Bob Campbell [Wed, 12 Jul 2017 03:16:06 +0000 (15:16 +1200)]
VERSION: Release Samba 4.5.12 for CVE-2017-11103
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Bob Campbell [Wed, 12 Jul 2017 03:15:26 +0000 (15:15 +1200)]
WHATSNEW: Add release notes for Samba 4.5.12
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Jeffrey Altman [Wed, 12 Apr 2017 19:40:42 +0000 (15:40 -0400)]
CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'. Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.
Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894
(based on heimdal commit
6dd3eb836bbb80a00ffced4ad57077a1cdf227ea)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Karolin Seeger [Thu, 6 Jul 2017 08:14:14 +0000 (10:14 +0200)]
VERSION: Bump version up to 4.5.12...
and re-enable GIT_SNAPSHOTS.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 6 Jul 2017 08:13:35 +0000 (10:13 +0200)]
VERSION: Disable GIT_SNAPSHOTS for the 4.5.11 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 6 Jul 2017 08:12:01 +0000 (10:12 +0200)]
WHATSNEW: Add release notes for Samba 4.5.11.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Stefan Metzmacher [Fri, 30 Jun 2017 04:24:01 +0000 (06:24 +0200)]
ldb: protect Samba < 4.7 against incompatible ldb versions and require ldb < 1.2.0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12859
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Mon Jul 3 17:09:41 CEST 2017 on sn-devel-144
Stefan Metzmacher [Fri, 30 Jun 2017 04:21:32 +0000 (06:21 +0200)]
wafsamba: add maxversion and version_blacklist to CHECK_BUNDLED_SYSTEM[_PKG]()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12859
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
4ca48ee4d060f773dcdf9f78a5e4c1b1263b61f4)
Michael Saxl [Sat, 24 Jun 2017 11:41:48 +0000 (13:41 +0200)]
s3:gse_krb5: fix a possible crash in fill_mem_keytab_from_system_keytab()
If the keytab file isn't readable, we may call
krb5_kt_end_seq_get() with an invalid kt_cursor.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10490
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Saxl <mike@mwsys.mine.bz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
a9780a2eaa9cba4ab87cc3371d97fa494fa0198c)
Stefan Metzmacher [Fri, 9 Jun 2017 10:30:33 +0000 (12:30 +0200)]
s3:smb2_create: avoid reusing the 'tevent_req' within smbd_smb2_create_send()
As the caller ("smbd_smb2_request_process_create()") already sets the callback,
the first time, it's not safe to reuse the tevent_req structure.
The typical 'tevent_req_nterror(); return tevent_req_post()' will
crash as the tevent_req_nterror() already triggered the former callback,
which calls smbd_smb2_create_recv(), were tevent_req_received() invalidates
the tevent_req structure, so that tevent_req_post() will crash.
We just remember the required values from the old state
and move them to the new state.
We tried to write reproducers for this, but sadly weren't able to trigger
the backtrace we had from a create a customer (using recent code)
with commit
6beba782f1bf951236813e0b46115b8102212c03
included. And this patch fixed the situation for the
customer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12832
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
02146ea5ee729de0e49ecf617e6983f4e61fbe59)
Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Fri Jun 30 14:57:14 CEST 2017 on sn-devel-144
Jeremy Allison [Tue, 13 Jun 2017 23:56:48 +0000 (16:56 -0700)]
s3: libsmb: Correctly save and restore connection tcon in smbclient, smbcacls and smbtorture3.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit
bd31d538a26bb21cbb53986a6105204da4392e2d)
Jeremy Allison [Tue, 13 Jun 2017 23:37:39 +0000 (16:37 -0700)]
s3: libsmb: Correctly do lifecycle management on cli->smb1.tcon and cli->smb2.tcon.
Treat them identically. Create them on demand after for a tcon call,
and delete them on a tdis call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit
50f50256aa8805921c42d0f9f2f8f89d06d9bd93)
Jeremy Allison [Tue, 13 Jun 2017 23:36:54 +0000 (16:36 -0700)]
s3: libsmb: Fix cli_state_has_tcon() to cope with SMB2 connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit
c9178ed9cc69b9089292db28ac1a0b7a0519bc2c)
Jeremy Allison [Tue, 13 Jun 2017 23:26:00 +0000 (16:26 -0700)]
s3: libsmb: Widen cli_state_get_tid() / cli_state_set_tid() to 32-bits.
