Karolin Seeger [Fri, 5 Apr 2019 07:25:57 +0000 (09:25 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.8.11 release.
CVE-2019-3880 (Save registry file outside share as unprivileged user)
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 5 Apr 2019 07:24:49 +0000 (09:24 +0200)]
WHATSNEW: Add release notes for Samba 4.8.11.
CVE-2019-3880 (Save registry file outside share as unprivileged user)
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Thu, 21 Mar 2019 21:51:30 +0000 (14:51 -0700)]
CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.
The were not using VFS backend calls and could only work
locally, and were unsafe against symlink races and other
security issues.
If the incoming handle is valid, return WERR_BAD_PATHNAME.
[MS-RRP] states "The format of the file name is implementation-specific"
so ensure we don't allow this.
As reported by Michael Hanselmann.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Karolin Seeger [Thu, 4 Apr 2019 10:05:08 +0000 (12:05 +0200)]
VERSION: Bump version up to 4.8.11...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
260a15bd57c52c49234b606062763e10bf77c03e)
Karolin Seeger [Thu, 4 Apr 2019 10:04:25 +0000 (12:04 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.8.10 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 4 Apr 2019 10:03:47 +0000 (12:03 +0200)]
WHATSNEW: Add release notes for Samba 4.8.10.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Andrew Bartlett [Tue, 15 May 2018 00:26:03 +0000 (12:26 +1200)]
selftest: Make setexpiry test much more reliable
Rather than setting all the expiries and expecting that they will be done within 5 seconds,
measure and check the time individually for each record.
This should make this test much less prone to flapping.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13867
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 15 23:58:17 CEST 2018 on sn-devel-144
(cherry picked from commit
5ebe3183fded1ab060ed60baeedeac859d0c137e)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Tue Apr 2 15:16:10 UTC 2019 on sn-devel-144
Andreas Schneider [Thu, 17 Jan 2019 12:58:14 +0000 (13:58 +0100)]
s3:lib: Fix the debug message for adding cache entries.
To get correct values, we need to cast 'timeout' to 'long int' first in
order to do calculation in that integer space! Calculations are don in
the space of the lvalue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13848
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
5822449a7340f53987ce4c04851652427f5b49e8)
Andreas Schneider [Thu, 21 Mar 2019 10:55:46 +0000 (11:55 +0100)]
s3:waf: Fix the detection of makdev() macro on Linux
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13853
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
eace58b539a382c61edd7c2be6fdfab31114719f)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Thu Mar 28 17:42:25 UTC 2019 on sn-devel-144
Stefan Metzmacher [Tue, 19 Mar 2019 12:05:16 +0000 (13:05 +0100)]
dbcheck: use the str() value of the "name" attribute
We do the same with the rdn attribute value
and we need the same logic on both in order to
check they are the same.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit
dd6f0dad218ec1d5aa38ea8aa6848ec81035cb3f)
Stefan Metzmacher [Tue, 12 Mar 2019 10:41:01 +0000 (11:41 +0100)]
dbcheck: don't check expired tombstone objects by default anymore
These will be removed anyway and any change on them risks to
be an originating update that causes replication problems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 14 03:12:27 UTC 2019 on sn-devel-144
(cherry picked from commit
a2c5f8cf41c2dfdc4f122e8427d1dfeabb6ba311)
Stefan Metzmacher [Tue, 12 Mar 2019 10:38:22 +0000 (11:38 +0100)]
blackbox/dbcheck-links.sh: prepare regression test for skipping expired tombstones
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
b096a3117ed9249fd6f65f3221a26c88efbba3b8)
Stefan Metzmacher [Tue, 12 Mar 2019 10:04:33 +0000 (11:04 +0100)]
blackbox/dbcheck*.sh: pass --selftest-check-expired-tombstones to dbcheck
These tests operate on provision dumps created long ago, they still
want to run tests on deleted objects, when the next commits remove
processing expired tombstone objects in dbcheck.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
5fccc4e9044d2e57be33471f5e6b9be7cc37ac3a)
Stefan Metzmacher [Tue, 12 Mar 2019 10:02:18 +0000 (11:02 +0100)]
dbcheck: add --selftest-check-expired-tombstones cmdline option
This will be used by dbcheck tests which operate on static/old provision
dumps in the following commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
6f9c5ed8de47bb98e21e8064d8e90f963f2f71ca)
Stefan Metzmacher [Tue, 12 Mar 2019 09:25:40 +0000 (10:25 +0100)]
python/samba/netcmd: provide SUPPRESS_HELP via Option class
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
b61d580fb7dba8ff94e9e98c958e324865cd2f1d)
Stefan Metzmacher [Thu, 28 Feb 2019 17:22:18 +0000 (18:22 +0100)]
dbcheck: detect the change after deletion bug
Old versions of 'samba-tool dbcheck' could reanimate
deleted objects, when running at the same time as the
tombstone garbage collection.
When the (deleted) parent of a deleted object
(with the DISALLOW_MOVE_ON_DELETE bit in systemFlags),
is removed before the object itself, dbcheck moved
it in the LostAndFound[Config] subtree of the partition
as an originating change. That means that the object
will be in tombstone state again for 180 days on the local
DC. And other DCs fail to replicate the object as
it's already removed completely there and the replication
only gives the name and lastKnownParent attributes, because
all other attributes should already be known to the other DC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
a1658b306d85452407388b91a745078c9c1f7dc7)
Stefan Metzmacher [Mon, 11 Mar 2019 22:14:02 +0000 (23:14 +0100)]
blackbox/dbcheck-links.sh: add regression test for lost deleted object repair
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
1ccc21a34d295be3bb2ab481a5918003eae88bf4)
Stefan Metzmacher [Thu, 28 Feb 2019 17:16:27 +0000 (18:16 +0100)]
dbcheck: add find_repl_attid() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
598e38d2a5e0832429ba65b4e55bf7127618f894)
Stefan Metzmacher [Mon, 25 Feb 2019 14:35:22 +0000 (15:35 +0100)]
dbcheck: don't remove dangling one-way links on already deleted objects
This would typically happen when the garbage collection
removed a parent object before a child object (both with
the DISALLOW_MOVE_ON_DELETE bit set in systemFlags),
while dbcheck is running at the same time as the garbage collection.
