Jeremy Allison [Tue, 22 Dec 2015 19:26:18 +0000 (11:26 -0800)]
s3: smbd: In smb2_create.c, add in UCF_POSIX_PATHNAMES to the ucf_flags if lp_posix_pathnames() requested.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
Jeremy Allison [Tue, 22 Dec 2015 19:25:16 +0000 (11:25 -0800)]
s3: smbd: In reply.c, add in UCF_POSIX_PATHNAMES to the ucf_flags if lp_posix_pathnames() requested.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
Jeremy Allison [Tue, 22 Dec 2015 19:19:23 +0000 (11:19 -0800)]
s3: smbd: In open.c, add in UCF_POSIX_PATHNAMES to the ucf_flags if lp_posix_pathnames() requested.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
Jeremy Allison [Tue, 22 Dec 2015 19:18:19 +0000 (11:18 -0800)]
s3: smbd: In srv_srvsvc_nt.c, add in UCF_POSIX_PATHNAMES to the ucf_flags if lp_posix_pathnames() requested.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
Jeremy Allison [Tue, 22 Dec 2015 19:16:27 +0000 (11:16 -0800)]
s3: smbd: In nttrans2.c, add in UCF_POSIX_PATHNAMES to the ucf_flags if lp_posix_pathnames() requested.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
Jeremy Allison [Tue, 22 Dec 2015 19:12:34 +0000 (11:12 -0800)]
s3: smbd: In smb2_query_directory.c Use ucf_flags variable instead of passing as parameter.
This will allow us to move lp_posix_pathnames() out of unix_convert()
later.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
Jeremy Allison [Tue, 22 Dec 2015 19:08:38 +0000 (11:08 -0800)]
s3: smbd: In smb2_create.c Use ucf_flags variable instead of passing as parameter.
This will allow us to move lp_posix_pathnames() out of unix_convert()
later.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
Jeremy Allison [Tue, 22 Dec 2015 19:07:16 +0000 (11:07 -0800)]
s3: smbd: In srv_srvsvc_nt.c Use ucf_flags variable instead of passing as parameter.
This will allow us to move lp_posix_pathnames() out of unix_convert()
later.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
Jeremy Allison [Tue, 22 Dec 2015 19:05:46 +0000 (11:05 -0800)]
s3: smbd: In trans2.c Use ucf_flags variable instead of passing as parameter.
This will allow us to move lp_posix_pathnames() out of unix_convert()
later.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
Jeremy Allison [Tue, 22 Dec 2015 18:58:44 +0000 (10:58 -0800)]
s3: smbd: In reply.c Use ucf_flags variable instead of passing as parameter.
This will allow us to move lp_posix_pathnames() out of unix_convert()
later.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
Jeremy Allison [Tue, 22 Dec 2015 18:51:35 +0000 (10:51 -0800)]
s3: smbd: In open.c Use ucf_flags variable instead of passing as parameter.
This will allow us to move lp_posix_pathnames() out of unix_convert()
later.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
Jeremy Allison [Tue, 22 Dec 2015 18:49:08 +0000 (10:49 -0800)]
s3: smbd: Use ucf_flags variable instead of passing as parameter.
This will allow us to move lp_posix_pathnames() out of unix_convert()
later.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
Marc Muehlfeld [Tue, 22 Dec 2015 20:13:52 +0000 (21:13 +0100)]
Fix typo in winbindd_cm.c
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Ralph Boehme [Mon, 2 Nov 2015 15:33:34 +0000 (16:33 +0100)]
s3: fix encryption help messages
Encryption is a SMB3 feature and not tied to UNIX extensions, so fix the
help messages of various utilities.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 22 02:22:50 CET 2015 on sn-devel-144
Ralph Boehme [Fri, 18 Dec 2015 16:14:41 +0000 (17:14 +0100)]
s4:torture:vfs_fruit: add test test_read_afpinfo
This works against any SMB server and test basic IO on the AFP_AfpInfo
stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sat, 19 Dec 2015 17:44:18 +0000 (18:44 +0100)]
s4:torture:vfs_fruit: add tests for AFP_Resource delete-on-close and eof
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sat, 19 Dec 2015 17:27:06 +0000 (18:27 +0100)]
vfs_fruit: ignore delete on the AFP_Resource stream
OS X ignores deletes on the AFP_Resource stream. This was discovered by
torture tests against OS X SMB server.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sat, 19 Dec 2015 10:10:54 +0000 (11:10 +0100)]
s4:torture:vfs_fruit: update AFP_AfpInfo IO tests
When reading from the AFP_AfpInfo stream, OS X ignores the offset from
the request and always reads from offset=0.
