git.samba.org - samba.git/log

smbd: refuse_symlink() - do not fail if the file does not exist

If the file does not exist, it is not a symlink. Current callers
use this function to see if extended attributes can be set / fetched.
Allow them to try and leave the error code at the discretion of the
VFS.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3:winbindd: fix endless forest trust scan

Commit 0392ebcd1d48e9f472f2148b85316a77d9cc953b effectively
disabled the enumeration of trusts in other forests.

The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691
changed the way we fill domain->domain_flags for domains
in other forests.

Commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6 readded the
ability to enumerate trusts of other forests again, in order to
fix https://bugzilla.samba.org/show_bug.cgi?id=11830

Now we have the problem that multiple domains
(even outside of our forest) are considert to be
our forest root, as they have the following flags:
NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Mar 2 17:53:14 CET 2017 on sn-devel-144

s3:librpc: Handle gss_min in gse_get_client_auth_token() correctly

This will make sure we correctly fall back to NTLMSSP.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12557

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Mar 2 12:41:40 CET 2017 on sn-devel-144

gensec:spnego: Add debug message for the failed principal

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12557

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

ndr: Use resizing array instead of linked lists (breaking ABI)

The ndr token code keeps a temporary store of tokens which are
referred to a small number of times (often once) before being
discarded. The access patterns are somewhat stack-like, with recently
placed tokens being accessed most often.

The old code kept these tokens in a linked list, which we replace with
a self-resizing array.

This keeps everything roughly the same in big-O terms, but makes it
all faster in practice by vastly reducing the amount of tallocing and
pointer-chasing.

The peak memory use is strictly reduced. On a 64 bit machine each core
token struct fits in 16 bytes (after padding) while the two pointers
used by the DLIST add another 16 bytes, so the overall list allocation
is the same as the peak 2n array allocation -- except in the list case
it is dwarfed by the talloc and malloc metadata overhead.

Before settling on the resized arrays, we tried red-black trees, which
are bound to be better for large ndr structures. As it happens, we
don't deal with large structures (the size of replication clumps is
limited to 400 objects) and the asymptotic benefits of the trees are
not realised in practice.

With luck you should find graphs comparing the performance of these
various techniques at:

https://www.samba.org/~dbagnall/perf-tests/ndr-token/

This necessarily breaks the ABI because the linked list implementation
was publicly exposed.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 2 08:38:22 CET 2017 on sn-devel-144

ndr: fix whitespace in libndr.h, ndr.c

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: add search performance tests

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: ndr_pack/unpack performance test

This just does a lot of packing and unpacking of various structures.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ndr tests: silence a harmless warning

gcc 7.

"duplicate ‘const’ declaration specifier [-Wduplicate-decl-specifier]"

Signed-off-by: Douglas Bagnall <douglas@halo.gen.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

vfs_fruit: enabling AAPL extensions must be a global switch

Apple's SMB2 AAPL extension is enabled once per SMB2
connection. Unfortunately the (per se correct) fix for bug #12541
results in vfs_fruit checking a per tcon config state variable to
determine whether AAPL has been negotiated. This variable will be false
for all but the first tcon. We must make it a global variable.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12604

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Mar 2 04:34:10 CET 2017 on sn-devel-144

vfs_fruit: only veto AppleDouble files with fruit:resource=file

vfs_fruit only creates AppleDouble files itself when "fruit:resource" is
set to "file" (the default). It is only then the these AppleDouble files
should be treated as an internal representation and should be
inaccessible from clients.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12526>

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s4/torture: vfs_fruit: add stream with illegal ntfs characters to copyile test

This ensures a stream with illegal NTFS characters mapped to the Unicode
private range like

:foo\xef\x80\xa2bar:$DATA

that is stored as an xattr name

user.DosStream.foo:bar:$DATA

if "fruit:encoding = native" is set, is copied by the special fruit
copy_chunk request.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: use stat info from base_fsp

This is also supposed to be valid in the VFS stack, so there's no need
to re-stat here.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s4/torture: vfs_fruit: test invalid AFPINFO_STREAM_NAME

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: ignore or delete invalid AFP_AfpInfo streams

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

selftest: add shares without vfs_fruit for the vfs_fruit tests

Not used for now, but the next commit will add a test that makes use of
this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s4/torture: change shares in used torture_suite_add_2ns_smb2_test()

torture_suite_add_2ns_smb2_test wan't used, change it to use the default
share as share 1 and a second share taken from torture option
"torture:share2".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

docs/vfs_fruit: document known limitations with fruit:encoding=native

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s4/torture: add test for AAPL find with name with illegal NTFS characters

