Jule Anger [Tue, 26 Apr 2022 14:30:20 +0000 (16:30 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.15.7 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 26 Apr 2022 14:29:48 +0000 (16:29 +0200)]
WHATSNEW: Add release notes for Samba 4.15.7
Signed-off-by: Jule Anger <janger@samba.org>
Samuel Cabrero [Wed, 13 Apr 2022 09:34:18 +0000 (11:34 +0200)]
s3:winbind: Remove no longer used domain's private_data pointer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
a6d6ae3cfcd64a85f82ec5b12253ca0e237d95bb)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Fri Apr 15 14:03:44 UTC 2022 on sn-devel-184
Samuel Cabrero [Wed, 13 Apr 2022 09:31:45 +0000 (11:31 +0200)]
s3:winbind: Do not use domain's private data to store the ADS_STRUCT
The ADS_STRUCT is not allocated using talloc and there are many places
casting this pointer directly so use a typed pointer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
3cb256439e9ceece26c2de82293c43486543e0cb)
Samuel Cabrero [Wed, 13 Apr 2022 09:15:35 +0000 (11:15 +0200)]
s3:winbind: Simplify open_cached_internal_pipe_conn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
91395e660a2b1b69bf74ca0b77aee416e2ac1db3)
Samuel Cabrero [Wed, 13 Apr 2022 09:01:00 +0000 (11:01 +0200)]
s3:winbind: Do not use domain's private data to store the SAMR pipes
The domain's private_data pointer is also used to store a ADS_STRUCT,
which is not allocated using talloc and there are many places casting
this pointer directly.
The recently added samba.tests.pam_winbind_setcred was randomly failing
and after debugging it the problem was that kerberos authentication was
failing because the time_offset passed to kerberos_return_pac() was
wrong. This time_offset was retrieved from ads->auth.time_offset, where
the ads pointer was directly casted from domain->private_data but
private_data was pointing to a winbind_internal_pipes struct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
e1f29b0970f4cac52a9cd517be6862cf69a1433a)
Jeremy Allison [Tue, 5 Apr 2022 20:24:19 +0000 (13:24 -0700)]
s3: smbget: Fix auth_fn, order of //server/share parameters is mixed in prompt.
Found by <voetelink@nrg.eu>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
f1765f91b015d64122e74c01c7c6d0984cc7af87)
Pavel Filipenský [Fri, 25 Mar 2022 10:11:50 +0000 (11:11 +0100)]
s3:auth: Fix user_in_list() for UNIX groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Apr 7 09:49:44 UTC 2022 on sn-devel-184
(cherry picked from commit
6dc463d3e2eb229df1c4f620cfcaf22ac71738d4)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Mon Apr 11 09:22:01 UTC 2022 on sn-devel-184
Pavel Filipenský [Tue, 5 Apr 2022 12:04:52 +0000 (14:04 +0200)]
s3:tests Test "username map" for UNIX groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit
af8747a28bd62937a01fa4648f404bd0b09a44c0)
Pavel Filipenský [Tue, 5 Apr 2022 06:31:41 +0000 (08:31 +0200)]
selftest: Add to "username.map" mapping for jackthemappergroup
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Only for environment ad_member_idmap_nss.
* !jacknompapper = \@jackthemappergroup
jackthemaper from group jackthemappergroup is mapped to jacknompapper
* !root = jacknomappergroup
since there is no '@' or '+' prefix, it is not an UNIX group mapping
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit
0feeb6d58a6d6b1949faa842473053af4562c979)
Pavel Filipenský [Tue, 5 Apr 2022 06:30:23 +0000 (08:30 +0200)]
selftest: Create groups "jackthemappergroup" and "jacknomappergroup"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit
26e4268d6e3bde74520e36f3ca3cc9d979292d1d)
Pavel Filipenský [Fri, 1 Apr 2022 13:56:30 +0000 (15:56 +0200)]
selftest: Create users "jackthemapper" and "jacknomapper"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1b0146182224fe01ed70815364656a626038685a)
Ralph Boehme [Thu, 24 Mar 2022 15:25:22 +0000 (16:25 +0100)]
vfs_shadow_copy2: implement readdir()
RN: shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15035
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 31 18:47:42 UTC 2022 on sn-devel-184
(cherry picked from commit
9fa67ba8eeb6249d4b91b894e80eb1985c845314)
Ralph Boehme [Thu, 24 Mar 2022 16:31:00 +0000 (17:31 +0100)]
CI: add a test listing a snapshotted directory
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15035
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ba9c5ba8ec54e72d68e3f753a5350afe0fb50a7c)
Ralph Boehme [Mon, 28 Mar 2022 18:05:26 +0000 (20:05 +0200)]
CI: avoid smb2.twrp being run by plansmbtorture4testsuite() directly
This should only be run by a blackbox test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15035
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit
f734e960eb7ad98808ad8757de51c51d3db86a2b)
[slow@samba.org: conflict in source3/selftest/tests.py caused by new test in master not present in 4.16]
Jeremy Allison [Tue, 29 Mar 2022 01:39:55 +0000 (18:39 -0700)]
s3: smbd: Preserve the fsp->fsp_name->st buf across a MSG_SMB_FILE_RENAME message.
