jmcdough [Wed, 7 Jun 2017 14:17:50 +0000 (16:17 +0200)]
Merge branch 'factory_4.6.5' into 'factory'
Factory 4.6.5
See merge request !4
David Disseldorp [Tue, 6 Jun 2017 12:02:18 +0000 (14:02 +0200)]
Merge tag 'samba-4.6.5' into factory
samba: tag release samba-4.6.5
Karolin Seeger [Fri, 2 Jun 2017 09:38:19 +0000 (11:38 +0200)]
VERSION: Disable GIT_SNAPSHOTS for the 4.6.5 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 2 Jun 2017 09:37:07 +0000 (11:37 +0200)]
WHATSNEW: Add release notes for Samba 4.6.5.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Martin Schwenke [Thu, 1 Jun 2017 04:37:40 +0000 (14:37 +1000)]
ctdb-common: Fix crash in logging initialisation
Setting CTDB_LOGGING to syslog:nonblocking or syslog:udp will cause
ctdbd to crash at startup due to NULL pointer dereference.
Refactoring in commit
c9124a001f5abf7bb577a8f5341da4cc7411ed22
introduced this regression.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12814
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Jun 1 15:26:19 CEST 2017 on sn-devel-144
(cherry picked from commit
c47e6b140d0c7cc15a93782957090625a832ba59)
Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Fri Jun 2 14:06:37 CEST 2017 on sn-devel-144
Andreas Schneider [Tue, 21 Mar 2017 14:45:34 +0000 (15:45 +0100)]
s3:smbd: Set up local and remote address for fake connection
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12687
Pair-Programmed-With: Ralph Boehme <slow@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e530e43d67436881fd039877f956f0ad9b562af9)
Andreas Schneider [Tue, 21 Mar 2017 14:32:37 +0000 (15:32 +0100)]
s3:smbd: Pass down remote and local address to get_referred_path()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12687
Pair-Programmed-With: Ralph Boehme <slow@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
cbf67123e037207662ec0d4e53c55990e21b157e)
Ralph Boehme [Fri, 26 May 2017 13:35:54 +0000 (15:35 +0200)]
s4/torture: test for bug 12798
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12798
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
bd43939ec07a2fc6858d1265fc75a68a7cd96f58)
Ralph Boehme [Fri, 26 May 2017 09:57:08 +0000 (11:57 +0200)]
s3/smbd: fix exclusive lease optimisation
We need to expect any amount of "stat" opens on the file without
triggering an assert.
This is the correct fix for bug #11844. I guess we haven't seens this
very often before bug #12766 got fixed, because most clients were using
LEASES instead of OPLOCKS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12798
See also:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11844
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12766
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
19b938e1fa9822ac417a3b3a34519087470d7a18)
Ralph Boehme [Fri, 26 May 2017 09:35:52 +0000 (11:35 +0200)]
s3/locking: make find_share_mode_entry public
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12798
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9d7739e819d5699209b5eacad4a0e2a8b8da0a86)
Jeremy Allison [Wed, 24 May 2017 18:45:35 +0000 (11:45 -0700)]
s3: VFS: Catia: Ensure path name is also converted.
https://bugzilla.samba.org/show_bug.cgi?id=12804
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
fda1e701af804db81dcb3844921e9a327563bc5c)
Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Tue May 30 16:36:35 CEST 2017 on sn-devel-144
Martin Schwenke [Wed, 24 May 2017 10:21:55 +0000 (20:21 +1000)]
ctdb-tests: Add some extra tests for "ctdb nodestatus"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12802
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri May 26 05:24:34 CEST 2017 on sn-devel-144
(cherry picked from commit
ade535371b86294c12ca3f7eb98d8ef7ecd29caa)
Martin Schwenke [Wed, 24 May 2017 10:27:58 +0000 (20:27 +1000)]
ctdb-tools: "ctdb nodestatus" should only display header for "all"
The "Number of nodes:" header should only be displayed when "all" is
specified. This is how the command behaved in Samba <= 4.4.
Printing the number of nodes is not helpful and is rather confusing in
the default case where only the status of the current node is printed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12802
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
1d10c8e9e637619b754b4a273d3c714fbca7d503)
Martin Schwenke [Wed, 24 May 2017 10:24:54 +0000 (20:24 +1000)]
ctdb-tools: Stop "ctdb nodestatus" from always showing all nodes
Exit code should only reflect current or specified nodes too.
Drop an unwanted call to get_nodemap() that overwrites the previously
calculated node map.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12802
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
a600d467e2842ab05e429c5a67be5b222ddd1c12)
Amitay Isaacs [Thu, 18 May 2017 01:50:09 +0000 (11:50 +1000)]
ctdb-readonly: Avoid a tight loop waiting for revoke to complete
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12697
During revoking readonly delegations, if one of the nodes disappears,
then there is no point re-trying revoking readonly delegation immedately.
The database needs to be recovered before the revoke operation can
succeed.
However, if the revoke is successful, then all the write requests need
to be processed immediately before the read-only requests. This avoids
starving write requests, in case there are read-only requests coming
from other nodes.
