summaryrefslogtreecommitdiffstats
path: root/source3
Commit message (Collapse)AuthorAgeFilesLines
...
* messaging: Avoid passing lp_ctx to tdb_wrap_open in messaging_tdb_initVolker Lendecke2014-03-311-3/+9
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:rpcclient: fix build without HAVE_IPV6Gregor Beck2014-03-311-5/+14
| | | | | | Signed-off-by: Gregor Beck <gbeck@sernet.de> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Use asys_resultsVolker Lendecke2014-03-271-18/+15
| | | | | | | | | | When multiple aio requests finish simultaneously, this saves a few syscalls Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 27 08:05:46 CET 2014 on sn-devel-104
* asys: Allow multiple results to be receivedVolker Lendecke2014-03-274-55/+69
| | | | | | | | | | | This makes use of C99 dynamic arrays. In this performance-sensitive code, I would like to avoid malloc/free, and I think 15 years after the standard we might be able to use this feature. Alternatively, we could use the "results" memory area and store the jobids in the upper range, playing some cast-tricks. Should work as well. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* pthreadpool: Allow multiple jobs to be receivedVolker Lendecke2014-03-278-37/+49
| | | | | | | This can avoid syscalls when multiple jobs are finished simultaneously Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* pthreadpool: Avoid a malloc/free per jobVolker Lendecke2014-03-271-54/+91
| | | | | | | | | | | pthreadpool_add_job is in our hottest code path for r/w intensive workloads, so we should avoid anything CPU-intensive. pthreadpool used to malloc each job and free it in the worker thread. This patch adds a FIFO queue for jobs that helper threads copy from, avoiding constant malloc/free. This cuts user space CPU in the local-bench-pthreadpool benchmark by roughly 10% on my system. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* pthreadpool: Add a simple benchmarkVolker Lendecke2014-03-274-0/+67
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth/gensec: remove tevent_context argument from gensec_update()Stefan Metzmacher2014-03-2711-25/+35
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Remove print_smbtorture4_version and smbtorture4_possible checkAndrew Bartlett2014-03-261-7/+2
| | | | | | | | | | | | | smbtorture is now always the same version as the rest of Samba, and is strictly required. Andrew Bartlett Change-Id: I89d9c52275477177fa8a89050920ff8a2fec9288 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Mar 26 04:20:16 CET 2014 on sn-devel-104
* s3-nmbd: reset debug settings after reading config file (bug #10239)Björn Baumbach2014-03-251-0/+4
| | | | | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Mar 25 18:29:06 CET 2014 on sn-devel-104
* s3: smbd: Factor out code that calls getgroups_unix_user() into a separate ↵Jeremy Allison2014-03-251-52/+92
| | | | | | | | | | | | | | | | | | | | | | function. This code needs to special-case the guest user, as this token can have the token_sid[0] set to the Guest SID, not the mapping of UNIX uid -> SID. Other users that may have a well-known SID set in token_sid[0] (like SYSTEM) are usually not mappable to UNIX users and can be ignored when adding local groups from /etc/group. Found by <linux@kukkukk.com>. Second part of the bugfix for: https://bugzilla.samba.org/show_bug.cgi?id=10508 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:build: remove global CLUSTER_SUPPORT defineStefan Metzmacher2014-03-249-35/+3
| | | | | | | | | | All ctdb specific code is isolated in samba-cluster-support.so now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Mar 24 19:08:44 CET 2014 on sn-devel-104
* s3:wscript: only build ctdb_dummy.c if we have no cluster supportStefan Metzmacher2014-03-247-30/+18
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:wscript: only fill in CTDB_CFLAGS instead of config.hStefan Metzmacher2014-03-241-32/+53
| | | | | | | Only files in 'samba3-ctdb-client' will see HAVE_CTDB* defines. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:wscript: don't add ctdb include dir globallyStefan Metzmacher2014-03-242-5/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:serverid: use ctdb_serverids_exist_supported() runtime checkStefan Metzmacher2014-03-241-5/+9
| | | | | | | | This is better than a compile time check for HAVE_CTDB_CONTROL_CHECK_SRVIDS_DECL. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:ctdb_conn: only use ctdb_protocol.h or ctdb_private.h in ctdb_conn.cStefan Metzmacher2014-03-242-16/+9
| | | | | | | We don't need them in ctdb_conn.h. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:lib: add cluster_support_[available|features]()Stefan Metzmacher2014-03-243-0/+112
| | | | | | | This allows runtime selection of libsamba-cluster-support.so Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:param: move lp_ctdbd_socket() to ctdbd_conn.cStefan Metzmacher2014-03-246-12/+21
