Karolin Seeger [Tue, 3 Dec 2019 11:54:00 +0000 (12:54 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.10.11 release.
o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
on Samba AD DC.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 3 Dec 2019 11:52:58 +0000 (12:52 +0100)]
WHATSNEW: Add release notes for Samba 4.10.11.
o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
on Samba AD DC.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Isaac Boukris [Thu, 21 Nov 2019 10:12:48 +0000 (11:12 +0100)]
CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Isaac Boukris [Mon, 28 Oct 2019 00:54:09 +0000 (02:54 +0200)]
CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Isaac Boukris [Wed, 30 Oct 2019 14:59:16 +0000 (15:59 +0100)]
CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Isaac Boukris [Sun, 27 Oct 2019 12:02:00 +0000 (14:02 +0200)]
samba-tool: add user-sensitive command to set not-delegated flag
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Andrew Bartlett [Thu, 31 Oct 2019 17:53:56 +0000 (06:53 +1300)]
s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local
This test often flaps in Samba 4.9 (where more tests and DCs run in the environment)
with obj_1 being 3. This is quite OK, we just need to see some changes get
replicated, not 0 changes.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
4ae0f9ce0f5ada99cf1d236377e5a1234c879ae3)
Andrew Bartlett [Tue, 29 Oct 2019 22:50:57 +0000 (11:50 +1300)]
CVE-2019-14861: Test to demonstrate the bug
This test does not fail every time, but when it does it casues a segfault which
takes out the rpc_server master process, as this hosts the dnsserver pipe.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 29 Oct 2019 01:15:36 +0000 (14:15 +1300)]
CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords)
dns_name_compare() had logic to put @ and the top record in the tree being
enumerated first, but if a domain had both then this would break the
older qsort() implementation in ldb_qsort() and cause a read of memory
before the base pointer.
By removing this special case (not required as the base pointer
is already seperatly located, no matter were it is in the
returned records) the crash is avoided.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sun, 20 Oct 2019 23:12:10 +0000 (12:12 +1300)]
CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 29 Oct 2019 04:25:28 +0000 (17:25 +1300)]
CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords
The sort behaviour for child records is not correct in Samba so
we add a flapping entry.
(patch differs from master patch due to addtional flapping entry
for python2)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Karolin Seeger [Tue, 3 Dec 2019 11:49:48 +0000 (12:49 +0100)]
VERSION: Re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 29 Oct 2019 10:12:31 +0000 (11:12 +0100)]
VERSION: Bump version up to 4.10.11.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
f86e09dcd48fa837e15439fcc10eac1b8dec862b)
Karolin Seeger [Thu, 24 Oct 2019 10:13:36 +0000 (12:13 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.10.10 release.
* Bug 14071: CVE-2019-10218: Client code can return filenames containing path
separators.
* Bug 12438: CVE-2019-14833: Samba AD DC check password script does not receive
the full password.
* Bug 14040: CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP
server via dirsync.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 24 Oct 2019 10:11:30 +0000 (12:11 +0200)]
WHATSNEW: Add release notes for Samba 4.10.10.
* Bug 14071: CVE-2019-10218: Client code can return filenames containing path
separators.
* Bug 12438: CVE-2019-14833: Samba AD DC check password script does not receive
the full password.
* Bug 14040: CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP
server via dirsync.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Andrew Bartlett [Tue, 15 Oct 2019 02:44:34 +0000 (15:44 +1300)]
CVE-2019-14847 dsdb: Correct behaviour of ranged_results when combined with dirsync
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 15 Oct 2019 03:28:46 +0000 (16:28 +1300)]
CVE-2019-14847 dsdb: Demonstrate the correct interaction of ranged_results style attributes and dirsync
Incremental results are provided by a flag on the dirsync control, not
by changing the attribute name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 3 May 2019 05:27:51 +0000 (17:27 +1200)]
CVE-2019-14847 dsdb/modules/dirsync: ensure attrs exist (CID
1107212)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from commit
23f72c4d712f8d1fec3d67a66d477709d5b0abe2)
Björn Baumbach [Tue, 6 Aug 2019 14:32:32 +0000 (16:32 +0200)]
CVE-2019-14833 dsdb: send full password to check password script
utf8_len represents the number of characters (not bytes) of the
password. If the password includes multi-byte characters it is required
to write the total number of bytes to the check password script.
Otherwise the last bytes of the password string would be ignored.
