Karolin Seeger [Wed, 25 Oct 2017 08:48:29 +0000 (10:48 +0200)]
VERSION: Disable GIT_SNAPSHOTS for the 4.6.9 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 25 Oct 2017 08:48:00 +0000 (10:48 +0200)]
WHATSNEW: Add release notes for Samba 4.6.9.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Volker Lendecke [Mon, 16 Oct 2017 15:43:09 +0000 (17:43 +0200)]
vfs_catia: Fix a potential memleak
Together with the previous commit this fixes a memleak (twice) that
happens when vfs_catia is loaded with no mappings defined.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13090
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 17 18:53:48 CEST 2017 on sn-devel-144
(cherry picked from commit
f6d6af3b2d5efcd160c1e5e09778fb1129530be0)
Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Wed Oct 25 12:49:20 CEST 2017 on sn-devel-144
Volker Lendecke [Tue, 17 Oct 2017 09:28:36 +0000 (11:28 +0200)]
vfs_catia: Fix a memory leak
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13090
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
e77b7aff86ab1cb603f59961f2f5689e4dc770ea)
Stefan Metzmacher [Mon, 9 Oct 2017 10:50:35 +0000 (12:50 +0200)]
krb5_wrap: ADDRTYPE_INET6 is available in all supported MIT versions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13079
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
(cherry picked from commit
96e471eecce91e6cd9b92d854a3c6ca10e0634f3)
Stefan Metzmacher [Mon, 9 Oct 2017 10:50:35 +0000 (12:50 +0200)]
krb5_wrap: KRB5_ADDRESS_INET6 is not a define in Heimdal
All supported versions of Heimal already have KRB5_ADDRESS_INET6,
so there's no need for an explicit check.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13079
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
(cherry picked from commit
70146841272bc87c335bd24b736ba2c62efdfe06)
Ralph Boehme [Wed, 11 Oct 2017 14:04:58 +0000 (16:04 +0200)]
s4/torture: vfs_fruit: test xattr unpacking
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 13 21:44:02 CEST 2017 on sn-devel-144
(cherry picked from commit
5f52a0fbe8c9f52c6fed206fd5cd47bd0de867a1)
Ralph Boehme [Mon, 9 Oct 2017 14:18:18 +0000 (16:18 +0200)]
s4/torture: vfs_fruit: replace AppleDouble data blob with xattr data
The osx_adouble_w_xattr datablob is used to test conversion from sidecar
._ file metdata to Samba compatible ._ file.
The previous data blob didn't contain xattr data, the new one does.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
c5b25d40e1ab3906805538abdb8f07a934c629f7)
Ralph Boehme [Wed, 11 Oct 2017 10:58:59 +0000 (12:58 +0200)]
vfs_fruit: on-access conversion of AppleDouble xattr data
This finally adds on-access conversion of xattr data stored in sidecar
AppleDouble files.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(backported from commit
d7068324407a9a0b94d992b539631246e97c9098)
Ralph Boehme [Tue, 10 Oct 2017 17:13:36 +0000 (19:13 +0200)]
vfs_fruit: static string fruit_catia_maps
In a later commit these will be used somewhere else too.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
ce516a34972f51eda48c1536858d47dc230ea99a)
Ralph Boehme [Tue, 10 Oct 2017 14:15:49 +0000 (16:15 +0200)]
vfs_fruit: pass path to ad_convert
This will be needed in a later commit when converting xattrs in sidecar
AppleDouble files.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
386249eea3a13303744dbab88480e80790138329)
Ralph Boehme [Tue, 10 Oct 2017 14:06:33 +0000 (16:06 +0200)]
vfs_fruit: unpack AppleDouble xattr header if present
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
fb137d6070c8cd872a66a4628b0e392cf40c180e)
Ralph Boehme [Tue, 10 Oct 2017 14:04:29 +0000 (16:04 +0200)]
vfs_fruit: allocate ad_data buffer up to AD_XATTR_MAX_HDR_SIZE bytes
This is in preperation of reading potential xattr header data from the
AppleDouble file, not just reading a fixed amount of bytes.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(backported from commit
ab8d01959b906d0b2873357f836bff72d209ff98)
Ralph Boehme [Tue, 10 Oct 2017 14:03:13 +0000 (16:03 +0200)]
vfs_fruit: add AppleDouble xattr structure definitions
Reference:
https://opensource.apple.com/source/xnu/xnu-4570.1.46/bsd/vfs/vfs_xattr.c
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
b5a664e2580d8823f4f2d3e7e516b576317eb290)
Ralph Boehme [Wed, 11 Oct 2017 16:11:12 +0000 (18:11 +0200)]
vfs_fruit: fix ftruncating resource fork
fruit_ftruncate_rsrc_adouble() is called to effectively ftruncate() the
._ AppleDouble file to the requested size.