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

lib/torture: add torture_assert_mem_equal_goto

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s4/torture: add a vfs_fruit renaming test with open rsrc fork

Verify IO on the resource fork works after a rename of the basefile.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s4/torture: vfs_fruit: test deleting a file with resource fork

All the other tests ignore the return value of smb2_util_unlink().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s4/torture: vfs_fruit: add test_null_afpinfo test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

selftest: add description to vfs_fruit testsuites

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

selftest: also run vfs_fruit tests with streams_depot

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

selftest: run vfs_fruit tests against share with fruit:metadata=stream

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

selftest: move vfs_fruit tests that require "fruit:metadata=netatalk" to vfs.fruit_netatalk

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

selftest: reenable vfs_fruit tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: refactor fruit_ftruncate and use new adouble API

Use struct fio to denote a fsp handle is for a stream we care about.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: use fio in fruit_fallocate

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: refactor fruit_fstat and use new adouble API

Use struct fio to denote a fsp handle is for a stream we care about.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: refactor fruit_pread and fruit_pwrite and use new adouble API

Use struct fio to denote a fsp handle is for a stream we care about.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: refactor fruit_open and use new adouble API

Use struct fio to denote a fsp handle is for a stream we care about.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: rework struct adouble API

o factor out ad_open(), opens an fd to be used with IO on the metadata
  streams

o rename ad_write() to ad_set() as this aligns nicely with the existing
  ad_get. This is the pathname based version used to solely set metadata
  on a file, there's also a handle based version:

o add ad_fset(), a handle based version that can be used to set metadata
  and to update the AppleDouble header in a ._ AppleDouble file

o remove fruit_fsp_recheck(), looking at it more closely, it is not
  needed

This commit *compiles*, but all callers in the VFS ops must now be
updated to use the new semantics, this comes next...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

selftest: disable vfs_fruit tests

The next commits will completely change handle based VFS ops. This
couldn't be done in a piecemeal fashion, I had to wipe the slate clean.

Disabling tests in order to not break git bisects.

Tests will be reenabled after a few commits that apply the larger change
in a somewhat digestible fashion.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: fix fruit_check_access()

Applying fcntl read locks requires an fd opened for reading. This means
we have to check the open flags of an fd and if the fd is not opened for
reading, we can't use it to set shared fctnl locks.

Iow we won't be applying interop locks with Netatalk for files openend
write-only.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: remove base_fsp name translation

This is now nicely done by vfs_catia for us.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: use SMB_VFS_NEXT_OPEN in two places

Using the SMB_VFS_OPEN leads to a logic recursion that is hard to follow
and debug. It may be called twice for the same fsp with two different
smb_fname's.

Changing this here to use the NEXT function instead should have no
change in behaviour otherwise, but it allows adding sane caching to
vfs_catia to handle based VFS ops.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: refactor readdir_attr_macmeta() resource fork size

Move resource fork size calculation to helper functions.

Adds correct handling for the fruit:resource=stream case in
readdir_attr_rfork_size_stream(), this wasn't done previously.

Otherwise no change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: refactor fruit_ftruncate() and fix stream case

The fruit:metadata=stream case wasn't handled previosly, this is now
done in fruit_ftruncate_rsrc_stream(). The rest is just refactoring and
no change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: fix fruit_ntimes() for the fruit:metadata!=netatalk case

The following code must only be executed for the fruit:metadata=netatalk
case. Otherwise no change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: refactor fruit_streaminfo()

Handle all settings of fruit:metadata and fruit:resource in helper
functions.

Resource fork streams of 0 bytes must be filtered out, this wasn't done
previously for the fruit:resource=stream and xattr case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: add fruit_stat_rsrc_xattr() implementation

This fixes fruit_stat_rsrc for the fruit:resource=xattr case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: add fruit_stat_rsrc_stream() implementation

This fixes fruit_stat_rsrc for the fruit:resource=stream case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: refactor fruit_stat_rsrc()

Use helper functions for the fruit:resource cases. No change in
behaveour.

The next patch will add the proper helper functions for
fruit:resource=xattr and fruit:resource=stream.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: refactor fruit_open_rsrc()

This just splits up fruit_open_rsrc() to use helper functions for each
config->rsrc setting. No change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: in fruit_rmdir() check ._ files before deleting them

This ensures we only delete valid AppleDouble files whose names begin
with "._", not just *any* file that matches "^._*".

Also use proper VFS functions instead of direclty calling the C library
functions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: fix fruit_rmdir() for the fruit:resource!=file case

The following code must only be executed for the fruit:resource=file
case. Otherwise no change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: fix fruit_chown() for the fruit:resource!=file case

The following code must only be executed for the fruit:resource=file
case.

