git.samba.org - samba.git/log

VERSION: Disable GIT_SNAPSHOTS for the 4.5.6 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.5.6.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Clarify entry.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

s4:ldap_server: match windows in the error messages of failing LDAP Bind requests

This is important for some applications to detect the
NT_STATUS_PASSWORD_MUST_CHANGE condition correctly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9048

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 81ccdad9d045a7a6d6a569d1685bb0bf4e64d12a)

Autobuild-User(v4-5-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-5-test): Tue Mar 7 12:29:45 CET 2017 on sn-devel-144

ldb-samba: remember the error string of a failing bind in ildb_connect()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9048

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 4738754e7d7216f6acf790827459bb5da6b0a110)

s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained.

When the send queue grows greater than xconn->smb2.credits.max/16,
smbd_smb2_request_next_incoming() doesn't allocate a new request in state->req.

After smbd_smb2_io_handler() is called, it marks the fd not readable as
state->req == NULL, and never marks it readable again.

Fix by calling smbd_smb2_request_next_incoming() to restart
reads inside smbd_smb2_flush_send_queue() which drains the
send queue.

Reported by <chen.yehua@h3c.com>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12608

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 3 02:23:20 CET 2017 on sn-devel-144

(cherry picked from commit 1e0c79ddb34be9a2b9fa92d35387c443c4a381ae)

s3:winbindd: fix endless forest trust scan

Commit 0392ebcd1d48e9f472f2148b85316a77d9cc953b effectively
disabled the enumeration of trusts in other forests.

The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691
changed the way we fill domain->domain_flags for domains
in other forests.

Commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6 readded the
ability to enumerate trusts of other forests again, in order to
fix https://bugzilla.samba.org/show_bug.cgi?id=11830

Now we have the problem that multiple domains
(even outside of our forest) are considert to be
our forest root, as they have the following flags:
NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Mar 2 17:53:14 CET 2017 on sn-devel-144

(cherry picked from commit f9aaddcdd8f9ea648c9c5ea804f56ee3ff6c4c67)

vfs_fruit: enabling AAPL extensions must be a global switch

Apple's SMB2 AAPL extension is enabled once per SMB2
connection. Unfortunately the (per se correct) fix for bug #12541
results in vfs_fruit checking a per tcon config state variable to
determine whether AAPL has been negotiated. This variable will be false
for all but the first tcon. We must make it a global variable.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12604

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Mar 2 04:34:10 CET 2017 on sn-devel-144

(cherry picked from commit 41204a4972ea62b7b656ad81e24bd052990f7e87)

vfs_fruit: only veto AppleDouble files with fruit:resource=file

vfs_fruit only creates AppleDouble files itself when "fruit:resource" is
set to "file" (the default). It is only then the these AppleDouble files
should be treated as an internal representation and should be
inaccessible from clients.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12526>

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 708767da8c366c021d6d15a3ae71d009357c3320)

s4/torture: vfs_fruit: add stream with illegal ntfs characters to copyile test

This ensures a stream with illegal NTFS characters mapped to the Unicode
private range like

:foo\xef\x80\xa2bar:$DATA

that is stored as an xattr name

user.DosStream.foo:bar:$DATA

if "fruit:encoding = native" is set, is copied by the special fruit
copy_chunk request.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit c7a79a9b35225f41eeae961ab340882c7d49f0c4)

vfs_fruit: use stat info from base_fsp

This is also supposed to be valid in the VFS stack, so there's no need
to re-stat here.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit ffa727f33b06e71403303b53797a068f455b22f8)

s4/torture: vfs_fruit: test invalid AFPINFO_STREAM_NAME

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 8b7e88f368ce793699fc57272e74d0815219a250)

vfs_fruit: ignore or delete invalid AFP_AfpInfo streams

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit a2afd61906fbf36f75b2054abfd7384f220a14e3)

selftest: add shares without vfs_fruit for the vfs_fruit tests

Not used for now, but the next commit will add a test that makes use of
this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit bac79eac093e042f22a77fa8e468f8c92bb3c113)

s4/torture: change shares in used torture_suite_add_2ns_smb2_test()

torture_suite_add_2ns_smb2_test wan't used, change it to use the default
share as share 1 and a second share taken from torture option
"torture:share2".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 08dc5b4673a955f365095824275e67b2ea8fc31e)

