The branch, v4-0-test has been updated via d14c83e s3: winbindd: On new client connect, prune idle or hung connections older than "winbind request timeout" via 36f55df s3: winbindd: Add new parameter "winbind request timeout" set to 60 seconds with man page. via bd576b8 dosmode: fix FSCTL_SET_SPARSE request validation via 9a1a13a smbd: Properly initialize mangle_hash via 77e7db9 Don't discard result of checking grouptype via 691fe9a docs: Fix typos in smb.conf (inherit acls) via 851b93d samba: Retain case sensitivity of cifs client via 2eb6bbd printing: reload printer shares on OpenPrinter via 668127f smbd: split printer reload processing via 051cd1d server: remove duplicate snum_is_shared_printer() via 1a2a342 smbd: only reprocess printer_list.tdb if it changed via 918f7db printing: return last change time with pcap_cache_loaded() via a4b2289 printing: remove pcap_cache_add() via bad147d printing: reload printer_list.tdb from in memory list via a97c2db printing: only reload printer shares on client enum via c82338f printing: traverse_read the printer list for share updates via d3fb60a s3: smbd : SMB2 - fix SMB2_SEARCH when searching non wildcard string with a case-canonicalized share. via 8a2f945 s3: smbd - SMB[2|3]. Ensure a \ or / can't be found anywhere in a search path, not just at the start. via 9977aa9 s3: enforce a positive allocation_file_size for non-empty files (bug #10543) via 7ff8102 passdb: fix NT_STATUS_NO_SUCH_GROUP via 8c97d9a s3:libsmb: Set a max charge for SMB2 connections via cad42ef s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common(). via 9fadcf3 libcli/security: add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info() via c0ddfc1 s3:smbd: mask security_information input values with SMB_SUPPORTED_SECINFO_FLAGS via 04916e0 security.idl: add SMB_SUPPORTED_SECINFO_FLAGS via 6db4a91 Fixed a memory leak in cli_set_mntpoint(). via 624a52f lib: Remove unused nstrcpy via 796afb4 build: fix configure to honour --without-dmapi from 473ccb5 tests: dnsserver: Add a update test with name set to '.'
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log ----------------------------------------------------------------- commit d14c83e072045cd2f638c4e4484a9f2ea71b9460 Author: Jeremy Allison <j...@samba.org> Date: Fri Jul 25 12:46:46 2014 -0700 s3: winbindd: On new client connect, prune idle or hung connections older than "winbind request timeout" Bug 3204 winbindd: Exceeding 200 client connections, no idle connection found https://bugzilla.samba.org/show_bug.cgi?id=3204 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Tue Jul 29 23:31:14 CEST 2014 on sn-devel-104 (cherry picked from commit f9588675ea3cb2f1fabd07a4ea8b2138d65aee83) Autobuild-User(v4-0-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-0-test): Tue Sep 2 22:45:38 CEST 2014 on sn-devel-104 commit 36f55df047e58e79b22ff46fcfcf2758ab58e9b6 Author: Jeremy Allison <j...@samba.org> Date: Tue Jul 29 14:53:11 2014 -0700 s3: winbindd: Add new parameter "winbind request timeout" set to 60 seconds with man page. "This parameter specifies the number of seconds the winbindd daemon will wait before disconnecting either a client connection with no outstanding requests (idle) or a client connection with a request that has remained outstanding (hung) for longer than this number of seconds." Bug 3204 winbindd: Exceeding 200 client connections, no idle connection found https://bugzilla.samba.org/show_bug.cgi?id=3204 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit bd576b832248f07d66f5921d3d2eedef7602d856 Author: David Disseldorp <dd...@samba.org> Date: Wed Aug 27 15:42:00 2014 +0200 dosmode: fix FSCTL_SET_SPARSE request validation Check that FSCTL_SET_SPARSE requests does not refer to directories. Also reject such requests when issued over IPC or printer share connections. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10787 Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Thu Aug 28 04:22:37 CEST 2014 on sn-devel-104 (cherry picked from commit 0751495b1327d002b79482632b7c590cae6e3f9d) commit 9a1a13ab5712fa021fdbce75a12c2bc47af24568 Author: Volker Lendecke <v...@samba.org> Date: Tue Aug 19 14:32:15 2014 +0000 smbd: Properly initialize mangle_hash [Bug 10782] mangle_hash() can fail to initialize charset (smbd crash). https://bugzilla.samba.org/show_bug.cgi?id=10782 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Tue Aug 26 01:30:38 CEST 2014 on sn-devel-104 commit 77e7db987f5bc1fa8a452fd2de1c4564e82fe4b7 Author: Roel van Meer <r...