Stefan Metzmacher [Wed, 3 Jul 2019 10:14:03 +0000 (12:14 +0200)]
ldb: Release ldb 1.5.5
Compared to 1.5.4:
* LDAP_REFERRAL_SCHEME_OPAQUE was added
to ldb_module.h in order to fix bug #12478.
It means that Samba >= 4.10.6 will no longer be able to
build with ldb 1.5.4.
* We Skip @ records early in a search full scan
in order to address bug #13893.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Wed, 12 Jun 2019 19:16:25 +0000 (21:16 +0200)]
python/ntacls: use correct "state directory" smb.conf option instead of "state dir"
samba-tool ntacl get testfile --xattr-backend=tdb --use-ntvfs
Fixes: Unknown parameter encountered: "state dir"
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
670a12df52df63a067b638d37bec71341bf18bdd)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14002
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Wed Jun 26 11:37:29 UTC 2019 on sn-devel-144
Björn Baumbach [Wed, 12 Jun 2019 19:00:01 +0000 (21:00 +0200)]
selftest: add test for samba-tool ntacl get/set --use-ntvfs --xattr-backend=tdb
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
1b0184a9562689a658e75a0cfc69bdd23277cff6)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14002
Andreas Schneider [Fri, 1 Feb 2019 17:51:53 +0000 (18:51 +0100)]
docs: Document DCEPRC binding string for rpcclient
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb 4 02:03:56 CET 2019 on sn-devel-144
(cherry picked from commit
cca48c1a1029685672e1c25e39e8be2be947238f)
Andreas Schneider [Tue, 18 Jun 2019 12:43:50 +0000 (14:43 +0200)]
s3:client: Link smbspool_krb5_wrapper against krb5samba
Heimdal doesn't provide krb5_free_unparsed_name(), so we need to use the
function we provide in krb5samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
9268919e046190c7b423133de3f9d0edada3f1b8)
Lukas Slebodnik [Wed, 12 Jun 2019 10:27:04 +0000 (12:27 +0200)]
wafsamba: Use native waf timer
__main__:1: DeprecationWarning: time.clock has been deprecated in Python 3.3
and will be removed from Python 3.8: use time.perf_counter
or time.process_time instead
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13998
Signed-off-by: Lukas Slebodnik <lslebodn@fedoraproject.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
8f082904ce580f1a6b8a06ebcc323c99e892bd1f)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Fri Jun 21 11:14:16 UTC 2019 on sn-devel-144
Ralph Boehme [Mon, 27 May 2019 10:27:57 +0000 (12:27 +0200)]
s3:mdssvc: fix flex compilation error
[4440/4495] Compiling bin/default/source3/rpc_server/mdssvc/sparql_lexer.lex.c
../../source3/rpc_server/mdssvc/sparql_lexer.l:26: error: "yyalloc" redefined [-Werror]
26 | #define yyalloc SMB_MALLOC
Looks like the dirty redefine trick doesn't work anymore with newer flex
versions. According to the flex manual the right thing to do is to provide own
functions for yyalloc and yyrealloc when passing the options "noyyalloc
noyyrealloc".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13987
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue May 28 11:49:06 UTC 2019 on sn-devel-184
(cherry picked from commit
9053391f86a529e0a7dbcd23fa3a555d85c2207c)
Rafael David Tinoco via samba-technical [Mon, 3 Jun 2019 02:44:15 +0000 (23:44 -0300)]
ctdb-scripts: Fix tcp_tw_recycle existence check
net.ipv4.tcp_tw_recycle has been removed from Linux 4.12 but, still,
makes sense to check its existence. Unfortunately, current check does
not test for the procfs file existence. This commit fixes the issue.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13984
Signed-off-by: Rafael David Tinoco <rafaeldtinoco@ubuntu.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 4 23:31:24 UTC 2019 on sn-devel-184
(cherry picked from commit
843fbb1207ee7ac84f3282974b66b9290d8da0ac)
Andrew Bartlett [Fri, 31 May 2019 21:04:48 +0000 (09:04 +1200)]
docs: Improve documentation of "lanman auth" and "ntlm auth" connection
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13981
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
dbf3e81f7f0b28c69dca004b32ea3a7344b0cad3)
Ralph Boehme [Fri, 24 May 2019 13:15:59 +0000 (15:15 +0200)]
vfs_fruit: remove a now unnecessary include
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 30 22:12:50 UTC 2019 on sn-devel-184
(cherry picked from commit