In deferred_call_destructor, the result of revoke is not available and
deferred calls cannot be correctly ordered. To correctly order the
deferred calls, process them in revokechild_destructor where the result
of revoke is known.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
f5f05a644dadc0b1858c99c5f1f5af1ef80f3a28)
Amitay Isaacs [Thu, 18 May 2017 00:15:01 +0000 (10:15 +1000)]
Revert "ctdb-readonly: Avoid a tight loop waiting for revoke to complete"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12697
This reverts commit
ad758cb869ac83534993caa212abc9fe9905ec68.
This is an incomplete fix and introduces a regression.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
a50b25d0ebbe731a766f8d2ce1924b34d6041668)
Karolin Seeger [Tue, 30 May 2017 09:59:40 +0000 (11:59 +0200)]
VERSION: Bump version up to 4.6.5.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 30 May 2017 09:57:49 +0000 (11:57 +0200)]
Merge tag 'samba-4.6.4' into v4-6-test
samba: tag release samba-4.6.4
Karolin Seeger [Fri, 19 May 2017 10:13:57 +0000 (12:13 +0200)]
VERSION: Disable GIT_SNAPSHOTS for the 4.6.4 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 19 May 2017 10:13:03 +0000 (12:13 +0200)]
WHATSNEW: Add release notes for Samba 4.6.4.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
npower [Mon, 22 May 2017 15:40:49 +0000 (17:40 +0200)]
Merge branch 'EMBARGOED_bsc1038231_' into 'factory'
bsc1038231 CVE-2017-7494
See merge request !3
David Disseldorp [Mon, 22 May 2017 15:29:31 +0000 (17:29 +0200)]
smbcacls: fix -Werror=declaration-after-statement build
Fix mixed declarations and code added with "add new
'--propagate-inheritance' option for smbcacls".
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Mon, 22 May 2017 15:26:22 +0000 (17:26 +0200)]
pdb_ldap: fix -Werror=declaration-after-statement build
Fix mixed declarations and code added with "Disable logon cache for
password lockout consistency when running in a cluster".
Signed-off-by: David Disseldorp <ddiss@samba.org>
Volker Lendecke [Mon, 8 May 2017 19:40:40 +0000 (21:40 +0200)]
CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Tue, 16 May 2017 23:12:19 +0000 (16:12 -0700)]
s3: smbd: Fix open_files.idl to correctly ignore share_mode_lease *lease in share_mode_entry.
This is currently marked 'skip', which means it isn't stored in the
db, but printed out in ndr dump. However, this pointer can be invalid
if the lease_idx is set to 0xFFFFFFFF (invalid).
This is fixed up inside parse_share_modes(), but not until after
ndr_pull_share_mode_data() is called. If lease_idx == 0xFFFFFFFF
then ndr_print_share_mode_lease() prints an invalid value and
crashes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12793
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 18 03:01:40 CEST 2017 on sn-devel-144
(cherry picked from commit
b691f6d32f79ef8427f567612243dd51ea8d5584)
Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Fri May 19 13:33:08 CEST 2017 on sn-devel-144
Volker Lendecke [Mon, 8 May 2017 19:40:40 +0000 (21:40 +0200)]
CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Karolin Seeger [Fri, 21 Apr 2017 09:13:49 +0000 (11:13 +0200)]
VERSION: Bump version up to 4.6.4...
and re-enable GIT_SNAPSHOTS.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
9602cd0b5373aacc22c262b04b828b93cadf6df5)
Amitay Isaacs [Thu, 20 Apr 2017 04:34:54 +0000 (14:34 +1000)]
ctdb-tests: Use tighter pattern for matching expected output
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12792
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon May 15 08:08:10 CEST 2017 on sn-devel-144
(cherry picked from commit
9b5078919796da8dd7893e0a4f716dc1f1991de5)
Amitay Isaacs [Tue, 7 Mar 2017 05:52:26 +0000 (16:52 +1100)]
ctdb-tests: Explicitly search for the specific log entry
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12792
... instead of expecting the last line to be the matching log entry.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
3db572832e9b99ea5b6d531d3b7331b8c0131fd6)
Amitay Isaacs [Fri, 5 May 2017 16:08:50 +0000 (02:08 +1000)]
ctdb-logging: Initialize DEBUGLEVEL before changing the value
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12770
DEBUGLEVEL is defined as a const array reference at compile time.
debug_init() converts that to an allocated array reference at run time.
Since debug_init() is a static function, initialize DEBUGLEVEL via
setup_logging().
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon May 8 00:12:25 CEST 2017 on sn-devel-144
(cherry picked from commit
af09a733e953072707cde7df0126652e646970f6)
Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Tue May 16 13:25:31 CEST 2017 on sn-devel-144
Christian Ambach [Thu, 4 May 2017 10:21:45 +0000 (12:21 +0200)]
s3:smbcacls add prompt for password
if no password was given, ask for one
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12765
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Thu May 4 20:36:50 CEST 2017 on sn-devel-144
(cherry picked from commit
770edb6aab2a1c2cbd85b975511b33b5fc580f13)
Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Fri May 12 12:57:38 CEST 2017 on sn-devel-144
Volker Lendecke [Thu, 6 Apr 2017 10:50:08 +0000 (12:50 +0200)]
idmap_rfc2307: Test unix-ids-to-sids with 35 groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
ee3b17ba4674a17a411c9ec4271e087c8cd7dad1)
Volker Lendecke [Tue, 4 Apr 2017 15:15:10 +0000 (17:15 +0200)]
selftest: Avoid idmap caching when testing idmap_rfc2307
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
da7481f835ddc1fab16d11ccbaf7f33c213af23a)
Volker Lendecke [Fri, 31 Mar 2017 15:23:39 +0000 (15:23 +0000)]
idmap_rfc2307: "ldap_next_entry" needs the previous entry, not the start
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
803ea2d2b7820939d03f7eb381c3cf719a00ff4a)
Volker Lendecke [Fri, 31 Mar 2017 15:20:07 +0000 (15:20 +0000)]
idmap_rfc2307: Don't stop after 30 entries
We start over again and again, so we need to search in the whole list.
