Michael Adam [Wed, 1 Jul 2015 15:42:58 +0000 (17:42 +0200)]
smbd:smb2: separate between encryption required and enc desired
this means we:
- accept unencrypted requests if encryption only desired
and not required,
- but we always send encrypted responses in the desired
case, not only when the request was encrypted.
For this purpose, the do_encryption in the request
structure is separated into was_encrypted and do_encryption.
Douglas Bagnall [Thu, 18 Jun 2015 00:38:22 +0000 (12:38 +1200)]
Treat uid_t, git_t as 64 bit in Pidl Python bindings
This follows their treatment in librpc/ndr/ndr_basic.c.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 7 07:19:49 CEST 2015 on sn-devel-104
Christof Schmitt [Tue, 30 Jun 2015 23:15:57 +0000 (01:15 +0200)]
sharesec: Remove error message for unmarshall_sec_desc failure
In a cluster setup, running sharesec -D results in an empty record that
triggers this message. The situation is correctly handled in the code
(unmarshall_sec_desc fails and sharesec uses the default), so simply
remove the message in this case.
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 25 Jun 2015 13:42:04 +0000 (15:42 +0200)]
vfs_fruit: check offset and length for AFP_AfpInfo read requests
fruit_pread doesn't check the offset and length parameters and instead
always writes 60 bytes, the size of the AFP_AfpInfo blob, to the the
passed buffer. If the passed in buffer is smaller, we overwrite
something somewhere.
s3:libads: improve debug levels/messages in ads_find_dc()
We should not flood the logs (and syslog) with fallback warnings.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 2 14:41:31 CEST 2015 on sn-devel-104
Ralph Boehme [Wed, 1 Jul 2015 15:57:36 +0000 (17:57 +0200)]
s3:vfs: copy_chunk buffer size
Use a dynamically allocated copy_chunk buffer size with an upper bound
of 8 MB for now.
The previous size of 64 KB has proven to really hurt performance,
especially with "strict locking = yes".
The SMB2 protocol level maximum allowed copy_chunk size is 1 MB, that's
what will be used as buffer size in the typical case.
With the AAPL copyfile extension the requested copy_chunk size is the
size whole file, which would then make use of a larger buffer up to the
limit of 8 MB.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Robin Hack [Fri, 15 May 2015 07:43:29 +0000 (09:43 +0200)]
selftest: Add setup_fileserver()
Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Robin Hack <rhack@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 24 Jun 2015 15:02:53 +0000 (17:02 +0200)]
dsdb: Rename a parameter
Coverity was confused by the 'seq_num' variable as an argument for the
'local_usn' parameter, where also a 'seq_num' parameter exists. Doesn't hurt,
and if it kills a Coverity warning, why not...
Martin Schwenke [Wed, 17 Jun 2015 05:05:30 +0000 (15:05 +1000)]
ctdb-daemon: Promote debug messages about --start-as-* to NOTICE level
It is important to know when ctdbd is started with --start-as-stopped
or --start-as-disabled. Given that this only happens once it makes
sense to promote these debug items to NOTICE level.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 11 Jun 2015 05:49:25 +0000 (15:49 +1000)]
ctdb-recoverd: Clear IP assignment tree on election loss
If a node was previously recovery master (say, 20 years ago) and it
becomes recovery master again then, if IP assignments have changed,
verify_remote_ip_allocation() can produce messages like the following
when called during recovery:
ctdbd: recoverd:Inconsistent IP allocation - node 0 thinks 10.1.1.1 is held by node 0 while it is assigned to node 1
When a node loses an election it should clear all data specific to it
being the recovery master.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 19 May 2015 18:19:09 +0000 (04:19 +1000)]
ctdb-scripts: Create the directory containing the recovery lock
This will handle the most obvious cases. It won't handle the case
where the directory is missing and the recovery lock location is
updated at run-time. However, this is a good improvement.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 8 Oct 2014 01:22:06 +0000 (12:22 +1100)]
ctdb-tests: Run transaction tests with externally imposed timeout
This works around cases where ctdb_transaction gets stuck - this still
needs to be debugged. However, this change will at least cause
individual tests to fail rather than having whole test runs time out.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Michael Adam [Tue, 30 Jun 2015 11:49:38 +0000 (13:49 +0200)]
selftest: skip the ntvfs based base.defer_open tests
They have timing issues and the ntvfs is not the focus
of development.
