summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow ↵Andrew Bartlett2015-01-155-5/+220
| | | | | | | | | | | | | | | | changes to userAccountControl This requires an additional control to be used in the LSA server to add domain trust account objects. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Thu Jan 15 14:54:47 CET 2015 on sn-devel-104
* CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.cAndrew Bartlett2015-01-151-2/+2
| | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Change-Id: If6bc90305a1e9a5a92562a01ba7e44330de91cc1 Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flagAndrew Bartlett2015-01-151-0/+1
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Change-Id: I36ad5ebc5d8a4811c41b59af90a3add4ae5fd857 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2014-8143:auth: Force talloc type of session_info pointer to matchAndrew Bartlett2015-01-151-0/+5
| | | | | | | | | | | | | This helps us keep things safe in LDB where we put this in a opaque pointer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Andrew Bartlett Change-Id: I46fe53ba655ca0810c276b72fbca524884cdf22d Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3: auth - tests: Add test for "force user" being a unix-only user, not in ↵Jeremy Allison2015-01-142-0/+5
| | | | | | | | | | | | passdb. https://bugzilla.samba.org/show_bug.cgi?id=11044 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Jan 14 08:46:08 CET 2015 on sn-devel-104
* s3: auth: Add previously missing allocation fail check.Jeremy Allison2015-01-141-0/+4
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3: auth: Plumb in the SamInfo3_handle_sids() utility function into ↵Jeremy Allison2015-01-143-5/+17
| | | | | | | | | | | | | passwd_to_SamInfo3(). Core fix for: https://bugzilla.samba.org/show_bug.cgi?id=11044 Based on code from Michael Zeis <mzeis.quantum@gmail.com> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3: auth: Convert samu_to_SamInfo3() to use the new utility function.Jeremy Allison2015-01-141-57/+9
| | | | | | | | | Based on code from Michael Zeis <mzeis.quantum@gmail.com> https://bugzilla.samba.org/show_bug.cgi?id=11044 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3: auth: Add a utility function - SamInfo3_handle_sids() that factors out ↵Jeremy Allison2015-01-141-0/+70
| | | | | | | | | | | the code to handle "Unix Users" and "Unix Groups". Based on code from Michael Zeis <mzeis.quantum@gmail.com> https://bugzilla.samba.org/show_bug.cgi?id=11044 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* rwrap: Bump version to 1.1.2.Andreas Schneider2015-01-131-1/+1
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Jan 13 19:19:25 CET 2015 on sn-devel-104
* rwrap: Fix ns_name_compress detection.Andreas Schneider2015-01-131-1/+3
| | | | | | | | On some platforms it is a macro and not a function. So we need to check if the macro exists. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* rwrap: Bump version to 1.1.1.Andreas Schneider2015-01-131-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* rwrap: Fix a possible NULL dereference.Andreas Schneider2015-01-131-1/+1
| | | | | | | | CID: #84271 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jakub Hrozek <jakub.hrozek@gmail.com> Reviewed-by: Guenther Deschner <gd@samba.org>
* rwrap: If we do not have ns_name_compress() use dn_comp().Andreas Schneider2015-01-132-0/+6
| | | | | | | | | | | This should fix older Linux versions which do not export ns_name_compress(). In newer glibc versions dn_comp() calls ns_name_compress(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11019 Reviewed-by: Jakub Hrozek <jakub.hrozek@gmail.com> Reviewed-by: Michael Adam <obnox@samba.org>
* net: Fix sam addgroupmemVolker Lendecke2015-01-131-3/+5
| | | | | | | | | | | | | Domain local groups come across as SID_TYPE_ALIAS and are sent to us in the PAC/Info3 struct. We should allow this in net sam addgroupmem. Volker Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Tue Jan 13 15:28:16 CET 2015 on sn-devel-104
* s3-util: Fix authentication with long hostnames.Andreas Schneider2015-01-121-1/+3
| | | | | | | | | | | | | If the hostname is longer than MAX_NETBIOSNAME_LEN we fail to correctly check the hostname. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11008 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Jan 12 23:10:30 CET 2015 on sn-devel-104
* leases_db: don't leak lock_path onto talloc tosDavid Disseldorp2015-01-121-2/+9
| | | | | | | | | | Also check for allocation failures. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Jan 12 19:22:31 CET 2015 on sn-devel-104
* smbd: Fix a small leak on talloc_tos()Volker Lendecke2015-01-111-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Sun Jan 11 20:34:56 CET 2015 on sn-devel-104
* smbd: Fix an uninitialized variable readVolker Lendecke2015-01-111-2/+1
| | | | | | | | If dbwrap_fetch_locked failed, we did a TALLOC_FREE(value). Fix this with a talloc hierarchy. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* smbd: Make talloc_report of smb_filename more readableVolker Lendecke2015-01-111-0/+6
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* vfs_unityed_media: VFS module for sharing AVID projectsRalph Boehme2015-01-105-1/+2079