The VFS function SMB_VFS_NEXT_FTRUNCATE() otoh would attempt to truncate
to fsp *stream* in any way the next VFS module seems fit. As we know
we're stacked with a streams module, the module will attempt to truncate
the stream. So we're not truncating the ._ file.
This went unnoticed as the AppleDouble file header contains the
authorative resource fork size that was updated correctly.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
3d7932a33263514785fa3e95e2d5502bc02b4ea4)
Ralph Boehme [Wed, 11 Oct 2017 09:35:15 +0000 (11:35 +0200)]
vfs_catia: factor out mapping functions
This moves the core mapping functions to a seperate file and makes them
global.
string_replace_init_map() is called to parse a mapping in string and
produce a mapping object that can then be passed to
string_replace_allocate() to do the actual mapping of a string.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(backported from commit
f8bd63e19c8b1c063dd6f41b405d6864a9b546ff)
Amitay Isaacs [Thu, 12 Oct 2017 03:42:59 +0000 (14:42 +1100)]
ctdb-common: Ignore event scripts with multiple '.'s
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13070
This avoids running event script copies left by a package manager.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
7720ca0729b127a93d78401aaf1341d79f9603a4)
Jeremy Allison [Tue, 3 Oct 2017 17:58:00 +0000 (10:58 -0700)]
s3: VFS: Protect errno if sys_getwd() fails across free() call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13069
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
4800ed3595513ce1e2f4edee36c35daafc63a3d5)
Jeremy Allison [Tue, 3 Oct 2017 17:37:55 +0000 (10:37 -0700)]
s3: VFS: Ensure sys_getwd() doesn't leak memory on error on really old systems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13069
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
fb9ce0685e5d46e3d7abf5fac07b4f626339a413)
Ralph Boehme [Sat, 30 Sep 2017 06:45:41 +0000 (08:45 +0200)]
net: groupmap cleanup should not delete BUILTIN mappings
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13065
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Oct 2 15:17:00 CEST 2017 on sn-devel-144
(cherry picked from commit
064e17c0d6934f685c075abe0cf4913fa20d3a94)
Amitay Isaacs [Fri, 29 Sep 2017 04:23:24 +0000 (14:23 +1000)]
ctdb-common: Do not queue a packet if queue does not have valid fd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13056
The only time a ctdb_queue is created without valid fd is when CTDB
is trying to establish connections with other nodes in the cluster.
All the other uses always create a ctdb_queue with valid fd.
This avoids queueing up packets for dead nodes or nodes that are not
running in the cluster and stops consuming memory.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
ddd97553f0a8bfaada178ec4a7460d76fa21f079)
Amitay Isaacs [Thu, 28 Sep 2017 01:47:24 +0000 (11:47 +1000)]
ctdb-tests: Send broadcast to connected nodes, not configured nodes
https://bugzilla.samba.org/show_bug.cgi?id=13056
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
bf11bea5dbb589186a205fa1d81368cc89a6139b)
Amitay Isaacs [Thu, 28 Sep 2017 01:47:00 +0000 (11:47 +1000)]
ctdb-daemon: Send broadcast to connected nodes, not configured nodes
https://bugzilla.samba.org/show_bug.cgi?id=13056
Database recovery takes care of attaching missing databases on all the nodes.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
70d306373e80eafe3a356c60a823a2577001d7d1)
Lutz Justen [Thu, 21 Sep 2017 17:32:05 +0000 (10:32 -0700)]
lib: gpo: Put enforced GPOs at the end of the list.
Enforced GPOs should be applied on top of all non-enforced GPOs,
so that they override policies set in non-enforced GPOs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13046
Signed-off-by: Lutz Justen <ljusten@google.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Sat Sep 23 05:25:19 CEST 2017 on sn-devel-144
(cherry picked from commit
5f2576a9af4f3c33121ad2b27a621b5f3bb34374)
Lutz Justen [Thu, 21 Sep 2017 17:11:15 +0000 (10:11 -0700)]
lib: gpo: Fixes issue with GPOPTIONS_BLOCK_INHERITANCE.
GP links with the GPOPTIONS_BLOCK_INHERITANCE option set
were blocking GPOs from the same link (i.e. an OU with
the flag set would block its own GPOs). This patch makes
sure the GPOs from the link are added to the list.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13046
Signed-off-by: Lutz Justen <ljusten@google.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
69410c0a02f7b4d7d20eadf4b4fda8ea064e4a0e)
Lutz Justen [Thu, 21 Sep 2017 17:01:58 +0000 (10:01 -0700)]
lib: gpo: Changes order to match GPO application order.
