Björn Baumbach [Wed, 20 Nov 2013 13:24:21 +0000 (14:24 +0100)]
waf docs: build the new vfs worm man page
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Björn Baumbach [Wed, 20 Nov 2013 12:00:04 +0000 (13:00 +0100)]
docs-man: add manual page for the new worm vfs module
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 20 Nov 2013 11:11:41 +0000 (12:11 +0100)]
s3-waf: build new vfs_worm module
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 20 Nov 2013 11:09:47 +0000 (12:09 +0100)]
s3-modules: add new vfs_worm module
VFS module to disallow writes for older files.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 20 Nov 2013 11:00:17 +0000 (12:00 +0100)]
lib-util: add functions to get elapsed from given timespec structs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Fri, 6 Dec 2013 23:03:30 +0000 (16:03 -0700)]
docs: Add kill-client-ip to smbcontrol manpage
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Thu Dec 12 20:45:44 CET 2013 on sn-devel-104
Christian Ambach [Fri, 15 Mar 2013 14:09:18 +0000 (15:09 +0100)]
s3:utils/smbcontrol implement kill-client-ip in smbcontrol
allows the admin to forcefully shutdown the connection of a specified client by IP address
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christian Ambach [Fri, 15 Mar 2013 14:08:22 +0000 (15:08 +0100)]
s3:smbd react on message that client should be disconnected
if MSG_SMB_KILL_CLIENT_IP message comes in and our client has
the IP address given as argument, then shutdown the connection immediately
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christian Ambach [Fri, 15 Mar 2013 14:06:41 +0000 (15:06 +0100)]
s3:messaging add MSG_SMB_KILL_CLIENT_IP message
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Keegel [Thu, 12 Dec 2013 11:08:58 +0000 (12:08 +0100)]
shadow_copy2: Fix some typos
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Dec 12 17:58:24 CET 2013 on sn-devel-104
Günther Deschner [Tue, 10 Dec 2013 23:59:55 +0000 (00:59 +0100)]
libgpo/security_CSE: more preamble header checks of SecEdit/GptTmpl.inf files.
$CHICAGO$ needs to be double quoted.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Dec 12 15:31:14 CET 2013 on sn-devel-104
Günther Deschner [Tue, 10 Dec 2013 23:50:03 +0000 (00:50 +0100)]
libgpo/security_CSE: fix unicode preamble check of SecEdit/GptTmpl.inf files.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Tue, 10 Dec 2013 23:44:49 +0000 (00:44 +0100)]
libgpo: add gp_inifile_getbool().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Tue, 10 Dec 2013 17:06:14 +0000 (18:06 +0100)]
libgpo: fix segfault in gpo_process_gpo_list().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Tue, 10 Dec 2013 16:39:54 +0000 (17:39 +0100)]
libgpo: make sure we correctly can store the group policy state.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Tue, 10 Dec 2013 22:44:23 +0000 (23:44 +0100)]
libgpo: remove use of deprecated talloc functions.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Tue, 10 Dec 2013 22:18:17 +0000 (23:18 +0100)]
libgpo: remove unused libgpo wscript_build.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Tue, 10 Dec 2013 21:50:47 +0000 (22:50 +0100)]
libgpo: use existing connection to the ds for the sysvol queries.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Tue, 10 Dec 2013 17:26:51 +0000 (18:26 +0100)]
libgpo: remove unused loadparm_context from functions.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Tue, 10 Dec 2013 09:10:22 +0000 (10:10 +0100)]
libgpo: remove duplicate parse_gpt_ini header.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 27 Sep 2013 02:06:00 +0000 (04:06 +0200)]
tevent: version 0.9.20
This adds the following new features:
- tevent_queue_wait_send/recv()
- tevent_num_signals()
- tevent_sa_info_queue_count()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 12 00:39:35 CET 2013 on sn-devel-104
Stefan Metzmacher [Mon, 9 Dec 2013 09:32:00 +0000 (10:32 +0100)]
tevent: give the user the chance to ask for TEVENT_NUM_SIGNALS and TEVENT_SA_INFO_QUEUE_COUNT
This way the caller can change use the supported limits without using hardcoded
values.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10214
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Mon, 9 Dec 2013 09:29:45 +0000 (10:29 +0100)]
tevent: change TEVENT_SA_INFO_QUEUE_COUNT from 64 to 256
There are some existing callers which assume the old
SA_INFO_QUEUE_COUNT 100 value.
