git.samba.org - samba.git/log

VERSION: Disable GIT_SNAPSHOTS for the 4.6.3 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.6.3.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

cleanupdb: Fix a memory read error

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12748

Signed-off-by: Hanno Böck <hanno@hboeck.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit fd98a7b6a0053b62802e29fb729e219dc08eef6b)

Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Fri Apr 21 13:59:21 CEST 2017 on sn-devel-144

s3:vfs:shadow_copy2: fix corner case of "/@GMT-token" in shadow_copy2_strip_snapshot

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 26661218b3d3f0d4ee89039727bc110e972c2851)

The last 3 patches address
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12743
vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend

s3:vfs:shadow_copy2: fix the corner case if cwd=/ in make_relative_path

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 16c89835cf07caa2082b586666095deba38ef962)

s3:vfs:shadow_copy2: fix quoting in debug messages

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit fffd611fdc558ab428c8a21cf1e68feaf1f6f469)

pam_winbind: no longer use wbcUserPasswordPolicyInfo when authenticating

The expiry time for the specific user comes from
info->pass_must_change_time and nothing else.

The authenticating DC knows which password policy applies
to the user, that's nothing the client can do, as
domain trusts and fine-grained password policies makes
this a very complex task.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12725

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit fba7ed9a3fa6fcb2d90d1271ae81ec11b554bd2d)

s3:smbd: Fix incorrect use of sys_getgroups()

Second arg must be NULL when first arg is 0 (it is in all other places).

Bug report and patch from Hanno Böck <hanno@hboeck.de>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12747

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 18 15:43:02 CEST 2017 on sn-devel-144

(cherry picked from commit 76b351e907f67cc7d4af4e7d800c7a3aa1269ee8)

Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Thu Apr 20 16:21:13 CEST 2017 on sn-devel-144

s3:lib: Fix incorrect logic in sys_broken_getgroups()

If setlen == 0 then the second argument must be ignored.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12747

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 60af864f751706c48b8af448700bf06e33e45946)

lib: debug: Avoid negative array access.

Report and patch from Hanno Böck <hanno@hboeck.de>.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12746

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 600f8787e3b605c9f3e8f724c726e63157ee9efc)

vfs_acl_xattr: avoid needlessly supplying a large buffer to getxattr()

When obtaining the security descriptor via getxattr(), first try
optimistically to supply a buffer of 4K, and if that turns out
to be too small, determine the correct buffer size.

The previous behavior of falling back to a 64K buffer encountered
problem with Linux prior to version 3.6, due to pyisical memory
fragmentation. With those kernels, as long as the buffer is 8K or
smaller, getting the xattr is much less prone to failure due to
memory fragmentation.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12737

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 18 04:41:16 CEST 2017 on sn-devel-144

(cherry picked from commit 05d83ccf7a6fecf963fcb980acd50cebfc0c3ea9)

vfs_acl_xattr: factor out fetching of an extended attribute

Pure refactoring - add a function that fetches an extended attribute
based on either the file descriptor or the file name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12737

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7b775abd9278ae34110ec87d94a736be7f64884a)

vfs_xattr_tdb: handle case of zero size.

With getxattr(), passing a zero buffer size is a
way of obtaining actual xattr size.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12737

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4dfa2d6a0972847e3b21ddf05077e50ed72c4ea8)

selftest: test fetching a large ACL from vfs_acl_xattr

Add a test that fetches an ACL whose size is larger than 4K.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12737

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 5017dfeef24b8d568e0146c085f3f979d688acf2)

ctdb-docs: Fix documentation of -n option to ctdb tool

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12733

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 7f714a436250dfeaa1970f78090ef066482711f0)

rpcclient: allow -U'OTHERDOMAIN\user' again

I guess the primary reason for forcing lp_workgroup()
was the usage of -U% together with schannel,
see source3/script/tests/test_rpcclient_samlogon.sh

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12731

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 5 14:09:23 CEST 2017 on sn-devel-144

(cherry picked from commit f1e3c8ebb31fcd9ef9e1809a42a648442dffc1ee)

winbindd: trigger possible passdb_dsdb initialisation

If the passdb backend is passdb_dsdb the domain SID comes from dsdb, not
from secrets.tdb. As we use the domain SID in various places, we must
ensure the domain SID is migrated from dsdb to secrets.tdb before
get_global_sam_sid() is called the first time.

