metze/samba/wip.git
2 years agos4/torture: some tests for kernel oplocks
Ralph Boehme [Wed, 1 Mar 2017 17:13:35 +0000 (18:13 +0100)]
s4/torture: some tests for kernel oplocks

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/selftest: adopt config.h check from source4
Ralph Boehme [Wed, 8 Mar 2017 06:18:36 +0000 (07:18 +0100)]
s3/selftest: adopt config.h check from source4

No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: fix deferred open with streams and kernel oplocks
Ralph Boehme [Tue, 7 Mar 2017 15:27:39 +0000 (16:27 +0100)]
s3/smbd: fix deferred open with streams and kernel oplocks

I noticed smbd can get stuck in an open() call with kernel oplocks
enabled and named streams (provided by vfs_streams_xattr):

- client opens a file and with an exclusive oplock

- client starts writing to the file

- client opens an existing stream of the file

- the smbd process gets stuck in an open()

What happens is:

we had setup a locking.tdb record watch in defer_open(), the watch was
triggered, we reattempted the open and got stuck in a blocking open
because the oplock holder (ourselves) hadn't given up the oplock yet.

Cf e576bf5310bc9de9686a71539e9a1b60b4fba5cc for the commit that added
the kernel oplock retry logic. tldr: with kernel oplocks the first open
is non-blocking, but the second one is blocking.

Detailed analysis follows.

When opening a named stream of a file, Samba internally opens the
underlying "base" file first. This internal open of the basefile suceeds
and does *not* trigger an oplock break (because it is an internal open
that doesn't call open() at all) but it is added as an entry to the
locking.tdb record of the file.

Next, the stream open ends up in streams_xattr where a non-blocking
open() on the base file is called. This open fails with EWOULDBLOCK
because we have another fd with a kernel oplock on the file.

So we call defer_open() which sets up a watch on the locking.tdb record.

In the subsequent error unwinding code in open_file_ntcreate() and
callers we close the internal open file handle of the basefile which
also removes the entry from the locking.tdb record and so *changes the
record*.

This fires the record watch and in the callback defer_open_done() we
don't check whether the condition (oplock gone) we're interested in is
actually met. The callback blindly reschedules the open request with
schedule_deferred_open_message_smb().

schedule_deferred_open_message_smb() schedules an immediate tevent event
which has precedence over the IPC fd events in messaging, so the open is
always (!) reattempted before processing the oplock break message.

As explained above, this second open will be a blocking one so we get
stuck in a blocking open.

It doesn't help to make all opens non-blocking, that would just result
in a busy loop failing the open, as we never process the oplock break
message (remember, schedule_deferred_open_message_smb() used immediate
tevent events).

To fix this we must add some logic to the record watch callback to check
whether the record watch was done for a kernel oplock file and if yes,
check if the oplock state changed. If not, simply reschedule the
deferred open and keep waiting.

This logic is only needed for kernel oplocks, not for Samba-level
oplocks, because there's no risk of deadlocking, the worst that can
happen is a rescheduled open that fails again in the oplock checks and
gets deferred again.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: all callers of defer_open() pass a lck
Ralph Boehme [Tue, 7 Mar 2017 14:48:05 +0000 (15:48 +0100)]
s3/smbd: all callers of defer_open() pass a lck

No change in behaviour. Update the function comment explaining how it
works and relies on lck for a record watch.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: remove async_open arg from defer_open()
Ralph Boehme [Tue, 7 Mar 2017 18:11:20 +0000 (19:11 +0100)]
s3/smbd: remove async_open arg from defer_open()

All remaining callers pass false.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: fix schedule_async_open() timer
Ralph Boehme [Tue, 7 Mar 2017 14:33:55 +0000 (15:33 +0100)]
s3/smbd: fix schedule_async_open() timer

schedule_async_open() was calling defer_open with sharemode lock = NULL,
as a result there was never an active 20 s timeout.

This has been broken since the commits in

$ git log --reverse -p -10 8283fd0e0090ed12b0b12d5acb550642d621b026

Just roll our own deferred record instead of calling defer_open() and
also set up timer that, as a last resort, catches stuck opens and just
exits for now.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: add and use retry_open() instead of defer_open() in two places
Ralph Boehme [Tue, 7 Mar 2017 14:03:12 +0000 (15:03 +0100)]
s3/smbd: add and use retry_open() instead of defer_open() in two places

Add a new function that does an immediate open rescheduling.

The first deferred open this commit changes was never scheduled, as the
scheduling relies on a timeout of the watch on the sharemode lock.

This has been broken since the commits in

$ git log --reverse -p -10 8283fd0e0090ed12b0b12d5acb550642d621b026

That patchset added the dbwrap watch record logic to defer_open() and
removed the timers.

