summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2013-07-29s3:winbind: add a warning DEBUG message when skipping a sid from the mapped ↵Michael Adam1-0/+18
GID list This presents a potential security problem when ACLs contain DENY ACEs. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Jul 29 14:42:27 CEST 2013 on sn-devel-104
2013-07-29s3:winbind: change getgroups to only do one sids2xids call instead of manyMichael Adam1-26/+42
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-07-29s3:winbind: fix the getgroups implementation to include the user sid's GID ↵Michael Adam1-3/+5
in case of ID_TYPE_BOTH This is important for acl checks on the unix level where only a group ace has been added to the ACL for the user sid, e.g. when accessing Files with nfs or local unix processes. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-07-29s3:winbind: fix gid counting and error handling in the getgroups implementationMichael Adam1-6/+10
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-07-23s3-winbindd: support the DIR pragma for raw kerberos user pam authentication.Günther Deschner1-0/+23
It is currently only available in MIT. In addition, allow to define custom filepaths for FILE, WRFILE and DIR pragmas and substitute one occurence of the %u pattern. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-23smbd: Fix CID 1035536 Uninitialized pointer readVolker Lendecke1-1/+1
rpc_pipe_open_interface just returns okay if the pipe in question is already open. For this, it needs to read the value. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jul 23 02:05:19 CEST 2013 on sn-devel-104
2013-07-22smbd: Fix CID 1035537 Uninitialized pointer readVolker Lendecke1-1/+1
rpc_pipe_open_interface just returns okay if the pipe in question is already open. For this, it needs to read the value. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-22smbd: Fix CID 1035538 Uninitialized pointer readVolker Lendecke1-1/+1
rpc_pipe_open_interface just returns okay if the pipe in question is already open. For this, it needs to read the value. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-22s3-waf: Rename regedit to samba-regedit.Andreas Schneider1-1/+1
This is needed cause wine already provides a binary with the name regedit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10040 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Kai Blin <kai@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jul 22 14:12:38 CEST 2013 on sn-devel-104
2013-07-19s3-printing: avoid KRB5CCNAME overwrite in printer publishing (Bug #7444).Günther Deschner1-0/+13
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Jul 19 17:53:08 CEST 2013 on sn-devel-104
2013-07-19Reply with correct trans2 message on a setpathinfo with a bad EA name.Jeremy Allison1-1/+10
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-19Ensure we do pathname processing before SD and EA processing in NTTRANS_CREATE.Jeremy Allison1-38/+38
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-19Ensure we can't create a file using NTTRANS with an invalid EA list.Jeremy Allison1-0/+20
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-19Ensure we can't create a file using TRANS2_OPEN with an invalid EA list.Jeremy Allison1-0/+14
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-19Add the ability to send an NTSTATUS result back with a trans2 reply so we ↵Jeremy Allison3-14/+32
can return a parameter block with an error code. This is needed when returning a STATUS_INVALID_NAME result (tested from Windows 2012). Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-19Ensure we can't create a file using SMB2_CREATE with an invalid EA list.Jeremy Allison1-0/+5
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-19Ensure we never return an EA name to a Windows client it can't handle.Jeremy Allison1-0/+9
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-19Ensure set_ea cannot set invalid Windows EA names.Jeremy Allison1-0/+9
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-19Add ea_list_has_invalid_name() function.Jeremy Allison2-0/+36
Invalid character list probed from Windows Server 2012. Bug 9992: Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-07-18Fix memory leak in error code path.Richard Sharpe1-0/+1
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jul 18 03:22:37 CEST 2013 on sn-devel-104
2013-07-16s3: Remove old mode special substitution.Alexander Werth1-13/+2
The mode special substitution now happens in a separate function. The substitution at this point is unnecessary. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Tue Jul 16 00:52:26 CEST 2013 on sn-devel-104
