Stefan Metzmacher [Tue, 6 Oct 2015 08:18:06 +0000 (10:18 +0200)]
s4:rpc_server: implement bind time feature negotiation
For now we don't really support any negotiated features.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 23 Oct 2015 13:39:34 +0000 (15:39 +0200)]
python/tests: add presentation context related tests to dcerpc raw protocol tests
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 31 Aug 2016 13:05:37 +0000 (15:05 +0200)]
python/tests: remove unused code in _test_auth_none_level_bind()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 6 Oct 2015 08:18:06 +0000 (10:18 +0200)]
s4:rpc_server: process all provided presentation contexts
We should respond with an explicit result for each presentation context,
while we also accept one new context per BIND/ALTER_CONTEXT.
For now we still only support NDR32, but adding NDR64 should
be fairly easy now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 30 Aug 2016 12:35:34 +0000 (14:35 +0200)]
s4:rpc_server: it's not a protocol error to do an alter context with an unknown transfer syntax
Windows 2012R2 only returns a protocol error if the client wants to change
between supported transfer syntaxes, e.g. from NDR32 to NDR64.
If the proposed transfer syntax is not known to the server,
the request will be silently ignored.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sun, 28 Jun 2015 11:15:33 +0000 (13:15 +0200)]
s4:rpc_server: split out a dcesrv_check_or_create_context() function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 16 Aug 2016 04:40:21 +0000 (06:40 +0200)]
s4:rpc_server: use call->conn instead of call->context->conn
It's the same, but call->context might be NULL in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 16 Aug 2016 04:33:41 +0000 (06:33 +0200)]
s4:rpc_server: move dcesrv_alter_resp
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 31 Aug 2016 19:43:14 +0000 (21:43 +0200)]
s4:rpc_server: add DCERPC_AUTH_LEVEL_PACKET support
This is basically an alias for DCERPC_AUTH_LEVEL_INTEGRITY
in the context of connection oriented DCERPC.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Sep 2016 08:35:13 +0000 (10:35 +0200)]
s4:rpc_server: check the auth_pad_length overflow before calling gensec_[check,unseal]_packet()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Sep 2016 08:31:04 +0000 (10:31 +0200)]
s4:rpc_server: let dcesrv_auth_request() set a fault_code
gensec_check_packet() and gensec_unseal_packet() failures
should generate DCERPC_FAULT_SEC_PKG_ERROR.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 31 Aug 2016 19:39:25 +0000 (21:39 +0200)]
s4:rpc_server: set the full DCERPC_BIND_NAK_REASON_* in dcesrv_bind()
This is required in order to support DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE
vs. DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 29 Aug 2016 16:37:00 +0000 (18:37 +0200)]
s4:rpc_server: set DCERPC_PFC_FLAG_DID_NOT_EXECUTE for DCERPC_FAULT_OP_RNG_ERROR
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 Aug 2016 12:17:58 +0000 (14:17 +0200)]
s4:rpc_server: a fault with UNKNOWN_IF should have DID_NOT_EXECUTE set
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 6 Oct 2015 10:25:53 +0000 (12:25 +0200)]
s4:librpc/rpc: implement bind_time_feature negotiation
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 17 Feb 2015 07:38:36 +0000 (08:38 +0100)]
s4:librpc/rpc: force printing in dcerpc_bh_do_ndr_print() log level >= 11
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 28 Oct 2015 15:06:30 +0000 (16:06 +0100)]
s4:librpc/rpc: make use of dcerpc_pull_ncacn_packet()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 28 Oct 2015 11:27:43 +0000 (12:27 +0100)]
librpc/rpc: make use of dcerpc_pull_ncacn_packet() in dcerpc_read_ncacn_packet_done()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 28 Oct 2015 11:23:00 +0000 (12:23 +0100)]
librpc/rpc: move dcerpc_pull_ncacn_packet() from source3/librpc/rpc/ to the toplevel
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 28 Oct 2015 11:21:43 +0000 (12:21 +0100)]
s3:librpc: move NDR_PRINT_DEBUG() into the caller of dcerpc_pull_ncacn_packet()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 28 Oct 2015 11:16:05 +0000 (12:16 +0100)]
s3:librpc: remove bigendian argument from dcerpc_pull_ncacn_packet()
We should get this from the packet itself.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 27 Sep 2016 16:17:42 +0000 (18:17 +0200)]
dcerpc.idl: add DCERPC_FAULT_SERVER_UNAVAILABLE
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 6 Sep 2016 13:41:30 +0000 (15:41 +0200)]
dcerpc.idl: remove unused dcerpc_request._pad
typedef struct {
uint32 alloc_hint;
uint16 context_id;
uint16 opnum;
/*
* NDR_DCERPC_REQUEST_OBJECT_PRESENT
* is defined differently for ndr_dcerpc.c and py_dcerpc.c
*/
[switch_is(NDR_DCERPC_REQUEST_OBJECT_PRESENT)] dcerpc_object object;
[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
} dcerpc_request;
- the generic dcerpc header has a size of 16 bytes.