I'm doing this mainly to untangle the defer_open() logic which is
complicated by the lck arg.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: simplify defer_open()
Ralph Boehme [Tue, 7 Mar 2017 13:37:54 +0000 (14:37 +0100)]
s3/smbd: simplify defer_open()

Add a helper function deferred_open_record_create() that creates a
deferred_open_record and let all callers pass all needed arguments
individually.

While we're at it, enhance the debug message in defer_open() to print
all variables.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: req is already validated at the beginning of open_file_ntcreate()
Ralph Boehme [Tue, 7 Mar 2017 13:10:39 +0000 (14:10 +0100)]
s3/smbd: req is already validated at the beginning of open_file_ntcreate()

req can't be NULL because the if condition surrounding this code checks
!(oplock_request & INTERNAL_OPEN_ONLY).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: add comments and some reformatting to open_file_ntcreate()
Ralph Boehme [Mon, 6 Mar 2017 10:43:08 +0000 (11:43 +0100)]
s3/smbd: add comments and some reformatting to open_file_ntcreate()

No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: add const to get_lease_type() args
Ralph Boehme [Sat, 4 Mar 2017 12:55:55 +0000 (13:55 +0100)]
s3/smbd: add const to get_lease_type() args

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/wscript: fix Linux kernel oplock detection
Ralph Boehme [Mon, 6 Mar 2017 11:09:53 +0000 (12:09 +0100)]
s3/wscript: fix Linux kernel oplock detection

Fix a copy/paste error, the Linux kernel oplocks check was copied from
the change notify support check.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowinbindd: Remove an unused #define
Volker Lendecke [Wed, 8 Mar 2017 09:26:38 +0000 (10:26 +0100)]
winbindd: Remove an unused #define

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Fri Mar 10 00:00:15 CET 2017 on sn-devel-144

2 years agowinbind: Use talloc_strdup_upper where appropriate
Volker Lendecke [Wed, 8 Mar 2017 09:17:16 +0000 (10:17 +0100)]
winbind: Use talloc_strdup_upper where appropriate

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoldap_server: Fix a typo
Volker Lendecke [Tue, 7 Mar 2017 14:29:18 +0000 (15:29 +0100)]
ldap_server: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agowinbind: Fix a typo
Volker Lendecke [Mon, 6 Mar 2017 20:33:28 +0000 (20:33 +0000)]
winbind: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoldb: add LDB_FLG_DONT_CREATE_DB
Stefan Metzmacher [Fri, 24 Feb 2017 14:34:33 +0000 (15:34 +0100)]
ldb: add LDB_FLG_DONT_CREATE_DB

This avoids creating an new tdb files on ldbsearch
or other callers which use LDB_FLG_DONT_CREATE_DB.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar  9 16:02:21 CET 2017 on sn-devel-144

2 years agoauth3: Simplify auth_check_ntlm_password logic with a "goto fail"
Volker Lendecke [Sat, 11 Feb 2017 10:38:56 +0000 (11:38 +0100)]
auth3: Simplify auth_check_ntlm_password logic with a "goto fail"

No intended code change, just reformatting and a goto fail with
inverted logic

Best viewed with "git show -b"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar  9 02:01:35 CET 2017 on sn-devel-144

2 years agoauth3: Simplify auth_check_ntlm_password logic with a "goto fail"
Volker Lendecke [Sat, 11 Feb 2017 10:38:56 +0000 (11:38 +0100)]
auth3: Simplify auth_check_ntlm_password logic with a "goto fail"

No intended code change, just reformatting and a goto fail with
inverted logic

Best viewed with "git show -b" :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoauth3: Simplify auth_check_ntlm_password server_info handling
Volker Lendecke [Sat, 11 Feb 2017 10:34:58 +0000 (11:34 +0100)]
auth3: Simplify auth_check_ntlm_password server_info handling

Instead of directly assigning (*pserver_info), work on a local copy
first and assign it once when successful

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoauth3: Simplify auth_check_ntlm_password talloc handling
Volker Lendecke [Sat, 11 Feb 2017 10:26:09 +0000 (11:26 +0100)]
auth3: Simplify auth_check_ntlm_password talloc handling

Use talloc_stackframe and talloc_tos. Don't bother to talloc_free
within the loop, we don't have many iterations.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoauth3: Use talloc_move instead of _steal
Volker Lendecke [Sun, 19 Feb 2017 13:23:58 +0000 (14:23 +0100)]
auth3: Use talloc_move instead of _steal

