Michael Adam [Wed, 29 May 2013 15:10:51 +0000 (17:10 +0200)]
shadow_copy2: introduce the bool "snapdir_absolute" in the config.
Not exposed but to be used internally.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
843954989cbec6640d2565d0d23a48f296740a23)
Michael Adam [Thu, 23 May 2013 23:35:44 +0000 (01:35 +0200)]
shadow_copy2: introduce config struct and function shadow_copy2_connect()
This moves the parsing of the config to a central place.
So users of configuation don't need to call lp_parm_... all the time.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
1ecef5743583cf617f5506bc2fca3baa70cfb9b3)
Michael Adam [Wed, 29 May 2013 15:11:44 +0000 (17:11 +0200)]
shadow_copy2: add comment explaining the SMB level GMT format pattern
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
6da7375cd881f85f2873578db7fcfb368deab94f)
Michael Adam [Tue, 28 May 2013 23:13:57 +0000 (01:13 +0200)]
shadow_copy2: add comment block explaining shadow_copy2_convert()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
5c900fd930edd45e9f23b36c1e68e5c2d8b96867)
Michael Adam [Fri, 24 May 2013 15:20:42 +0000 (17:20 +0200)]
shadow_copy2: add comment block explaining shadow_copy2_insert_string()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
5da5512985cf65c09abb33abaf5e8dc28167dac3)
Michael Adam [Thu, 23 May 2013 22:01:14 +0000 (00:01 +0200)]
shadow_copy2: add comment block explaining shadow_copy2_find_snapdir()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
b90d1e6ac06fd4c1aaaceadcb711800499334117)
Michael Adam [Thu, 23 May 2013 21:59:49 +0000 (23:59 +0200)]
shadow_copy2: add header comment explaining have_snapdir()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
5b494b3dea559f632d57c9d33172e46e459e852f)
Michael Adam [Thu, 23 May 2013 21:32:15 +0000 (23:32 +0200)]
shadow_copy2: add comment header describing shadow_copy2_strip_snapshot()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
9361824ddd291cb0e543a5a0829246831fcb9e84)
Michael Adam [Fri, 4 Oct 2013 11:15:34 +0000 (13:15 +0200)]
shadow_copy2: break overly long lines in shadow_copy2_snapshot_to_gmt()
According to coding guidelines.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
01cb88977da5bc44443407b100345531d047c77c)
Jeremy Allison [Mon, 6 Jan 2014 23:22:59 +0000 (15:22 -0800)]
s3: winbindd: Move calling setup_domain_child() into add_trusted_domain().
Ensure it only gets called when a new domain is allocated
and added to the list.
This should fix problems with the previous logic where
setup_domain_child() was called in places where an existing
domain was returned.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 8 20:46:55 CET 2014 on sn-devel-104
(cherry picked from commit
ca931e460460ffe46735f98b31db47220772d566)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Fri Jan 10 11:45:03 CET 2014 on sn-devel-104
Jeremy Allison [Mon, 6 Jan 2014 23:15:37 +0000 (15:15 -0800)]
s3: winbindd: Move the logic of whether to set 'domain->primary' into add_trusted_domain().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
cfa6a36467f5679a88e49419e8af32b724c242bd)
Christian Ambach [Mon, 16 Sep 2013 11:18:17 +0000 (13:18 +0200)]
s3:winbindd fix use of uninitialized variables
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10280
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
7393781a57891687b464762b0954e6c936f750bb)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Tue Jan 7 12:25:51 CET 2014 on sn-devel-104
Karolin Seeger [Tue, 31 Dec 2013 19:31:30 +0000 (20:31 +0100)]
VERSION: Bump version number up to 4.0.15...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 31 Dec 2013 19:30:34 +0000 (20:30 +0100)]
VERSION: Disable git snapshots for the 4.0.14 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Sat, 4 Jan 2014 19:19:14 +0000 (20:19 +0100)]
WHATSNEW: Add release notes for Samba 4.0.14.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Fri, 6 Dec 2013 23:58:02 +0000 (15:58 -0800)]
ldb: bad if test in ldb_comparison_fold()
Found by David Binderman <dcb314@hotmail.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10305
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sat Dec 7 11:10:47 CET 2013 on sn-devel-104
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Sat Dec 28 23:21:12 CET 2013 on sn-devel-104
Jeremy Allison [Thu, 12 Dec 2013 17:37:25 +0000 (09:37 -0800)]
s3: smbpasswd - fix crashes on invalid input.
