Karolin Seeger [Fri, 8 Nov 2013 09:28:54 +0000 (10:28 +0100)]
VERSION: Disable git snapshots for the 4.0.11 release.
Bug 10234 - CVE-2013-4476: key.pem world readable
Bug 10235 - CVE-2013-4475: No access check verification on stream files
(bug #10229).
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 8 Nov 2013 09:26:12 +0000 (10:26 +0100)]
WHATSNEW: Add release notes for Samba 4.0.11.
Bug 10234 - CVE-2013-4476: key.pem world readable
Bug 10235 - CVE-2013-4475: No access check verification on stream files
(bug #10229).
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Björn Baumbach [Tue, 29 Oct 2013 16:53:59 +0000 (17:53 +0100)]
CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem)
If the tls key is not owned by root or has not mode 0600 samba will not
start up.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 29 Oct 2013 16:52:39 +0000 (17:52 +0100)]
CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 30 Oct 2013 13:48:36 +0000 (14:48 +0100)]
CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()
We should generate private keys with 0600.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 29 Oct 2013 16:49:55 +0000 (17:49 +0100)]
CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 29 Oct 2013 16:48:11 +0000 (17:48 +0100)]
CVE-2013-4476: lib-util: split out file_save_mode() from file_save()
file_save_mode() writes files with specified mode.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 29 Oct 2013 16:43:17 +0000 (17:43 +0100)]
CVE-2013-4476: lib-util: add file_check_permissions()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Tue, 29 Oct 2013 22:57:01 +0000 (15:57 -0700)]
Add regression test for bug #10229 - No access check verification on stream files.
Checks against a file with attribute READONLY, and
a security descriptor denying WRITE_DATA access.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Nov 4 23:10:10 CET 2013 on sn-devel-104
(cherry picked from commit
65882152cc7ccaba0e7903862b99ca93594ed080)
The last two patches address bug #10235 - CVE-2013-4475: No access
check verification on stream files.
Jeremy Allison [Mon, 28 Oct 2013 23:59:20 +0000 (16:59 -0700)]
Fix bug #10229 - No access check verification on stream files.
https://bugzilla.samba.org/show_bug.cgi?id=10229
We need to check if the requested access mask
could be used to open the underlying file (if
it existed), as we're passing in zero for the
access mask to the base filename.
Back-ported for 4.0.x.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>
(Based on master commit
60f922bf1bd8816eacbb32c24793ad1f97a1d9f2)
Karolin Seeger [Mon, 7 Oct 2013 08:47:15 +0000 (10:47 +0200)]
VERSION: Bump version number up to 4.0.11...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 7 Oct 2013 08:46:08 +0000 (10:46 +0200)]
VERSION: Disable git snapshots for the 4.0.10 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 7 Oct 2013 08:45:14 +0000 (10:45 +0200)]
WHATSNEW: Update release date.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 1 Oct 2013 07:36:11 +0000 (09:36 +0200)]
WHATSNEW: Add latest changes since 4.0.9.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Tue Oct 1 11:28:04 CEST 2013 on sn-devel-104
Volker Lendecke [Mon, 30 Sep 2013 12:52:49 +0000 (12:52 +0000)]
smbd: Fix crash bug in notify_deferred_opens
The "deferred" array only holds enough entries for non-stale pids. We
should skip those as well when filling that array.
This bug came in with
19b6671. No issue in master and 4.1, we don't have
deferred entries anymore there.
Part of a fix for bug #10138 - smbd doesn't always clean up share modes after
hard crash.
Volker Lendecke [Sun, 1 Sep 2013 16:54:59 +0000 (18:54 +0200)]
torture3: Trigger a nasty cleanup bug in smbd
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Sep 3 19:13:14 CEST 2013 on sn-devel-104
(cherry picked from commit
ade8477f98fcffcc6e3c5ea31618b49d0c1bba95)
The latest 5 patches address bug #10138 - smbd doesn't always clean up share
modes after hard crash.
Volker Lendecke [Fri, 30 Aug 2013 12:49:43 +0000 (12:49 +0000)]
smbd: Fix flawed share_mode_stale_pid API
The comment for this routine said:
> Modifies d->num_share_modes, watch out in routines iterating over
> that array.
Well, it turns out that *every* caller of this API got it wrong. So I
think it's better to change the routine.
