Karolin Seeger [Thu, 14 Sep 2017 13:46:34 +0000 (06:46 -0700)]
VERSION: Disable GIT_SNAPSHOT for the 4.7.0rc6 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 14 Sep 2017 13:45:45 +0000 (06:45 -0700)]
WHATSNEW: Prepare release notes for Samba 4.7.0rc6.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Gary Lockyer [Fri, 8 Sep 2017 02:03:25 +0000 (14:03 +1200)]
util_runcmd: Free the fde in event handler.
Free the fde in the event handler to prevent the event triggering again
While not strictly necessary in this case, this code serves as an
example of the usage of tfork.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13037
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Sep 16 23:50:27 CEST 2017 on sn-devel-144
(cherry picked from commit
563bbb9c24d1d0bcc64530a6635b8b82d1ebb24d)
Autobuild-User(v4-7-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-7-test): Sun Sep 17 13:56:23 CEST 2017 on sn-devel-144
Ralph Boehme [Sat, 16 Sep 2017 08:22:31 +0000 (01:22 -0700)]
lib/util: only close the event_fd in tfork if the caller didn't call tfork_event_fd()
Make closing of the event_fd the global responsibility of the
parent process if it called tfork_event_fd().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13037
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
6c36ea0737ae12fc97e4a024588e6a3845caf329)
Gary Lockyer [Sun, 10 Sep 2017 22:25:49 +0000 (10:25 +1200)]
util/tfork: Write to the status pipe
The previous design relied on only calling close() of the status pipe.
We now write a single 0 byte to the status FD as well as closing it in the
parent process. Both of these operations typically trigger a read
event on the other end of the FD, held in the waiter process (the child).
The child process blocks on the status FD, until it becomes readable.
However if there is a sibling process that was launched after the waiter
process they also will hold the status FD open and the status FD would,
until this change, never become readable to the waiter process (the child).
This caused the waiter process (child) not to exit and the parent process
to hang in tfork_status() while expecting the waitpid() to return.
That is, file descriptors are essentially global variables copied
to children in the process tree. The last child that (unwittingly) holds
the file descriptor open is the one that needs to trigger the close() this
code previously depended on.
Without this change, there is no notification of process death until
all these unrelated children exit for their own reasons.
We can write up to 4K (PIPE_BUF) into this pipe before blocking,
but we only write one byte. Additionally sys_write() refuses to block.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13037
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
f6a40ff2a1c133b6c30cf3ce29d7bb3ea005e3c8)
Gary Lockyer [Mon, 11 Sep 2017 02:48:21 +0000 (14:48 +1200)]
tests util/tfork: Tests for status and event fd
Add tests to ensure that:
- The event_fd becomes readable once the worker process has terminated
- That the event_fd is not closed by the tfork code.
- If this is done in tevent code and the event fde has not been
freed, "Bad talloc magic value - " errors can result.
- That the status call does not block if the parent process launches
more than one child process.
- The status file descriptor for a child is passed to the
subsequent children. These processes hold the FD open, so that
closing the fd does not make the read end go readable, and the
process calling status blocks.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13037
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
28edf7012b5fa474897055c8c1a4c438c69b8323)
Amitay Isaacs [Mon, 11 Sep 2017 04:05:17 +0000 (14:05 +1000)]
ctdb-client: Initialize ctdb_ltdb_header completely for empty record
ctdb_ltdb_fetch() only fills in relevant portion of ctdb_ltdb_header
if the record does not exist. This can result in uninitialized writes
to ctdb_rec_buffer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13036
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
a878171cb432673f635a75cce0b72c92bb0d3ec7)
Autobuild-User(v4-7-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-7-test): Sat Sep 16 13:34:33 CEST 2017 on sn-devel-144
Amitay Isaacs [Mon, 11 Sep 2017 05:59:19 +0000 (15:59 +1000)]
ctdb-daemon: Free up record data if a call request is deferred
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13029
If a call request for a key (migration request) is in flight, then all
the subsequent call requests for the same key are deferred. In that case,
the data corresponding to key read from the local tdb is useless and there
is no need to keep it around. Once the deferred call is reprocessed,
the data corresponding to that key will be fetched again.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
77c17b03cfc4734142fd86ba3cdd9663e75f34e3)
Jeremy Allison [Fri, 8 Sep 2017 22:28:39 +0000 (15:28 -0700)]
s3: vfs: catia: compression get/set must act only on base file, and must cope with fsp==NULL.
Correctly do filename conversion.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13003
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Sep 12 10:50:57 CEST 2017 on sn-devel-144
(cherry picked from commit
3ff1b83ab7cb3a6ab94b87d0bf73857b731c869d)
Jeremy Allison [Fri, 8 Sep 2017 22:27:37 +0000 (15:27 -0700)]
s3: VFS: streams_xattr: Compression is only set/get on base filenames.
