samba.git
4 years agoCVE-2015-5299: s3-shadow-copy2: fix missing access check on snapdir
Jeremy Allison [Fri, 23 Oct 2015 21:54:31 +0000 (14:54 -0700)]
CVE-2015-5299: s3-shadow-copy2: fix missing access check on snapdir

Fix originally from <partha@exablox.com>

https://bugzilla.samba.org/show_bug.cgi?id=11529

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
4 years agoCVE-2015-5252: s3: smbd: Fix symlink verification (file access outside the share).
Jeremy Allison [Thu, 9 Jul 2015 17:58:11 +0000 (10:58 -0700)]
CVE-2015-5252: s3: smbd: Fix symlink verification (file access outside the share).

Ensure matching component ends in '/' or '\0'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
4 years agoldb: bump version of the required system ldb to 1.1.24
Ralph Boehme [Tue, 8 Dec 2015 09:55:42 +0000 (10:55 +0100)]
ldb: bump version of the required system ldb to 1.1.24

This is needed to ensure we build against a system ldb library that
contains the fixes for CVE-2015-5330 and CVE-2015-3223.

autobuild must still be able to build against the older version
1.1.21 including the patches.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11325
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11636

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
4 years agoCVE-2015-5330: ldb_dn_explode: copy strings by length, not terminators
Douglas Bagnall [Wed, 25 Nov 2015 22:17:11 +0000 (11:17 +1300)]
CVE-2015-5330: ldb_dn_explode: copy strings by length, not terminators

That is, memdup(), not strdup(). The terminators might not be there.

But, we have to make sure we put the terminator on, because we tend to
assume the terminator is there in other places.

Use talloc_set_name_const() on the resulting chunk so talloc_report()
remains unchanged.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Pair-programmed-with: Ralph Boehme <slow@samba.org>

4 years agoCVE-2015-5330: next_codepoint_handle_ext: don't short-circuit UTF16 low bytes
Douglas Bagnall [Tue, 24 Nov 2015 00:54:09 +0000 (13:54 +1300)]
CVE-2015-5330: next_codepoint_handle_ext: don't short-circuit UTF16 low bytes

UTF16 contains zero bytes when it is encoding ASCII (for example), so we
can't assume the absense of the 0x80 bit means a one byte encoding. No
current callers use UTF16.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 years agoCVE-2015-5330: strupper_talloc_n_handle(): properly count characters
Douglas Bagnall [Tue, 24 Nov 2015 00:49:09 +0000 (13:49 +1300)]
CVE-2015-5330: strupper_talloc_n_handle(): properly count characters

When a codepoint eats more than one byte we really want to know,
especially if the string is not NUL terminated.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 years agoCVE-2015-5330: Fix handling of unicode near string endings
Douglas Bagnall [Tue, 24 Nov 2015 00:47:16 +0000 (13:47 +1300)]
CVE-2015-5330: Fix handling of unicode near string endings

Until now next_codepoint_ext() and next_codepoint_handle_ext() were
using strnlen(str, 5) to determine how much string they should try to
decode. This ended up looking past the end of the string when it was not
null terminated and the final character looked like a multi-byte encoding.
The fix is to let the caller say how long the string can be.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 years agoCVE-2015-5330: ldb_dn_escape_value: use known string length, not strlen()
Douglas Bagnall [Tue, 24 Nov 2015 00:09:36 +0000 (13:09 +1300)]
CVE-2015-5330: ldb_dn_escape_value: use known string length, not strlen()

ldb_dn_escape_internal() reports the number of bytes it copied, so
lets use that number, rather than using strlen() and hoping a zero got
in the right place.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 years agoCVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal()
Douglas Bagnall [Tue, 24 Nov 2015 00:07:23 +0000 (13:07 +1300)]
CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal()

Previously we relied on NUL terminated strings and jumped back and
forth between copying escaped bytes and memcpy()ing un-escaped chunks.
This simple version is easier to reason about and works with
unterminated strings. It may also be faster as it avoids reading the
string twice (first with strcspn, then with memcpy).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 years agoCVE-2015-3223: lib: ldb: Use memmem binary search, not strstr text search.
Jeremy Allison [Tue, 9 Jun 2015 21:00:01 +0000 (14:00 -0700)]
CVE-2015-3223: lib: ldb: Use memmem binary search, not strstr text search.

Values might have embedded zeros.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11325

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 years agoCVE-2015-3223: lib: ldb: Cope with canonicalise_fn returning string "", length 0.
Jeremy Allison [Tue, 9 Jun 2015 19:42:10 +0000 (12:42 -0700)]
CVE-2015-3223: lib: ldb: Cope with canonicalise_fn returning string "", length 0.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11325

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
4 years agoVERSION: Bump version up to 4.3.3...
Karolin Seeger [Mon, 30 Nov 2015 11:57:40 +0000 (12:57 +0100)]
VERSION: Bump version up to 4.3.3...

...and re-enable git snapshots.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
4 years agoVERSION: Disable git snapshot for the 4.3.2 release. samba-4.3.2
Karolin Seeger [Mon, 30 Nov 2015 11:57:02 +0000 (12:57 +0100)]
VERSION: Disable git snapshot for the 4.3.2 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
4 years agoWHATSNEW: Add release notes for Samba 4.3.2.
Karolin Seeger [Mon, 30 Nov 2015 11:56:15 +0000 (12:56 +0100)]
WHATSNEW: Add release notes for Samba 4.3.2.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
4 years agos3: smbd: have_file_open_below() fails to enumerate open files below an open director...
Jeremy Allison [Mon, 23 Nov 2015 22:00:56 +0000 (14:00 -0800)]
s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle.

There are three issues:

1). The memcmp checking that the open file path has the open
directory path as its parent compares using the wrong length
(it uses the full open file path which will never compare as
the same).

2). The files_below_forall() function doesn't fill in the
callback function or callback data when calling share_mode_forall(),
leading to a crash (which we never saw, as the previous issue (1)
meant the callback function would never be invoked).

