Karolin Seeger [Thu, 13 Dec 2018 08:53:41 +0000 (09:53 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.8.8 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 5 Dec 2018 08:40:24 +0000 (09:40 +0100)]
WHATSNEW: Add release notes for Samba 4.8.8.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Ralph Boehme [Wed, 28 Nov 2018 14:39:21 +0000 (15:39 +0100)]
winbindd: Route predefined domains through the BUILTIN domain child
Without this eg "NT Authority" didn't work:
$ bin/wbinfo -n "NT Authority/Authenticated Users"
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name NT Authority/Authenticated Users
$ bin/wbinfo --group-info="NT Authority/Authenticated Users"
failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for group NT Authority/Authenticated Users
With the patch:
$ bin/wbinfo -n "NT Authority/Authenticated Users"
S-1-5-11 SID_WKN_GROUP (5)
$ bin/wbinfo --group-info="NT Authority/Authenticated Users"
NT AUTHORITY\authenticated users:x:10002:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Dec 5 11:27:22 CET 2018 on sn-devel-144
(cherry picked from commit
8b8d9fdad4a4e2c479141b3d40e9a7320a49c0dd)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Fri Dec 7 16:15:58 CET 2018 on sn-devel-144
Ralph Boehme [Wed, 28 Nov 2018 16:20:41 +0000 (17:20 +0100)]
winbindd: fix predefined domains routing in find_lookup_domain_from_sid()
Route predefined domains through the BUILTIN domain child, not passdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
b512a58bbd7361cbbcf68f6713943377338fc2a1)
Ralph Boehme [Tue, 27 Nov 2018 16:32:09 +0000 (17:32 +0100)]
winbindd: add some braces
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
e0f784baeaa73096534d9a1ed941028d99f84ece)
Ralph Boehme [Wed, 28 Nov 2018 16:19:39 +0000 (17:19 +0100)]
libcli/security: add dom_sid_lookup_is_predefined_domain()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
2de5f06d399109009c343b0acfef822db38502a1)
Ralph Boehme [Tue, 27 Nov 2018 19:32:09 +0000 (20:32 +0100)]
selftest: test wbinfo -n and --gid-info with "NT Authority"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
c46b6b111e8adcd7cf029e5c3293cbdc471793db)
Stefan Metzmacher [Wed, 28 Nov 2018 14:21:56 +0000 (15:21 +0100)]
CVE-2018-14629 dns: fix CNAME loop prevention using counter regression
The loop prevention should only be done for CNAME records!
Otherwise we truncate the answer records for A, AAAA or
SRV queries, which is a bad idea if you have more than 20 DCs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 4 08:52:29 CET 2018 on sn-devel-144
(cherry picked from commit
34f4491d79b47b2fe2457b8882f11644cf773bc4)
Aaron Haslett [Fri, 30 Nov 2018 05:37:27 +0000 (18:37 +1300)]
CVE-2018-14629: Tests to expose regression from dns cname loop fix
These tests expose the regression described by Stefan Metzmacher in
discussion on the bugzilla paged linked below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
14399fd818b130a6347eec860460929c292d5996)
Isaac Boukris [Wed, 7 Nov 2018 20:53:35 +0000 (22:53 +0200)]
CVE-2018-16853: fix crash in expired passowrd case
When calling encode_krb5_padata_sequence() make sure to
pass a null terminated array as required.
Fixes expired passowrd case in samba4.blackbox.kinit test.
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Tue Dec 4 18:36:56 CET 2018 on sn-devel-144
Andreas Schneider [Wed, 28 Sep 2016 05:22:32 +0000 (07:22 +0200)]
CVE-2018-16853: Do not segfault if client is not set
This can be triggered with FAST but we don't support this yet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Isaac Boukris [Sat, 18 Aug 2018 13:01:59 +0000 (16:01 +0300)]
CVE-2018-16853: Add a test to verify s4u2self doesn't crash
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Isaac Boukris [Fri, 17 Aug 2018 21:40:30 +0000 (00:40 +0300)]
CVE-2018-16853: The ticket in check_policy_as can actually be a TGS
This happens when we are called from S4U2Self flow, and in that case
kdcreq->client is NULL. Use the name from client entry instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Isaac Boukris [Sat, 18 Aug 2018 12:32:43 +0000 (15:32 +0300)]
CVE-2018-16853: Fix kinit test on system lacking ldbsearch
By fixing bindir variable name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Wed, 7 Nov 2018 13:00:25 +0000 (14:00 +0100)]
libcli/smb: don't overwrite status code
The original commit
c5cd22b5bbce724dcd68fe94320382b3f772cabf from bug
9175 never worked, as the preceeding signing check overwrote the status
variable.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 13 17:28:45 CET 2018 on sn-devel-144
(cherry picked from commit
5a8583ed701be97c33a20b2a20f6bbb8ac2f8e99)
Ralph Boehme [Tue, 13 Nov 2018 11:08:10 +0000 (12:08 +0100)]
s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works
This adds a simple test that verifies that after having set
smbXcli_session_set_disconnect_expired() a session gets disconnected
when it expires.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
a5d1bb5c5b5a57a2d7710dc5ab962683fe5c8e68)
Ralph Boehme [Tue, 5 Dec 2017 07:28:28 +0000 (08:28 +0100)]
vfs_zfsacl: return synthesized ACL when ZFS return ENOTSUP
This allows accessing the ZFS .snapshots directory where ZFS returns
ENOTSUP when calling acl(".snapshots").
