vlendec/samba-autobuild/.git
10 months agokrb5-samba: interdomain trust uses different salt principal
Alexander Bokovoy [Fri, 16 Feb 2018 16:15:28 +0000 (18:15 +0200)]
krb5-samba: interdomain trust uses different salt principal

Salt principal for the interdomain trust is krbtgt/DOMAIN@REALM where
DOMAIN is the sAMAccountName without the dollar sign ($)

The salt principal for the BLA$ user object was generated wrong.

dn: CN=bla.base,CN=System,DC=w4edom-l4,DC=base
securityIdentifier: S-1-5-21-4053568372-2049667917-3384589010
trustDirection: 3
trustPartner: bla.base
trustPosixOffset: -2147483648
trustType: 2
trustAttributes: 8
flatName: BLA

dn: CN=BLA$,CN=Users,DC=w4edom-l4,DC=base
userAccountControl: 2080
primaryGroupID: 513
objectSid: S-1-5-21-278041429-3399921908-1452754838-1597
accountExpires: 9223372036854775807
sAMAccountName: BLA$
sAMAccountType: 805306370
pwdLastSet: 131485652467995000

The salt stored by Windows in the package_PrimaryKerberosBlob
(within supplementalCredentials) seems to be
'W4EDOM-L4.BASEkrbtgtBLA' for the above trust
and Samba stores 'W4EDOM-L4.BASEBLA$'.

While the salt used when building the keys from
trustAuthOutgoing/trustAuthIncoming is
'W4EDOM-L4.BASEkrbtgtBLA.BASE', which we handle correct.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep  5 03:57:22 CEST 2018 on sn-devel-144

(cherry picked from commit f3e349bebc443133fdbe4e14b148ca8db8237060)

Autobuild-User(v4-8-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-8-test): Wed Sep  5 18:32:05 CEST 2018 on sn-devel-144

10 months agotestprogs/blackbox: let test_trust_user_account.sh check the correct kerberos salt
Stefan Metzmacher [Tue, 4 Sep 2018 08:53:52 +0000 (10:53 +0200)]
testprogs/blackbox: let test_trust_user_account.sh check the correct kerberos salt

This demonstrates the bug we currently have.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1b31fa62567ec549e32c9177b322cfbfb3b6ec1a)

10 months agotestprogs/blackbox: add testit[_expect_failure]_grep() to subunit.sh
Stefan Metzmacher [Tue, 4 Sep 2018 08:38:44 +0000 (10:38 +0200)]
testprogs/blackbox: add testit[_expect_failure]_grep() to subunit.sh

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8526feb100e59bc5a15ceb940e6cecce0de59247)

10 months agosamba-tool: add virtualKerberosSalt attribute to 'user getpassword/syncpasswords'
Stefan Metzmacher [Tue, 4 Sep 2018 08:16:59 +0000 (10:16 +0200)]
samba-tool: add virtualKerberosSalt attribute to 'user getpassword/syncpasswords'

This might be useful for someone, but at least it's very useful for
tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 39c281a23673691bab621de1a632d64df2c1c102)

10 months agos4:selftest: test kinit with the interdomain trust user account
Alexander Bokovoy [Fri, 16 Feb 2018 16:15:28 +0000 (18:15 +0200)]
s4:selftest: test kinit with the interdomain trust user account

To test it, add a blackbox test that ensures we pass a keytab-based
authentication with the trust user account for a trusted domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7df505298f71432d5adbcffccde8f97c117a57a6)

10 months agolibds: rename UF_MACHINE_ACCOUNT_MASK to UF_TRUST_ACCOUNT_MASK
Ralph Boehme [Thu, 8 Mar 2018 16:34:08 +0000 (17:34 +0100)]
libds: rename UF_MACHINE_ACCOUNT_MASK to UF_TRUST_ACCOUNT_MASK

The name UF_TRUST_ACCOUNT_MASK better reflects the use case and it's not
yet used.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8497d2090900b252853278f29a4aaf3bce7515da)

10 months agovfs_fruit: Don't unlink the main file
Volker Lendecke [Tue, 7 Aug 2018 13:10:31 +0000 (15:10 +0200)]
vfs_fruit: Don't unlink the main file

The original fix for bug 13441 was missing a check that verifies that
fruit_ftruncate() is actually called on a stream.

Follow-up to

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441

Pair-Programmed-With: Volker Lendecke <vl@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Aug 23 15:28:48 CEST 2018 on sn-devel-144

(cherry picked from commit 8c14234871820eacde46670d722a676fb5f3a46c)

10 months agotorture: Make sure that fruit_ftruncate only unlinks streams
Volker Lendecke [Tue, 7 Aug 2018 13:11:22 +0000 (15:11 +0200)]
torture: Make sure that fruit_ftruncate only unlinks streams

Follow-up to

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c39ec64231b261fe4ada02f1f1b9aa344cf35bb5)

10 months agos3:smbd: add a comment stating that file_close_user() is redundant for SMB2
Ralph Boehme [Thu, 30 Aug 2018 13:57:33 +0000 (15:57 +0200)]
s3:smbd: add a comment stating that file_close_user() is redundant for SMB2

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep  1 01:26:35 CEST 2018 on sn-devel-144

(cherry picked from commit 5d95f79f604d90c2646225a0f2470f05dd71e19e)

10 months agos3:smbd: let session logoff close files and tcons before deleting the session
Ralph Boehme [Wed, 29 Aug 2018 15:19:29 +0000 (17:19 +0200)]
s3:smbd: let session logoff close files and tcons before deleting the session

This avoids a race in durable handle reconnects if the reconnect comes
in while the old session is still in the tear-down phase.

The new session is supposed to rendezvous with and wait for destruction
of the old session, which is internally implemented with
dbwrap_watch_send() on the old session record.

If the old session deletes the session record before calling
file_close_user() which marks all file handles as disconnected, the
durable handle reconnect in the new session will fail as the records are
not yet marked as disconnected which is a prerequisite.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8f6edcc1645e0ed35eaec914bd0b672500ce986c)

10 months agos3:smbd: reorder tcon global record deletion and closing files of a tcon
Ralph Boehme [Thu, 30 Aug 2018 13:50:02 +0000 (15:50 +0200)]
s3:smbd: reorder tcon global record deletion and closing files of a tcon

As such, this doesn't change overall behaviour, but in case we ever add
semantics acting on tcon record changes via an API like
dbwrap_watch_send(), this will make a difference as it enforces
ordering.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit b70b8503faded81b10859131f08486349876d132)

10 months agoselftest: add a durable handle test with delayed disconnect
Ralph Boehme [Thu, 30 Aug 2018 17:15:19 +0000 (19:15 +0200)]
selftest: add a durable handle test with delayed disconnect

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 5508024a861e7c85e6c837552ad142aa1d5e8eca)

10 months agos4:selftest: reformat smb2_s3only list
Ralph Boehme [Fri, 31 Aug 2018 06:28:46 +0000 (08:28 +0200)]
s4:selftest: reformat smb2_s3only list

No change besides reformatting the list to one entry per line.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3255822f75163cb38e53f634a5c6b03d46bfaff1)

10 months agovfs_delay_inject: adding delay to VFS calls
Ralph Boehme [Thu, 30 Aug 2018 15:27:08 +0000 (17:27 +0200)]
vfs_delay_inject: adding delay to VFS calls

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 44840ba5b32a2ce7959fd3d7c87822b3159416d3)

10 months agos4:rpc_server/netlogon: don't treet trusted domains as primary in LogonGetDomainInfo()
Stefan Metzmacher [Tue, 28 Aug 2018 10:52:31 +0000 (12:52 +0200)]
s4:rpc_server/netlogon: don't treet trusted domains as primary in LogonGetDomainInfo()

We need to handle trusted domains differently than our primary
domain. The most important part is that we don't return
NETR_TRUST_FLAG_PRIMARY for them.

