summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-03-11Revert "Ensure the masks don't conflict with the ACL checks."Andrew Bartlett3-5/+3
This reverts commit 78594909b8b22bd07978922b1c85dfd6f6456963 which was needed by 7622aa16adeb00bf161a6dd07664c37125391272. This change masked bug #9462 which was fixed by 2013bb9b4dbed747921df2591068e2765428f57d. The issue was that the defaults for the substituted parameters did not match the old parameter. Changing the values in our test suite hid the issue, but did not fix the issue. (Additional change in the revert is to correct the expected ACL value in posixacl.py due to changed implied inherited permissions). Andrew Bartlett Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Mar 11 19:46:24 CET 2013 on sn-devel-104
2013-03-10smbd:posix_acls Remove incorrectly added lp_create_mask() and lp_dir_mask() ↵Andrew Bartlett1-17/+0
calls When 6adc7dad96b8c7366da042f0d93b28c1ecb092eb removed the calls to lp_security_mask/lp_force_security_mode/lp_dir_security_mask/lp_force_dir_security_mode these calls were replaced with lp_create_mask() and lp_dir_mask() The issue is that while lp_security_mask() and lp_dir_security_mask defaulted to 0777, the replacement calls did not. This changes behaviour, and incorrectly prevents a posix mode being specified by the client from being applied to the disk in the non-ACL enabled case. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-03-10param: Remove incorrectly added defaults in AD DC allowing WORLD WRITABLE filesAndrew Bartlett1-2/+0
These defaults were incorrectly added in fc5caffbc139d63cab1ec105884863f73772586f in what turns out to be an incorrect fix for bug #9462, which was in turn introduced by the swapping of security mask (default 0777) for create mask (0755) in 6adc7dad96b8c7366da042f0d93b28c1ecb092eb. While the permissions on sysvol and netlogon (the default shares) were fixed by provision, any additional shares that did not yet have an explit ACL set would create world-writable files by default. Administrators will need to manually correct the file permissions on any additional shares that were created after installation of the AD DC. Andrew Bartlett Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Mar 10 12:00:31 CET 2013 on sn-devel-104
2013-03-09Add testcase for idmap_rfc2307 moduleChristof Schmitt5-1/+185
Create a new test environment with 'idmap config DOMAIN : backend = rfc2307'. A new test script adds LDAP records and queries them again for the mapped uid and gid. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Mar 9 08:18:43 CET 2013 on sn-devel-104
2013-03-09packaging(RHEL-CTDB): Add idmap_rfc2307 moduleChristof Schmitt1-1/+1
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09s3-net: Allow setting the ldap password for idmap_rfc2307Christof Schmitt1-2/+4
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09s3-docs: Add manpage for idmap_rfc2307 moduleChristof Schmitt2-0/+166
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09s3-winbindd: Add new module idmap_rfc2307Christof Schmitt5-1/+886
This module allows querying id mappings from LDAP servers as described in RFC 2307. The LDAP records can be queried from an Active Directory Server or from a stand-alone LDAP server. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09s3-winbindd: Move connection to AD server from idmap_adChristof Schmitt3-62/+52
Having this in a common place allows reuse by other idmap modules. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09s3-winbindd: Use common helper function for connecting to ADSChristof Schmitt3-86/+87
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09s3-winbindd: Move code for verifying ADS connection to common helper functionChristof Schmitt3-45/+41
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09s3-winbindd: Move idmap_fetch_secret to idmap_utils.c for reuseChristof Schmitt3-24/+27
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09s3-winbindd: Move common code for LDAP id mapping to idmap_utilsChristof Schmitt4-83/+53
idmap_ad and idmap_ldap use the same helper functions and the same maximum query size. Move the code to idmap_utils so that it can be shared by every module issuing LDAP queries. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09s4-dns: dlz_bind9: Check result to avoid segfaultStefan Gohmann1-1/+1