Therefore we rename utf8_len to be clear what it does and does
not represent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438
Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 18 Sep 2019 23:50:01 +0000 (11:50 +1200)]
CVE-2019-14833: Use utf8 characters in the unacceptable password
This shows that the "check password script" handling has a bug.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Tue, 6 Aug 2019 19:08:09 +0000 (12:08 -0700)]
CVE-2019-10218 - s3: libsmb: Protect SMB2 client code from evil server returned names.
Disconnect with NT_STATUS_INVALID_NETWORK_RESPONSE if so.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14071
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Mon, 5 Aug 2019 20:39:53 +0000 (13:39 -0700)]
CVE-2019-10218 - s3: libsmb: Protect SMB1 client code from evil server returned names.
Disconnect with NT_STATUS_INVALID_NETWORK_RESPONSE if so.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14071
Signed-off-by: Jeremy Allison <jra@samba.org>
Karolin Seeger [Thu, 17 Oct 2019 10:18:12 +0000 (12:18 +0200)]
VERSION: Bump version up to 4.10.10...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
b19b75e324f3c09f1811f71a0346929965cc107e)
Karolin Seeger [Thu, 17 Oct 2019 10:17:24 +0000 (12:17 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.9.10 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 17 Oct 2019 10:16:31 +0000 (12:16 +0200)]
WHATSNEW: Add release notes for Samba 4.10.9.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Andreas Schneider [Wed, 9 Oct 2019 14:32:47 +0000 (16:32 +0200)]
s3:libads: Do not turn on canonicalization flag for MIT Kerberos
This partially reverts
303b7e59a286896888ee2473995fc50bb2b5ce5e.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14155
Pair-Programmed-With: Isaac Boukris <iboukris@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
123584294cfd153acc2d9a5be9d71c395c847a25)
Autobuild-User(v4-10-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-10-test): Wed Oct 16 16:43:59 UTC 2019 on sn-devel-144
Andreas Schneider [Wed, 9 Oct 2019 18:11:03 +0000 (20:11 +0200)]
lib:krb5_wrap: Do not create a temporary file for MEMORY keytabs
The autobuild cleanup script fails with:
The tree has 3 new uncommitted files!!!
git clean -n
Would remove MEMORY:tmp_smb_creds_SK98Lv
Would remove MEMORY:tmp_smb_creds_kornU6
Would remove MEMORY:tmp_smb_creds_ljR828
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
d888655244b4d8ec7a69a042e0ff3c074585b0de)
Isaac Boukris [Wed, 4 Sep 2019 14:04:12 +0000 (17:04 +0300)]
spnego: fix server handling of no optimistic exchange
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Sat Oct 12 15:51:42 UTC 2019 on sn-devel-184
Isaac Boukris [Thu, 10 Oct 2019 21:20:16 +0000 (00:20 +0300)]
python/tests/gensec: add spnego downgrade python tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 11 Oct 2019 11:23:17 +0000 (13:23 +0200)]
python/tests/gensec: make it possible to add knownfail tests for gensec.update()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Isaac Boukris [Wed, 4 Sep 2019 13:39:43 +0000 (16:39 +0300)]
selftest: add tests for no optimistic spnego exchange
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Isaac Boukris [Wed, 4 Sep 2019 13:31:21 +0000 (16:31 +0300)]
spnego: add client option to omit sending an optimistic token
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Isaac Boukris [Mon, 7 Oct 2019 20:51:19 +0000 (23:51 +0300)]
selftest: s3: add a test for spnego downgrade from krb5 to ntlm
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 10 Oct 2019 14:18:21 +0000 (16:18 +0200)]
s3:libsmb: Do not check the SPNEGO neg token for KRB5
The list is not protected and this could be a downgrade attack.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Pair-Programmed-With: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Isaac Boukris [Thu, 3 Oct 2019 10:09:29 +0000 (13:09 +0300)]
spnego: ignore server mech_types list
We should not use the mech list sent by the server in the last
'negotiate' packet in CIFS protocol, as it is not protected and
may be subject to downgrade attacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 22 Aug 2019 14:31:30 +0000 (16:31 +0200)]
testprogs: Add test for 'net ads join createcomputer='
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Oct 9 08:26:17 UTC 2019 on sn-devel-184
(cherry picked from commit
459b43e5776180dc1540cd845b72ff78747ecd6f)
Andreas Schneider [Thu, 8 Aug 2019 12:40:04 +0000 (14:40 +0200)]
s3:libads: Just change the machine password if account already exists
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13884
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
14f320fa1e40ecc3a43dabb0cecd57430270a521)
Andreas Schneider [Wed, 14 Aug 2019 08:15:19 +0000 (10:15 +0200)]
s3:libnet: Improve debug messages
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
