Karolin Seeger [Fri, 3 Jun 2016 10:07:56 +0000 (12:07 +0200)]
VERSION: Disable git snapshots for the 4.4.4 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 3 Jun 2016 10:07:02 +0000 (12:07 +0200)]
WHATSNEW: Add release notes for Samba 4.4.4.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Rowland Penny [Thu, 31 Mar 2016 11:07:00 +0000 (12:07 +0100)]
samba-too: Allow 'samba-tool fsmo' to cope with empty or missing fsmo roles
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11613
Signed-off-by: Rowland Penny <rpenny@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
7583377473ecd3d096c4f924e61a04a84be32a96)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu Jun 2 16:07:42 CEST 2016 on sn-devel-144
Uri Simchoni [Wed, 27 Apr 2016 20:22:25 +0000 (23:22 +0300)]
smbd: dfree - ignore quota if not enforced
When calculating free disk space, do not take user quota
into account if quota is globally not enforced on the file
system.
This is meant to fix a specific problem with XFS. One might
say "why don't you fix the XFS-specific code instead?". The
reason for that is that getting and setting quota must not
be affected by whether quota is actually enforced. NTFS has
the same notion of separating quota accounting (and being
able to configure / retrieve configured quota), from quota
enforcement.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11937
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 28 00:09:05 CEST 2016 on sn-devel-144
(cherry picked from commit
42151f6fa25fefc8a6ae7388ca85379c07c93e1e)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed Jun 1 16:23:59 CEST 2016 on sn-devel-144
Uri Simchoni [Thu, 26 May 2016 19:52:09 +0000 (22:52 +0300)]
selftest: add disk-free quota tests
Add a test for situation where quota accounting is enabled
but quota enforcement is disabled (disk-free should not take
quota into account)
Add a test for situation where overall quota status reporting
(whether or not it's enforcing) is not supported - as with NFS.
In that case it must be assumed that if quota is configured, then
it is also enforced (as with NFS).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11937
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
de2d624d071c338b356824d3b30ab2c9075c8528)
Uri Simchoni [Thu, 26 May 2016 18:59:38 +0000 (21:59 +0300)]
vfs_fake_dfq: add more mocking options
Add support for mocking FS user/group quotas (default quota and
quota flags).
Make the default block size 4096 instead of 0. This
turns the default into "no quota" instead of "punt to
lower VFS module" (that is, if the mock module is asked
to retrieve quota of a user/group/default for which there
is no config).
Add support for ENOSYS error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11937
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b5ac30e96ede7a68bc191b983b068b62cbc160ec)
Christian Ambach [Wed, 11 May 2016 17:21:20 +0000 (19:21 +0200)]
s3:selftest add a test for rpcclient --pw-nt-hash option
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
d0cdf02dc9733dae960021ff1ca07587d8155e58)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue May 31 16:49:03 CEST 2016 on sn-devel-144
Christian Ambach [Wed, 11 May 2016 15:41:24 +0000 (17:41 +0200)]
s3:rpcclient make --pw-nt-hash option work
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10796
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4fe59879cc2a608194578e33e27e0dc1e2f0fc58)
Alexander Bokovoy [Wed, 25 May 2016 12:41:52 +0000 (15:41 +0300)]
s3-smbd: Support systemd 230
systemd 230 version finally deprecated libsystemd-daemon/libsystemd-journal split
and put everything in libsystemd library.
Make sure HAVE_LIBSYSTEMD define is supported in the code (we already
have it defined by the waf).
Patch is based on the code proposed by Zbigniew Jędrzejewski-Szmek
from systemd project.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11936
Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed May 25 20:25:44 CEST 2016 on sn-devel-144
(cherry picked from commit
92b4b6b3c58e6c8bc39e5693ad30ba6f8442ca99)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue May 31 12:35:41 CEST 2016 on sn-devel-144
Andreas Schneider [Wed, 25 May 2016 11:39:29 +0000 (13:39 +0200)]
s3-smbspool: Log to stderr
This way we will be able to see the log in the cups logs and are able to
debug issues.
https://bugzilla.samba.org/show_bug.cgi?id=11935
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
e59e0a5481196b1ddda0393306c514b8c32d6ea0)
Hemanth Thummala [Wed, 25 May 2016 06:15:04 +0000 (23:15 -0700)]
Fix memory leak in share mode locking.
Not freeing up(and reparenting to NULL context) ndr buffer
used for TDB updates resulting in huge memory leak when there
in high volume of opens and closes happening on same object.
Free the buffer before reparenting its parent to NULL context.
https://bugzilla.samba.org/show_bug.cgi?id=11934
Signed-off-by: Hemanth Thummala <hemanth.thummala@nutanix.com>
Signed-off-by: Saji VR <saji.vr@nutanix.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri May 27 18:43:31 CEST 2016 on sn-devel-144
(cherry picked from commit
7a725eea25f905fc5f611e8f3d7cfe414d5cf913)
Uri Simchoni [Sat, 21 May 2016 19:25:32 +0000 (22:25 +0300)]
s3-quotas: fix sysquotas_4B quota fetching for BSD
Correctly copy block hard/soft limits from the OS-specific structure
to samba structure.
