Jeremy Allison [Fri, 10 Jun 2016 16:32:32 +0000 (09:32 -0700)]
s4: torture: Added raw readX test to ensure 'reserved' fields are zero.
Passes against Win2k12+, and smbd with the previous patch.
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Sat Jun 18 19:32:22 CEST 2016 on sn-devel-144
Jeremy Allison [Mon, 13 Jun 2016 16:30:25 +0000 (09:30 -0700)]
s3: smbd: In reply_read_and_X() SMB1 server is overwriting part of the 'reserved' zero fields with reply data length.
This occurred due to old code that used to do:
SSVAL(smb_buf(req->outbuf),-2,nread);
to set the reply length. This code was not needed,
as srv_set_message() was already correctly setting
the bcc length and was probably left from much
earlier legacy code.
This code actually overwrites the last 'reserved'
field in the SMB_COM_READ_ANDX packet reply, but we
never noticed as no client (or server code) looks at or
checks vwv11 in a SMB_COM_READ_ANDX reply.
and indeed checking wireshark from Win2012R2
we find that smbd is writing the returned
read length into smb_vwv11 and Windows leaves
it as zeros (reserved).
Also fix the same problem in the named pipes code.
Torture test to ensure Reserved2[4] replies
are zero to follow.
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit e57f9e15d08ed46b2fac2562d1027c6a2ba80dac)
Jeremy Allison [Mon, 13 Jun 2016 16:25:02 +0000 (09:25 -0700)]
s3: smbd: Use common function setup_readX_header() in aio read code.
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 6507336d6646b7709768c19a03eac61ea30cce31)
Jeremy Allison [Mon, 13 Jun 2016 16:22:56 +0000 (09:22 -0700)]
s3: smbd: Make setup_readX_header() externally accessible
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 2ff3171fba931e621581336c975bae146a2ea3a9)
Jeremy Allison [Mon, 13 Jun 2016 16:20:43 +0000 (09:20 -0700)]
s3: smbd: Remove unused 'req' argument from setup_readX_header()
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 1e29a1ce067e5f5b5159bcd20d37c6945bcc3900)
Uri Simchoni [Thu, 3 Mar 2016 07:18:58 +0000 (09:18 +0200)]
libnet: make Kerberos domain join site-aware
When joining a domain using Kerberos authentication, create a
configuration file for the Kerberos libs to prefer on-site
domain controllers, without relying on the winbindd Kerberos
locator, which many not be operational at this stage.
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 8 01:30:35 CET 2016 on sn-devel-144
Uri Simchoni [Thu, 3 Mar 2016 07:18:44 +0000 (09:18 +0200)]
dsgetdcname: return an IP address on rediscovery
When dsgetdcname return its result based on discovery
process (instead of retrieving cached value), always
return the found server's IP address in dc_address field,
rather than its netbios name.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Jun 9 13:18:56 CEST 2016 on sn-devel-144
Signed-off-by: Lorinczy Zsigmond <lzsiga@freemail.c3.hu> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jun 3 03:48:58 CEST 2016 on sn-devel-144
Provide fallback code for non-portable clearenv(3)
clearenv(3) is a GNU extension that was rejected twice by POSIX,
without an easy, portable alternative.
As the dovecot project notes,
"""
environ = NULL crashes on OSX - and OpenBSD < 6.0
*environ = NULL doesn't work on FreeBSD 7.0
environ = emptyenv doesn't work on Haiku OS
environ = calloc should work everywhere
"""
(source: http://hg.dovecot.org/dovecot-2.0/file/48f90e7e92dc/src/lib/env-util.c)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11864 Signed-off-by: Jérémie Courrèges-Anglas <jca@wxcvbn.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 29 00:12:02 CEST 2016 on sn-devel-144
Christian Ambach [Wed, 11 May 2016 17:21:20 +0000 (19:21 +0200)]
s3:selftest add a test for rpcclient --pw-nt-hash option
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d0cdf02dc9733dae960021ff1ca07587d8155e58)
Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Tue May 31 16:34:38 CEST 2016 on sn-devel-104
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4fe59879cc2a608194578e33e27e0dc1e2f0fc58)
Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed May 25 20:25:44 CEST 2016 on sn-devel-144
This way we will be able to see the log in the cups logs and are able to
debug issues.
https://bugzilla.samba.org/show_bug.cgi?id=11935
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit e59e0a5481196b1ddda0393306c514b8c32d6ea0)
Hemanth Thummala [Wed, 25 May 2016 06:15:04 +0000 (23:15 -0700)]
Fix memory leak in share mode locking.
Not freeing up(and reparenting to NULL context) ndr buffer
used for TDB updates resulting in huge memory leak when there
in high volume of opens and closes happening on same object.
