Age | Commit message (Collapse) | Author | Files | Lines |
|
Currently when "default devmode" is explicitly disabled, and a printer
is added with a null device mode, spoolssd crashes in copy_devicemode().
Both construct_printer_info2() and construct_printer_info8() code paths
currently unconditionally attempt to copy a printers device mode,
without checking whether one is present.
This change fixes this regression such that construct_printer_info*()
functions check for a null device mode before copying.
https://bugzilla.samba.org/show_bug.cgi?id=9433
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 29 13:03:05 CET 2012 on sn-devel-104
|
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
As this is a burst of 3 unbound sockets with each try to reach a DC
we're running out of file descriptors pretty fast. So winbind is then
mostly spinning in an accept loop failing with EMFILE.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Autobuild-User(master): Jim McDonough <jmcd@samba.org>
Autobuild-Date(master): Wed Nov 28 17:17:21 CET 2012 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Nov 28 14:06:27 CET 2012 on sn-devel-104
|
|
TALLOC_FREE() could overwrite errno.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
This should fix the build.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
We are doing CLEAR_IF_FIRST here, and we are doing the transactions only to
protect gencache_stabilize against concurrent writers. tdb's transaction.c
says:
- if TDB_NOSYNC is passed to flags in tdb_open then transactions are
still available, but no fsync/msync calls are made. This means we
are still proof against a process dying during transaction commit,
but not against machine reboot.
For gencache_notrans.tdb this is exactly what we want and avoids some expensive
disk syncs.
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 28 03:13:56 CET 2012 on sn-devel-104
|
|
Commits are expensive, and in some scenarios we are overwriting existing values
again and again.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 27 01:20:24 CET 2012 on sn-devel-104
|
|
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Nov 26 22:03:05 CET 2012 on sn-devel-104
|
|
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Nov 26 19:20:05 CET 2012 on sn-devel-104
|
|
(bug #9426)
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Nov 26 17:36:20 CET 2012 on sn-devel-104
|
|
Fix for bug #9350
This establishes the "auto" mode as default for ads-support, when
neither "--with-ads" nor "--without-ads" is specified for configure.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Nov 23 19:34:55 CET 2012 on sn-devel-104
|
|
The server name type (0x20) is much more likely to be available in the name cache, as
this type gets stored by winbind itself - the primary user of the ncacn_ip_tcp
code currently.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Nov 23 16:30:57 CET 2012 on sn-devel-104
|
|
This is a front port of patches made in 3.6.x branch for bugs:
* 9037
* 9086
* 9094
* 9418
It checks if there is a library for md5 related functions (libmd or
libmd5) and if so it checks for the presence of md5.h headers it also
respect the need for osX build to not use samba's md5 implementation as
it's already present in the system libs.
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Nov 23 10:05:34 CET 2012 on sn-devel-104
|
|
These binaries are for developer or selftest use, and are not
supported for installation onto the system. The autoconf build does
not install these binaries, and so neither should the waf build.
Andrew Bartlett
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 22 12:00:36 CET 2012 on sn-devel-104
|
|
make test
This simply moves this to being a side-effect of --enable-selftest.
The flag was renamed from --enable-smbtorture4 in a recent patch.
Make test now relies on smbtorture4, and so this code to make the dependency
optional for the tests is not required any more.
Andrew Bartlett
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
This ensures that in both build systems, smbtorture3 is the source3 binary, and
smbtoture is our main smbtorture binary, built with waf.
Also included in this is the removal of bin/ndrdump4 as a special case.
This removes the last cases of binaries with different names in
each build system.
Andrew Bartlett
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
We now just build these in waf, using the source4/torture code.
The source4 versions of these are tested in make test.
Andrew Bartlett
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
The ntlm_auth4 binary is untested, and is missing major features compared with
the source3 binary. The two are being slowly merged, but I have not finished
that.
Andrew Bartlett
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
this causes each file that is potentially just opened for reading to be
marked as modified and lots of file change notifications will be send
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Tue Nov 20 21:02:34 CET 2012 on sn-devel-104
|
|
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Nov 20 19:18:33 CET 2012 on sn-devel-104
|
|
Now the logic matches the one in dcerpc_read_ncacn_packet_done().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Nov 20 11:54:51 CET 2012 on sn-devel-104
|
|
POSIX ACLs backend.
Change can_delete_directory() to can_delete_directory_fsp(), as
we only ever call this from an open directory file handle.
This allows us to use OpenDir_fsp() instead of OpenDir().
OpenDir() re-checks the ACL on the directory, which may
refuse DIR_LIST permissions. OpenDir_fsp() does not. As
this is a file-server internal check to see if the directory
actually contains any files before setting delete on close,
we can ignore the ACL here (Windows does).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Nov 20 01:46:28 CET 2012 on sn-devel-104
|
|
when evaluating file/directory ACE's.
If we can access the path to this file, by
default we have FILE_READ_ATTRIBUTES from the
containing directory. See the section.