Copes with SMB2 connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit
93fa0c8660e47cb2605d70dac1156576ab719d64)
Jeremy Allison [Tue, 13 Jun 2017 23:25:25 +0000 (16:25 -0700)]
s3: smbtorture: Show correct use of cli_state_save_tcon() / cli_state_restore_tcon().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit
5c0efc9a5ef8ddf96dc394110063bebd5f057415)
Jeremy Allison [Tue, 13 Jun 2017 23:15:00 +0000 (16:15 -0700)]
s3: libsmb: Add cli_state_save_tcon() / cli_state_restore_tcon().
Save and restore tcon pointers in smb1 or smb2 structs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit
39026f1c5dbb83120b70b3d9131138a9c2344ba6)
Jeremy Allison [Tue, 13 Jun 2017 23:08:22 +0000 (16:08 -0700)]
libcli: smb: Add smb2cli_tcon_set_id().
Will be used in test and client code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit
e726b60226105d0f52a66dac47bfc5797cfc18e7)
Jeremy Allison [Tue, 13 Jun 2017 23:06:22 +0000 (16:06 -0700)]
libcli: smb: Add smbXcli_tcon_copy().
Makes a deep copy of a struct smbXcli_tcon *, will
be used later.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit
655e10685840fd5ebfde24396853b74020a1dc85)
Stefan Metzmacher [Fri, 12 May 2017 07:10:19 +0000 (09:10 +0200)]
auth/spnego: fix gensec_update_ev() argument order for the SPNEGO_FALLBACK case
This went unnoticed so long as we don't use -Wc++-compat
and gensec_update_ev() used the sync update() hook for all
NTLMSSP and Kerberos.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12788
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
31691963b3d9ac460df0c56d36f81ec815db0225)
Stefan Metzmacher [Fri, 5 May 2017 16:49:37 +0000 (18:49 +0200)]
s3:smbd: unimplement FSCTL_VALIDATE_NEGOTIATE_INFO with "server max protocol = SMB2_02"
A client that supports SMB3 will do a signed FSCTL_VALIDATE_NEGOTIATE_INFO
after a tree connect. This FSCTL_VALIDATE_NEGOTIATE_INFO call contains
the client capabilities, client guid, security mode and the array of supported
dialects. But if SMB 2.02 is negotiated the doesn't send these values to the
server in the first connection attempt (when the client starts with a SMB1 Negotiate).
Windows servers that only support SMB2 just return NT_STATUS_FILE_CLOSED
as answer to FSCTL_VALIDATE_NEGOTIATE_INFO.
We should do the same if we just pretend to support SMB 2.02,
as SMB 2.10 always include an SMB2 Negotiate request we can leave it as is.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
295c9f7b322e6377d0df1b49cb26597d66e80eda)
Stefan Metzmacher [Tue, 25 Apr 2017 11:25:10 +0000 (13:25 +0200)]
samba-tool: fix log message of 'samba-tool user syncpasswords'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12768
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri May 5 01:37:45 CEST 2017 on sn-devel-144
(cherry picked from commit
4c17850ae7b6c85e99e5d4d5bc5d8e89a9ba6d47)
Stefan Metzmacher [Sat, 24 Jun 2017 11:16:03 +0000 (13:16 +0200)]
auth/ntlmssp: enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2 client case
Some servers may not announce the NTLMSSP_NEGOTIATE_NTLM2
(a.k.a. NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) bit.
But if we're acting as a client using NTLMv2 we need to
enforce this flag, because it's not really a negotiationable
in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12862
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
8ee4f8236830eb3fa1b273fa6927792a800f86bd)
Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Wed Jun 28 15:32:51 CEST 2017 on sn-devel-144
Daniel Kobras [Fri, 23 Jun 2017 13:39:21 +0000 (15:39 +0200)]
s3: smbd: fix regression with non-wide symlinks to directories over SMB3.
The errno returned by open() is ambiguous when called with flags O_NOFOLLOW and
O_DIRECTORY on a symlink. With ELOOP, we know for certain that we've tried to
open a symlink. With ENOTDIR, we might have hit a symlink, and need to perform
further checks to be sure. Adjust non_widelink_open() accordingly. This fixes
a regression where symlinks to directories within the same share were no
longer followed for some call paths on systems returning ENOTDIR in the above
case.
Also remove the knownfail added in previous commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860
Signed-off-by: Daniel Kobras <d.kobras@science-computing.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
acc16592b451905dabc093f1d261e93cd3b59520)
Jeremy Allison [Fri, 23 Jun 2017 18:12:22 +0000 (11:12 -0700)]
s3: smbd: Add regression test for non-wide symlinks to directories fail over SMB3.
Mark as knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
f1f388ef80a6516c2f44b7778420f8ffe28c6471)
Jeremy Allison [Tue, 20 Jun 2017 18:20:38 +0000 (11:20 -0700)]
s3: smbd: When deleting an fsp pointer ensure we don't keep any references to it around.