9a2c9834cb1b77547b8b932c35870301afb9fc25)
Ralph Boehme [Fri, 24 May 2019 12:51:17 +0000 (14:51 +0200)]
vfs_fruit: use VFS functions in ad_read_rsrc_adouble()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9fe84a6345bf5d9fdb1df87a853db3380e6fb0f7)
Ralph Boehme [Fri, 24 May 2019 10:51:15 +0000 (12:51 +0200)]
vfs_fruit: use fsp and remove syscalls from ad_convert_blank_rfork()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
70c4a8f0ac307009c26e857523192c95b42a92f5)
Ralph Boehme [Fri, 24 May 2019 10:07:55 +0000 (12:07 +0200)]
vfs_fruit: use VFS function in ad_convert_truncate()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3739ad90cf2bbaa2094a34197c894363d2e24a5a)
Ralph Boehme [Fri, 24 May 2019 10:05:51 +0000 (12:05 +0200)]
vfs_fruit: add VFS handle to ad_convert_truncate()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4e44b1da9357120f0ad74e24c650bc6386085c47)
Ralph Boehme [Fri, 24 May 2019 09:54:51 +0000 (11:54 +0200)]
vfs_fruit: use fsp and remove mmap in ad_convert_xattr()
No need to mmap() anyway, the xattr data is already available in ad->ad_data.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4ff7ea0e0312c737aefd350f7b8fbed4c8602325)
Ralph Boehme [Thu, 23 May 2019 20:44:21 +0000 (22:44 +0200)]
vfs_fruit: remove use of mmap() from ad_convert_move_reso()
We now have an fsp that we can use, so we can get rid of mmap() and
sys_pread()/sys_pwrite().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0041855af0b05d6c47558880d6eebd1970179272)
Ralph Boehme [Thu, 23 May 2019 14:42:52 +0000 (16:42 +0200)]
vfs_fruit: convert ad_open_rsrc() to open a proper fsp with SMB_VFS_CREATE_FILE()
A first step in converting all raw syscalls to use proper VFS functions. All
existing users of the raw system filedescriptor continue to use the fd from
fsp->fh for now.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
29418c726be74feb1d8c3ac9f7b8c983901a2aab)
Ralph Boehme [Thu, 23 May 2019 14:22:39 +0000 (16:22 +0200)]
vfs_fruit: only do cross protocol locking on non-internal opens
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f5f7d1e9bf7e39933ccf7c874e682f9df80a6fec)
Ralph Boehme [Thu, 23 May 2019 06:27:37 +0000 (08:27 +0200)]
vfs_fruit: remove a layer of indirection
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
97d485ff2cda85edeba163ea01b6abfa705db20f)
Ralph Boehme [Thu, 23 May 2019 06:14:18 +0000 (08:14 +0200)]
vfs_fruit: pass VFS handle to ad_convert_move_reso()
Not used for now, that comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3919ea048fe3b763657e14cdfb5920184a900d27)
Ralph Boehme [Wed, 22 May 2019 19:15:22 +0000 (21:15 +0200)]
vfs_fruit: remove xattr code from the AppleDouble subsystem
The subsystem consumers have been reworked in the previous commits, so this is
not used anymore. ad_init() doesn't need a handle argument anymore due to this,
remove it as well.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e3cb1cb24f2a31d7fd03f3bdf417f4704fb4ac7c)
Ralph Boehme [Fri, 17 May 2019 12:31:15 +0000 (14:31 +0200)]
vfs_fruit: remove now unused AppleDouble code for resource fork in xattr
This was only needed to get the resourcefork size via the ad_* AppleDouble
function. This is now done with a fstat on the low level xattr fd (remember,
this is Solaris only code...), so we can remove the xattr special casing from
the AppleDouble functions.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
cb9dffa1c66294b6eed85e7576aa99c642d0b541)
Ralph Boehme [Wed, 22 May 2019 16:08:14 +0000 (18:08 +0200)]
vfs_fruit: use stream code for resource fork size calculation in readdir_attr_rfork_size()
This works as well, using an fstat() on the filehandle to get the size. This is
tested by the torture test "vfs.fruit.SMB2/CREATE context AAPL".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a23bcc1916a49bf3e0edece190e5434e39862d2c)
Ralph Boehme [Wed, 22 May 2019 15:02:20 +0000 (17:02 +0200)]
vfs_fruit: use correct case FRUIT_RSRC_STREAM in readdir_attr_rfork_size()
This is a genuine bug, but luckily this would only impact configs which nobody
uses:
fruit:metadata = netatalk
fruit:resource = stream
With the above configuration the switch in readdir_attr_rfork_size() would hit
the default case and so always report resource forks as 0 bytes in size.