NETR_TRUST_FLAG_{INBOUND,OUTBOUND,IN_FOREST} are the relavant flags
for trusts.

This is an example of what Windows returns in a complex trust
environment:

     netr_LogonGetDomainInfo: struct netr_LogonGetDomainInfo
        out: struct netr_LogonGetDomainInfo
            return_authenticator     : *
                return_authenticator: struct netr_Authenticator
                    cred: struct netr_Credential
                        data                     : f48b51ff12ff8c6c
                    timestamp                : Tue Aug 28 22:59:03 2018 CEST
            info                     : *
                info                     : union netr_DomainInfo(case 1)
                domain_info              : *
                    domain_info: struct netr_DomainInformation
                        primary_domain: struct netr_OneDomainInfo
                            domainname: struct lsa_StringLarge
                                length                   : 0x0014 (20)
                                size                     : 0x0016 (22)
                                string                   : *
                                    string                   : 'W2012R2-L4'
                            dns_domainname: struct lsa_StringLarge
                                length                   : 0x0020 (32)
                                size                     : 0x0022 (34)
                                string                   : *
                                    string                   : 'w2012r2-l4.base.'
                            dns_forestname: struct lsa_StringLarge
                                length                   : 0x0020 (32)
                                size                     : 0x0022 (34)
                                string                   : *
                                    string                   : 'w2012r2-l4.base.'
                            domain_guid              : 0a133c91-8eac-4df0-96ac-ede69044a38b
                            domain_sid               : *
                                domain_sid               : S-1-5-21-2930975464-1937418634-1288008815
                            trust_extension: struct netr_trust_extension_container
                                length                   : 0x0000 (0)
                                size                     : 0x0000 (0)
                                info                     : NULL
                            dummy_string2: struct lsa_StringLarge
                                length                   : 0x0000 (0)
                                size                     : 0x0000 (0)
                                string                   : NULL
                            dummy_string3: struct lsa_StringLarge
                                length                   : 0x0000 (0)
                                size                     : 0x0000 (0)
                                string                   : NULL
                            dummy_string4: struct lsa_StringLarge
                                length                   : 0x0000 (0)
                                size                     : 0x0000 (0)
                                string                   : NULL
                            dummy_long1              : 0x00000000 (0)
                            dummy_long2              : 0x00000000 (0)
                            dummy_long3              : 0x00000000 (0)
                            dummy_long4              : 0x00000000 (0)
                        trusted_domain_count     : 0x00000006 (6)
                        trusted_domains          : *
                            trusted_domains: ARRAY(6)
                                trusted_domains: struct netr_OneDomainInfo
                                    domainname: struct lsa_StringLarge
                                        length                   : 0x000e (14)
                                        size                     : 0x0010 (16)
                                        string                   : *
                                            string                   : 'FREEIPA'
                                    dns_domainname: struct lsa_StringLarge
                                        length                   : 0x0018 (24)
                                        size                     : 0x001a (26)
                                        string                   : *
                                            string                   : 'freeipa.base'
                                    dns_forestname: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    domain_guid              : 00000000-0000-0000-0000-000000000000
                                    domain_sid               : *
                                        domain_sid               : S-1-5-21-429948374-2562621466-335716826
                                    trust_extension: struct netr_trust_extension_container
                                        length                   : 0x0010 (16)
                                        size                     : 0x0010 (16)
                                        info                     : *
                                            info: struct netr_trust_extension
                                                length                   : 0x00000008 (8)
                                                dummy                    : 0x00000000 (0)
                                                size                     : 0x00000008 (8)
                                                flags                    : 0x00000022 (34)
                                                       0: NETR_TRUST_FLAG_IN_FOREST
                                                       1: NETR_TRUST_FLAG_OUTBOUND
                                                       0: NETR_TRUST_FLAG_TREEROOT
                                                       0: NETR_TRUST_FLAG_PRIMARY
                                                       0: NETR_TRUST_FLAG_NATIVE
                                                       1: NETR_TRUST_FLAG_INBOUND
                                                       0: NETR_TRUST_FLAG_MIT_KRB5
                                                       0: NETR_TRUST_FLAG_AES
                                                parent_index             : 0x00000000 (0)
                                                trust_type               : LSA_TRUST_TYPE_UPLEVEL (2)
                                                trust_attributes         : 0x00000008 (8)
                                                       0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
                                                       0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
                                                       0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
                                                       1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
                                                       0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
                                                       0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
                                                       0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
                                                       0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
                                    dummy_string2: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_string3: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_string4: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_long1              : 0x00000000 (0)
                                    dummy_long2              : 0x00000000 (0)
                                    dummy_long3              : 0x00000000 (0)
                                    dummy_long4              : 0x00000000 (0)
                                trusted_domains: struct netr_OneDomainInfo
                                    domainname: struct lsa_StringLarge
                                        length                   : 0x0016 (22)
                                        size                     : 0x0018 (24)
                                        string                   : *
                                            string                   : 'S1-W2012-L4'
                                    dns_domainname: struct lsa_StringLarge
                                        length                   : 0x0036 (54)
                                        size                     : 0x0038 (56)
                                        string                   : *
                                            string                   : 's1-w2012-l4.w2012r2-l4.base'
                                    dns_forestname: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    domain_guid              : afe7fbde-af82-46cf-88a2-2df6920fc33e
                                    domain_sid               : *
                                        domain_sid               : S-1-5-21-1368093395-3821428921-3924672915
                                    trust_extension: struct netr_trust_extension_container
                                        length                   : 0x0010 (16)
                                        size                     : 0x0010 (16)
                                        info                     : *
                                            info: struct netr_trust_extension
                                                length                   : 0x00000008 (8)
                                                dummy                    : 0x00000000 (0)
                                                size                     : 0x00000008 (8)
                                                flags                    : 0x00000023 (35)
                                                       1: NETR_TRUST_FLAG_IN_FOREST
                                                       1: NETR_TRUST_FLAG_OUTBOUND
                                                       0: NETR_TRUST_FLAG_TREEROOT
                                                       0: NETR_TRUST_FLAG_PRIMARY
                                                       0: NETR_TRUST_FLAG_NATIVE
                                                       1: NETR_TRUST_FLAG_INBOUND
                                                       0: NETR_TRUST_FLAG_MIT_KRB5
                                                       0: NETR_TRUST_FLAG_AES
                                                parent_index             : 0x00000004 (4)
                                                trust_type               : LSA_TRUST_TYPE_UPLEVEL (2)
                                                trust_attributes         : 0x00000020 (32)
                                                       0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
                                                       0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
                                                       0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
                                                       0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
                                                       0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
                                                       1: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
                                                       0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
                                                       0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
                                    dummy_string2: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_string3: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_string4: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_long1              : 0x00000000 (0)
                                    dummy_long2              : 0x00000000 (0)
                                    dummy_long3              : 0x00000000 (0)
                                    dummy_long4              : 0x00000000 (0)
                                trusted_domains: struct netr_OneDomainInfo
                                    domainname: struct lsa_StringLarge
                                        length                   : 0x0006 (6)
                                        size                     : 0x0008 (8)
                                        string                   : *
                                            string                   : 'BLA'
                                    dns_domainname: struct lsa_StringLarge
                                        length                   : 0x0010 (16)
                                        size                     : 0x0012 (18)
                                        string                   : *
                                            string                   : 'bla.base'
                                    dns_forestname: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    domain_guid              : 00000000-0000-0000-0000-000000000000
                                    domain_sid               : *
                                        domain_sid               : S-1-5-21-4053568372-2049667917-3384589010
                                    trust_extension: struct netr_trust_extension_container
                                        length                   : 0x0010 (16)
                                        size                     : 0x0010 (16)
                                        info                     : *
                                            info: struct netr_trust_extension
                                                length                   : 0x00000008 (8)
                                                dummy                    : 0x00000000 (0)
                                                size                     : 0x00000008 (8)
                                                flags                    : 0x00000022 (34)
                                                       0: NETR_TRUST_FLAG_IN_FOREST
                                                       1: NETR_TRUST_FLAG_OUTBOUND
                                                       0: NETR_TRUST_FLAG_TREEROOT
                                                       0: NETR_TRUST_FLAG_PRIMARY
                                                       0: NETR_TRUST_FLAG_NATIVE
                                                       1: NETR_TRUST_FLAG_INBOUND
                                                       0: NETR_TRUST_FLAG_MIT_KRB5
                                                       0: NETR_TRUST_FLAG_AES
                                                parent_index             : 0x00000000 (0)
                                                trust_type               : LSA_TRUST_TYPE_UPLEVEL (2)
                                                trust_attributes         : 0x00000008 (8)
                                                       0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
                                                       0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
                                                       0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
                                                       1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
                                                       0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
                                                       0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
                                                       0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
                                                       0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