3). When invoking the callback function from files_below_forall_fn()
we were passing in the wrong private_data pointer (needs to be
the one from the state, not the private_data passed into
files_below_forall_fn()).

Found when running the torture test smb2.rename.rename_dir_openfile
when fixing bug #11065.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11615

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Nov 24 19:36:20 CET 2015 on sn-devel-104

(cherry picked from commit 158200611271bd80d80280c88578dfd5380f8fd0)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Wed Nov 25 13:00:42 CET 2015 on sn-devel-104

4 years agoselftest: add test for force user and well-known primary group
Uri Simchoni [Tue, 17 Nov 2015 21:14:36 +0000 (23:14 +0200)]
selftest: add test for force user and well-known primary group

Add a test for connecting to a share with a "force user" whos
primary unix gid maps to a well-known alias.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11608

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 19 23:20:36 CET 2015 on sn-devel-104
(cherry picked from commit d451bbaee2e025d4135f686c0f220d6337dbf38e)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Mon Nov 23 15:46:03 CET 2015 on sn-devel-104

4 years agoauth: consistent handling of well-known alias as primary gid
Uri Simchoni [Tue, 17 Nov 2015 21:05:10 +0000 (23:05 +0200)]
auth: consistent handling of well-known alias as primary gid

When a local user has its primary group id mapped to a well-known
alias or a builtin group, smbd accepts logins of such a user, but
fails tree-connects to shares with a "force user" set to this user
with an error of NT_STATUS_INVALID_SID.

This fix causes the connect to succeed and the NT token to resemble
the token that would have been created in a login.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11608

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d8717a038ef82caf05fff611c7cf92aecc436563)

4 years agoauth: remove a line that has no effect
Uri Simchoni [Tue, 17 Nov 2015 19:43:44 +0000 (21:43 +0200)]
auth: remove a line that has no effect

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11608

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 42b7d48f76189b1e138f5cac6489a4d018598c87)

4 years agowinbind: Don't crash on invalid idmap configs
Volker Lendecke [Thu, 19 Nov 2015 16:00:49 +0000 (17:00 +0100)]
winbind: Don't crash on invalid idmap configs

We should not leave NULL in idmap_domains[]. This will lead to NULL
ptr deferences in idmap_find_domain().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11612
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Nov 19 20:16:44 CET 2015 on sn-devel-104

(cherry picked from commit 7e9aaecec552ca53c50fc0c731419af467f76a00)

4 years agofix writev(vector[...]) points to uninitialised bytes in call_trans2findfirst
Noel Power [Wed, 28 Oct 2015 15:42:06 +0000 (15:42 +0000)]
fix writev(vector[...]) points to uninitialised bytes in call_trans2findfirst

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 9b2aba1b7aa7386dfc64bcefafa83374b6525354)

The last 5 patches address
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11597
backport some valgrind fixes from upstream master to 4.2 / 4.3

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Fri Nov 20 12:18:55 CET 2015 on sn-devel-104

4 years agofix 'Invalid read of size 1' in reply_search
Noel Power [Wed, 28 Oct 2015 17:08:28 +0000 (17:08 +0000)]
fix 'Invalid read of size 1' in reply_search

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0f2f8a4f772ff22d00a9e87dafa97a431af8f6da)

4 years agofix writev(vector[...]) points to uninitialised bytes in call_trans2findnext
Noel Power [Wed, 28 Oct 2015 19:53:49 +0000 (19:53 +0000)]
fix writev(vector[...]) points to uninitialised bytes in call_trans2findnext

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 17482d52160acc869af9f7a2029d5b595d33a12d)

4 years agofix uninitialised read in process_host_announce
Noel Power [Wed, 28 Oct 2015 21:17:42 +0000 (21:17 +0000)]
fix uninitialised read in process_host_announce

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 7ade51901381507beaeac92e9b0d2f0d424123a9)

4 years agoremove many valgrind errors for base.lock test
Noel Power [Thu, 29 Oct 2015 11:11:00 +0000 (11:11 +0000)]
remove many valgrind errors for base.lock test

mostly "Conditional jump or move depends on uninitialised value" &
"Use of uninitialised value of size 8" errors, suspect this is
related to compiler padding for the struct

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov  6 00:16:53 CET 2015 on sn-devel-104

(cherry picked from commit ce8068e70b11a3ce5634c56f43a035713c5ea2ed)

4 years agonss_wins: Use lp_global_no_reinit()
Andreas Schneider [Fri, 23 Oct 2015 13:28:23 +0000 (15:28 +0200)]
nss_wins: Use lp_global_no_reinit()

This avoids that we run into use after free issues when we access memory
allocated on the globals and the global being reinitialized.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11563

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0abbfb2e4d5bcd847983ef7981840f1eab7b917c)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Tue Nov 17 14:42:19 CET 2015 on sn-devel-104

4 years agos3: winbind: Prevent null ptr access by returning error if no creds available
Noel Power [Thu, 22 Oct 2015 11:37:17 +0000 (12:37 +0100)]
s3: winbind: Prevent null ptr access by returning error if no creds available

Prevent rpccli_netlogon_network_logon/rpccli_netlogon_password_logon
being called with 'NULL' credentials

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11569

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit e8fab02773892812f563eea7098847618df76e1b)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Mon Nov 16 13:33:26 CET 2015 on sn-devel-104

4 years agos3: rpcclient: Prevent null ptr access by returning error if no creds available
Noel Power [Mon, 2 Nov 2015 09:59:12 +0000 (09:59 +0000)]
s3: rpcclient: Prevent null ptr access by returning error if no creds available

Prevent rpccli_netlogon_password_logon being called with 'NULL' credentials.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11569

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 89940f39c6d2db03b3a468942d686e762f126f9f)

4 years agos3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing...
Jeremy Allison [Wed, 4 Nov 2015 17:34:57 +0000 (09:34 -0800)]
s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them.

Otherwise a create that should have failed may succeed.