The migration is done as part of the passdb_dsdb initialisation, calling
pdb_get_domain_info() triggers it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12729

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 1 21:18:59 CEST 2017 on sn-devel-144

(cherry picked from commit 8b32fc4006ae338ddee7c0e5991958ec3463da0d)

winbindd: error handling in rpc_lookup_sids()

NT_STATUS_NONE_MAPPED and NT_STATUS_SOME_NOT_MAPPED should not be
treated as fatal error. We should continue processing the results and
not bail out.

In case we got NT_STATUS_NONE_MAPPED we must have to ensure all
lsa_TranslatedName are of type SID_NAME_UNKNOWN.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8dfbba59d768b10f6b088cfc49e5dbe6de4834e1)

s3/rpc_client: lookupsids error handling of NT_STATUS_NONE_MAPPED

NT_STATUS_NONE_MAPPED is not a fatal error, it just means we must return
all lsa_TranslatedName's as type SID_NAME_UNKNOWN.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 416c74e8c89dc2fb2083beaaa9ac8a6e975ec873)

s3/rpc_client: use NT_STATUS_LOOKUP_ERR

No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0e7e4ebad31caa1ccb392f2fe20c67929149b8c9)

s3/include: add NT_STATUS_LOOKUP_ERR

Useful helper macro to check the return value of LSA and SAMR
translations.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit fc37c7327dc7e4ad4405e324fc88d4bbf9b6ef9e)

selftest: fix for wbinfo -s tests for wellknown SIDs

Rework while loop to not use a pipe as that uses a subshell for the loop
which means assigning to the variable failed is not visible in the
main script.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit d8fd56a8244a3010469c27eaa3b73a2c5fbbc41f)

winbindd: explicit check for well-known SIDs in wb_lookupsids_bulk()

Those are implicitly already catched by the

if (sid->num_auths != 5)

check, but I'd like to make the desired behaviour more obvious.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 167bb5ead8c7193d173fdba8a453279d422fa7ea)

selftest: wbinfo --sids-to-unix-ids tests for wellknown SIDs

This test passes even without the fix, as in sids2xids we use the
lookupnames just to determine the mapping domain, using the default
idmap domain as fallback if that fails.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8bd5f774fdc1f4ea012885262eb0f40640504de8)

selftest: wbinfo -s tests for wellknown SIDs

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 2150de3a73527850547263e853faf4f3fedca6e6)

winbindd: use passdb backend for well-known SIDs

On a DC well-known SIDs like S-1-1-0 (everyone) *must* be handled by the
local domain, otherwise something simple like this fails with
WBC_ERR_DOMAIN_NOT_FOUND:

$ make testenv SELFTEST_TESTENV=nt4_dc SCREEN=1

localnt4dc2$ ./bin/wbinfo --sid-to-name S-1-1-0
failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup sid S-1-1-0

On a member server asking our DC works and is what we're currently
doing, but changing it to ask passdb avoids the overhead.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6b7a14b4b9c3411bd2e05383917e8fdedae51c90)

selftest: tests idmap mapping with idmap_rid

This adds two blackbox tests that run wbinfo --sids-to-unix-ids:

o a non-existing SID from the primary domain should return a mapping

o a SID with a bogus (and therefor unknown) domain must not return a mapping

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Apr 7 00:05:02 CEST 2017 on sn-devel-144

(cherry picked from commit b680ceebf85b2403758a0f9e931f1211e9b80e8d)

selftest: new environment "ad_member_idmap_rid"

This uses idmap_rid for the primary domain.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit ef10b43469f5b31a696259a70b3e116a350bfd3d)

winbindd: remove unused single_domains array

This was added as part of 9be918116e356c358ef77cc2933e471090088293, but
is not needed anymore as the previous commit changed the logic.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 9671811da8ad3f91ba7bb0fa868f806bc5afe863)

winbindd: use correct domain name for failed lookupsids

What we want here is, for failed lookupsids, pass the domain name of the
SID we were trying to lookup to the idmap backend.

But as a domain member, using

state->single_domains[state->single_sids_done]

for this purpose will always be use our primary domain name (for S-1-5-21
SIDs that are not in our local SAM).