                                    dummy_string2: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_string3: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_string4: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_long1              : 0x00000000 (0)
                                    dummy_long2              : 0x00000000 (0)
                                    dummy_long3              : 0x00000000 (0)
                                    dummy_long4              : 0x00000000 (0)
                                trusted_domains: struct netr_OneDomainInfo
                                    domainname: struct lsa_StringLarge
                                        length                   : 0x000c (12)
                                        size                     : 0x000e (14)
                                        string                   : *
                                            string                   : 'S4XDOM'
                                    dns_domainname: struct lsa_StringLarge
                                        length                   : 0x0016 (22)
                                        size                     : 0x0018 (24)
                                        string                   : *
                                            string                   : 's4xdom.base'
                                    dns_forestname: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    domain_guid              : 00000000-0000-0000-0000-000000000000
                                    domain_sid               : *
                                        domain_sid               : S-1-5-21-313966788-4060240134-2249344781
                                    trust_extension: struct netr_trust_extension_container
                                        length                   : 0x0010 (16)
                                        size                     : 0x0010 (16)
                                        info                     : *
                                            info: struct netr_trust_extension
                                                length                   : 0x00000008 (8)
                                                dummy                    : 0x00000000 (0)
                                                size                     : 0x00000008 (8)
                                                flags                    : 0x00000022 (34)
                                                       0: NETR_TRUST_FLAG_IN_FOREST
                                                       1: NETR_TRUST_FLAG_OUTBOUND
                                                       0: NETR_TRUST_FLAG_TREEROOT
                                                       0: NETR_TRUST_FLAG_PRIMARY
                                                       0: NETR_TRUST_FLAG_NATIVE
                                                       1: NETR_TRUST_FLAG_INBOUND
                                                       0: NETR_TRUST_FLAG_MIT_KRB5
                                                       0: NETR_TRUST_FLAG_AES
                                                parent_index             : 0x00000000 (0)
                                                trust_type               : LSA_TRUST_TYPE_UPLEVEL (2)
                                                trust_attributes         : 0x00000008 (8)
                                                       0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
                                                       0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
                                                       0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
                                                       1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
                                                       0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
                                                       0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
                                                       0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
                                                       0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
                                    dummy_string2: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_string3: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_string4: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_long1              : 0x00000000 (0)
                                    dummy_long2              : 0x00000000 (0)
                                    dummy_long3              : 0x00000000 (0)
                                    dummy_long4              : 0x00000000 (0)
                                trusted_domains: struct netr_OneDomainInfo
                                    domainname: struct lsa_StringLarge
                                        length                   : 0x0014 (20)
                                        size                     : 0x0016 (22)
                                        string                   : *
                                            string                   : 'W2012R2-L4'
                                    dns_domainname: struct lsa_StringLarge
                                        length                   : 0x001e (30)
                                        size                     : 0x0020 (32)
                                        string                   : *
                                            string                   : 'w2012r2-l4.base'
                                    dns_forestname: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    domain_guid              : 0a133c91-8eac-4df0-96ac-ede69044a38b
                                    domain_sid               : *
                                        domain_sid               : S-1-5-21-2930975464-1937418634-1288008815
                                    trust_extension: struct netr_trust_extension_container
                                        length                   : 0x0010 (16)
                                        size                     : 0x0010 (16)
                                        info                     : *
                                            info: struct netr_trust_extension
                                                length                   : 0x00000008 (8)
                                                dummy                    : 0x00000000 (0)
                                                size                     : 0x00000008 (8)
                                                flags                    : 0x0000001d (29)
                                                       1: NETR_TRUST_FLAG_IN_FOREST
                                                       0: NETR_TRUST_FLAG_OUTBOUND
                                                       1: NETR_TRUST_FLAG_TREEROOT
                                                       1: NETR_TRUST_FLAG_PRIMARY
                                                       1: NETR_TRUST_FLAG_NATIVE
                                                       0: NETR_TRUST_FLAG_INBOUND
                                                       0: NETR_TRUST_FLAG_MIT_KRB5
                                                       0: NETR_TRUST_FLAG_AES
                                                parent_index             : 0x00000000 (0)
                                                trust_type               : LSA_TRUST_TYPE_UPLEVEL (2)
                                                trust_attributes         : 0x00000000 (0)
                                                       0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
                                                       0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
                                                       0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
                                                       0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
                                                       0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
                                                       0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
                                                       0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
                                                       0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
                                    dummy_string2: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_string3: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_string4: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_long1              : 0x00000000 (0)
                                    dummy_long2              : 0x00000000 (0)
                                    dummy_long3              : 0x00000000 (0)
                                    dummy_long4              : 0x00000000 (0)
                                trusted_domains: struct netr_OneDomainInfo
                                    domainname: struct lsa_StringLarge
                                        length                   : 0x0016 (22)
                                        size                     : 0x0018 (24)
                                        string                   : *
                                            string                   : 'S2-W2012-L4'
                                    dns_domainname: struct lsa_StringLarge
                                        length                   : 0x004e (78)
                                        size                     : 0x0050 (80)
                                        string                   : *
                                            string                   : 's2-w2012-l4.s1-w2012-l4.w2012r2-l4.base'
                                    dns_forestname: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    domain_guid              : 29daace6-cded-4ce3-a754-7482a4d9127c
                                    domain_sid               : *
                                        domain_sid               : S-1-5-21-167342819-981449877-2130266853
                                    trust_extension: struct netr_trust_extension_container
                                        length                   : 0x0010 (16)
                                        size                     : 0x0010 (16)
                                        info                     : *
                                            info: struct netr_trust_extension
                                                length                   : 0x00000008 (8)
                                                dummy                    : 0x00000000 (0)
                                                size                     : 0x00000008 (8)
                                                flags                    : 0x00000001 (1)
                                                       1: NETR_TRUST_FLAG_IN_FOREST
                                                       0: NETR_TRUST_FLAG_OUTBOUND
                                                       0: NETR_TRUST_FLAG_TREEROOT
                                                       0: NETR_TRUST_FLAG_PRIMARY
                                                       0: NETR_TRUST_FLAG_NATIVE
                                                       0: NETR_TRUST_FLAG_INBOUND
                                                       0: NETR_TRUST_FLAG_MIT_KRB5
                                                       0: NETR_TRUST_FLAG_AES
                                                parent_index             : 0x00000001 (1)
                                                trust_type               : LSA_TRUST_TYPE_UPLEVEL (2)
                                                trust_attributes         : 0x00000000 (0)
                                                       0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
                                                       0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
                                                       0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
                                                       0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
                                                       0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
                                                       0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
                                                       0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
                                                       0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
                                    dummy_string2: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_string3: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_string4: struct lsa_StringLarge
                                        length                   : 0x0000 (0)
                                        size                     : 0x0000 (0)
                                        string                   : NULL
                                    dummy_long1              : 0x00000000 (0)
                                    dummy_long2              : 0x00000000 (0)
                                    dummy_long3              : 0x00000000 (0)
                                    dummy_long4              : 0x00000000 (0)
                        lsa_policy: struct netr_LsaPolicyInformation
                            policy_size              : 0x00000000 (0)
                            policy                   : NULL
                        dns_hostname: struct lsa_StringLarge
                            length                   : 0x0036 (54)
                            size                     : 0x0038 (56)
                            string                   : *
                                string                   : 'torturetest.w2012r2-l4.base'
                        dummy_string2: struct lsa_StringLarge
                            length                   : 0x0000 (0)
                            size                     : 0x0000 (0)
                            string                   : NULL
                        dummy_string3: struct lsa_StringLarge
                            length                   : 0x0000 (0)
                            size                     : 0x0000 (0)
                            string                   : NULL
                        dummy_string4: struct lsa_StringLarge
                            length                   : 0x0000 (0)
                            size                     : 0x0000 (0)
                            string                   : NULL
                        workstation_flags        : 0x00000003 (3)
                               1: NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS
                               1: NETR_WS_FLAG_HANDLES_SPN_UPDATE
                        supported_enc_types      : 0x0000001f (31)
                               1: KERB_ENCTYPE_DES_CBC_CRC
                               1: KERB_ENCTYPE_DES_CBC_MD5
                               1: KERB_ENCTYPE_RC4_HMAC_MD5
                               1: KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96
                               1: KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96
                               0: KERB_ENCTYPE_FAST_SUPPORTED
                               0: KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED
                               0: KERB_ENCTYPE_CLAIMS_SUPPORTED
                               0: KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED
                        dummy_long3              : 0x00000000 (0)
                        dummy_long4              : 0x00000000 (0)
            result                   : NT_STATUS_OK

