summaryrefslogtreecommitdiffstats
path: root/source3
Commit message (Collapse)AuthorAgeFilesLines
...
* s3:wscript: only fill in CTDB_CFLAGS instead of config.hStefan Metzmacher2014-03-241-32/+53
| | | | | | | Only files in 'samba3-ctdb-client' will see HAVE_CTDB* defines. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:wscript: don't add ctdb include dir globallyStefan Metzmacher2014-03-242-5/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:serverid: use ctdb_serverids_exist_supported() runtime checkStefan Metzmacher2014-03-241-5/+9
| | | | | | | | This is better than a compile time check for HAVE_CTDB_CONTROL_CHECK_SRVIDS_DECL. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:ctdb_conn: only use ctdb_protocol.h or ctdb_private.h in ctdb_conn.cStefan Metzmacher2014-03-242-16/+9
| | | | | | | We don't need them in ctdb_conn.h. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:lib: add cluster_support_[available|features]()Stefan Metzmacher2014-03-243-0/+112
| | | | | | | This allows runtime selection of libsamba-cluster-support.so Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:param: move lp_ctdbd_socket() to ctdbd_conn.cStefan Metzmacher2014-03-246-12/+21
| | | | | | | This allows us to use CTDB_PATH only in ctdbd_conn.c Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:lib: move all ctdb related dummy functions to ctdb_dummy.cStefan Metzmacher2014-03-247-121/+180
| | | | | | | This gets all dummy functions for the build without CLUSTER_SUPPORT. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:ctdbd_conn: always provide ctdb_serverids_exist()Stefan Metzmacher2014-03-241-4/+4
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:ctdbd_conn: add ctdb_serverids_exist_supported()Stefan Metzmacher2014-03-242-0/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:wscript: create a libsamba-cluster-support.soStefan Metzmacher2014-03-241-7/+18
| | | | | | | | | | This collects the ctdb version dependent files, which allows vendors to provide multiple versions of libsamba-cluster-support.so each compiled against different ctdb versions. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* smbd: Remove unused "share_mode_data->id"Volker Lendecke2014-03-212-2/+0
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Mar 21 21:22:24 CET 2014 on sn-devel-104
* smbd: Keep "the_lock"s file id separatelyVolker Lendecke2014-03-211-1/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Avoid checking the_lock->id for fresh locksVolker Lendecke2014-03-211-4/+5
| | | | | | | If we just fetched the lock, this check will always be true. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Explicitly pass "file_id" to rename_share_filenameVolker Lendecke2014-03-213-3/+5
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Use fsp->file_id in open_file_ntcreateVolker Lendecke2014-03-211-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Explicitly pass "file_id" to schedule_defer_openVolker Lendecke2014-03-211-3/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Explicitly pass "file_id" to rename_open_filesVolker Lendecke2014-03-211-3/+5
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: smbd: Ensure we always go via getgroups_unix_user() when creating an NT ↵Jeremy Allison2014-03-211-0/+61
| | | | | | | | | | | | | | | token. This has to be done in every code path that creates an NT token, as remote users may have been added to the local /etc/group database. Tokens created merely from the info3 structs (via the DC or via the krb5 PAC) won't have these local groups. https://bugzilla.samba.org/show_bug.cgi?id=10508 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo Sorce <idra@samba.org>
* s3-rpc_server: Fix handling of fragmented rpc requests.Andreas Schneider2014-03-201-12/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to call pipe_init_outgoing_data() as the first thing in process_complete_pdu(). Otherwise the caller may use uninitialized memory and tries to write a response into the socket. The problem happens only if a real socket is used, which means in all cases for master and only with external rpc daemons in v4-0 and v4-1. The problem looks like this in the logs. [2014/03/20 14:49:35.531663, 10, pid=7309, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2014/03/20 14:49:35.531695, 10, pid=7309, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2014/03/20 14:49:35.531738, 10, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:521(named_pipe_packet_process) Sending 1 fragments in a total of 0 bytes [2014/03/20 14:49:35.531769, 10, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:526(named_pipe_packet_process) Sending PDU number: 0, PDU Length: 4294967228 [2014/03/20 14:49:35.531801, 2, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:565(named_pipe_packet_done) Writev failed! [2014/03/20 14:49:35.531845, 2, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:595(named_pipe_packet_done) Fatal error(Message too long). Terminating client(127.0.0.1) connection! BUG: https://bugzilla.samba.org/show_bug.cgi?id=10481 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Guenther Deschner <gd@samba.org Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Mar 20 18:30:17 CET 2014 on sn-devel-104
