summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-01-29s3:winbindd: create group structs for gids that are coming from a user sid ↵Michael Adam1-0/+49
id-mapped with ID_TYPE_BOTH This "fake" group contains exctly one member, namely the user that the sid is actually belonging to. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-29s3:winbindd: factor add_wbint_Principal_to_dict() out of wb_group_members_done()Michael Adam2-17/+47
for later reuse Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-29s3:winbindd: fix a cut'n'paste comment typo in wb_fill_pwentMichael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-29s3:winbindd: rename winbindd_getgrnam_lookupsid_done to ↵Michael Adam1-3/+3
winbindd_getgrnam_lookupname_done That's what it is. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-29s3:utils/net remove aclmapset commandChristian Ambach1-73/+0
this was made for the nfs4:sidmap code that has been removed, so this subcommand can also go away Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Jan 29 15:37:18 CET 2013 on sn-devel-104
2013-01-29s3:net_idmap_dump support dumping autorid backendChristian Ambach1-8/+106
- remember the type of idmapping database (tdb or autorid) this allows to make rest of the code (e.g. dump) know which database-style it will encounter - add a seperate dump function for autorid - default to TDB if db-file is given on the command-line Pair-Programmed-With: Ralph Wuerthner <ralph.wuerthner@de.ibm.com> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com> Reviewed-by: Michael Adam <obnox@samba.org>
2013-01-29s3:net_idmap_dump add missing bracesChristian Ambach1-1/+2
see README.Coding Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-01-29s3:net_idmap_dump remove obsolete support for tdb:idmap2.tdb parameterChristian Ambach1-6/+2
this one got removed from idmap_tdb2 a while ago Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-01-29s3:net_idmap_dump deal with idmap config * : backend config styleChristian Ambach1-6/+13
this is the new config style since Samba 3.6 and should be detected by net idmap dump Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-01-28Regression test for bug #9571 - Unlink after open causes smbd to panicJeremy Allison1-0/+44
Replicates the protocol activity that triggers the crash. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Jan 28 15:33:17 CET 2013 on sn-devel-104
2013-01-28Fix bug #9571 - Unlink after open causes smbd to panic.Pavel Shilovsky1-3/+3
s3:smbd: fix wrong lock order in posix unlink Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-28Fix bug #9588 - ACLs are not inherited to directories for DFS shares.Jeremy Allison1-0/+13
We can return with NT_STATUS_OK in an error code path. This has a really strange effect in that it prevents the ACL editor in Windows XP from recursively changing ACE entries on sub-directories after a change in a DFS-root share (we end up returning a path that looks like: \\IPV4\share1\xptest/testdir with a mixture of Windows and POSIX pathname separators). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Mon Jan 28 13:48:13 CET 2013 on sn-devel-104
2013-01-28smbcontrol: Fix undefined serverid_traverse_read warningVolker Lendecke1-0/+1
Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jan 28 11:51:12 CET 2013 on sn-devel-104
2013-01-28smbcontrol: Fix the build with libunwindVolker Lendecke1-1/+1
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-01-27s4:service_task: add missing imessaging_cleanup() to task_server_terminate()Stefan Metzmacher1-0/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sun Jan 27 15:50:30 CET 2013 on sn-devel-104
2013-01-27s4:service_task: prevent a segfault if task->msg_ctx is not initialized yetStefan Metzmacher1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27selftest: rename 'promoted_vampire_dc' to 'promoted_dc'Stefan Metzmacher2-11/+11
Unix domain socket are limited to 104 characters on Linux. Using something like this fails as it uses more than 104 characters: '/memdisk/autobuild/flakey/b232141/samba/bin/ab/promoted_vampire_dc/private/smbd.tmp/msg/msg.482379.2147483647' Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27selftest: Add test of upgradeprovision using the old alpha13 treeAndrew Bartlett3-5/+141
This ensures that upgradeprovision works as expected on a known good old database. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Jan 27 11:55:54 CET 2013 on sn-devel-104
2013-01-27samba_upgradeprovision: detect dns_backend for the reference provisionStefan Metzmacher2-10/+11
If we have a DomainDnsZone partition, we use BIND9_DLZ as backend and fix errors in the ForestDnsZone and DomainDnsZone partitions. Note: this should work fine also for SAMBA_INTERNAL. If the current setup doesn't use dns specific partitions (e.g. alpha13 setups) we pass dns_backend=BIND9_FLATFILE. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: setup names.dns_backendStefan Metzmacher1-0/+26
If we have a DomainDnsZone partition: - we use BIND9_DLZ as backend if a dns-<netbiosname> account is available - otherwise, we use SAMBA_INTERNAL else: - we use BIND9_FLATFILE if a dns or dns-<netbiosname> account is available - otherwise, we use NONE Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27samba_upgradeprovision: fix the nTSecurityDescriptor on more containers (bug ↵Stefan Metzmacher1-36/+92
#9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: fix nTSecurityDescriptor of containers in the DnsZones (bug #9481)Stefan Metzmacher2-11/+23
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: fix nTSecurityDescriptor attributes of CN=*,${CONFIGDN} (bug #9481)Stefan Metzmacher4-0/+34
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: fix nTSecurityDescriptor of CN={LostAndFound,System},${DOMAINDN} ↵Stefan Metzmacher2-0/+6
(bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: setup names.name_map['DnsAdmins']Stefan Metzmacher1-0/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: introduce names.name_map = {}Stefan Metzmacher1-0/+1
This will be used to translated names in SDDL values, which are not wellknown, e.g. 'DnsAdmins'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: add get_dns_{forest,domain}_microsoft_dns_descriptor()Stefan Metzmacher2-0/+16