get_pass can return NULL on error. Ensure that
this is always the case and fix all callers to cope
(some already did).
Reported by Joonas Kuorilehto <joneskoo@codenomicon.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10320
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Dec 16 15:17:58 CET 2013 on sn-devel-104
(cherry picked from commit
ef5a3bedab74420baf0c653cf8e304fe6c2a13b4)
Stefan Metzmacher [Tue, 17 Dec 2013 11:57:53 +0000 (12:57 +0100)]
s3:configure: require tevent >= 0.9.18 as external library
0.9.16 might be enough, but this matches the waf build.
So 0.9.18 is less likely to produce regressions in the future.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10330
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Wed, 4 Dec 2013 01:26:26 +0000 (17:26 -0800)]
smbtorture: New torture test for bug #9870.
Not fetching the latest modification time on a folder if we have read locks on it.
Prove we should just rely on the mtime value from the underlying
filesystem, even with an open handle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9870
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Dec 5 10:05:06 CET 2013 on sn-devel-104
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9870
Not fetching the latest modification time on a folder if we have read locks
on it.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Tue Dec 10 20:24:01 CET 2013 on sn-devel-104
Jeremy Allison [Wed, 4 Dec 2013 01:22:19 +0000 (17:22 -0800)]
smbd - allow updates on directory write times on open handles.
If we set a non-null 'old timestamp' in the share mode database
when creating a directory handle, this prevents mtime (write time)
updates from being seen by clients, as we will always return the
timestamp stored in the database whilst the handle is open.
For files this is ok, as we update the stored timestamp
ourselves when we write to the handle. For directories
we should just rely on the mtime value from the underlying
filesystem.
Torture test to follow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9870
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Thu, 5 Dec 2013 14:50:58 +0000 (15:50 +0100)]
smbd: Fix a panic when a smb2 brlock times out
Found by Peter Somogyi.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Dec 5 21:21:35 CET 2013 on sn-devel-104
Fix bug #10311 - SMB2 server can panic when a smb2 brlock times out.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Tue Dec 10 15:06:45 CET 2013 on sn-devel-104
Christof Schmitt [Thu, 5 Dec 2013 22:53:47 +0000 (15:53 -0700)]
selftest: Remove samba3.smb2.lock.*.rw-exclusive from flapping file
This test demonstrates a problem with byte range locks and AIO.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 6 05:19:37 CET 2013 on sn-devel-104
(cherry picked from commit
8c3bf7b84950fbb0305bcccd49ecfc202e08901a)
The last 5 patches address bug #10310 - Fix AIO with SMB2 and locks.