Based on a suggestion from <lev@zadarastorage.com>
https://bugzilla.samba.org/show_bug.cgi?id=12818
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 22 00:12:49 CEST 2017 on sn-devel-144
Amitay Isaacs [Thu, 22 Jun 2017 06:15:47 +0000 (16:15 +1000)]
ctdb-recovery: Do not run local ip verification when in recovery
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857
If we drop public IPs because CTDB is in recovery for too long, then
avoid spamming logs "Trigger takeoverrun" every second.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
ea46699b27ef8d4ac7b5dd07035465cb3df09ea4)
Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Mon Jun 26 16:57:51 CEST 2017 on sn-devel-144
Amitay Isaacs [Thu, 22 Jun 2017 07:45:20 +0000 (17:45 +1000)]
ctdb-recovery: Get recmode unconditionally in the main_loop
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857
This can be used later in the main_loop to avoid the local ip check.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
2fd2ccd4c8617cfa7374d7a5ee3d1cc61c4fa4ad)
Amitay Isaacs [Thu, 22 Jun 2017 04:09:32 +0000 (14:09 +1000)]
ctdb-recovery: Finish processing for recovery mode ACTIVE first
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857
This simplifies the code and avoids complicated conditions.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
f8200153b21f5b19c9a1d57be3e05e739d9fafcd)
Amitay Isaacs [Thu, 22 Jun 2017 04:52:32 +0000 (14:52 +1000)]
ctdb-recovery: Simplify logging of recovery mode setting
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
d74dadd7f26a9e8c48ba92468d7d0c4a7aa5a8e5)
Amitay Isaacs [Thu, 22 Jun 2017 04:49:02 +0000 (14:49 +1000)]
ctdb-recovery: Setting up of recmode should be idempotent
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857
If the recovery mode is already set to the expected value, there is
nothing to do.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
f2771fcbf438e8b06321752c7203f01bbe33b573)
Amitay Isaacs [Thu, 22 Jun 2017 04:00:13 +0000 (14:00 +1000)]
ctdb-recovery: Assign banning credits if database fails to freeze
https://bugzilla.samba.org/show_bug.cgi?id=12857
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
c9d9f56bffe1e19665dba8e0cf899399d3d9fb72)
Amitay Isaacs [Thu, 22 Jun 2017 04:34:36 +0000 (14:34 +1000)]
ctdb-scripts: Don't send empty argument string to logger
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12856
This stops logger reading from stdin.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Jun 24 14:37:48 CEST 2017 on sn-devel-144
(cherry picked from commit
2fa069e870c0e6f1daa2a08be5aacac7b1063a5e)
Richard Sharpe [Tue, 20 Jun 2017 19:40:39 +0000 (12:40 -0700)]
Bug 15852. There are valid paths where conn->lsa_pipe_tcp->transport is NULL. Protect against this.
Based on a suggestion from Metze.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12852
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 22 23:16:46 CEST 2017 on sn-devel-144
(cherry picked from commit
03042b85c8140842633b36f3124e504b97b852a1)
Stefan Metzmacher [Thu, 15 Jun 2017 21:01:18 +0000 (23:01 +0200)]
s3:smb2_sesssetup: allow a compound request after a SessionSetup
This is not a full fix yet as we don't allow compound requests
after going async.
With SMB 3.11 requiring signed TreeConnect requests it's pointless
to try to compound requests after a SessionSetup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12845
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 17 10:55:25 CEST 2017 on sn-devel-144
(cherry picked from commit
bb5c394fde03dc8230d5089a66fea1a2541952f5)
Stefan Metzmacher [Thu, 15 Jun 2017 21:01:18 +0000 (23:01 +0200)]
s3:smb2_tcon: allow a compound request after a TreeConnect
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12844
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f8974bcdbf8abe3803340dcd20206ff4de9d5079)
Andreas Schneider [Tue, 30 May 2017 14:30:33 +0000 (16:30 +0200)]
libcli:smb2: Gracefully handle not supported for FSCTL_VALIDATE_NEGOTIATE_INFO
If FSCTL_VALIDATE_NEGOTIATE_INFO is not implemented, e.g. in a SMB2 only
server then gracefully handle NT_STATUS_NOT_SUPPORTED too.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12808
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jun 15 17:32:45 CEST 2017 on sn-devel-144
(cherry picked from commit
a4d9438ecf92614a0915b9cf61f905ea8170043a)
Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Mon Jun 19 15:16:54 CEST 2017 on sn-devel-144
Martin Schwenke [Fri, 9 Jun 2017 00:57:28 +0000 (10:57 +1000)]
ctdb-tests: Add more NFS eventscript tests for call-out failures
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12837
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
323291a46e26e0493d43052550e57e2989b83b97)
Martin Schwenke [Thu, 8 Jun 2017 04:45:43 +0000 (14:45 +1000)]
ctdb-scripts: NFS call-out failures should cause event failure
Failures in startup/shutdown/releaseip/takeip are currently
incorrectly ignored.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12837
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
22f2068d456759612d340fdcc56276f39a710426)
Ralph Boehme [Fri, 26 May 2017 13:35:54 +0000 (15:35 +0200)]
s4/torture: test for bug 12798
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12798
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
bd43939ec07a2fc6858d1265fc75a68a7cd96f58)
Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Fri Jun 2 14:07:53 CEST 2017 on sn-devel-144
Ralph Boehme [Fri, 26 May 2017 09:57:08 +0000 (11:57 +0200)]
s3/smbd: fix exclusive lease optimisation
We need to expect any amount of "stat" opens on the file without
triggering an assert.