The order of GPOs in a gpo_list generated by ads_get_gpo_list
did not match the order of application. Since GPOs are pushed
to the FRONT of gpo_list, GPOs have to be pushed in the opposite
order of application. (Pushing to front is useful to get
inheritance blocking right).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13046
Signed-off-by: Lutz Justen <ljusten@google.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
6a531773b841f6b713226d1166a1e7d4dbc9b282)
Ralph Boehme [Tue, 29 Aug 2017 14:08:06 +0000 (16:08 +0200)]
s3/smbd: use correct access in get_file_handle_for_metadata
All we want here is FILE_WRITE_ATTRIBUTES, not FILE_WRITE_DATA.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 17 11:48:09 CEST 2017 on sn-devel-144
(cherry picked from commit
a3cc2fedab37134edd401b88087e20881c4ea18f)
Ralph Boehme [Tue, 29 Aug 2017 13:55:19 +0000 (15:55 +0200)]
s3/smbd: fix access checks in set_ea_dos_attribute()
We wanted to set the DOS attributes and failed with permission denied
from the VFS/kernel/filesystem. Next thing we wanna do here is override
this if either
- "dos filemode = true" is set and the security descriptor gives the
user write access or if
- the stored security descriptor has FILE_WRITE_ATTRIBUTES
The former was working, but the latter was not implemented at all.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
143d26283dad8422fba557de311c304f0093d647)
Ralph Boehme [Thu, 12 Oct 2017 13:41:01 +0000 (15:41 +0200)]
s3/smbd: README.Coding fixes in set_ea_dos_attribute
While I'm at it, some README.Coding fixes in set_ea_dos_attribute.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
fbad64200e0199acb644d83073234b2f6c200fce)
Samuel Cabrero [Thu, 21 Sep 2017 07:53:35 +0000 (09:53 +0200)]
s3: spoolss: Fix GUID string format on GetPrinter info
Fix regression introduced by commit
a4157e7c5d75 which removed the braces
around the printer GUID in the printer info level 7 structure.
MS-RPRN section 2.2 says this protocol uses curly-braced GUIDs so printers
are deleted from the directory by the domain controller's pruning service.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12993
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 6 05:21:25 CEST 2017 on sn-devel-144
(cherry picked from commit
fc03049ca1721c25c6ad3d01cba2501af3f39b93)
Ralph Boehme [Sun, 27 Aug 2017 17:22:38 +0000 (19:22 +0200)]
s3/mdssvc: missing assignment in sl_pack_float
Spotted by -Werror=maybe-uninitialized:
../source3/rpc_server/mdssvc/marshalling.c: In function ‘sl_pack_float’:
../source3/rpc_server/mdssvc/marshalling.c:171:11: error:
‘ieee_fp_union.w’ may be used uninitialized in this function
[-Werror=maybe-uninitialized]
offset = sl_push_uint64_val(buf, offset, bufsize, ieee_fp_union.w);
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12991
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
7b58c8f54499f01778bcbfc2ad21521ceed2dd57)
Ralph Boehme [Thu, 13 Jul 2017 14:05:49 +0000 (16:05 +0200)]
s4/torture: add a test for rename change notification with inotify enabled
This is already fixed in master by
5eccc2fd0072409f166c63e6876266f926411423~10..
5eccc2fd0072409f166c63e6876266f926411423.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 26 05:05:08 CEST 2017 on sn-devel-144
(backported from commit
51f40a0e1d10069f55a5884ff1579e8f15f10a1e)
Ralph Boehme [Thu, 13 Jul 2017 14:04:50 +0000 (16:04 +0200)]
selftest: run smb2.notify-inotify testsuite against fileserver
Next commit adds the suite and a test.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
71a68d22a15d12c4038026dd065c54721ddc6723)
Ralph Boehme [Thu, 13 Jul 2017 14:01:53 +0000 (16:01 +0200)]
selftest: enable kernel change notifications in the fileserver environment
This environment is currently not used for any test in the smb2
testsuite, so this change doesn't affect any existing test.
