summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-10-29s4: dsdb/rootdse/netlogon: Put dn into talloc tree of msgnetlogon-5Benjamin Franzke1-1/+1
Currently this is put into tmp_ctx, which is freed after calling ldb_module_send_entry. ldb_module_send_entry steals the msg talloc tree to be used later, so dn has to be part of msg's talloc tree, to be available then. This patch is to be squashed into "s4:dsdb/rootdse: Support netlogonrequest"
2013-10-29s4: torture/ldap: Add test for netlogon over tcpBenjamin Franzke4-330/+488
This patch moves the udp netlogon tests from cldap.c to netlogon.c and passes a generic netlogon-send function as parameter. Therefore a tcp replacement for cldap_netlogon is also added. The two variants tcp and udp are added as 2 new torture tests: ldap.netlogon-udp & ldap.netlogon-tcp Both tests succeed. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-29libcli/cldap: Add utility to create netlogon filterBenjamin Franzke2-40/+52
This utility is splitted of from cldap_netlogon_send. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-29rootdse/netlogon: Pass client ip addressBenjamin Franzke2-1/+10
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-29s4:dsdb/rootdse: Support netlogon requestBenjamin Franzke2-1/+91
This patch adds support for a netlogon ldap style request over the tcp socket. This is available since win2k3+ [1]. The automatic client join & configuration daemon "realmd" makes use of this ability. Realmd can now be used to join a computer to a samba 4 domain. (See also: https://lists.samba.org/archive/samba-technical/2013-October/095606.html) Tested with: ldapsearch -h samba-srv -x -b '' -s base "(&(NtVer=\06\00\00\00)(AAC=\00\00\00\00))" NetLogon And compared the result in wireshark with cldap request issued by examples/misc/cldap.pl. [1]: http://wiki.wireshark.org/MS-CLDAP?action=recall&rev=8 Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-29cldap: Move netlogon parsing into utility functionBenjamin Franzke2-34/+73
To be used later by netlogon-request over ldap. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-29provision: Fix string replacement orderingBenjamin Franzke1-1/+1
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-28rpc_server: Fix a memleak on error exitHEADmasterVolker Lendecke1-0/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Oct 28 10:20:35 CET 2013 on sn-devel-104
2013-10-28rpc_server: Remove rpc_ep_register_state->mem_ctxVolker Lendecke1-15/+5
We can use the state directly as a parent Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-10-28rpc_server: Fix some uses of tevent_req_nomemVolker Lendecke1-4/+4
tevent_req_nomem is to be used in a sequence of async actions where we have one main request. This is a completely independent loop without one central tevent_req. tevent_req_nomem is used as a simple way to signal an out of memory condition to the main request representing the async sequence. If we don't have such a tevent_req, we need to directly check for NULL. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-10-28rpc_server: fix a typoVolker Lendecke1-7/+7
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-10-27auth-kerberos: add the credentials.h so that enum credentials_obtained is ↵Matthieu Patou1-0/+1
defined We had a warning about the enum being defined in the parameter list: warning: ‘enum credentials_obtained’ declared inside parameter list Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Sun Oct 27 02:25:47 CET 2013 on sn-devel-104
2013-10-26librpc-idl: replace int32 by uint32 as the values are always > 0Stefan Metzmacher1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-26librpc-idl: replace int32 by the enumeration as it's the type that we use in ↵Matthieu Patou1-10/+10
union's switch drsuapi_DsGetDCInfoCtrLevels Signed-off-by: Matthieu Patou <mat@matws.net> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-25torture: add FSCTL_SRV_COPYCHUNK_WRITE access testDavid Disseldorp1-2/+51
Check that FSCTL_SRV_COPYCHUNK_WRITE succeeds when the copy-chunk target is opened with SEC_RIGHTS_FILE_WRITE only. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Oct 25 22:48:59 CEST 2013 on sn-devel-104
2013-10-25smb2_ioctl: add support for FSCTL_SRV_COPYCHUNK_WRITEDavid Disseldorp1-10/+34
FSCTL_SRV_COPYCHUNK can only be used when the client has the copy-chunk target file open with FILE_WRITE_DATA and FILE_READ_DATA. FSCTL_SRV_COPYCHUNK_WRITE requires only FILE_WRITE_DATA access on the target, and is therefore suitable for cp --reflink, which opens the target file O_WRONLY. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-25Revert "smbd: Move oplock/sharemode ops into one place"Volker Lendecke1-3/+10
