Andrew Bartlett [Sun, 22 Sep 2013 05:52:01 +0000 (22:52 -0700)]
selftest: Add release-4-1-0rc3 saved provision
This version has the regression where we would, on join, write an
all-zero invocationID in the replPropertyMetaData attribute, on
Deleted Objects in particular.
To demonstrate this regression, this is based on the promoted_dc
environment from make test, with the domain altered to match the
pattern used in these trees.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andrew Bartlett [Sun, 22 Sep 2013 06:36:46 +0000 (23:36 -0700)]
selftest: Only run referenceprovision and ldapcmp for the 4.0.0 test
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andrew Bartlett [Sun, 22 Sep 2013 01:52:21 +0000 (18:52 -0700)]
selftest: Add script to assist in writing out a tree undump.sh can restore
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andrew Bartlett [Sun, 22 Sep 2013 01:03:43 +0000 (18:03 -0700)]
dbcheck: Look for and fix the all-zero invocationID in replPropertyMetaData
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andrew Bartlett [Sat, 21 Sep 2013 21:33:21 +0000 (14:33 -0700)]
dsdb: Refuse to replicate an all-zero invocationID GUID in replPropertyMetaData
This matches Windows 2008R2.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andrew Bartlett [Sat, 21 Sep 2013 21:32:27 +0000 (14:32 -0700)]
smb.conf: Fill out the ntvfs handler smb.conf page from source4/NEWS
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andrew Bartlett [Sat, 21 Sep 2013 21:31:31 +0000 (14:31 -0700)]
Remove NEWS file containing confusing information
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andrew Bartlett [Sat, 21 Sep 2013 21:10:02 +0000 (14:10 -0700)]
Remove confusing TODO file
This makes no sense in the merged tree, and only confuses users.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andrew Bartlett [Sat, 21 Sep 2013 20:55:00 +0000 (13:55 -0700)]
dsdb: Use WERR_DS_ATT_NOT_DEF_IN_SCHEMA for failed schema lookups
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Matthieu Patou [Sat, 7 Sep 2013 06:23:07 +0000 (23:23 -0700)]
Backport
0e97908 from WAF repository: symlink fix for OpenBSD
Author: Thomas Nagy <tnagy1024@gmail.com>
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Kai Blin <kai@samba.org>
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Sat Sep 21 11:14:30 CEST 2013 on sn-devel-104
Michael Adam [Sat, 21 Sep 2013 00:51:34 +0000 (02:51 +0200)]
s4:torture: remove and useless variable and assignment in smb2.session.reauth5
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep 21 08:00:02 CEST 2013 on sn-devel-104
Michael Adam [Fri, 20 Sep 2013 23:49:08 +0000 (01:49 +0200)]
auth: fix space/tab mixup in cli_credentials_get_password()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Daniel Liberman [Thu, 19 Sep 2013 23:28:33 +0000 (20:28 -0300)]
Fix bug 10162 - POSIX ACL mapping failing when setting DENY ACE's from Windows.
Fix for ACL problem - not accepting DENY. Code was checking for pointer and not for content.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sat Sep 21 05:24:07 CEST 2013 on sn-devel-104
Günther Deschner [Wed, 7 Aug 2013 15:43:08 +0000 (17:43 +0200)]
s3-rpc: remove unused source3/librpc/rpc/rpc_common.c
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Sep 20 14:57:06 CEST 2013 on sn-devel-104
Günther Deschner [Wed, 18 Sep 2013 08:59:14 +0000 (10:59 +0200)]
s3-rpc: use dcerpc_default_transport_endpoint function.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 8 Aug 2013 15:33:29 +0000 (17:33 +0200)]
librpc: add dcerpc_default_transport_endpoint() function.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 18 Sep 2013 08:58:16 +0000 (10:58 +0200)]
s3-rpc: use ndr_interface_name() instead of get_pipe_name_from_syntax() in DEBUG.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 8 Aug 2013 15:40:22 +0000 (17:40 +0200)]
s3-rpc: use table->name directly in DEBUG contexts.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 8 Aug 2013 15:34:56 +0000 (17:34 +0200)]
librpc/ndr: make sure ndr_table_list() always calls ndr_init_table() first.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Mon, 12 Aug 2013 15:22:15 +0000 (17:22 +0200)]
librpc/ndr: call ndr_table_list() from all ndr_X functions.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Thu, 19 Sep 2013 18:18:32 +0000 (11:18 -0700)]
libcli: continue to read from the socket even if the size is 0
This is an issue found by Codenomicon, with a malicious packet with 0
bytes UDP payload we will continiously be looping trying to react from
the socket event and continiously do nothing as we will bail out
thinking that we had a memory allocation error.