| | | | | | | This allows us to use CTDB_PATH only in ctdbd_conn.c Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:lib: move all ctdb related dummy functions to ctdb_dummy.cStefan Metzmacher2014-03-247-121/+180
| | | | | | | This gets all dummy functions for the build without CLUSTER_SUPPORT. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:ctdbd_conn: always provide ctdb_serverids_exist()Stefan Metzmacher2014-03-241-4/+4
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:ctdbd_conn: add ctdb_serverids_exist_supported()Stefan Metzmacher2014-03-242-0/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:wscript: create a libsamba-cluster-support.soStefan Metzmacher2014-03-241-7/+18
| | | | | | | | | | This collects the ctdb version dependent files, which allows vendors to provide multiple versions of libsamba-cluster-support.so each compiled against different ctdb versions. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* smbd: Remove unused "share_mode_data->id"Volker Lendecke2014-03-212-2/+0
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Mar 21 21:22:24 CET 2014 on sn-devel-104
* smbd: Keep "the_lock"s file id separatelyVolker Lendecke2014-03-211-1/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Avoid checking the_lock->id for fresh locksVolker Lendecke2014-03-211-4/+5
| | | | | | | If we just fetched the lock, this check will always be true. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Explicitly pass "file_id" to rename_share_filenameVolker Lendecke2014-03-213-3/+5
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Use fsp->file_id in open_file_ntcreateVolker Lendecke2014-03-211-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Explicitly pass "file_id" to schedule_defer_openVolker Lendecke2014-03-211-3/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Explicitly pass "file_id" to rename_open_filesVolker Lendecke2014-03-211-3/+5
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: smbd: Ensure we always go via getgroups_unix_user() when creating an NT ↵Jeremy Allison2014-03-211-0/+61
| | | | | | | | | | | | | | | token. This has to be done in every code path that creates an NT token, as remote users may have been added to the local /etc/group database. Tokens created merely from the info3 structs (via the DC or via the krb5 PAC) won't have these local groups. https://bugzilla.samba.org/show_bug.cgi?id=10508 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo Sorce <idra@samba.org>
* s3-rpc_server: Fix handling of fragmented rpc requests.Andreas Schneider2014-03-201-12/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to call pipe_init_outgoing_data() as the first thing in process_complete_pdu(). Otherwise the caller may use uninitialized memory and tries to write a response into the socket. The problem happens only if a real socket is used, which means in all cases for master and only with external rpc daemons in v4-0 and v4-1. The problem looks like this in the logs. [2014/03/20 14:49:35.531663, 10, pid=7309, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2014/03/20 14:49:35.531695, 10, pid=7309, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2014/03/20 14:49:35.531738, 10, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:521(named_pipe_packet_process) Sending 1 fragments in a total of 0 bytes [2014/03/20 14:49:35.531769, 10, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:526(named_pipe_packet_process) Sending PDU number: 0, PDU Length: 4294967228 [2014/03/20 14:49:35.531801, 2, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:565(named_pipe_packet_done) Writev failed! [2014/03/20 14:49:35.531845, 2, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:595(named_pipe_packet_done) Fatal error(Message too long). Terminating client(127.0.0.1) connection! BUG: https://bugzilla.samba.org/show_bug.cgi?id=10481 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Guenther Deschner <gd@samba.org Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Mar 20 18:30:17 CET 2014 on sn-devel-104
* s3: smbd: Fileserving share access checks.Jeremy Allison2014-03-181-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Git commit 86d1e1db8e2747e30c89627cda123fde1e84f579 fixed share_access not being reset between users, by changing make_connection_snum() to call a common function check_user_share_access() in the same way that change_to_user() (which can be called on any incoming packet) does. Unfortunately that bugfix was incorrect and broke "force user" and "force group" as it called check_user_share_access() inside make_connection_snum() using the conn->session_info pointer instead of the vuser->session_info pointer. conn->session_info represents the token to use when actually accessing the file system, and so is modified by force user and force group. conn->session_info represents the "pristine" token of the user logging in, and is never modified by force user and force group. Samba 3.6.x checked the share access based on the "pristine" token of the user logging in, not the token modified by force user and force group. This change restores the expected behavior. Fixes bug #9878 - force user does not work as expected https://bugzilla.samba.org/show_bug.cgi?id=9878 Signed-off-by: Jeremy Allison <jra@samba.org> Tested-by: Gerhard Wiesinger <lists@wiesinger.com> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Mar 18 19:19:31 CET 2014 on sn-devel-104