docs/vfs_fruit: document known limitations with fruit:encoding=native

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit b302444f5b0675f0cb0f26fa2ad53e298067f7ab)

s4/torture: add test for AAPL find with name with illegal NTFS characters

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit c8baf2760ad51a7739084a8e2617c58c287b651e)

lib/torture: add torture_assert_mem_equal_goto

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 49723151b2107553559c397adadda90f7c4806f7)

s4/torture: add a vfs_fruit renaming test with open rsrc fork

Verify IO on the resource fork works after a rename of the basefile.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 8ae4539e47bcaa37d5a052eaf443a95287d851e1)

s4/torture: vfs_fruit: test deleting a file with resource fork

All the other tests ignore the return value of smb2_util_unlink().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit f555c2318eb06d1ceef32423dba9cd1a7c76f956)

s4/torture: vfs_fruit: add test_null_afpinfo test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 3227b891fcdd912b0c09398fed751fe8b53d01c9)

selftest: add description to vfs_fruit testsuites

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 9975c7569cf5af74c25ac03985a7c409164ac2ce)

selftest: also run vfs_fruit tests with streams_depot

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit f7b0982826b58cfcdaf8782e15c2440f31a45ba2)

selftest: run vfs_fruit tests against share with fruit:metadata=stream

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit d9ab40e0834c074ea26460347b035c52eb5eb0d7)

selftest: move vfs_fruit tests that require "fruit:metadata=netatalk" to vfs.fruit_netatalk

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit cc885223d79a7e8eb2177a351b745dceec0c9f5a)

selftest: reenable vfs_fruit tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 51189bd4758a140bad6abf3300c931302432a687)

vfs_fruit: refactor fruit_ftruncate and use new adouble API

Use struct fio to denote a fsp handle is for a stream we care about.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit cc88132854ed47510e056ed451ed376770ee301e)

vfs_fruit: use fio in fruit_fallocate

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit b3c0f785d753b26404f67acf8061be1cafde79a9)

vfs_fruit: refactor fruit_fstat and use new adouble API

Use struct fio to denote a fsp handle is for a stream we care about.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit ae6199c5ef9022518a709bb9aff20b8b2d83e456)

vfs_fruit: refactor fruit_pread and fruit_pwrite and use new adouble API

Use struct fio to denote a fsp handle is for a stream we care about.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit fcb9c840d7d082457c3136a44a23b489c98b0327)

vfs_fruit: refactor fruit_open and use new adouble API

Use struct fio to denote a fsp handle is for a stream we care about.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 6537c56de5dae8a1d193a949910296aea1cb6a4e)

vfs_fruit: rework struct adouble API

o factor out ad_open(), opens an fd to be used with IO on the metadata
  streams

o rename ad_write() to ad_set() as this aligns nicely with the existing
  ad_get. This is the pathname based version used to solely set metadata
  on a file, there's also a handle based version:

o add ad_fset(), a handle based version that can be used to set metadata
  and to update the AppleDouble header in a ._ AppleDouble file

o remove fruit_fsp_recheck(), looking at it more closely, it is not
  needed

This commit *compiles*, but all callers in the VFS ops must now be
updated to use the new semantics, this comes next...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(backported from commit 1d1203574328570288806fffefabb550ecc4e95d)

selftest: disable vfs_fruit tests

The next commits will completely change handle based VFS ops. This
couldn't be done in a piecemeal fashion, I had to wipe the slate clean.

Disabling tests in order to not break git bisects.

Tests will be reenabled after a few commits that apply the larger change
in a somewhat digestible fashion.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 8703b8ef9d54c841d9da3f94b81195f247873dea)

vfs_fruit: fix fruit_check_access()

Applying fcntl read locks requires an fd opened for reading. This means
we have to check the open flags of an fd and if the fd is not opened for
reading, we can't use it to set shared fctnl locks.

Iow we won't be applying interop locks with Netatalk for files openend
write-only.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 41a2b2f5cdf751e17bde60e5cfbe395450e67485)

vfs_fruit: remove base_fsp name translation

This is now nicely done by vfs_catia for us.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit b1223520e3d35f59e0f77648e0afdf049e1c9de3)

vfs_fruit: use SMB_VFS_NEXT_OPEN in two places

Using the SMB_VFS_OPEN leads to a logic recursion that is hard to follow
and debug. It may be called twice for the same fsp with two different
smb_fname's.

