Günther Deschner [Thu, 5 Feb 2015 14:59:52 +0000 (15:59 +0100)]
vfs: Add a brief vfs_ceph manpage.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11088
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Feb 25 20:56:01 CET 2015 on sn-devel-104
Volker Lendecke [Wed, 25 Feb 2015 12:19:44 +0000 (12:19 +0000)]
Fix the developer O3 build
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Feb 25 16:32:29 CET 2015 on sn-devel-104
Volker Lendecke [Wed, 25 Feb 2015 12:19:40 +0000 (12:19 +0000)]
heimdal: Fix the developer O3 build
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Fri, 23 Jan 2015 09:38:31 +0000 (10:38 +0100)]
s3-pam_smbpass: Add a deprecation warning.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb 25 03:37:34 CET 2015 on sn-devel-104
Andrew Bartlett [Mon, 23 Feb 2015 03:50:43 +0000 (16:50 +1300)]
s4/scripting/devel: Add tool to roll over the krbtgt password
This may be handy if this key is compromised, or along with chgtdcpass to isolate test copies
of production domains in such a way that they cannot mix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Mon, 23 Feb 2015 03:22:29 +0000 (16:22 +1300)]
testprogs-test_chgdcpass.sh: Improve comments to explain why we check about changing the password twice
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Mon, 23 Feb 2015 02:45:53 +0000 (15:45 +1300)]
selftest: Improve renamedc tests to confirm more than just the exit code
This now confirms that the DC has been renamed
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Mon, 23 Feb 2015 03:10:31 +0000 (16:10 +1300)]
s4/scripting/bin/renamedc: Fix up rename DC script
We now have a reliable handler for backlinks so this we can now rename both objects
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Michael Ledford [Tue, 24 Feb 2015 01:46:31 +0000 (20:46 -0500)]
lib/crypto: Document nettle supported crypto
Signed-off-by: Michael Ledford <michael@ledford.cc>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Sun, 15 Feb 2015 22:26:37 +0000 (11:26 +1300)]
backupkey: Explain more why we use GnuTLS here
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 11 Feb 2015 23:13:39 +0000 (12:13 +1300)]
build: amend typo for address sanitizer help
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Fri, 13 Feb 2015 03:55:07 +0000 (16:55 +1300)]
torture-backupkey: Check the dcerpc call return code before calling ndr pull
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 12 Feb 2015 20:54:50 +0000 (09:54 +1300)]
backupkey: replace heimdal rsa key generation with GnuTLS
We use GnuTLS because it can reliably generate 2048 bit keys every time.
Windows clients strictly require 2048, no more since it won't fit and no
less either. Heimdal would almost always generate a smaller key.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10980
Garming Sam [Fri, 13 Feb 2015 03:49:58 +0000 (16:49 +1300)]
build: Require GnuTLS if building with Active Directory
Without GnuTLS, we don't have ldaps:// support and we are unable to
readily create RSA keys of the correct length for the BackupKey
protocol.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 12 Feb 2015 23:59:45 +0000 (12:59 +1300)]
torture-backupkey: Add tests that read the secret from the server, and validate
These show that MS-BKRP 3.1.4.1.1 BACKUPKEY_BACKUP_GUID is incorrect when it
states that the key must be the leading 64 bytes, it must be the whole 256 byte
buffer.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 12 Feb 2015 03:15:41 +0000 (16:15 +1300)]
backupkey: Better handling for different wrap version headers
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 11 Feb 2015 04:46:42 +0000 (17:46 +1300)]
backupkey: Add tests for ServerWrap protocol
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 11 Feb 2015 00:37:16 +0000 (13:37 +1300)]
backupkey: Change expected error codes to match Windows 2008R2 and Windows 2012R2
This is done in both smbtoture and in our server
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Feb 2015 20:53:58 +0000 (09:53 +1300)]
backupkey: Implement ServerWrap Decrypt
We implement both modes in BACKUPKEY_RESTORE_GUID, as it may decrypt
both ServerWrap and ClientWrap data, and we implement
BACKUPKEY_RESTORE_GUID_WIN2K.
