Karolin Seeger [Sun, 6 Sep 2015 18:52:02 +0000 (20:52 +0200)]
VERSION: Disable git snapshots for the 4.2.4 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Sun, 6 Sep 2015 18:49:36 +0000 (20:49 +0200)]
WHATSNEW: Add release notes for Samba 4.2.4.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Ralph Boehme [Fri, 7 Aug 2015 13:48:33 +0000 (15:48 +0200)]
s4:torture:vfs_fruit: created empty resourceforks
Check for opens and creates, created empty resourceforks result in
ENOENT in subsequent opens.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 2 06:50:16 CEST 2015 on sn-devel-104
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Fri Sep 4 15:24:26 CEST 2015 on sn-devel-104
Ralph Boehme [Thu, 6 Aug 2015 09:32:29 +0000 (11:32 +0200)]
s4:torture:vfs_fruit: add a resource fork truncation test
Truncating a resource fork to 0 bytes should make it inaccessible for
subsequent creates and return NT_STATUS_OBJECT_NAME_NOT_FOUND.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 25 Aug 2015 15:06:52 +0000 (17:06 +0200)]
vfs_fruit: delete ._ file when deleting the basefile
0 byte resource fork streams are not listed by vfs_streaminfo, as a
result stream cleanup/deletion of file deletion doesn't remove the
resourcefork stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 12 Aug 2015 05:34:53 +0000 (07:34 +0200)]
vfs_fruit: split and simplify fruit_ftruncate
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sat, 8 Aug 2015 18:21:39 +0000 (20:21 +0200)]
vfs_fruit: handling of empty resource fork
Opening the resource fork stream with O_CREAT mustn't create a visible
node in the filesystem, only create a file handle. As long as the
creator didn't write into the stream, other openers withour O_CREAT
MUST get an ENOENT error. This is way OS X SMB server implements it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 1 Sep 2015 06:41:04 +0000 (08:41 +0200)]
samr4: Use <SID=%s> in GetGroupsForUser
This way we avoid quoting problems in user's DNs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 1 23:49:14 CEST 2015 on sn-devel-104
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11488
(cherry picked from commit
841845dea35089a187fd1626c9752d708989ac7b)
Autobuild-User(v4-2-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-2-test): Thu Sep 3 11:45:06 CEST 2015 on sn-devel-104
Roel van Meer [Tue, 4 Aug 2015 14:50:43 +0000 (16:50 +0200)]
s3-util: Compare the maximum allowed length of a NetBIOS name
This fixes a problem where is_myname() returns true if one of our names
is a substring of the specified name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11427
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
4e178ed498c594ffcd5592d0b792d47b064b9586)
Autobuild-User(v4-2-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-2-test): Mon Aug 31 12:33:42 CEST 2015 on sn-devel-104
Andreas Schneider [Wed, 19 Aug 2015 14:19:30 +0000 (16:19 +0200)]
s3-auth: Fix a memory leak in make_server_info_info3()
We call make_server_info(NULL) and it is possible that we do not free
it, because server_info is not allocated on the memory context we pass
to the function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
6363c0232c2238e1a782e9c22ef762e3ff9b7563)
Andreas Schneider [Wed, 19 Aug 2015 14:24:08 +0000 (16:24 +0200)]
s3-auth: Pass nt_username to check_account()
We set nt_username above but do not use it in this function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
e8c76932e4ac192a00afa3b9731f5921c4b37da6)
Andreas Schneider [Wed, 19 Aug 2015 14:11:47 +0000 (16:11 +0200)]
s3-auth: Fix 'map to guest = Bad Uid' support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
34965d4d98d172e848e2b96fad8a9e0b99288ba7)
Jeremy Allison [Thu, 23 Jul 2015 17:52:43 +0000 (10:52 -0700)]
s3: winbindd: Fix TALLOC_FREE of uninitialized groups variable.