This leaves the array untouched while iterating but filters out the
deleted ones while saving them back to disk.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
7d91ffc6fdc3b371564e14f09822a96264ea372a)
Volker Lendecke [Fri, 30 Aug 2013 12:27:36 +0000 (12:27 +0000)]
smbd: Rename parameter "i" to "idx"
We'll need "i" in a later checkin ... :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
5006db98aaf1efe119f1da8be091587a9bc2b952)
Conflicts:
source3/locking/proto.h
Volker Lendecke [Sun, 1 Sep 2013 09:07:19 +0000 (11:07 +0200)]
smbd: Don't store in-memory only flags in locking.tdb
Hey, pidl knows the [skip] attribute ... :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
696bc569b17f024f840774e3d59761229836a310)
Volker Lendecke [Thu, 22 Aug 2013 08:49:07 +0000 (08:49 +0000)]
smbd: Simplify find_oplock_types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
94b320527eee0c7ba1d3818816e7d59cb863bf3f)
Karolin Seeger [Mon, 30 Sep 2013 10:40:54 +0000 (12:40 +0200)]
WHATSNEW: Add hint on the new "acl allow execute always" parameter.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Tue Oct 1 09:27:23 CEST 2013 on sn-devel-104
Karolin Seeger [Mon, 30 Sep 2013 10:31:02 +0000 (12:31 +0200)]
WHATSNEW: Satrt release notes for Samba 4.0.10.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Andrew Bartlett [Tue, 24 Sep 2013 17:18:36 +0000 (10:18 -0700)]
dsdb: Convert the full string from UTF16 to UTF8, including embedded NULLs
Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077
Note that this doesn't fix the userParameters problem
completely, but it doesn't truncate the userParameters value
anymore.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Sep 26 22:05:12 CEST 2013 on sn-devel-104
(cherry picked from commit
89200c227f36a063612eb38927ac8dee18e044d5)
Michael Adam [Thu, 18 Apr 2013 21:45:24 +0000 (23:45 +0200)]
s3:smbd:smb2:scavenger: fix format error for debugging open_persistent_id in scavenger_timer()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 19 01:36:15 CEST 2013 on sn-devel-104
Fix bug #10169 - Build Error in scavenger.c.
Andrew Bartlett [Thu, 9 May 2013 03:16:55 +0000 (15:16 +1200)]
python-samba-tool fsmo: Do not give an error on a successful role transfer
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9461
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 23 12:00:24 CEST 2013 on sn-devel-104
(cherry picked from commit
8d8872ae0a19786452c3be044757b16814b82be8)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Wed Sep 25 10:51:49 CEST 2013 on sn-devel-104
Daniel Liberman [Thu, 19 Sep 2013 23:28:33 +0000 (20:28 -0300)]
Fix bug 10162 - POSIX ACL mapping failing when setting DENY ACE's from Windows.
Fix for ACL problem - not accepting DENY. Code was checking for pointer and not for content.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sat Sep 21 05:24:07 CEST 2013 on sn-devel-104
(cherry picked from commit
e24fcf0f3e1b5b19d97a13786b09f069393b06d8)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Mon Sep 23 11:23:14 CEST 2013 on sn-devel-104
Günther Deschner [Tue, 17 Sep 2013 10:47:58 +0000 (12:47 +0200)]
docs: point out side-effects of global "valid users" setting.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Fix bug #10147 - Better document potential implications of a globally used
"valid users".
Matthieu Patou [Thu, 19 Sep 2013 18:18:32 +0000 (11:18 -0700)]
libcli: continue to read from the socket even if the size is 0
This is an issue found by Codenomicon, with a malicious packet with 0
bytes UDP payload we will continiously be looping trying to react from
the socket event and continiously do nothing as we will bail out
thinking that we had a memory allocation error.
Original fix comes from Volker Lendecke <vl@samba.org>
Signed-off-by: Matthieu Patou <mat@matws.net>
Fix bug #10158 - netbios related samba process consume 100% CPU.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Fri Sep 20 11:05:42 CEST 2013 on sn-devel-104
Jeremy Allison [Tue, 10 Sep 2013 17:46:18 +0000 (10:46 -0700)]
Fix is_legal_name() to not emit character conversion error messages.