Remove knownfail.d/rename-full-info
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(Back-ported from commit
06bfac2125da5e4d37a596d1213912f0c698e69e)
Jeremy Allison [Tue, 29 Mar 2022 01:42:18 +0000 (18:42 -0700)]
s3: smbd: Preserve the fsp->fsp_name->st bufs across rename_open_files()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
5e1aa469ae61af0442f432e0a2e3bf8c8709616a)
Jeremy Allison [Tue, 29 Mar 2022 01:25:54 +0000 (18:25 -0700)]
s4: torture: Add test_smb2_close_full_information() test to smb2.rename.
Creates a file, opens it again on two different connections
and then renames it. When we close and ask for SMB2_CLOSE_FLAGS_FULL_INFORMATION
we expect this to succeed and return valid data on the handles that did not do
the rename request.
This currently succeeds by accident on master, so we are not
adding a knownfail.d/ file here. When we back-port this test
to 4.16.next, 4.15.next we will add a knownfail.d file.
The rename request zeros out the fsp->fsp_name->st field on the handles
that are open but are not being renamed, marking them as INVALID_STAT.
This should not happen on any open handle. Fix to follow will
preserve the field on rename in both the local connection and
different connection case.
Master gets away with this as in this branch, openat_pathref_fsp(),
which we use in the setup_close_full_information() call to fetch
the SMB2_CLOSE_FLAGS_FULL_INFORMATION data doesn't require an
existing VALID_STAT struct in order to open the file. This
hides the fact the rename zeroed out fsp->fsp_name->st.
4.16.x and 4.15.x don't have this fix, so expose the bug.
Regardless, even in master we should not zero out any
fsp->fsp_name->st values on rename.
Add knownfail.d/rename-full-info for 4.16.x, 4.15.x.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(Back-ported from commit
1301e6461393601a4d43cfc465a05114e6ae4662)
Jeremy Allison [Tue, 29 Mar 2022 01:24:27 +0000 (18:24 -0700)]
s4: torture: Add CHECK_CREATED macro to smb2/rename.c. Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Reviewed-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4725ef5c96395dc2f48fab1160a3312d95e21416)
Jeremy Allison [Tue, 29 Mar 2022 01:23:05 +0000 (18:23 -0700)]
s4: torture: Add CHECK_VAL macro to smb2/rename.c. Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
e862a2d9ec4e7bec1dd58490e9dee47d543b9154)
Jeremy Allison [Tue, 29 Mar 2022 01:09:20 +0000 (18:09 -0700)]
s3: tests.py: Only run smb2.rename against fileserver.
No need to run this against nt4_dc or ad_dc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(Back-ported from commit
e01c5992b061d8ed54645fff52a73418013340ab)
Jeremy Allison [Fri, 18 Mar 2022 19:30:27 +0000 (12:30 -0700)]
s3: smbd: smbd_smb2_setinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
This is the last SMB_VFS_FSTAT that uses fsp->fsp_name->st, so
remove knownfail.d/durable-v2-setinfo
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 24 17:21:29 UTC 2022 on sn-devel-184
(cherry picked from commit
c4f9c372405bea8a7d9c6b39e04cebefa3322a19)
Jeremy Allison [Fri, 18 Mar 2022 18:45:50 +0000 (11:45 -0700)]
s3: smbd: smbd_smb2_getinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
7fb2038faca256c03c2bd7d982f39f5b1a57f784)
Jeremy Allison [Fri, 18 Mar 2022 22:04:34 +0000 (15:04 -0700)]
s3: cmd_vfs: cmd_set_nt_acl(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(back-ported picked from commit
23d5c909286d438534f1a7defb2faacd1877fea1)
Jeremy Allison [Fri, 18 Mar 2022 22:01:52 +0000 (15:01 -0700)]
s3: cmd_vfs: cmd_open(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
fbc6cdfbeda4086851dfb0f91fd23b4fd541e174)
Jeremy Allison [Fri, 18 Mar 2022 21:57:13 +0000 (14:57 -0700)]
s3: pysmbd.c: init_files_struct(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
c4193f11d1871051d4cce4521b1f444a083c9189)
Jeremy Allison [Fri, 18 Mar 2022 19:27:53 +0000 (12:27 -0700)]
s3: smbd: call_trans2setfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
6a25b6997ff9f99fde309db1e163d16cd70ca5f5)
