summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-10-16smbd: Decouple grant_fsp_oplock_type from oplock validationVolker Lendecke1-27/+26
This makes grant_fsp_oplock_type independent from the values computed in validate_oplock_types. It *might* make oplock calculation a bit slower for heavily shared files, as we are walking the share mode array twice. But we are doing so much stuff in open that I doubt the difference is measurable. It clears up the code for me however, and I think that's worth it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-10-16smbd: Reduce the complexity of open_file_ntcreateVolker Lendecke1-24/+40
This removes two variables in open_file_ntcreate based on the observation that for exclusive and batch oplocks there can only be one entry. So in these cases we don't need to keep pointers from find_oplock_types to delay_for_oplocks. We can just reference the only share mode entry around. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-10-15smbd: Factor out remove_stale_share_mode_entriesVolker Lendecke3-14/+18
Will be used in the next commit Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-10-15smbd: Make find_oplock_types return boolVolker Lendecke1-15/+27
smb_panic() does not take a printf style argument. This improves debug output by easily printing the index that we fell over. Also, doing smb_panic deep down is bad style IMHO. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-10-15smbd: Make loop index type match loop limitVolker Lendecke1-1/+1
share_mode_data.num_share_modes is a uint32. 48 bytes less in .o text size for -O3 :-) Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-10-15smbd: Unify delay_for_*_oplocksVolker Lendecke1-45/+13
This is the same code in both routines Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-10-15smbd: Simplify find_oplock_types a bitVolker Lendecke1-6/+7
Define a variable to dereference lck->data just once. Believe it or not, this saves a few bytes .o with -O3 :-) Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-10-15s4:torture: add smb2.session.reauth6 : test failing reauthMichael Adam1-0/+103
This attempts reauth with invalid creds, hence triggering the error path in the reauth code. This invalidates the session and subsequente requests on that connection fail. https://bugzilla.samba.org/show_bug.cgi?id=10208 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Oct 15 22:50:27 CEST 2013 on sn-devel-104
2013-10-15libcli/smb: add smb2cli_tcon_is_encryption_on()Michael Adam2-0/+6
https://bugzilla.samba.org/show_bug.cgi?id=10208 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-15smbd:smb2: fix crash when smb2 session reauth failsMichael Adam1-3/+17
https://bugzilla.samba.org/show_bug.cgi?id=10208 Authentication error in smb2 session reauth invalidates the session. In this case the session must in contrast to successful session setup requests be torn down and live no longer than the request. The talloc move of the session from the global session table to the request ensures that the session setup reply can still be correctly signed, but subsequent requests on the connection don't find a session any more. Pair-Programmed-With: Jeremy Allison <jra@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2013-10-15smbd: Inline break_level2_to_none_asyncVolker Lendecke1-38/+32
With the special case for bug 5980 in do_break_to_none we only have one caller: process_oplock_async_level2_break_message. The further goal is to merge process_oplock_async_level2_break_message with process_oplock_break_message. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Oct 15 03:42:53 CEST 2013 on sn-devel-104
2013-10-15smbd: Remove a special case for level2 breakVolker Lendecke1-33/+12
With the level2 indicator in brlock.tdb this race condition does not exist anymore Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-15smbd: Remove some FAKE_LEVEL_II commentsVolker Lendecke2-8/+3
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-15smbd: Add debugs to brlock.cVolker Lendecke2-0/+21
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-15torture: Extend raw.oplock.batch10Volker Lendecke1-0/+12
With FAKE_LEVEL_II_OPLOCKS around we did not grant LEVEL2 after a NO_OPLOCK file got written to. Windows does grant LEVEL2 in this case. With the have_level2_oplocks in brlocks.tdb we can now grant LEVEL2 in this case as well. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-15smbd: Remove FAKE_LEVEL_II_OPLOCKVolker Lendecke5-59/+81
