sfrench/samba-autobuild/.git
20 months agoVERSION: Disable GIT_SNAPSHOTS for the 4.7.0rc5 release. samba-4.7.0rc5
Karolin Seeger [Tue, 29 Aug 2017 04:10:06 +0000 (06:10 +0200)]
VERSION: Disable GIT_SNAPSHOTS for the 4.7.0rc5 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
20 months agoWHATSNEW: Add release notes for Samba 4.7.0rc5.
Karolin Seeger [Tue, 29 Aug 2017 04:09:24 +0000 (06:09 +0200)]
WHATSNEW: Add release notes for Samba 4.7.0rc5.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
20 months agos4:torture: The teardown function should just return
Andreas Schneider [Tue, 8 Aug 2017 10:05:24 +0000 (12:05 +0200)]
s4:torture: The teardown function should just return

The teardown functions should not return on error but finish cleaning
up!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12984

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit c90069b26424752b15922de9cb796c431d2f3e08)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Mon Aug 28 15:19:58 CEST 2017 on sn-devel-144

20 months agos4:torture: Delete printer before we remove the driver
Andreas Schneider [Tue, 8 Aug 2017 08:40:19 +0000 (10:40 +0200)]
s4:torture: Delete printer before we remove the driver

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12984

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit bd44e435fa6a93d47a470f8ee95763a95eba4b5d)

20 months agos4:torture: Use a different driver name for add_driver tests
Andreas Schneider [Tue, 8 Aug 2017 09:25:48 +0000 (11:25 +0200)]
s4:torture: Use a different driver name for add_driver tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12984

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 731fe596ac0999d54aae03ce4175356c56b3c94b)

20 months ago[PATCH] WHATSNEW: Added links to Wiki documentation
Marc Muehlfeld [Mon, 28 Aug 2017 08:54:43 +0000 (10:54 +0200)]
[PATCH] WHATSNEW: Added links to Wiki documentation

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
20 months agovfs_default: Fix passing of errno from async calls
Christof Schmitt [Wed, 23 Aug 2017 21:37:28 +0000 (14:37 -0700)]
vfs_default: Fix passing of errno from async calls

Current code assigns errno from async pthreadpool calls to the
vfs_default internal vfswrap_*_state.  The callers of the vfs_*_recv
functions expect the value from errno in vfs_aio_state.error.

Correctly assign errno to vfs_aio_state.error and remove the unused
internal err variable.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12983

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit a6f391b8dd1fbfd1a370667dec1374284984c341)

20 months agoctdb-client: Fix ctdb_attach() to use database flags
Amitay Isaacs [Fri, 18 Aug 2017 04:00:47 +0000 (14:00 +1000)]
ctdb-client: Fix ctdb_attach() to use database flags

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Aug 25 13:32:58 CEST 2017 on sn-devel-144

(cherry picked from commit 1f7f112317e0c33bc088a204b3ee69ba48c3f449)

20 months agoctdb-client: Optionally return database id from ctdb_ctrl_createdb()
Amitay Isaacs [Wed, 23 Aug 2017 02:09:22 +0000 (12:09 +1000)]
ctdb-client: Optionally return database id from ctdb_ctrl_createdb()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 9987fe7209c3bd44ea0015d98d0f92b65ec70700)

20 months agoctdb-client: Fix ctdb_ctrl_createdb() to use database flags
Amitay Isaacs [Fri, 18 Aug 2017 03:50:39 +0000 (13:50 +1000)]
ctdb-client: Fix ctdb_ctrl_createdb() to use database flags

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 4bd0a20a75db3b3c409c25a4bc59aed30464f047)

20 months agoctdb-tests: Add a test to check databases are attached with correct flags
Amitay Isaacs [Fri, 18 Aug 2017 04:27:10 +0000 (14:27 +1000)]
ctdb-tests: Add a test to check databases are attached with correct flags

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 9a92d712705356d18f70dfb779c18256794966b9)

20 months agoctdb-tests: Add functions to start/stop/restart a single local daemon
Amitay Isaacs [Fri, 18 Aug 2017 04:45:30 +0000 (14:45 +1000)]
ctdb-tests: Add functions to start/stop/restart a single local daemon

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 9691b72a8785c2bc2561bd6c897fea3c0cc2cbeb)

20 months agoctdb-tests: Add functions to start/stop/restart ctdb on single node
Amitay Isaacs [Tue, 22 Aug 2017 02:53:43 +0000 (12:53 +1000)]
ctdb-tests: Add functions to start/stop/restart ctdb on single node

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 205969dd94f532a157e17a88191863e4af0c012c)

20 months agos3:utils: Remove pointless if-clause for remote_machine
Andreas Schneider [Tue, 22 Aug 2017 13:46:07 +0000 (15:46 +0200)]
s3:utils: Remove pointless if-clause for remote_machine

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975

Review with: git show -U20

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 4a4bfcb539b4489f397b2bc9369215b7e03e620e)

20 months agos3:utils: Make sure we authenticate against our SAM name in smbpasswd
Andreas Schneider [Fri, 18 Aug 2017 14:17:08 +0000 (16:17 +0200)]
s3:utils: Make sure we authenticate against our SAM name in smbpasswd

If a local user wants to change his password using smbpasswd and the
machine is a domain member, we need to make sure we authenticate against
our SAM and not ask winbind.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit dc129a968afdac8be70f9756bd18a7bf1f4c3b02)

20 months agos3:utils: Pass domain to password_change() in smbpasswd
Andreas Schneider [Fri, 18 Aug 2017 14:14:57 +0000 (16:14 +0200)]
s3:utils: Pass domain to password_change() in smbpasswd