39b8c8b30a5d5bd70f8da3a02cf77f7592788b94)
Andreas Schneider [Tue, 13 Aug 2019 14:34:34 +0000 (16:34 +0200)]
s3:libads: Fix creating machine account using LDAP
This implements the same behaviour as Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13884
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
ce7762935051c862ecdd3e82d93096aac61dd292)
Andreas Schneider [Wed, 14 Aug 2019 10:17:20 +0000 (12:17 +0200)]
s3:libads: Don't set supported encryption types during account creation
This is already handled by libnet_join_post_processing_ads_modify()
which calls libnet_join_set_etypes() if encrytion types should be set.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
b755a6438022579dab1a403c81d60b1ed7efca38)
Andreas Schneider [Wed, 14 Aug 2019 11:01:19 +0000 (13:01 +0200)]
s3:libads: Fix detection if acount already exists in ads_find_machine_count()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
4f389c1f78cdc2424795e3b2a1ce43818c400c2d)
Andreas Schneider [Wed, 21 Aug 2019 10:22:32 +0000 (12:22 +0200)]
s3:libads: Use a talloc_asprintf in ads_find_machine_acct()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
35f3e4aed1f1c2ba1c8dc50921f238937f343357)
Andreas Schneider [Tue, 13 Aug 2019 14:30:07 +0000 (16:30 +0200)]
s3:libads: Cleanup error code paths in ads_create_machine_acct()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
8ed993789f93624b7b60dd5314fe5472e69e903a)
Andreas Schneider [Tue, 13 Aug 2019 15:41:40 +0000 (17:41 +0200)]
s3:libnet: Require sealed LDAP SASL connections for joining
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
b84abb3a46211dc84e52ef95750627e4dd081f2f)
Andreas Schneider [Tue, 13 Aug 2019 15:06:58 +0000 (17:06 +0200)]
s3:libads: Use ldap_add_ext_s() in ads_gen_add()
ldap_add_s() is marked as deprecated.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
456322a61319a10aaedda5244488ea4e5aa5cb64)
Andreas Schneider [Thu, 8 Aug 2019 12:35:38 +0000 (14:35 +0200)]
testprogs: Fix failure count in test_net_ads.sh
There are missing ` at the end of the line.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13884
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
320b5be4dce95d8dac4b3c0847faf5b730754a37)
Jeremy Allison [Thu, 3 Oct 2019 21:02:13 +0000 (14:02 -0700)]
s3: smbclient: Stop an SMB2-connection from blundering into SMB1-specific calls.
Fix in the same way this was done in SMBC_opendir_ctx() for libsmbclient.
This fix means the admin no longer has to remember to set 'min client protocol ='
when connecting to an SMB2-only server (MacOSX for example) and trying to
list shares.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14152
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ea82bca8cef0d736305a7a40b3198fc55ea66af8)
Amitay Isaacs [Mon, 30 Sep 2019 06:34:35 +0000 (16:34 +1000)]
ctdb-vacuum: Process all records not deleted on a remote node
This currently skips the last record.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14147
RN: Avoid potential data loss during recovery after vacuuming error
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
33f1c9d9654fbdcb99c23f9d23c4bbe2cc596b98)
Isaac Boukris [Tue, 15 Oct 2019 14:01:48 +0000 (17:01 +0300)]
s3:libsmb: Link libsmb against pthread
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14140
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
7259197bf716f8b81dea74beefe6ee3b1239f172)
Isaac Boukris [Tue, 15 Oct 2019 10:52:42 +0000 (13:52 +0300)]
nsswitch: Link stress-nss-libwbclient against pthread
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14140
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
d473f1e38c2822746030516269b4d70032cf9b2e)
Andreas Schneider [Mon, 23 Sep 2019 14:53:12 +0000 (16:53 +0200)]
waf:replace: Do not link against libpthread if not necessary
On Linux we should avoid linking everything against libpthread. Symbols
used my most application are provided by glibc and code which deals with
threads has to explicitly link against libpthread. This avoids setting
LDFLAGS=-pthread globally.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14140
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Pair-Programmed-With: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
9499db075b72b147e2ff9bb78e9d5edbaac14e69)
Andreas Schneider [Mon, 23 Sep 2019 15:40:13 +0000 (17:40 +0200)]
third_party: Link uid_wrapper against pthread
uid_wrapper uses pthread_atfork() which is only provided by libpthread. │····················
So we need an explicit dependency.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14140
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Pair-Programmed-With: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
bd0cd8e13234d684da77a65f6fdaea2572625369)
Andreas Schneider [Mon, 23 Sep 2019 15:39:29 +0000 (17:39 +0200)]
third_party: Link nss_wrapper against pthread
nss_wrapper uses pthread_atfork() which is only provided by libpthread.