Can be ignored (pass-through) in streams_xattr VFS module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13003
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
1a7c0f77e2203aa674eb8b06fe3220868f100001)
Christof Schmitt [Wed, 13 Sep 2017 23:23:53 +0000 (16:23 -0700)]
vfs_streams_xattr: Fix segfault when running with log level 10
This happens when vfs_streams_xattr is loaded, log level is set to 10
and the default stream of a file or directory is accessed. In that case
streams_xattr_open does not allocate the stream_io fsp extension. The
DBG_DEBUG message in streams_xattr_fstat tries to access the stream_io
before checking for a NULL value, resulting in the crash. Fix this by
moving the debug message after the check for a NULL pointer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13032
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Sep 14 10:58:12 CEST 2017 on sn-devel-144
(cherry picked from commit
1b6aa39fac0825b1f25fd62a6c67994b5c491170)
Andrew Bartlett [Mon, 11 Sep 2017 03:22:23 +0000 (15:22 +1200)]
schema: Rework dsdb_schema_set_indices_and_attributes() db operations
Commit
ec9b1e881c3eef503d6b4b311594113acf7d47d8 did not fully fix this.
There is no value in using dsdb_replace(), we are under the read lock
and replace just confuses things further.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13025
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit
5d9bb80a027ba2b03c97d80c10173f946c758f69)
Alexander Bokovoy [Wed, 13 Sep 2017 08:37:34 +0000 (11:37 +0300)]
Install dcerpc/__init__.py for all Python environments
Also fix whitespace. We use tabs, not spaces in Python/waf code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13030
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Sep 14 22:29:39 CEST 2017 on sn-devel-144
(cherry picked from commit
3f0938b9389dc9c0ca5e4acf0451f14050a7506f)
Stefan Metzmacher [Wed, 6 Sep 2017 07:47:20 +0000 (09:47 +0200)]
charset: fix str[n]casecmp_m() by comparing lower case values
The commits
c615ebed6e3d273a682806b952d543e834e5630d^..
f19ab5d334e3fb15761fb009e5de876dfc6ea785
replaced Str[n]CaseCmp() by str[n]casecmp_m().
The logic we had in str[n]casecmp_w() used to compare
the upper cased as well as the lower cased versions of the
characters and returned the difference between the lower cased versions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13018
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Sep 15 02:23:29 CEST 2017 on sn-devel-144
(cherry picked from commit
3ed9c903671e795964ce3da9d0080444ef3eb5e9)
Stefan Metzmacher [Wed, 6 Sep 2017 09:24:28 +0000 (11:24 +0200)]
charset/tests: also tests the system str[n]casecmp()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13018
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
9d99b640b9002ad6c0eb0d29a6d7adcfda870e13)
Stefan Metzmacher [Wed, 6 Sep 2017 08:39:00 +0000 (10:39 +0200)]
charset/tests: add more str[n]casecmp_m() tests to demonstrate the bug
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13018
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
2a3d4fe0c9eacf9d0b2261ef116a1f6b741e20ee)
Stefan Metzmacher [Wed, 6 Sep 2017 08:38:37 +0000 (10:38 +0200)]
charset/tests: assert the exact values of str[n]casecmp_m()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13018
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
c18ecdececef8fcfdaa5d3e1a066533c8b41f19d)
Karolin Seeger [Thu, 14 Sep 2017 13:45:45 +0000 (06:45 -0700)]
WHATSNEW: Prepare changes since 4.7.0rc5.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Thu Sep 14 22:01:27 CEST 2017 on sn-devel-144
Jeremy Allison [Mon, 11 Sep 2017 23:36:47 +0000 (16:36 -0700)]
libcli: SMB2: NetApps negotiate SMB3_11 but also set the SMB2_CAP_ENCRYPTION flag.
