summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* tdb: change version to 1.2.13.Michael Adam2014-03-182-1/+68
| | | | | | | | | | | | | | | | * internal code cleanups * always open internal TDBs with incompatible hash * avoid reallocations in locking code * systematize output format in tdbtool dump * reduce freelist contention when allocating new records - try to find dead records also in other chains - don't do blocking locks on the freelist Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Mar 18 15:42:48 CET 2014 on sn-devel-104
* tdb: Reduce freelist contentionVolker Lendecke2014-03-183-30/+93
| | | | | | | | | | | | | | | | | | | | | | | In a metadata-intensive benchmark we have seen the locking.tdb freelist to be one of the central contention points. This patch removes most of the contention on the freelist. Ages ago we already reduced freelist contention by using the even much older DEAD records: If TDB_VOLATILE is set, don't directly put deleted records on the freelist, but just mark a few of them just as DEAD. The next new record can them re-use that space without consulting the freelist. This patch builds upon the DEAD records: If we need space and the freelist is busy, instead of doing a blocking wait on the freelist, start looking into other chains for DEAD records and steal them from there. This way every hash chain becomes a small freelist. Just wander around the hash chains as long as the freelist is still busy. With this patch and the tdb mutex patch (following hopefully some time soon) you can see a heavily busy clustered smbd run without locking.tdb futex syscalls. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* tdb: Make "tdb_purge_dead" internally publicVolker Lendecke2014-03-182-1/+2
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* tdb: Make "tdb_find_dead" internally publicVolker Lendecke2014-03-182-3/+6
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* tdb: Add "last_ptr" to tdb_find_deadVolker Lendecke2014-03-181-4/+13
| | | | | | | | Will be used soon to unlink a dead record from a chain Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* tdb: Move adding tailer space to tdb_find_deadVolker Lendecke2014-03-181-3/+4
| | | | | | | | | This aligns the tdb_find_dead API with the tdb_allocate API and thus makes it a bit easier to understand, at least for me. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* tdb: Do a best fit search for dead recordsVolker Lendecke2014-03-181-7/+13
| | | | | | | | | | Hash chains are (or can be made) short enough that a full search for the best-fitting dead record is feasible. The freelist can become much longer, there we don't do the full search but accept records which are too large. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* tdb: Don't purge records to a blocked freelistVolker Lendecke2014-03-181-1/+4
| | | | | | | | If the freelist is heavily contended, we should avoid accessing it Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* tdb: Fix a tdb corruptionVolker Lendecke2014-03-181-2/+5
| | | | | | | | | | tdb_purge_dead can change the next pointer of "rec" if we purge the record right behind the current record to be deleted. Just overwrite the magic, not the whole record with stale data. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Further assert that we always have an objectClass and an rDNAndrew Bartlett2014-03-171-32/+118
| | | | | | | | | | | | | | | | | | | | | | | We must have these two elements in a replPropertyMetaData for it to be valid. We may have to relax this for new partition creation, but for now we want to find and isolate the database corruption. The printing of the LDIF is moved above the checks to make it easier to diagnoise the failures when further reproduced. Based initially on a patch originally by Arvid Requate <requate@univention.de> Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Change-Id: I5f583d89e6d4c5e8e2d9667f336a0e8fd8347b25 Reviewed-on: https://gerrit.samba.org/164 Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Mar 17 06:44:17 CET 2014 on sn-devel-104
* wintest: Try harder to make wintest force the telnet server to startAndrew Bartlett2014-03-141-0/+11
| | | | | | | | | | | | | We try and force the server to start, and we try to force the TelnetClients group to exist Change-Id: I192f0aaaf283b77065ecc671ca2b59a69781d744 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-on: https://gerrit.samba.org/36 Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Mar 14 14:51:20 CET 2014 on sn-devel-104
* ldapsrv: Pass struct ldb_result * rather than void *Andrew Bartlett2014-03-141-8/+8
| | | | | | | Change-Id: Ic521cbfcf922cfe9e14c89116c097b777a86af40 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-on: https://gerrit.samba.org/35 Reviewed-by: Stefan Metzmacher <metze@samba.org>
* docs: Add gpfs:recalls parameter to vfs_gpfs manpageChristof Schmitt2014-03-141-0/+22
| | | | | | | | Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Mar 14 12:49:56 CET 2014 on sn-devel-104
* s3:modules/vfs_gpfs add gpfs:recalls optionChristian Ambach2014-03-141-0/+13