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit b483340639157fe95777672f5723455c48c3c616)

20 months agos3:utils: Make strings const passed to password_change() in smbpasswd
Andreas Schneider [Fri, 18 Aug 2017 14:13:15 +0000 (16:13 +0200)]
s3:utils: Make strings const passed to password_change() in smbpasswd

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 41a31a71abe144362fc7483fabba39aafa866373)

20 months agos3:libsmb: Move prototye of remote_password_change()
Andreas Schneider [Fri, 18 Aug 2017 14:10:06 +0000 (16:10 +0200)]
s3:libsmb: Move prototye of remote_password_change()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit c773844e7529b83b2633671c7bcf1e7b84ad7950)

20 months agos3:libsmb: Pass domain to remote_password_change()
Andreas Schneider [Fri, 18 Aug 2017 14:08:46 +0000 (16:08 +0200)]
s3:libsmb: Pass domain to remote_password_change()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 7a554ee7dcefdff599ebc6fbf4e128b33ffccf29)

20 months agos3:gse_krb5: make use of precalculated krb5 keys in fill_mem_keytab_from_secrets()
Stefan Metzmacher [Thu, 17 Aug 2017 15:45:21 +0000 (17:45 +0200)]
s3:gse_krb5: make use of precalculated krb5 keys in fill_mem_keytab_from_secrets()

This avoids a lot of cpu cycles, which were wasted for each single smb
connection, even if the client didn't use kerberos.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12973

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 18 10:04:57 CEST 2017 on sn-devel-144

(cherry picked from commit cd813f7fd9ee8e9d82a6bf6c98621c437f6974b2)

20 months agos3:secrets: allow secrets_fetch_or_upgrade_domain_info() on an AD DC
Stefan Metzmacher [Thu, 17 Aug 2017 19:42:34 +0000 (21:42 +0200)]
s3:secrets: allow secrets_fetch_or_upgrade_domain_info() on an AD DC

The reason for the check is for write access as secrets.ldb is the
master database.

But secrets_fetch_or_upgrade_domain_info() just syncs the values
we got from if they got overwritten by secrets_store_machine_pw_sync().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12973

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 37e49a2af5bb1c40c17eab18ff9412f2ce79ef71)

20 months agolibcli/smb: debug an error if smb1cli_req_writev_submit() is called for SMB2/3
Stefan Metzmacher [Wed, 16 Aug 2017 20:27:15 +0000 (22:27 +0200)]
libcli/smb: debug an error if smb1cli_req_writev_submit() is called for SMB2/3

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12968

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 18 04:45:03 CEST 2017 on sn-devel-144

(cherry picked from commit 9fb2562324e4381f8d0d5eaf864790ad770293b9)

20 months agos3: libsmb: Add cli_smb2_chkpath() and use from cli_chkpath().
Jeremy Allison [Wed, 16 Aug 2017 22:48:01 +0000 (15:48 -0700)]
s3: libsmb: Add cli_smb2_chkpath() and use from cli_chkpath().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12968

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 428fc22e8bb7b7a74ba9e29bf962ebfbfd50c47b)

20 months agoblackbox: Add test for 'net ads changetrustpw'
Andreas Schneider [Wed, 9 Aug 2017 10:14:34 +0000 (12:14 +0200)]
blackbox: Add test for 'net ads changetrustpw'

BUG: BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 11 22:09:27 CEST 2017 on sn-devel-144

(cherry picked from commit e2c0fd36ba54d984b554248aecffd3e4e7f43e1f)

20 months agos3:libads: Fix changing passwords with Kerberos
Andreas Schneider [Wed, 9 Aug 2017 16:14:23 +0000 (18:14 +0200)]
s3:libads: Fix changing passwords with Kerberos

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit b81ca4f9dcbb378a95fb3ac31bfd9a1cbe505d7d)

20 months agos3:script: Untaint user supplied data in modprinter.pl
Andreas Schneider [Tue, 8 Aug 2017 06:40:34 +0000 (08:40 +0200)]
s3:script: Untaint user supplied data in modprinter.pl

spoolss_SetPrinter fails because of the error produced by modprinter.pl.

Perl error:
Insecure dependency in open while running setgid at modprinter.pl line 76.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12950

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit f44917743512fa40f2833629dfd781f7c691ce62)

20 months agos4:http/gensec: add missing tevent_req_done() to gensec_http_ntlm_update_done()
Stefan Metzmacher [Thu, 20 Jul 2017 09:56:21 +0000 (11:56 +0200)]
s4:http/gensec: add missing tevent_req_done() to gensec_http_ntlm_update_done()

This was missing in commit d718e92d5e145dccd492c46febc249e462ce50c6.

Sadly we can't have automated tests for this as we only implement
the client side for this protocol.

