Matthieu Patou [Sun, 12 Dec 2010 09:04:51 +0000 (12:04 +0300)]
replace: add comments to make the #ifdef/#else/endif more readable
(cherry picked from commit
993b4aa07e35b612a4f9b6eddecae704b8e01aaa)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthias Dieter Wallnöfer [Wed, 15 Dec 2010 16:02:49 +0000 (17:02 +0100)]
lib/util/asn1.c - remove the "const" specifier from OID
There is no reason to have it "const" since it's an allocated thing.
(cherry picked from commit
3b591caed00790c5d21b8774c7af87357c329d1c)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthias Dieter Wallnöfer [Mon, 6 Dec 2010 10:27:05 +0000 (11:27 +0100)]
lib/util/fault.c - fix "pid_t" printf warning on Solaris
According to "http://www.ibm.com/developerworks/linux/library/l-solar/"
it's generally a 32bit "int" - therefore this cast should fit.
(cherry picked from commit
619a49c4219282bf8776183e76c1b4f0629a6d4c)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Sun, 19 Dec 2010 13:22:28 +0000 (14:22 +0100)]
lib: Protect against tevent nterror mismatches
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Dec 20 00:12:02 CET 2010 on sn-devel-104
(cherry picked from commit
49dc973586b4b9b72ffcac3bbb5dc7fda0d1ad4e)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 17 Dec 2010 11:47:13 +0000 (12:47 +0100)]
libcli/security: remove unused variable.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Dec 17 13:56:27 CET 2010 on sn-devel-104
(cherry picked from commit
10eaad29777589e8bd797e3f0bad3a3a9fbf8577)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 15 Dec 2010 04:47:01 +0000 (15:47 +1100)]
libcli/security Add sid_blob_parse() to directly parse a binary SID blob
(cherry picked from commit
4a4d8e4b0fae1288cbdf6c8a95a2863c84676106)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthias Dieter Wallnöfer [Mon, 6 Dec 2010 10:06:27 +0000 (11:06 +0100)]
s4:fix some shadowed declaration warnings on Solaris by renaming the symbols
(cherry picked from commit
93d85ca5fd57d87e720ab627865f0e5af25e07b5)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 17 Dec 2010 12:06:13 +0000 (13:06 +0100)]
s3:libsmb/namequery.c: don't leak 'pserver'
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Dec 22 09:54:31 CET 2010 on sn-devel-104
Jeremy Allison [Wed, 22 Dec 2010 02:11:57 +0000 (18:11 -0800)]
Fix a warning message.
Jeremy Allison [Wed, 22 Dec 2010 02:07:52 +0000 (18:07 -0800)]
My algorithm for determining whan an incoming sequence number can be allowed is incorrect.
(I based it on the text in MS-SMB2, silly me :-). Fix it so incoming sequence numbers
can range over the entire allowable bitmap range. This fixes a repeatable
disconnect against Win7.
Jeremy.
(cherry picked from commit
e8f7c60ec25fd6ab40357ad44baf98918346a22a)
Jeremy Allison [Tue, 21 Dec 2010 01:58:33 +0000 (17:58 -0800)]
Keep track of the sparse status of an open file handle. Allows bypass of
strict allocation on sparse files. Files opened as POSIX opens are always
sparse.
(cherry picked from commit
3db2614ccd1948792cc403f0302c7516319461b2)
Jeremy Allison [Tue, 21 Dec 2010 00:53:16 +0000 (16:53 -0800)]
Added call out to a Linux-compatible fallocate() when we need to extend a file
allocation extent without changing end-of-file size.
(cherry picked from commit
00d2d16262909fde2c144a504d7d554767b7fd45)
Ken Harris [Mon, 20 Dec 2010 18:44:48 +0000 (10:44 -0800)]
CREATE in a compound CREATE/NOTIFY sequence was being passed through set_operation_credits()
twice (ultimately perhaps because of bug 7331 involving this compound sequence and the need
to be ready for any incoming CANCEL of the NOTIFY). This had the server thinking it had
granted more credit than it actually had, which lead to zero-credits being granted in interim
NOTIFY responses.