Christof Schmitt [Thu, 5 Dec 2013 22:22:13 +0000 (15:22 -0700)]
selftest: Run smb2.lock tests also against AIO share
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
d551d5256f9b1ca57b8018d816ea665c9b847ced)
Christof Schmitt [Thu, 5 Dec 2013 22:20:06 +0000 (15:20 -0700)]
selftest: Introduce share for testing AIO
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
63727c15450e1db2be49ade758c369aa4599657a)
Christof Schmitt [Thu, 5 Dec 2013 23:20:26 +0000 (16:20 -0700)]
s3: Return correct error code from SMB2 AIO read failure
This is similar to commit
27e20d5d60ea8aa526bcb7c2dfc18dd2de0bb97b which
fixed the same case for SMB2 writes: When sending the AIO read fails,
return the real error instead of mapping it to NT_STATUS_FILE_CLOSED.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
eadb2a54d1733a482999eb770182156dad1e184d)
Christof Schmitt [Thu, 5 Dec 2013 22:57:54 +0000 (15:57 -0700)]
s3-aio: Use correct locking context for SMB2
The synchronous SMB2 reads and writes use open_persistent_id. The AIO
codepathes have to use the same, otherwise a write will conflict with a
lock on the same open file.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
dfef0701c398982226dde8a8e15ff97bba0fef53)
Stefan Metzmacher [Tue, 19 Nov 2013 04:21:05 +0000 (05:21 +0100)]
s3:smb2_server: avoid calling set_current_user_info() for each request
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Nov 27 16:31:44 CET 2013 on sn-devel-104
(cherry picked from commit
3cc0651d9feda00b6a04f84b76744b2acc3a0446)
The last 6 patches address bug #10298 - smb2_server processing overhead.
Stefan Metzmacher [Mon, 14 Oct 2013 12:18:26 +0000 (14:18 +0200)]
s3:smb2_server: generate a header blob for the sendfile path
We need to pass the NBT header, SMB2 header and SMB2 Read header
as header blob to SMB_VFS_SENDFILE(). This allows the usage
of MSG_SEND or other tricks to avoid multiple TCP packets
on the wire.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
36efaac2597d2d36826c02f23be15e7323b09784)
Stefan Metzmacher [Wed, 16 Oct 2013 07:15:12 +0000 (09:15 +0200)]
s3:smb2_server: allocate smbd_smb2_request on talloc_tos()
This matches the behavior for smb1 requests
and avoids an additional malloc() per request.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
9d33a3f3e814e2924a423496ccc133c6c73fcd12)
Stefan Metzmacher [Sat, 12 Oct 2013 00:40:12 +0000 (02:40 +0200)]
s3:smb2_server: use tevent_req_notify_callback() in smbd_smb2_request_pending_queue()
If the request is already done we can avoid one iteration
of tevent_loop_once(), which means we avoids one
talloc_stackframe_pool/talloc_free pair.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
acfd4b068a5b99ac1d3fe716afff34cb7d2a0147)
Stefan Metzmacher [Mon, 14 Oct 2013 08:33:57 +0000 (10:33 +0200)]
s3:smb2_server: for performance reasons we use tevent_fd and readv/writev directly
Going via tevent_req_create/talloc_free at multiple layer costs
too much cpu cycles per request.
I tested downloading a 16GB (sparse) file with smbclient -b1 -mNT1,
and -mSMB2_02. Using smb2 max read = 64512, which means smb1 and smb2
will use the same read size.
I build with -O3 -g and compared the results with valgrind --tool=callgrind.
With -mNT1 the server uses about 2.000.000.000 cpu cycles.
This patch reduces the userspace cpu cycles for -mSMB2_02
from about ~ 8.000.000.000 down to ~ 4.000.000.000.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
4244a2686cddcdc754c284df884ae497afa4053a)
Stefan Metzmacher [Mon, 14 Oct 2013 14:42:55 +0000 (16:42 +0200)]
s3:smb2_server: fix drain_socket error handling
smbd_smb2_request_error_ex() should return NTSTATUS and the caller
will terminate the connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
9393e28df59954414313bfae70ffb796d3e332fe)
Jeremy Allison [Tue, 3 Dec 2013 18:21:16 +0000 (10:21 -0800)]
smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 9 21:02:21 CET 2013 on sn-devel-104
(cherry picked from commit
f98d10af2a05f0261611f4cabdfe274cd9fe91c0)
Jeremy Allison [Tue, 3 Dec 2013 18:19:09 +0000 (10:19 -0800)]
smbd: change flag name from UCF_CREATING_FILE to UCF_PREP_CREATEFILE
In preparation to using it for all open calls.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
874318a97868e08837a1febb1be8e8a167b5ae0f)
Volker Lendecke [Tue, 3 Dec 2013 12:20:17 +0000 (13:20 +0100)]
smbd: Fix regression for the dropbox case.