This is a quick hack generating a bad O(n^2). The real fix is to
call idmap_rfc2307_find_map with "maps" starting at the right offset,
but that's an optimization for later when it's restructured
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
c0f12170e8b9fb3ab75f53bba637c72f6465192e)
Volker Lendecke [Tue, 4 Apr 2017 13:28:36 +0000 (15:28 +0200)]
test_idmap_rfc2307: Test wbinfo -r for 35 supplementary group memberships
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
e663357b4d7d5cb0c4d8a0ebc97cfcb58429b894)
Volker Lendecke [Tue, 4 Apr 2017 13:12:02 +0000 (15:12 +0200)]
test_idmap_rfc2307: Do a recursive delete in ou=idmap
We'll create more posix objects soon
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
1f5097e3fbf9931c830880637622bb0b05863466)
Volker Lendecke [Tue, 4 Apr 2017 12:59:45 +0000 (14:59 +0200)]
test_idmap_rfc2307: Correct usage
We already have 13 args at this point, and growing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
f34ff621edbfd8b7c99cdadec166a80ae9c5646c)
Volker Lendecke [Tue, 4 Apr 2017 12:15:26 +0000 (14:15 +0200)]
test_idmap_rfc2307: Avoid a tmpfile
We can << directly into ldbadd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
1893bb9bc48d9251820a185c95c65562f2878074)
Volker Lendecke [Tue, 4 Apr 2017 12:15:26 +0000 (14:15 +0200)]
test_idmap_rfc2307: Remove the correct file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
9e816ea2f8d21d392b4e9050e443ef936629202e)
Volker Lendecke [Fri, 31 Mar 2017 15:23:39 +0000 (15:23 +0000)]
idmap_rfc2307: "ldap_next_entry" needs the previous entry, not the start
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
17563f295ffa7379daa5bf7cc89540df4ae4f7b3)
Volker Lendecke [Fri, 31 Mar 2017 15:20:07 +0000 (15:20 +0000)]
idmap_rfc2307: Don't stop after 30 entries
We start over again and again, so we need to search in the whole list.
This is a quick hack generating a bad O(n^2). The real fix is to
call idmap_rfc2307_find_map with "maps" starting at the right offset,
but that's an optimization for later when it's restructured
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
54a0e7e3d7332f420f36a3a20dd62156e6adea46)
Stefan Metzmacher [Tue, 25 Apr 2017 11:25:57 +0000 (13:25 +0200)]
samba-tool: let 'samba-tool user syncpasswords' report deletions immediately
We need to use the show-recycled control in addition to the
notification control in order to get notifications about deletions.
There's no real problem as the next modification will report the deletion.
But it might be delayed a few minutes.
Note that show-recycled is a superset of show-deleted, so we only need one.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12767
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
afa15e6128473d3e4006f7cdc3762ab4c1cba05a)
Ralph Boehme [Thu, 4 May 2017 09:52:16 +0000 (11:52 +0200)]
s3/smbd: update exclusive oplock optimisation to the lease area
Update an optimisation in update_num_read_oplocks() that checks for
exclusive oplocks to the lease area.
The idea of the optimisation is to avoid expensive db queries in
brlock.tdb if we *know* we're the only open.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12766
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat May 6 22:58:47 CEST 2017 on sn-devel-144
(cherry picked from commit
a50343779a8a92d6f53095b36506b1d47ef68513)
Ralph Boehme [Thu, 20 Apr 2017 19:37:37 +0000 (21:37 +0200)]
s3/smbd: update exclusive oplock optimisation to the lease area
This is similar to
9533a55ee5ffe430589dcea845851b84876ef656 but this
time in the contend_level2_oplocks_begin_default() function.
The idea of the optimisation is to avoid expensive db queries in
locking.tdb if we *know* we're the only open.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12766
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0a4a08ad1cef3b7d6fd47df3a93c2c89dd287ee8)
Ralph Boehme [Thu, 4 May 2017 09:50:56 +0000 (11:50 +0200)]
s3/locking: helper functions for lease types
Add some helper functions that will be used to update a bunch of checks
for exclusive oplocks to the lease area.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12766
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f631e95e2de857ea98204609a71e6db00993994b)
Ralph Boehme [Thu, 4 May 2017 09:50:01 +0000 (11:50 +0200)]
s3/locking: add const to fsp_lease_type
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12766
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
952701dce09b1ee89a0f6a450ac244fd6451955b)
Alexander Bokovoy [Wed, 28 Sep 2016 21:09:12 +0000 (00:09 +0300)]
systemd: fix detection of libsystemd
On Fedora 25 detection of libsystemd actually fails due to wrong
assumptions in the configure test. conf.CHECK_LIB returns a list
so 'not conf.CHECK_LIB(...)' is always False and we never get to check
libsystemd.