Changing this here to use the NEXT function instead should have no
change in behaviour otherwise, but it allows adding sane caching to
vfs_catia to handle based VFS ops.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 3e2a7f6227204e932a8337fe77cdda22d28f85f6)

vfs_fruit: refactor readdir_attr_macmeta() resource fork size

Move resource fork size calculation to helper functions.

Adds correct handling for the fruit:resource=stream case in
readdir_attr_rfork_size_stream(), this wasn't done previously.

Otherwise no change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit ad8a3b6971945fbceeef8763613a9e5f5a475098)

vfs_fruit: refactor fruit_ftruncate() and fix stream case

The fruit:metadata=stream case wasn't handled previosly, this is now
done in fruit_ftruncate_rsrc_stream(). The rest is just refactoring and
no change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit a5b060fcd2c1d26bd0abfceffcd7b2c43056c78e)

vfs_fruit: fix fruit_ntimes() for the fruit:metadata!=netatalk case

The following code must only be executed for the fruit:metadata=netatalk
case. Otherwise no change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit b0b785b0d4b64810f6ee58b015929641246479d1)

vfs_fruit: refactor fruit_streaminfo()

Handle all settings of fruit:metadata and fruit:resource in helper
functions.

Resource fork streams of 0 bytes must be filtered out, this wasn't done
previously for the fruit:resource=stream and xattr case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit ef2c81eb9fe5e12d5694af665be198994e02762d)

vfs_fruit: add fruit_stat_rsrc_xattr() implementation

This fixes fruit_stat_rsrc for the fruit:resource=xattr case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 72325d946aacc1beec0eb411f4c7209e06850e91)

vfs_fruit: add fruit_stat_rsrc_stream() implementation

This fixes fruit_stat_rsrc for the fruit:resource=stream case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit cbf87b46c2ad7d0795616c517d3e39f24d827ef4)

vfs_fruit: refactor fruit_stat_rsrc()

Use helper functions for the fruit:resource cases. No change in
behaveour.

The next patch will add the proper helper functions for
fruit:resource=xattr and fruit:resource=stream.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 5037816d28df6f1eed46abf910b0cd4c1a40ec77)

vfs_fruit: refactor fruit_open_rsrc()

This just splits up fruit_open_rsrc() to use helper functions for each
config->rsrc setting. No change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 22da6c82f08ed82cf7eddb3fdda2b6ab66264683)

vfs_fruit: in fruit_rmdir() check ._ files before deleting them

This ensures we only delete valid AppleDouble files whose names begin
with "._", not just *any* file that matches "^._*".

Also use proper VFS functions instead of direclty calling the C library
functions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit b95d2042e51ad4c2854e3b2465d55a063bc19f95)

vfs_fruit: fix fruit_rmdir() for the fruit:resource!=file case

The following code must only be executed for the fruit:resource=file
case. Otherwise no change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 19854072dbb7a9ba97d48f4012ea3a238721fc58)

vfs_fruit: fix fruit_chown() for the fruit:resource!=file case

The following code must only be executed for the fruit:resource=file
case.

While at it, remove an unnecessary lstat, use the stat info from
smb_fname.

Otherwise no change in behaviour for the fruit:resource=file case (the
default).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 09c82a1ce192112a7264d19f6d8888bad49f6a82)

vfs_fruit: fix fruit_chmod() for the fruit:resource!=file case

The following code must only be executed for the fruit:resource=file
case.

While at it, remove an unnecessary lstat, use the stat info from
smb_fname.

Otherwise no change in behaviour for the fruit:resource=file case (the
default).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 22b509f52ed4de0856432327b3bf78fedcde141b)

vfs_fruit: refactor fruit_unlink()

Refactor fruit_unlink() addin helper functions for all fruit:metadata
and fruit:resource settings.

