[SCM] Samba Shared Repository - branch v4-0-test updated
Karolin Seeger
kseeger at samba.org
Tue Sep 2 14:46:03 MDT 2014
The branch, v4-0-test has been updated
via d14c83e s3: winbindd: On new client connect, prune idle or hung connections older than "winbind request timeout"
via 36f55df s3: winbindd: Add new parameter "winbind request timeout" set to 60 seconds with man page.
via bd576b8 dosmode: fix FSCTL_SET_SPARSE request validation
via 9a1a13a smbd: Properly initialize mangle_hash
via 77e7db9 Don't discard result of checking grouptype
via 691fe9a docs: Fix typos in smb.conf (inherit acls)
via 851b93d samba: Retain case sensitivity of cifs client
via 2eb6bbd printing: reload printer shares on OpenPrinter
via 668127f smbd: split printer reload processing
via 051cd1d server: remove duplicate snum_is_shared_printer()
via 1a2a342 smbd: only reprocess printer_list.tdb if it changed
via 918f7db printing: return last change time with pcap_cache_loaded()
via a4b2289 printing: remove pcap_cache_add()
via bad147d printing: reload printer_list.tdb from in memory list
via a97c2db printing: only reload printer shares on client enum
via c82338f printing: traverse_read the printer list for share updates
via d3fb60a s3: smbd : SMB2 - fix SMB2_SEARCH when searching non wildcard string with a case-canonicalized share.
via 8a2f945 s3: smbd - SMB[2|3]. Ensure a \ or / can't be found anywhere in a search path, not just at the start.
via 9977aa9 s3: enforce a positive allocation_file_size for non-empty files (bug #10543)
via 7ff8102 passdb: fix NT_STATUS_NO_SUCH_GROUP
via 8c97d9a s3:libsmb: Set a max charge for SMB2 connections
via cad42ef s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common().
via 9fadcf3 libcli/security: add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info()
via c0ddfc1 s3:smbd: mask security_information input values with SMB_SUPPORTED_SECINFO_FLAGS
via 04916e0 security.idl: add SMB_SUPPORTED_SECINFO_FLAGS
via 6db4a91 Fixed a memory leak in cli_set_mntpoint().
via 624a52f lib: Remove unused nstrcpy
via 796afb4 build: fix configure to honour --without-dmapi
from 473ccb5 tests: dnsserver: Add a update test with name set to '.'
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit d14c83e072045cd2f638c4e4484a9f2ea71b9460
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jul 25 12:46:46 2014 -0700
s3: winbindd: On new client connect, prune idle or hung connections older than "winbind request timeout"
Bug 3204 winbindd: Exceeding 200 client connections, no idle connection found
https://bugzilla.samba.org/show_bug.cgi?id=3204
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ira Cooper <ira at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jul 29 23:31:14 CEST 2014 on sn-devel-104
(cherry picked from commit f9588675ea3cb2f1fabd07a4ea8b2138d65aee83)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-0-test): Tue Sep 2 22:45:38 CEST 2014 on sn-devel-104
commit 36f55df047e58e79b22ff46fcfcf2758ab58e9b6
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jul 29 14:53:11 2014 -0700
s3: winbindd: Add new parameter "winbind request timeout" set to 60 seconds with man page.
"This parameter specifies the number of seconds the winbindd
daemon will wait before disconnecting either a client connection
with no outstanding requests (idle) or a client connection with a
request that has remained outstanding (hung) for longer than this
number of seconds."
Bug 3204 winbindd: Exceeding 200 client connections, no idle connection found
https://bugzilla.samba.org/show_bug.cgi?id=3204
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ira Cooper <ira at samba.org>
commit bd576b832248f07d66f5921d3d2eedef7602d856
Author: David Disseldorp <ddiss at samba.org>
Date: Wed Aug 27 15:42:00 2014 +0200
dosmode: fix FSCTL_SET_SPARSE request validation
Check that FSCTL_SET_SPARSE requests does not refer to directories. Also
reject such requests when issued over IPC or printer share connections.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10787
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 28 04:22:37 CEST 2014 on sn-devel-104
(cherry picked from commit 0751495b1327d002b79482632b7c590cae6e3f9d)
commit 9a1a13ab5712fa021fdbce75a12c2bc47af24568
Author: Volker Lendecke <vl at samba.org>
Date: Tue Aug 19 14:32:15 2014 +0000
smbd: Properly initialize mangle_hash
[Bug 10782] mangle_hash() can fail to initialize charset (smbd crash).
https://bugzilla.samba.org/show_bug.cgi?id=10782
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 26 01:30:38 CEST 2014 on sn-devel-104
commit 77e7db987f5bc1fa8a452fd2de1c4564e82fe4b7
Author: Roel van Meer <roel at 1afa.com>
Date: Fri Aug 22 15:11:04 2014 +0200
Don't discard result of checking grouptype
The pdb_samba_dsdb_getgrfilter() function first determines the security type
of a group and sets map->sid_name_use accordingly. A little later, this
variable is set again, undoing the previous work.
