summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-10-08s4:samba-tool: allow 'samba-tool --version'Stefan Metzmacher1-0/+6
metze
2012-10-08s4:samba-tool: use normal option parsing in SuperCommandStefan Metzmacher1-10/+13
We use the epilog to print the subcommands. metze
2012-10-08s4:samba-tool: add optional epilog to _create_parser()Stefan Metzmacher1-2/+7
metze
2012-10-08s3fs-printing: Fix RAW printing for normal users.Andreas Schneider1-1/+1
This fixes bug #8769. Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Oct 8 16:11:51 CEST 2012 on sn-devel-104
2012-10-08samba-tool: Unify usage messages.Karolin Seeger13-60/+60
Karolin Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Mon Oct 8 14:26:52 CEST 2012 on sn-devel-104
2012-10-08docs: Add man 8 samba-tool.Karolin Seeger1-0/+613
Addresses bug #8802 - Create missing manpages for new binaries. Please note that it's a very basic version. Please feel free to extend. Karolin
2012-10-08samba-tool: Clarify usage of --help.Karolin Seeger1-1/+1
Karolin
2012-10-08docs: fix opening and ending tag mismatch: paraBjörn Baumbach1-4/+4
in forcedirectorysecuritymode.xml.
2012-10-08docs: fix opening and ending tag mismatch: paraBjörn Baumbach1-4/+4
in directorysecuritymask.xml.
2012-10-08samba-tool: Fix typo in usage.Karolin Seeger1-1/+1
Karolin
2012-10-08s4-dns: fix a warningMatthieu Patou1-2/+1
Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Mon Oct 8 10:45:41 CEST 2012 on sn-devel-104
2012-10-07s4-dns: Ignore zones that shouldn't be returned currentlyMatthieu Patou1-1/+7
RootDNSServers should never be returned (Windows DNS server don't) ..TrustAnchors should never be returned as is, (Windows returns TrustAnchors) and for the moment we don't support DNSSEC so we'd better not return this zone.
2012-10-07s4-join: factorize code, add infoMatthieu Patou1-5/+9
2012-10-07s4-join: add some documentationMatthieu Patou1-1/+11
2012-10-07s4-repl: make dreplsrv_partition_find_for_nc return BAD_NC onlyMatthieu Patou1-2/+7
2012-10-07drsuapi: Validate the input parameters for the drsuapi_UpdateRefs functionMatthieu Patou1-0/+16
2012-10-07drsuapi: check more carefully the validity of the NCMatthieu Patou1-4/+11
Check that both the GUID and DN are the GUID/DN of a NC if not return WERR_DS_DRA_BAD_NC
2012-10-07drsuapi-idl: Fix the encoding of the source_dsa_dnsMatthieu Patou1-1/+1
astring is not aligned and is not conformant
2012-10-07drs-replica-info: level_not_supported is wrong when we do support (partialy ↵Matthieu Patou1-9/+13
the level)
2012-10-07lib-addns: ensure that allocated buffer are pre set to 0Matthieu Patou1-12/+12
It avoid bugs when one of the buffer is supposed to contain a string that is not null terminated (ie. label->label) and that we don't force the last byte to 0.
2012-10-07ldap-server: sscanf result was never used to mistyped varMatthieu Patou1-2/+1
2012-10-07ldap-server: remove warning for the ret not being usedMatthieu Patou1-2/+1
2012-10-07s4-drs: fix the logic to allow REPL_SECRET if the account has GET_ALL_CHANGESMatthieu Patou1-0/+24
2012-10-07s4-drs: EXOP_REPL_SECRETS can be called by RW DC as wellMatthieu Patou1-7/+15
2012-10-07drs-getncchanges: do not set the highestUsn to 0Matthieu Patou1-1/+0
Paragraph 4.1.10.5 says that if err = 0 then msgOut.pNC := msgIn.pNC msgOut.usnvecFrom := msgIn.usnvecFrom so no need to set the highestUsn to 0
2012-10-07kcc: return invalid parameter if the taskId is not 0Matthieu Patou1-1/+3
2012-10-07drs-crackname: if there is no sid do not return the domainMatthieu Patou1-0/+2
2012-10-07devel-crackname: Print if count > 0Matthieu Patou1-2/+5
2012-10-07Implement the LIST_INFO_FOR_SERVER input formatMatthieu Patou2-1/+109
2012-10-07getdcinfo: Check that the server object has a serverreference objects ↵Matthieu Patou1-2/+4
pointing to a DC object The problem was found by the DRSR testsuite where server objects were created in the Site container without serverrefrence attribute triggering error in the testsuite.