Best viewed with: git show --histogram -w

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2099add0657126e4a5427ec2db0fe8025478b355)

10 months agos4:rpc_server/netlogon: make use of talloc_zero_array() for the netr_OneDomainInfo...
Stefan Metzmacher [Tue, 28 Aug 2018 14:30:17 +0000 (16:30 +0200)]
s4:rpc_server/netlogon: make use of talloc_zero_array() for the netr_OneDomainInfo array

It's much safer than having uninitialized memory when we hit an error
case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ef0b489ad0d93199e08415dd895da5cfe2d1c11a)

10 months agos4:rpc_server/netlogon: use samdb_domain_guid()/dsdb_trust_local_tdo_info() to build...
Stefan Metzmacher [Tue, 28 Aug 2018 09:46:16 +0000 (11:46 +0200)]
s4:rpc_server/netlogon: use samdb_domain_guid()/dsdb_trust_local_tdo_info() to build our netr_OneDomainInfo values

The logic for constructing the values for our own primary domain differs
from the values of trusted domains. In order to make the code easier to
understand we have a new fill_our_one_domain_info() helper that
only takes care of our primary domain.

The cleanup for the trust case will follow in a separate commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 61333f7787d78e3ec5c7bd2874d5a0f1f536275a)

10 months agos4:dsdb/common: add samdb_domain_guid() helper function
Stefan Metzmacher [Tue, 28 Aug 2018 09:52:27 +0000 (11:52 +0200)]
s4:dsdb/common: add samdb_domain_guid() helper function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 0e442e094240abbf79aaca00a9d1a053a200a7e8)

10 months agodsdb:util_trusts: add dsdb_trust_local_tdo_info() helper function
Stefan Metzmacher [Thu, 1 Feb 2018 22:09:26 +0000 (23:09 +0100)]
dsdb:util_trusts: add dsdb_trust_local_tdo_info() helper function

This is similar to dsdb_trust_xref_tdo_info(), but will also work
if we ever support more than one domain in our forest.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit c1b0ac95db5c6112d90356c7ada8c3d445e9b668)

10 months agodsdb/util_trusts: domain_dn is an input parameter of dsdb_trust_crossref_tdo_info()
Stefan Metzmacher [Thu, 1 Feb 2018 22:08:08 +0000 (23:08 +0100)]
dsdb/util_trusts: domain_dn is an input parameter of dsdb_trust_crossref_tdo_info()

We should not overwrite it within the function.
Currently it doesn't matter as we don't have multiple domains
within our forest, but that will change in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit f5f96f558b499770cdeb3d38998167a387e058b9)

10 months agos4:torture/rpc/netlogon: verify the trusted domains output of LogonGetDomainInfo()
Stefan Metzmacher [Tue, 28 Aug 2018 15:46:46 +0000 (17:46 +0200)]
s4:torture/rpc/netlogon: verify the trusted domains output of LogonGetDomainInfo()

This makes sure we don't treat trusted domains in the same way we treat
our primary domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d5dd8fdc647d6a202c5da0451d395116c2cd92b9)

10 months agos4:torture/rpc/netlogon: assert that cli_credentials_get_{workstation,password} don...
Stefan Metzmacher [Mon, 3 Sep 2018 07:55:18 +0000 (09:55 +0200)]
s4:torture/rpc/netlogon: assert that cli_credentials_get_{workstation,password} don't return NULL

This is better that generating a segfault while dereferencing a NULL
pointer later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit dffc182c6943d21513d8db9f6cf66bdc09206b17)

10 months agosmbd: Fix a memleak in async search ask sharemode
Volker Lendecke [Mon, 3 Sep 2018 13:54:48 +0000 (15:54 +0200)]
smbd: Fix a memleak in async search ask sharemode

fetch_share_mode_unlocked_parser() takes a "struct
fetch_share_mode_unlocked_state *" as
"private_data". fetch_share_mode_send() used a talloc_zero'ed "struct
share_mode_lock". This lead to the parser putting a "struct
share_mode_lock on the NULL talloc_context where nobody really picked it
up.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13602
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0bd109b733fbce774feae2142d25f7e828b56bcb)

10 months agoctdb-daemon: Log complete eventd startup command
Martin Schwenke [Mon, 3 Sep 2018 06:12:16 +0000 (16:12 +1000)]
ctdb-daemon: Log complete eventd startup command

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 6d3d9a85e5630ba398ac953ad1515155f10224d9)

10 months agoctdb-daemon: Do not retry connection to eventd
Martin Schwenke [Mon, 27 Aug 2018 04:53:37 +0000 (14:53 +1000)]
ctdb-daemon: Do not retry connection to eventd

Confirmation is now received from eventd that it is accepting
connections, so this is no longer needed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit b430a1ace69bcef3336907557ab5bf04271c1110)

10 months agoctdb-daemon: Wait for eventd to be ready before connecting
Martin Schwenke [Mon, 27 Aug 2018 04:47:38 +0000 (14:47 +1000)]
ctdb-daemon: Wait for eventd to be ready before connecting

The current method of retrying the connection to eventd means that
messages get logged for each failure.