BUG: https://bugzilla.samba.org/attachment.cgi?bugid=11097
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Feb 2015 03:26:23 +0000 (16:26 +1300)]
backupkey: Handle more clearly the case where we find the secret, but it has no value
This happen on the RODC, a case that we try not to permit at all.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Feb 2015 03:23:17 +0000 (16:23 +1300)]
backupkey: Improve variable names to make clear this is client-provided data
The values we return here are client-provided passwords or other keys, that we decrypt for them.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Feb 2015 03:16:20 +0000 (16:16 +1300)]
backupkey: Use the name lsa_secret rather than just secret
This makes it clear that this is the data stored on the LSA secrets store
and not the client-provided data to be encrypted.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Feb 2015 03:02:00 +0000 (16:02 +1300)]
backupkey: Implement ServerWrap Encrypt protocol
BUG: https://bugzilla.samba.org/attachment.cgi?bugid=11097
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Feb 2015 02:50:15 +0000 (15:50 +1300)]
backupkey: Improve function names and comments for clarity
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Feb 2015 02:48:06 +0000 (15:48 +1300)]
backupkey: Move SID comparison to inside get_and_verify_access_check()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Thu, 5 Feb 2015 05:17:58 +0000 (18:17 +1300)]
backupkey: Improve IDL
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 4 Feb 2015 22:07:30 +0000 (11:07 +1300)]
backupkey: begin by factoring out the server wrap functions
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 10 Feb 2015 22:45:45 +0000 (11:45 +1300)]
torture-backupkey: Assert dcerpc_bkrp_BackupKey_r call was successful
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Feb 2015 20:51:27 +0000 (09:51 +1300)]
torture-backupkey: Add consistent assertions that createRestoreGUIDStruct() suceeds
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Tue, 23 Dec 2014 17:56:20 +0000 (18:56 +0100)]
s4:torture/rpc/backupkey: Require 2048 bit RSA key
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(fixed cleanup of memory)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Tue, 8 Jul 2014 15:25:53 +0000 (17:25 +0200)]
s4-backupkey: consistent naming of werr variable
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Tue, 8 Jul 2014 14:12:13 +0000 (16:12 +0200)]
s4-backupkey: improve variable name
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 16:56:39 +0000 (18:56 +0200)]
s4-backupkey: typo fix
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 16:48:41 +0000 (18:48 +0200)]
s4-backupkey: IDL for ServerWrap subprotocol
This adds some IDL structs for the ServerWrap subprotocol, allowing
parsing of the incoming RPC calls and returning WERR_NOT_SUPPORTED
instead of WERR_INVALID_PARAM.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 16:43:05 +0000 (18:43 +0200)]
s4-backupkey: fix ndr_pull error on empty input
[MS-BKRP] 3.1.4.1 specifies for BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID that
the server must ignore the input data. This patch fixes
ndr_pull_error(11): Pull bytes 4 (../librpc/ndr/ndr_basic.c:148)
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 16:36:49 +0000 (18:36 +0200)]
s4-backupkey: Initialize ndr->switchlist for print
ndr_print_bkrp_data_in_blob requires the level to be set in the
proper ndr->switch_list context.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 16:25:29 +0000 (18:25 +0200)]
s4-backupkey: Comply with [MS-BKRP] 2.2.1
[MS-BKRP] 2.2.1 specifies "The Common Name field of the Subject name
field SHOULD contain the name of the DNS domain assigned to the server."
In fact Windows 7 clients don't seem to care. Also in certificates
generated by native AD the domain name (after CN=) is encoded as
UTF-16LE. Since hx509_parse_name only supports UTF-8 strings currently
we just leave the encoding as it is for now.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 16:18:30 +0000 (18:18 +0200)]
s4-backupkey: Set defined cert serialnumber
[MS-BKRP] 2.2.1 specifies that the serialnumber of the certificate
should be set identical to the subjectUniqueID. In fact certificates
generated by native AD have this field encoded in little-endian format.