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 18 22:03:21 CEST 2018 on sn-devel-144
(cherry picked from commit
f93cc232377d4c686ac35ee5e14e798974bc0700)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Wed Nov 28 13:20:55 CET 2018 on sn-devel-144
Ralph Boehme [Fri, 18 May 2018 11:14:57 +0000 (13:14 +0200)]
s3:smbd: make psbuf arg to make_default_acl_posix() const
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ec2a40831359ae93f437ef76f8ba76bbd95bc6dc)
Karolin Seeger [Tue, 27 Nov 2018 10:06:59 +0000 (11:06 +0100)]
VERSION: Bump version up to 4.8.8.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 27 Nov 2018 10:06:43 +0000 (11:06 +0100)]
Merge tag 'samba-4.8.7' into v4-8-test
samba: tag release samba-4.8.7
Karolin Seeger [Mon, 26 Nov 2018 08:04:19 +0000 (09:04 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.8.7 release.
o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 26 Nov 2018 08:02:34 +0000 (09:02 +0100)]
WHATSNEW: Add release notes for Samba 4.8.7.
o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Andrew Bartlett [Tue, 6 Nov 2018 00:32:05 +0000 (13:32 +1300)]
CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental
This matches https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13678
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Garming Sam [Mon, 5 Nov 2018 03:18:18 +0000 (16:18 +1300)]
CVE-2018-16851 ldap_server: Check ret before manipulating blob
In the case of hitting the talloc ~256MB limit, this causes a crash in
the server.
Note that you would actually need to load >256MB of data into the LDAP.
Although there is some generated/hidden data which would help you reach that
limit (descriptors and RMD blobs).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13674
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 24 Oct 2018 02:41:28 +0000 (15:41 +1300)]
CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Tue, 23 Oct 2018 04:33:46 +0000 (17:33 +1300)]
CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal
In Heimdal KRB5_KDC_ERR_CLIENT_NAME_MISMATCH is an enum, so we tried to double-free
mem_ctx.
This was introduced in
9a0263a7c316112caf0265237bfb2cfb3a3d370d for the
MIT KDC effort.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Aaron Haslett [Tue, 23 Oct 2018 04:25:51 +0000 (17:25 +1300)]
CVE-2018-14629 dns: CNAME loop prevention using counter
Count number of answers generated by internal DNS query routine and stop at
20 to match Microsoft's loop prevention mechanism.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Karolin Seeger [Tue, 25 Sep 2018 07:48:24 +0000 (09:48 +0200)]
VERSION: Bump version up to 4.8.7...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
a6f15a0dd69b1f01f4c29aed9631abe098830ad3)
Ralph Boehme [Thu, 8 Nov 2018 16:31:41 +0000 (17:31 +0100)]
s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd
We talloc_move() session_info to session->global->auth_session_info
which sets session_info to NULL.
