Age | Commit message (Collapse) | Author | Files | Lines |
|
During the creation of the 3 RPC pipes in winbind we try to steal the
RPC binding structure to be a child of the pipe once the pipe is
established. This fails with a talloc warning as the rpc connection
code already holds a reference to the binding.
The fix is to use talloc_reparent() instead.
|
|
Previously we relied on process groups and SIGTERM to ensure that
child tasks died in the standard process model when the parent task
died. This doesn't work when the server is run in interactive mode, as
in that case we don't call become_daemon() and don't get a separate
process group.
The fix is to have a pipe held open by the parent server process, and
inherited by child tasks. If the parent exits then the write side of
the pipe is implicitly closed, which causes an event in the child
tasks that causes them to exit
|
|
While testing the use of the standard process model with 'make test' I
found that testing was much slower (by several times) with the
standard model than with the single model. The primary problem was
that each SMB connection would open a new sam ldb context, and all of
those would reload the full AD schema.
The fix is to pre-open the SAM during server startup, before any child
processes are forked. This sets up the global schema context which is
inherited by all connections.
The standard model is still slower at make test than the single model,
but not by nearly as much. I am working on further reducing the gap.
|
|
Before this change, the first opener of the sam ldb context would
become the owner of the global schema, then the autofree context got a
reference to the schema. Any subsequent opens of the sam ldb also got
a reference. This meant that the talloc hierarchy was inconsistent
between the first sam ldb open and subsequent opens. With this change
the autofree context becomes the owner of the global schema, and all
ldb contexts get a reference.
|
|
These references were triggering the ambiguous talloc_free errors from
the recent talloc changes when the server is run using the 'standard'
process model instead of the 'single' process model. I am aiming to
move the build farm to use the 'standard' process model soon, as part
of an effort to make our test environment better match the real
deployment of Samba4.
The references are not needed as the way that the event context is
used is as the 'top parent', so when the event context is freed then
all of the structures that were taking a reference to the event
context were actually freed as well, thus making the references
redundent.
|
|
This fixes a bug in the samba3sam test with the python libraries as
noticed by abartlet
|
|
|
|
|
|
|
|
The existing test was only covering files opened underneath the
directory that was being renamed. It is not uncommon for windows
clients to actually hold a read-only handle to a directory open across
the rename, which it turns out doesn't return NT_STATUS_ACCESS_DENIED.
Additionally, holding a handle open to a stream on the directory is
also allowed.
|
|
|
|
|
|
This reverts commit 57da47c1bd76157a6a403154551645c16ad64a75.
The build emails do work :-)
|
|
I want to make sure that the build breakage emails are now working
correctly
|
|
370a73a74199a5a55188340906e15fd795f67a74)
This removes some of the portability changes made to code under
heimdal/
If these are still required, then we will re-add them with code under
heimdal_build/ (so that we can simply 'drop in' future heimdal
releases).
Andrew Bartlett
|
|
|
|
see bug #6610
The MacOSX SMB client sets the BCC value in SMBwriteX calls to zero
instead of the correct size. Checking against WindowsXP, I've found
that Windows uses the maximum of the computed buffer size and the
given BCC value. I've changed Samba4 to do the same to allow MacOSX to
work.
I've limited this change to non-chained packets to ensure we don't get
the possibility of exploits based on overlapping chained requests
|
|
|
|
|
|
metze
|
|
stream_terminate_connection() removes the fd event
This fixes a crash bug where tls_destructor() relies on the fd event still being there.
metze
|
|
the test failures
|
|
This bug was caused by two things:
1) in the unix ACL mapping, we were not taking into account group
write permssions for the SEC_STD_DELETE flag
2) when a file is created using OVERWRITE mode, a fchmod() would
fail if the user is not the file owner. We resolve that by only
doing the fchmod() if the mapped file attribute does not match the
desired file attribute
|
|
|
|
8714779fa7376fd9f7761587639e68b48afc8c9c)
This also adds a new hdb-glue.c file, to cope with Heimdal's
uncondtional enabling of SQLITE.
(Very reasonable, but not required for Samba4's use).
Andrew Bartlett
|
|
|
|
|
|
check.
|
|
This allows the RAW-READ test to pass against w2k8
|
|
This fixes two issues pointed out by Andrew. It adds a runtime
uwrap_enabled() call that wraps the skips needed for uid emulation. It
also makes the skip in the directory_create_or_exist() function only
change the uid checking code, not the permissions code
|
|
This library intercepts seteuid and related calls, and simulates them
in a manner similar to the nss_wrapper and socket_wrapper
libraries. This allows us to enable the vfs_unixuid NTVFS module in
the build farm, which means we are more likely to catch errors in the
token manipulation.
The simulation is not complete, but it is enough for Samba4 for
now. The major areas of incompleteness are:
- no emulation of setreuid, setresuid or saved uids. These would be
needed for use in Samba3
- no emulation of ruid changing. That would also be needed for Samba3
- no attempt to emulate file ownership changing, so code that (for
example) tests whether st.st_uid matches geteuid() needs special
handling
|
|
|
|
This removes a number of cases where we did a cast into a const char *
of an ldb_val. While convention is to alway have an extra \0 at
data[length] in the ldb_val, this is not required, and does not occour
at least on build farm host 'svart'.
Andrew Bartlett
|
|
We don't have to remove the eventual write privileges to enable the execute ones.
|
|
"groupSID"s structure
|
|
The original patch didn't cope with a NULL target server name - we now key off that to decide it isn't worth checking against LDAP for this host.
I still can't get this to pass against Windows 2008, but mdw was
testing against Windows 2008R2. at least 'make test' is happy, and
the rest should not be too hard...
Andrew Bartlett
|
|
|
|
Also allow a SDDL security descriptor, using the domain SID attached
to the session (it will search for it during the LDIF parse if need
be).
Andrew Bartlett
|
|
- Correctly use samdb_search_string to do a 'base' search
(this needs a NULL, not a "" argument for the format string)
- There is no need (and it caused a security hole) to use
talloc_asprintf() with the only argument being the string to
duplicate.
Andrew Bartlett
|
|
|
|
This fixes bug 6547, where smbclient in S3 reads more than 64k at a
time with readx.
|
|
This reworks the test to be part of the LDAP tests, to make better use
of the torture API and the ldb API (in particular around adding
controls), and a general cleanup.
This also adds the test to the 'make test' run.
Andrew Bartlett
|
|
|
|
In the vein hope that a larger file might show problems better than a
small file.
Andrew Bartlett
|
|
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
|
|
relying on reference leaks :-)
|
|
Guenther
|
|
attribute.
|
|
|