s4:tortore:raw/qfileinfo: don't use dcerpc_pipe_open_smb() to open a named pipe
We can directly use smb_raw_open() to open a handle to a named pipe.
This avoids the need for the layer violation functions
dcerpc_smb_tree() and dcerpc_smb_fnum().
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:torture/samba3rpc: let rpc.authcontext be more robust against low level changes (part2)
We now use smbXcli_conn_is_connected() and
dcerpc_binding_handle_is_connected() to verify only the dcerpc layer
got an error. The expected error is EIO mapped to NT_STATUS_IO_DEVICE_ERROR.
NT_STATUS_INVALID_HANDLE should only be visible at the SMB layer,
but we keep this as allowed return value for now, until
the dcerpc layer is fixed.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:torture/samba3rpc: let rpc.authcontext be more robust against low level code changes (part1)
Some code uses the low level smbXcli_session structure instead of
the smbcli_session structure and doesn't 'see' updates to the
smbcli_session structure.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Disseldorp [Mon, 14 Oct 2013 10:01:58 +0000 (12:01 +0200)]
doc: add "spoolss: architecture" parameter usage
Windows spoolss print clients only allow association of server-side
drivers with printers when the driver architecture matches the
advertised print server architecture. Samba's spoolss print server
architecture can be changed using this parameter.
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Oct 16 17:12:34 CEST 2013 on sn-devel-104
Andrew Bartlett [Wed, 16 Oct 2013 01:45:31 +0000 (14:45 +1300)]
lib/param: Add documentation on how loadparm works
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 16 11:39:41 CEST 2013 on sn-devel-104
Andrew Bartlett [Mon, 14 Oct 2013 02:39:10 +0000 (15:39 +1300)]
s3/param: Autogenerate parameters prototypes again after proto.h was frozen
This autogenerates the parameters so that we can keep everything in sync easier,
particularly when adding new parameters. This will also make it easier to move
to a fully autogenerated system in the future, as it reduces special cases.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 14 Oct 2013 02:34:40 +0000 (15:34 +1300)]
lib/param: Do not attempt to access the s3 function for allocated and subbed string parameters
This allows us not to generate array entries for these, which in turn allows
us to avoid initialising them. The issue is that we do not have the
% macro sub context nor a talloc context handy (yet).
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Hans Leidekker [Mon, 14 Oct 2013 18:43:27 +0000 (20:43 +0200)]
Add NetWkstaGetInfo.
Modified to include common.h entry for netapitest_wksta function by Kai
Blin <kai@samba.org>
Signed-off-by: Hans Leidekker <hans@meelstraat.net> Reviewed-by: Kai Blin <kai@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 16 07:00:45 CEST 2013 on sn-devel-104
Only one call to delay_for_oplocks left. Metze showed me the new logic:
BATCH is broken if we have a sharing violation. Exclusive is broken
otherwise. That's it.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Oct 16 02:51:53 CEST 2013 on sn-devel-104
smbd: Remove "file_existed" handling from open_mode_check
No clue what this does. In open_directory, "dir_existed" is not used after
open_mode_check. In open_file_ntcreate it's used, but I can't think of a case
right now where we would find a formerly nonexisting file to exist suddenly.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
smbd: Decouple grant_fsp_oplock_type from oplock validation
This makes grant_fsp_oplock_type independent from the values computed
in validate_oplock_types. It *might* make oplock calculation a bit
slower for heavily shared files, as we are walking the share mode array
twice. But we are doing so much stuff in open that I doubt the difference
is measurable. It clears up the code for me however, and I think that's
worth it.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
This removes two variables in open_file_ntcreate based on the observation
that for exclusive and batch oplocks there can only be one entry. So
in these cases we don't need to keep pointers from find_oplock_types to
delay_for_oplocks. We can just reference the only share mode entry around.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Tue, 15 Oct 2013 10:01:54 +0000 (10:01 +0000)]
smbd: Make find_oplock_types return bool
smb_panic() does not take a printf style argument. This improves debug
output by easily printing the index that we fell over. Also, doing
smb_panic deep down is bad style IMHO.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Michael Adam [Thu, 19 Sep 2013 20:00:19 +0000 (22:00 +0200)]
s4:torture: add smb2.session.reauth6 : test failing reauth
This attempts reauth with invalid creds, hence
triggering the error path in the reauth code.