So we need an explicit dependency.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14140
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Pair-Programmed-With: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
68d8a02ef57cce29e4ff3ef1b792adfc10d0b916)
Andreas Schneider [Mon, 23 Sep 2019 15:04:57 +0000 (17:04 +0200)]
third_party: Only link cmocka against librt if really needed
cmocka also uses clock_gettime().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14140
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Pair-Programmed-With: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
36e8d715bc8dc1e8466f5a5c9798df76310b7572)
Andreas Schneider [Mon, 23 Sep 2019 14:10:35 +0000 (16:10 +0200)]
pthreadpool: Only link pthreadpool against librt if we have to
This calls clock_gettime() which is available in glibc on Linux. If the
wscript in libreplace detected that librt is needed for clock_gettime()
we have to link against it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14140
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Pair-Programmed-With: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
4b28239d13b17e42eb5aa4b405342f46347f3de4)
Andreas Schneider [Mon, 23 Sep 2019 13:14:24 +0000 (15:14 +0200)]
replace: Only link against librt if really needed
fdatasync() and clock_gettime() are provided by glibc on Linux, so there
is no need to link against librt. Checks have been added so if there are
platforms which require it are still functional.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14140
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Pair-Programmed-With: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
480152dd6729d4c58faca6f3e4fa91ff4614c272)
Andreas Schneider [Mon, 23 Sep 2019 13:18:55 +0000 (15:18 +0200)]
s3:waf: Do not check for nanosleep() as we don't use it anywhere
We use usleep() in the meantime.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14140
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Pair-Programmed-With: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
952e1812fa9bdc1bac2a7ae5ebb5532f1ea31447)
Michael Adam [Fri, 11 Jan 2019 09:44:30 +0000 (10:44 +0100)]
winbind: provide passwd struct for group sid with ID_TYPE_BOTH mapping (again)
https://git.samba.org/?p=samba.git;a=commitdiff;h=
394622ef8c916cf361f8596dba4664dc8d6bfc9e
originally introduced the above feature.
This functionality was undone as part of "winbind: Restructure get_pwsid"
https://git.samba.org/?p=samba.git;a=commitdiff;h=
bce19a6efe11980933531f0349c8f5212419366a
I think that this semantic change was accidential.
This patch undoes the semantic change and re-establishes the
functionality.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Fri Sep 27 17:25:29 UTC 2019 on sn-devel-184
(cherry picked from commit
63c9147f8631d73b52bdd36ff407e0361dcf5178)
Autobuild-User(v4-10-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-10-test): Tue Oct 15 13:28:49 UTC 2019 on sn-devel-144
Christof Schmitt [Thu, 26 Sep 2019 00:19:27 +0000 (17:19 -0700)]
selftest: Test ID_TYPE_BOTH with idmap_rid module
ID_TYPE_BOTH means that each user and group has two mappings, a uid and
gid. In addition the calls to getpwent, getpwuid, getgrent and getgrgid
always return some information, so that uid and gid can be mapped to a
name. Establish a test to verify that the expected information is
returned.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
485874d6bb328c50c9a98785e85270f28ade7497)
Günther Deschner [Thu, 12 Sep 2019 14:39:10 +0000 (16:39 +0200)]
s3-winbindd: fix forest trusts with additional trust attributes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14130
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
d78c87e665e23e6470a19a69383ede7137172c26)
Björn Jacke [Mon, 23 Sep 2019 06:57:33 +0000 (08:57 +0200)]
fault.c: improve fault_report message text pointing to our wiki
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14139
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