The offset bounds check has a off-by-1 bug in OS X, so a request
offset=60 (AFP_AfpInfo stream has a ficed size of 60 bytes), len=1
returns 1 byte from offset 0 insteaf of returning 0.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sat, 19 Dec 2015 10:06:19 +0000 (11:06 +0100)]
vfs_fruit: fix offset and len handling for AFP_AfpInfo stream
When reading from the AFP_AfpInfo stream, OS X ignores the offset from
the request and always reads from offset=0.
The offset bounds check has a off-by-1 bug in OS X, so a request
offset=60 (AFP_AfpInfo stream has a ficed size of 60 bytes), len=1
returns 1 byte from offset 0 insteaf of returning 0.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sun, 20 Dec 2015 18:55:06 +0000 (19:55 +0100)]
s4:torture:vfs_fruit: test nulling out AFP_AfpInfo stream
This must delete the stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 17 Dec 2015 19:08:35 +0000 (20:08 +0100)]
vfs_fruit: writing all 0 to AFP_AfpInfo stream
When writing all 0 to AFP_AfpInfo stream we can remove the underlying
storage object. This beaviour of OS X SMB server was found with a
torture test.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 17 Dec 2015 18:47:18 +0000 (19:47 +0100)]
s4:torture:vfs_fruit: add tests for AFP_AfpInfo delete-on-close and eof
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 14 Dec 2015 15:09:54 +0000 (16:09 +0100)]
vfs_fruit: handling of ftruncate() on AFP_AfpInfo stream
With help of some torture tests I verified the following behaviour of OS
X SMB server:
* ftruncate AFP_AfpInfo stream > 60 bytes results in an error
NT_STATUS_ALLOTTED_SPACE_EXCEEDED
* ftruncate AFP_AfpInfo stream <=60 returns success but has no effect
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sun, 20 Dec 2015 17:42:23 +0000 (18:42 +0100)]
s4:torture:vfs_fruit: file without AFP_AfpInfo
Opening the AFP_AfpInfo on a file that doesn't have that stream must
return ENOENT.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 17 Dec 2015 19:05:04 +0000 (20:05 +0100)]
vfs_fruit: stat AFP_AfpInfo must fail when it doesn't exist
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 11 Dec 2015 16:27:50 +0000 (17:27 +0100)]
vfs_fruit: fix some debug messages
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 17 Dec 2015 18:16:43 +0000 (19:16 +0100)]
s3:lib/errmap_unix: map EOVERFLOW to NT_STATUS_ALLOTTED_SPACE_EXCEEDED
vfs_fruit returns the correct error NT_STATUS_ALLOTTED_SPACE_EXCEEDED
when an attempt is made to extend the AFP_AfpInfo stream beyond 60
bytes.
This will be used in a subsequent commit in vfs_fruit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sat, 19 Dec 2015 17:56:24 +0000 (18:56 +0100)]
s4:torture:vfs_fruit: fix flakey test_write_atalk_rfork_io with OS X
Adjust desired_access to prevent flaky test with OS X SMB server.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 18 Dec 2015 16:25:07 +0000 (17:25 +0100)]
s4:torture:vfs_fruit: fix test_rename_dir_openfile() to work with OS X
OS X allows renaming of directories with open files regardless of AAPL
negotiation. Samba will only allow this after negotiating AAPL.
The first check in this test is that renaming fails without AAPL, so
skip this test if the server is OS X.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 18 Dec 2015 16:23:40 +0000 (17:23 +0100)]
s4:torture:vfs_fruit: fix test_aapl() to work with OS X
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 18 Dec 2015 16:24:12 +0000 (17:24 +0100)]
s4:torture:vfs_fruit: skip test_stream_names() without "localdir"
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 18 Dec 2015 16:22:32 +0000 (17:22 +0100)]
s4:torture:vfs_fruit: skip test_adouble_conversion() without "localdir"
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 18 Dec 2015 16:10:18 +0000 (17:10 +0100)]
s4:torture:vfs_fruit: skip test test_read_atalk_metadata() without "localdir" and rename it
The test is Netatalk specific. Skip the test if "localdir" is not
specified.