https://bugzilla.samba.org/show_bug.cgi?id=10777
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Simo Sorce <idra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Aug 23 02:48:52 CEST 2014 on sn-devel-104
commit 691fe9a25c2e804bd47b13e67abb5a522d1828b8
Author: Marc Muehlfeld <mmuehlfeld at samba.org>
Date: Wed Aug 6 21:36:26 2014 +0200
docs: Fix typos in smb.conf (inherit acls)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10761
Signed-off-by: Marc Muehlfeld <mmuehlfeld at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Thu Aug 7 00:52:42 CEST 2014 on sn-devel-104
(cherry picked from commit 4639f6d7bab9d8d6ee46bf5c65ff73a17a56cb17)
commit 851b93ddf4808201cb820bc0ae2a4e6f4f824eb0
Author: Shirish Pargaonkar <spargaonkar at suse.com>
Date: Sat Jul 26 10:41:25 2014 -0500
samba: Retain case sensitivity of cifs client
When a client supports extended security but server does not,
and that client, in Flags2 field of smb header indicates that
- it supports extended security negotiation
- it does not support security signatures
- it does not require security signatures
Samba server treats a client as a Vista client.
That turns off case sensitivity and that is a problem for cifs vfs client.
So include remote cifs client along with remote samba client
to not do so otherwise.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10755
Signed-off-by: Shirish Pargaonkar <spargaonkar at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Fri Aug 1 16:11:43 CEST 2014 on sn-devel-104
(cherry picked from commit a0583976da2ba09da0fd94f739ed4f5851e2a858)
commit 2eb6bbd34a975ffa69f497054e73339dbf2582a7
Author: David Disseldorp <ddiss at samba.org>
Date: Tue Aug 5 17:33:33 2014 +0200
printing: reload printer shares on OpenPrinter
The printer share inventory should be reloaded on open _and_
enumeration, as there are some clients, such as cupsaddsmb, that do not
perform an enumeration prior to access.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Aug 8 16:33:50 CEST 2014 on sn-devel-104
(cherry picked from commit 1ad71f79eb473822d36d9629cf52c2fca4c53752)
commit 668127f5f4d91891ca6a901c809746fdb3b79a9c
Author: David Disseldorp <ddiss at samba.org>
Date: Fri Aug 1 16:25:59 2014 +0200
smbd: split printer reload processing
All printer inventory updates are currently done via
delete_and_reload_printers(), which handles registry.tdb updates for
added or removed printers, AD printer unpublishing on removal, as well
as share service creation and deletion.
This change splits this functionality into two functions such that
per-client smbd processes do not perform registry.tdb updates or printer
unpublishing. This is now only performed by the process that performs
the printcap cache update.
This change is similar to ac6604868d1325dd4c872dc0f6ab056d10ebaecf from
the 3.6 branch.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 2706af4d78fc9a47a4ac45b373edf276e3a9b354)
commit 051cd1d83c462c6d07073ee60933086181fd5407
Author: David Disseldorp <ddiss at samba.org>
Date: Tue Aug 5 18:45:24 2014 +0200
server: remove duplicate snum_is_shared_printer()
Only keep a single definition in server_reload.c
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 2685df1177ffd39b1af34eb116bd7b24d4b12974)
commit 1a2a342bdf2888138fce1abb7cad8657832d94a4
Author: David Disseldorp <ddiss at samba.org>
Date: Wed Jul 23 14:42:00 2014 +0200
smbd: only reprocess printer_list.tdb if it changed
The per-client smbd printer share inventory is currently updated from
printer_list.tdb when a client enumerates printers, via EnumPrinters or
NetShareEnum.
printer_list.tdb is populated by the background print process, based on
the latest printcap values retrieved from the printing backend (e.g.
CUPS) at regular intervals.
This change ensures that per-client smbd processes don't reparse
printer_list.tdb if it hasn't been updated since the last enumeration.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Suggested-by: Volker Lendecke <vl at samba.org>
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit a2182e03a061de6c1f111ce083cb5f668fe75e4e)
commit 918f7db02fd9862b37bc8ff16f7a1645ce759d0e
Author: David Disseldorp <ddiss at samba.org>
Date: Wed Jul 23 12:12:34 2014 +0200
printing: return last change time with pcap_cache_loaded()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 30ce835670a6aeca6fb960ea7c4fe1b982bdd5b0)
[ddiss at samba.org: rebasead for 4.0 with swat]
commit a4b2289cb963e0dc070c4ad2235b790d736d021d
Author: David Disseldorp <ddiss at samba.org>
Date: Fri Jul 25 12:18:54 2014 +0200
printing: remove pcap_cache_add()
All print list updates are now done via pcap_cache_replace(), which can
call into the print_list code directly.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 6d75e20ca8acf1a55838694ac77940e21e9a1e6a)
commit bad147dc1dd3ae09b83511ed99b75e271205f724
Author: David Disseldorp <ddiss at samba.org>
Date: Tue Jul 22 20:17:38 2014 +0200
printing: reload printer_list.tdb from in memory list
This will allow in future for a single atomic printer_list.tdb update.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit e5e6e2c796f026ee6b04f99b327941d57b9bd026)
commit a97c2dbb87f614e3a38763c3fd7007bc76057a03
Author: David Disseldorp <ddiss at samba.org>
Date: Fri Jul 11 17:00:05 2014 +0200
printing: only reload printer shares on client enum
Currently, automatic printer share updates are handled in the following
way:
- Background printer process (BPP) forked on startup
- Parent smbd and per-client children await MSG_PRINTER_PCAP messages
- BPP periodically polls the printing backend for printcap data
- printcap data written to printer_list.tdb
- MSG_PRINTER_PCAP sent to all smbd processes following update
- smbd processes all read the latest printer_list.tdb data, and update
their share listings
This procedure is not scalable, as all smbd processes hit
printer_list.tdb in parallel, resulting in a large spike in CPU usage.