We need to allow to save a file to a directory with perm -wx.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
5b49fe24c906cbae12beff7a1b45de6809258cab)
Karolin Seeger [Mon, 9 Dec 2013 06:09:02 +0000 (07:09 +0100)]
VERSION: Bump version up to 4.0.14
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 9 Dec 2013 06:08:22 +0000 (07:08 +0100)]
Merge tag 'samba-4.0.13' into v4-0-test
samba: tag release samba-4.0.13
Karolin Seeger [Tue, 3 Dec 2013 10:56:10 +0000 (11:56 +0100)]
VERSION: Disable git snapshots for the 4.0.13 release.
Bug 10185 - CVE-2013-4408: DCERPC frag_len not checked
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10185
Bug 10306 - CVE-2012-6150: Fail authentication if user isn't member of *any*
require_membership_of specified groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10306
(BUG: https://bugzilla.samba.org/show_bug.cgi?id=10300)
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 6 Dec 2013 19:04:54 +0000 (20:04 +0100)]
WHATSNEW: Add release notes for Samba 4.0.13.
Bug 10185 - CVE-2013-4408: DCERPC frag_len not checked
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10185
Bug 10306 - CVE-2012-6150: Fail authentication if user isn't member of *any*
require_membership_of specified groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10306
(BUG: https://bugzilla.samba.org/show_bug.cgi?id=10300)
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Noel Power [Wed, 16 Oct 2013 15:30:55 +0000 (16:30 +0100)]
CVE-2012-6150: fail authentication for single group name which cannot be converted to sid
furthermore if more than one name is supplied and no sid is converted
then also fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10300
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10306
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
[ddiss@samba.org: fixed incorrect bugzilla tag I added to master commit]
Jeremy Allison [Fri, 8 Nov 2013 06:41:22 +0000 (22:41 -0800)]
CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Fri, 8 Nov 2013 05:40:55 +0000 (21:40 -0800)]
CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Fri, 8 Nov 2013 04:38:01 +0000 (20:38 -0800)]
CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 17 Oct 2013 21:44:35 +0000 (14:44 -0700)]
CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Oct 2013 14:26:58 +0000 (16:26 +0200)]
CVE-2013-4408:s3:ctdb_conn: add some length verification to ctdb_packet_more()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)]
CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)]
CVE-2013-4408:s3:util_tsock: add some overflow detection to tstream_read_packet_done()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)]
CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 24 Sep 2013 03:03:40 +0000 (05:03 +0200)]
CVE-2013-4408:s4:dcerpc_sock: check for invalid frag_len within sock_complete_packet()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 25 Sep 2013 21:25:12 +0000 (23:25 +0200)]
CVE-2013-4408:s4:dcerpc_smb2: check for invalid frag_len in send_read_request_continue()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 25 Sep 2013 21:25:12 +0000 (23:25 +0200)]
CVE-2013-4408:s4:dcerpc_smb: check for invalid frag_len in send_read_request_continue()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 25 Sep 2013 21:25:12 +0000 (23:25 +0200)]
CVE-2013-4408:s4:dcerpc: check for invalid frag_len in ncacn_pull()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 25 Sep 2013 21:25:12 +0000 (23:25 +0200)]
CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header size
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 25 Sep 2013 21:25:12 +0000 (23:25 +0200)]
CVE-2013-4408:s3:rpc_client: check for invalid frag_len in dcerpc_pull_ncacn_packet()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 24 Sep 2013 03:03:40 +0000 (05:03 +0200)]
CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_next_vector()
We should do this explicit instead of relying on
tstream_readv_pdu_ask_for_next_vector() to catch the overflow.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 24 Sep 2013 03:03:40 +0000 (05:03 +0200)]
CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_done()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Karolin Seeger [Mon, 18 Nov 2013 09:30:36 +0000 (10:30 +0100)]
VERSION: Bump version number up to 4.0.13...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
59da16e6751fc67a4e24b71851d0e49cb708bd77)
Volker Lendecke [Thu, 21 Nov 2013 20:05:29 +0000 (21:05 +0100)]
smbd: Fix bug 10284
If we msg_read_send on a nonempty channel, we create one
tevent_immediate. If we directly receive another message and from
within the msg_read_send's tevent_req callback we immediately do
another msg_read_send, we end up with two tevent_immediate events for
msg_channel_trigger with just one incoming message. Test to follow.