Instead, remember result of checking pkg-config for separate
libsystemd-daemon and libsystemd-journal libraries. If they miss,
attempt to use libsystemd library instead.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May 2 13:05:43 CEST 2017 on sn-devel-144
(cherry picked from commit
09bc5b5374227a555f580c3d7c1d82f15bb818bc)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12764
systemd: fix detection of libsystemd
Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Wed May 3 20:43:57 CEST 2017 on sn-devel-144
Doug Nazar [Thu, 27 Apr 2017 22:41:24 +0000 (15:41 -0700)]
s3: smbd: inotify_map_mask_to_filter incorrectly indexes an array.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12760
Signed-off-by: Doug Nazar <nazard@nazar.ca>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
a939db725ea81944532ba3b035da0d145bc3b62a)
Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Wed May 3 13:31:27 CEST 2017 on sn-devel-144
Alexander Bokovoy [Tue, 18 Apr 2017 15:28:29 +0000 (18:28 +0300)]
s3-tests: assignement in shell shall have no spaces around equal sign
When assigning value to 'failed', no spaces should be around '=' sign.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 19 02:53:25 CEST 2017 on sn-devel-144
(cherry picked from commit
d58481bd133a8f59ae553eeff6335162f3c7071c)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12751
Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Fri Apr 28 13:07:55 CEST 2017 on sn-devel-144
Alexander Bokovoy [Fri, 31 Mar 2017 09:44:58 +0000 (12:44 +0300)]
_netr_ServerPasswordSet2: use info level 26 to set plain text machine password
To support password change for machine or trusted domain accounts in Active
Directory environment we need to pass down actual plain text password
instead of NT hashes. This would allow a backend like ipasam to update
Kerberos keys as well as NT hashes.
By calling samr_SetUserInfo2 info level 26 we ensure PASSDB layer can
actually get the plain text password. If PASSDB backend implements
pdb_update_sam_account() callback, it then gets the plain text password
from samr_SetUserInfo2.
A plain text password is a data blob represented as up to 256 WCHARs. It
is UTF-16 coded on wire and we have its length from the buffer.
SetUserInfo2 SAMR call chain in decode_pw_buffer() does explicitly
expect 512+4 bytes in the buffer. It then calls convert_string_talloc()
to convert it to UNIX charset passing the correct value of the plaintext
password length. However, convert_string_talloc() expects the length of
input string *including* the terminating null and we pass just the
string length.
convert_string_talloc() then explicitly null-terminates the resulting
string by adding two nulls. In most cases UNIX charset is UTF-8, so we
get null-terminated UTF-8 string down to PASSDB layer.
MS-SAMR does not limit what does the password should contain. It says
it is 'userPassword' value. Either 'userPassword' or 'unicodePwd' cannot
contain null characters according to MS-ADTS 3.1.1.3.1.5 because they
must be proper UTF-8 and UTF-16 strings accordingly.
We are talking to our own SAMR service here.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ff4fb6935a32e33ef01c97d4ee103bc11ac31da0)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12751
Ralph Boehme [Wed, 19 Apr 2017 11:12:55 +0000 (13:12 +0200)]
vfs_fruit: lp_case_sensitive() does not return a bool
lp_case_sensitive() returns an int, not a bool, so with the default
setting of "Auto" by default we set the AAPL flag
SMB2_CRTCTX_AAPL_CASE_SENSITIVE.
This caused the client to believe the volume is case sensitive where it
wasn't, leading to an error when trying to rename files changing only
the case of the name.
Also fix the existing torture test that verifies AAPL context
negotiation and actually expected the server to return "case sensitive",
while the Samba default is really "case insensitive".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12749
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
36612723b2b18675116b6197183bdfe5e1d9e06f)
Ralph Boehme [Mon, 10 Apr 2017 12:28:18 +0000 (14:28 +0200)]
winbindd: only use the domain name from lookup sids if the domain matches
With the use of sIDHistory it happens that two sids map to the same name:
S-1-5-21-
1387724271-
3540671778-
1971508351-1115 DOMAIN2\d1u1 (1)
S-1-5-21-
3293503978-
489118715-
2763867031-1106 DOMAIN2\d1u1 (1)
On the net it looks like this:
lsa_LookupSids: struct lsa_LookupSids
in: struct lsa_LookupSids
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
344f3586-7de4-4e1d-96a9-
8c6c23e4b2f0
sids : *
sids: struct lsa_SidArray
num_sids : 0x00000002 (2)
sids : *
sids: ARRAY(2)
sids: struct lsa_SidPtr
sid : *
sid : S-1-5-21-
1387724271-
3540671778-
1971508351-1115
sids: struct lsa_SidPtr
sid : *
sid : S-1-5-21-
3293503978-
489118715-
2763867031-1106
names : *
names: struct lsa_TransNameArray
count : 0x00000000 (0)
names : NULL
level : LSA_LOOKUP_NAMES_ALL (1)
count : *
count : 0x00000000 (0)
lsa_LookupSids: struct lsa_LookupSids
out: struct lsa_LookupSids
domains : *
domains : *
domains: struct lsa_RefDomainList
count : 0x00000001 (1)
domains : *
domains: ARRAY(1)
domains: struct lsa_DomainInfo
name: struct lsa_StringLarge
length : 0x000e (14)
size : 0x0010 (16)
string : *
string : 'DOMAIN2'
sid : *
sid : S-1-5-21-
1387724271-
3540671778-
1971508351
max_size : 0x00000020 (32)
names : *
names: struct lsa_TransNameArray
count : 0x00000002 (2)
names : *
names: ARRAY(7)
names: struct lsa_TranslatedName
sid_type : SID_NAME_USER (1)
name: struct lsa_String
length : 0x0008 (8)
size : 0x0008 (8)
string : *
string : 'd1u1'
sid_index : 0x00000000 (0)
names: struct lsa_TranslatedName
sid_type : SID_NAME_USER (1)
name: struct lsa_String
length : 0x0008 (8)
size : 0x0008 (8)
string : *
string : 'd1u1'
sid_index : 0x00000000 (0)
count : *
count : 0x00000002 (2)
result : NT_STATUS_OK
So the name for S-1-5-21-
3293503978-
489118715-
2763867031-1106 has
S-1-5-21-
1387724271-
3540671778-
1971508351 in referenced lsa_DomainInfo
structure. In that case we should not use the domain name from lsa_DomainInfo,
because we would use the wrong idmap backend.