FAKE_LEVEL_II_OPLOCK was an indicator to break level2 oplock holders on write. This information is now being held in brlock.tdb, which makes the FAKE_LEVEL_II_OPLOCK type unnecessary. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-15smbd: Put "have_read_oplocks" into brlock.tdbVolker Lendecke2-10/+48
This implements an idea by metze: Right now Samba does not grant level2 oplocks where it should: After an initial no-oplock open that has been written to, we don't have the FAKE_LEVEL2_OPLOCK entry in locking.tdb around anymore, this downgraded to NO_OPLOCK. Windows in this case will grant level2 if being asked, we don't. Part of the reason for this is that we don't have a proper mechanism to communicate the fact that level2 needs to be broken to other smbds. Metze's insight was that we have to look into brlock.tdb for every write anyway, so this might be the right place to store this information. My first reaction was that this is really hackish, but on further thought this is not. oplocks depend on brlocks anyway, and we have the proper mechanisms in place for brlocks. The format for this change is to add one byte to the end of the brlock.tdb record with value 1 if we have level2 oplocks around. Thus this patch effectively reverts 8f41142 which I discovered while writing this change. We now legally have unaligned records. We can certainly talk about the format, but I'm not yet convinced we need an idl for this yet. This is a potentially very hot code path, and ndr marshalling has a cost. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-15docs: Explain why this option should not be usedAndrew Bartlett1-0/+5
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Oct 15 01:51:39 CEST 2013 on sn-devel-104
2013-10-15s3-winbindd: Remove undocumented winbindd:socket dir parameterAndrew Bartlett5-9/+5
This uses the documeted "winbindd socket directory" parameter instead. This came about due to the merge of the two smb.conf tables in s3 and s4 for the Samba 4.0 release. The s4 code used a real parameter, which caused this to be documented, whereas no automatic procedure existed to notice the parametric option and the need to document that. The fact that this was not used consistently in both codebases is one of the many areas of technical debt we still need to pay off here. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-10-15auth4: Remove an unused variableVolker Lendecke1-1/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-14talloc: Add a warning to talloc_reference() documentation.Andreas Schneider1-0/+8
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Kai Blin <kai@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Oct 14 23:05:54 CEST 2013 on sn-devel-104
2013-10-14param: disable print notify backchannel by defaultDavid Disseldorp4-7/+7
In handling RemoteFindFirstPrinterChangeNotifyEx requests, the spoolss server can establish a "backchannel" connection to the print client, as a mechanism for sending print notifications. This behaviour is governed by the "print notify backchannel" smb.conf parameter. This change sets "print notify backchannel" to "no" by default, which sees Samba respond to RemoteFindFirstPrinterChangeNotifyEx requests with WERR_SERVER_UNAVAILABLE. In recieving such a response, print clients can fall back to polling for print queue changes. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Mon Oct 14 18:49:41 CEST 2013 on sn-devel-104
2013-10-14asn1: fix use-after-free in asn1_writeJeff Layton1-1/+0
On talloc_realloc failure, asn1_write calls talloc_free on an asn1_data pointer and then tries to immediately set the has_error flag on it. Skip the free and just set the has_error flag. Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Oct 14 16:54:35 CEST 2013 on sn-devel-104
2013-10-14s4-samldb: Do not allow deletion of objects with RID < 1000Nadezhda Ivanova5-11/+48
According to [MS-SAMR] 3.1.5.7 Delete Pattern we should not allow deletion of security objects with RID < 1000. This patch will prevent deletion of well-known accounts and groups. Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Mon Oct 14 13:31:50 CEST 2013 on sn-devel-104
2013-10-13libcli4: Remove an unused variableVolker Lendecke1-1/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sun Oct 13 17:58:23 CEST 2013 on sn-devel-104
2013-10-13smbd: Remove unused create_options from open_mode_checkVolker Lendecke1-3/+2
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sun Oct 13 14:35:26 CEST 2013 on sn-devel-104
2013-10-13smbd: Remove name_hash param from open_mode_checkVolker Lendecke1-3/+2
This came from delete_on_close handling which was factored out. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-12s3/time_audit: Add offline and durable functionsChristof Schmitt1-0/+111
