest: Print error message when smbd does not have ADS supportChristof Schmitt2013-07-272-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | When smbd cannot be compiled with ADS support, setting up the s3member environment fails with: samba: using 'standard' process model Samba can't provide environment 's3member' at /test/samba/selftest/target/Samba.pm line 44. Can't use string ("UNKNOWN") as a HASH ref while "strict refs" in use at /test/samba/selftest/selftest.pl line 852. samba: EOF on stdin - terminating Add an explicit error message for the missing ADS support to make this easier to debug and also avoid the warning about the hash reference: samba: using 'standard' process model Samba can't provide environment 's3member' at /test/samba/selftest/target/Samba.pm line 44. Unable to setup environment s3member at /test/samba/selftest/selftest.pl line 851. smbd does not have ADS support samba: EOF on stdin - terminating Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Jul 27 08:31:14 CEST 2013 on sn-devel-104
* nsswitch: Add OPT_KRB5CCNAME to avoid an error message.Andreas Schneider2013-07-261-2/+4
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10048 Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jul 26 17:40:26 CEST 2013 on sn-devel-104
* torture/drs: Expand an error message to aid debuggingAndrew Bartlett2013-07-251-1/+1
| | | | | | | Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jul 25 13:51:44 CEST 2013 on sn-devel-104
* dsdb/samdb: use RECYCLED it implies DELETED...Stefan Metzmacher2013-07-252-3/+3
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* selftest: ensure samba4.nss.test.*using.*winbind is always testedAndrew Bartlett2013-07-241-1/+0
| | | | | | | | | With the winbind fixes now in master this should be more reliable. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: ensure samba4.rpc.samr.large-dc.two.samr.many is always testedAndrew Bartlett2013-07-241-1/+0
| | | | | | | | | | This test should now be more reliable with the over-allocation of RID values now fixed. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* rpc_server-drsuapi: Improve comments and DEBUG linesAndrew Bartlett2013-07-241-4/+3
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Add assert in drepl_take_FSMO_roleAndrew Bartlett2013-07-241-4/+3
| | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* selftest: Ensure the DC has started and and got a RID set before we proceedAndrew Bartlett2013-07-241-1/+21
| | | | | | | | | | This avoids errors when a busy DC has not yet fetched a RID set, showing up as flapping tests when users are created, such as the samr.large-dc test. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb-ridalloc: Rework ridalloc to return error strings where RID allocation ↵Andrew Bartlett2013-07-241-15/+41
| | | | | | | | | | | | | | | | | | fails We now also only poke the RID manager once per request. This may help track down why RID allocation can fail, as while we never wait for the RID set to be created/updated, it may be the only clue the admin gets as to why the async allocations were failing. Andrew Bartlett Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Rework subtree_rename module to use recursive LDB_SCOPE_ONELEVEL searchesAndrew Bartlett2013-07-242-104/+99
| | | | | | | | | | This should be more efficient, particularly in the leaf node case when renaming and deleting entries on large databases. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb-descriptor: Do not do a subtree search unless we have child entriesAndrew Bartlett2013-07-241-1/+32
| | | | | | | | | This avoids a subtree search here in most cases where an object is deleted. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dynconfig: Remove last s3 markers now we have just one build systemAndrew Bartlett2013-07-242-5/+0
| | | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jul 24 16:29:15 CEST 2013 on sn-devel-104
* s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in ↵Stefan Metzmacher2013-07-241-2/+2
| | | | | | | | | | | | | | | | | | in unixdom_get_my_addr() This caused crashes in _tsocket_address_bsd_from_sockaddr() when we read past the end of the allocation. (similar to commit e9ae36e9683372b86f1efbd29904722a33fea083) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10042 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jul 24 14:37:43 CEST 2013 on sn-devel-104
* docs-xml: Remove obsolete swat manpage and references.Andreas Schneider2013-07-245-263/+3
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10041 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Kai Blin <kai@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jul 24 12:42:29 CEST 2013 on sn-devel-104
* pam_winbind: update documentation for "DIR" krb5ccname pragma.Günther Deschner2013-07-242-11/+31
| | | | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jul 24 02:43:10 CEST 2013 on sn-devel-104
* s3-winbindd: support the DIR pragma for raw kerberos user pam authentication.Günther Deschner2013-07-231-0/+23
| | | | | | | | | | | | It is currently only available in MIT. In addition, allow to define custom filepaths for FILE, WRFILE and DIR pragmas and substitute one occurence of the %u pattern. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* wbinfo: allow to define a custom krb5ccname for kerberized pam auth.Günther Deschner2013-07-231-2/+4
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in ↵Andrew Bartlett2013-07-231-2/+2
| | | | | | | | | | | | in unixdom_get_peer_addr() This caused crashes in _tsocket_address_bsd_from_sockaddr() when we read past the end of the allocation. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Fix CID 1035536 Uninitialized pointer readVolker Lendecke2013-07-231-1/+1
| | | | | | | | | | | rpc_pipe_open_interface just returns okay if the pipe in question is already open. For this, it needs to read the value. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jul 23 02:05:19 CEST 2013 on sn-devel-104
* smbd: Fix CID 1035537 Uninitialized pointer readVolker Lendecke2013-07-221-1/+1
| | | | | | | | rpc_pipe_open_interface just returns okay if the pipe in question is already open. For this, it needs to read the value. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Fix CID 1035538 Uninitialized pointer readVolker Lendecke2013-07-221-1/+1