That's the more "modern" way to steal

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoauth3: Centralize auth_check_ntlm_password failure handling
Volker Lendecke [Sat, 11 Feb 2017 10:24:22 +0000 (11:24 +0100)]
auth3: Centralize auth_check_ntlm_password failure handling

Preparation for simplified talloc handling. Slight behaviour change:
We now ZERO_STRUCTP(pserver_info) in all failure cases.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3-gse: move krb5 fallback to smb_gss_krb5_import_cred wrapper
Alexander Bokovoy [Wed, 8 Mar 2017 10:38:49 +0000 (12:38 +0200)]
s3-gse: move krb5 fallback to smb_gss_krb5_import_cred wrapper

MIT krb5 1.9 version of gss_krb5_import_cred() may fail when importing
credentials from a keytab without specifying actual principal.
This was fixed in MIT krb5 1.9.2 (see commit
71c3be093db577aa52f6b9a9a3a9f442ca0d8f20 in MIT krb5-1.9 branch, git
master's version is bd18687a705a8a6cdcb7c140764d1a7c6a3381b5).

Move fallback code to the smb_gss_krb5_import_cred wrapper. We only
expect this fallback to happen with krb5 GSSAPI mechanism, thus hard
code use of krb5 mech when calling to gss_acquire_cred.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Mar  8 22:00:24 CET 2017 on sn-devel-144

2 years agos3-gse: convert to use smb_gss_krb5_import_cred
Alexander Bokovoy [Fri, 3 Mar 2017 14:58:14 +0000 (16:58 +0200)]
s3-gse: convert to use smb_gss_krb5_import_cred

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agolibads: convert to use smb_gss_krb5_import_cred
Alexander Bokovoy [Fri, 3 Mar 2017 14:57:50 +0000 (16:57 +0200)]
libads: convert to use smb_gss_krb5_import_cred

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agocredentials_krb5: convert to use smb_gss_krb5_import_cred
Alexander Bokovoy [Fri, 3 Mar 2017 14:57:13 +0000 (16:57 +0200)]
credentials_krb5: convert to use smb_gss_krb5_import_cred

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agolib/krb5_wrap: add smb_gss_krb5_import_cred wrapper
Alexander Bokovoy [Fri, 3 Mar 2017 14:14:57 +0000 (16:14 +0200)]
lib/krb5_wrap: add smb_gss_krb5_import_cred wrapper

Wrap gss_krb5_import_cred() to allow re-implementing it with
gss_acquire_cred_from() for newer MIT versions. gss_acquire_cred_from()
works fine with GSSAPI interposer (GSS-proxy) while
gss_krb5_import_cred() is not interposed yet.

The wrapper has additional parameter, krb5_context handle, to facilitate
with credentials cache name discovery. All our callers to
gss_krb5_import_cred() already have krb5 context handy.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agogssapi: check for gss_acquire_cred_from
Alexander Bokovoy [Fri, 3 Mar 2017 15:08:09 +0000 (17:08 +0200)]
gssapi: check for gss_acquire_cred_from

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agos3-libads: Do not leak the msg on error
Andreas Schneider [Wed, 5 Oct 2016 08:33:26 +0000 (10:33 +0200)]
s3-libads: Do not leak the msg on error

ldap_search_ext_s manpage states:
Note that res parameter of ldap_search_ext_s should be freed with
ldap_msgfree() regardless of return value of these functions.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar  8 14:59:35 CET 2017 on sn-devel-144

2 years agoidmap_autorid: allocate new domain range if the callers knows the sid is valid
Stefan Metzmacher [Mon, 6 Mar 2017 11:53:09 +0000 (11:53 +0000)]
idmap_autorid: allocate new domain range if the callers knows the sid is valid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12613

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar  8 04:06:59 CET 2017 on sn-devel-144

2 years agomanpages/vfs_fruit: document global options
Ralph Boehme [Tue, 7 Mar 2017 17:10:56 +0000 (18:10 +0100)]
manpages/vfs_fruit: document global options

Some options MUST be set in the global section, better document that.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12615

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowinbind: Add a debug message for out-of-range IDs
Volker Lendecke [Tue, 7 Mar 2017 13:06:52 +0000 (14:06 +0100)]
winbind: Add a debug message for out-of-range IDs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowinbind: Remove unused wcache_tdc_fetch_domainbysid
Volker Lendecke [Tue, 21 Feb 2017 17:41:59 +0000 (18:41 +0100)]
winbind: Remove unused wcache_tdc_fetch_domainbysid

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowinbind: Correcly pass !authoritative from wb_irpc_SamLogon
Volker Lendecke [Sat, 4 Mar 2017 17:40:09 +0000 (18:40 +0100)]
winbind: Correcly pass !authoritative from wb_irpc_SamLogon