Original fix comes from Volker Lendecke <vl@samba.org>
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Sep 20 04:46:47 CEST 2013 on sn-devel-104
Andrew Bartlett [Wed, 18 Sep 2013 21:29:26 +0000 (14:29 -0700)]
lib/messaging: Check the server_id type correctly
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 19 23:19:16 CEST 2013 on sn-devel-104
Andrew Bartlett [Tue, 17 Sep 2013 22:31:04 +0000 (15:31 -0700)]
dsdb-repl_meta_data: Make handling of Deleted Objects DN clearer in delete
This code no longer needs to handle not renaming Deleted Objects
during a re-delete, because it is no longer called in that case.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 17 Sep 2013 22:28:32 +0000 (15:28 -0700)]
dsdb-repl_meta_data: Do not re-delete the Deleted Objects DN during replication
We need to ensure we do not re-delete the Deleted Objects DN during replication.
It itself not entirely a deleted object, but has isDeleted set.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 17 Sep 2013 22:20:48 +0000 (15:20 -0700)]
dsdb: Refuse to return an all-zero invocationID
This could cause an all-zero GUID to be entered into the
replPropertyMetaData, which will then fail to be replicated to other
DCs.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 17 Sep 2013 22:31:51 +0000 (15:31 -0700)]
dsdb-repl_meta_data: Check for a NULL invocationID and do not proceed
This can happen if we do not find the invocationID, with later patches.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 18 Sep 2013 21:27:26 +0000 (14:27 -0700)]
python/drs: Ensure to pass in the local invocationID during the domain join
This ensures (and asserts) that we never write an all-zero GUID as an invocationID
to the database in replPropertyMetaData.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 19 Sep 2013 09:05:21 +0000 (11:05 +0200)]
s3-rpc_srv: remove unused schannel calls from srv_pipe.c
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Sep 19 12:59:04 CEST 2013 on sn-devel-104
Günther Deschner [Thu, 19 Sep 2013 09:04:19 +0000 (11:04 +0200)]
s3-rpc_cli: remove unused schannel calls from cli_pipe.c
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 19 Sep 2013 09:03:31 +0000 (11:03 +0200)]
s3-rpc_cli: remove unused schannel calls from dcerpc_helpers.c
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 18 Sep 2013 16:36:19 +0000 (18:36 +0200)]
s3-rpc: use gensec for schannel footer processing.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 18 Sep 2013 16:34:58 +0000 (18:34 +0200)]
s3-rpc_srv: use gensec for schannel bind.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 18 Sep 2013 16:33:14 +0000 (18:33 +0200)]
s3-rpc_cli: use gensec for schannel bind.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 18 Sep 2013 16:23:40 +0000 (18:23 +0200)]
s3-auth: register schannel gensec module in auth_generic_prepare() as well.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 18 Sep 2013 15:44:10 +0000 (17:44 +0200)]
s3-rpc_cli: allow to pass down a netlogon CredentialState struct to gensec.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 18 Sep 2013 15:27:28 +0000 (17:27 +0200)]
s3-auth: also load schannel module from auth_generic_client_prepare().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 18 Sep 2013 15:25:55 +0000 (17:25 +0200)]
gensec: check for NULL gensec_security in gensec_security_by_auth_type().
