Age | Commit message (Collapse) | Author | Files | Lines |
|
calls
When 6adc7dad96b8c7366da042f0d93b28c1ecb092eb removed the calls to
lp_security_mask/lp_force_security_mode/lp_dir_security_mask/lp_force_dir_security_mode
these calls were replaced with lp_create_mask() and lp_dir_mask()
The issue is that while lp_security_mask() and lp_dir_security_mask defaulted to
0777, the replacement calls did not. This changes behaviour, and incorrectly
prevents a posix mode being specified by the client from being applied to
the disk in the non-ACL enabled case.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
These defaults were incorrectly added in
fc5caffbc139d63cab1ec105884863f73772586f in what turns out to be an
incorrect fix for bug #9462, which was in turn introduced by the
swapping of security mask (default 0777) for create mask (0755) in
6adc7dad96b8c7366da042f0d93b28c1ecb092eb.
While the permissions on sysvol and netlogon (the default shares) were
fixed by provision, any additional shares that did not yet have an
explit ACL set would create world-writable files by default.
Administrators will need to manually correct the file permissions on
any additional shares that were created after installation of the AD
DC.
Andrew Bartlett
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Mar 10 12:00:31 CET 2013 on sn-devel-104
|
|
Create a new test environment with 'idmap config DOMAIN : backend =
rfc2307'. A new test script adds LDAP records and queries them again for
the mapped uid and gid.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar 9 08:18:43 CET 2013 on sn-devel-104
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
This module allows querying id mappings from LDAP servers as described
in RFC 2307. The LDAP records can be queried from an Active Directory
Server or from a stand-alone LDAP server.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Having this in a common place allows reuse by other idmap modules.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
idmap_ad and idmap_ldap use the same helper functions and the same
maximum query size. Move the code to idmap_utils so that it can be
shared by every module issuing LDAP queries.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
We saw this issue in a customer environment with many CNF objects. I
wasn't able to reproduce it, but I got the following core dump:
(gdb) directory samba4-4.0.0~rc6/source4/dns_server/
Source directories searched: /root/samba4-4.0.0~rc6/source4/dns_server:$cdir:$cwd
(gdb) bt
#0 0xb4b0bc13 in dlz_lookup_types (state=0x9648e48, zone=0xb659b9a8 "xxxxxx.xxxxx.de", name=0xb659bda8 "client9173", lookup=0xb6db7588, types=0x0) at ../source4/dns_server/dlz_bind9.c:830
#1 0xb4b0bdb8 in dlz_lookup (zone=0xb659b9a8 "xxxxxx.xxxxx.de", name=0xb659bda8 "client9173", dbdata=0x9648e48, lookup=0xb6db7588) at ../source4/dns_server/dlz_bind9.c:875
#2 0x080b43d8 in dlopen_dlz_lookup ()
#3 0xb7701755 in findnode () from /usr/lib/libdns.so.81
#4 0xb7701d22 in find () from /usr/lib/libdns.so.81
#5 0xb7639e5f in dns_db_find () from /usr/lib/libdns.so.81
#6 0x08075476 in query_find ()
#7 0x0807acb9 in ns_query_start ()
#8 0x08060712 in client_request ()
#9 0xb743022b in run () from /usr/lib/libisc.so.81
#10 0xb7216955 in start_thread () from /lib/i686/cmov/libpthread.so.0
#11 0xb706c1de in clone () from /lib/i686/cmov/libc.so.6
(gdb) f 0
#0 0xb4b0bc13 in dlz_lookup_types (state=0x9648e48, zone=0xb659b9a8 "xxxxxx.xxxxx.de", name=0xb659bda8 "client9173", lookup=0xb6db7588, types=0x0) at ../source4/dns_server/dlz_bind9.c:830
830 el = ldb_msg_find_element(res->msgs[0], "dnsRecord");
(gdb) p res->msgs
$1 = (struct ldb_message **) 0x0
(gdb) p res->count
$2 = 0
(gdb)
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Currently it only plumbs itself into the copy_chunk call path,
translating such requests into BTRFS_IOC_CLONE_RANGE calls.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
from the FreeBSD required name to the built module.