BUG:https://bugzilla.samba.org/show_bug.cgi?id=11931
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
59133295bbfd3b51953d9c86e3b533ff1d4861e3)
Michael Adam [Fri, 20 May 2016 10:57:48 +0000 (12:57 +0200)]
notifyd: prevent NULL deref segfault in notifyd_peer_destructor
It seems it could happen that p->db == NULL in the list
from notifyd_clean_peers_next(). This has been seen in
a ctdb cluster when an node-internal ctdb interface is
brought down.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11930
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri May 20 17:32:55 CEST 2016 on sn-devel-144
(cherry picked from commit
1c76746b637bc1867f85ba94786b89f22d1b0c32)
Andreas Schneider [Wed, 18 May 2016 14:51:45 +0000 (16:51 +0200)]
s3-net: Convert the key_name to UTF8 during migration
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11922
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
858e1eaa64858790888b42d97ae4d6962a09756b)
Anoop C S [Tue, 10 May 2016 09:38:07 +0000 (15:08 +0530)]
packaging: Set default limit for core file size in service files
This change adds the missing LimitCORE variable setting in nmb and
winbind service files to have no limit for coredumps by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11907
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed May 18 19:26:49 CEST 2016 on sn-devel-144
(cherry picked from commit
f15b23f8358d7b2f60b1df0f81bb93a2c8789af4)
Anoop C S [Tue, 10 May 2016 15:37:01 +0000 (21:07 +0530)]
packaging: Set default limit for core file size in init scripts
SysV init scripts used for initiating smb and winbind services
determines the value for default limit of coredump from variable
named DAEMON_COREFILE_LIMIT within a bash env. Therefore this
patch explicitly sets this variable to 'unlimited' so as to have
no limit for core file size by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11907
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
ba9ccc6be48e8541748afbf31d5e5dba7d1baf8e)
Anoop C S [Tue, 10 May 2016 09:20:14 +0000 (14:50 +0530)]
packaging: Remove ulimit usage for setting core file size limit
Recent commit
ebd139c4db7e51a2d7843a773991f15cadf504dd modified smb.init
to set core file size to 'unlimited' by default using the ulimit command.
But when smb and winbind services are initiated via sysv init scripts,
another variable named DAEMON_COREFILE_LIMIT takes higher priority in
deciding the core file size. Therefore setting default value using ulimit
command is useless.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11907
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
46524b4543acc9d104d85136c0a4a9e006fc099c)
Jeremy Allison [Thu, 26 May 2016 23:31:55 +0000 (16:31 -0700)]
s3: auth: Move the declaration of struct dom_sid tmp_sid to function level scope.
It's referred to outside of the {} brace scope it was defined in by
the following code:
uid_to_unix_users_sid(*uid, &tmp_sid);
user_sid = &tmp_sid;
As tmp_sid was going out of scope, user_sid was
being incorrectly set in the token sid list.
I think this *may* be the root cause of:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10618
But even if not this is an obvious error that must
be fixed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri May 27 11:28:18 CEST 2016 on sn-devel-144
(cherry picked from commit
1b3b89345480d16222da00753f973e36e2e0f92d)
Stefan Metzmacher [Thu, 19 May 2016 09:47:18 +0000 (11:47 +0200)]
s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT
This means we'll use the "client ipc min protocol", "client ipc max protocol"
and "client ipc signing" options. But "--signing=no" or "--signing=required"
still overwrite "client ipc signing".
The following can be used to alter the max protocol
rpcclient --option="client ipc max protocol=SMB2_10" 172.31.9.163 -Uadministrator%
A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4
rpcclient --option="client ipc max protocol=NT1" 172.31.9.163 -Uadministrator%
A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4
rpcclient 172.31.9.163 -Uadministrator%
A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11927
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 21 05:01:15 CEST 2016 on sn-devel-144
(cherry picked from commit
2eb824fbaf61dfc5e9c735589c80c41379dabe86)
Michael Adam [Sun, 15 May 2016 21:24:08 +0000 (23:24 +0200)]
smbd:close: only remove kernel share modes if they had been taken at open
This avoids errors due to 'not implemented' for SMB_VFS_KERNEL_FLOCK
on some file systems like glusterfs (with the vfs module). The only
other code path where SMB_VFS_KERNEL_FLOCK is called, is already protected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11919
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Thu May 19 02:34:36 CEST 2016 on sn-devel-144
(cherry picked from commit
6b232b2720a3d71bc0b4b5603215b3f9d3de5ca6)
Michael Adam [Sun, 15 May 2016 23:39:09 +0000 (01:39 +0200)]
s3:vfs: add 'kernel_share_modes_taken' to files_struct
This will allow to track whether kernel share modes have been
taken at open and correclty remove them again on close.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11919
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
(cherry picked from commit
356487345724ce5dffdddf9c60735b2c965f30bc)
Günther Deschner [Fri, 29 Apr 2016 11:28:42 +0000 (13:28 +0200)]
s3:client:smbspool_krb5_wrapper: fix the non clearenv build.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Apr 29 19:52:23 CEST 2016 on sn-devel-144
(cherry picked from commit
e0d8c6b6b428819206fb6e96c47e952845af0874)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11864
Jérémie Courrèges-Anglas [Wed, 27 Apr 2016 16:01:51 +0000 (18:01 +0200)]
Provide fallback code for non-portable clearenv(3)
clearenv(3) is a GNU extension that was rejected twice by POSIX,
without an easy, portable alternative.