This means security_session_user_level(NULL, NULL) will always return
SECURITY_ANONYMOUS so we never sign the session setup response.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 13 14:22:46 CET 2018 on sn-devel-144
(cherry picked from commit
bb93e691ca9b1922bf552363a1e7d70792749d67)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Fri Nov 23 13:52:04 CET 2018 on sn-devel-144
Ralph Boehme [Fri, 9 Nov 2018 11:39:41 +0000 (12:39 +0100)]
s4:torture/smb2/session: session reauth response must be signed
This test checks that a session setup reauth is signed even when neither
client nor server require signing.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
181f18c4bf70754a6f3132375d06250baab2871b)
Ralph Boehme [Fri, 9 Nov 2018 11:19:16 +0000 (12:19 +0100)]
s4:torture/smb2/session: add force_signing to test_session_expire1i
Existing callers pass true, so no change in behaviour. The next commit
adds an additional test that passes force_signing=false.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
5fdea4095ac82536192c8d91c411b22e2683a5c1)
Ralph Boehme [Fri, 9 Nov 2018 14:34:24 +0000 (15:34 +0100)]
s4:torture/smb2/session: require a signed session setup reauth response
All existing tests using this function require signing, so currently
this passes. A subsequent commit adds a test where neither client nor
server require signing and that's where this trap will explode.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ffc424ee6bedc3c208acb4c0c83da836a12d6123)
Ralph Boehme [Thu, 8 Nov 2018 14:42:46 +0000 (15:42 +0100)]
s4:torture/smb2/session: invalidate credential cache
Invalidate credential cache before connecting to the server, otherwise
we will reuse the credentials from the credential cache populated by the
preceeding tests.
Also invalidate it at the end, otherwise subsequent tests might run into
problems if the credentials expire while authenticating.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
368e1860654e737aa2fa9516cdd3668fa644009a)
Ralph Boehme [Sat, 10 Nov 2018 21:00:04 +0000 (22:00 +0100)]
libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming()
This can be used by the upper layers to force checking a response is
signed. It will be used to implement verification of session setup
reauth responses in a torture test. That comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
53fe148476a5566b7a8204d7e44b6e75ce7d45bc)
Ralph Boehme [Sat, 10 Nov 2018 20:56:28 +0000 (21:56 +0100)]
libcli/smb: defer singing check a little bit
This allows adding an additional condition to the if check where the
condition state may be modified in the "if (opcode ==
SMB2_OP_SESSSETUP)" case directly above.
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
7abf3900218e3d27c075b405735b2c38ec0fc4ca)
Ralph Boehme [Fri, 9 Nov 2018 14:26:44 +0000 (15:26 +0100)]
libcli/smb: maintain require_signed_response in smbXcli_req_state
Not used for now, that comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
67cfb01611869b7590ccd836dd13a80e53545714)
Ralph Boehme [Fri, 9 Nov 2018 14:17:19 +0000 (15:17 +0100)]
libcli/smb: add smb2cli_session_require_signed_response()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
d407201d9bd4ee5ae5609dd107e3ab9ee7afbeb0)
Ralph Boehme [Fri, 9 Nov 2018 11:33:29 +0000 (12:33 +0100)]
s3:selftest: also run smb2.session torture testsuite against ad_member
The next commit adds a subtest to the smb2.session testsuite that
requires Kerberos (ad_dc would work), but where neither SMB2 server or
client must require signing (ad_dc, being an AD DC, requires signing).
The ad_member environment supports Kerberos with the SMB2 server not
mandating signing, that'll do.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
b86c94f0b929f2d9e521d41396c4e1611f5a4c5b)
Ralph Boehme [Thu, 8 Nov 2018 15:24:45 +0000 (16:24 +0100)]
s3:selftest: split "raw.session" and "smb2.session"
The next commit is going to add a testsuite to "smb2.session".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
d0a8899ed57c2b368c3870b3899a3422251222aa)
Volker Lendecke [Thu, 15 Nov 2018 14:21:36 +0000 (15:21 +0100)]
torture: Fix the 32-bit build
Unfortunately there's no off_t printf specifier as there's one for
size_t. So we have to use intmax_t.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 15 19:45:24 CET 2018 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13677
(cherry picked from commit
0872f140c4a354511b25bb5ed937b9e9409ade3a)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Fri Nov 16 17:13:21 CET 2018 on sn-devel-144
Ralph Boehme [Tue, 6 Nov 2018 12:24:14 +0000 (13:24 +0100)]
