Alexander Bokovoy [Fri, 3 Mar 2017 14:57:13 +0000 (16:57 +0200)]
credentials_krb5: convert to use smb_gss_krb5_import_cred
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Alexander Bokovoy [Fri, 3 Mar 2017 14:14:57 +0000 (16:14 +0200)]
lib/krb5_wrap: add smb_gss_krb5_import_cred wrapper
Wrap gss_krb5_import_cred() to allow re-implementing it with
gss_acquire_cred_from() for newer MIT versions. gss_acquire_cred_from()
works fine with GSSAPI interposer (GSS-proxy) while
gss_krb5_import_cred() is not interposed yet.
The wrapper has additional parameter, krb5_context handle, to facilitate
with credentials cache name discovery. All our callers to
gss_krb5_import_cred() already have krb5 context handy.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Alexander Bokovoy [Fri, 3 Mar 2017 15:08:09 +0000 (17:08 +0200)]
gssapi: check for gss_acquire_cred_from
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 5 Oct 2016 08:33:26 +0000 (10:33 +0200)]
s3-libads: Do not leak the msg on error
ldap_search_ext_s manpage states:
Note that res parameter of ldap_search_ext_s should be freed with
ldap_msgfree() regardless of return value of these functions.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 8 14:59:35 CET 2017 on sn-devel-144
Stefan Metzmacher [Mon, 6 Mar 2017 11:53:09 +0000 (11:53 +0000)]
idmap_autorid: allocate new domain range if the callers knows the sid is valid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12613
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 8 04:06:59 CET 2017 on sn-devel-144
Ralph Boehme [Tue, 7 Mar 2017 17:10:56 +0000 (18:10 +0100)]
manpages/vfs_fruit: document global options
Some options MUST be set in the global section, better document that.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12615
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 7 Mar 2017 13:06:52 +0000 (14:06 +0100)]
winbind: Add a debug message for out-of-range IDs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 21 Feb 2017 17:41:59 +0000 (18:41 +0100)]
winbind: Remove unused wcache_tdc_fetch_domainbysid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 4 Mar 2017 17:40:09 +0000 (18:40 +0100)]
winbind: Correcly pass !authoritative from wb_irpc_SamLogon
Returning an error at this level gives a RPC level error without the chance to
provide !authoritative flag to the caller. At the RPC level we're fine, but not
finding the domain to authenticate means that we don't know the domain and thus
have to return !authoritative.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar 7 13:16:00 CET 2017 on sn-devel-144
Volker Lendecke [Sun, 29 Jan 2017 16:51:53 +0000 (16:51 +0000)]
libwbclient: Add "authoritative" to wbcAuthErrorInfo
smbd needs to react to "authoritative"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Sat, 11 Feb 2017 09:04:29 +0000 (10:04 +0100)]
winbind: Set "authoritative" in response to auth_crap
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Sun, 29 Jan 2017 16:46:12 +0000 (16:46 +0000)]
winbind: Add "authoritative" to winbindd_response
This is a relevant piece of info in the samlogon response,
smbd and netlogond need to be able to react to it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Sat, 28 Jan 2017 20:20:59 +0000 (20:20 +0000)]
winbind: Pass up args from winbind_dual_SamLogon
We'll need to pass "authoritative" back to the winbind client
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Sat, 28 Jan 2017 20:20:59 +0000 (20:20 +0000)]
winbind: Pass up args from winbind_samlogon_retry_loop
In particular "authoritative" is useful at the top level
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Sat, 28 Jan 2017 11:36:11 +0000 (11:36 +0000)]
cli_netlogon: Add return parms to rpccli_netlogon_password_logon
Just for symmetry with rpccli_netlogon_network_logon()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Sat, 28 Jan 2017 11:31:09 +0000 (11:31 +0000)]
cli_netlogon: Remove a fallback for flags=NULL
The two callers of rpccli_netlogon_network_logon have flags set !=NULL
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Sat, 28 Jan 2017 11:27:21 +0000 (11:27 +0000)]
cli_netlogon: Remove a fallback for authoritative=NULL
The two callers of rpccli_netlogon_network_logon have authoritative
set !=NULL
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Mon, 27 Feb 2017 13:35:59 +0000 (13:35 +0000)]