In this case the lastKnownParent attributes points a non existing
object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
e388e599495b6d7c38b8b6966332e27f8b958783)
Stefan Metzmacher [Mon, 25 Feb 2019 14:35:22 +0000 (15:35 +0100)]
dbcheck: don't move already deleted objects to LostAndFound
This would typically happen when the garbage collection
removed a parent object before a child object (both with
the DISALLOW_MOVE_ON_DELETE bit set in systemFlags),
while dbcheck is running at the same time as the garbage collection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
6d50ee74920c39cdb18b427bfaaf200775bf2d73)
Stefan Metzmacher [Mon, 25 Feb 2019 14:09:36 +0000 (15:09 +0100)]
dbcheck: do isDeleted, systemFlags and replPropertyMetaData detection first
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
9afcd5331ce567bd80d35175f8e4e21c506e9347)
Stefan Metzmacher [Mon, 11 Mar 2019 21:45:46 +0000 (22:45 +0100)]
dbcheck: use DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME when renaming deleted objects
We should never do originating updates on deleted objects.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
07a8326746f0c444eedf3860b178fc29d84e8d16)
Stefan Metzmacher [Mon, 11 Mar 2019 21:38:38 +0000 (22:38 +0100)]
dsdb:repl_meta_data: allow CONTROL_DBCHECK_FIX_LINK_DN_NAME to by pass rename
We need a way to rename an object without updating the replication meta
data.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
3e8a435d27da899d0e3dab7cbc0a1c738067eba3)
Stefan Metzmacher [Mon, 11 Mar 2019 13:52:57 +0000 (14:52 +0100)]
blackbox/dbcheck-links.sh: reproduce lost deleted object problem
When a parent object is removed during the tombstone garbage collection
before a child object and samba-tool dbcheck runs at the same time, the
following can happen:
- If the object child had DISALLOW_MOVE_ON_DELETE in systemFlags,
samba-tool dbcheck moves the object under the LostAndFound[Config]
object (as an originating update!)
- The lastKnownParent attribute is removed (as an originating update!)
These originating updates cause the object to have an extended time
as tombstone. And these changes are replicated to other DCs,
which very likely already removed the object completely!
This means the destination DC of replication has no chance to handle
the object it gets from the source DC with just 2 attributes (name, lastKnownParent).
The destination logs something like:
No objectClass found in replPropertyMetaData
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
5357f591accffbf8c62335c308b985811b66f0b5)
Stefan Metzmacher [Wed, 27 Feb 2019 07:22:09 +0000 (08:22 +0100)]
selftest: force running with TZ=UTC
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 27 11:24:59 UTC 2019 on sn-devel-144
(cherry picked from commit
4f307f2302b0fe8fd0fc6379eb8e6491faf8520c)
Noel Power [Fri, 7 Sep 2018 13:38:54 +0000 (14:38 +0100)]
python/samba: extra ndr_unpack needs bytes function
(cherry picked from commit
8db43696e70d7c4cb21172b7e7461cf6a72914a2)
Noel Power [Fri, 7 Sep 2018 11:42:19 +0000 (12:42 +0100)]
python/samba: PY3 port for ridalloc_exop test to work
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
fc13a1268a4a9de94efd312a8309aa55d331ae19)
Andreas Schneider [Wed, 20 Mar 2019 10:09:21 +0000 (11:09 +0100)]
s4:librpc: Fix installation of Samba
This breaks installation of Samba 4.10 on Fedora.
https://bugzilla.samba.org/show_bug.cgi?id=13847
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
bf469343f577e2d78df0e38d80e7976b351eaf0d)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Tue Mar 26 12:30:35 UTC 2019 on sn-devel-144
Martin Schwenke [Thu, 14 Mar 2019 05:32:02 +0000 (16:32 +1100)]
ctdb-tests: Add some testing for IPv4-mapped IPv6 address parsing
ctdb_sock_addr values are hashed in some contexts. This means that
all of the memory used for the ctdb_sock_addr should be consistent
regardless of how parsing is done. The first 2 cases are just sanity
checks but the 3rd case involving an IPv4-mapped IPv6 address is the
real target of this test addition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13839
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
(cherry picked from commit
d9286701cd9253bf3b42cac3d850ae8c23743e6d)
Zhu Shangzhong [Tue, 12 Mar 2019 12:49:48 +0000 (20:49 +0800)]
ctdb: Initialize addr struct to zero before reparsing as IPV4
Failed to kill the tcp connection that using IPv4-mapped IPv6 address
(e.g. ctdb_killtcp eth0 ::ffff:192.168.200.44:2049
::ffff:192.168.200.45:863).
When the ctdb_killtcp is used to kill the tcp connection, the IPs and
ports in the connection will be parsed to conn.client and conn.server
(call stack: main->ctdb_sock_addr_from_string->ip_from_string). In
the ip_from_string, as we are using IPv4-mapped IPv6 addresses, the
ipv6_from_string will be used to parse ip to addr.ip6 first. The next
step the ipv4_from_string will be used to reparse ip to addr.ip.
As a result, the data that dump from conn.server is "2 0 8 1 192 168
200 44 0 0 0 0 0 0 0 0 0 0 255 255 192 168 200 44 0 0 0 0", the data
from conn.client is "2 0 3 95 192 168 200 45 0 0 0 0 0 0 0 0 0 0 255 255
192 168 200 45 0 0 0 0". The connection will be add to conn_list by
ctdb_connection_list_add. Then the reset_connections_send uses conn_list
as parameter to start to reset connections in the conn_list.
In the reset_connections_send, the database "connections" will be
created. The connections from conn_list will be written to the
database(call db_hash_add), and use the data that dump from conn_client
and conn_server as key.
In the reset_connections_capture_tcp_handler, the
ctdb_sys_read_tcp_packet will receive data on the raw socket. And
extract the IPs and ports from the tcp packet. when extracting IP and
port, the tcp4_extract OR tcp6_extract will be used. Then we got the
new conn.client and conn.server. the data that dump from the
conn.server is "2 0 8 1 192 168 200 44 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0", the data from conn.client is "2 0 3 95 192 168 200 45 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0". Finally, we use the data as key to check
if this connection is one being reset(call db_hash_delete). The
db_hash_delete will return ENOENT. Because the two key that being used
by db_hash_delete and db_hash_add are different.