256 should give room for the future.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10214
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Wed, 11 Dec 2013 17:58:41 +0000 (18:58 +0100)]
tevent: tevent_epoll_set_panic_fallback() can be a void function
There's no case where this could return an error.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Thu, 5 Dec 2013 07:47:27 +0000 (08:47 +0100)]
tevent: make use of talloc_get_type_abort() in tevent_epoll.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Thu, 5 Dec 2013 07:47:27 +0000 (08:47 +0100)]
tevent: make use of talloc_get_type_abort() in tevent_signal.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Thu, 5 Dec 2013 07:47:27 +0000 (08:47 +0100)]
tevent: make use of talloc_get_type_abort() in tevent_select.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Thu, 5 Dec 2013 07:47:27 +0000 (08:47 +0100)]
tevent: make use of talloc_get_type_abort() in tevent_req.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Thu, 5 Dec 2013 07:47:27 +0000 (08:47 +0100)]
tevent: make use of talloc_get_type_abort() in tevent_queue.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Thu, 5 Dec 2013 07:46:47 +0000 (08:46 +0100)]
tevent: use talloc_get_type_abort() in the documentation examples
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Gregor Beck [Thu, 19 Sep 2013 13:14:25 +0000 (15:14 +0200)]
tevent: add tevent_queue_wait_send/recv()
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Fri, 27 Sep 2013 01:02:24 +0000 (03:02 +0200)]
tevent: tevent_req_create() already uses ZERO_STRUCT(req)
There's no need to zero individual members.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Fri, 27 Sep 2013 00:59:22 +0000 (02:59 +0200)]
tevent: let tevent_req_received() clear the private_cancel function
This makes sure it's not called when the private state is already gone.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Sat, 17 Sep 2011 17:53:55 +0000 (19:53 +0200)]
tevent: cancel the timeout timer when the request is finished
As we might defer the callback with tevent_req_defer_callback()
when calling tevent_req_done(), we should cancel the timeout directly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
David Disseldorp [Tue, 10 Dec 2013 12:59:06 +0000 (13:59 +0100)]
s3/rpc_server: don't unmarshall PDUs twice
DCE/RPC PDUs are currently unmarshalled firstly by the generic librpc
dcerpc_read_ncacn_packet_[send/recv] functions, and subsequently a
second time by the source3 rpc_server, which ignores the unmarshalled
packet and re-parses the receive buffer.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 11 22:24:31 CET 2013 on sn-devel-104
Michael Adam [Wed, 11 Dec 2013 08:41:38 +0000 (09:41 +0100)]
shadow_copy2: add a comment explaining why we don't talloc_zero_array().
Since I stumbled over this slighly sublte point, I thought it is
worthwile to point it our in a comment.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Dec 11 19:55:20 CET 2013 on sn-devel-104
Michael Adam [Wed, 11 Dec 2013 08:34:47 +0000 (09:34 +0100)]
shadow_copy2: revert expensive and unnecessary zero-initialization
I was being overly cautious. This is initialization is not
necessary, since further down in the for-loop, the memory
always gets fully initialized because the insert string is
inserted at various slash positions.
So this talloc_zero_array can be skipped: this an expensive
thing to do in virtually every VFS call.
This essentially reverts commit
249e9b4a34d8959bd94735c1921ecfc24d6a2705.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Michael Adam [Wed, 11 Dec 2013 16:47:36 +0000 (17:47 +0100)]
lib:util: fix a comment typo
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Gregor Beck [Mon, 22 Apr 2013 11:33:00 +0000 (13:33 +0200)]
s3: use directory_create_or_exist_strict() to create corepath
This simplifies the code and even works in testenv where the chown call
fails.
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Gregor Beck [Mon, 22 Apr 2013 10:35:01 +0000 (12:35 +0200)]
selftest: pass -l logdir to daemon processes.