- alloc_hint, context_id and opnum are 8 bytes together.
- dcerpc_object is 0 or 16 bytes.
That means stub_and_verifier is always aligned to 8 bytes
(either at offset 24 or 40).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 13 Oct 2015 14:00:40 +0000 (16:00 +0200)]
dcerpc.idl: replace dcerpc_response._pad with a uint8 reserved
typedef struct {
uint32 alloc_hint;
uint16 context_id;
uint8 cancel_count;
[value(0)] uint8 reserved;
[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
} dcerpc_response;
- the generic dcerpc header has a size of 16 bytes
- alloc_hint, context_id, cancel_count and reserved are 8 bytes together
So stub_and_verifier is 8 byte aligned at offset 24.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 6 Sep 2016 13:38:14 +0000 (15:38 +0200)]
s4:rpc_server: skip setting of dcerpc_request._pad
This is marked as [flag(NDR_ALIGN8)] DATA_BLOB _pad;
and ndr_push_dcerpc_request() will just ignore the content
and align to 8 bytes with zero padding.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 20 Sep 2016 01:26:22 +0000 (03:26 +0200)]
dcerpc.idl: add dcerpc_fault_flags bitmap
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 9 Oct 2015 04:51:16 +0000 (06:51 +0200)]
dcerpc.idl: split the padding from a possible fault buffer in dcerpc_fault
The 4 bytes of padding are always present and part of the header.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 28 Oct 2015 15:11:22 +0000 (16:11 +0100)]
dcerpc.idl: remove unused DCERPC_AUTH_LEVEL_DEFAULT
Also the default should not be DCERPC_AUTH_LEVEL_CONNECT
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 31 Aug 2016 19:57:31 +0000 (21:57 +0200)]
auth/gensec: handle DCERPC_AUTH_LEVEL_PACKET similar to DCERPC_AUTH_LEVEL_INTEGRITY
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Sep 2016 09:00:54 +0000 (11:00 +0200)]
auth/gensec: only require GENSEC_FEATURE_SIGN for DCERPC_AUTH_LEVEL_INTEGRITY as client
On the server this check is deferred to the first request.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Sep 2016 08:54:17 +0000 (10:54 +0200)]
auth/gensec: always verify the wanted SIGN/SEAL flags
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Sep 2016 08:58:16 +0000 (10:58 +0200)]
s4:ldap_server: don't use gensec_want_feature(gensec_security, GENSEC_FEATURE_{SIGN,SEAL}) as server
They're always supported and using gensec_want_feature() on them would require
them in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Sep 2016 08:58:16 +0000 (10:58 +0200)]
s3:ntlm_auth: don't use gensec_want_feature(gensec_security, GENSEC_FEATURE_{SIGN,SEAL}) as server
They're always supported and using gensec_want_feature() on them would require
them in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Sep 2016 08:56:57 +0000 (10:56 +0200)]
auth/ntlmssp: always allow NTLMSSP_NEGOTIATE_{SIGN,SEAL} in gensec_ntlmssp_server_start()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 2 Sep 2016 06:20:37 +0000 (08:20 +0200)]
s3:gse: pass gss_got_flags to gssapi_get_sig_size()
We need to calculate the signature length based on the negotiated
flags. This is most important on the server side where,
gss_accept_sec_context() doesn't get gss_want_flags, but fills
gss_got_flags.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 2 Sep 2016 06:20:37 +0000 (08:20 +0200)]
s4:gensec_gssapi: pass gss_got_flags to gssapi_get_sig_size()