This change sees smbd processes only update their printer share lists
only when a client asks for this information, e.g. via NetShareEnum or
EnumPrinters.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Suggested-by: Volker Lendecke <vl at samba.org>
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 4f4501ac1f35ab15f25d207c0d33e7c4d1abdf38)
commit c82338f5aa013fbd0d394f5a8dced3a4eea04d31
Author: David Disseldorp <ddiss at samba.org>
Date: Thu Jul 10 00:18:10 2014 +0200
printing: traverse_read the printer list for share updates
The printcap update procedure involves the background printer process
obtaining the printcap information from the printing backend, writing
this to printer_list.tdb, and then notifying all smbd processes of the
new list. The processes then all attempt to simultaneously traverse
printer_list.tdb, in order to update their local share lists.
With a large number of printers, and a large number of per-client smbd
processes, this traversal results in significant lock contention, mostly
due to the fact that the traversal is unnecessarily done with an
exclusive (write) lock on the printer_list.tdb database.
This commit changes the share update code path to perform a read-only
traversal.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652
Reported-by: Alex K <korobkin+samba at gmail.com>
Reported-by: Franz Pförtsch <franz.pfoertsch at brose.com>
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 1e83435eac2cef03fccb4cf69ef5e0bfbd710410)
commit d3fb60ad8bd021db1a99a813d25b31613d03dfe9
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 10 15:58:15 2014 -0700
s3: smbd : SMB2 - fix SMB2_SEARCH when searching non wildcard string with a case-canonicalized share.
We need to go through filename_convert() in order for the filename
canonicalization to be done on a non-wildcard search string (as is
done in the SMB1 findfirst code path).
Fixes Bug #10650 - "case sensitive = True" option doesn't work with "max protocol = SMB2" or higher in large directories.
https://bugzilla.samba.org/show_bug.cgi?id=10650
Signed-off-by: Jeremy Allison <jra at samba.org>
commit 8a2f945031b685e21f99d118e2ba184587a0f4b7
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 10 14:41:45 2014 -0700
s3: smbd - SMB[2|3]. Ensure a \ or / can't be found anywhere in a search path, not just at the start.
Signed-off-by: Jeremy Allison <jra at samba.org>
commit 9977aa9c79648c13e3f306df4d1bd64335977019
Author: Björn Baumbach <bb at sernet.de>
Date: Thu Mar 27 11:17:30 2014 +0100
s3: enforce a positive allocation_file_size for non-empty files (bug #10543)
Some file systems do not allocate a block for very
small files. But for non-empty file should report a
positive size.
Pair-Programmed-With: Michael Adam <obnox at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Apr 5 03:09:00 CEST 2014 on sn-devel-104
(cherry picked from commit c35b31f45244a8339684c3b83a7d86eefb80e0da)
commit 7ff8102d3e3f4beec4046bfa473cedc608a705b4
Author: Arvid Requate <requate at univention.de>
Date: Thu Jan 17 16:44:28 2013 +0100
passdb: fix NT_STATUS_NO_SUCH_GROUP
Share options like "force group" and "valid users = @group1"
triggered a NT_STATUS_NO_SUCH_GROUP. While the group was found in
the SAM backend, its objectclass was not retrived.
This fix also revealed a talloc access after free in the group
branch of pdb_samba_dsdb_getgrfilter.
[Bug 9570] Access failure for shares with "force group" or "valid users = @group"
https://bugzilla.samba.org/show_bug.cgi?id=9570
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8c97d9a2c1724dfac0c3de08502d247c72ca1825
Author: Ross Lagerwall <rosslagerwall at gmail.com>
Date: Thu Aug 21 07:32:36 2014 +0100
s3:libsmb: Set a max charge for SMB2 connections
Set a max charge for SMB2 connections so that larger request sizes can
be used and more requests can be in flight.