The daemons try to set up the corefile path within logdir before the config
file was read.
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Gregor Beck [Wed, 20 Mar 2013 09:58:22 +0000 (10:58 +0100)]
selftest: use MALLOC_CHECK_=3 to give a diagnostic on failure
With MALLOC_CHECK_ set to 2 in case of a failure abort() is called
silently which hopefully creates a core dump.
MALLOC_CHECK_=3 additionally gives an error message on stderr in case.
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Gregor Beck [Wed, 20 Mar 2013 09:36:37 +0000 (10:36 +0100)]
selftest: set valgrind options
In particular '--db-attach' interferes badly with the io redirection of the
test environment and is superseded by the vgdb feature of valgrind.
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Tue, 19 Mar 2013 14:44:02 +0000 (15:44 +0100)]
selftest: setup {NMBD,WINBINDD,SMBD}_VALGRIND
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Tue, 19 Mar 2013 14:43:12 +0000 (15:43 +0100)]
selftest/Samba3: export ENVNAME
This is used by selftest/in_screen.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Karolin Seeger [Tue, 10 Dec 2013 14:24:31 +0000 (15:24 +0100)]
docs: Fix typos in vfs_shadow_copy2.8.xml.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Dec 10 18:49:21 CET 2013 on sn-devel-104
Andreas Schneider [Wed, 27 Nov 2013 16:21:01 +0000 (17:21 +0100)]
s3-lib: Fix %G substitution for domain users in smbd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10286
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Tue Dec 10 16:39:43 CET 2013 on sn-devel-104
Christian Ambach [Mon, 16 Sep 2013 11:18:17 +0000 (13:18 +0200)]
s3:winbindd fix use of uninitialized variables
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10280
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Christian Ambach [Fri, 22 Nov 2013 04:12:05 +0000 (05:12 +0100)]
s3:lib/asys modify included headers
use the headers from libreplace, not the system ones
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Tue, 3 Dec 2013 18:21:16 +0000 (10:21 -0800)]
smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 9 21:02:21 CET 2013 on sn-devel-104
Jeremy Allison [Tue, 3 Dec 2013 18:19:09 +0000 (10:19 -0800)]
smbd: change flag name from UCF_CREATING_FILE to UCF_PREP_CREATEFILE
In preparation to using it for all open calls.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Tue, 3 Dec 2013 12:20:17 +0000 (13:20 +0100)]
smbd: Fix regression for the dropbox case.
We need to allow to save a file to a directory with perm -wx.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jan Brummer [Mon, 9 Dec 2013 14:22:29 +0000 (15:22 +0100)]
s3-winbindd: Fix DEBUG statement in winbind_msg_offline().
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10285
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Dec 9 17:28:37 CET 2013 on sn-devel-104
Jeremy Allison [Fri, 8 Nov 2013 06:41:22 +0000 (22:41 -0800)]
CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Dec 9 09:00:41 CET 2013 on sn-devel-104
Jeremy Allison [Fri, 8 Nov 2013 05:40:55 +0000 (21:40 -0800)]
CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Fri, 8 Nov 2013 04:38:01 +0000 (20:38 -0800)]
CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 17 Oct 2013 21:44:35 +0000 (14:44 -0700)]
CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Oct 2013 14:26:58 +0000 (16:26 +0200)]
CVE-2013-4408:s3:ctdb_conn: add some length verification to ctdb_packet_more()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)]
CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)]
CVE-2013-4408:s3:util_tsock: add some overflow detection to tstream_read_packet_done()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)]
CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 24 Sep 2013 03:03:40 +0000 (05:03 +0200)]
CVE-2013-4408:s4:dcerpc_sock: check for invalid frag_len within sock_complete_packet()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 25 Sep 2013 21:25:12 +0000 (23:25 +0200)]
CVE-2013-4408:s4:dcerpc_smb2: check for invalid frag_len in send_read_request_continue()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 25 Sep 2013 21:25:12 +0000 (23:25 +0200)]
CVE-2013-4408:s4:dcerpc_smb: check for invalid frag_len in send_read_request_continue()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 25 Sep 2013 21:25:12 +0000 (23:25 +0200)]
CVE-2013-4408:s4:dcerpc: check for invalid frag_len in ncacn_pull()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 25 Sep 2013 21:25:12 +0000 (23:25 +0200)]
CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header size
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 25 Sep 2013 21:25:12 +0000 (23:25 +0200)]
CVE-2013-4408:s3:rpc_client: check for invalid frag_len in dcerpc_pull_ncacn_packet()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 24 Sep 2013 03:03:40 +0000 (05:03 +0200)]
CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_next_vector()
We should do this explicit instead of relying on
tstream_readv_pdu_ask_for_next_vector() to catch the overflow.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 24 Sep 2013 03:03:40 +0000 (05:03 +0200)]
CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_done()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Michael Adam [Fri, 6 Dec 2013 00:37:34 +0000 (01:37 +0100)]
ctdb:packaging:RPM: don't run autogen.