Jeremy Allison [Fri, 18 Mar 2022 19:26:27 +0000 (12:26 -0700)]
s3: smbd: call_trans2qfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
8d3812daa5b0c9eb534515d37498d0d6e1a40ec8)
Jeremy Allison [Fri, 18 Mar 2022 19:24:27 +0000 (12:24 -0700)]
s3: smbd: rename_internals_fsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
b53a69f4ffcaa5ec9b8660152802f5a7b2effc1f)
Jeremy Allison [Fri, 18 Mar 2022 19:22:26 +0000 (12:22 -0700)]
s3: smbd: mkdir_internal(). 2 of 2. All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
7f5c484804c87f37493e1f79d5c7e1738a4e0113)
Jeremy Allison [Fri, 18 Mar 2022 19:19:44 +0000 (12:19 -0700)]
s3: smbd: mkdir_internal(). 1 of 2. All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
064c5770deb4307272c60f0b08f6bc137df4b227)
Jeremy Allison [Fri, 18 Mar 2022 19:11:23 +0000 (12:11 -0700)]
s3: smbd: open_file(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
cfadecca802600fa9a01fa9781e4df9a0b71fa3c)
Jeremy Allison [Fri, 18 Mar 2022 19:09:43 +0000 (12:09 -0700)]
s3: smbd: non_widelink_open(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
18694c81cc3c3d94dc99e3b11878021052279eb6)
Jeremy Allison [Fri, 18 Mar 2022 19:02:35 +0000 (12:02 -0700)]
s3: smbd: open_internal_dirfsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
a604dd02ffb468ba472ac4dd64f06d30ecdcc810)
Jeremy Allison [Fri, 18 Mar 2022 19:00:15 +0000 (12:00 -0700)]
s3: smbd: open_internal_dirfsp() add missing file_free() in error path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
ec2fb9d22842332992b8f667a8218f7aaa1be7c4)
Jeremy Allison [Fri, 18 Mar 2022 18:56:53 +0000 (11:56 -0700)]
s3: smbd: mdssvc: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
2b246dbf687cbb6ef1e31e22fd64a95bdca8f4e9)
Jeremy Allison [Fri, 18 Mar 2022 18:51:00 +0000 (11:51 -0700)]
s3: VFS: vxfs: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
d460118be3ad2a3100bb3458f6f0223df12f7c3f)
Jeremy Allison [Fri, 18 Mar 2022 18:41:48 +0000 (11:41 -0700)]
s3: smbd: In set_ea_dos_attribute(), if we've stored btime and set XATTR_DOSINFO_CREATE_TIME successfully, we need to clear ST_EX_IFLAG_CALCULATED_BTIME.
This is no longer a calculated field, every call to fdos_mode() will
set it as non-calculated.
https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
2fc0820afcd375594b1d99edcd651420bea6ac91)
Jeremy Allison [Fri, 18 Mar 2022 18:40:04 +0000 (11:40 -0700)]
s3: smbd: In set_ea_dos_attribute() cause root fallback code to exit via the same place.
We're going to add another action on success next.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
9f62a149f12e899dbc2a7bac9458e7a375bf6608)
Jeremy Allison [Fri, 18 Mar 2022 21:52:02 +0000 (14:52 -0700)]
s4: torture: Add regression test for re-opening a durable handle after calling SMB2 setinfo (end of file).
This is an implementation of a test written by Apple for their
client. Currently fails to reconnect due to btime being overwritten
incorrectly in the SMB2 setinfo path.
Add knownfail.d/durable-v2-setinfo
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
0036617a5c76e6003e3c9a5039c325d77d897709)
Christof Schmitt [Mon, 21 Mar 2022 16:26:41 +0000 (09:26 -0700)]
vfs_gpfs: Initialize litemask to 0
The change from commit
fb13c7c94f to query exact values for atime,
mtime, ctime and size is not necessary, as none of these are used in
this codepath. Initiale litemask to 0 instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15027
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Mar 28 09:10:58 UTC 2022 on sn-devel-184
(cherry picked from commit
127f728d58e79a42f8826500e3b15c486e88e556)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Wed Mar 30 10:06:14 UTC 2022 on sn-devel-184
Andreas Schneider [Mon, 14 Feb 2022 06:59:52 +0000 (07:59 +0100)]
builtools: Make abi_gen.sh less prone to errors
The mold linker has more hidden symbols and we would need to filter them out
with nm, where objdump tells us which symbols are actually hidden. So we just
need to filter out whatever is hidden.