2013-07-08s3:idmap_autorid: Add a NULL check in idmap_autorid_preallocate_wellknownVolker Lendecke1-0/+4
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-07-08s3:idmap_autorid: Don't zero in idmap_autorid_preallocate_wellknownVolker Lendecke1-1/+1
We initialize everything later anyway Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-07-08s3:idmap_autorid: Use ARRAY_SIZE where appropriateVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-07-15s3-winbind: Do not delete an existing valid credential cache.Andreas Schneider1-0/+8
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9994 Thanks to David Woodhouse <dwmw2@infradead.org>. Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jul 15 12:48:46 CEST 2013 on sn-devel-104
2013-07-11smbd: Fix a 100% loop at shutdown timeVolker Lendecke1-2/+5
In the destructor of fsp->aio_requests[0] we put another request into fsp->aio_requests[0]. Don't overwrite that with TALLOC_FREE. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jul 11 20:56:42 CEST 2013 on sn-devel-104
2013-07-11srvsvc: Use a symbolic constant where we have oneVolker Lendecke1-1/+6
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-10s3-smbstatus: display [u|g]id of -1 as "-1" in connection listBjörn Baumbach1-4/+20
In order to avoid displayed uid or gid of "4294967295" instead of "-1", we need to fetch the special case -1. The id can be -1 if we are reading e.g. incomplete session information. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jul 10 01:18:30 CEST 2013 on sn-devel-104
2013-07-09s3-lib: hide incomplete smbXsrv_tcon_global recordsStefan Metzmacher1-0/+13
Part of fix for bug #10003 Pair-programmed-with: Björn Baumbach <bb@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-09s3-lib: fix segf while reading incomplete session info (bug #10003)Björn Baumbach2-7/+17
Pair-programmed-with: Stefan Metzmacher <metze@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-09smbd: Fix a profile problemVolker Lendecke5-27/+34
When trying to read a profile, under certain circumstances Windows tries to read with its machine account first. The profile previously written was stored with an ACL that only allows access for the user and not the machine. Windows should get an NT_STATUS_ACCESS_DENIED when using the machine account, making it retry with the user account (which would then succeed). Samba under these circumstances erroneously gives NT_STATUS_OBJECT_PATH_NOT_FOUND, which makes Windows give up and not retry. The reasons is the "dropbox" patch in unix_convert, turning EACCESS on the last path component to OBJECT_PATH_NOT_FOUND. This patch makes the dropbox behaviour only kick in when we are creating a file. I think this is an abstraction violation. unix_convert() should not have to know about the create_disposition, but given that we have pathname resolution separated from the core open code right now this is the best we can do. Signed-off-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-08rpc_cli: Remove some unnecessary initializationsVolker Lendecke1-3/+0
tevent_req_create already initializes "state" to 0 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Mon Jul 8 17:04:20 CEST 2013 on sn-devel-104
2013-07-02s3-winbind: Allow sec_initial_uid() to store creds.Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jul 2 23:26:24 CEST 2013 on sn-devel-104
2013-06-27winbindd and nmbd don't set their umask to zero on startup like smbd does.Jeremy Allison2-0/+12
Fix this - we already control tightly what permissions are on the files we create. Ensure we don't get surprised. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Jun 27 02:02:24 CEST 2013 on sn-devel-104
2013-06-26sharesec: Implement --view-allVolker Lendecke1-1/+34
Listing individual shares can be quite slow when you have a lot of shares. This implements a --view-all option that prints something like [share1] REVISION:1 OWNER:(NULL SID) GROUP:(NULL SID) ACL:S-1-1-0:ALLOWED/0/FULL [share2] REVISION:1 OWNER:(NULL SID) GROUP:(NULL SID) ACL:S-1-1-0:ALLOWED/0/FULL Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-25s3:smbd/close remove filesystem lock before removing sharemodeChristian Ambach1-0/+9
otherwise we are open for a race condition: opener 1 opens file and closes it - during the close, the share mode entry will be removed from locking.tdb, but share mode in the file system will be dropped later after delete_on_close and write time updates have been done opener 2 requests open of same file with file overwrite - locking.tdb does not list original entry, but file system share mode is still around - VFS_FTRUNCATE will fail and error was converted to STATUS_ACCESS_DENIED Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Tue Jun 25 14:48:44 CEST 2013 on sn-devel-104