See also
https://www.mail-archive.com/cifs-protocol@cifs.org/msg01364.html
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 16:15:37 +0000 (18:15 +0200)]
s4-backupkey: de-duplicate error handling
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 16:12:47 +0000 (18:12 +0200)]
s4-backupkey: check for talloc failure
Check for talloc_memdup failure for uniqueid.data.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 15:59:29 +0000 (17:59 +0200)]
s4-backupkey: Cert lifetime of 365 days, not secs
hx509_ca_tbs_set_notAfter_lifetime expects the lifetime value in
in seconds. The Windows 7 client didn't seem to care that the lifetime
was only 6'03''. Two other TODOs in this implementation:
* Since notBefore is not set explicietely to "now", the heimdal code
default of now-(24 hours) is applied.
* Server side validity checks and cert renewal are missing.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Arvid Requate [Mon, 7 Jul 2014 15:39:51 +0000 (17:39 +0200)]
s4-backupkey: Ensure RSA modulus is 2048 bits
RSA_generate_key_ex doesn't always generate a modulus of requested
bit length. Tests with Windows 7 clients showed that they decline
x509 certificates (MS-BKRP 2.2.1) in cases where the modulus length
is smaller than the specified 2048 bits. For the user this resulted
in DPAPI failing to retrieve stored credentials after the user password
has been changed at least two times. On the server side log.samba showed
that the client also called the as yet unlimplemented ServerWrap sub-
protocol function BACKUPKEY_BACKUP_KEY_GUID after it had called the
ClientWarp function BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID. After
enabling DPAPI auditing on the Windows Clients the Event Viewer showed
Event-ID 4692 failing with a FailureReason value of 0x7a in these cases.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10980
Alexander Bokovoy [Tue, 24 Feb 2015 13:12:39 +0000 (15:12 +0200)]
wafsamba: make sure build fails when uninitialized variable is detected
In developer build, fail if uninitialized variable is found by GCC.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 24 20:21:52 CET 2015 on sn-devel-104
Volker Lendecke [Tue, 17 Feb 2015 20:19:33 +0000 (20:19 +0000)]
lib: Use iov_buflen in smb1cli_req_chain_submit
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Feb 2015 20:19:10 +0000 (20:19 +0000)]
lib: Use iov_buflen in smb1cli_req_writev_submit
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Feb 2015 20:18:37 +0000 (20:18 +0000)]
lib: Use iov_buflen in smb1cli_req_create
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Feb 2015 20:17:35 +0000 (20:17 +0000)]
lib: Use iov_buf in smbXcli_iov_concat
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Feb 2015 20:16:45 +0000 (20:16 +0000)]
libcli: Use iov_buflen in smbXcli_iov_len
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 16 Feb 2015 14:36:28 +0000 (14:36 +0000)]
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 16 Feb 2015 14:35:03 +0000 (14:35 +0000)]
smb2_server: Use iov_advance
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 16 Feb 2015 14:29:36 +0000 (14:29 +0000)]
smb2_server: Add range checking to nbt_length
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 16 Feb 2015 13:50:25 +0000 (13:50 +0000)]
tsocket: Use iov_advance
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 16 Feb 2015 13:26:29 +0000 (13:26 +0000)]
iov_buf: Add an explaining comment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 16 Feb 2015 13:24:04 +0000 (13:24 +0000)]
tsocket: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 14 Feb 2015 15:48:54 +0000 (16:48 +0100)]
lib: Move "iov_buf.[ch]" to lib/util
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 14 Feb 2015 15:28:06 +0000 (16:28 +0100)]
rpc: Use tevent_req_poll_ntstatus
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Amitay Isaacs [Mon, 23 Feb 2015 01:38:11 +0000 (12:38 +1100)]
ctdb-io: Do not use sys_write to write to client sockets
When sending messages to clients, ctdb checks for EAGAIN error code and
schedules next write in the subsequent event loop. Using sys_write in
these places causes ctdb to loop hard till a client is able to read from
the socket. With real time scheduling, ctdb daemon spins consuming 100%
of CPU trying to write to the client sockets. This can be quite harmful
when running under VMs or machines with single CPU.
This regression was introduced when all read/write calls were replaced to
use sys_read/sys_write wrappers (
c1558adeaa980fb4bd6177d36250ec8262e9b9fe).