While at it, remove an unnecessary lstat, use the stat info from
smb_fname.

Otherwise no change in behaviour for the fruit:resource=file case (the
default).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: fix fruit_chmod() for the fruit:resource!=file case

The following code must only be executed for the fruit:resource=file
case.

While at it, remove an unnecessary lstat, use the stat info from
smb_fname.

Otherwise no change in behaviour for the fruit:resource=file case (the
default).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: refactor fruit_unlink()

Refactor fruit_unlink() addin helper functions for all fruit:metadata
and fruit:resource settings.

No change in behaviour for fruit:metadata=netatalk and
fruit:resource=file (both the default), but fixes behaviour for the
other cases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: fix fruit_rename() for the fruit:resource!=file case

o fix the config check, we must only run following code for the
fruit:resource=file

o properly call SMB_VFS_NEXT_RENAME() instead diretly calling rename()

o bail out if we get an invalid stat

Otherwise, no change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: correct readdir_attr_meta_finderi_stream() implementation

This gets correct behaviour in readdir_attr_meta_finderi for the
metadata=stream case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: refactor readdir_attr_meta()

Move the FinderInfo stuff to helper functions, no change in behaviour so
far.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: update_btime() is only needed for metadata=netatalk

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: correct fruit_stat_meta_stream() implementation

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: refactor fruit_stat_meta()

Handle config->meta in helper functions. No change in behaviour. The next step
will add the correct implementation of fruit_stat_meta_stream().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: correct fruit_open_meta_stream() implementation

This needs to create and write a metadata blob when the stream is
created.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: refactor fruit_open_meta()

Just split out the fruit:metadata=stream case into a helper function, no
change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: replace unsafe ad_entry macro with a function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: fix fruit_pwrite() with metadata=stream

This makes the test "delete AFP_AfpInfo by writing all 0" pass with
fruit:metadata=stream.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: rename empty_finderinfo() and make it more robust

No change in behaviour, but ad_entry(ad, ADEID_FINDERI) can in theory
return NULL.

The next commit will add the same function for a AfpInfo type, so rename
this function that works on struct adouble to ad_empty_finderinfo().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: fix fruit_ftruncate with metadata=stream

With this the test "setinfo eof AFP_AfpInfo" passed with
fruit:metadata=stream.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_fruit: fix fruit_pread with metadata=stream

This make the test "fix offset and len handling for AFP_AfpInfo stream"
pass with fruit:metadata=stream.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_catia: add catia_(g|s)et_dos_attributes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_catia: add catia_readdir_attr

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_catia: run translation on all handle based VFS functions

Also run translation of fsp->fsp_name and optionally
fsp->base_fsp->fsp_name if set for all handle based VFS functions.

This is necessary because some modules might use the path for something
in the handle based VFS ops.

An existing example is vfs_fruit. A later commit will remove the
translation that was done there because catia didn't before this commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_streams_xattr: use SMB_VFS_NEXT_OPEN and CLOSE

Using the SMB_VFS_OPEN leads to a recursion in the VFS that is hard to
follow and debug. It's called twice for the same fsp with two different
smb_fname's which makes it at least hard to debug, it may even be an
invalid usage.

Changing this here to use the NEXT function instead should have no
change in behaviour otherwise.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12565

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

vfs_streams_xattr: call SMB_VFS_OPEN with smb_fname_base

In case an SMB_VFS_OPEN() on a stream basename fails with EISDIR, we
retry the open as O_RDONLY. The retry should be done with the
smb_fname_base as well.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s3/includes: add FinderInfo offset define to MacExtensions.h

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

selftest: don't run vfs_fruit tests against ad_dc env

This is just redundant and didn't add test coverage.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

winbind: Fix a cut&paste debug typo

We're in cm_connect_netlogon_transport, not in cm_connect_sam

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 2 00:31:54 CET 2017 on sn-devel-144

waf: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

posix_acls: Use talloc_zero_array

This is a slight change in behaviour: We now also zero out
the space for num_profile_acls.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

posix_acls: Do a *bit* of reformatting

Makes the next commit a bit more obvious to me

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

script: Add test script for traffic_summary.pl

Add the test script for traffic_summary.pl, test data in previous
commit.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Mar 1 09:01:07 CET 2017 on sn-devel-144

script: Add script to provide an anonymous summary from tshark

The tshark command needs to output a PDML XML stream, which this command will
read. The summary is intended not to expose private or customer data while
allowing a good view on the range and frequency of the network traffic.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

script: Add test data for traffic_summary.pl

This network capture summary tool will be added in the next commit

This sample is taken from make test under SOCKET_WRAPPER_PCAP_FILE

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samdb: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Feb 28 13:55:42 CET 2017 on sn-devel-144

auth4: Reduce indentation level by an early error return

Just cosmetics for easier readability, no code change

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth4: Only use CrackNames if we're a DC