"Algorithm to Check Access to an Existing File"
in MS-FSA.pdf.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Nov 17 01:11:07 CET 2012 on sn-devel-104
|
|
the ACEs should be talloc children of the ACL itself and not be placed on talloc_tos()
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
sys_acl_init returns a SMB_ACL_T with zero entries in the acl array
reallocate the array to proper size before filling it, otherwise we overwrite memory
This one is a result of a improper fixing in 7a6182962966e5edb42728c8
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
it is only used in loadparm.c
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Nov 16 03:33:34 CET 2012 on sn-devel-104
|
|
This function is helpfully called between when we finish processing
the globals and when we start processing the individual shares. This
means that the "vfs objects" and other per-share settings we specify
here become the defaults for (eg) [netlogon] and [sysvol] but the
admin can override these on a per-share basis or (as we must in make
test) for the whole server.
This broke setting and fetching of group policy objects from Windows
clients, since this setting was moved from fileserver.conf in
8518dd6406c0132dfd8c44e084c2b39792974f2c, and wasn't found in 'make
test' because we have to override the vfs objects to insert the
xattr_tdb and fake_acl modules.
Andrew Bartlett
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
setting ACLs.
Not caught by make test as it's an extreme edge case for strange
incoming ACLs. I only found this as I'm making raw.acls and smb2.acls
pass against 3.6.x and 4.0.0 with acl_xattr mapped onto a POSIX backend.
An incoming inheritable ACE entry containing only one permission,
WRITE_DATA maps into a POSIX owner perm of "-w-", which violates
the principle that the owner of a file/directory can always read.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Nov 15 19:52:52 CET 2012 on sn-devel-104
|
|
it in?
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 14 02:19:46 CET 2012 on sn-devel-104
|
|
Removes some incorrect info from an error message
(probably from its old place when it was copied).
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
NT4 is long dead, and we should not change which ACL we return based
on what we think the client is. The reason we should not do this, is
that if we are using vfs_acl_xattr then the hash will break if we do.
Additionally, it would require that the python VFS interface set the
global remote_arch to fake up being a modern client.
This instead seems cleaner and removes untested code (the tests are
updated to then handle the results of the modern codepath).
The supporting 'acl compatability' parameter is also removed.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
security_descriptor *.
Internally change the implementation to use SMB_VFS_GET_NT_ACL()
instead of SMB_VFS_FGET_NT_ACL() with a faked-up file struct.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Change set_nt_acl_no_snum() to correctly set up the fsp.
This does a stat on a real fsp in set_nt_acl_no_snum.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Samba continues to query a broken DC while the DC did not finish to
rebuild Sysvol (after a Windows crash, for example). It causes end users
to received strange codes while trying to authenticate, even if there is
a secondary DC available.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Nov 12 18:57:18 CET 2012 on sn-devel-104
|
|
Currently in smb_getpwnam() the NetBIOS domain name and the winbind separator
character is always added to the user name returned by Get_Pwnam_alloc() if it
does not contain the winbind separator character. As comments in the code
indicates this is done as a work around if 'winbind use default domain' is set
to yes in the samba configuration.
This make sense if the option is set because otherwise the domain information is
lost from the user name. But it causes errors if other services than winbind are
used for user lookup, e.g. sssd. sssd can handle different kind of fully
qualified user names as input, e.g. user@domain.name or DOM\user, but returns a
canonical name, by default user@domain.name.
While it would be possible to get around this issue with a special configuration
either on the sssd or samba side I think the cleaner solution is to use the work
around only if 'winbind use default domain' is set to yes which is what this
patch does.
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Nov 12 15:54:15 CET 2012 on sn-devel-104
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 10 20:25:48 CET 2012 on sn-devel-104
|
|
the waf build was missing the --with-dmapi option
and configure checks that are necessary to build the
source3 parts that need DMAPI (e.g. vfs_tsmsm)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9178
Signed-off-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Fri Nov 9 20:57:31 CET 2012 on sn-devel-104
|
|
access."
This reverts commit ae6a779bf9f816680e724ede37324b7f5355996b.
Bug 9125 analysis from Volker:
The problem is that there are no network calls possible at all that
would do what the samlogon cache does for us. There is just no way to
retrieve the group membership in a complex trusted environment. If you
have just a single domain with Samba as domain controller it might be
possible, but even within a single domain it is not possible to
correctly retrieve all group memberships using LDAP calls due to ACLs on
directory objects. The call to get that is called NetSamLogon on the
NETLOGON pipe. But this call requires user credentials and might trigger
updating counts on the server. So to correctly implement wbinfo -r after
a user has logged in, you have two alternatives: Save the info3 struct
or the PAC in the netsamlogon cache. If you insist on doing network
calls, you need to cache the user credentials somewhere to re-do the
NetSamLogon call every time the wbinfo -r is requested.
Reviewed-by: Andreas Schneider <asn@samba.org>
|