winbind: Fix a debug message
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Mar 6 23:18:46 CET 2017 on sn-devel-144
Volker Lendecke [Sun, 26 Feb 2017 16:27:05 +0000 (17:27 +0100)]
auth4: Remove an unused struct declaration
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 3 Mar 2017 05:03:31 +0000 (06:03 +0100)]
auth4: Move a variable closer to its use
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Thu, 2 Mar 2017 14:14:51 +0000 (15:14 +0100)]
Re-enable token groups fallback
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Mar 6 19:18:31 CET 2017 on sn-devel-144
Stefan Metzmacher [Mon, 6 Mar 2017 09:30:52 +0000 (10:30 +0100)]
winbindd: find the domain based on the sid within wb_lookupusergroups_send()
That simplifies the potential caller.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 2 Mar 2017 13:56:09 +0000 (14:56 +0100)]
Revert "winbind: Remove wb_lookupusergroups"
This reverts commit
c0570e6ae8f8f0057ece48d764580897ff2b6f62.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 2 Mar 2017 13:55:15 +0000 (14:55 +0100)]
Revert "winbind: Remove wbint_LookupUserGroups"
This reverts commit
256632ed3cc724bab0fc22132ca6b52faf680ab2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 2 Mar 2017 13:54:46 +0000 (14:54 +0100)]
Revert "winbind: Remove wb_cache_lookup_usergroups"
This reverts commit
f83863b4d1510a9519d15934c960fd1675235812.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 2 Mar 2017 13:54:23 +0000 (14:54 +0100)]
Revert "winbind: Remove wcache_lookup_usergroups"
This reverts commit
876dc28b9cf13343a2962b1a1b035fe78c1858a6.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 2 Mar 2017 13:54:09 +0000 (14:54 +0100)]
Revert "winbind: Remove validate_ug"
This reverts commit
3f58a8cabab75a594cff9088d5dd8ea439b36178.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 2 Mar 2017 13:53:47 +0000 (14:53 +0100)]
Revert "winbind: Remove "lookup_usergroups" winbind method"
This reverts commit
b231814c6b0ad17255139bc8934f269610348b2b.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 2 Mar 2017 13:52:49 +0000 (14:52 +0100)]
Revert "winbind: Remove rpc_lookup_usergroups"
This reverts commit
91b73b1e93bb8fb38e2f1cea6c1cbd012c952542.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12612
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 3 Mar 2017 11:56:24 +0000 (12:56 +0100)]
s3:libads: remove unused fallback to gss_acquire_cred()
Heimdal and all supported versions of MIT krb5 prove gss_krb5_import_cred(),
so we don't need an #ifdef here.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Mar 6 11:44:54 CET 2017 on sn-devel-144
Ralph Boehme [Mon, 27 Feb 2017 11:55:04 +0000 (12:55 +0100)]
s4/torture: add a creditting test skipping a SMB2 MID
This tests that skipping a SMB2 MID the client's usable MID window is
[unused mid, unused mid + 8192]
The test currently fails against Samba as we only grant up to 512
credits. It passes against Windows 2016 as that grants up to 8192
credits by default.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 4 01:54:07 CET 2017 on sn-devel-144
Ralph Boehme [Sun, 26 Feb 2017 08:28:12 +0000 (09:28 +0100)]
libcli/smb: add smb2cli_conn_get_mid and smb2cli_conn_set_mid
This will be needed for a torture test in the next commit.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 27 Feb 2017 06:12:09 +0000 (07:12 +0100)]
s4/torture: add some SMB2 crediting tests
These tests verify that a server grants at least 8192 credits in a
successfull session setup and in a single SMB2 request. Both tests pass
against Windows 2016 Server but currently fail against Samba.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 27 Feb 2017 11:29:25 +0000 (12:29 +0100)]
libcli/smb: add smb2cli_conn_get_cur_credits
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 27 Feb 2017 15:14:39 +0000 (16:14 +0100)]
libcli/smb: add max_credits arg to smbXcli_negprot_send()
This allows source4/torture code to set the option for tests by
preparing a struct smbcli_options with max_credits set to some value and
pass that to a torture_smb2_connection_ext().
This will be used in subsequent smbtorture test for SMB2 creditting.
Behaviour of existing upper layers is unchanged, they simply pass the
wanted max credits value to smbXcli_negprot_send() instead of
retrofitting it with a call to smb2cli_conn_set_max_credits().
