Andrew Bartlett [Mon, 17 Jun 2013 12:37:54 +0000 (22:37 +1000)]
torture/drs: Expand an error message to aid debugging
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 25 13:51:44 CEST 2013 on sn-devel-104
Andrew Bartlett [Wed, 19 Jun 2013 00:30:48 +0000 (10:30 +1000)]
dsdb-ridalloc: Rework ridalloc to return error strings where RID allocation fails
We now also only poke the RID manager once per request.
This may help track down why RID allocation can fail, as while we
never wait for the RID set to be created/updated, it may be the only
clue the admin gets as to why the async allocations were failing.
Andrew Bartlett
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 13 Jun 2013 09:33:42 +0000 (19:33 +1000)]
dynconfig: Remove last s3 markers now we have just one build system
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 24 16:29:15 CEST 2013 on sn-devel-104
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 24 14:37:43 CEST 2013 on sn-devel-104
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Kai Blin <kai@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 24 12:42:29 CEST 2013 on sn-devel-104
s3-winbindd: support the DIR pragma for raw kerberos user pam authentication.
It is currently only available in MIT. In addition, allow to define custom
filepaths for FILE, WRFILE and DIR pragmas and substitute one occurence of the
%u pattern.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
log_ctx.log_private was used uninitialized. Not a real bug here,
as tdb_log does not access it, but tdb_open_ex still moves around
uninitialized data. So this would show up in valgrind as well.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
log_ctx.log_private was used uninitialized. Not a real bug here,
as tdb_log does not access it, but tdb_open_ex still moves around
uninitialized data. So this would show up in valgrind as well.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Kai Blin <kai@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 22 14:12:38 CEST 2013 on sn-devel-104
Jeremy Allison [Tue, 9 Jul 2013 23:37:48 +0000 (16:37 -0700)]
Add torture tests to raw.eas to check sending Windows invalid names in the middle of an EA list.
Add torture tests to probe the set of invalid
Windows EA names.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 19 11:50:25 CEST 2013 on sn-devel-104
nsswitch: Don't enumerate all domains with wbinfo -u|-g.
By default wbinfo -u|-g should only enumerate the domain winbindd is
joined to. The command can be harmfull if you have e.g. 30 domains and
700k users. Then the parent will collect all information and the
oom-killer will kill winbind. As we still want to support it, you can
enable it the old behaviour with wbinfo --domain='*' -u. This is
a measure that sysadmins don't shoot themself.
https://bugzilla.samba.org/show_bug.cgi?id=10034
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 18 11:54:58 CEST 2013 on sn-devel-104
Bill Parker [Wed, 17 Jul 2013 22:30:35 +0000 (15:30 -0700)]
Fix bug 10025 - Lack of Sanity Checking in calls to malloc()/calloc().
In reviewing various files in Samba-4.0.7, I found a number
of instances where malloc()/calloc() were called without the
checking the return value for a value of NULL, which would
indicate failure.
(NB. The changes needed to ccan, iniparser, popt and heimdal
will be reported upstream, not patched inside Samba).
Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo Source <idra@samba.org>
Alexander Werth [Tue, 9 Jul 2013 15:14:08 +0000 (17:14 +0200)]
s3: Remove old mode special substitution.
The mode special substitution now happens in a separate function.
The substitution at this point is unnecessary.
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Tue Jul 16 00:52:26 CEST 2013 on sn-devel-104
s4:server: avoid calling into nss_winbind from within 'samba'
The most important part is that the 'winbind_server' doesn't
recurse into itself. This could happen if the krb5 libraries
call getlogin().
As we may run in single process mode, we need to set
_NO_WINBINDD=1 everywhere, the only exception is the forked
'smbd'.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 10 23:18:06 CEST 2013 on sn-devel-104
s4:rpc_server: make sure we don't terminate a connection with pending requests (bug #9820)
Sadly we may have nested event loops, which won't work correctly with
broken connections, that's why we have to do this...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 10 08:47:38 CEST 2013 on sn-devel-104
Andrew Bartlett [Thu, 27 Jun 2013 01:28:03 +0000 (11:28 +1000)]
s4-winbindd: Do not terminate a connection that is still pending (bug #9820)
Instead, wait until the call attempts to reply, and let it terminate then
(often this happens in the attempt to then write to the broken pipe).
Andrew Bartlett
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 9 Jul 2013 10:32:34 +0000 (12:32 +0200)]
s3-smbstatus: display [u|g]id of -1 as "-1" in connection list
In order to avoid displayed uid or gid of "4294967295" instead of "-1", we
need to fetch the special case -1.
The id can be -1 if we are reading e.g. incomplete session information.
Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 10 01:18:30 CEST 2013 on sn-devel-104
waf: Build with RELRO if supported by the compiler.
Make sure we create binaries with full RELocation Read-Only support. See
https://isisblogs.poly.edu/2011/06/01/relro-relocation-read-only/
for more details.