The existing code backs off in case of EAGAIN failures and waits for an
event loop to process the write again. This should give ctdb clients
a chance to get scheduled and to process the ctdb socket.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Feb 24 12:29:30 CET 2015 on sn-devel-104
Andreas Schneider [Fri, 30 Jan 2015 13:37:06 +0000 (14:37 +0100)]
nmblookup: Warn user if netbios name is too long.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 24 01:01:10 CET 2015 on sn-devel-104
Andreas Schneider [Fri, 30 Jan 2015 13:29:26 +0000 (14:29 +0100)]
nss-wins: Do not lookup invalid netbios names
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 30 Jan 2015 13:28:48 +0000 (14:28 +0100)]
libsmb: Do not lookup invalid netbios names.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Mon, 23 Feb 2015 18:15:05 +0000 (10:15 -0800)]
Revert "s3: smbd: signing. Ensure we respond correctly to an SMB2 negprot with SMB2_NEGOTIATE_SIGNING_REQUIRED."
Even though the MS-SMB2 spec says so, Windows doesn't behave
like this.
This reverts commit
1cea6e5b6f8c0e28d5ba2d296c831c4878fca304.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Andreas Schneider [Mon, 23 Feb 2015 16:12:46 +0000 (17:12 +0100)]
waf: Only build the wrappers if we enable selftest
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Feb 23 22:31:22 CET 2015 on sn-devel-104
Andreas Schneider [Mon, 23 Feb 2015 16:19:04 +0000 (17:19 +0100)]
swrap: Bump version to 1.1.3
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Mon, 23 Feb 2015 16:18:16 +0000 (17:18 +0100)]
swrap: If we remove the socket_info also unlink the unix socket
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 23 Feb 2015 16:17:43 +0000 (17:17 +0100)]
swrap: Do not leak the socket_info we just removed.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Mon, 23 Feb 2015 16:16:00 +0000 (17:16 +0100)]
src: Add support for running with address sanitizer.
If address sanitzer will complain about our hack with variable function
attributes. This disables the checking of it.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Mon, 23 Feb 2015 16:15:12 +0000 (17:15 +0100)]
swrap: Fix the loop for older gcc versions.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Mon, 16 Feb 2015 07:56:28 +0000 (08:56 +0100)]
torture: Add netr_setPassword(2) schannel test.
Thanks to Florian Weimer <fweimer@redhat.com> for the help to write
this torture test.
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Feb 23 20:01:01 CET 2015 on sn-devel-104
Andreas Schneider [Mon, 16 Feb 2015 09:59:23 +0000 (10:59 +0100)]
s3-netlogon: Make sure we do not deference a NULL pointer.
This is an additional patch for CVE-2015-0240.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Wed, 28 Jan 2015 22:47:31 +0000 (14:47 -0800)]
CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Fri, 20 Feb 2015 02:50:45 +0000 (18:50 -0800)]
s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting.
If we delete the file on close, the stat after the close
will fail so we fail to return the attributes requested.
Bug 11104 - SMB2/SMB3 close response does not include attributes when requested.
https://bugzilla.samba.org/show_bug.cgi?id=11104
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Steve French <sfrench@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 20 20:54:18 CET 2015 on sn-devel-104
Jeremy Allison [Fri, 20 Feb 2015 02:49:03 +0000 (18:49 -0800)]
s3: smbd: SMB2 close. Call utility function setup_close_full_information()
Replaces existing inline code.
Bug 11104 - SMB2/SMB3 close response does not include attributes when requested.
https://bugzilla.samba.org/show_bug.cgi?id=11104
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Steve French <sfrench@samba.org>
Jeremy Allison [Fri, 20 Feb 2015 02:46:55 +0000 (18:46 -0800)]
s3: smbd: SMB2 close. Add utility function setup_close_full_information()
Not yet used.