(cherry picked from commit
0a9b65262c76fdad8331fbc580dbe578a403407b)
Jeremy Allison [Mon, 20 Dec 2010 18:23:27 +0000 (10:23 -0800)]
From metze's work on sparse attributes. FILE_ATTRIBUTE_SPARSE is valid on get but not on set.
(cherry picked from commit
e9f9e803f03be20e5f573484be7b5e7351472786)
David Disseldorp [Mon, 20 Dec 2010 15:08:02 +0000 (16:08 +0100)]
s3-printing: fix printer_list_traverse()
The tdb traverse function returns the number of elements traversed, or
less than zero on error, printer_list_traverse() is incorrectly checking
for non-zero return.
Autobuild-User: Andreas Schneider <asn@samba.org>
Autobuild-Date: Mon Dec 20 18:44:41 CET 2010 on sn-devel-104
(cherry picked from commit
139e2cbb13ca230b65ad4b1f5ff91a795d8cca02)
Volker Lendecke [Sat, 18 Dec 2010 15:02:09 +0000 (16:02 +0100)]
s3: Fix bug 7066 -- wbcAuthenticateEx gives unix times
We might eventually want to change this, but right now we get unix times
out of the winbind pipe struct
Volker Lendecke [Sat, 4 Dec 2010 17:47:56 +0000 (18:47 +0100)]
s3: Document wbinfo -P/--ping-dc
Volker Lendecke [Sat, 4 Dec 2010 17:43:27 +0000 (18:43 +0100)]
s3: Add -P as an alias for --ping-dc
This is a much less intrusive version of the DC connectivity check
than wbinfo -t is. Make it simple to use.
Volker Lendecke [Fri, 3 Dec 2010 08:34:02 +0000 (01:34 -0700)]
s3: Fix serverid_exists
In the cluster case it can happen that a node just died and we did not yet have
the time to clean up serverid.tdb. If the corresponding serverid.tdb record
that represented a process was migrated away from the dead record, it
represents existence of a process where it is already dead.
Jeremy Allison [Sat, 18 Dec 2010 07:08:01 +0000 (23:08 -0800)]
Rename vfs operation posix_fallocate to just fallocate and add the vfs_fallocate_mode parameter.
It turns out we need the fallocate operations to be able to both
allocate and extend filesize, and to allocate and not extend
filesize, and posix_fallocate can only do the former. So by defining
the vfs op as posix_fallocate we lose the opportunity to use any
underlying syscalls (like Linux fallocate) that can do the latter
as well.
We don't currently use the non-extending filesize call, but now
I've changed the vfs op definition we can in the future. For the
moment simply map the fallocate op onto posix_fallocate for the
VFS_FALLOCATE_EXTEND_SIZE case and return ENOSYS for the
VFS_FALLOCATE_KEEP_SIZE case.
Jeremy.
Jeremy Allison [Fri, 17 Dec 2010 00:50:31 +0000 (16:50 -0800)]
Move checks inside file_set_sparse() to allow it to be called from anywhere.
Jeremy Allison [Fri, 17 Dec 2010 00:42:33 +0000 (16:42 -0800)]
file_set_sparse needs to be a handle based call.
Björn Jacke [Thu, 18 Nov 2010 16:24:00 +0000 (17:24 +0100)]
s3:smbd: implement FSCTL_SET_SPARSE more correctly
this is a port of a patch from metze for 3.3:
We don't do the "strict allocation" when the sparse bit isn't
set, but that shouldn't matter.
We now allow windows applications to set and unset the sparse
bit.
Note that in order to implement this 100% like described
in [MS-FSA], we'd have to change our data model and support
the sparse flag per stream.
Jeremy Allison [Fri, 17 Dec 2010 18:22:58 +0000 (10:22 -0800)]
Update our attribute flags.
