Volker Lendecke [Tue, 6 Oct 2015 14:10:43 +0000 (16:10 +0200)]
smbd: Send SMB2 oplock breaks unencrypted
This is not what Windows server does, but it seems that Windows
clients expect. Windows->Windows never runs into this issue, because
an encryption-enabled SMB3 connection will always use leases, and lease
breaks *are* unencrypted...
You can reproduce the issue Windows->Windows by disabling leases on the
Windows server. Disable leases using the registry key:
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 24 05:01:32 CEST 2015 on sn-devel-104
Anoop C S [Tue, 20 Oct 2015 05:53:23 +0000 (11:23 +0530)]
smbd/quotas: Remove invalid quota status switch case
getquota_rslt structure from rquota.h defines the enum
named status whose values start from 1. But in quotas.c
we have an invalid check for status 0. This change is
to remove that particular switch case.
Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 24 01:31:21 CEST 2015 on sn-devel-104
Andrew Bartlett [Fri, 9 Oct 2015 20:30:17 +0000 (09:30 +1300)]
build: Enable NTVFS file server to be omitted
We now only build it by default with --enable-sefltest, or otherwise
if requested.
The NTVFS file server still has features not present in the smbd file
server, such as a CIFS/SMB proxy, and a radically different design,
but it is also not undergoing any ongoing development so this keeps it
in a safe state for care and maintaince, with less of a security risk
if such an issue were to come up.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Tom Schulz <schulz@adi.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 22 14:28:17 CEST 2015 on sn-devel-104
Volker Lendecke [Wed, 21 Oct 2015 13:15:51 +0000 (15:15 +0200)]
messaging: Fix creating the dgm lockfile
There might be situations where the lock directory moves to a
location where a previous installation left the datagram sockets
(Yes, I just came across this). We can't really deal with it except
by just removing the socket without properly checking.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 22 02:14:29 CEST 2015 on sn-devel-104
Non-blockging connect() either returns immediate success, or -1 with
errno EINPROGESS as indication that the connection is pending. All other
errnos indicate immediate failure.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Note: ndr_pull_dcerpc_bind_nak() was generated by pidl and
has been extended by the (_available == 0) check.
That's why we ignore the 80 char per line limit.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 21 20:34:28 CEST 2015 on sn-devel-104
Andrew Bartlett [Tue, 20 Oct 2015 21:37:25 +0000 (10:37 +1300)]
selftest: Fix memset parameters in test for async_connect_send()
This fixes:
../lib/async_req/async_connect_send_test.c: In function ‘main’:
../lib/async_req/async_connect_send_test.c:88:3: error: ‘memset’ used with constant zero length parameter; this could be due to transposed parameters [-Werror=memset-transposed-args]
memset(&addr, sizeof(addr), 0);
^
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11564
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Oct 21 17:31:00 CEST 2015 on sn-devel-104
script/release.sh: make it possible to create stable .x releases (x >= 1)
This version was used to create samba-4.3.1.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 21 14:27:53 CEST 2015 on sn-devel-104
Douglas Bagnall [Tue, 30 Jun 2015 22:45:47 +0000 (10:45 +1200)]
autobuild: add some system information to the autobuild tarball
When running multiple autobuilds on VMs with various parameters, you
can easily get confused about which was which, and the tarball doesn't
help much. This adds an extra file with information about the system.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 21 Oct 2015 01:10:57 +0000 (14:10 +1300)]
dynconfig: Use replace.h and memory.h directly, not via includes.h
includes.h brings in talloc.h, but this was recently removed as a dependency.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Oct 21 11:26:38 CEST 2015 on sn-devel-104
Ralph Boehme [Thu, 15 Oct 2015 08:06:42 +0000 (10:06 +0200)]
net: print file path in serverid wipedbs --verbose
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 21 03:10:28 CEST 2015 on sn-devel-104
Andrew Bartlett [Tue, 17 Mar 2015 03:05:37 +0000 (16:05 +1300)]
provision: Allow more OS levels in sambadns
While we do not support these yet, they make no difference to DNS, so permit up to 2012R2
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 20 23:23:13 CEST 2015 on sn-devel-104
Ralph Boehme [Sun, 18 Oct 2015 20:21:10 +0000 (22:21 +0200)]
async_req: fix non-blocking connect()
According to Stevens UNIX Network Programming and various other sources,
the correct handling for non-blocking connect() is:
- when the initial connect() return -1/EINPROGRESS polling the socket
for *writeability*
- in the poll handler call getsocktopt() with SO_ERROR to get the
finished connect() return value
Simply calling connect() a second time without error checking is
probably wrong and not portable. For a successfull connect() Linux
returns 0, but Solaris will return EISCONN:
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Oct 20 14:54:57 CEST 2015 on sn-devel-104
Ralph Boehme [Wed, 14 Oct 2015 10:40:03 +0000 (12:40 +0200)]
s4:lib/messaging: use correct path for names.tdb
source3 messaging_init() calls server_id_db_init() (where names.tdb is
created) with lock_path. source4 imessaging_init() otoh wrongly used the
special lock_path subdirectory "msg.lock":
Jeremy Allison [Fri, 16 Oct 2015 22:13:47 +0000 (15:13 -0700)]
smbd: Fix file name buflen and padding in notify repsonse
The array is uint16, doubling the file name length consumes twice the space
required.
