Karolin Seeger [Mon, 2 Jan 2017 09:18:13 +0000 (10:18 +0100)]
VERSION: Disable GIT_SNAPSHOTS for the 4.4.9 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 2 Jan 2017 09:17:14 +0000 (10:17 +0100)]
WHATSNEW: Add release notes for Samba 4.4.9.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Stefan Metzmacher [Tue, 19 Jul 2016 14:31:01 +0000 (16:31 +0200)]
krb5_wrap: provide CKSUMTYPE_HMAC_SHA1_96_AES_*
MIT only defined this as CKSUMTYPE_HMAC_SHA1_96_AES128,
while Heimdal has CKSUMTYPE_HMAC_SHA1_96_AES_128.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
bb64c550ae19b08ad4e6d8d26f68c2474cb251e6)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12471
Patches for CVE-2016-2126 break build with MIT Kerberos
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Dec 20 15:58:07 CET 2016 on sn-devel-144
Stefan Metzmacher [Tue, 20 Dec 2016 07:36:09 +0000 (08:36 +0100)]
VERSION: Bump version up to 4.4.9...
and re-enable git snapshots.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Karolin Seeger [Fri, 9 Dec 2016 09:59:57 +0000 (10:59 +0100)]
VERSION: Disable GIT_SNAPSHOTS for the 4.4.8 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Dec 19 14:32:43 CET 2016 on sn-devel-144
Jeremy Allison [Sat, 10 Dec 2016 21:56:18 +0000 (13:56 -0800)]
s3: ntlm_auth: Don't corrupt the output stream with debug messages.
Calling programs expect to cleanly read from STDOUT.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12467
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
9fbd544b90c2b27985637a9bb3fa520f891f8696)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu Dec 15 12:21:27 CET 2016 on sn-devel-144
Jeremy Allison [Thu, 8 Dec 2016 18:40:18 +0000 (10:40 -0800)]
lib: security: se_access_check() incorrectly processes owner rights (S-1-3-4) DENY ace entries
Reported and proposed fix by Shilpa K <shilpa.krishnareddy@gmail.com>.
When processing DENY ACE entries for owner rights SIDs (S-1-3-4) the
code OR's in the deny access mask bits without taking into account if
they were being requested in the requested access mask.
E.g. The current logic has:
An ACL containining:
[0] SID: S-1-3-4
TYPE: DENY
MASK: WRITE_DATA
[1] SID: S-1-3-4
TYPE: ALLOW
MASK: ALLOW_ALL
prohibits an open request by the owner for READ_DATA - even though this
is explicitly allowed.
Furthermore a non-canonical ACL containing:
[0] SID: User SID 1-5-21-something
TYPE: ALLOW
MASK: READ_DATA
[1] SID: S-1-3-4
TYPE: DENY
MASK: READ_DATA
[2] SID: User SID 1-5-21-something
TYPE: ALLOW
MASK: WRITE_DATA
prohibits an open request by the owner for READ_DATA|WRITE_DATA - even
though READ_DATA is explicitly allowed in ACE no 0 and is thus already
filtered out of the "access-still-needed" mask when the deny ACE no 1 is
evaluated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12466
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
29b02cf22f3c0f2d556408e9e768d68c1efc3b96)
Jeremy Allison [Mon, 5 Dec 2016 22:32:55 +0000 (14:32 -0800)]
s3: smbd: Add missing permissions check on destination folder.
Based on code from Michael Zeis <mzeis.quantum@gmail.com>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12460
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
91b591224ab7f8ea7b4594da9f61efef14353f7f)
Jeremy Allison [Mon, 5 Dec 2016 22:32:03 +0000 (14:32 -0800)]
s3: smbd: Make check_parent_access() available to rename code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12460
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
beb8a73e95e768565760f79c2a16586bafb4e58c)
Jeremy Allison [Mon, 5 Dec 2016 22:13:14 +0000 (14:13 -0800)]
s3: smbd: rename - missing early error exit if source and destination prefixes are different.
Noticed by Michael Zeis <mzeis.quantum@gmail.com>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12460
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
2bfad1c9d3237ad8d174b7dc2d1e6e3c53fdb8dc)
Ralph Boehme [Thu, 10 Nov 2016 08:07:41 +0000 (09:07 +0100)]
manpages/vfs_fruit: add warning to fruit:resoure=stream
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12412
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu Dec 8 14:52:52 CET 2016 on sn-devel-144
Ralph Boehme [Thu, 10 Nov 2016 07:57:12 +0000 (08:57 +0100)]
manpages/vfs_fruit: fruit:resource option misspelling
Due to a misspelling in the option parser in all Samba versions up to
and including 4.5.1 this options must be given "fruit:ressource", ie
with two "s".