Returning an error at this level gives a RPC level error without the chance to
provide !authoritative flag to the caller. At the RPC level we're fine, but not
finding the domain to authenticate means that we don't know the domain and thus
have to return !authoritative.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar  7 13:16:00 CET 2017 on sn-devel-144

2 years agolibwbclient: Add "authoritative" to wbcAuthErrorInfo
Volker Lendecke [Sun, 29 Jan 2017 16:51:53 +0000 (16:51 +0000)]
libwbclient: Add "authoritative" to wbcAuthErrorInfo

smbd needs to react to "authoritative"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agowinbind: Set "authoritative" in response to auth_crap
Volker Lendecke [Sat, 11 Feb 2017 09:04:29 +0000 (10:04 +0100)]
winbind: Set "authoritative" in response to auth_crap

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agowinbind: Add "authoritative" to winbindd_response
Volker Lendecke [Sun, 29 Jan 2017 16:46:12 +0000 (16:46 +0000)]
winbind: Add "authoritative" to winbindd_response

This is a relevant piece of info in the samlogon response,
smbd and netlogond need to be able to react to it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agowinbind: Pass up args from winbind_dual_SamLogon
Volker Lendecke [Sat, 28 Jan 2017 20:20:59 +0000 (20:20 +0000)]
winbind: Pass up args from winbind_dual_SamLogon

We'll need to pass "authoritative" back to the winbind client

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agowinbind: Pass up args from winbind_samlogon_retry_loop
Volker Lendecke [Sat, 28 Jan 2017 20:20:59 +0000 (20:20 +0000)]
winbind: Pass up args from winbind_samlogon_retry_loop

In particular "authoritative" is useful at the top level

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agocli_netlogon: Add return parms to rpccli_netlogon_password_logon
Volker Lendecke [Sat, 28 Jan 2017 11:36:11 +0000 (11:36 +0000)]
cli_netlogon: Add return parms to rpccli_netlogon_password_logon

Just for symmetry with rpccli_netlogon_network_logon()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agocli_netlogon: Remove a fallback for flags=NULL
Volker Lendecke [Sat, 28 Jan 2017 11:31:09 +0000 (11:31 +0000)]
cli_netlogon: Remove a fallback for flags=NULL

The two callers of rpccli_netlogon_network_logon have flags set !=NULL

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agocli_netlogon: Remove a fallback for authoritative=NULL
Volker Lendecke [Sat, 28 Jan 2017 11:27:21 +0000 (11:27 +0000)]
cli_netlogon: Remove a fallback for authoritative=NULL

The two callers of rpccli_netlogon_network_logon have authoritative
set !=NULL

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agowinbind: Fix a debug message
Volker Lendecke [Mon, 27 Feb 2017 13:35:59 +0000 (13:35 +0000)]
winbind: Fix a debug message

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Mar  6 23:18:46 CET 2017 on sn-devel-144

2 years agoauth4: Remove an unused struct declaration
Volker Lendecke [Sun, 26 Feb 2017 16:27:05 +0000 (17:27 +0100)]
auth4: Remove an unused struct declaration

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth4: Move a variable closer to its use
Volker Lendecke [Fri, 3 Mar 2017 05:03:31 +0000 (06:03 +0100)]
auth4: Move a variable closer to its use

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoRe-enable token groups fallback
Volker Lendecke [Thu, 2 Mar 2017 14:14:51 +0000 (15:14 +0100)]
Re-enable token groups fallback

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Mar  6 19:18:31 CET 2017 on sn-devel-144

2 years agowinbindd: find the domain based on the sid within wb_lookupusergroups_send()
Stefan Metzmacher [Mon, 6 Mar 2017 09:30:52 +0000 (10:30 +0100)]
winbindd: find the domain based on the sid within wb_lookupusergroups_send()

That simplifies the potential caller.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agoRevert "winbind: Remove wb_lookupusergroups"
Volker Lendecke [Thu, 2 Mar 2017 13:56:09 +0000 (14:56 +0100)]
Revert "winbind: Remove wb_lookupusergroups"

This reverts commit c0570e6ae8f8f0057ece48d764580897ff2b6f62.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agoRevert "winbind: Remove wbint_LookupUserGroups"
Volker Lendecke [Thu, 2 Mar 2017 13:55:15 +0000 (14:55 +0100)]
Revert "winbind: Remove wbint_LookupUserGroups"

This reverts commit 256632ed3cc724bab0fc22132ca6b52faf680ab2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agoRevert "winbind: Remove wb_cache_lookup_usergroups"
Volker Lendecke [Thu, 2 Mar 2017 13:54:46 +0000 (14:54 +0100)]
Revert "winbind: Remove wb_cache_lookup_usergroups"