ec4c5975528f3d3ab9c8813e176c6d1a2f1ca506)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Thu Sep 26 04:49:25 UTC 2019 on sn-devel-144
Stefan Metzmacher [Wed, 18 Sep 2019 06:10:26 +0000 (08:10 +0200)]
selftest/Samba3.pm: use "winbind use krb5 enterprise principals = yes" for ad_member
This demonstrates that can do krb5_auth in winbindd without knowning about trusted domains.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Sep 24 19:51:29 UTC 2019 on sn-devel-184
(similar to commit
0ee085b594878f5e0e83839f465303754f015459)
Stefan Metzmacher [Wed, 18 Sep 2019 06:02:38 +0000 (08:02 +0200)]
selftest/Samba3.pm: use "winbind scan trusted domains = no" for ad_member
This demonstrates that we rely on knowning about trusted domains before
we can do krb5_auth in winbindd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(similar to commit
e2737a74d4453a3d65e5466ddc4405d68444df27)
Stefan Metzmacher [Wed, 18 Sep 2019 12:03:34 +0000 (14:03 +0200)]
selftest/tests.py: test pam_winbind with a lot of username variations
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
f07b542c61f84a97c097208e10bf9375ddfa9a15)
Stefan Metzmacher [Wed, 18 Sep 2019 06:08:57 +0000 (08:08 +0200)]
selftest/tests.py: test pam_winbind with krb5_auth
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
36e95e42ea8a7e5a4091a647215d06d2ab47fab6)
Stefan Metzmacher [Tue, 17 Sep 2019 23:25:23 +0000 (01:25 +0200)]
selftest/tests.py: prepare looping over pam_winbindd tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
72daf99fd1ffd8269fce25d69458de35e2ae32cc)
Stefan Metzmacher [Tue, 17 Sep 2019 23:25:58 +0000 (01:25 +0200)]
test_pam_winbind.sh: allow different pam_winbindd config options to be specified
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
3d38a8e9135bb72bc4ca079fab0eb5358942b3f1)
Stefan Metzmacher [Fri, 20 Sep 2019 06:13:28 +0000 (08:13 +0200)]
tests/pam_winbind.py: allow upn names to be used in USERNAME with an empty DOMAIN value
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
653e90485854d978dc522e689cd78c19dcc22a70)
Stefan Metzmacher [Wed, 18 Sep 2019 06:04:42 +0000 (08:04 +0200)]
tests/pam_winbind.py: turn pypamtest.PamTestError into a failure
A failure generated by the AssertionError() checks can be added
to selftest/knownfail.d/*.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
cd3ffaabb568db26e0de5e83178487e5947c4f09)
Stefan Metzmacher [Fri, 19 Jul 2019 15:10:09 +0000 (15:10 +0000)]
s3:winbindd: implement the "winbind use krb5 enterprise principals" logic
We can use enterprise principals (e.g. upnfromB@B.EXAMPLE.COM@PRIMARY.A.EXAMPLE.COM)
and delegate the routing decisions to the KDCs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
a77be15d28390c5d12202278adbe6b50200a2c1b)
Stefan Metzmacher [Wed, 11 Sep 2019 14:44:43 +0000 (16:44 +0200)]
docs-xml: add "winbind use krb5 enterprise principals" option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
9520652399696010c333a3ce7247809ce5337a91)
Stefan Metzmacher [Fri, 13 Sep 2019 13:52:25 +0000 (15:52 +0200)]
krb5_wrap: let smb_krb5_parse_name() accept enterprise principals
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
3bdf023956e861485be70430112ed38d0a5424f7)
Stefan Metzmacher [Fri, 13 Sep 2019 14:04:30 +0000 (16:04 +0200)]
s3:libads: ads_krb5_chg_password() should always use the canonicalized principal
We should always use krb5_get_init_creds_opt_set_canonicalize()
and krb5_get_init_creds_opt_set_win2k() for heimdal
and expect the client principal to be changed.
There's no reason to have a different logic between MIT and Heimdal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
303b7e59a286896888ee2473995fc50bb2b5ce5e)
Stefan Metzmacher [Fri, 13 Sep 2019 14:04:30 +0000 (16:04 +0200)]
s4:auth: kinit_to_ccache() should always use the canonicalized principal
We should always use krb5_get_init_creds_opt_set_canonicalize()
and krb5_get_init_creds_opt_set_win2k() for heimdal
and expect the client principal to be changed.