This is a SHOULD not, not a MUST not.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13009
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Steve French <sfrench@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 14 14:48:20 CEST 2017 on sn-devel-144
(cherry picked from commit
f0a90a1287a8f4c4114919a32afaff52e3c69a9b)
Andrew Bartlett [Wed, 6 Sep 2017 23:26:04 +0000 (11:26 +1200)]
python: Allow debug classes to be specified on the command line for python tools
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 7 10:43:33 CEST 2017 on sn-devel-144
(cherry picked from commit
c938f61d332de0323cb135b201367f90f08d76a8)
Andrew Bartlett [Wed, 6 Sep 2017 23:20:27 +0000 (11:20 +1200)]
librpc/dceprc_util.c: Move debug message to DBG_DEBUG()
This message shows up a lot (every packet) at level 6 for the succesful case
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
cbb3dcf2c67dd6ddbb419fff04112e3c345c2108)
Andrew Bartlett [Wed, 6 Sep 2017 23:19:01 +0000 (11:19 +1200)]
libcli/security: Move debug message to DBG_DEBUG()
This message shows up a lot at level 6 for no particularly good reason
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
544084d4a2e19958982e6003b1b1290315099b34)
Andrew Bartlett [Wed, 6 Sep 2017 23:13:17 +0000 (11:13 +1200)]
dsdb: Add missing \n to debug
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
8d8d31eb2bce6fa25485c4e989e6df372fb0e66e)
Andrew Bartlett [Wed, 6 Sep 2017 04:40:05 +0000 (16:40 +1200)]
drs repl: Only print raw DRS replication traffic at level 9
This can be sensitive even with the passwords still encrypted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
dc48fa982251292a0d46d701c6e912620caf7c72)
Andrew Bartlett [Wed, 6 Sep 2017 04:37:34 +0000 (16:37 +1200)]
debug: Add new debug class "drs_repl" for DRS replication processing
This is used in the client and in the server
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
51289a6f9bf25189386dd3f66b5b547f02348508)
Andrew Bartlett [Wed, 6 Sep 2017 04:24:35 +0000 (16:24 +1200)]
repl_meta_data: Re-work printing of replicated entries
This re-work of our LDIF printing avoids some of the privacy issue from
printing the full LDIF at level 4, while showing the entry that actually fails.
Instead, we print the DN only at level 4, then the full message at 8.
While all of the DRS replication data is potentially sensitive
the passwords are most sensitive, and are now not printed unencrypted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
e3988f8f74f4a11e8f26a548e0a33d20f4e863f7)
Andrew Bartlett [Wed, 6 Sep 2017 03:56:59 +0000 (15:56 +1200)]
linked_attributes: Use ldb_ldif_message_redacted_string() for consistency
This avoids printing un-encrypted secret values in logs, and while links are not likely
secret, this avoids a future copy and paste using ldb_ldif_message_string() again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
7cfaf706942308c3682d9a37ac778cfbbdf49919)
Andrew Bartlett [Wed, 6 Sep 2017 03:38:14 +0000 (15:38 +1200)]
repl_meta_data: Use ldb_ldif_message_redacted_string() to avoid printing secrets in logs
This avoids printing un-encrypted secret values in logs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
cc78de55810ac20858066a25159ad390e7644f07)
Andrew Bartlett [Wed, 6 Sep 2017 02:26:25 +0000 (14:26 +1200)]
ldb: version 1.2.2
* Bug #13017: Add ldb_ldif_message_redacted_string() to allow debug
of redacted log messages, avoiding showing secret values
* Bug #13015: Allow re-index of newer databases with binary GUID TDB keys
(this officially removes support for re-index of the original
pack format 0, rather than simply segfaulting).
* Avoid memory allocation and so make modify of records in ldb_tdb faster
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13023
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
ba54816875d43be66000977c6dd068e3165d7a46)
Andrew Bartlett [Tue, 5 Sep 2017 02:05:43 +0000 (14:05 +1200)]
ldb: Add new ldb_ldif_message_redacted_string() with tests
This is designed to be a drop in replacement for
ldb_ldif_message_string() while better protecting privacy.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
37bb62990b96b266ba4a3e90cadd414e6fee5ddf)
Andrew Bartlett [Thu, 10 Aug 2017 05:08:54 +0000 (17:08 +1200)]
ldb_tdb: Refuse to re-index very old database with no DN in the record
These are not found on any AD DC, and would segfault previous LDB
versions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
01c49b1a3561decdb10b5273d96d68d8e3d2b178)
Andrew Bartlett [Thu, 10 Aug 2017 04:09:31 +0000 (16:09 +1200)]
ldb_tdb: Use braces in ltdb_dn_list_find_val()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
54636011223ff350e172d52de302bcfcc5a0114a)
Andrew Bartlett [Thu, 10 Aug 2017 02:44:27 +0000 (14:44 +1200)]
ldb_tdb: Check for talloc_strdup() failure in ltdb_index_add1()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
6246c326a747382c728288ce7d3a8faa0b741ede)
Andrew Bartlett [Wed, 23 Aug 2017 03:38:01 +0000 (15:38 +1200)]
ldb_tdb: Check for errors during tdb operations in ltdb_reindex()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
ffc8023a0e66cf9693665565b1692ea7c882d437)
Andrew Bartlett [Thu, 7 Sep 2017 04:23:43 +0000 (16:23 +1200)]
ldb_tdb: Use memcmp rather than strncmp() in ltdb_key_is_record(), re_key() and re_index()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13016
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
3ce80cfb60d86a80efb6b66205f6d8d683791f6c)
Andrew Bartlett [Fri, 1 Sep 2017 02:35:08 +0000 (14:35 +1200)]
ldb_tdb: Create a common ltdb_key_is_record() allowing multiple key forms
If backported, this allows old ldb versions to full-search and re-index newer databases
and in current code allows the transition to and from a GUID or incrementing ID based index
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13016
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
fec666b334ad90408843d8fbfd4c2f62434831e2)
Andrew Bartlett [Fri, 18 Aug 2017 05:01:07 +0000 (17:01 +1200)]
ldb_tdb: Do not trigger the unique index check during a re-index, use another pass
We want to rename the objects, then scan looking for the index values.