@1afa.com> Date: Fri Aug 22 15:11:04 2014 +0200 Don't discard result of checking grouptype The pdb_samba_dsdb_getgrfilter() function first determines the security type of a group and sets map->sid_name_use accordingly. A little later, this variable is set again, undoing the previous work. https://bugzilla.samba.org/show_bug.cgi?id=10777 Reviewed-by: Jeremy Allison <j...@samba.org> Reviewed-by: Simo Sorce <i...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Sat Aug 23 02:48:52 CEST 2014 on sn-devel-104 commit 691fe9a25c2e804bd47b13e67abb5a522d1828b8 Author: Marc Muehlfeld <mmuehlf...@samba.org> Date: Wed Aug 6 21:36:26 2014 +0200 docs: Fix typos in smb.conf (inherit acls) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10761 Signed-off-by: Marc Muehlfeld <mmuehlf...@samba.org> Reviewed-by: David Disseldorp <dd...@samba.org> Autobuild-User(master): David Disseldorp <dd...@samba.org> Autobuild-Date(master): Thu Aug 7 00:52:42 CEST 2014 on sn-devel-104 (cherry picked from commit 4639f6d7bab9d8d6ee46bf5c65ff73a17a56cb17) commit 851b93ddf4808201cb820bc0ae2a4e6f4f824eb0 Author: Shirish Pargaonkar <spargaon...@suse.com> Date: Sat Jul 26 10:41:25 2014 -0500 samba: Retain case sensitivity of cifs client When a client supports extended security but server does not, and that client, in Flags2 field of smb header indicates that - it supports extended security negotiation - it does not support security signatures - it does not require security signatures Samba server treats a client as a Vista client. That turns off case sensitivity and that is a problem for cifs vfs client. So include remote cifs client along with remote samba client to not do so otherwise. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10755 Signed-off-by: Shirish Pargaonkar <spargaon...@suse.com> Reviewed-by: Jeremy Allison <j...@samba.org> Reviewed-by: David Disseldorp <dd...@samba.org> Autobuild-User(master): David Disseldorp <dd...@samba.org> Autobuild-Date(master): Fri Aug 1 16:11:43 CEST 2014 on sn-devel-104 (cherry picked from commit a0583976da2ba09da0fd94f739ed4f5851e2a858) commit 2eb6bbd34a975ffa69f497054e73339dbf2582a7 Author: David Disseldorp <dd...@samba.org> Date: Tue Aug 5 17:33:33 2014 +0200 printing: reload printer shares on OpenPrinter The printer share inventory should be reloaded on open _and_ enumeration, as there are some clients, such as cupsaddsmb, that do not perform an enumeration prior to access. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Fri Aug 8 16:33:50 CEST 2014 on sn-devel-104 (cherry picked from commit 1ad71f79eb473822d36d9629cf52c2fca4c53752) commit 668127f5f4d91891ca6a901c809746fdb3b79a9c Author: David Disseldorp <dd...@samba.org> Date: Fri Aug 1 16:25:59 2014 +0200 smbd: split printer reload processing All printer inventory updates are currently done via delete_and_reload_printers(), which handles registry.tdb updates for added or removed printers, AD printer unpublishing on removal, as well as share service creation and deletion. This change splits this functionality into two functions such that per-client smbd processes do not perform registry.tdb updates or printer unpublishing. This is now only performed by the process that performs the printcap cache update. This change is similar to ac6604868d1325dd4c872dc0f6ab056d10ebaecf from the 3.6 branch. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit 2706af4d78fc9a47a4ac45b373edf276e3a9b354) commit 051cd1d83c462c6d07073ee60933086181fd5407 Author: David Disseldorp <dd...@samba.org> Date: Tue Aug 5 18:45:24 2014 +0200 server: remove duplicate snum_is_shared_printer() Only keep a single definition in server_reload.c Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit 2685df1177ffd39b1af34eb116bd7b24d4b12974) commit 1a2a342bdf2888138fce1abb7cad8657832d94a4 Author: David Disseldorp <dd...@samba.org> Date: Wed Jul 23 14:42:00 2014 +0200 smbd: only reprocess printer_list.tdb if it changed The per-client smbd printer share inventory is currently updated from printer_list.tdb when a client enumerates printers, via EnumPrinters or NetShareEnum. printer_list.tdb is populated by the background print process, based on the latest printcap values retrieved from the printing backend (e.g. CUPS) at regular intervals. This change ensures that per-client smbd processes don't reparse printer_list.tdb if it hasn't been updated since the last enumeration. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 Suggested-by: Volker Lendecke <v...@samba.org> Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit a2182e03a061de6c1f111ce083cb5f668fe75e4e) commit 918f7db02fd9862b37bc8ff16f7a1645ce759d0e Author: David Disseldorp <dd...