Günther Deschner [Mon, 20 Sep 2010 23:01:51 +0000 (16:01 -0700)]
lib/tdb: fix c++ build warning in tdb_header_hash().
Guenther
(cherry picked from commit
1585c4df68a66569524a41def95488666dd827dd)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Rusty Russell [Thu, 21 Oct 2010 09:55:19 +0000 (11:55 +0200)]
tdb: put example hashes into header, so we notice incorrect hash_fn.
This is Stefan Metzmacher <metze@samba.org>'s patch with minor changes:
1) Use the TDB_MAGIC constant so both hashes aren't of strings.
2) Check the hash in tdb_check (paranoia, really).
3) Additional check in the (unlikely!) case where both examples hash to 0.
4) Cosmetic changes to var names and complaint message.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
(cherry picked (modified for v3-4) from commit
786b7263000dedcb97e7369402e2e9dc967e36c4)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Tue, 19 Oct 2010 06:59:14 +0000 (08:59 +0200)]
s3: Add some DEBUG
Volker Lendecke [Tue, 19 Oct 2010 06:53:21 +0000 (08:53 +0200)]
s3: Cope with EINTR in smbd_[un]lock_socket
Michael Adam [Wed, 13 Oct 2010 14:57:26 +0000 (16:57 +0200)]
v3-4-ctdb: Bump ctdb vendor patch level to 12
Volker Lendecke [Wed, 6 Oct 2010 16:24:13 +0000 (18:24 +0200)]
s3: Fix the async echo responder for netbios keepalives
This fixes a crash in the echo responder when the client started to send the
NetBIOS-Level 0x85-style keepalive packets. We did not correctly check the
packet length, so the code writing the signing seqnum overwrote memory after
the malloc'ed area for the 4 byte keepalive packet.
Volker Lendecke [Sat, 2 Oct 2010 15:07:00 +0000 (17:07 +0200)]
s3: Stop using the write cache after an oplock break
This fixes samba-bug 7715: If "write cache size" is set (a typical tuning knob
that might be applied in critical customer situations by performance experts),
smbd can corrupt data. This fixes it.
Volker Lendecke [Wed, 6 Oct 2010 13:05:59 +0000 (15:05 +0200)]
s3: Make the write end of the echo responder pipe non-blocking
Without this, we can get a writable pipe end, but the writev call on the pipe
will block.
Michael Adam [Wed, 22 Sep 2010 04:00:00 +0000 (06:00 +0200)]
s3:tests: fix misplaced '...' for grep pattern in test_net_registry.sh
Volker Lendecke [Thu, 17 Jun 2010 08:53:56 +0000 (10:53 +0200)]
Revert "v3-4-ctdb: Do not do any logrotation"
This reverts commit
0ce0f33c9bfdb9d0a5364e3902926fcc3a6d8ae1.
Volker Lendecke [Wed, 29 Sep 2010 10:17:05 +0000 (12:17 +0200)]
s3: Add "smbcontrol winbindd ip-dropped <local-ip>"
This is supposed to improve the winbind reconnect time after an ip address
has been moved away from a box. Any kind of HA scenario will benefit from
this, because winbindd does not have to wait for the TCP timeout to kick in
when a local IP address has been dropped and DC replies are not received
anymore.
Volker Lendecke [Wed, 22 Sep 2010 12:23:43 +0000 (05:23 -0700)]
s3: Fix a deadlock between notify_onelevel.tdb and notify.tdb
notify_add() locks notify_onlevel.tdb while having notify.tdb locked.
file_free() calls notify_remove_onelevel(), and due to this talloc hierarchy
problem the tdb record is not unlocked again timely. Thus notify.tdb will be
locked while notify_onelevel still has a lock.
Sorry, Ronnie, for causing you some grey hair and thanks for the stacktraces.