Björn Jacke [Tue, 14 Dec 2010 09:03:07 +0000 (10:03 +0100)]
s3:smbd: add file_set_sparse() function
this is based on a patch for 3.3 from metze
Björn Jacke [Thu, 18 Nov 2010 16:22:31 +0000 (17:22 +0100)]
s3/vfs_gpfs: map SPARSE attribute to/from WINATTRs, too
Björn Jacke [Thu, 18 Nov 2010 16:03:01 +0000 (17:03 +0100)]
s3: remove set_sparse_flag
we need to determine sparseness from the sparse flag we store not from the
allocation size on the POSIX filesystem. This is how Windows works - in the
first place sparseness is a file flag, not the allocation state of the file
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Thu, 18 Nov 2010 15:04:03 +0000 (16:04 +0100)]
s3: add FILE_ATTRIBUTE_SPARSE to get_stat_dos_flags
Karolin Seeger [Fri, 17 Dec 2010 19:39:57 +0000 (20:39 +0100)]
WHATSNEW: Add information on changed security defaults.
Thanks to Andrew Bartlett for providing this text!
Stefan Metzmacher [Thu, 16 Dec 2010 11:07:24 +0000 (12:07 +0100)]
s3:net ads dns register: use "cluster addresses" option if configured (bug #7871)
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Dec 17 16:49:14 CET 2010 on sn-devel-104
(cherry picked from commit
1dc2fa7616207a2d3a9f1cbe69b2ec1fc61634fd)
Michael Adam [Thu, 16 Dec 2010 00:49:14 +0000 (01:49 +0100)]
s3:net ads dns register: add support for specifying addresse on the commandline (bug #7871)
In the clustering case, this is also made the only possiblity to do dns updates,
since the list addresses on the local interfaces is not suitable in that case.
This fixes the "net ads dns register" part of bug #7871.
It might be extended by a parsing of the "cluster addresses" setting.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
5e83a05009787d8a2086db1adc1ed58d61b3725d)
Michael Adam [Wed, 15 Dec 2010 23:52:41 +0000 (00:52 +0100)]
s3:net: add net_update_dns_ext() that accepts a list of addresses as parameter (bug# 7871)
This generalized form of net_update_dns() will be used to
add support for specifying a list of addresses on the commandline
of "net ads dns register".
This prepares the "net ads dns register" part of the fix for bug #7871.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
4d91f98b433e07922373bf4e3ba9668b7af71a00)
Michael Adam [Wed, 1 Dec 2010 23:42:21 +0000 (00:42 +0100)]
s3:net: disable dynamic dns updates at the end of "net ads join" in a cluster (bug #7871)
In a clustered environment, registering the set of ip addresses that are
assigned to the interfaces of the node that performs the join does usually
not have the desired effect, since the local interfaces do not carry
complete set of the cluster's public IP addresses. And it can also contain
internal addresses that should not be visible to the outside at all.
In order to do dns updates in a clustererd setup, use net ads dns register.
This fixes the net ads join part of bug #7871.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
b8f19df53e66bf0260b4ae6c49acea87ac379deb)
Michael Adam [Wed, 15 Dec 2010 23:24:00 +0000 (00:24 +0100)]
util_net: fix a comment typo in interpret_string_addr_internal()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
b3d4b2052534395c97cd959db5db87f78d108d4e)
Günther Deschner [Wed, 15 Dec 2010 14:39:47 +0000 (15:39 +0100)]
s4-waf: nsstest only needs replace.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Dec 16 11:40:52 CET 2010 on sn-devel-104
(cherry picked from commit
ba21b6e3d439d7c1890900b1b0b88c42548f63f0)
Günther Deschner [Wed, 15 Dec 2010 09:21:16 +0000 (10:21 +0100)]
s3-waf: use shared libwbclient wscript_build.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Dec 15 11:42:16 CET 2010 on sn-devel-104
(cherry picked from commit
af99f0a06714e56149bf2c6f801d28ae808cc34a)
Günther Deschner [Wed, 15 Dec 2010 09:11:34 +0000 (10:11 +0100)]
s3-waf: fix winbind-client subsystem.
Guenther
(cherry picked from commit
550046a4d93cd700a18063f13f5a61ef6427e7cd)
Günther Deschner [Wed, 15 Dec 2010 09:04:34 +0000 (10:04 +0100)]
s3-waf: add libkrb5 winbind locator plugin.
Guenther
(cherry picked from commit
7ecec74a002b2decde1be01b8389de1b9d227acd)
Günther Deschner [Tue, 14 Dec 2010 23:33:21 +0000 (00:33 +0100)]
s3-waf: rework rpc_server handling a bit.