Use torture_assert() to check the result from check_stream().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 18 Dec 2015 16:18:41 +0000 (17:18 +0100)]
s4:torture:vfs_fruit: add explicit cleanup of testfiles
smb2_deltree() doesn't work with OS X (looks like OS X doesn't handle
FILE_NON_DIRECTORY_FILE correctly). As a workaround, use explicit
cleanup of all testfiles and directories.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 18 Dec 2015 16:08:32 +0000 (17:08 +0100)]
s4:torture:vfs_fruit: add --option=torture:osx for enable_aapl()
Check if the server is OS X and don't check the AAPL context size if it
is.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 17 Dec 2015 18:22:12 +0000 (19:22 +0100)]
s4:torture:vfs_fruit: enhance check_stream
Don't sleep when create fails and use torture_ macros.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 17 Dec 2015 15:51:10 +0000 (16:51 +0100)]
s4:torture:vfs_fruit: use AFPINFO_STREAM_NAME
I got erratic results from OS X SMB server with AFPINFO_STREAM
(":AFP_AfpInfo:$DATA") in some tests. Using AFPINFO_STREAM_NAME
(just the ":AFP_AfpInfo" part) instead fixed this.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 17 Dec 2015 12:31:12 +0000 (13:31 +0100)]
s4:torture:vfs_fruit: tweak check_stream_list()
Modify check_stream_list() to open the basefile (or directory) itself
insteaf of having the callers pass in a filehandle. Removes some code
duplication in the callers.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sun, 20 Dec 2015 09:18:31 +0000 (10:18 +0100)]
s4:torture:vfs_fruit: rename tree1 -> tree
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sun, 20 Dec 2015 09:16:25 +0000 (10:16 +0100)]
s4:torture:vfs_fruit: remove unused tree2
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Günther Deschner [Fri, 18 Dec 2015 12:16:28 +0000 (13:16 +0100)]
s4-torture: add a negoex ndr pullpush test.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Dec 21 01:37:29 CET 2015 on sn-devel-144
Andrew Bartlett [Mon, 9 Nov 2015 01:10:11 +0000 (14:10 +1300)]
tdb: Refuse to load a database with hash size 0
This just ensures we reject (rather than div-by-0) a corrupt
DB with a zero hash size.
Found with american fuzzy lop
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 18 08:26:25 CET 2015 on sn-devel-144
Volker Lendecke [Wed, 16 Dec 2015 20:44:50 +0000 (21:44 +0100)]
libads: Remove "foreign" from ads_struct
AFAICS this was never actually used
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 7 Dec 2015 08:31:03 +0000 (09:31 +0100)]
negoex.idl: use DATA_BLOB for negoex_BYTE_VECTOR
That's much easier for the callers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Dec 18 04:07:56 CET 2015 on sn-devel-144
Stefan Metzmacher [Mon, 7 Dec 2015 08:30:47 +0000 (09:30 +0100)]
negoex.idl: initial version
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Jeremy Allison [Wed, 16 Dec 2015 19:04:20 +0000 (11:04 -0800)]
s3: libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections.