Signed-off-by: Ross Lagerwall <rosslagerwall at gmail.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Aug 21 17:31:11 CEST 2014 on sn-devel-104
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10778
libsmbclient with SMB2 doesn't pipeline or use large blocks
commit cad42efabe0812a63ba094ef054c9be8521ace3a
Author: Jeremy Allison <jra at samba.org>
Date: Thu Aug 21 16:28:42 2014 -0700
s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common().
Tidy-up of code obsoleted by fixes for bug #10773 (SECINFO_PROTECTED_DACL is not ignored).
We now never pass SECINFO_PROTECTED_DACL in security_information flags to this layer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Aug 22 11:26:57 CEST 2014 on sn-devel-104
commit 9fadcf3908d647819defb3e69de7720d33cee0d4
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 20 15:00:59 2014 +0200
libcli/security: add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Aug 22 02:52:50 CEST 2014 on sn-devel-104
commit c0ddfc126716457f3bfc19e4aa30a632abb21073
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 20 13:58:38 2014 +0200
s3:smbd: mask security_information input values with SMB_SUPPORTED_SECINFO_FLAGS
Sometimes Windows clients doesn't filter SECINFO_[UN]PROTECTED_[D|S]ACL flags
before sending the security_information to the server.
security_information = SECINFO_PROTECTED_DACL| SECINFO_DACL
results in a NULL dacl being returned from an GetSecurityDecriptor
request. This happens because posix_get_nt_acl_common()
has the following logic:
if ((security_info & SECINFO_DACL) && !(security_info & SECINFO_PROTECTED_DACL)) {
... create DACL ...
}
I'm not sure if the logic is correct or wrong in this place (I guess it's
wrong...).
But what I know is that the SMB server should filter the given
security_information flags before passing to the filesystem.
[MS-SMB2] 3.3.5.20.3 Handling SMB2_0_INFO_SECURITY
...
The server MUST ignore any flag value in the AdditionalInformation field that
is not specified in section 2.2.37.
Section 2.2.37 lists:
OWNER_SECURITY_INFORMATION
GROUP_SECURITY_INFORMATION
DACL_SECURITY_INFORMATION
SACL_SECURITY_INFORMATION
LABEL_SECURITY_INFORMATION
ATTRIBUTE_SECURITY_INFORMATION
SCOPE_SECURITY_INFORMATION
BACKUP_SECURITY_INFORMATION
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 04916e0d2ed573c6aa0838e3f28ff6fffab00166
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 20 13:43:13 2014 +0200
security.idl: add SMB_SUPPORTED_SECINFO_FLAGS
A SMB server should only care about specific SECINFO flags
and ignore others e.g. SECINFO_PROTECTED_DACL.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 6db4a9118b55f9991931cb435137d421396e60c1
Author: Har Gagan Sahai <SHarGagan at novell.com>
Date: Wed Aug 6 14:32:35 2014 +0530
Fixed a memory leak in cli_set_mntpoint().
Fixes bug #10759 - Memory leak in libsmbclient in cli_set_mntpoint function
https://bugzilla.samba.org/show_bug.cgi?id=10759
Signed-off-by: Har Gagan Sahai <SHarGagan at novell.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Aug 13 04:36:50 CEST 2014 on sn-devel-104
commit 624a52f7f68779b78b05a498f6b98f7409af5b5f
Author: Volker Lendecke <vl at samba.org>
Date: Mon Aug 4 07:29:14 2014 +0200
lib: Remove unused nstrcpy
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10758
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Aug 4 09:58:16 CEST 2014 on sn-devel-104
Signed-off-by: Volker Lendecke <vl at samba.org>
commit 796afb4677673787958bbe97148b36d50b7ed79f
Author: Michael Adam <obnox at samba.org>
Date: Mon Aug 18 11:42:27 2014 +0200
build: fix configure to honour --without-dmapi
Previously, --without-dmapi would still autodetect and link a useable dmapi
library. This change allows to build without dmapi support even when a dmapi
library is found.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10369
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Michael Adam <obnox at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2afacf940f21759c08bcc4a6e906428595966a19)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/smbdotconf/security/inheritowner.xml | 6 +-
.../smbdotconf/winbind/winbindrequesttimeout.xml | 16 +++
lib/param/param_functions.c | 1 +
lib/param/param_table.c | 9 ++
lib/util/string_wrappers.h | 5 -
libcli/security/secdesc.c | 36 ++++---
librpc/idl/security.idl | 18 ++++
source3/include/proto.h | 1 +
source3/libsmb/clidfs.c | 6 +-
source3/libsmb/libsmb_server.c | 5 +
source3/modules/vfs_default.c | 12 +++
source3/param/loadparm.c | 1 +