No change in behaviour for fruit:metadata=netatalk and
fruit:resource=file (both the default), but fixes behaviour for the
other cases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 6730e1035ba740d0de413256a211937c3bd794e1)

vfs_fruit: fix fruit_rename() for the fruit:resource!=file case

o fix the config check, we must only run following code for the
fruit:resource=file

o properly call SMB_VFS_NEXT_RENAME() instead diretly calling rename()

o bail out if we get an invalid stat

Otherwise, no change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 8a9d0c541875d06254dc3a3039b20c8acac328ed)

vfs_fruit: correct readdir_attr_meta_finderi_stream() implementation

This gets correct behaviour in readdir_attr_meta_finderi for the
metadata=stream case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 604bd6bf80285db2e52266708d55215f07503c73)

vfs_fruit: refactor readdir_attr_meta()

Move the FinderInfo stuff to helper functions, no change in behaviour so
far.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 5a466560b2811c78d731cc039c99c740ddee5ffc)

vfs_fruit: update_btime() is only needed for metadata=netatalk

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 79159f8dc95057187601ac167414cc49282bdabf)

vfs_fruit: correct fruit_stat_meta_stream() implementation

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit cb1121ec3268fecb7fa0f5fbb6d2dbffaea991b3)

vfs_fruit: refactor fruit_stat_meta()

Handle config->meta in helper functions. No change in behaviour. The next step
will add the correct implementation of fruit_stat_meta_stream().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit aaf2ae1b2b1a2822bff6140dfd7afde1569c2548)

vfs_fruit: correct fruit_open_meta_stream() implementation

This needs to create and write a metadata blob when the stream is
created.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit a3be9e69c3d3ff4980b47261dc0d043a0275a8c0)

vfs_fruit: refactor fruit_open_meta()

Just split out the fruit:metadata=stream case into a helper function, no
change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 5a072ca91c642e61b36f1670105f6c8d1e64e25c)

vfs_fruit: replace unsafe ad_entry macro with a function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 3d5bf4b85f3ca120206a12b3d102aef2ead33082)

vfs_fruit: fix fruit_pwrite() with metadata=stream

This makes the test "delete AFP_AfpInfo by writing all 0" pass with
fruit:metadata=stream.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit b121fff1568b0365ed27655bcd600a8d82cc3489)

vfs_fruit: rename empty_finderinfo() and make it more robust

No change in behaviour, but ad_entry(ad, ADEID_FINDERI) can in theory
return NULL.

The next commit will add the same function for a AfpInfo type, so rename
this function that works on struct adouble to ad_empty_finderinfo().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 05d54dd71c9797e607c9fa3c5218c13755c7c652)

vfs_fruit: fix fruit_ftruncate with metadata=stream

With this the test "setinfo eof AFP_AfpInfo" passed with
fruit:metadata=stream.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 04feedb7f6e4519352fdd901356e6e53d97896d5)

vfs_fruit: fix fruit_pread with metadata=stream

This make the test "fix offset and len handling for AFP_AfpInfo stream"
pass with fruit:metadata=stream.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit d0eed8e73ff39acc6dca70a44f00f81d8ca564fd)

vfs_catia: add catia_(g|s)et_dos_attributes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 633aa1ac10ba4e9d7a97fa026a407defb919ce1a)

vfs_catia: add catia_readdir_attr

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit abe3572c59bec0f8da2a79e4ece9de43e8b5e16b)

vfs_catia: run translation on all handle based VFS functions

Also run translation of fsp->fsp_name and optionally
fsp->base_fsp->fsp_name if set for all handle based VFS functions.

This is necessary because some modules might use the path for something
in the handle based VFS ops.

An existing example is vfs_fruit. A later commit will remove the
translation that was done there because catia didn't before this commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit af3b4ea4744ab2b67b4221cd6118b6cd2774660f)

vfs_streams_xattr: use SMB_VFS_NEXT_OPEN and CLOSE

Using the SMB_VFS_OPEN leads to a recursion in the VFS that is hard to
follow and debug. It's called twice for the same fsp with two different
smb_fname's which makes it at least hard to debug, it may even be an
invalid usage.

Changing this here to use the NEXT function instead should have no
change in behaviour otherwise.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12565

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 4e2c7d0ec45adf5992446e3e05c90dd40c2fd75b)

vfs_streams_xattr: call SMB_VFS_OPEN with smb_fname_base

In case an SMB_VFS_OPEN() on a stream basename fails with EISDIR, we
retry the open as O_RDONLY. The retry should be done with the
smb_fname_base as well.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 8035754c28c1a469de4fac77247ef7e5a1d8b463)

s3/includes: add FinderInfo offset define to MacExtensions.h

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 73a0768865a1f5e74d50e601641cbac5340f9e2d)

selftest: don't run vfs_fruit tests against ad_dc env

This is just redundant and didn't add test coverage.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 5e612352225e0296e3f91c8db2adcca4f098e514)

dbchecker: Stop ignoring linked cases where both objects are alive

Previously, this did nothing and the code was both untested and unused.