@samba.org> Date: Wed Jul 23 12:12:34 2014 +0200 printing: return last change time with pcap_cache_loaded() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit 30ce835670a6aeca6fb960ea7c4fe1b982bdd5b0) [dd...@samba.org: rebasead for 4.0 with swat] commit a4b2289cb963e0dc070c4ad2235b790d736d021d Author: David Disseldorp <dd...@samba.org> Date: Fri Jul 25 12:18:54 2014 +0200 printing: remove pcap_cache_add() All print list updates are now done via pcap_cache_replace(), which can call into the print_list code directly. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit 6d75e20ca8acf1a55838694ac77940e21e9a1e6a) commit bad147dc1dd3ae09b83511ed99b75e271205f724 Author: David Disseldorp <dd...@samba.org> Date: Tue Jul 22 20:17:38 2014 +0200 printing: reload printer_list.tdb from in memory list This will allow in future for a single atomic printer_list.tdb update. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit e5e6e2c796f026ee6b04f99b327941d57b9bd026) commit a97c2dbb87f614e3a38763c3fd7007bc76057a03 Author: David Disseldorp <dd...@samba.org> Date: Fri Jul 11 17:00:05 2014 +0200 printing: only reload printer shares on client enum Currently, automatic printer share updates are handled in the following way: - Background printer process (BPP) forked on startup - Parent smbd and per-client children await MSG_PRINTER_PCAP messages - BPP periodically polls the printing backend for printcap data - printcap data written to printer_list.tdb - MSG_PRINTER_PCAP sent to all smbd processes following update - smbd processes all read the latest printer_list.tdb data, and update their share listings This procedure is not scalable, as all smbd processes hit printer_list.tdb in parallel, resulting in a large spike in CPU usage. This change sees smbd processes only update their printer share lists only when a client asks for this information, e.g. via NetShareEnum or EnumPrinters. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 Suggested-by: Volker Lendecke <v...@samba.org> Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit 4f4501ac1f35ab15f25d207c0d33e7c4d1abdf38) commit c82338f5aa013fbd0d394f5a8dced3a4eea04d31 Author: David Disseldorp <dd...@samba.org> Date: Thu Jul 10 00:18:10 2014 +0200 printing: traverse_read the printer list for share updates The printcap update procedure involves the background printer process obtaining the printcap information from the printing backend, writing this to printer_list.tdb, and then notifying all smbd processes of the new list. The processes then all attempt to simultaneously traverse printer_list.tdb, in order to update their local share lists. With a large number of printers, and a large number of per-client smbd processes, this traversal results in significant lock contention, mostly due to the fact that the traversal is unnecessarily done with an exclusive (write) lock on the printer_list.tdb database. This commit changes the share update code path to perform a read-only traversal. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10652 Reported-by: Alex K <korobkin+sa...@gmail.com> Reported-by: Franz Pförtsch <franz.pfoert...@brose.com> Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit 1e83435eac2cef03fccb4cf69ef5e0bfbd710410) commit d3fb60ad8bd021db1a99a813d25b31613d03dfe9 Author: Jeremy Allison <j...@samba.org> Date: Tue Jun 10 15:58:15 2014 -0700 s3: smbd : SMB2 - fix SMB2_SEARCH when searching non wildcard string with a case-canonicalized share. We need to go through filename_convert() in order for the filename canonicalization to be done on a non-wildcard search string (as is done in the SMB1 findfirst code path). Fixes Bug #10650 - "case sensitive = True" option doesn't work with "max protocol = SMB2" or higher in large directories. https://bugzilla.samba.org/show_bug.cgi?id=10650 Signed-off-by: Jeremy Allison <j...@samba.org> commit 8a2f945031b685e21f99d118e2ba184587a0f4b7 Author: Jeremy Allison <j...@samba.org> Date: Tue Jun 10 14:41:45 2014 -0700 s3: smbd - SMB[2|3]. Ensure a \ or / can't be found anywhere in a search path, not just at the start. Signed-off-by: Jeremy Allison <j...@samba.org> commit 9977aa9c79648c13e3f306df4d1bd64335977019 Author: Björn Baumbach <b...@sernet.de> Date: Thu Mar 27 11:17:30 2014 +0100 s3: enforce a positive allocation_file_size for non-empty files (bug #10543) Some file systems do not allocate a block for very small files. But for non-empty file should report a positive size. Pair-Programmed-With: Michael Adam <ob...@samba.org> Signed-off-by: Björn Baumbach <b...