source3/passdb/pdb_samba_dsdb.c | 6 +-
source3/printing/load.c | 4 +-
source3/printing/pcap.c | 54 +++++------
source3/printing/pcap.h | 13 +--
source3/printing/print_aix.c | 17 +++-
source3/printing/print_iprint.c | 16 ++-
source3/printing/print_standard.c | 8 +-
source3/printing/print_svid.c | 11 ++-
source3/printing/printer_list.c | 17 ++-
source3/printing/printer_list.h | 4 +-
source3/printing/queue_process.c | 102 +++++++++++++++++++-
source3/printing/spoolssd.c | 38 ++------
source3/rpc_server/spoolss/srv_spoolss_nt.c | 30 ++++--
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 1 +
source3/smbd/dosmode.c | 13 +++
source3/smbd/lanman.c | 1 +
source3/smbd/mangle_hash.c | 4 +
source3/smbd/negprot.c | 3 +-
source3/smbd/nttrans.c | 7 +-
source3/smbd/posix_acls.c | 2 +-
source3/smbd/proto.h | 1 +
source3/smbd/server.c | 20 ----
source3/smbd/server_reload.c | 74 ++++++---------
source3/smbd/smb2_find.c | 41 +++++++-
source3/smbd/smb2_getinfo.c | 3 +-
source3/smbd/smb2_setinfo.c | 3 +-
source3/web/swat.c | 4 +-
source3/winbindd/winbindd.c | 36 +++++++
source3/wscript | 72 +++++++++------
41 files changed, 479 insertions(+), 242 deletions(-)
create mode 100644 docs-xml/smbdotconf/winbind/winbindrequesttimeout.xml
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/security/inheritowner.xml b/docs-xml/smbdotconf/security/inheritowner.xml
index ba4fc61..0ed8285 100644
--- a/docs-xml/smbdotconf/security/inheritowner.xml
+++ b/docs-xml/smbdotconf/security/inheritowner.xml
@@ -10,9 +10,9 @@
by the ownership of the parent directory.</para>
<para>Common scenarios where this behavior is useful is in
- implementing drop-boxes where users can create and edit files but not
- delete them and to ensure that newly create files in a user's
- roaming profile directory are actually owner by the user.</para>
+ implementing drop-boxes, where users can create and edit files but
+ not delete them and ensuring that newly created files in a user's
+ roaming profile directory are actually owned by the user.</para>
</description>
<related>inherit permissions</related>
diff --git a/docs-xml/smbdotconf/winbind/winbindrequesttimeout.xml b/docs-xml/smbdotconf/winbind/winbindrequesttimeout.xml
new file mode 100644
index 0000000..3220871
--- /dev/null
+++ b/docs-xml/smbdotconf/winbind/winbindrequesttimeout.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="winbind request timeout"
+ context="G"
+ type="integer"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This parameter specifies the number of
+ seconds the <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon will wait before
+ disconnecting either a client connection with no outstanding
+ requests (idle) or a client connection with a request that has
+ remained outstanding (hung) for longer than this number of seconds.</para>
+</description>
+
+<value type="default">60</value>
+</samba:parameter>
diff --git a/lib/param/param_functions.c b/lib/param/param_functions.c
index 35e199f..41b44b6 100644
--- a/lib/param/param_functions.c
+++ b/lib/param/param_functions.c
@@ -344,6 +344,7 @@ FN_GLOBAL_INTEGER(winbind_cache_time, winbind_cache_time)
FN_GLOBAL_INTEGER(winbind_expand_groups, winbind_expand_groups)
FN_GLOBAL_INTEGER(winbind_max_clients, winbind_max_clients)
FN_GLOBAL_INTEGER(winbind_reconnect_delay, winbind_reconnect_delay)
+FN_GLOBAL_INTEGER(winbind_request_timeout, winbind_request_timeout)
FN_GLOBAL_LIST(auth_methods, AuthMethods)
FN_GLOBAL_LIST(cluster_addresses, szClusterAddresses)
FN_GLOBAL_LIST(dcerpc_endpoint_servers, dcerpc_ep_servers)
diff --git a/lib/param/param_table.c b/lib/param/param_table.c
index 5b78eae..0916023 100644
--- a/lib/param/param_table.c
+++ b/lib/param/param_table.c
@@ -4034,6 +4034,15 @@ static struct parm_struct parm_table[] = {
.flags = FLAG_ADVANCED,
},
{
+ .label = "winbind request timeout",
+ .type = P_INTEGER,
+ .p_class = P_GLOBAL,
+ .offset = GLOBAL_VAR(winbind_request_timeout),
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
+ {
.label = "winbind max clients",
.type = P_INTEGER,
.p_class = P_GLOBAL,
diff --git a/lib/util/string_wrappers.h b/lib/util/string_wrappers.h
index 243fafc..fcc088c 100644
--- a/lib/util/string_wrappers.h
+++ b/lib/util/string_wrappers.h
@@ -43,11 +43,6 @@ do { \
const char *_fstrcat_src = (const char *)(s); \
strlcat((d),_fstrcat_src ? _fstrcat_src : "",sizeof(fstring)); \
} while (0)
-#define nstrcpy(d,s) \
-do { \
- const char *_nstrcpy_src = (const char *)(s); \