Based on an original patch from John Mulligan <phlogistonjohn@asynchrono.us>
and comments from Uri Simchoni <uri@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11589

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Nov  4 22:14:22 CET 2015 on sn-devel-104

(cherry picked from commit aa3cc0b459124c66de0aad8ff41908e1bf261222)

4 years agovfs_gpfs: Re-enable share modes
Volker Lendecke [Thu, 5 Nov 2015 12:22:33 +0000 (13:22 +0100)]
vfs_gpfs: Re-enable share modes

is_ntfs_default_stream_smb_fname returns false for a NULL stream name, so for
streamless filenames we do not set gpfs share modes without this patch.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11243
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Nov  6 03:21:01 CET 2015 on sn-devel-104

4 years agotexpect: undefined symbol rep_fprintf
Tom Schulz [Thu, 22 Oct 2015 09:12:01 +0000 (11:12 +0200)]
texpect: undefined symbol rep_fprintf

Add libreplace dependency to texpect, fixes a linking error on Solaris.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11511

Signed-off-by: Tom Schulz <schulz@adi.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 22 14:28:17 CEST 2015 on sn-devel-104

(cherry picked from commit c466ad47d53b1f3fbfc582a89f4b90a2c5dee2e9)

4 years agoChanging log level of two entries to DBG_NOTICE
Marc Muehlfeld [Tue, 3 Nov 2015 09:09:13 +0000 (10:09 +0100)]
Changing log level of two entries to DBG_NOTICE

On domain members using RFC2307, machine acccounts without an uidNumber
attribute are not retrieved via idmap_ad. This leads to many of the following
two error messages:
   Username DOMAIN\machineaccountname$ is invalid on this system
and
   Failed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE)
Machine accounts don't have an uidNumber attribute, if not set manually. To
avoid flooding the logs, setting message from debug level 1 to DBG_NOTICE.

Bugreport: https://bugzilla.samba.org/show_bug.cgi?id=9912

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov  4 00:46:15 CET 2015 on sn-devel-104

(cherry picked from commit 18879dab9affffd79a647a4de697512c03e04425)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Fri Nov  6 15:36:28 CET 2015 on sn-devel-104

4 years agolib: util: Make non-critical message a warning.
Jeremy Allison [Wed, 28 Oct 2015 00:08:50 +0000 (17:08 -0700)]
lib: util: Make non-critical message a warning.

Non-root utilities (e.g. bin/net) call this via messaging_init().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11566

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 859e3415b38538ff6c023e4a56570d94a4fe4432)

4 years agos3:smb2_server: make the logic of SMB2_CANCEL DLIST_REMOVE() clearer
Stefan Metzmacher [Mon, 2 Nov 2015 12:40:24 +0000 (13:40 +0100)]
s3:smb2_server: make the logic of SMB2_CANCEL DLIST_REMOVE() clearer

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11581

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ad85c8905184d125a2a38569f7955ccbf443ebcd)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Thu Nov  5 14:51:25 CET 2015 on sn-devel-104

4 years agos3-smbd: Fix use after issue in smbd_smb2_request_dispatch()
Andreas Schneider [Fri, 30 Oct 2015 08:01:28 +0000 (09:01 +0100)]
s3-smbd: Fix use after issue in smbd_smb2_request_dispatch()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11581

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 30 19:49:47 CET 2015 on sn-devel-104

(cherry picked from commit db9e10d071793b91b3f3d40225a8634e3c34f65e)

4 years agomanpage: corrected small typo error
YvanM [Sun, 1 Nov 2015 10:53:45 +0000 (11:53 +0100)]
manpage: corrected small typo error

Corrected mistakes, probably comming from a too fast
"copy and paste", in the smb.conf manpage.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11584

Signed-off-by: YvanM <yvan.masson@openmailbox.org>
Reviewed-by: Björn Jacke <bj@sernet.de>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Nov  2 14:43:15 CET 2015 on sn-devel-104

(cherry picked from commit d66863b1fff862aa2ae21a06116bc2a2b2f7a6ce)

4 years agos4: fix linking smbtorture on Solaris.
Tom Schulz [Mon, 5 Oct 2015 20:19:49 +0000 (22:19 +0200)]
s4: fix linking smbtorture on Solaris.

Don't test getgrouplist if we do not have it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11512

Signed-off-by: Tom Schulz <schulz@adi.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Oct  6 19:15:22 CEST 2015 on sn-devel-104

(cherry picked from commit 8de1ed6d6e660760483a17f34842979384a655f9)

4 years agoscript/release.sh: make it possible to create stable .x releases (x >= 1)
Stefan Metzmacher [Wed, 21 Oct 2015 08:02:33 +0000 (10:02 +0200)]
script/release.sh: make it possible to create stable .x releases (x >= 1)

This version was used to create samba-4.3.1.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 21 14:27:53 CEST 2015 on sn-devel-104

(cherry picked from commit f99d0b917419756b11f0ebfecbe84b3ebab7fa0a)

Autobuild-User(v4-3-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-3-test): Wed Nov  4 17:14:41 CET 2015 on sn-devel-104

4 years agoscript/release.sh: make it possible to create stable .0 releases
Stefan Metzmacher [Tue, 8 Sep 2015 13:47:26 +0000 (15:47 +0200)]
script/release.sh: make it possible to create stable .0 releases

This version was used to create samba-4.3.0.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit 19a0a7f33ca71a39859706d726eaf70882362c93)

4 years agoctdb: open the RO tracking db with perms 0600 instead of 0000
Michael Adam [Tue, 27 Oct 2015 09:20:31 +0000 (10:20 +0100)]
ctdb: open the RO tracking db with perms 0600 instead of 0000

While 0000 is possible from the UNIX/POSIX point of view,
these permissions create problems in an environment with
selinux enabled, which is more strict.