Bug 11104 - SMB2/SMB3 close response does not include attributes when requested.
https://bugzilla.samba.org/show_bug.cgi?id=11104
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Steve French <sfrench@samba.org>
Michael Adam [Thu, 19 Feb 2015 15:59:00 +0000 (16:59 +0100)]
doc:man:vfs_glusterfs: improve the configuration section.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Feb 20 14:29:21 CET 2015 on sn-devel-104
Michael Adam [Fri, 13 Feb 2015 00:04:11 +0000 (01:04 +0100)]
doc:man:vfs_glusterfs: improve and update description.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Fri, 13 Feb 2015 00:03:21 +0000 (01:03 +0100)]
doc:man:vfs_glusterfs: remove extra % signs.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Jeremy Allison [Wed, 18 Feb 2015 19:51:53 +0000 (11:51 -0800)]
s4: smbtorture: leases - show stat opens grant leases and can be broken.
https://bugzilla.samba.org/show_bug.cgi?id=11102
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 19 23:10:43 CET 2015 on sn-devel-104
Jeremy Allison [Wed, 18 Feb 2015 19:49:27 +0000 (11:49 -0800)]
s3: smbd: leases - losen paranoia check. Stat opens can grant leases.
https://bugzilla.samba.org/show_bug.cgi?id=11102
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 18 Feb 2015 19:48:31 +0000 (11:48 -0800)]
s3: smbd: leases - new torture test shows stat opens can get leases.
Can also issue breaks on these leases.
https://bugzilla.samba.org/show_bug.cgi?id=11102
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Thu, 19 Feb 2015 05:27:37 +0000 (21:27 -0800)]
s3: smbd: signing. Ensure we respond correctly to an SMB2 negprot with SMB2_NEGOTIATE_SIGNING_REQUIRED.
Bug 11103: - Samba does not set the required flags in the SMB2/SMB3 Negotiate Protocol Response when signing required by client
https://bugzilla.samba.org/show_bug.cgi?id=11103
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Steve French <smfrench@gmail.com>
Christof Schmitt [Wed, 18 Feb 2015 21:42:11 +0000 (14:42 -0700)]
regedit: Rename variable to fix compile warning
With --picky-developer this warning is turned into an error:
cc1: warnings being treated as errors
../source3/utils/regedit_treeview.c: In function ‘tree_node_load_children’:
../source3/utils/regedit_treeview.c:256: error: declaration of ‘key_name’ shadows a global declaration
/usr/include/ncurses.h:1419: error: shadowed declaration is here
Fix this by renaming the local variable.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 19 01:31:44 CET 2015 on sn-devel-104
David Disseldorp [Wed, 18 Feb 2015 11:01:14 +0000 (12:01 +0100)]
s3/vfs: bump interface version number to 33
The SMB_VFS_DISK_FREE() small_query parameter removal cleanup will not
be merged for Samba 4.2, so the master SMB_VFS_INTERFACE_VERSION number
should be bumped above what's currently present in the 4.2 branch.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 18 Dec 2014 15:14:36 +0000 (15:14 +0000)]
spoolss: retrieve published printer GUID if not in registry
When a printer is published, the GUID for the published DN is retrieved
from the domain controller and stored in the registry.
When handling a spoolss GetPrinter(level=7) request, the same GUID is
obtained from the registry and returned to the client.
This change sees the spoolss server query the DC for the published
printer GUID if it is not present in the registry when handling a
spoolss GetPrinter(level=7) request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11018
Pair-Programmed-With: David Disseldorp <ddiss@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Feb 18 12:43:44 CET 2015 on sn-devel-104
Andreas Schneider [Thu, 18 Dec 2014 15:13:27 +0000 (15:13 +0000)]
printing: rework nt_printer_guid_store to return errors
Callers can now choose whether or not to ignore errors.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11018
Pair-programmed-with: David Disseldorp <ddiss@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
David Disseldorp [Thu, 18 Dec 2014 17:23:11 +0000 (18:23 +0100)]
printing: add nt_printer_guid_retrieve() helper
This function connects to the domain controller and retrieves the
GUID for the corresponding printer DN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11018
Pair-programmed-with: Andreas Schneider <asn@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
David Disseldorp [Thu, 18 Dec 2014 17:18:21 +0000 (18:18 +0100)]
printing: split out printer DN and GUID retrieval
This functions are used for printer publishing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11018
Pair-programmed-with: Andreas Schneider <asn@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Martin Schwenke [Sat, 14 Feb 2015 01:53:08 +0000 (12:53 +1100)]
ctdb-scripts: Improve messages about invalid tunables during "setup"
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Feb 18 08:03:33 CET 2015 on sn-devel-104
Martin Schwenke [Sun, 8 Feb 2015 23:33:35 +0000 (10:33 +1100)]
ctdb-tool: Print a warning when setting an obsolete tunable variable
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sun, 8 Feb 2015 23:32:47 +0000 (10:32 +1100)]
ctdb-client: Return a value of 1 when setting obsolete tunable variable
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sun, 15 Feb 2015 03:39:51 +0000 (14:39 +1100)]
ctdb-tests: New tests for 00.ctdb "setup" event - set tunables from config
Unit test infrastructure tweaks to support.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 16 Feb 2015 03:04:09 +0000 (14:04 +1100)]
ctdb-scripts: Fix tunable setup code by making it shell-agnostic
All tunables set in configuration are currently set to 0 on system
where /bin/sh is dash (and perhaps other non-bash shells). dash puts
single quotes around all values in the output of the "set" builtin
command, whereas bash only puts them around values when something
needs to be quoted. Tunables always have a simple integer value so
dash will quote them and bash won't. The setup code currently passes
the raw value, including any quotes to "ctdb setvar ...". This
command does no error checking on the input, so "'1'" is converted to
0.