- strlcpy((d),_nstrcpy_src ? _nstrcpy_src : "",sizeof(fstring)); \
-} while (0)
#define unstrcpy(d,s) \
do { \
const char *_unstrcpy_src = (const char *)(s); \
diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
index 10d068c..d02b144 100644
--- a/libcli/security/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -24,13 +24,6 @@
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/security/security.h"
-#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\
- SECINFO_DACL|SECINFO_SACL|\
- SECINFO_UNPROTECTED_SACL|\
- SECINFO_UNPROTECTED_DACL|\
- SECINFO_PROTECTED_SACL|\
- SECINFO_PROTECTED_DACL)
-
/* Map generic permissions to file object specific permissions */
const struct generic_mapping file_generic_mapping = {
@@ -46,21 +39,32 @@ const struct generic_mapping file_generic_mapping = {
uint32_t get_sec_info(const struct security_descriptor *sd)
{
- uint32_t sec_info = ALL_SECURITY_INFORMATION;
+ uint32_t sec_info = 0;
SMB_ASSERT(sd);
- if (sd->owner_sid == NULL) {
- sec_info &= ~SECINFO_OWNER;
+ if (sd->owner_sid != NULL) {
+ sec_info |= SECINFO_OWNER;
+ }
+ if (sd->group_sid != NULL) {
+ sec_info |= SECINFO_GROUP;
}
- if (sd->group_sid == NULL) {
- sec_info &= ~SECINFO_GROUP;
+ if (sd->sacl != NULL) {
+ sec_info |= SECINFO_SACL;
}
- if (sd->sacl == NULL) {
- sec_info &= ~SECINFO_SACL;
+ if (sd->dacl != NULL) {
+ sec_info |= SECINFO_DACL;
+ }
+
+ if (sd->type & SEC_DESC_SACL_PROTECTED) {
+ sec_info |= SECINFO_PROTECTED_SACL;
+ } else if (sd->type & SEC_DESC_SACL_AUTO_INHERITED) {
+ sec_info |= SECINFO_UNPROTECTED_SACL;
}
- if (sd->dacl == NULL) {
- sec_info &= ~SECINFO_DACL;
+ if (sd->type & SEC_DESC_DACL_PROTECTED) {
+ sec_info |= SECINFO_PROTECTED_DACL;
+ } else if (sd->type & SEC_DESC_DACL_AUTO_INHERITED) {
+ sec_info |= SECINFO_UNPROTECTED_DACL;
}
return sec_info;
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 4f0e900..d886b51 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -609,6 +609,24 @@ interface security
SECINFO_PROTECTED_DACL = 0x80000000
} security_secinfo;
+ /*
+ * a SMB server should only support the following flags
+ * and ignore all others.
+ *
+ * See AdditionalInformation in [MS-SMB2] 2.2.37 SMB2 QUERY_INFO Request
+ * and 2.2.39 SMB2 SET_INFO Request.
+ */
+ const int SMB_SUPPORTED_SECINFO_FLAGS = (
+ SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL |
+ SECINFO_SACL |
+ SECINFO_LABEL |
+ SECINFO_ATTRIBUTE |
+ SECINFO_SCOPE |
+ SECINFO_BACKUP |
+ 0);
+
typedef [public,bitmap32bit] bitmap {
KERB_ENCTYPE_DES_CBC_CRC = 0x00000001,
KERB_ENCTYPE_DES_CBC_MD5 = 0x00000002,
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 0276244..a835253 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1352,6 +1352,7 @@ int lp_smb_encrypt(int );
char lp_magicchar(const struct share_params *p );
int lp_winbind_cache_time(void);
int lp_winbind_reconnect_delay(void);
+int lp_winbind_request_timeout(void);
int lp_winbind_max_clients(void);
const char **lp_winbind_nss_info(void);
int lp_algorithmic_rid_base(void);
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 95f8817..b2e2e9e 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -258,13 +258,15 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
static void cli_set_mntpoint(struct cli_state *cli, const char *mnt)
{
- char *name = clean_name(NULL, mnt);
+ TALLOC_CTX *frame = talloc_stackframe();
+ char *name = clean_name(frame, mnt);
if (!name) {
+ TALLOC_FREE(frame);
return;
}
TALLOC_FREE(cli->dfs_mountpoint);
cli->dfs_mountpoint = talloc_strdup(cli, name);
- TALLOC_FREE(name);
+ TALLOC_FREE(frame);
}
/********************************************************************
diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index 3f86d50..fc77e38 100644
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -455,6 +455,11 @@ SMBC_server_internal(TALLOC_CTX *ctx,
return NULL;
}
+ if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
+ /* Ensure we ask for some initial credits. */
+ smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS);
+ }
+
username_used = *pp_username;
if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used,
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 67050fa..b31f4be 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1355,6 +1355,18 @@ static uint64_t vfswrap_get_alloc_size(vfs_handle_struct *handle,
#else
#error SIZEOF_BLKCNT_T_NOT_A_SUPPORTED_VALUE
#endif
+ if (result == 0) {
+ /*
+ * Some file systems do not allocate a block for very
+ * small files. But for non-empty file should report a
+ * positive size.