As the dovecot project notes,
"""
environ = NULL crashes on OSX - and OpenBSD < 6.0
*environ = NULL doesn't work on FreeBSD 7.0
environ = emptyenv doesn't work on Haiku OS
environ = calloc should work everywhere
"""
(source: http://hg.dovecot.org/dovecot-2.0/file/
48f90e7e92dc/src/lib/env-util.c)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11864
Signed-off-by: Jérémie Courrèges-Anglas <jca@wxcvbn.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 29 00:12:02 CEST 2016 on sn-devel-144
(cherry picked from commit
f198abcbb3f6e8b26c697d3ded2caa1076ae018b)
Volker Lendecke [Wed, 20 Apr 2016 11:13:38 +0000 (13:13 +0200)]
smbd: Fix an assert
This might stumble over stale entries
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11844
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a5d49b7ce1cfbf8491bc3d29c1ae5b0960b5fe01)
Stefan Metzmacher [Wed, 11 May 2016 15:59:32 +0000 (17:59 +0200)]
s3:ntlm_auth: make ntlm_auth_generate_session_info() more complete
The generate_session_info() function maybe called more than once
per session.
Some may try to look/dereference session_info->security_token,
so we provide simplified token.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11914
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 18 May 2016 07:56:02 +0000 (09:56 +0200)]
s3:smbd: fix anonymous authentication if signing is mandatory
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11910
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 9 May 2016 14:14:31 +0000 (16:14 +0200)]
libcli/auth: let msrpc_parse() return talloc'ed empty strings
This make it more predictable for the callers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11912
BUG: https://bugzilla.redhat.com/show_bug.cgi?id=
1334356
BUG: https://launchpad.net/bugs/
1578576
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon May 9 22:27:21 CEST 2016 on sn-devel-144
(cherry picked from commit
58a83236294117d32d9883ac3024f81fa1730a87)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue May 17 14:42:22 CEST 2016 on sn-devel-144
Christian Ambach [Tue, 10 May 2016 17:47:02 +0000 (19:47 +0200)]
s3:libsmb/clifile use correct value for MaxParameterCount for setting EAs
Windows servers will refuse trans2 requests which use excessive
request parameters. From [MS-CIFS|:
<239> Section 3.3.5.2.5: Windows NT servers fail a transaction request with
STATUS_INSUFF_SERVER_RESOURCES, if (SetupCount + MaxSetupCount +
TotalParameterCount + MaxParameterCount + TotalDataCount + MaxDataCount)
is greater than 65*1024.
When attempting to set a large list of EAs for a file, this limit can be
hit when using CLI_BUFFER_SIZE as MaxDataCount
while the TRANS2_SET_PATH_INFORMATION response has no data reply,
only parameters (section 2.2.6.7.2).
Be as minimal as possible here to allow a maximum number of EAs to
be written.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11354
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 11 18:35:59 CEST 2016 on sn-devel-144
(cherry picked from commit
7efbe1139796bb708176cd8dddb206a0f271ec1b)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu May 12 17:46:10 CEST 2016 on sn-devel-144
Luca Olivetti [Fri, 5 Feb 2016 11:02:51 +0000 (12:02 +0100)]
pdb: Fix segfault in pdb_ldap for missing gecos
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11530
Signed-off-by: Luca Olivetti <luca@wetron.es>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Feb 5 16:47:00 CET 2016 on sn-devel-144
(cherry picked from commit
5d759bd0d4bf7cae8b54b69af5ecacb7987c2a0f)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu May 12 11:48:24 CEST 2016 on sn-devel-144
Günther Deschner [Mon, 15 Feb 2016 11:58:07 +0000 (12:58 +0100)]
s3-kerberos: avoid entering a password change dialogue also when using MIT.