Fix created by by: wei zhong <wweyeww@gmail.com>
Only for 4.2.x and below, master code already fixed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10823
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Tue Aug 25 11:25:58 CEST 2015 on sn-devel-104
Stefan Metzmacher [Thu, 22 Jan 2015 11:22:25 +0000 (11:22 +0000)]
s4:rpc_server/netlogon: fix bugs in dcesrv_netr_DsRGetDCNameEx2()
We should return the our ip address the client is connected too.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
459d1d3fb9a5282d19121eaacba9d611896b37ff)
Autobuild-User(v4-2-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-2-test): Tue Aug 18 19:15:43 CEST 2015 on sn-devel-104
Amitay Isaacs [Tue, 21 Jul 2015 06:37:04 +0000 (16:37 +1000)]
ctdb-daemon: Correctly process the exit code from failed eventscripts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11431
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Jul 22 15:03:53 CEST 2015 on sn-devel-104
(cherry picked from commit
00ec3c477eba50206801b451ae4eb64c12aba5db)
Autobuild-User(v4-2-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-2-test): Tue Aug 18 15:55:44 CEST 2015 on sn-devel-104
Amitay Isaacs [Thu, 13 Nov 2014 00:02:26 +0000 (11:02 +1100)]
ctdb-daemon: Improve error handling for running event scripts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11431
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Nov 14 03:06:12 CET 2014 on sn-devel-104
(cherry picked from commit
d04bfc6ec6ad7a4749ebfee2284253c4a91a81aa)
Amitay Isaacs [Mon, 20 Jul 2015 06:37:58 +0000 (16:37 +1000)]
ctdb-tool: Correctly print timed out event scripts output
The timed out error is ignored for certain events (start_recovery,
recoverd, takeip, releaseip). If these events time out, then the debug
hung script outputs the following:
3 scripts were executed last releaseip cycle
00.ctdb Status:OK Duration:4.381 Thu Jul 16 23:45:24 2015
01.reclock Status:OK Duration:13.422 Thu Jul 16 23:45:28 2015
10.external Status:DISABLED
10.interface Status:OK Duration:-
1437083142.208 Thu Jul 16 23:45:42 2015
The endtime for timed out scripts is not set. Since the status is not
returned as -ETIME for some events, ctdb scriptstatus prints -ve duration.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11431
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
71b89b2b7a9768de437347e6678370b2682da892)
Stefan Metzmacher [Fri, 14 Aug 2015 10:54:00 +0000 (12:54 +0200)]
s3:lib: fix some corner cases of open_socket_out_cleanup()
In case of timeouts we retry the async_connect_send() and forgot
to remember it, this results in an abort() in async_connect_cleanup()
as the fd is already closed when calling fcntl(F_SETFL).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
ce3c77fb45ccf4d45a0fa655325e30e748d89245)
Volker Lendecke [Mon, 29 Jun 2015 17:00:55 +0000 (19:00 +0200)]
lib: Fix rundown of open_socket_out()
Under valgrind I've seen the abort in async_connect_cleanup kick in. Yes, it's
good that we check these return codes!
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11316
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jun 30 20:24:37 CEST 2015 on sn-devel-104
(cherry picked from commit
6fc65aaf956f35e2068e2a6f8521af2f2351d31e)
Ralph Boehme [Sun, 10 May 2015 09:58:32 +0000 (11:58 +0200)]
s4:torture:vfs_fruit: add a test for stream names
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11278
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
7258061e5e9cd4b68f1c010c3667c3fd2b0663cc)
Autobuild-User(v4-2-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-2-test): Tue Aug 18 01:07:03 CEST 2015 on sn-devel-104
Ralph Boehme [Thu, 6 Aug 2015 11:48:54 +0000 (13:48 +0200)]
s4:torture:vfs_fruit: pass xattr name as arg to torture_setup_local_xattr()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11278
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
fe4909f1cab72f80715a996a63290462102aabc6)
Ralph Boehme [Sat, 9 May 2015 13:12:41 +0000 (15:12 +0200)]
vfs_catia: run translation on stream names
With vfs_fruit option "fruit:encoding = native" we're already converting
stream names that contain illegal NTFS characters from their on-the-wire
Unicode Private Range encoding to their native ASCII representation.
Unfortunately the reverse mapping for stream names was not perfomed.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11278
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
1db11998bf1b0eef5f543377700b03ab8739338d)
Ralph Boehme [Sat, 9 May 2015 13:02:03 +0000 (15:02 +0200)]
vfs_streams_xattr: stream names may contain colons
With vfs_fruit option "fruit:encoding = native" we're already converting
stream names that contain illegal NTFS characters from their on-the-wire
Unicode Private Range encoding to their native ASCII representation.
As as result the name of xattrs storing the streams (via
vfs_streams_xattr) may contain a colon, so we have to use strrchr_m()
instead of strchr_m() for matching the stream type suffix.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11278
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
fb9a64ea37dd4b0cd754fe6d421417a4c8ccbc57)
Ralph Boehme [Wed, 10 Jun 2015 13:30:04 +0000 (15:30 +0200)]
s4:torture:vfs_fruit: copyfile
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11317
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
43820da1ca2ae09a030a510f42fc1b5d848f7fcc)
Ralph Boehme [Wed, 22 Apr 2015 20:29:16 +0000 (22:29 +0200)]
vfs:fruit: implement copyfile style copy_chunk
Implement Apple's special copy_chunk ioctl that requests a copy of the
whole file along with all attached metadata.
These copy_chunk requests have a chunk count of 0 that we translate to a
copy_chunk_send VFS call overloading the parameters src_off = dest_off =
num = 0.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11317
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
e34c879471fe6a4a5c88144394bf621e910cc82b)
Ralph Boehme [Wed, 22 Apr 2015 20:29:16 +0000 (22:29 +0200)]
smb2:ioctl: support for OS X AAPL copyfile style copy_chunk
Apple's special copy_chunk ioctl that requests a copy of the whole file
along with all attached metadata.