We need to calculate the signature length based on the negotiated
flags. This is most important on the server side where,
gss_accept_sec_context() doesn't get gss_want_flags, but fills
gss_got_flags.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 5 Sep 2016 07:00:30 +0000 (09:00 +0200)]
s4:gensec_krb5: also report support for GENSEC_FEATURE_SIGN as krb5_mk_priv() provides sign and seal
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Sep 2016 08:52:34 +0000 (10:52 +0200)]
gensec/spnego: remember the wanted features also on the main gensec context
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 15 Sep 2016 09:46:33 +0000 (11:46 +0200)]
libcli/smb: handle a talloc_free() on an unsent smb1 request
When a the higher level does a TALLOC_FREE() on an already
queued request, we need to check whether we already sent a byte,
if not we can try to unwind the smb1 signing sequence number,
if there was only one pending request, in all other cases
we need to disconnect the connection.
I noticed that when seeing during an smb1cli_close()
from tstream_smbXcli_np_destructor().
TODO: we may want to have a similar smbXcli_conn_cancel_read_req() in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 15 Sep 2016 09:41:56 +0000 (11:41 +0200)]
lib/async_req: add writev_cancel()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Matthieu Patou [Wed, 25 Sep 2013 23:41:03 +0000 (16:41 -0700)]
s4:librpc/rpc: do not use stack allocated variables for async requests
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Disseldorp [Tue, 25 Oct 2016 16:25:02 +0000 (18:25 +0200)]
libsmb: fix leak in opendir error path
Fixes CID 242325 - dir state and the talloc frame are leaked on
user_auth_info_init() failure.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 26 00:58:41 CEST 2016 on sn-devel-144
Andreas Schneider [Tue, 18 Oct 2016 17:06:13 +0000 (19:06 +0200)]
waf: Cleanup deps list for smbd
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Autobuild-User(master): Jim McDonough <jmcd@samba.org>
Autobuild-Date(master): Tue Oct 25 21:10:37 CEST 2016 on sn-devel-144
Andreas Schneider [Tue, 18 Oct 2016 14:05:07 +0000 (16:05 +0200)]
waf: Cleanup deps list for smbregistry
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Amitay Isaacs [Mon, 24 Oct 2016 07:24:54 +0000 (18:24 +1100)]
Revert "ctdb-common: Use SCHED_RESET_ON_FORK when setting SCHED_FIFO"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12392
Feature SCHED_RESET_ON_FORK is completely broken on RHEL6 and RHEL7
distributions. So do not rely on SCHED_RESET_ON_FORK for now.
This reverts commit
1be8564e553ce044426dbe7b3987edf514832940.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Oct 25 11:28:28 CEST 2016 on sn-devel-144
Stefan Metzmacher [Thu, 13 Oct 2016 10:42:59 +0000 (12:42 +0200)]
s3:smbd: only pass UCF_PREP_CREATEFILE to filename_convert() if we may create a new file
This fixes a regression introduced by commit
f98d10af2a05f0261611f4cabdfe274cd9fe91c0
(smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open)
The main problem was that Windows client seem to verify
the access to user.V2\ntuser.ini is rejected with NT_STATUS_ACCESS_DENIED,
using the machine credentials.
Passing UCF_PREP_CREATEFILE to filename_convert() triggers a code path
that implements a dropbox behaviour. A dropbox is a directory with only -wx permissions,
so get_real_filename fails with EACCESS, it needs to list the directory.