* s3: smbd: Fileserving share access checks.Jeremy Allison2014-03-181-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Git commit 86d1e1db8e2747e30c89627cda123fde1e84f579 fixed share_access not being reset between users, by changing make_connection_snum() to call a common function check_user_share_access() in the same way that change_to_user() (which can be called on any incoming packet) does. Unfortunately that bugfix was incorrect and broke "force user" and "force group" as it called check_user_share_access() inside make_connection_snum() using the conn->session_info pointer instead of the vuser->session_info pointer. conn->session_info represents the token to use when actually accessing the file system, and so is modified by force user and force group. conn->session_info represents the "pristine" token of the user logging in, and is never modified by force user and force group. Samba 3.6.x checked the share access based on the "pristine" token of the user logging in, not the token modified by force user and force group. This change restores the expected behavior. Fixes bug #9878 - force user does not work as expected https://bugzilla.samba.org/show_bug.cgi?id=9878 Signed-off-by: Jeremy Allison <jra@samba.org> Tested-by: Gerhard Wiesinger <lists@wiesinger.com> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Mar 18 19:19:31 CET 2014 on sn-devel-104
* s3:modules/vfs_gpfs add gpfs:recalls optionChristian Ambach2014-03-141-0/+13
| | | | | | | | | | When this option is set to no, an attempt to open an offline file will be rejected with access denied. This helps preventing recall storms triggered by careless applications like Finder and Explorer. Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3-libads: Use the IP instead of the name.Bjoern Baumbach2014-03-131-1/+1
| | | | | | | | | | | Thix fixes 'net rpc join' against ADS. Signed-off-by: Bjoern Baumbach <bb@sernet.de> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Mar 13 17:06:00 CET 2014 on sn-devel-104
* s3-auth: Steal the memory to avoid duplication.Andreas Schneider2014-03-131-5/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-auth: Do not leak tmp_ctx if make_server_info() fails.Andreas Schneider2014-03-131-1/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-auth: Make is_null_sid() check easier to read.Simo Sorce2014-03-131-2/+3
| | | | | | Signed-off-by: Simo Sorce <idra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* CVE-2013-4496:samr: Remove ChangePasswordUserAndrew Bartlett2014-03-132-415/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This old password change mechanism does not provide the plaintext to validate against password complexity, and it is not used by modern clients. It also has quite difficult semantics to handle regarding password lockout. The missing features in both implementations (by design) were: - the password complexity checks (no plaintext) - the minimum password length (no plaintext) Additionally, the source3 version did not check: - the minimum password age - pdb_get_pass_can_change() which checks the security descriptor for the 'user cannot change password' setting. - the password history - the output of the 'passwd program' if 'unix passwd sync = yes'. Finally, the mechanism was almost useless, as it was incorrectly only made available to administrative users with permission to reset the password. It is removed here so that it is not mistakenly reinstated in the future. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: If2edd3183c177e5ff37c9511b0d0ad0dd9038c66 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://gerrit.samba.org/37
* CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case.Stefan Metzmacher2014-03-131-0/+1
| | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: Iabf22753effd80086d7956619a3dae830e487da8 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-on: https://gerrit.samba.org/161
* CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated ↵Andrew Bartlett2014-03-132-16/+129
| | | | | | | | | | | | | | password changes Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: Ic31774275f07e003e7c2682a856ccb2d5a7939de Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-on: https://gerrit.samba.org/162
* s3:smb2_tcon: cancel and wait for pending requests on tdisStefan Metzmacher2014-03-121-4/+78
| | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_sesssetup: cancel and wait for pending requests on logoffStefan Metzmacher2014-03-121-4/+78