@sernet.de> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Sat Apr 5 03:09:00 CEST 2014 on sn-devel-104 (cherry picked from commit c35b31f45244a8339684c3b83a7d86eefb80e0da) commit 7ff8102d3e3f4beec4046bfa473cedc608a705b4 Author: Arvid Requate <requ...@univention.de> Date: Thu Jan 17 16:44:28 2013 +0100 passdb: fix NT_STATUS_NO_SUCH_GROUP Share options like "force group" and "valid users = @group1" triggered a NT_STATUS_NO_SUCH_GROUP. While the group was found in the SAM backend, its objectclass was not retrived. This fix also revealed a talloc access after free in the group branch of pdb_samba_dsdb_getgrfilter. [Bug 9570] Access failure for shares with "force group" or "valid users = @group" https://bugzilla.samba.org/show_bug.cgi?id=9570 Reviewed-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 8c97d9a2c1724dfac0c3de08502d247c72ca1825 Author: Ross Lagerwall <rosslagerw...@gmail.com> Date: Thu Aug 21 07:32:36 2014 +0100 s3:libsmb: Set a max charge for SMB2 connections Set a max charge for SMB2 connections so that larger request sizes can be used and more requests can be in flight. Signed-off-by: Ross Lagerwall <rosslagerw...@gmail.com> Reviewed-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Thu Aug 21 17:31:11 CEST 2014 on sn-devel-104 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10778 libsmbclient with SMB2 doesn't pipeline or use large blocks commit cad42efabe0812a63ba094ef054c9be8521ace3a Author: Jeremy Allison <j...@samba.org> Date: Thu Aug 21 16:28:42 2014 -0700 s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common(). Tidy-up of code obsoleted by fixes for bug #10773 (SECINFO_PROTECTED_DACL is not ignored). We now never pass SECINFO_PROTECTED_DACL in security_information flags to this layer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Fri Aug 22 11:26:57 CEST 2014 on sn-devel-104 commit 9fadcf3908d647819defb3e69de7720d33cee0d4 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Aug 20 15:00:59 2014 +0200 libcli/security: add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Fri Aug 22 02:52:50 CEST 2014 on sn-devel-104 commit c0ddfc126716457f3bfc19e4aa30a632abb21073 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Aug 20 13:58:38 2014 +0200 s3:smbd: mask security_information input values with SMB_SUPPORTED_SECINFO_FLAGS Sometimes Windows clients doesn't filter SECINFO_[UN]PROTECTED_[D|S]ACL flags before sending the security_information to the server. security_information = SECINFO_PROTECTED_DACL| SECINFO_DACL results in a NULL dacl being returned from an GetSecurityDecriptor request. This happens because posix_get_nt_acl_common() has the following logic: if ((security_info & SECINFO_DACL) && !(security_info & SECINFO_PROTECTED_DACL)) { ... create DACL ... } I'm not sure if the logic is correct or wrong in this place (I guess it's wrong...). But what I know is that the SMB server should filter the given security_information flags before passing to the filesystem. [MS-SMB2] 3.3.5.20.3 Handling SMB2_0_INFO_SECURITY ... The server MUST ignore any flag value in the AdditionalInformation field that is not specified in section 2.2.37. Section 2.2.37 lists: OWNER_SECURITY_INFORMATION GROUP_SECURITY_INFORMATION DACL_SECURITY_INFORMATION SACL_SECURITY_INFORMATION LABEL_SECURITY_INFORMATION ATTRIBUTE_SECURITY_INFORMATION SCOPE_SECURITY_INFORMATION BACKUP_SECURITY_INFORMATION Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 04916e0d2ed573c6aa0838e3f28ff6fffab00166 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Aug 20 13:43:13 2014 +0200 security.idl: add SMB_SUPPORTED_SECINFO_FLAGS A SMB server should only care about specific SECINFO flags and ignore others e.g. SECINFO_PROTECTED_DACL. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 6db4a9118b55f9991931cb435137d421396e60c1 Author: Har Gagan Sahai <sharga...@novell.com> Date: Wed Aug 6 14:32:35 2014 +0530 Fixed a memory leak in cli_set_mntpoint(). Fixes bug #10759 - Memory leak in libsmbclient in cli_set_mntpoint function https://bugzilla.samba.org/show_bug.cgi?id=10759 Signed-off-by: Har Gagan Sahai <sharga...@novell.com> Reviewed-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Wed Aug 13 04:36:50 CEST 2014 on sn-devel-104 commit 624a52f7f68779b78b05a498f6b98f7409af5b5f Author: Volker Lendecke <v...@samba.org> Date: Mon Aug 4 07:29:14 2014 +0200 lib: Remove unused nstrcpy Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=10758 Autobuild-User(master): Volker Lendecke <v...@samba.org> Autobuild-Date(master): Mon Aug 4 09:58:16 CEST 2014 on sn-devel-104 Signed-off-by: Volker Lendecke <v...