Using next_codepoint() does the same check, but without the conversion
message.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
776db7d38597a29536e4127837ffa3b4f4ce35ab)
Fix bug #10139 - valid utf8 filenames cause "invalid conversion error"
messages.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Thu Sep 19 12:06:53 CEST 2013 on sn-devel-104
Christof Schmitt [Thu, 29 Aug 2013 17:36:00 +0000 (19:36 +0200)]
s3:smb2_find: Return that timestamps do not exist as directories
When a Windows client receives a large directory listing while
querying snapshots, it sends a find request asking for the
timestamp as a directory. A Windows server returns NO_SUCH_FILE,
so make sure Samba returns the same. Otherwise the client will
get confused and display timestamps in the 'previous versions' dialog.
Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 10 22:38:51 CEST 2013 on sn-devel-104
(cherry picked from commit
c8c0632c871e838fc4465b2a69b4e059e9a126c0)
Fix bug #10137 - shadow_copy2 does not display previous versions correctly over
SMB2.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Mon Sep 16 11:38:36 CEST 2013 on sn-devel-104
Karolin Seeger [Thu, 12 Sep 2013 07:20:03 +0000 (09:20 +0200)]
docs: Fix typos.
This is a follow-up patch for bug #10134 - Samba 4.0 is stricter in checking
acls for "open for execution".
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Sep 12 11:59:56 CEST 2013 on sn-devel-104
(cherry picked from commit
4af7b709e925d85be9446af179186fc13466626f)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Fri Sep 13 12:54:16 CEST 2013 on sn-devel-104
Korobkin [Tue, 10 Sep 2013 23:20:27 +0000 (16:20 -0700)]
Raise the level of a debug.
Bug #10118 - Samba is chatty about being unable to open a printer
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 11 03:10:08 CEST 2013 on sn-devel-104
(cherry picked from commit
d809cf653b624a9fde48de3b0c2ab58aca705c50)
Michael Adam [Mon, 2 Sep 2013 14:54:15 +0000 (16:54 +0200)]
docs: document "acl allow execute always"
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
The last 3 patches address bug #10134 - Samba 4.0 is stricter in checking acls
for "open for execution".
See the following commits in master:
de3bc10ef69f23e7dab9fc3f6990bb403824b14e
1e29d730663382875d96c275c60e022a1c33a2d1
a2a3c9f36d7a19d75924cff25fa1b450d85ee6d6
Michael Adam [Mon, 2 Sep 2013 15:37:50 +0000 (17:37 +0200)]
s3:smbd: ease file server upgrades from 3.6 and earlier with "acl allow execute aways"
3.6 and earlier allowed open for execution when execute permissions are
not present on a file. This has been fixed in Samba 4.0.
This patch changes smbd to skip the execute bit from the ACL check
in the open code if "acl allow execute always = yes", hence
re-establishing the old behaviour in this case.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Michael Adam [Mon, 2 Sep 2013 15:36:59 +0000 (17:36 +0200)]
loadparm: add new parameter "acl allow execute always"
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Amitay Isaacs [Mon, 27 May 2013 02:26:36 +0000 (12:26 +1000)]
samba-tool/dns: Pass on additional flags when creating zones
Windows DCs require additional flags to be set when creating zones.
This fixes bug #9599.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
c22eb103d865ed50a6c3ca89750245b92e17b493)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Mon Sep 9 12:04:57 CEST 2013 on sn-devel-104
Amitay Isaacs [Mon, 27 May 2013 02:37:20 +0000 (12:37 +1000)]
samba-tool/dns: Set secure zone update flag after creating new zone
Windows DC ignores the secure update flag while creating new zone. Windows
performs another operation to set the secure update flag.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
05578dcdbfa1734ae7bafb70859a76f4cd2a023d)
Jeremy Allison [Tue, 3 Sep 2013 21:07:43 +0000 (14:07 -0700)]
Optimization. Don't do the retry logic if sitename_fetch() returned NULL, we already did a NULL query.
Bug 5917 - Samba does not work on site with Read Only Domain Controller
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 4 01:19:05 CEST 2013 on sn-devel-104
(cherry picked from commit
bdab6f9431715fbfd28f8cc0dfb4dde2966f22f3)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Fri Sep 6 12:51:06 CEST 2013 on sn-devel-104
Jeremy Allison [Tue, 3 Sep 2013 19:20:52 +0000 (12:20 -0700)]
Move the retry logic when site_name is passed in a NULL or "" to the wrapper function.