Without this fix, for accounts with an expired password, a password change
process is initiated and - due to the prompter - this fails with a confusing
error message:
"kerberos_kinit_password Administrator@W2K12DOM.BER.REDHAT.COM failed: Password
mismatch
Failed to join domain: failed to connect to AD: Password mismatch"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11906
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed May 11 17:23:03 CEST 2016 on sn-devel-144
Ralph Boehme [Tue, 26 Apr 2016 15:21:46 +0000 (17:21 +0200)]
s3:libnet:libnet_join: add netbios aliases as SPNs
Add all listed smb.conf netbios aliases as SPNs to the machine account:
HOST/NETBIOS_ALIAS@REALM
and
HOST/netbios_alias.dnsdomain.name@REALM
Bug: https://bugzilla.samba.org/show_bug.cgi?id=1703
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May 4 17:58:05 CEST 2016 on sn-devel-144
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon May 9 14:08:44 CEST 2016 on sn-devel-144
Raghavendra Talur [Mon, 2 May 2016 10:44:06 +0000 (16:14 +0530)]
init: set core file size to unlimited by default
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11907
Signed-off-by: Raghavendra Talur <rtalur@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri May 6 19:15:17 CEST 2016 on sn-devel-144
(cherry picked from commit
ebd139c4db7e51a2d7843a773991f15cadf504dd)
Ira Cooper [Thu, 3 Mar 2016 18:47:32 +0000 (13:47 -0500)]
source3: Honor the core soft limit of the OS.
We should honor the soft limits set by the operating system.
In any case, 16M doesn't make a useful coredump for modern
Samba.
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 5 00:39:48 CET 2016 on sn-devel-144
(cherry picked from commit
58d3462bc58290d8eb5e554c6c59cf6b73ccf58a)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11907
Uri Simchoni [Thu, 5 May 2016 20:40:22 +0000 (23:40 +0300)]
heimdal: encode/decode kvno as signed integer
This patch changes the encoding/decoding of kvno (key version number)
in blobs and packets to signed integer, for compatibility with Windows.
Reportedly, MIT Kerberos does the same.
This patch effectively reverts commit
1124c4872dfb81bec9c4b527b8927ca35e39a599
in the heimdal tree.
According to the Kerberos spec (RFC 4120 5.2.9), the kvno field
in encrypted data object is an unsigned integer that fits in
32 bits. The Heimdal Kerberos component bundled with Samba
conforms to this. However, Windows deviates from the standard
and encodes kvno as a signed integer, and this creates
interoperability issues.
ASN.1 DER has no special encoding for unsigned integer. A 32-bit
unsigned integer is encoded as a signed integer, so while a signed
32-bit integer (covering the range of -0x80000000..0x7fffffff) is
encoded using up to 4 bytes, an unsigned integer (covering
0..0xffffffff) could require 5 bytes.
Normally, kvno for a given account starts at 1 and increments on
password changes. Kerberos defined this as unsigned because there's
no meaning for negative version numbers, so the standard writers figured
4 billion versions is better than 2 billion. It was not
expected for a kvno to really go past 0x7fffffff and the disctinction
usually does not matter. However, RODCs use kvnos which
have the most-significant bit set.
In Active Directory, RODCs have a private secret for the krbtgt,
because the assumption is that the RODC is less secure, and
recovering the domain krbtgt secret from the RODC would compromise
the security of the entire domain. The kvno field is being used
to identify the private krbtgt account that owns the key - the
upper 16 bits are the RODC id, and the lower 16 bits identify
the key version number for this specific RODC. It's common to
have an RODC id greater than 0x8000, and therefore to have a
kvno larger than 0x7fffffff, which would be DER-encoded using
5 bytes.
Windows encodes kvno as signed integer - basically taking the
32 bits and treating them as a signed integer rather than an
unsigned integer. This means that in Windows a kvno can
always be encoded using 4 bytes, and Windows DCs reject a kvno
encoded using more than 4 bytes without even generating an error
response (the DC assumes it's an attack).
Heimdal re-encodes the TGT when it creates a TGS request. Obviously
it cannot decode and encode the encrypted parts but it does re-encode
the plain parts, which include the kvno. That leads to a 5-byte
kvno in the TGS request, which is rejected without an error
response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11900
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat May 7 21:14:21 CEST 2016 on sn-devel-144
(cherry picked from commit
6379737b7ddc6ccb752238c5820cc62e76a8da17)
Anubhav Rakshit [Thu, 30 Oct 2014 07:50:57 +0000 (13:20 +0530)]
torture:smb2: Add test replay6 to verify Error Codes for DurableHandleReqV2 replay
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e095a61c4b36e71b03d8afc724da09c91603a29b)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809
Günther Deschner [Wed, 24 Feb 2016 18:23:21 +0000 (19:23 +0100)]
lib/torture: add torture_assert_u64_not_equal_goto macro
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c5c3f91c6fd1ac3282d2fa27e262af097f0adfca)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809
Günther Deschner [Thu, 25 Feb 2016 10:15:06 +0000 (11:15 +0100)]
torture:smb2: add test for checking sequence number wrap around.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
2b799880b91f2ee44531644c62916f9a50531d04)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809
Günther Deschner [Tue, 1 Mar 2016 14:15:10 +0000 (15:15 +0100)]
libcli:smb:smbXcli_base: add smb2cli_session_current_channel_sequence() call.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ccda60ed9b33bb22ec2e162401a949aeaa631c8d)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809
Michael Adam [Sat, 27 Feb 2016 13:02:02 +0000 (14:02 +0100)]
smbd:smb2: add some asserts before decrementing the counters
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f81f3a2d78832258b09bcc63d5cce2b4594cbbc8)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809
Michael Adam [Tue, 23 Feb 2016 19:54:34 +0000 (20:54 +0100)]
smbd:smb2: update outstanding request counters before sending a reply
This is part of the channel sequence number treatment of multi-channel.