Greatly helped by <shargagan@novell.com> to
track down this issue.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11624
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Dec 18 01:02:55 CET 2015 on sn-devel-144
Jose A. Rivera [Thu, 17 Dec 2015 14:19:22 +0000 (08:19 -0600)]
vfs_glusterfs: Fix a memory leak in AIO
Signed-off-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Thu Dec 17 20:55:22 CET 2015 on sn-devel-144
Stefan Metzmacher [Wed, 9 Dec 2015 11:25:46 +0000 (12:25 +0100)]
s3:libsmb: remove unused spnego related includes
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 17 17:49:14 CET 2015 on sn-devel-144
Stefan Metzmacher [Wed, 9 Dec 2015 11:25:46 +0000 (12:25 +0100)]
s3:smbd: remove unused spnego related includes
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andrew Bartlett [Mon, 7 Dec 2015 00:32:25 +0000 (13:32 +1300)]
selftest: Ensure that if the SAMBA_PID is not set, that the env is not OK
This ensures that we must instead start the selftest environment, it is not already running
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Dec 17 06:27:14 CET 2015 on sn-devel-104
Andrew Bartlett [Mon, 7 Dec 2015 00:18:38 +0000 (13:18 +1300)]
selftest: Do not start tests on an environment that has failed to start up
This avoids debugging subsequent test failures, which may not be as clear
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Adrian Cochrane [Fri, 14 Aug 2015 02:27:03 +0000 (14:27 +1200)]
ldb torture: test ldb_unpack_data_only_attr_list
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11602
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Adrian Cochrane [Tue, 1 Sep 2015 01:33:52 +0000 (13:33 +1200)]
lib/ldb: Use talloc_memdup() because we know the length of the attribute already
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11602
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Wed, 16 Dec 2015 22:41:13 +0000 (11:41 +1300)]
lib/ldb: Rename variable for clarity
The variable p is the same as attr at this point since p is only
incremented when a continue is invoked in the loop.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 13 Nov 2015 05:45:23 +0000 (18:45 +1300)]
lib/ldb Add checks for overflow during ldb pack and parse
Both as requested by Jeremy Allison <jra@samba.org> during
patch review and as found by american fuzzy lop.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11602
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Adrian Cochrane [Tue, 1 Sep 2015 01:27:52 +0000 (13:27 +1200)]
lib/ldb: Use better variable names in ldb_unpack_only_attr_list
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11602
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Wed, 16 Dec 2015 22:53:12 +0000 (11:53 +1300)]
ldb: increment version due to added ldb_unpack_data_only_attr_list
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11602
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 16 Dec 2015 22:24:44 +0000 (11:24 +1300)]
lib/ldb: Clarify the intent of ldb_data_unpack_withlist
This patch renames the function to indicate that you are unpacking with respect to some
attribute list, as well as adding some comments.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11602
Matthieu Patou [Fri, 28 Dec 2012 05:38:29 +0000 (21:38 -0800)]
ldb: introduce ldb_unpack_data_withlist to unpack partial list of attributes
When provided with non NULL list ldb_unpack_data_withlist will only
unpack attributes that are specified in the list (+ distinguished name)
ldb_unpack_data is changed to call ldb_unpack_data_withlist behind the
scene.
(for modifications found by testing, and re-indentation requested in review)
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Sadly a signed-off-by was not available from Matthieu Patou for the original
version of this patch posted to samba-technical for comment, so instead:
(for supervision of Adrian)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11602
Andrew Bartlett [Wed, 18 Nov 2015 04:36:21 +0000 (17:36 +1300)]
CVE-2015-8467: samdb: Match MS15-096 behaviour for userAccountControl
Swapping between account types is now restricted
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11552
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 16 16:03:18 CET 2015 on sn-devel-104
Stefan Metzmacher [Wed, 30 Sep 2015 19:23:25 +0000 (21:23 +0200)]
CVE-2015-5296: libcli/smb: make sure we require signing when we demand encryption on a session
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 30 Sep 2015 19:17:02 +0000 (21:17 +0200)]
CVE-2015-5296: s3:libsmb: force signing when requiring encryption in SMBC_server_internal()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 30 Sep 2015 19:17:02 +0000 (21:17 +0200)]
CVE-2015-5296: s3:libsmb: force signing when requiring encryption in do_connect()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Fri, 23 Oct 2015 21:54:31 +0000 (14:54 -0700)]
CVE-2015-5299: s3-shadow-copy2: fix missing access check on snapdir
Fix originally from <partha@exablox.com>
https://bugzilla.samba.org/show_bug.cgi?id=11529
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Jeremy Allison [Thu, 9 Jul 2015 20:57:58 +0000 (13:57 -0700)]
CVE-2015-5252: s3: smbd: Fix symlink verification (file access outside the share).
New tests for fix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 9 Jul 2015 17:58:11 +0000 (10:58 -0700)]
CVE-2015-5252: s3: smbd: Fix symlink verification (file access outside the share).
Ensure matching component ends in '/' or '\0'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Wed, 16 Dec 2015 11:31:33 +0000 (12:31 +0100)]
Merge tag 'ldb-1.1.24' into master
ldb: tag release ldb-1.1.24
Ralph Boehme [Tue, 15 Dec 2015 12:13:02 +0000 (13:13 +0100)]
smbd: make "hide dot files" option work with "store dos attributes = yes"
When using "store dos attributes = yes", the function that reads the
attributes from the xattr get_ea_dos_attribute() will overwrite the
attribute previously set for "hide dot files".