This is the correct fix for bug #11844. I guess we haven't seens this
very often before bug #12766 got fixed, because most clients were using
LEASES instead of OPLOCKS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12798
See also:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11844
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12766
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
19b938e1fa9822ac417a3b3a34519087470d7a18)
Ralph Boehme [Fri, 26 May 2017 09:35:52 +0000 (11:35 +0200)]
s3/locking: make find_share_mode_entry public
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12798
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9d7739e819d5699209b5eacad4a0e2a8b8da0a86)
Jeremy Allison [Wed, 24 May 2017 18:45:35 +0000 (11:45 -0700)]
s3: VFS: Catia: Ensure path name is also converted.
https://bugzilla.samba.org/show_bug.cgi?id=12804
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
fda1e701af804db81dcb3844921e9a327563bc5c)
Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Thu Jun 1 12:59:00 CEST 2017 on sn-devel-144
Martin Schwenke [Wed, 24 May 2017 10:21:55 +0000 (20:21 +1000)]
ctdb-tests: Add some extra tests for "ctdb nodestatus"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12802
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri May 26 05:24:34 CEST 2017 on sn-devel-144
(cherry picked from commit
ade535371b86294c12ca3f7eb98d8ef7ecd29caa)
Martin Schwenke [Wed, 24 May 2017 10:27:58 +0000 (20:27 +1000)]
ctdb-tools: "ctdb nodestatus" should only display header for "all"
The "Number of nodes:" header should only be displayed when "all" is
specified. This is how the command behaved in Samba <= 4.4.
Printing the number of nodes is not helpful and is rather confusing in
the default case where only the status of the current node is printed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12802
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
1d10c8e9e637619b754b4a273d3c714fbca7d503)
Martin Schwenke [Wed, 24 May 2017 10:24:54 +0000 (20:24 +1000)]
ctdb-tools: Stop "ctdb nodestatus" from always showing all nodes
Exit code should only reflect current or specified nodes too.
Drop an unwanted call to get_nodemap() that overwrites the previously
calculated node map.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12802
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
a600d467e2842ab05e429c5a67be5b222ddd1c12)
Amitay Isaacs [Thu, 18 May 2017 01:50:09 +0000 (11:50 +1000)]
ctdb-readonly: Avoid a tight loop waiting for revoke to complete
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12697
During revoking readonly delegations, if one of the nodes disappears,
then there is no point re-trying revoking readonly delegation immedately.
The database needs to be recovered before the revoke operation can
succeed.
However, if the revoke is successful, then all the write requests need
to be processed immediately before the read-only requests. This avoids
starving write requests, in case there are read-only requests coming
from other nodes.
In deferred_call_destructor, the result of revoke is not available and
deferred calls cannot be correctly ordered. To correctly order the
deferred calls, process them in revokechild_destructor where the result
of revoke is known.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
f5f05a644dadc0b1858c99c5f1f5af1ef80f3a28)
Amitay Isaacs [Thu, 18 May 2017 00:15:01 +0000 (10:15 +1000)]
Revert "ctdb-readonly: Avoid a tight loop waiting for revoke to complete"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12697
This reverts commit
ad758cb869ac83534993caa212abc9fe9905ec68.
This is an incomplete fix and introduces a regression.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
a50b25d0ebbe731a766f8d2ce1924b34d6041668)
Karolin Seeger [Wed, 24 May 2017 08:06:16 +0000 (10:06 +0200)]
VERSION: Bump version up to 4.5.11.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 24 May 2017 08:05:58 +0000 (10:05 +0200)]
Merge tag 'samba-4.5.10' into v4-5-test
samba: tag release samba-4.5.10
Karolin Seeger [Fri, 19 May 2017 10:07:24 +0000 (12:07 +0200)]
VERSION: Disable GIT_SNAPSHOTS for the 4.5.10 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 19 May 2017 10:06:21 +0000 (12:06 +0200)]
WHATSNEW: Add release notes for Samba 4.5.10.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Tue, 16 May 2017 23:12:19 +0000 (16:12 -0700)]
s3: smbd: Fix open_files.idl to correctly ignore share_mode_lease *lease in share_mode_entry.