I've tested with using:

bin/smbtorture \
  -W BLA --realm=BLA.BASE \
  -s /dev/null -Uadministrator%A1b2C3d4 \
  ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \
  rpc.epmapper.epmapper.Lookup_simple \

and:

bin/smbtorture \
  -W BLA --realm=BLA.BASE \
  -s /dev/null -Uadministrator%A1b2C3d4 \
  ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \
  rpc.epmapper.epmapper.Lookup_simple \

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12919

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 21 23:29:39 CEST 2017 on sn-devel-144

(cherry picked from commit 13f91927e0f642e58c70d7b0b2f68df861ac661c)

20 months agos3:libsmb: let do_connect() debug the negotiation result similar to "session request ok"
Stefan Metzmacher [Wed, 16 Aug 2017 10:42:48 +0000 (12:42 +0200)]
s3:libsmb: let do_connect() debug the negotiation result similar to "session request ok"

Also modify non-specified max_protocol to be PROTOCOL_LATEST
(currently PROTOCOL_SMB3_11).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12881

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 2901ed0deb1324cacdc804fe5a09468a91661f9d)

20 months agos3:libsmb: don't call cli_NetServerEnum() on SMB2/3 connections in SMBC_opendir_ctx()
Stefan Metzmacher [Wed, 16 Aug 2017 10:38:30 +0000 (12:38 +0200)]
s3:libsmb: don't call cli_NetServerEnum() on SMB2/3 connections in SMBC_opendir_ctx()

This is all we can do with when using we allow SMB2/3 and the server supports
it, 'smb://' can't work unless we implement LLMNR and maybe WSD.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12876

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ecca95736d3994011de2d3fd882b58ab9b450a83)

20 months agos3:smbclient: don't try any workgroup listing with "client min protocol = SMB2"
Stefan Metzmacher [Wed, 16 Aug 2017 06:56:39 +0000 (08:56 +0200)]
s3:smbclient: don't try any workgroup listing with "client min protocol = SMB2"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12863

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 379e5c1c2fa75c30b08bea7079cf1e9c46db0b26)

20 months agos3:smbclient: improve the error messages for smbclient -L
Stefan Metzmacher [Wed, 16 Aug 2017 06:55:43 +0000 (08:55 +0200)]
s3:smbclient: improve the error messages for smbclient -L

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12863

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3111463e743dfda89002f1047d1030ab617e5277)

20 months agos3:libsmb: let get_ipc_connect() use CLI_FULL_CONNECTION_FORCE_SMB1
Stefan Metzmacher [Fri, 7 Jul 2017 22:57:59 +0000 (00:57 +0200)]
s3:libsmb: let get_ipc_connect() use CLI_FULL_CONNECTION_FORCE_SMB1

get_ipc_connect() is only used in code paths that require cli_NetServerEnum()
to work, so it must already require SMB1 only.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12876

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0f9d10246071160dc736205af234ab0ca456d0dc)

20 months agos3:libsmb: Print the kinit failed message with DBGLVL_NOTICE
Andreas Schneider [Thu, 24 Aug 2017 10:51:35 +0000 (12:51 +0200)]
s3:libsmb: Print the kinit failed message with DBGLVL_NOTICE

The default debug level of smbclient is set to 'log level = 1'. So we
need to use at least NOTICE to not get the message when we do not force
kerberos.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12704

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 6d7681c73dc68930dc39f05d58c2679b7c84ad97)

20 months agos3:utils: Do not report an invalid range for AD DC role
Andreas Schneider [Fri, 18 Aug 2017 08:35:55 +0000 (10:35 +0200)]
s3:utils: Do not report an invalid range for AD DC role

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12629

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 95e30b081f273f2d156792577179c5220c0a10cc)

20 months agos4/lib/tls: Use SHA256 to sign the TLS certificates
Andrew Bartlett [Wed, 9 Aug 2017 04:44:24 +0000 (16:44 +1200)]
s4/lib/tls: Use SHA256 to sign the TLS certificates

The use of SHA-1 has been on the "do not" list for a while now, so make our
self-signed certificates use SHA256 using the new
gnutls_x509_crt_sign2 provided since GNUTLS 1.2.0

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12953
(cherry picked from commit 5bb341fb9ceb943b4a72108edee9046b60f070b0)

20 months agoheimdal: Fix printing a short int into a string
Andreas Schneider [Wed, 9 Aug 2017 15:01:09 +0000 (17:01 +0200)]
heimdal: Fix printing a short int into a string

The size of portstr is too small to print an integer and we should print
a short anyway.

This fixes building with GCC 7.1

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 11 18:08:04 CEST 2017 on sn-devel-144

(cherry picked from commit abd74c3ba5e3ee3f5320bff6ed7dff4fbcb79373)

20 months agos3:utils: Fix buffer size for snprintf and format string
Andreas Schneider [Wed, 9 Aug 2017 06:37:38 +0000 (08:37 +0200)]
s3:utils: Fix buffer size for snprintf and format string

GCC 7.1 produces an error:
‘snprintf’ output between 47 and 66 bytes into a destination of size 40

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug  9 13:37:47 CEST 2017 on sn-devel-144

(cherry picked from commit b86f44cbd0b1fcaf39c9edec764ecef2fd6a863b)

20 months agos3:torture: Fix spoolss test to build with -O3
Andreas Schneider [Wed, 9 Aug 2017 06:23:29 +0000 (08:23 +0200)]
s3:torture: Fix spoolss test to build with -O3

Initialize variables so that we do not get a build warning that they
might be used uninitilized.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 1c3b678e7dc7481cf2e97cdf136358d5fe53d9d3)

20 months agos4:samdb: Fix building Samba with -O3
Andreas Schneider [Wed, 9 Aug 2017 05:45:04 +0000 (07:45 +0200)]
s4:samdb: Fix building Samba with -O3

gcc error: ‘result’ may be used uninitialized

This wont happen, because ldb will return and error, but the compiler
doesn't understand this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b5283c70e3924730b567772105ec6056831a6b53)

21 months agos4: com: Replace erroneous inclusion of internal talloc.h header with external.
Jeremy Allison [Mon, 14 Aug 2017 20:02:30 +0000 (13:02 -0700)]
s4: com: Replace erroneous inclusion of internal talloc.h header with external.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 15 08:06:40 CEST 2017 on sn-devel-144

(cherry picked from commit f816de5636bb17ab09dd4b9c3e5b0249dc9b186f)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Thu Aug 17 14:58:08 CEST 2017 on sn-devel-144

21 months agolib: auth: Store the netlogon_creds_cli_global_db pointer on the NULL context.
Jeremy Allison [Mon, 24 Jul 2017 23:14:00 +0000 (16:14 -0700)]
lib: auth: Store the netlogon_creds_cli_global_db pointer on the NULL context.