Samba 4.6 will accept both the correct the correct and the wrong
spelling, Samba 4.7 onwards will only accept the correct
spelling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12412
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 6 Dec 2016 08:44:28 +0000 (09:44 +0100)]
printing: Fix building with CUPS version older than 1.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12183
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Fri, 18 Nov 2016 18:20:41 +0000 (10:20 -0800)]
s3/smbd: fix the last resort check that sets the file type attribute
The rule is, a directory (with any other attributes) should always also
set FILE_ATTRIBUTE_DIRECTORY, a file should only set
FILE_ATTRIBUTE_NORMAL if no other attributes is set.
Iow, if a file contains any existing attributes (e.g. FILE_ATTRIBUTE_HIDDEN),
don't add in the FILE_ATTRIBUTE_NORMAL attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12436
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Nov 19 11:55:35 CET 2016 on sn-devel-144
(cherry picked from commit
a0783e8dd966a0b2d24d2ca5baa6bed3fe5a7d5a)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu Dec 1 14:51:30 CET 2016 on sn-devel-144
Andreas Schneider [Sun, 13 Nov 2016 16:40:21 +0000 (17:40 +0100)]
nss_wins: Fix errno values for HOST_NOT_FOUND
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12269
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
08d1ac0e36339e97e4464f6a6724464b0a568347)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed Nov 30 15:50:43 CET 2016 on sn-devel-144
Andreas Schneider [Thu, 17 Nov 2016 15:15:54 +0000 (16:15 +0100)]
s4:torture: Fix cleanup of the secrets object in session_key test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12433
The test is known to be failing if sealing is turned on in some
circumstances. In this case a secret is created and then the function
dcerpc_fetch_session_key() fails. The secret is not removed!
We use torturesecret-%08x with random() to fill in the number. Sometimes
it happens that random() returns a number we already used. So we end up
trying to create a secret for an entry which already exists and run
into a collision
This change makes sure we always cleanup behind us and do not leave
secret objects we created.
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 17 22:30:36 CET 2016 on sn-devel-144
(cherry picked from commit
9de04626c058563a6cf4c13e4f5399039e345ef5)
Andreas Schneider [Thu, 17 Nov 2016 14:44:13 +0000 (15:44 +0100)]
s4:torture: Normalizes names in session_key test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12433
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
31d21de548d899f82fa7944767ad94e8aca8d96d)
Andreas Schneider [Thu, 17 Nov 2016 14:35:47 +0000 (15:35 +0100)]
s4:torture: Strip trailing whitespaces in session_key.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12433
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
80f7f568f8960c809756d5233c8f875db4ea07d6)
Andreas Schneider [Tue, 15 Nov 2016 17:34:22 +0000 (18:34 +0100)]
s4:torture: Add tortue test for AddPrinterDriverEx with COPY_FROM_DIRECTORY
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12415
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b1ade58ffeb56a0238c820797905caa107b08265)
Andreas Schneider [Fri, 18 Nov 2016 09:51:57 +0000 (10:51 +0100)]
lib:torture: Make variables const
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12415
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9c0f2576d8aa3dd95be1c5ddda2b10d891add0bc)
Andreas Schneider [Tue, 15 Nov 2016 13:29:29 +0000 (14:29 +0100)]
s3:spoolss: Add support for COPY_FROM_DIRECTORY in AddPrinterDriverEx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12415
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4d9f4bfc69a5899bdf91406dfb7efb70a530446c)
Amitay Isaacs [Fri, 18 Nov 2016 00:47:56 +0000 (11:47 +1100)]
ctdb-recovery: Avoid NULL dereference in failure case
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12434
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Nov 21 12:26:04 CET 2016 on sn-devel-144
(cherry picked from commit
54e392b385728bba047404465207340a2e354ec6)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Nov 22 13:32:29 CET 2016 on sn-devel-144
Amitay Isaacs [Thu, 17 Nov 2016 05:10:51 +0000 (16:10 +1100)]
ctdb-locking: Reset real-time priority in lock helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12392
Earlier we were relying on SCHED_RESET_ON_FORK to reset the priority of lock
helper processes. Since SCHED_RESET_ON_FORK support has been removed, the
scheduling priority of child processes created using vfork() need to be reset
explicitly in the helper processes.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Nov 18 10:18:27 CET 2016 on sn-devel-144
(cherry picked from commit
6c6d63c04497fdfdbe665508f2a503f2392dc526)
Günther Deschner [Fri, 11 Nov 2016 18:17:55 +0000 (19:17 +0100)]
s4-torture: add spoolss_SetPrinter ndr test to validate secdesc_ptr
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11197
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
574dd65a8185c90828e49b295d89153bae1563bf)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Fri Nov 18 12:29:24 CET 2016 on sn-devel-144
Günther Deschner [Fri, 11 Nov 2016 15:29:20 +0000 (16:29 +0100)]
spoolss: Use correct values for secdesc and devmode pointers
ULONG_PTR needs to be decoded as a uint3264 and not as a 'uint32 *'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11197
Guenther
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
73f664710a8c9b312a54d0cf41d2f4440c8b42eb)
Andrew Bartlett [Tue, 25 Oct 2016 11:06:12 +0000 (00:06 +1300)]
build: Fix build with perl on debian sid.