Guenther
(cherry picked from commit
5130e4a6226115817cb18be265c47f5290d1aedc)
Günther Deschner [Thu, 16 Dec 2010 15:01:51 +0000 (16:01 +0100)]
s4-smbtorture: skip level 8 checks in test_GetDriverInfo_winreg for w2k3.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Dec 17 12:20:38 CET 2010 on sn-devel-104
(cherry picked from commit
4f4ac6462a191418ff358d28ac298352861107d4)
Günther Deschner [Thu, 16 Dec 2010 10:58:36 +0000 (11:58 +0100)]
s4-smbtorture: skipping level 8 driveradds against w2k3.
Guenther
(cherry picked from commit
5083be506eaa58c59d867f04a941c0e5707ca44c)
Günther Deschner [Wed, 15 Dec 2010 16:44:23 +0000 (17:44 +0100)]
s4-smbtorture: add torture_assert_strn_equal macro.
Guenther
(cherry picked from commit
28d618ddf015f502ef0fa8a5f8472123c7cd9102)
Günther Deschner [Thu, 16 Dec 2010 11:40:47 +0000 (12:40 +0100)]
s3-net: fix net sid type build warning.
Guenther
(cherry picked from commit
f08fdfae27ee0da5750c3f843ad829e1fa8f57b1)
Björn Jacke [Fri, 17 Dec 2010 00:00:49 +0000 (01:00 +0100)]
s3/net: tz argument should be NULL of course
Jeremy Allison [Thu, 16 Dec 2010 21:24:13 +0000 (13:24 -0800)]
Do more vfs_stat_fsp calls instead of FSTAT - ensures fsp->fsp_name->st is kept up to date.
Günther Deschner [Mon, 4 Oct 2010 13:03:08 +0000 (15:03 +0200)]
spoolss: fill in PerMachineConnections add and delete IDL.
Guenther
(cherry picked from commit
1b293c90be3905911d401b2d5bb6dd5da979c809)
Jeremy Allison [Thu, 16 Dec 2010 00:49:04 +0000 (16:49 -0800)]
Fix old bug in openX code, exposed when "strict allocate" is set to true.
We need to return the file size here, not the allocation size, but
we were not updating the stat struct after the vfs_set_filesize()
call. Ensure we always use fresh data in openX replies.
Jeremy.
(cherry picked from commit
8764576e1068455fd2f5035ac1ea31962e471361)
Jeremy Allison [Wed, 15 Dec 2010 21:32:09 +0000 (13:32 -0800)]
Change strict allocate to default to true.
(cherry picked from commit
820ea22a07b062b1717d35de8fa7051fc1067c3f)
Björn Jacke [Tue, 14 Dec 2010 12:28:49 +0000 (13:28 +0100)]
s3/net: don't use external "date" to make "net time set" more portable
the "date" syntax is different for example on *BSD
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Tue Dec 14 15:31:03 CET 2010 on sn-devel-104
(cherry picked from commit
4fd57cbe1ba35d3b3deb01b2eb6aba1d0aa4ddfd)
Jeremy Allison [Wed, 15 Dec 2010 18:57:23 +0000 (10:57 -0800)]
Fix bug 7866 - "net" in v3-6-test broken.
Someone wasn't careful about testing when not running as root :-).
(cherry picked from commit
921104e7a462c9552fcd04372d852325b457c827)
Jeremy Allison [Wed, 15 Dec 2010 01:17:16 +0000 (17:17 -0800)]
Protect the onefs sendfile from EAGAIN/EWOULDBLOCK.
Jeremy Allison [Tue, 14 Dec 2010 21:36:08 +0000 (13:36 -0800)]
Implement "use sendfile = yes" for SMB2. (cherry picked from commit
95cb7adcd03a1abbd0af395b6c96dd8e0eebd3d1)
Jeremy Allison [Tue, 14 Dec 2010 23:30:06 +0000 (15:30 -0800)]
Fix read/write calls over sockets to cope with EAGAIN/EWOULDBLOCK for non-blocking sockets.
