Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 5e346af078847512e86755a4634583a8a5178c0e)
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 18 03:52:55 CET 2016 on sn-devel-144
protocol is the IEEE 802.3
protocol number in network byte order. See the <linux/if_ether.h>
include file for a list of allowed protocols. When protocol is set to
htons(ETH_P_ALL), then all protocols are received.
Specifying "protocol" field to socket(AF_PACKET, ...) call only affects
the packets that are recevied. So use protocol = 0 when sending raw
packets.
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Mar 4 12:58:50 CET 2016 on sn-devel-144
Jeremy Allison [Wed, 20 Jul 2016 18:34:48 +0000 (11:34 -0700)]
s3: smbd: Fix delete operations enumerating streams inside a file. This must always be done as a Windows operation.
When using UNIX extensions to delete a file containing streams,
the open for delete and close operations need to enumerate the
contained streams and do CREATE and UNLINK operations on the
stream names. These must always be done as Windows operations
(use lp_set_posix_pathnames(false) to flip the processing) as
the stream names are Windows paths.
Without this the create operation under the unlink will
recurse and cause the client to time out (or a server crash).
This (hack) is only needed for 4.4.x and below, it is fixed
correctly in 4.5.x.
Jeremy Allison [Tue, 28 Jun 2016 22:38:22 +0000 (15:38 -0700)]
s4: ldb: Ignore case of "range" in sscanf as we've already checked for its presence.
https://bugzilla.samba.org/show_bug.cgi?id=11838
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1d4b20d4f3829eb3778006397990cd9fee4966a5)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12025 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 748384992b96c3936d82bc09f39459fb4bd489bd)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12026 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit d183261e6844724394d618912403cd0217401741)
libads: ensure the right ccache is used during spnego bind
When doing spnego sasl bind:
1. Try working without kinit only if a password is not
provided
2. When using kinit, ensure the KRB5CCNAME env var is set
to a private memory ccache, so that the bind is on behalf
of the requested user.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 12 03:23:33 CEST 2016 on sn-devel-144
libads: ensure the right ccache is used during gssapi bind
When doing gssapi sasl bind:
1. Try working without kinit only if a password is not
provided
2. When using kinit, ensure the KRB5CCNAME env var is set
to a private memory ccache, so that the bind is on behalf
of the requested user.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 2672968851966e5c01e4fc4d906b45b5c047e655)
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Wed Jul 6 00:40:15 CEST 2016 on sn-devel-144
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit a646d9e796902dcb5246eb585433d4859796be2f)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(v4-3-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-3-test): Fri Jul 8 10:51:50 CEST 2016 on sn-devel-104
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d9e242e9035c15e49b041afc61e5a4a08877f289)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 23 04:51:16 CEST 2016 on sn-devel-144
s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes
This will replace DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte),
The limit of DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte) was too
strict for some workloads, e.g. DRSUAPI replication with large objects.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7413e73c5331b760dc84b3843059230ec5fcfc7b)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 281e11b53f676647997fb9ce21227782529a62ad)
s3-winbind: Fix memory leak with each cached credential login
When we allow offline logon and have a lot of logins, windbind will leak
4k of memory which each log in. On systems with heavy load this can grow
quickly and the OOM killer will kill Winbind.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 29 19:03:53 CEST 2016 on sn-devel-144
Andrew Bartlett [Fri, 9 Oct 2015 20:30:17 +0000 (09:30 +1300)]
build: Enable NTVFS file server to be omitted
We now only build it by default with --enable-sefltest, or otherwise
if requested.
The NTVFS file server still has features not present in the smbd file
server, such as a CIFS/SMB proxy, and a radically different design,
but it is also not undergoing any ongoing development so this keeps it
in a safe state for care and maintaince, with less of a security risk
if such an issue were to come up.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 71dcc76b70d8e249624f9bf057fc4fd3a44125e1)
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit 0b4c741b9c03d147ee5f56d027bacda75c1b5282)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Richard Sharpe <rsharpe@samba.org>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Mon Jun 27 00:01:55 CEST 2016 on sn-devel-144
Ralph Boehme [Thu, 23 Jun 2016 10:24:33 +0000 (12:24 +0200)]
s3/smbd: only use stored dos attributes for open_match_attributes() check
This changes the way we check for old vs new DOS attributes on open with
overwrite: only check against the DOS attributes actually set by a
client and stored in the DOS attributes xattr.
With this change "hide dot files" and "hide files" continue to work with
"store dos attributes = yes".