This aligns the perms of the read only tracking db with other
internal dbs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11577

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Oct 28 06:13:09 CET 2015 on sn-devel-104

(cherry picked from commit 0a90ed51245d4a7acb23d22e47ee3fd5b83819b0)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Thu Oct 29 12:40:31 CET 2015 on sn-devel-104

4 years agoselftest: Avoid system krb5.conf in "none" test env
Uri Simchoni [Mon, 26 Oct 2015 05:38:08 +0000 (07:38 +0200)]
selftest: Avoid system krb5.conf in "none" test env

Some torture tests do not perform Kerberos activity and do not
run against a server (hence the "none" test env), but do create
a krb5 context, and that causes the Kerberos libs to read
krb5.conf and choke if they don't understand it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11576

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit f9d6be3b749313a03e9097d848ce078f19197a0a)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Wed Oct 28 14:01:49 CET 2015 on sn-devel-104

4 years agoselftest: Avoid system krb5.conf in some test envs that don't use kerberos
Uri Simchoni [Sun, 25 Oct 2015 13:02:17 +0000 (15:02 +0200)]
selftest: Avoid system krb5.conf in some test envs that don't use kerberos

Some test envs don't use kerberos (e.g. nt4_dc). However, the client
tools are built with Kerberos support and may get upset if hitting
a krb5.conf file they don't understand.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11576

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8d3106b1a4d9da5bf8b127fa70a77076d3dfeca8)

4 years agoselftest: Avoid system krb5.conf in testenv provisioning
Uri Simchoni [Fri, 23 Oct 2015 21:41:23 +0000 (00:41 +0300)]
selftest: Avoid system krb5.conf in testenv provisioning

Some provisioning commands don't necessarily need a krb5.conf,
but they still must cause samba's Kerberos libraries to avoid
looking at the system krb5.conf, as this file may not be understood
by samba's Kerberos libs and fail the env provisioning.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11576

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 63c891938a2d3e1c222898d6dea5c640822b0191)

4 years agoauth: gensec: Parameters out_mem_ctx and ev are passed in the wrong order to gensec_s...
Jeremy Allison [Wed, 21 Oct 2015 18:13:46 +0000 (11:13 -0700)]
auth: gensec: Parameters out_mem_ctx and ev are passed in the wrong order to gensec_spnego_server_try_fallback().

Fix suggested by <lev@zadarastorage.com>. Fixes a memory leak.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11565

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Oct 22 11:27:19 CEST 2015 on sn-devel-104

(cherry picked from commit d4059e1a53ea8940b1b147d797efa1b39a5cabd1)

4 years agoasync_req: fix non-blocking connect()
Ralph Boehme [Sun, 18 Oct 2015 20:21:10 +0000 (22:21 +0200)]
async_req: fix non-blocking connect()

According to Stevens UNIX Network Programming and various other sources,
the correct handling for non-blocking connect() is:

- when the initial connect() return -1/EINPROGRESS polling the socket
  for *writeability*

- in the poll handler call getsocktopt() with SO_ERROR to get the
  finished connect() return value

Simply calling connect() a second time without error checking is
probably wrong and not portable. For a successfull connect() Linux
returns 0, but Solaris will return EISCONN:

24254:   0.0336  0.0002 connect(4, 0xFEFFECAC, 16, SOV_DEFAULT) Err#150 EINPROGRESS
24254:          AF_INET  name = 10.10.10.143  port = 1024
24254:   0.0349  0.0001 port_associate(3, 4, 0x00000004, 0x0000001D,0x080648A8) = 0
24254:   0.0495  0.0146 port_getn(3, 0xFEFFEB50, 1, 1, 0xFEFFEB60) = 1 [0]
24254:   0.0497  0.0002 connect(4, 0x080646E4, 16, SOV_DEFAULT) Err#133 EISCONN
24254:          AF_INET  name = 10.10.10.143  port = 1024

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11564

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 05d4dbda8357712cb81008e0d611fdb0e7239587)

4 years agoselftest: add a test for async_connect_send()
Ralph Boehme [Sun, 18 Oct 2015 20:23:20 +0000 (22:23 +0200)]
selftest: add a test for async_connect_send()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11564

Also includes:

selftest: Fix memset parameters in test for async_connect_send()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit aa96c75346a9bad60471a206d65c7b7049b9ca83)
(cherry picked from commit 7cf45539da9cba25130457941814da12d0a828c3)

4 years agos3-torture: Remove (incorrect) samba3-specific behavior in samba3.raw.unlink now...
Jeremy Allison [Tue, 20 Oct 2015 19:31:03 +0000 (12:31 -0700)]
s3-torture: Remove (incorrect) samba3-specific behavior in samba3.raw.unlink now the server is correct

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11452

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit e4054f211872168ac4cf022e2d961e8979610920)

4 years agos3-torture: Add WILDDELETE test to smbtorture3 to test old wildcard delete with zero...
Jeremy Allison [Mon, 19 Oct 2015 23:06:01 +0000 (16:06 -0700)]
s3-torture: Add WILDDELETE test to smbtorture3 to test old wildcard delete with zero attribute

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11452

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 618d3dd5990e7477d45220cf7183c5cdaa548f1a)

4 years agos3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero
Jeremy Allison [Mon, 19 Oct 2015 23:04:02 +0000 (16:04 -0700)]
s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero

In the wildcard delete path we forgot to map 0 -> FILE_ATTRIBUTE_NORMAL
as we do in the non-wildcard delete path.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11452

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 1d51119f8acaa586e9ec09d14f10b43ed0053df5)

4 years agosmbd: Send SMB2 oplock breaks unencrypted
Volker Lendecke [Tue, 6 Oct 2015 14:10:43 +0000 (16:10 +0200)]
smbd: Send SMB2 oplock breaks unencrypted

This is not what Windows server does, but it seems that Windows
clients expect.  Windows->Windows never runs into this issue, because
an encryption-enabled SMB3 connection will always use leases, and lease
breaks *are* unencrypted...