So, the TCP RST will be NOT sent for the connection forever. We should
initialize addr struct to zero before reparsing as IPV4 in the
ip_from_string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13839
Signed-off-by: Zhu Shangzhong <zhu.shangzhong@zte.com.cn>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
(cherry picked from commit
539b5ff32b32b7c75dfaaa119e41f5af6ff1e6fc)
Amitay Isaacs [Wed, 18 Jul 2018 09:00:42 +0000 (19:00 +1000)]
ctdb-common: Add fd argument to ctdb_connection_list_read()
This makes testing easier.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13520
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
3bf753e830c20183ef4f3278880d3be362e53bef)
Amitay Isaacs [Wed, 11 Jul 2018 08:35:46 +0000 (18:35 +1000)]
ctdb-protocol: Avoid fgets in ctdb_connection_list_read
C library buffering API can behave in unexpected fashion if underlying
fd for stdin, stdout or stderr is closed and re-opened.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13520
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
c9b42d27e6cf9e6ae36f44970f0a388edc737a7a)
Amitay Isaacs [Wed, 18 Jul 2018 08:42:10 +0000 (18:42 +1000)]
ctdb-common: Add line based I/O
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13520
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
c7041b0faf490661818244dd032ad413ce906e5c)
Andreas Schneider [Tue, 12 Mar 2019 10:40:30 +0000 (11:40 +0100)]
s3:client: Fix smbspool device uri handling
If we are executed as a CUPS backend, argv[0] is set to the device uri.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bryan Mason <bmason@redhat.com>
Signed-off-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
69d7a496d3bf52eaa10e81132bb61430863fdd8a)
Andreas Schneider [Tue, 12 Mar 2019 09:09:14 +0000 (10:09 +0100)]
s3:client: Make sure we work on a copy of the title
We can't be sure we can write to the input buffer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bryan Mason <bmason@redhat.com>
Signed-off-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
129ae27946318a075e99c9e6d1bacf8963f72282)
Andreas Schneider [Fri, 4 Jan 2019 08:21:24 +0000 (09:21 +0100)]
s3:client: Evaluate the AUTH_INFO_REQUIRED variable set by cups
This should not switch to username,password if cups has been configured
to use negotiate (Kerberos authentication).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bryan Mason <bmason@redhat.com>
Signed-off-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
5274b09fbaa5e45cc58f3301818d4e9f6a402845)
Andreas Schneider [Tue, 12 Mar 2019 08:40:58 +0000 (09:40 +0100)]
s3:client: Pass DEVICE_URI and AUTH_INFO_REQUIRED env to smbspool
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bryan Mason <bmason@redhat.com>
Signed-off-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
43160184d254a57f87bb2adeba47f48d8539533a)
Andreas Schneider [Tue, 12 Mar 2019 09:15:05 +0000 (10:15 +0100)]
s3:script: Fix jobid check in test_smbspool.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bryan Mason <bmason@redhat.com>
Signed-off-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
fad5e4eaeb9202c1b63c42ea09254c17c473e33a)
Stefan Metzmacher [Fri, 1 Mar 2019 14:48:18 +0000 (15:48 +0100)]
ndr_spoolss_buf: fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13818
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit
6da3664f8a11397fd3fb38e89c2432b8bf321e59)
Marcos Mello [Fri, 30 Nov 2018 11:25:07 +0000 (09:25 -0200)]
Send status to systemd on daemon start
systemd service files run in no-forking mode (--foreground) since
8b6f58194da7e849cdb9d20712dff49b17a93a77.
Rearrange sd_notify() call in become_daemon() to only send status to systemd
in this mode (Type=notify is not designed to monitor forking). Drop READY=0
(it does nothing) and MAINPID= (unnecessary because the process spawned by
systemd is already the main PID).
Also remove STATUS= prefix from debug messages.
Signed-off-by: Marcos Mello <marcosfrm@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
440ddf8470b11a46066d282bf8945201d547c192)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11568
Andreas Schneider [Thu, 7 Mar 2019 11:31:42 +0000 (12:31 +0100)]
lib:util: Move debug message for mkdir failing to log level 1
If you connnect to a host with smbclient this gets always printed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13823
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
c71334ec0c92e791022a9b7c900aa0dd649226c2)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Tue Mar 12 17:01:14 UTC 2019 on sn-devel-144
Günther Deschner [Mon, 11 Mar 2019 13:13:18 +0000 (14:13 +0100)]
WHATSNEW: mention new vfs_glusterfs_fuse module
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Christof Schmitt [Tue, 5 Mar 2019 18:56:49 +0000 (11:56 -0700)]
lib/winbind_util: Add winbind_xid_to_sid for --without-winbind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13813
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 6 01:53:16 UTC 2019 on sn-devel-144
(cherry picked from commit
4125ff89e44a3e98882cfc38c06e559a6e1e56a5)
Christof Schmitt [Tue, 5 Mar 2019 18:50:48 +0000 (11:50 -0700)]
lib/winbind_util: Move include out of ifdef
This fixes compile errors about missing prototypes with
--picky-developer and --without-winbind
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4b1e4c22128bdefe549a58b181e9b755854f4c3e)
Christof Schmitt [Mon, 4 Mar 2019 20:38:48 +0000 (13:38 -0700)]
passdb: Update ABI to 0.27.2
This change is for the backport only. The change in master increased the
ABI version to 0.28.0 and removed some functions; this should not happen
in a backport.
Signed-off-by: Christof Schmitt <cs@samba.org>
Stefan Metzmacher [Tue, 6 Mar 2018 21:47:42 +0000 (22:47 +0100)]
s3:passdb: add create_builtin_guests()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
c5874b9b68e0795e9dc23b04efa5959ac03ec8dc)
Volker Lendecke [Tue, 26 Feb 2019 14:17:36 +0000 (15:17 +0100)]
passdb: Make [ug]id_to_sid use xid_to_sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
40de67f1fcc46b7a64a7364c91dcedb474826d51)
Volker Lendecke [Tue, 26 Feb 2019 14:10:21 +0000 (15:10 +0100)]
passdb: Introduce xid_to_sid
This explicitly avoids the legacy_[ug]id_to_sid calls, which create
long-term cache entries to S-1-22-x-y if anthing fails. We can't do
this, because this will turn temporary winbind communication failures
into long-term problems: A short hickup in winbind_uid_to_sid will
create a mapping to S-1-22-1-uid for a week. It should be up to the
lower layers to do the caching.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
92f27ebb14c0c18b1d0fd49544ad851aeb14781c)
Volker Lendecke [Thu, 18 Oct 2018 03:46:37 +0000 (05:46 +0200)]
lib: Add dom_sid_str_buf
This is modeled after server_id_str_buf, which as an API to me is easier to
use: I can rely on the compiler to get the buffer size right.