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Based on <https://code.google.com/p/vfs-unityed-media/>. The existing VFS module media_harmony has some problems relative to Avid media sharing: Avid looks at the modification time of the ingest directory. Since media_harmony has everyone using the same directory, users (or client systems) have to somehow create "fake" directories with special names and then media_harmony returns the mod time of those fake directories for the different clients rather than the actual mod time of the communal ingest directory. To make matters worse, users then have to have a special utility or understand how to update the modtime on these specially named directories. Otherwise, their client system will never update the indexes to show new media. To make it even worse than that, Avid creates new directories on the fly, so you can't just set this up statically at the beginning. Avid will silently create a new directory and your reindexing problems will start all over until you create new fake directories. With unityed_media: * there are no reindexes between clients * clients don't need to know which directories have been created for them, it's automatic. * clients never have to reindex other systems directories. * unityed_media let's each client have their own directories. * unityed_media works much more like Avid's own ISIS servers work. A module option controls which name is appended to client specific paths: the username, the hostname (will not work with OS X) or the client's IP. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Jan 10 04:15:04 CET 2015 on sn-devel-104
* lib: Simplify iov_bufVolker Lendecke2015-01-091-2/+2
| | | | | | | | | | | | | | According to https://www.securecoding.cert.org/confluence/display/seccode/INT30-C.+Ensure+that+unsigned+integer+operations+do+not+wrap we only need to check against one operand. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jan 9 23:42:49 CET 2015 on sn-devel-104
* unix_msg: Fix 80-line formattingVolker Lendecke2015-01-091-2/+4
| | | | | | | | This is pretty fresh code, so hope this change does not fall under the "no reformatting" rule yet Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Make sure response->extra_data.data is always cleared outMatthew Newton2015-01-091-6/+7
| | | | | | | | | | Otherwise a bad read can sometimes cause the function to return -1 with an invalid pointer in extra_data.data, which is attempted to be freed by the caller (e.g. libwbclient/wbc_pam.c wbcAuthenticateUserEx()) by calling winbindd_free_response(). Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* test: Fix quotingVolker Lendecke2015-01-091-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Jan 9 17:33:31 CET 2015 on sn-devel-104
* s3-vfs: Fix developer build of vfs_ceph module.Günther Deschner2015-01-091-10/+20
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* ctdb: improve helpfulness of debug message when taking reclock failsMichael Adam2015-01-091-1/+5
| | | | | | | | | | Print out the errno if the fcntl call. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Richard Sharpe <rsharpe@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Jan 9 04:25:02 CET 2015 on sn-devel-104
* ctdb-daemon: Handle out-of-memory when setting recovery lock fileMartin Schwenke2015-01-091-8/+26
| | | | | | | | Log a message when the reclock file actually changes and avoid a memory allocation when it doesn't change. Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Michael Adam <obnox@samba.org>
* ctdb-scripts: Don't use the GNU awk gensub() functionMartin Schwenke2015-01-094-7/+11
| | | | | | | | | | | | | This is a gawk extension and can't be used reliably if just running "awk". It is simple enough to switch to using the standard sub() and gsub() functions. The alternative is to switch to explicitly running "gawk". However, although the eventscripts aren't exactly portable, it is probably better to move closer to portability than further away. Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Michael Adam <obnox@samba.org>
* ctdb-scripts: Try to deal with Ubuntu having /usr/sbin/serviceMartin Schwenke2015-01-091-0/+2
| | | | | | | | | Falling back to running the initscript doesn't work because it detects that upstart is being used and fails. This was observed when trying to start winbind on Ubuntu 11.04. Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Michael Adam <obnox@samba.org>
* ctdb-tests: Fix tickle sniffing for IPv4Martin Schwenke2015-01-091-1/+1
| | | | | | | | | | | | tcptickle_sniff_start() assumes that if $dst contains a ': then it should use the IPv6 sniffing code. However, $dst is a socket, so has a trailing ":<port>". Strip the trailing ":<port>" before checking for ':' as a marker for an IPv6 address. Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Michael Adam <obnox@samba.org>
* ctdb-scripts: Fix bashism in ctdbd_wrapper scriptLed2015-01-091-1/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11007 Signed-off-by: Oleksandr Chumachenko <ledest@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Michael Adam <obnox@samba.org>
* wafadmin: backported the openbsd fixes from waf 1.7Thomas Nagy2015-01-093-6/+20
| | | | | | | | | | This is a backport from waf 1.5... Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jan 9 02:02:07 CET 2015 on sn-devel-104
* wafsamba: remove commented out code.Michael Adam2015-01-081-27/+0
| | | | | | | | | This code has only ever been there as commented out... Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* Revert "waf: added suncc_wrap"Michael Adam2015-01-081-18/+1
| | | | | | | | | | This reverts commit 65743f932b511db009655847e77288c95c0aa525. Conflicts: buildtools/wafsamba/samba_optimisation.py Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* wafsamba: generate an empty.c file if a SAMBA_{LIBRARY,SUBSYSTEM} doesn't ↵Stefan Metzmacher2015-01-081-6/+23