This reverts commit 7b70fa18734d9ceb020fe3e5d4cc0c26cd27a484. This is a change in behaviour which needs much further investigation and testing. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Fri Oct 25 14:22:20 CEST 2013 on sn-devel-104
2013-10-25Revert "smbd: Move oplock handling together"Volker Lendecke1-7/+7
This reverts commit e689b7d51e6ffd848ab10e160dca2c3a03fc750b. This is a change in behaviour which needs much further investigation and testing. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-10-25waf: parse LDFLAGS from pythonSteven Siloti1-1/+2
The LDFLAGS returned by get_python_variables may contain additional library search paths. These need to be parsed out and placed in LIBPATH to maintain correct ordering of search paths in the final link flags. Specifically, appending LDFLAGS directly to LINKFLAGS on my system was causing /usr/lib to be the first search path specified. This lead to linking against installed libraries rather than the versions from the current build. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Oct 25 02:48:35 CEST 2013 on sn-devel-104
2013-10-25build: fix ordering problems with lib-provided and internal RPATHsMichael Adam1-0/+13
When a library or system (like cups) provides an RPATH, e.g. with -Wl,-R or -Wl,-rpath, this was added by waf to the LINKFLAGS, wich was later prepended to our RPATH. But if the path by chance contains an older version of one of our internal libraries like talloc, this would lead to linking the too old talloc into our binaries. This has been observed on, e.g., FreeBSD, but it is a general problem. This patch fixes the problem by specially parsing the RPATH linker options from the pkg-config(, cups-config, ....) output and putting the paths into the RPATH_<lib> container, which is then later correctly appended to our internal RPATH. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-25s4-dns: dlz_bind9: Create dns-HOSTNAME account disabledSamuel Cabrero1-4/+7
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Oct 25 00:39:21 CEST 2013 on sn-devel-104
2013-10-25s4-openldap: Fixed a problem with provisioning with OpenLdapNadezhda Ivanova1-1/+1
Credentials are no longer used and there were too many arguments to the constructor Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-25s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_dsNadezhda Ivanova3-9/+35
Restore and backup privileges are not relevant to ldap access checks, and the TakeOwnership privilege should grant write_owner right Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-24torture: Add smb2.oplock.levelII501 testVolker Lendecke2-1/+258
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Thu Oct 24 16:15:50 CEST 2013 on sn-devel-104
2013-10-24smbd: Move oplock handling togetherVolker Lendecke1-7/+7
Later on we will have all the oplock/sharemode operations in one routine. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-10-24smbd: Move oplock/sharemode ops into one placeVolker Lendecke1-10/+3
This makes the is_stat_open special case in grant_fsp_oplock_type redundant because in open_file_ntcreate further up we have already set oplock_request to NO_OPLOCK for stat opens. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-10-24smbd: Remove separate oplock_type parameter from set_file_oplockVolker Lendecke4-7/+6
This avoids the question where it could happen that something else but fsp->oplock_type might be useful as an argument here. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-10-24smbd: Unify parameters to set_oplock_typeVolker Lendecke1-1/+1
Some lines above we set fsp->oplock_type = e->op_type. I don't see how this might have changed. This change will unify both callers of set_file_oplock. In the next step the second parameter to set_file_oplock will be removed. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-10-24smbd: Make release_file_oplock staticVolker Lendecke2-2/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-10-24smbd: Use remove_oplock() in close_normal_fileVolker Lendecke1-1/+1
remove_oplock is a wrapper around release_file_oplock. This streamlines the exports of oplock.c a bit. Reason for this patch: In a later patch I will add functionality to remove_oplock that is required in close_normal_file as well. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-10-24Fix comment showing how to print an ACL to allow debug.Jeremy Allison1-2/+4
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-10-24Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a ↵Jeremy Allison1-44/+116