There's no reason to have a different logic between MIT and Heimdal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
162b4199493c1f179e775a325a19ae7a136c418b)
Stefan Metzmacher [Fri, 13 Sep 2019 14:04:30 +0000 (16:04 +0200)]
krb5_wrap: smb_krb5_kinit_password_ccache() should always use the canonicalized principal
We should always use krb5_get_init_creds_opt_set_canonicalize()
and krb5_get_init_creds_opt_set_win2k() for heimdal
and expect the client principal to be changed.
There's no reason to have a different logic between MIT and Heimdal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
5d0bf32ec0ad21d49587e3a1520ffdc8b5ae7614)
Stefan Metzmacher [Fri, 13 Sep 2019 14:04:30 +0000 (16:04 +0200)]
s3:libads/kerberos: always use the canonicalized principal after kinit
We should always use krb5_get_init_creds_opt_set_canonicalize()
and krb5_get_init_creds_opt_set_win2k() for heimdal
and expect the client principal to be changed.
There's no reason to have a different logic between MIT and Heimdal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
0bced73bed481a8846a6b3e68be85941914390ba)
Stefan Metzmacher [Tue, 17 Sep 2019 06:49:13 +0000 (08:49 +0200)]
s3:libsmb: let cli_session_creds_prepare_krb5() update the canonicalized principal to cli_credentials
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
6ed18c12c57efb2a010e0ce5196c51b48e57a4b9)
Stefan Metzmacher [Tue, 17 Sep 2019 08:08:10 +0000 (10:08 +0200)]
s3:libsmb: avoid wrong debug message in cli_session_creds_prepare_krb5()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
361fb0efabfb189526c851107eee49161da2293c)
Stefan Metzmacher [Mon, 16 Sep 2019 15:14:11 +0000 (17:14 +0200)]
s3:libads: let kerberos_kinit_password_ext() return the canonicalized principal/realm
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
bc473e5cf088a137395842540ed8eb748373a236)
Stefan Metzmacher [Tue, 17 Sep 2019 06:05:09 +0000 (08:05 +0200)]
s4:auth: use the correct client realm in gensec_gssapi_update_internal()
The function gensec_gssapi_client_creds() may call kinit and gets
a TGT for the user. The principal provided by the user may not
be canonicalized. The user may use 'given.last@example.com'
but that may be mapped to glast@AD.EXAMPLE.PRIVATE in the background.
It means we should use client_realm = AD.EXAMPLE.PRIVATE
instead of client_realm = EXAMPLE.COM
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
db8fd3d6a315b140ebd6ccd0dcdfdcf27cd1bb38)
Noel Power [Thu, 8 Aug 2019 14:06:28 +0000 (15:06 +0100)]
s3/libads: clang: Fix Value stored to 'canon_princ' is never read
Fixes:
source3/libads/kerberos.c:192:2: warning: Value stored to 'canon_princ' is never read <--[clang]
canon_princ = me;
^ ~~
1 warning generated.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from commit
52d20087f620704549f5a5cdcbec79cb08a36290)
Björn Jacke [Sat, 21 Sep 2019 11:24:59 +0000 (13:24 +0200)]
classicupgrade: fix a a bytes-like object is required, not 'str' error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14136
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Björn Baumbach <bb@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Mon Sep 23 12:58:20 UTC 2019 on sn-devel-184
(cherry picked from commit
465e518d6cc200eefa38643e720ce64e53abac2e)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Tue Sep 24 20:46:20 UTC 2019 on sn-devel-144
Martin Schwenke [Tue, 13 Aug 2019 11:42:15 +0000 (21:42 +1000)]
ctdb-tools: Stop deleted nodes from influencing ctdb nodestatus exit code
Deleted nodes should simply be ignored.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14129
RN: Stop deleted nodes from influencing ctdb nodestatus exit code
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
32b5ceb31936ec5447362236c1809db003561d29)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Fri Sep 20 23:03:22 UTC 2019 on sn-devel-144
Bryan Mason [Mon, 16 Sep 2019 19:35:06 +0000 (12:35 -0700)]
s3:client:Use DEVICE_URI, instead of argv[0],for Device URI
CUPS sanitizes argv[0] by removing username/password, so use
DEVICE_URI environment variable first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14128
Signed-off-by: Bryan Mason <bmason@redhat.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Sep 18 12:31:11 UTC 2019 on sn-devel-184
(cherry picked from commit
d65b17c3f7f9959ed95b03cc09e020d7387b7931)
Jeremy Allison [Mon, 26 Aug 2019 18:22:35 +0000 (11:22 -0700)]
s3/4: libsmbclient test. Test using smbc_telldir/smbc_lseekdir with smbc_readdir/smbc_readdirplus/smbc_getdents.