According to smb.conf, "store dos attributes = yes" should only
overwrite the "map XXX" options, but not "hide dot files".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11645
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec 16 07:21:10 CET 2015 on sn-devel-104
Volker Lendecke [Tue, 15 Dec 2015 21:12:11 +0000 (22:12 +0100)]
librpc: Fix typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Tue, 15 Dec 2015 13:43:46 +0000 (14:43 +0100)]
lib: Remove ntstatus.h from gencache.h
No clue why I put it there, sorry for the noise...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Ira Cooper [Tue, 15 Dec 2015 12:20:38 +0000 (07:20 -0500)]
vfs_glusterfs: Attach missing destructor.
This activates the new AIO code's cancellation logic.
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 15 23:33:12 CET 2015 on sn-devel-104
Volker Lendecke [Tue, 15 Dec 2015 10:06:35 +0000 (11:06 +0100)]
smbd: Fix CID
1343333 Uninitialized variables
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 11 Aug 2015 05:40:50 +0000 (07:40 +0200)]
dns_server: Remove unused handle_question
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Tue Dec 15 17:50:32 CET 2015 on sn-devel-104
Volker Lendecke [Tue, 11 Aug 2015 05:39:31 +0000 (07:39 +0200)]
dns_server: Add handle_authoritative_send()
An async version of handle_question
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9409
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
Volker Lendecke [Sat, 8 Aug 2015 12:36:43 +0000 (14:36 +0200)]
dns_server: Add add_dns_res_rec()
Same as add_response_rr(), but it copies over a dns_res_rec
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
Volker Lendecke [Sat, 8 Aug 2015 05:20:26 +0000 (07:20 +0200)]
dns_server: Convert "ask_forwarder" params
Usually we have mem_ctx and ev first when doing a _send function
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
Volker Lendecke [Sat, 8 Aug 2015 04:54:11 +0000 (06:54 +0200)]
dns_server: Simplify array length handling
talloc objects carry an implicit length
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
Volker Lendecke [Sat, 8 Aug 2015 04:49:16 +0000 (06:49 +0200)]
dns_server: Simplify talloc handling
By making sure that the answers are always allocated, we don't have
to pass an explicit mem_ctx anymore
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
Volker Lendecke [Fri, 7 Aug 2015 06:27:19 +0000 (08:27 +0200)]
dns_server: Consolidate talloc_realloc
This puts the talloc_realloc into add_response_rr instead of before
create_response_rr. It is a bit less efficient, but as we do not expect
hundreds of answers, I think this code is a bit easier to understand.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
Andrew Bartlett [Thu, 26 Nov 2015 00:59:33 +0000 (13:59 +1300)]
Fix bug 10881 Wrong keytab permissions when joining additional DC with BIND backend
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10881
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 15 11:47:21 CET 2015 on sn-devel-104
Andrew Bartlett [Thu, 26 Nov 2015 00:57:36 +0000 (13:57 +1300)]
samba_upgradedns: Set correct permissions on secrets.keytab for BIND9
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 26 Nov 2015 00:50:21 +0000 (13:50 +1300)]
samba_upgradedns: Improve search for existing accounts in secrets.ldb
We should actually check for the combination of both an account in secrets.ldb
and sam.ldb, but this is at least an improvement.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 10 Aug 2015 00:15:04 +0000 (12:15 +1200)]
samba_dnsupdate: Simplify logic and add more verbose debugging
By reducing the intendation this code is a little clearer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 10 Aug 2015 00:05:19 +0000 (12:05 +1200)]
samba_dnsupdate: Expand output when --verbose is set
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 4 Mar 2015 04:49:36 +0000 (17:49 +1300)]
python: Give a more helpful error message when we do not have an smb.conf
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Tue, 1 Dec 2015 00:48:59 +0000 (13:48 +1300)]
password_lockout: test creds.get_kerberos_state()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Dec 15 03:17:52 CET 2015 on sn-devel-104
Douglas Bagnall [Fri, 23 Oct 2015 03:57:56 +0000 (16:57 +1300)]
auth: keep track of lastLogon and lastLogonTimestamp
lastLogon is supposed to be updated for every interactive or kerberos
login, and (according to testing against Windows2012r2) when the bad
password count is non-zero but the lockout time is zero. It is not
replicated.
lastLogonTimestamp is updated if the old value is more than 14 -
random.choice([0, 1, 2, 3, 4, 5]) days old, and it is replicated. The
14 in this calculation is the default, stored as
"msDS-LogonTimeSyncInterval", which we offer no interface for
changing.