build: Fix build with perl on debian sid.
It appears that "." is no longer in perl_inc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12395
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Oct 29 09:32:37 CEST 2016 on sn-devel-144
(cherry picked from commit
da67acbcfe2167fce9c360a55416ab10e9537a2a)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed Nov 16 14:32:10 CET 2016 on sn-devel-144
Martin Schwenke [Fri, 4 Nov 2016 00:47:18 +0000 (11:47 +1100)]
ctdb-tests: Add tests for updated Debian style Samba start/stop
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12371
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Nov 7 08:01:28 CET 2016 on sn-devel-144
(cherry picked from commit
5c53d50784b2d7883f3e1d9ac48bb1fd56ba7f42)
Mathieu Parent [Mon, 31 Oct 2016 14:17:34 +0000 (15:17 +0100)]
ctdb-scripts: Fix Debian init in samba eventscript
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12371
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Signed-off-by: Stefan Kania <stefan@kania-online.de>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
385aef614034a3f32276e19312f089990e6dbb85)
Jeremy Allison [Thu, 29 Sep 2016 19:44:17 +0000 (12:44 -0700)]
s3: delete_streams: Don't jump to fail: - that resets state.
Signed-off-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12299
Andreas Schneider [Thu, 10 Nov 2016 10:47:54 +0000 (11:47 +0100)]
s3-printing: Allow printer names longer than 16 chars
Printers with long names are supported in the meantime. However we issue
a warning that if one printer exceeeds 15 chars we warn about it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
2611fd02a0a6a0a0a506df70fe1a1eb4a2e76062)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Nov 14 15:56:11 CET 2016 on sn-devel-144
Andreas Schneider [Wed, 9 Nov 2016 18:05:49 +0000 (19:05 +0100)]
s3-printing: Correctly encode CUPS printer URIs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12183
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c160ae9afb222466c50ae170447a6a0805f7169f)
Michael Adam [Thu, 20 Oct 2016 22:15:06 +0000 (00:15 +0200)]
vfs:glusterfs: preallocate result for glfs_realpath
https://bugzilla.samba.org/show_bug.cgi?id=12404
This makes us independent of the allocation
method used inside glfs_realpath.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 22 00:28:41 CEST 2016 on sn-devel-144
(cherry picked from commit
92a0a56c3852726e0812d260e043957c879aefa4)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Nov 8 15:35:20 CET 2016 on sn-devel-144
Andreas Schneider [Wed, 2 Nov 2016 16:19:09 +0000 (17:19 +0100)]
s3-winbind: Do not return NO_MEMORY if we have an empty user list
The domain child for the MACHINE ACCOUNT might fail with
NT_STATUS_NO_MEMORY because an emtpy user list is returned.