Removes the knownfail entry for dbcheck.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600
(cherry picked from commit 0a7c6b56563faeafd61a620cb330349671bc9f3b)

Autobuild-User(v4-5-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-5-test): Wed Mar 1 13:15:34 CET 2017 on sn-devel-144

tests/dbcheck: Add a test for two live objects, with a dangling forward link

Handling backlinks appears to be rather non-deterministic, so the
forward link hangs off of the RODC replication group (which has no other
valid forward links). In other situations, it either won't delete the
memberOf, or the expected output order will vary.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600
(cherry picked from commit 6f2deb01fa1c6e81f101df49990dadcbc9c31226)

tests/dbcheck: Add a test for two live objects, with a dangling backlink

Adds dbcheck 4.5.0pre1 to the knownfail, to be removed later.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600
(cherry picked from commit 86f10eaecd4ed9fd9db83d711cbf1f823528d6e5)

s3:idmap_ad: make use of pdb_get_trust_credentials() to get the machine account creds

This is mostly a cosmetic change currently.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 24 22:34:48 CET 2017 on sn-devel-144

(cherry picked from commit 3d7fed0f2883d529bb635fc6df86f39d5a434d25)

s3:winbindd: allow a fallback to NTLMSSP for LDAP connections

This matches the behaviour of pdb_get_trust_credentials() for
our machine account and allows us to fallback to NTLMSSP
when contacting trusted domains.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4e9a0894cd977585ccc94e7c1811de1b0293382d)

s3:libads: add more debugging to ads_sasl_spnego_bind()

Any fallbacks to other authentication methods should be logged.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit ea0bc12ba52166032d5112ee22ab53d831c13e86)

s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()

The implementation of pdb_get_trust_credentials() should have all
the details to set the kerberos_state to a useful value.

This should enable the fallback to NTLMSSP again, when using our
machine account against trusted domains.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 51caeb7c538b7546e5feccf27a735bb803c78a0b)

s3:winbindd: add more debugging to cm_prepare_connection()

Any fallbacks to other authentication methods should be logged.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit ba9d139ec3d71af184a24daf24356304c2e49144)

s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials()

Trust accounts can only use kerberos when contacting other AD domains,
using NTLMSSP will fail.

At the same time it doesn't make sense to try kerberos for NT4 domains,
still NTLMSSP will fail, but the callers has to deal with that
case and just fallback to an anonymous SMB connection.

In all cases we should be able to use NETLOGON SCHANNEL
over any anonymous smb or tcp transport.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d961ae9d14b46708d2693ca91ace04f9f1a53ca2)

s3:winbindd: fix the valid usage anonymous smb authentication

If we are in a situation where we don't have credentials to contact the
remote domain or against an NT4 with the following settings:

  workgroup = NT4DOM
  security = domain
  require strong key = no
  client use spnego = no
  client ipc signing = auto

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit c97a29bdfdc0020ec0113073580da56f2d35edc1)

auth/credentials: try to use kerberos with the machine account unless we're in an AD domain

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b845f16d3ca02dd27cc40bbf722426d6f81bb4b7)

s3:winbindd: try a NETLOGON connection with noauth over NCACN_NP against trusted domains.

We're using only NCACN_NP here as we rely on the smb signing restrictions
of cm_prepare_connection().

This should fix SMB authentication with a user of a domain
behind a transitive trust.

With this change winbindd is able to call
dcerpc_netr_DsrEnumerateDomainTrusts against the
dc of a trusted domain again. This only works
for two-way trusts.

The main problem is the usage of is_trusted_domain()
which doesn't know about the domain, if winbindd can't
enumerate the domains in the other forest.

is_trusted_domain() is used in make_user_info_map(),
which is called in auth3_check_password() before
auth_check_ntlm_password().

That means we're mapping the user of such a domain
to our own local sam, before calling our auth modules.

A much better fix, which removes the usage of is_trusted_domain()
in planed for master, but this should do the job for current releases.

We should avoid talking to DCs of other domains and always
go via our primary domain. As we should code with one-way trusts
also, we need to avoid relying on a complete list of
domains in future.

For now "wbinfo -m" lists domains behind a two-way transitive
trust again, but that is likely to change in future again!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6)

Revert "s3-winbind: Fix schannel connections against trusted domain DCs"

This reverts commit d2379caa77fe02264323d69fee1bcad33f1bfeee.