vfs_fruit: validation of writes on AFP_AfpInfo stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit
a7c877847f855be5ee6673e541a181b818013abf)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Wed Nov 14 17:12:08 CET 2018 on sn-devel-144
Ralph Boehme [Tue, 6 Nov 2018 11:34:17 +0000 (12:34 +0100)]
vfs_fruit: move a comment to the right place
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4901d71c3de754a106662d01481b960ed7c2c4dd)
Ralph Boehme [Tue, 6 Nov 2018 11:24:54 +0000 (12:24 +0100)]
s4:torture/vfs/fruit: torture writing AFP_AfpInfo stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
221133b0e9ed28274f7513d9416f13a81b7b458b)
Andreas Schneider [Wed, 7 Nov 2018 13:32:29 +0000 (14:32 +0100)]
lib:util: Fix DEBUGCLASS pointer initializiation
This fixes a segfault in pyglue:
==10142== Process terminating with default action of signal 11 (SIGSEGV)
==10142== Bad permissions for mapped region at address 0x6F00A20
==10142== at 0x6F1074B: py_set_debug_level (pyglue.c:165)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13679
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
71ef09c1afdbf967b829cb66b33c3a5cb1c18ba0)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Mon Nov 12 18:01:17 CET 2018 on sn-devel-144
Christof Schmitt [Fri, 2 Nov 2018 19:07:58 +0000 (12:07 -0700)]
selftest: Run smb2.delete-on-close-perms also with "delete readonly = yes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13673
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Sat Nov 3 05:55:45 CET 2018 on sn-devel-144
(cherry picked from commit
7dd3585f9c3ae04df45d98bfdc62663c7a69d3e0)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Wed Nov 7 13:19:41 CET 2018 on sn-devel-144
Christof Schmitt [Fri, 2 Nov 2018 19:03:51 +0000 (12:03 -0700)]
selftest: Add share to test "delete readonly" option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13673
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a8e79decbcfbae1b1a53ec81b942ee06db26bf8f)
Christof Schmitt [Fri, 2 Nov 2018 19:08:23 +0000 (12:08 -0700)]
smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute
MS-FSA states that a CREATE with FILE_DELETE_ON_CLOSE on an existing
file with READ_ONLY attribute has to return STATUS_CANNOT_DELETE. This
was missing in smbd as the check used the DOS attributes from the CREATE
instead of the DOS attributes on the existing file.
We need to handle the new file and existing file cases separately.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13673
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
162a5257c48f20d3752f644e86c9e626b46436c0)
Christof Schmitt [Fri, 2 Nov 2018 17:49:53 +0000 (10:49 -0700)]
smbtorture: Add test for DELETE_ON_CLOSE on files with READ_ONLY attribute
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13673
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
dc9bbbe4141d8425e66fe9290ff611845f4bd1ce)
Volker Lendecke [Thu, 1 Nov 2018 11:09:14 +0000 (12:09 +0100)]
torture: Fix the clang build
It's used uninitialized if an early torture_assert fails
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Nov 1 17:34:31 CET 2018 on sn-devel-144
(cherry picked from commit
9b28d47b0d86570be5a7c5628e460e01207afb00)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Tue Nov 6 13:44:37 CET 2018 on sn-devel-144
Ralph Boehme [Wed, 22 Aug 2018 13:25:26 +0000 (15:25 +0200)]
vfs_fruit: let fruit_open_meta() with O_CREAT return a fake-fd
This is the final step in implementing the needed macOS semantics on the
FinderInfo stream: as long as the client hasn't written a non-zero
FinderInfo blob to the stream, there mustn't be a visible filesystem
entry for other openers.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 1 01:14:23 CET 2018 on sn-devel-144
(cherry picked from commit
1b2de44ea8114cf2025e8b8c843131e2f2dbed27)
Ralph Boehme [Sat, 20 Oct 2018 21:50:32 +0000 (23:50 +0200)]
vfs_fruit: don't check for delete-on-close on the FinderInfo stream
macOS SMB server doesn't filter out the FinderInfo stream if it has
delete-on-close set.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
d8c1bb52018289878b9397d513ebbae63933a05f)
Ralph Boehme [Sat, 20 Oct 2018 21:40:14 +0000 (23:40 +0200)]
vfs_fruit: let fruit_pwrite_meta_stream also ftruncate empty FinderInfo
fruit_streaminfo currently filters out the FinderInfo stream is
delete-on-close is set. We set it here internally, but the client may
also set it over SMB. Turns out that the macOS SMB server does NOT
filter out FinderInfo stream with delete-on-close set, so we must change
the way filtering is done in fruit_streaminfo.
Filtering is now done based on the FinderInfo stream being 0-bytes large which
is why I'm adding the ftruncate here.