DsCrackNameOneName on a member does not really have a big user database. We
should delegate as much responsibility as possible to our DC.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth4: Fix map_user_info_cracknames for domain==NULL

DsCrackNameOneName directly fails for DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
if the name passed in does not contain a \. The only caller of
map_user_info_cracknames (auth_check_password_send) passes in
lpcfg_workgroup(), which does not contain a \. Add in the \ also for
the default_domain case.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth3: Simplify get_system_info3

We have global_sid_System, so we don't need to dom_sid_parse("S-1-5-18");

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb 27 11:31:53 CET 2017 on sn-devel-144

auth3: Fix some whitespace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

repl_meta_data: Remove handling of backlinks from replmd_prepare_commit()

This deferred handling was already removed, for performance, from
everything but the add case.

We now remove the normal local add case (an originating update), eg
LDAP add from the transaction commit and insted do it on the ADD
operation callback (replmd_op_callback()).

To keep things simple, we make up the extended DN with the GUID and
SID as the object does not actually exist in the DB at the time we
prepare backlink. This also allows us to avoid another search in the
(much more common) modify case.

We rely on transactions to clean up the add of the object if the
backlink fails, thankfully unlike in replication replmd_add() is
normally the only operation in a transaction, and we have alredy
confirmed the link target exists during get_parsed_dns().

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Feb 27 07:12:02 CET 2017 on sn-devel-144

ctdb-build: Fix RPM build

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12595

It doesn't look like recursion works for appending scripting commands.
Unroll the recursion instead.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Feb 27 03:09:27 CET 2017 on sn-devel-144

ctdb-build: Add WAFLOCK magic to manpages target

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12595

Without this a top-level "make dist" fails to build the CTDB manpages.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

pidl:Python: use of pytalloc_GenericObject_reference*() for pyrpc_{ex,im}port_union() wrapping

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Feb 25 06:33:33 CET 2017 on sn-devel-144

pidl:Python: replace pytalloc_CObject_FromTallocPtr() with pytalloc_GenericObject_reference_ex()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pidl:Python: make sure print HASH references for STRUCT types

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

py_net: make use of pytalloc_GenericObject_steal()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

talloc: version 2.1.9

* fix some coverity defects
* fix TALLOC_VERSION_MINOR and talloc_version_minor()
* add new tests
* add pytalloc_get_type()
* add pytalloc_GenericObject_{steal,reference}[_ex]()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytalloc: add pytalloc_GenericObject_{steal,reference}[_ex]()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3/smbd: allow GET_DFS_REFERRAL fsctl on any smb2 connexion

This FSCTL should work on any non-IPC share.

According to [MS-SMB2]
> 3.2.4.20.3 Application Requests DFS Referral Information:
>  The client MUST search for an existing Session and TreeConnect to any
>  share on the server identified by ServerName for the user identified by
>  UserCredentials. If no Session and TreeConnect are found, the client
>  MUST establish a new Session and TreeConnect to IPC$ on the target
>  server as described in section 3.2.4.2 using the supplied ServerName and
>  UserCredentials.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 25 02:38:28 CET 2017 on sn-devel-144

s3:idmap_ad: make use of pdb_get_trust_credentials() to get the machine account creds

This is mostly a cosmetic change currently.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 24 22:34:48 CET 2017 on sn-devel-144

s3:winbindd: allow a fallback to NTLMSSP for LDAP connections

This matches the behaviour of pdb_get_trust_credentials() for
our machine account and allows us to fallback to NTLMSSP
when contacting trusted domains.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3:libads: add more debugging to ads_sasl_spnego_bind()

Any fallbacks to other authentication methods should be logged.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()

The implementation of pdb_get_trust_credentials() should have all
the details to set the kerberos_state to a useful value.

This should enable the fallback to NTLMSSP again, when using our
machine account against trusted domains.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3:winbindd: add more debugging to cm_prepare_connection()

Any fallbacks to other authentication methods should be logged.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials()

Trust accounts can only use kerberos when contacting other AD domains,
using NTLMSSP will fail.

At the same time it doesn't make sense to try kerberos for NT4 domains,
still NTLMSSP will fail, but the callers has to deal with that
case and just fallback to an anonymous SMB connection.

In all cases we should be able to use NETLOGON SCHANNEL
over any anonymous smb or tcp transport.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>