So for now use find_domain_from_sid_noinit() to find the domain from the
domain list. This can be removed when we switch idmap backend
determination to be based on domain SIDs, not names.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit a684df160e692710e011c4eb6795a66772025c23)

autobuild: Stop waf uninstall from removing test_tmpdir

Most of the autobuild tasks run "make distcheck", which does a
recursive "waf configure make install uninstall". "waf uninstall"
(via BuildContext.install() in Build.py) removes empty directories all
the way up the directory tree. This means that it removes
test_tmpdir, if it is empty, and any empty directories above it.

While this is arguably a waf bug, the simplest solution is to make
test_tmpdir non-empty so it don't get removed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12703

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Mar 21 10:37:08 CET 2017 on sn-devel-144

(cherry picked from commit 05b5af4ae5fbc9b59c857468512858f73e5dea1b)

script/autobuild.py: ignore missing test_tmpdir

It is still unknown what removes it...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit cad23629ac48253e508fd9bead2bb79bfa7ee3b8)

script/autobuild.py: try to make TMPDIR handling more verbose

This hopefully gives some hints regarding flakey tests where
the tmpdir is not available.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 278c921263550c1473df8944260bbb4e62a0e0e6)

script/autobuild.py: add a do_print() wrapper function that flushes after each message

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 96277a9f82379c7fedf36ca13644eb3493dcd1e2)

script/autobuild.py: export PYTHONUNBUFFERED=1

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5a8d7a5446c23985a7dd3a9cb4856481b94931db)

script/autobuild.py: cleanup the task subdirs when they're done.

This hopefully reduces the used space on the memdisk.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit f9e188747753225e77f254fe41aad95ff11fec53)

s4/torture: vfs_fruit: test for bug 12565

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12565

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 893fc5abbe0a1b63ebd81f442a8d544572ed76a9)

vfs_fruit: resource fork open request with flags=O_CREAT|O_RDONLY

When receiving an SMB create request with read-only access mode and
open_if disposition, we end of calling the open() function with
flags=O_CREAT|O_RDONLY for the ._ AppleDouble file.

If the file doesn't exist, ie there's currently no rsrc stream, we create
it but then we fail to write the AppleDouble header into the file due to
the O_RDONLY open mode, leaving a 0 byte size ._ file.

Running this create requests against macOS SMB server yields an
interesting result: it returns NT_STATUS_OBJECT_NAME_NOT_FOUND even
though create dispotion is open_if. Another instance where the macOS SMB
server just exposes FSA behaviour (ie HFS+) and we have to adapt to be
compatible.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12565

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit a36de8b81aa88c31450e68ec54d6b659b1693878)

wafsamba: move -L/some/path from LINKFLAGS_PYEMBED to LIBPATH_PYEMBED

LINKFLAGS should not have path components.

This fixes the build on systems like FreeBSD where python
is located in /usr/local/lib.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12724

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Apr 4 16:10:18 CEST 2017 on sn-devel-144

(similar to commit d1b88c6a6edeab4f85fc110eaa8d15e76c7e1f7b)

selftest: Test for bug 12558

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12558

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3667876ebebb7181d89834e6038e2d7218c98797)

smbd: Fix smb1 findfirst with DFS

9377f3bce should have changed the callers of dfs_path_lookup. It now
takes a uint32_t ucf_flags, not a boolean anymore.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12558

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit baa3e71f7968ec3239d80d7602839c2d7c2de74f)

winbindd: Fix password policy for pam authentication

Authenticating users from trusted domains would return the password
policy of the joined domain. Fix the code so that the password policy of
the joined domain is only returned for users from that domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12725

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Wed Mar 29 22:54:47 CEST 2017 on sn-devel-144

(cherry picked from commit bc39fb07ced84af4d97853d00d07fb4293352686)

ctdb-tools: Avoid deferencing argv[0] if argc == 0

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12723

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Mar 29 11:07:18 CEST 2017 on sn-devel-144

(cherry picked from commit 6e9879f6e2f8974730517fad22875db06f0738de)

selftest: Define template homedir for 'ad_member' env

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12699

With this set, the samba3.local.nss test for ad_member will ensure that
we correctly substitute those smb.conf options.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 30 04:26:18 CEST 2017 on sn-devel-144