Signed-off-by: Timur Bakeyev <timur@FreeBSD.org>
Reviewed-by: Andrew Bartlett <abartlett@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Fri Mar 8 05:04:04 CET 2013 on sn-devel-104
|
|
It is not an error to be logged at level 1 when a
domain has no explicitly configured idmap backend.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 8 03:16:54 CET 2013 on sn-devel-104
|
|
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 7 22:24:47 CET 2013 on sn-devel-104
|
|
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
The complete rework around 3.5.0 was not even mentioned somewhere.
(i was not able to find any info about that major change)
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
THANKS to an IRC user (Raimund ?) who asked for a char mapping possibility.
I suggested vfs_catia - but it did not work!
Hopefully now it will. :-)
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
This was previously documented only in the online help.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 7 01:36:01 CET 2013 on sn-devel-104
|
|
This allows a predictable password to be specified, just like --machinepass does on samba-tool domain join.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Because perl does not assert on dereferencing an invalid hash key
we did not notice that the passwords were being set to machine, not
machineloCalMemberPass.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
If we compile with -fstack-protector, we should link
with it.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 6 04:06:04 CET 2013 on sn-devel-104
|
|
Add a warning to the "socket options" section of the
smb.conf man page that changing socket options can be
dangerous to performance. Hopefully this will cut down on
users reporting poor performance after changing socket
options.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Mar 6 01:16:34 CET 2013 on sn-devel-104
|
|
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
We probably want to segfault here if it is NULL.
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
PR_SET_NAME sets the comm field of a process. This way we can give
processes a name and they are easier to identify.
$ ps afx -o pid,comm
29447 smbd
29452 \_ epmd
29453 \_ lsasd-master
29455 | \_ lsasd-child
29457 | \_ lsasd-child
29459 | \_ lsasd-child
29461 | \_ lsasd-child
29463 | \_ lsasd-child
29454 \_ spoolssd-master
29456 \_ lpqd
29458 \_ spoolssd-child
29460 \_ spoolssd-child
29462 \_ spoolssd-child
29465 \_ spoolssd-child
29466 \_ spoolssd-child
29467 \_ spoolssd-child
29468 \_ spoolssd-child
29469 \_ spoolssd-child
29470 \_ spoolssd-child
29471 \_ spoolssd-child
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
Reviewed-by: David Disseldorp <ddiss@samba.org>
|
|
On two of my opensuse machines i get 3 errors, e.g.:
../source3/utils/net_serverid.c:333:3: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 5 has type ‘uint64_t’ [-Werror=format]
cc1: some warnings being treated as errors
Signed-off-by: Guenter Kukkukk <kukks@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 5 22:49:03 CET 2013 on sn-devel-104
|
|
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Tue Mar 5 15:56:56 CET 2013 on sn-devel-104
|
|
DCs might run password filter modules that can delay the setting of
the machine password for a significant amount of time
use the same timeout as in the other paths of domain join
(e.g. rpccli_netlogon_set_trust_password)
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
The "else" keywords are not necessary here, we return in the preceding
if clause
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Mar 5 14:00:47 CET 2013 on sn-devel-104
|
|
This matches what was done for lib/socket/socket_unix.c in
c692bb02b039ae8fef6ba968fd13b36ad7d62a72.
(and is based on that patch by Landon Fuller <landonf@bikemonkey.org>)
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Mar 4 11:15:35 CET 2013 on sn-devel-104
|
|
both fail
This ensures that should we be unable to increase the socket size, we return an
error that the application layer above might expect and be able to make
as reasonable response to (such as switching to a stream-based transport).
This fixes up c692bb02b039ae8fef6ba968fd13b36ad7d62a72.
As suggested by metze in https://bugzilla.samba.org/show_bug.cgi?id=9697#c4
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
SD propogation is handled by an LDB module, we do not need to touch each
and every DN to make it happen.
Now that we do not need to put this via a hash, the dnToRecalculate
list is changed to be a list of Dn objects, not strings so that:
if dn in listWellknown
is handled using a schema comparison (avoiding different case forms
tripping it up).
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|