We saw this issue in a customer environment with many CNF objects. I wasn't able to reproduce it, but I got the following core dump: (gdb) directory samba4-4.0.0~rc6/source4/dns_server/ Source directories searched: /root/samba4-4.0.0~rc6/source4/dns_server:$cdir:$cwd (gdb) bt #0 0xb4b0bc13 in dlz_lookup_types (state=0x9648e48, zone=0xb659b9a8 "xxxxxx.xxxxx.de", name=0xb659bda8 "client9173", lookup=0xb6db7588, types=0x0) at ../source4/dns_server/dlz_bind9.c:830 #1 0xb4b0bdb8 in dlz_lookup (zone=0xb659b9a8 "xxxxxx.xxxxx.de", name=0xb659bda8 "client9173", dbdata=0x9648e48, lookup=0xb6db7588) at ../source4/dns_server/dlz_bind9.c:875 #2 0x080b43d8 in dlopen_dlz_lookup () #3 0xb7701755 in findnode () from /usr/lib/libdns.so.81 #4 0xb7701d22 in find () from /usr/lib/libdns.so.81 #5 0xb7639e5f in dns_db_find () from /usr/lib/libdns.so.81 #6 0x08075476 in query_find () #7 0x0807acb9 in ns_query_start () #8 0x08060712 in client_request () #9 0xb743022b in run () from /usr/lib/libisc.so.81 #10 0xb7216955 in start_thread () from /lib/i686/cmov/libpthread.so.0 #11 0xb706c1de in clone () from /lib/i686/cmov/libc.so.6 (gdb) f 0 #0 0xb4b0bc13 in dlz_lookup_types (state=0x9648e48, zone=0xb659b9a8 "xxxxxx.xxxxx.de", name=0xb659bda8 "client9173", lookup=0xb6db7588, types=0x0) at ../source4/dns_server/dlz_bind9.c:830 830 el = ldb_msg_find_element(res->msgs[0], "dnsRecord"); (gdb) p res->msgs $1 = (struct ldb_message **) 0x0 (gdb) p res->count $2 = 0 (gdb) Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09doc: add vfs_btrfs man pageDavid Disseldorp2-0/+86
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-09s3-vfs: add vfs_btrfs moduleDavid Disseldorp5-0/+224
Currently it only plumbs itself into the copy_chunk call path, translating such requests into BTRFS_IOC_CLONE_RANGE calls. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-03-08Correct the name of the nss_winbind module for FreeBSD by creating a symlinkRichard Sharpe1-1/+1
from the FreeBSD required name to the built module. Signed-off-by: Timur Bakeyev <timur@FreeBSD.org> Reviewed-by: Andrew Bartlett <abartlett@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Fri Mar 8 05:04:04 CET 2013 on sn-devel-104
2013-03-08s3:idmap: fix a debug message and lower its levelMichael Adam1-1/+2
It is not an error to be logged at level 1 when a domain has no explicitly configured idmap backend. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Mar 8 03:16:54 CET 2013 on sn-devel-104
2013-03-07vfs_catia: add my copyrightGuenter Kukkukk1-0/+1
Signed-off-by: Guenter Kukkukk <kukks@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 7 22:24:47 CET 2013 on sn-devel-104
2013-03-07vfs_catia: add a sample for filename mapping to the manual pageGuenter Kukkukk1-3/+12
Signed-off-by: Guenter Kukkukk <kukks@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-03-07vfs_catia: fix the completely outdated manual pageGuenter Kukkukk1-2/+55
The complete rework around 3.5.0 was not even mentioned somewhere. (i was not able to find any info about that major change) Signed-off-by: Guenter Kukkukk <kukks@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-03-07vfs_catia: fix the translation to "vfs_translate_to_windows"Guenter Kukkukk1-4/+6
THANKS to an IRC user (Raimund ?) who asked for a char mapping possibility. I suggested vfs_catia - but it did not work! Hopefully now it will. :-) Signed-off-by: Guenter Kukkukk <kukks@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-03-07vfs_catia: add debug class for that moduleGuenter Kukkukk1-1/+23
Signed-off-by: Guenter Kukkukk <kukks@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-03-07docs: Add documentation for osName and osVerAndrew Bartlett1-1/+6
This was previously documented only in the online help. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 7 01:36:01 CET 2013 on sn-devel-104
2013-03-06net ads join: Add support for specifying the machine account passwordAndrew Bartlett2-1/+17
This allows a predictable password to be specified, just like --machinepass does on samba-tool domain join. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2013-03-06selftest: Fix specification of --machinepass to actually set a unique passwordAndrew Bartlett1-6/+6
Because perl does not assert on dereferencing an invalid hash key we did not notice that the passwords were being set to machine, not machineloCalMemberPass. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2013-03-06waf: add -fstack-protector to LDFLAGS if detected.Ira Cooper1-0/+1
If we compile with -fstack-protector, we should link with it. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Mar 6 04:06:04 CET 2013 on sn-devel-104
2013-03-06Documentation: Add a warning to "socket options"Scott Lovenberg1-0/+17
Add a warning to the "socket options" section of the smb.conf man page that changing socket options can be dangerous to performance. Hopefully this will cut down on users reporting poor performance after changing socket options. Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-03-06Make sure to set umask() before calling mkstemp().Andreas Schneider13-3/+71
Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Mar 6 01:16:34 CET 2013 on sn-devel-104
2013-03-05s4-libregistry: Improve NULL handling of name.Andreas Schneider1-3/+4