Change the code so that the value is determined from the shell
variable and is independent of the "set" output.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 9 Feb 2015 01:04:41 +0000 (12:04 +1100)]
ctdb: Change default debug level to NOTICE (2)
This was true for the daemon until commit
b4589b954e1090a934fafd3f8e3c2cf1ed785c61.
Defaulting to ERR in the ctdb CLI tool encourages logging notices at
ERR level, so default to NOTICE instead.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Tom Schulz [Fri, 13 Feb 2015 21:47:14 +0000 (13:47 -0800)]
lib: texpect. Fix the build on Solaris.
Bug 11092 - texpect requires routines err and errx
https://bugzilla.samba.org/show_bug.cgi?id=11092
Signed-off-by: Tom Schulz <schulz@adi.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Feb 17 18:09:52 CET 2015 on sn-devel-104
Marc Muehlfeld [Sat, 24 Jan 2015 14:59:40 +0000 (15:59 +0100)]
group.py: Fix wrong example option, remove wrong comment line
Replaced "--gid" with the correct "--gid-number" in Example 3.
Additionally removed the first comment line in group.py, which
was wrong in that file.
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Petr Viktorin [Fri, 16 Jan 2015 14:24:03 +0000 (15:24 +0100)]
buildtools: Use separate storage for each function in runonce
The runonce decorator used shared storage for all functions, and
dispatched only on arguments, so a call would be eliminated if
a different runonce function had already been called with the same
arguments.
Use separate storage for each decorated function.
Signed-off-by: Petr Viktorin <pviktori@redhat.com>
Reviewed-by: Simo Sorce <simo@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jelmer Vernooij [Wed, 21 Jan 2015 01:58:49 +0000 (02:58 +0100)]
Force rebuild of ldb if pyldb-util is not available.
This is necessary since pyldb-util uses ldb_private.h, so we want to
build against the same source ldb.
Change-Id: I802974b9eef7deb102fea15b67ec5f87e8e353bd
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jelmer Vernooij [Wed, 21 Jan 2015 01:58:48 +0000 (02:58 +0100)]
wscript: Expand tabs.
Change-Id: I2746f775accceeb2eeb02679f2c91b02085560b6
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jelmer Vernooij [Wed, 21 Jan 2015 01:58:47 +0000 (02:58 +0100)]
rpc_talloc: Update instructions to use standard unittest runner.
Change-Id: Id90541b01073f1156ccba562ba750245aad091c2
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jelmer Vernooij [Wed, 21 Jan 2015 01:58:46 +0000 (02:58 +0100)]
Remove documentation for testsuite-count subunit extension, which is no longer used.
Change-Id: Ie7f671fdac4f878e1eea157ee7e300977a68deb0
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jelmer Vernooij [Wed, 21 Jan 2015 01:58:45 +0000 (02:58 +0100)]
Update selftest README to point at upstream subunit repository for protocol description.
Change-Id: I50c2a5e9847d269486cb5157357592004779704a
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
git.samba.org / samba.git / log