| | | | | | | | rpc_pipe_open_interface just returns okay if the pipe in question is already open. For this, it needs to read the value. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* tdb: Fix CID 1034959 Uninitialized scalar variableVolker Lendecke2013-07-221-1/+1
| | | | | | | | | log_ctx.log_private was used uninitialized. Not a real bug here, as tdb_log does not access it, but tdb_open_ex still moves around uninitialized data. So this would show up in valgrind as well. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* tdb: Fix CID 1034960 Uninitialized scalar variableVolker Lendecke2013-07-221-1/+1
| | | | | | | | | log_ctx.log_private was used uninitialized. Not a real bug here, as tdb_log does not access it, but tdb_open_ex still moves around uninitialized data. So this would show up in valgrind as well. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-waf: Rename regedit to samba-regedit.Andreas Schneider2013-07-221-1/+1
| | | | | | | | | | | | | This is needed cause wine already provides a binary with the name regedit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10040 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Kai Blin <kai@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jul 22 14:12:38 CEST 2013 on sn-devel-104
* s3-printing: avoid KRB5CCNAME overwrite in printer publishing (Bug #7444).Günther Deschner2013-07-191-0/+13
| | | | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Jul 19 17:53:08 CEST 2013 on sn-devel-104
* Add torture tests to raw.eas to check sending Windows invalid names in the ↵Jeremy Allison2013-07-192-0/+115
| | | | | | | | | | | | | | | | middle of an EA list. Add torture tests to probe the set of invalid Windows EA names. Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jul 19 11:50:25 CEST 2013 on sn-devel-104
* Reply with correct trans2 message on a setpathinfo with a bad EA name.Jeremy Allison2013-07-191-1/+10
| | | | | | | | Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Ensure we do pathname processing before SD and EA processing in NTTRANS_CREATE.Jeremy Allison2013-07-191-38/+38
| | | | | | | | Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Ensure we can't create a file using NTTRANS with an invalid EA list.Jeremy Allison2013-07-191-0/+20
| | | | | | | | Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Ensure we can't create a file using TRANS2_OPEN with an invalid EA list.Jeremy Allison2013-07-191-0/+14
| | | | | | | | Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Add error map of STATUS_INVALID_EA_NAME -> ERRDOS, ERRbadfileJeremy Allison2013-07-191-0/+1
| | | | | | | | | | (from Windows2012 tests). Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Add the ability to send an NTSTATUS result back with a trans2 reply so we ↵Jeremy Allison2013-07-193-14/+32
| | | | | | | | | | | | | can return a parameter block with an error code. This is needed when returning a STATUS_INVALID_NAME result (tested from Windows 2012). Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Ensure we can't create a file using SMB2_CREATE with an invalid EA list.Jeremy Allison2013-07-191-0/+5
| | | | | | | | Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Ensure we never return an EA name to a Windows client it can't handle.Jeremy Allison2013-07-191-0/+9
| | | | | | | | Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Ensure set_ea cannot set invalid Windows EA names.Jeremy Allison2013-07-191-0/+9
| | | | | | | | Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Add ea_list_has_invalid_name() function.Jeremy Allison2013-07-192-0/+36
| | | | | | | | | | Invalid character list probed from Windows Server 2012. Bug 9992: Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* librpc: srvsvc.idl: define level 1005 share info flagsShekhar Amlekar2013-07-181-2/+15
| | | | | | | | | define level 1005 share info flags. Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Jul 18 16:35:51 CEST 2013 on sn-devel-104
* nsswitch: Don't enumerate all domains with wbinfo -u|-g.Andreas Schneider2013-07-182-8/+23
| | | | | | | | | | | | | | | | | | By default wbinfo -u|-g should only enumerate the domain winbindd is joined to. The command can be harmfull if you have e.g. 30 domains and 700k users. Then the parent will collect all information and the oom-killer will kill winbind. As we still want to support it, you can enable it the old behaviour with wbinfo --domain='*' -u. This is a measure that sysadmins don't shoot themself. https://bugzilla.samba.org/show_bug.cgi?id=10034 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jul 18 11:54:58 CEST 2013 on sn-devel-104
* Fix memory leak in error code path.Richard Sharpe2013-07-181-0/+1
| | | | | | | | Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jul 18 03:22:37 CEST 2013 on sn-devel-104
* Fix bug 10025 - Lack of Sanity Checking in calls to malloc()/calloc().Bill Parker2013-07-178-0/+77
| | | | | | | | | | | | | In reviewing various files in Samba-4.0.7, I found a number of instances where malloc()/calloc() were called without the checking the return value for a value of NULL, which would indicate failure. (NB. The changes needed to ccan, iniparser, popt and heimdal will be reported upstream, not patched inside Samba). Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo Source <idra@samba.org>
* s3: Remove old mode special substitution.Alexander Werth2013-07-161-13/+2
| | | | | | | | | | | The mode special substitution now happens in a separate function. The substitution at this point is unnecessary. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Tue Jul 16 00:52:26 CEST 2013 on sn-devel-104
* s3:idmap_autorid: Add a NULL check in idmap_autorid_preallocate_wellknownVolker Lendecke2013-07-081-0/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
* s3:idmap_autorid: Don't zero in idmap_autorid_preallocate_wellknownVolker Lendecke2013-07-081-1/+1
| | | | | | | We initialize everything later anyway Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
* s3:idmap_autorid: Use ARRAY_SIZE where appropriateVolker Lendecke2013-07-081-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
generated by cgit (git 2.34.1) at 2025-09-26 19:14:06 +0000