This patch simplifies msg_channel.c by removing the explicit immediate
events. Instead, it relies on the implicit immediate event available
via tevent_req_defer_callback. For messages received from tdb with
a msg_read_send req pending, we directly finish that request without
putting the message on the queue.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10284
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
6b6920b02905661ae661a894e3bd8d2c744d7003)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Thu Nov 28 13:15:20 CET 2013 on sn-devel-104
David Disseldorp [Fri, 18 Oct 2013 11:09:23 +0000 (13:09 +0200)]
printing: always store sytem job-ID in queue state
Print jobs have multiple identifiers: the regular spoolss jobid, which
is allocated by spoolss on job submission, and the system jobid, which
is assigned by the printing back-end.
Currently these identifiers are incorrectly mixed in print job queue
tracking. Fix this by ensuring that only the system jobid is stored in
the print queue state structure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10271
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Nov 18 18:03:41 CET 2013 on sn-devel-104
(cherry picked from commit
b7da5a5b00f6c78e41279415e33c091dcc0a773b)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Tue Nov 26 22:34:24 CET 2013 on sn-devel-104
David Disseldorp [Fri, 20 Sep 2013 03:31:37 +0000 (20:31 -0700)]
spoolss: return the spoolss job ID in notifications
Print job notifications currently carry the system print job identifier
from the queue structure. Instead, the spoolss job identifier should be
resolved and returned.
Print clients can use notification job-ids in subsequent spoolss SetJob
requests. Returning an incorrect identifier can result in the failure of
such requests, e.g. spoolss_SetJob(SPOOLSS_JOB_CONTROL_DELETE).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10271
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
24d025f85d6eea272bff5e1040d4fd2ba0e6b8f3)
Andreas Schneider [Mon, 18 Nov 2013 13:58:14 +0000 (14:58 +0100)]
s3-winbind: Pass the group name to fillup_pw_field().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 22 02:04:54 CET 2013 on sn-devel-104
(cherry picked from commit
000172a5ab7e4bfac7ef618d0d78ec7fe95d0e2a)
Andreas Schneider [Mon, 18 Nov 2013 13:58:04 +0000 (14:58 +0100)]
s3-lib: Add grpname to talloc_sub_specified().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6366ebb79bb72d9dcb12f8fe8d6e35611fcff150)
Arvid Requate [Thu, 21 Nov 2013 11:35:20 +0000 (12:35 +0100)]
spoolss: accept XPS_PASS datatype used by Windows 8
The new v4 driver model used in Windows 8 declares print jobs
intended to bypass the XPS processing layer by setting datatype to
"XPS_PASS" instead of "RAW".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10267
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
b2815b4c8c3e436a79fb7f07be285a417fd6e8cb)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Fri Nov 22 13:47:19 CET 2013 on sn-devel-104
Volker Lendecke [Thu, 14 Nov 2013 20:30:49 +0000 (21:30 +0100)]
smbd: Fix a talloc hierarchy problem in msg_channel
When tearing down a watch_send with an open tevent_immediate, we
talloc_free the msg_channel while the tevent_immediate still references
it. Don't make the tevent_immediate outlive the msg_channel.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10250
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 20 00:13:51 CET 2013 on sn-devel-104
(cherry picked from commit
2d91577f984bc83c2c87141cfdda87d068060b32)
Karolin Seeger [Mon, 18 Nov 2013 09:29:58 +0000 (10:29 +0100)]