Jeremy Allison [Wed, 15 Dec 2010 00:32:10 +0000 (16:32 -0800)]
Change interface of schedule_smb2_aio_read() to allocate the return DATA_BLOB. Change smb2_read code to allocate return DATA_BLOB just before the read.
Preparing for SMB2 sendfile change which will not need to allocate
return buffer.
Jeremy
Günther Deschner [Tue, 14 Dec 2010 21:54:01 +0000 (22:54 +0100)]
s3-waf: libwbclient does not depend on talloc anymore.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Dec 15 00:50:08 CET 2010 on sn-devel-104
(cherry picked from commit
4bcedda7d8c446bb3864312881aa63b892b55b7e)
Günther Deschner [Tue, 14 Dec 2010 21:18:43 +0000 (22:18 +0100)]
s3-waf: add missing libnss_wins.so.2 library.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Tue Dec 14 23:29:25 CET 2010 on sn-devel-104
(cherry picked from commit
4f4f7694c1a8d973b808f7a6b68fbc04147fcfab)
Günther Deschner [Tue, 14 Dec 2010 21:09:44 +0000 (22:09 +0100)]
s3-waf: recurse into ../libcli/ldap.
Guenther
(cherry picked from commit
9e6736cafd5ea86294b780f32511a1317df94b3f)
Günther Deschner [Tue, 14 Dec 2010 16:47:46 +0000 (17:47 +0100)]
s3-waf: recurse into ../libcli/smb.
Guenther
(cherry picked from commit
3e6d507246705be877eda61c38868ef29bef6265)
Günther Deschner [Tue, 14 Dec 2010 16:45:33 +0000 (17:45 +0100)]
s3-waf: recurse into ../libcli/samsync.
Guenther
(cherry picked from commit
f2bd9e52b80a1059f4eb22d9aa85097afe939e16)
Günther Deschner [Tue, 14 Dec 2010 16:36:06 +0000 (17:36 +0100)]
s3-waf: recurse into ../libcli/named_pipe_auth.
Guenther
(cherry picked from commit
baabd56ce94143d6ebf92c8818f53e364152fe19)
Günther Deschner [Tue, 14 Dec 2010 16:33:49 +0000 (17:33 +0100)]
s3-waf: recurse into ../libcli/drsuapi.
Guenther
(cherry picked from commit
217ca2a2c9e9914ba02a8cc5477c2b8ea5e5372e)
Günther Deschner [Tue, 14 Dec 2010 16:14:58 +0000 (17:14 +0100)]
s3-waf: add pam_ and nss_winbind.
Guenther
(cherry picked from commit
d860281cd9248b699875a1c4791c7e0cb841da6a)
Günther Deschner [Tue, 14 Dec 2010 16:14:30 +0000 (17:14 +0100)]
s3-waf: check for "WITH_PAM_MODULES" to determine pam_smbpass build.
Guenther
(cherry picked from commit
a13b99323712a3bdd362de06179d0c23dbda0d79)
Günther Deschner [Tue, 14 Dec 2010 16:13:46 +0000 (17:13 +0100)]
s3-waf: fix pamsmbpass libwbclient dependency.
Guenther
(cherry picked from commit
1202e6328bb6009f8fb490c44d13a6930cdd3646)
Günther Deschner [Tue, 14 Dec 2010 13:03:22 +0000 (14:03 +0100)]
s3-waf: recurse into ../libcli/auth.
Guenther
(cherry picked from commit
906e489af921a6e66d36aad1778d0cd486ce8287)
Günther Deschner [Tue, 14 Dec 2010 15:47:35 +0000 (16:47 +0100)]
s3-waf: add CHARSET subsystem.
Guenther
(cherry picked from commit
4c459a926f5e5aade9068497276953bbe3d49a97)
Günther Deschner [Tue, 14 Dec 2010 12:50:30 +0000 (13:50 +0100)]
s3-waf: convert UTIL_SRC into a subsystem samba-util, similar to the s4 one.
Guenther
(cherry picked from commit
943f485ef187d66fdc98dcc30b91968b30c3dc5a)
Günther Deschner [Tue, 14 Dec 2010 12:27:24 +0000 (13:27 +0100)]
s3-waf: convert lib/util_tdb.c into a subsystem.