It is designed to violate README.Coding's "Make use of helper variables", but
as this API is simple enough and the output should never be a surprise at all,
I think that's worth it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 2 20:11:11 CET 2018 on sn-devel-144
(cherry picked from commit
8b9d36221930a487ca5c51bf2e38ed04de9d50f7)
Volker Lendecke [Tue, 26 Feb 2019 13:45:32 +0000 (14:45 +0100)]
lib: Introduce winbind_xid_to_sid
This does not merge a winbind communication error into
"global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not
go along with is_null_sid(). Instead, this just touches the output sid
when winbind returned success. This success might well be a negative
mapping indicated by S-0-0, which *is* is_null_sid()...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
ef706a3e63b3e25edd27e0f99c3e2d8ff7209cb6)
Volker Lendecke [Tue, 26 Feb 2019 13:34:56 +0000 (14:34 +0100)]
winbind: Use idmap_cache_find_xid2sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
bc9824bd42d9370279819ea0d927e236f6041324)
Volker Lendecke [Wed, 27 Feb 2019 13:54:12 +0000 (14:54 +0100)]
torture: Add tests for idmap cache
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
e5a903bab6eda8f7ff2a7c8149d51022d9d8aede)
Volker Lendecke [Tue, 26 Feb 2019 13:32:52 +0000 (14:32 +0100)]
idmap_cache: Introduce idmap_cache_find_xid2sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
bb8122dd8c53bb307819a79b7888cc0940a7c13b)
Volker Lendecke [Mon, 25 Feb 2019 13:55:00 +0000 (14:55 +0100)]
winbind: Now we explicitly track if we got ids from cache
This now properly makes us use negative cache entries
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
95d33ca79cc315f1a2e41cd60859ef01d6548c77)
Volker Lendecke [Tue, 26 Feb 2019 11:52:28 +0000 (12:52 +0100)]
winbind: Initialize "expired" parameter to idmap_cache_xid2sid
The code in idmap_cache only touches its output parameters upon success
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
8c28c12702c0935a852c7fed6565987623f09fee)
Volker Lendecke [Tue, 26 Feb 2019 11:46:39 +0000 (12:46 +0100)]
idmap_cache: Only touch "sid" on success in find_xid_to_sid
Why? This makes the negative mapping condition (is_null_sid) more
explicit in the code.
The callers in lookup_sid initialized "psid" anyway before, and the ones
in wb_xids2sids now do as well. This is more in line with other APIs we
have: Only touch output parameters if you have something to say.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
4faf3e9f6da7515fc263d79f77226d105c2f8524)
Volker Lendecke [Mon, 25 Feb 2019 13:38:50 +0000 (14:38 +0100)]
lib: Make idmap_cache return negative mappings
Without this we'd query non-existent mappings over and over
again.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
d9303e8eb90d48f09f2e2e8bdf01f4a7c3c21d11)
Ralph Boehme [Fri, 1 Mar 2019 17:57:23 +0000 (18:57 +0100)]
libcli/security: fix handling of deny type ACEs in access_check_max_allowed()
Deny ACEs must always be evaluated against explicitly granted rights
from previous ACEs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
8d355dd9769e8990ce998b4c9f28977669b43616)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Mon Mar 11 13:04:13 UTC 2019 on sn-devel-144
Ralph Boehme [Sun, 3 Mar 2019 07:33:51 +0000 (08:33 +0100)]
s4:torture: Add test_deny1().
Creates a 2-element ALLOW + DENY ACE showing that when calculating
effective permissions and maximum access already seen allow bits are not
removed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b205d695d769e910a91bec87451dec189ec33740)
Jeremy Allison [Thu, 28 Feb 2019 22:59:01 +0000 (14:59 -0800)]
s4:torture: Add test_owner_rights_deny1().
Creates a 3-element ALLOW + ALLOW + DENY ACE showing that when
calculating maximum access already seen allow bits are not removed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
0ebd8c99aed28a0ba43a22c429837f66f7e94409)
Ralph Boehme [Fri, 1 Mar 2019 17:20:35 +0000 (18:20 +0100)]
libcli/security: correct access check and maximum access calculation for Owner Rights ACEs
We basically must process the Owner Rights ACEs as any other ACE wrt to the
order of adding granted permissions and checking denied permissions. According
to MS-DTYP 2.5.3.2 Owner Rights ACEs must be evaluated in the main loop over
the ACEs in an ACL and the corresponding access_mask must be directly applied
to bits_remaining. We currently defer this to after the loop over the ACEs in
ACL, this is wrong.
We just have to do some initial magic to determine if an ACL contains and
Owner Rights ACEs, and in case it doesn't we grant SEC_STD_WRITE_DAC |
SEC_STD_READ_CONTROL at the *beginning*. MS-DTYP:
-- the owner of an object is always granted READ_CONTROL and WRITE_DAC.
CALL SidInToken(Token, SecurityDescriptor.Owner, PrincipalSelfSubst)
IF SidInToken returns True THEN
IF DACL does not contain ACEs from object owner THEN
Remove READ_CONTROL and WRITE_DAC from RemainingAccess
Set GrantedAccess to GrantedAccess or READ_CONTROL or WRITE_OWNER
END IF
END IF
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9722f75757c0e38c7f42c7cc310d56aa6eaf6392)
Jeremy Allison [Thu, 28 Feb 2019 22:37:09 +0000 (14:37 -0800)]
s4:torture: Add test_owner_rights_deny().
Shows that owner and SID_OWNER_RIGHTS ACE
entries interact in max permissions requests.
Tested against Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
fadc4c1bc5fcc3b2d9daea44ef8daf8a8ae0fbe2)
Jeremy Allison [Thu, 28 Feb 2019 21:55:31 +0000 (13:55 -0800)]
s4:torture: Fix the test_owner_rights() test to show permissions are additive.