The use of awk makes it also easier to get what we want.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
2b9917d7a3cb88cf48517e4a93a94fa3ca6ff3d9)
Ralph Boehme [Wed, 23 Feb 2022 10:36:29 +0000 (11:36 +0100)]
vfs_shadow_copy2: remove async getxattrat
vfswrap_getxattrat_send() is handle based using smb_fname->fsp. As
the open of smb_fname->fsp was processed by this module, the handle
is already correctly opened on the file in the snapshot. In the end
this means we can just call directly call the next function here.
Note that the same reasoning might apply to other modules that use
vfs_not_implemented_getxattrat_send(), but checking and adjusting those is a job
for another day. Currently they will continue to go via the sync fallback of the
caller.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb 28 20:53:35 UTC 2022 on sn-devel-184
(cherry picked from commit
afc2103da0fe947afc027b3e25c5e82aa5d3f1fb)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Tue Mar 29 09:08:10 UTC 2022 on sn-devel-184
Ralph Boehme [Wed, 23 Feb 2022 17:10:59 +0000 (18:10 +0100)]
CI: add a test for async dosmode on a file in a shadow_copy2 snapshot
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1097b1d0776661d873861672ca38e5892014725d)
Ralph Boehme [Wed, 23 Feb 2022 17:14:38 +0000 (18:14 +0100)]
CI: enable "smbd async dosmode" on shadow_write share
Existing tests don't care, upcoming new test needs it.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
48f81b4e7216e4dad0a86aca75890c32117a342e)
Ralph Boehme [Fri, 17 Dec 2021 14:02:06 +0000 (15:02 +0100)]
smbd: also check for NT_STATUS_NOT_SUPPORTED
If a VFS module fails SMB_VFS_GETXATTRAT_SEND/RECV with ENOSYS like currently
vfs_shadow_copy2 or any other module that uses
vfs_not_implemented_getxattrat_send() the ENOSYS error that
vfs_not_implemented_getxattrat_send() sets gets mapped to
NT_STATUS_NOT_SUPPORTED by map_nt_error_from_unix().
Unfortunately when checking whether the async SMB_VFS_GETXATTRAT_SEND() failed
and to determine if the sync fallback should be triggered, we currently only
check for NT_STATUS_NOT_IMPLEMENTED which is the error we get when "store dos
attributes" is disabled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
97caec07ffd18f247134d21c3ba07c31591863bc)
Ralph Boehme [Tue, 25 Jan 2022 16:59:37 +0000 (17:59 +0100)]
CI: add test "smb2.async_dosmode"
Verifies async-dosmode sync fallback works with shadow_copy2 which returns
ENOSYS for SMB_VFS_GET_DOS_ATTRIBUTES_SEND().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ffdb1c3e00c233efc99e8f1a66a5f83beb4e07f3)
Ralph Boehme [Mon, 24 Jan 2022 15:45:11 +0000 (16:45 +0100)]
smbd: check "store dos attributes" settings in the async dosmode code
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ecf56c1d9b6b898ed4060e3bba341392ddcc9b5a)
Ralph Boehme [Mon, 24 Jan 2022 15:54:29 +0000 (16:54 +0100)]
CI: remove shares referencing removed functionality
The whole "smbd:force sync [user|root] [path|chdir] safe threadpool" stuff was
removed long ago by
29dd6f3e59055a17fa3d6a63619773f940e63374.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1e3e22cc45583cb11ef5dbc3c044bf6189fe6036)
Stefan Metzmacher [Wed, 16 Feb 2022 13:11:10 +0000 (14:11 +0100)]
s4:kdc: strictly have 2 16-bit parts in krbtgt kvnos
Even if the msDS-KeyVersionNumber of the main krbtgt
account if larger than 65535, we need to have
the 16 upper bits all zero in order to avoid
mixing the keys with an RODC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14951
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(similar to commit
ab0946a75d51b8f4826d98c61c3ad503615009fe)
Jeremy Allison [Mon, 21 Mar 2022 20:50:56 +0000 (13:50 -0700)]
s3: smbd: Don't allow setting the delete on close bit on a directory if it contains non-visible files and "delete veto files = no".
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15023
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 22 17:48:25 UTC 2022 on sn-devel-184
(cherry picked from commit
80503b46e7238d0796f5cc9eb6104958c3b3fcc7)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Thu Mar 24 13:32:14 UTC 2022 on sn-devel-184
Jeremy Allison [Mon, 21 Mar 2022 20:45:25 +0000 (13:45 -0700)]
s3: torture: Add 2 new tests SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-NO, SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-YES.