The authsam_zero_bad_pwd_count() function is a convenient place to
update these values, as it is called upon a successful logon however
that logon is performed. That makes the function's name inaccurate, so
we rename it authsam_logon_success_accounting(). It also needs to be
told whet5her the login is interactive.
The password_lockout tests are extended to test lastLogon and
lasLogonTimestamp.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Thu, 22 Oct 2015 03:54:19 +0000 (16:54 +1300)]
password_lockout tests: add assertLoginFailure()
In a few places where a login should fail in a particular way, an
actual login success would not have triggered a test failure -- only
the wrong kind of login failure was caught.
This makes a helper function to deal with them all.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Wed, 21 Oct 2015 20:45:26 +0000 (09:45 +1300)]
auth: increase resolution for password grace period calculation
This changes the resolution of "now" from 1s to 100ns.
It should have little effect in practice, unless users are in the
habit of playing chicken with the grace period.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Tue, 1 Dec 2015 00:17:18 +0000 (13:17 +1300)]
pycredentials: add get_kerberos_state() method
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 11 Dec 2015 07:52:59 +0000 (08:52 +0100)]
s4:torture/winbind: add more debug output to samba4.winbind.struct.domain_info
With this we hopefully find the reason for the following flakey test:
[1566(10157)/1882 at 1h47m18s] samba4.winbind.struct(ad_member:local)
Running WINBINDD_DOMAIN_INFO (struct based)
DOMAIN 'BUILTIN' => '' [ ] [S-1-5-32]
DOMAIN 'LOCALADMEMBER' => '' [ ] [S-1-5-21-
4121020324-
2900821022-
46155812]
DOMAIN 'SAMBADOMAIN' => 'samba.example.com' [ PR AD NA ] [S-1-5-21-
929009974-
669086582-
3038401809]
DOMAIN 'TORTURE300' => 'torturedom300.samba._none_.example.com' [ AD NA ] [S-1-5-21-97398-379795-300]
DOMAIN 'TORTURE301' => 'torturedom301.samba._none_.example.com' [ AD NA ] [S-1-5-21-97398-379795-301]
DOMAIN 'TORTURE302' => 'torturedom302.samba._none_.example.com' [ AD NA ] [S-1-5-21-97398-379795-302]
DOMAIN 'TORTURE303' => 'torturedom303.samba._none_.example.com' [ AD NA ] [S-0-0]
UNEXPECTED(failure): samba4.winbind.struct.domain_info(ad_member:local)
REASON: Exception: Exception: ../source4/torture/winbind/struct_based.c:460:
Expression `ok' failed: SID's doesn't match
With the changes we get:
[1566(10158)/1882 at 1h47m51s] samba4.winbind.struct(ad_member:local)
Running WINBINDD_DOMAIN_INFO (struct based)
LIST[0] 'BUILTIN' => '' [S-1-5-32]
LIST[1] 'LOCALADMEMBER' => '' [S-1-5-21-
734569583-
677146317-
1850798319]
LIST[2] 'SAMBADOMAIN' => 'samba.example.com' [S-1-5-21-
1870621479-
3245899124-
866531092]
LIST[3] 'TORTURE300' => 'torturedom300.samba._none_.example.com' [S-1-5-21-97398-379795-300]
LIST[4] 'TORTURE301' => 'torturedom301.samba._none_.example.com' [S-1-5-21-97398-379795-301]
LIST[5] 'TORTURE302' => 'torturedom302.samba._none_.example.com' [S-1-5-21-97398-379795-302]
LIST[6] 'TORTURE303' => 'torturedom303.samba._none_.example.com' [S-1-0-0]
LIST[7] 'TORTURE304' => 'torturedom304.samba._none_.example.com' [S-1-0-0]
LIST[8] 'TORTURE305' => 'torturedom305.samba._none_.example.com' [S-1-0-0]
LIST[9] 'TORTURE306' => 'torturedom306.samba._none_.example.com' [S-1-5-21-97398-379795-306]
LIST[10] 'TORTURE307' => 'torturedom307.samba._none_.example.com' [S-1-5-21-97398-379795-307]
LIST[11] 'TORTURE308' => 'torturedom308.samba._none_.example.com' [S-1-5-21-97398-379795-308]
LIST[12] 'TORTURE309' => 'torturedom309.samba._none_.example.com' [S-1-5-21-97398-379795-309]