Now we shutdown correctly it doesn't need the talloc_autofree_context().

Last use of talloc_autofree_context() ourside the talloc test code !

Please don't add it ever again :-).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 27 01:34:12 CEST 2017 on sn-devel-144

(cherry picked from commit e74081ce5d0f81024f7384816c589e5bc28baf80)

21 months agos3: clients: Use netlogon_creds_cli_close_global_db() in all normal exit paths.
Jeremy Allison [Mon, 24 Jul 2017 23:12:45 +0000 (16:12 -0700)]
s3: clients: Use netlogon_creds_cli_close_global_db() in all normal exit paths.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit dbd32932463935cd47c55a9e1afdaccd7f6daf4d)

21 months agolib: auth: Add a shutdown function for netlogon_creds_cli_global_db.
Jeremy Allison [Mon, 24 Jul 2017 21:49:47 +0000 (14:49 -0700)]
lib: auth: Add a shutdown function for netlogon_creds_cli_global_db.

Will allow us to move off the talloc_autofree_context().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 4cc104d015bdfeb631c7c8f5252fc31727a128ca)

21 months agos3: rpcclient: Use rpcclient_msg_ctx as the long-lived talloc context for rpcclient_n...
Jeremy Allison [Mon, 24 Jul 2017 20:14:08 +0000 (13:14 -0700)]
s3: rpcclient: Use rpcclient_msg_ctx as the long-lived talloc context for rpcclient_netlogon_creds.

Guaranteed to stay around until the command exits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 74b589799e794cc8872a7d3845ced9f5087a8366)

21 months agos3: rpcclient: Use event context as the talloc parent of the rpcclient_msg_ctx.
Jeremy Allison [Mon, 24 Jul 2017 20:12:20 +0000 (13:12 -0700)]
s3: rpcclient: Use event context as the talloc parent of the rpcclient_msg_ctx.

Give control over shutdown.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit b1450af1c3c7ddc0573510706d605eedecaff61c)

21 months agos3: rpcclient: Split out initialization and free of event context.
Jeremy Allison [Mon, 24 Jul 2017 20:10:30 +0000 (13:10 -0700)]
s3: rpcclient: Split out initialization and free of event context.

Allows us to control shutdown.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1d6b98cdab4f0a400673cf967225214e858ab1ee)

21 months agos3: rpc_client: Allocate struct db_context * off the local frame, as all other variab...
Jeremy Allison [Mon, 24 Jul 2017 19:58:29 +0000 (12:58 -0700)]
s3: rpc_client: Allocate struct db_context * off the local frame, as all other variables in this function.

On success, netlogon_creds_cli_set_global_db() reparents it to a long-lived context.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1fb46b76dbcf28d8c71ff1096c402953a90bcf5f)

21 months agolib: cli: fname is a local variable already freed in the function scope, doesn't...
Jeremy Allison [Mon, 24 Jul 2017 19:56:15 +0000 (12:56 -0700)]
lib: cli: fname is a local variable already freed in the function scope, doesn't need to be on talloc_autofree_context()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 5c8a98c2dae92c71873798eb37f506093700a14c)

21 months agos4: schema: Allocate global_schema off the NULL context, not the talloc_autofree_cont...
Jeremy Allison [Mon, 24 Jul 2017 19:50:50 +0000 (12:50 -0700)]
s4: schema: Allocate global_schema off the NULL context, not the talloc_autofree_context().

The ldb context keeps a talloc_reference to this also, so the long-live allocation
context can be NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit c27a6438cb3dd98fc300311a951b91be91610a90)

21 months agolib: ldb: Python. Take care of freeing the passed in module description if ldb_regist...
Jeremy Allison [Mon, 24 Jul 2017 19:12:17 +0000 (12:12 -0700)]
lib: ldb: Python. Take care of freeing the passed in module description if ldb_register_module() fails.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 99e4bea89e82327e6de3adf7e8411eb9a89f54db)

21 months agolib: ldb: Use NULL to allocate modules not talloc_autofree_context().
Jeremy Allison [Mon, 24 Jul 2017 19:11:03 +0000 (12:11 -0700)]
lib: ldb: Use NULL to allocate modules not talloc_autofree_context().

ldb modules are not (yet) unloaded and are only loaded once (there is a check
that makes sure of this). Allocate off the NULL context. We never want this
to be freed until process shutdown. If eventually we add the ability to
unload ldb modules we can add a deregister function that walks and frees the list.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 41b1f8a20c7db6b79706a4aebcc7074149a6ab62)

21 months agos4: COM: Remove talloc_autofree_context() from (unused) COM code.
Jeremy Allison [Mon, 24 Jul 2017 19:00:21 +0000 (12:00 -0700)]
s4: COM: Remove talloc_autofree_context() from (unused) COM code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fe2ac3e304201d18ca15d388b622a4f15f72ad0a)

21 months agolib: rpc: The registered interfaces are a lists of singletons that are never removed.
Jeremy Allison [Mon, 24 Jul 2017 18:43:47 +0000 (11:43 -0700)]
lib: rpc: The registered interfaces are a lists of singletons that are never removed.