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_tcon: split smbd_smb2_tdis into an async *_send/recv pair.Jeremy Allison2014-03-121-16/+89
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smb2_sesssetup: split smbd_smb2_logoff into an async *_send/recv pair.Jeremy Allison2014-03-121-20/+92
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smb2_lock: return RANGE_NOT_LOCKED instead of CANCELLED for logoff and tdisStefan Metzmacher2014-03-121-0/+20
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_lock: fix whitespaces/tabs in smbd_smb2_lock_cancel()Stefan Metzmacher2014-03-121-11/+11
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-net: add a new "net ads kerberos pac save" tool.Günther Deschner2014-03-121-0/+52
| | | | | | | | | | | | Use "filename=string" to define a file where to save the unencrypted PAC to. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Mar 12 13:02:59 CET 2014 on sn-devel-104
* s3-net: modify the current "net ads kerberos pac" command.Günther Deschner2014-03-121-38/+77
| | | | | | | | | | | Rename it to "net ads kerberos pac dump" and add a "type=num" option to allow dumping of individial pac buffer types. Ommitting type= or using type=0 will dump the whole PAC structure on stdout. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-kerberos: let kerberos_return_pac() return a PAC container.Günther Deschner2014-03-124-11/+38
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-kerberos: return a full PAC in kerberos_return_pac().Günther Deschner2014-03-124-15/+56
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-net: allow to provide custom local_service in "net ads kerberos pac".Günther Deschner2014-03-121-3/+11
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-net: change the way impersonation principals are used in "net ads ↵Günther Deschner2014-03-121-4/+10
| | | | | | | | | kerberos pac". Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-libads: pass down local_service to kerberos_return_pac().Günther Deschner2014-03-124-5/+19
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when ↵Jeremy Allison2014-03-111-1/+1
| | | | | | | | | | | | | setting owner or group owner. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 Bug 10327 - CVE-2013-6442: smbcacls --chown | --chgrp dacl regression Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Tue Mar 11 22:55:54 CET 2014 on sn-devel-104
* gencache: Add gencache values to memcacheVolker Lendecke2014-03-112-0/+38
| | | | | | | | | | | | gencache_parse calling tdb shows up in profiles when we do a lot of open/close traffic with large ACLs. For every file we convert unix ids to sids, and in the domain member case this goes through gencache. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Mar 11 19:56:47 CET 2014 on sn-devel-104
* vfs_catia: add chmod()Ralph Boehme2014-03-111-0/+20
| | | | | | | | | | | Clients using UNIX extensions need chmod() to go through catia. Signed-off-by: Ralph Boehme <rb@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Mar 11 13:39:17 CET 2014 on sn-devel-104
* Add usable stream name definesRalph Boehme2014-03-111-5/+12
| | | | | | | | | Add stream name defines that are usable with Samba's way of storing stream names internally. Signed-off-by: Ralph Boehme <rb@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo Sorce <idra@samba.org>
* Fix a typoRalph Boehme2014-03-111-1/+1
| | | | | | Signed-off-by: Ralph Boehme <rb@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo Sorce <idra@samba.org>
* build: Make order of arguments clearer by explicitly making the list of ↵Andrew Bartlett2014-03-081-2/+2
| | | | | | | | | | | | functions to look for a python list Change-Id: I19bbd3b34548258201dabdc0ec8dc049e28d0049 Reviewed-by: David Disseldorp <ddiss@samba.org> Tested-by: Thomas Schulz <schulz@adi.com> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Mar 8 05:53:08 CET 2014 on sn-devel-104
* build: Do not rely on sys.platform for ACL tests, combine UnixWare and ↵Andrew Bartlett2014-03-082-16/+12
| | | | | | | | | | | | | | | Solaris ACL tests This avoids issues with whatever sys.platform may return, fixes the order of arguments to the CHECK_FUNCS_IN call, and only runs after Linux-style POSIX ACL detection fails. Andrew Bartlett Change-Id: I930dff1e03c1cd1ceb8f3a35823ceb805694b66a Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Tested-by: Thomas Schulz <schulz@adi.com>
* For FSRVP use textual error messages instead of hex error codesNoel Power2014-03-081-2/+50
| | | | | | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Mar 8 03:52:44 CET 2014 on sn-devel-104
* s3-kerberos: remove unused kdc_name from ↵Günther Deschner2014-03-075-18/+10
| | | | | | | | | | | | create_local_private_krb5_conf_for_domain(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Mar 7 18:43:57 CET 2014 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-09-04 13:20:44 +0000