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Jun 30 17:24:37 CEST 2015 on sn-devel-104
Michael Adam [Fri, 26 Jun 2015 11:54:57 +0000 (13:54 +0200)]
net:conf:import: print error message when importing fails.
If there is a mis-spelled option in a share definition,
'net conf import' will currently silently drop it
(but exit with code != 0). We want to be notified
of what went wrong.
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
samba.stdout:
[1855(18118)/1864 at 2h37m4s] samba4.krb5.kdc with account ALLOWED permission to replicate to an RODC(fl2008r2dc)
[1856(18378)/1864 at 2h37m57s] samba4.blackbox.dbcheck(ad_dc_ntvfs)
ERROR: Testsuite[samba4.blackbox.dbcheck(ad_dc_ntvfs)]
REASON: unable to set up environment ad_dc_ntvfs:local - exiting
samba.stderr:
samba: maximum runtime exceeded - terminating at 1435553350, current ts: 1435553350
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Amitay Isaacs [Mon, 29 Jun 2015 06:00:08 +0000 (16:00 +1000)]
wafsamba: Cache final_libs for each target
The code for saving/loading dependencies does not cache final_libs for
each target. If wafsamba tries to reuse the saved dependencies, then
it does not get the dependencies on the private libraries correctly.
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Jun 30 09:44:10 CEST 2015 on sn-devel-104
Uri Simchoni [Wed, 24 Jun 2015 07:55:06 +0000 (10:55 +0300)]
winbindd: disconnect child process if request is cancelled at main process
When cancelling a request at the main winbindd process, that is currently
being served by a child winbindd process, just freeing all objects related
to the request is not enough, as the next bytes to come through the pipe
from the child process are the response to the cancelled request, and the
object reading those bytes will be the next request. This breaks the protocol.
This change, upon canceling a request that is being served, closes the
connection to the child process, causing the next request to be served
by a new child process (and the detached child to die eventually).
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jun 29 14:00:24 CEST 2015 on sn-devel-104
Talloc is still needed by LIBCRYPTO, because arcfour.h
includes lib/util/data_blob.h which includes talloc.h.
It seems arcfour only uses the DATA_BLOB struct (in e.g. arcfour_crypt
and arcfour_init).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Jun 28 11:47:16 CEST 2015 on sn-devel-104
Michael Adam [Fri, 26 Jun 2015 14:24:55 +0000 (16:24 +0200)]
ctdb: strip trailing spaces from nodes file.
Signed-off-by: Michael Adam <obnox at samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Jun 27 13:20:18 CEST 2015 on sn-devel-104
Volker Lendecke [Fri, 26 Jun 2015 11:29:27 +0000 (13:29 +0200)]
libsmb: Use fstr_sprint in convert_sid_to_string
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jun 26 22:35:02 CEST 2015 on sn-devel-104
Michael Adam [Fri, 26 Jun 2015 11:17:01 +0000 (13:17 +0200)]
ctdbd_conn: use the right error code from ctdbd_connect for debug and return
ctdbd_connect() explicitly returns the errno.
Using errno instead of ret misses some important
manually set return values and might use the
errno that is changed by close(fd).
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jun 26 17:21:26 CEST 2015 on sn-devel-104
Douglas Bagnall [Tue, 23 Jun 2015 23:47:31 +0000 (11:47 +1200)]
Avoid segfault in durable_open tests
There are "goto done"s hiding in CHECK_STATUS in parts of
the code where tree1 is unequivocally NULL.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 26 05:12:02 CEST 2015 on sn-devel-104
Jeremy Allison [Wed, 17 Jun 2015 17:23:30 +0000 (10:23 -0700)]
s3: smbd: Use separate flag to track become_root()/unbecome_root() state.
Early function exit can mean backup_priv is set but we haven't called
become_root(). *Lots* of work by the reviewers went in to checking this
isn't a security issue.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 25 22:14:58 CEST 2015 on sn-devel-104
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jun 25 18:29:59 CEST 2015 on sn-devel-104
Andrew Bartlett [Fri, 12 Jun 2015 02:41:20 +0000 (14:41 +1200)]
s4-winbindd: Remove the winbind rewrite from the samba4 effort
This winbind implementation is undermaintained, out of date and not the
future of even the AD DC, let alone any other purpose.
Removing it will reduce our security and bug exposure on this
off by default subsystem
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 24 22:34:57 CEST 2015 on sn-devel-104
projects / thirdparty / samba.git / log