Allocate them off the NULL context not the talloc_autofree_context().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1c1fce74142f1ba982fee045cdb72938faabe5d5)

21 months agos4: modules. Fix missing TALLOC_CTX in module init function.
Jeremy Allison [Mon, 24 Jul 2017 17:02:08 +0000 (10:02 -0700)]
s4: modules. Fix missing TALLOC_CTX in module init function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 34ca1b3af46d0e647f1094a75844128a30f61330)

21 months agosmb.conf: Explain that "ntlm auth" is a per-passdb setting
Andrew Bartlett [Mon, 24 Jul 2017 02:09:19 +0000 (14:09 +1200)]
smb.conf: Explain that "ntlm auth" is a per-passdb setting

This parameter has always applied to this passdb only, not to domain
authentication.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12929
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 9d4a9bd3cc6d5031b4cb6120be8d261350a8bdfc)

21 months agoselftest: Add test for password change when NTLM is disabled
Tim Beale [Tue, 4 Jul 2017 05:27:27 +0000 (17:27 +1200)]
selftest: Add test for password change when NTLM is disabled

When NTLM is disabled, the server should reject NTLM-based password
changes. Changing the password is a bit complicated from python, but
because the server should reject the password change outright with
NTLM_BLOCKED, the test doesn't actually need to provide valid
credentials.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 21 13:54:35 CEST 2017 on sn-devel-144

(cherry picked from commit 4e04f025a0665e2573bdd92efe9ba5aa9dcd82d7)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Wed Aug 16 13:03:26 CEST 2017 on sn-devel-144

21 months agoWHATSNEW: Fix some typos.
Karolin Seeger [Tue, 15 Aug 2017 08:25:30 +0000 (10:25 +0200)]
WHATSNEW: Fix some typos.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
21 months agoVERSION: Bump version up to 4.7.0rc5...
Karolin Seeger [Mon, 14 Aug 2017 10:49:02 +0000 (12:49 +0200)]
VERSION: Bump version up to 4.7.0rc5...

and re-enable GIT_SNAPSHOTS.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
21 months agoVERSION: Disable GIT_SNAPSHOT for the 4.7.0rc4 release. samba-4.7.0rc4
Karolin Seeger [Mon, 14 Aug 2017 10:47:57 +0000 (12:47 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.7.0rc4 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
21 months agoWHATSNEW: Add release notes for Samba 4.7.0rc4.
Karolin Seeger [Mon, 14 Aug 2017 10:47:16 +0000 (12:47 +0200)]
WHATSNEW: Add release notes for Samba 4.7.0rc4.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
21 months agosource3/client: Fix typo in help message displayed by default
Anoop C S [Mon, 31 Jul 2017 10:09:19 +0000 (15:39 +0530)]
source3/client: Fix typo in help message displayed by default

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12936

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 90487259e365d5b966ccc47ac51eadb4733f3197)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Mon Aug 14 14:35:34 CEST 2017 on sn-devel-144

21 months agovfs_fruit: factor out common code from ad_get() and ad_fget()
Ralph Boehme [Wed, 24 May 2017 07:17:19 +0000 (09:17 +0200)]
vfs_fruit: factor out common code from ad_get() and ad_fget()

As a result of the previous changes ad_get() and ad_fget() do completey
the same, so factor out the common code to a new helper function. No
change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug  9 22:33:36 CEST 2017 on sn-devel-144

(cherry picked from commit d55c27abc5a7357f740c7065bbe12e7f36b57125)

21 months agovfs_fruit: return fake pipe fd in fruit_open_meta_netatalk()
Ralph Boehme [Tue, 23 May 2017 15:44:16 +0000 (17:44 +0200)]
vfs_fruit: return fake pipe fd in fruit_open_meta_netatalk()

Do not open the basefile, that conflict with "kernel oplocks = yes". We
just return a fake file fd based on dup'ing a pipe fd and ensure all VFS
functions that go through vfs_fruit and work on the metadata stream can
deal with it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 7583ee6e1c558067e4c7a7351085fcc0e4240366)

21 months agovfs_fruit: don't open basefile in ad_open() and simplify API
Ralph Boehme [Tue, 23 May 2017 15:31:47 +0000 (17:31 +0200)]
vfs_fruit: don't open basefile in ad_open() and simplify API

We never need an fd on the basefile when operating on the metadata, as
we can always use path based syscalls. Opening the basefile conflicts
with "kernel oplocks" so just don't do it.

Additional changes:

- remove the adouble_type_t argument to ad_open(), the type is passed
  and set when allocating a struct adouble with ad_alloc()

- additionally pass an optional fsp to ad_open() (so the caller can pass
  NULL). With this change we can move the fd inheritance from fsp to ad
  into ad_open() itself where it belongs and remove it from the caller
  ad_fget()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit e92a39255e66f655e2758f0a71a01eaf258cf711)

21 months agovfs_fruit: use path based setxattr call in ad_fset()
Ralph Boehme [Tue, 23 May 2017 15:39:46 +0000 (17:39 +0200)]
vfs_fruit: use path based setxattr call in ad_fset()

This allows later commits to remove opening of the basefile which
conflict with "kernel oplocks = yes".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit aff6fc49f4ac244aef162200a37bd846719e1e4f)

21 months agos4/torture: additional tests for kernel-oplocks
Ralph Boehme [Thu, 18 May 2017 11:17:38 +0000 (13:17 +0200)]
s4/torture: additional tests for kernel-oplocks

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit bbc225de83e7b0e5eaeb1b843532d1f0fca91a3c)