We have equivalent checks in other gensec_security_by_X calls already.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 18 Sep 2013 15:24:49 +0000 (17:24 +0200)]
gensec: remove duplicate gensec_security_by_authtype() call.
We should use the equivalent gensec_security_by_auth_type() call which is
exposed in the public header.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 18 Sep 2013 15:24:10 +0000 (17:24 +0200)]
gensec: move schannel module to toplevel.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Howard Chu [Wed, 18 Sep 2013 05:14:20 +0000 (22:14 -0700)]
Fix SEGV from improperly formed SUBSTRING/PRESENCE filter
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Simo Sorce <idra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Sep 19 01:42:43 CEST 2013 on sn-devel-104
Howard Chu [Tue, 17 Sep 2013 22:38:42 +0000 (15:38 -0700)]
OpenLDAP provisioning tweaks
Remove BerkeleyDB-specific setup.
Streamline cn=samba partition initialization - allow any backend type for it.
Use back-mdb instead of back-ldif for cn=samba partition
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Wed Sep 18 21:39:51 CEST 2013 on sn-devel-104
Howard Chu [Tue, 17 Sep 2013 21:04:06 +0000 (14:04 -0700)]
Use SASL/EXTERNAL over ldapi://
The provision script will map the uid of the user running the
script to the samba-admin LDAP DN.
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Howard Chu [Tue, 17 Sep 2013 20:09:50 +0000 (13:09 -0700)]
Add SASL/EXTERNAL gensec module
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Howard Chu [Tue, 17 Sep 2013 20:09:07 +0000 (13:09 -0700)]
Prepare for SASL/EXTERNAL support
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Alistair Leslie-Hughes [Wed, 4 Sep 2013 06:50:14 +0000 (16:50 +1000)]
Free memory on error
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 18 19:46:41 CEST 2013 on sn-devel-104
Jeremy Allison [Wed, 18 Sep 2013 01:10:16 +0000 (18:10 -0700)]
s3: libsmb - 10150 - Not all OEM servers support the ALTNAME info level.
Sigh. Some OEM servers return NT_STATUS_NOT_IMPLEMENTED not
NT_STATUS_NOT_SUPPORTED.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Howard Chu [Tue, 17 Sep 2013 15:19:47 +0000 (08:19 -0700)]
Give slapd a second to startup
Moving the sleep to the beginning of the loop avoids most
occurrences of the "connection failed" message
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Wed Sep 18 07:43:09 CEST 2013 on sn-devel-104
Howard Chu [Tue, 17 Sep 2013 02:51:20 +0000 (19:51 -0700)]
Add an OpenLDAP-specific extended_dn_in module
Don't "fix" plain DNs before sending them to OpenLDAP
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Stefan Metzmacher [Wed, 18 Sep 2013 00:24:30 +0000 (02:24 +0200)]
libcli/smb: only check the SMB2 session setup signature if required and valid
This is an update to commit
af290a03cef63c3b08446c1980de064a3b1c8804
that skips the scary debug messages.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Sep 18 04:46:00 CEST 2013 on sn-devel-104
Jeremy Allison [Tue, 17 Sep 2013 18:24:05 +0000 (11:24 -0700)]
s3: libsmb : Bug 10150 - Not all OEM servers support the ALTNAME info level.
Just ignore and print error message and an altname of "" if the
server returns NT_STATUS_NOT_SUPPORTED.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 17 23:40:08 CEST 2013 on sn-devel-104
Jeremy Allison [Tue, 17 Sep 2013 18:00:16 +0000 (11:00 -0700)]
s3: libsmb SMB2 wrapper layer. cli_smb2_get_ea_list_path() failed to close file on exit.