Bug 5917 - Samba does not work on site with Read Only Domain Controller
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>
(cherry picked from commit
68e7b1c9446c7d1274b0fb85b59b90ac1a7f6041)
Jeremy Allison [Tue, 3 Sep 2013 19:08:46 +0000 (12:08 -0700)]
Move the manipulation of site_name into the caller function dsgetdcname().
Leave dsgetdcname_internal() only using const char *site_name.
Bug 5917 - Samba does not work on site with Read Only Domain Controller
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>
(cherry picked from commit
181c11066bd53b07015a199f56eb71182e89ff71)
Jeremy Allison [Tue, 3 Sep 2013 19:04:37 +0000 (12:04 -0700)]
Refactor dsgetdcname to be called via a wrapper function.
Bug 5917 - Samba does not work on site with Read Only Domain Controller
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>
(cherry picked from commit
66006be7ef703b2935334633d27641050cee5f58)
Jeremy Allison [Tue, 3 Sep 2013 19:13:45 +0000 (12:13 -0700)]
dsgetdcname_cache_fetch() doesn't use the site_name parameter so don't pass it.
Bug 5917 - Samba does not work on site with Read Only Domain Controller
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>
(cherry picked from commit
dd12bfbcbf359c1642cc2e968aec62ae904aad5d)
Volker Lendecke [Tue, 27 Aug 2013 09:40:19 +0000 (09:40 +0000)]
smbd: Correctly return INFO_LENGTH_MISMATCH for smb1
This is required if the client offered less buffer than the fixed portion
of the info level data requires
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1b1935b876a14154ef74e447bf53eb7cd0a5dde9)
Volker Lendecke [Tue, 27 Aug 2013 09:39:17 +0000 (09:39 +0000)]
smbd: Fix error return for STREAM_INFO
The stream_info marshalling follows its own rules. This needs unifying
eventually...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
5634f240fd4273cb7327111140ccbea0fd41e3fc)
Volker Lendecke [Tue, 27 Aug 2013 09:38:29 +0000 (09:38 +0000)]
smbd: Revert
a93f9c3
This was too broad and has been replaced by finer-grained error checks
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b37edda32930fec372d6467d442f67532c3fbd33)
Volker Lendecke [Tue, 27 Aug 2013 09:37:34 +0000 (09:37 +0000)]
smbd: Correctly return BUFFER_OVERFLOW in smb2_getinfo
Also, don't overflow the client buffer
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
40f60024ca19e33cbbe9825b42692f386a8f1dd9)
Volker Lendecke [Tue, 27 Aug 2013 09:36:03 +0000 (09:36 +0000)]
smbd: Correctly return INFO_LENGTH_MISMATCH in smb2_getinfo
We have to return this error if the client offered less than the fixed
portion of the infolevel data requires
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
91939614760837b2ac2c6bb8b5daac108a4f4670)
Volker Lendecke [Tue, 27 Aug 2013 09:06:27 +0000 (09:06 +0000)]
smbd: qfsinfo has fixed/variable buffers
The error message will have to change depending whether the buffer is
too small for the fixed or variable buffers
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ac41df91a5a425633fc716ca02187e753879d795)
Volker Lendecke [Tue, 27 Aug 2013 09:06:27 +0000 (09:06 +0000)]
smbd: qfilepathinfo has fixed/variable buffers
The error message will have to change depending whether the buffer is
too small for the fixed or variable buffers
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
53123996033594f68a3fc9037474aada3aef0750)
Volker Lendecke [Mon, 26 Aug 2013 08:36:14 +0000 (08:36 +0000)]
smbd: Use #defines in smb2_getinfo_send
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Aug 27 15:08:08 CEST 2013 on sn-devel-104
(cherry picked from commit
323cccd35d06c7327c19dc5cb891043507624d7d)
Ralph Wuerthner [Wed, 10 Jul 2013 14:43:39 +0000 (16:43 +0200)]
s3:smbd: allow info class SMB_QUERY_FS_ATTRIBUTE_INFO to return partial data
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
(cherry picked from commit
270d29a743a030653037cb176f3764bec3c79b6c)
Ralph Wuerthner [Wed, 10 Jul 2013 13:52:06 +0000 (15:52 +0200)]
s3:smbd: allow info class SMB_QUERY_FS_VOLUME_INFO to return partial data
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
(cherry picked from commit
ec46f6b91941e38dd92f8e0fb0f278592e3157b6)
Ralph Wuerthner [Fri, 5 Jul 2013 09:32:27 +0000 (11:32 +0200)]
s3:smbd: allow status code in smbd_do_qfsinfo() to be set by information class handler