(cherry picked from commit 5f4979509950547e68af7f64ac263d0e0705ee03)

s3:tests: Add a subsitution test for %D %u %g

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12699

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 2be02fdd1ed1d565e28f50d02ff5216391ac0660)

s3:winbind: Use the correct talloc context for user information

This fixes the substitution for 'template homedir'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12699

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Mar 18 19:47:40 CET 2017 on sn-devel-144

(cherry picked from commit ece5e67bbc027432aeb3d97205ef093a0acda8d5)

VERSION: Bump version up to 4.6.3.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

Merge tag 'samba-4.6.2' into v4-6-test

samba: tag release samba-4.6.2

VERSION: Disable GIT_SNAPSHOTS for the 4.6.2 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for 4.6.2.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2

Add tests for regular access.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 28 17:05:27 CEST 2017 on sn-devel-144

(cherry picked from commit 4e734fcd1bf82c08aa303ce44e9735acccffcf06)

s3: smbd: Fix "follow symlink = no" regression part 2.

Use the cwd_name parameter to reconstruct the original
client name for symlink testing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e182a4d39e86c9694e255efdf6ee2ea3ccb9af4a)

s3: smbd: Fix "follow symlink = no" regression part 2.

Add an extra paramter to cwd_name to check_reduced_name().

If cwd_name == NULL then fname is a client given path relative
to the root path of the share.

If cwd_name != NULL then fname is a client given path relative
to cwd_name. cwd_name is relative to the root path of the share.

Not yet used, logic added in the next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 83e30cb48859b412b76572b6a3ba84d8fde167af)

s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"

Use correct bash operators (not string operators).
Add missing "return".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 037297a1c50e90a0092e3b94f472623f41ccc015)

s3: Test for CVE-2017-2619 regression with "follow symlinks = no".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Back-ported from commit 782172a9bef0040981d20e49519b13dd744df6a0

s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619).

In a UNIX filesystem, the names "." and ".." by definition can *never*
be symlinks - they are already reserved names.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit ae17bebd250bdde5614b2ac17e53512f19fe9b68)

VERSION: Re-enable GIT_SNAPSHOTS.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2

Add tests for regular access.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 28 17:05:27 CEST 2017 on sn-devel-144

(cherry picked from commit 4e734fcd1bf82c08aa303ce44e9735acccffcf06)

Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Thu Mar 30 12:30:32 CEST 2017 on sn-devel-144

s3: smbd: Fix "follow symlink = no" regression part 2.

Use the cwd_name parameter to reconstruct the original
client name for symlink testing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e182a4d39e86c9694e255efdf6ee2ea3ccb9af4a)

s3: smbd: Fix "follow symlink = no" regression part 2.

Add an extra paramter to cwd_name to check_reduced_name().

If cwd_name == NULL then fname is a client given path relative
to the root path of the share.

If cwd_name != NULL then fname is a client given path relative
to cwd_name. cwd_name is relative to the root path of the share.

Not yet used, logic added in the next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 83e30cb48859b412b76572b6a3ba84d8fde167af)

s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"

Use correct bash operators (not string operators).
Add missing "return".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 037297a1c50e90a0092e3b94f472623f41ccc015)

s3: Test for CVE-2017-2619 regression with "follow symlinks = no".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Back-ported from commit 782172a9bef0040981d20e49519b13dd744df6a0

s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619).

In a UNIX filesystem, the names "." and ".." by definition can *never*
be symlinks - they are already reserved names.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit ae17bebd250bdde5614b2ac17e53512f19fe9b68)

VERSION: Bump version up to 4.6.2.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit c47fee64a6419894713fde18907aff68c7d4c000)

selftest: tests for vfs_fruite file-id behavior

The test is in its own suite because it validates
our hackish workaround rather than some reference
implementation behavior.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12715

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun Mar 26 23:31:08 CEST 2017 on sn-devel-144

(cherry picked from commit b6baf35ebde68db75515910ede26e74bb8313284)

Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Tue Mar 28 16:14:58 CEST 2017 on sn-devel-144

torture: add torture_assert_mem_not_equal_goto()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12715

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f31fd41ca728d664ded940a7309ef1e32383bb66)

vfs_fruit: document added zero_file_id parameter

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12715

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e11d4eb4d5c6cfc6daa3dbdcc301a4fa83298f0e)

vfs_fruit: enable zero file id

Enable zero_file_id if both conditions are met:
- AAPL negotiated
- fruit:zero_file_id is set

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12715

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 245a325532c9a46ec3e459ceca38e903b203f691)

smbd: add zero_file_id flag

This flag instructs the SMB layer to report a zero on-disk
file identifier.