Volker
Michael Adam [Mon, 27 Sep 2010 10:43:39 +0000 (12:43 +0200)]
libsmbconf: parse an empty share as empty share, not as NULL.
This fixes a segfault in net conf import:
Importing a text file with an empty share resulted in a segfault.
Now this creates an empty share in registry config, just as it
should.
Thanks to Gregor Beck <gbeck@sernet.de> for reporting.
(cherry picked from commit
84127dd50420a7d0e8f389d4af15d52fca6cd809)
Gregor Beck [Wed, 29 Sep 2010 13:13:55 +0000 (15:13 +0200)]
s3-net: add roundtrip tests for registry import/export
Gregor Beck [Wed, 29 Sep 2010 13:13:26 +0000 (15:13 +0200)]
s3-net: test: make MALLOC_CHECK verbose on failure
Gregor Beck [Wed, 29 Sep 2010 13:12:49 +0000 (15:12 +0200)]
s3-net: add command rpc registry export
Gregor Beck [Wed, 29 Sep 2010 13:11:49 +0000 (15:11 +0200)]
s3-net: add command rpc registry import
Gregor Beck [Wed, 29 Sep 2010 13:06:05 +0000 (15:06 +0200)]
s3-net: add command registry convert
Gregor Beck [Wed, 29 Sep 2010 13:05:21 +0000 (15:05 +0200)]
s3-net: add command registry export
Gregor Beck [Wed, 29 Sep 2010 13:03:11 +0000 (15:03 +0200)]
s3-net: add command registry import
Gregor Beck [Wed, 29 Sep 2010 12:54:15 +0000 (14:54 +0200)]
s3-registry: add support for registration entries (.reg) files
Gregor Beck [Wed, 29 Sep 2010 12:50:33 +0000 (14:50 +0200)]
s3-lib: add srprs, primitives to build simple recursive parsers
Gregor Beck [Wed, 29 Sep 2010 12:49:40 +0000 (14:49 +0200)]
s3-lib: add cbuf, a talloced character buffer
Günther Deschner [Fri, 25 Sep 2009 09:35:46 +0000 (11:35 +0200)]
s3-util: use pull_reg_multi_sz in reg_pull_multi_sz.
Guenther
Rusty Russell [Mon, 20 Sep 2010 04:19:19 +0000 (13:49 +0930)]
Really enable core dumps in Linux
commit
e1f1ce68e1f685400a8c68bcec14018e3d1fc29d
Author: Rusty Russell <rusty@rustcorp.com.au>
Date: Mon Sep 20 13:33:30 2010 +0930
source3: dump core on Linux, even after seteuid/etc.
The "dumpable" flag is reset on every call to set*uid, so we need to
reset it to 1 in the signal handler itself.
This code dates back to commit
ac01fda2b97b 6 years ago :(
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Thu, 9 Sep 2010 13:48:23 +0000 (15:48 +0200)]
Fix bug #7669.
Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in
Samba4).
CVE-2010-3069:
===========
Description
===========
All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.
A connection to a file share is needed to exploit this
vulnerability, either authenticated or unauthenticated
(guest connection).
(cherry picked from commit
df20a300758bc12286820e31fcf573bdfc2147bc)
Michael Adam [Mon, 13 Sep 2010 15:27:16 +0000 (17:27 +0200)]
no need any more to manually create catalog file in build-manpages-nogit
Michael Adam [Mon, 13 Sep 2010 15:26:20 +0000 (17:26 +0200)]
no need any more to create catalog file manually in build-manpages-git
Michael Adam [Mon, 13 Sep 2010 15:18:18 +0000 (17:18 +0200)]
docs: use abs_top_builddir instead of BUILDDIR to let configure create correct catalog file
The use of the catalog file is still controlled by exporting the
XML_CATALOG_FILES variable as described in build/README
Michael Adam [Mon, 13 Sep 2010 09:52:53 +0000 (11:52 +0200)]
packaging(RHEL-CTDB): add a comment, why we need precompiled manpages as fallback
Particularly the version of the docbook XSL style sheets shipped with
RHEL5 have are missing some definitions needed for building the manpages.