@samba.org> commit 796afb4677673787958bbe97148b36d50b7ed79f Author: Michael Adam <ob...@samba.org> Date: Mon Aug 18 11:42:27 2014 +0200 build: fix configure to honour --without-dmapi Previously, --without-dmapi would still autodetect and link a useable dmapi library. This change allows to build without dmapi support even when a dmapi library is found. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10369 Pair-Programmed-With: Stefan Metzmacher <me...@samba.org> Signed-off-by: Michael Adam <ob...@samba.org> Signed-off-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 2afacf940f21759c08bcc4a6e906428595966a19) ----------------------------------------------------------------------- Summary of changes: docs-xml/smbdotconf/security/inheritowner.xml | 6 +- .../smbdotconf/winbind/winbindrequesttimeout.xml | 16 +++ lib/param/param_functions.c | 1 + lib/param/param_table.c | 9 ++ lib/util/string_wrappers.h | 5 - libcli/security/secdesc.c | 36 ++++--- librpc/idl/security.idl | 18 ++++ source3/include/proto.h | 1 + source3/libsmb/clidfs.c | 6 +- source3/libsmb/libsmb_server.c | 5 + source3/modules/vfs_default.c | 12 +++ source3/param/loadparm.c | 1 + source3/passdb/pdb_samba_dsdb.c | 6 +- source3/printing/load.c | 4 +- source3/printing/pcap.c | 54 +++++------ source3/printing/pcap.h | 13 +-- source3/printing/print_aix.c | 17 +++- source3/printing/print_iprint.c | 16 ++- source3/printing/print_standard.c | 8 +- source3/printing/print_svid.c | 11 ++- source3/printing/printer_list.c | 17 ++- source3/printing/printer_list.h | 4 +- source3/printing/queue_process.c | 102 +++++++++++++++++++- source3/printing/spoolssd.c | 38 ++------ source3/rpc_server/spoolss/srv_spoolss_nt.c | 30 ++++-- source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 1 + source3/smbd/dosmode.c | 13 +++ source3/smbd/lanman.c | 1 + source3/smbd/mangle_hash.c | 4 + source3/smbd/negprot.c | 3 +- source3/smbd/nttrans.c | 7 +- source3/smbd/posix_acls.c | 2 +- source3/smbd/proto.h | 1 + source3/smbd/server.c | 20 ---- source3/smbd/server_reload.c | 74 ++++++--------- source3/smbd/smb2_find.c | 41 +++++++- source3/smbd/smb2_getinfo.c | 3 +- source3/smbd/smb2_setinfo.c | 3 +- source3/web/swat.c | 4 +- source3/winbindd/winbindd.c | 36 +++++++ source3/wscript | 72 +++++++++------ 41 files changed, 479 insertions(+), 242 deletions(-) create mode 100644 docs-xml/smbdotconf/winbind/winbindrequesttimeout.xml Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/security/inheritowner.xml b/docs-xml/smbdotconf/security/inheritowner.xml index ba4fc61..0ed8285 100644 --- a/docs-xml/smbdotconf/security/inheritowner.xml +++ b/docs-xml/smbdotconf/security/inheritowner.xml @@ -10,9 +10,9 @@ by the ownership of the parent directory.</para> <para>Common scenarios where this behavior is useful is in - implementing drop-boxes where users can create and edit files but not - delete them and to ensure that newly create files in a user's - roaming profile directory are actually owner by the user.</para> + implementing drop-boxes, where users can create and edit files but + not delete them and ensuring that newly created files in a user's + roaming profile directory are actually owned by the user.</para> </description> <related>inherit permissions</related> diff --git a/docs-xml/smbdotconf/winbind/winbindrequesttimeout.xml b/docs-xml/smbdotconf/winbind/winbindrequesttimeout.xml new file mode 100644 index 0000000..3220871 --- /dev/null +++ b/docs-xml/smbdotconf/winbind/winbindrequesttimeout.xml @@ -0,0 +1,16 @@ +<samba:parameter name="winbind request timeout" + context="G" + type="integer" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This parameter specifies the number of + seconds the <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon will wait before + disconnecting either a client connection with no outstanding + requests (idle) or a client connection with a request that has + remained outstanding (hung) for longer than this number of seconds.