This avoids a DB modify during the index scan traverse (the index values
are actually added to an in-memory TDB, written in prepare_commit()).
This allows us to remove the "this might already exist" case in the
index handling, we now know that the entry did not exist in the index
before we add it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
2d0007ee5a658d199029f7e81200e206ba0d89e0)
Andrew Bartlett [Tue, 15 Aug 2017 02:25:59 +0000 (14:25 +1200)]
ldb_tdb: Use memcmp() to compare TDB keys in re_index()
The keys may not always be a null terminated string, they could well
be a binary GUID in a future revision, for efficiency..
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13016
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
da1e23418a1d0e6b77dcf24bf6cbbc18b0fe020b)
Andrew Bartlett [Thu, 24 Aug 2017 05:01:14 +0000 (17:01 +1200)]
ldb: Add tests for indexed and unindexed search expressions
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 30 14:58:32 CEST 2017 on sn-devel-144
(cherry picked from commit
a5a2243f073f00bbfd7692fb2fe68ea79830ae0d)
Andrew Bartlett [Thu, 24 Aug 2017 04:29:58 +0000 (16:29 +1200)]
ldb: Fix tests to call the parent tearDown(), not setUp in tearDown
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
841e763a2b1dba1c0557d4f47a3674d6a555cab0)
Andrew Bartlett [Wed, 16 Aug 2017 00:51:09 +0000 (12:51 +1200)]
ldb_tdb: Rework ltdb_modify_internal() to use ltdb_search_dn1() internally
This avoids duplicate code and allows us to use the allocation-avoiding
LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC flag.
We can not use LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC as el2->values
is talloc_realloc()ed in the routine.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 29 11:13:50 CEST 2017 on sn-devel-144
(cherry picked from commit
3164c0ac54685d6ae430e2cb3bb50a9ad7f3e7fc)
Andrew Bartlett [Thu, 10 Aug 2017 23:31:05 +0000 (11:31 +1200)]
ldb: Add LDB_UNPACK_DATA_FLAG_NO_ATTRS
This will allow us to avoid a full unpack in situations where we just want to confirm
if the DN exists
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit
bff81a2c9cc43a2cfec822dde94944d0295dd87f)
Amitay Isaacs [Thu, 7 Sep 2017 07:21:03 +0000 (17:21 +1000)]
ctdb-daemon: GET_DB_SEQNUM should read database conditionally
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13021
Once the recovery starts and databases are frozen, then all the record
access is postponed till the recovery is complete except reading the
database sequence number. Database access for reading sequence number
is done via a control which does not check if the databases are frozen
or not.
If the database is frozen and if the freeze transaction is not started
(this can happen when a node is inactive, or during recovery when the
database is frozen but the transaction has not yet started), then trying
to read sequence number will cause ctdb daemon to deadlock.
Before reading the sequence number, check if the database access is
allowed.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
f57d379446c551bca5906247c622e857c77089b0)
Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Wed Sep 13 19:52:24 CEST 2017 on sn-devel-144
Amitay Isaacs [Thu, 7 Sep 2017 07:18:18 +0000 (17:18 +1000)]
ctdb-daemon: Add a function to check if db access is allowed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13021
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
5d2f2677de65a0fd6683bb759d80ebced604fa6b)
Amitay Isaacs [Tue, 5 Sep 2017 03:52:47 +0000 (13:52 +1000)]
ctdb-tests: Fix ctdb test binary name in path testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
96aef2371c6c1e0c6bd13874a71583eb9609959b)
Martin Schwenke [Tue, 12 Sep 2017 01:51:19 +0000 (11:51 +1000)]
ctdb-tests: Wait up to 30 seconds for process to be registered in ctdbd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
This avoids a potential race where the client is not properly
registered before "ctdb process-exists" is called.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
ff75f0836aef56476ec45a3bc8f3ca22c118e3a4)
Amitay Isaacs [Fri, 25 Aug 2017 06:55:34 +0000 (16:55 +1000)]
ctdb-tests: Fix ctdb process-exist tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Sat Sep 9 14:44:57 CEST 2017 on sn-devel-144
(cherry picked from commit
87f7d32a906799e83cb9b023978e689a630de017)
Amitay Isaacs [Wed, 30 Aug 2017 03:05:32 +0000 (13:05 +1000)]
ctdb-tests: Add a dummy ctdb client for testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
3067db5b50162fdae288aaad8e75beb924fc9494)
Amitay Isaacs [Fri, 25 Aug 2017 06:54:47 +0000 (16:54 +1000)]
ctdb-tests: Fix the implementation of process-exists in fake daemon
Keep track of clients and their pids.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
7dec80a7c042d83f9d48c75a8717c3d1b59b1fbf)
Amitay Isaacs [Fri, 25 Aug 2017 05:00:59 +0000 (15:00 +1000)]
ctdb-daemon: Fix implementation of process_exists control
Only check processes that are CTDB clients.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
d0a20baf43834c7290dfd8f256d9521724202f0c)
Ralph Boehme [Fri, 8 Sep 2017 10:19:03 +0000 (12:19 +0200)]
s3/smbd: sticky write time offset miscalculation causes broken timestamps
The offset calculation for the offset that got passed to
fetch_write_time_send() in the enumeration loop was wrong as it passed
the offset before smbd_dirptr_lanman2_entry() added required padding.