*pnum_info is already set to 0 at the beginngin so we should just
declare victory here!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12405
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e714dc03e0ccf9ec17da6bacc1bcfcaea7518e22)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Fri Nov 4 15:18:16 CET 2016 on sn-devel-144
Amitay Isaacs [Mon, 26 Sep 2016 14:51:03 +0000 (00:51 +1000)]
provision: Add support for BIND 9.11.x
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12366
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 28 03:42:25 CEST 2016 on sn-devel-144
(cherry picked from commit
2959c8888d46902e140963ed4190d23a7609b8da)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu Nov 3 12:29:19 CET 2016 on sn-devel-144
Amitay Isaacs [Mon, 26 Sep 2016 14:51:03 +0000 (00:51 +1000)]
dlz-bind: Add support for BIND 9.11.x
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12366
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c8c330d5f4921aaca803b9ff571aacb0dde0c7bc)
Amitay Isaacs [Mon, 26 Sep 2016 15:00:34 +0000 (01:00 +1000)]
dlz-bind: Set DNS_CLIENTINFO_VERSION based on BIND version
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12366
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e63e51a2cfd89c5bb2c16b2521ffce864ca5b373)
Amitay Isaacs [Mon, 26 Sep 2016 14:57:00 +0000 (00:57 +1000)]
dlz-bind: Fix initialization of DLZ_DLOPEN_AGE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12366
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
370d6baaa60ca7aacab85852622cdca8bdb06d34)
Amitay Isaacs [Mon, 26 Sep 2016 14:52:53 +0000 (00:52 +1000)]
dlz-bind: Fix preprocessor checks for BIND versions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12366
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
fbafd2699b03902cbb7e5131ed7d345190798392)
Martin Schwenke [Tue, 11 Oct 2016 00:30:37 +0000 (11:30 +1100)]
ctdb-packaging: Move CTDB tests to /usr/local/share/ctdb/tests/
In time, other things will end up in /use/local/share/ctdb/.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12104
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
fd8e562069e3c01720be62069b7d58d14c10afd5)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Oct 31 14:58:04 CET 2016 on sn-devel-144
Stefan Metzmacher [Thu, 13 Oct 2016 10:42:59 +0000 (12:42 +0200)]
s3:smbd: only pass UCF_PREP_CREATEFILE to filename_convert() if we may create a new file
This fixes a regression introduced by commit
f98d10af2a05f0261611f4cabdfe274cd9fe91c0
(smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open)
The main problem was that Windows client seem to verify
the access to user.V2\ntuser.ini is rejected with NT_STATUS_ACCESS_DENIED,
using the machine credentials.
Passing UCF_PREP_CREATEFILE to filename_convert() triggers a code path
that implements a dropbox behaviour. A dropbox is a directory with only -wx permissions,
so get_real_filename fails with EACCESS, it needs to list the directory.
EACCESS is ignored with UCF_PREP_CREATEFILE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 25 05:33:36 CEST 2016 on sn-devel-144
(cherry picked from commit
759416582c54a16aacbef0e0dfe4649bddff8c5e)
Amitay Isaacs [Mon, 24 Oct 2016 07:24:54 +0000 (18:24 +1100)]
Revert "ctdb-common: Use SCHED_RESET_ON_FORK when setting SCHED_FIFO"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12392
Feature SCHED_RESET_ON_FORK is completely broken on RHEL6 and RHEL7
distributions. So do not rely on SCHED_RESET_ON_FORK for now.
This reverts commit
1be8564e553ce044426dbe7b3987edf514832940.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Oct 25 11:28:28 CEST 2016 on sn-devel-144
(cherry picked from commit
71b69b0169dc6e2843325f1567f64b6acd43e6b8)
Jeremy Allison [Fri, 21 Oct 2016 18:04:02 +0000 (11:04 -0700)]
s3: vfs: streams_depot. Use conn->connectpath not conn->cwd.
conn->cwd can change over the life of the connection,
conn->connectpath remains static.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12387
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Mon Oct 24 23:52:48 CEST 2016 on sn-devel-144
(cherry picked from commit
1366385d1c3e9ac0556e954864e60e72f6906942)
Ralph Wuerthner [Mon, 10 Oct 2016 14:26:05 +0000 (16:26 +0200)]
ctdb-conn: add missing variable initialization
Avoid potential crash in TALLOC_FREE(hdr).
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
4194c0797f78293fe48105ce5af70f36a3c233a8)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12372
ctdb: bad free in ctdbd_migrate()
Karolin Seeger [Tue, 25 Oct 2016 10:39:39 +0000 (12:39 +0200)]
VERSION: Bump version up to 4.4.8...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 9 Dec 2016 09:59:57 +0000 (10:59 +0100)]
VERSION: Disable GIT_SNAPSHOTS for the 4.4.8 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 9 Dec 2016 09:59:27 +0000 (10:59 +0100)]
WHATSNEW: Add release notes for Samba 4.4.8.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Stefan Metzmacher [Tue, 22 Nov 2016 16:08:46 +0000 (17:08 +0100)]
CVE-2016-2126: auth/kerberos: only allow known checksum types in check_pac_checksum()
aes based checksums can only be checked with the
corresponding aes based keytype.
