The only difference between batch and exclusive oplocks is the time of
the check: Batch is checked before the share mode check, exclusive after.
Signed-off-by: Jeremy Allison <jra@samba.org>
Fix bug #9150 - Valid open requests can cause smbd assert due to incorrect
oplock handling on delete requests.
Christian Ambach [Thu, 30 Aug 2012 14:43:33 +0000 (16:43 +0200)]
s3:libsmb correctly set isFsctl for snapshot list
FSCTL_GET_SHADOW_COPY_DATA is a FSCTL, so set the isFsctl marker
otherwise smbclient allinfo will not report snapshots any more with the changes
made for Bug #8311
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Thu Aug 30 18:57:24 CEST 2012 on sn-devel-104
s3-winbind: DON'T PANIC if we couldn't find the domain.
If we don't have a connection to a trusted domain but still try to do a
lookup we shouldn't segfault.
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #9135 - Don't segfault if we don't find a domain in
resolve_username_to_alias()/fill_grent() .
Jeremy Allison [Wed, 29 Aug 2012 20:40:29 +0000 (13:40 -0700)]
Windows does canonicalization of inheritance bits. Do the same.
We need to filter out the
SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ
bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED
as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set
when an ACE is inherited. Otherwise we zero these bits out.
See:
Jeremy Allison [Wed, 29 Aug 2012 20:29:34 +0000 (13:29 -0700)]
Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization. (cherry picked from commit 05734b67b8ed5516d81000eac48acd0915567629)
The lprng printing back-end is truncating the print job filename in the
lpq output, which means that Samba is not able to determine the back-end
job ID for a newly submitted print job.
Remove the unneeded spoolss job ID from the print job file name to
ensure the job filename is not truncated. Also log these warnings at a
higher log level.
Herb Lewis [Mon, 20 Aug 2012 21:51:28 +0000 (14:51 -0700)]
Fix bug #9104 - winbindd can mis-identify idle clients - can cause crashes and NDR parsing errors.
A connection is idle when both struct winbindd_cli_state->request AND
struct winbindd_cli_state->response are NULL. Otherwise we can flag
as idle a connection in the state of having sent the request to
the winbindd child (request != NULL) but not yet received a reply
(response == NULL).
(cherry picked from commit f6f27baa92a20d5beeee23b8e1e86f0c9ace85b8)
Andrew Bartlett [Sun, 15 Jul 2012 04:38:18 +0000 (14:38 +1000)]
s3-auth Use correct RID for domain guests primary group
This was incorrect in commit 9dd7e7fc2d6d1aa7f3c3b741ac134e087ce808fd
as the RID was from the BUILTIN domain, but this creates a guest
account token for the real domain.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jul 19 05:56:28 CEST 2012 on sn-devel-104
Fix bug #9067 - Domain Guest have wrong primary group RID.
The issue with this patch, which I did sign off on, is that for the
domain member case, we already know that the SID is reasonable and
valid, and we indeed rely on that, because we keep it as an additonal
group anyway. The primary group is not so special that we need to do
extra validation.
Calling this function may put a user into the domain 'domain users'
group, even if they are not in that group to start with.
Andrew Bartlett
Fix bug #9066 - Domain Users incorrectly added as addition group on domain
members.
Volker Lendecke [Tue, 7 Aug 2012 23:49:52 +0000 (16:49 -0700)]
s3: Fix a crash in reply_lockingX_error
A timed brlock with 2 locks comes in and the second one blocks,
file is closed. smbd_cancel_pending_lock_requests_by_fid sets
blr->fsp to NULL. reply_lockingX_error (called via
MSG_SMB_BLOCKING_LOCK_CANCEL) deferences blr->fsp because
blr->lock_num==1 (the second one blocked).
This patch fixes the bug by only undoing the locks if fsp!=NULL.
fsp==NULL is the close case where everything is undone anyway.
Thanks to Peter Somogyi, somogyi@hu.ibm.com for this bug report.
Fix bug #9084 - Blocking lock followed by close can crash smbd.