This is currently marked 'skip', which means it isn't stored in the
db, but printed out in ndr dump. However, this pointer can be invalid
if the lease_idx is set to 0xFFFFFFFF (invalid).
This is fixed up inside parse_share_modes(), but not until after
ndr_pull_share_mode_data() is called. If lease_idx == 0xFFFFFFFF
then ndr_print_share_mode_lease() prints an invalid value and
crashes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12793
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 18 03:01:40 CEST 2017 on sn-devel-144
(cherry picked from commit
b691f6d32f79ef8427f567612243dd51ea8d5584)
Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Fri May 19 13:41:59 CEST 2017 on sn-devel-144
Volker Lendecke [Mon, 8 May 2017 19:40:40 +0000 (21:40 +0200)]
CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Karolin Seeger [Thu, 18 May 2017 06:47:52 +0000 (08:47 +0200)]
VERSION: Bump version up to 4.5.10...
and re-enable GIT_SNAPSHOTS.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
886edba06129ff76af549cdc3b6c7d346525dc6e)
Karolin Seeger [Thu, 18 May 2017 06:47:52 +0000 (08:47 +0200)]
VERSION: Bump version up to 4.5.10...
and re-enable GIT_SNAPSHOTS.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 18 May 2017 06:44:48 +0000 (08:44 +0200)]
VERSION: Disable GIT_SNAPSHOTS for the 4.5.9 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 18 May 2017 06:43:05 +0000 (08:43 +0200)]
WHATSNEW: Add release notes for Samba 4.5.9.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Volker Lendecke [Thu, 6 Apr 2017 10:50:08 +0000 (12:50 +0200)]
idmap_rfc2307: Test unix-ids-to-sids with 35 groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
ee3b17ba4674a17a411c9ec4271e087c8cd7dad1)
Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Tue May 16 13:34:00 CEST 2017 on sn-devel-144
Volker Lendecke [Tue, 4 Apr 2017 15:15:10 +0000 (17:15 +0200)]
selftest: Avoid idmap caching when testing idmap_rfc2307
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
da7481f835ddc1fab16d11ccbaf7f33c213af23a)
Volker Lendecke [Fri, 31 Mar 2017 15:23:39 +0000 (15:23 +0000)]
idmap_rfc2307: "ldap_next_entry" needs the previous entry, not the start
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
803ea2d2b7820939d03f7eb381c3cf719a00ff4a)
Volker Lendecke [Fri, 31 Mar 2017 15:20:07 +0000 (15:20 +0000)]
idmap_rfc2307: Don't stop after 30 entries
We start over again and again, so we need to search in the whole list.
This is a quick hack generating a bad O(n^2). The real fix is to
call idmap_rfc2307_find_map with "maps" starting at the right offset,
but that's an optimization for later when it's restructured
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
c0f12170e8b9fb3ab75f53bba637c72f6465192e)
Volker Lendecke [Tue, 4 Apr 2017 13:28:36 +0000 (15:28 +0200)]
test_idmap_rfc2307: Test wbinfo -r for 35 supplementary group memberships
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
e663357b4d7d5cb0c4d8a0ebc97cfcb58429b894)
Volker Lendecke [Tue, 4 Apr 2017 13:12:02 +0000 (15:12 +0200)]
test_idmap_rfc2307: Do a recursive delete in ou=idmap
We'll create more posix objects soon
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
1f5097e3fbf9931c830880637622bb0b05863466)
Volker Lendecke [Tue, 4 Apr 2017 12:59:45 +0000 (14:59 +0200)]
test_idmap_rfc2307: Correct usage
We already have 13 args at this point, and growing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
f34ff621edbfd8b7c99cdadec166a80ae9c5646c)
Volker Lendecke [Tue, 4 Apr 2017 12:15:26 +0000 (14:15 +0200)]
test_idmap_rfc2307: Avoid a tmpfile
We can << directly into ldbadd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
1893bb9bc48d9251820a185c95c65562f2878074)
Volker Lendecke [Tue, 4 Apr 2017 12:15:26 +0000 (14:15 +0200)]
test_idmap_rfc2307: Remove the correct file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
9e816ea2f8d21d392b4e9050e443ef936629202e)
Volker Lendecke [Fri, 31 Mar 2017 15:23:39 +0000 (15:23 +0000)]
idmap_rfc2307: "ldap_next_entry" needs the previous entry, not the start
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
17563f295ffa7379daa5bf7cc89540df4ae4f7b3)
Volker Lendecke [Fri, 31 Mar 2017 15:20:07 +0000 (15:20 +0000)]
idmap_rfc2307: Don't stop after 30 entries
We start over again and again, so we need to search in the whole list.