Ensure that for file access you can mix any of these
three access methods for directory entries and the
returned names/structs stay in sync across telldir/seekdir
changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14094
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 3 17:31:29 UTC 2019 on sn-devel-184
(cherry picked from commit
3355601fe8541994cc41f5ed800aab9b6a2294f4)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Wed Sep 18 13:53:25 UTC 2019 on sn-devel-144
Jeremy Allison [Mon, 26 Aug 2019 17:18:28 +0000 (10:18 -0700)]
s3: libsmbclient: Fix smbc_lseekdir() to work with smbc_readdirplus().
If returning files the dir_list and the dirplus_list have exactly the same
entries, we just need to keep the next pointers in sync on seek.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14094
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
(cherry picked from commit
0d9b1645499ce12a79a137d3482434aa5d2eb47c)
Jeremy Allison [Mon, 26 Aug 2019 17:07:32 +0000 (10:07 -0700)]
s3: libsmbclient: Ensure SMBC_getdents_ctx() also updates the readdirplus pointers.
If we are returning file entries, we
have a duplicate list in dirplus.
Update dirplus_next also so readdir and
readdirplus are kept in sync.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14094
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
(cherry picked from commit
754cec7756b2ddb1cfcc3984265f01cb366beb76)
Jeremy Allison [Mon, 26 Aug 2019 17:02:47 +0000 (10:02 -0700)]
s3: libsmbclient: Ensure SMBC_readdirplus_ctx() also updates the readdir pointers.
If we are returning file entries, we
have a duplicate list in dir_list.
Update dir_next also so readdir and
readdirplus are kept in sync.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14094
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
(cherry picked from commit
3d82b7d11cd7b78adc6b3642e64e3a8f251de869)
Jeremy Allison [Mon, 26 Aug 2019 16:54:06 +0000 (09:54 -0700)]
s3: libsmbclient: Ensure SMBC_readdir_ctx() also updates the readdirplus pointers.
If we are returning file entries, we
have a duplicate list in dirplus.
Update dirplus_next also so readdir and
readdirplus are kept in sync.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14094
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
(cherry picked from commit
4bca8e097f5a909c628daa4dbfa932ddc1725ebc)
Stefan Metzmacher [Thu, 25 Jul 2019 12:38:26 +0000 (14:38 +0200)]
libcli/smb: send SMB2_NETNAME_NEGOTIATE_CONTEXT_ID
Note: Unlike the current documentation, the utf16 string
is not null-terminated, that matches Windows Server 1903
as a client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14055
RN: Add the target server name of SMB 3.1.1 connections
as a hint to load balancers or servers with "multi-tenancy"
support.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
(similar to commit
21f6cece543dd791e0f4636458bfe9819823420c)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Wed Sep 11 11:33:00 UTC 2019 on sn-devel-144
Stefan Metzmacher [Thu, 25 Jul 2019 12:37:31 +0000 (14:37 +0200)]
libcli/smb: add new COMPRESSION and NETNAME negotiate context ids
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14055
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
(cherry picked from commit
e10b90f33bb812600886656a1124e2d434416563)
Evgeny Sinelnikov [Wed, 31 Jul 2019 19:17:20 +0000 (23:17 +0400)]
s3:ldap: Fix join with don't exists machine account
Add check for requested replies of existing machine object during join
machine to domain. This solves regression fail during join with error:
"None of the information to be translated has been translated."