Tested against Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
2e181e34c48c879235c5dc64bd7ab2b59781810c)
Ralph Boehme [Wed, 27 Feb 2019 17:07:03 +0000 (18:07 +0100)]
libcli/security: add "Owner Rights" calculation to access_check_max_allowed()
This was missing in
44590c1b70c0a24f853c02d5fcdb3c609401e2ca.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Feb 28 19:18:16 UTC 2019 on sn-devel-144
(cherry picked from commit
5cf0764bc4b65dbc59d8626760dbe946a2234833)
Ralph Boehme [Thu, 28 Feb 2019 13:48:02 +0000 (14:48 +0100)]
s4:torture: add a Maximum Access check with an Owner Rights ACE
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
3ca38d2cd1189a5040e13ddab016063280be2b4d)
Ralph Boehme [Thu, 28 Feb 2019 13:47:18 +0000 (14:47 +0100)]
s4:libcli: remember return code from maximum access
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
9f4ee05295827c9a607e1f63694a17906f777176)
Björn Jacke [Wed, 23 Jan 2019 13:01:26 +0000 (14:01 +0100)]
sambaundoguididx: use the right escaped oder unescaped sam ldb files
the correct filename is taken from the partition database before, we should not
unescape that because this can result in a new unescaped ldb file being created
and the script not to work at all.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13759
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
cd1ac3668cd164bd5f7cadf7b59df9541aaef83e)
David Disseldorp [Wed, 27 Feb 2019 10:52:42 +0000 (11:52 +0100)]
vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback
Both libcephfs functions are supported and capable of extending files,
so fallback can be dropped.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
155f1289ba7a4802fbb99fbc9ea90d8bc6cff0c9)
[ddiss@samba.org: rebase atop 48t without
532ff3a5b958]
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Tue Mar 5 13:01:15 UTC 2019 on sn-devel-144
David Disseldorp [Tue, 26 Feb 2019 15:07:27 +0000 (16:07 +0100)]
vfs_ceph: fix strict_allocate_ftruncate()
The vfs_ceph "strict allocate = yes" ftruncate wrapper may attempt
*local* filesystem ftruncate(). Fix this.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
70329c36ed91dd0e50ff66f9b0a85c62ac8a621e)
David Disseldorp [Tue, 26 Feb 2019 20:26:27 +0000 (21:26 +0100)]
vfs_ceph: add missing fallocate hook
SMB_VFS_FALLOCATE() calls atop a vfs_ceph share currently fall through
to vfs_default, which results in a local filesystem I/O attempt using a
libcephfs file-descriptor. Add the missing fallocate hook to vfs_ceph.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
5a7e7280813559fb70a9fc8e4238cb6015ee3b53)
Jeremy Allison [Sun, 24 Feb 2019 16:15:23 +0000 (08:15 -0800)]
s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path.
Previous regression test ensures we still return the correct
error code for POSIX pathname operations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Feb 25 09:33:27 CET 2019 on sn-devel-144
(cherry picked from commit
3f1a13a94a753c5cb3b9f2cf795df5adb0f74205)
Jeremy Allison [Sun, 24 Feb 2019 16:03:32 +0000 (08:03 -0800)]
s3: torture: Add additional POSIX mkdir tests.
Ensure that if POSIX_foo exists as a file
we return the correct error code NT_STATUS_OBJECT_PATH_NOT_FOUND
if we try and traverse it as a directory.
Also ensure creation/deletion of POSIX_foo/foo fails
for directories and files with NT_STATUS_OBJECT_PATH_NOT_FOUND
if the directory POSIX_foo/ doesn't exist.
knownfail is back :-).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
632d0db8c42d50f5eecd002d9573f739cd945960)
Jeremy Allison [Sat, 23 Feb 2019 20:24:31 +0000 (12:24 -0800)]
smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths.
For posix_pathnames don't blunder into the name_has_wildcard OR
get_real_filename() codepaths as they may be doing case insensitive lookups.
So when creating a new POSIX directory 'Foo' they might
match on name 'foo'.
Remove POSIX-MKDIR from knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Feb 24 14:04:14 CET 2019 on sn-devel-144
(cherry picked from commit
12da33e2bbce657f25abe9bc4cb936ca4615b30f)
Jeremy Allison [Sat, 23 Feb 2019 20:26:01 +0000 (12:26 -0800)]
smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for UCF_UNIX_NAME_LOOKUP flag.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
980db8debde68f9edce13fc01bc45a904379cffd)
Jeremy Allison [Sun, 24 Feb 2019 01:52:34 +0000 (17:52 -0800)]
s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug.
Test does:
mkdir POSIX_foo
mkdir POSIX_Foo
mkdir POSIX_foo/Foo
mkdir POSIX_foo/foo
mkdir POSIX_Foo/Foo
mkdir POSIX_Foo/foo
Which should pass a SMB1 POSIX extensions server
as posix mkdir should always be case sensitive
no matter what the share is set to.
Mark as knownfail for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
f0decb31fff24ceb57d23bebbfb87aa0e5103947)
Ralph Boehme [Thu, 21 Feb 2019 15:55:09 +0000 (16:55 +0100)]
winbindd: set idmap cache entries as the last step in async wb_xids2sids
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Feb 23 09:23:22 CET 2019 on sn-devel-144
(cherry picked from commit
9b9565c3e69b92c298c7168e516387bb249c9e36)
Ralph Boehme [Fri, 22 Feb 2019 10:00:00 +0000 (11:00 +0100)]
winbindd: track whether a result from xid2sid was coming from the cache
This is needed in preparation of moving the step to update the idmap
cache from the per-idmap-domain callback wb_xids2sids_dom_done() to the
top-level callback wb_xids2sids_done().
Currently the sequence of action is:
* check cache, if not found:
* ask backends
* cache result from backend
* return results
Iow, if we got something from the cache, we don't write the cache.