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
(cherry picked from commit
616777f029e462f53c5118d79de8c6405a5fb7c1)
Ralph Wuerthner [Fri, 5 Jul 2013 09:03:16 +0000 (11:03 +0200)]
s3:smbd: allow GetInfo responses with STATUS_BUFFER_OVERFLOW to return partial, but valid data
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
(cherry picked from commit
a91d2b05bab329a8a9772c2c79a3b1e02933182e)
Ralph Wuerthner [Wed, 10 Jul 2013 06:59:58 +0000 (08:59 +0200)]
s3:smbd: return NT_STATUS_INFO_LENGTH_MISMATCH for GetInfo in case output_buffer_length is too small
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
(cherry picked from commit
a93f9c3d33e442c84d0c9da7eb5d25ca4b54fc33)
Andrew Bartlett [Fri, 28 Dec 2012 10:00:28 +0000 (21:00 +1100)]
torture: Ensure that GSSAPI and SPNEGO packets are accepted by dlz_bind9
This exercises some more of the dlz_bind9 code outside BIND, by
sending in a ticket to be access checked, wrapped either in SPNEGO or
just in GSSAPI.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Sep 4 11:25:10 CEST 2013 on sn-devel-104
(cherry picked from commit
38e43961c01f6f491b069e7106fe2a2ec80bd840)
The last 7 patches address bug #9091 - When replicating DNS for bind9_dlz we
need to create the server-DNS account remotely.
Andrew Bartlett [Thu, 27 Dec 2012 23:06:39 +0000 (10:06 +1100)]
selftest: Add a basic test of samba_upgradedns
This does not check that the command runs correctly, but does at least check
that the command runs to completion without errors.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
16b26eafa75280e576333975cff5dd1505c118fa)
Andrew Bartlett [Thu, 27 Dec 2012 22:25:11 +0000 (09:25 +1100)]
selftest: Start internal DNS server on domain provisioned for BIND9_DLZ
This shows that the internal server can use the dns-SERVER account.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
013c4990c6f1412dd25592bf177ceffab4b5d16d)
Andrew Bartlett [Tue, 25 Dec 2012 23:03:47 +0000 (10:03 +1100)]
selftest: Test creation of the dns-SERVER account during selftest
We do this by having the samba-tool domain dcpromo for promoted_vampire_dc also create a
dns-SERVER account.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
e281037c9bfa68ca3dc564ec7a36e5c790024902)
Andrew Bartlett [Sun, 23 Dec 2012 22:12:04 +0000 (09:12 +1100)]
scripting/samba_upgradedns: Tighten up exception and attribute list handling
This avoids asking for attributes that will not be used, and looks only for the
expected exceptions, rather than all exceptions.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
d19c437a36b26e71c24bc25e672d714e21ba50bd)
Andrew Bartlett [Sun, 23 Dec 2012 21:56:50 +0000 (08:56 +1100)]
scripting/join.py: Handle creating the dns-NAME account during a DC join
This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the
domain.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
b106d9090e8f8f44f02059d2ced3d10066787060)
Andrew Bartlett [Thu, 28 Feb 2013 11:57:45 +0000 (22:57 +1100)]
selftest: Fix specification of --machinepass to actually set a unique password
Because perl does not assert on dereferencing an invalid hash key
we did not notice that the passwords were being set to machine, not
machineloCalMemberPass.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
166288b162e7b658b48bc908c71f635928edc5b5)
Stefan Metzmacher [Thu, 28 Mar 2013 10:00:27 +0000 (11:00 +0100)]
s3:lib/gencache: place gencache.tdb into /var/cache/samba
/var/lock/samba is located on tmpfs on newer systems,
but we want to keep things like the server affinity cache
across reboots.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
54529fd354275cfb4ece407f95ef34675b202ea3)
Fix bug #9802 - gencache.tdb should be moved to /var/cache/samba.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Mon Sep 2 11:57:51 CEST 2013 on sn-devel-104
Stefan Metzmacher [Fri, 30 Aug 2013 13:18:44 +0000 (15:18 +0200)]
python/provision: remove unused linklocal=False argument from interface_ips_v6()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Bjoern Jacke <bj@sernet.de>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 30 17:33:58 CEST 2013 on sn-devel-104
(cherry picked from commit
3430448fc01ce3fbe0606a2c239d3c98a5b78361)
The last 3 patches address bug #10030 - ::1 added to nameserver on join.