This resulted in broken timestamps in the find response.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13024
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Sep 12 02:45:46 CEST 2017 on sn-devel-144
(cherry picked from commit
7e0b2af4c0c429a3d347ace7b2f75cfeecea6d1f)
Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Tue Sep 12 23:59:14 CEST 2017 on sn-devel-144
Karolin Seeger [Sun, 10 Sep 2017 14:02:24 +0000 (16:02 +0200)]
WHATSNEW: Unify usage of "''".
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Mon Sep 11 05:30:28 CEST 2017 on sn-devel-144
Jeremy Allison [Wed, 6 Sep 2017 19:13:32 +0000 (12:13 -0700)]
WHATSNEW: Add Using x86_64 Accelerated AES Crypto Instructions section.
Describes --accel-aes configure time option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
c754f48575a5034242594762d62261a48025cebc)
Jeremy Allison [Wed, 6 Sep 2017 18:59:44 +0000 (11:59 -0700)]
lib: crypto: Add the ability to select Intel AESNI instruction set at configure time.
Add --accel-aes=[none|intelaesni] to select.
Default is none.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
5f87a05aa314776135eec1057dd644c0b25a9d14)
Jeremy Allison [Wed, 6 Sep 2017 18:40:02 +0000 (11:40 -0700)]
lib: crypto: Plumb in the Intel AES instructions.
Causes:
AES_set_encrypt_key()
AES_set_decrypt_key()
AES_encrypt()
AES_decrypt()
to probe for the Intel AES instructions at runtime (only once)
and then call the hardware implementations if so, otherwise
fall back to the software implementations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
Based on original work by Justin Maggard <jmaggard@netgear.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
53ac0f7c59a9192e4fa88bf3d257ad80379ded23)
Jeremy Allison [Thu, 31 Aug 2017 18:41:32 +0000 (11:41 -0700)]
lib: crypt: Prepare the existing code to switch to Intel AES hardware instructions.
Rename the old struct aes_key as an intermediate struct aes_key_rj
and wrap it in a union so we can chose an alternate aes_key struct
when using Intel AES hardware.
Rename the original software implementations of:
AES_set_encrypt_key()
AES_set_decrypt_key()
AES_encrypt()
AES_decrypt()
by adding an _rj on the end, and call them via a wrapper
function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
Based on original work by Justin Maggard <jmaggard@netgear.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
3324b55bde96d4098df2f1138be5fd243206ceba)
Jeremy Allison [Wed, 6 Sep 2017 16:58:06 +0000 (09:58 -0700)]
third_party: Add build capability to aesni-intel.
Minor modifications to code to allow building as a Samba
shared library.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
Based on original work by Justin Maggard <jmaggard@netgear.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
11a56768950e1caae302507e15e58eb1c316c30a)
Jeremy Allison [Wed, 6 Sep 2017 16:44:42 +0000 (09:44 -0700)]
third_party: Add the Intel Add support for AES-NI acceleration.
This commit takes the Linux kernel AES-NI code, and puts it into a
third_party private library. The Linux kernel code is under GPLv2+
so is compatible with Samba.
This can result in massive speed improvements (up to 200% on some
platforms), by using Intel AES-NI instructions.
These are the pristine check-ins of Linux kernel files for Intel AESNI crypto.
git show
8691ccd764f9ecc69a6812dfe76214c86ac9ba06:arch/x86/crypto/aesni-intel_asm.S
git show
2baad6121e2b2fa3428ee6cb2298107be11ab23a:arch/x86/include/asm/inst.h
Show the exact Linux kernel git refspecs we have imported.