VERSION: Disable git snapshots for the 4.0.12 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 18 Nov 2013 09:30:36 +0000 (10:30 +0100)]
VERSION: Bump version number up to 4.0.13...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 18 Nov 2013 09:28:36 +0000 (10:28 +0100)]
WHATSNEW: Add release notes for Samba 4.0.12.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Andreas Schneider [Thu, 14 Nov 2013 17:36:41 +0000 (18:36 +0100)]
util: Remove 32bit macros breaking strict aliasing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10269
These macros might have worked but they break strict aliasing in the
meantime and so the compiler is not able to optimize the relevant code.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Nov 14 23:16:45 CET 2013 on sn-devel-104
(cherry picked from commit
af69cb2a78810e608ccff115b433801a58a749e4)
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Fri Nov 15 13:39:05 CET 2013 on sn-devel-104
Günther Deschner [Wed, 13 Nov 2013 14:10:33 +0000 (15:10 +0100)]
s3-winbindd: Fix #10264, cache_traverse_validate_fn failure for NDR cache entries.
We need to increase the keysize limit for NDR queries. A wbint_LookupSids query
for just 20 sids already hits the older limit.
Guenther
https://bugzilla.samba.org/show_bug.cgi?id=10264
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Nov 13 19:33:46 CET 2013 on sn-devel-104
(cherry picked from commit
944e9fbc20f125b52e047484dca1792d75561ed9)
Jeremy Allison [Wed, 23 Oct 2013 22:06:40 +0000 (15:06 -0700)]
Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a group.
Fix posix_acl tests to match the change in writing ACLs
with ID_TYPE_BOTH.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
a1bc1c32e33508c45e614646d69a5f5d67ba22be)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Thu Nov 14 11:39:10 CET 2013 on sn-devel-104
Jeremy Allison [Mon, 21 Oct 2013 23:59:11 +0000 (16:59 -0700)]
Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a group.
When the ID returned is ID_TYPE_BOTH we must *always* add it as both
a user and a group, not just in the owning case. Otherwise DENY
entries are not correctly processed.
Confirmed by the reporter as fixing the problem.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10196
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
14813e74431816cd894fb242ff5633c2cd14ddca)
Björn Jacke [Wed, 6 Nov 2013 11:37:07 +0000 (12:37 +0100)]
xattr: fix listing EAs on *BSD for non-root users
Thanks to Stefan Rompf for reporting.
This fixes bug #10247
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 8 20:43:30 CET 2013 on sn-devel-104
(cherry picked from commit
374b2cfde74e0c61f4b2da724b30d0e430596092)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Tue Nov 12 13:31:21 CET 2013 on sn-devel-104
Karolin Seeger [Mon, 11 Nov 2013 10:46:21 +0000 (11:46 +0100)]
VERSION: Bump version number up to 4.0.12...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 11 Nov 2013 10:45:52 +0000 (11:45 +0100)]
Merge tag 'samba-4.0.11' into v4-0-test
samba: tag release samba-4.0.11
Karolin Seeger [Fri, 8 Nov 2013 09:28:54 +0000 (10:28 +0100)]
VERSION: Disable git snapshots for the 4.0.11 release.
Bug 10234 - CVE-2013-4476: key.pem world readable
Bug 10235 - CVE-2013-4475: No access check verification on stream files
(bug #10229).
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 8 Nov 2013 09:26:12 +0000 (10:26 +0100)]
WHATSNEW: Add release notes for Samba 4.0.11.
Bug 10234 - CVE-2013-4476: key.pem world readable
Bug 10235 - CVE-2013-4475: No access check verification on stream files
(bug #10229).