All deployment that I've seen that use fruit:resource=stream also use
fruit:metadata=stream, so the switch takes FRUIT_META_STREAM case which runs the
correct code readdir_attr_rfork_size_stream().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
83179a74119de84d20f796c241aae6bccb83a68b)
Ralph Boehme [Tue, 21 May 2019 09:42:47 +0000 (11:42 +0200)]
vfs_fruit: ignore AppleDouble files in fruit_unlink()
Otherwise, if SMB_VFS_UNLINK() is called for an AppleDouble path "._file", we
try to delete "._._file" which doesn't make sense. AppleDouble files don't have
AppleDouble themselves.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
797dc649456f39add4af8b54b60db0268ad4e90e)
Ralph Boehme [Tue, 21 May 2019 09:40:33 +0000 (11:40 +0200)]
vfs_fruit: add a missing else
Luckily the missing else has the same control flow due to the previous if and
else blocks calling return.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
44d8568001c87d28962dfc4e3fde6d0f7f409997)
Ralph Boehme [Tue, 21 May 2019 09:39:18 +0000 (11:39 +0200)]
vfs_fruit: add and use is_adouble_file()
This adds a helper function that checks whether the last component of a path is
an AppleDouble sidecar file with "._" name prefix.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ad70c947c759aa0965ee57f973fb8dc1909e0e39)
Ralph Boehme [Fri, 17 May 2019 10:19:06 +0000 (12:19 +0200)]
vfs_fruit: finally, remove ad_handle from struct adouble
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e266daaed149561b746dbb8d5e9523862f0057b5)
Ralph Boehme [Fri, 17 May 2019 10:17:28 +0000 (12:17 +0200)]
vfs_fruit: pass handle to ad_convert_delete_adfile()
On the course of removing ad_handle from struct adouble, step 10.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
5f4d16b40e07acf8d27fee62f1a56de175663a1d)
Ralph Boehme [Fri, 17 May 2019 10:05:07 +0000 (12:05 +0200)]
vfs_fruit: pass handle to ad_convert_finderinfo()
On the course of removing ad_handle from struct adouble, step 9.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
50874c1548d62ab0ddaaa6dd4124279ee5029fcf)
Ralph Boehme [Fri, 17 May 2019 10:02:46 +0000 (12:02 +0200)]
vfs_fruit: pass handle to ad_convert_blank_rfork()
On the course of removing ad_handle from struct adouble, step 8.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
adc7ac38b849b4dce4a85fd6442c8d4b9da57686)
Ralph Boehme [Fri, 17 May 2019 09:54:10 +0000 (11:54 +0200)]
vfs_fruit: pass handle to ad_convert_xattr()
On the course of removing ad_handle from struct adouble, step 7.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
fd2f4cf828ee4c31e3b5a27a79d3a0ee12a5877a)
Ralph Boehme [Fri, 17 May 2019 09:23:17 +0000 (11:23 +0200)]
vfs_fruit: indentation fix
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
400b3c2f8c82b1defe1e321e0cdae486b930344f)
Ralph Boehme [Fri, 17 May 2019 09:47:26 +0000 (11:47 +0200)]
vfs_fruit: pass handle to ad_read_rsrc() and all the way down
On the course of removing ad_handle from struct adouble, step 5.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
661dfa4a19673fdb30d5bf36279cdf867454b947)
Ralph Boehme [Fri, 17 May 2019 09:42:06 +0000 (11:42 +0200)]
vfs_fruit: use proper VFS function in ad_read_meta()
Continuing to ignore a possible error for now, this is in an error codepath
anyway.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
30ca328c698c2e035e240359bda7c9dcbeb646df)
Ralph Boehme [Fri, 17 May 2019 09:23:17 +0000 (11:23 +0200)]
vfs_fruit: indentation fix
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
47721d8d359ef78b8dd4f77f92c30c2caf2c4a80)
Ralph Boehme [Fri, 17 May 2019 09:22:24 +0000 (11:22 +0200)]
vfs_fruit: pass handle to ad_read_meta()
On the course of removing ad_handle from struct adouble, step 4.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f8df09157f31b53dbe73eaf4349fc071bfcc1b90)
Ralph Boehme [Fri, 17 May 2019 09:19:53 +0000 (11:19 +0200)]
vfs_fruit: pass handle to ad_read()
On the course of removing ad_handle from struct adouble, step 3.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
d0abf945e683766029d28915541a4baf9f3879ab)
Ralph Boehme [Fri, 17 May 2019 08:43:55 +0000 (10:43 +0200)]
vfs_fruit: pass handle to ad_set()
On the course of removing ad_handle from struct adouble, step 2.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c78ba30ac4534b7037b979ac96b77b834b2eb2fe)
Ralph Boehme [Fri, 17 May 2019 08:41:29 +0000 (10:41 +0200)]
vfs_fruit: pass handle to ad_fset()
On the course of removing ad_handle from struct adouble, step 1.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
585d4d49770b4ddc3f7d9dcbb3e322f072767781)
Ralph Boehme [Mon, 13 May 2019 18:16:47 +0000 (20:16 +0200)]
s3:auth: explicitly add BUILTIN\Guests to the guest token
This changes ensures that smbd always adds BUILTIN\Guests to the guest token
which is required for guest authentication.