A subsequent commit will add a test for change notifications with kernel
change notify enabled. It verifies a bug (this one) that only crops up
in such a setup and causes rename events to get lost.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit
fb8e0343ebebac322d545b54c33b3c1e7bcda393)
Volker Lendecke [Sat, 24 Jun 2017 07:01:46 +0000 (09:01 +0200)]
messaging: Remove messaging_handler_send
This did not really take off, notifyd was the only user
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 7 05:11:48 CEST 2017 on sn-devel-144
(cherry picked from commit
5eccc2fd0072409f166c63e6876266f926411423)
Volker Lendecke [Sat, 24 Jun 2017 06:57:18 +0000 (08:57 +0200)]
notifyd: Remove notifyd_handler_done
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
197186a1fcc2c190fac9a16893234c337e6ec01c)
Volker Lendecke [Sat, 24 Jun 2017 06:56:35 +0000 (08:56 +0200)]
notifyd: Use messaging_register for MSG_SMB_NOTIFY_DB
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9430fab61cb746e590db307af37219f8f29b7fd8)
Volker Lendecke [Sat, 24 Jun 2017 06:48:45 +0000 (08:48 +0200)]
notifyd: Use messaging_register for MSG_SMB_NOTIFY_GET_DB
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
dc39bb45624f8d6859dadc3c9a9a85793a5a7d0d)
Volker Lendecke [Sat, 24 Jun 2017 06:45:17 +0000 (08:45 +0200)]
notifyd: Use messaging_register for MSG_SMB_NOTIFY_TRIGGER
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
db15feb162326cb03fb06df24bcdafa5d5cb3087)
Volker Lendecke [Sat, 24 Jun 2017 06:38:53 +0000 (08:38 +0200)]
notifyd: Use messaging_register for MSG_SMB_NOTIFY_REC_CHANGE
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b6079af1c41481714ac981fdd19f89ee197b4200)
Volker Lendecke [Sat, 24 Jun 2017 06:38:19 +0000 (08:38 +0200)]
messaging: make messaging_rec_create public
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0c1e08b5901e54c70cf72c74837a8ed8cc77f0b8)
Volker Lendecke [Wed, 5 Jul 2017 07:37:14 +0000 (09:37 +0200)]
notifyd: Avoid an if-expression
Best reviewed with "git show -b -U10"
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b8dccd11ea3d43b9ee51811c1ce7d81b91a549ca)
Volker Lendecke [Wed, 5 Jul 2017 07:34:51 +0000 (09:34 +0200)]
notifyd: Consolidate two #ifdef CLUSTER into one
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
d0a7bccae9856aba44a057c09499aa0de6b21862)
Volker Lendecke [Fri, 16 Jun 2017 13:20:22 +0000 (15:20 +0200)]
notifyd: Only ask for messaging_ctdb_conn when clustering
Without clustering, messaging_ctdb_conn will fail anyway.
Review with "git show -b".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
939576d968d1e0159456baf6dd1e3c454b98995a)
Ralph Boehme [Fri, 13 Oct 2017 12:32:58 +0000 (14:32 +0200)]
selftest: prevent interpretation of escape sequences in test_give_owner.sh
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Oct 14 06:02:50 CEST 2017 on sn-devel-144
(cherry picked from commit
7abf0acef48cb585fa8e5666fd4c27692b9c8ae3)
Ralph Boehme [Thu, 12 Oct 2017 15:07:15 +0000 (17:07 +0200)]
selftest: add some debugging to test_give_owner.sh
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 13 01:22:05 CEST 2017 on sn-devel-144
(cherry picked from commit
156015aed0b5a72b2f7150beb5cdaffa32b554e5)
Ralph Boehme [Fri, 6 Oct 2017 13:25:54 +0000 (15:25 +0200)]
vfs_fake_acls: deny give-ownership
Windows doesn't allow giving ownership away unless the user has
SEC_PRIV_RESTORE privilege.
This follows from MS-FSA 2.1.5.1, so it's a property of the filesystem
layer, not the SMB layer. By implementing this restriction here, we can
now have test for this restriction.
Other filesystems may want to deliberately allow this behaviour --
although I'm not aware of any that does -- therefor I'm putting in this
restriction in the implementation of the chmod VFS function and not into
the caller.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0666093cb0d820cc27a265c1f0a87bc76cd3c167)
Ralph Boehme [Wed, 4 Oct 2017 20:27:24 +0000 (22:27 +0200)]
vfs_acl_common: fix take ownership vs give ownership
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
7e7afef819b4a858e6de48389c6f4fa7510cf5c6)
Ralph Boehme [Wed, 4 Oct 2017 10:51:29 +0000 (12:51 +0200)]
vfs_acl_common: factor out a variable declaration
Just some refactoring, no change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e62f90a6d15626a2e20ba92f5cd552101ec4afe0)
Ralph Boehme [Wed, 4 Oct 2017 13:45:54 +0000 (15:45 +0200)]
s3/smbd/posix_acls: return correct status in try_chown
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
cc555be4d01c4140445bd30e16be3fe8343d3872)
Ralph Boehme [Fri, 6 Oct 2017 13:31:20 +0000 (15:31 +0200)]
selftest: tests for change ownership on a file
This test verifies that SEC_STD_WRITE_OWNER only effectively grants
take-ownership permissions but NOT give-ownership. The latter requires
SeRestorePrivilege privilege.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit
4b2e171e6b90f9c3594ebb705a28c66b981c2bf5)
Ralph Boehme [Sat, 7 Oct 2017 07:11:56 +0000 (09:11 +0200)]
selftest: fix samba3.blackbox.inherit_owner.default test script test_inherit_owner.sh
Grant the test-user SeRestorePrivilege, this is needed for
give-ownership operations. And then granting SeRestorePrivilege requires
`net`, so add that as an additional argument to the script.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit
ff199d8e3ea7bd1ed12de8c39340ba640a2b83ca)
Ralph Boehme [Sun, 8 Oct 2017 09:17:12 +0000 (11:17 +0200)]
selftest: fix acl_xattr test script test_acl_xattr.sh
The two "nt_affects_chgrp" tests called the wrong function so the
function nt_affects_chgrp() was never run.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3aff6315097cc9db0216bc18aa793a996930b0f4)
Ralph Boehme [Sun, 8 Oct 2017 06:51:05 +0000 (08:51 +0200)]
selftest: fix acl_xattr test: sn-devel unreliable gid
The "nt_affects_chgrp" kept failing in a full autobuild on sn-devel
because the actual gid of the created file as returned by smbclient -c
getfacl was reliably the unix gid of my account. It should have been the
mapped domusers group for the primary users "Domain Users"
group. Running the test individually or even the full set of
"samba3.blackbox" tests didn't trigger the error.