These copy_chunk requests have a chunk count of 0 that we translate to a
copy_chunk_send VFS call overloading the parameters src_off = dest_off =
num = 0.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11317
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
58480da5066bd33bc73aeb72bd17bd4797c22110)
Ralph Boehme [Mon, 27 Apr 2015 10:16:16 +0000 (12:16 +0200)]
s3:util: add internal function for transfer_file that uses pread/pwrite
read/write aren't overloaded in the streams VFS modules, using
pread/pwrite instead this makes it possible to use transfer_file() with
named streams.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11317
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
cda8c24a676232bc5834c523407caef8ea9ff038)
Martin Schwenke [Thu, 25 Jun 2015 05:06:27 +0000 (15:06 +1000)]
ctdb-build: Fix building of PCP PMDA module
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
1e13455d7e9d668b426427e8bdebc73328e50d92)
Autobuild-User(v4-2-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-2-test): Mon Aug 17 20:39:02 CEST 2015 on sn-devel-104
Martin Schwenke [Fri, 24 Jul 2015 05:32:42 +0000 (15:32 +1000)]
ctdb-daemon: Check if updates are in flight when releasing all IPs
Some code involved in releasing IPs is not re-entrant. Memory
corruption can occur if, for example, overlapping attempts are made to
ban a node. We haven't been able to recreate the corruption but this
should protect against it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11432
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
952a50485f68b3cffdf57da84aa9bb9fde630b7e)
Amitay Isaacs [Mon, 27 Jul 2015 06:51:08 +0000 (16:51 +1000)]
ctdb-banning: If node is already banned, do not run ctdb_local_node_got_banned()
This calls release_all_ips() only once on the first ban. If the node gets
banned again due to event script timeout while running release_all_ips(),
then avoid calling release_all_ips() in re-entrant fashion.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11432
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
8eb04d09b119e234c88150e1dc35fc5057f9c926)
Ralph Boehme [Tue, 4 Aug 2015 09:18:34 +0000 (11:18 +0200)]
s3-net: use talloc array in share allowedusers
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11426
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Aug 4 16:48:36 CEST 2015 on sn-devel-104
(cherry picked from commit
95eb6db580678a29b1f5f30a9567ea449a43d75a)
Arvid Requate [Thu, 6 Aug 2015 13:00:25 +0000 (15:00 +0200)]
s4:rpc_server/netlogon: Fix for NetApp
This patch fixes an issue where NetApp filers joined to a
Samba/ADDC cannot resolve SIDs. Without this patch the issue
can only be avoided by setting "allow nt4 crypto = yes" in smb.conf.
The issue is triggered by NetApp filers in three steps:
1. The client calls netr_ServerReqChallenge to set up challenge tokens
2. Next it calls netr_ServerAuthenticate2 with NETLOGON_NEG_STRONG_KEYS
set to 0. Native AD and Samba respond to this with
NT_STATUS_DOWNGRADE_DETECTED. At this point Samba throws away
the challenge token negotiated in the first step.
3. Next the client calls netr_ServerAuthenticate2 again, this time with
NETLOGON_NEG_STRONG_KEYS set to 1.
Samba returns NT_STATUS_ACCESS_DENIED as it has lost track
of the challenge and denies logon with the message
No challenge requested by client [CLNT1/CLNT1$], cannot authenticate
Git commit
321ebc99b5a00f82265aee741a48aa84b214d6e8 introduced
a workaround for a different but related issue. This patch makes a minor
adjustment to that commit to delay flushing the cached challenge until
it's clear that we are not in a NT_STATUS_DOWNGRADE_DETECTED
situation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11291
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug 6 20:29:04 CEST 2015 on sn-devel-104
(cherry picked from commit
d3ac3da98611e665dc0f4e825faa5f12f6c848ef)
Justin Maggard [Tue, 21 Jul 2015 22:17:30 +0000 (15:17 -0700)]
s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup.
Somewhere along the line, a config line like "valid users = @foo"
broke when "foo" also exists as a user.
user_ok_token() already does the right thing by adding the LOOKUP_NAME_GROUP
flag; but lookup_name() was not respecting that flag, and went ahead and looked
for users anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320
Signed-off-by: Justin Maggard <jmaggard@netgear.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 28 21:35:58 CEST 2015 on sn-devel-104
(cherry picked from commit
dc99d451bf23668d73878847219682fced547622)
Autobuild-User(v4-2-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-2-test): Tue Aug 4 16:07:21 CEST 2015 on sn-devel-104
Jeremy Allison [Wed, 15 Jul 2015 17:43:56 +0000 (10:43 -0700)]
lib: replace: Add strsep function (missing on Solaris).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11359
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@wakeful.net>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 29 02:24:55 CEST 2015 on sn-devel-104
(cherry picked from commit
f07b746ad3f3ee2fcbb65a0d452ed80f07c9e8f9)
Andreas Schneider [Fri, 17 Jul 2015 08:54:17 +0000 (10:54 +0200)]
s3-auth: Fix a possible null pointer dereference
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11404
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
109ff388fd5e1306189d680a8f964a69374f1b01)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Wed Jul 22 02:30:04 CEST 2015 on sn-devel-104
Andreas Schneider [Fri, 17 Jul 2015 07:35:11 +0000 (09:35 +0200)]
s3-smbd: Leave sys_disk_free() if dfree command is used
If we have a broken system which reports incorrect sizes we provide the
'dfree command'. This command makes sure Samba gets the correct values.