You can reproduce the issue Windows->Windows by disabling leases on the
Windows server. Disable leases using the registry key:

HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\DisableLeasing

Dochelp confirmed that this is a valid workaround for Windows clients
dropping encrypted oplock breaks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11570

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 24 05:01:32 CEST 2015 on sn-devel-104

(cherry picked from commit 0a924d13cf4bb570cce3955cf0de9d8678b37dbe)

4 years agos4:lib/messaging: use correct path for names.tdb
Ralph Boehme [Wed, 14 Oct 2015 10:40:03 +0000 (12:40 +0200)]
s4:lib/messaging: use correct path for names.tdb

source3 messaging_init() calls server_id_db_init() (where names.tdb is
created) with lock_path. source4 imessaging_init() otoh wrongly used the
special lock_path subdirectory "msg.lock":

> find /opt/samba/ -name names.tdb
/opt/samba/var/lock/msg.lock/names.tdb
/opt/samba/var/lock/names.tdb

> tdbdump /opt/samba/var/lock/names.tdb
{
key(14) = "notify-daemon\00"
data(27) = "28609/12756565486113779780\00"
}

> tdbdump /opt/samba/var/lock/msg.lock/names.tdb
{
key(15) = "winbind_server\00"
data(8) = "28593/0\00"
}

With this patch both source3 and source4 messaging now use the same
names.tdb which is what we want:

> find /opt/samba/ -name names.tdb
/opt/samba/var/lock/names.tdb

> tdbdump /opt/samba/var/lock/names.tdb
{
key(15) = "winbind_server\00"
data(8) = "26434/0\00"
}
{
key(14) = "notify-daemon\00"
data(26) = "26452/3454520012124001687\00"
}

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11562

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 79ec9cbff9b8b84ac80c6d2a8220b37561415271)

4 years agodcerpc.idl: accept invalid dcerpc_bind_nak pdus
Stefan Metzmacher [Wed, 21 Oct 2015 10:01:26 +0000 (12:01 +0200)]
dcerpc.idl: accept invalid dcerpc_bind_nak pdus

Older Samba versions (<= 4.1) had a bug in the dcerpc_bind_nak
idl, see commit f73ef3028c4f4583c81b611a9714608eae79360c.

Note: ndr_pull_dcerpc_bind_nak() was generated by pidl and
has been extended by the (_available == 0) check.
That's why we ignore the 80 char per line limit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11327

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 21 20:34:28 CEST 2015 on sn-devel-104

(cherry picked from commit 38d547bc0d39b56a7491a5f220905f1756c1530a)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Mon Oct 26 14:19:06 CET 2015 on sn-devel-104

4 years agoVERSION: Bump version up to 4.3.2...
Karolin Seeger [Tue, 20 Oct 2015 10:20:51 +0000 (12:20 +0200)]
VERSION: Bump version up to 4.3.2...

...and re-enable git snapshots.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
4 years agoVERSION: Disable git snapshot for the 4.3.1 release. samba-4.3.1
Karolin Seeger [Tue, 20 Oct 2015 10:19:37 +0000 (12:19 +0200)]
VERSION: Disable git snapshot for the 4.3.1 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
4 years agoWHATSNEW: Add release notes for Samba 4.3.1.
Karolin Seeger [Tue, 20 Oct 2015 10:17:56 +0000 (12:17 +0200)]
WHATSNEW: Add release notes for Samba 4.3.1.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
4 years agos3:smbstatus: add stream name to share_entry_forall()
Ralph Boehme [Sun, 11 Oct 2015 07:38:18 +0000 (09:38 +0200)]
s3:smbstatus: add stream name to share_entry_forall()

Add stream name argument to share_entry_forall machinery so smbstatus
can print the stream name of a file.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11550

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit cd0c2a5eca43cea76491ae0d820414287c234c1a)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Tue Oct 20 11:51:16 CEST 2015 on sn-devel-104

4 years agos3: lsa: lookup_name() logic for unqualified (no DOMAIN\ component) names is incorrect.
Jeremy Allison [Thu, 15 Oct 2015 16:20:58 +0000 (09:20 -0700)]
s3: lsa: lookup_name() logic for unqualified (no DOMAIN\ component) names is incorrect.

Change so we only use unqualified name lookup logic if
domain component = "" and LOOKUP_NAME_ISOLATED flag is
passed in.

Remember to search for "NT Authority" *before* going
into unqualified name lookup logic.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 2f6dc260ada6cd178a650ca003c2ad22e12697c1)

4 years agos3:lib: validate domain name in lookup_wellknown_name()
Ralph Boehme [Thu, 15 Oct 2015 10:35:26 +0000 (12:35 +0200)]
s3:lib: validate domain name in lookup_wellknown_name()

If domain argument is not an empty string, only search the matching
wellknown domain name.

As the only wellknown domain with a name is "NT Authority", passing ""
to lookup_wellknown_name() will search all domains inlcuding "NT
Authority".

Passing "NT Authority" otoh will obviously only search that domain.

This change makes lookup_wellknown_name() behave like this:

in domain         | in name       | ok | out sid | out domain
========================================================
                    Dialup          +    S-1-5-1   NT Authority
NT Authority        Dialup          +    S-1-5-1   NT Authority
Creator Authority   Dialup          -    -         -
                    Creator Owner   +    S-1-3-0   ""
Creator Authority   Creator Owner   -    -         -
NT Authority        Creator Owner   -    -         -

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 23f674488a1f62fcc58bb94bed0abed98078b96d)

4 years agos3:locking: initialize lease pointer in share_mode_traverse_fn()
Ralph Boehme [Mon, 12 Oct 2015 10:28:04 +0000 (12:28 +0200)]
s3:locking: initialize lease pointer in share_mode_traverse_fn()

Initialize lease pointer to point to the share_mode_data leases array
entry at index lease_idx.

This fixes a bug in smbstatus where the lease info is not printed.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 13 01:14:09 CEST 2015 on sn-devel-104

(cherry picked from commit 0ef9c67b56a0b493ed06f9a64ac2bc2233041aee)

4 years agos4: torture: Add SMB2 access-based enumeration test. Passes against Win2k12R2.
Jeremy Allison [Tue, 13 Oct 2015 22:33:47 +0000 (15:33 -0700)]
s4: torture: Add SMB2 access-based enumeration test. Passes against Win2k12R2.

https://bugzilla.samba.org/show_bug.cgi?id=10252

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Oct 14 19:00:03 CEST 2015 on sn-devel-104

(cherry picked from commit 808f29cb2f9de47dcf78b380cc8767e9546e1954)

4 years agolib: cli: Add accessor function smb2cli_tcon_flags() to get tcon flags.
Jeremy Allison [Fri, 9 Oct 2015 22:08:05 +0000 (15:08 -0700)]
lib: cli: Add accessor function smb2cli_tcon_flags() to get tcon flags.