Looks like an issue with vfs_fake_acls and vfs_xattr_tdb, but I wasn't
able to track it down. As the test only really want to ensure that
smbcacls -G set the gid to the requested value, just remove the check
for the actual initial gid.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ea0ea829f5af63ab9638e758631c3002cbb6b4ce)
Ralph Boehme [Sun, 8 Oct 2017 09:13:46 +0000 (11:13 +0200)]
selftest: fix acl_xattr test: group, not user
In nt_affects_chgrp() check for domadmins *group*, not user. This didn't
trigger an error as nt_affects_chgrp() isn't actually called, see next
commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
71a2d06a1e41a1c412c82e58b3966e14c29c6159)
Ralph Boehme [Sun, 8 Oct 2017 09:12:48 +0000 (11:12 +0200)]
selftest: fix acl_xattr test: changing owner
Don't give ownership to user "force_user" as user "$USERNAME", this
would fail with NT_STATUS_INVALID_OWNER, instead just take ownership as
user "force_user". Adding a corresponding ACE for "force_user" with FULL
rights ensures this works.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0f8de2dee5451c9791f96050f85e4f007bec2819)
Ralph Boehme [Wed, 6 Sep 2017 14:28:10 +0000 (16:28 +0200)]
vfs/nfs4_acls: move special handling of SMB_ACE4_SYNCHRONIZE to vfs_zfsacl
Commit
99a74ff5e6a9f87ad7a650cb44e0f925f834b3a1 added special handling
of SMB_ACE4_SYNCHRONIZE, always setting it in the access_mask when
fabricating an ACL. While at the same time removing it from the
access_mask when setting an ACL, but this is done direclty in
vfs_zfsacl, not it the common code.
Forcing SMB_ACE4_SYNCHRONIZE to be always set is only needed on ZFS, the
other VFS modules using the common NFSv4 infrastructure should not be
made victims of the special ZFS behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7909
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4591a91c4aa9e631fb8696ed8f6e53343e773895)
Ralph Boehme [Wed, 6 Sep 2017 14:56:47 +0000 (16:56 +0200)]
s3/vfs: move ACE4_ADD_FILE/ACE4_DELETE_CHILD mapping from NFSv4 framework to vfs_zfsacl
This was added in
e6a5f11865a55e9644292ae92e4a4b5ec0662ccd to adopt the
NFSv4 framework to follow ZFS permission rules. But this is the wrong
place, other filesystems like GPFS do not allow deletion when the user
has SEC_DIR_ADD_FILE.
This patch therefor moves the change from the NFS4 framework into the
ZFS module.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep 9 04:59:51 CEST 2017 on sn-devel-144
(cherry picked from commit
4102697503691f3b2eadfcb98834bb66c669f3ab)
Ralph Boehme [Wed, 6 Sep 2017 14:53:23 +0000 (16:53 +0200)]
vfs_zfsacl: ensure zfs_get_nt_acl_common() has access to stat info
We'll need this in the next commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
bdc7fc62011cb1744f0246aea358b93e98caef38)
Ralph Boehme [Wed, 6 Sep 2017 14:44:12 +0000 (16:44 +0200)]
vfs_zfsacl: pass smb_fname to zfs_get_nt_acl_common
This is in preperation of moving SMB_ACE4_ADD_FILE /
SMB_ACE4_DELETE_CHILD mapping from the common NFSv4 framework into this
module excusively.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a66572851b6163e56a80463316cc0a6879ffd3e5)
David Disseldorp [Thu, 5 Jan 2017 16:10:42 +0000 (17:10 +0100)]
torture/ioctl: test set_compression(format_none)
This test case was overlooked in the previous bso#12144 update -
set compression requests with format=COMPRESSION_FORMAT_NONE should
succeed if the server / backing storage doesn't offer compression
support.