group. Fix posix_acl tests to match the change in writing ACLs with ID_TYPE_BOTH. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-10-24Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a ↵Jeremy Allison1-38/+41
group. When the ID returned is ID_TYPE_BOTH we must *always* add it as both a user and a group, not just in the owning case. Otherwise DENY entries are not correctly processed. Confirmed by the reporter as fixing the problem. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10196 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-10-23torture: Extend the raw.oplock.level_ii_1 testVolker Lendecke1-0/+14
smbd broke to none twice. Make sure this won't happen again :-) This used to happen before the MSG_SMB_BREAK_RESPONSE merge. In process_oplock_break_message we did not call remove_oplock, which would have prevented this. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Oct 23 14:06:13 CEST 2013 on sn-devel-104
2013-10-23smbd: Remove MSG_SMB_ASYNC_LEVEL2_BREAKVolker Lendecke2-85/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23smbd: Use MSG_SMB_BREAK_REQUEST for async l2 breaksVolker Lendecke1-2/+10
Now that we transmit the level we want to break to via the msg.op_type we can unify MSG_SMB_BREAK_REQUEST and MSG_SMB_ASYNC_LEVEL2_BREAK and thus simplify the code a bit. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23smbd: Fix breaking level2 on OVERWRITE create_dispositionVolker Lendecke2-1/+11
This is shown by the new raw.oplock.level_ii_1 test Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23torture: Add a test showing we have to break L2 at open timeVolker Lendecke2-0/+107
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23smbd: Fix raw.batch.exclusive[59]Volker Lendecke3-13/+29
The level we have to break to depend on the breakers create_disposition: If we overwrite, we have to break to none. This patch overloads the "op_type" field in the break message we send across to the smbd holding the oplock with the oplock level we want to break to. Because it depends on the create_disposition in the breaking open, only the breaker can make that decision. We might want to use a different mechanism for this in the future, but for now using the op_type field seems acceptable to me. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23smbd: Remove unused "mid" from delay_for_oplockVolker Lendecke1-3/+2
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23smbd: Don't send op_mid in a BREAK messageVolker Lendecke1-5/+3
The callee doesn't use this anyway Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23smbd: Simplify send_break_messageVolker Lendecke1-4/+4
We don't need an fsp here Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23smbd: Remove unused "oplock_request" arg from send_break_messageVolker Lendecke1-5/+4
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23torture: Add oplock break to l2/none testsVolker Lendecke3-0/+183
The level we have to break to depends on the create disposition of the second opener. If it's overwriting, break to none. If it's not, break to level2. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23torture: Check break level in raw.oplock.exclusive5Volker Lendecke2-0/+3
This is what Windows does in this case, we don't survive that. We break to LEVEL2 here. Fixes and more precise test to follow. We don't survive this anymore. Re-enable later. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23smbd: validate oplock types even for internal and stat opensVolker Lendecke1-18/+3
There's no reason why we should not do this. This has turned into a pure internal consistency check that should apply fine every time. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23torture: Add reproducer for bug 10216Volker Lendecke1-0/+12
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23smbd: Fix bug 10216Volker Lendecke1-4/+28
While refactoring find_oplock_types to validate_oplock_types I forgot that stat opens will end up in locking.tdb. So even with a batch oplock around we can have more than one entry. This means the consistency check in validate_oplock_types was wrong and too strict. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-22ldb: Fix CID 240798 Uninitialized pointer readVolker Lendecke1-1/+1
Not called right now, because nobody tries multiple sort attributes. But if someone did, build_response would have looked at the uninitialized controls. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Oct 22 03:28:20 CEST 2013 on sn-devel-104
2013-10-21winbind3: Fix CID 241468 Resource leakVolker Lendecke1-0/+1
We were leaking centry in this error case Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>