These files are not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
Based on original work by Justin Maggard <jmaggard@netgear.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
421fa346de575ebbed3496dc203011b80537bd8a)
Volker Lendecke [Wed, 30 Aug 2017 15:49:54 +0000 (17:49 +0200)]
messaging: Avoid a socket leak after fork
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13006
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 5 19:12:34 CEST 2017 on sn-devel-144
(cherry picked from commit
d1c96dc0ac95322ce46703a11002873faf55a26c)
Volker Lendecke [Tue, 29 Aug 2017 19:57:54 +0000 (21:57 +0200)]
pthreadpool: Test fork with an active thread
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13006
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Aug 31 21:34:57 CEST 2017 on sn-devel-144
(cherry picked from commit
981e674a7472017274c9b169c776d5c5e8bd1469)
Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Sat Sep 9 01:44:12 CEST 2017 on sn-devel-144
Volker Lendecke [Mon, 28 Aug 2017 14:38:19 +0000 (16:38 +0200)]
pthreadpool: Fix fork behaviour
glibc's pthread_cond_wait(&c, &m) increments m.__data.__nusers, making
pthread_mutex_destroy return EBUSY. Thus we can't allow any thread waiting for
a job across a fork. Also, the state of the condvar itself is unclear across a
fork. Right now to me it looks like an initialized but unused condvar can be
used in the child. Busy worker threads don't cause any trouble here, they don't
hold mutexes or condvars. Also, they can't reach the condvar because _prepare
holds all mutexes.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13006
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
ff98e3fb666b57b56a1427aa1196948ceebdec66)
Andrew Bartlett [Mon, 28 Aug 2017 09:37:16 +0000 (21:37 +1200)]
WHATSNEW: We generate SHA265 certificates now
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Wed Sep 6 14:21:15 CEST 2017 on sn-devel-144
Andrew Bartlett [Mon, 28 Aug 2017 09:36:14 +0000 (21:36 +1200)]
WHATSNEW: warn against using the RODC on older Samba versions
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 28 Aug 2017 09:35:56 +0000 (21:35 +1200)]
WHATSNEW: explain that we may use much more RAM and SWAP with multi-process LDAP
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 28 Aug 2017 09:35:34 +0000 (21:35 +1200)]
WHATSNEW: fix spelling
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 3 Aug 2017 23:44:19 +0000 (11:44 +1200)]
s4-drsuapi: Avoid segfault when replicating as a non-admin with GUID_DRS_GET_CHANGES
Users who are not administrator do not get b_state->sam_ctx_system filled in.
We should probably use the 'sam_ctx' variable in all cases (instead of
b_state->sam_ctx*), but I'll make this change in a separate patch, so
that the bug fix remains independent from other tidy-ups.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12946
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit
dd863b604984c1504895f376ec64f58e27e53efa)
Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Thu Aug 31 14:02:51 CEST 2017 on sn-devel-144
David Disseldorp via samba-technical [Sat, 26 Aug 2017 21:40:37 +0000 (23:40 +0200)]
tests/fake_snap: sanitize paths
Ensure fake_snap.pl can be run in taint mode (-T), by sanitizing paths
and the PATH env. This fixes the following samba3.rpc.fsrvp selftest
failures:
Insecure dependency in mkdir while running setgid at (eval 2) line 4.
snap create failed: NT_STATUS_UNSUCCESSFUL
snap create failed for shadow copy of /home/ddiss/isms/samba/st/nt4_dc/share
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12988
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 29 04:54:51 CEST 2017 on sn-devel-144
(cherry picked from commit
f9d4158f0b002b482df0a919d4cb337cce81f9f8)
Karolin Seeger [Tue, 29 Aug 2017 04:10:50 +0000 (06:10 +0200)]
VERSION: Bump version up to 4.7.0rc6...
and re-enable GIT_SNAPSHOTS.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 29 Aug 2017 04:10:06 +0000 (06:10 +0200)]
VERSION: Disable GIT_SNAPSHOTS for the 4.7.0rc5 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 29 Aug 2017 04:09:24 +0000 (06:09 +0200)]
WHATSNEW: Add release notes for Samba 4.7.0rc5.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Andreas Schneider [Tue, 8 Aug 2017 10:05:24 +0000 (12:05 +0200)]
s4:torture: The teardown function should just return
The teardown functions should not return on error but finish cleaning
up!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12984
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
c90069b26424752b15922de9cb796c431d2f3e08)
Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Mon Aug 28 15:19:58 CEST 2017 on sn-devel-144
Andreas Schneider [Tue, 8 Aug 2017 08:40:19 +0000 (10:40 +0200)]
s4:torture: Delete printer before we remove the driver
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12984
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
bd44e435fa6a93d47a470f8ee95763a95eba4b5d)
Andreas Schneider [Tue, 8 Aug 2017 09:25:48 +0000 (11:25 +0200)]
s4:torture: Use a different driver name for add_driver tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12984
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
731fe596ac0999d54aae03ce4175356c56b3c94b)
Marc Muehlfeld [Mon, 28 Aug 2017 08:54:43 +0000 (10:54 +0200)]
[PATCH] WHATSNEW: Added links to Wiki documentation
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Christof Schmitt [Wed, 23 Aug 2017 21:37:28 +0000 (14:37 -0700)]
vfs_default: Fix passing of errno from async calls
Current code assigns errno from async pthreadpool calls to the
vfs_default internal vfswrap_*_state. The callers of the vfs_*_recv
functions expect the value from errno in vfs_aio_state.error.