Michael Adam [Thu, 9 Sep 2010 15:56:03 +0000 (17:56 +0200)]
packaging/RHEL-CTDB: do not use an external docs tarball
try to build the manpages instead and use a checked in manpage-only tarball
if it does not work
Michael Adam [Thu, 9 Sep 2010 15:55:32 +0000 (17:55 +0200)]
packaging/RHEL-CTDB: add a manpages tarball for use if manpage build does not work
Michael Adam [Thu, 9 Sep 2010 15:25:22 +0000 (17:25 +0200)]
add script to build only the manpages (not the complete docs) - no-git version
this version uses make clean to clean the source tree before building
Michael Adam [Thu, 9 Sep 2010 15:24:30 +0000 (17:24 +0200)]
add script to build only the manual pages (not all the docs) - git version
the git version uses git clean to clean the docs source tree.
Michael Adam [Thu, 9 Sep 2010 15:14:20 +0000 (17:14 +0200)]
packaging/RHEL-CTDB: untangle the various %doc entries to single lines
Michael Adam [Mon, 30 Aug 2010 12:49:16 +0000 (14:49 +0200)]
docs:vfs_gpfs: improve the CAVEAT section on run and build time dependencies
Stefan Metzmacher [Mon, 30 Aug 2010 08:45:52 +0000 (10:45 +0200)]
docs-xml/vfs_gpfs: document 'gpfs:refuse_dacl_protected'
metze
(cherry picked from commit
fc79f358eb6a1dd7ed2e5f5b1e31fb664a182595)
Stefan Metzmacher [Mon, 30 Aug 2010 08:31:38 +0000 (10:31 +0200)]
docs-xml/vfs_gpfs: document 'gpfs:merge_writeappend'
metze
(cherry picked from commit
4d76c18f78742ba92b4772037ac306b567351ca1)
Stefan Metzmacher [Mon, 30 Aug 2010 08:24:52 +0000 (10:24 +0200)]
docs-xml/vfs_gpfs: document 'gpfs:winattr'
metze
(cherry picked from commit
6cf66a04ad690e78311411e2195b3a1710953262)
Stefan Metzmacher [Mon, 30 Aug 2010 08:12:41 +0000 (10:12 +0200)]
docs-xml/vfs_gpfs: document 'gpfs:getrealfilename'
metze
(cherry picked from commit
a8a704001e5da10fae5df5fc2856d06250739248)
Stefan Metzmacher [Mon, 30 Aug 2010 07:29:46 +0000 (09:29 +0200)]
docs-xml/vfs_gpfs: document 'gpfs:leases'
metze
(cherry picked from commit
196699a6a1412687f7d5fe24c506577002dd769e)
Stefan Metzmacher [Mon, 30 Aug 2010 07:01:21 +0000 (09:01 +0200)]
docs-xml/vfs_gpfs: document 'gpfs:sharemodes'
metze
(cherry picked from commit
d35d846db14a4bb28a97a7bab6dbfdbe7a62b593)
Volker Lendecke [Wed, 1 Sep 2010 10:55:18 +0000 (12:55 +0200)]
s3: Print the IP of the server that stopped responding
Michael Adam [Tue, 24 Aug 2010 19:40:21 +0000 (21:40 +0200)]
v3-4-ctdb: fix typo in README
Volker Lendecke [Sun, 28 Mar 2010 14:22:26 +0000 (16:22 +0200)]
Attempt to fix the build on AIX, that system seems to have a #define for s_type
Volker Lendecke [Mon, 29 Mar 2010 05:24:00 +0000 (07:24 +0200)]
s3: Attempt to fix the build on AIX, shm_ptr seems to be a macro there
Volker Lendecke [Tue, 17 Aug 2010 11:20:02 +0000 (13:20 +0200)]
v3-4-ctdb: Attempt to fix a segfault in notify_onelevel
Volker Lendecke [Thu, 12 Aug 2010 10:55:11 +0000 (12:55 +0200)]
s3: Reduce the load on the echo handler
If the parent is fast enough, the echo handler should not step in. When the
socket becomes readable, the echo handler goes to sleep for a second. If within
that second, the parent has picked up the SMB request from the net, the echo
handler will just go back to select().