No idea why the tests that check the filtering passed the commits
leading up to this one, but if you revert this commit after applying the
whole patchset, the "delete AFP_AfpInfo by writing all 0" test will fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
480695cd723cc4949e0b39ddb83560efac393412)
Ralph Boehme [Sat, 20 Oct 2018 21:46:43 +0000 (23:46 +0200)]
vfs_fruit: pass stream size to delete_invalid_meta_stream()
delete_invalid_meta_stream() is meant to guard against random data being
present in the FinderInfo stream. If the stream size is 0, it's likely a
freshly created stream where no data has been written to yet, so don't
delete it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6e13dbddaec9f8118e11309297f85c3cdfd22e43)
Ralph Boehme [Wed, 17 Oct 2018 14:51:34 +0000 (16:51 +0200)]
vfs_fruit: let fruit handle all aio on the FinderInfo metadata stream
This will be required to support using fake fds for the FinderInfo
metadata stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6fd256afcd5fedc894036efbfba1fc6d2264fba9)
Ralph Boehme [Wed, 22 Aug 2018 14:49:23 +0000 (16:49 +0200)]
vfs_fruit: do ino calculation
As we'll start returning fake fds in open shortly, we can't rely on the
next module to calculat correct inode numbers for streams and must take
over that responsibility.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
80afafe398566fd622f431966808d08ba9ec6473)
Ralph Boehme [Wed, 22 Aug 2018 13:22:08 +0000 (15:22 +0200)]
vfs_fruit: prepare fruit_pread_meta() for reading on fake-fd
If the read on the stream fails we may have hit a handle on a just
created stream (fio->created=true) with no data written yet.
If that's the case return an empty initialized FinderInfo blob.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
d7d92710711f6e555ed45c1dda528cd6a83e1bf5)
Ralph Boehme [Wed, 22 Aug 2018 13:21:08 +0000 (15:21 +0200)]
vfs_fruit: prepare fruit_pwrite_meta() for on-demand opening and writing
This avoid creating files or blobs in our streams backend when a client
creates a stream but hasn't written anything yet. This is the only sane
way to implement the following semantics:
* client 1: create stream "file:foo"
* client 2: open stream "file:foo"
The second operation of client 2 must fail with NT_STATUS_NOT_FOUND.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4a5c9a9e73230f640eb045a3c47af75b5be9f1d6)
Ralph Boehme [Wed, 22 Aug 2018 13:22:57 +0000 (15:22 +0200)]
vfs_fruit: prepare struct fio for fake-fd and on-demand opening
Not used for now, that comes in the subsequent commits.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
96320eccc9a63b793ff8d05842bce54f120286f9)
Ralph Boehme [Mon, 22 Oct 2018 14:56:46 +0000 (16:56 +0200)]
vfs_fruit: add fio->created
fio->created tracks whether a create created a stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1e055a79541eb69eb2deeae897dde3665c5ffee2)
Ralph Boehme [Mon, 15 Oct 2018 16:38:33 +0000 (18:38 +0200)]
vfs_fruit: remove resource fork special casing
Directly unlinking a file with open handles is not good, don't do it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a26032c3f68028b01fb6a7d38851409db1858161)
Ralph Boehme [Wed, 17 Oct 2018 17:07:11 +0000 (19:07 +0200)]
vfs_fruit: add some debugging of dev/ino
Aids in debugging dev/ino mismatch failures in open_file_ntcreate.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
993c7c4e711612225bd07b8fa5544c4bfef88a9e)
Ralph Boehme [Mon, 22 Oct 2018 14:21:21 +0000 (16:21 +0200)]
s4:torture/vfs/fruit: add test "empty_stream"
One to rule them all: consistently test critical operations on all
streams relevant to macOS clients: the FinderInfo stream, the Resource
Fork stream and an arbitrary stream that macOS maps to xattrs when
written to on a macOS SMB server.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9d8751db64de75a0de442365b317c1b9ce194170)
Ralph Boehme [Thu, 11 Oct 2018 15:14:50 +0000 (17:14 +0200)]
s4:torture/vfs/fruit: add check_stream_list_handle()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
aba502d440ae3478543d3be5c5bbcea39fb0a463)
Ralph Boehme [Wed, 10 Oct 2018 16:45:56 +0000 (18:45 +0200)]
s4:torture/util: add torture_smb2_open()
This seems to be missing: a simple wrapper to just open a file without
fancy options.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
64b28e4a94365092f46052712a38e6fcfbb9f20c)
Ralph Boehme [Sat, 20 Oct 2018 12:53:50 +0000 (14:53 +0200)]
vfs_fruit: filter empty streams
First step in achieving macOS compliant behaviour wrt to empty streams:
- hide empty streams in streaminfo
- prevent opens of empty streams
This means that we may carry 0-byte sized streams in our streams
backend, but this shouldn't really hurt.
The previous attempt of deleting the streams when an SMB setinfo eof to
0 request came in, turned out be a road into desaster.