Correctly assign errno to vfs_aio_state.error and remove the unused
internal err variable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12983
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a6f391b8dd1fbfd1a370667dec1374284984c341)
Amitay Isaacs [Fri, 18 Aug 2017 04:00:47 +0000 (14:00 +1000)]
ctdb-client: Fix ctdb_attach() to use database flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Aug 25 13:32:58 CEST 2017 on sn-devel-144
(cherry picked from commit
1f7f112317e0c33bc088a204b3ee69ba48c3f449)
Amitay Isaacs [Wed, 23 Aug 2017 02:09:22 +0000 (12:09 +1000)]
ctdb-client: Optionally return database id from ctdb_ctrl_createdb()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
9987fe7209c3bd44ea0015d98d0f92b65ec70700)
Amitay Isaacs [Fri, 18 Aug 2017 03:50:39 +0000 (13:50 +1000)]
ctdb-client: Fix ctdb_ctrl_createdb() to use database flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
4bd0a20a75db3b3c409c25a4bc59aed30464f047)
Amitay Isaacs [Fri, 18 Aug 2017 04:27:10 +0000 (14:27 +1000)]
ctdb-tests: Add a test to check databases are attached with correct flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
9a92d712705356d18f70dfb779c18256794966b9)
Amitay Isaacs [Fri, 18 Aug 2017 04:45:30 +0000 (14:45 +1000)]
ctdb-tests: Add functions to start/stop/restart a single local daemon
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
9691b72a8785c2bc2561bd6c897fea3c0cc2cbeb)
Amitay Isaacs [Tue, 22 Aug 2017 02:53:43 +0000 (12:53 +1000)]
ctdb-tests: Add functions to start/stop/restart ctdb on single node
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
205969dd94f532a157e17a88191863e4af0c012c)
Andreas Schneider [Tue, 22 Aug 2017 13:46:07 +0000 (15:46 +0200)]
s3:utils: Remove pointless if-clause for remote_machine
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Review with: git show -U20
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit
4a4bfcb539b4489f397b2bc9369215b7e03e620e)
Andreas Schneider [Fri, 18 Aug 2017 14:17:08 +0000 (16:17 +0200)]
s3:utils: Make sure we authenticate against our SAM name in smbpasswd
If a local user wants to change his password using smbpasswd and the
machine is a domain member, we need to make sure we authenticate against
our SAM and not ask winbind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit
dc129a968afdac8be70f9756bd18a7bf1f4c3b02)
Andreas Schneider [Fri, 18 Aug 2017 14:14:57 +0000 (16:14 +0200)]
s3:utils: Pass domain to password_change() in smbpasswd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit
b483340639157fe95777672f5723455c48c3c616)
Andreas Schneider [Fri, 18 Aug 2017 14:13:15 +0000 (16:13 +0200)]
s3:utils: Make strings const passed to password_change() in smbpasswd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit
41a31a71abe144362fc7483fabba39aafa866373)
Andreas Schneider [Fri, 18 Aug 2017 14:10:06 +0000 (16:10 +0200)]
s3:libsmb: Move prototye of remote_password_change()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit
c773844e7529b83b2633671c7bcf1e7b84ad7950)
Andreas Schneider [Fri, 18 Aug 2017 14:08:46 +0000 (16:08 +0200)]
s3:libsmb: Pass domain to remote_password_change()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit
7a554ee7dcefdff599ebc6fbf4e128b33ffccf29)
Stefan Metzmacher [Thu, 17 Aug 2017 15:45:21 +0000 (17:45 +0200)]
s3:gse_krb5: make use of precalculated krb5 keys in fill_mem_keytab_from_secrets()
This avoids a lot of cpu cycles, which were wasted for each single smb
connection, even if the client didn't use kerberos.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12973
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 18 10:04:57 CEST 2017 on sn-devel-144
(cherry picked from commit
cd813f7fd9ee8e9d82a6bf6c98621c437f6974b2)
Stefan Metzmacher [Thu, 17 Aug 2017 19:42:34 +0000 (21:42 +0200)]
s3:secrets: allow secrets_fetch_or_upgrade_domain_info() on an AD DC
The reason for the check is for write access as secrets.ldb is the
master database.