Otherwise we may trigger an undefined code path
deep in the kerberos libraries, which can leed to
segmentation faults.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12446
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 23 Nov 2016 10:44:22 +0000 (11:44 +0100)]
CVE-2016-2125: s4:gensec_gssapi: don't use GSS_C_DELEG_FLAG by default
This disabled the usage of GSS_C_DELEG_FLAG by default, as
GSS_C_DELEG_POLICY_FLAG is still used by default we let the
KDC decide if we should send delegated credentials to a remote server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Stefan Metzmacher [Wed, 23 Nov 2016 10:42:59 +0000 (11:42 +0100)]
CVE-2016-2125: s3:gse: avoid using GSS_C_DELEG_FLAG
We should only use GSS_C_DELEG_POLICY_FLAG in order to let
the KDC decide if we should send delegated credentials to
a remote server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Stefan Metzmacher [Wed, 23 Nov 2016 10:41:10 +0000 (11:41 +0100)]
CVE-2016-2125: s4:scripting: don't use GSS_C_DELEG_FLAG in nsupdate-gss
This is just an example script that's not directly used by samba,
but we should avoid sending delegated credentials to dns servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Volker Lendecke [Sat, 5 Nov 2016 20:22:46 +0000 (21:22 +0100)]
CVE-2016-2123: Fix DNS vuln ZDI-CAN-3995
Thanks to Trend Micro's Zero Day Initiative and Frederic Besler for finding
this vulnerability with a PoC and a good analysis.
Signed-off-by: Volker Lendecke <vl@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12409
Karolin Seeger [Tue, 25 Oct 2016 10:39:39 +0000 (12:39 +0200)]
VERSION: Bump version up to 4.4.8...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
d6a814c770d5888e5340a5a677c5324c2fe734f8)
Karolin Seeger [Tue, 25 Oct 2016 10:38:13 +0000 (12:38 +0200)]
VERSION: Disable git snapshots for the 4.4.7 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 25 Oct 2016 09:53:06 +0000 (11:53 +0200)]
WHATSNEW: Add release notes for Samba 4.4.7.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Fri, 21 Oct 2016 21:38:49 +0000 (14:38 -0700)]
lib: Fix bug 12291
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12291
Back-ported from
f92590d10aaf9a289b5f6aac8ffc79129b83a517 in master.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(v4-4-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-4-test): Mon Oct 24 14:24:42 CEST 2016 on sn-devel-144
Stefan Metzmacher [Mon, 10 Oct 2016 15:07:12 +0000 (17:07 +0200)]
s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set "KRB5CCNAME"
Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 13 00:35:21 CEST 2016 on sn-devel-144
(cherry picked from commit
a5f895a53016af71db53967062728fec5bc307ca)
Stefan Metzmacher [Mon, 10 Oct 2016 15:07:12 +0000 (17:07 +0200)]
s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor set "KRB5CCNAME"
Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit
890b1bbdb8e965c4ff6e35214acc96ffbbff5dfd)
Stefan Metzmacher [Mon, 10 Oct 2016 13:53:26 +0000 (15:53 +0200)]
HEIMDAL:lib/krb5: destroy a memory ccache on reinit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit
2abc3710a8a63327a769ba0482c553ed274b2113)
Björn Baumbach [Fri, 18 Nov 2011 17:54:56 +0000 (18:54 +0100)]
s3-printing: fix migrate printer code (bug 8618)
Removed path from driver files.
We only need the basenames.
(cherry picked from commit
d61993043fcb7676a58658476421f5f4ff1a3fea)
(cherry picked from commit
9f07ef2249dc21eab37cd5888623e6edc84b2b59)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8618
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 5 19:19:39 CEST 2016 on sn-devel-144
(cherry picked from commit
eb7555397fd4e9f66e041179aadff59f2a39d14f)
Jeremy Allison [Mon, 17 Oct 2016 17:07:23 +0000 (10:07 -0700)]
s3: cldap: cldap_multi_netlogon_send() fails with one bad IPv6 address.
Analysis by: Rebecca Gellman <rebecca@starfleet-net.co.uk>
Ignore cldap_socket_init() failure when sending
multiple cldap netlogon requests. Allow cldap_netlogon_send()
to catch the bad address and correctly return through a
tevent subreq.
Make sure cldap_search_send() copes with cldap parameter == NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12381
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 18 02:16:20 CEST 2016 on sn-devel-144
(cherry picked from commit
44a7040500d74551b48eba04f5d0bedb1ec35ba6)
Andreas Schneider [Wed, 5 Oct 2016 06:22:54 +0000 (08:22 +0200)]
s3-utils: Fix loading smb.conf in smbcquotas
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12364
Pair-Programmed-With: Uri Simchoni <uri@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c7bcbd166d23b6ebcc2d968b76b0640b9a9beebb)
Martin Schwenke [Wed, 29 Jun 2016 07:47:12 +0000 (17:47 +1000)]
ctdb-scripts: Fix incorrect variable reference
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12362
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
eabeecb45322747d7daeb2a79ac213f17eb049da)
Jose A. Rivera [Thu, 21 Apr 2016 18:09:21 +0000 (13:09 -0500)]
ctdb-scripts: Avoid dividing by zero in memory calculation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12362
Don't do a percentage calculation for either memtotal or swaptotal if they
are zero.