We could set delete-on-close on the stream, but that means we'd have to
check for it for every write on a stream and checking the
delete-on-close bits requires fetching the locking.tdb record, so this
is expensive and I'd like to avoid that overhead.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ebfcf75e993b1a792db76b94aa898532e1c81eeb)
Ralph Boehme [Sat, 20 Oct 2018 13:28:06 +0000 (15:28 +0200)]
vfs_fruit: use check on global_fruit_config.nego_aapl for macOS specific behaviour
Ensure any non MS compliant protocol behaviour targetted at supporting
macOS clients are only effective if the client negotiated AAPL.
Currently this only guards the resource fork which only macOS client are
going to use, but subsequent commits add more this at this place.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
046456fca60b9fef38a0cdf5a116883fb1c7dffe)
Ralph Boehme [Mon, 22 Oct 2018 12:01:34 +0000 (14:01 +0200)]
s4:torture/vfs/fruit: enable AAPL extensions in a bunch of tests
These tests check for macOS SMB server specific behaviour. They work
currently against Samba without enabling AAPL because in vfs_fruit we're
currently don't check whether AAPL has been negotiated in one place. A
subsequent commit will change that and this commit prepares for that
change.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
7485007bb0a69dc8237c78be90f4bae06aad49b2)
Ralph Boehme [Sat, 20 Oct 2018 12:54:48 +0000 (14:54 +0200)]
vfs_fruit: don't unlink 0-byte size truncated streams
This caused all sort of havoc with subsequent SMB request that acted on
the handle of the then deleted backend storage (file or blob, depending
on the used streams module).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
287082d739362ad068df37076712927ccd7ca90c)
Ralph Boehme [Sat, 20 Oct 2018 12:52:23 +0000 (14:52 +0200)]
s4:torture/vfs/fruit: write some data to a just created teststream
Doesn't currently make a difference, but this prepares for a later
change in vfs_fruit that will filter out empty streams (which is the
macOS behaviour).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3195ff9547824dd129e3fbcbbb8823fb10a0a5d4)
Ralph Boehme [Mon, 22 Oct 2018 10:43:16 +0000 (12:43 +0200)]
s4:torture/vfs/fruit: expand test "setinfo eof stream"
o Adds checks verifying that after setting eof to 0 on a stream, a
subsequent open gets ENOENT, before and after closing the handle that
had been used to set eof to 0.
o Verify that a write to a handle succeeds after that handle has been
used to set eof to 0 on a stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b35d9e74028727da24f349242cb0bc62403a9b09)
Ralph Boehme [Mon, 22 Oct 2018 10:32:09 +0000 (12:32 +0200)]
vfs_fruit: update handling of read-only creation of resource fork
macOS SMB server versions supports this since 10.12, so we adapt our
behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
055ca448f1a2bd995291af1810c9ec94f90f32dd)
Ralph Boehme [Mon, 15 Oct 2018 13:17:08 +0000 (15:17 +0200)]
s4:torture/vfs/fruit: update test "creating rsrc with read-only access" for newer macOS versions
While this operation failed against older macOS versions, it passes
against versions 10.12 and newer. Update the test accordingly, a
subsequent commit will then update our implementation.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c3cf09a0791ed4dfb7ca18d175396ac1aca5d2ed)
Ralph Boehme [Wed, 10 Oct 2018 10:47:07 +0000 (12:47 +0200)]
s4:torture/vfs/fruit: expand existing vfs_test "null afpinfo"
This adds a check that a read on a seperate handle also sees the
previously created AFP_AfpInfo stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6f428607e35055b9ce1a04a625d43740bf5c76b2)
Ralph Boehme [Tue, 9 Oct 2018 16:48:08 +0000 (18:48 +0200)]
s4:torture/vfs/fruit: expand existing test "setinfo delete-on-close AFP_AfpInfo" a little bit
Add a check that verifies a create on a stream gets
NT_STATUS_DELETE_PENDING after delete-on-close has been set.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0d9a80b6b2e3f51cad122ee0dc78c2f4dfdebcb5)
Ralph Boehme [Mon, 15 Oct 2018 14:24:19 +0000 (16:24 +0200)]
s4:torture/vfs/fruit: update test "read open rsrc after rename" to work with macOS
macOS SMB server seems to return NT_STATUS_SHARING_VIOLATION in this
case while Windows 2016 returns NT_STATUS_ACCESS_DENIED.