This is a quick hack generating a bad O(n^2). The real fix is to
call idmap_rfc2307_find_map with "maps" starting at the right offset,
but that's an optimization for later when it's restructured
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
54a0e7e3d7332f420f36a3a20dd62156e6adea46)
Stefan Metzmacher [Tue, 25 Apr 2017 11:25:57 +0000 (13:25 +0200)]
samba-tool: let 'samba-tool user syncpasswords' report deletions immediately
We need to use the show-recycled control in addition to the
notification control in order to get notifications about deletions.
There's no real problem as the next modification will report the deletion.
But it might be delayed a few minutes.
Note that show-recycled is a superset of show-deleted, so we only need one.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12767
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
afa15e6128473d3e4006f7cdc3762ab4c1cba05a)
Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Tue May 9 14:34:10 CEST 2017 on sn-devel-144
Ralph Boehme [Thu, 4 May 2017 09:52:16 +0000 (11:52 +0200)]
s3/smbd: update exclusive oplock optimisation to the lease area
Update an optimisation in update_num_read_oplocks() that checks for
exclusive oplocks to the lease area.
The idea of the optimisation is to avoid expensive db queries in
brlock.tdb if we *know* we're the only open.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12766
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat May 6 22:58:47 CEST 2017 on sn-devel-144
(cherry picked from commit
a50343779a8a92d6f53095b36506b1d47ef68513)
Ralph Boehme [Thu, 20 Apr 2017 19:37:37 +0000 (21:37 +0200)]
s3/smbd: update exclusive oplock optimisation to the lease area
This is similar to
9533a55ee5ffe430589dcea845851b84876ef656 but this
time in the contend_level2_oplocks_begin_default() function.
The idea of the optimisation is to avoid expensive db queries in
locking.tdb if we *know* we're the only open.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12766
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0a4a08ad1cef3b7d6fd47df3a93c2c89dd287ee8)
Ralph Boehme [Thu, 4 May 2017 09:50:56 +0000 (11:50 +0200)]
s3/locking: helper functions for lease types
Add some helper functions that will be used to update a bunch of checks
for exclusive oplocks to the lease area.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12766
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f631e95e2de857ea98204609a71e6db00993994b)
Ralph Boehme [Thu, 4 May 2017 09:50:01 +0000 (11:50 +0200)]
s3/locking: add const to fsp_lease_type
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12766
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
952701dce09b1ee89a0f6a450ac244fd6451955b)
Doug Nazar [Thu, 27 Apr 2017 22:41:24 +0000 (15:41 -0700)]
s3: smbd: inotify_map_mask_to_filter incorrectly indexes an array.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12760
Signed-off-by: Doug Nazar <nazard@nazar.ca>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
a939db725ea81944532ba3b035da0d145bc3b62a)
Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Tue May 2 13:54:40 CEST 2017 on sn-devel-144
Ralph Boehme [Wed, 19 Apr 2017 11:12:55 +0000 (13:12 +0200)]
vfs_fruit: lp_case_sensitive() does not return a bool
lp_case_sensitive() returns an int, not a bool, so with the default
setting of "Auto" by default we set the AAPL flag
SMB2_CRTCTX_AAPL_CASE_SENSITIVE.
This caused the client to believe the volume is case sensitive where it
wasn't, leading to an error when trying to rename files changing only
the case of the name.