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Björn Baumbach [Tue, 29 Oct 2013 16:53:59 +0000 (17:53 +0100)]
CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem)
If the tls key is not owned by root or has not mode 0600 samba will not
start up.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 29 Oct 2013 16:52:39 +0000 (17:52 +0100)]
CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 30 Oct 2013 13:48:36 +0000 (14:48 +0100)]
CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()
We should generate private keys with 0600.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 29 Oct 2013 16:49:55 +0000 (17:49 +0100)]
CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 29 Oct 2013 16:48:11 +0000 (17:48 +0100)]
CVE-2013-4476: lib-util: split out file_save_mode() from file_save()
file_save_mode() writes files with specified mode.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 29 Oct 2013 16:43:17 +0000 (17:43 +0100)]
CVE-2013-4476: lib-util: add file_check_permissions()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Tue, 29 Oct 2013 22:57:01 +0000 (15:57 -0700)]
Add regression test for bug #10229 - No access check verification on stream files.
Checks against a file with attribute READONLY, and
a security descriptor denying WRITE_DATA access.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Nov 4 23:10:10 CET 2013 on sn-devel-104
(cherry picked from commit
65882152cc7ccaba0e7903862b99ca93594ed080)
The last two patches address bug #10235 - CVE-2013-4475: No access
check verification on stream files.
Jeremy Allison [Mon, 28 Oct 2013 23:59:20 +0000 (16:59 -0700)]
Fix bug #10229 - No access check verification on stream files.
https://bugzilla.samba.org/show_bug.cgi?id=10229
We need to check if the requested access mask
could be used to open the underlying file (if
it existed), as we're passing in zero for the
access mask to the base filename.
Back-ported for 4.0.x.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>
(Based on master commit
60f922bf1bd8816eacbb32c24793ad1f97a1d9f2)
Samuel Cabrero [Thu, 24 Oct 2013 15:37:06 +0000 (17:37 +0200)]
s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 25 00:39:21 CEST 2013 on sn-devel-104
(cherry picked from commit
d3aee80928dc7ccde9441309bf946c2503f7714a)
Part of a fix for bug #9091 - When replicating DNS for bind9_dlz we need to
create the server-DNS account remotely.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Thu Nov 7 10:43:12 CET 2013 on sn-devel-104
Stefan Metzmacher [Mon, 28 Oct 2013 14:43:03 +0000 (15:43 +0100)]
libcli/smb: fix smb2cli_ioctl*() against Windows 2008.
The subsections of [MS-SMB2] "3.2.5.14 Receiving an SMB2 IOCTL Response"
say the client should ignore the InputOffset/InputCount.
We do that only if we ask for max_input_length = 0.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10232
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 31 01:16:10 CET 2013 on sn-devel-104
(cherry picked from commit
127fc670a39d15eaa3869045fca0287ba7df9efa)
Volker Lendecke [Tue, 15 Oct 2013 08:23:10 +0000 (08:23 +0000)]
nsswitch: Fix short writes in winbind_write_sock
We set the socket to nonblocking and don't handle EAGAIN right. We do
a poll anyway, so wait for writability, which should fix this.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10195
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
c6909887c26d4e827633acd50b11cf08c6aee0f7)
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Mon Oct 28 14:51:22 CET 2013 on sn-devel-104
Andrew Bartlett [Mon, 29 Jul 2013 22:40:39 +0000 (10:40 +1200)]
dfs_server: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors
This ensures we do not de-reference an invalid rs->msgs pointer if the
pointed-to object was not objectclass=computer
Andrew Bartlett
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10052
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 2 13:11:20 CEST 2013 on sn-devel-104
(cherry picked from commit
859182da6d06be0e9d37d7ed3448efc3dc78bdb2)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Thu Oct 17 12:30:16 CEST 2013 on sn-devel-104
Stefan Metzmacher [Tue, 24 Sep 2013 22:49:19 +0000 (00:49 +0200)]
s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'
The attribute on the RootDSE object is called 'dnsHostName'
instead of 'dNSHostName' (which is used in the schema and on
all other directory objects).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10193
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
295b4de7215f3326f9a403973547eb6ed4339f9b)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Tue Oct 15 11:07:25 CEST 2013 on sn-devel-104
Stefan Metzmacher [Sun, 22 Sep 2013 21:40:12 +0000 (23:40 +0200)]
dsdb/tests/ldap: fix test_ldapServiceName against w2k8r2
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10193
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ca173923a3937a9ed08f71bfd4ba177a6aeeaeba)
Andreas Schneider [Thu, 10 Oct 2013 08:03:32 +0000 (10:03 +0200)]
s3-winbind: Send online/offline message of the domain to the parent.