This change doesn't solve the real problem, it just
causes useless network traffic and the following error:

rpccli_setup_netlogon_creds failed for W2012R2-L6, unable to setup NETLOGON
credentials: NT_STATUS_NO_TRUST_SAM_ACCOUNT

While the old logic caused NT_STATUS_CANT_ACCESS_DOMAIN_INFO (without
network traffic) instead of the NT_STATUS_NO_TRUST_SAM_ACCOUNT.

A better fix will follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 0bf1a7492bee2f7678cb37ef9515b8aefd26233b)

s3:winbindd: make sure cm_prepare_connection() only returns OK with a valid tree connect

If cm_get_ipc_credentials() returned anonymous creds and signing is required
we were returning the result of cm_get_ipc_credentials() instead of
the original error.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12588

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(similar to commit cebcc2adc7e568d492466bb69f21ba2a9630a0d2)

vfs_streams_xattr: use fsp, not base_fsp

The base_fsp's fd is always -1 as it's closed after being openend in
create_file_unixpath().

Additionally in streams_xattr_open force using of SMB_VFS_FSETXATTR() by
sticking the just created fd into the fsp (and removing it afterwards).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12591

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 22 08:25:46 CET 2017 on sn-devel-144

(cherry picked from commit 021189e32ba507832b5e821e5cda8a2889225955)

Autobuild-User(v4-5-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-5-test): Sat Feb 25 15:29:38 CET 2017 on sn-devel-144

libcli/auth: use the correct creds value against servers without LogonSamLogonEx

If we use the credential chain we need to use the value from
netlogon_creds_client_authenticator() to make sure we have the current
value to encrypt in logon info.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12586

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0ed2a65593b5abc9ba7f40992ed0ed8f448f5836)

librpc/rpc: fix regression in NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping

Commit 1eef70872930fa4f9d3dedd23476b34cae638428 changed the mapping for
DCERPC_NCA_S_FAULT_INVALID_TAG from NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
to NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12585

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c97e39b34fcf260ded42ef1a9efe7ed55e65a1cf)

krb5_wrap: use our own code to calculate the ENCTYPE_ARCFOUR_HMAC key

Our own convert_string_talloc() function handles a wider range
of unicode code points than the MIT krb5 or heimdal code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Feb 21 20:08:16 CET 2017 on sn-devel-144
(similar to commit 10e1b92c288ae27f775debb16c3e122b6063fa21)

s4:scripting: use generate_random_machine_password() for machine passwords

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 383432d2cd3046c2c3768c1ae452211c7e583604)

samba-tool:provision: use generate_random_machine_password() for machine passwords

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ea57a204a1f6b4999e5347c1edb5753bed933fba)

samba-tool:domain: use generate_random_machine_password() for machine passwords

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f04e09e1968c40483b8dc2f92b9c15bce0b0b55a)

samba-tool:domain: use generate_random_machine_password() for trusted domains

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b2fac99ac63739398aa716c26d8e187a25bb8400)

pyglue: add generate_random_machine_password() wrapper

We use PyUnicode_FromString() (which is available from 2.6)
because we really have non-ascii strings.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d7840e77961cdc4ccc4f5549494d458b6b2c2cf4)

python/samba: use an explicit .encode('utf-8') where we expect utf8 passwords

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b86c29b1e6fb2fb4cf203aa38c7764084d855730)

python/samba: provision_dns_add_samba.ldif expects utf-16-le passwords

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 99b8d6beccf4d3d24f9d87a4d8e5eadfe0e0dd33)

s4:dsdb: autogenerate a random utf16 buffer for krbtgt password resets.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0ed258bfe48995db6b345cc14e1747c4af9d076d)

s4:libnet: make use of generate_random_machine_password()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 26515dca99ba3fa393207df905137021a2177de1)

s4:libcli/raw: remove unused DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e9c184088cbbb47e48d9e96fc753a56c544301dc)

s3:include: remove unused DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 21cbf8e4db6928a8a3fb712b3750bb50c1201948)

s3:net_rpc_trust: make use of trust_pw_new_value()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 13fd543929c72fa5af1ae6e21ca8dda9a57a0f55)

s3:libnet_join: make use of trust_pw_new_value()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 77edef9555acd6e0c843582637bc367fa0d2a203)