summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2010-03-10s3: Fix a long-standing problem with recycled PIDsVolker Lendecke20-38/+602
When a samba server process dies hard, it has no chance to clean up its entries in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb. For locking.tdb and brlock.tdb Samba is robust by checking every time we read an entry from the database if the corresponding process still exists. If it does not exist anymore, the entry is deleted. This is not 100% failsafe though: On systems with a limited PID space there is a non-zero chance that between the smbd's death and the fresh access, the PID is recycled by another long-running process. This renders all files that had been locked by the killed smbd potentially unusable until the new process also dies. This patch is supposed to fix the problem the following way: Every process ID in every database is augmented by a random 64-bit number that is stored in a serverid.tdb. Whenever we need to check if a process still exists we know its PID and the 64-bit number. We look up the PID in serverid.tdb and compare the 64-bit number. If it's the same, the process still is a valid smbd holding the lock. If it is different, a new smbd has taken over. I believe this is safe against an smbd that has died hard and the PID has been taken over by a non-samba process. This process would not have registered itself with a fresh 64-bit number in serverid.tdb, so the old one still exists in serverid.tdb. We protect against this case by the parent smbd taking care of deregistering PIDs from serverid.tdb and the fact that serverid.tdb is CLEAR_IF_FIRST. CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not work when all smbds are restarted. For this, "net serverid wipe" has to be run before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up sessionid.tdb and connections.tdb. While there, this also cleans up overloading connections.tdb with all the process entries just for messaging_send_all(). Volker
2010-03-10s3: Make TLDAP_IS_ALPHA and TLDAP_IS_ADH static functionsVolker Lendecke1-5/+12
2010-03-10s3-passdb: Fix typo in debug message.Karolin Seeger1-1/+1
Karolin
2010-03-09Fix the shell script in the root case. When run as root, make test now ↵Jeremy Allison1-4/+4
detects CAP_DAC_OVERRIDE being left on in error. Jeremy.
2010-03-09Add tests which, when run as root, will ensure we can't writeJeremy Allison3-11/+154
into a read-only directory, or read a owner-read-only file. Jeremy.
2010-03-09Fix typoSimo Sorce1-2/+2
2010-03-09Allow "make test" to complete as root. Obviously only safe on tightlyJeremy Allison1-0/+16
controlled developer machines. Jeremy.
2010-03-09s3: Fix a NULL pointer dereferenceVolker Lendecke1-1/+10
Found by Laurent Gaffie <laurent.gaffie@gmail.com>. Thanks! Volker
2010-03-09s3:tldap add own filter parsingSimo Sorce2-114/+614
Also add torture test to check filter parsing.
2010-03-09s3: Fix a typo. Thanks to Christian Ambach for pointing me at it :-)Volker Lendecke20-20/+20
2010-03-08Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail ↵Karolin Seeger3-71/+5
to respond to a read or write." This reverts commit a6ae7a552f851a399991262377cc0e062e40ac20. This fixes bug #7222 (All users have full rigths on all shares) (CVE-2010-0728). (cherry picked from commit 1c9494c76cc9686c61e0966f38528d3318f3176f)
2010-03-09s3:build: Fix automatic building of vfs_tsmsm if gpfs and dmapi are present.Michael Adam1-1/+1
Michael
2010-03-08s3: add missing Makefile.in changes for vfs_crossrenameBjörn Jacke1-0/+5
2010-03-08s3: add vfs_crossrenameBjörn Jacke2-0/+202
this module adds optional server-side support for limited rename operations beyond filesystem boundaries, which was the previously the default.
2010-03-08s3: remove cross-device rename support from vfs_defaultBjörn Jacke1-116/+0
cross-device rename support has some major limitations: - on huge files clients will timeout or hang - ACLs and EA information is not retained Usually a client will have to handle this. A Windows Server with a reparse point will also just return NT_STATUS_NOT_SAME_DEVICE. We will now by default do the same. I will add a vfs module which will restore the old cross-device renames.
2010-03-08samba: remove cifs-utils tools from build systemsJeff Layton2-173/+5
Now that cifs-utils are their own project, we need to go ahead and pull them out of the samba tree. This patch represents the first step toward that end. Remove the cifs-utilities from the source3 and source4 builds. Please pay particular attention to the source4 piece. I'm not at all familiar with the build system there, and would appreciate someone sanity checking my changes. It also adds a small README.cifs-utils file in the topdir. This is optional, but I think it's a good idea to carry this for a release or two. Once this patch looks ok, I'll plan to do another patch to actually remove the client dir and the relevant docs-xml files from the tree altogether. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2010-03-06s3: Fix the build of net_afs.c with --fake-kaserver=yes, bug 7216Volker Lendecke1-1/+1
Thanks to Geza Gemes <geza@kzsdabas.hu> for filing this bug
2010-03-05Fix for bug #7189 - Open txt files with notepad on samba shares creates problem.Jeremy Allison19-47/+126
Ensure we don't use any of the create_options for Samba private use. Add a new parameter to the VFS_CREATE call (private_flags) which is only used internally. Renumber NTCREATEX_OPTIONS_PRIVATE_DENY_DOS and NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to match the S4 code). Rev. the VFS interface to version 28. Jeremy.