21 months agos4/torture: reproducer for kernel oplocks issue with streams
Ralph Boehme [Wed, 10 May 2017 09:38:06 +0000 (11:38 +0200)]
s4/torture: reproducer for kernel oplocks issue with streams

test_smb2_kernel_oplocks3() wouldn't have failed without the patches,
I'm just adding it to have at least one test that tests with 2
clients. All other tests use just one client.

test_smb2_kernel_oplocks4() is the reproducer.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit a334fff8a8c779704ee04ae784024efb67a6e9c9)

21 months agovfs_streams_xattr: return a fake fd in streams_xattr_open()
Ralph Boehme [Thu, 11 May 2017 16:08:56 +0000 (18:08 +0200)]
vfs_streams_xattr: return a fake fd in streams_xattr_open()

The final step in changing vfs_streams_xattr to not call open() on the
basefile anymore. Instead, we just return a fake file fd based on
dup'ing a pipe fd. Previous commits ensured all calls to VFS API
functions use pathname based versions to do their work.

This ensures we don't trigger kernel oplock breaks for client "open
stream" requests when needlessly opening the basefile.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0a8559d4c9e4fc73c30a06b5f45f3b870afe4439)

21 months agovfs_streams_xattr: implement all missing handle based VFS functions
Ralph Boehme [Thu, 11 May 2017 16:05:18 +0000 (18:05 +0200)]
vfs_streams_xattr: implement all missing handle based VFS functions

Implement all missing handle based VFS function. If the call is on a
named stream, implement the appropriate action for the VFS function, in
most cases a no-op.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 9647af6bec62c9f61d541aad4a9b8f25fd5bc627)

21 months agovfs_streams_xattr: always pass NULL as fsp arg to get_ea_value()
Ralph Boehme [Thu, 11 May 2017 15:38:00 +0000 (17:38 +0200)]
vfs_streams_xattr: always pass NULL as fsp arg to get_ea_value()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0ed3075ee7edfecde7455a2c64e9df882828343b)

21 months agovfs_streams_xattr: remove fsp argument from get_xattr_size()
Ralph Boehme [Thu, 11 May 2017 15:36:15 +0000 (17:36 +0200)]
vfs_streams_xattr: remove fsp argument from get_xattr_size()

Still in the process of changing all handle based operations to use path
based operations.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 4cc59e6d011cd3804499ba82bb4071973aa9d494)

21 months agovfs_streams_xattr: remove all uses of fd, use name based functions
Ralph Boehme [Thu, 11 May 2017 13:05:23 +0000 (15:05 +0200)]
vfs_streams_xattr: remove all uses of fd, use name based functions

We don't really need an fd in this module, all calls to the VFS xattr
API can just use the name based versions.

This paves the way for removing the open of the basefile in
streams_xattr_open() in a later commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit ea906bb476516c05e7cbda478afd32acb443c03e)

21 months agovfs_streams_xattr: invalidate stat info if xattr was not found
Ralph Boehme [Thu, 11 May 2017 05:59:20 +0000 (07:59 +0200)]
vfs_streams_xattr: invalidate stat info if xattr was not found

We stat the basefile so we leave valid stat info from the base file
behind, even though the xattr for the stream was not there.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit ec32f33ea6d50d9cb504400c3ef1e78643502e1a)

21 months agos3: torture: Add a test for cli_setpathinfo_basic() to smbtorture3.
Jeremy Allison [Fri, 21 Jul 2017 22:11:08 +0000 (15:11 -0700)]
s3: torture: Add a test for cli_setpathinfo_basic() to smbtorture3.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit bfa07323590357542eb06ad5faa2dc5a5736e3f1)

21 months agos3: libsmb: Implement cli_smb2_setatr() by calling cli_smb2_setpathinfo().
Jeremy Allison [Fri, 21 Jul 2017 19:46:23 +0000 (12:46 -0700)]
s3: libsmb: Implement cli_smb2_setatr() by calling cli_smb2_setpathinfo().

This removes duplicate code paths and ensures we have only one
function calling the underlying smb2cli_set_info() for setting
info levels by path.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b1e5b894b089433e59c96915a27559d179bdb6c5)

21 months agos3: libsmb: Add cli_smb2_setpathinfo(), to be called by cli_setpathinfo_basic().
Jeremy Allison [Fri, 21 Jul 2017 19:41:11 +0000 (12:41 -0700)]
s3: libsmb: Add cli_smb2_setpathinfo(), to be called by cli_setpathinfo_basic().

Fix to prevent libsmbclient from accidently making SMB1 calls inside an SMB2
connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 2a15c70603bb23a68a2e3de0b00bfd98508f78e0)

21 months agos3: libsmbclient: Fix cli_setpathinfo_basic() to treat mode == -1 as no change.
Jeremy Allison [Fri, 21 Jul 2017 16:56:45 +0000 (09:56 -0700)]
s3: libsmbclient: Fix cli_setpathinfo_basic() to treat mode == -1 as no change.

This is only called from SMBC_setatr(), so bring it into line with
the specification for that function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 812006fa8f26004609901b0ddef1c3ed05eff35e)

21 months agovfs_gpfs: handle EACCES when fetching DOS attributes from xattr
Ralph Boehme [Thu, 8 Jun 2017 17:18:36 +0000 (19:18 +0200)]
vfs_gpfs: handle EACCES when fetching DOS attributes from xattr

When trying to fetch the DOS attributes via gpfswrap_get_winattrs_path()
if the filesystem doesn't grant READ_ATTR to the file the function fails
with EACCESS.

But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.