EACCESS is ignored with UCF_PREP_CREATEFILE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 25 05:33:36 CEST 2016 on sn-devel-144
Uri Simchoni [Sat, 22 Oct 2016 19:47:08 +0000 (22:47 +0300)]
smbd: in ntlm auth, do not map empty domain in case of \user@realm
When mapping user and domain during NTLM authentication, an empty domain
is mapped to the local SAM db. However, an empty domain may legitimately
be used if the user field has both user and domain in upn@realm format.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12375
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Uri Simchoni [Sat, 22 Oct 2016 19:40:26 +0000 (22:40 +0300)]
winbindd: do not modify credentials in NTLM passthrough
When doing NTLM validation of credentials, do not modify the
credentials - they might be used in the calculation of
the response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12375
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Uri Simchoni [Sat, 22 Oct 2016 10:33:42 +0000 (13:33 +0300)]
selftest: test NTLM user@realm authentication
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Fri, 21 Oct 2016 18:04:02 +0000 (11:04 -0700)]
s3: vfs: streams_depot. Use conn->connectpath not conn->cwd.
conn->cwd can change over the life of the connection,
conn->connectpath remains static.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12387
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Mon Oct 24 23:52:48 CEST 2016 on sn-devel-144
Michael Adam [Thu, 20 Oct 2016 22:15:06 +0000 (00:15 +0200)]
vfs:glusterfs: preallocate result for glfs_realpath
This makes us independent of the allocation
method used inside glfs_realpath.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 22 00:28:41 CEST 2016 on sn-devel-144
Stefan Metzmacher [Fri, 21 Oct 2016 08:23:21 +0000 (10:23 +0200)]
s3:util_cmdline: make struct user_auth_info private to util_cmdline.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 21 Oct 2016 08:17:59 +0000 (10:17 +0200)]
s3:libsmb: make use of proper allocated struct user_auth_info in SMBC_opendir_ctx()
We should avoid to dereference struct user_auth_info.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 21 Oct 2016 08:17:59 +0000 (10:17 +0200)]
s3:libsmb: make use of get_cmdline_auth_info_* helper functions in get_ipc_connect()
We should avoid to dereference struct user_auth_info.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 21 Oct 2016 08:17:04 +0000 (10:17 +0200)]
s3:lib/netapi: make use of set_cmdline_auth_info_signing_state_raw()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 21 Oct 2016 08:16:26 +0000 (10:16 +0200)]
s3:util_cmdline: add set_cmdline_auth_info_signing_state_raw() helper function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Wed, 19 Oct 2016 23:33:52 +0000 (16:33 -0700)]
s3: selftest: Add test for orphan 'lost-XXX' directories in streams_depot.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12384
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 21 04:48:52 CEST 2016 on sn-devel-144
Jeremy Allison [Wed, 19 Oct 2016 18:56:49 +0000 (11:56 -0700)]
s3: vfs: Remove files/directories after the streams are deleted.
By the time we get to SMB_VFS_UNLINK/SMB_VFS_RMDIR the ACL
checks have already been done.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12384
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Jeremy Allison [Thu, 20 Oct 2016 20:33:09 +0000 (13:33 -0700)]
s3: torture: vfstest. unlink cmd must be stream aware.