Ralph Boehme [Thu, 23 Jun 2016 14:40:15 +0000 (16:40 +0200)]
s3/smbd: call dos_mode_from_name after get_ea_dos_attribute()
This doesn't change overall behaviour in any way, it just prepares for
the next step where the IS_HIDDEN_PATH() stuff will be moved to the
function dos_mode_from_name().
It allows an optimisation by not checking "hide to files" patch if
FILE_ATTRIBUTE_HIDDEN was already set in the DOS xattr.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d9e242e9035c15e49b041afc61e5a4a08877f289)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 23 04:51:16 CEST 2016 on sn-devel-144
s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes
This will replace DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte),
The limit of DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte) was too
strict for some workloads, e.g. DRSUAPI replication with large objects.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7413e73c5331b760dc84b3843059230ec5fcfc7b)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 281e11b53f676647997fb9ce21227782529a62ad)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 24 18:08:44 CEST 2016 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 7d8edcc24148658e92729b3d155e432994e27525)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit aef032302863e5f3a888dbf4c52b21d561a0dff4)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 3f7e3ed8a276f16aaed87c1f3cd5b9781aa7e1af)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f386e81b982cd551313eb9c0f7d2f70d65515d80)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e05c732c6074df2524403ad7bb30eade91443525)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 505a4e68d96e6fb3d8c7493632ecb4b0fc6caa9d)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Jun 22 10:33:29 CEST 2016 on sn-devel-144
s4/dns_server: disable signing of DNS-TKEY responses
DNS packet signing is broken in 4.3 and older. Fixes are available in
master and 4.4. Backporting the complete patchset turned out to be too
difficult, so we use this hack to get authenticated DDNS updates working
again.
By simply NOT signing out DNS-TKEY response, the client won't get a
broken DNS-TSIG record which caused the client to not start the
authenticated DDNS update.
DNS RFCs do require signing TKEY responses, but luckily real world
clients are forgiving and accept unsigned TKEY responses. This was
tested with Windows 7.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Thu Jun 23 15:35:39 CEST 2016 on sn-devel-104
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 24 23:47:19 CET 2015 on sn-devel-104
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Jun 22 05:05:47 CEST 2016 on sn-devel-144
Jeremy Allison [Fri, 10 Jun 2016 16:32:32 +0000 (09:32 -0700)]
s4: torture: Added raw readX test to ensure 'reserved' fields are zero.
Passes against Win2k12+, and smbd with the previous patch.
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Sat Jun 18 19:32:22 CEST 2016 on sn-devel-144
Jeremy Allison [Mon, 13 Jun 2016 16:30:25 +0000 (09:30 -0700)]
s3: smbd: In reply_read_and_X() SMB1 server is overwriting part of the 'reserved' zero fields with reply data length.
This occurred due to old code that used to do:
SSVAL(smb_buf(req->outbuf),-2,nread);
to set the reply length. This code was not needed,
as srv_set_message() was already correctly setting
the bcc length and was probably left from much
earlier legacy code.
This code actually overwrites the last 'reserved'
field in the SMB_COM_READ_ANDX packet reply, but we
never noticed as no client (or server code) looks at or
checks vwv11 in a SMB_COM_READ_ANDX reply.
and indeed checking wireshark from Win2012R2
we find that smbd is writing the returned
read length into smb_vwv11 and Windows leaves
it as zeros (reserved).
Also fix the same problem in the named pipes code.
Torture test to ensure Reserved2[4] replies
are zero to follow.
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit e57f9e15d08ed46b2fac2562d1027c6a2ba80dac)
Jeremy Allison [Mon, 13 Jun 2016 16:25:02 +0000 (09:25 -0700)]
s3: smbd: Use common function setup_readX_header() in aio read code.
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 6507336d6646b7709768c19a03eac61ea30cce31)
Jeremy Allison [Mon, 13 Jun 2016 16:22:56 +0000 (09:22 -0700)]
s3: smbd: Make setup_readX_header() externally accessible
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 2ff3171fba931e621581336c975bae146a2ea3a9)
Jeremy Allison [Mon, 13 Jun 2016 16:20:43 +0000 (09:20 -0700)]
s3: smbd: Remove unused 'req' argument from setup_readX_header()
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 1e29a1ce067e5f5b5159bcd20d37c6945bcc3900)
Uri Simchoni [Thu, 3 Mar 2016 07:18:58 +0000 (09:18 +0200)]
libnet: make Kerberos domain join site-aware
When joining a domain using Kerberos authentication, create a
configuration file for the Kerberos libs to prefer on-site
domain controllers, without relying on the winbindd Kerberos
locator, which many not be operational at this stage.