Michael Adam [Mon, 9 Aug 2010 15:46:12 +0000 (17:46 +0200)]
v3-4-ctdb: Bump ctdb vendor patch level to 11
Volker Lendecke [Fri, 6 Aug 2010 10:32:30 +0000 (12:32 +0200)]
v3-4-ctdb: fail db_open_ctdb if ctdb is not around
Volker Lendecke [Wed, 28 Jul 2010 15:02:43 +0000 (17:02 +0200)]
Further refine the time_audit warning message
Volker Lendecke [Wed, 28 Jul 2010 09:21:50 +0000 (11:21 +0200)]
s3: Modify the warning time_audit warning message
Now we have
System call "disk_free" took unexpectedly long (0.01 seconds) -- check your file system and disks!
Volker Lendecke [Fri, 23 Jul 2010 10:22:23 +0000 (12:22 +0200)]
s3: Log the correct core path on Linux if core_pattern is set
Contributions from Bill Hymas, IBM
Volker Lendecke [Mon, 5 Jul 2010 11:00:40 +0000 (13:00 +0200)]
v3-4-ctdb: Bump up the vendor patch level to 10
Volker Lendecke [Thu, 1 Jul 2010 14:31:30 +0000 (16:31 +0200)]
v3-4-ctdb: Re-arrange winbindd_ads.c:query_user
We can't access the LDAP message after nss_get_info_cached has potentially
destroyed the ads_struct
Volker Lendecke [Fri, 25 Jun 2010 09:47:30 +0000 (11:47 +0200)]
s3: Fix a winbind crash
nss_get_info_cached might deep inside sequence_number() invalidate the
ads_struct without telling its callers.
Volker Lendecke [Tue, 22 Jun 2010 13:59:44 +0000 (15:59 +0200)]
s3: Fix a winbind crash
nss_get_info_cached might have invalidated "ads" deep inside.
Michael Adam [Wed, 23 Jun 2010 11:07:23 +0000 (13:07 +0200)]
v3-4-ctdb: Bump up the vendor patch level to 9
Michael Adam [Mon, 21 Jun 2010 10:32:14 +0000 (12:32 +0200)]
s3:net rpc registry: make getsd succeed when key sd only gives access to SD not key contents
You don't need the REG_KEY_READ permissions to access the SD of a key.
And for instance, the key HKLM\security ususally has no specific bits
set for builtin\administrators, but the READ_CONTROL_ACCESS.
I.e. builtin\administrators can get the sd but not enumerate the key.