For the case where the domain part of the sIDHistory sid is a still existing
domain, which can be found our internal list of trusted domains, we now use the
correct idmap backend: the idmap domain from the historic SID.
If the historic domain does no longer exist, we will fallback to the default
idmap domain.
The next step would be doing a lookup sid call for the domain sid, which may
help with one-way trusts.
The long term goal needs to be that idmap backends are based on sids only and
only the smb.conf allows names to be used which will be converted to sids on
startup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12702
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Apr 12 16:43:30 CEST 2017 on sn-devel-144
(cherry picked from commit
9d419c3fe3654f038fbc978ecb7fa87cf8a5cc3b)
Ralph Boehme [Tue, 4 Apr 2017 12:51:09 +0000 (14:51 +0200)]
winbindd: handling of SIDs without domain reference in wb_sids2xids_lookupsids_done()
This lets wb_sids2xids_lookupsids_done() deal with wp_lookupsids
returning UINT32_MAX as domain index for SIDs from unknown domains.
Call find_domain_from_sid_noinit() to search our list of known
domains. If a matching domain is found, use it's name, otherwise use the
empty string "". This needed to handle Samba DCs which always returns
sid_index UINT32_MAX for unknown SIDs, even from known domains.
Currently the wb_lookupsids adds these fake domains with an empty string
as domain name, but that's not the correct place to do it. We need the
domain name as it gets passed to the idmap child where the choise of
idmap backend is based on the domain name. This will possibly be changed
in the future to be based on domain SIDs, not the name.
Prerequisite for bug: https://bugzilla.samba.org/show_bug.cgi?id=12702
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1efaeb072e55735421191fbae9cc586db6d07bb1)
Ralph Boehme [Mon, 6 Feb 2017 11:47:41 +0000 (12:47 +0100)]
vfs_acl_xattr|tdb: ensure create mask is at least 0666 if ignore_system_acls is set
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12562
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Apr 20 20:50:10 CEST 2017 on sn-devel-144
(cherry picked from commit
375d772d04338861d92e683ae3c6c9d7ecb846ad)
Shilpa Krishnareddy [Tue, 25 Apr 2017 14:59:45 +0000 (16:59 +0200)]
notify: Fix ordering of events in notifyd
In notifyd_trigger_parser() while initializing notify_event_msg values from
notify_trigger_msg, 'when' value is ignored. So the smbd process does not get
correct 'when' value and this is causing issues during qsort in
notify_marshall_changes(). Because of this issue, smb2.notify.dir test was
failing.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12756
Signed-off-by: Shilpa Krishnareddy <skrishnareddy@panzura.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Apr 26 17:02:58 CEST 2017 on sn-devel-144
(cherry picked from commit
5701880655c8a82b6d533c7c2e131cc803e7570b)
David Disseldorp [Tue, 25 Apr 2017 15:00:57 +0000 (17:00 +0200)]
Merge branch 'factory_463' into 'factory'
Factory: update to upstream 4.6.3 release
See merge request !2
David Disseldorp [Tue, 25 Apr 2017 14:05:30 +0000 (16:05 +0200)]
Merge tag 'samba-4.6.3' into factory_463
samba: tag release samba-4.6.3
Karolin Seeger [Fri, 21 Apr 2017 09:12:58 +0000 (11:12 +0200)]
VERSION: Disable GIT_SNAPSHOTS for the 4.6.3 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 21 Apr 2017 09:13:49 +0000 (11:13 +0200)]
VERSION: Bump version up to 4.6.4...