However after that we call the quota command which then reports the
broken values. The dfree command should take care to provide the correct
values and in case of quota's it should also calculate the quote
correctly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11403
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
48a4d5a4078ff2a66dd753323d6e5d76d34b9828)
Martin Schwenke [Wed, 8 Jul 2015 12:22:09 +0000 (22:22 +1000)]
ctdb-tests: Add some 10.interfaces VLAN tests
One without a bond, one with a bond.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11399
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
8ed0cacaf4aa9fc63b8c8d610a6164c5d01e473a)
Martin Schwenke [Wed, 8 Jul 2015 12:14:51 +0000 (22:14 +1000)]
ctdb-tests: Add VLAN support to the "ip link" stub
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11399
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
8e41cb1e4e7b4a7d92628771260649ded4432772)
Martin Schwenke [Wed, 8 Jul 2015 11:39:51 +0000 (21:39 +1000)]
ctdb-tests: Interface number in "ip link show" stub defaults to 42
It needs to have a default for the standalone case, when it is not run
in a loop inside "ip addr show".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11399
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
4f84d42b511a4c9a79bd835eeca0a80082e76227)
Martin Schwenke [Wed, 8 Jul 2015 11:23:48 +0000 (21:23 +1000)]
ctdb-scripts: Support monitoring of interestingly named VLANs on bonds
VLAN interfaces on bonds with a name other than <iface>.<id>@<iface>
are not currently supported. That is, where the VLAN name isn't based
on the underlying bond name. Such VLAN interfaces can be created with
the "ip link" command, as opposed to the "vconfig" command, or by
renaming a VLAN interface.
This is improved by determining the underlying interface name for a
VLAN from the output of "ip link".
No serious attempt is made to support VLANs with '@' in their name,
although this seems to be legal. Why would you do that?
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11399
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
bc71251433ce618c95c674d7cbe75b01a94adad9)
Martin Schwenke [Tue, 7 Jul 2015 10:49:38 +0000 (20:49 +1000)]
ctdb-scripts: Fix regression in VLAN interface support
Commit
6471541d6d2bc9f2af0ff92b280abbd1d933cf88 broke support for VLAN
interfaces. Releasing a public IP address depends on
ip_maskbits_iface() and for a VLAN interface this will return an
interface of the form <vlan>@<iface>, which can't be fed back into
"ip" commands.
Update ip_maskbits_iface() to drop the '@' and everything after it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11399
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reported-by: Jan Schwaratzki <jschwaratzki@ddn.com>
(cherry picked from commit
87c5c96b767aa317dd620f89ac3e11bb40dae70f)
Alexander Bokovoy [Thu, 7 May 2015 14:12:03 +0000 (14:12 +0000)]
auth/credentials: if credentials have principal set, they are not anonymous anymore
When dealing with Kerberos, we cannot consider credentials anonymous
if credentials were obtained properly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11265
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan (metze) Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Jul 15 16:32:55 CEST 2015 on sn-devel-104
(cherry picked from commit
a0d2dd0e01618346b4ad8ea9da3f7ce4eb0364b0)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Thu Jul 16 14:11:52 CEST 2015 on sn-devel-104
Amitay Isaacs [Tue, 14 Jul 2015 06:54:59 +0000 (16:54 +1000)]
ctdb-daemon: Return correct sequence number for CONTROL_GET_DB_SEQNUM
Due to the missing cast of uint64_t, CONTROL_GET_DB_SEQNUM always returned
seqnum <= 256.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11398
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Jul 14 13:03:25 CEST 2015 on sn-devel-104
(cherry picked from commit
1023db2543f7785e4527a4565db91edcde4ca7f1)
Günther Deschner [Wed, 10 Jun 2015 15:07:15 +0000 (17:07 +0200)]
s3-smbd: reset protocol in smbXsrv_connection_init_tables failure paths.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11373
Guenther
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Anubhav Rakshit [Fri, 26 Jun 2015 06:54:23 +0000 (12:24 +0530)]
s3:libsmb: Fix a bug in conversion of ea list to ea array.