Michael Adam [Wed, 23 Jun 2010 10:02:31 +0000 (12:02 +0200)]
s3:idmap_ldap: use idmap_rw_new_mapping in idmap_ldap_new_mapping
Michael Adam [Wed, 23 Jun 2010 10:18:35 +0000 (12:18 +0200)]
s3:idmap_ldap: add idmap_rw_ops to idmap_ldap_context and init in db_init()
Michael Adam [Wed, 23 Jun 2010 10:02:31 +0000 (12:02 +0200)]
s3:idmap_tdb: use idmap_rw_new_mapping in idmap_tdb_new_mapping
Michael Adam [Wed, 23 Jun 2010 10:12:37 +0000 (12:12 +0200)]
s3:idmap_tdb: add idmap_rw_ops to idmap_tdb_context and initialize them in init_db
Michael Adam [Wed, 23 Jun 2010 10:02:31 +0000 (12:02 +0200)]
s3:idmap_tdb2: use idmap_rw_new_mapping in idmap_tdb2_new_mapping
Michael Adam [Wed, 23 Jun 2010 10:01:47 +0000 (12:01 +0200)]
s3:idmap_tdb2: add rw_ops to idmap_tdb2_context and initialize in idmap_tdb2_db_init
Michael Adam [Mon, 31 May 2010 15:12:32 +0000 (17:12 +0200)]
s3:idmap: add abstract idmap_rw new_mapping mechanism without registering backends
Stefan Metzmacher [Mon, 31 May 2010 08:57:52 +0000 (10:57 +0200)]
s3:winbindd: make sure we only call static_init_idmap once
metze
Signed-off-by: Michael Adam <obnox@samba.org>
Andrew Bartlett [Mon, 24 May 2010 04:55:17 +0000 (14:55 +1000)]
s3:winbind Ensure we always init idmap_passdb before we use it
It seems that it is possible for idmap_init_passdb_domain() to be run
before idmap_init_domain(), so ensure we run the static init functions
in both.
Andrew Bartlett
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Tue, 22 Jun 2010 12:13:55 +0000 (14:13 +0200)]
s3:idmap_ad: untangle two assignments from checks
Michael Adam [Tue, 22 Jun 2010 12:12:14 +0000 (14:12 +0200)]
s3:idmap_ad: remove unused filter_low_id and filter_high_id from idmap_ad_context
The filter range from the idmap_domain is used now.
Michael Adam [Tue, 22 Jun 2010 12:09:57 +0000 (14:09 +0200)]
s3:idmap_ad: use range from idmap_domain in idmap_ad_sids_to_unixids()
Michael Adam [Tue, 22 Jun 2010 11:13:57 +0000 (13:13 +0200)]
s3:idmap_ad: use range from idmap_domain in idmap_ad_unixids_to_sids()
Michael Adam [Tue, 22 Jun 2010 10:47:41 +0000 (12:47 +0200)]
s3:idmap_rid: remove a comment that does not apply in that place.
Probably got copied from a different location.
Michael Adam [Tue, 22 Jun 2010 10:44:22 +0000 (12:44 +0200)]
s3:idmap_rid: remove unused domain_name from the idmap_rid_context.
Michael Adam [Tue, 22 Jun 2010 10:42:52 +0000 (12:42 +0200)]
s3:idmap_rid: remove range from idmap_rid_context()
Now, the idmap_domain range that is centrally parsed is used.
Michael Adam [Tue, 22 Jun 2010 10:42:06 +0000 (12:42 +0200)]
s3:idmap_rid: use range from idmap_domain in idmap_rid_sid_to_id()
Michael Adam [Tue, 22 Jun 2010 10:38:19 +0000 (12:38 +0200)]
s3:idmap_rid: use ranges from idmap_domain struct in idmap_rid_id_to_sid()
Michael Adam [Tue, 22 Jun 2010 10:32:35 +0000 (12:32 +0200)]
s3:idmap_rid: remove unused talloc context var from idmap_rid_sids_to_unixids()
Michael Adam [Tue, 22 Jun 2010 10:31:41 +0000 (12:31 +0200)]
s3:idmap_rid: remove unused talloc context arg from idmap_rid_sid_to_id()
Michael Adam [Tue, 22 Jun 2010 10:30:58 +0000 (12:30 +0200)]
s3:idmap_rid: remove unused talloc context var from idmap_rid_unixids_to_sids()
Michael Adam [Tue, 22 Jun 2010 10:29:57 +0000 (12:29 +0200)]
s3:idmap_rid: remove unused talloc ctx argument from idmap_rid_id_to_sid()
Michael Adam [Mon, 21 Jun 2010 15:28:37 +0000 (17:28 +0200)]
s3:idmap_rid: untangle assignment from check in idmap_rid_initialize()
Michael Adam [Wed, 23 Jun 2010 10:39:59 +0000 (12:39 +0200)]
s3:idmap_ldap: add my (C)
Michael Adam [Thu, 17 Jun 2010 19:55:02 +0000 (21:55 +0200)]
s3:idmap_ldap: create mappings for unmapped sids in idmap_ldap_sids_to_unixids()
Michael Adam [Thu, 17 Jun 2010 18:48:53 +0000 (20:48 +0200)]
s3:idmap_ldap: remove unreached code (and explicit error return code)
Michael Adam [Thu, 17 Jun 2010 18:19:46 +0000 (20:19 +0200)]
s3:idmap_ldap: add a idmap_ldap_new_mapping().