Stefan Metzmacher [Fri, 30 Aug 2013 13:17:59 +0000 (15:17 +0200)]
s4:samba_upgradedns: don't pass linklocal=False to interface_ips_v6()
This is the default...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Bjoern Jacke <bj@sernet.de>
(cherry picked from commit
9edc0276c742194ec381c266acedf3216ccf1c69)
Stefan Metzmacher [Fri, 30 Aug 2013 12:59:01 +0000 (14:59 +0200)]
python/pyglue: filter out loopback and linklocal addresses unless all_interfaces is given
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10030
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Bjoern Jacke <bj@sernet.de>
(cherry picked from commit
0e6aca40413fb3cfd4300f282204a69743be4a65)
Jeremy Allison [Wed, 21 Aug 2013 19:20:48 +0000 (12:20 -0700)]
Fix the UNIX extensions CHOWN calls to use FCHOWN if available, else LCHOWN.
UNIX extensions calls must never deref links.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 26 20:19:46 CEST 2013 on sn-devel-104
(cherry picked from commit
d1593a20f3a5ebf287477dfa8f5ab31dca3dd0c3)
The last 3 patches address bug #10121 - masks incorrectly applied to UNIX
extension permission changes.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Fri Aug 30 12:34:12 CEST 2013 on sn-devel-104
Jeremy Allison [Wed, 21 Aug 2013 19:10:05 +0000 (12:10 -0700)]
Allow UNIX extensions client to act on open fsp instead of pathname if available.
Eliminates possible race condition on pathname op.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
(cherry picked from commit
f1ff97fc022adaacaa23b7da250be6f7d51c6ac7)
Jeremy Allison [Wed, 21 Aug 2013 19:03:25 +0000 (12:03 -0700)]
Fix the erroneous masking of chmod requests via the UNIX extensions.
Changed from switch statement to if, as "create mask", "force create mode"
are only applied to new files, not existing ones. "directory mask",
"force directory mode" are only applied to new directories, not existing
ones.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
(cherry picked from commit
bd0156988b34feaf91c3046f7ec78f0833222395)
Jeremy Allison [Mon, 10 Jun 2013 20:33:40 +0000 (13:33 -0700)]
Fix bug #9166 - Starting smbd or nmbd with stdin from /dev/null results in "EOF on stdin"
Only install the stdin handler if it's a pipe or fifo.
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 26 Sep 2012 23:53:48 +0000 (16:53 -0700)]
s3: Fix some blank line endings
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Sep 27 07:57:03 CEST 2012 on sn-devel-104
(cherry picked from commit
aad669b53eca99f86c2e630bf3f2e9f594fed9c1)
Volker Lendecke [Mon, 19 Aug 2013 10:26:00 +0000 (10:26 +0000)]
smbd: Simplify dropbox special case in unix_convert
EACCESS needs special treatment: If we want to create a fresh file,
return OBJECT_PATH_NOT_FOUND, so that the client will continue creating
the file. If the client wants us to open a potentially existing file,
we need to correctly return ACCESS_DENIED.
This patch makes this behaviour hopefully a bit clearer than the code
before did.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Aug 26 12:14:26 CEST 2013 on sn-devel-104
The last 2 patches address bug #10114 - Dropbox (write-only-directory) case
isn't handled correctly in pathname lookup.
Volker Lendecke [Tue, 9 Jul 2013 18:02:39 +0000 (11:02 -0700)]
smbd: Fix a profile problem
When trying to read a profile, under certain circumstances Windows tries
to read with its machine account first. The profile previously written
was stored with an ACL that only allows access for the user and not
the machine. Windows should get an NT_STATUS_ACCESS_DENIED when using
the machine account, making it retry with the user account (which would
then succeed).