We need this to see if a share supports access-based enumeration.

https://bugzilla.samba.org/show_bug.cgi?id=10252

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit b1bd84e9c9867092055f29fe39279e1c767f570a)

4 years agos3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows.
Jeremy Allison [Tue, 13 Oct 2015 23:49:41 +0000 (16:49 -0700)]
s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows.

Torture test to follow.

https://bugzilla.samba.org/show_bug.cgi?id=10252

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit cc05f73872c36cd307da3d6fed200beb16d5c2a8)

4 years agosmbd: Fix file name buflen and padding in notify repsonse
Jeremy Allison [Fri, 16 Oct 2015 22:13:47 +0000 (15:13 -0700)]
smbd: Fix file name buflen and padding in notify repsonse

The array is uint16, doubling the file name length consumes twice the space
required.

As we're hand assembling this as a series of concatinated individual data_blobs,
we must take care to ensure the correct 4 byte alignment that was
being masked by the previous doubling of the filename length.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10634

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Oct 18 01:56:41 CEST 2015 on sn-devel-104

(cherry picked from commit 7c483690ac6ed007798aeeb7b8549c9d55877e56)

4 years agovfs_fruit: return value of ad_pack in vfs_fruit.c
Ralph Boehme [Sun, 27 Sep 2015 10:11:31 +0000 (12:11 +0200)]
vfs_fruit: return value of ad_pack in vfs_fruit.c

ad_pack() in vfs_fruit.c returns false on failure and 0 on success -
i.e. return value is interpreted as success even when it fails.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11543

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Oct  6 16:14:42 CEST 2015 on sn-devel-104

(cherry picked from commit 5d7eaf959a0f11be878f698305fcb8908d7ba047)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Tue Oct 13 12:29:33 CEST 2015 on sn-devel-104

4 years agolib: We can do ACCRIGHTS style fdpassing
Volker Lendecke [Sat, 26 Sep 2015 22:36:23 +0000 (00:36 +0200)]
lib: We can do ACCRIGHTS style fdpassing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11053

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Oct  1 05:55:42 CEST 2015 on sn-devel-104

(cherry picked from commit 00954a975b45cdb0dcf08c25850d2be26efabe48)

4 years agolib: Support fd passing using the 4.3BSD way
Volker Lendecke [Sat, 26 Sep 2015 22:54:42 +0000 (00:54 +0200)]
lib: Support fd passing using the 4.3BSD way

This is required on Solaris

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11053

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 0499cee90307d9644271869c86fac2b5401df0e0)

4 years agolib: Move some routines around in msghdr.c
Volker Lendecke [Sat, 26 Sep 2015 22:46:33 +0000 (00:46 +0200)]
lib: Move some routines around in msghdr.c

This way we only need one #ifdef for ACCRIGHTS

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11053

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit f4e06a9bce42d60f6c96a21307266a99d2785ae9)

4 years agolib: We only need the fd-passing check once
Volker Lendecke [Sat, 26 Sep 2015 22:35:45 +0000 (00:35 +0200)]
lib: We only need the fd-passing check once

unix_dgram_send will tell us as well

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11053

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 2c675aad40e3e0bb412f9fb8558de349ad62860a)

4 years agovfs_commit: set the fd on open before calling SMB_VFS_FSTAT
Uri Simchoni [Wed, 7 Oct 2015 19:44:11 +0000 (22:44 +0300)]
vfs_commit: set the fd on open before calling SMB_VFS_FSTAT

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11547

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct  8 02:56:41 CEST 2015 on sn-devel-104

(cherry picked from commit 5709dece4860f205e31309e31ec4e3e938d9f6a5)

4 years agos3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket
Stefan Metzmacher [Mon, 5 Oct 2015 13:57:42 +0000 (15:57 +0200)]
s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 70dbba96e311449575f571db68710584fc991234)

4 years agos4: tests: Fix nss_tests build on Solaris.
Tom Schulz [Wed, 16 Sep 2015 23:55:23 +0000 (16:55 -0700)]
s4: tests: Fix nss_tests build on Solaris.

Too many arguments for Solaris getpwent_r() and getgrent_r().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11508

Signed-off-by: Tom Schulz <schulz@adi.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <rb@sernet.de>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 17 05:01:07 CEST 2015 on sn-devel-104

(cherry picked from commit 5866fcc1645366a56e68fc3d8065618131364337)

4 years agokerberos: make sure we only use prompter type when available.
Günther Deschner [Fri, 2 Oct 2015 02:23:59 +0000 (04:23 +0200)]
kerberos: make sure we only use prompter type when available.

We also verified that we cannot simply remove the prompter as several older
versions of Heimdal would crash.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11038

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Oct  2 07:29:43 CEST 2015 on sn-devel-104

(cherry picked from commit 6755376cedaf0c88230b47e04c584c7d9fce13e3)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Mon Oct  5 12:44:42 CEST 2015 on sn-devel-104

4 years agowinbind: Fix 100% loop
Volker Lendecke [Fri, 28 Aug 2015 10:33:13 +0000 (12:33 +0200)]
winbind: Fix 100% loop

Thanks to "L.P.H. van Belle" <belle@bazuin.nl>
for help in reproducing the issue.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11038

From the bug report:

"With e551cdb37d3e re-applied the problem is gone with
and without kerberos. Moreover, if correctly configured,
sshd requests you to change your password at logon time,
which then succeeds.

The problem why I had this reverted was because I had not
gone through the pain to correctly configure all the PAM
services (in particular the "account" section), leading
to sshd letting the user in when the password had to be
changed."