The next commit defers updating the cache to the top-level callback, so
the sequence becomes
* check cache, if not found:
* ask backends
* cache results
* return results
This has two problems:
* it needlessly writes to the cache what we just got from it
* it possibly overwrites the ID_TYPE_BOTH for a SID-to-xid mapping in
the following case:
- existing ID_TYPE_BOTH mapping in the cache, eg:
IDMAP/SID2XID/S-1-5-21-
2180672342-
2513613279-
2566592647-512 -> Value:
3000000:B
- someone calls wb_xids2sids_send() with xid.id=
3000000,xid.type=ID_TYPE_GID
- cache lookup with idmap_cache_find_gid2sid() succeeds
- when caching results we'd call idmap_cache_set_sid2unixid() with the
callers xid.type=ID_TYPE_GID, so idmap_cache_set_sid2unixid() will
overwrite the SID-to-xid mapping with ID_TYPE_GID
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
62f54229fced20102e11ad1da02faef45c2a7c2e)
Ralph Boehme [Thu, 21 Feb 2019 15:52:21 +0000 (16:52 +0100)]
winbindd: switch send-next/done order
In preparation of adding more logic to the done step. No change in
behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
8e9c2a1f6ceb06d695a6572701b96a3e3821ac42)
Ralph Boehme [Thu, 21 Feb 2019 17:40:20 +0000 (18:40 +0100)]
winbindd: update xid in wb_xids2sids_state->xids with what we got
In preparation of priming the idmap cache in the top-level
wb_xids2sids_done(), not in the per-idmap-domain callback
wb_xids2sids_dom_done().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
7f23ef7b2cf7bd6e8dc087aa15137292b421a689)
Ralph Boehme [Thu, 21 Feb 2019 17:39:46 +0000 (18:39 +0100)]
winbindd: convert id to a pointer in wb_xids2sids_dom_done()
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
f8bf4fc608639695651f75c52b31f95e796a5a26)
Ralph Boehme [Fri, 22 Feb 2019 15:29:07 +0000 (16:29 +0100)]
winbindd: make xids a const argument to wb_xids2sids_send()
The previous commit made an internal copy of xids, this commit makes it
more obvious that we must not mess with the xids argument but treat it as
an in-parameter and don't write to it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
5d277ea7ea258676b9ea5081a451a5874af115f6)
Ralph Boehme [Thu, 21 Feb 2019 17:34:51 +0000 (18:34 +0100)]
winbindd: make a copy of xid's in wb_xids2sids_send()
This is in preparation of setting the result of the mapping in the top-
level callback wb_xids2sids_done(), not in the per-idmap-domain callback
wb_xids2sids_dom_done().
When caching the mapping we need the id-type from the backend, so we
need a way to pass up that information from wb_xids2sids_dom_done() up
to wb_xids2sids_done()
The xids array copy gets passed from wb_xids2sids_send() to
wb_xids2sids_dom_send(), so wb_xids2sids_dom_done() can then directly
update the top-level copy.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
f5a8bc2f945be45cdade5f70d4f975bae8337f67)
Volker Lendecke [Thu, 7 Feb 2019 15:15:46 +0000 (16:15 +0100)]
messages_dgm: Properly handle receiver re-initialization
This only properly covers the small-message nonblocking case. Covering
the large-message and the blocking case is a much larger effort assuming
we want to re-send the failed message if parts of the message has gone
through properly. Don't do that for now.
This was found by sanba_dnsupdate constantly recreating its irpc handle to
winbindd in the RODC case.
The messaging_dgm code cached connected datagram sockets based on the
destination pid for 1 second. Which means the IRPC responses from
winbindd are never delivered to samba_dnsupdate,
which will then hit a timeout.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13786
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
2543bba0364d8054e9ad316f5611621841bc061d)
Volker Lendecke [Thu, 7 Feb 2019 16:48:34 +0000 (17:48 +0100)]
torture3: Extend read3 for the "messaging target re-inits" failure
Do ping_pong a hundred times, re-initializing the msg_ctx every time.
https://bugzilla.samba.org/show_bug.cgi?id=13786
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
8d8f62c4b9dea381ce9f5833bc794553ae358173)
Volker Lendecke [Thu, 7 Feb 2019 14:57:06 +0000 (15:57 +0100)]
messages_dgm: Use saved errno value
In this case this is just a cleanup, the value has just been set by
messaging_dgm_sendmsg. But as that already saves errno into a local
variable, use that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13786
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
c27afc098398274abaed6dc9bef2019091c1b635)
Jiří Šašek [Thu, 6 Dec 2018 13:10:53 +0000 (14:10 +0100)]
notifyd: Fix SIGBUS on sparc
Problem is the structure "struct notify_instance" can lay in message buffer on
address not dividable by 8 but this structure begins by uint_64 (secs in
time-stamp). Structure should be re-packed to standalone buffer before the use.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13704
Signed-off-by: jiri.sasek@oracle.com
Reviewed-by: Volker Lendecke <vl@samba.org>
Gary Lockyer [Tue, 19 Feb 2019 21:45:05 +0000 (10:45 +1300)]
PVE-2019-3824 ldb: Release ldb 1.3.8
* CVE-2019-3824 out of bounds read in wildcard compare (bug 13773)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(v4-8-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-8-test): Tue Feb 26 12:58:03 CET 2019 on sn-devel-144
Gary Lockyer [Mon, 18 Feb 2019 21:24:38 +0000 (10:24 +1300)]
CVE-2019-3824 ldb: Add tests for ldb_wildcard_match
Add cmocka tests for ldb_wildcard_match.
Running test_wildcard_match under valgrind reproduces
CVE-2019-3824 out of bounds read in wildcard compare (bug 13773)
valgrind --suppressions=lib/ldb/tests/ldb_match_test.valgrind\
bin/ldb_match_test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Mon, 18 Feb 2019 21:26:56 +0000 (10:26 +1300)]
CVE-2019-3824 ldb: wildcard_match end of data check
ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0'
to the data, to make them safe to use the C string functions on.
However testing for the trailing '\0' is not the correct way to test for
the end of a value, the length should be checked instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Mon, 18 Feb 2019 21:26:25 +0000 (10:26 +1300)]
CVE-2019-3824 ldb: wildcard_match check tree operation
Check the operation type of the passed parse tree, and return
LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING.
A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the
operation and failing ldb_wildcard_match should help prevent confusion
writing tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Mon, 18 Feb 2019 21:25:24 +0000 (10:25 +1300)]
CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero
Initialise the created ldb_parse_tree with talloc_zero, this ensures
that it is correctly initialised if inadvertently passed to a function
expecting a different operation type.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Sun, 3 Feb 2019 22:22:50 +0000 (11:22 +1300)]
CVE-2019-3824 ldb: Improve code style and layout in wildcard processing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sun, 3 Feb 2019 22:22:34 +0000 (11:22 +1300)]
CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Lukas Slebodnik [Fri, 18 Jan 2019 15:37:24 +0000 (16:37 +0100)]
CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare
There is valgrind error in few tests tests/test-generic.sh
91 echo "Test wildcard match"
92 $VALGRIND ldbadd $LDBDIR/tests/test-wildcard.ldif || exit 1
93 $VALGRIND ldbsearch '(cn=test*multi)' || exit 1
95 $VALGRIND ldbsearch '(cn=*test_multi)' || exit 1
97 $VALGRIND ldbsearch '(cn=test*multi*test*multi)' || exit 1
e.g.