and re-enable GIT_SNAPSHOTS.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 21 Apr 2017 09:12:24 +0000 (11:12 +0200)]
WHATSNEW: Add release notes for Samba 4.6.3.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Hanno Böck [Wed, 19 Apr 2017 12:00:21 +0000 (14:00 +0200)]
cleanupdb: Fix a memory read error
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12748
Signed-off-by: Hanno Böck <hanno@hboeck.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
fd98a7b6a0053b62802e29fb729e219dc08eef6b)
Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Fri Apr 21 13:59:21 CEST 2017 on sn-devel-144
Michael Adam [Tue, 11 Apr 2017 10:03:52 +0000 (12:03 +0200)]
s3:vfs:shadow_copy2: fix corner case of "/@GMT-token" in shadow_copy2_strip_snapshot
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
26661218b3d3f0d4ee89039727bc110e972c2851)
The last 3 patches address
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12743
vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend
Michael Adam [Tue, 11 Apr 2017 10:03:20 +0000 (12:03 +0200)]
s3:vfs:shadow_copy2: fix the corner case if cwd=/ in make_relative_path
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
16c89835cf07caa2082b586666095deba38ef962)
Michael Adam [Tue, 11 Apr 2017 09:18:30 +0000 (11:18 +0200)]
s3:vfs:shadow_copy2: fix quoting in debug messages
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
fffd611fdc558ab428c8a21cf1e68feaf1f6f469)
Stefan Metzmacher [Sun, 2 Apr 2017 22:19:25 +0000 (00:19 +0200)]
pam_winbind: no longer use wbcUserPasswordPolicyInfo when authenticating
The expiry time for the specific user comes from
info->pass_must_change_time and nothing else.
The authenticating DC knows which password policy applies
to the user, that's nothing the client can do, as
domain trusts and fine-grained password policies makes
this a very complex task.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12725
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
fba7ed9a3fa6fcb2d90d1271ae81ec11b554bd2d)
Jeremy Allison [Mon, 17 Apr 2017 21:30:54 +0000 (14:30 -0700)]
s3:smbd: Fix incorrect use of sys_getgroups()
Second arg must be NULL when first arg is 0 (it is in all other places).
Bug report and patch from Hanno Böck <hanno@hboeck.de>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12747
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 18 15:43:02 CEST 2017 on sn-devel-144
(cherry picked from commit
76b351e907f67cc7d4af4e7d800c7a3aa1269ee8)
Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Thu Apr 20 16:21:13 CEST 2017 on sn-devel-144
Jeremy Allison [Mon, 17 Apr 2017 21:30:04 +0000 (14:30 -0700)]
s3:lib: Fix incorrect logic in sys_broken_getgroups()
If setlen == 0 then the second argument must be ignored.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12747
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
60af864f751706c48b8af448700bf06e33e45946)
Jeremy Allison [Mon, 17 Apr 2017 21:09:24 +0000 (14:09 -0700)]
lib: debug: Avoid negative array access.
Report and patch from Hanno Böck <hanno@hboeck.de>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12746
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
600f8787e3b605c9f3e8f724c726e63157ee9efc)
Uri Simchoni [Thu, 13 Apr 2017 09:44:58 +0000 (12:44 +0300)]
vfs_acl_xattr: avoid needlessly supplying a large buffer to getxattr()
When obtaining the security descriptor via getxattr(), first try
optimistically to supply a buffer of 4K, and if that turns out
to be too small, determine the correct buffer size.
The previous behavior of falling back to a 64K buffer encountered
problem with Linux prior to version 3.6, due to pyisical memory
fragmentation. With those kernels, as long as the buffer is 8K or
smaller, getting the xattr is much less prone to failure due to
memory fragmentation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12737
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 18 04:41:16 CEST 2017 on sn-devel-144
(cherry picked from commit
05d83ccf7a6fecf963fcb980acd50cebfc0c3ea9)
Uri Simchoni [Sat, 8 Apr 2017 21:40:44 +0000 (00:40 +0300)]
vfs_acl_xattr: factor out fetching of an extended attribute
Pure refactoring - add a function that fetches an extended attribute
based on either the file descriptor or the file name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12737
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
7b775abd9278ae34110ec87d94a736be7f64884a)
Uri Simchoni [Thu, 13 Apr 2017 09:50:47 +0000 (12:50 +0300)]
vfs_xattr_tdb: handle case of zero size.
With getxattr(), passing a zero buffer size is a
way of obtaining actual xattr size.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12737
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4dfa2d6a0972847e3b21ddf05077e50ed72c4ea8)
Uri Simchoni [Sat, 8 Apr 2017 21:20:40 +0000 (00:20 +0300)]
selftest: test fetching a large ACL from vfs_acl_xattr
Add a test that fetches an ACL whose size is larger than 4K.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12737
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
5017dfeef24b8d568e0146c085f3f979d688acf2)
Amitay Isaacs [Thu, 6 Apr 2017 02:20:21 +0000 (12:20 +1000)]
ctdb-docs: Fix documentation of -n option to ctdb tool
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12733
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
7f714a436250dfeaa1970f78090ef066482711f0)
Stefan Metzmacher [Sun, 2 Apr 2017 22:19:40 +0000 (00:19 +0200)]
rpcclient: allow -U'OTHERDOMAIN\user' again
I guess the primary reason for forcing lp_workgroup()
was the usage of -U% together with schannel,
see source3/script/tests/test_rpcclient_samlogon.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12731
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 5 14:09:23 CEST 2017 on sn-devel-144
(cherry picked from commit
f1e3c8ebb31fcd9ef9e1809a42a648442dffc1ee)
Ralph Boehme [Wed, 29 Mar 2017 09:13:46 +0000 (11:13 +0200)]
winbindd: trigger possible passdb_dsdb initialisation
If the passdb backend is passdb_dsdb the domain SID comes from dsdb, not
from secrets.tdb. As we use the domain SID in various places, we must
ensure the domain SID is migrated from dsdb to secrets.tdb before
get_global_sam_sid() is called the first time.