LIST[13] 'TORTURE310' => 'torturedom310.samba._none_.example.com' [S-1-5-21-97398-379795-310]
LIST[14] 'TORTURE311' => 'torturedom311.samba._none_.example.com' [S-1-5-21-97398-379795-311]
DOMAIN[0] 'BUILTIN' => '' [ ] [S-1-5-32]
DOMAIN[1] 'LOCALADMEMBER' => '' [ ] [S-1-5-21-
734569583-
677146317-
1850798319]
DOMAIN[2] 'SAMBADOMAIN' => 'samba.example.com' [ PR AD NA ] [S-1-5-21-
1870621479-
3245899124-
866531092]
DOMAIN[3] 'TORTURE300' => 'torturedom300.samba._none_.example.com' [ AD NA ] [S-1-5-21-97398-379795-300]
DOMAIN[4] 'TORTURE301' => 'torturedom301.samba._none_.example.com' [ AD NA ] [S-1-5-21-97398-379795-301]
DOMAIN[5] 'TORTURE302' => 'torturedom302.samba._none_.example.com' [ AD NA ] [S-1-5-21-97398-379795-302]
DOMAIN[6] 'TORTURE303' => 'torturedom303.samba._none_.example.com' [ AD NA ] [S-0-0]
UNEXPECTED(failure): samba4.winbind.struct.domain_info(ad_member:local)
REASON: Exception: Exception: ../source4/torture/winbind/struct_based.c:471: Expression `ok' failed: SID's doesn't match [S-1-0-0] != [S-0-0]
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 14 23:26:40 CET 2015 on sn-devel-104
Volker Lendecke [Sun, 13 Dec 2015 20:21:47 +0000 (21:21 +0100)]
lib: Remove unused talloc_append_blob
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 13 Dec 2015 20:16:36 +0000 (21:16 +0100)]
gencache: Refactor gencache_set_data_blob
Replace 3 calls into talloc with 1. Add an overflow check.
With this change, it will be easier to avoid the talloc call for small
blobs in the future and do it on the stack.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 13 Dec 2015 15:32:52 +0000 (16:32 +0100)]
lib: Separate out xx_path() & callers
We should not have to #include proto.h just for cache_path() or so
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 13 Dec 2015 14:27:15 +0000 (15:27 +0100)]
lib: Use directory_create_or_exist in xx_path
directory_create_or_exist is a little different: It does the lstat first and
sets the umask properly, but I think this is more correct than the xx_path()
version before.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 13 Dec 2015 14:17:27 +0000 (15:17 +0100)]
gencache: True->true, False->false
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 13 Dec 2015 14:14:18 +0000 (15:14 +0100)]
lib: Add gencache.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Tue, 8 Dec 2015 19:04:22 +0000 (12:04 -0700)]
docs-xml: Update idmap_rfc2307 manpage for new realm handling
Now there is only "realm" as a config option; it replaces "cn_realm" and
"ldap_realm".
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Dec 14 15:43:55 CET 2015 on sn-devel-104
Christof Schmitt [Tue, 8 Dec 2015 18:52:41 +0000 (11:52 -0700)]
idmap_rfc2307: Fix handling of cn realm
When cn_realm was set, the idmap_rfc2307 module tried to determine the
realm from the AD connection struct. In case of referring to a different
domain using the ldap_domain config option, the wrong realm was used.
Since the LDAP-server case already requires having the realm in the
config, extend that to the AD case to fix the issue: Having LDAP records
with @realm in the cn, now always requires having the realm in the
config.
Now cn_realm and ldap_realm always would have to be specified together,
so replace the two options with a single "realm" option.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Sun, 13 Dec 2015 17:52:50 +0000 (09:52 -0800)]
s3: smbd: When requesting posix open in open_file_ntcreate() we need to set all posix flags.
Fixes POSIX rename problem introduced in
d698cec1c7e700e57cab46d33df0dde13303b318
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 14 02:03:12 CET 2015 on sn-devel-104