</para> +</description> + +<value type="default">60</value> +</samba:parameter> diff --git a/lib/param/param_functions.c b/lib/param/param_functions.c index 35e199f..41b44b6 100644 --- a/lib/param/param_functions.c +++ b/lib/param/param_functions.c @@ -344,6 +344,7 @@ FN_GLOBAL_INTEGER(winbind_cache_time, winbind_cache_time) FN_GLOBAL_INTEGER(winbind_expand_groups, winbind_expand_groups) FN_GLOBAL_INTEGER(winbind_max_clients, winbind_max_clients) FN_GLOBAL_INTEGER(winbind_reconnect_delay, winbind_reconnect_delay) +FN_GLOBAL_INTEGER(winbind_request_timeout, winbind_request_timeout) FN_GLOBAL_LIST(auth_methods, AuthMethods) FN_GLOBAL_LIST(cluster_addresses, szClusterAddresses) FN_GLOBAL_LIST(dcerpc_endpoint_servers, dcerpc_ep_servers) diff --git a/lib/param/param_table.c b/lib/param/param_table.c index 5b78eae..0916023 100644 --- a/lib/param/param_table.c +++ b/lib/param/param_table.c @@ -4034,6 +4034,15 @@ static struct parm_struct parm_table[] = { .flags = FLAG_ADVANCED, }, { + .label = "winbind request timeout", + .type = P_INTEGER, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(winbind_request_timeout), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, + { .label = "winbind max clients", .type = P_INTEGER, .p_class = P_GLOBAL, diff --git a/lib/util/string_wrappers.h b/lib/util/string_wrappers.h index 243fafc..fcc088c 100644 --- a/lib/util/string_wrappers.h +++ b/lib/util/string_wrappers.h @@ -43,11 +43,6 @@ do { \ const char *_fstrcat_src = (const char *)(s); \ strlcat((d),_fstrcat_src ? _fstrcat_src : "",sizeof(fstring)); \ } while (0) -#define nstrcpy(d,s) \ -do { \ - const char *_nstrcpy_src = (const char *)(s); \ - strlcpy((d),_nstrcpy_src ? _nstrcpy_src : "",sizeof(fstring)); \ -} while (0) #define unstrcpy(d,s) \ do { \ const char *_unstrcpy_src = (const char *)(s); \ diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c index 10d068c..d02b144 100644 --- a/libcli/security/secdesc.c +++ b/libcli/security/secdesc.c @@ -24,13 +24,6 @@ #include "librpc/gen_ndr/ndr_security.h" #include "libcli/security/security.h" -#define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\ - SECINFO_DACL|SECINFO_SACL|\ - SECINFO_UNPROTECTED_SACL|\ - SECINFO_UNPROTECTED_DACL|\ - SECINFO_PROTECTED_SACL|\ - SECINFO_PROTECTED_DACL) - /* Map generic permissions to file object specific permissions */ const struct generic_mapping file_generic_mapping = { @@ -46,21 +39,32 @@ const struct generic_mapping file_generic_mapping = { uint32_t get_sec_info(const struct security_descriptor *sd) { - uint32_t sec_info = ALL_SECURITY_INFORMATION; + uint32_t sec_info = 0; SMB_ASSERT(sd); - if (sd->owner_sid == NULL) { - sec_info &= ~SECINFO_OWNER; + if (sd->owner_sid != NULL) { + sec_info |= SECINFO_OWNER; + } + if (sd->group_sid != NULL) { + sec_info |= SECINFO_GROUP; } - if (sd->group_sid == NULL) { - sec_info &= ~SECINFO_GROUP; + if (sd->sacl != NULL) { + sec_info |= SECINFO_SACL; } - if (sd->sacl == NULL) { - sec_info &= ~SECINFO_SACL; + if (sd->dacl != NULL) { + sec_info |= SECINFO_DACL; + } + + if (sd->type & SEC_DESC_SACL_PROTECTED) { + sec_info |= SECINFO_PROTECTED_SACL; + } else if (sd->type & SEC_DESC_SACL_AUTO_INHERITED) { + sec_info |= SECINFO_UNPROTECTED_SACL; } - if (sd->dacl == NULL) { - sec_info &= ~SECINFO_DACL; + if (sd->type & SEC_DESC_DACL_PROTECTED) { + sec_info |= SECINFO_PROTECTED_DACL; + } else if (sd->type & SEC_DESC_DACL_AUTO_INHERITED) { + sec_info |= SECINFO_UNPROTECTED_DACL; } return sec_info; diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index 4f0e900..d886b51 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -609,6 +609,24 @@ interface security SECINFO_PROTECTED_DACL = 0x80000000 } security_secinfo; + /* + * a SMB server should only support the following flags + * and ignore all others. + * + * See AdditionalInformation in [MS-SMB2] 2.2.37 SMB2 QUERY_INFO Request + * and 2.2.39 SMB2 SET_INFO Request. + */ + const int SMB_SUPPORTED_SECINFO_FLAGS = ( + SECINFO_OWNER | + SECINFO_GROUP | + SECINFO_DACL | + SECINFO_SACL | + SECINFO_LABEL | + SECINFO_ATTRIBUTE | + SECINFO_SCOPE | + SECINFO_BACKUP | + 0); + typedef [public,bitmap32bit] bitmap { KERB_ENCTYPE_DES_CBC_CRC = 0x00000001, KERB_ENCTYPE_DES_CBC_MD5 = 0x00000002, diff --git a/source3/include/proto.h b/source3/include/proto.h index 0276244..a835253 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1352,6 +1352,7 @@ int lp_smb_encrypt(int ); char lp_magicchar(const struct share_params *p ); int lp_winbind_cache_time(void); int lp_winbind_reconnect_delay(void); +int lp_winbind_request_timeout(void); int lp_winbind_max_clients(void); const char **lp_winbind_nss_info(void); int lp_algorithmic_rid_base(void); diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index 95f8817..b2e2e9e 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -258,13 +258,15 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, static void cli_set_mntpoint(struct cli_state *cli, const char *mnt) { - char *name = clean_name(NULL, mnt); + TALLOC_CTX *frame = talloc_stackframe(); + char *name = clean_name(frame, mnt); if (!name) { + TALLOC_FREE(frame); return; } TALLOC_FREE(cli->dfs_mountpoint); cli->dfs_mountpoint = talloc_strdup(cli, name); - TALLOC_FREE(name); + TALLOC_FREE(frame); } /******************************************************************** diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c index 3f86d50..fc77e38 100644 --- a/source3/libsmb/libsmb_server.c +++ b/source3/libsmb/libsmb_server.c @@ -455,6 +455,11 @@ SMBC_server_internal(TALLOC_CTX *ctx, return NULL; } + if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) { + /* Ensure we ask for some initial credits. */ + smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS); + } + username_used = *pp_username; if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used, diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index 67050fa..b31f4be 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -1355,6 +1355,18 @@ static uint64_t vfswrap_get_alloc_size(vfs_handle_struct *handle, #else #error SIZEOF_BLKCNT_T_NOT_A_SUPPORTED_VALUE #endif + if (result == 0) { + /* + * Some file systems do not allocate a block for very + * small files. But for non-empty file should report a + * positive size. + */ + + uint64_t filesize = get_file_size_stat(sbuf); + if (filesize > 0) { + result = MIN((uint64_t)STAT_ST_BLOCKSIZE, filesize); + } + } #else result = get_file_size_stat(sbuf); #endif diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 2857765..d3d18f4 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -977,6 +977,7 @@ static void init_globals(bool reinit_globals) Globals.winbind_cache_time = 300; /* 5 minutes */ Globals.winbind_reconnect_delay = 30; /* 30 seconds */ + Globals.winbind_request_timeout = 60; /* 60 seconds */ Globals.winbind_max_clients = 200; Globals.bWinbindEnumUsers = false; Globals.bWinbindEnumGroups = false; diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c index 0ff2e0a..3b35bff 100644 --- a/source3/passdb/pdb_samba_dsdb.c +++ b/source3/passdb/pdb_samba_dsdb.c @@ -861,7 +861,7 @@ static NTSTATUS pdb_samba_dsdb_getgrfilter(struct pdb_methods *m, GROUP_MAP *map { struct pdb_samba_dsdb_state *state = talloc_get_type_abort( m->private_data, struct pdb_samba_dsdb_state); - const char *attrs[] = { "objectSid", "description", "samAccountName", "groupType", + const char *attrs[] = { "objectClass", "objectSid", "description", "samAccountName", "groupType", NULL }; struct ldb_message *msg; va_list ap; @@ -920,15 +920,13 @@ static NTSTATUS pdb_samba_dsdb_getgrfilter(struct pdb_methods *m, GROUP_MAP *map return NT_STATUS_INTERNAL_DB_CORRUPTION; } - map->sid_name_use = SID_NAME_DOM_GRP; - ZERO_STRUCT(id_map); id_map.sid = sid; id_maps[0] = &id_map; id_maps[1] = NULL; status = idmap_sids_to_xids(state->idmap_ctx, tmp_ctx, id_maps); - talloc_free(tmp_ctx); + if (!NT_STATUS_IS_OK(status)) { talloc_free(tmp_ctx); return status; diff --git a/source3/printing/load.c b/source3/printing/load.c index 136d055..238998d 100644 --- a/source3/printing/load.c +++ b/source3/printing/load.c @@ -65,11 +65,11 @@ load automatic printer services from pre-populated pcap cache void load_printers(struct tevent_context *ev, struct messaging_context *msg_ctx) { - SMB_ASSERT(pcap_cache_loaded()); + SMB_ASSERT(pcap_cache_loaded(NULL)); add_auto_printers(); /* load all printcap printers */ if (lp_load_printers() && lp_servicenumber(PRINTERS_NAME) >= 0) - pcap_printer_fn(lp_add_one_printer, NULL); + pcap_printer_read_fn(lp_add_one_printer, NULL); } diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c index dd7ba62..c5524ad 100644 --- a/source3/printing/pcap.c +++ b/source3/printing/pcap.c @@ -83,28 +83,26 @@ void pcap_cache_destroy_specific(struct pcap_cache **pp_cache) *pp_cache = NULL; } -bool pcap_cache_add(const char *name, const char *comment, const char *location) -{ - NTSTATUS status; - time_t t = time_mono(NULL); - - status = printer_list_set_printer(talloc_tos(), name, comment, location, t); - return NT_STATUS_IS_OK(status); -} - -bool pcap_cache_loaded(void) +bool pcap_cache_loaded(time_t *_last_change) { NTSTATUS status; time_t last; status = printer_list_get_last_refresh(&last); - return NT_STATUS_IS_OK(status); + if (!NT_STATUS_IS_OK(status)) { + return false; + } + if (_last_change != NULL) { + *_last_change = last; + } + return true; } bool pcap_cache_replace(const struct pcap_cache *pcache) { const struct pcap_cache *p; NTSTATUS status; + time_t t = time_mono(NULL); status = printer_list_mark_reload(); if (!NT_STATUS_IS_OK(status)) { @@ -113,7 +111,11 @@ bool pcap_cache_replace(const struct pcap_cache *pcache) } for (p = pcache; p; p = p->next) { - pcap_cache_add(p->name, p->comment, p->location); + status = printer_list_set_printer(talloc_tos(), p->name, + p->comment, p->location, t); + if (!NT_STATUS_IS_OK(status)) { + return false; + } } status = printer_list_clean_old(); @@ -132,8 +134,8 @@ void pcap_cache_reload(struct tevent_context *ev, { const char *pcap_name = lp_printcapname(); bool pcap_reloaded = False; - NTSTATUS status; bool post_cache_fill_fn_handled = false; + struct pcap_cache *pcache = NULL; DEBUG(3, ("reloading printcap cache\n")); @@ -143,12 +145,6 @@ void pcap_cache_reload(struct tevent_context *ev, return; } - status = printer_list_mark_reload(); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Failed to mark printer list for reload!