autogen is already run in maketarball.sh which generates
the tarball for the RPM.
This way, we don't have a rpm build dependency on autoconf.
Recent changes introduced a dependency into autoconf
version >= 2.60, so this fix allows the generated
source RPM to be built also on older platforms.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Dec 9 05:47:00 CET 2013 on sn-devel-104
Michael Adam [Fri, 6 Dec 2013 00:33:57 +0000 (01:33 +0100)]
ctdb:packaging:RPM: package the new manpages
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Michael Adam [Fri, 6 Dec 2013 00:31:11 +0000 (01:31 +0100)]
ctdb:build: install the new manpages
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Christian Ambach [Fri, 22 Nov 2013 04:19:16 +0000 (05:19 +0100)]
lib/ntdb optimize includes in ntdb tools
use the private header (which will use libreplace or system headers)
instead of direct includes of system includes
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Rusty Russell <rusty@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Sat Dec 7 18:38:21 CET 2013 on sn-devel-104
Christian Ambach [Fri, 22 Nov 2013 04:18:36 +0000 (05:18 +0100)]
lib/ntdb optimize includes in ntdb tests
use the private header (which will use libreplace or system headers)
instead of direct includes of system includes
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Rusty Russell <rusty@samba.org>
Christian Ambach [Fri, 22 Nov 2013 04:17:38 +0000 (05:17 +0100)]
lib/ntdb correct includes in private header
include all necessary headers when libreplace is not around
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Rusty Russell <rusty@samba.org>
Christian Ambach [Fri, 22 Nov 2013 04:15:59 +0000 (05:15 +0100)]
lib/ntdb fix compilation when libreplace is not around
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Rusty Russell <rusty@samba.org>
Christian Ambach [Fri, 22 Nov 2013 04:15:13 +0000 (05:15 +0100)]
lib/socket_wrapper fix compilation when libreplace is not around
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Christian Ambach [Fri, 22 Nov 2013 04:13:17 +0000 (05:13 +0100)]
s3:vfs_btrfs change includes
use the ones from libreplace instead of system ones
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Christian Ambach [Fri, 22 Nov 2013 04:13:56 +0000 (05:13 +0100)]
s3:pam_smbpass change includes
use the ones from libreplace instead of system ones
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Christian Ambach [Wed, 4 Dec 2013 21:50:31 +0000 (22:50 +0100)]
s3:vfs fix a compile warning
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sat Dec 7 14:20:43 CET 2013 on sn-devel-104
Jeremy Allison [Fri, 6 Dec 2013 23:58:02 +0000 (15:58 -0800)]
ldb: bad if test in ldb_comparison_fold()
Found by David Binderman <dcb314@hotmail.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10305
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sat Dec 7 11:10:47 CET 2013 on sn-devel-104
Michael Adam [Wed, 4 Dec 2013 09:27:24 +0000 (10:27 +0100)]
docs: update the manpage of vfs_shadow_copy2
Document the configuration and all the options
available for the shadow_copy2 module.