==3098== Memcheck, a memory error detector
==3098== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==3098== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==3098== Command: ./bin/ldbsearch (cn=test*multi)
==3098==
==3098== Invalid read of size 1
==3098== at 0x483CEE7: memchr (vg_replace_strmem.c:890)
==3098== by 0x49A9073: memmem (in /usr/lib64/libc-2.28.9000.so)
==3098== by 0x485DFE9: ldb_wildcard_compare (ldb_match.c:313)
==3098== by 0x485DFE9: ldb_match_substring (ldb_match.c:360)
==3098== by 0x485DFE9: ldb_match_message (ldb_match.c:572)
==3098== by 0x558F8FA: search_func (ldb_kv_search.c:549)
==3098== by 0x48C78CA: ??? (in /usr/lib64/libtdb.so.1.3.17)
==3098== by 0x48C7A60: tdb_traverse_read (in /usr/lib64/libtdb.so.1.3.17)
==3098== by 0x557B7C4: ltdb_traverse_fn (ldb_tdb.c:274)
==3098== by 0x558FBFA: ldb_kv_search_full (ldb_kv_search.c:594)
==3098== by 0x558FBFA: ldb_kv_search (ldb_kv_search.c:854)
==3098== by 0x558E497: ldb_kv_callback (ldb_kv.c:1713)
==3098== by 0x48FCD58: tevent_common_invoke_timer_handler (in /usr/lib64/libtevent.so.0.9.38)
==3098== by 0x48FCEFD: tevent_common_loop_timer_delay (in /usr/lib64/libtevent.so.0.9.38)
==3098== by 0x48FE14A: ??? (in /usr/lib64/libtevent.so.0.9.38)
==3098== Address 0x4b4ab81 is 0 bytes after a block of size 129 alloc'd
==3098== at 0x483880B: malloc (vg_replace_malloc.c:309)
==3098== by 0x491048B: talloc_strndup (in /usr/lib64/libtalloc.so.2.1.15)
==3098== by 0x48593CA: ldb_casefold_default (ldb_utf8.c:59)
==3098== by 0x485F68D: ldb_handler_fold (attrib_handlers.c:64)
==3098== by 0x485DB88: ldb_wildcard_compare (ldb_match.c:257)
==3098== by 0x485DB88: ldb_match_substring (ldb_match.c:360)
==3098== by 0x485DB88: ldb_match_message (ldb_match.c:572)
==3098== by 0x558F8FA: search_func (ldb_kv_search.c:549)
==3098== by 0x48C78CA: ??? (in /usr/lib64/libtdb.so.1.3.17)
==3098== by 0x48C7A60: tdb_traverse_read (in /usr/lib64/libtdb.so.1.3.17)
==3098== by 0x557B7C4: ltdb_traverse_fn (ldb_tdb.c:274)
==3098== by 0x558FBFA: ldb_kv_search_full (ldb_kv_search.c:594)
==3098== by 0x558FBFA: ldb_kv_search (ldb_kv_search.c:854)
==3098== by 0x558E497: ldb_kv_callback (ldb_kv.c:1713)
==3098== by 0x48FCD58: tevent_common_invoke_timer_handler (in /usr/lib64/libtevent.so.0.9.38)
==3098==
# record 1
dn: cn=test_multi_test_multi_test_multi,o=University of Michigan,c=TEST
cn: test_multi_test_multi_test_multi
description: test multi wildcards matching
objectclass: person
sn: multi_test
name: test_multi_test_multi_test_multi
distinguishedName: cn=test_multi_test_multi_test_multi,o=University of Michiga
n,c=TEST
# returned 1 records
# 1 entries
# 0 referrals
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Lukas Slebodnik <lslebodn@fedoraproject.org>
Christof Schmitt [Tue, 12 Feb 2019 19:28:32 +0000 (12:28 -0700)]
waf: Check for libnscd
The check was in the old autoconf, but not in waf. As the code is still
in source3/lib/util_nscd.c, add the check for libnscd to allow building
and using the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13787
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Feb 13 17:58:33 CET 2019 on sn-devel-144
(cherry picked from commit
3a793497796395ffa3efda5807bdb1ca8e09e35b)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Thu Feb 21 17:42:07 CET 2019 on sn-devel-144
Ralph Boehme [Tue, 5 Feb 2019 13:08:56 +0000 (14:08 +0100)]
tldap: avoid more use after free errors
See the previous commit for an explanation. :)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13776
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Feb 6 10:19:12 CET 2019 on sn-devel-144
(cherry picked from commit
bf91ee0a9727cc392583fe84ad069204be758515)
Ralph Boehme [Tue, 5 Feb 2019 12:56:53 +0000 (13:56 +0100)]
tldap: avoid a use after free crash
I saw the following crash in tldap in the winbindd idmap child on a
member server after messing with the LDAP server on the DC:
0 0x00007f77ea9a307a in __GI___waitpid (pid=9815, stat_loc=stat_loc@entry=0x7ffe77569eb0, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:29
1 0x00007f77ea91bfbb in do_system (line=<optimized out>) at ../sysdeps/posix/system.c:148
2 0x00007f77edd8c24b in smb_panic_s3 (why=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../source3/lib/util.c:828
3 0x00007f77f15afe85 in smb_panic (why=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../lib/util/fault.c:170
4 0x00007f77f08e2678 in talloc_abort (reason=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../lib/talloc/talloc.c:472
5 0x00007f77f08e268b in talloc_abort_access_after_free () at ../lib/talloc/talloc.c:477
6 0x00007f77f08e2710 in talloc_chunk_from_ptr (ptr=0x55da7605a020) at ../lib/talloc/talloc.c:494
7 0x00007f77f08e4a19 in _talloc_free (ptr=0x55da7605a020, location=0x7f77e181474d "../source3/lib/tldap.c:1918") at ../lib/talloc/talloc.c:1716
8 0x00007f77e180b65c in tldap_search_all_done (subreq=0x55da7605a020) at ../source3/lib/tldap.c:1918
9 0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da7605a020, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:125
10 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da7605a020, state=TEVENT_REQ_USER_ERROR, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:162
11 0x00007f77f0af1113 in _tevent_req_error (req=0x55da7605a020, error=
9780923860630110289, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:180
12 0x00007f77e180781a in tevent_req_ldap_error (req=0x55da7605a020, rc=...) at ../source3/lib/tldap.c:47
13 0x00007f77e180b2c4 in tldap_search_done (subreq=0x55da76058280) at ../source3/lib/tldap.c:1813
14 0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da76058280, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:125