Confirm that Samba matches Windows Server 2016 ReFS behaviour here.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12144
Reported-by: Nick Barrett <nick@barrett.org.nz>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6fde123176409e261d955e24b3d28e5124f33bed)
Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Fri Sep 22 13:36:22 CEST 2017 on sn-devel-144
Karolin Seeger [Wed, 20 Sep 2017 11:01:46 +0000 (13:01 +0200)]
VERSION: Bump version up to 4.6.9...
and re-enable GIT_SNAPSHOTS.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 20 Sep 2017 11:00:48 +0000 (13:00 +0200)]
Merge tag 'samba-4.6.8' into v4-6-test
samba: tag release samba-4.6.8
David Disseldorp [Thu, 5 Jan 2017 16:36:02 +0000 (17:36 +0100)]
smbd/ioctl: match WS2016 ReFS set compression behaviour
ReFS doesn't support compression, but responds to set-compression FSCTLs
with NT_STATUS_OK if (and only if) the requested compression format is
COMPRESSION_FORMAT_NONE.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12144
Reported-by: Nick Barrett <nick@barrett.org.nz>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jan 9 23:14:28 CET 2017 on sn-devel-144
(cherry picked from commit
28cc347876b97b7409d6efd377f031fc6df0c5f3)
Amitay Isaacs [Mon, 11 Sep 2017 04:05:17 +0000 (14:05 +1000)]
ctdb-client: Initialize ctdb_ltdb_header completely for empty record
ctdb_ltdb_fetch() only fills in relevant portion of ctdb_ltdb_header
if the record does not exist. This can result in uninitialized writes
to ctdb_rec_buffer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13036
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
a878171cb432673f635a75cce0b72c92bb0d3ec7)
Autobuild-User(v4-6-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-6-test): Sat Sep 16 13:33:55 CEST 2017 on sn-devel-144
Amitay Isaacs [Mon, 11 Sep 2017 05:59:19 +0000 (15:59 +1000)]
ctdb-daemon: Free up record data if a call request is deferred
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13029
If a call request for a key (migration request) is in flight, then all
the subsequent call requests for the same key are deferred. In that case,
the data corresponding to key read from the local tdb is useless and there
is no need to keep it around. Once the deferred call is reprocessed,
the data corresponding to that key will be fetched again.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
77c17b03cfc4734142fd86ba3cdd9663e75f34e3)
Jeremy Allison [Fri, 8 Sep 2017 22:28:39 +0000 (15:28 -0700)]
s3: vfs: catia: compression get/set must act only on base file, and must cope with fsp==NULL.
Correctly do filename conversion.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13003
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Sep 12 10:50:57 CEST 2017 on sn-devel-144
(cherry picked from commit
3ff1b83ab7cb3a6ab94b87d0bf73857b731c869d)
Jeremy Allison [Fri, 8 Sep 2017 22:27:37 +0000 (15:27 -0700)]
s3: VFS: streams_xattr: Compression is only set/get on base filenames.
Can be ignored (pass-through) in streams_xattr VFS module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13003
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
1a7c0f77e2203aa674eb8b06fe3220868f100001)
Christof Schmitt [Wed, 13 Sep 2017 23:23:53 +0000 (16:23 -0700)]
vfs_streams_xattr: Fix segfault when running with log level 10
This happens when vfs_streams_xattr is loaded, log level is set to 10
and the default stream of a file or directory is accessed. In that case
streams_xattr_open does not allocate the stream_io fsp extension. The
DBG_DEBUG message in streams_xattr_fstat tries to access the stream_io
before checking for a NULL value, resulting in the crash. Fix this by
moving the debug message after the check for a NULL pointer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13032
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Sep 14 10:58:12 CEST 2017 on sn-devel-144
(cherry picked from commit
1b6aa39fac0825b1f25fd62a6c67994b5c491170)
Stefan Metzmacher [Wed, 6 Sep 2017 07:47:20 +0000 (09:47 +0200)]
charset: fix str[n]casecmp_m() by comparing lower case values
The commits
c615ebed6e3d273a682806b952d543e834e5630d^..
f19ab5d334e3fb15761fb009e5de876dfc6ea785
replaced Str[n]CaseCmp() by str[n]casecmp_m().