We currently allow setting the delete on close bit for
a directory containing only explicitly hidden/vetoed files
in the case where "delete veto files = yes" *and*
"delete veto files = no". For the "delete veto files = no"
case we should be denying setting the delete on close bit
when the client tries to set it (that's the only time Windows
looks at the bit and returns an error to the user). We
already do the in the dangling symlink case, we just
missed it in the !is_visible_fsp() case.
Mark SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-NO as knownfail
for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15023
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit
5fe341d2d67afb7088edcb772b058c747ab341b1)
Andrew Bartlett [Thu, 17 Mar 2022 05:47:48 +0000 (18:47 +1300)]
WHATSNEW: Mention our matrix room as well
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Thomas Debesse [Tue, 15 Feb 2022 13:11:45 +0000 (14:11 +0100)]
WHATSNEW: IRC is irc.libera.chat according to https://samba.org/samba/irc.html
Signed-off-by: Thomas Debesse <dev@illwieckz.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 18 Feb 2022 16:17:02 +0000 (17:17 +0100)]
s4:kdc: redirect pre-authentication failured to an RWDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit
0f5d7ff1a9fd14fd412b09883d413d1d660fa7be)
Autobuild-User(v4-15-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-15-test): Sat Mar 19 02:38:24 UTC 2022 on sn-devel-184
Stefan Metzmacher [Fri, 18 Feb 2022 16:17:02 +0000 (17:17 +0100)]
HEIMDAL: allow HDB_AUTH_WRONG_PASSWORD to result in HDB_ERR_NOT_FOUND_HERE
On an RODC we need to redirect failing preauthentication to an RWDC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit heimdal commit
df655cecd12712e7f7df5128b123eee0066a8216)
Andreas Schneider [Tue, 15 Mar 2022 12:10:06 +0000 (13:10 +0100)]
s3:libads: Fix creating local krb5.conf
We create an KDC ip string entry directly at the beginning, use it if we
don't have any additional DCs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Mar 16 14:26:36 UTC 2022 on sn-devel-184
(cherry picked from commit
68d181ee676e17a5cdcfc12c5cc7eef242fdfa6c)
Autobuild-User(v4-15-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-15-test): Thu Mar 17 10:35:11 UTC 2022 on sn-devel-184
Andreas Schneider [Tue, 15 Mar 2022 12:02:05 +0000 (13:02 +0100)]
s3:libads: Check print_canonical_sockaddr_with_port() for NULL in get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
12c843ad0a97fcbaaea738b82941533e5d2aec99)
Andreas Schneider [Tue, 15 Mar 2022 11:57:18 +0000 (12:57 +0100)]
s3:libads: Remove obsolete free's of kdc_str
This is allocated on the stackframe now!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
cca189d0934790418e27d9d01282370b1e6a057f)
Andreas Schneider [Tue, 15 Mar 2022 11:56:58 +0000 (12:56 +0100)]
s3:libads: Allocate all memory on the talloc stackframe
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
652c8ce1672dfead00c7af6af22e3bb3927764ec)
Andreas Schneider [Tue, 15 Mar 2022 11:48:23 +0000 (12:48 +0100)]
s3:libads: Use talloc_asprintf_append() in get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
812032833aa65729dbbfd4313a6e3fe072c88530)
Andreas Schneider [Tue, 15 Mar 2022 11:10:47 +0000 (12:10 +0100)]
s3:libads: Improve debug messages for get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
7f721dc2eee0064a1ddd480fcaf77bf1659c7a26)
Andreas Schneider [Tue, 15 Mar 2022 11:04:34 +0000 (12:04 +0100)]
s3:libads: Leave early on error in get_kdc_ip_string()
This avoids useless allocations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
313f03c78487ae49747b8143220ecbfe8ad9310a)
Andreas Schneider [Tue, 15 Mar 2022 11:03:40 +0000 (12:03 +0100)]
s3:libads: Remove trailing spaces in kerberos.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
567b1996796e5d3cf572653f38817d832fa135ca)
Andreas Schneider [Tue, 15 Mar 2022 15:53:02 +0000 (16:53 +0100)]
testprogs: Add test that local krb5.conf has been created
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
d2ac90cdd5672330ed9c323fc474f8ba62750a6f)
Elia Geretto [Fri, 11 Mar 2022 18:32:30 +0000 (19:32 +0100)]
s3:libsmb: Fix errno for failed authentication in SMBC_server_internal()
In SMBC_server_internal(), when authentication fails, the errno value is
currently hard-coded to EPERM, while it should be EACCES instead. Use the
NT_STATUS map to set the appropriate value.