High level function to create a new mapping for an unmapped sid.
This builds logic that used to reside in the top level idmap code
in the backend.
Michael Adam [Thu, 17 Jun 2010 18:18:27 +0000 (20:18 +0200)]
s3:idmap_ldap: add idmap_ldap_get_new_id() to allocate a new id given a domain
Currently this only works with the default domain, calling out
to idmap_ldap_allocate_id(). In the future this will be extended
to also work for non-default domains.
Michael Adam [Thu, 17 Jun 2010 18:15:25 +0000 (20:15 +0200)]
s3:idmap_ldap: move idmap_ldap_set_mapping() further up.
Michael Adam [Thu, 17 Jun 2010 17:45:39 +0000 (19:45 +0200)]
s3:idmap_ldap: make idmap_ldap_alloc_context a member of idmap_ldap_context
this hides this beneath the idmap structure and removes a global variable
Michael Adam [Thu, 17 Jun 2010 17:17:48 +0000 (19:17 +0200)]
s3:idmap_ldap: call idmap_ldap_alloc_init from idmap_ldap_init.
The alloc subsystem is now subordinate to the idmap system.
Michael Adam [Thu, 17 Jun 2010 17:03:46 +0000 (19:03 +0200)]
s3:idmap_ldap: remove the (now unused) range from idmap_ldap_alloc_context
Michael Adam [Thu, 17 Jun 2010 17:03:12 +0000 (19:03 +0200)]
s3:idmap_ldap: use ranges from idmap domain in idmap_ldap_allocate_id()
Second step in removing the idmap range from the idmap_ldap_alloc_context.
Michael Adam [Thu, 17 Jun 2010 16:59:28 +0000 (18:59 +0200)]
s3:idmap_ldap: add idmap_domain arg to idmap_ldap_alloc_init and verify_idpool
First step in removing idmap ranges from the idmap_ldap_alloc_context.
The range from the domain is to be used now.
Michael Adam [Thu, 17 Jun 2010 08:16:54 +0000 (10:16 +0200)]
s3:idmap_ldap: remove unused filter range from struct idmap_ldap_context
Michael Adam [Thu, 17 Jun 2010 08:16:20 +0000 (10:16 +0200)]
s3:idmap_ldap: don't load ranges - they have been loaded into struct idmap_domain
Michael Adam [Thu, 17 Jun 2010 08:00:49 +0000 (10:00 +0200)]
s3:idmap_ldap: use filter range from idmap domain, not idmap_ldap_context
Michael Adam [Tue, 22 Jun 2010 12:49:00 +0000 (14:49 +0200)]
s3:idmap_ldap: re-implement allocate_id in idmap methods.
Michael Adam [Thu, 17 Jun 2010 07:39:11 +0000 (09:39 +0200)]
s3:idmap_tdb: add my (C)
Michael Adam [Tue, 22 Jun 2010 07:01:32 +0000 (09:01 +0200)]
s3:idmap_tdb: properly initialize the idmap_tdb context with zero
Michael Adam [Thu, 17 Jun 2010 07:35:52 +0000 (09:35 +0200)]
s3:idmap_tdb: prevent opening the idmap db more than once.