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e551cdb37d3e8cfb155bc33f9b162761c8d60889)

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct  2 00:16:29 CEST 2015 on sn-devel-104

(cherry picked from commit e524ab9f7ee9f4aff50dd5bc42312f9000bf1c6e)

4 years agos3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bug #11522).
Jeremy Allison [Thu, 1 Oct 2015 00:12:11 +0000 (17:12 -0700)]
s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bug #11522).

Ensure dirpath can never be NULL.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11535

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct  1 08:58:36 CEST 2015 on sn-devel-104

(cherry picked from commit f9ceaf443991e0bb5db23eeced2841436f47359e)

4 years agos3: smbd: fix a crash in unix_convert()
Ralph Boehme [Fri, 25 Sep 2015 19:06:57 +0000 (21:06 +0200)]
s3: smbd: fix a crash in unix_convert()

Some error code paths may result in dirpath being NULL.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11535

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit bec685fb13e7cbe3bb98e5647183720d31f1c522)

4 years agonet: fix a crash with net ads keytab create
Uri Simchoni [Wed, 23 Sep 2015 11:45:47 +0000 (14:45 +0300)]
net: fix a crash with net ads keytab create

Fix a crash that happens when executing "net ads keytab create"
and the machine account in AD does not have setvice principal names
attached to it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11528

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit e224e622971853bddbe24df717ea5dcddef71b89)

4 years agos3: tests: smbclient test to ensure we can create and see a :foobar stream on the...
Jeremy Allison [Wed, 16 Sep 2015 23:12:15 +0000 (16:12 -0700)]
s3: tests: smbclient test to ensure we can create and see a :foobar stream on the top level directory in a share.

Regression test for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11522

Remember to remove the ARCHIVE attribute from the toplevel
share when done (can only be done over SMB2+).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Sep 18 11:00:44 CEST 2015 on sn-devel-104

(cherry picked from commit 6ce3643e45bac6660ae69123738c4b39d7bc1864)

4 years agos3: smbd: Fix opening/creating :stream files on the root share directory.
Jeremy Allison [Wed, 16 Sep 2015 19:03:34 +0000 (12:03 -0700)]
s3: smbd: Fix opening/creating :stream files on the root share directory.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11522

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 74fd4f93efe92516fc507edf71a588660782879e)

4 years agos3: smbd: Remove unused parameter from build_stream_path().
Jeremy Allison [Wed, 16 Sep 2015 19:42:46 +0000 (12:42 -0700)]
s3: smbd: Remove unused parameter from build_stream_path().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 94e7e707783036b57babc73d320d2a3d8c0648d6)

4 years agos3: smbclient: Move cmd_setmode out of clitar.c and back into client.c
Jeremy Allison [Thu, 17 Sep 2015 22:54:40 +0000 (15:54 -0700)]
s3: smbclient: Move cmd_setmode out of clitar.c and back into client.c

setmode <file> attribute is a valid smbclient command even if libarchive
isn't on the system and tarmode isn't compiled in.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit a47012d5429044c9a3616718bac21360f281aa81)

4 years agopam_winbind: Fix a segfault if initialization fails
Andreas Schneider [Tue, 8 Sep 2015 14:48:08 +0000 (16:48 +0200)]
pam_winbind: Fix a segfault if initialization fails

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11502

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Sep  8 21:39:21 CEST 2015 on sn-devel-104

(cherry picked from commit 7d84cd6e40024fd361ea21635f7befed40f0e41f)

4 years agos4: torture: Test mkdir race condition.
Jeremy Allison [Wed, 23 Sep 2015 01:01:22 +0000 (18:01 -0700)]
s4: torture: Test mkdir race condition.

Found by Max of LoadDynamix <adx.forum@gmail.com>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11486

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Sep 24 06:13:22 CEST 2015 on sn-devel-104

(cherry picked from commit 969d043596c0a382325d54d16dbd5e049f884fa9)

4 years agos3: smbd: Fix mkdir race condition.
Jeremy Allison [Wed, 23 Sep 2015 01:02:53 +0000 (18:02 -0700)]
s3: smbd: Fix mkdir race condition.

Found by Max of LoadDynamix <adx.forum@gmail.com>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11486

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit b1c823dc8c2824ec89921601d8e5e95f6d18fca8)

4 years agolib/param: fix hiding of FLAG_SYNONYM values
Stefan Metzmacher [Fri, 18 Sep 2015 16:54:31 +0000 (18:54 +0200)]
lib/param: fix hiding of FLAG_SYNONYM values

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11526

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 25dcdc92709a46d87125bc454faae7cad43d6b71)

4 years agos4:lib/messaging: use 'msg.lock' and 'msg.sock' for messaging related subdirs
Stefan Metzmacher [Wed, 16 Sep 2015 10:44:43 +0000 (12:44 +0200)]
s4:lib/messaging: use 'msg.lock' and 'msg.sock' for messaging related subdirs

In Samba 4.2, we used lock_path("msg") (with 0700) for the socket directory,
while we use lock_path("msg") (with 0755) for the lock file directory.

This generates a conflict that prevents samba, smbd, nmbd and winbindd
from starting after an upgrade.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11515

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Sep 17 09:04:59 CEST 2015 on sn-devel-104

(cherry picked from commit 1d2a1a685ebdf479c511e01764e5148dbcbb37c9)

4 years agos3:lib/messages: use 'msg.lock' and 'msg.sock' for messaging related subdirs
Stefan Metzmacher [Wed, 16 Sep 2015 10:44:43 +0000 (12:44 +0200)]
s3:lib/messages: use 'msg.lock' and 'msg.sock' for messaging related subdirs

In Samba 4.2, we used lock_path("msg") (with 0700) for the socket directory,
while we use lock_path("msg") (with 0755) for the lock file directory.