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 6 Feb 2017 16:10:40 +0000 (17:10 +0100)]
lib: Make gencache hash size configurable, default to 10000
For large deployments with many users, we put a lot of idmapping
entries into gencache. Increase the hash size from our default 131.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Andreas Schneider [Tue, 21 Feb 2017 13:51:08 +0000 (14:51 +0100)]
idmap_hash: Add a deprecation message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12582
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Mar 3 16:54:34 CET 2017 on sn-devel-144
Andreas Schneider [Wed, 15 Feb 2017 07:55:24 +0000 (08:55 +0100)]
docs: Improve the idmap_hash manpage
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12582
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Thu, 2 Mar 2017 16:34:22 +0000 (17:34 +0100)]
s4:selftest: run samba4.sam.python also against fl2008r2dc
fl2008r2dc uses "ldap server require strong auth = no", which
is required to test the simple bind error messages.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9048
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 3 12:57:06 CET 2017 on sn-devel-144
Stefan Metzmacher [Thu, 2 Mar 2017 15:41:20 +0000 (16:41 +0100)]
dsdb/tests: add test_ldap_bind_must_change_pwd()
This tests the error messages for failing LDAP Bind responses.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9048
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 24 Feb 2017 17:30:56 +0000 (18:30 +0100)]
s4:ldap_server: match windows in the error messages of failing LDAP Bind requests
This is important for some applications to detect the
NT_STATUS_PASSWORD_MUST_CHANGE condition correctly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9048
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 2 Mar 2017 16:19:21 +0000 (17:19 +0100)]
ldb-samba: remember the error string of a failing bind in ildb_connect()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9048
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 2 Mar 2017 15:00:01 +0000 (16:00 +0100)]
dsdb/tests: remove duplicate test_smartcard_required3() from sam.py
The function was 100% the same...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Tue, 28 Feb 2017 15:17:03 +0000 (16:17 +0100)]
torture3: Add test for smbd crash
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12610
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 3 06:20:50 CET 2017 on sn-devel-144
Volker Lendecke [Tue, 28 Feb 2017 15:03:45 +0000 (15:03 +0000)]
smbd: Do an early exit on negprot failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12610
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 2 Mar 2017 17:13:23 +0000 (09:13 -0800)]
s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained.
When the send queue grows greater than xconn->smb2.credits.max/16,
smbd_smb2_request_next_incoming() doesn't allocate a new request in state->req.
After smbd_smb2_io_handler() is called, it marks the fd not readable as
state->req == NULL, and never marks it readable again.
Fix by calling smbd_smb2_request_next_incoming() to restart
reads inside smbd_smb2_flush_send_queue() which drains the
send queue.
Reported by <chen.yehua@h3c.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12608
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 3 02:23:20 CET 2017 on sn-devel-144
Uri Simchoni [Thu, 2 Mar 2017 11:02:25 +0000 (13:02 +0200)]
selftest: remove "ea support" from vfs_fruit-related setups.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Uri Simchoni [Thu, 2 Mar 2017 10:59:16 +0000 (12:59 +0200)]
vfs_fruit: drop "ea support" from the manpage
Now that ea support is not required, drop that
comment from the man page.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Uri Simchoni [Thu, 2 Mar 2017 10:56:25 +0000 (12:56 +0200)]
testparm: remove check for "ea support" in fruit shares
Now that ea support is not required for vfs_fruit, drop the
check that it's enabled in shares using vfs_fruit.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Uri Simchoni [Thu, 2 Mar 2017 06:39:56 +0000 (08:39 +0200)]
smbd: remove coupling between get_ea_names_from_file() and "ea support"
The "ea support" configuration variable determines whether smbd
should attempt to manipulate extended attributes via SMB protocol.
It does not pertain to the underlying storage and its support for
extended attributes.
get_ea_names_from_file() is being used also by vfs_streams_xattr -
a module which has nothing to do with client-visible extended
attributes. As such, vfs_streams_xattr should be able to operate
irrespective of the value of "ea support".
This patch moves the check for ea support to the callers.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Uri Simchoni [Thu, 2 Mar 2017 06:49:54 +0000 (08:49 +0200)]
smbd: get_ea_list_from_file_path() - remove a duplicate statement
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Uri Simchoni [Thu, 2 Mar 2017 06:46:44 +0000 (08:46 +0200)]
smbd: refuse_symlink() - do not fail if the file does not exist
If the file does not exist, it is not a symlink. Current callers
use this function to see if extended attributes can be set / fetched.
