Nadezhda Ivanova [Tue, 29 Oct 2013 16:17:27 +0000 (18:17 +0200)]
s4-dsdb: instanceType NC_HEAD is only allowed combined with WRITE for an originating add operation
As described in MS-ATDS 3.1.1.5.2.8.
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Sun Nov 3 16:17:30 CET 2013 on sn-devel-104
Björn Jacke [Thu, 31 Oct 2013 11:01:22 +0000 (12:01 +0100)]
doc/msdfs proxy: extend example for multi target config
Signed-off-by: Björn Jacke <bj@sernet.de> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Nov 1 00:12:19 CET 2013 on sn-devel-104
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 31 01:16:10 CET 2013 on sn-devel-104
Alexander Werth [Thu, 22 Aug 2013 13:01:17 +0000 (15:01 +0200)]
s3:modules: nfs4_acls ACLs with zero entries are fine.
Signed-off-by: Alexander Werth <alexander.werth@de.ibm.com> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Oct 30 20:31:42 CET 2013 on sn-devel-104
Matthieu Patou [Sun, 20 Oct 2013 20:37:17 +0000 (13:37 -0700)]
librpc-idl: change the drsuapi_DsBindInfoCtr so that it match what is on the wire both in NDR32 and NDR64.
Previous implementation had a problem with NDR64 with uint32 and
uint3264 being in the wrong order
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 30 10:16:02 CET 2013 on sn-devel-104
s3-rpc_client: Make data pointer const in trans_send().
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 30 01:32:08 CET 2013 on sn-devel-104
Volker Lendecke [Sun, 27 Oct 2013 14:31:44 +0000 (15:31 +0100)]
rpc_server: Fix a memleak on error exit
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Oct 28 10:20:35 CET 2013 on sn-devel-104
Volker Lendecke [Sun, 27 Oct 2013 14:27:45 +0000 (15:27 +0100)]
rpc_server: Fix some uses of tevent_req_nomem
tevent_req_nomem is to be used in a sequence of async actions where we
have one main request. This is a completely independent loop without one
central tevent_req. tevent_req_nomem is used as a simple way to signal
an out of memory condition to the main request representing the async
sequence. If we don't have such a tevent_req, we need to directly check
for NULL.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Matthieu Patou [Tue, 15 Oct 2013 22:06:57 +0000 (15:06 -0700)]
auth-kerberos: add the credentials.h so that enum credentials_obtained is defined
We had a warning about the enum being defined in the parameter list:
warning: ‘enum credentials_obtained’ declared inside parameter list
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Sun Oct 27 02:25:47 CET 2013 on sn-devel-104
David Disseldorp [Sat, 19 Oct 2013 01:47:07 +0000 (03:47 +0200)]
torture: add FSCTL_SRV_COPYCHUNK_WRITE access test
Check that FSCTL_SRV_COPYCHUNK_WRITE succeeds when the copy-chunk target
is opened with SEC_RIGHTS_FILE_WRITE only.
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 25 22:48:59 CEST 2013 on sn-devel-104
David Disseldorp [Sat, 19 Oct 2013 01:47:06 +0000 (03:47 +0200)]
smb2_ioctl: add support for FSCTL_SRV_COPYCHUNK_WRITE
FSCTL_SRV_COPYCHUNK can only be used when the client has the copy-chunk
target file open with FILE_WRITE_DATA and FILE_READ_DATA.
FSCTL_SRV_COPYCHUNK_WRITE requires only FILE_WRITE_DATA access on the
target, and is therefore suitable for cp --reflink, which opens the
target file O_WRONLY.
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
This is a change in behaviour which needs much further investigation
and testing.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Oct 25 14:22:20 CEST 2013 on sn-devel-104
Steven Siloti [Thu, 24 Oct 2013 03:46:05 +0000 (20:46 -0700)]
waf: parse LDFLAGS from python
The LDFLAGS returned by get_python_variables may contain additional library
search paths. These need to be parsed out and placed in LIBPATH to maintain
correct ordering of search paths in the final link flags.
Specifically, appending LDFLAGS directly to LINKFLAGS on my system was causing
/usr/lib to be the first search path specified. This lead to linking against
installed libraries rather than the versions from the current build.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 25 02:48:35 CEST 2013 on sn-devel-104
Michael Adam [Wed, 16 Oct 2013 13:17:18 +0000 (15:17 +0200)]
build: fix ordering problems with lib-provided and internal RPATHs
When a library or system (like cups) provides an RPATH,
e.g. with -Wl,-R or -Wl,-rpath, this was added by waf
to the LINKFLAGS, wich was later prepended to our RPATH.