According to [MS-SMB2] 3.3.5.9.9, the reported on-disk file ID
SHOULD be unique. However, macOS clients seem to expect it to be
unique over time as well, like the HFS+ CNID. Reporting a file ID
of 0 seems to instruct the Mac client not to trust the server-reported
file ID.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12715

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 6711522e1e57980e50e245f43167d0daf5a705ad)

nsswtich: Add negative tests for authentication with wbinfo

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12708

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Mar 22 10:58:58 CET 2017 on sn-devel-144

(cherry picked from commit e7d1d8c49322a131e7ca1993f9956f0bddcaff3c)

s3:libads: Remove obsolete smb_krb5_get_ntstatus_from_init_creds()

There is no way we can get a better error code out of this. The original
function called was krb5_get_init_creds_opt_get_error() which has been
deprecated in 2008.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12708

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit e2028837b958618a66449a77ee628e4e176e521e)

s3: locking: Update oplock optimization for the leases era !

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12628

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 15 20:04:32 CET 2017 on sn-devel-144

(cherry picked from commit 1c4b15aa5f6707e7bcfc21435e26929fb7f45c0f)

Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Mon Mar 27 16:19:12 CEST 2017 on sn-devel-144

s3: locking: Move two leases functions into a new file.

map_oplock_to_lease_type(), fsp_lease_type().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12628

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 125c78ad0b8f9caaef1ba2f1aeb5ec593375fccd)

Changes to make the Solaris C compiler happy.

Fix Bug 12693 dbwrap_watch.c syntax error before or at: }

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12693

Signed-off-by: Tom schulz <schulz@adi.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 2780a56d0bb7848e017314a033ef22ee944d8b05)

Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Thu Mar 23 16:58:20 CET 2017 on sn-devel-144

lib/crypto: implement samba.crypto Python module for RC4

Implement a small Python module that exposes arcfour_crypt_blob()
function widely used in Samba C code.

When Samba Python bindings are used to call LSA CreateTrustedDomainEx2,
there is a need to encrypt trusted credentials with RC4 cipher.

Current Samba Python code relies on Python runtime to provide RC4
cipher. However, in FIPS 140-2 mode system crypto libraries do not
provide access RC4 cipher at all. According to Microsoft dochelp team,
Windows is treating AuthenticationInformation blob encryption as 'plain
text' in terms of FIPS 140-2, thus doing application-level encryption.

Replace samba.arcfour_encrypt() implementation with a call to
samba.crypto.arcfour_crypt_blob().

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Mar 15 01:30:24 CET 2017 on sn-devel-144

(cherry picked from commit bbeef554f2c15e739f6095fcb57d9ef6646b411c)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12690
Include samba.crypto Python module to 4.6

Fix for Solaris C compiler.

Inspired by comment 4 in bug 12559.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12559

Signed-off-by: Tom Schulz <schulz@adi.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 59229276bcf5e2b7fa0ddf3ceb6fd3adccc01f9a)

s3:libsmb: Only print error message if kerberos use is forced

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12704

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Mar 21 14:25:54 CET 2017 on sn-devel-144

(cherry picked from commit c0e196b2238914f88015c0f8a9073beee473120b)

ctdb-readonly: Avoid a tight loop waiting for revoke to complete

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12697

During revoking readonly delegations, if one of the nodes disappears, then
there is no point re-trying revoking readonly delegation. The database
needs to be recovered before the revoke operation can succeed. So retry
only after a grace period.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Mar 17 14:05:57 CET 2017 on sn-devel-144

(cherry picked from commit ad758cb869ac83534993caa212abc9fe9905ec68)

s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes.