Instead, pass a pipe file descriptor to eventd and wait for it to
write 0 to the pipe to indicate that it is ready to accept client
connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 62ec1ab1470206d6a2cf300f30ca0b4a39413a38)
Signed-off-by: Martin Schwenke <martin@meltin.net>
10 months agoctdb-daemon: Open eventd pipe earlier
Martin Schwenke [Mon, 27 Aug 2018 04:44:24 +0000 (14:44 +1000)]
ctdb-daemon: Open eventd pipe earlier

The pipe will soon be needed earlier, so initialise it earlier.
Ensure the file descriptors are closed on error.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit c446ae5e1382d5e32c33ce92243daf6b4338e15a)

10 months agoctdb-daemon: Improve error handling consistency
Martin Schwenke [Mon, 27 Aug 2018 05:28:47 +0000 (15:28 +1000)]
ctdb-daemon: Improve error handling consistency

Other errors free argv, so do it here too.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit e357b62fe556609750bdb8d27cf48dfb85c62ec8)

10 months agoctdb-event: Add support to eventd for the startup notification FD
Martin Schwenke [Fri, 24 Aug 2018 04:52:29 +0000 (14:52 +1000)]
ctdb-event: Add support to eventd for the startup notification FD

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 11ee92d1bfd73c509d90e7a7386af60a4e1a7fca)

10 months agoctdb-common: Add support for sock daemon to notify of successful startup
Martin Schwenke [Fri, 24 Aug 2018 04:44:12 +0000 (14:44 +1000)]
ctdb-common: Add support for sock daemon to notify of successful startup

The daemon writes 0 into the specified file descriptor when it is up
and listening.  This can be used to avoid loops in clients that
attempt to connect until they succeed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit dc6040c121c65d5551c686f3f1be2891795f48aa)

10 months agos3: util: Do not take over stderr when there is no log file
Paulo Alcantara [Fri, 17 Aug 2018 14:30:16 +0000 (11:30 -0300)]
s3: util: Do not take over stderr when there is no log file

In case we don't have either a /var/log/samba directory, or pass a
non-existent log directory through '-l' option, all commands that are
daemonized with '-D' option hang when executed within a subshell.

An example on how to trigger that:

  # rm -r /var/log/samba
  # s=$(nmbd -D -s /etc/samba/smb.conf -l /foo123)
  (never returns)

So, when the above command is executed within a subshell the following
happens:

  (a) Parent shell creates a pipe, sets write side of it to fd 1
    (stdout), call read() on read-side fd, forks off a new child process
    and then executes nmbd in it.
  (b) nmbd sets up initial logging to go through fd 1 (stdout) by
    calling setup_logging(..., DEBUG_DEFAULT_STDOUT). 'state.fd' is now
    set to 1.
  (c) reopen_logs() is called by the first time which then calls
    reopen_logs_internal()
  (d) in reopen_logs_internal(), it attempts to create log.nmbd file in
    /foo123 directory and fails because directory doesn't exist.
  (e) Regardless whether the log file was created or not, it calls
    dup2(state.fd, 2) which dups fd 1 into fd 2.
  (f) At some point, fd 0 and 1 are closed and set to /dev/null

The problem with that is because parent shell in (a) is still blocked in
read() call and the new write side of the pipe is now fd 2 -- after
dup2() in (e) -- and remains unclosed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13578

Signed-off-by: Paulo Alcantara <palcantara@suse.de>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 18 01:32:25 CEST 2018 on sn-devel-144

(cherry picked from commit 41aa55f49233ea7682cf14e5a7062617274434ce)

10 months agos3: smbd: Ensure get_real_filename() copes with empty pathnames.
Jeremy Allison [Tue, 21 Aug 2018 19:05:34 +0000 (12:05 -0700)]
s3: smbd: Ensure get_real_filename() copes with empty pathnames.

Needed for vfs_glusterfs, as Gluster requires "." not '\0'.

Based on a fix from Anoop C S <anoopcs@redhat.com>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13585

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 22 21:50:41 CEST 2018 on sn-devel-144

(cherry picked from commit 9c71f61ed8a31d287d343d4f2e68cb40c57a2b89)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Tue Aug 28 16:05:05 CEST 2018 on sn-devel-144

10 months agoWHATSNEW: Fix wrong assignment.
Karolin Seeger [Tue, 28 Aug 2018 08:06:55 +0000 (10:06 +0200)]
WHATSNEW: Fix wrong assignment.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
10 months agoVERSION: Bump version up to 4.8.6...
Karolin Seeger [Fri, 24 Aug 2018 07:55:13 +0000 (09:55 +0200)]
VERSION: Bump version up to 4.8.6...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
10 months agoVERSION: Disable GIT_SNAPSHOT for the 4.8.5 release. samba-4.8.5
Karolin Seeger [Fri, 24 Aug 2018 07:54:22 +0000 (09:54 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.8.5 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
10 months agoWHATSNEW: Add release notes for Samba 4.8.5.
Karolin Seeger [Fri, 24 Aug 2018 06:56:54 +0000 (08:56 +0200)]
WHATSNEW: Add release notes for Samba 4.8.5.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
10 months agotorture: Demonstrate the invalid lock order panic
Volker Lendecke [Mon, 6 Aug 2018 12:35:15 +0000 (14:35 +0200)]
torture: Demonstrate the invalid lock order panic

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 21 02:33:05 CEST 2018 on sn-devel-144

(cherry picked from commit ec3c37ee53f21d8c0e80b1d3b3d7e95a4ac8e0bc)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Thu Aug 23 15:39:45 CEST 2018 on sn-devel-144

10 months agovfs_fruit: Fix a leak of "br_lck"
Volker Lendecke [Mon, 6 Aug 2018 12:33:34 +0000 (14:33 +0200)]
vfs_fruit: Fix a leak of "br_lck"

Fix a panic if fruit_access_check detects a locking conflict.

do_lock() returns a valid br_lck even in case of a locking conflict.
Not free'ing it leads to a invalid lock order panic later, because
"br_lck" corresponds to a dbwrap lock on brlock.tdb.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 51d57073798f76ec4f1261945e0ba779b2530009)

10 months agos3:winbind: Do not lookup local system accounts in AD
Andreas Schneider [Mon, 2 Jul 2018 14:38:01 +0000 (16:38 +0200)]
s3:winbind: Do not lookup local system accounts in AD

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 9f28d30633af721efec02d8816a9fa48f795a01c)

10 months agoselftest: Load time_audit and full_audit modules for all tests
Christof Schmitt [Fri, 10 Aug 2018 17:38:28 +0000 (10:38 -0700)]
selftest: Load time_audit and full_audit modules for all tests

Previously the only test was to load these modules to trigger the
smb_vfs_assert_all_fns check. As these modules just pass through the
calls, they can be loaded for all tests to ensure that the codepaths are
exercised. This would have found the problem in
smb_time_audit_offload_read_recv.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13568

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 13 22:35:20 CEST 2018 on sn-devel-144

(cherry picked from commit a98f09a09db2fc7be85f9171b586e65344a39e92)

10 months agos3: vfs: time_audit: fix handling of token_blob in smb_time_audit_offload_read_recv()
Ralph Wuerthner [Wed, 8 Aug 2018 15:42:18 +0000 (17:42 +0200)]
s3: vfs: time_audit: fix handling of token_blob in smb_time_audit_offload_read_recv()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13568

Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4909b966050c921b0a6a32285fee55f5f14dc3ff)

10 months agoselftest: subunithelper needs to follow the subunit spec more closely
Douglas Bagnall [Wed, 21 Feb 2018 23:46:47 +0000 (12:46 +1300)]
selftest: subunithelper needs to follow the subunit spec more closely

In particular allow ]\n without \n]\n as used by cmocka

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7d79575de8e47a0ce03e30c3ea84176be696269f)

10 months agounittests.lib_util_modules: test module probe with "skel", not "unix"
Douglas Bagnall [Wed, 21 Feb 2018 22:26:00 +0000 (11:26 +1300)]
unittests.lib_util_modules: test module probe with "skel", not "unix"

The unix module is not available as a module on some systems.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit cb5f1f3b262467faba59b3b323e240d1351d5fc0)

10 months agoldb: Release LDB 1.3.6 ldb-1.3.6
Andrew Bartlett [Wed, 15 Aug 2018 21:22:22 +0000 (09:22 +1200)]
ldb: Release LDB 1.3.6