Bug 11361 - Reading of EA's (Extended Attributes) fails using SMB2 and above
protocols
Tested against Win2k12r2 server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11361
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
5af2e3eed2ac309e2491fc54e03e7b04c8b118fb)
Michael Adam [Tue, 7 Jul 2015 15:15:00 +0000 (17:15 +0200)]
smbd:trans2: treat new SMB_SIGNING_DESIRED in case
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
76f8d0fbada15c9466f66a2d9961bebd1425d141)
Michael Adam [Tue, 30 Jun 2015 15:46:36 +0000 (17:46 +0200)]
docs:smb.conf: explain effect of new setting 'desired' of smb encrypt
Thereby clarify some details.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
365d9d8bdfe9759ef9662d0080cf9c9a0767dbf2)
Michael Adam [Wed, 1 Jul 2015 15:41:38 +0000 (17:41 +0200)]
smbd:smb2: use encryption_desired in send_break
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
14357700fd69291995ce6adebb13e7340a63c209)
Michael Adam [Wed, 1 Jul 2015 16:07:52 +0000 (18:07 +0200)]
smbd:smb2: only enable encryption in tcon if desired
Don't enforce it but only announce DATA_ENCRYPT,
making use of encryption_desired in tcon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
41cb881e775ea7eb0c59d9e0cafb6ab5531918d9)
Michael Adam [Wed, 1 Jul 2015 16:07:26 +0000 (18:07 +0200)]
smbd:smb2: only enable encryption in session if desired
Don't enforce it but only announce ENCRYPT_DATA, using the
encryption_desired flag in session setup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
fc228025d78f165815d3fa1670d51f0c27ed2091)
Michael Adam [Wed, 1 Jul 2015 15:42:58 +0000 (17:42 +0200)]
smbd:smb2: separate between encryption required and enc desired
this means we:
- accept unencrypted requests if encryption only desired
and not required,
- but we always send encrypted responses in the desired
case, not only when the request was encrypted.
For this purpose, the do_encryption in the request
structure is separated into was_encrypted and do_encryption.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
3bb299944391633c45d87d5e8ad48c2c14428592)
Michael Adam [Wed, 1 Jul 2015 15:34:45 +0000 (17:34 +0200)]
smbXsrv: add bools encryption_desired to session and tcon
This is to indicate that we should sen the ENCRYPT_DATA
flag on session or tcon replies.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
a3ea6dbef53e049701326497e684e1563344e6d8)
Michael Adam [Tue, 30 Jun 2015 12:16:19 +0000 (14:16 +0200)]
Introduce setting "desired" for 'smb encrypt' and 'client/server signing'
This should trigger the behaviour where the server requires
signing when the client supports it, but does not reject
clients that don't support it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
204cbe3645c59b43175beeadad792b4a00e80da3)
Volker Lendecke [Wed, 25 Feb 2015 15:59:26 +0000 (16:59 +0100)]
smbd: Make SMB3 clients use encryption with "smb encrypt = auto"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar 3 10:40:42 CET 2015 on sn-devel-104
(cherry picked from commit
b3385f74db54bd8a07a0be5515151b633c067da4)
Karolin Seeger [Sat, 11 Jul 2015 19:42:25 +0000 (21:42 +0200)]
VERSION: Bump version up to 4.2.4...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Sat, 11 Jul 2015 19:40:54 +0000 (21:40 +0200)]
VERSION: Disable git snapshots for the 4.2.3 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Sat, 11 Jul 2015 19:39:27 +0000 (21:39 +0200)]
WHATSNEW: Add release notes for Samba 4.2.3.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Ralph Boehme [Thu, 9 Oct 2014 14:41:10 +0000 (16:41 +0200)]
ncacn_http: fix GNUism
%a format conversion is a GNU extension, use the more portable %m.
It's at least in SUSv4, supported by glibc since 2.7 and FreeBSD 10.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11371
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 9 22:05:26 CEST 2014 on sn-devel-104
(cherry picked from commit
9ae65baf3cd6382678624864f13fc053d942d013)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Sun Jul 5 23:51:47 CEST 2015 on sn-devel-104
Ralph Boehme [Thu, 25 Jun 2015 14:25:05 +0000 (16:25 +0200)]
s4:torture:vfs_fruit: check offset and length when reading AFP_AfpInfo stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11363
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jul 3 01:47:29 CEST 2015 on sn-devel-104
(cherry picked from commit
c6e044ea33d1f16809196833e9e96a10e65b092e)
Ralph Boehme [Thu, 25 Jun 2015 13:42:04 +0000 (15:42 +0200)]
vfs_fruit: check offset and length for AFP_AfpInfo read requests
fruit_pread doesn't check the offset and length parameters and instead
always writes 60 bytes, the size of the AFP_AfpInfo blob, to the the
passed buffer. If the passed in buffer is smaller, we overwrite
something somewhere.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11363
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
25f302a47c3119d454531dc992183552b9a42b13)
Uri Simchoni [Wed, 24 Jun 2015 07:55:06 +0000 (10:55 +0300)]
winbindd: disconnect child process if request is cancelled at main process
When cancelling a request at the main winbindd process, that is currently
being served by a child winbindd process, just freeing all objects related
to the request is not enough, as the next bytes to come through the pipe
from the child process are the response to the cancelled request, and the
object reading those bytes will be the next request. This breaks the protocol.