This reverts commit f83863b4d1510a9519d15934c960fd1675235812.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agoRevert "winbind: Remove wcache_lookup_usergroups"
Volker Lendecke [Thu, 2 Mar 2017 13:54:23 +0000 (14:54 +0100)]
Revert "winbind: Remove wcache_lookup_usergroups"

This reverts commit 876dc28b9cf13343a2962b1a1b035fe78c1858a6.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agoRevert "winbind: Remove validate_ug"
Volker Lendecke [Thu, 2 Mar 2017 13:54:09 +0000 (14:54 +0100)]
Revert "winbind: Remove validate_ug"

This reverts commit 3f58a8cabab75a594cff9088d5dd8ea439b36178.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agoRevert "winbind: Remove "lookup_usergroups" winbind method"
Volker Lendecke [Thu, 2 Mar 2017 13:53:47 +0000 (14:53 +0100)]
Revert "winbind: Remove "lookup_usergroups" winbind method"

This reverts commit b231814c6b0ad17255139bc8934f269610348b2b.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agoRevert "winbind: Remove rpc_lookup_usergroups"
Volker Lendecke [Thu, 2 Mar 2017 13:52:49 +0000 (14:52 +0100)]
Revert "winbind: Remove rpc_lookup_usergroups"

This reverts commit 91b73b1e93bb8fb38e2f1cea6c1cbd012c952542.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agos3:libads: remove unused fallback to gss_acquire_cred()
Stefan Metzmacher [Fri, 3 Mar 2017 11:56:24 +0000 (12:56 +0100)]
s3:libads: remove unused fallback to gss_acquire_cred()

Heimdal and all supported versions of MIT krb5 prove gss_krb5_import_cred(),
so we don't need an #ifdef here.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Mar  6 11:44:54 CET 2017 on sn-devel-144

2 years agos4/torture: add a creditting test skipping a SMB2 MID
Ralph Boehme [Mon, 27 Feb 2017 11:55:04 +0000 (12:55 +0100)]
s4/torture: add a creditting test skipping a SMB2 MID

This tests that skipping a SMB2 MID the client's usable MID window is

[unused mid, unused mid + 8192]

The test currently fails against Samba as we only grant up to 512
credits. It passes against Windows 2016 as that grants up to 8192
credits by default.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar  4 01:54:07 CET 2017 on sn-devel-144

2 years agolibcli/smb: add smb2cli_conn_get_mid and smb2cli_conn_set_mid
Ralph Boehme [Sun, 26 Feb 2017 08:28:12 +0000 (09:28 +0100)]
libcli/smb: add smb2cli_conn_get_mid and smb2cli_conn_set_mid

This will be needed for a torture test in the next commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4/torture: add some SMB2 crediting tests
Ralph Boehme [Mon, 27 Feb 2017 06:12:09 +0000 (07:12 +0100)]
s4/torture: add some SMB2 crediting tests

These tests verify that a server grants at least 8192 credits in a
successfull session setup and in a single SMB2 request. Both tests pass
against Windows 2016 Server but currently fail against Samba.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolibcli/smb: add smb2cli_conn_get_cur_credits
Ralph Boehme [Mon, 27 Feb 2017 11:29:25 +0000 (12:29 +0100)]
libcli/smb: add smb2cli_conn_get_cur_credits

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolibcli/smb: add max_credits arg to smbXcli_negprot_send()
Ralph Boehme [Mon, 27 Feb 2017 15:14:39 +0000 (16:14 +0100)]
libcli/smb: add max_credits arg to smbXcli_negprot_send()

This allows source4/torture code to set the option for tests by
preparing a struct smbcli_options with max_credits set to some value and
pass that to a torture_smb2_connection_ext().

This will be used in subsequent smbtorture test for SMB2 creditting.

Behaviour of existing upper layers is unchanged, they simply pass the
wanted max credits value to smbXcli_negprot_send() instead of
retrofitting it with a call to smb2cli_conn_set_max_credits().