This bug was found because it breaks listing printers protected by
authentication in GNOME Control Panel.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14983
Signed-off-by: Elia Geretto <elia.f.geretto@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 16 19:44:18 UTC 2022 on sn-devel-184
(cherry picked from commit
70b9977a46e5242174b4461a7f49d5f640c1db62)
Stefan Metzmacher [Thu, 3 Mar 2022 10:10:00 +0000 (11:10 +0100)]
s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names
authenticate_ldap_simple_bind*() needs to pass the
result of the cracknames operation into the auth stack
as user_info->client.{account,domain}_name, because
user_info->client.{account,domain}_name is also used
when forwarding the request via netrLogonSamLogon*
to a remote server, for exactly that the values are
also used in order to map a AUTH_PASSWORD_PLAIN into
AUTH_PASSWORD_RESPONSE, where the NTLMv2 response
contains the account and domain names passed in the
netr_IdentityInfo value.
Otherwise it would not be possible to forward the
LDAP simple bind authentication request to a remote
DC.
Currently this only applies to an RODC that forwards
the request to an RWDC.
But note that LDAP simple binds (as on Windows) only
work for users in the DCs forest, as the DsCrackNames
need to work and it can't work for users of remote
forests. I tested that in a DC of a forest root domain,
if rejected the LDAP simple bind against a different forest,
but allowed it for a users of a child domain in the
same forest. The NTLMSSP bind worked in both cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 10 04:10:54 UTC 2022 on sn-devel-184
(cherry picked from commit
40f2070d3b2b1b13cc08f7844bfe4945e9f0cd86)
Stefan Metzmacher [Thu, 3 Mar 2022 10:10:00 +0000 (11:10 +0100)]
auth: let auth logging prefer user_info->orig_client.{account,domain}_name if available
The optional user_info->orig_client.{account,domain}_name are
the once really used by the client and should be used in
audit logging. But we still fallback to
user_info->client.{account,domain}_name.
This will be important for the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
24b580cae23860a0fe6c9d3a285d60564057043d)
Stefan Metzmacher [Thu, 3 Mar 2022 10:10:00 +0000 (11:10 +0100)]
s4:auth: rename user_info->mapped_state to user_info->cracknames_called
This makes it much clearer what it is used for and
it is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in
authsam_check_password_internals().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
427125d182252d8aee3dd906ee34a909cdbb8ef3)
Stefan Metzmacher [Thu, 3 Mar 2022 22:23:21 +0000 (23:23 +0100)]
winbindd: don't set mapped_state in winbindd_dual_auth_passdb()
mapped_state is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in authsam_check_password_internals()
This doesn't apply here. We should also handle wbinfo -a
authentication UPN names, e.g. administrator@DOMAIN,
even if the account belongs to the local sam.
With this change the behavior is consistent also locally on DCs and
also an RODC can handle these requests locally for cached accounts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
8dfdbe095a4c8a7bedd29341656a7c3164517713)
Stefan Metzmacher [Mon, 7 Mar 2022 19:57:52 +0000 (20:57 +0100)]
nsswitch: let test_wbinfo.sh also test wbinfo -a $USERNAME@$DOMAIN
When winbindd forwards wbinfo -a via netrLogonSamLogon* to a remote
DC work fine for upn names, e.g. administrator@DOMAIN.
But it currently fails locally on a DC against the local sam.
For the RODC only work because it forwards the request to
an RWDC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
e1d2c59d360fb4e72dafe788b5d9dbb0572bf811)
Stefan Metzmacher [Thu, 3 Mar 2022 22:24:25 +0000 (23:24 +0100)]
s3:auth: make_user_info_map() should not set mapped_state
mapped_state is only evaluated in authsam_check_password_internals()
of auth_sam.c in source4, so setting it in the auth3 code
doesn't make any difference. I've proved that with
an SMB_ASSERT() and a full pipeline not triggering it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
c56cb12f347b7582290ce1d4dfe3959d69050bd9)
Stefan Metzmacher [Mon, 7 Mar 2022 20:16:51 +0000 (21:16 +0100)]
s4:auth: fix confusing DEBUG message in authsam_want_check()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
a12683bd1206df4d4d87a3842d92e34a69e172b7)
Stefan Metzmacher [Thu, 3 Mar 2022 22:14:10 +0000 (23:14 +0100)]
s4:auth: check for user_info->mapped.account_name if it needs to be filled
mapped_state is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in authsam_check_password_internals().
But that code will be changed in the next commits, so we can simplify
the logic and only check for user_info->mapped.account_name being NULL.