As we're hand assembling this as a series of concatinated individual data_blobs,
we must take care to ensure the correct 4 byte alignment that was
being masked by the previous doubling of the filename length.
Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Oct 18 01:56:41 CEST 2015 on sn-devel-104
Ralph Boehme [Mon, 24 Aug 2015 15:45:14 +0000 (17:45 +0200)]
vfs_streams_xattr: fix and simplify streams_xattr_get_name()
streams_xattr_get_name() fails to chop off the stream type in case
config->store_stream_type is false and the passed stream name contains a
stream type.
Eg when the passed in stream name is ":mystream:$DATA", but
config->store_stream_type is false, we must generate a xattr name of
"mystream" or "user.mystream".
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 16 23:27:01 CEST 2015 on sn-devel-104
Anoop C S [Fri, 9 Oct 2015 11:32:52 +0000 (11:32 +0000)]
s3.lib: Remove invalid switch case from sysquotas_nfs
getquota_rslt structure from rquota.h defines the enum
named status whose values start from 1. But in
sysquotas_nfs.c we have an invalid check for status 0.
This change is to remove that particular switch case.
Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Mon, 10 Aug 2015 00:40:13 +0000 (12:40 +1200)]
build: Build *_wrapper without -DNDEBUG for in-tree use
These binaires are not installed, so are only used in make test,
and there we need debug output.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Oct 16 16:36:22 CEST 2015 on sn-devel-104
Douglas Bagnall [Thu, 1 Oct 2015 04:24:02 +0000 (17:24 +1300)]
ntlm auth: spelling fixes
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Douglas Bagnall [Wed, 19 Aug 2015 22:00:11 +0000 (10:00 +1200)]
samba-tool --help: possessive pronoun "its" has no apostrophe
"it's" is reserved for the contraction of "it is".
This *is* somewhat illogical, which is how you know its proper
English.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Martin Schwenke [Thu, 8 Oct 2015 09:25:20 +0000 (20:25 +1100)]
ctdb-daemon: Change handling of default capabilities
Centrally define all the default capabilities to make the defaults
crystal clear. Capability-related command-line options now have a
direct correspondence rather than a reverse correspondence.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Michael Adam <obnox@samba.org>
Amitay Isaacs [Fri, 16 Oct 2015 03:45:28 +0000 (14:45 +1100)]
ctdb-recovery: Update vnnmap before database recovery
Once the databases are recovered, all the pending calls are resent.
If the vnnmap is not updated, then the nodes can redirect calls to nodes
that are not part of the new vnnmap.
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Oct 16 09:31:34 CEST 2015 on sn-devel-104
Anubhav Rakshit [Wed, 14 Oct 2015 12:46:06 +0000 (18:16 +0530)]
s4:torture: Add test case for Replay of Persistent Handle on a Single Channel.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 16 02:00:28 CEST 2015 on sn-devel-104
Test was originally added for bug #11320. At the time
I remarked the only way I could get this to reproduce
the issue was to use "+WORKGROUP\userdup" instead of
just "+userdup" (which was the actual problem reported),
but I didn't investigage enough to discover the underlying
problem which is actually bug:
(lookup_names() logic for unqualified (no DOMAIN\
component) names is incorrect). On a standalone
fileserver "WORKGROUP\name" should not resolve,
but "NETBIOS-NAME\name" and just "name" should.