So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call gpfswrap_get_winattrs_path()
with DAC_OVERRIDE_CAPABILITY.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug  9 01:21:14 CEST 2017 on sn-devel-144

(cherry picked from commit 62d73f5b936550d623ef4f31c7438ac3c90105b9)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Fri Aug 11 14:48:10 CEST 2017 on sn-devel-144

21 months agos3/smbd: handle EACCES when fetching DOS attributes from xattr
Ralph Boehme [Thu, 8 Jun 2017 17:10:20 +0000 (19:10 +0200)]
s3/smbd: handle EACCES when fetching DOS attributes from xattr

When trying to fetch the DOS attributes xattr via SMB_VFS_GETXATTR() if
the filesystem doesn't grant read access to the file the xattr read
request fails with EACCESS.

But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.

So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call SMB_VFS_GETXATTR() as root,
ensuring we can read the DOS attributes xattr.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit c54fcb7cbd0de244eed4134e877da6e9c16e7aab)

21 months agos3/smbd: handling of failed DOS attributes reading
Ralph Boehme [Thu, 8 Jun 2017 17:05:48 +0000 (19:05 +0200)]
s3/smbd: handling of failed DOS attributes reading

Only fall back to using UNIX modes if we get NOT_IMPLEMENTED. This is
exactly what we already do when setting DOS attributes.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit 9de1411d9e7c7ac3da544345d4dea7fd73dff01b)

21 months agopython: Fix incorrect kdc.conf parameter name in kerberos.py
Marc Muehlfeld [Sun, 6 Aug 2017 09:50:55 +0000 (11:50 +0200)]
python: Fix incorrect kdc.conf parameter name in kerberos.py

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12947
Typo in kdc.conf results in: Unable to load requested database module
'samba'.

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Thu Aug 10 12:58:59 CEST 2017 on sn-devel-144

21 months agoWHATSNEW: Update doc for Samba AD with MIT Kerberos
Andreas Schneider [Mon, 7 Aug 2017 12:55:34 +0000 (14:55 +0200)]
WHATSNEW: Update doc for Samba AD with MIT Kerberos

This has been changed, the file is created in the private samba
directory. The path is printed by 'samba-tool' after it has been
created.

Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Tue Aug  8 12:49:24 CEST 2017 on sn-devel-144

21 months agodsdb: Do not force a re-index of sam.ldb on upgrade to 4.7
Andrew Bartlett [Mon, 31 Jul 2017 22:26:34 +0000 (10:26 +1200)]
dsdb: Do not force a re-index of sam.ldb on upgrade to 4.7

This means that no compatibleFeatures or incompatibleFeatures will be honoured
until a re-index, but that can be triggered when these features are set.

New databases will still get this support.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12855
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit 39c6274084e5d72d6fdfae1fb9fede439f6ad60d)

21 months agodsdb: Fix dsdb_next_callback to correctly use ldb_module_done() etc
Andrew Bartlett [Tue, 1 Aug 2017 01:18:33 +0000 (13:18 +1200)]
dsdb: Fix dsdb_next_callback to correctly use ldb_module_done() etc

If we do not call ldb_module_done() then we do not know that up_req->callback()
has been called, and ldb_next_request() will call the callback again.

If called twice, the new ldb_lock_backend_callback() in ldb 1.2.0 will segfault.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12904

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug  1 07:52:38 CEST 2017 on sn-devel-144

(cherry picked from commit d5750f016362ce55a1c905509c419756b523dde6)

21 months agos4-cldap/netlogon: Match Windows 2012R2 and return NETLOGON_NT_VERSION_5 when version...
Andrew Bartlett [Tue, 25 Jul 2017 02:26:45 +0000 (14:26 +1200)]
s4-cldap/netlogon: Match Windows 2012R2 and return NETLOGON_NT_VERSION_5 when version unspecified

The previous patch set this incorrectly to NETLOGON_NT_VERSION_1

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 0554bc237f1b84d672d36781bead8b2c33f2e5a4)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Tue Aug  1 15:56:56 CEST 2017 on sn-devel-144

21 months agos4-dsdb/netlogon: allow missing ntver in cldap ping
Arvid Requate [Thu, 22 Jun 2017 11:37:13 +0000 (13:37 +0200)]
s4-dsdb/netlogon: allow missing ntver in cldap ping

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392

Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 88db634ed84647e5105c4b4fdf37d5892bebfd8d)

21 months agos4:torture/ldap: Test netlogon without NtVer
Arvid Requate [Tue, 20 Jun 2017 18:05:17 +0000 (20:05 +0200)]
s4:torture/ldap: Test netlogon without NtVer

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392

Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 22a94b728bd5d513b2002b62c129271d2210ed73)

21 months agos3/utils: smbcacls failed to detect DIRECTORIES using SMB2 (windows only)
Noel Power [Thu, 20 Jul 2017 12:01:50 +0000 (13:01 +0100)]
s3/utils: smbcacls failed to detect DIRECTORIES using SMB2 (windows only)

uint16_t get_fileinfo(...) returns file attributes, this function
called

     cli_qfileinfo_basic(cli, fnum, &mode, NULL, NULL, NULL,
                     NULL, NULL, NULL);

which was failing with NT_STATUS_ACCESS_DENIED errors when fnum above
was obtained via (when using protocol > SMB). Note: This only seems to be
an issue when run against a windows server, with smbd SMB1 & SMB2 work fine.

    status = cli_ntcreate(cli, filename, 0, CREATE_ACCESS_READ,
                  0, FILE_SHARE_READ|FILE_SHARE_WRITE,
                  FILE_OPEN, 0x0, 0x0, &fnum, NULL);

The failing cli_qfileinfo_basic call above is unnecessary as we can already
obtain the required information from the cli_ntcreate call

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12937

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit c57dcafb150823b00fd873046e65a966a8488fa8)