Signed-off-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
bf3f22315a281fb44a5cd9b075b7915138145d6e)
Noel Power [Tue, 20 Sep 2016 10:49:49 +0000 (11:49 +0100)]
s3/winbindd: using default domain with user@domain.com format fails
For example for samba client joined to a windows AD DC the following
commands fail if 'winbind use default domain = yes'
getent passwd user@domain.com
ssh -o user=user@domain.com localhost
The same commands succeed if the setting above has the default 'no' value
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12298
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Oct 3 23:37:44 CEST 2016 on sn-devel-144
(cherry picked from commit
7c786f89820dc1f8e2a7e8da1b80042dd69b7188)
Noel Power [Thu, 29 Sep 2016 15:50:58 +0000 (16:50 +0100)]
Add a blackbox tests for id & getent to test domain@realm type credentials
Using domain@realm credentials has been problematic when
global conf setting "winbind use default domain" is enabled, this patch
creates a new s4member_dflt_domain environment (where
"winbind use default domain" is enabled) and runs getent & id against the
normal s4member & and new s4member_dflt_domain environments
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12298
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ebfe3c85d0bbdf5d5f7459ddd61e3b44c3ec2bd3)
Andreas Schneider [Mon, 19 Sep 2016 11:59:54 +0000 (13:59 +0200)]
s3-lib: Fix %G substitution in AD member environment
If we are a domain member we should look up the user with the domain
name specified else it will only work if we have
'winbind use default domain' set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12276
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
619ca5f63c47ff8b021692aaa756dcb0d883b8dd)
David Disseldorp [Mon, 3 Oct 2016 23:15:20 +0000 (01:15 +0200)]
torture/ioctl: test compression responses when unsupported
Confirm that Samba matches Windows Server 2016 ReFS behaviour here.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12144
Reported-by: Nick Barrett
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 6 06:14:34 CEST 2016 on sn-devel-144
(cherry picked from commit
f6f6263f1f03db965b64b5d7858e44ab5ffb0aeb)
David Disseldorp [Mon, 3 Oct 2016 23:09:37 +0000 (01:09 +0200)]
smbd/ioctl: match WS2016 ReFS get compression behaviour
ReFS doesn't support compression, but responds to get-compression FSCTLs
with a successful COMPRESSION_FORMAT_NONE response. set-compression
results in NT_STATUS_NOT_SUPPORTED.
This commit modifies Samba to match the ReFS behaviour, when run atop
a VFS that doesn't expose compression support.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12144
Reported-by: Nick Barrett
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
7a1000222877cdbc8967122b9de29021a42f4c8a)
Anoop C S [Fri, 7 Oct 2016 10:35:29 +0000 (16:05 +0530)]
vfs_glusterfs: Fix a memory leak in connect path
Early return in case of failure to set snapdir-entry-path xlator option
leaks talloced tmp_ctx.
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Oct 7 19:39:11 CEST 2016 on sn-devel-144
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12377
(cherry picked from commit
06281e8f1b912540a8cc2a79497b074dbe559d53)
Volker Lendecke [Wed, 12 Oct 2016 09:06:51 +0000 (11:06 +0200)]
spoolss: Fix caching of printername->sharename
time_mono() gives seconds since boot, gencache expects seconds since epoch.
With time_mono(), the values are always expired immediately.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12374
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Oct 13 13:48:52 CEST 2016 on sn-devel-144
Christian Ambach [Tue, 13 Sep 2016 08:49:47 +0000 (10:49 +0200)]
s4:samba_spnupdate: do not attempt to parse log level, use parsed value
The log level parameter can contain debug class specific entries.
Do not attempt to parse this as int, but use the values that the
debugging system already parsed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9945
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Wed Sep 14 23:15:18 CEST 2016 on sn-devel-144
(cherry picked from commit
064d24032398c8896da15246be81fdd4b1588e18)
Christian Ambach [Tue, 13 Sep 2016 08:49:47 +0000 (10:49 +0200)]
python/join: do not attempt to parse log level, use parsed value
The log level parameter can contain debug class specific entries.