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-03-05dsdb: Check for pointers before we deference them.Andreas Schneider1-7/+7
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-03-05gensec: recv_handler can't be NULL at that point.Andreas Schneider1-1/+1
We probably want to segfault here if it is NULL. Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-03-05s4-libregistry: Fix path check and improve while loops.Andreas Schneider1-6/+6
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-03-05s4-libregistry: Make sure we don't dereference a NULL pointer.Andreas Schneider1-1/+3
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-03-05s4-client: Make sure entry is a valid string.Andreas Schneider1-2/+8
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-03-05winbind: Fix no memory check in _wbint_PingDc().Andreas Schneider1-1/+1
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-03-05krb5_wrap: Make sure we don't dereference a NULL pointer.Andreas Schneider1-1/+3
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-03-05s3-daemons: Set the comment field of the daemons.Andreas Schneider4-0/+19
PR_SET_NAME sets the comm field of a process. This way we can give processes a name and they are easier to identify. $ ps afx -o pid,comm 29447 smbd 29452 \_ epmd 29453 \_ lsasd-master 29455 | \_ lsasd-child 29457 | \_ lsasd-child 29459 | \_ lsasd-child 29461 | \_ lsasd-child 29463 | \_ lsasd-child 29454 \_ spoolssd-master 29456 \_ lpqd 29458 \_ spoolssd-child 29460 \_ spoolssd-child 29462 \_ spoolssd-child 29465 \_ spoolssd-child 29466 \_ spoolssd-child 29467 \_ spoolssd-child 29468 \_ spoolssd-child 29469 \_ spoolssd-child 29470 \_ spoolssd-child 29471 \_ spoolssd-child Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-03-05lib: Add prctl_set_comment to utils.Andreas Schneider4-2/+71
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-03-05waf: Correctly check for prctl in just one place.Andreas Schneider2-10/+15
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-03-05winbind: Fix samba3.winbind.struct test.Andreas Schneider1-1/+1
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-03-05winbind: Correctly use names in the domain struct.Andreas Schneider7-20/+52
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-03-05winbind: Use talloc for allocating domain, dns, forest and dc name.Andreas Schneider6-61/+142
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-03-05Fix the build: net_serverid.c has 3 wrong format strings for 64bit varsGuenter Kukkukk1-5/+7
On two of my opensuse machines i get 3 errors, e.g.: ../source3/utils/net_serverid.c:333:3: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 5 has type ‘uint64_t’ [-Werror=format] cc1: some warnings being treated as errors Signed-off-by: Guenter Kukkukk <kukks@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Mar 5 22:49:03 CET 2013 on sn-devel-104
2013-03-05s3:lib/charcnv fix typo in pull_ascii_base_talloc()Ralph Wuerthner1-1/+1
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com> Reviewed-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Tue Mar 5 15:56:56 CET 2013 on sn-devel-104
2013-03-05s3:libnet increase timeout for machine password changeChristian Ambach1-0/+9
DCs might run password filter modules that can delay the setting of the machine password for a significant amount of time use the same timeout as in the other paths of domain join (e.g. rpccli_netlogon_set_trust_password) Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-03-05tdb: Slightly simplify tdb_expand_fileVolker Lendecke1-2/+4
The "else" keywords are not necessary here, we return in the preceding if clause Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Mar 5 14:00:47 CET 2013 on sn-devel-104
2013-03-04tsocket_bsd: Attempt to increase the SO_SNDBUF if we get EMSGSIZE in sendto()Andrew Bartlett1-0/+26
This matches what was done for lib/socket/socket_unix.c in c692bb02b039ae8fef6ba968fd13b36ad7d62a72. (and is based on that patch by Landon Fuller <landonf@bikemonkey.org>) Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Mar 4 11:15:35 CET 2013 on sn-devel-104
2013-03-04s4-lib/socket: Return the original EMSGSIZE when sendto() and setsockopt() ↵Andrew Bartlett1-1/+1
both fail This ensures that should we be unable to increase the socket size, we return an error that the application layer above might expect and be able to make as reasonable response to (such as switching to a stream-based transport). This fixes up c692bb02b039ae8fef6ba968fd13b36ad7d62a72. As suggested by metze in https://bugzilla.samba.org/show_bug.cgi?id=9697#c4 Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04selftest: Remove output directories to save disk spaceAndrew Bartlett2-7/+23
Reviewed-by: Stefan Metzmacher <metze@samba.org>