Currently the guest token depends on the on-disk configured group mappings. If
there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not
a member, the final guest token won't contain BUILTIN\Guests.
For SMB2 the flag SMB2_SESSION_FLAG_IS_GUEST will not be set in the final SMB2
SESSION_SETUP response, because smbd sets it based on the token containing the
BUILTIN\Guests SID S-1-5-32-546.
At the same time, the packet is not signed which causes Windows clients and
smbclient to reject the unsigned SMB2 SESSION_SETUP response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 5 16:55:26 UTC 2019 on sn-devel-184
(cherry picked from commit
a66af4c96accba4ee64eeb1958458b69f3ccec1d)
Ralph Boehme [Thu, 16 May 2019 10:47:34 +0000 (12:47 +0200)]
tests: add a test for guest authentication
This verifies that smbd always adds BUILTIN\Guests to the guest token which is
required for guest authentication.
Currently the guest token depends on the on-disk configured group mappings. If
there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not
a member, the final guest token won't contain BUILTIN\Guests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
0e88f98855e24cfddb55bef65c5910b8e662c630)
Ralph Boehme [Thu, 16 May 2019 10:43:40 +0000 (12:43 +0200)]
selftest: allow guest login in the ad_member_idmap_rid env
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ac2167eb2349dc1c453e14a65692f16c8ba6532e)
Ralph Boehme [Thu, 16 May 2019 10:42:54 +0000 (12:42 +0200)]
s3:smbd: call reinit_guest_session_info() in the conf updated handler
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
f4e340a48b6f059a1daa66deb9c26da9e8fcd5e7)
Ralph Boehme [Thu, 16 May 2019 10:42:29 +0000 (12:42 +0200)]
s3:auth: add reinit_guest_session_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
8096cc7eb2b36b074ff17a52dc3540be4ecff6bb)
Stefan Metzmacher [Fri, 26 Apr 2019 14:31:46 +0000 (14:31 +0000)]
dsdb:audit_log: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..."
We better print "... remote host [Unknown] SID [S-1-5-18] ..."
in 'dsdb_audit' message, this matches what we print for
'dsdb_json_audit'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13916
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
706aba5bf62e674ae12786f6ab275752b8714464)
Andrew Bartlett [Thu, 4 Apr 2019 21:46:50 +0000 (10:46 +1300)]
ldb_kv: Skip @ records early in a search full scan
@ records like @IDXLIST are only available via a base search on the specific name
but the method by which they were excluded was expensive, after the unpack the
DN is exploded and ldb_match_msg_error() would reject it for failing to match the
scope.
This uses the fact that @ records have the DN=@ prefix on their TDB/LMDB key
to quickly exclude them from consideration.
Based on analysis by Garming Sam.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13893
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 10 06:23:39 UTC 2019 on sn-devel-144
(cherry picked from commit
49b77d8df2d7113ac7ddb75e78de6628933ff852)
Andrew Bartlett [Sun, 10 Mar 2019 23:38:27 +0000 (23:38 +0000)]
samba-tool domain provision: Fix --interactive module in python3
The prompts were not being printed to the screen because the stream
was not being flushed.
As reported on the samba mailing list by Adam Xu:
https://lists.samba.org/archive/samba/2019-March/221753.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13828
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
(cherry picked from commit
31aecee1446c5006771aaa535ae85810bbfb5db0)
Gary Lockyer [Tue, 21 May 2019 01:17:22 +0000 (13:17 +1200)]
ldap server: generate correct referral schemes
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 24 05:12:14 UTC 2019 on sn-devel-184
(cherry picked from commit
1958cd8a7fb81ec51b81944ecf4dd0fb5c4208fa)
Gary Lockyer [Tue, 21 May 2019 01:14:08 +0000 (13:14 +1200)]
ldap tests: test scheme for referrals
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
6ccf74cf878c295903673e3a1d1ed924a5e87547)
Günther Deschner [Mon, 3 Jun 2019 14:28:36 +0000 (16:28 +0200)]
s3/vfs_glusterfs_fuse: Avoid using NAME_MAX directly
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Jun 11 00:29:19 UTC 2019 on sn-devel-184
Günther Deschner [Mon, 3 Jun 2019 14:25:46 +0000 (16:25 +0200)]
s3/vfs_glusterfs: Avoid using NAME_MAX directly
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Günther Deschner [Mon, 3 Jun 2019 12:27:44 +0000 (14:27 +0200)]
Revert "s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX"
This reverts commit
e28d172b00cadf492c22bd892e2dda3bf2fe2d70.