As it's the important factor that user_info->mapped.account_name is
non-NULL down in the auth stack.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
c7b8c71b2b71bb9d95c33d403c4204376f443852)
Stefan Metzmacher [Thu, 3 Mar 2022 22:16:13 +0000 (23:16 +0100)]
s4:rpc_server/samr: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
52787b9c1e9370133ff4481c62c2e7b9393c2439)
Stefan Metzmacher [Thu, 3 Mar 2022 22:16:13 +0000 (23:16 +0100)]
s4:kdc: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ca6948642bc2ff821ec4ca8ab24902b1ba9e8397)
Stefan Metzmacher [Thu, 3 Mar 2022 22:16:13 +0000 (23:16 +0100)]
s4:dsdb: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
99efe5f4e9ce426b28cef94d858849707ce15739)
Stefan Metzmacher [Thu, 3 Mar 2022 22:16:13 +0000 (23:16 +0100)]
s4:smb_server: don't set mapped_state explicitly in auth_usersupplied_info
We already use talloc_zero() and mapped_state will be removed in the
next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
859c7817350553259eb09c889bc40afebb60064a)
Stefan Metzmacher [Thu, 3 Mar 2022 22:15:31 +0000 (23:15 +0100)]
auth/ntlmssp: don't set mapped_state explicitly in auth_usersupplied_info
We already use talloc_zero() and mapped_state will be removed in the
next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
9a4ac8ab2e2c8ee48f6bf5a6ecf7988c435ba1c6)
Stefan Metzmacher [Thu, 3 Mar 2022 22:14:38 +0000 (23:14 +0100)]
s4:auth: encrypt_user_info() should set password_state instead of mapped_state
user_info->mapped_state has nothing to do with enum auth_password_state,
user_info->password_state is the one that holds the auth_password_state value.
Luckily user_info->password_state was never referenced in the
encrypt_user_info() callers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
a6fb598d9dcbfe21ef285b5f30fabcb88a259c93)
Stefan Metzmacher [Wed, 2 Mar 2022 13:32:41 +0000 (14:32 +0100)]
s4:auth: a simple bind uses the DCs name as workstation
I've seen that in LogonSamLogonEx request triggered
by a simple bind with a user of a trusted domain
within the same forest. Note simple binds don't
work with users for another forest/external domain,
as the DsCrackNames call on the bind_dn fails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14641
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
31db704882bbcd569c2abb764ac1d3691ee0a267)
Stefan Metzmacher [Fri, 4 Mar 2022 10:41:20 +0000 (11:41 +0100)]
s3:rpc_client: let rpccli_netlogon_network_logon() fallback to workstation = lp_netbios_name()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14641
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
5c04c01354944fc3a64bb109bf3e9bf89086cc6f)
Garming Sam [Mon, 1 Apr 2019 02:46:48 +0000 (15:46 +1300)]
rodc: Add tests for simple BIND alongside NTLMSSP binds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
62fb6c1dc8527db6cf0f08d4d06e8813707f767a)
Stefan Metzmacher [Fri, 4 Mar 2022 18:09:41 +0000 (19:09 +0100)]
s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as inducation for an interactive logon
Using != AUTH_PASSWORD_RESPONSE is not the correct indication
due to the local mappings from AUTH_PASSWORD_PLAIN via
AUTH_PASSWORD_HASH to AUTH_PASSWORD_RESPONSE.
It means an LDAP simble bind will now honour
'old password allowed period'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
2ad44686229ba02f98de5769c26a3dfeaf5ada2b)
Stefan Metzmacher [Tue, 8 Mar 2022 14:14:09 +0000 (15:14 +0100)]
s3:auth: let make_user_info_netlogon_interactive() set USER_INFO_INTERACTIVE_LOGON
This is not really relevant for now, as USER_INFO_INTERACTIVE_LOGON is
not evaluated in the source3/auth stack. But better add it to
be consistent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
012bd9f5b780f7a90cf3bd918f044ea67fae7017)
Stefan Metzmacher [Fri, 4 Mar 2022 20:53:06 +0000 (21:53 +0100)]
dsdb/tests: add test_login_basics_simple()
This demonstrates that 'old password allowed period' also
applies to LDAP simple binds and not only to GSS-SPNEGO/NTLMSSP binds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
3625d1381592f7af8ec14715c6c2dfa4d9f02676)
Stefan Metzmacher [Fri, 4 Mar 2022 20:53:06 +0000 (21:53 +0100)]
dsdb/tests: prepare BasePasswordTestCase for simple bind tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
0b1fbc9d56e2a25e3f1527ee5bc54880bdc65fc6)
Stefan Metzmacher [Fri, 4 Mar 2022 22:35:26 +0000 (23:35 +0100)]
dsdb/tests: introduce assertLoginSuccess
This makes it possible to catch failures with knownfail entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
751ce671a4af32bc1c56433a5a1c8161377856c5)