Allow them to try and leave the error code at the discretion of the
VFS.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 2 Mar 2017 07:13:57 +0000 (08:13 +0100)]
s3:winbindd: fix endless forest trust scan
Commit
0392ebcd1d48e9f472f2148b85316a77d9cc953b effectively
disabled the enumeration of trusts in other forests.
The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691
changed the way we fill domain->domain_flags for domains
in other forests.
Commit
fffefe72fcc62d9688b45f53a5327667dc0b2fe6 readded the
ability to enumerate trusts of other forests again, in order to
fix https://bugzilla.samba.org/show_bug.cgi?id=11830
Now we have the problem that multiple domains
(even outside of our forest) are considert to be
our forest root, as they have the following flags:
NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Mar 2 17:53:14 CET 2017 on sn-devel-144
Andreas Schneider [Mon, 27 Feb 2017 16:18:15 +0000 (17:18 +0100)]
s3:librpc: Handle gss_min in gse_get_client_auth_token() correctly
This will make sure we correctly fall back to NTLMSSP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12557
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Mar 2 12:41:40 CET 2017 on sn-devel-144
Stefan Metzmacher [Fri, 20 Jan 2017 16:15:49 +0000 (17:15 +0100)]
gensec:spnego: Add debug message for the failed principal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12557
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Thu, 23 Feb 2017 22:58:33 +0000 (11:58 +1300)]
ndr: Use resizing array instead of linked lists (breaking ABI)
The ndr token code keeps a temporary store of tokens which are
referred to a small number of times (often once) before being
discarded. The access patterns are somewhat stack-like, with recently
placed tokens being accessed most often.
The old code kept these tokens in a linked list, which we replace with
a self-resizing array.
This keeps everything roughly the same in big-O terms, but makes it
all faster in practice by vastly reducing the amount of tallocing and
pointer-chasing.
The peak memory use is strictly reduced. On a 64 bit machine each core
token struct fits in 16 bytes (after padding) while the two pointers
used by the DLIST add another 16 bytes, so the overall list allocation
is the same as the peak 2n array allocation -- except in the list case
it is dwarfed by the talloc and malloc metadata overhead.
Before settling on the resized arrays, we tried red-black trees, which
are bound to be better for large ndr structures. As it happens, we
don't deal with large structures (the size of replication clumps is
limited to 400 objects) and the asymptotic benefits of the trees are
not realised in practice.
With luck you should find graphs comparing the performance of these
various techniques at:
https://www.samba.org/~dbagnall/perf-tests/ndr-token/
This necessarily breaks the ABI because the linked list implementation
was publicly exposed.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 2 08:38:22 CET 2017 on sn-devel-144
Douglas Bagnall [Thu, 23 Feb 2017 22:59:24 +0000 (11:59 +1300)]
ndr: fix whitespace in libndr.h, ndr.c
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 24 Feb 2017 01:42:32 +0000 (14:42 +1300)]
selftest: add search performance tests
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 16 Feb 2017 03:41:00 +0000 (16:41 +1300)]
selftest: ndr_pack/unpack performance test
This just does a lot of packing and unpacking of various structures.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 25 Feb 2017 00:38:17 +0000 (13:38 +1300)]
ndr tests: silence a harmless warning
gcc 7.