This change addresses bug 9026.
There are 3 use cases for DATA_BLOB marshalling/unmarshalling:
1)
ndr_push_DATA_BLOB and ndr_pull_DATA_BLOB when called with
LIBNDR_FLAG_ALIGN* alignment flags set, are used to push/pull padding
bytes _only_. The length is determined by the alignment required and
the current ndr offset.
e.g. dcerpc.idl:
typedef struct {
...
[flag(NDR_ALIGN8)] DATA_BLOB _pad;
} dcerpc_request;
2)
When called with the LIBNDR_FLAG_REMAINING flag, all remaining bytes in
the ndr buffer are pushed/pulled.
e.g. dcerpc.idl:
typedef struct {
...
[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
} dcerpc_request;
3)
When called without alignment flags, push/pull a uint32 length _and_ a
corresponding byte array to/from the ndr buffer.
e.g. drsblobs.idl
typedef [public] struct {
...
DATA_BLOB data;
} DsCompressedChunk;
The fix for bug 8373 changed the definition of "alignment flags", such
that when called with LIBNDR_FLAG_NOALIGN ndr_push/pull_DATA_BLOB
behaves as (1: padding bytes) rather than (3: uint32 length + byte
array).
This breaks marshalling/unmarshalling for the following structures.
eventlog.idl:
typedef [flag(NDR_NOALIGN|NDR_PAHEX),public] struct {
...
DATA_BLOB sid;
...
} eventlog_Record_tdb;
CUPS 1.6 makes various structures private and
introduces these ippGet and ippSet functions
for all of the fields in these structures.
http://www.cups.org/str.php?L3928
We define our own accessors when CUPS < 1.6.
Modified for 3.6.x by Jeremy Allison.
Signed-off-by: Jeremy Allison <jra@samba.org>
Fix bug #9055 - doesn't build against CUPS 1.6.
s3-winbind: Fix bug #9052 resolving our own "Domain Local" groups.
We don't resolve our own "Domain Local" groups since bug #7843 has been
fixed. So we need to add the add resource groups to the sid list too.
Before bug #7843 the "Domain Local" groups were added with a
lookupuseraliases call, but this isn't done anymore for our domain
so we need to resolve resource groups here.
When to use Resource Groups:
http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx
s3-printing: fill print_generic sysjob id on job submission
Change the generic print backend to fill the printing backend job
identifier (sysjob) on submission of a new job.
This is needed to ensure correct mapping of spoolss jobs and entries in
the backend print queue.
This and the last 13 commits attempt to address bug 8719.
Currently the generic print backend does not fill the printing backend
job identifier (sysjob) on submission of a new job. The sysjob
identifier is required to correctly map jobs in the printer queue to
corresponding spoolss print jobs.
Passing the lpq command to job_submit allows the generic print backend
to check the printer queue for the new job following submission. This
behaviour will come in a later commit.
print_job_find() currently returns print jobs to callers via a
statically allocated variable, this is particularly messy as the
device mode is talloced under the static variable.
This change adds or passes a talloc context to all callers, giving them
ownership of the returned print job.
David Disseldorp [Fri, 27 Jan 2012 11:33:27 +0000 (12:33 +0100)]
s3-printing: rename queue->job sysjob
Print jobs maintain two job identifiers, the jobid allocated by the
spoolss layer (pj->jobid), and the job identifier defined by the
printing backend (pj->sysjob).
Printer job queues currently only contain a single job identifier
variable (queue->job), the variable is sometimes representative of the
spoolss layer job identifier, and more often representative of the
printing backend id.
This change renames the queue job identifier from queue->job to
queue->sysjob, in preparation for a change to only store the printing
backend identifier.
David Disseldorp [Mon, 30 Jan 2012 12:44:33 +0000 (13:44 +0100)]
s3-printing: remove print_parse_jobid() from print_cups.c
The spoolss print job identifier is now passed to the cups layer via
struct printjob, therefore it is no longer necessary to parse the job
filename to determine it.