This invalidates the session and subsequente requests
on that connection fail.
https://bugzilla.samba.org/show_bug.cgi?id=10208
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 15 22:50:27 CEST 2013 on sn-devel-104
Michael Adam [Thu, 19 Sep 2013 21:41:51 +0000 (23:41 +0200)]
smbd:smb2: fix crash when smb2 session reauth fails
https://bugzilla.samba.org/show_bug.cgi?id=10208
Authentication error in smb2 session reauth invalidates
the session. In this case the session must in contrast
to successful session setup requests be torn down and live
no longer than the request.
The talloc move of the session from the global session
table to the request ensures that the session setup
reply can still be correctly signed, but subsequent
requests on the connection don't find a session any more.
Pair-Programmed-With: Jeremy Allison <jra@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Fri, 4 Oct 2013 10:11:38 +0000 (10:11 +0000)]
smbd: Inline break_level2_to_none_async
With the special case for bug 5980 in do_break_to_none we only have
one caller: process_oplock_async_level2_break_message. The further
goal is to merge process_oplock_async_level2_break_message with
process_oplock_break_message.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 15 03:42:53 CEST 2013 on sn-devel-104
With FAKE_LEVEL_II_OPLOCKS around we did not grant LEVEL2 after
a NO_OPLOCK file got written to. Windows does grant LEVEL2 in this
case. With the have_level2_oplocks in brlocks.tdb we can now grant LEVEL2
in this case as well.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
FAKE_LEVEL_II_OPLOCK was an indicator to break level2 oplock holders
on write. This information is now being held in brlock.tdb, which makes
the FAKE_LEVEL_II_OPLOCK type unnecessary.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
This implements an idea by metze: Right now Samba does not grant level2
oplocks where it should: After an initial no-oplock open that has been
written to, we don't have the FAKE_LEVEL2_OPLOCK entry in locking.tdb
around anymore, this downgraded to NO_OPLOCK. Windows in this case will
grant level2 if being asked, we don't. Part of the reason for this
is that we don't have a proper mechanism to communicate the fact that
level2 needs to be broken to other smbds. Metze's insight was that we
have to look into brlock.tdb for every write anyway, so this might be
the right place to store this information.
My first reaction was that this is really hackish, but on further thought
this is not. oplocks depend on brlocks anyway, and we have the proper
mechanisms in place for brlocks.
The format for this change is to add one byte to the end of the brlock.tdb
record with value 1 if we have level2 oplocks around. Thus this patch
effectively reverts 8f41142 which I discovered while writing this
change. We now legally have unaligned records.
We can certainly talk about the format, but I'm not yet convinced we
need an idl for this yet. This is a potentially very hot code path,
and ndr marshalling has a cost.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Fri, 11 Oct 2013 00:39:09 +0000 (13:39 +1300)]
docs: Explain why this option should not be used
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 15 01:51:39 CEST 2013 on sn-devel-104
Andrew Bartlett [Fri, 11 Oct 2013 00:34:13 +0000 (13:34 +1300)]
s3-winbindd: Remove undocumented winbindd:socket dir parameter
This uses the documeted "winbindd socket directory" parameter instead.
This came about due to the merge of the two smb.conf tables in s3 and
s4 for the Samba 4.0 release. The s4 code used a real parameter,
which caused this to be documented, whereas no automatic procedure
existed to notice the parametric option and the need to document that.
The fact that this was not used consistently in both codebases is one
of the many areas of technical debt we still need to pay off here.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
talloc: Add a warning to talloc_reference() documentation.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Kai Blin <kai@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Oct 14 23:05:54 CEST 2013 on sn-devel-104
David Disseldorp [Mon, 14 Oct 2013 11:53:22 +0000 (13:53 +0200)]
param: disable print notify backchannel by default
In handling RemoteFindFirstPrinterChangeNotifyEx requests, the spoolss
server can establish a "backchannel" connection to the print client, as
a mechanism for sending print notifications. This behaviour is governed
by the "print notify backchannel" smb.conf parameter.
This change sets "print notify backchannel" to "no" by default, which
sees Samba respond to RemoteFindFirstPrinterChangeNotifyEx requests with
WERR_SERVER_UNAVAILABLE. In recieving such a response, print clients can
fall back to polling for print queue changes.
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Oct 14 18:49:41 CEST 2013 on sn-devel-104
Nadezhda Ivanova [Mon, 14 Oct 2013 09:38:10 +0000 (12:38 +0300)]
s4-samldb: Do not allow deletion of objects with RID < 1000
According to [MS-SAMR] 3.1.5.7 Delete Pattern we should not allow deletion
of security objects with RID < 1000. This patch will prevent deletion of
well-known accounts and groups.