 * make test fails on ldb 1.3.4 due to missing NULL terminator in tests (bug 13575)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
10 months agoldb: Fix missing NULL terminator in ldb_mod_op_test testsuite
Andrew Bartlett [Thu, 8 Mar 2018 01:01:50 +0000 (14:01 +1300)]
ldb: Fix missing NULL terminator in ldb_mod_op_test testsuite

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13575

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from commit f8b368c9f0c2a34b6d15303a9d6facd762e1a517)

10 months agolibsmb: Fix CID 1438243 Unchecked return value
Volker Lendecke [Wed, 8 Aug 2018 08:14:26 +0000 (10:14 +0200)]
libsmb: Fix CID 1438243 Unchecked return value

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug  8 23:10:22 CEST 2018 on sn-devel-144

10 months agolibsmb: Fix CID 1438244 Unsigned compared against 0
Volker Lendecke [Wed, 8 Aug 2018 08:08:38 +0000 (10:08 +0200)]
libsmb: Fix CID 1438244 Unsigned compared against 0

ndr_size_dom_sid returns a size_t, so that can't be <0. Also, the only
case that ndr_size_dom_sid returns 0 is a NULL sid
pointer. ndr_size_dom_sid can reasonably be assumed to not overflow, the
number of sub-auths is a uint8. That times 4 plus 8 always fits into a
size_t.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
10 months agosmbd: Fix CID 1438245 Dereference before null check
Volker Lendecke [Tue, 7 Aug 2018 20:50:52 +0000 (22:50 +0200)]
smbd: Fix CID 1438245 Dereference before null check

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
10 months agosmbd: Fix CID 1438246 Unchecked return value
Volker Lendecke [Tue, 7 Aug 2018 20:49:16 +0000 (22:49 +0200)]
smbd: Fix CID 1438246 Unchecked return value

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
10 months agosmbd: Align integer types
Volker Lendecke [Tue, 7 Aug 2018 20:48:58 +0000 (22:48 +0200)]
smbd: Align integer types

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
10 months agoctdb: add expiry test for ctdb_mutex_ceph_rados_helper
David Disseldorp [Fri, 20 Jul 2018 15:20:08 +0000 (17:20 +0200)]
ctdb: add expiry test for ctdb_mutex_ceph_rados_helper

Kill the ctdb_mutex_ceph_rados_helper with SIGKILL and then confirm
that the lock is automatically released following expiry.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Aug  9 16:26:36 CEST 2018 on sn-devel-144

(cherry picked from commit 4abf348ec4cbb78d3216d5e8c5f3020d4499f10a)

10 months agoctdb_mutex_ceph_rados_helper: fix deadlock via lock renewals
David Disseldorp [Thu, 19 Jul 2018 09:55:23 +0000 (11:55 +0200)]
ctdb_mutex_ceph_rados_helper: fix deadlock via lock renewals

RADOS locks without expiry persist indefinitely. This results in CTDB
deadlock during failover if the recovery master dies unexpectedly, as
subsequently elected recovery master nodes can't obtain the recovery
lock.
Avoid deadlock by using a lock expiration time (10s by default), and
renewing it periodically.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13540

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit ce289e89e5c469cf2c5626dc7f2666b945dba3bd)

10 months agoctdb_mutex_ceph_rados_helper: rename timer_ev to ppid_timer_ev
David Disseldorp [Tue, 17 Jul 2018 21:36:36 +0000 (23:36 +0200)]
ctdb_mutex_ceph_rados_helper: rename timer_ev to ppid_timer_ev

In preparation for adding a lock refresh timer.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 91a89c146453ca203a83dc2ba555bb93276c4d7f)

10 months agoctdb_mutex_ceph_rados_helper: use talloc destructor for cleanup
David Disseldorp [Thu, 19 Jul 2018 16:46:27 +0000 (18:46 +0200)]
ctdb_mutex_ceph_rados_helper: use talloc destructor for cleanup

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 8d30fd591600ac17c742cd78c7bc4056bba6b877)

10 months agoctdb_mutex_ceph_rados_helper: Set SIGINT signal handler
Samuel Cabrero [Fri, 15 Jun 2018 16:15:53 +0000 (18:15 +0200)]
ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler

Set a handler for SIGINT to release the lock.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 85706bd27535eaa4ec653f99b1910fbd8f2aab88)

10 months agoctdb/build: link ctdb_mutex_ceph_rados_helper against ceph-common
David Disseldorp [Mon, 9 Jul 2018 12:53:00 +0000 (14:53 +0200)]
ctdb/build: link ctdb_mutex_ceph_rados_helper against ceph-common

ceph-common linkage is needed with new versions of Ceph.
Also respect the --libcephfs_dir=<path> parameter when provided.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit bd64af6b8861f892e6ae2840a493f037d1e0a06c)

10 months agodocs: Add manpage for winbind_krb5_localauth.8
Andreas Schneider [Wed, 27 Jun 2018 13:06:07 +0000 (15:06 +0200)]
docs: Add manpage for winbind_krb5_localauth.8

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 27 18:45:56 CEST 2018 on sn-devel-144

(cherry picked from commit e88d68c253b4398eaed701d1a9bcc1b83882e127)

10 months agodocs: Move winbind_krb5_locator manpage to volume 8
Andreas Schneider [Wed, 27 Jun 2018 13:14:15 +0000 (15:14 +0200)]
docs: Move winbind_krb5_locator manpage to volume 8

The vfs and idmap manpages are in volume 8 too.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 6b7fcec01524ea1c4f2d923cc9cc2c17af3c3a21)

10 months agokrb5_plugin: Move krb5 locator plugin to krb5_plugin subdir
Andreas Schneider [Wed, 27 Jun 2018 12:08:56 +0000 (14:08 +0200)]
krb5_plugin: Move krb5 locator plugin to krb5_plugin subdir

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 4a7e0f259bb7f1ebce48523767262addda08fe14)

10 months agokrb5_plugin: Install plugins to krb5 modules dir
Andreas Schneider [Wed, 27 Jun 2018 12:06:39 +0000 (14:06 +0200)]
krb5_plugin: Install plugins to krb5 modules dir

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit eba2eb8a15c7a25b1436907a5339241492c81097)

10 months agos3: tests: smbclient. Regression test to ensure we get NT_STATUS_DIRECTORY_NOT_EMPTY...
Jeremy Allison [Thu, 9 Aug 2018 17:02:26 +0000 (10:02 -0700)]
s3: tests: smbclient. Regression test to ensure we get NT_STATUS_DIRECTORY_NOT_EMPTY on rmdir.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13204

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 10 21:08:14 CEST 2018 on sn-devel-144

(cherry picked from commit bca400847f2fcc3dd1398e166c1964cb88822071)

10 months agos4/torture: Add new test for DELETE_ON_CLOSE on non-empty directories
Anoop C S [Thu, 9 Aug 2018 14:32:05 +0000 (20:02 +0530)]
s4/torture: Add new test for DELETE_ON_CLOSE on non-empty directories

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13204

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 6a7f11746c9cc3cdc5307e540bdd1f3f10fed05b)

10 months agos3/libsmb: Explicitly set delete_on_close token for rmdir
Anoop C S [Thu, 9 Aug 2018 06:58:41 +0000 (12:28 +0530)]
s3/libsmb: Explicitly set delete_on_close token for rmdir

The current implementation of `rmdir` hopes to get the directory deleted
on closing last open handle when FILE_DELETE_ON_CLOSE is set on it. But
for non-empty directories Windows doesn't error out during an open call.
Following that we internally refuse to set initial delete_on_close while
opening a non-empty directory. This prevents us from trying to delete
the directory when last open handle is closed.