Free the buffer before reparenting its parent to NULL context.
https://bugzilla.samba.org/show_bug.cgi?id=11934
Signed-off-by: Hemanth Thummala <hemanth.thummala@nutanix.com> Signed-off-by: Saji VR <saji.vr@nutanix.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri May 27 18:43:31 CEST 2016 on sn-devel-144
Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Jose A. Rivera <jarrpa@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed May 18 19:26:49 CEST 2016 on sn-devel-144
Anoop C S [Tue, 10 May 2016 15:37:01 +0000 (21:07 +0530)]
packaging: Set default limit for core file size in init scripts
SysV init scripts used for initiating smb and winbind services
determines the value for default limit of coredump from variable
named DAEMON_COREFILE_LIMIT within a bash env. Therefore this
patch explicitly sets this variable to 'unlimited' so as to have
no limit for core file size by default.
Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Jose A. Rivera <jarrpa@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit ba9ccc6be48e8541748afbf31d5e5dba7d1baf8e)
Anoop C S [Tue, 10 May 2016 09:20:14 +0000 (14:50 +0530)]
packaging: Remove ulimit usage for setting core file size limit
Recent commit ebd139c4db7e51a2d7843a773991f15cadf504dd modified smb.init
to set core file size to 'unlimited' by default using the ulimit command.
But when smb and winbind services are initiated via sysv init scripts,
another variable named DAEMON_COREFILE_LIMIT takes higher priority in
deciding the core file size. Therefore setting default value using ulimit
command is useless.
Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Jose A. Rivera <jarrpa@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 46524b4543acc9d104d85136c0a4a9e006fc099c)
This means we'll use the "client ipc min protocol", "client ipc max protocol"
and "client ipc signing" options. But "--signing=no" or "--signing=required"
still overwrite "client ipc signing".
The following can be used to alter the max protocol
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 21 05:01:15 CEST 2016 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon May 9 22:27:21 CEST 2016 on sn-devel-144
Christian Ambach [Tue, 10 May 2016 17:47:02 +0000 (19:47 +0200)]
s3:libsmb/clifile use correct value for MaxParameterCount for setting EAs
Windows servers will refuse trans2 requests which use excessive
request parameters. From [MS-CIFS|:
<239> Section 3.3.5.2.5: Windows NT servers fail a transaction request with
STATUS_INSUFF_SERVER_RESOURCES, if (SetupCount + MaxSetupCount +
TotalParameterCount + MaxParameterCount + TotalDataCount + MaxDataCount)
is greater than 65*1024.
When attempting to set a large list of EAs for a file, this limit can be
hit when using CLI_BUFFER_SIZE as MaxDataCount
while the TRANS2_SET_PATH_INFORMATION response has no data reply,
only parameters (section 2.2.6.7.2).
Be as minimal as possible here to allow a maximum number of EAs to
be written.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11354 Reviewed-by: Jeremy Allison <jra@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 11 18:35:59 CEST 2016 on sn-devel-144
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May 4 17:58:05 CEST 2016 on sn-devel-144
Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Mon May 9 14:04:05 CEST 2016 on sn-devel-104
Ira Cooper [Thu, 3 Mar 2016 18:47:32 +0000 (13:47 -0500)]
source3: Honor the core soft limit of the OS.
We should honor the soft limits set by the operating system.
In any case, 16M doesn't make a useful coredump for modern
Samba.
Signed-off-by: Ira Cooper <ira@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 5 00:39:48 CET 2016 on sn-devel-144
Uri Simchoni [Thu, 5 May 2016 20:40:22 +0000 (23:40 +0300)]
heimdal: encode/decode kvno as signed integer
This patch changes the encoding/decoding of kvno (key version number)
in blobs and packets to signed integer, for compatibility with Windows.
Reportedly, MIT Kerberos does the same.
According to the Kerberos spec (RFC 4120 5.2.9), the kvno field
in encrypted data object is an unsigned integer that fits in
32 bits. The Heimdal Kerberos component bundled with Samba
conforms to this. However, Windows deviates from the standard
and encodes kvno as a signed integer, and this creates
interoperability issues.
ASN.1 DER has no special encoding for unsigned integer. A 32-bit
unsigned integer is encoded as a signed integer, so while a signed
32-bit integer (covering the range of -0x80000000..0x7fffffff) is
encoded using up to 4 bytes, an unsigned integer (covering
0..0xffffffff) could require 5 bytes.
Normally, kvno for a given account starts at 1 and increments on
password changes. Kerberos defined this as unsigned because there's
no meaning for negative version numbers, so the standard writers figured
4 billion versions is better than 2 billion. It was not
expected for a kvno to really go past 0x7fffffff and the disctinction
usually does not matter. However, RODCs use kvnos which
have the most-significant bit set.
In Active Directory, RODCs have a private secret for the krbtgt,
because the assumption is that the RODC is less secure, and
recovering the domain krbtgt secret from the RODC would compromise
the security of the entire domain. The kvno field is being used
to identify the private krbtgt account that owns the key - the
upper 16 bits are the RODC id, and the lower 16 bits identify
the key version number for this specific RODC. It's common to
have an RODC id greater than 0x8000, and therefore to have a
kvno larger than 0x7fffffff, which would be DER-encoded using
5 bytes.
Windows encodes kvno as signed integer - basically taking the
32 bits and treating them as a signed integer rather than an
unsigned integer. This means that in Windows a kvno can
always be encoded using 4 bytes, and Windows DCs reject a kvno
encoded using more than 4 bytes without even generating an error
response (the DC assumes it's an attack).