This corrects the test now that lookups for unqualified
names are now being done correctly.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Oct 15 22:58:54 CEST 2015 on sn-devel-104
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 14 05:22:28 CEST 2015 on sn-devel-104
Marc Muehlfeld [Mon, 12 Oct 2015 20:49:10 +0000 (22:49 +0200)]
Fixes for server role parameter in smb.conf manpage
The manpage says that the value for an AD DC is "ACTIVE DIRECTORY
DOMAIN CONTROLLER", not "DOMAIN CONTROLLER", like mentioned in
the example.
Additinally the correct value for BDC is "CLASSIC BACKUP DOMAIN CONTROLLER"
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 13 09:38:01 CEST 2015 on sn-devel-104
Volker Lendecke [Thu, 1 Oct 2015 22:27:22 +0000 (00:27 +0200)]
Rely on /dev/urandom
This removes quite a bit of code. All reasonable systems have /dev/urandom
these days. Linux, Solaris and the BSDs do. In case we find a system
without /dev/urandom, we will have to go hunting in other libraries.
The main reason for this is speed: On Ubuntu 14.04 doing direct reads from
/dev/urandom is 2-3 times faster than our md4 based code. On virtualized
FreeBSD 10 the difference is even larger.
My first approach was to use fopen/fread. It was even faster, but less
than twice as fast. So I thought we could save the additional complexity
when having to deal with throwing away buffers when forking and the
additional memory footprint per process.
With this simple generate_random_buffer it will be easier to adapt new
syscalls to get randomness.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 13 04:25:39 CEST 2015 on sn-devel-104
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 13 01:14:09 CEST 2015 on sn-devel-104
Andrew Bartlett [Fri, 9 Oct 2015 19:45:41 +0000 (08:45 +1300)]
pam_smbpass: REMOVE this PAM module
This pam module causes GPLv3, thread-unsafe Samba code to be directly loaded
into the address space of many system services. The code in question was not
expected to run in this context, and while using the Samba, rather than the system
password file is a admirable goal, this needs to be done over inter-process
communication, such as is done by pam_winbind.
pam_winbind is not a total replacement, as the migrate functionality used
to keep the Samba password up to date with the system password is not
present, but otherwise can provide essentially the same services.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 12 Oct 2015 10:17:56 +0000 (12:17 +0200)]
dynconfig: Fix deps, no talloc required
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Oct 12 17:06:04 CEST 2015 on sn-devel-104
Richard Sharpe [Sun, 11 Oct 2015 00:58:59 +0000 (17:58 -0700)]
A small improvement to the DEBUG message when pass-through authentication
fails with ACCESS_DENIED. Increased it to log level 1 so it will print out
and pointed to Restrict NTLM as the setting so people know what to look for.
Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Sun Oct 11 06:28:05 CEST 2015 on sn-devel-104
Adrian Cochrane [Fri, 4 Sep 2015 00:59:57 +0000 (12:59 +1200)]
talloc: Test that talloc magic differs between processes.
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 9 23:15:06 CEST 2015 on sn-devel-104
Andrew Bartlett [Tue, 24 Feb 2015 00:43:54 +0000 (13:43 +1300)]
lib/talloc: Provide multiple-loading detection for libtalloc via rand()
The use of rand() is strongly discrouanged, but here is it ideal, as we just want to select a different
set of random bytes if we are called again within the same process.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Wed, 16 Oct 2013 21:30:23 +0000 (10:30 +1300)]
lib/talloc: Disrupt buffer overflow attacks on Samba by using random magic
By setting the talloc magic to a random value, we make it much harder to overwrite a talloc_chunk
in a valid way with a simple buffer overflow.
The flags are placed before more senstive variables so they have to be overwritten first.
Inspired by the exploit in: http://blog.csnc.ch/wp-content/uploads/2012/07/sambaexploit_v1.0.pdf
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Tue, 24 Feb 2015 00:26:29 +0000 (13:26 +1300)]
build: Move __attribute__ ((destructor)) and ((constructor)) tests to wafsamba
This allows us to use them in talloc as well.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Richard Sharpe [Thu, 8 Oct 2015 00:19:38 +0000 (17:19 -0700)]
Fix a few small spelling mistakes in DEBUG messages to reduce confusion
for those trying to debug stuff.
Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Thu Oct 8 08:48:06 CEST 2015 on sn-devel-104
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 8 02:56:41 CEST 2015 on sn-devel-104