David Disseldorp [Thu, 26 Jan 2012 14:28:34 +0000 (15:28 +0100)]
s3-printing: store print jobid as part of struct printjob
Printing code in some places relies upon the spool-file format to
retrieve the print jobid. By storing the jobid as part of struct
printjob, and hence in the printing TDB, we can move away from this ugly
behaviour.
s3: Make us survive smb2.lock.rw-shared with aio enabled
schedule_aio_smb2_write can return NT_STATUS_FILE_LOCK_CONFLICT.
This is a valid error code that smb2.lock.rw-shared expects and
checks for. The code before this patch maps this to NT_STATUS_FILE_CLOSED,
masking the real, correct error message.
Fix bug #9040 - Using asynchronous IO with SMB2 can return NT_STATUS_FILE_CLOSED
in error instead ofNT_STATUS_FILE_LOCK_CONFLICT.
Jeremy Allison [Wed, 11 Jul 2012 04:13:03 +0000 (21:13 -0700)]
Fix bug #9034 - Typo in set_re_uid() call when USE_SETRESUID selected in configure.
Previous code only set the real euid, not the effective one. This is not a security issue
as this is *only* used in the quota code, and only between code that brackets
it with save_re_uid()/restore_re_uid(), Also this is not used on most platforms
(we use USE_SETREUID by preference) but it's better to have this right.
Volker Lendecke [Fri, 22 Jun 2012 13:46:13 +0000 (15:46 +0200)]
s3-vfs_gpfs: Fix bug #9003, posix acl on gpfs
gpfs2smb_acl can leave errno!=0 around even if it returned a correct
result!=NULL. We can only rely on errno being set if another error
condition (in this case result==NULL) indicates an error. If
result!=NULL, errno is undefined and can be anything. This leads to
SAFE_FREE(result) further down even in the success case.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 22 19:27:39 CEST 2012 on sn-devel-104
(cherry picked from commit e7b58146d8576ae8bf4eaf2ec1063fe7697e05b8)
Björn Jacke [Wed, 13 Jun 2012 17:28:06 +0000 (19:28 +0200)]
s3: fix build without ads support
when we have no ads support we don't have the ads_get_sid_token symbol used in
this unused code :-)
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Jun 13 21:20:15 CEST 2012 on sn-devel-104
(cherry picked from commit 43c56dc4255a7a6cbd176e6ae66a7652c6d72d2c)
Fix bug #8996 - build without ads support (e.g. plain solaris 8) broken.
Olaf Flebbe [Fri, 28 Oct 2011 07:59:07 +0000 (09:59 +0200)]
s3: Correct documentation of case sensitive
this fixes bug #8552
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Jun 22 21:59:59 CEST 2012 on sn-devel-104
(cherry picked from commit 8558e321c5fc7eab94f47b243024e0439dfe1378)
Jeremy Allison [Mon, 18 Jun 2012 23:24:12 +0000 (16:24 -0700)]
Same fix as bug 8989 - Samba 3.5.x (and probably all other versions of Samba) does not send correct responses to NT Transact Secondary when no data and no params
for the Trans2 calls. See MS-CIFS 2.2.4.47.2 for details.
Jeremy Allison [Mon, 18 Jun 2012 23:23:13 +0000 (16:23 -0700)]
Fix Bug 8989 - Samba 3.5.x (and probably all other versions of Samba) does not send correct responses to NT Transact Secondary when no data and no params
Found by Richard Sharpe <realrichardsharpe@gmail.com>. The correct
command code in a reply to NT Transact Secondary (0xa1) is
NT Transact (0xa0).
s3:smbd: use fsp_persistent_id() as persistent_file_id part for SMB2 (bug #8995)
It seems to be important to have unique persistent file ids,
because windows clients seem to index files by server_guid + persistent_file_id.
Which may break, if we just have a 16-bit range per connection
and the client connects multiple times.
Based on code from Ira Cooper. Use fsp->fh->gen_id as the persistent
fileid in SMB2.
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jun 14 22:04:13 CEST 2012 on sn-devel-104
projects / thirdparty / samba.git / log