+ */
+
+ uint64_t filesize = get_file_size_stat(sbuf);
+ if (filesize > 0) {
+ result = MIN((uint64_t)STAT_ST_BLOCKSIZE, filesize);
+ }
+ }
#else
result = get_file_size_stat(sbuf);
#endif
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 2857765..d3d18f4 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -977,6 +977,7 @@ static void init_globals(bool reinit_globals)
Globals.winbind_cache_time = 300; /* 5 minutes */
Globals.winbind_reconnect_delay = 30; /* 30 seconds */
+ Globals.winbind_request_timeout = 60; /* 60 seconds */
Globals.winbind_max_clients = 200;
Globals.bWinbindEnumUsers = false;
Globals.bWinbindEnumGroups = false;
diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c
index 0ff2e0a..3b35bff 100644
--- a/source3/passdb/pdb_samba_dsdb.c
+++ b/source3/passdb/pdb_samba_dsdb.c
@@ -861,7 +861,7 @@ static NTSTATUS pdb_samba_dsdb_getgrfilter(struct pdb_methods *m, GROUP_MAP *map
{
struct pdb_samba_dsdb_state *state = talloc_get_type_abort(
m->private_data, struct pdb_samba_dsdb_state);
- const char *attrs[] = { "objectSid", "description", "samAccountName", "groupType",
+ const char *attrs[] = { "objectClass", "objectSid", "description", "samAccountName", "groupType",
NULL };
struct ldb_message *msg;
va_list ap;
@@ -920,15 +920,13 @@ static NTSTATUS pdb_samba_dsdb_getgrfilter(struct pdb_methods *m, GROUP_MAP *map
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- map->sid_name_use = SID_NAME_DOM_GRP;
-
ZERO_STRUCT(id_map);
id_map.sid = sid;
id_maps[0] = &id_map;
id_maps[1] = NULL;
status = idmap_sids_to_xids(state->idmap_ctx, tmp_ctx, id_maps);
- talloc_free(tmp_ctx);
+
if (!NT_STATUS_IS_OK(status)) {
talloc_free(tmp_ctx);
return status;
diff --git a/source3/printing/load.c b/source3/printing/load.c
index 136d055..238998d 100644
--- a/source3/printing/load.c
+++ b/source3/printing/load.c
@@ -65,11 +65,11 @@ load automatic printer services from pre-populated pcap cache
void load_printers(struct tevent_context *ev,
struct messaging_context *msg_ctx)
{
- SMB_ASSERT(pcap_cache_loaded());
+ SMB_ASSERT(pcap_cache_loaded(NULL));
add_auto_printers();
/* load all printcap printers */
if (lp_load_printers() && lp_servicenumber(PRINTERS_NAME) >= 0)
- pcap_printer_fn(lp_add_one_printer, NULL);
+ pcap_printer_read_fn(lp_add_one_printer, NULL);
}
diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c
index dd7ba62..c5524ad 100644
--- a/source3/printing/pcap.c
+++ b/source3/printing/pcap.c
@@ -83,28 +83,26 @@ void pcap_cache_destroy_specific(struct pcap_cache **pp_cache)
*pp_cache = NULL;
}
-bool pcap_cache_add(const char *name, const char *comment, const char *location)
-{
- NTSTATUS status;
- time_t t = time_mono(NULL);
-
- status = printer_list_set_printer(talloc_tos(), name, comment, location, t);
- return NT_STATUS_IS_OK(status);
-}
-
-bool pcap_cache_loaded(void)
+bool pcap_cache_loaded(time_t *_last_change)
{
NTSTATUS status;
time_t last;
status = printer_list_get_last_refresh(&last);
- return NT_STATUS_IS_OK(status);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
+ if (_last_change != NULL) {
+ *_last_change = last;
+ }
+ return true;
}
bool pcap_cache_replace(const struct pcap_cache *pcache)
{
const struct pcap_cache *p;
NTSTATUS status;
+ time_t t = time_mono(NULL);
status = printer_list_mark_reload();
if (!NT_STATUS_IS_OK(status)) {
@@ -113,7 +111,11 @@ bool pcap_cache_replace(const struct pcap_cache *pcache)
}
for (p = pcache; p; p = p->next) {
- pcap_cache_add(p->name, p->comment, p->location);
+ status = printer_list_set_printer(talloc_tos(), p->name,
+ p->comment, p->location, t);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
}
status = printer_list_clean_old();
@@ -132,8 +134,8 @@ void pcap_cache_reload(struct tevent_context *ev,
{
const char *pcap_name = lp_printcapname();
bool pcap_reloaded = False;
- NTSTATUS status;
bool post_cache_fill_fn_handled = false;
+ struct pcap_cache *pcache = NULL;
DEBUG(3, ("reloading printcap cache\n"));
@@ -143,12 +145,6 @@ void pcap_cache_reload(struct tevent_context *ev,
return;
}
- status = printer_list_mark_reload();