Heimdal re-encodes the TGT when it creates a TGS request. Obviously
it cannot decode and encode the encrypted parts but it does re-encode
the plain parts, which include the kvno. That leads to a 5-byte
kvno in the TGS request, which is rejected without an error
response.
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat May 7 21:14:21 CEST 2016 on sn-devel-144
Ralph Boehme [Mon, 11 Apr 2016 10:17:22 +0000 (12:17 +0200)]
vfs_fruit: add an option that allows disabling POSIX rename behaviour
https://bugzilla.samba.org/show_bug.cgi?id=11721
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 5 00:04:50 CEST 2016 on sn-devel-144
not sure how this chunk ended up there, but I agree with
the statement in the comment that behavior should not depend
on developer mode
make test does not seem to depend on it anymore.
This piece had some bad influence on the tests I wrote
for case insensitivite behavior of SMB2/3, so let us
remove this technical debt.
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
The last 3 patches address
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11438
Robin McCorkell [Mon, 2 May 2016 20:48:14 +0000 (21:48 +0100)]
Correctly set cli->raw_status for libsmbclient in SMB2 code
The SMB2 file handling code wasn't correctly setting raw_status, which
is used by libsmbclient to report file open errors etc.
https://bugzilla.samba.org/show_bug.cgi?id=11276
Signed-off-by: Robin McCorkell <robin@mccorkell.me.uk> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 2a872e2b66f373b3c96b315b13c9f06a15522e13)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 28 20:16:45 CEST 2016 on sn-devel-144
Currently there is no signal handling available for notify daemon.
Signals like SIGHUP and SIGUSR1 can lead to terminate the notify
daemon. Masking these signals for notifyd as we are not handling them.
Signed-off-by: Partha Sarathi <partha@exablox.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Apr 27 05:39:01 CEST 2016 on sn-devel-144
Uri Simchoni [Mon, 18 Apr 2016 20:08:38 +0000 (23:08 +0300)]
libads: record session expiry for spnego sasl binds
With the move to gensec-based spnego, record the session expiry
in tgs_expire, so that libads users such as winbindd can use this info
to determine how long to keep the connection.
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Apr 19 16:53:57 CEST 2016 on sn-devel-144
libsmb/pysmb: add pytalloc-util dependency to fix the build.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Feb 2 15:49:14 CET 2016 on sn-devel-144
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Mar 15 07:08:16 CET 2016 on sn-devel-144
Andrew Bartlett [Tue, 16 Feb 2016 02:15:44 +0000 (15:15 +1300)]
pydsdb: Fix returning of ldb.MessageElement.
This object is not based on pytalloc_Object and so this causes
a segfault (later a failure) when the struct definitions diverge.
We must also not reuse the incoming ldb_message_element as a talloc
context and overwrite the values, instead we should create a new
object and return that.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit b96b1e88f760c92c7d9bb7e732f72d7e73a68907)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789
Andrew Bartlett [Tue, 22 Sep 2015 03:25:30 +0000 (15:25 +1200)]
pydsdb: Also accept ldb.MessageElement values to dsdb routines
This shows the correct way to accept a value that may be a list of strings
or a proper ldb.MessageElement.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit b48776d78b446ad4abd4a6bc2ba6b488a29b11d2)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 6 03:46:55 CEST 2016 on sn-devel-144
Uri Simchoni [Mon, 21 Mar 2016 21:04:24 +0000 (23:04 +0200)]
vfs_acl_common: avoid setting POSIX ACLs if "ignore system acls" is set
When "ignore system acls" is set, do not mess at all with POSIX ACLS,
do not even calculate the would-be POSIX-ACL-based security descriptor
(for performance reasons).
Instead, just store a V3 blob with zero hash. This means that if we
later read the ACL without ignoring system ACLs, the NT ACL shall be
reset to the info derivable from the POSIX ACL.
File ownership is still modified as it has bearing on disk quotas.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 19 19:12:25 CET 2016 on sn-devel-144
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Feb 18 01:42:50 CET 2016 on sn-devel-144
* Fix bug in poll backend - poll_event_loop_poll()
exits the for loop on POLLNVAL instead of
continuing to find an event that is ready.
* Fix ETIME handling for Solaris event ports (bug #11728).
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Feb 16 00:00:51 CET 2016 on sn-devel-144
Nathan Huff [Fri, 5 Feb 2016 20:35:07 +0000 (13:35 -0700)]
Fix ETIME handling for Solaris event ports.
It is possible for port_getn to return -1 with errno set to ETIME and
still return events. If those events aren't processed the association is
lost by samba since the kernel dissacociated them and samba never
processed them so never reassociated them with the event port. The
patch checks the nget return value in the case of ETIME and if it is non
0 it doesn't return and goes through the event processing loop.
Signed-off-by: Nathan Huff <nhuff@acm.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun Feb 7 11:26:35 CET 2016 on sn-devel-144
projects / thirdparty / samba.git / log