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Günther Deschner [Mon, 3 Jun 2019 12:27:18 +0000 (14:27 +0200)]
Revert "s3/vfs_glusterfs: Dynamically determine NAME_MAX"
This reverts commit
8e3a042eb9e502821b147f1bbb2d98d59f17a095.
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Karolin Seeger [Wed, 19 Jun 2019 07:24:10 +0000 (09:24 +0200)]
VERSION: Bump version up to 4.10.6...
GIT_SNAPSHOT is still enabled in v4-10-test.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Karolin Seeger [Wed, 19 Jun 2019 07:22:20 +0000 (09:22 +0200)]
Merge tag 'samba-4.10.5' into v4-10-test
samba: tag release samba-4.10.5
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 21 May 2019 14:00:53 +0000 (16:00 +0200)]
vfs_fruit: change trigger points of AppleDouble conversion
This moves the trigger points where AppleDouble file conversion is run by
ad_convert() from deep down the callchain in ad_read_rsrc_adouble() to high
level VFS entry points.
Currently ad_convert() will be triggered as part of open_file_ntcreate(...,
"file:AFP_AfpResource", ...): after SMB_VFS_OPEN() has been called with O_CREAT,
what created the file, we call SMB_VFS_FSTAT() on the just created
filehandle. This ends up in ad_convert(), finds the resource fork empty and thus
deletes the file.
This commit moves calling of the conversion funtion to the high level VFS entry
points where the converted metadata is needed:
o for directory enumerations SMB_VFS_READDIR_ATTR() is called to fill in the
repurposed fields in the directory entry metadata
o obviously for SMB_VFS_CREATE_FILE() on an macOS stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
78a4639b2d06cc69788861618d2e91945e142d2b)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Thu Jun 13 13:55:35 UTC 2019 on sn-devel-144
Karolin Seeger [Thu, 13 Jun 2019 09:48:53 +0000 (11:48 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.10.5 release.
CVE-2019-12436 dsdb/paged_results: ignore successful results without messages
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13951
CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 13 Jun 2019 09:47:07 +0000 (11:47 +0200)]
WHATSNEW: Add release notes for Samba 4.10.5.
CVE-2019-12436 dsdb/paged_results: ignore successful results without messages
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13951
CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Douglas Bagnall [Fri, 17 May 2019 02:42:24 +0000 (14:42 +1200)]
CVE-2019-12436 dsdb/paged_results: ignore successful results without messages
So that we don't dereference result->msgs[0] when it doesn't exist.
This can happen when the object has changed in such a way that it no
longer matches the original search query.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13951
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 22 May 2019 01:23:25 +0000 (13:23 +1200)]
CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2
We still want to return DOES_NOT_EXIST when request_filter is not 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 22 May 2019 00:58:01 +0000 (12:58 +1200)]
CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation
We still want to return DOES_NOT_EXIST when request_filter is not 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Karolin Seeger [Wed, 22 May 2019 09:50:17 +0000 (11:50 +0200)]
VERSION: Bump version up to 4.10.5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
827b5423c0fe6ad472226b6d172e0460d074135a)
Ralph Boehme [Tue, 21 May 2019 14:00:00 +0000 (16:00 +0200)]
vfs_fruit: add a forward declaration for ad_get()
Will be needed in the next commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4777d1163a7c18c89ce9be955903427a18134415)
Ralph Boehme [Tue, 21 May 2019 12:05:04 +0000 (14:05 +0200)]
selftest: run vfs.fruit test against a share that deletes empty resource forks
This reveals a bug in the AppleDouble conversion code: the conversion code that
unlinks an empty resource fork AppleDouble sidecar file ("._file") gets
triggered as part of open_file_ntcreate(..., "file:AFP_AfpResource", ...):
after SMB_VFS_OPEN() has been called with O_CREAT, what created the file, we
call SMB_VFS_FSTAT() on the just created filehandle. This ends up in
ad_convert(), finds the resource fork empty and thus deletes the file.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
8ed9b6b457923d2353d1d18838f4a278db48c6b9)
Ralph Boehme [Tue, 21 May 2019 16:39:52 +0000 (18:39 +0200)]
s4:torture/vfs/fruit: ensure test_adouble_conversion_wo_xattr() uses a non-emtpy resourcefork
This ensures the resource fork is not deleted as part of the AppleDouble file
conversion for the option fruit:wipe_intentionally_left_blank_rfork=yes.
This is currently not a problem in selftest, as we don't enable the option, but
a subsequent commit will run all vfs.fruit tests against a share with this
option enabled.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
bb5a457f2872a383b58d62981dade322fca9b283)
Ralph Boehme [Tue, 21 May 2019 16:39:52 +0000 (18:39 +0200)]
s4:torture/vfs/fruit: ensure test_adouble_conversion() uses a non-emtpy resourcefork
This ensures the resource fork is not deleted as part of the AppleDouble file
conversion for the option fruit:wipe_intentionally_left_blank_rfork=yes.