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolib: Make gencache hash size configurable, default to 10000
Volker Lendecke [Mon, 6 Feb 2017 16:10:40 +0000 (17:10 +0100)]
lib: Make gencache hash size configurable, default to 10000

For large deployments with many users, we put a lot of idmapping
entries into gencache. Increase the hash size from our default 131.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2 years agoidmap_hash: Add a deprecation message
Andreas Schneider [Tue, 21 Feb 2017 13:51:08 +0000 (14:51 +0100)]
idmap_hash: Add a deprecation message

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12582

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Mar  3 16:54:34 CET 2017 on sn-devel-144

2 years agodocs: Improve the idmap_hash manpage
Andreas Schneider [Wed, 15 Feb 2017 07:55:24 +0000 (08:55 +0100)]
docs: Improve the idmap_hash manpage

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12582

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agos4:selftest: run samba4.sam.python also against fl2008r2dc
Stefan Metzmacher [Thu, 2 Mar 2017 16:34:22 +0000 (17:34 +0100)]
s4:selftest: run samba4.sam.python also against fl2008r2dc

fl2008r2dc uses "ldap server require strong auth = no", which
is required to test the simple bind error messages.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9048

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar  3 12:57:06 CET 2017 on sn-devel-144

2 years agodsdb/tests: add test_ldap_bind_must_change_pwd()
Stefan Metzmacher [Thu, 2 Mar 2017 15:41:20 +0000 (16:41 +0100)]
dsdb/tests: add test_ldap_bind_must_change_pwd()

This tests the error messages for failing LDAP Bind responses.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9048

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:ldap_server: match windows in the error messages of failing LDAP Bind requests
Stefan Metzmacher [Fri, 24 Feb 2017 17:30:56 +0000 (18:30 +0100)]
s4:ldap_server: match windows in the error messages of failing LDAP Bind requests

This is important for some applications to detect the
NT_STATUS_PASSWORD_MUST_CHANGE condition correctly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9048

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoldb-samba: remember the error string of a failing bind in ildb_connect()
Stefan Metzmacher [Thu, 2 Mar 2017 16:19:21 +0000 (17:19 +0100)]
ldb-samba: remember the error string of a failing bind in ildb_connect()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9048

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agodsdb/tests: remove duplicate test_smartcard_required3() from sam.py
Stefan Metzmacher [Thu, 2 Mar 2017 15:00:01 +0000 (16:00 +0100)]
dsdb/tests: remove duplicate test_smartcard_required3() from sam.py

The function was 100% the same...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agotorture3: Add test for smbd crash
Volker Lendecke [Tue, 28 Feb 2017 15:17:03 +0000 (16:17 +0100)]
torture3: Add test for smbd crash

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12610

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar  3 06:20:50 CET 2017 on sn-devel-144

2 years agosmbd: Do an early exit on negprot failure
Volker Lendecke [Tue, 28 Feb 2017 15:03:45 +0000 (15:03 +0000)]
smbd: Do an early exit on negprot failure

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12610

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained.
Jeremy Allison [Thu, 2 Mar 2017 17:13:23 +0000 (09:13 -0800)]
s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained.

When the send queue grows greater than xconn->smb2.credits.max/16,
smbd_smb2_request_next_incoming() doesn't allocate a new request in state->req.

After smbd_smb2_io_handler() is called, it marks the fd not readable as
state->req == NULL, and never marks it readable again.

Fix by calling smbd_smb2_request_next_incoming() to restart
reads inside smbd_smb2_flush_send_queue() which drains the
send queue.

Reported by <chen.yehua@h3c.com>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12608

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar  3 02:23:20 CET 2017 on sn-devel-144

2 years agoselftest: remove "ea support" from vfs_fruit-related setups.
Uri Simchoni [Thu, 2 Mar 2017 11:02:25 +0000 (13:02 +0200)]
selftest: remove "ea support" from vfs_fruit-related setups.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agovfs_fruit: drop "ea support" from the manpage
Uri Simchoni [Thu, 2 Mar 2017 10:59:16 +0000 (12:59 +0200)]
vfs_fruit: drop "ea support" from the manpage

Now that ea support is not required, drop that
comment from the man page.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agotestparm: remove check for "ea support" in fruit shares
Uri Simchoni [Thu, 2 Mar 2017 10:56:25 +0000 (12:56 +0200)]
testparm: remove check for "ea support" in fruit shares

Now that ea support is not required for vfs_fruit, drop the
check that it's enabled in shares using vfs_fruit.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agosmbd: remove coupling between get_ea_names_from_file() and "ea support"
Uri Simchoni [Thu, 2 Mar 2017 06:39:56 +0000 (08:39 +0200)]
smbd: remove coupling between get_ea_names_from_file() and "ea support"

The "ea support" configuration variable determines whether smbd
should attempt to manipulate extended attributes via SMB protocol.
It does not pertain to the underlying storage and its support for
extended attributes.

get_ea_names_from_file() is being used also by vfs_streams_xattr -
a module which has nothing to do with client-visible extended
attributes. As such, vfs_streams_xattr should be able to operate
irrespective of the value of "ea support".