"duplicate ‘const’ declaration specifier [-Wduplicate-decl-specifier]"
Signed-off-by: Douglas Bagnall <douglas@halo.gen.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Tue, 28 Feb 2017 08:39:37 +0000 (09:39 +0100)]
vfs_fruit: enabling AAPL extensions must be a global switch
Apple's SMB2 AAPL extension is enabled once per SMB2
connection. Unfortunately the (per se correct) fix for bug #12541
results in vfs_fruit checking a per tcon config state variable to
determine whether AAPL has been negotiated. This variable will be false
for all but the first tcon. We must make it a global variable.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12604
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Mar 2 04:34:10 CET 2017 on sn-devel-144
Ralph Boehme [Thu, 19 Jan 2017 08:30:45 +0000 (09:30 +0100)]
vfs_fruit: only veto AppleDouble files with fruit:resource=file
vfs_fruit only creates AppleDouble files itself when "fruit:resource" is
set to "file" (the default). It is only then the these AppleDouble files
should be treated as an internal representation and should be
inaccessible from clients.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12526>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 17 Feb 2017 15:35:44 +0000 (16:35 +0100)]
s4/torture: vfs_fruit: add stream with illegal ntfs characters to copyile test
This ensures a stream with illegal NTFS characters mapped to the Unicode
private range like
:foo\xef\x80\xa2bar:$DATA
that is stored as an xattr name
user.DosStream.foo:bar:$DATA
if "fruit:encoding = native" is set, is copied by the special fruit
copy_chunk request.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 7 Feb 2017 14:01:53 +0000 (15:01 +0100)]
vfs_fruit: use stat info from base_fsp
This is also supposed to be valid in the VFS stack, so there's no need
to re-stat here.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Sun, 11 Dec 2016 18:11:09 +0000 (19:11 +0100)]
s4/torture: vfs_fruit: test invalid AFPINFO_STREAM_NAME
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Sun, 11 Dec 2016 18:10:05 +0000 (19:10 +0100)]
vfs_fruit: ignore or delete invalid AFP_AfpInfo streams
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Sun, 11 Dec 2016 18:06:46 +0000 (19:06 +0100)]
selftest: add shares without vfs_fruit for the vfs_fruit tests
Not used for now, but the next commit will add a test that makes use of
this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Sun, 11 Dec 2016 18:02:37 +0000 (19:02 +0100)]
s4/torture: change shares in used torture_suite_add_2ns_smb2_test()
torture_suite_add_2ns_smb2_test wan't used, change it to use the default
share as share 1 and a second share taken from torture option
"torture:share2".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 16:47:36 +0000 (17:47 +0100)]
docs/vfs_fruit: document known limitations with fruit:encoding=native
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 14:45:12 +0000 (15:45 +0100)]
s4/torture: add test for AAPL find with name with illegal NTFS characters
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 14:44:37 +0000 (15:44 +0100)]
lib/torture: add torture_assert_mem_equal_goto
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 6 Dec 2016 09:25:46 +0000 (10:25 +0100)]
s4/torture: add a vfs_fruit renaming test with open rsrc fork
Verify IO on the resource fork works after a rename of the basefile.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Mon, 5 Dec 2016 10:21:15 +0000 (11:21 +0100)]
s4/torture: vfs_fruit: test deleting a file with resource fork
All the other tests ignore the return value of smb2_util_unlink().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 29 Nov 2016 15:21:08 +0000 (16:21 +0100)]
s4/torture: vfs_fruit: add test_null_afpinfo test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 16:41:14 +0000 (17:41 +0100)]
selftest: add description to vfs_fruit testsuites
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 06:42:07 +0000 (07:42 +0100)]
selftest: also run vfs_fruit tests with streams_depot
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 15 Nov 2016 14:25:14 +0000 (15:25 +0100)]
selftest: run vfs_fruit tests against share with fruit:metadata=stream
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 15 Nov 2016 21:31:20 +0000 (22:31 +0100)]
selftest: move vfs_fruit tests that require "fruit:metadata=netatalk" to vfs.fruit_netatalk
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 19:43:21 +0000 (20:43 +0100)]
selftest: reenable vfs_fruit tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 19:42:54 +0000 (20:42 +0100)]
vfs_fruit: refactor fruit_ftruncate and use new adouble API
Use struct fio to denote a fsp handle is for a stream we care about.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 19:41:55 +0000 (20:41 +0100)]
vfs_fruit: use fio in fruit_fallocate
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 19:39:38 +0000 (20:39 +0100)]
vfs_fruit: refactor fruit_fstat and use new adouble API
Use struct fio to denote a fsp handle is for a stream we care about.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 19:38:17 +0000 (20:38 +0100)]
vfs_fruit: refactor fruit_pread and fruit_pwrite and use new adouble API
Use struct fio to denote a fsp handle is for a stream we care about.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 19:34:55 +0000 (20:34 +0100)]
vfs_fruit: refactor fruit_open and use new adouble API
Use struct fio to denote a fsp handle is for a stream we care about.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 18:12:32 +0000 (19:12 +0100)]
vfs_fruit: rework struct adouble API
o factor out ad_open(), opens an fd to be used with IO on the metadata
streams
o rename ad_write() to ad_set() as this aligns nicely with the existing
ad_get. This is the pathname based version used to solely set metadata
on a file, there's also a handle based version:
o add ad_fset(), a handle based version that can be used to set metadata
and to update the AppleDouble header in a ._ AppleDouble file
o remove fruit_fsp_recheck(), looking at it more closely, it is not
needed
This commit *compiles*, but all callers in the VFS ops must now be
updated to use the new semantics, this comes next...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 21:54:46 +0000 (22:54 +0100)]
selftest: disable vfs_fruit tests
The next commits will completely change handle based VFS ops. This
couldn't be done in a piecemeal fashion, I had to wipe the slate clean.