https://bugzilla.samba.org/show_bug.cgi?id=14007
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Sep 4 17:02:37 UTC 2019 on sn-devel-184
(cherry picked from commit
ad4ef1657e9b2a088a3bfadcce196cfcceead1dc)
Ralph Boehme [Fri, 12 Jul 2019 08:49:13 +0000 (10:49 +0200)]
ctdb: fix compilation on systems with glibc robust mutexes
On older systems like SLES 11 without POSIX robust mutexes, but with glib robust
mutexes where all the functions are available but have a "_np" suffix,
compilation fails in:
ctdb/tests/src/test_mutex_raw.c.239.o: In function `worker':
/root/samba-4.10.6/bin/default/../../ctdb/tests/src/test_mutex_raw.c:129: undefined reference to `pthread_mutex_consistent'
ctdb/tests/src/test_mutex_raw.c.239.o: In function `main':
/root/samba-4.10.6/bin/default/../../ctdb/tests/src/test_mutex_raw.c:285: undefined reference to `pthread_mutex_consistent'
/root/samba-4.10.6/bin/default/../../ctdb/tests/src/test_mutex_raw.c:332: undefined reference to `pthread_mutexattr_setrobust'
/root/samba-4.10.6/bin/default/../../ctdb/tests/src/test_mutex_raw.c:363: undefined reference to `pthread_mutex_consistent'
collect2: ld returned 1 exit status
This could be fixed by using libreplace system/threads.h instead of pthreads.h
directly, but as there has been a desire to keep test_mutex_raw.c standalone and
compilable without other external depenencies then libc and libpthread, make the
tool developer build only. This should get the average user over the cliff.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14038
RN: Fix compiling ctdb on older systems lacking POSIX robust mutexes
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
f5388f97792ac2d7962950dad91aaf8ad49bceaa)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Thu Sep 5 16:16:18 UTC 2019 on sn-devel-144
Poornima G [Wed, 24 Jul 2019 09:45:33 +0000 (15:15 +0530)]
vfs_glusterfs: Use pthreadpool for scheduling aio operations
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14098
Signed-off-by: Poornima G <pgurusid@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 23 18:40:08 UTC 2019 on sn-devel-184
(cherry picked from commit
d8863dd8cb74bb0534457ca930a71e77c367d994)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Wed Sep 4 12:49:59 UTC 2019 on sn-devel-144
Martin Schwenke [Tue, 27 Aug 2019 02:13:51 +0000 (12:13 +1000)]
ctdb-recoverd: Fix typo in previous fix
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14085
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Aug 27 15:29:11 UTC 2019 on sn-devel-184
(cherry picked from commit
8190993d99284162bd8699780248bb2edfec2673)
Martin Schwenke [Tue, 13 Aug 2019 04:45:33 +0000 (14:45 +1000)]
ctdb-tests: Clear deleted record via recovery instead of vacuuming
This test has been flapping because sometimes the record is not
vacuumed within the expected time period, perhaps even because the
check for the record can interfere with vacuuming. However, instead
of waiting for vacuuming the record can be cleared by doing a
recovery. This should be much more reliable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14085
RN: Fix flapping CTDB tests
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Aug 21 13:06:57 UTC 2019 on sn-devel-184
(cherry picked from commit
71ad473ba805abe23bbe6c1a1290612e448e73f3)
Martin Schwenke [Mon, 29 Jul 2019 07:22:50 +0000 (17:22 +1000)]
ctdb-tests: Strengthen volatile DB traverse test
Check the record count more often, from multiple nodes. Add a case
with multiple records.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14085
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
ca4df06080709adf0cbebc95b0a70b4090dad5ba)
Martin Schwenke [Wed, 21 Aug 2019 04:35:09 +0000 (14:35 +1000)]
ctdb-recoverd: Only check for LMASTER nodes in the VNN map
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14085
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
5d655ac6f2ff82f8f1c89b06870d600a1a3c7a8a)
Martin Schwenke [Mon, 29 Jul 2019 06:45:07 +0000 (16:45 +1000)]
ctdb-tests: Don't retrieve the VNN map from target node for notlmaster
Use the VNN map from the node running node_has_status().
This means that
wait_until_node_has_status 1 notlmaster 10 0
will run "ctdb status" on node 0 and check (for up to 10 seconds) if
node 1 is in the VNN map.
If the LMASTER capability has been dropped on node 1 then the above
will wait for the VNN map to be updated on node 0. This will happen
as part of the recovery that is triggered by the change of LMASTER
capability. The next command will then only be able to attach to
$TESTDB after the recovery is complete thus guaranteeing a sane state
for the test to continue.
This stops simple/79_volatile_db_traverse.sh from going into recovery
during the traverse or at some other inconvenient time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14085
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
53daeb2f878af1634a26e05cb86d87e2faf20173)
Martin Schwenke [Mon, 29 Jul 2019 06:43:09 +0000 (16:43 +1000)]
ctdb-tests: Handle special cases first and return
All the other cases involve matching bits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14085
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
bff1a3a548a2cace997b767d78bb824438664cb7)