This patch moves the check for ea support to the callers.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agosmbd: get_ea_list_from_file_path() - remove a duplicate statement
Uri Simchoni [Thu, 2 Mar 2017 06:49:54 +0000 (08:49 +0200)]
smbd: get_ea_list_from_file_path() - remove a duplicate statement

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agosmbd: refuse_symlink() - do not fail if the file does not exist
Uri Simchoni [Thu, 2 Mar 2017 06:46:44 +0000 (08:46 +0200)]
smbd: refuse_symlink() - do not fail if the file does not exist

If the file does not exist, it is not a symlink. Current callers
use this function to see if extended attributes can be set / fetched.
Allow them to try and leave the error code at the discretion of the
VFS.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agos3:winbindd: fix endless forest trust scan
Stefan Metzmacher [Thu, 2 Mar 2017 07:13:57 +0000 (08:13 +0100)]
s3:winbindd: fix endless forest trust scan

Commit 0392ebcd1d48e9f472f2148b85316a77d9cc953b effectively
disabled the enumeration of trusts in other forests.

The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691
changed the way we fill domain->domain_flags for domains
in other forests.

Commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6 readded the
ability to enumerate trusts of other forests again, in order to
fix https://bugzilla.samba.org/show_bug.cgi?id=11830

Now we have the problem that multiple domains
(even outside of our forest) are considert to be
our forest root, as they have the following flags:
NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Mar  2 17:53:14 CET 2017 on sn-devel-144

2 years agos3:librpc: Handle gss_min in gse_get_client_auth_token() correctly
Andreas Schneider [Mon, 27 Feb 2017 16:18:15 +0000 (17:18 +0100)]
s3:librpc: Handle gss_min in gse_get_client_auth_token() correctly

This will make sure we correctly fall back to NTLMSSP.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12557

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Mar  2 12:41:40 CET 2017 on sn-devel-144

2 years agogensec:spnego: Add debug message for the failed principal
Stefan Metzmacher [Fri, 20 Jan 2017 16:15:49 +0000 (17:15 +0100)]
gensec:spnego: Add debug message for the failed principal

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12557

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agondr: Use resizing array instead of linked lists (breaking ABI)
Douglas Bagnall [Thu, 23 Feb 2017 22:58:33 +0000 (11:58 +1300)]
ndr: Use resizing array instead of linked lists (breaking ABI)

The ndr token code keeps a temporary store of tokens which are
referred to a small number of times (often once) before being
discarded. The access patterns are somewhat stack-like, with recently
placed tokens being accessed most often.

The old code kept these tokens in a linked list, which we replace with
a self-resizing array.

This keeps everything roughly the same in big-O terms, but makes it
all faster in practice by vastly reducing the amount of tallocing and
pointer-chasing.

The peak memory use is strictly reduced. On a 64 bit machine each core
token struct fits in 16 bytes (after padding) while the two pointers
used by the DLIST add another 16 bytes, so the overall list allocation
is the same as the peak 2n array allocation -- except in the list case
it is dwarfed by the talloc and malloc metadata overhead.

Before settling on the resized arrays, we tried red-black trees, which
are bound to be better for large ndr structures. As it happens, we
don't deal with large structures (the size of replication clumps is
limited to 400 objects) and the asymptotic benefits of the trees are
not realised in practice.

With luck you should find graphs comparing the performance of these
various techniques at:

https://www.samba.org/~dbagnall/perf-tests/ndr-token/

This necessarily breaks the ABI because the linked list implementation
was publicly exposed.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar  2 08:38:22 CET 2017 on sn-devel-144

2 years agondr: fix whitespace in libndr.h, ndr.c
Douglas Bagnall [Thu, 23 Feb 2017 22:59:24 +0000 (11:59 +1300)]
ndr: fix whitespace in libndr.h, ndr.c

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoselftest: add search performance tests
Douglas Bagnall [Fri, 24 Feb 2017 01:42:32 +0000 (14:42 +1300)]
selftest: add search performance tests

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoselftest: ndr_pack/unpack performance test
Douglas Bagnall [Thu, 16 Feb 2017 03:41:00 +0000 (16:41 +1300)]
selftest: ndr_pack/unpack performance test

This just does a lot of packing and unpacking of various structures.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agondr tests: silence a harmless warning
Douglas Bagnall [Sat, 25 Feb 2017 00:38:17 +0000 (13:38 +1300)]
ndr tests: silence a harmless warning

gcc 7.