| | | | | | | | | | | | | | have any source files This is better than passing '-' as filename to the compiler/linker. This replaces commit 65743f932b511db009655847e77288c95c0aa525. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9334 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10315 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* wafsamba: flags from enviroment are put before our own internal versionsRalph Boehme2015-01-081-0/+42
| | | | | | | | | | | | | | Ensure user provided CPPFLAGS and LDFLAGS are put *behind* our internally computed compiler and linker flags. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10877 Pair-Programmed-With: Michael Adam <obnox@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* wafsamba: filter out standard library paths from RPATH and LIBPATHMichael Adam2015-01-083-1/+55
| | | | | | | | | | | | | We should avoid passing them explicitly to the compiler/linker. We ask the compiler with the '-print-search-dirs' argument or fallback to [ '/usr/lib', '/usr/lib64' ]. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* wafsamba: fix ordering problems with lib-provided and internal RPATHsMichael Adam2015-01-081-0/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a library or system (like cups) provides an RPATH, e.g. with -Wl,-R or -Wl,-rpath, this was added by waf to the LINKFLAGS, wich was later prepended to our RPATH. But if the path by chance contains an older version of one of our internal libraries like talloc, this would lead to linking the too old talloc into our binaries. This has been observed on, e.g., FreeBSD, but it is a general problem. This patch fixes the problem by specially parsing the RPATH linker options from the pkg-config(, cups-config, ....) output and putting the paths into the RPATH_<lib> container, which is then later correctly appended to our internal RPATH. This is a better fix than commit 64f5e24100a764ec198cab9a8d2c43fa86e7027c as it touches wafsamba only. 64f5e24100a764ec198cab9a8d2c43fa86e7027c is already in waf 1.5 upstream, but has some possible bugs, e.g. it doesn't handle -Wl,-R, (with ',' at the end) or some combinations where the path is given via an additional -Wl,/path argument. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10548 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* wafsamba: make it possible to specify ADDITIONAL_{CFLAGS,LDFLAGS} as env var ↵Stefan Metzmacher2015-01-081-0/+13
| | | | | | | | | | to ./configure CFLAGS and LDFLAGS are also used during the configure checks and might impact their results. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* wafsamba: improve -fvisibility=hidden, we should check it together this ↵Stefan Metzmacher2015-01-081-1/+1
| | | | | | | | | | | | | | WERROR_CFLAGS GCC ignores -fvisibility=hidden with a warning instead of failing om some platforms (e.g. Solaris). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11031 Based on a patch from Tom Schulz <schulz@adi.com>. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* wafsamba: let CURRENT_CFLAGS() use bld.env.VISIBILITY_CFLAGSStefan Metzmacher2015-01-081-1/+1
| | | | | | | This is better than a hardcoded value in multiple places. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* wafsamba: move -fvisibility=hidden checks from lib/replace to wafsambaStefan Metzmacher2015-01-082-7/+7
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* wafsamba: move '-fstack-protector' checks from lib/replace to wafsambaStefan Metzmacher2015-01-082-4/+4
| | | | | | | | | | | This moves the check to the end of the configure run, which means we no longer use this on configure checks, but only for the real build. This behavior is similar than our developer cflags. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* wafsamba: move WERROR_CFLAGS checks from lib/replace to wafsambaStefan Metzmacher2015-01-082-13/+13
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* wafsamba: move compiler / cflags related stuff from lib/replace to wafsambaStefan Metzmacher2015-01-082-21/+21
| | | | | | | We should have this just in one central place. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* wafsamba: let TO_LIST(mylist) return a copy of mylistStefan Metzmacher2015-01-081-1/+2
| | | | | | | | | | | | | In most cases we have TO_LIST(mystring) which returns an independent list. newlist = TO_LIST(mylist) returned just a reference to mylist. Which means newlist.append("end") would also modify mylist. TO_LIST() should always return an independent list. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* vfs_fruit: mmap under FreeBSD needs PROT_READVolker Lendecke2015-01-081-1/+1
| | | | | | | | We memmove, which does read Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Böhme <rb@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/util: Avoid collision which alread defined consumer DEBUG macro.Andreas Schneider2015-01-082-3/+8
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11033 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net> Autobuild-User(master): Martin Schwenke <martins@samba.org> Autobuild-Date(master): Thu Jan 8 21:41:30 CET 2015 on sn-devel-104
* s4:torture:vfs_fruit: fix model name checkRalph Boehme2015-01-081-7/+1
| | | | | | | | | | Don't abort when the model string is not "Samba", simply log it. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Jan 8 15:31:44 CET 2015 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-06-13 02:48:49 +0000