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
7dbb1707d96e39bed8898db08339d3b2d768c87c)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809
Michael Adam [Wed, 24 Feb 2016 14:54:41 +0000 (15:54 +0100)]
smbd:smb2: implement channel sequence checks and request counters in dispatch
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
71d2b190646bdf5fce65a776dfe6873da8d82479)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809
Michael Adam [Tue, 15 Mar 2016 11:36:59 +0000 (12:36 +0100)]
smbd:smb2: add request_counters_updated to the smbd_smb2_request struct
This will be used to keep track of whether the outstanding request
counters have been updated in the dispatch, so that the reply
code can act accordingly.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ae6967ea3e39a1a5401be4a4c969b467dd22dce4)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809
Michael Adam [Wed, 24 Feb 2016 14:51:14 +0000 (15:51 +0100)]
smbd:smb2: add a modify flag to dispatch table
This indicates that an operation is a modifying operation.
Some parts of the upcoming channel sequence number logic
only applies to modify operations.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
088468195b7f7f04eab0ce6fb928bda1c703e2fa)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809
Günther Deschner [Wed, 27 Jan 2016 15:18:25 +0000 (16:18 +0100)]
s3:smbXsrv.idl: add 8 byte channel_sequence number and request counters to IDL.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
31f33a3f3996a5fff9833540c8227600f4aa2a55)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809
Robin Hack [Tue, 26 Apr 2016 15:51:46 +0000 (17:51 +0200)]
ldb-samba/ldb_matching_rules: Fix CID
1349424 - Uninitialized pointer read
Fix unitialized 'visited' value (pointer to pointer) in
ldb_eval_transitive_filter() which passes 'visited' value later to
ldb_eval_transitive_filter_helper().
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 27 02:12:39 CEST 2016 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11890
(cherry picked from commit
f4181f25b4ae3db684e43837449617e75183ecc8)
Volker Lendecke [Wed, 20 Apr 2016 11:27:07 +0000 (13:27 +0200)]
dbwrap_ctdb: Fix ENOENT->NT_STATUS_NOT_FOUND
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11844
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 26 14:34:14 CEST 2016 on sn-devel-144
(cherry picked from commit
cce6b677ff90ef361c45a7b8ad3d482908c3c4a7)
Ralph Boehme [Mon, 11 Apr 2016 10:17:22 +0000 (12:17 +0200)]
vfs_fruit: add an option that allows disabling POSIX rename behaviour
https://bugzilla.samba.org/show_bug.cgi?id=11721
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 5 00:04:50 CEST 2016 on sn-devel-144
(cherry picked from commit
625dcef765adc75c34ee5955a08c6cb77b87f41b)
Christian Ambach [Tue, 5 Apr 2016 00:58:48 +0000 (02:58 +0200)]
s3:smbd/filename remove smelly code
not sure how this chunk ended up there, but I agree with
the statement in the comment that behavior should not depend
on developer mode
make test does not seem to depend on it anymore.
This piece had some bad influence on the tests I wrote
for case insensitivite behavior of SMB2/3, so let us
remove this technical debt.
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The last 3 patches address
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11438
Christian Ambach [Sun, 3 Apr 2016 03:16:45 +0000 (05:16 +0200)]
s3:smbd/service apply some code formatting
reduce indentation in switch statement, obey 80 char line limit, use C99 bool
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christian Ambach [Sun, 3 Apr 2016 03:06:05 +0000 (05:06 +0200)]
s3:smbd/service disable case-sensitivity for SMB2/3 connections
in SMB2, there is no flag to let us know if the client wants to have case-sensitive behavior,
so in Auto mode, disable case-sensitivity
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11438
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Robin McCorkell [Mon, 2 May 2016 20:48:14 +0000 (21:48 +0100)]
Correctly set cli->raw_status for libsmbclient in SMB2 code
The SMB2 file handling code wasn't correctly setting raw_status, which
is used by libsmbclient to report file open errors etc.