"duplicate ‘const’ declaration specifier [-Wduplicate-decl-specifier]"

Signed-off-by: Douglas Bagnall <douglas@halo.gen.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agovfs_fruit: enabling AAPL extensions must be a global switch
Ralph Boehme [Tue, 28 Feb 2017 08:39:37 +0000 (09:39 +0100)]
vfs_fruit: enabling AAPL extensions must be a global switch

Apple's SMB2 AAPL extension is enabled once per SMB2
connection. Unfortunately the (per se correct) fix for bug #12541
results in vfs_fruit checking a per tcon config state variable to
determine whether AAPL has been negotiated. This variable will be false
for all but the first tcon. We must make it a global variable.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12604

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Mar  2 04:34:10 CET 2017 on sn-devel-144

2 years agovfs_fruit: only veto AppleDouble files with fruit:resource=file
Ralph Boehme [Thu, 19 Jan 2017 08:30:45 +0000 (09:30 +0100)]
vfs_fruit: only veto AppleDouble files with fruit:resource=file

vfs_fruit only creates AppleDouble files itself when "fruit:resource" is
set to "file" (the default). It is only then the these AppleDouble files
should be treated as an internal representation and should be
inaccessible from clients.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12526>

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos4/torture: vfs_fruit: add stream with illegal ntfs characters to copyile test
Ralph Boehme [Fri, 17 Feb 2017 15:35:44 +0000 (16:35 +0100)]
s4/torture: vfs_fruit: add stream with illegal ntfs characters to copyile test

This ensures a stream with illegal NTFS characters mapped to the Unicode
private range like

  :foo\xef\x80\xa2bar:$DATA

that is stored as an xattr name

  user.DosStream.foo:bar:$DATA

if "fruit:encoding = native" is set, is copied by the special fruit
copy_chunk request.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agovfs_fruit: use stat info from base_fsp
Ralph Boehme [Tue, 7 Feb 2017 14:01:53 +0000 (15:01 +0100)]
vfs_fruit: use stat info from base_fsp

This is also supposed to be valid in the VFS stack, so there's no need
to re-stat here.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos4/torture: vfs_fruit: test invalid AFPINFO_STREAM_NAME
Ralph Boehme [Sun, 11 Dec 2016 18:11:09 +0000 (19:11 +0100)]
s4/torture: vfs_fruit: test invalid AFPINFO_STREAM_NAME

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agovfs_fruit: ignore or delete invalid AFP_AfpInfo streams
Ralph Boehme [Sun, 11 Dec 2016 18:10:05 +0000 (19:10 +0100)]
vfs_fruit: ignore or delete invalid AFP_AfpInfo streams

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoselftest: add shares without vfs_fruit for the vfs_fruit tests
Ralph Boehme [Sun, 11 Dec 2016 18:06:46 +0000 (19:06 +0100)]
selftest: add shares without vfs_fruit for the vfs_fruit tests

Not used for now, but the next commit will add a test that makes use of
this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos4/torture: change shares in used torture_suite_add_2ns_smb2_test()
Ralph Boehme [Sun, 11 Dec 2016 18:02:37 +0000 (19:02 +0100)]
s4/torture: change shares in used torture_suite_add_2ns_smb2_test()

torture_suite_add_2ns_smb2_test wan't used, change it to use the default
share as share 1 and a second share taken from torture option
"torture:share2".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agodocs/vfs_fruit: document known limitations with fruit:encoding=native
Ralph Boehme [Thu, 8 Dec 2016 16:47:36 +0000 (17:47 +0100)]
docs/vfs_fruit: document known limitations with fruit:encoding=native

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos4/torture: add test for AAPL find with name with illegal NTFS characters
Ralph Boehme [Thu, 8 Dec 2016 14:45:12 +0000 (15:45 +0100)]
s4/torture: add test for AAPL find with name with illegal NTFS characters

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agolib/torture: add torture_assert_mem_equal_goto
Ralph Boehme [Thu, 8 Dec 2016 14:44:37 +0000 (15:44 +0100)]
lib/torture: add torture_assert_mem_equal_goto

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos4/torture: add a vfs_fruit renaming test with open rsrc fork
Ralph Boehme [Tue, 6 Dec 2016 09:25:46 +0000 (10:25 +0100)]
s4/torture: add a vfs_fruit renaming test with open rsrc fork

Verify IO on the resource fork works after a rename of the basefile.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos4/torture: vfs_fruit: test deleting a file with resource fork
Ralph Boehme [Mon, 5 Dec 2016 10:21:15 +0000 (11:21 +0100)]
s4/torture: vfs_fruit: test deleting a file with resource fork

All the other tests ignore the return value of smb2_util_unlink().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos4/torture: vfs_fruit: add test_null_afpinfo test
Ralph Boehme [Tue, 29 Nov 2016 15:21:08 +0000 (16:21 +0100)]
s4/torture: vfs_fruit: add test_null_afpinfo test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>