We expect the following attributes to be present in an LDAP GPO object:

displayName
flags
gPCFileSysPath
name
ntSecurityDescriptor
versionNumber

and fail if a result is returned without them. Change this
to skip results that don't contain these attributes instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12695

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 24622bab3a6f1e959c79dc9fc1850e9e64b15adc)

s3:vfs_expand_msdfs: Do not open the remote address as a file

The arguments get passed in the wrong order to read_target_host().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12687

Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 1115f152de9ec25bc9e5e499874b4a7c92c888c0)

testprogs: Test 'net ads join' with a dedicated keytab

This checks that a 'net ads join' can create the keytab and make sure we
will not regress in future.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 00e22fe3f63f986978d946e063e19e615cb00ab3)

The last 5 patches address
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12685
REGRESSION: net ads keytab handling is broken

param: Allow to specify kerberos method on the commandline

We support --option for our tools but you cannot set an option where the
value of the option includes a space.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 12d26899a45ce5d05ac4279fa5915318daa4f2e0)

s3:libads: Correctly handle the keytab kerberos methods

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit ca2d8f3161c647c425c8c1eaaac1837c2e97faad)

krb5_wrap: Print a warning for an invalid keytab name

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit a6a527e1e83a979ef035c49a087b5e79599c10a4)

testprogs: Correctly expand shell parameters

The old behaviour is:

  for var in $*
  do
    echo "$var"
  done

And you get this:

$ sh test.sh 1 2 '3 4'
1
2
3
4

Changing it to:

  for var in "$@"
  do
    echo "$var"
  done

will correctly expand to:

$ sh test.sh 1 2 '3 4'
1
2
3 4

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar 15 05:26:17 CET 2017 on sn-devel-144

(cherry picked from commit acad0adc2977ca26df44e5b22d8b8e991177af71)

auth/credentials: Always set the the realm if we set the principal from the ccache

This fixes a bug in gensec_gssapi_client_start() where an invalid realm
is used to get a Kerberos ticket.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 30c07065300281e3a67197fe39ed928346480ff7)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

s3-gse: move krb5 fallback to smb_gss_krb5_import_cred wrapper

MIT krb5 1.9 version of gss_krb5_import_cred() may fail when importing
credentials from a keytab without specifying actual principal.
This was fixed in MIT krb5 1.9.2 (see commit
71c3be093db577aa52f6b9a9a3a9f442ca0d8f20 in MIT krb5-1.9 branch, git
master's version is bd18687a705a8a6cdcb7c140764d1a7c6a3381b5).

Move fallback code to the smb_gss_krb5_import_cred wrapper. We only
expect this fallback to happen with krb5 GSSAPI mechanism, thus hard
code use of krb5 mech when calling to gss_acquire_cred.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Mar 8 22:00:24 CET 2017 on sn-devel-144

(cherry picked from commit 57286d57732d49fdb8b8e21f584787cdbc917c32)

s3-gse: convert to use smb_gss_krb5_import_cred

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 3d733d5791a6d82edda13ac39790bd8ba893f3d7)

libads: convert to use smb_gss_krb5_import_cred

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 520167992bd2477bc11920d2dc9ec87f2cb339c9)

credentials_krb5: convert to use smb_gss_krb5_import_cred

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit ca8fd793930173b4e625d3f286739de214155bc1)

lib/krb5_wrap: add smb_gss_krb5_import_cred wrapper

Wrap gss_krb5_import_cred() to allow re-implementing it with
gss_acquire_cred_from() for newer MIT versions. gss_acquire_cred_from()
works fine with GSSAPI interposer (GSS-proxy) while
gss_krb5_import_cred() is not interposed yet.

The wrapper has additional parameter, krb5_context handle, to facilitate
with credentials cache name discovery. All our callers to
gss_krb5_import_cred() already have krb5 context handy.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 0e6e8dd2600c699a7a02e3d11fed21b5bc49858d)

gssapi: check for gss_acquire_cred_from

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit d630a364f9d74443e482934f76cd7107c331e108)

VERSION: Bump version up to 4.6.2.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

Merge tag 'samba-4.6.1' into v4-6-test

samba: tag release samba-4.6.1

VERSION: Disable GIT_SNAPSHOTS for the 4.6.1 release.

CVE-2017-2619: Symlink race allows access outside share definition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.6.1.

CVE-2017-2619: Symlink race allows access outside share definition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Karolin Seeger <kseeger@samba.org>

CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>