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 8 01:30:35 CET 2016 on sn-devel-144
Uri Simchoni [Thu, 3 Mar 2016 07:18:44 +0000 (09:18 +0200)]
dsgetdcname: return an IP address on rediscovery
When dsgetdcname return its result based on discovery
process (instead of retrieving cached value), always
return the found server's IP address in dc_address field,
rather than its netbios name.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Jun 9 13:18:56 CEST 2016 on sn-devel-144
Signed-off-by: Lorinczy Zsigmond <lzsiga@freemail.c3.hu> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jun 3 03:48:58 CEST 2016 on sn-devel-144
Provide fallback code for non-portable clearenv(3)
clearenv(3) is a GNU extension that was rejected twice by POSIX,
without an easy, portable alternative.
As the dovecot project notes,
"""
environ = NULL crashes on OSX - and OpenBSD < 6.0
*environ = NULL doesn't work on FreeBSD 7.0
environ = emptyenv doesn't work on Haiku OS
environ = calloc should work everywhere
"""
(source: http://hg.dovecot.org/dovecot-2.0/file/48f90e7e92dc/src/lib/env-util.c)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11864 Signed-off-by: Jérémie Courrèges-Anglas <jca@wxcvbn.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 29 00:12:02 CEST 2016 on sn-devel-144
Christian Ambach [Wed, 11 May 2016 17:21:20 +0000 (19:21 +0200)]
s3:selftest add a test for rpcclient --pw-nt-hash option
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d0cdf02dc9733dae960021ff1ca07587d8155e58)
Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Tue May 31 16:34:38 CEST 2016 on sn-devel-104
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4fe59879cc2a608194578e33e27e0dc1e2f0fc58)
Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed May 25 20:25:44 CEST 2016 on sn-devel-144
This way we will be able to see the log in the cups logs and are able to
debug issues.
https://bugzilla.samba.org/show_bug.cgi?id=11935
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit e59e0a5481196b1ddda0393306c514b8c32d6ea0)
Hemanth Thummala [Wed, 25 May 2016 06:15:04 +0000 (23:15 -0700)]
Fix memory leak in share mode locking.
Not freeing up(and reparenting to NULL context) ndr buffer
used for TDB updates resulting in huge memory leak when there
in high volume of opens and closes happening on same object.
Free the buffer before reparenting its parent to NULL context.
https://bugzilla.samba.org/show_bug.cgi?id=11934
Signed-off-by: Hemanth Thummala <hemanth.thummala@nutanix.com> Signed-off-by: Saji VR <saji.vr@nutanix.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri May 27 18:43:31 CEST 2016 on sn-devel-144
Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Jose A. Rivera <jarrpa@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed May 18 19:26:49 CEST 2016 on sn-devel-144
Anoop C S [Tue, 10 May 2016 15:37:01 +0000 (21:07 +0530)]
packaging: Set default limit for core file size in init scripts
SysV init scripts used for initiating smb and winbind services
determines the value for default limit of coredump from variable
named DAEMON_COREFILE_LIMIT within a bash env. Therefore this
patch explicitly sets this variable to 'unlimited' so as to have
no limit for core file size by default.
Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Jose A. Rivera <jarrpa@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit ba9ccc6be48e8541748afbf31d5e5dba7d1baf8e)
Anoop C S [Tue, 10 May 2016 09:20:14 +0000 (14:50 +0530)]
packaging: Remove ulimit usage for setting core file size limit
Recent commit ebd139c4db7e51a2d7843a773991f15cadf504dd modified smb.init
to set core file size to 'unlimited' by default using the ulimit command.
But when smb and winbind services are initiated via sysv init scripts,
another variable named DAEMON_COREFILE_LIMIT takes higher priority in
deciding the core file size. Therefore setting default value using ulimit
command is useless.
Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Jose A. Rivera <jarrpa@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 46524b4543acc9d104d85136c0a4a9e006fc099c)
This means we'll use the "client ipc min protocol", "client ipc max protocol"
and "client ipc signing" options. But "--signing=no" or "--signing=required"
still overwrite "client ipc signing".
The following can be used to alter the max protocol
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 21 05:01:15 CEST 2016 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon May 9 22:27:21 CEST 2016 on sn-devel-144
Christian Ambach [Tue, 10 May 2016 17:47:02 +0000 (19:47 +0200)]
s3:libsmb/clifile use correct value for MaxParameterCount for setting EAs
Windows servers will refuse trans2 requests which use excessive
request parameters. From [MS-CIFS|:
<239> Section 3.3.5.2.5: Windows NT servers fail a transaction request with
STATUS_INSUFF_SERVER_RESOURCES, if (SetupCount + MaxSetupCount +
TotalParameterCount + MaxParameterCount + TotalDataCount + MaxDataCount)
is greater than 65*1024.