Do not attempt to parse this as int, but use the values that the
debugging system already parsed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9945
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
92178f02bd09277f783eb68b476cfd1452c7f9ef)
Christian Ambach [Tue, 13 Sep 2016 08:49:47 +0000 (10:49 +0200)]
python/drs_utils: do not attempt to parse log level, use parsed value
The log level parameter can contain debug class specific entries.
Do not attempt to parse this as int, but use the values that the
debugging system already parsed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9945
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
dd25aa129b6d799853312134628402f77b492eab)
Christian Ambach [Tue, 13 Sep 2016 09:22:38 +0000 (11:22 +0200)]
tests/param add a test for LoadParm.log_level
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
fa56dbf6706872c5287eab082bb6ba7b5bd3ccd2)
Christian Ambach [Tue, 13 Sep 2016 08:48:03 +0000 (10:48 +0200)]
s4:param add log_level function to retrieve log level in Python code
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
7ba50a200924119ac1a66759e4c1419ece03ba41)
Volker Lendecke [Sat, 24 Sep 2016 17:45:13 +0000 (10:45 -0700)]
glusterfs: Avoid tevent_internal.h
Günther confirmed it still compiles :-)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Sep 24 23:41:56 CEST 2016 on sn-devel-144
(cherry picked from commit
c60ea2c17814f9f7b55514e0d0a553accaa54b15)
Jeremy Allison [Sat, 24 Sep 2016 03:00:33 +0000 (20:00 -0700)]
s3: events. Move events.c to util_event.c
Remove all tevent internal code.
Everything is now stock tevent.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(similar to commit
4ed790ebbf474c4e4ef9b4f0f3aeca65118796df)
Jeremy Allison [Sat, 24 Sep 2016 02:11:17 +0000 (19:11 -0700)]
s3: server: s3_tevent_context_init() -> samba_tevent_context_init()
We can now remove source3/lib/events.c
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
fbfea52e1ce8f22d8d020a2bf3aebd1bc69faceb)
Jeremy Allison [Sat, 24 Sep 2016 02:07:39 +0000 (19:07 -0700)]
s3: winbind: Remove dump_event_list() calls.
If needed we can add this into actual tevent.
Preparing to remove source3/lib/events.c
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
72785309aa2d1bed7abc6dd7c6475ff0f78411da)
Jeremy Allison [Fri, 23 Sep 2016 19:37:52 +0000 (12:37 -0700)]
s3: nmbd: Final changeover to stock tevent for nmbd.
Removes unused references to fds array used for (removed)
poll call. Renames create_listen_pollfds() to
create_listen_array().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
6e8bd13660d7795df429dbf852345124db38ea96)
Jeremy Allison [Fri, 23 Sep 2016 19:31:00 +0000 (12:31 -0700)]
s3: nmbd: Change over to using tevent functions from direct poll.
This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
b857bf9b3fa3a836647edc40ead92db7b782d367)
Jeremy Allison [Fri, 23 Sep 2016 19:22:53 +0000 (12:22 -0700)]
s3: nmbd: Add a talloc_stackframe().
We will use this to create real tevent timer and fd
events.
This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
36b67729a6fc8518da71944db3fac6d9236b9348)
Jeremy Allison [Fri, 23 Sep 2016 19:18:37 +0000 (12:18 -0700)]
s3: nmbd: Add (currently unused) timeout and fd handlers.
This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
cca25c8f75147873280464eaf2699ff449f609ad)
Jeremy Allison [Fri, 23 Sep 2016 19:16:58 +0000 (12:16 -0700)]
s3: nmbd: Now attrs array mirrors fd's array use it in preference.
This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
376e04656b6755d1a182430b39273a93495d00b2)
Jeremy Allison [Fri, 23 Sep 2016 19:12:43 +0000 (12:12 -0700)]
s3: nmbd: Ensure attrs array mirrors fd's array for dns.
This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
7f0717e751930cd5da029c1852ff9f61f95e40b7)
Jeremy Allison [Fri, 23 Sep 2016 19:05:59 +0000 (12:05 -0700)]
s3: nmbd: Add fd, triggered elements to struct socket_attributes.
Zero the attrs array on allocation, and mirror the fd's.
This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
d8ade0730797df22bfe28847e034eb6d116b0e00)
Stefan Metzmacher [Wed, 27 Feb 2013 08:29:47 +0000 (09:29 +0100)]
s3:nmbd: fix talloc_zero_array() check in nmbd_packets.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Sep 23 18:08:21 CEST 2016 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12283
(cherry picked from commit
4470f01605a2f09b054550ee5a8f8d3b4ebc2098)
Jeremy Allison [Thu, 13 Oct 2016 22:01:58 +0000 (15:01 -0700)]
s3: winbind: Ensure we store name2sid with the correct cache sequence number.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit
9f6fe5e2c54870abfff48c8a9d96e21bfec2425f)
Jeremy Allison [Wed, 28 Sep 2016 18:26:04 +0000 (11:26 -0700)]
s3: winbind: Trust name2sid mappings from the PAC.