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("Failed to mark printer list for reload!\n"));
- return;
- }
-
#ifdef HAVE_CUPS
if (strequal(pcap_name, "cups")) {
pcap_reloaded = cups_cache_reload(ev, msg_ctx,
@@ -164,26 +160,26 @@ void pcap_cache_reload(struct tevent_context *ev,
#ifdef HAVE_IPRINT
if (strequal(pcap_name, "iprint")) {
- pcap_reloaded = iprint_cache_reload();
+ pcap_reloaded = iprint_cache_reload(&pcache);
goto done;
}
#endif
#if defined(SYSV) || defined(HPUX)
if (strequal(pcap_name, "lpstat")) {
- pcap_reloaded = sysv_cache_reload();
+ pcap_reloaded = sysv_cache_reload(&pcache);
goto done;
}
#endif
#ifdef AIX
if (strstr_m(pcap_name, "/qconfig") != NULL) {
- pcap_reloaded = aix_cache_reload();
+ pcap_reloaded = aix_cache_reload(&pcache);
goto done;
}
#endif
- pcap_reloaded = std_pcap_cache_reload(pcap_name);
+ pcap_reloaded = std_pcap_cache_reload(pcap_name, &pcache);
done:
DEBUG(3, ("reload status: %s\n", (pcap_reloaded) ? "ok" : "error"));
@@ -192,14 +188,16 @@ done:
/* cleanup old entries only if the operation was successful,
* otherwise keep around the old entries until we can
* successfully reload */
- status = printer_list_clean_old();
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("Failed to cleanup printer list!\n"));
+
+ if (!pcap_cache_replace(pcache)) {
+ DEBUG(0, ("Failed to replace printer list!\n"));
}
+
if (post_cache_fill_fn != NULL) {
post_cache_fill_fn(ev, msg_ctx);
}
}
+ pcap_cache_destroy_specific(&pcache);
return;
}
@@ -229,11 +227,11 @@ void pcap_printer_fn_specific(const struct pcap_cache *pc,
return;
}
-void pcap_printer_fn(void (*fn)(const char *, const char *, const char *, void *), void *pdata)
+void pcap_printer_read_fn(void (*fn)(const char *, const char *, const char *, void *), void *pdata)
{
NTSTATUS status;
- status = printer_list_run_fn(fn, pdata);
+ status = printer_list_read_run_fn(fn, pdata);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("Failed to run fn for all printers!\n"));
}
diff --git a/source3/printing/pcap.h b/source3/printing/pcap.h
index 7056213..8fc9e9d 100644
--- a/source3/printing/pcap.h
+++ b/source3/printing/pcap.h
@@ -35,11 +35,10 @@ struct pcap_cache;
bool pcap_cache_add_specific(struct pcap_cache **ppcache, const char *name, const char *comment, const char *location);
void pcap_cache_destroy_specific(struct pcap_cache **ppcache);
-bool pcap_cache_add(const char *name, const char *comment, const char *location);
-bool pcap_cache_loaded(void);
+bool pcap_cache_loaded(time_t *_last_change);
bool pcap_cache_replace(const struct pcap_cache *cache);
void pcap_printer_fn_specific(const struct pcap_cache *, void (*fn)(const char *, const char *, const char *, void *), void *);
-void pcap_printer_fn(void (*fn)(const char *, const char *, const char *, void *), void *);
+void pcap_printer_read_fn(void (*fn)(const char *, const char *, const char *, void *), void *);
void pcap_cache_reload(struct tevent_context *ev,
struct messaging_context *msg_ctx,
@@ -49,7 +48,7 @@ bool pcap_printername_ok(const char *printername);
/* The following definitions come from printing/print_aix.c */
-bool aix_cache_reload(void);
+bool aix_cache_reload(struct pcap_cache **_pcache);
/* The following definitions come from printing/print_cups.c */
@@ -60,13 +59,13 @@ bool cups_cache_reload(struct tevent_context *ev,
/* The following definitions come from printing/print_iprint.c */
-bool iprint_cache_reload(void);
+bool iprint_cache_reload(struct pcap_cache **_pcache);
/* The following definitions come from printing/print_svid.c */
-bool sysv_cache_reload(void);
+bool sysv_cache_reload(struct pcap_cache **_pcache);
/* The following definitions come from printing/print_standard.c */
-bool std_pcap_cache_reload(const char *pcap_name);
+bool std_pcap_cache_reload(const char *pcap_name, struct pcap_cache **_pcache);
#endif /* _PRINTING_PCAP_H_ */
diff --git a/source3/printing/print_aix.c b/source3/printing/print_aix.c
index 23d9a86..927a71b 100644
--- a/source3/printing/print_aix.c
+++ b/source3/printing/print_aix.c
--
Samba Shared Repository
More information about the samba-cvs
mailing list