Stefan Metzmacher [Fri, 4 Mar 2022 22:35:26 +0000 (23:35 +0100)]
dsdb/tests: make use of assertLoginFailure helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
03ba5af3d9eaeb5f0c7c1a1a61ef2ac454eb8392)
Stefan Metzmacher [Fri, 4 Mar 2022 23:09:17 +0000 (00:09 +0100)]
dsdb/tests: let all BasePasswordTestCase tests provide self.host_url[_ldaps]
This will make further changes easier.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
5a3214c99048a88b0a9f509e3b5b38326529b02c)
Stefan Metzmacher [Sat, 5 Mar 2022 00:36:50 +0000 (01:36 +0100)]
dsdb/tests: passwords.py don't need to import BasePasswordTestCase
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
90754591a7e4d5a3af70c01425930f4ec063c516)
Stefan Metzmacher [Fri, 4 Mar 2022 20:50:15 +0000 (21:50 +0100)]
python:tests: let insta_creds() also copy the bind_dn from the template
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
a30a7626254c863f95b98c97ea46ff54b98078ad)
Jule Anger [Tue, 15 Mar 2022 13:09:54 +0000 (14:09 +0100)]
VERSION: Bump version up to Samba 4.15.7...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 15 Mar 2022 13:09:14 +0000 (14:09 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.15.6 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 15 Mar 2022 13:08:42 +0000 (14:08 +0100)]
WHATSNEW: Add release notes for Samba 4.15.6.
Signed-off-by: Jule Anger <janger@samba.org>
Jeremy Allison [Thu, 17 Feb 2022 19:12:39 +0000 (11:12 -0800)]
s3: smbd: Fix our leases code to return the correct error in the non-dynamic share case.
We now return INVALID_PARAMETER when trying to open a
different file with a duplicate lease key on the same
(non-dynamic) share. This will enable us to pass another
Windows test suite leases test.
We now behave the same as Windows10.
Remove knownfail.d/smb2-lease-duplicateopen
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 18 20:12:12 UTC 2022 on sn-devel-184
(cherry picked from commit
408be54323861c24b6377b804be4428cf45b471e)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Mon Mar 7 14:34:46 UTC 2022 on sn-devel-184
Jeremy Allison [Thu, 17 Feb 2022 18:58:32 +0000 (10:58 -0800)]
s4: torture: Add new SMB2 lease test test_lease_duplicate_open().
Checks we return INVALID_PARAMETER when trying to open a
different file with a duplicate lease key on the same share.
Checked against Windows10. Currently fails against smbd
so add knownfail.d/smb2-lease-duplicateopen
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
(cherry picked from commit
ca3896b6f8bbcad68f042720feceedfa29ddbd83)
Jeremy Allison [Thu, 17 Feb 2022 17:58:27 +0000 (09:58 -0800)]
s4: torture: Add new SMB2 lease test test_lease_duplicate_create().
Checks we return INVALID_PARAMETER when trying to create a
new file with a duplicate lease key on the same share.
Checked against Windows10. Samba already passes this
but we didn't have a test before.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
(cherry picked from commit
bf22548d11fe67ea3f4ec10dff81773d626e4703)
Stefan Metzmacher [Mon, 21 Feb 2022 14:28:53 +0000 (15:28 +0100)]
s3:trusts_utils: use a password length of 120 for machine accounts
This is important when we change the machine password against
an RODC that proxies the request to an RWDC.
An RODC using NetrServerPasswordSet2() to proxy PasswordUpdateForward via
NetrLogonSendToSam() ignores a return of NT_STATUS_INVALID_PARAMETER
and reports NT_STATUS_OK as result of NetrServerPasswordSet2().
This hopefully found the last hole in our very robust machine account
password handling logic inside of trust_pw_change().
The lesson is: try to be as identical to how windows works as possible,
everything else may use is untested code paths on Windows.
A similar problem was fixed by this commit:
commit
609ca657652862fd9c81fd11f818efb74f72ff55
Author: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed Feb 24 02:03:25 2021 +1300
provision: Decrease the length of random machine passwords
The current length of 128-255 UTF-16 characters currently causes
generation of crypt() passwords to typically fail. This commit
decreases the length to 120 UTF-16 characters, which is the same as
that used by Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 23 08:49:54 UTC 2022 on sn-devel-184
(cherry picked from commit
5e2386336c49fab46c1192db972af5da1e916b32)
Stefan Metzmacher [Mon, 21 Feb 2022 14:23:54 +0000 (15:23 +0100)]
upgradehelpers.py: add a comment to update_krbtgt_account_password()
The backend generates its own random krbtgt password values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ad0b5561b492dfa28acfc9604b2358bb8b490703)