This change, upon canceling a request that is being served, closes the
connection to the child process, causing the next request to be served
by a new child process (and the detached child to die eventually).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11358
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jun 29 14:00:24 CEST 2015 on sn-devel-104
(cherry picked from commit
eaf99203093cabc3069f1c69345d38d739b0663d)
Stefan Metzmacher [Tue, 23 Jun 2015 08:27:27 +0000 (10:27 +0200)]
s4:selftest: also run rpc.winreg with kerberos and all possible auth options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jun 23 17:31:08 CEST 2015 on sn-devel-104
(cherry picked from commit
6dd117b21ef06da68af67051f2822f71193d193a)
Stefan Metzmacher [Thu, 18 Jun 2015 22:35:29 +0000 (00:35 +0200)]
s4:selftest: run rpc.echo tests also with krb5 krb5,sign krb5,seal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
5b917fd6226952a1f792d1ad921d2ae54ab6ab42)
Stefan Metzmacher [Sat, 20 Jun 2015 15:49:02 +0000 (17:49 +0200)]
s4:rpc_server: fix padding caclucation in dcesrv_auth_response()
This is simplified by using DCERPC_AUTH_PAD_LENGTH() and changes the behaviour
so that we will use no padding if the stub_length is already aligned
to DCERPC_AUTH_PAD_ALIGNMENT (16 bytes).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
69c1b4b7c10dd5fd9cacaa3a76c47bc854ee3fed)
Stefan Metzmacher [Sat, 20 Jun 2015 15:47:14 +0000 (17:47 +0200)]
s4:rpc_server: let dcesrv_auth_response() handle sig_size == 0 with auth_info as error
Don't send plaintext on the wire because of an internal error...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
1bf7ab49b4459e81ab2b82d9668b3d7cb76372f4)
Stefan Metzmacher [Fri, 19 Jun 2015 20:35:44 +0000 (22:35 +0200)]
s4:rpc_server: let dcesrv_reply() use a sig_size for a padded payload
The sig_size could differ depending on the aligment/padding.
So should use the same alignment as we use for the payload.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
16f3837e026e4cae135bbdddf09b44a02af25b05)
Stefan Metzmacher [Fri, 19 Jun 2015 20:35:44 +0000 (22:35 +0200)]
s4:rpc_server: let dcesrv_reply() use DCERPC_AUTH_PAD_ALIGNMENT define
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
3fbdb255e3ac7ad5261c5fa3836e4a38a0d59221)
Stefan Metzmacher [Sat, 20 Jun 2015 15:49:02 +0000 (17:49 +0200)]
s4:librpc/rpc: fix padding caclucation in ncacn_push_request_sign()
This is simplified by using DCERPC_AUTH_PAD_LENGTH() and changes the behaviour
so that we will use no padding if the stub_length is already aligned
to DCERPC_AUTH_PAD_ALIGNMENT (16 bytes).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
114c52e73ed9e0adeac8ad1bc1dc014f3c10f4d6)
Stefan Metzmacher [Sat, 20 Jun 2015 15:47:14 +0000 (17:47 +0200)]
s4:librpc/rpc: let ncacn_push_request_sign() handle sig_size == 0 with auth_info as internal error
Don't send plaintext on the wire because of an internal error...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
48f2c383e1d7f52114223cd2a54857426bf64025)
Stefan Metzmacher [Fri, 19 Jun 2015 20:35:44 +0000 (22:35 +0200)]
s4:librpc/rpc: let dcerpc_ship_next_request() use a sig_size for a padded payload
The sig_size could differ depending on the aligment/padding.
So should use the same alignment as we use for the payload.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
fc249d542fcb8d043ae72eb7963d3a85eb79253a)
Stefan Metzmacher [Fri, 19 Jun 2015 20:35:44 +0000 (22:35 +0200)]
s4:librpc/rpc: let dcerpc_ship_next_request() use DCERPC_AUTH_PAD_ALIGNMENT define
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ef801bae95403e96042f5d8c87085bce21436013)
Stefan Metzmacher [Fri, 19 Jun 2015 20:09:57 +0000 (22:09 +0200)]
s3:rpc_server: remove pad handling from api_pipe_alter_context()
This is not needed and windows doesn't use it.
The padding is for the payload in request and response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
a6a6795826954eef6763a39b129a4db578edca01)
Stefan Metzmacher [Fri, 19 Jun 2015 13:52:11 +0000 (15:52 +0200)]
s3:librpc/rpc: fix padding calculation in dcerpc_guess_sizes()
The padding needs to be relative to the payload start not to the pdu start.