But if the path by chance contains an older version of
one of our internal libraries like talloc, this would lead
to linking the too old talloc into our binaries.
This has been observed on, e.g., FreeBSD, but it is a general
problem.
This patch fixes the problem by specially parsing the RPATH
linker options from the pkg-config(, cups-config, ....) output
and putting the paths into the RPATH_<lib> container, which
is then later correctly appended to our internal RPATH.
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 25 00:39:21 CEST 2013 on sn-devel-104
Volker Lendecke [Tue, 22 Oct 2013 09:18:01 +0000 (09:18 +0000)]
torture: Add smb2.oplock.levelII501 test
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Oct 24 16:15:50 CEST 2013 on sn-devel-104
This makes the is_stat_open special case in grant_fsp_oplock_type
redundant because in open_file_ntcreate further up we have already set
oplock_request to NO_OPLOCK for stat opens.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Some lines above we set fsp->oplock_type = e->op_type. I don't see
how this might have changed. This change will unify both callers of
set_file_oplock. In the next step the second parameter to set_file_oplock
will be removed.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Jeremy Allison [Mon, 21 Oct 2013 23:59:11 +0000 (16:59 -0700)]
Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a group.
When the ID returned is ID_TYPE_BOTH we must *always* add it as both
a user and a group, not just in the owning case. Otherwise DENY
entries are not correctly processed.
Volker Lendecke [Wed, 16 Oct 2013 19:34:15 +0000 (21:34 +0200)]
torture: Extend the raw.oplock.level_ii_1 test
smbd broke to none twice. Make sure this won't happen again :-)
This used to happen before the MSG_SMB_BREAK_RESPONSE merge. In
process_oplock_break_message we did not call remove_oplock, which would
have prevented this.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 23 14:06:13 CEST 2013 on sn-devel-104
Volker Lendecke [Tue, 22 Oct 2013 11:33:42 +0000 (11:33 +0000)]
smbd: Use MSG_SMB_BREAK_REQUEST for async l2 breaks
Now that we transmit the level we want to break to via the msg.op_type
we can unify MSG_SMB_BREAK_REQUEST and MSG_SMB_ASYNC_LEVEL2_BREAK and
thus simplify the code a bit.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
The level we have to break to depend on the breakers create_disposition:
If we overwrite, we have to break to none.
This patch overloads the "op_type" field in the break message we send
across to the smbd holding the oplock with the oplock level we want to
break to. Because it depends on the create_disposition in the breaking
open, only the breaker can make that decision. We might want to use
a different mechanism for this in the future, but for now using the
op_type field seems acceptable to me.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
The level we have to break to depends on the create disposition of the
second opener. If it's overwriting, break to none. If it's not, break
to level2.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Fri, 18 Oct 2013 15:12:35 +0000 (15:12 +0000)]
smbd: Fix bug 10216
While refactoring find_oplock_types to validate_oplock_types I forgot
that stat opens will end up in locking.tdb. So even with a batch oplock
around we can have more than one entry. This means the consistency check
in validate_oplock_types was wrong and too strict.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Sun, 20 Oct 2013 15:29:29 +0000 (17:29 +0200)]
ldb: Fix CID 240798 Uninitialized pointer read
Not called right now, because nobody tries multiple sort attributes. But if
someone did, build_response would have looked at the uninitialized controls.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 22 03:28:20 CEST 2013 on sn-devel-104
Michael Adam [Fri, 18 Oct 2013 14:26:41 +0000 (16:26 +0200)]
idmap_autorid: fix traversal of ranges to correctly exclude mapping records.
When listing all ranges with "net idmap get ranges", the database records
of the form "S-1-5-10" --> "GID 100016" were treated here as rangee mapings,
resulting in an faulty printout like this: "RANGE 541346119: S-1-5-10".
This patch fixes this by adding a filter that checks the size of the
value datablob.
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Oct 21 19:48:40 CEST 2013 on sn-devel-104
The first "goto done" would TALLOC_FREE the uninitialized "value"
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 19 03:43:04 CEST 2013 on sn-devel-104
Simo Sorce [Thu, 17 Oct 2013 19:59:55 +0000 (15:59 -0400)]
Reserve an OID space for external projects
Some external, but somewhat related projects, benefit from being
able to use the Samba OID space instead of having to go through IANA.
Reserve 1.3.6.1.4.1.7165.655.x for external projects
And assign 1.3.6.1.4.1.7165.655.1.x to the GSS-NTLMSSP project.
Signed-off-by: Simo Sorce <idra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Fri Oct 18 05:47:29 CEST 2013 on sn-devel-104