https://bugzilla.samba.org/show_bug.cgi?id=11276
Signed-off-by: Robin McCorkell <robin@mccorkell.me.uk>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
2a872e2b66f373b3c96b315b13c9f06a15522e13)
Karolin Seeger [Mon, 2 May 2016 07:27:15 +0000 (09:27 +0200)]
VERSION: Bump version up to 4.4.4...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 2 May 2016 07:26:23 +0000 (09:26 +0200)]
VERSION: Disable git snapshots for the 4.4.3 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 2 May 2016 07:25:42 +0000 (09:25 +0200)]
WHATSNEW: Add date.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 29 Apr 2016 09:16:45 +0000 (11:16 +0200)]
WHATSNEW: Udpate release notes.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Sat Apr 30 16:35:06 CEST 2016 on sn-devel-144
Stefan Metzmacher [Mon, 25 Apr 2016 14:12:47 +0000 (16:12 +0200)]
s3:selftest: add smbclient_ntlm tests
We test all combinations of NT1 with and without spnego and SMB3
for user, anonymous and guest authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 28 20:16:45 CEST 2016 on sn-devel-144
(cherry picked from commit
eee88e07b3e68efb467b390536eea4155b5ced7e)
Autobuild-User(v4-4-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-4-test): Fri Apr 29 13:12:46 CEST 2016 on sn-devel-144
Stefan Metzmacher [Mon, 25 Apr 2016 14:02:22 +0000 (16:02 +0200)]
selftest:Samba4: let fl2000dc use Windows2000 style SPNEGO/NTLMSSP
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
4de43387235cb17a185fdd1afd658972e8c174ef)
Stefan Metzmacher [Tue, 26 Apr 2016 23:00:14 +0000 (01:00 +0200)]
selftest:Samba4: let fl2000dc use Windows2000 supported_enctypes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
587b5db7979c1ca1055f5bfd81ab79606cd3c2dd)
Stefan Metzmacher [Tue, 26 Apr 2016 09:33:52 +0000 (11:33 +0200)]
s3:test_smbclient_auth.sh: this script reqiures 5 arguments
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
70910334caa176bf98fece7d638ed599979dc173)
Stefan Metzmacher [Tue, 26 Apr 2016 06:50:00 +0000 (08:50 +0200)]
selftest:Samba4: provide DC_* variables for fl2000dc and fl2008r2dc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
b8055cb42cadf48367867213a35635f3391c9b8d)
Stefan Metzmacher [Mon, 25 Apr 2016 13:58:27 +0000 (15:58 +0200)]
auth/ntlmssp: add ntlmssp_{client,server}:force_old_spnego option for testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
7a2cb2c97611171613fc677a534277839348c56f)
Stefan Metzmacher [Mon, 25 Apr 2016 12:45:55 +0000 (14:45 +0200)]
auth/spnego: add spnego:simulate_w2k option for testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
db9c01a51975a0a3ec2564357617958c2f466091)
Stefan Metzmacher [Wed, 20 Apr 2016 16:27:34 +0000 (18:27 +0200)]
auth/ntlmssp: do map to guest checking after the authentication
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
d667520568996471b55007a42b503edbabb1eee0)
Stefan Metzmacher [Wed, 20 Apr 2016 14:34:28 +0000 (16:34 +0200)]
s3:smbd: only mark real guest sessions with the GUEST flag
Real anonymous sessions don't get it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
79a71545bfc87525c6ba6c8fe9fa7d8a9da33441)
Stefan Metzmacher [Mon, 18 Apr 2016 15:36:56 +0000 (17:36 +0200)]
s3:smbd: make use SMB_SETUP_GUEST constant
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
25ce97892ad3ce5028e4dbbbdd844ef6619ac396)
Stefan Metzmacher [Wed, 20 Apr 2016 14:29:42 +0000 (16:29 +0200)]
libcli/security: implement SECURITY_GUEST
SECURITY_GUEST is not exactly the same as SECURITY_ANONYMOUS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
837e6176329330893d5a1e4ce4ac67dbac758e56)
Stefan Metzmacher [Tue, 26 Apr 2016 23:48:32 +0000 (01:48 +0200)]
s3:auth_builtin: anonymous authentication doesn't allow a password
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
ead483b0c0ec746c0869162024c97f2e08df7f4b)
Stefan Metzmacher [Tue, 26 Apr 2016 23:44:56 +0000 (01:44 +0200)]
s4:auth_anonymous: anonymous authentication doesn't allow a password
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
d247dceaaab24b568425f2360e40f5e91be452cc)
Stefan Metzmacher [Fri, 22 Apr 2016 08:04:38 +0000 (10:04 +0200)]
auth/spnego: only try to verify the mechListMic if signing was negotiated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
65462958522baee6eedcedd4193cfcc8cf0f510e)
Stefan Metzmacher [Tue, 19 Apr 2016 05:33:03 +0000 (07:33 +0200)]
s3:libsmb: use anonymous authentication via spnego if possible
This makes the authentication consistent between
SMB1 with CAP_EXTENDED_SECURITY (introduced in Windows 2000)
and SNB2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
e72ad193a53e20b769f798d02c0610f91859bd38)
Stefan Metzmacher [Tue, 19 Apr 2016 05:20:28 +0000 (07:20 +0200)]
s3:libsmb: don't finish the gensec handshake for guest logins
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
fa5799207e55ee8e329f36f784d027845eaf0e34)
Stefan Metzmacher [Tue, 19 Apr 2016 05:19:19 +0000 (07:19 +0200)]
s3:libsmb: record the session setup action flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
02c902103521e5a2b1d221db83e6c59d0ce31099)
Stefan Metzmacher [Mon, 18 Apr 2016 15:38:46 +0000 (17:38 +0200)]
libcli/smb: add smbXcli_session_is_guest() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
8f4a4bec089b46bbeb0e0f37bb682acb88702bf2)
Stefan Metzmacher [Mon, 18 Apr 2016 15:34:21 +0000 (17:34 +0200)]
libcli/smb: add SMB1 session setup action flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
cceaa61cf064926baca6db4b303d34ea90d40d52)
Stefan Metzmacher [Mon, 18 Apr 2016 15:33:11 +0000 (17:33 +0200)]
libcli/smb: add smb1cli_session_set_action() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
e6f9e176f2bb0e3e7451ac58e84ff55328219fcd)
Günther Deschner [Wed, 20 Apr 2016 18:09:53 +0000 (20:09 +0200)]
libcli/smb: fix NULL pointer derreference in smbXcli_session_is_authenticated().