The migration is done as part of the passdb_dsdb initialisation, calling
pdb_get_domain_info() triggers it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12729
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 1 21:18:59 CEST 2017 on sn-devel-144
(cherry picked from commit
8b32fc4006ae338ddee7c0e5991958ec3463da0d)
Ralph Boehme [Sun, 26 Mar 2017 06:22:13 +0000 (08:22 +0200)]
winbindd: error handling in rpc_lookup_sids()
NT_STATUS_NONE_MAPPED and NT_STATUS_SOME_NOT_MAPPED should not be
treated as fatal error. We should continue processing the results and
not bail out.
In case we got NT_STATUS_NONE_MAPPED we must have to ensure all
lsa_TranslatedName are of type SID_NAME_UNKNOWN.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
8dfbba59d768b10f6b088cfc49e5dbe6de4834e1)
Ralph Boehme [Sat, 1 Apr 2017 14:51:07 +0000 (16:51 +0200)]
s3/rpc_client: lookupsids error handling of NT_STATUS_NONE_MAPPED
NT_STATUS_NONE_MAPPED is not a fatal error, it just means we must return
all lsa_TranslatedName's as type SID_NAME_UNKNOWN.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
416c74e8c89dc2fb2083beaaa9ac8a6e975ec873)
Ralph Boehme [Sat, 1 Apr 2017 14:56:39 +0000 (16:56 +0200)]
s3/rpc_client: use NT_STATUS_LOOKUP_ERR
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0e7e4ebad31caa1ccb392f2fe20c67929149b8c9)
Ralph Boehme [Sat, 1 Apr 2017 14:44:45 +0000 (16:44 +0200)]
s3/include: add NT_STATUS_LOOKUP_ERR
Useful helper macro to check the return value of LSA and SAMR
translations.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
fc37c7327dc7e4ad4405e324fc88d4bbf9b6ef9e)
Ralph Boehme [Fri, 31 Mar 2017 14:06:18 +0000 (16:06 +0200)]
selftest: fix for wbinfo -s tests for wellknown SIDs
Rework while loop to not use a pipe as that uses a subshell for the loop
which means assigning to the variable failed is not visible in the
main script.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
d8fd56a8244a3010469c27eaa3b73a2c5fbbc41f)
Ralph Boehme [Sun, 2 Apr 2017 11:42:45 +0000 (13:42 +0200)]
winbindd: explicit check for well-known SIDs in wb_lookupsids_bulk()
Those are implicitly already catched by the
if (sid->num_auths != 5)
check, but I'd like to make the desired behaviour more obvious.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
167bb5ead8c7193d173fdba8a453279d422fa7ea)
Ralph Boehme [Fri, 31 Mar 2017 14:24:05 +0000 (16:24 +0200)]
selftest: wbinfo --sids-to-unix-ids tests for wellknown SIDs
This test passes even without the fix, as in sids2xids we use the
lookupnames just to determine the mapping domain, using the default
idmap domain as fallback if that fails.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
8bd5f774fdc1f4ea012885262eb0f40640504de8)
Ralph Boehme [Fri, 31 Mar 2017 14:06:18 +0000 (16:06 +0200)]
selftest: wbinfo -s tests for wellknown SIDs
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
2150de3a73527850547263e853faf4f3fedca6e6)
Ralph Boehme [Thu, 30 Mar 2017 21:41:59 +0000 (23:41 +0200)]
winbindd: use passdb backend for well-known SIDs
On a DC well-known SIDs like S-1-1-0 (everyone) *must* be handled by the
local domain, otherwise something simple like this fails with
WBC_ERR_DOMAIN_NOT_FOUND:
$ make testenv SELFTEST_TESTENV=nt4_dc SCREEN=1
localnt4dc2$ ./bin/wbinfo --sid-to-name S-1-1-0
failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup sid S-1-1-0
On a member server asking our DC works and is what we're currently
doing, but changing it to ask passdb avoids the overhead.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6b7a14b4b9c3411bd2e05383917e8fdedae51c90)
Ralph Boehme [Wed, 5 Apr 2017 11:27:51 +0000 (13:27 +0200)]
selftest: tests idmap mapping with idmap_rid
This adds two blackbox tests that run wbinfo --sids-to-unix-ids:
o a non-existing SID from the primary domain should return a mapping
o a SID with a bogus (and therefor unknown) domain must not return a mapping
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Apr 7 00:05:02 CEST 2017 on sn-devel-144
(cherry picked from commit
b680ceebf85b2403758a0f9e931f1211e9b80e8d)
Ralph Boehme [Wed, 5 Apr 2017 11:27:14 +0000 (13:27 +0200)]
selftest: new environment "ad_member_idmap_rid"
This uses idmap_rid for the primary domain.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
ef10b43469f5b31a696259a70b3e116a350bfd3d)
Ralph Boehme [Tue, 4 Apr 2017 12:23:03 +0000 (14:23 +0200)]
winbindd: remove unused single_domains array
This was added as part of
9be918116e356c358ef77cc2933e471090088293, but
is not needed anymore as the previous commit changed the logic.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
9671811da8ad3f91ba7bb0fa868f806bc5afe863)
Ralph Boehme [Tue, 4 Apr 2017 12:21:25 +0000 (14:21 +0200)]
winbindd: use correct domain name for failed lookupsids
What we want here is, for failed lookupsids, pass the domain name of the
SID we were trying to lookup to the idmap backend.