Otherwise the following patch breaks vfstest stream-depot test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12384
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Volker Lendecke [Wed, 19 Oct 2016 08:27:14 +0000 (10:27 +0200)]
torture: Fix uninitialized variables
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 20 02:48:30 CEST 2016 on sn-devel-144
Jeremy Allison [Tue, 18 Oct 2016 23:33:49 +0000 (16:33 -0700)]
s3: libsmb: Fix cut and paste error using the wrong structure type.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12383
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Oct 19 14:33:53 CEST 2016 on sn-devel-144
Volker Lendecke [Tue, 18 Oct 2016 11:27:00 +0000 (13:27 +0200)]
torture: Fix clang errors
h1.data is an array and as such always is != NULL, so it's always true
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 19 05:11:25 CEST 2016 on sn-devel-144
Volker Lendecke [Tue, 18 Oct 2016 10:51:16 +0000 (12:51 +0200)]
lib: Fix a signed/unsigned hickup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Tue, 18 Oct 2016 10:45:28 +0000 (12:45 +0200)]
loadparm: Fix a warning for increased alignment
There's tons of those, but you have to start somewhere :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Tue, 18 Oct 2016 06:26:07 +0000 (08:26 +0200)]
lib: Fix an uninitialized variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Mon, 17 Oct 2016 19:40:25 +0000 (21:40 +0200)]
ldb: Fix a signed/unsigned mixup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Mon, 17 Oct 2016 18:56:20 +0000 (20:56 +0200)]
vfs: Fix warnings for time_t != long
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jeremy Allison [Mon, 17 Oct 2016 17:07:23 +0000 (10:07 -0700)]
s3: cldap: cldap_multi_netlogon_send() fails with one bad IPv6 address.
Analysis by: Rebecca Gellman <rebecca@starfleet-net.co.uk>
Ignore cldap_socket_init() failure when sending
multiple cldap netlogon requests. Allow cldap_netlogon_send()
to catch the bad address and correctly return through a
tevent subreq.
Make sure cldap_search_send() copes with cldap parameter == NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12381
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 18 02:16:20 CEST 2016 on sn-devel-144
Volker Lendecke [Mon, 17 Oct 2016 15:09:01 +0000 (17:09 +0200)]
lib: Fix a pthreadpool race condition
Yes, there is one.... I've seen two flaky builds on sn-devel with
pthreadpool after the coverity checks went in. They were in the
ret = pthread_mutex_unlock(&pool->mutex);
assert(ret == 0);
in pthreadpool_parent() and pthreadpool_child(). No idea what that was,
I could not really reproduce that. A build attempt on FreeBSD also gave
an erratic error, this time it was an EINVAL in
ret = pthread_mutex_lock(&pool->mutex);
assert(ret == 0);
pthreadpool_parent(). EINVAL means that the mutex is not a proper
mutex. What happened: Someone (a detached thread) does the
pthreadpool_free behind our back, while we are in pthreadpool_parent,
preparing the fork. Unfortunately the mutex was already destroyed before
we came to lock it.
The fix is simple: Remove the obsolete struct pthreadpool from the
linked list before the mutex is destroyed.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 17 Oct 2016 14:42:37 +0000 (16:42 +0200)]
ctdb: Add a required include
exit(3) is defined in stdlib.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 17 Oct 2016 09:27:17 +0000 (11:27 +0200)]
ctdb: Fix format errors for time_t!=long
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Mon, 17 Oct 2016 12:16:20 +0000 (14:16 +0200)]
s3/vfs: gpfs: adapt vfs_gpfs_is_offline() to changes from
3031815f982e365be50148564d47d7d5afab46e0
The patchset `git log -2
3031815f982e365be50148564d47d7d5afab46e0`
missed a change to vfs_gpfs_is_offline() which is now merely a helper
function that returns true or false and mustn't call into the VFS.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Oct 17 21:28:12 CEST 2016 on sn-devel-144
Ralph Boehme [Mon, 17 Oct 2016 12:15:41 +0000 (14:15 +0200)]
s3/vfs: tsmsm: add missing ;
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Volker Lendecke [Wed, 12 Oct 2016 10:27:56 +0000 (12:27 +0200)]
talloc: Fix CID
1373619 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 15 01:28:02 CEST 2016 on sn-devel-144
Volker Lendecke [Wed, 12 Oct 2016 10:25:39 +0000 (12:25 +0200)]
messaging: Fix CID
1373622 Extra high-order bits
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 12 Oct 2016 10:21:36 +0000 (12:21 +0200)]
messaging: Fix CID
1373625 Unused value
Hmm. I wonder how that cut&paste happened...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 12 Oct 2016 10:20:00 +0000 (12:20 +0200)]
pthreadpool: Fix CID
1373620 Unchecked return value from library
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 12 Oct 2016 10:18:11 +0000 (12:18 +0200)]
talloc: Fix CID
1373621 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 12 Oct 2016 10:12:28 +0000 (12:12 +0200)]
pthreadpool: Rearrange locks a bit
Coverity ID
1373624 says we have a deadlock between pthreadpool_prepare and
pthreadpool_destroy. Coverity somehow misses that pthreadpool_free unlocks
pool->mutex, so I think this is a false positive. Nevertheless this re-arranges
the code a bit for more clarity, hoping that Coverity now can better track the
locks and unlocks. Also, the human reader might have to jump between routines a
bit less.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 13 Oct 2016 22:01:58 +0000 (15:01 -0700)]
s3: winbind: Ensure we store name2sid with the correct cache sequence number.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Volker Lendecke [Wed, 12 Oct 2016 13:02:45 +0000 (15:02 +0200)]
examples: Add smb2mount
This is an incomplete playground to add a fuse client based on
the Samba-internal libsmb interfaces.