15 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da76058280, state=TEVENT_REQ_USER_ERROR, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:162
16 0x00007f77f0af11cd in tevent_req_trigger (ev=0x55da760526c0, im=0x55da76058360, private_data=0x55da76058280) at ../lib/tevent/tevent_req.c:219
17 0x00007f77f0af0378 in tevent_common_loop_immediate (ev=0x55da760526c0) at ../lib/tevent/tevent_immediate.c:135
18 0x00007f77f0af8b8f in epoll_event_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent_epoll.c:911
19 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent_standard.c:114
20 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent.c:725
21 0x00007f77f0af1361 in tevent_req_poll (req=0x55da7605eed0, ev=0x55da760526c0) at ../lib/tevent/tevent_req.c:269
22 0x00007f77e180fec9 in tldap_gensec_bind (ctx=0x55da76051ec0, creds=0x55da76052250, target_service=0x7f77e18164b3 "ldap", target_hostname=0x55da7605d182 "dc1.sdom1.site", target_principal=0x0, lp_ctx=0x55da76052180, gensec_features=6) at ../source3/lib/tldap_gensec_bind.c:358
23 0x00007f77e1810d21 in idmap_ad_get_tldap_ctx (mem_ctx=0x55da76050510, domname=0x55da76051d50 "sdom1", pld=0x55da76050518) at ../source3/winbindd/idmap_ad.c:326
24 0x00007f77e1811056 in idmap_ad_context_create (mem_ctx=0x55da76059c00, dom=0x55da76059c00, domname=0x55da76051d50 "sdom1", pctx=0x7ffe7756a5f8) at ../source3/winbindd/idmap_ad.c:374
25 0x00007f77e18119c0 in idmap_ad_get_context (dom=0x55da76059c00, pctx=0x7ffe7756a640) at ../source3/winbindd/idmap_ad.c:554
26 0x00007f77e181275b in idmap_ad_sids_to_unixids (dom=0x55da76059c00, ids=0x55da760518a0) at ../source3/winbindd/idmap_ad.c:784
27 0x00007f77e1813217 in idmap_ad_sids_to_unixids_retry (dom=0x55da76059c00, ids=0x55da760518a0) at ../source3/winbindd/idmap_ad.c:947
28 0x000055da7459ce05 in _wbint_Sids2UnixIDs (p=0x7ffe7756a870, r=0x55da76050860) at ../source3/winbindd/winbindd_dual_srv.c:202
29 0x000055da7460aa5e in api_wbint_Sids2UnixIDs (p=0x7ffe7756a870) at default/librpc/gen_ndr/srv_winbind.c:391
30 0x000055da7459c7f4 in winbindd_dual_ndrcmd (domain=0x0, state=0x7ffe7756abb8) at ../source3/winbindd/winbindd_dual_ndr.c:369
31 0x000055da7459828c in child_process_request (child=0x55da74874bc0 <static_idmap_child>, state=0x7ffe7756abb8) at ../source3/winbindd/winbindd_dual.c:666
32 0x000055da7459ae58 in child_handler (ev=0x55da7602c2b0, fde=0x55da7603f8a0, flags=1, private_data=0x7ffe7756abb0) at ../source3/winbindd/winbindd_dual.c:1567
33 0x00007f77f0af85f1 in epoll_event_loop (epoll_ev=0x55da76048b00, tvalp=0x7ffe7756aab0) at ../lib/tevent/tevent_epoll.c:728
34 0x00007f77f0af8c29 in epoll_event_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent_epoll.c:930
35 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent_standard.c:114
36 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent.c:725
37 0x000055da7459b9e9 in fork_domain_child (child=0x55da74874bc0 <static_idmap_child>) at ../source3/winbindd/winbindd_dual.c:1766
38 0x000055da74596e96 in wb_child_request_waited (subreq=0x0) at ../source3/winbindd/winbindd_dual.c:188
39 0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da7604f820, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:125
40 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da7604f820, state=TEVENT_REQ_DONE, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:162
41 0x00007f77f0af10cd in _tevent_req_done (req=0x55da7604f820, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:168
42 0x00007f77f0af0cc1 in tevent_queue_wait_trigger (req=0x55da7604f820, private_data=0x0) at ../lib/tevent/tevent_queue.c:355
43 0x00007f77f0af06f2 in tevent_queue_immediate_trigger (ev=0x55da7602c2b0, im=0x55da760466a0, private_data=0x55da76046580) at ../lib/tevent/tevent_queue.c:149
44 0x00007f77f0af0378 in tevent_common_loop_immediate (ev=0x55da7602c2b0) at ../lib/tevent/tevent_immediate.c:135
45 0x00007f77f0af8b8f in epoll_event_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent_epoll.c:911
46 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent_standard.c:114
47 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent.c:725
48 0x000055da74561431 in main (argc=2, argv=0x7ffe7756c968) at ../source3/winbindd/winbindd.c:1803
subreq is a child of the state of req which will already be free by the
callback of req.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13776
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
9465292d4109f710f8fcd141a076f5c8278577bc)
Andreas Schneider [Wed, 30 Jan 2019 17:45:34 +0000 (18:45 +0100)]
s3:vfs: Correctly check if OFD locks should be enabled or not
Also the smb.conf options should only be checked once and a reload of
the config should not switch to a different locking mode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 9 03:43:50 CET 2019 on sn-devel-144
(cherry picked from commit
7ff94b18e2e39567ef7a208084cc5c914c39d3bd)
Andreas Schneider [Wed, 30 Jan 2019 17:09:52 +0000 (18:09 +0100)]
s3:vfs: Initialize pid to 0 in test_netatalk_lock()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
2ff2594b2bd878928cec30bc72a95a6d38bee154)
Jeremy Allison [Thu, 7 Feb 2019 02:01:52 +0000 (18:01 -0800)]
s4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit working server code.
Originally added for BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584
to demonstrate a lock order violation, this test
exposed problems in the mapping of SMB1/2 share modes
and open modes to NetATalk modes once we moved to OFD locks.
Change the test slightly (and add comments)
so it demonstrates working NetATalk share modes
on an open file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 8 23:26:46 CET 2019 on sn-devel-144
(cherry picked from commit
28990e4ba23695ecf264117efad90cc4e573302e)