Don't refresh sequence number in parent as the
mapping comes from a trusted DC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
1017b22f68e798a080e0738d3beecf008b2284ef)
Jeremy Allison [Wed, 28 Sep 2016 17:12:36 +0000 (10:12 -0700)]
s3: winbind: refresh_sequence_number is only ever called with 'false'.
Remove redundant parameter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
32ae6721cf02412af3c5a82d5da4806f4d931bcd)
Jeremy Allison [Tue, 27 Sep 2016 00:07:44 +0000 (17:07 -0700)]
s3: auth: Use wbcAuthenticateUserEx to prime the caches.
Idea by Volker - use WBC_AUTH_USER_LEVEL_PAC to pass
the PAC to winbind from smbd on auth, this allows
winbind to prime the user info via netsamlogon_cache_store()
and the name2sid cache *before* smbd looks up the user.
Note that as this is merely a cache prime having
winbind not available is not an error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 28 22:45:27 CEST 2016 on sn-devel-144
(cherry picked from commit
ccfba2537d0ea081fbeeee0feecf8e2774850300)
Jeremy Allison [Tue, 27 Sep 2016 22:04:49 +0000 (15:04 -0700)]
s3: winbind: Make WBC_AUTH_USER_LEVEL_PAC prime the name2sid cache.
In addition to priming the netsamlogon cache.
This prevents a winbind AD-DC lookup for something
the PAC already told us.
Note we only do this in the case where the PAC successfully
passed signature verification.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
cf0f28819e771d433af00b3532011de70112b1f8)
Martin Schwenke [Mon, 10 Oct 2016 02:16:01 +0000 (13:16 +1100)]
ctdb-scripts: ctdbd_wrapper should never remove the PID file
kill_ctdbd() kills the daemon and then removes the PID file. This is
racy because a new daemon could write a new PID file in between the
kill and the removal. Reversing these steps would be an improvement.
However, none of the places where kill_ctdbd() is called is a safe
place to remove the PID file. There is always a chance that a new
daemon could start, write a new PID file and then kill_ctdbd() could
remove the new PID file.
ctdbd is able to overwrite a stale PID file by checking to see if it
is locked.
Therefore, entirely drop removal of the PID file from ctdbd_wrapper.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
56d526c6ea3150a19dd0762b45d23a7c5f96d260)
Stefan Metzmacher [Fri, 23 Sep 2016 17:30:06 +0000 (19:30 +0200)]
Merge tag 'samba-4.4.6' into v4-4-test
samba: tag release samba-4.4.6
Martin Schwenke [Thu, 22 Sep 2016 04:52:55 +0000 (14:52 +1000)]
ctdb-daemon: Log when removing stale Unix domain socket
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Sep 22 12:28:12 CEST 2016 on sn-devel-144
(cherry picked from commit
0ec01826d32019b06dd10bb9b6ea5232786d5699)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Fri Sep 23 15:24:11 CEST 2016 on sn-devel-144
Martin Schwenke [Thu, 22 Sep 2016 04:47:02 +0000 (14:47 +1000)]
ctdb-daemon: Drop attempt to connect to Unix domain socket
This was a weak attempt at exclusivity. PID file creation now does
that properly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
8eff9e96037627b1e4adf3ccc8da94ef8f0bad2a)
Martin Schwenke [Thu, 22 Sep 2016 04:46:12 +0000 (14:46 +1000)]
ctdb-daemon: Don't try to reopen TDB files
There aren't any open at this stage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
d719a87fe021b0c704fc4b12ddfc0345fe3af146)
Martin Schwenke [Thu, 22 Sep 2016 04:43:58 +0000 (14:43 +1000)]
ctdb-daemon: Bind to Unix domain socket after PID file creation
No use touching the socket if PID file creation fails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
1e501c77492d25b760c7b10849460ee6490f39dc)
Martin Schwenke [Thu, 22 Sep 2016 04:35:03 +0000 (14:35 +1000)]
ctdb-daemon: Use PID file abstraction
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
5148e02adb7b2ea34da9c826a682c1387773402b)
Amitay Isaacs [Mon, 19 Sep 2016 06:30:12 +0000 (16:30 +1000)]
ctdb-common: Add routines to manage PID file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
97b6ac7f662d8de316ed520e038779e79bcdb7bc)