Guenther
(cherry picked from commit
192838aafdf2e696c33e7443b9e74893309158b2)
Günther Deschner [Tue, 14 Dec 2010 12:14:00 +0000 (13:14 +0100)]
s3-waf: use shared LIBASYNC_REQ subsystem.
Guenther
(cherry picked from commit
2407e33c7667fbaabff84edf81c13526a06ebac5)
Günther Deschner [Mon, 13 Dec 2010 14:46:05 +0000 (15:46 +0100)]
s4-smbtorture: paranoia check for architectures in request and reply for enumdrivers test.
Guenther
(cherry picked from commit
0990f6342ed3f765c482ddf0baddeac850422352)
Günther Deschner [Mon, 13 Dec 2010 11:56:38 +0000 (12:56 +0100)]
s3-waf: try to fix the build with snow leopard.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Dec 13 15:03:08 CET 2010 on sn-devel-104
(cherry picked from commit
a5cfdde558314ea8bd8b9421d0fffd9acbfb7de9)
Andrew Bartlett [Mon, 13 Dec 2010 01:40:25 +0000 (12:40 +1100)]
s3-libsmb Improve error message when denying LM encryption
Now that 'client ntlmv2 auth = yes' is the default, make it more clear
what options a user may need to enable to get this to work.
Andrew Bartlett
(cherry picked from commit
d97492e42a65540febae93dd0255b91d034f9def)
Andrew Bartlett [Fri, 10 Dec 2010 04:32:08 +0000 (15:32 +1100)]
s3-dns Don't use DELEG_FLAG in DNS update, Windows 2008R2 does not like it
(cherry picked from commit
280caa6b3bb1199939f9349ea5a436a491c81791)
Andrew Bartlett [Fri, 10 Dec 2010 04:30:22 +0000 (15:30 +1100)]
s3-dns Don't use SEQUENCE_FLAG in DNS update, Windows 2008R2 does not like it
Andrew Bartlett
(cherry picked from commit
0f1cc889a26477e9a98629f120fe5890b2e106fa)
Andrew Bartlett [Fri, 10 Dec 2010 04:08:53 +0000 (15:08 +1100)]
s3-net Allow 'net ads dns register' to take an optional hostname argument
This allows the administrator to more carefully chose what name to register.
Andrew Bartlett
(cherry picked from commit
c2a1ad9047508cf2745a9019e6783c8b8f7ef475)
Andrew Bartlett [Fri, 10 Dec 2010 01:12:23 +0000 (12:12 +1100)]
s3-winbind Improve memory handling in NTLMv2-backend plaintext authentication
Andrew Bartlett
(cherry picked from commit
6195dfc0eb310a2362cb949a000979514a52c648)
Andrew Bartlett [Fri, 10 Dec 2010 01:10:07 +0000 (12:10 +1100)]
s3-winbind Don't send the LM password to the server, ever
This is for the case where we have the plaintext password locally, and
can construct the challenge-response values here.
We should never ever use the LM password in domain authentication.
The last domain controller to only have LM passwords stored was NT
3.5.
Andrew Bartlett
(cherry picked from commit
5cfe949108f253a8e20c835cb53fe6f5eae7fbb5)
Andrew Bartlett [Thu, 9 Dec 2010 20:57:59 +0000 (07:57 +1100)]
s3-libsmb Don't ever ask for machine$ principals as a target.
It is never correct to ask for a machine$ principal as the target of a
kerberos connection. You should always connect via the
servicePrincipalName.
This current code appears to have built up from a series of minimal
changes, as the codebase adapted the to lack of a SPNEGO principal
from Windows 2008.
Andrew Bartlett
(cherry picked from commit
f13404e27b00f826a11684e69cff82ae0023fc91)
Andrew Bartlett [Thu, 9 Dec 2010 06:37:14 +0000 (17:37 +1100)]
s3-docs Add docs for 'client use spnego principal' and 'send spengo principal'
Andrew Bartlett
(cherry picked from commit
45d784e929b37edddea4c472d288a46b37aa7415)
Andrew Bartlett [Thu, 9 Dec 2010 05:47:08 +0000 (16:47 +1100)]
s3-docs Explain change to NTLMv2 by default in the client
(cherry picked from commit
d69b4f13f7edda8d8457315936051cc9d3fb103f)
Andrew Bartlett [Sat, 4 Dec 2010 03:57:46 +0000 (14:57 +1100)]
s3-client Use NTLMv2 by default in the Samba client
This matches the improved security measures of Windows Vista.