This generates a conflict that prevents samba, smbd, nmbd and winbindd
from starting after an upgrade.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11515

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 1aabd9298d59d4f57d321ecaee59e99d966089ff)

4 years agos3:lib/messages: add missing allocation check for priv_path
Stefan Metzmacher [Wed, 16 Sep 2015 10:42:48 +0000 (12:42 +0200)]
s3:lib/messages: add missing allocation check for priv_path

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11515

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit b0fa8316beefc7808b059f514448d41224d1c1fb)

4 years agos3: dfs: Fix a crash when the dfs targets are disabled.
Har Gagan Sahai [Thu, 10 Sep 2015 10:34:27 +0000 (16:04 +0530)]
s3: dfs: Fix a crash when the dfs targets are disabled.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11509

Signed-off-by: Har Gagan Sahai <SHarGagan@novell.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@wakeful.net>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 11 06:39:19 CEST 2015 on sn-devel-104

4 years agonss_winbind: fix hang on Solaris on big groups
Björn Jacke [Thu, 10 Sep 2015 12:35:32 +0000 (14:35 +0200)]
nss_winbind: fix hang on Solaris on big groups

The problem with large groups on Solaris in the the NSS winbind module is
Solaris wants the return value to be NSS_UNAVAIL if the buffer given is too
small for getgrnam_r.  The current code return NSS_TRYAGAIN which causes
Solaris/Illumos to loop without trying to resize the buffer.

Thanks to  Nathan Huff <nhuff@acm.org> for finding this out.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10365

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Ralph Böhme <rb@sernet.de>
(cherry picked from commit d3e51b9cfe3d56530253571e020af72da1877044)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Wed Sep 16 12:43:30 CEST 2015 on sn-devel-104

4 years agobuild: use as-needed linker flag also on OpenBSD
Björn Jacke [Thu, 10 Sep 2015 19:31:03 +0000 (21:31 +0200)]
build: use as-needed linker flag also on OpenBSD

OpenBSD is unusable with binaries with many superfluous libs linked in.
samba-tool start times of 250 seconds without as-needed vs. 1.4 seconds with
as-needed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11355

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Ralph Böhme <rb@sernet.de>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Sep 11 03:37:17 CEST 2015 on sn-devel-104

(cherry picked from commit b0f41c07ffe8600433c20a038b1612c04ed29e89)

4 years agoVERSION: Bump version up to 4.3.1...
Stefan Metzmacher [Tue, 8 Sep 2015 06:02:18 +0000 (08:02 +0200)]
VERSION: Bump version up to 4.3.1...

...and re-enable git snapshots.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>
4 years agoVERSION: Release Samba 4.3.0 samba-4.3.0
Stefan Metzmacher [Tue, 8 Sep 2015 06:01:16 +0000 (08:01 +0200)]
VERSION: Release Samba 4.3.0

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>
4 years agoWHATSNEW: Add release notes for Samba 4.3.0.
Stefan Metzmacher [Tue, 8 Sep 2015 05:58:14 +0000 (07:58 +0200)]
WHATSNEW: Add release notes for Samba 4.3.0.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>
4 years agos4:torture:vfs_fruit: created empty resourceforks
Ralph Boehme [Fri, 7 Aug 2015 13:48:33 +0000 (15:48 +0200)]
s4:torture:vfs_fruit: created empty resourceforks

Check for opens and creates, created empty resourceforks result in
ENOENT in subsequent opens.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep  2 06:50:16 CEST 2015 on sn-devel-104

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Fri Sep  4 15:45:15 CEST 2015 on sn-devel-104

4 years agos4:torture:vfs_fruit: add a resource fork truncation test
Ralph Boehme [Thu, 6 Aug 2015 09:32:29 +0000 (11:32 +0200)]
s4:torture:vfs_fruit: add a resource fork truncation test

Truncating a resource fork to 0 bytes should make it inaccessible for
subsequent creates and return NT_STATUS_OBJECT_NAME_NOT_FOUND.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agovfs_fruit: delete ._ file when deleting the basefile
Ralph Boehme [Tue, 25 Aug 2015 15:06:52 +0000 (17:06 +0200)]
vfs_fruit: delete ._ file when deleting the basefile

0 byte resource fork streams are not listed by vfs_streaminfo, as a
result stream cleanup/deletion of file deletion doesn't remove the
resourcefork stream.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agovfs_fruit: split and simplify fruit_ftruncate
Ralph Boehme [Wed, 12 Aug 2015 05:34:53 +0000 (07:34 +0200)]
vfs_fruit: split and simplify fruit_ftruncate

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agovfs_fruit: handling of empty resource fork
Ralph Boehme [Sat, 8 Aug 2015 18:21:39 +0000 (20:21 +0200)]
vfs_fruit: handling of empty resource fork

Opening the resource fork stream with O_CREAT mustn't create a visible
node in the filesystem, only create a file handle. As long as the
creator didn't write into the stream, other openers withour O_CREAT
MUST get an ENOENT error. This is way OS X SMB server implements it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
4 years agosamr4: Use <SID=%s> in GetGroupsForUser
Volker Lendecke [Tue, 1 Sep 2015 06:41:04 +0000 (08:41 +0200)]
samr4: Use <SID=%s> in GetGroupsForUser

This way we avoid quoting problems in user's DNs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep  1 23:49:14 CEST 2015 on sn-devel-104

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11488
(cherry picked from commit 841845dea35089a187fd1626c9752d708989ac7b)

Autobuild-User(v4-3-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-3-test): Thu Sep  3 12:14:12 CEST 2015 on sn-devel-104

4 years agopython/tests: Add more assertions that we get back the value we expect
Andrew Bartlett [Tue, 1 Sep 2015 03:00:30 +0000 (15:00 +1200)]
python/tests: Add more assertions that we get back the value we expect

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep  1 17:00:53 CEST 2015 on sn-devel-104

(cherry picked from commit 5aefea842528d053b86b50ff2ed9047db1ca4594)

4 years agopython/tests: Add tests for 64 bit signed integers
Andrew Bartlett [Tue, 1 Sep 2015 02:58:20 +0000 (14:58 +1200)]
python/tests: Add tests for 64 bit signed integers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 1f50e194517b84ccc8d0208d563e83dabfb2327a)