This is currently not a problem in selftest, as we don't enable the option, but
a subsequent commit will run all vfs.fruit tests against a share with this
option enabled.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c3d28d49be3c7536d1ccfe8d00553ce72843f369)
Ralph Boehme [Thu, 16 May 2019 14:05:31 +0000 (16:05 +0200)]
registry: add a missing include
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13840
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon May 27 14:29:36 UTC 2019 on sn-devel-184
(cherry picked from commit
e09053faf457f69ad9b5e6a34be43c947503575f)
Douglas Bagnall [Thu, 23 May 2019 21:58:12 +0000 (09:58 +1200)]
samba-tool dns: use bytes for inet_ntop
From Python's point of view, array.AddrArray is a list of byte-valued
integers. In Python 3 we can convert directly using the likes of
bytes(array.AddrArray[i].MaxSa[8:24])
but in 4.10 we need to support both, so we use struct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13965
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed May 29 11:29:17 UTC 2019 on sn-devel-184
Douglas Bagnall [Wed, 29 May 2019 01:38:12 +0000 (13:38 +1200)]
tests/samba-tool: test dns serverinfo/zoneinfo
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13965
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Sat, 18 May 2019 18:41:56 +0000 (11:41 -0700)]
docs: dfree command. Correct usage of dfree scripts.
Add quotes to the sample scripts to prevent incorrect
parameter usage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 24 20:12:02 UTC 2019 on sn-devel-184
(cherry picked from commit
77eabd74e9a28b1e6decf0890a9ef4c83fa002d4)
Jeremy Allison [Sat, 18 May 2019 18:40:26 +0000 (11:40 -0700)]
lib: util: Finally remove possibilities of using sys_popen() unsafely.
All code now uses sys_popenv() which is much
harder to use incorrectly.
Remove the extract_args() function that was the
cause of possible issues.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
9fa95d5b45369acfdd38923e8618e94e5d04b07e)
Ralph Boehme [Fri, 24 May 2019 17:08:10 +0000 (19:08 +0200)]
s3: lib: Rename all uses of file_pload_XXX -> file_ploadv_XXX.
Keep naming consistent across all usage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
dbfa3cd186428c02589aa9093e868554b4c695d5)
Jeremy Allison [Sat, 18 May 2019 18:32:05 +0000 (11:32 -0700)]
s3: lib: Remove file_pload_send().
No longer used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
d5c363d65d771c792523f2f3e526c90514212fc2)
Jeremy Allison [Sat, 18 May 2019 18:25:01 +0000 (11:25 -0700)]
s3: winbind: Convert idmap to use file_ploadv_send().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
449d49946b295f574e1fed83b5a5ffbf1c1b1e30)
Jeremy Allison [Sat, 18 May 2019 18:18:19 +0000 (11:18 -0700)]
s3: lib: Add file_ploadv_send().
Not yet used. Preparing to remove file_pload_send()
with this safer alternative.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
61054e53f53e5884902b566b1f9b454a3ff4741f)
Jeremy Allison [Sat, 18 May 2019 18:14:53 +0000 (11:14 -0700)]
lib: util: Remove file_pload()
No longer used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
c5729ae44219ec81008040d4d50f0f5fdf254201)
Jeremy Allison [Sat, 18 May 2019 18:10:40 +0000 (11:10 -0700)]
s3: lib: Remove file_lines_pload().
No longer used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
02bc0ce9d22117b464bae47c5d09c45b4f7c2272)
Jeremy Allison [Sat, 18 May 2019 18:08:15 +0000 (11:08 -0700)]
s3: smbd: Convert sysquotas.c code to use file_lines_ploadv().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
4a63e3b9659c8715d436c66dee8bf420e2ea89fb)
Jeremy Allison [Fri, 17 May 2019 05:18:40 +0000 (22:18 -0700)]
s3: smbd: Convert print_svid code to use file_lines_ploadv().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
f9ccf1cc3df13138a1a4b645c8190238ce011f04)
Jeremy Allison [Fri, 17 May 2019 05:11:49 +0000 (22:11 -0700)]
s3: smbd: Convert dfree code to use file_lines_ploadv().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
d6453e1ffd92c7754862389a933a9fd9089ce518)
Jeremy Allison [Fri, 17 May 2019 05:10:51 +0000 (22:10 -0700)]
s3: lib: util: Add file_lines_ploadv().
Not yet used.
Duplicate code to file_lines_pload() except uses vectored
argument list. file_lines_pload() will be removed once all
callers are converted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
3b19412baedfffb7adc2a79471f5b17990259c31)
Jeremy Allison [Fri, 17 May 2019 04:56:13 +0000 (21:56 -0700)]
lib: util: Add file_ploadv().