2010-03-05s3-rpcclient: Leave setprinterdata directly if not enough args were passed.Andreas Schneider1-2/+1
If we don't pass enough arguments we don't have to close the connection. Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-05s3-rpc_server: Document rpc_pipe_open_internal.Andreas Schneider1-1/+27
Signed-off-by: Günther Deschner <gd@samba.org>
2010-03-05s3: Make "smbcontrol xx debuglevel" print the correct cluster pidVolker Lendecke1-2/+6
2010-03-05s3: Remove the unused parameter "persistent" from fetch_locked_internalVolker Lendecke1-8/+2
2010-03-05s3: db->persistent==true was handled earlier, make this more obviousVolker Lendecke1-1/+1
2010-03-05s3-libads: fix get_remote_printer_publishing_data after ↵Günther Deschner1-26/+14
spoolss_EnumPrinterDataEx IDL change. Guenther
2010-03-05s3-spoolss: fix _spoolss_EnumPrinterDataEx after idlGünther Deschner1-11/+2
Guenther
2010-03-05s3-rpcclient: fix rpcclient after spoolss_EnumPrinterDataEx IDL change.Günther Deschner1-5/+4
Guenther
2010-03-05s3-net: fix net after spoolss_EnumPrinterDataEx IDL change.Günther Deschner1-9/+2
Guenther
2010-03-05s3-rpcclient: fix rpcclient after spoolss_GetPrinterData{Ex} IDL change.Günther Deschner3-20/+53
Guenther
2010-03-05s3-spoolss: fix _spoolss_GetPrinterDataEx after IDL change.Günther Deschner1-11/+27
Guenther
2010-03-05s3-rpcclient: fix rpcclient after spoolss_SetPrinterData{Ex} IDL change.Günther Deschner1-2/+8
Guenther
2010-03-05s3-net: fix net after spoolss_SetPrinterData{Ex} IDL change.Günther Deschner1-24/+6
Guenther
2010-03-05s3-spoolss: fix _spoolss_SetPrinterData{Ex} after IDL change.Günther Deschner1-10/+3
Guenther
2010-03-05s3:winbindd: add DEBUG(10,...) for the end of each top levelStefan Metzmacher2-6/+25
That will hopefully make debugging a bit easier (at least for me). metze
2010-03-05s3-selftest: enable RPC-WINREG against Samba 3.Günther Deschner1-1/+1
Guenther
2010-03-06s3: Fix unnecessary traversing winbindd_cache.tdb in SIGHUP handler.Bo Yang1-0/+6
Signed-off-by: Bo Yang <boyang@samba.org>
2010-03-04srv_pipe.c doesn't reference current_user anymore. Remove it.Jeremy Allison1-2/+0
Jeremy.
2010-03-04Revert "s3:configure: add --enable-as-needed"Karolin Seeger1-8/+2
This reverts commit 22d316926b9589608d332143c1fa134229b75b3c. Please see bug #7209 for details.
2010-03-04s3:configure: add --enable-as-neededStefan Metzmacher1-2/+8
On some broken systems like RHEL5, we need to be able to disable --as-needed. metze
2010-03-06s3: Rerun genmsg after adding more strings.Bo Yang20-799/+8390
Signed-off-by: Bo Yang <boyang@samba.org>
2010-03-06s3: Add i18n/l10n strings in pam_winbind.c coming from winbindd.Bo Yang1-91/+95
Signed-off-by: Bo Yang <boyang@samba.org>
2010-03-03Fix typo in comments.Karolin Seeger2-3/+3
2010-03-03s3: Fix build file due to file move. Use the new path of iniparserMatthieu Patou2-3/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-03-03s3: Move source3/iniparser to lib/iniparser to allow sharing between s3/s4Matthieu Patou26-3501/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-03-03s3: Allow pam_winbind.c to build without localedir.cMatthieu Patou1-1/+8
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-03-03s3:net: add a command "net registry setsd_sdd"Michael Adam1-0/+88
This permits to set the security descriptor of a registry key from the unix command line. Michael
2010-03-03s3:net: fix some i18n messages in net_registry_getsd_internal().Michael Adam1-2/+3
Michael
2010-03-03s3:net: add i18n macro _() to one messageMichael Adam1-1/+1
Michael
2010-03-03s3:net: add new subcommand "net registry getsd_sddl" to print secdesc in ↵Michael Adam1-0/+40
sddl format Michael
2010-03-03s3:net: refactor getting of secdesc out of net_registry_getsd()Michael Adam1-14/+42
New net_registry_getsd_internal does the work(), net_registry_getsd() just prints the result. This in preparation to add support for other output formats than the currently used display_sec_desc(). Michael
2010-03-03s3:smbcacls: add switch "--sddl" to output acls as sddl encoded stringsMichael Adam1-1/+9