The default is to check if the compiler supports RELRO and then enable
it. Specifying '--with-relro' will make it mandatory and
'--without-relro' will disable it.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
When trying to read a profile, under certain circumstances Windows tries
to read with its machine account first. The profile previously written
was stored with an ACL that only allows access for the user and not
the machine. Windows should get an NT_STATUS_ACCESS_DENIED when using
the machine account, making it retry with the user account (which would
then succeed).
Samba under these circumstances erroneously gives
NT_STATUS_OBJECT_PATH_NOT_FOUND, which makes Windows give up and not
retry. The reasons is the "dropbox" patch in unix_convert, turning EACCESS
on the last path component to OBJECT_PATH_NOT_FOUND. This patch makes
the dropbox behaviour only kick in when we are creating a file. I think
this is an abstraction violation. unix_convert() should not have to know
about the create_disposition, but given that we have pathname resolution
separated from the core open code right now this is the best we can do.
Signed-off-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> Reviewed-by: Jeremy Allison <jra@samba.org>
lib/param: sync debug related options with source3/param
The most important change is "debug hires timestamp = Yes"
and "syslog = 1".
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Björn Jacke <bj@sernet.de>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Tue Jul 9 17:15:15 CEST 2013 on sn-devel-104
Björn Jacke [Wed, 3 Jul 2013 16:57:57 +0000 (18:57 +0200)]
time: prefer CLOCK_BOOTTIME for clock_gettime_mono()
this clock moves on while the machine was suspended. This is what we prefer
actually.
Signed-off-by: Björn Jacke <bj@sernet.de> Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Fri Jul 5 16:47:34 CEST 2013 on sn-devel-104
Björn Jacke [Wed, 3 Jul 2013 16:51:14 +0000 (18:51 +0200)]
time: don't try to use the coarse clock
as we prefer to use the suspend aware CLOCK_BOOTTIME as monotonic clock source
we cannot deal with the mono coarse clock any more. Actually I never saw a real
performance gain with it.
Signed-off-by: Björn Jacke <bj@sernet.de> Reviewed-by: Simo Sorce <idra@samba.org>
Andrew Bartlett [Sat, 22 Jun 2013 09:30:50 +0000 (19:30 +1000)]
dsdb-ridalloc: Fix RID pools - RID numbers increase too quickly
A patch by Cove Schneider <cove_s@yahoo.com> who reports:
I noticed that the RID numbers seem to increase incrementally, then
will suddenly jump by 124501. Unless I'm misunderstanding, shouldn't
RID pool allocations just be 500 at a time?
e.g. Adding accounts one after another on a single test instance here's how they're incrementing (from 4.0.6):
1596
1597
1598
1599
126100
126101
126102
...
126599
251100
...
251599
376100
...
The problem is that this complicates using sssd's AD integration, as
that it doesn't expect the RIDs to increase in a single domain so
quickly.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 4 20:13:05 CEST 2013 on sn-devel-104
s3-winbind: Allow sec_initial_uid() to store creds.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 2 23:26:24 CEST 2013 on sn-devel-104
(cherry picked from commit caf3af33deeea9bee61a741fcc991285006cc6f5)
127.0.0.2 is used by some distributions to resolve the own hostname.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit a4af4fa9db768dce2e009ba132cf88525a9b8314)
selftest: Add a newline to root entries in the nss files.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d5511b125ccfd9c46cad63796aa49258bcc0ae38)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7392985b2981cb82be5f99255faae1605972be53)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit bf5bc723da0605c7bc796f5e047e3f041db0b943)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d295e18409a2e18e52c5bb76fec0e0540b6199cf)
s3-winbind: Allow sec_initial_uid() to store creds.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 2 23:26:24 CEST 2013 on sn-devel-104
tsocket: Pass the full port number to getaddrinfo().
The code stripped port numbers above 9999 down to 4 digits.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 1 21:10:53 CEST 2013 on sn-devel-104
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Tue Jul 2 13:07:35 CEST 2013 on sn-devel-104
tsocket: Pass the full port number to getaddrinfo().
The code stripped port numbers above 9999 down to 4 digits.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 1 21:10:53 CEST 2013 on sn-devel-104
Aurélien Aptel [Fri, 28 Jun 2013 15:34:26 +0000 (17:34 +0200)]
docs-xml/manpages/smbclient.1.xml: fix case of -T flag in example.
Signed-off-by: Aurélien Aptel <aurelien.aptel@gmail.com> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Jun 28 17:45:31 CEST 2013 on sn-devel-104
Jeremy Allison [Tue, 18 Jun 2013 00:25:41 +0000 (17:25 -0700)]
winbindd and nmbd don't set their umask to zero on startup like smbd does.
Fix this - we already control tightly what permissions are
on the files we create. Ensure we don't get surprised.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jun 27 02:02:24 CEST 2013 on sn-devel-104
Volker Lendecke [Wed, 26 Jun 2013 15:35:37 +0000 (15:35 +0000)]
sharesec: Document --view-all
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jun 26 18:43:45 CEST 2013 on sn-devel-104