21 months agomit-kdb: Fix NULL pointer check after malloc
Andreas Schneider [Mon, 24 Jul 2017 10:19:27 +0000 (12:19 +0200)]
mit-kdb: Fix NULL pointer check after malloc

This fixes building with GCC 7.1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 9b64b11c2f2c1bc77ae887b34d7efcb9f1452da7)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Mon Jul 31 15:49:51 CEST 2017 on sn-devel-144

21 months agos4:kcc: Add a NULL check before qsort()
Andreas Schneider [Mon, 24 Jul 2017 10:13:50 +0000 (12:13 +0200)]
s4:kcc: Add a NULL check before qsort()

This fixes building with GCC 7.1.1

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 314cf608932c21d593afd04769b07435bcd4fc53)

21 months agoselftest: Make --include-env and --exclude-env use the base env name
Andrew Bartlett [Fri, 21 Jul 2017 08:10:43 +0000 (20:10 +1200)]
selftest: Make --include-env and --exclude-env use the base env name

The code as deployed would have required (eg) '--include-env=ktest
--include-env=ktest:local' which was not done in autobuild, causing
tests to be skipped.  This patch restores the intended behaviour.

This causes 33 testsuites to run, one more test (the newly added
samba.tests.ntlmauth) than the old regex provided (before
602772159dfd1213385f42ecbf31136f57693b63).

(The regression dropped us down to matching only 7 tests).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12922

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jul 24 03:33:01 CEST 2017 on sn-devel-144

(cherry picked from commit 61455ad82e293df4a094204fdf28162baad686ae)

21 months agoselftest: Use NETLOGON_NEG_STRONG_KEYS constant in AuthLogTestsNetLogonBadCreds
Andrew Bartlett [Mon, 17 Jul 2017 21:03:17 +0000 (09:03 +1200)]
selftest: Use NETLOGON_NEG_STRONG_KEYS constant in AuthLogTestsNetLogonBadCreds

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 25 03:21:19 CEST 2017 on sn-devel-144

(cherry picked from commit a420b1bdccbba72faf1108f7fae8b8202075db97)

21 months agos4-netlogon: Use log_escape to protect against un-validated strings
Andrew Bartlett [Mon, 17 Jul 2017 20:57:03 +0000 (08:57 +1200)]
s4-netlogon: Use log_escape to protect against un-validated strings

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 427a11b812d1872879658c998ef0328dd7c2a53a)

21 months agos4-netlogon: Extend ServerAuthenticate3 logging to split up username forms
Andrew Bartlett [Mon, 17 Jul 2017 20:46:08 +0000 (08:46 +1200)]
s4-netlogon: Extend ServerAuthenticate3 logging to split up username forms

This splits out the username into the input, mapped and obtained
just as we do elsewhere.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit abd821b76b27eb8d9bc2f8acfcf9d98caf015f5f)

21 months agosource4 netlogon: Add authentication logging for ServerAuthenticate3
Gary Lockyer [Sun, 9 Jul 2017 19:48:08 +0000 (07:48 +1200)]
source4 netlogon: Add authentication logging for ServerAuthenticate3

Log NETLOGON authentication activity by instrumenting the
netr_ServerAuthenticate3 processing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit efc335a03062740f51a6edd09d765a8b77e239c5)

21 months agotests auth_log: Add new tests for NETLOGON
Gary Lockyer [Sun, 9 Jul 2017 19:46:26 +0000 (07:46 +1200)]
tests auth_log: Add new tests for NETLOGON

Tests for the logging of NETLOGON authentications in the
netr_ServerAuthenticate3 message processing

Test code based on the existing auth_log tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit f3d3e6da5a42833b8de86e9b7c0aa1c56e1c4e80)

21 months agotests auth_log: Modify existing tests to handle NETLOGON messages
Gary Lockyer [Sun, 9 Jul 2017 19:45:16 +0000 (07:45 +1200)]
tests auth_log: Modify existing tests to handle NETLOGON messages

Modify the existing tests to ignore auth logging for NETLOGON messages.
NETLOGON authentication is logged once per session, and is tested
separately.  Ignoring it in these tests avoids order dependencies.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 5c27c5b6efb4226aa8bdaf4e5cbb770f8b3ef22f)

21 months agoauth_log: use symbolic constant to replace /root/ncalrpc_as_system
Gary Lockyer [Sun, 23 Jul 2017 22:59:18 +0000 (10:59 +1200)]
auth_log: use symbolic constant to replace /root/ncalrpc_as_system

Modified to use constant AS_SYSTEM_MAGIC_PATH_TOKEN instead of
string literal "/root/ncalrpc_as_system"

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit ddfe8aa9cccd78426456b6397bc7b352d9705648)

21 months agorpc: use symbolic constant to replace /root/ncalrpc_as_system
Gary Lockyer [Sun, 23 Jul 2017 23:00:45 +0000 (11:00 +1200)]
rpc: use symbolic constant to replace /root/ncalrpc_as_system

Modified to use constant AS_SYSTEM_MAGIC_PATH_TOKEN instead of string literal
"/root/ncalrpc_as_system"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 1898096c7ecef4c323b14b7cf30db4283386f913)

21 months agodcerpc.idl Add symbolic constant for /root/ncalrpc_as_system
Gary Lockyer [Sun, 23 Jul 2017 22:55:48 +0000 (10:55 +1200)]
dcerpc.idl Add symbolic constant for /root/ncalrpc_as_system

This is string is used several places in the code and tests, so it
should be a constant.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 6ab9f789ff6e6328cf222fdb1a39457af7ed58b4)