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
8e016ffeb01167bb8dec66cf9e4bc8605461c15a)
Stefan Metzmacher [Tue, 19 Apr 2016 05:31:50 +0000 (07:31 +0200)]
s3:libsmb: use password = NULL for anonymous connections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11858
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
53be47410236ef7c90fe895f49f300e3fe47a8bf)
Stefan Metzmacher [Wed, 20 Apr 2016 16:44:21 +0000 (18:44 +0200)]
auth/ntlmssp: don't require NTLMSSP_SIGN for smb connections
Enforcement of SMB signing is done at the SMB layer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11850
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
d97b347d041f9b5c0aa71f35526cbefd56f3500b)
Stefan Metzmacher [Wed, 20 Apr 2016 16:44:21 +0000 (18:44 +0200)]
auth/ntlmssp: don't require any flags in the ccache_resume code
ntlmssp_client_challenge() already checks for required flags
before asking winbindd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11850
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
5041adb6657596399049a33e6a739a040b4df0db)
Stefan Metzmacher [Sat, 23 Apr 2016 03:17:25 +0000 (05:17 +0200)]
auth/spnego: handle broken mechListMIC response from Windows 2000
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11870
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
032c2733dea834e2c95178cdd0deb73e7bb13621)
Stefan Metzmacher [Thu, 28 Apr 2016 10:26:16 +0000 (12:26 +0200)]
auth/spnego: change log level for 'Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
9930bd17f2d39e4be1e125f83f7de489a94ea1d1)
Günther Deschner [Thu, 28 Apr 2016 10:58:33 +0000 (12:58 +0200)]
s3:librpc:crypto:gse: increase debug level for gse_init_client().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
b6595037f3fcaafb957d9c08edfb89c72cded987)
Günther Deschner [Thu, 28 Apr 2016 10:58:10 +0000 (12:58 +0200)]
lib:krb5_wrap:krb5_samba: increase debug level for smb_krb5_get_default_realm_from_ccache().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
95b8b020626ba58a77a21e3da804bac2f0cf90b1)
Stefan Metzmacher [Fri, 22 Apr 2016 14:31:55 +0000 (16:31 +0200)]
s3:libads/sasl: allow wrapped messages up to a size of 0xfffffff
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
795e796658e6da0149c9c00ece7cca4ccc457717)
Stefan Metzmacher [Fri, 22 Apr 2016 14:18:24 +0000 (16:18 +0200)]
s4:gensec_tstream: allow wrapped messages up to a size of 0xfffffff
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
8704958fb3b212b401a8e7d94fdd9c627adbde0d)
Hemanth Thummala [Thu, 14 Apr 2016 20:09:37 +0000 (13:09 -0700)]
Mask general purpose signals for notifyd.
Currently there is no signal handling available for notify daemon.
Signals like SIGHUP and SIGUSR1 can lead to terminate the notify
daemon. Masking these signals for notifyd as we are not handling them.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11840
Signed-off-by: Hemanth Thummala <hemanth.thummala@nutanix.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Apr 15 15:31:19 CEST 2016 on sn-devel-144
(cherry picked from commit
cade673f5fff8a578b8620149688ecc93e981205)
Karolin Seeger [Thu, 28 Apr 2016 09:15:24 +0000 (11:15 +0200)]
WHATSNEW: Start release notes for Samba 4.4.3.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Fri Apr 29 01:48:35 CEST 2016 on sn-devel-144
Jorge Schrauwen [Sun, 3 Apr 2016 09:43:50 +0000 (11:43 +0200)]
configure: Don't check for inotify on illumos
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11816
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
94f31295b12b20a68d596929ea428eb36f8c0d82)
Volker Lendecke [Mon, 4 Apr 2016 11:43:02 +0000 (13:43 +0200)]
nwrap: Fix the build on Solaris
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11816
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 5 08:57:06 CEST 2016 on sn-devel-144
(cherry picked from commit
ff6b49beeb5df30f4e243a97d2e6218ec497e9ad)
Volker Lendecke [Wed, 27 Apr 2016 10:15:37 +0000 (12:15 +0200)]
smbd: Avoid large reads beyond EOF
With unix extensions and oplocks=no mount.cifs from jessie reads beyond the
file end forever, and we are happy to return zeros....