* s3:modules/vfs_gpfs add gpfs:recalls optionChristian Ambach2014-03-141-0/+13
| | | | | | | | | | When this option is set to no, an attempt to open an offline file will be rejected with access denied. This helps preventing recall storms triggered by careless applications like Finder and Explorer. Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3-libads: Use the IP instead of the name.Bjoern Baumbach2014-03-131-1/+1
| | | | | | | | | | | Thix fixes 'net rpc join' against ADS. Signed-off-by: Bjoern Baumbach <bb@sernet.de> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Mar 13 17:06:00 CET 2014 on sn-devel-104
* s3-auth: Steal the memory to avoid duplication.Andreas Schneider2014-03-131-5/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-auth: Do not leak tmp_ctx if make_server_info() fails.Andreas Schneider2014-03-131-1/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-auth: Make is_null_sid() check easier to read.Simo Sorce2014-03-131-2/+3
| | | | | | Signed-off-by: Simo Sorce <idra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* CVE-2013-4496:samr: Remove ChangePasswordUserAndrew Bartlett2014-03-132-415/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This old password change mechanism does not provide the plaintext to validate against password complexity, and it is not used by modern clients. It also has quite difficult semantics to handle regarding password lockout. The missing features in both implementations (by design) were: - the password complexity checks (no plaintext) - the minimum password length (no plaintext) Additionally, the source3 version did not check: - the minimum password age - pdb_get_pass_can_change() which checks the security descriptor for the 'user cannot change password' setting. - the password history - the output of the 'passwd program' if 'unix passwd sync = yes'. Finally, the mechanism was almost useless, as it was incorrectly only made available to administrative users with permission to reset the password. It is removed here so that it is not mistakenly reinstated in the future. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: If2edd3183c177e5ff37c9511b0d0ad0dd9038c66 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://gerrit.samba.org/37
* CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case.Stefan Metzmacher2014-03-131-0/+1
| | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: Iabf22753effd80086d7956619a3dae830e487da8 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-on: https://gerrit.samba.org/161
* CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated ↵Andrew Bartlett2014-03-132-16/+129
| | | | | | | | | | | | | | password changes Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: Ic31774275f07e003e7c2682a856ccb2d5a7939de Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-on: https://gerrit.samba.org/162
* s3:smb2_tcon: cancel and wait for pending requests on tdisStefan Metzmacher2014-03-121-4/+78
| | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_sesssetup: cancel and wait for pending requests on logoffStefan Metzmacher2014-03-121-4/+78
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_tcon: split smbd_smb2_tdis into an async *_send/recv pair.Jeremy Allison2014-03-121-16/+89
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smb2_sesssetup: split smbd_smb2_logoff into an async *_send/recv pair.Jeremy Allison2014-03-121-20/+92
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smb2_lock: return RANGE_NOT_LOCKED instead of CANCELLED for logoff and tdisStefan Metzmacher2014-03-121-0/+20
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_lock: fix whitespaces/tabs in smbd_smb2_lock_cancel()Stefan Metzmacher2014-03-121-11/+11
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-net: add a new "net ads kerberos pac save" tool.Günther Deschner2014-03-121-0/+52
| | | | | | | | | | | | Use "filename=string" to define a file where to save the unencrypted PAC to. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Mar 12 13:02:59 CET 2014 on sn-devel-104
* s3-net: modify the current "net ads kerberos pac" command.Günther Deschner2014-03-121-38/+77
| | | | | | | | | | | Rename it to "net ads kerberos pac dump" and add a "type=num" option to allow dumping of individial pac buffer types. Ommitting type= or using type=0 will dump the whole PAC structure on stdout. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-kerberos: let kerberos_return_pac() return a PAC container.Günther Deschner2014-03-124-11/+38
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
generated by cgit (git 2.34.1) at 2024-07-04 18:29:20 +0000