We also need align the padding to DCERPC_AUTH_PAD_ALIGNMENT (16 bytes).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
b2e042ad9652e2dfb39640de43e09030efc41d3d)
Stefan Metzmacher [Fri, 19 Jun 2015 14:55:39 +0000 (16:55 +0200)]
s3:librpc/rpc: allow up to DCERPC_AUTH_PAD_ALIGNMENT padding bytes in dcerpc_add_auth_footer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
3e6e9e3acd17531148457be59a32727fb87ae43d)
Stefan Metzmacher [Sat, 20 Jun 2015 15:43:47 +0000 (17:43 +0200)]
librpc/rpc: add DCERPC_AUTH_PAD_LENGTH(stub_length) helper macro
This calculates the required padding DCERPC_AUTH_PAD_ALIGNMENT
and the stub_length.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
f1e3ad269ca8f76876afd8e3837c9c9b48688941)
Stefan Metzmacher [Fri, 19 Jun 2015 14:48:48 +0000 (16:48 +0200)]
dcerpc.idl: add DCERPC_AUTH_PAD_ALIGNMENT (=16)
Windows pads the payload aligned to 16 bytes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
2cb3ec5856ab5b7edad8ffd67a5d0f927c161138)
Stefan Metzmacher [Sat, 20 Jun 2015 14:19:31 +0000 (16:19 +0200)]
auth/gensec: make sure gensec_start_mech_by_authtype() resets SIGN/SEAL before starting
We want to set GENSEC_FEATURE_SIGN and GENSEC_FEATURE_SEAL based on the given
auth_level and should not have GENSEC_FEATURE_SEAL if
DCERPC_AUTH_LEVEL_INTEGRITY is desired.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
756508c8c37b0370301a096e35abc171fe08d31c)
Stefan Metzmacher [Fri, 19 Jun 2015 12:46:53 +0000 (14:46 +0200)]
auth/gensec: gensec_[un]seal_packet() should only work with GENSEC_FEATURE_DCE_STYLE
gensec_sig_size() also requires GENSEC_FEATURE_DCE_STYLE if
GENSEC_FEATURE_SEAL is negotiated.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
3542d33314e32279340f07f995c1dcbd16106352)
Stefan Metzmacher [Mon, 9 Feb 2015 08:33:01 +0000 (09:33 +0100)]
s3:auth_domain: fix talloc problem in connect_to_domain_password_server()
s3:auth_domain: fix talloc problem in connect_to_domain_password_server()
return values of connect_to_domain_password_server() need to be exported
to the callers memory context.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11367
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 15 Jun 2015 06:34:12 +0000 (08:34 +0200)]
s3:smb2_setinfo: fix memory leak in the defer_rename case
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11329
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
bcb69499e1a9312ea3ee32561fdecb2b22835e77)
Jeremy Allison [Wed, 10 Jun 2015 23:31:21 +0000 (16:31 -0700)]
winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 11 07:30:38 CEST 2015 on sn-devel-104
(cherry picked from commit
4c5fefe0723ae4cd3cacaabc5ae4c500d2306968)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11328
we should use resource group sids obtained from pac logon_info
Noel Power [Wed, 10 Jun 2015 12:13:25 +0000 (13:13 +0100)]
kerberos auth info3 should contain resource group ids available from pac_logon
successful pam auth (e.g. from ssh) will cache group sids (but not any
resource group sids)) The subsequent cached entry used for groups lookups
can be missing those resource groups
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
efadcb31215f9ccaf7942341c698a8eb2ac166ce)
Michael Adam [Thu, 23 Apr 2015 08:38:15 +0000 (10:38 +0200)]
docs: overhaul the description of "smb encrypt" to include SMB3 encryption.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11366
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 24 00:53:20 CEST 2015 on sn-devel-104
(cherry picked from commit
51ae17b0703eaa481d602ffc7d8231a629fcb5fd)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Tue Jun 30 06:40:27 CEST 2015 on sn-devel-104
Matthieu Patou [Tue, 23 Sep 2014 04:52:14 +0000 (21:52 -0700)]
pidl: Make the compilation of PIDL producing the same results if the content hasn't change
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11356
Newer perl versions don't generate stable results anymore.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Change-Id: I2fb1e12da392ca85bfd0fb8b50b69851076144ee
Signed-off-by: Matthieu Patou <mat@matws.net>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
4986359816704f38d4fad3ddd0d07a0f0a25b335)
Jeremy Allison [Thu, 18 Jun 2015 17:21:07 +0000 (10:21 -0700)]
s3: smbd: Codenomicon crash in do_smb_load_module().
Inside api_pipe_bind_req() we look for a pipe module name using
dcerpc_default_transport_endpoint(pkt,
NCACN_NP, table)
which returns NULL when given invalid pkt data from the Codenomicon fuzzer.
This gets passed directly to smb_probe_module(), which then calls
do_smb_load_module() which tries to deref the (NULL) module name.