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: add get_config_ntds_quotas_descriptor()Stefan Metzmacher2-0/+8
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: add get_{config,domain}_delete_protected*_descriptor()Stefan Metzmacher2-0/+40
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27schema.py: add optional name_map={} to get_schema_descriptor()Stefan Metzmacher1-1/+1
This is not used, but makes the prototype compatible with the other get_*_descriptor() functions. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: add optional name_map={} argument to get_*_descriptor()Stefan Metzmacher1-32/+30
This will allow subsitute non-wellkown names in the SDDL, e.g. 'DnsAdmins'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: import/export get_dns_partition_descriptor()Stefan Metzmacher1-1/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: setup names.dns{forest,domain}dnStefan Metzmacher1-1/+22
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27samba_upgradeprovision: fix resetting of 'nTSecurityDescriptor' on schema ↵Stefan Metzmacher1-1/+1
objects Without this schema_data_modify() will reject updates to schema objects by default. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27samba_upgradeprovision: don't reset 'whenCreated' when resetting ↵Stefan Metzmacher1-2/+0
'nTSecurityDescriptor' Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27dbckecker: fix nTSecurityDescriptor values from before 4.0.0rc6 (bug #9481)Stefan Metzmacher1-2/+181
They inherited effective ACE for the wrong object classes. For SACL ACEs the problem was also present in 4.0.0. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27dsdb-descriptor: get_default_group() should always return the DAG sid (bug ↵Stefan Metzmacher1-5/+10
#9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27tests/sec_descriptor: the default owner behavior depends on ↵Stefan Metzmacher1-4/+4
domainControllerFunctionality (bug #9481) Not on the domainFunctionality. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27libcli/security: calculate INHERIT_ONLY correcty for AUDIT and ALARM aces ↵Stefan Metzmacher1-4/+16
(bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-26s4-process_single: Use pid,task_id as cluster_id in process_single just like ↵Andrew Bartlett1-8/+13
process_prefork This avoids two different process single task servers (eg the drepl server) sharing the same server id. The task id starts at 2^31 to avoid collision with the fd based scheme for connections. Fix-bug: https://bugzilla.samba.org/show_bug.cgi?id=9598 Reported-by: Matthieu Patou <mat@matws.net> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Jan 26 16:13:05 CET 2013 on sn-devel-104
2013-01-26pymessaging: Pass around the server_id struct to python callbacks rather ↵Andrew Bartlett1-3/+13
than the tuple This is not used currently, but may avoid going to and from the python types when we do not need to. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-26pymessaging: Use correct unsigned types for server ID tuple elememntsAndrew Bartlett1-3/+3
This is needed if we start using the top bits of these values. Andrew Bartlett Reviewed-by: Matthieu Patou <mat@matws.net> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-26ldb: Ensure to decrement the transaction_active whenever we delete a transactionAndrew Bartlett4-1/+266
This is in the error path for prepare_commit, which rarely fails, but when it does we need to ensure that when a new transaction is opened, that it really starts a new transaction. We bump the version to recognise critical fix for the AD DC Without this fix, a single invalid inbound replicated link disables all subsequent replication as we operate without a transaction (which is refused by ldb_tdb). Andrew Bartlett Reviewed-by: Matthieu Patou <mat@matws.net> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-26ldb: fix a warning by converting from TDB_DATA to struct ldb_valStefan Metzmacher1-1/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-25Regression test for bug #9587 - archive flag is always set on directories.Jeremy Allison1-0/+186
Ensure we get the correct attributes on files and directories after a rename. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Fri Jan 25 13:42:40 CET 2013 on sn-devel-104
2013-01-25Fix bug #9587 - archive flag is always set on directories.Jeremy Allison1-1/+2
Creating a directory to a Samba share sets the attributes to 'D' only (correct) - only when creating a new file should the 'A' attribute be set. However, doing a rename of that directory sets the 'A' attribute in error. This should only be done on a file rename. smbclient regression test to follow. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-25bug9598: s4-process_single: Use pid,fd as cluster_id in process_single just ↵Andrew Bartlett1-3/+8
like process_prefork This avoids two different process single servers (say LDAP and the RPC server) sharing the same server id. Fix-bug: https://bugzilla.samba.org/show_bug.cgi?id=9598 Reported-by: Matthieu Patou <mat@matws.net> Reviewed-by: Matthieu Patou <mat@matws.net> Signed-off-by: Andrew Bartlett <abartlett@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jan 25 12:00:04 CET 2013 on sn-devel-104
2013-01-25Avoid a very small memleak on talloc_tos()Volker Lendecke1-4/+1
"fname" did leak on talloc_tos(). Not really a bad memleak, but as I just came across it I thought I might just fix it Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jan 25 00:54:01 CET 2013 on sn-devel-104
2013-01-24Fix bug #9572 - File corruption during SMB1 read by Mac OSX 10.8.2 clients.Jeremy Allison1-2/+30
Accept a large read if we told the client we have UNIX extensions and the client sent a non-zero upper 16-bit size. Do the non-zero upper 16-bit size check first to save a function call in what is a hot path. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jan 24 21:01:51 CET 2013 on sn-devel-104
2013-01-24Revert "s3:smbd: SMB ReadX with size > 0xffff should only possible for samba ↵Jeremy Allison1-10/+1
clients." Part of fix for bug #9572 - File corruption during SMB1 read by Mac OSX 10.8.2 clients This reverts commit f8c26c16b82989e002b839fc9eba6386fc036f6a. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>