When attempting to set a large list of EAs for a file, this limit can be
hit when using CLI_BUFFER_SIZE as MaxDataCount
while the TRANS2_SET_PATH_INFORMATION response has no data reply,
only parameters (section 2.2.6.7.2).
Be as minimal as possible here to allow a maximum number of EAs to
be written.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11354 Reviewed-by: Jeremy Allison <jra@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 11 18:35:59 CEST 2016 on sn-devel-144
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May 4 17:58:05 CEST 2016 on sn-devel-144
Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Mon May 9 14:04:05 CEST 2016 on sn-devel-104
Ira Cooper [Thu, 3 Mar 2016 18:47:32 +0000 (13:47 -0500)]
source3: Honor the core soft limit of the OS.
We should honor the soft limits set by the operating system.
In any case, 16M doesn't make a useful coredump for modern
Samba.
Signed-off-by: Ira Cooper <ira@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 5 00:39:48 CET 2016 on sn-devel-144
Uri Simchoni [Thu, 5 May 2016 20:40:22 +0000 (23:40 +0300)]
heimdal: encode/decode kvno as signed integer
This patch changes the encoding/decoding of kvno (key version number)
in blobs and packets to signed integer, for compatibility with Windows.
Reportedly, MIT Kerberos does the same.
According to the Kerberos spec (RFC 4120 5.2.9), the kvno field
in encrypted data object is an unsigned integer that fits in
32 bits. The Heimdal Kerberos component bundled with Samba
conforms to this. However, Windows deviates from the standard
and encodes kvno as a signed integer, and this creates
interoperability issues.
ASN.1 DER has no special encoding for unsigned integer. A 32-bit
unsigned integer is encoded as a signed integer, so while a signed
32-bit integer (covering the range of -0x80000000..0x7fffffff) is
encoded using up to 4 bytes, an unsigned integer (covering
0..0xffffffff) could require 5 bytes.
Normally, kvno for a given account starts at 1 and increments on
password changes. Kerberos defined this as unsigned because there's
no meaning for negative version numbers, so the standard writers figured
4 billion versions is better than 2 billion. It was not
expected for a kvno to really go past 0x7fffffff and the disctinction
usually does not matter. However, RODCs use kvnos which
have the most-significant bit set.
In Active Directory, RODCs have a private secret for the krbtgt,
because the assumption is that the RODC is less secure, and
recovering the domain krbtgt secret from the RODC would compromise
the security of the entire domain. The kvno field is being used
to identify the private krbtgt account that owns the key - the
upper 16 bits are the RODC id, and the lower 16 bits identify
the key version number for this specific RODC. It's common to
have an RODC id greater than 0x8000, and therefore to have a
kvno larger than 0x7fffffff, which would be DER-encoded using
5 bytes.
Windows encodes kvno as signed integer - basically taking the
32 bits and treating them as a signed integer rather than an
unsigned integer. This means that in Windows a kvno can
always be encoded using 4 bytes, and Windows DCs reject a kvno
encoded using more than 4 bytes without even generating an error
response (the DC assumes it's an attack).
Heimdal re-encodes the TGT when it creates a TGS request. Obviously
it cannot decode and encode the encrypted parts but it does re-encode
the plain parts, which include the kvno. That leads to a 5-byte
kvno in the TGS request, which is rejected without an error
response.
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat May 7 21:14:21 CEST 2016 on sn-devel-144
Ralph Boehme [Mon, 11 Apr 2016 10:17:22 +0000 (12:17 +0200)]
vfs_fruit: add an option that allows disabling POSIX rename behaviour
https://bugzilla.samba.org/show_bug.cgi?id=11721
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 5 00:04:50 CEST 2016 on sn-devel-144
not sure how this chunk ended up there, but I agree with
the statement in the comment that behavior should not depend
on developer mode
make test does not seem to depend on it anymore.
This piece had some bad influence on the tests I wrote
for case insensitivite behavior of SMB2/3, so let us
remove this technical debt.
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
The last 3 patches address
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11438
Robin McCorkell [Mon, 2 May 2016 20:48:14 +0000 (21:48 +0100)]
Correctly set cli->raw_status for libsmbclient in SMB2 code
The SMB2 file handling code wasn't correctly setting raw_status, which
is used by libsmbclient to report file open errors etc.
https://bugzilla.samba.org/show_bug.cgi?id=11276
Signed-off-by: Robin McCorkell <robin@mccorkell.me.uk> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 2a872e2b66f373b3c96b315b13c9f06a15522e13)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 28 20:16:45 CEST 2016 on sn-devel-144
projects / thirdparty / samba.git / log