Found at SNIA SDC plugfest.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Günther Deschner [Mon, 12 Aug 2013 15:56:53 +0000 (17:56 +0200)]
s3-rpc_server: fix typo in DEBUG statement.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Sep 17 18:24:26 CEST 2013 on sn-devel-104
Günther Deschner [Tue, 17 Sep 2013 10:47:58 +0000 (12:47 +0200)]
docs: point out side-effects of global "valid users" setting.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Sep 17 16:20:16 CEST 2013 on sn-devel-104
Jeremy Allison [Tue, 17 Sep 2013 02:16:52 +0000 (19:16 -0700)]
s3: libsmb : The short name length is only a one byte field.
The next byte is "undefined" and some vendors set this to 0xff
(discovered in SNIA SDC lab tests).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 17 12:27:18 CEST 2013 on sn-devel-104
Stefan Metzmacher [Tue, 17 Sep 2013 02:12:30 +0000 (04:12 +0200)]
libcli/smb: fix non mendatory signing against some vendor SMB2 servers.
Windows and Samba always sign the final session setup response
even if signing is not mendatory, but it ensures that the signing
key is correctly in place.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 17 09:40:10 CEST 2013 on sn-devel-104
Stefan Metzmacher [Tue, 17 Sep 2013 02:09:03 +0000 (04:09 +0200)]
libcli/smb: use SMB1 MID=0 for the initial Negprot
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10144
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Howard Chu [Tue, 17 Sep 2013 02:02:26 +0000 (19:02 -0700)]
Cleanup map return codes
-1 was never a valid LDB return code, just use OPERATIONS_ERROR
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Tue Sep 17 07:51:45 CEST 2013 on sn-devel-104
Howard Chu [Mon, 16 Sep 2013 21:14:10 +0000 (14:14 -0700)]
Fix OpenLDAP partition configs
Update to use LMDB backend, BDB is deprecated
Update to support DomainDNSZones and ForestDNSZones partitions.
Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 16 Sep 2013 21:22:53 +0000 (14:22 -0700)]
lib/ldb-samba/ldb_ildap: Also skip special base DNs
This is so we do not search for @REPLCHANGED against ldap
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Stefan Metzmacher [Sun, 15 Sep 2013 15:09:35 +0000 (17:09 +0200)]
docs-xml: document SMB3_02 as available protocol for the client side
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 17 05:55:04 CEST 2013 on sn-devel-104
Stefan Metzmacher [Fri, 13 Sep 2013 09:28:03 +0000 (11:28 +0200)]
s3:torture: add PROTOCOL_SMB3_02 handling
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 13 Sep 2013 09:27:39 +0000 (11:27 +0200)]
lib/param: add PROTOCOL_SMB3_02 handling
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 13 Sep 2013 09:27:01 +0000 (11:27 +0200)]
libcli/smb: negotiate SMB3_DIALECT_REVISION_302 if PROTOCOL_SMB3_02 is requested
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 13 Sep 2013 09:26:20 +0000 (11:26 +0200)]
libcli/smb: add PROTOCOL_SMB3_02
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 13 Sep 2013 09:25:42 +0000 (11:25 +0200)]
libcli/smb: add SMB3_DIALECT_REVISION_302
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Mon, 16 Sep 2013 16:39:12 +0000 (09:39 -0700)]
dsdb: Use credentials.get_forced_sasl_mech()
This will allow us to force the use of only DIGEST-MD5, for example,
which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking
to OpenLDAP and Cyrus-SASL.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
Andrew Bartlett [Mon, 16 Sep 2013 16:38:09 +0000 (09:38 -0700)]
auth/credentials: Add cli_credentials_{set,get}_forced_sasl_mech()
This will allow us to force the use of only DIGEST-MD5, for example, which is useful
to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Andrew Bartlett [Mon, 16 Sep 2013 16:35:39 +0000 (09:35 -0700)]
samba-tool domain provision: Make ldap_backend_startup.sh +x and take optional arguments
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
Andrew Bartlett [Mon, 9 Sep 2013 00:15:36 +0000 (12:15 +1200)]
samba-tool domain join: Set server role correctly to "active directory domain controller"
We changed the magic string when we reworked the list of server roles.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 16 23:33:41 CEST 2013 on sn-devel-104