https://bugzilla.samba.org/show_bug.cgi?id=10194
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Oct 11 13:37:56 CEST 2013 on sn-devel-104
(cherry picked from commit
275f6586c4d4547978c6ff2f04670b0d8f89fd4b)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Mon Oct 14 12:10:14 CEST 2013 on sn-devel-104
Andreas Schneider [Thu, 10 Oct 2013 08:02:27 +0000 (10:02 +0200)]
s3-winbind: Register handlers for domain online/offline messages.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
fc5941622010843d823b5c245eccc68d1d3bce19)
Andreas Schneider [Thu, 10 Oct 2013 08:01:40 +0000 (10:01 +0200)]
s3-winbind: Add functions for domain online/offline handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
447ec17a6bec814a2ac5cadb74dbef5789f07c52)
Andreas Schneider [Thu, 10 Oct 2013 07:15:57 +0000 (09:15 +0200)]
idl: Add a new message for winbind domain states.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
1a884636542ba0e54c6d209662a5d1613d727a85)
Jeremy Allison [Tue, 8 Oct 2013 22:01:38 +0000 (15:01 -0700)]
Fix bug #10187 - Missing talloc_free can leak stackframe in error path.
Fix error path.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Oct 9 03:50:56 CEST 2013 on sn-devel-104
Stefan Metzmacher [Mon, 27 May 2013 10:10:57 +0000 (12:10 +0200)]
s4:smb_server: call irpc_add_name() at startup (bug #9905)
We should call irpc_add_name() when we start the smb_server task.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
afb2bcc08489dbece732fc8f842cbd83862320be)
Stefan Metzmacher [Mon, 27 May 2013 10:10:57 +0000 (12:10 +0200)]
s4:rpc_server: call irpc_add_name() at startup (bug #9905)
We should call irpc_add_name() when we start the rpc_server task.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
12d9728131afab7fa093a9cd7ccaff076a74f271)
Stefan Metzmacher [Mon, 27 May 2013 10:10:57 +0000 (12:10 +0200)]
s4:ldap_server: call irpc_add_name() at startup (bug #9905)
We should call irpc_add_name() when we start the ldap_server task.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
a1aeeee4302a4eaf7e210e8084416cd2a0d14384)
Andreas Schneider [Tue, 10 Sep 2013 07:43:32 +0000 (09:43 +0200)]
doc: Update documentation of pam_winbind krb5 support.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Sep 10 15:35:20 CEST 2013 on sn-devel-104
The last 3 patches address bug #10132 - pam_winbindd should support the KEYRING
ccache type.
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Mon Oct 7 12:21:29 CEST 2013 on sn-devel-104
(cherry picked from commit
82d6a4354d3b4a6cc9e70ccfb21d7b604bed179b)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Tue Oct 8 13:32:27 CEST 2013 on sn-devel-104
Andreas Schneider [Tue, 10 Sep 2013 07:30:04 +0000 (09:30 +0200)]
s3-winbind: Add support for the kernel krb5 keyring buffer.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
5a55cb636fa50e96000ea6a00960cc34e00e26a1)