The logic we had in str[n]casecmp_w() used to compare
the upper cased as well as the lower cased versions of the
characters and returned the difference between the lower cased versions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13018
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Sep 15 02:23:29 CEST 2017 on sn-devel-144
(cherry picked from commit
3ed9c903671e795964ce3da9d0080444ef3eb5e9)
Stefan Metzmacher [Wed, 6 Sep 2017 09:24:28 +0000 (11:24 +0200)]
charset/tests: also tests the system str[n]casecmp()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13018
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
9d99b640b9002ad6c0eb0d29a6d7adcfda870e13)
Stefan Metzmacher [Wed, 6 Sep 2017 08:39:00 +0000 (10:39 +0200)]
charset/tests: add more str[n]casecmp_m() tests to demonstrate the bug
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13018
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
2a3d4fe0c9eacf9d0b2261ef116a1f6b741e20ee)
Stefan Metzmacher [Wed, 6 Sep 2017 08:38:37 +0000 (10:38 +0200)]
charset/tests: assert the exact values of str[n]casecmp_m()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13018
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
c18ecdececef8fcfdaa5d3e1a066533c8b41f19d)
Karolin Seeger [Wed, 13 Sep 2017 18:12:20 +0000 (11:12 -0700)]
VERSION: Disable GIT_SNAPSHOTS for the 4.6.8 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 13 Sep 2017 18:07:28 +0000 (11:07 -0700)]
WHATSNEW: Add release notes for Samba 4.6.8.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Amitay Isaacs [Thu, 7 Sep 2017 07:21:03 +0000 (17:21 +1000)]
ctdb-daemon: GET_DB_SEQNUM should read database conditionally
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13021
Once the recovery starts and databases are frozen, then all the record
access is postponed till the recovery is complete except reading the
database sequence number. Database access for reading sequence number
is done via a control which does not check if the databases are frozen
or not.
If the database is frozen and if the freeze transaction is not started
(this can happen when a node is inactive, or during recovery when the
database is frozen but the transaction has not yet started), then trying
to read sequence number will cause ctdb daemon to deadlock.
Before reading the sequence number, check if the database access is
allowed.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
f57d379446c551bca5906247c622e857c77089b0)
Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Wed Sep 13 18:48:58 CEST 2017 on sn-devel-144
Amitay Isaacs [Thu, 7 Sep 2017 07:18:18 +0000 (17:18 +1000)]
ctdb-daemon: Add a function to check if db access is allowed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13021
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
5d2f2677de65a0fd6683bb759d80ebced604fa6b)
Amitay Isaacs [Tue, 5 Sep 2017 03:52:47 +0000 (13:52 +1000)]
ctdb-tests: Fix ctdb test binary name in path testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
96aef2371c6c1e0c6bd13874a71583eb9609959b)
Martin Schwenke [Tue, 12 Sep 2017 01:51:19 +0000 (11:51 +1000)]
ctdb-tests: Wait up to 30 seconds for process to be registered in ctdbd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
This avoids a potential race where the client is not properly
registered before "ctdb process-exists" is called.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
ff75f0836aef56476ec45a3bc8f3ca22c118e3a4)
Amitay Isaacs [Fri, 25 Aug 2017 06:55:34 +0000 (16:55 +1000)]
ctdb-tests: Fix ctdb process-exist tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Sat Sep 9 14:44:57 CEST 2017 on sn-devel-144
(cherry picked from commit
87f7d32a906799e83cb9b023978e689a630de017)
Amitay Isaacs [Wed, 30 Aug 2017 03:05:32 +0000 (13:05 +1000)]
ctdb-tests: Add a dummy ctdb client for testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
3067db5b50162fdae288aaad8e75beb924fc9494)
Amitay Isaacs [Fri, 25 Aug 2017 06:54:47 +0000 (16:54 +1000)]
ctdb-tests: Fix the implementation of process-exists in fake daemon
Keep track of clients and their pids.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
7dec80a7c042d83f9d48c75a8717c3d1b59b1fbf)
Amitay Isaacs [Fri, 25 Aug 2017 05:00:59 +0000 (15:00 +1000)]
ctdb-daemon: Fix implementation of process_exists control
Only check processes that are CTDB clients.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
d0a20baf43834c7290dfd8f256d9521724202f0c)
Stefan Metzmacher [Tue, 12 Sep 2017 03:21:35 +0000 (05:21 +0200)]
selftest: make samba3.blackbox.smbclient_s3.*follow.symlinks.*no as flapping
This is fixed in master and 4.7. For the backports we can just ignore
failures.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12914
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Fri, 8 Sep 2017 17:13:14 +0000 (10:13 -0700)]
CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from writing server memory to file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13020
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 30 Aug 2017 15:49:54 +0000 (17:49 +0200)]
messaging: Avoid a socket leak after fork
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13006