| | | | | | | | | | When this option is set to no, an attempt to open an offline file will be rejected with access denied. This helps preventing recall storms triggered by careless applications like Finder and Explorer. Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* dsdb: Ensure to sort replPropertyMetaData as UNSIGNED, not SIGNED quantitiesAndrew Bartlett2014-03-141-4/+18
| | | | | | | | | | | | | | enum is an int, and therefore signed. Some attributes have the high bit set. Andrew Bartlett Change-Id: I39a5499b7c6bbb763e15977d802cda8c69b94618 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-on: https://gerrit.samba.org/163 Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Mar 14 10:16:41 CET 2014 on sn-devel-104
* kdc: Use correct KDC include path when building against the system heimdalAndrew Bartlett2014-03-141-5/+11
| | | | | | | | | This ensures we notice any API changes at compile time. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* selftest/subunithelper.py: correctly pass testsuite-uxsuccess to end_testsuite()Stefan Metzmacher2014-03-131-1/+4
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 13 23:49:36 CET 2014 on sn-devel-104
* selftest/subunithelper.py: correctly handle fail_immediately in ↵Stefan Metzmacher2014-03-131-0/+6
| | | | | | | | | end_testsuite of FilterOps This way --fail-immediately also works if a command segfaults. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest/subunithelper.py: correctly handle unexpected success in FilterOpsStefan Metzmacher2014-03-131-1/+13
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* script/autobuild: use --force-rebase optionStefan Metzmacher2014-03-131-2/+2
| | | | | | | This makes sure the current user will be the committer. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/popt: Patch memory leak in popthelp.cJose A. Rivera2014-03-131-2/+2
| | | | | | | | | | | Memory created as "t" was not being free'd. Change-Id: I5f6e20acc6c440a1cd9908aed7a90de2000f22f8 Coverity-Id: 240599 Coverity-Id: 240600 Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* lib/popt: Small whitespace fix for readability.Jose A. Rivera2014-03-131-14/+15
| | | | | | | Change-Id: Ib920f7e84c0247a8f09aa4c79c65b26afb78f234 Signed-off-by: Jose A. Rivera <jarrpa@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* s3-libads: Use the IP instead of the name.Bjoern Baumbach2014-03-131-1/+1
| | | | | | | | | | | Thix fixes 'net rpc join' against ADS. Signed-off-by: Bjoern Baumbach <bb@sernet.de> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Mar 13 17:06:00 CET 2014 on sn-devel-104
* s3-auth: Steal the memory to avoid duplication.Andreas Schneider2014-03-131-5/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-auth: Do not leak tmp_ctx if make_server_info() fails.Andreas Schneider2014-03-131-1/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-auth: Make is_null_sid() check easier to read.Simo Sorce2014-03-131-2/+3
| | | | | | Signed-off-by: Simo Sorce <idra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340Andrew Bartlett2014-03-131-34/+35
| | | | | | | | | | | | | | | | | | | | | Part of this was removed when ChangePasswordUser was unimplemented, but remove the remainder of this flawed commit. Fully check the password first, as extract_pw_from_buffer() already does a partial check of the password because it needs a correct old password to correctly decrypt the length. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: Ibccc4ada400b5f89a942d79c1a269b493e0adda6 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://gerrit.samba.org/38 Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Mar 13 15:06:35 CET 2014 on sn-devel-104
* CVE-2013-4496:samr: Remove ChangePasswordUserAndrew Bartlett2014-03-134-554/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This old password change mechanism does not provide the plaintext to validate against password complexity, and it is not used by modern clients. It also has quite difficult semantics to handle regarding password lockout. The missing features in both implementations (by design) were: - the password complexity checks (no plaintext) - the minimum password length (no plaintext) Additionally, the source3 version did not check: - the minimum password age - pdb_get_pass_can_change() which checks the security descriptor for the 'user cannot change password' setting. - the password history - the output of the 'passwd program' if 'unix passwd sync = yes'. Finally, the mechanism was almost useless, as it was incorrectly only made available to administrative users with permission to reset the password. It is removed here so that it is not mistakenly reinstated in the future. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: If2edd3183c177e5ff37c9511b0d0ad0dd9038c66 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://gerrit.samba.org/37
* CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case.Stefan Metzmacher2014-03-131-0/+1
| | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: Iabf22753effd80086d7956619a3dae830e487da8 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-on: https://gerrit.samba.org/161
* CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated ↵Andrew Bartlett2014-03-132-16/+129
| | | | | | | | | | | | | | password changes Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: Ic31774275f07e003e7c2682a856ccb2d5a7939de Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-on: https://gerrit.samba.org/162
* smbreadline: switch to new-style readline typedefGustavo Zacarias2014-03-131-1/+1
| | | | | | | | | | | | | | | | | | Function, CPFunction, CPPFunction and VFunction typedefs are considered old-style (deprecated) starting from readline 4.2 (circa 2001). Compatibility typedefs have been in place up to readline 6.2 but were removed with the 6.3 release thus causing builds to break. Switch to the new-style specific prototyped typedef. Return value is unused so the callback should still be void (see readline/input.c around line 456 in version 6.3). Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 13 00:21:47 CET 2014 on sn-devel-104
* s4: smbtorture: Add a proper change_notify going async followed by tdis test.Jeremy Allison2014-03-121-1/+67
| | | | | | | | | | | | [Bug 10344] SessionLogoff on a signed connection with an outstanding notify request crashes smbd. https://bugzilla.samba.org/show_bug.cgi?id=10344 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Mar 12 20:12:58 CET 2014 on sn-devel-104
* s4: smbtorture: Update the torture_smb2_notify_ulogoff test to demonstrate ↵Jeremy Allison2014-03-121-6/+14
| | | | | | | | | | | | | the problem. [Bug 10344] SessionLogoff on a signed connection with an outstanding notify request crashes smbd. https://bugzilla.samba.org/show_bug.cgi?id=10344 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smb2_tcon: cancel and wait for pending requests on tdisStefan Metzmacher2014-03-121-4/+78
| | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_sesssetup: cancel and wait for pending requests on logoffStefan Metzmacher2014-03-121-4/+78
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_tcon: split smbd_smb2_tdis into an async *_send/recv pair.Jeremy Allison2014-03-121-16/+89
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smb2_sesssetup: split smbd_smb2_logoff into an async *_send/recv pair.Jeremy Allison2014-03-121-20/+92
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smb2_lock: return RANGE_NOT_LOCKED instead of CANCELLED for logoff and tdisStefan Metzmacher2014-03-121-0/+20
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_lock: fix whitespaces/tabs in smbd_smb2_lock_cancel()Stefan Metzmacher2014-03-121-11/+11
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:torture/smb2: accept NT_STATUS_RANGE_NOT_LOCKED after smb2_logoff/tdisStefan Metzmacher2014-03-121-11/+13
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-net: add a new "net ads kerberos pac save" tool.Günther Deschner2014-03-121-0/+52
| | | | | | | | | | | | Use "filename=string" to define a file where to save the unencrypted PAC to. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Mar 12 13:02:59 CET 2014 on sn-devel-104
* s3-net: modify the current "net ads kerberos pac" command.Günther Deschner2014-03-121-38/+77
| | | | | | | | | | | Rename it to "net ads kerberos pac dump" and add a "type=num" option to allow dumping of individial pac buffer types. Ommitting type= or using type=0 will dump the whole PAC structure on stdout. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-kerberos: let kerberos_return_pac() return a PAC container.Günther Deschner2014-03-124-11/+38
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-kerberos: return a full PAC in kerberos_return_pac().Günther Deschner2014-03-124-15/+56
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-net: allow to provide custom local_service in "net ads kerberos pac".Günther Deschner2014-03-121-3/+11
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-net: change the way impersonation principals are used in "net ads ↵Günther Deschner2014-03-121-4/+10
| | | | | | | | | kerberos pac". Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/kerberos: fix a typo.Günther Deschner2014-03-121-1/+1
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-libads: pass down local_service to kerberos_return_pac().Günther Deschner2014-03-124-5/+19
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when ↵Jeremy Allison2014-03-111-1/+1
| | | | | | | | | | | | | setting owner or group owner. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 Bug 10327 - CVE-2013-6442: smbcacls --chown | --chgrp dacl regression Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Tue Mar 11 22:55:54 CET 2014 on sn-devel-104
* gencache: Add gencache values to memcacheVolker Lendecke2014-03-112-0/+38
| | | | | | | | | | | | gencache_parse calling tdb shows up in profiles when we do a lot of open/close traffic with large ACLs. For every file we convert unix ids to sids, and in the domain member case this goes through gencache. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Mar 11 19:56:47 CET 2014 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-09-26 20:21:10 +0000