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 6 22:26:31 CET 2013 on sn-devel-104
Michael Adam [Wed, 4 Dec 2013 14:55:19 +0000 (15:55 +0100)]
s3:modules:shadow_copy2: remove redundant documentation comment block
and refer to the manual page instead
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Michael Adam [Wed, 4 Dec 2013 14:50:26 +0000 (15:50 +0100)]
s3:modules:shadow_copy2: improve headline comment
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Michael Adam [Wed, 4 Dec 2013 12:40:14 +0000 (13:40 +0100)]
s3:module:shadow_copy2: add my (C)
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Michael Adam [Fri, 29 Nov 2013 17:45:35 +0000 (18:45 +0100)]
s4:torture:smb2: add new durable-v2-open.reopen1a test
- open session1 on tcp connection conn1
- open a durable handle on a session1
- do a session reconnect on a new tcp connection conn2
- doing a durable reconnect on session1 gives
USER_SESSION_DELETED
- doing a durable reconnect on session2 succeeds
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Dec 6 15:59:15 CET 2013 on sn-devel-104
Michael Adam [Fri, 29 Nov 2013 17:20:01 +0000 (18:20 +0100)]
s4:torture:smb2: add new durable-open.reopen1a test
- open session1 on tcp connection conn1
- open a durable handle on a session1
- do a session reconnect on a new tcp connection conn2
- doing a durable reconnect on session1 gives
USER_SESSION_DELETED
- doing a durable reconnect on session2 succeeds
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Garming Sam [Wed, 4 Dec 2013 22:53:14 +0000 (11:53 +1300)]
cldap: quieten error when abandon packet is sent
The specification indicates that no response needs to be sent when receiving
an abandon request packet.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 6 07:13:29 CET 2013 on sn-devel-104
Jelmer Vernooij [Sun, 1 Dec 2013 23:20:36 +0000 (23:20 +0000)]
pyntdb: Add tests for Python API.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jelmer Vernooij [Sun, 1 Dec 2013 23:20:35 +0000 (23:20 +0000)]
pyntdb: Don't segfault when passing in None as filename (for memory db)
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jelmer Vernooij [Sun, 1 Dec 2013 23:20:34 +0000 (23:20 +0000)]
pyntdb: Don't allow access after a database is closed.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jelmer Vernooij [Sun, 1 Dec 2013 23:20:33 +0000 (23:20 +0000)]
tdb tests: Remove custom code for "tdb2", which has been split out into ntdb.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Christof Schmitt [Thu, 5 Dec 2013 22:53:47 +0000 (15:53 -0700)]
selftest: Remove samba3.smb2.lock.*.rw-exclusive from flapping file
This test demonstrates a problem with byte range locks and AIO.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 6 05:19:37 CET 2013 on sn-devel-104
Christof Schmitt [Thu, 5 Dec 2013 22:22:13 +0000 (15:22 -0700)]
selftest: Run smb2.lock tests also against AIO share
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Thu, 5 Dec 2013 22:20:06 +0000 (15:20 -0700)]
selftest: Introduce share for testing AIO
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Thu, 5 Dec 2013 23:20:26 +0000 (16:20 -0700)]
s3: Return correct error code from SMB2 AIO read failure
This is similar to commit
27e20d5d60ea8aa526bcb7c2dfc18dd2de0bb97b which
fixed the same case for SMB2 writes: When sending the AIO read fails,
return the real error instead of mapping it to NT_STATUS_FILE_CLOSED.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Thu, 5 Dec 2013 22:57:54 +0000 (15:57 -0700)]
s3-aio: Use correct locking context for SMB2
The synchronous SMB2 reads and writes use open_persistent_id. The AIO
codepathes have to use the same, otherwise a write will conflict with a
lock on the same open file.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 4 Dec 2013 13:02:00 +0000 (14:02 +0100)]
s3-torture: Call cli_flush().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Dec 6 03:07:32 CET 2013 on sn-devel-104
Andreas Schneider [Wed, 4 Dec 2013 13:01:59 +0000 (14:01 +0100)]
krb5_wrap: Move function declaration outside the function.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Wed, 4 Dec 2013 13:01:58 +0000 (14:01 +0100)]
s3-libsmb: Fix a memory leak in get_pdc_ip().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Wed, 4 Dec 2013 13:01:57 +0000 (14:01 +0100)]
s3-torture: Make sure status is used initialized.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
git.samba.org / samba.git / log