Andrew Bartlett [Sun, 8 Sep 2013 21:57:27 +0000 (09:57 +1200)]
s4-rpc_server/drsuapi: Print ldb error showing why we failed to perform the access check
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 8 Sep 2013 21:56:58 +0000 (09:56 +1200)]
samba-tool domian join: Only print adminpass warning on subdomain creation
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 8 Sep 2013 21:53:37 +0000 (09:53 +1200)]
samba-tool domain join: Add --quite and --verbose
This means we now use logger consistently between doimin join, domain dcpromo
and domain provision.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 6 Sep 2013 03:46:36 +0000 (15:46 +1200)]
dsdb: Use dsdb_next_callback() rather than a no-op per-module callback
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 6 Sep 2013 03:46:05 +0000 (15:46 +1200)]
join.py: Restore support for joining as a subdomain
This set of patches fixes up the errors that were introduced into the partial support
during the past couple of years.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 6 Sep 2013 03:39:50 +0000 (15:39 +1200)]
dsdb: Add DSDB_SEARCH_ONE_ONLY support to dsdb_module_search*()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 6 Sep 2013 03:38:36 +0000 (15:38 +1200)]
join.py: Handle more error cases with useful exceptions
This will help track down strange failures in the future.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 16 Sep 2013 17:23:07 +0000 (10:23 -0700)]
samba-tool domain join subdomain: Set "reveal_internals:0" control so we can see the ncName
The issue here is that we create the ncName remotely with DsAddEntry,
and then replicate it back. However, at this point the naming context
pointed at by the ncName does not exist! The issue is that the
extended_dn_out module then hides the link, because it points to a
missing object. The reveal_internals control forces this link to be
returned, and so we can then find the GUID, to create the domain with
the right GUID.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 6 Sep 2013 03:37:30 +0000 (15:37 +1200)]
ldb: Show the type of failing operation in default error message
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 4 Sep 2013 01:03:37 +0000 (13:03 +1200)]
join.py: Show which database we failed to find the DN on (clarify local v remote)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 3 Sep 2013 05:41:42 +0000 (17:41 +1200)]
join.py: Handle exceptions when looking for GUID in a DN
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Thu, 12 Sep 2013 09:07:17 +0000 (11:07 +0200)]
tdb: Fix some typos in comments.
Thanks to Stewart A. Levin for reporting.
fixes bug #10136 (Documentation typos).
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Sep 12 13:54:41 CEST 2013 on sn-devel-104
Karolin Seeger [Thu, 12 Sep 2013 07:20:03 +0000 (09:20 +0200)]
docs: Fix typos.
This is a follow-up patch for bug #10134 - Samba 4.0 is stricter in checking
acls for "open for execution".
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Sep 12 11:59:56 CEST 2013 on sn-devel-104
Volker Lendecke [Wed, 11 Sep 2013 12:04:58 +0000 (12:04 +0000)]
smbd: Properly protect against invalid lock data
If someone messes with brlock.tdb and inserts an invalid record length,
this will lead to memcpy overwriting a few bytes behind malloc'ed data.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 12 03:26:45 CEST 2013 on sn-devel-104
Jeremy Allison [Tue, 10 Sep 2013 17:46:18 +0000 (10:46 -0700)]
Fix is_legal_name() to not emit character conversion error messages.
Using next_codepoint() does the same check, but without the conversion
message.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
David Disseldorp [Wed, 11 Sep 2013 15:56:02 +0000 (17:56 +0200)]
selftest: change to src dir for panic backtrace
When running selftest against a Samba3 target, the working directory is
set to st/s3dc/share. The existing "panic action" script attempts
obtain a backtrace for a paniced smbd process using GDB, which does not
locate debug info relative to the working directory.