There's a few fuse smb clients out there, but they all suffer from
Samba not exporting the async internal libsmb interfaces.
We don't export those with an API, because we believe we need the ability
to mess with those interfaces. This is an attempt to create a fully
asynchronous user-space fuse client file system that might make it
easier to mess with fancy SMB features than it would be possible in
a kernel client.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Raghavendra Talur [Thu, 25 Aug 2016 10:33:55 +0000 (16:03 +0530)]
support volfile fetch from multiple glusterd nodes
glusterfs:volfile_server option can be used in smb.conf to define where
to fetch the volfile from. Currently it supports only a single IP or a
hostname. The default is 'localhost'.
glfs_set_volfile_server() has been enhanced in gfapi to support
multiple invocations. A list is maintained in libgfapi which gets
appended on every invocation. When glfs_init is performed, libgfapi
would first try to fetch the volfile from glusterd on that node.
However, on failure to fetch the volfile, it would proceed to contact
glusterd on every node in the list until it gets the volfile or
exhausts the list. This enhacement was done in Gluster commit [2].
This commit is available in 3.6, 3.7, 3.8 versions of Gluster.
As we cannot have multiple lines having the same key of
glusterfs:volfile_server in a share definition in smb.conf, we propose
a scheme like this:
where value of glusterfs:volfile_server could be list of white space seperated
elements where each element could be unix+/path/to/socket/file or
[tcp+]IP|hostname|\[IPv6\][:port].
Note the restriction on naming a IPv6 host, it follows the same
restriction that is based on IPv6 naming in URL as per RFC 2732[1].
[1] http://www.ietf.org/rfc/rfc2732.txt
[2]
0c1d78f5c52c69268ec3a1d8d5fcb1a1bf15f243
Signed-off-by: Raghavendra Talur <rtalur@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Oct 14 17:09:24 CEST 2016 on sn-devel-144
Martin Schwenke [Mon, 10 Oct 2016 03:56:18 +0000 (14:56 +1100)]
ctdb-scripts: Strengthen check to see if ctdbd is running
Don't just rely on the process existing. It must be called "ctdbd".
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Oct 14 11:54:40 CEST 2016 on sn-devel-144
Martin Schwenke [Tue, 11 Oct 2016 00:30:37 +0000 (11:30 +1100)]
ctdb-packaging: Move CTDB tests to /usr/local/share/ctdb/tests/
In time, other things will end up in /use/local/share/ctdb/.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12104
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Volker Lendecke [Thu, 13 Oct 2016 14:07:22 +0000 (16:07 +0200)]
smbd: Fix a comment
This is described in
https://msdn.microsoft.com/en-us/library/
cc232053.aspx
which is section 2.3.67 in the FSCC version available 2016-10-13.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 14 05:31:07 CEST 2016 on sn-devel-144
Volker Lendecke [Thu, 13 Oct 2016 09:18:50 +0000 (11:18 +0200)]
debug: Fix a few signed/unsigned hickups
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Trever L. Adams [Thu, 13 Oct 2016 09:25:08 +0000 (03:25 -0600)]
strv.c: add strv_to_env for use with execle, etc.