But as a domain member, using
state->single_domains[state->single_sids_done]
for this purpose will always be use our primary domain name (for S-1-5-21
SIDs that are not in our local SAM).
So for now use find_domain_from_sid_noinit() to find the domain from the
domain list. This can be removed when we switch idmap backend
determination to be based on domain SIDs, not names.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
a684df160e692710e011c4eb6795a66772025c23)
Martin Schwenke [Mon, 20 Mar 2017 03:49:34 +0000 (14:49 +1100)]
autobuild: Stop waf uninstall from removing test_tmpdir
Most of the autobuild tasks run "make distcheck", which does a
recursive "waf configure make install uninstall". "waf uninstall"
(via BuildContext.install() in Build.py) removes empty directories all
the way up the directory tree. This means that it removes
test_tmpdir, if it is empty, and any empty directories above it.
While this is arguably a waf bug, the simplest solution is to make
test_tmpdir non-empty so it don't get removed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12703
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Mar 21 10:37:08 CET 2017 on sn-devel-144
(cherry picked from commit
05b5af4ae5fbc9b59c857468512858f73e5dea1b)
Stefan Metzmacher [Tue, 21 Feb 2017 16:05:08 +0000 (17:05 +0100)]
script/autobuild.py: ignore missing test_tmpdir
It is still unknown what removes it...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
cad23629ac48253e508fd9bead2bb79bfa7ee3b8)
Stefan Metzmacher [Wed, 11 Jan 2017 13:13:00 +0000 (14:13 +0100)]
script/autobuild.py: try to make TMPDIR handling more verbose
This hopefully gives some hints regarding flakey tests where
the tmpdir is not available.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
278c921263550c1473df8944260bbb4e62a0e0e6)
Stefan Metzmacher [Wed, 11 Jan 2017 14:02:17 +0000 (15:02 +0100)]
script/autobuild.py: add a do_print() wrapper function that flushes after each message
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
96277a9f82379c7fedf36ca13644eb3493dcd1e2)
Stefan Metzmacher [Wed, 11 Jan 2017 13:48:45 +0000 (14:48 +0100)]
script/autobuild.py: export PYTHONUNBUFFERED=1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
5a8d7a5446c23985a7dd3a9cb4856481b94931db)
Stefan Metzmacher [Wed, 11 Jan 2017 13:42:08 +0000 (14:42 +0100)]
script/autobuild.py: cleanup the task subdirs when they're done.
This hopefully reduces the used space on the memdisk.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
f9e188747753225e77f254fe41aad95ff11fec53)
Ralph Boehme [Tue, 7 Feb 2017 14:13:15 +0000 (15:13 +0100)]
s4/torture: vfs_fruit: test for bug 12565
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12565
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
893fc5abbe0a1b63ebd81f442a8d544572ed76a9)
Ralph Boehme [Tue, 7 Feb 2017 06:44:40 +0000 (07:44 +0100)]
vfs_fruit: resource fork open request with flags=O_CREAT|O_RDONLY
When receiving an SMB create request with read-only access mode and
open_if disposition, we end of calling the open() function with
flags=O_CREAT|O_RDONLY for the ._ AppleDouble file.
If the file doesn't exist, ie there's currently no rsrc stream, we create
it but then we fail to write the AppleDouble header into the file due to
the O_RDONLY open mode, leaving a 0 byte size ._ file.
Running this create requests against macOS SMB server yields an
interesting result: it returns NT_STATUS_OBJECT_NAME_NOT_FOUND even
though create dispotion is open_if. Another instance where the macOS SMB
server just exposes FSA behaviour (ie HFS+) and we have to adapt to be
compatible.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12565
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a36de8b81aa88c31450e68ec54d6b659b1693878)
Stefan Metzmacher [Tue, 28 Mar 2017 13:28:21 +0000 (15:28 +0200)]
wafsamba: move -L/some/path from LINKFLAGS_PYEMBED to LIBPATH_PYEMBED
LINKFLAGS should not have path components.
This fixes the build on systems like FreeBSD where python
is located in /usr/local/lib.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12724
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Apr 4 16:10:18 CEST 2017 on sn-devel-144
(similar to commit
d1b88c6a6edeab4f85fc110eaa8d15e76c7e1f7b)
Volker Lendecke [Fri, 7 Apr 2017 14:33:57 +0000 (16:33 +0200)]
selftest: Test for bug 12558
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12558
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3667876ebebb7181d89834e6038e2d7218c98797)
Volker Lendecke [Thu, 6 Apr 2017 20:12:36 +0000 (22:12 +0200)]
smbd: Fix smb1 findfirst with DFS
9377f3bce should have changed the callers of dfs_path_lookup. It now
takes a uint32_t ucf_flags, not a boolean anymore.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12558
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
baa3e71f7968ec3239d80d7602839c2d7c2de74f)
git.samba.org / ddiss / samba.git / log