\n")); - return; - } - #ifdef HAVE_CUPS if (strequal(pcap_name, "cups")) { pcap_reloaded = cups_cache_reload(ev, msg_ctx, @@ -164,26 +160,26 @@ void pcap_cache_reload(struct tevent_context *ev, #ifdef HAVE_IPRINT if (strequal(pcap_name, "iprint")) { - pcap_reloaded = iprint_cache_reload(); + pcap_reloaded = iprint_cache_reload(&pcache); goto done; } #endif #if defined(SYSV) || defined(HPUX) if (strequal(pcap_name, "lpstat")) { - pcap_reloaded = sysv_cache_reload(); + pcap_reloaded = sysv_cache_reload(&pcache); goto done; } #endif #ifdef AIX if (strstr_m(pcap_name, "/qconfig") != NULL) { - pcap_reloaded = aix_cache_reload(); + pcap_reloaded = aix_cache_reload(&pcache); goto done; } #endif - pcap_reloaded = std_pcap_cache_reload(pcap_name); + pcap_reloaded = std_pcap_cache_reload(pcap_name, &pcache); done: DEBUG(3, ("reload status: %s\n", (pcap_reloaded) ? "ok" : "error")); @@ -192,14 +188,16 @@ done: /* cleanup old entries only if the operation was successful, * otherwise keep around the old entries until we can * successfully reload */ - status = printer_list_clean_old(); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Failed to cleanup printer list!\n")); + + if (!pcap_cache_replace(pcache)) { + DEBUG(0, ("Failed to replace printer list!\n")); } + if (post_cache_fill_fn != NULL) { post_cache_fill_fn(ev, msg_ctx); } } + pcap_cache_destroy_specific(&pcache); return; } @@ -229,11 +227,11 @@ void pcap_printer_fn_specific(const struct pcap_cache *pc, return; } -void pcap_printer_fn(void (*fn)(const char *, const char *, const char *, void *), void *pdata) +void pcap_printer_read_fn(void (*fn)(const char *, const char *, const char *, void *), void *pdata) { NTSTATUS status; - status = printer_list_run_fn(fn, pdata); + status = printer_list_read_run_fn(fn, pdata); if (!NT_STATUS_IS_OK(status)) { DEBUG(3, ("Failed to run fn for all printers!\n")); } diff --git a/source3/printing/pcap.h b/source3/printing/pcap.h index 7056213..8fc9e9d 100644 --- a/source3/printing/pcap.h +++ b/source3/printing/pcap.h @@ -35,11 +35,10 @@ struct pcap_cache; bool pcap_cache_add_specific(struct pcap_cache **ppcache, const char *name, const char *comment, const char *location); void pcap_cache_destroy_specific(struct pcap_cache **ppcache); -bool pcap_cache_add(const char *name, const char *comment, const char *location); -bool pcap_cache_loaded(void); +bool pcap_cache_loaded(time_t *_last_change); bool pcap_cache_replace(const struct pcap_cache *cache); void pcap_printer_fn_specific(const struct pcap_cache *, void (*fn)(const char *, const char *, const char *, void *), void *); -void pcap_printer_fn(void (*fn)(const char *, const char *, const char *, void *), void *); +void pcap_printer_read_fn(void (*fn)(const char *, const char *, const char *, void *), void *); void pcap_cache_reload(struct tevent_context *ev, struct messaging_context *msg_ctx, @@ -49,7 +48,7 @@ bool pcap_printername_ok(const char *printername); /* The following definitions come from printing/print_aix.c */ -bool aix_cache_reload(void); +bool aix_cache_reload(struct pcap_cache **_pcache); /* The following definitions come from printing/print_cups.c */ @@ -60,13 +59,13 @@ bool cups_cache_reload(struct tevent_context *ev, /* The following definitions come from printing/print_iprint.c */ -bool iprint_cache_reload(void); +bool iprint_cache_reload(struct pcap_cache **_pcache); /* The following definitions come from printing/print_svid.c */ -bool sysv_cache_reload(void); +bool sysv_cache_reload(struct pcap_cache **_pcache); /* The following definitions come from printing/print_standard.c */ -bool std_pcap_cache_reload(const char *pcap_name); +bool std_pcap_cache_reload(const char *pcap_name, struct pcap_cache **_pcache); #endif /* _PRINTING_PCAP_H_ */ diff --git a/source3/printing/print_aix.c b/source3/printing/print_aix.c index 23d9a86..927a71b 100644 --- a/source3/printing/print_aix.c +++ b/source3/printing/print_aix.c -- Samba Shared Repository