Also fix the existing torture test that verifies AAPL context
negotiation and actually expected the server to return "case sensitive",
while the Samba default is really "case insensitive".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12749
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
36612723b2b18675116b6197183bdfe5e1d9e06f)
Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Fri Apr 28 13:17:19 CEST 2017 on sn-devel-144
Ralph Boehme [Mon, 6 Feb 2017 11:47:41 +0000 (12:47 +0100)]
vfs_acl_xattr|tdb: ensure create mask is at least 0666 if ignore_system_acls is set
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12562
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Apr 20 20:50:10 CEST 2017 on sn-devel-144
(cherry picked from commit
375d772d04338861d92e683ae3c6c9d7ecb846ad)
Volker Lendecke [Wed, 12 Oct 2016 10:35:12 +0000 (12:35 +0200)]
lib: Fix CID
1373623 Dereference after null check
We should not overload "p", this is used in the outer loop
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12276
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6ec81ca3c196f3c4659a4e1c473759b393708d12)
Shilpa Krishnareddy [Tue, 25 Apr 2017 14:59:45 +0000 (16:59 +0200)]
notify: Fix ordering of events in notifyd
In notifyd_trigger_parser() while initializing notify_event_msg values from
notify_trigger_msg, 'when' value is ignored. So the smbd process does not get
correct 'when' value and this is causing issues during qsort in
notify_marshall_changes(). Because of this issue, smb2.notify.dir test was
failing.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12756
Signed-off-by: Shilpa Krishnareddy <skrishnareddy@panzura.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Apr 26 17:02:58 CEST 2017 on sn-devel-144
(cherry picked from commit
5701880655c8a82b6d533c7c2e131cc803e7570b)
Hanno Böck [Wed, 19 Apr 2017 12:00:21 +0000 (14:00 +0200)]
cleanupdb: Fix a memory read error
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12748
Signed-off-by: Hanno Böck <hanno@hboeck.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
fd98a7b6a0053b62802e29fb729e219dc08eef6b)
Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Fri Apr 21 13:28:33 CEST 2017 on sn-devel-144
Michael Adam [Tue, 11 Apr 2017 10:03:52 +0000 (12:03 +0200)]
s3:vfs:shadow_copy2: fix corner case of "/@GMT-token" in shadow_copy2_strip_snapshot
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
26661218b3d3f0d4ee89039727bc110e972c2851)
The last 3 patches address
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12743
vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend
Michael Adam [Tue, 11 Apr 2017 10:03:20 +0000 (12:03 +0200)]
s3:vfs:shadow_copy2: fix the corner case if cwd=/ in make_relative_path
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
16c89835cf07caa2082b586666095deba38ef962)
Michael Adam [Tue, 11 Apr 2017 09:18:30 +0000 (11:18 +0200)]
s3:vfs:shadow_copy2: fix quoting in debug messages
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
fffd611fdc558ab428c8a21cf1e68feaf1f6f469)
Stefan Metzmacher [Sun, 2 Apr 2017 22:19:25 +0000 (00:19 +0200)]
pam_winbind: no longer use wbcUserPasswordPolicyInfo when authenticating
The expiry time for the specific user comes from
info->pass_must_change_time and nothing else.
The authenticating DC knows which password policy applies
to the user, that's nothing the client can do, as
domain trusts and fine-grained password policies makes
this a very complex task.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12725
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
fba7ed9a3fa6fcb2d90d1271ae81ec11b554bd2d)
Jeremy Allison [Mon, 17 Apr 2017 21:30:54 +0000 (14:30 -0700)]
s3:smbd: Fix incorrect use of sys_getgroups()
Second arg must be NULL when first arg is 0 (it is in all other places).
Bug report and patch from Hanno Böck <hanno@hboeck.de>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12747
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 18 15:43:02 CEST 2017 on sn-devel-144
(cherry picked from commit
76b351e907f67cc7d4af4e7d800c7a3aa1269ee8)
Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Thu Apr 20 16:36:14 CEST 2017 on sn-devel-144
Jeremy Allison [Mon, 17 Apr 2017 21:30:04 +0000 (14:30 -0700)]
s3:lib: Fix incorrect logic in sys_broken_getgroups()
If setlen == 0 then the second argument must be ignored.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12747
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
60af864f751706c48b8af448700bf06e33e45946)
Jeremy Allison [Mon, 17 Apr 2017 21:09:24 +0000 (14:09 -0700)]
lib: debug: Avoid negative array access.
Report and patch from Hanno Böck <hanno@hboeck.de>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12746
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
600f8787e3b605c9f3e8f724c726e63157ee9efc)
Uri Simchoni [Thu, 13 Apr 2017 09:44:58 +0000 (12:44 +0300)]
vfs_acl_xattr: avoid needlessly supplying a large buffer to getxattr()
When obtaining the security descriptor via getxattr(), first try
optimistically to supply a buffer of 4K, and if that turns out
to be too small, determine the correct buffer size.
The previous behavior of falling back to a 64K buffer encountered
problem with Linux prior to version 3.6, due to pyisical memory
fragmentation. With those kernels, as long as the buffer is 8K or
smaller, getting the xattr is much less prone to failure due to
memory fragmentation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12737
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 18 04:41:16 CEST 2017 on sn-devel-144
(cherry picked from commit
05d83ccf7a6fecf963fcb980acd50cebfc0c3ea9)
Uri Simchoni [Sat, 8 Apr 2017 21:40:44 +0000 (00:40 +0300)]
vfs_acl_xattr: factor out fetching of an extended attribute
Pure refactoring - add a function that fetches an extended attribute
based on either the file descriptor or the file name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12737
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
7b775abd9278ae34110ec87d94a736be7f64884a)
Uri Simchoni [Thu, 13 Apr 2017 09:50:47 +0000 (12:50 +0300)]
vfs_xattr_tdb: handle case of zero size.