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Mon Oct 14 13:31:50 CEST 2013 on sn-devel-104
Volker Lendecke [Sun, 13 Oct 2013 10:20:29 +0000 (12:20 +0200)]
libcli4: Remove an unused variable
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Oct 13 17:58:23 CEST 2013 on sn-devel-104
smbd: Remove unused create_options from open_mode_check
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Oct 13 14:35:26 CEST 2013 on sn-devel-104
We need to check for DELETE_PENDING before the first oplock break
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 12 01:56:18 CEST 2013 on sn-devel-104
ntdb: Make sure variables passed by value are initialized.
This fixes a GCC warning.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 11 18:05:19 CEST 2013 on sn-devel-104
Andrew Bartlett [Sun, 8 Sep 2013 23:54:23 +0000 (11:54 +1200)]
samba-tool domain join subdomain: Rework sambadns.py to allow setup of DomainDNSZone only
This skips handling the ForestDNSZone when we are setting up a subdomain.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Oct 11 10:27:49 CEST 2013 on sn-devel-104
Andrew Bartlett [Thu, 26 Sep 2013 17:19:18 +0000 (10:19 -0700)]
provision: Remove --username and --password options from samba-tool domain provision
This avoids confusion, because the LDAP backend does not use these,
and they do not set the password for the administrator account either!
This may break support for the 'existing' backend LDAP backend, but
that is nothing more than a stub for future development anyway, and
new work in this area should use EXTERNAL in any case.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
provision/sambadns: CN=MicrosoftDNS,CN=System, is relative to DOMAINDN
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Oct 10 10:24:55 CEST 2013 on sn-devel-104
libndr: Avoid ommitting display of unset bitmap flags.
In 816e68f94fe500b9d68fd29021d432b84d3139b7 the display of unset bits has been
effectively disabled while only the check for 0 bits was supposed to be avoided
(because it creates the infite loop).
Guenther
Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Oct 9 19:56:39 CEST 2013 on sn-devel-104
Matthieu Patou [Tue, 8 Oct 2013 19:23:21 +0000 (12:23 -0700)]
pidl-wireshark: fix the trailling white space in the generated headers
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 9 10:31:25 CEST 2013 on sn-devel-104
Jeremy Allison [Tue, 8 Oct 2013 22:01:38 +0000 (15:01 -0700)]
Fix bug #10187 - Missing talloc_free can leak stackframe in error path.
Fix error path.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Oct 9 03:50:56 CEST 2013 on sn-devel-104
Volker Lendecke [Mon, 7 Oct 2013 20:13:28 +0000 (20:13 +0000)]
smbd: Fix an error path in open_directory
In open_file_ntcreate we do the del_share_mode on error. We should do
it here as well.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 9 01:58:55 CEST 2013 on sn-devel-104
lib/util: remove unused (and not even compiled) lib/util/capability.c.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct 8 17:32:59 CEST 2013 on sn-devel-104
With the rewritten brl_get_lock_readonly we only set the destructor for
r/w lock records anyway.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Oct 6 22:20:05 CEST 2013 on sn-devel-104
This is step 1 to get rid of brl_get_locks_internal with its complex readonly
business. It also optimizes 2 things: First, it uses dbwrap_parse_record to
avoid a talloc and memcpy, and second it uses talloc_pooled_object.
And -- hopefully it is easier to understand the caching logic with
fsp->brlock_rec and the clustering escape.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
smbd: Avoid an if-statement per read/write in the non-clustered case
Without clustering, fsp->brlock_rec will never be set anyway. In the
clustering case we can't use the seqnum trick, so this is slow enough
that the additional if-statement does not matter in this case anyway. In
the non-clustered case it might. Have not measured it, but every little
bit helps I guess.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Oct 6 15:49:43 CEST 2013 on sn-devel-104
torture: Continue buffer check after NOT_IMPLEMENTED infolevels
Patch from the SDC plugfest. Not every implementation supports every
infolevel, and we want to be able to test buffersize error behaviour
for all supported infolevels
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 4 Oct 2013 10:39:57 +0000 (12:39 +0200)]
smbd:smb2: clarify and comment code treating dh2c blob check.
This makes the code that checks for extra create blobs in the
case of the dh2c blob look very similar to the corresponding
(slightly mode complex) code for the dhnc blob.
With this preparation it will be easier and more obvious how
to add proper treatment of the lease request blobs when leases
get implemented.
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Oct 5 15:56:11 CEST 2013 on sn-devel-104