2012-10-08ntdb: remove unused local variable.Rusty Russell1-2/+0
Reported-by: Matthieu Patou <mat@samba.org> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date(master): Mon Oct 8 04:43:37 CEST 2012 on sn-devel-104
2012-10-06s3: Add two tests a CLEAR_IF_FIRST crashVolker Lendecke1-0/+56
Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Sat Oct 6 17:16:39 CEST 2012 on sn-devel-104
2012-10-06tdb: Make tdb robust against improper CLEAR_IF_FIRST restartVolker Lendecke1-4/+28
When winbind is restarted, there is a potential crash in tdb. Following situation: We are in a cluster with ctdb. A winbind child hangs in a request to the DC. Cluster monitoring decides the node has a problem. Cluster monitoring decides to kill ctdbd. winbind child still hangs in a RPC request. winbind parent figures that ctdb is dead and immediately commits suicide. winbind parent is restarted by cluster management, overwriting gencache.tdb with CLEAR_IF_FIRST. The CLEAR_IF_FIRST logic as implemented now will not see that a child still has the tdb open, only the parent holds the ACTIVE_LOCK due to performance reasons. During the CLEAR_IF_FIRST logic is done, there is a very small window where we ftruncate(tfd, 0) the file and re-write a proper header without a lock. When during this small window the winbind child comes back, wanting to store something into gencache.tdb, that winbind child will crash with a SIGBUS. Sounds unlikely? See: [2012/09/29 07:02:31.871607, 0] lib/util.c:1183(smb_panic) PANIC (pid 1814517): internal error [2012/09/29 07:02:31.877596, 0] lib/util.c:1287(log_stack_trace) BACKTRACE: 35 stack frames: #0 winbindd(log_stack_trace+0x1a) [0x7feb7d4ca18a] #1 winbindd(smb_panic+0x2b) [0x7feb7d4ca25b] #2 winbindd(+0x1a3cc4) [0x7feb7d4bacc4] #3 /lib64/libc.so.6(+0x32900) [0x7feb7a929900] #4 /lib64/libc.so.6(memcpy+0x35) [0x7feb7a97f355] #5 /usr/lib64/libtdb.so.1(+0x6e76) [0x7feb7b0b0e76] #6 /usr/lib64/libtdb.so.1(+0x3d37) [0x7feb7b0add37] #7 /usr/lib64/libtdb.so.1(+0x863d) [0x7feb7b0b263d] #8 /usr/lib64/libtdb.so.1(+0x8700) [0x7feb7b0b2700] #9 /usr/lib64/libtdb.so.1(+0x2505) [0x7feb7b0ac505] #10 /usr/lib64/libtdb.so.1(+0x25b7) [0x7feb7b0ac5b7] #11 /usr/lib64/libtdb.so.1(tdb_fetch+0x13) [0x7feb7b0ac633] #12 winbindd(gencache_set_data_blob+0x259) [0x7feb7d4d8449] #13 winbindd(gencache_set+0x53) [0x7feb7d4d85b3] #14 winbindd(gencache_del+0x5e) [0x7feb7d4d879e] #15 winbindd(saf_delete+0x93) [0x7feb7d54b693] #16 winbindd(+0xe507e) [0x7feb7d3fc07e] #17 winbindd(+0xe85e5) [0x7feb7d3ff5e5] #18 winbindd(+0xe65be) [0x7feb7d3fd5be] #19 winbindd(+0xe7562) [0x7feb7d3fe562] #20 winbindd(init_dc_connection+0x2e) [0x7feb7d3fe5be] #21 winbindd(+0xe75d9) [0x7feb7d3fe5d9] #22 winbindd(cm_connect_netlogon+0x58) [0x7feb7d3fe658] #23 winbindd(_wbint_PingDc+0x61) [0x7feb7d410991] #24 winbindd(+0x103175) [0x7feb7d41a175] #25 winbindd(winbindd_dual_ndrcmd+0xb7) [0x7feb7d4107d7] #26 winbindd(+0xf8609) [0x7feb7d40f609] #27 winbindd(+0xf9075) [0x7feb7d410075] #28 winbindd(tevent_common_loop_immediate+0xe8) [0x7feb7d4db198] #29 winbindd(run_events_poll+0x3c) [0x7feb7d4d93fc] #30 winbindd(+0x1c2b52) [0x7feb7d4d9b52] #31 winbindd(_tevent_loop_once+0x90) [0x7feb7d4d9f60] #32 winbindd(main+0x7b3) [0x7feb7d3e7aa3] #33 /lib64/libc.so.6(__libc_start_main+0xfd) [0x7feb7a915cdd] #34 winbindd(+0xce2a9) [0x7feb7d3e52a9] This is in a winbind child, logfiles surrounding indicate the parent was restarted. This patch takes all chain locks around the CLEAR_IF_FIRST introduced tdb_new_database.