Instead of relying on FILE_DELETE_ON_CLOSE during an open we explicitly
set delete_on_close token on directory handle once it is available. This
ensures that NT_STATUS_DIRECTORY_NOT_EMPTY is returned for `rmdir` on
non-empty directories while closing open directory handle.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13204

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 6b68e3eca631c04d6d57c489daf60f64732fc86d)

11 months agoVERSION: Bump version up to 4.8.5.
Karolin Seeger [Tue, 14 Aug 2018 10:19:44 +0000 (12:19 +0200)]
VERSION: Bump version up to 4.8.5.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
11 months agoMerge tag 'samba-4.8.4' into v4-8-test
Karolin Seeger [Tue, 14 Aug 2018 10:16:21 +0000 (12:16 +0200)]
Merge tag 'samba-4.8.4' into v4-8-test

samba: tag release samba-4.8.4

11 months agos3/smbd: Ensure quota code is only called when quota support detected
Noel Power [Tue, 7 Aug 2018 10:06:34 +0000 (11:06 +0100)]
s3/smbd: Ensure quota code is only called when quota support detected

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13563
Signed-off-by: Noel Power <noel.power@suse.com>
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Mon Aug 13 17:25:23 CEST 2018 on sn-devel-144

11 months agosystemd: Only start smb when network interfaces are up
Oleksandr Natalenko [Fri, 3 Aug 2018 12:34:47 +0000 (14:34 +0200)]
systemd: Only start smb when network interfaces are up

For smb, if the smb.conf contains explicit bindings to the network
interfaces, the service must wait till network interfaces are up,
otherwise the service won't be operational.

The 0e571054a61e commit and the BZ 13184 have fixed this for nmb and
samba, so do exactly the same here, for smb.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13559

Signed-off-by: Oleksandr Natalenko <oleksandr@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit a3d248f284eb2e5f4fe886310e481b28c9f1c392)

11 months agos3/utils: fix regression where specifying -Unetbios/root works
Noel Power [Thu, 28 Jun 2018 15:04:24 +0000 (16:04 +0100)]
s3/utils: fix regression where specifying -Unetbios/root works

Usually you need to be root on a linux server to modify quotas. Even
with a linux server joined to a windows AD you could always log in as
local root with smbcquotas. However in recent builds this has changed.
This patch fixes this

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Jul 31 19:45:59 CEST 2018 on sn-devel-144

11 months agos3/smbd: allow set quota for non root user (when built with --enable-selftest)
Noel Power [Wed, 22 Mar 2017 20:06:13 +0000 (20:06 +0000)]
s3/smbd: allow set quota for non root user (when built with --enable-selftest)

Currently it appears you need to be root to set quotas, for test purposes
this requirement needs to be relaxed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
11 months agos3/script/tests: Add simple (smb1 & smb2) get/set/list tests for smbcquotas
Noel Power [Tue, 21 Mar 2017 08:29:59 +0000 (08:29 +0000)]
s3/script/tests: Add simple (smb1 & smb2) get/set/list tests for smbcquotas

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
11 months agos3/script/test: modify existing smbcquota test to use SMB2 in addition to SMB1.
Noel Power [Wed, 8 Mar 2017 14:27:27 +0000 (14:27 +0000)]
s3/script/test: modify existing smbcquota test to use SMB2 in addition to SMB1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
11 months agos3/smbd: smb2 server implementation for query get/set info.
Noel Power [Fri, 26 May 2017 15:02:33 +0000 (16:02 +0100)]
s3/smbd: smb2 server implementation for query get/set info.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
11 months agos3/smbd: adjust smb1 server to use idl structs and generated ndr push/pull funcs
Noel Power [Fri, 26 May 2017 15:01:53 +0000 (16:01 +0100)]
s3/smbd: adjust smb1 server to use idl structs and generated ndr push/pull funcs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
11 months agos3/libsmb: adjust smb2 code for new idl structs & generated ndr push/pull funcs.
Noel Power [Fri, 26 May 2017 14:50:18 +0000 (15:50 +0100)]
s3/libsmb: adjust smb2 code for new idl structs & generated ndr push/pull funcs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
11 months agos3/libsmb: adjust smb1 cli code to use idl structs and ndr push/pull funcs.
Noel Power [Fri, 26 May 2017 14:01:17 +0000 (15:01 +0100)]
s3/libsmb: adjust smb1 cli code to use idl structs and ndr push/pull funcs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
11 months agolibrpc/idl Add some query [getset]info quota related structures
Noel Power [Thu, 2 Mar 2017 09:20:24 +0000 (09:20 +0000)]
librpc/idl Add some query [getset]info quota related structures

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
11 months agos3/smbd: Don't stat when doing a quota operation (as it's a fake file)
Noel Power [Tue, 28 Feb 2017 11:36:47 +0000 (11:36 +0000)]
s3/smbd: Don't stat when doing a quota operation (as it's a fake file)

calling SMB_VFS_STAT on the quota fake file fails and caused
FS_INFO/FileFsControlInfo request to error out early, in turn stopped a
Win8.1 client from proceeding with quota queries.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
11 months agos3/libsmb: Avoid potential smbpanic calling parse_user_quota_list.
Noel Power [Tue, 28 Feb 2017 15:04:16 +0000 (15:04 +0000)]
s3/libsmb: Avoid potential smbpanic calling parse_user_quota_list.

Calling parse_user_quota_list with a NULL buffer can cause a panic, while
this shouldn't happen, I managed to trigger this with an early implementation
of SMB2 quota support in smbd which didn't pass back NT_STATUS_NO_MORE_ENTRIES
when handling a SMB2_0_INFO_QUOTA GETINFO message.
OTHOH the Windows client handled the same situation gracefully.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
11 months agos3/lib: Fix misleading typo in debug message
Noel Power [Wed, 22 Mar 2017 14:53:22 +0000 (14:53 +0000)]
s3/lib: Fix misleading typo in debug message

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
11 months agos3: smbd: Fix AIX sendfile() for SMB2. Ensure we don't spin on EAGAIN.
Jeremy Allison [Wed, 18 Jul 2018 22:49:29 +0000 (15:49 -0700)]
s3: smbd: Fix AIX sendfile() for SMB2. Ensure we don't spin on EAGAIN.

For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jul 20 15:14:24 CEST 2018 on sn-devel-144

(cherry picked from commit 582ce5d6b599516d6d8d619529a2aa809139a175)

11 months agos3: smbd: Fix FreeBSD sendfile() for SMB2. Ensure we don't spin on EAGAIN.
Jeremy Allison [Wed, 18 Jul 2018 22:44:34 +0000 (15:44 -0700)]
s3: smbd: Fix FreeBSD sendfile() for SMB2. Ensure we don't spin on EAGAIN.

For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 456e520a3be7e4b54f1f144324c3671b8f6e35ea)

11 months agos3: smbd: Fix HPUX sendfile() for SMB2. Ensure we don't spin on EAGAIN.
Jeremy Allison [Wed, 18 Jul 2018 22:36:47 +0000 (15:36 -0700)]
s3: smbd: Fix HPUX sendfile() for SMB2. Ensure we don't spin on EAGAIN.

For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit d222caa449d9c00bb2dd9da6c79ea509960d47c6)

11 months agos3: smbd: Fix Solaris sendfile() for SMB2. Ensure we don't spin on EAGAIN.
Jeremy Allison [Wed, 18 Jul 2018 22:29:37 +0000 (15:29 -0700)]
s3: smbd: Fix Solaris sendfile() for SMB2. Ensure we don't spin on EAGAIN.

For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 16a587075c8c62c1160869358ca56a133e90247a)

11 months agos3: smbd: Fix Linux sendfile() for SMB2. Ensure we don't spin on EAGAIN.
Jeremy Allison [Wed, 18 Jul 2018 20:32:49 +0000 (13:32 -0700)]
s3: smbd: Fix Linux sendfile() for SMB2. Ensure we don't spin on EAGAIN.