Not yet used.
Duplicate code to file_pload() except uses vectored
argument list. file_pload() will be removed once all
callers are converted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
5c34fa0b85e4d9a3c5fd4fa0b39af4772ec023db)
Jeremy Allison [Fri, 17 May 2019 04:45:21 +0000 (21:45 -0700)]
lib: popen: Prepare to remove sys_popen().
Add sys_popenv(char * const argl[]) that uses a NULL
terminated vector array of args. Change sys_popen() to
split up its command string and call sys_popenv().
Once all callers are converted to sys_popenv() we
can remove sys_popen().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
f20538de041eed1cadbabe2149b2b7cfcb779cb5)
Aliaksei Karaliou [Thu, 27 Dec 2018 09:25:47 +0000 (04:25 -0500)]
s3:util: Move static file_pload() function to lib/util
file_pload() is static private function in Samba3 library, however it
does not have any special dependencies and might be widely used as
common function, so moving it into common samba-util library.
Extra fix needed to enable easy back-port of code for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
d21fc7d8b86b0cddc619ffe528d9cd93eeedbb0b)
Aliaksei Karaliou [Thu, 27 Dec 2018 09:18:28 +0000 (04:18 -0500)]
s3:util: Move popen wrappers to lib/util
When linked into Samba3 libraries, sys_popen()/sys_pclose()
cannot be used in lower level libraries because of circular
dependencies.
This patch moves them into common samba-util library.
Extra fix needed to enable easy back-port of code for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
65ea3f2a461c0eeca7d14c4258eea52e19f0ed06)
Volker Lendecke [Tue, 21 May 2019 13:26:55 +0000 (15:26 +0200)]
smbd: Fix a panic
Opening a file with a stale (smbd died) LEVEL_II oplock makes
vfs_set_filelen-> ... ->contend_level2_oplocks_begin_default
trigger the immediate leading to do_break_to_none. This goes through
because fsp->oplock_type is not initialized yet, thus 0. Also,
file_has_read_oplocks is still valid, because the smbd that has died
could not clean up the brlock.tdb entry.
Later in the code the exclusive oplock is granted, which is then found
by do_break_to_none, making it panic.
This patch just runs the direct FTRUNCATE instead of vfs_set_filelen.
This means the contend_level2_oplock code is skipped.
The relevant break (LEVEL_II to NONE) is now done in delay_for_oplock()
with the nice effect of removing a comment that was very confusing to
me.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May 22 20:09:29 UTC 2019 on sn-devel-184
Volker Lendecke [Tue, 21 May 2019 12:53:46 +0000 (14:53 +0200)]
smbtorture: Add a test to make smbd panic
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 21 May 2019 12:52:22 +0000 (14:52 +0200)]
smbd: Enable "smbd:suicide mode" for smb2
The next commit needs an smbd to just exit and leave data behind in the
locking.tdb file. Don't make it harder to eventually phase out SMB1: Do
the test in SMB2.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 23 May 2019 20:33:21 +0000 (13:33 -0700)]
s3: winbind: Fix crash when invoking winbind idmap scripts.
Previously the private context was caching a pointer to
a string returned from lp_XXX(). This string can change
on config file reload. Ensure the string is talloc_strup'ed
onto the owning context instead.
Reported by Heinrich Mislik <Heinrich.Mislik@univie.ac.at>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13956
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
a1f95ba5db6fc017fad35377fbf76c048f2dd8ab)
Shyamsunder Rathi [Mon, 13 May 2019 06:06:17 +0000 (23:06 -0700)]
s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary
For FS_VOLUME_INFO/FS_INFO operation, a maximum of 32 characters are
sent back. However, since Samba chops off any share name with >32
bytes at 32, it is possible that a multi-byte share name can get chopped
off between a full character. This causes the string decoding for unicode
failure which sends back NT_STATUS_ILLEGAL_CHARACTER (EILSEQ) to the client
applications.
On Windows, Notepad doesn't like it, and refuses to open a file in this
case and fails with the following error:
Invalid character. For multibyte character sets, only the leading byte is
included without the trailing byte. For Unicode character sets, include
the characters 0xFFFF and 0xFFFE.