2012-10-06tdb: Make robust against shrinking tdbsRusty Russell1-12/+20
When probing for a size change (eg. just before tdb_expand, tdb_check, tdb_rescue) we call tdb_oob(tdb, tdb->map_size, 1, 1). Unfortunately this does nothing if the tdb has actually shrunk, which as Volker demonstrated, can actually happen if a "longlived" parent crashes. So move the map/update size/remap before the limit check. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-10-06We should never just assign an st_mode to an ace->perms field, theoreticallyJeremy Allison1-2/+2
they are different so should go through a mapping function. Ensure this is so. Practically this does not matter, as for user permissions the mapping function is an identity, and the extra bits we may add are ignored anyway, but this makes the intent clear. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Oct 6 03:04:14 CEST 2012 on sn-devel-104
2012-10-05Modify ensure_canon_entry_valid() into ensure_canon_entry_valid_on_set() - ↵Jeremy Allison1-154/+141
makes the logic clearer.
2012-10-05Simplify ensure_canon_entry_valid by splitting out the _get codepath.Jeremy Allison1-3/+86
2012-10-05talloc: Convert error cecking macros into fnsSimo Sorce1-37/+74
This will avoid 'surprise returns' and makes the code cleare to readers. These macros were complex enough to warrant a full function anyway not just for readability but also for debuggability. Thanks David for pointing out this issue. Autobuild-User(master): Simo Sorce <idra@samba.org> Autobuild-Date(master): Fri Oct 5 23:24:17 CEST 2012 on sn-devel-104
2012-10-05Add tests for talloc_memlimitSimo Sorce1-0/+172
Autobuild-User(master): Simo Sorce <idra@samba.org> Autobuild-Date(master): Fri Oct 5 07:36:38 CEST 2012 on sn-devel-104
2012-10-05Add memory limiting capability to tallocSimo Sorce5-40/+327
By calling talloc_set_memlimit() we can now set a max memory limit for a whole talloc hierarchy. ANy attempt to allocate memory beyond the max allowed for the whole hierarchy wil cause an allocation failure. Stealing memory correctly accounts for used memory in the old and the new hierarchy but exceeding the memory limit in the new parent will not cause a failure.
2012-10-05Ensure the masks don't conflict with the ACL checks.Jeremy Allison2-2/+4
Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Oct 5 00:36:40 CEST 2012 on sn-devel-104
2012-10-04Update WHATSNEW.txt with removed parameters.Jeremy Allison1-0/+4
2012-10-04Remove the parameters:Jeremy Allison13-185/+33
security mask force security mode directory security mask force directory security mode and update the docs.
2012-10-04Remove all uses of ↵Jeremy Allison2-20/+10
lp_security_mask/lp_force_security_mode/lp_dir_security_mask/lp_force_dir_security_mode and replace with the normal masks. Now these parameters can be removed.
2012-10-04Revert "Add functions to programatically set the security mask and directory ↵Jeremy Allison2-16/+0
security mask parameters." This reverts commit 8f0ecbbbeebff0174579a78827d384067cd4cbb7. Not now needed as part of the move to remove security mask parameters.
2012-10-04Revert "When creating a new file/directory, we need to obey the create ↵Jeremy Allison1-15/+0
mask/directory mask parameters." This reverts commit c251a6b0442abc13bc8be4ff8de324c1d7706a78. Remove this as we're planning to remove the security mask, directory security mask parameters and only use create mask/directory mask.
2012-10-04html docs: Remove link to Using Samba.Karolin Seeger1-4/+0
Thanks to Christian Perrier <bubulle@debian.org> for reporting! Fix bug #7826 - HTML docs index file still points to Using Samba. Karolin Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Thu Oct 4 13:48:00 CEST 2012 on sn-devel-104
2012-10-04docs: Remove duplicate synonym min protocol.Karolin Seeger1-1/+0
Karolin
2012-10-04s3fs-smbd: Make sure the registry is set up before we init printing.Andreas Schneider1-4/+4
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Oct 4 12:06:29 CEST 2012 on sn-devel-104
2012-10-04waf: Build pam_smbpass module only if enabled.Andreas Schneider2-1/+5