For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 809967b3eab7a1b48c186517701538ca93536246)

11 months agodns wildcards: fix BUG 13536
Gary Lockyer [Wed, 18 Jul 2018 03:33:26 +0000 (15:33 +1200)]
dns wildcards: fix BUG 13536

The current position in the dns name was not advanced past the '.'
character

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 20 04:40:31 CEST 2018 on sn-devel-144

(cherry picked from commit cef1b31cd1f33074e8ab6de52aa0fb74e9b57a9f)

11 months agodns wildcards: tests to confirm BUG 13536
Gary Lockyer [Wed, 18 Jul 2018 03:29:21 +0000 (15:29 +1200)]
dns wildcards: tests to confirm BUG 13536

DNS wildcard matching failing if more than one label to the left of the
wildcard. This commits adds tests to confirm the bug.

Wildcard entry: *.example.org
bar.example.com matches
foo.bar.example.com does not, but it it should.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0d3aec18679a2637430263a55de5e210a9201e21)

11 months agos3: smbd: fix path check in smbd_smb2_create_durable_lease_check()
Ralph Boehme [Tue, 17 Jul 2018 13:40:04 +0000 (15:40 +0200)]
s3: smbd: fix path check in smbd_smb2_create_durable_lease_check()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13535

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e60e9368cb3cb512e2506620d814187a692108e0)

11 months agos4: torture: run test_durable_v2_open_reopen2_lease() in a subdirectory
Ralph Boehme [Tue, 17 Jul 2018 13:56:05 +0000 (15:56 +0200)]
s4: torture: run test_durable_v2_open_reopen2_lease() in a subdirectory

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13535

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 725319743f1f2de934cbde477ca84430f5b2b4b4)

11 months agos3: libsmbclient: Fix cli_splice() fallback when reading less than a complete file.
Jeremy Allison [Thu, 12 Jul 2018 19:18:50 +0000 (12:18 -0700)]
s3: libsmbclient: Fix cli_splice() fallback when reading less than a complete file.

We were always asking for SPLICE_BLOCK_SIZE even when the
remaining bytes we wanted were smaller than that. This works
when using cli_splice() on a complete file, as the cli_read()
terminated the read at the right place. We always have the
space to read SPLICE_BLOCK_SIZE bytes so this isn't an overflow.

Found by Bailey Berro <baileyberro@google.com>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13527

Signed-off-by: Bailey Berro <baileyberro@google.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Jul 13 14:57:14 CEST 2018 on sn-devel-144

(cherry picked from commit c9656fd2977557ab20ec4e3d87c385a9b2f1bf43)

11 months agos3: torture: Test SMB1 cli_splice() fallback path when doing a non-full file splice.
Jeremy Allison [Thu, 12 Jul 2018 19:15:12 +0000 (12:15 -0700)]
s3: torture: Test SMB1 cli_splice() fallback path when doing a non-full file splice.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13527

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 1c8d1cceff852acaca4a0ec0da37b053ed03fe4a)
(cherry picked from commit 49d6c3f061284aac31c3ef21f88f9d69bdd86bd8)

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul 14 00:14:13 CEST 2018 on sn-devel-144

11 months agodocs/vfs_ceph: add CTDB_SAMBA_SKIP_SHARE_CHECK=yes caveat
David Disseldorp [Fri, 6 Jul 2018 11:31:43 +0000 (13:31 +0200)]
docs/vfs_ceph: add CTDB_SAMBA_SKIP_SHARE_CHECK=yes caveat

Mostly copied from the vfs_gluster manpage: the CephFS share path is not
locally mounted, which breaks the ctdb_check_directories_probe() check.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul  6 23:19:02 CEST 2018 on sn-devel-144

(cherry picked from commit 0cd44821f3889067620d685344c3eaf913a31329)

11 months agovfs_ceph: don't lie about flock support
David Disseldorp [Thu, 5 Jul 2018 15:18:15 +0000 (17:18 +0200)]
vfs_ceph: don't lie about flock support

Instead, match vfs_gluster behaviour and require that users explicitly
disable "kernel share modes".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13506

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 926ae50627d536735cee9b3931ee35bc19060261)

11 months agoldb: Refuse to build Samba against a newer minor version of ldb
Andrew Bartlett [Thu, 12 Jul 2018 00:34:56 +0000 (12:34 +1200)]
ldb: Refuse to build Samba against a newer minor version of ldb

Samba is not compatible with new versions of ldb (except release versions)

Other users would not notice the breakages, but Samba makes many
more assuptions about the LDB internals than any other package.

(Specifically, LDB 1.2 and 1.4 broke builds against released
Samba versions)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13519

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from commit 52efa796538ae004ca62ea32fc8c833472991be6)

11 months agosamba-tool trust: support discovery via netr_GetDcName
Alexander Bokovoy [Sat, 24 Feb 2018 12:34:44 +0000 (14:34 +0200)]
samba-tool trust: support discovery via netr_GetDcName

In case a remote DC does not support netr_DsRGetDCNameEx2(),
use netr_GetDcName() instead.

This should help with FreeIPA where embedded smbd runs as a domain
controller but does not implement full Active Directory compatibility.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13538

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Jul 24 09:55:23 CEST 2018 on sn-devel-144

(cherry picked from commit c390728819e73cefbf02e0d52d22805930f4c45b)

11 months agos3:selftest: run rpc.lsa.lookupsids also with explicit [smb1] and [smb2]
Stefan Metzmacher [Thu, 19 Jul 2018 05:34:11 +0000 (07:34 +0200)]
s3:selftest: run rpc.lsa.lookupsids also with explicit [smb1] and [smb2]

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 6800077c5c57c257326573537d1f2bb7a8066149)

11 months agos4:librpc: autonegotiate SMB1/2/3
Stefan Metzmacher [Wed, 18 Jul 2018 14:55:33 +0000 (16:55 +0200)]
s4:librpc: autonegotiate SMB1/2/3

Windows Server 1709 defaults to SMB2 and does not have SMB1 enabled.
When establishing trust, samba-tool does not specify SMB protocol
version and fail by default.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 4422f7382aad3090cb959ade030a02bf4fef81ac)

11 months agopython/tests: use explicit "client ipc max protocol = NT1" for samba.tests.net_join_n...
Stefan Metzmacher [Sun, 22 Jul 2018 22:17:35 +0000 (00:17 +0200)]
python/tests: use explicit "client ipc max protocol = NT1" for samba.tests.net_join_no_spnego

The tests rely on SMB1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 802e43bf742e756896fa73fcd139feca9ae293dd)

11 months agotests/auth_log: Permit SMB2 service description if empty binding is used for kerberos...
Alexander Bokovoy [Thu, 19 Jul 2018 11:07:39 +0000 (14:07 +0300)]
tests/auth_log: Permit SMB2 service description if empty binding is used for kerberos authentication

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 70a9cf9ccfc4075cc08209191db1bce2c9b432fc)

11 months agos4:libcli: add smb_connect_nego_{send,recv}()
Stefan Metzmacher [Wed, 18 Jul 2018 12:52:43 +0000 (14:52 +0200)]
s4:libcli: add smb_connect_nego_{send,recv}()

This can be used to create a connection up to a negotiated
smbXcli_conn.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit e4910f35eab008a41cfcac3d97b3647c721ac679)

11 months agos4:libcli: allow a fallback to NTLMSSP if SPNEGO is not supported locally
Stefan Metzmacher [Thu, 19 Jul 2018 21:04:33 +0000 (23:04 +0200)]
s4:libcli: allow a fallback to NTLMSSP if SPNEGO is not supported locally

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 5188454bdce80f6e2bfc45deca18bd1b7289a7a6)