Lets stick with the Windows error code for now in the Samba fileserver,
but let the test pass against macOS.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9cd9859dc10d425d29774d221ec9ad697192b466)
Ralph Boehme [Wed, 31 Oct 2018 14:49:45 +0000 (15:49 +0100)]
s4:torture/vfs/fruit: ensure a directory handle is closed in all code paths
Otherwise we get a sharing violation when running against Samba and
opening the directory a second time.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f7551d8fb3599a6a71dd0570bad02bdc48324107)
Ralph Boehme [Mon, 15 Oct 2018 13:39:12 +0000 (15:39 +0200)]
s4:torture/vfs/fruit: update test "stream names" to work with macOS
o create the basefile before trying to create a stream on it, otherwise
this fails on macOS
o write something to the stream, otherwise the stream is not listed as
macOS hides 0-byte sized streams
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
125498861abeeed5bde727ff98d88d9ce4af6c75)
Ralph Boehme [Mon, 15 Oct 2018 13:31:21 +0000 (15:31 +0200)]
s4:torture/vfs/fruit: update test "SMB2/CREATE context AAPL" to work against macOS
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
dba9a4743fc42b57f03b6ace24753ce8091f629f)
Ralph Boehme [Thu, 11 Oct 2018 15:13:52 +0000 (17:13 +0200)]
s4:torture/vfs/fruit: set share_access to NTCREATEX_SHARE_ACCESS_MASK in check_stream_list
Avoid sharing conflicts with other opens on the basefile.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1d4e50649b02c7c2314aa04e08f9946e21b6b37d)
Ralph Boehme [Wed, 17 Oct 2018 08:51:45 +0000 (10:51 +0200)]
s4:torture/vfs/fruit: fix a few error checks in "delete AFP_AfpInfo by writing all 0"
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
394d1fc9ac8373ea7419ea9514750422bd6e504d)
Ralph Boehme [Fri, 19 Oct 2018 20:21:10 +0000 (22:21 +0200)]
s4:torture/vfs/fruit: skip a few tests when running against a macOS SMB server
These tests are designed to test specific vfs_fruit functionality.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
242f42ef79e51e35ab33331e2f2d7c9feaac36f8)
Ralph Boehme [Thu, 23 Aug 2018 10:07:20 +0000 (12:07 +0200)]
vfs_streams_xattr: fix open implementation
Since a long time the modules's open function happily returned success
when opening a non existent stream without O_CREAT.
This change fixes it to return -1 and errno=ENOATTR if
o get_ea_value() returns NT_STATUS_NOT_FOUND (eg mapped from
getxattr() = -1, errno=ENOATTR) and
o flags doesn't contain O_CREAT
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9f58997d7a1ab0358963a45cb8bf291e7afa8068)
Ralph Boehme [Thu, 11 Jan 2018 11:25:49 +0000 (12:25 +0100)]
s4/test: fix AAPL size check
A recent commit changed the ModelString from "Samba" to "MacSamba".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
11589a26ba40e9da90822a85b21327f49a69afda)
Martin Schwenke [Mon, 29 Oct 2018 03:33:08 +0000 (14:33 +1100)]
ctdb-recovery: Ban a node that causes recovery failure
... instead of applying banning credits.
There have been a couple of cases where recovery repeatedly takes just
over 2 minutes to fail. Therefore, banning credits expire between
failures and a continuously problematic node is never banned,
resulting in endless recoveries. This is because it takes 2
applications of banning credits before a node is banned, which
generally involves 2 recovery failures.
The recovery helper makes up to 3 attempts to recover each database
during a single run. If a node causes 3 failures then this is really
equivalent to 3 recovery failures in the model that existed before the
recovery helper added retries. In that case the node would have been
banned after 2 failures.
So, instead of applying banning credits to the "most failing" node,
simply ban it directly from the recovery helper.