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11878
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 27 23:57:56 CEST 2016 on sn-devel-144
(cherry picked from commit
10b0a8baa25fab70df8e6c5f0048ce0963211517)
Partha Sarathi [Thu, 14 Apr 2016 12:39:05 +0000 (12:39 +0000)]
Fix the smb2_setinfo to handle FS info types and FSQUOTA infolevel
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11819
Signed-off-by: Partha Sarathi <partha@exablox.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Apr 27 05:39:01 CEST 2016 on sn-devel-144
(cherry picked from commit
07e2f4731e5819a893c4675d93fede5ea261bed7)
Ralph Boehme [Tue, 19 Apr 2016 10:55:19 +0000 (12:55 +0200)]
cleanupd: restart as needed
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11855
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 19 20:35:33 CEST 2016 on sn-devel-144
(cherry picked from commit
052b8555510bf1f72c7ea777c44294264bbb67d4)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed Apr 27 13:42:24 CEST 2016 on sn-devel-144
Tom Mortensen [Sat, 16 Apr 2016 08:57:12 +0000 (10:57 +0200)]
nss_wins: Fix the hostent setup
This can never have been tested....
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11875
Signed-off-by: Tom Mortensen <tomm@lime-technology.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0b1f4db325bb0ed9171619c874908ee25327bba9)
Tom Mortensen [Sat, 16 Apr 2016 08:57:12 +0000 (10:57 +0200)]
nss_wins: ip_pton expects the raw IP address
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11875
Signed-off-by: Tom Mortensen <tomm@lime-technology.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
d3569ca2711d21ac87ff539662333ad315a2a618)
Uri Simchoni [Mon, 18 Apr 2016 20:08:38 +0000 (23:08 +0300)]
libads: record session expiry for spnego sasl binds
With the move to gensec-based spnego, record the session expiry
in tgs_expire, so that libads users such as winbindd can use this info
to determine how long to keep the connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11852
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Apr 19 16:53:57 CEST 2016 on sn-devel-144
(cherry picked from commit
34482eb7cc3d74c8de510309332e8ab176d0f3c0)
Volker Lendecke [Sun, 10 Apr 2016 10:51:15 +0000 (12:51 +0200)]
vfs_catia: Fix bug 11827, memleak
add_srt should add the mappings to the linked list even if
mappings==NULL (the default)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11827
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Apr 11 14:25:59 CEST 2016 on sn-devel-144
(cherry picked from commit
3e2af1568d150de1cb12fef40580f4880ac787ff)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Apr 18 16:33:23 CEST 2016 on sn-devel-144
Jeremy Allison [Tue, 5 Apr 2016 20:07:06 +0000 (13:07 -0700)]
s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1.
Reported by Thomas Dvorachek <tdvorachek@yahoo.com> from a Windows 10 server.
Confirmed in MS-CIFS 2.2.8.1.7.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11822
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 6 03:46:55 CEST 2016 on sn-devel-144
(cherry picked from commit
f63b9a73b03971f41947c694e6952cd1e49b67c3)
Uri Simchoni [Wed, 30 Mar 2016 11:20:44 +0000 (14:20 +0300)]
smbcquotas: print "NO LIMIT" only if returned quota value is 0.
If the user being queried has no quota, the server returns 0 as
its quota. This is the observed smbd and Windows behavior, which
is also documented in [MS-FSA] 2.5.1.20.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11815
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9d6d62010be2a54b6828cc4cc9c13b5657c8b4a0)
Uri Simchoni [Mon, 21 Mar 2016 21:04:24 +0000 (23:04 +0200)]
vfs_acl_common: avoid setting POSIX ACLs if "ignore system acls" is set
When "ignore system acls" is set, do not mess at all with POSIX ACLS,
do not even calculate the would-be POSIX-ACL-based security descriptor
(for performance reasons).
Instead, just store a V3 blob with zero hash. This means that if we
later read the ACL without ignoring system ACLs, the NT ACL shall be
reset to the info derivable from the POSIX ACL.
File ownership is still modified as it has bearing on disk quotas.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11806
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
765e5f1f2670d3d5d8d62a04b4ccf38a680bcb37)
Volker Lendecke [Tue, 22 Mar 2016 10:24:23 +0000 (11:24 +0100)]
winbind: Fix CID
1357100 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 22 15:49:14 CET 2016 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786