2013-06-25s3:smbd/close use common exit pathChristian Ambach1-9/+2
do not return early here, but use the common exit path that will remove the share mode from the record Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-06-25s3:lib add mapping for ETXTBSYChristian Ambach1-0/+3
add ETXTBSY to the errno->STATUS conversion table. It will be mapped to STATUS_SHARING_VIOLATION Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-06-25s3-ctdb: Fix auto-enabling of CTDB readonly supportDaniel Gan-Levi1-0/+28
This fixes Bug 9957 Bug: https://bugzilla.samba.org/show_bug.cgi?id=9957 Signed-off-by: Daniel Gan-Levi <danielg@il.ibm.com> Reviewed-by: Christian Ambach <ambi@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-06-25s3:smbd/aio mark file as modified in the SMB2 caseChristian Ambach1-0/+2
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-06-24Use existing "acl map full control" parameter to control the adding of the ↵Jeremy Allison1-2/+17
DELETE_CHILD parameter on NFSv4/ZFS/GPFS file ACE's. Windows maps an open request of GENERIC_ALL on files to 0x1FF specific bits, which includes DELETE_CHILD even though this has no meaning on file ACE's. If a returned NFSv4 ACE entry for a file has all other specific bits set except for DELETE (which comes from the containing directory) and DELETE_CHILD (which has no meaning) then optionally add it into the returned ACE entry. This is using the same parameter in the same way as it is currently used in smbd/posix_acls.c. Note that as this parameter is on by default, it is already being tested in the existing raw.acl tests. Fixes issue with Microsoft SMB2 torture test suite found at the interop event in Redmond, WA. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
2013-06-24s3/smbclient: fix incorrect command tab completionsDavid Disseldorp1-8/+8
smbclient commands can offer tab-completion for local and remote paths. This behaviour is specified for the first two arguments using the compl_args entry in the commands struct. This change fixes a number of incorrectly specified compl_args values. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Aurélien Aptel <aurelien.aptel@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Mon Jun 24 19:32:54 CEST 2013 on sn-devel-104
2013-06-21Fix glusterfs backend crash found at the Microsoft interop event.Jeremy Allison1-2/+4
Based on a fix originally from Raghavendra Talur <rtalur@redhat.com>. When a new document is created in explorer, a check for file_exist is made. vfs_gluster_get_real_filename was returning 0 even when the file did not exist. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: "Christopher R. Hertel" <crh@ubiqx.mn.org>
2013-06-21Fix some blank line endingsVolker Lendecke12-237/+236
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Jun 21 19:57:06 CEST 2013 on sn-devel-104
2013-06-21s3:passdb/pdb_util make pdb_create_builtin consider whether backend deals ↵Christian Ambach1-4/+33
with BUILTIN when creating a BUILTIN group, make the strategy dependent on passdb backend behavior 1. if passdb is responsible for BUILTIN (normal case), call pdb_create_builtin_alias with gid=0 argument so it asks winbindd for a gid to be used 2. if passdb is not responsible, ask for a mapping for the group first and let pdb_create_builtin_alias create the mapping based on the gid that was determined in the mapping request Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Jun 21 12:49:10 CEST 2013 on sn-devel-104
2013-06-21s3:passdb add a gid argument to pdb_create_builtin_aliasChristian Ambach4-15/+25
make it possible to skip the allocation of a new gid from winbind by specifying the gid to be used Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21s3:utils/net_sam make use of pdb_create_builtin helper functionChristian Ambach1-1/+1
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21s3:passdb expose pdb_create_builtin functionChristian Ambach3-3/+5
this one first tries to map the principal before allocating a new gid Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21s3:passdb/pdb_tdb add parameter to control handling of BUILTINChristian Ambach1-0/+10
with tdbsam:map builtin, one can control if tdbsam should be used to map entries from BUILTIN or not. By default, they will be mapped (as in older releases) Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21s3:passdb/pdb_ldap remove an unnecessary checkChristian Ambach1-4/+0
as general passdb code already verifies for which idmap domains the module is responsible, requests for other domains should not come in here any more Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>