As a client we request as much flags as possible. The server checks
which flags it supports and returns the same negotiation flags or less.
So we need to store the negotiate flags from the server. We need them
later if we have to call netr_LogonGetCapabilities.
Andrew Bartlett [Wed, 21 Dec 2011 06:26:23 +0000 (17:26 +1100)]
s3-auth Restore shortcut for guest security token
This was lost when the server_info and session_info structures were split.
This helps avoid doing lookups for the guest account to determine the
uid/gid and SID values.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 22 15:51:09 CET 2011 on sn-devel-104
Andrew Tridgell [Tue, 6 Dec 2011 01:15:40 +0000 (12:15 +1100)]
s3-rpc: added "rpc_server:default" config option
this allows the config to specify a default behaviour (embedded,
external or disabled) for unknown pipes. This is needed to allow the
s3 smbd server to redirect unknown pipes to the s4 RPC server when
using s3 smbd as a file server for a s4 DC. If rpc_server:default is
not specified then this change preserves the old behaviour
Rusty Russell [Wed, 21 Dec 2011 03:47:25 +0000 (14:17 +1030)]
tdb: don't free old recovery area when expanding if already at EOF.
We allocate a new recovery area by expanding the file. But if the
recovery area is already at the end of file (as shown in at least one
client case), we can simply expand the record, rather than freeing it
and creating a new one.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date: Wed Dec 21 06:25:40 CET 2011 on sn-devel-104
Rusty Russell [Wed, 21 Dec 2011 03:47:16 +0000 (14:17 +1030)]
tdb: use same expansion factor logic when expanding for new recovery area.
If we're expanding because the current recovery area is too small, we
expand only the amount we need. This can quickly lead to exponential
growth when we have a slowly-expanding record (hence a
slowly-expanding transaction size).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Jeremy Allison [Tue, 20 Dec 2011 19:38:37 +0000 (11:38 -0800)]
Allow an object to be deleted from a directory if the caller has DELETE_CHILD access
even if we don't have access to read the ACL on the object. Fixes bug #8673 - NT ACL issue.
Different fix needed for 3.6.x.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Dec 20 22:13:51 CET 2011 on sn-devel-104
Matthieu Patou [Tue, 15 Nov 2011 10:32:33 +0000 (11:32 +0100)]
s4-dsdb: Relax the conditions where we can't do a subtree delete
If the parent object is a SAM object (as defined in 3.1.1.5.2.3
Special Classes and Attributes of MS-ADTS) then we can use the subtree
delete control even if the object is a critical one.
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Dec 19 14:32:19 CET 2011 on sn-devel-104
Matthieu Patou [Mon, 14 Nov 2011 17:53:30 +0000 (18:53 +0100)]
s4-drs: avoid calling unecesserly ldb_msg_find_attr_as_* as this call in unefficient
Current implementation of ldb_msg_find_attr_as_* iterate on the list of
attributes returned by the search and make a string comparison. As we
sorting the array of messages / guids we tend to call this function many
times. By storing the GUID and the USN in a separate structure we are
sure to call this function only once per attribute and object.
Rusty Russell [Mon, 19 Dec 2011 05:17:50 +0000 (15:47 +1030)]
tdb: be more careful on 4G files.
I came across a tdb which had wrapped to 4G + 4K, and the contents had been
destroyed by processes which thought it only 4k long. Fix this by checking
on open, and making tdb_oob() check for wrap itself.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date: Mon Dec 19 07:52:01 CET 2011 on sn-devel-104
Volker Lendecke [Thu, 15 Dec 2011 15:12:37 +0000 (16:12 +0100)]
Add support for TCP_DEFER_ACCEPT
"man tcp" on Linux says:
TCP_DEFER_ACCEPT
Allows a listener to be awakened only when data arrives on the socket. Takes
an integer value (seconds), this can bound the maximum number of attempts TCP
will make to complete the connection. This option should not be used in code
intended to be portable.
This might reduce the 139/445 forks a bit on high-load servers
Andrew Bartlett [Thu, 15 Dec 2011 22:26:04 +0000 (09:26 +1100)]
lib/param: Set s4 "host msdfs = true" by default
This matches the s3 loadparm, and makes this feature available
by default for our users in a DC environment. (This is needed
for the correct operation of GPOs).
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Dec 16 01:08:34 CET 2011 on sn-devel-104
Andrew Tridgell [Tue, 6 Dec 2011 00:30:24 +0000 (11:30 +1100)]
loadparm: fixed service list handling
when you have:
server services = +smb -s3fs
and 'smb' is already in the list, then this should not be an
error. This ensures that a config that specifically sets the services
it wants doesn't generate an error if the service list being set
happens to be the default
s3-libsmb: Don't duplicate kerberos service tickets.
This fixes bug #8628.
Each time we do a client connection. Each time we call to function to
get the service ticket from the cache we duplicate it. So with each
connection we end up with one or three duplicated tickets.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Dec 15 19:30:42 CET 2011 on sn-devel-104
Volker Lendecke [Fri, 9 Dec 2011 10:22:50 +0000 (11:22 +0100)]
s3-dbwrap: All relevant backends provide parse_record(). Remove the fallback.
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Thu Dec 15 17:41:53 CET 2011 on sn-devel-104
s3:rpc_server/spoolss: remove reload_services check from delete_printer_hook()
As the spoolss code can run embedded or external relative to the
smbd file server process, it's very tricky to verify if a share
is still in use.
Checking the result of the "deleteprinter command" command should
be enough to check for success. We should not return WERR_ACCESS_DENIED
if the share is still in use, by the current client, as the primary
printer definition is already deleted.