Proposed fix:
- Find the last starting point of a multibyte codepoint if the character
at 32nd byte is a subsequent byte of a MB codepoint.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13947
Signed-off-by: Shyamsunder Rathi <shyam.rathi@nutanix.com>
Reviewed-by: Hemanth Thummala <hemanth.thummala@nutanix.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
0fa490e8476a2a5020ff2c253167b8a9454e8b97)
Gary Lockyer [Tue, 14 May 2019 01:10:22 +0000 (13:10 +1200)]
s4 dsdb: fix use after free in samldb_rename_search_base_callback
Fix use after free detected by AddressSanitizer
AddressSanitizer: heap-use-after-free on address 0x60f0002b2738
at pc 0x7f89b1a213b5 bp 0x7ffce9528810 sp 0x7ffce9528800
READ of size 8 at 0x60f0002b2738 thread T0
#0 0x7f89b1a213b4 in samldb_rename_search_base_callback
../../source4/dsdb/samdb/ldb_modules/samldb.c:4203
#1 0x7f89d3a0db4a in ldb_module_send_entry
../../lib/ldb/common/ldb_modules.c:793
#2 0x7f89b6f27356 in es_callback
../../source4/dsdb/samdb/ldb_modules/encrypted_secrets.c:1418
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13942
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
b0cc6d217485c317b2138347216fac5d74684328)
Gary Lockyer [Tue, 14 May 2019 03:53:22 +0000 (15:53 +1200)]
s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value
Fix use after free detected by AddressSanitizer
AddressSanitizer: heap-use-after-free on address 0x61400026a4a0
at pc 0x7fd555c52f12 bp 0x7ffed7231180 sp 0x7ffed7231170
READ of size 1 at 0x61400026a4a0 thread T0
#0 0x7fd555c52f11 in ldb_should_b64_encode
../../lib/ldb/common/ldb_ldif.c:197
#1 0x7fd539dc9417 in dsdb_audit_add_ldb_value
../../source4/dsdb/samdb/ldb_modules/audit_util.c:491
#2 0x7fd539dc9417 in dsdb_audit_attributes_json
../../source4/dsdb/samdb/ldb_modules/audit_util.c:651
#3 0x7fd539dc6a7e in operation_json
../../source4/dsdb/samdb/ldb_modules/audit_log.c:305
The problem is that at the successful end of these functions
el->values is overwritten with new_values. However get_parsed_dns()
points p->v at the supplied el and it effectively gets used
as a working area by replmd_build_la_val(). So we must duplicate it
because our caller only called ldb_msg_copy_shallow().
The reason this matters is that the audit_log module is
above repl_meta_data in the stack, and tries to log the
ldb_message it saw after the reply (to include the error code).
If that ldb_message is changed it is not only misleading,
it can point to memory that has since gone away.
In this case the memory for the full extended DN in the
member attribute ended up on 'ac', a context lost by
the time repl_meta_data has finished processing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13941
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 15 05:35:47 UTC 2019 on sn-devel-184
(cherry picked from commit
0daa0ff921b270df9b794f02acbaa391c95cd89b)
Andrew Bartlett [Wed, 15 May 2019 02:47:53 +0000 (14:47 +1200)]
s4 dsdb/repl_meta_data: allocate new extended DNs during ADD on a better context
Lower down in this function new_values is assigned over el->values and is
filled in with the values of all the parsed DNs. Therefore it is the natural
talloc parent.
This will allow el->values to be allocated on tmp_ctx in the next commit for
a working area during the function call.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
4aa9924310287ff3b36618496fa6c707c615ad4c)
Andreas Schneider [Tue, 14 May 2019 09:35:46 +0000 (11:35 +0200)]
s3:smbspool: Use NTSTATUS return codes
This allows us to simplify some code and return better errors.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
d9af3dc02e98a3eb22441dfbdeddbaca0af078ea)
Andreas Schneider [Thu, 16 May 2019 16:24:32 +0000 (18:24 +0200)]
s3:smbspool: Add debug messages to kerberos_ccache_is_valid()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
93acd880801524c5e621df7b5bf5ad650f93cec3)
Andreas Schneider [Mon, 13 May 2019 16:54:02 +0000 (18:54 +0200)]
s3:smbspool: Always try to authenticate using Kerberos
If username and password is given, then fallback to NTLM. However try
kinit first. Also we correctly handle NULL passwords in the meantime and
this makes it easier to deal with issues.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
3d719a1f85db8e423dc3a4116a2228961d5ac48d)
Andreas Schneider [Mon, 13 May 2019 14:48:31 +0000 (16:48 +0200)]
s3:smbspool: Print the filename we failed to open
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
281274572bcc3125fe6026a01ef7bf7ef584a0dd)
Andreas Schneider [Thu, 16 May 2019 15:40:43 +0000 (17:40 +0200)]
s3:smbspool: Fallback to default ccache if KRB5CCNAME is not set
This could also support the new KCM credential cache storage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
6bbdf69e406916107400e2cabdbc831e2a2bbee3)
Andreas Schneider [Thu, 16 May 2019 15:10:57 +0000 (17:10 +0200)]
s3:smbspool: Use %u format specifier to print uid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
be596ce3d2455bd49a8ebd311d8c764c37852858)