https://bugzilla.samba.org/show_bug.cgi?id=11342
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 18 22:14:01 CEST 2015 on sn-devel-104
(cherry picked from commit
5a82cc21379e3fe28441cd82647313c9390b41e7)
Andrew Bartlett [Wed, 17 Jun 2015 00:05:58 +0000 (12:05 +1200)]
selftest: Change chgdcpass environment to use winbindd
This allows us to test that winbindd starts up without secrets.tdb, as happens after
a classicupgrade.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10991
(backport of master commit
db59f9ec731e3abbeba3070925a6dedaac26e6e5)
Andrew Bartlett [Thu, 11 Jun 2015 23:57:07 +0000 (11:57 +1200)]
winbindd: Sync secrets.ldb into secrets.tdb on startup
This ensures that the domain SID and machine account password are written into
secrets.tdb if the secrets.tdb file was either never written or was deleted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10991
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(backport of master commit
5de7621cbfba1e1fb52cddf41a5a13d027d45b46)
Andrew Bartlett [Thu, 11 Jun 2015 23:54:21 +0000 (11:54 +1200)]
winbindd: Use pdb_get_domain_info() to get exactly the local domain info when we are an AD DC
This also triggers pdb_samba_dsdb_init_secrets(), to force the
correct SID into secrets.tdb.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10991
(backport of master commit
b209cd1677b306d72e56a98ecb02db421a5ca35a)
Andrew Bartlett [Tue, 16 Jun 2015 23:10:15 +0000 (11:10 +1200)]
selftest: Run winbind tests in chgdcpass environment
This ensures that winbind both starts and operates without a secrets.tdb
(chgdcpass deliberatly removes the secrets.tdb file after provision, like has happend with classicupgrade).
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(backport of master commit
5bb647b78806413a94f959d0b2b417a97b7a2173)
Jeremy Allison [Wed, 17 Jun 2015 17:23:30 +0000 (10:23 -0700)]
s3: smbd: Use separate flag to track become_root()/unbecome_root() state.
Early function exit can mean backup_priv is set but we haven't called
become_root(). *Lots* of work by the reviewers went in to checking this
isn't a security issue.
Found by Codenomicon at the Redmond plugfest.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11339
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 25 22:14:58 CEST 2015 on sn-devel-104
(cherry picked from commit
e2c4b8967d33b610f9f076c614352e4b8fc7c558)
Christof Schmitt [Tue, 9 Jun 2015 17:29:21 +0000 (10:29 -0700)]
docs-xml: Update sharesec manpage to reflect current output
Update the sharesec man page to reflect the output currently used, and
also add a note that the OWNER and GROUP fields are not used for share
ACLs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11324
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jun 17 13:36:23 CEST 2015 on sn-devel-104
(cherry picked from commit
8406d4dd1593b4a4d7bcbdc7b7c7893339f8e814)
Christof Schmitt [Tue, 9 Jun 2015 17:28:17 +0000 (10:28 -0700)]
selftest: Add test for sharesec command
Add a test for the sharesec command to ensure that it works, and to also
verify that the output does not change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11324
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
a6650d74d1b7cc051637c1a19daff5a8009f405b)
Christof Schmitt [Tue, 9 Jun 2015 16:50:18 +0000 (09:50 -0700)]
sharesec: Use non-numerical output for sharesec
This is an easy change to get the sharesec output back to the format
used before. It is also easier to understand than the output of the
flags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11324
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
0b9fa2849dc8b7c61467a6517c40e6e15c104d4a)
Stefan Metzmacher [Fri, 5 Jun 2015 08:30:39 +0000 (10:30 +0200)]
ctdb-ib: make sure the tevent_fd is removed before the fd is closed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
53ff3e4f31f3debd98f9293171c023a0a406858d)
Stefan Metzmacher [Fri, 29 May 2015 14:14:40 +0000 (16:14 +0200)]
libcli/smb: make sure we remove the writev_send() request when a request is destroyed
This way smbXcli_conn_disconnect() removes all tevent_fd structures attached to
the sock_fd before closing it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
006042ac126261e87089fb9835c28789e8aeae1b)
Stefan Metzmacher [Fri, 29 May 2015 13:48:26 +0000 (15:48 +0200)]
libcli/smb: add smb1 requests to the pending array before writev_send()
This way we have a change to destroy the pending writev_send request before
closing the socket in smbXcli_conn_disconnect().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
f3982eb2c7f1d17a013dacfd430a3752e6ef4ae4)
Stefan Metzmacher [Fri, 29 May 2015 13:29:31 +0000 (15:29 +0200)]
libcli/smb: make sure the writev_send of smbXcli_conn_samba_suicide() is removed before closing the socket
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
59338434274799db1ac60b082a6453bd924c5f4c)
Stefan Metzmacher [Thu, 28 May 2015 11:22:19 +0000 (13:22 +0200)]
libcli/smb: remove unused split of read_fd and write_fd
The tevent epoll backend supports separate read and write tevent_fd structure
on a single fd, so there's no need for a dup() anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
8f42df235dc825a103631fdf0e37e1c1d03cf420)
Stefan Metzmacher [Thu, 28 May 2015 11:09:11 +0000 (13:09 +0200)]
libcli/smb: close the socket fd at the end of smbXcli_conn_disconnect()
We need to cancel all pending requests before closing the socket fds,
otherwise we cause problem with the interaction with the epoll event backend.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
46e1aa22b12eacc3567f7897716ae07837545c23)
Stefan Metzmacher [Thu, 21 May 2015 20:29:55 +0000 (22:29 +0200)]
libcli/smb: use tevent_req_received(req) in read_smb_recv()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
26c4b3fc9db507557b2539dd7d1f9e593c3fa35a)