Andrew Bartlett
(cherry picked from commit
635fbf2b5498df5698e240728add95f8ff8cda0f)
Andrew Bartlett [Sat, 4 Dec 2010 03:11:57 +0000 (14:11 +1100)]
s3-smbd Don't send SPNEGO principal (rfc4178 hint) by default
This patch, based on the suggestion by Goldberg, Neil R. <ngoldber@mitre.org>
turns off the sending of the principal in the negprot by default, matching
Windows 2008 behaviour.
This slowly works us back from this hack, which from an RFC
perspective was never the right thing to do in the first place, but we
traditionally follow windows behaviour. It also discourages client
implmentations from relying on it, as if they do they are more open to
man-in-the-middle attacks.
Andrew Bartlett
(cherry picked from commit
b3c2df5e0d0ba1c17c3248bf9d238de3c54613ef)
Andrew Bartlett [Sat, 4 Dec 2010 02:48:37 +0000 (13:48 +1100)]
s3-libads Default to NOT using the server-supplied principal from SPNEGO
This principal is not supplied by later versions of windows, and using
it opens up some oportunities for man in the middle attacks. (Becuase
it isn't the name being contacted that is verified with the KDC).
This adds the option 'client use spnego principal' to the smb.conf (as
used in Samba4) to control this behaivour. As in Samba4, this
defaults to false.
Against 2008 servers, this will not change behaviour. Against earlier
servers, it may cause a downgrade to NTLMSSP more often, in
environments where server names are not registered with the KDC as
servicePrincipalName values.
Andrew Bartlett
(cherry picked from commit
bb7806283e71f3b8029aae0eed326b5847a36d83)
Andrew Bartlett [Thu, 9 Dec 2010 06:51:36 +0000 (17:51 +1100)]
s4-spnego Match Windows 2008, and no longer supply a name in the CIFS Negprot
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 9 08:50:28 CET 2010 on sn-devel-104
(cherry picked from commit
154b431093db68b30c429316eb660f776958a56f)
Andrew Bartlett [Sat, 4 Dec 2010 06:02:49 +0000 (17:02 +1100)]
s4-tests Workaround new default of 'client ntlmv2 auth = yes' in tests
The new default breaks some tests that were assuming LM or NTLM auth
Andrew Bartlett
(cherry picked from commit
22d67758efd20e62d6050fd10c8b922db75747c9)
Andrew Bartlett [Sat, 4 Dec 2010 03:59:29 +0000 (14:59 +1100)]
s4-client Use NTLMv2 by default in the Samba4 client.
(cherry picked from commit
54ee213fa5da6b138ab367b537c5e084edf35ff2)
Andrew Bartlett [Wed, 8 Dec 2010 07:52:33 +0000 (18:52 +1100)]
s4-spnego use "not_defined_in_RFC4178@please_ignore" if no principal specified
We need to make this the default, but for now just send it if we have
not been given a target principal.
Andrew Bartlett
(cherry picked from commit
94f4929e04ce4357e3c74b6a14a4b8fccde30fda)
Andrew Bartlett [Sat, 4 Dec 2010 04:23:44 +0000 (15:23 +1100)]
libcli/auth bring ADS_IGNORE_PRINCIPAL in common
(cherry picked from commit
a21cb5a0a11c63f7746a483dca845c12dcfdf1b2)
Jeremy Allison [Tue, 14 Dec 2010 03:17:57 +0000 (19:17 -0800)]
Ensure we use vfs_fsp_stat(), not VFS_STAT directly, and store into fsp->fsp_name->st
instead of a SMB_STRUCT_STAT on the stack.
Jeremy.