Disabling tests in order to not break git bisects.
Tests will be reenabled after a few commits that apply the larger change
in a somewhat digestible fashion.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 10:08:53 +0000 (11:08 +0100)]
vfs_fruit: fix fruit_check_access()
Applying fcntl read locks requires an fd opened for reading. This means
we have to check the open flags of an fd and if the fd is not opened for
reading, we can't use it to set shared fctnl locks.
Iow we won't be applying interop locks with Netatalk for files openend
write-only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 6 Dec 2016 14:07:20 +0000 (15:07 +0100)]
vfs_fruit: remove base_fsp name translation
This is now nicely done by vfs_catia for us.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Wed, 8 Feb 2017 18:15:38 +0000 (19:15 +0100)]
vfs_fruit: use SMB_VFS_NEXT_OPEN in two places
Using the SMB_VFS_OPEN leads to a logic recursion that is hard to follow
and debug. It may be called twice for the same fsp with two different
smb_fname's.
Changing this here to use the NEXT function instead should have no
change in behaviour otherwise, but it allows adding sane caching to
vfs_catia to handle based VFS ops.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 16:00:03 +0000 (17:00 +0100)]
vfs_fruit: refactor readdir_attr_macmeta() resource fork size
Move resource fork size calculation to helper functions.
Adds correct handling for the fruit:resource=stream case in
readdir_attr_rfork_size_stream(), this wasn't done previously.
Otherwise no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 15:20:46 +0000 (16:20 +0100)]
vfs_fruit: refactor fruit_ftruncate() and fix stream case
The fruit:metadata=stream case wasn't handled previosly, this is now
done in fruit_ftruncate_rsrc_stream(). The rest is just refactoring and
no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 14:57:22 +0000 (15:57 +0100)]
vfs_fruit: fix fruit_ntimes() for the fruit:metadata!=netatalk case
The following code must only be executed for the fruit:metadata=netatalk
case. Otherwise no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 14:49:03 +0000 (15:49 +0100)]
vfs_fruit: refactor fruit_streaminfo()
Handle all settings of fruit:metadata and fruit:resource in helper
functions.
Resource fork streams of 0 bytes must be filtered out, this wasn't done
previously for the fruit:resource=stream and xattr case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 10:44:53 +0000 (11:44 +0100)]
vfs_fruit: add fruit_stat_rsrc_xattr() implementation
This fixes fruit_stat_rsrc for the fruit:resource=xattr case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 10:30:06 +0000 (11:30 +0100)]
vfs_fruit: add fruit_stat_rsrc_stream() implementation
This fixes fruit_stat_rsrc for the fruit:resource=stream case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 10:26:22 +0000 (11:26 +0100)]
vfs_fruit: refactor fruit_stat_rsrc()
Use helper functions for the fruit:resource cases. No change in
behaveour.
The next patch will add the proper helper functions for
fruit:resource=xattr and fruit:resource=stream.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 09:46:55 +0000 (10:46 +0100)]
vfs_fruit: refactor fruit_open_rsrc()
This just splits up fruit_open_rsrc() to use helper functions for each
config->rsrc setting. No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 9 Dec 2016 17:24:40 +0000 (18:24 +0100)]
vfs_fruit: in fruit_rmdir() check ._ files before deleting them
This ensures we only delete valid AppleDouble files whose names begin
with "._", not just *any* file that matches "^._*".
Also use proper VFS functions instead of direclty calling the C library
functions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 9 Dec 2016 17:22:49 +0000 (18:22 +0100)]
vfs_fruit: fix fruit_rmdir() for the fruit:resource!=file case
The following code must only be executed for the fruit:resource=file
case. Otherwise no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 08:04:37 +0000 (09:04 +0100)]
vfs_fruit: fix fruit_chown() for the fruit:resource!=file case
The following code must only be executed for the fruit:resource=file
case.
While at it, remove an unnecessary lstat, use the stat info from
smb_fname.
Otherwise no change in behaviour for the fruit:resource=file case (the
default).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>