If multiple nodes are causing recovery failures then this can cause a
node to be banned more quickly than it might otherwise have been, even
pre-recovery-helper. However, 90 seconds (i.e. 3 failures) is a long
time to be in recovery, so banning earlier seems like the best
approach.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13670
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Nov 5 06:52:33 CET 2018 on sn-devel-144
(cherry picked from commit
27df4f002a594dbb2f2a38afaccf3e22f19818e1)
Ralph Boehme [Wed, 31 Oct 2018 09:21:31 +0000 (10:21 +0100)]
s3:smbd: remove now unused check if fsp is NULL
This was used internally to mark an aio request as cancelled. As the aio
cancellation functionality has been removed, we can now also remove this
check.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13667
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3fa45900c0ada6596daf09aa4c5054974f3394b0)
Ralph Boehme [Sun, 28 Oct 2018 18:35:59 +0000 (19:35 +0100)]
s3:smbd: fix SMB2 aio cancelling
As we currently don't attempt to cancel the internal aio request, we
must ignore the SMB2 cancel request and continue to process the SMB2
request, cf MS-SM2 3.3.5.16:
If the target request is not successfully canceled, processing of the
target request MUST continue and no response is sent to the cancel
request.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13667
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
07eb805cde4db6ac74740e3cfbc56ab6f8e2118a)
Ralph Boehme [Sun, 28 Oct 2018 18:29:26 +0000 (19:29 +0100)]
s4:torture/smb2/read: add test for cancelling SMB aio
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13667
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e37ff8c5fe18d400e378bf2591e209b30473d9f9)
Ralph Boehme [Sun, 28 Oct 2018 18:28:42 +0000 (19:28 +0100)]
vfs_delay_inject: implement pread_send and pwrite_send
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13667
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
35f9bc06722fb07143c832442d784beb204bd367)
Ralph Boehme [Sun, 28 Oct 2018 01:05:45 +0000 (02:05 +0100)]
s4:libcli/smb2: reapply request endtime
tevent_req_finish() removed a possible request timeout, make sure to
reinstall it. This happened when an interim SMB2 response was received.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13667
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a6de555c51ca34ef24ac4b4cb672cd748d3197a1)
Ralph Boehme [Sun, 28 Oct 2018 01:04:51 +0000 (02:04 +0100)]
libcli: fill endtime if smbXcli_req_create() timeout is non-zero
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13667
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e7eec24d27b8694fd7626577a2aca05e99045964)
Ralph Boehme [Sun, 28 Oct 2018 01:03:28 +0000 (02:03 +0100)]
libcli: add smbXcli_req_endtime
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13667
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
94ad5ee662a5bfe1c79d8a9c3fcf51d0a1d652c7)
Andrew Bartlett [Tue, 30 Oct 2018 02:56:43 +0000 (15:56 +1300)]
dsdb: Add comments explaining the limitations of our current backlink behaviour
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 30 10:32:51 CET 2018 on sn-devel-144
(cherry picked from commit
852e1db12b0afa04a738c03bb2609c084fe96a7f)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Mon Nov 5 14:28:49 CET 2018 on sn-devel-144
Stefan Metzmacher [Fri, 24 Aug 2018 13:33:49 +0000 (15:33 +0200)]
s4:samldb: internally use extended dns while changing the primaryGroupID field
This is important, otherwise we'll loose the <SID=> component of the
linked attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
7a36cb30b716d56b84e894851c1a18e9eb3a0964)
Stefan Metzmacher [Fri, 12 Oct 2018 13:56:18 +0000 (15:56 +0200)]
s4:repl_meta_data: add support for DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SID
This will be used by dbcheck in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
0386307e34097f5d9233c970983c7306d1705a87)
Stefan Metzmacher [Fri, 12 Oct 2018 16:43:25 +0000 (18:43 +0200)]
s4:repl_meta_data: pass down struct replmd_replicated_request to replmd_modify_la_replace()
This will simplify further changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
1ef145d9d72d847055f6aba8a0070b3e1cfdabbc)
Stefan Metzmacher [Fri, 12 Oct 2018 16:43:25 +0000 (18:43 +0200)]
s4:repl_meta_data: pass down struct replmd_replicated_request to replmd_modify_la_delete()
This will simplify further changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
738b52eb0856c8fcdbb8589e8061bcc14700c23a)
Stefan Metzmacher [Fri, 12 Oct 2018 17:34:08 +0000 (19:34 +0200)]
s4:repl_meta_data: add missing \n to a DEBUG message in replmd_modify_la_add()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
70a306d0bd6806d1fd00d45e3d8cc70c73d09f79)
Stefan Metzmacher [Fri, 12 Oct 2018 16:43:25 +0000 (18:43 +0200)]
s4:repl_meta_data: pass down struct replmd_replicated_request to replmd_modify_la_add()
This will simplify further changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
42e69a86ca583e3cb20c63b9c6930b4b3425485d)
Stefan Metzmacher [Fri, 12 Oct 2018 16:43:25 +0000 (18:43 +0200)]
s4:repl_meta_data: pass down struct replmd_replicated_request to replmd_modify_handle_linked_attribs()
This will simplify further changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
966c7febaf0245516481bde924ea6cd738eeb78b)
Stefan Metzmacher [Fri, 12 Oct 2018 13:56:18 +0000 (15:56 +0200)]
blackbox/dbcheck-links: Test broken links with missing <SID=...> on linked attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
f81771c8593327e058b9cb4330d7e77083df3ea9)
git.samba.org / gary / samba-autobuild / .git / log