Samba under these circumstances erroneously gives
NT_STATUS_OBJECT_PATH_NOT_FOUND, which makes Windows give up and not
retry. The reasons is the "dropbox" patch in unix_convert, turning EACCESS
on the last path component to OBJECT_PATH_NOT_FOUND. This patch makes
the dropbox behaviour only kick in when we are creating a file. I think
this is an abstraction violation. unix_convert() should not have to know
about the create_disposition, but given that we have pathname resolution
separated from the core open code right now this is the best we can do.
Signed-off-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Fri, 2 Aug 2013 22:03:39 +0000 (15:03 -0700)]
Fix bug #10063 - source3/lib/util.c:1493 leaking memory w/ pam_winbind.so / winbind
Don't use talloc_tos() in something that can be linked to in pam_winbindd.so
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Sat Aug 24 02:28:28 CEST 2013 on sn-devel-104
(cherry picked from commit
9423d5afb71e272298f4858d82f436e19ee2b07f)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Tue Aug 27 11:39:07 CEST 2013 on sn-devel-104
Günther Deschner [Mon, 12 Aug 2013 15:23:12 +0000 (17:23 +0200)]
s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat().
Fallback to lsa named-pipe connection when tcp connection has failed twice (it
could be a trusted domain connection where we cannot setup a secure channel).
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9615
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9899
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Tested-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 13 20:55:33 CEST 2013 on sn-devel-104
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Tue Aug 20 12:58:03 CEST 2013 on sn-devel-104
Christian Ambach [Thu, 1 Aug 2013 21:00:21 +0000 (23:00 +0200)]
waf: replace dependency to libintl with samba_intl
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Mon Aug 12 00:46:34 CEST 2013 on sn-devel-104
(cherry picked from commit
20b64eae75b8809d67b8c2824616996bb4722612)
The last 5 patches address bug #9911 - Build Samba 4.0.x on AIX with IBM XL
C/C++.
Christian Ambach [Thu, 1 Aug 2013 20:28:05 +0000 (22:28 +0200)]
waf: consolidate libintl related checks
consolidate the dealing with functions from libintl and the
handling of checking if libiconv is required or not
to a common place in lib/replace
also add a new samba_intl subsystem that has dependencies
on the appropriate set of libraries (libintl, libintl+libiconv or none)
that can be used as a general dependency by code that depends
on the internationalization libraries
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
07b3a048724a6b41282e1f673aea5ce2c1202a5e)
Christian Ambach [Tue, 25 Jun 2013 16:37:35 +0000 (18:37 +0200)]
waf: add --without-gettext option
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
a742e87b39bed97ac59f5ec8bff9bf3cedf8b68a)
Christian Ambach [Thu, 20 Jun 2013 16:26:04 +0000 (18:26 +0200)]
waf: fix build on AIX7
the same works for AIX 5,6,7 so leave away the version specifics (as autoconf build did)
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ce8fbdf76ee2792d011d9da4d0116f04d9656886)
Christian Ambach [Thu, 20 Jun 2013 16:27:13 +0000 (18:27 +0200)]
s3:lib/system fix build on AIX 7
AIX uses struct stat64 with struct timespec64, so direct assignment does
not work any more.
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Aug 2 09:47:43 CEST 2013 on sn-devel-104
(cherry picked from commit
ba40d0d9d320e500621a6a8107a2ef0a34aeb6ba)
Volker Lendecke [Wed, 14 Aug 2013 10:46:46 +0000 (10:46 +0000)]
smbd: Fix async echo handler forking (Bug 10086)
If SMB3 is chosen via an SMB1 negprot, we forked the echo handler because
set_Protocol is called later, after the full protocol negotiation is done.
Signed-off-by: Volker Lendecke <vl@samba.org>
Richard Sharpe [Sun, 18 Aug 2013 14:34:31 +0000 (07:34 -0700)]
Fix bug #10097 - MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba.
Windows overloads the EA Length field in the DIRECTORY INFO leves of FIND FIRST/FIND NEXT.
This field indicates either the REPARSE_TAG if the file/folder has a reparse proint or
the EA Length if it has EAs, and is the fundamental reason you cannot have both on a
file or folder.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Karolin Seeger [Tue, 13 Aug 2013 09:04:50 +0000 (11:04 +0200)]
docs: Fix variable list in man vfs_crossrename.
The varlist entries need a paragraph, otherwise the list is broken and the list
entries end with ".RE".