But secrets_fetch_or_upgrade_domain_info() just syncs the values
we got from if they got overwritten by secrets_store_machine_pw_sync().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12973
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
37e49a2af5bb1c40c17eab18ff9412f2ce79ef71)
Stefan Metzmacher [Wed, 16 Aug 2017 20:27:15 +0000 (22:27 +0200)]
libcli/smb: debug an error if smb1cli_req_writev_submit() is called for SMB2/3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12968
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 18 04:45:03 CEST 2017 on sn-devel-144
(cherry picked from commit
9fb2562324e4381f8d0d5eaf864790ad770293b9)
Jeremy Allison [Wed, 16 Aug 2017 22:48:01 +0000 (15:48 -0700)]
s3: libsmb: Add cli_smb2_chkpath() and use from cli_chkpath().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12968
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
428fc22e8bb7b7a74ba9e29bf962ebfbfd50c47b)
Andreas Schneider [Wed, 9 Aug 2017 10:14:34 +0000 (12:14 +0200)]
blackbox: Add test for 'net ads changetrustpw'
BUG: BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 11 22:09:27 CEST 2017 on sn-devel-144
(cherry picked from commit
e2c0fd36ba54d984b554248aecffd3e4e7f43e1f)
Andreas Schneider [Wed, 9 Aug 2017 16:14:23 +0000 (18:14 +0200)]
s3:libads: Fix changing passwords with Kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit
b81ca4f9dcbb378a95fb3ac31bfd9a1cbe505d7d)
Andreas Schneider [Tue, 8 Aug 2017 06:40:34 +0000 (08:40 +0200)]
s3:script: Untaint user supplied data in modprinter.pl
spoolss_SetPrinter fails because of the error produced by modprinter.pl.
Perl error:
Insecure dependency in open while running setgid at modprinter.pl line 76.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12950
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
f44917743512fa40f2833629dfd781f7c691ce62)
Stefan Metzmacher [Thu, 20 Jul 2017 09:56:21 +0000 (11:56 +0200)]
s4:http/gensec: add missing tevent_req_done() to gensec_http_ntlm_update_done()
This was missing in commit
d718e92d5e145dccd492c46febc249e462ce50c6.
Sadly we can't have automated tests for this as we only implement
the client side for this protocol.
I've tested with using:
bin/smbtorture \
-W BLA --realm=BLA.BASE \
-s /dev/null -Uadministrator%
A1b2C3d4 \
ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \
rpc.epmapper.epmapper.Lookup_simple \
and:
bin/smbtorture \
-W BLA --realm=BLA.BASE \
-s /dev/null -Uadministrator%
A1b2C3d4 \
ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \
rpc.epmapper.epmapper.Lookup_simple \
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12919
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 21 23:29:39 CEST 2017 on sn-devel-144
(cherry picked from commit
13f91927e0f642e58c70d7b0b2f68df861ac661c)
Stefan Metzmacher [Wed, 16 Aug 2017 10:42:48 +0000 (12:42 +0200)]
s3:libsmb: let do_connect() debug the negotiation result similar to "session request ok"
Also modify non-specified max_protocol to be PROTOCOL_LATEST
(currently PROTOCOL_SMB3_11).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12881
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
2901ed0deb1324cacdc804fe5a09468a91661f9d)
Stefan Metzmacher [Wed, 16 Aug 2017 10:38:30 +0000 (12:38 +0200)]
s3:libsmb: don't call cli_NetServerEnum() on SMB2/3 connections in SMBC_opendir_ctx()
This is all we can do with when using we allow SMB2/3 and the server supports
it, 'smb://' can't work unless we implement LLMNR and maybe WSD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12876
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ecca95736d3994011de2d3fd882b58ab9b450a83)
Stefan Metzmacher [Wed, 16 Aug 2017 06:56:39 +0000 (08:56 +0200)]
s3:smbclient: don't try any workgroup listing with "client min protocol = SMB2"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12863
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
379e5c1c2fa75c30b08bea7079cf1e9c46db0b26)
Stefan Metzmacher [Wed, 16 Aug 2017 06:55:43 +0000 (08:55 +0200)]
s3:smbclient: improve the error messages for smbclient -L
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12863
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3111463e743dfda89002f1047d1030ab617e5277)
Stefan Metzmacher [Fri, 7 Jul 2017 22:57:59 +0000 (00:57 +0200)]
s3:libsmb: let get_ipc_connect() use CLI_FULL_CONNECTION_FORCE_SMB1
get_ipc_connect() is only used in code paths that require cli_NetServerEnum()
to work, so it must already require SMB1 only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12876
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0f9d10246071160dc736205af234ab0ca456d0dc)