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Signed-off-by: Trever L. Adams <trever.adams@gmail.com>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Oct 14 01:44:02 CEST 2016 on sn-devel-144
Stefan Metzmacher [Tue, 13 Sep 2016 05:25:38 +0000 (07:25 +0200)]
ntlmssp.idl: don't generate python bindings for ntlmssp_NTLM_RESPONSE and ntlmssp_LM_RESPONSE
ntlmssp_NTLM_RESPONSE and NTLM_RESPONSE will both result in
"ntlmssp.NTLM_RESPONSE".
The same applies to ntlmssp_LM_RESPONSE and LM_RESPONSE.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Oct 13 21:56:27 CEST 2016 on sn-devel-144
Stefan Metzmacher [Tue, 13 Sep 2016 04:30:34 +0000 (06:30 +0200)]
spoolss.idl: use access mask defines from security.idl
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 13 Sep 2016 06:07:21 +0000 (08:07 +0200)]
nfs4acl.idl: rename interface to nfs4acl.idl to avoid naming clash in the python bindings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Moritz Beller [Tue, 11 Oct 2016 13:39:55 +0000 (15:39 +0200)]
libcli: Remove code clone
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12373
Signed-off-by: Moritz Beller <moritzbeller@gmx.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo <simo@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Oct 13 18:13:45 CEST 2016 on sn-devel-144
Martin Schwenke [Wed, 12 Oct 2016 07:36:51 +0000 (18:36 +1100)]
ctdb-tests: Add a missing assert()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Martin Schwenke [Tue, 11 Oct 2016 02:32:31 +0000 (13:32 +1100)]
ctdb-tests: Use bash locals for readability
This is a bash script so use bash feature instead of using the leading
underscore convention for locals.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Martin Schwenke [Mon, 10 Oct 2016 03:48:28 +0000 (14:48 +1100)]
ctdb-scripts: Drop backward compatibility from ctdbd_is_running()
The PID file has been used since CTDB 2.3. Assume that anyone
upgrading from an older version does a clean shutdown, upgrades CTDB
and then does a clean start (as opposed to upgrade CTDB and then
restart).
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Martin Schwenke [Mon, 10 Oct 2016 02:16:01 +0000 (13:16 +1100)]
ctdb-scripts: ctdbd_wrapper should never remove the PID file
kill_ctdbd() kills the daemon and then removes the PID file. This is
racy because a new daemon could write a new PID file in between the
kill and the removal. Reversing these steps would be an improvement.
However, none of the places where kill_ctdbd() is called is a safe
place to remove the PID file. There is always a chance that a new
daemon could start, write a new PID file and then kill_ctdbd() could
remove the new PID file.
ctdbd is able to overwrite a stale PID file by checking to see if it
is locked.
Therefore, entirely drop removal of the PID file from ctdbd_wrapper.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Wed, 12 Oct 2016 09:06:51 +0000 (11:06 +0200)]
spoolss: Fix caching of printername->sharename
time_mono() gives seconds since boot, gencache expects seconds since epoch.
With time_mono(), the values are always expired immediately.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12374
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Oct 13 13:48:52 CEST 2016 on sn-devel-144
Trever L. Adams [Wed, 12 Oct 2016 15:55:15 +0000 (09:55 -0600)]
Update smbrun to allow for settings environment variables.
Signed-off-by: Trever L. Adams <trever.adams@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 13 04:26:26 CEST 2016 on sn-devel-144
Volker Lendecke [Mon, 3 Oct 2016 20:28:32 +0000 (22:28 +0200)]
messaging: add an overflow check
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 10 Oct 2016 15:07:12 +0000 (17:07 +0200)]
s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set "KRB5CCNAME"
Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 13 00:35:21 CEST 2016 on sn-devel-144
Stefan Metzmacher [Mon, 10 Oct 2016 15:07:12 +0000 (17:07 +0200)]
s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor set "KRB5CCNAME"
Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>