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Sat Oct 12 13:00:02 CEST 2013 on sn-devel-104
2013-10-12vfs: Fix parentheses in SMB_VFS_NEXT_DURABLE_COOKIEChristof Schmitt1-1/+1
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-12smbd: Fix the extended *.oplock.doc1 testsVolker Lendecke1-26/+33
We need to check for DELETE_PENDING before the first oplock break Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Oct 12 01:56:18 CEST 2013 on sn-devel-104
2013-10-11torture: Extend the smb2.oplock.doc1 testVolker Lendecke2-6/+29
If delete_on_close is set, there is no oplock break. Check that. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-11torture: Extend the raw.oplock.doc1 testVolker Lendecke2-7/+22
If delete_on_close is set, there is no oplock break. Check that. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-11ntdb: Make sure variables passed by value are initialized.Andreas Schneider1-2/+3
This fixes a GCC warning. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Oct 11 18:05:19 CEST 2013 on sn-devel-104
2013-10-11pidl: fix an error message typoVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-10-11s3-winbind: Send online/offline message of the domain to the parent.Andreas Schneider1-0/+22
https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Oct 11 13:37:56 CEST 2013 on sn-devel-104
2013-10-11s3-winbind: Register handlers for domain online/offline messages.Andreas Schneider2-0/+11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-11s3-winbind: Add functions for domain online/offline handling.Andreas Schneider2-0/+50
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-11idl: Add a new message for winbind domain states.Andreas Schneider1-0/+2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-10-11samba-tool domain join subdomain: Rework sambadns.py to allow setup of ↵Andrew Bartlett11-121/+99
DomainDNSZone only This skips handling the ForestDNSZone when we are setting up a subdomain. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Oct 11 10:27:49 CEST 2013 on sn-devel-104
2013-10-11join.py: Reconnect to the DC based on the DC name in dnsHostName to allow ↵Andrew Bartlett1-0/+4
connection to IPC$ The treeConnect&X of the GUID name fails against Windows 2003. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-11join.py: Remove special full_ncs handling, we only need to updateRefs on an ↵Andrew Bartlett1-7/+2
NC we replicate Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-11join.py: Use ctx.forestdns_zone variableAndrew Bartlett1-2/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-11join.py: Correct ctx.forestdns_zone and so remove the need for duplicate ↵Andrew Bartlett1-5/+1
repl.replicate() call Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-11provision: Remove --username and --password options from samba-tool domain ↵Andrew Bartlett8-59/+28
provision This avoids confusion, because the LDAP backend does not use these, and they do not set the password for the administrator account either! This may break support for the 'existing' backend LDAP backend, but that is nothing more than a stub for future development anyway, and new work in this area should use EXTERNAL in any case. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-10provision/sambadns: CN=MicrosoftDNS,CN=System, is relative to DOMAINDNStefan Metzmacher1-8/+8
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Oct 10 10:24:55 CEST 2013 on sn-devel-104
2013-10-10provision: Fix comment to refer to correct file (krb5.conf)Andrew Bartlett1-3/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-10dsdb: Provide a clearer error when we fail to store the sequence number in ↵Andrew Bartlett1-6/+19
metadata.tdb Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-10ldb:rdn_name: reject 'distinguishedName' depending of the MOD flagsStefan Metzmacher1-2/+8
This is what Windows 2008 R2 returns: LDB_MOD_ADD => LDB_ERR_UNWILLING_TO_PERFORM LDB_MOD_REPLACE => LDB_ERR_CONSTRAINT_VIOLATION LDB_MOD_DEL => LDB_ERR_UNWILLING_TO_PERFORM Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-10dsdb/tests/ldap: fix test_distinguished_name against w2k8r2Stefan Metzmacher1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-10s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'Stefan Metzmacher1-1/+1
The attribute on the RootDSE object is called 'dnsHostName' instead of 'dNSHostName' (which is used in the schema and on all other directory objects). Bug: https://bugzilla.samba.org/show_bug.cgi?id=10193 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>