(cherry picked from commit
68f8f220dcd20f4f04bc95916ae04da81a2cdda1)
Jeremy Allison [Tue, 14 Dec 2010 01:08:08 +0000 (17:08 -0800)]
Merge branch 'v3-6-test' of ssh://git.samba.org/data/git/samba into v3-6-test
Jeremy Allison [Mon, 13 Dec 2010 23:22:47 +0000 (15:22 -0800)]
Change crediting so that the credits are returned on the interim async response.
(cherry picked from commit
58ebe1de32050fca71059c521f74488cfa5b3729)
Jeremy Allison [Mon, 13 Dec 2010 22:00:34 +0000 (14:00 -0800)]
As we handle missing sendfile() inside lib/sendfile.c, remove the WITH_SENDFILE ifdefs.
(cherry picked from commit
605afc631c212fc070ef5bb951f4d80d342f377d)
Jeremy Allison [Mon, 13 Dec 2010 21:34:50 +0000 (13:34 -0800)]
We need to start off with smb2.credits_granted == 0. That way
when processing the faked up SMB2 NegProt from the SMB1 packet we
always allocate one credit on reply.
Jeremy.
(cherry picked from commit
6ce365b238755ccd64b1c2aca0933f8e717300b0)
Jeremy Allison [Mon, 13 Dec 2010 21:17:49 +0000 (13:17 -0800)]
Remove extra unused credit arg. to smbd_smb2_request_setup_out()
(cherry picked from commit
7a835a6b42c49d70b599ab7c651f7aa871d8c605)
Stefan Metzmacher [Mon, 13 Dec 2010 11:04:28 +0000 (12:04 +0100)]
s3:selftest: fix knownfail for samba3.posix_s3.rpc.spoolss.*printserver.enum_printers_old
The name is in lowercase since commit
35fbc7bbda5851f7172538f79fc79be201f1d521
(s4-smbtorture: Make test names lowercase and dot-separated.)
This should avoid intermittent failures in make test.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Dec 13 13:52:18 CET 2010 on sn-devel-104
(cherry picked from commit
4ce3b53f122afb1eb3eaa3fbc2b8ef7fa8d075f5)
Günther Deschner [Fri, 10 Dec 2010 16:15:18 +0000 (17:15 +0100)]
s3-selftest: support differing VFSLIBDIR in autoconf and waf build.
With this change make test in the s3 waf build (w/o s4 smbtorture yet) works!
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Dec 13 13:06:05 CET 2010 on sn-devel-104
(cherry picked from commit
a43a1d922611a0610f8d815285e91dff6d77d629)
Günther Deschner [Thu, 9 Dec 2010 14:44:30 +0000 (15:44 +0100)]
s3-waf: add -Wl,--export-dynamic to LDFLAGS.
Our binaries did not export symbols so e.g. smbd could not load vfs modules.
Patch from tridge.
We might remove this later on, once we decide to resolve all symbols and fix all
dependencies in s3 modules.
Guenther
(cherry picked from commit
b4d398f8e3f5f073f0424395b792c1487a2f2ca8)
Günther Deschner [Thu, 9 Dec 2010 14:33:25 +0000 (15:33 +0100)]
nss_wrapper: make nss_wrapper.pl executeable.
Guenther
(cherry picked from commit
cb15d73c0bb8526b99f7f5067680a39bd8fbf03f)
Jelmer Vernooij [Sat, 11 Dec 2010 02:26:31 +0000 (03:26 +0100)]
s4-smbtorture: Make test names lowercase and dot-separated.
This is consistent with the test names used by selftest, should
make the names less confusing and easier to integrate with other tools.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 11 04:16:13 CET 2010 on sn-devel-104
(cherry picked from commit
35fbc7bbda5851f7172538f79fc79be201f1d521)
James Peach [Mon, 6 Dec 2010 19:27:31 +0000 (11:27 -0800)]
smbtorture: correct error handling in BASE-OPEN.
There are a number of cases in BASE-OPEN where an initial failure cascades
into multiple failures due to lack of cleanup between test phases. Fix
all these so that they close open file handles correctly. Replace
torture_comment with torture_result where appropriate so that the results
output contains a useful diagnostic.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Dec 11 03:19:39 CET 2010 on sn-devel-104
(cherry picked from commit
7ef1de3973ea694abb7e330dd538a0f3679365fb)