Fix bug #10076 - varlist in man vfs_crossrename broken.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 20 04:19:42 CEST 2013 on sn-devel-104
(cherry picked from commit
1808316b1245290fd4a4aa87a801410899e4c1e3)
Karolin Seeger [Thu, 15 Aug 2013 08:19:46 +0000 (10:19 +0200)]
VERSION: Bump version number up to 4.0.10...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 15 Aug 2013 08:18:21 +0000 (10:18 +0200)]
VERSION: Disable git snapshots for the 4.0.9 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 15 Aug 2013 08:17:11 +0000 (10:17 +0200)]
WHATSNEW: Prepare release notes for Samba 4.0.9.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Andreas Schneider [Mon, 5 Aug 2013 07:25:11 +0000 (09:25 +0200)]
s3-libads: Print a message if no realm has been specified.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Aug 5 12:24:44 CEST 2013 on sn-devel-104
(cherry picked from commit
6659f0164c6b8d7ad522bcd6c2c6748c3d9bca81)
The last 2 patches address bug #10073 - net ads join - segmentation fault in
create_local_private_krb5_conf_for_domain.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Tue Aug 13 12:16:48 CEST 2013 on sn-devel-104
Günther Deschner [Fri, 17 May 2013 13:14:35 +0000 (15:14 +0200)]
s3-libads: Fail create_local_private_krb5_conf_for_domain() if parameters missing.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
6dc7c63efa95d0c04b542667d9b6a6621c8139bf)
Ralph Wuerthner [Wed, 31 Jul 2013 23:33:48 +0000 (16:33 -0700)]
Ensure gpfs kernel leases are wrapped in a become_root()/unbecome_root() pair.
Ensures correct lease owner for signal delivery.
Signed-off-by: Ralph Wuerthner <ralphw@de.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 1 03:57:11 CEST 2013 on sn-devel-104
The last 2 patches address bug #10064 - Linux kernel oplock breaks can miss
signals.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Wed Aug 7 13:15:02 CEST 2013 on sn-devel-104
Jeremy Allison [Wed, 31 Jul 2013 23:32:20 +0000 (16:32 -0700)]
Wrap setting leases in become_root()/unbecome_root() to ensure correct delivery of signals.
Remove workaround for Linux kernel bug https://bugzilla.kernel.org/show_bug.cgi?id=43336
as we don't need to set capabilities when we're already root.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Jeremy Allison [Tue, 9 Jul 2013 23:37:48 +0000 (16:37 -0700)]
Add torture tests to raw.eas to check sending Windows invalid names in the middle of an EA list.
Add torture tests to probe the set of invalid
Windows EA names.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 19 11:50:25 CEST 2013 on sn-devel-104
Jeremy Allison [Tue, 16 Jul 2013 16:14:12 +0000 (09:14 -0700)]
Reply with correct trans2 message on a setpathinfo with a bad EA name.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Tue, 16 Jul 2013 18:05:10 +0000 (11:05 -0700)]
Ensure we do pathname processing before SD and EA processing in NTTRANS_CREATE.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Tue, 9 Jul 2013 22:54:39 +0000 (15:54 -0700)]
Ensure we can't create a file using NTTRANS with an invalid EA list.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Tue, 9 Jul 2013 22:59:53 +0000 (15:59 -0700)]
Ensure we can't create a file using TRANS2_OPEN with an invalid EA list.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Wed, 10 Jul 2013 19:18:36 +0000 (12:18 -0700)]
Add error map of STATUS_INVALID_EA_NAME -> ERRDOS, ERRbadfile
(from Windows2012 tests).
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Wed, 10 Jul 2013 19:38:41 +0000 (12:38 -0700)]
Add the ability to send an NTSTATUS result back with a trans2 reply so we can return a parameter block with an error code.
This is needed when returning a STATUS_INVALID_NAME result (tested
from Windows 2012).
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Tue, 9 Jul 2013 23:02:50 +0000 (16:02 -0700)]
Ensure we can't create a file using SMB2_CREATE with an invalid EA list.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Tue, 9 Jul 2013 23:21:18 +0000 (16:21 -0700)]
Ensure we never return an EA name to a Windows client it can't handle.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Tue, 9 Jul 2013 22:52:47 +0000 (15:52 -0700)]
Ensure set_ea cannot set invalid Windows EA names.
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>