With getxattr(), passing a zero buffer size is a
way of obtaining actual xattr size.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12737
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4dfa2d6a0972847e3b21ddf05077e50ed72c4ea8)
Uri Simchoni [Sat, 8 Apr 2017 21:20:40 +0000 (00:20 +0300)]
selftest: test fetching a large ACL from vfs_acl_xattr
Add a test that fetches an ACL whose size is larger than 4K.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12737
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit
5017dfeef24b8d568e0146c085f3f979d688acf2)
Amitay Isaacs [Thu, 6 Apr 2017 02:20:21 +0000 (12:20 +1000)]
ctdb-docs: Fix documentation of -n option to ctdb tool
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12733
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
7f714a436250dfeaa1970f78090ef066482711f0)
Ralph Boehme [Wed, 29 Mar 2017 09:13:46 +0000 (11:13 +0200)]
winbindd: trigger possible passdb_dsdb initialisation
If the passdb backend is passdb_dsdb the domain SID comes from dsdb, not
from secrets.tdb. As we use the domain SID in various places, we must
ensure the domain SID is migrated from dsdb to secrets.tdb before
get_global_sam_sid() is called the first time.
The migration is done as part of the passdb_dsdb initialisation, calling
pdb_get_domain_info() triggers it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12729
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 1 21:18:59 CEST 2017 on sn-devel-144
(cherry picked from commit
8b32fc4006ae338ddee7c0e5991958ec3463da0d)
Ralph Boehme [Sun, 26 Mar 2017 06:22:13 +0000 (08:22 +0200)]
winbindd: error handling in rpc_lookup_sids()
NT_STATUS_NONE_MAPPED and NT_STATUS_SOME_NOT_MAPPED should not be
treated as fatal error. We should continue processing the results and
not bail out.
In case we got NT_STATUS_NONE_MAPPED we must have to ensure all
lsa_TranslatedName are of type SID_NAME_UNKNOWN.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
8dfbba59d768b10f6b088cfc49e5dbe6de4834e1)
Ralph Boehme [Sat, 1 Apr 2017 14:51:07 +0000 (16:51 +0200)]
s3/rpc_client: lookupsids error handling of NT_STATUS_NONE_MAPPED
NT_STATUS_NONE_MAPPED is not a fatal error, it just means we must return
all lsa_TranslatedName's as type SID_NAME_UNKNOWN.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
416c74e8c89dc2fb2083beaaa9ac8a6e975ec873)
Ralph Boehme [Sat, 1 Apr 2017 14:56:39 +0000 (16:56 +0200)]
s3/rpc_client: use NT_STATUS_LOOKUP_ERR
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0e7e4ebad31caa1ccb392f2fe20c67929149b8c9)
Ralph Boehme [Sat, 1 Apr 2017 14:44:45 +0000 (16:44 +0200)]
s3/include: add NT_STATUS_LOOKUP_ERR
Useful helper macro to check the return value of LSA and SAMR
translations.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12728
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
fc37c7327dc7e4ad4405e324fc88d4bbf9b6ef9e)
Ralph Boehme [Fri, 31 Mar 2017 14:06:18 +0000 (16:06 +0200)]
selftest: fix for wbinfo -s tests for wellknown SIDs
Rework while loop to not use a pipe as that uses a subshell for the loop
which means assigning to the variable failed is not visible in the
main script.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
d8fd56a8244a3010469c27eaa3b73a2c5fbbc41f)
Ralph Boehme [Sun, 2 Apr 2017 11:42:45 +0000 (13:42 +0200)]
winbindd: explicit check for well-known SIDs in wb_lookupsids_bulk()
Those are implicitly already catched by the
if (sid->num_auths != 5)
check, but I'd like to make the desired behaviour more obvious.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
167bb5ead8c7193d173fdba8a453279d422fa7ea)
Ralph Boehme [Fri, 31 Mar 2017 14:24:05 +0000 (16:24 +0200)]
selftest: wbinfo --sids-to-unix-ids tests for wellknown SIDs
This test passes even without the fix, as in sids2xids we use the
lookupnames just to determine the mapping domain, using the default
idmap domain as fallback if that fails.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
8bd5f774fdc1f4ea012885262eb0f40640504de8)
Ralph Boehme [Fri, 31 Mar 2017 14:06:18 +0000 (16:06 +0200)]
selftest: wbinfo -s tests for wellknown SIDs
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
2150de3a73527850547263e853faf4f3fedca6e6)