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 5 19:12:34 CEST 2017 on sn-devel-144
(cherry picked from commit
d1c96dc0ac95322ce46703a11002873faf55a26c)
Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Sun Sep 10 19:33:24 CEST 2017 on sn-devel-144
Volker Lendecke [Fri, 1 Sep 2017 22:55:00 +0000 (15:55 -0700)]
pthreadpool: Test fork with an active thread
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13006
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Aug 31 21:34:57 CEST 2017 on sn-devel-144
(cherry picked from commit
981e674a7472017274c9b169c776d5c5e8bd1469)
Volker Lendecke [Mon, 28 Aug 2017 14:38:19 +0000 (16:38 +0200)]
pthreadpool: Fix fork behaviour
glibc's pthread_cond_wait(&c, &m) increments m.__data.__nusers, making
pthread_mutex_destroy return EBUSY. Thus we can't allow any thread waiting for
a job across a fork. Also, the state of the condvar itself is unclear across a
fork. Right now to me it looks like an initialized but unused condvar can be
used in the child. Busy worker threads don't cause any trouble here, they don't
hold mutexes or condvars. Also, they can't reach the condvar because _prepare
holds all mutexes.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13006
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
ff98e3fb666b57b56a1427aa1196948ceebdec66)
Stefan Metzmacher [Sat, 17 Dec 2016 09:36:49 +0000 (10:36 +0100)]
CVE-2017-12151: s3:libsmb: make use of cli_state_is_encryption_on()
This will keep enforced encryption across dfs referrals.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 14 Aug 2017 10:13:18 +0000 (12:13 +0200)]
CVE-2017-12151: s3:libsmb: add cli_state_is_encryption_on() helper function
This allows to check if the current cli_state uses encryption
(either via unix extentions or via SMB3).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 12 Dec 2016 05:07:56 +0000 (06:07 +0100)]
CVE-2017-12150: s3:libsmb: only fallback to anonymous if authentication was not requested
With forced encryption or required signing we should also don't fallback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 29 Aug 2017 13:35:49 +0000 (15:35 +0200)]
CVE-2017-12150: libcli/smb: add smbXcli_conn_signing_mandatory()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 29 Aug 2017 13:24:14 +0000 (15:24 +0200)]
CVE-2017-12150: auth/credentials: cli_credentials_authentication_requested() should check for NTLM_CCACHE/SIGN/SEAL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 12 Dec 2016 04:49:46 +0000 (05:49 +0100)]
CVE-2017-12150: libgpo: make use of SMB_SIGNING_REQUIRED in gpo_connect_server()
It's important that we use a signed connection to get the GPOs!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 9 Dec 2016 08:26:32 +0000 (09:26 +0100)]
CVE-2017-12150: s3:pylibsmb: make use of SMB_SIGNING_DEFAULT for 'samba.samba3.libsmb_samba_internal'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 3 Nov 2016 16:16:43 +0000 (17:16 +0100)]
CVE-2017-12150: s3:lib: get_cmdline_auth_info_signing_state smb_encrypt SMB_SIGNING_REQUIRED
This is an addition to the fixes for CVE-2015-5296.
It applies to smb2mount -e, smbcacls -e and smbcquotas -e.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 29 Aug 2017 15:06:21 +0000 (17:06 +0200)]
CVE-2017-12150: s3:popt_common: don't turn a guessed username into a specified one
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
David Disseldorp via samba-technical [Sat, 26 Aug 2017 21:40:37 +0000 (23:40 +0200)]
tests/fake_snap: sanitize paths
Ensure fake_snap.pl can be run in taint mode (-T), by sanitizing paths
and the PATH env. This fixes the following samba3.rpc.fsrvp selftest
failures:
Insecure dependency in mkdir while running setgid at (eval 2) line 4.
snap create failed: NT_STATUS_UNSUCCESSFUL
snap create failed for shadow copy of /home/ddiss/isms/samba/st/nt4_dc/share
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12988
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 29 04:54:51 CEST 2017 on sn-devel-144
(cherry picked from commit
f9d4158f0b002b482df0a919d4cb337cce81f9f8)
Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Thu Aug 31 16:14:33 CEST 2017 on sn-devel-144
Christof Schmitt [Wed, 23 Aug 2017 21:37:28 +0000 (14:37 -0700)]
vfs_default: Fix passing of errno from async calls
Current code assigns errno from async pthreadpool calls to the
vfs_default internal vfswrap_*_state. The callers of the vfs_*_recv
functions expect the value from errno in vfs_aio_state.error.
Correctly assign errno to vfs_aio_state.error and remove the unused
internal err variable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12983
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a6f391b8dd1fbfd1a370667dec1374284984c341)
Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Mon Aug 28 14:42:02 CEST 2017 on sn-devel-144
Andreas Schneider [Tue, 22 Aug 2017 13:46:07 +0000 (15:46 +0200)]
s3:utils: Remove pointless if-clause for remote_machine
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Review with: git show -U20
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit
4a4bfcb539b4489f397b2bc9369215b7e03e620e)