This commit changes the S3 selftest panic action to first enter
the base source directory before attempting to obtain the backtrace,
ensuring that GDB can locate the debug info.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 12 00:19:39 CEST 2013 on sn-devel-104
Andrew Bartlett [Mon, 9 Sep 2013 23:38:10 +0000 (11:38 +1200)]
dsdb: When using an LDAP backend, force use of the password from secrets.ldb
This makes testing from the command line much easier, as ldbsearch -H
sam.ldb will now just work as well as it did with a tdb-based
provision.
This code was removed from it's previous location outside the ldb
module stack in
aabda85a2fc9f6763abd56d61ff819012f2225ad.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Wed Sep 11 21:15:50 CEST 2013 on sn-devel-104
Volker Lendecke [Tue, 10 Sep 2013 19:04:47 +0000 (21:04 +0200)]
smbd: Convert br_lck->lock_data to talloc
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Sep 11 10:15:38 CEST 2013 on sn-devel-104
Volker Lendecke [Tue, 10 Sep 2013 17:42:06 +0000 (19:42 +0200)]
smbd: Move "struct byte_range_lock" definition to brlock.c
Volker Lendecke [Tue, 10 Sep 2013 17:41:32 +0000 (19:41 +0200)]
smbd: Add brl_fsp access function
Volker Lendecke [Tue, 10 Sep 2013 17:40:43 +0000 (19:40 +0200)]
smbd: Add brl_num_locks access function
Volker Lendecke [Tue, 10 Sep 2013 12:04:42 +0000 (12:04 +0000)]
smbd: Use ZERO_STRUCT instead of memset
Volker Lendecke [Tue, 10 Sep 2013 12:01:58 +0000 (12:01 +0000)]
smbd: Fix a typo
Volker Lendecke [Tue, 10 Sep 2013 11:41:39 +0000 (11:41 +0000)]
smbd: Make brl_lock_failed static
Volker Lendecke [Tue, 10 Sep 2013 11:39:52 +0000 (11:39 +0000)]
smbd: Make brl_same_context static
Volker Lendecke [Tue, 10 Sep 2013 11:35:01 +0000 (11:35 +0000)]
smbd: Fix blank line endings
Korobkin [Tue, 10 Sep 2013 23:20:27 +0000 (16:20 -0700)]
Raise the level of a debug.
Bug #10118 - Samba is chatty about being unable to open a printer
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 11 03:10:08 CEST 2013 on sn-devel-104
Michael Adam [Mon, 2 Sep 2013 14:54:15 +0000 (16:54 +0200)]
docs: document "acl allow execute always"
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Sep 11 01:21:00 CEST 2013 on sn-devel-104
Michael Adam [Mon, 2 Sep 2013 15:37:50 +0000 (17:37 +0200)]
s3:smbd: ease file server upgrades from 3.6 and earlier with "acl allow execute aways"
3.6 and earlier allowed open for execution when execute permissions are
not present on a file. This has been fixed in Samba 4.0.
This patch changes smbd to skip the execute bit from the ACL check
in the open code if "acl allow execute always = yes", hence
re-establishing the old behaviour in this case.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Michael Adam [Mon, 2 Sep 2013 15:36:59 +0000 (17:36 +0200)]
loadparm: add new parameter "acl allow execute always"
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Christof Schmitt [Thu, 29 Aug 2013 17:36:00 +0000 (19:36 +0200)]
s3:smb2_find: Return that timestamps do not exist as directories
When a Windows client receives a large directory listing while
querying snapshots, it sends a find request asking for the
timestamp as a directory. A Windows server returns NO_SUCH_FILE,
so make sure Samba returns the same. Otherwise the client will
get confused and display timestamps in the 'previous versions' dialog.
Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 10 22:38:51 CEST 2013 on sn-devel-104
git.samba.org / mat / samba.git / log