vlendec/samba-autobuild/.git
13 months agoCVE-2018-10919 tests: Add tests for guessing confidential attributes
Tim Beale [Mon, 9 Jul 2018 03:57:59 +0000 (15:57 +1200)]
CVE-2018-10919 tests: Add tests for guessing confidential attributes

Adds tests that assert that a confidential attribute cannot be guessed
by an unprivileged user through wildcard DB searches.

The tests basically consist of a set of DB searches/assertions that
get run for:
- basic searches against a confidential attribute
- confidential attributes that get overridden by giving access to the
  user via an ACE (run against a variety of ACEs)
- protecting a non-confidential attribute via an ACL that denies read-
  access (run against a variety of ACEs)
- querying confidential attributes via the dirsync controls

These tests all pass when run against a Windows Dc and all fail against
a Samba DC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
13 months agoCVE-2018-10919 security: Add more comments to the object-specific access checks
Tim Beale [Fri, 20 Jul 2018 01:13:50 +0000 (13:13 +1200)]
CVE-2018-10919 security: Add more comments to the object-specific access checks

Reading the spec and then reading the code makes sense, but we could
comment the code more so it makes sense on its own.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
13 months agoCVE-2018-10919 security: Move object-specific access checks into separate function
Tim Beale [Thu, 19 Jul 2018 04:03:36 +0000 (16:03 +1200)]
CVE-2018-10919 security: Move object-specific access checks into separate function

Object-specific access checks refer to a specific section of the
MS-ADTS, and the code closely matches the spec. We need to extend this
logic to properly handle the Control-Access Right (CR), so it makes
sense to split the logic out into its own function.

This patch just moves the code, and should not alter the logic (apart
from ading in the boolean grant_access return variable.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
13 months agoCVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalNa...
Andrew Bartlett [Mon, 30 Jul 2018 02:00:18 +0000 (14:00 +1200)]
CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user

This regression was introduced in Samba 4.7 by bug 12842 and in
master git commit eb2e77970e41c1cb62c041877565e939c78ff52d.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13552

CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
13 months agoCVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious...
Jeremy Allison [Fri, 15 Jun 2018 22:08:17 +0000 (15:08 -0700)]
CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13453

CVE-2018-10858: Insufficient input validation on client directory
                listing in libsmbclient.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
13 months agoCVE-2018-10858: libsmb: Ensure smbc_urlencode() can't overwrite passed in buffer.
Jeremy Allison [Fri, 15 Jun 2018 22:07:17 +0000 (15:07 -0700)]
CVE-2018-10858: libsmb: Ensure smbc_urlencode() can't overwrite passed in buffer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13453

CVE-2018-10858: Insufficient input validation on client directory
listing in libsmbclient.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
13 months agoVERSION: Bump version up to 4.8.4...
Karolin Seeger [Mon, 25 Jun 2018 20:13:45 +0000 (22:13 +0200)]
VERSION: Bump version up to 4.8.4...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit 1df7f93b6ede803ec01424c48d2f1f3526c9818c)

14 months agoVERSION: Disable GIT_SNAPSHOT for the 4.8.3 release. samba-4.8.3
Karolin Seeger [Mon, 25 Jun 2018 20:12:30 +0000 (22:12 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.8.3 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
14 months agoWHATSNEW: Add release notes for Samba 4.8.3.
Karolin Seeger [Mon, 25 Jun 2018 20:11:56 +0000 (22:11 +0200)]
WHATSNEW: Add release notes for Samba 4.8.3.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
14 months agoldb: version 1.3.4 ldb-1.3.4
Andrew Bartlett [Tue, 26 Jun 2018 03:01:27 +0000 (15:01 +1200)]
ldb: version 1.3.4

* Fix memory leaks and missing error checks (bug 13459, 13471, 13475)
* Fix fallback to full scan (performance regression) on
  one-level search (bug 13448)
* Fix read corruption (missing results) during writes, particularly
  during a Samba subtree rename (bug 13452)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Tue Jun 26 13:31:53 CEST 2018 on sn-devel-144

14 months ago.gitlab-ci.yml: Adapt to current GitLab CI setup
Andrew Bartlett [Tue, 26 Jun 2018 02:59:26 +0000 (14:59 +1200)]
.gitlab-ci.yml: Adapt to current GitLab CI setup

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
14 months agoFix several mem leaks in ldb_index ldb_search ldb_tdb
Andrej Gessel [Thu, 14 Jun 2018 10:19:29 +0000 (12:19 +0200)]
Fix several mem leaks in ldb_index ldb_search ldb_tdb

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13475

Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 15 23:07:25 CEST 2018 on sn-devel-144

(cherry picked from commit 3ca1c09f686fbfa9257cd95710dba4a98c3eeb8f)

14 months agocheck return value before using key_values
Andrej Gessel [Tue, 19 Jun 2018 08:07:51 +0000 (10:07 +0200)]
check return value before using key_values

there are also mem leaks in this function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13475

Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f75e8f58cd2390c092631803d333adadb475306a)

14 months agoldb: check return values
Andrej Gessel [Fri, 15 Jun 2018 09:02:15 +0000 (11:02 +0200)]
ldb: check return values

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13475

Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6b52d21e6040699a72aff12fd6ebb34534dcb457)

14 months agoldb_tdb: Use mem_ctx and so avoid leak onto long-term memory on duplicated add.
Andrew Bartlett [Wed, 13 Jun 2018 09:20:00 +0000 (11:20 +0200)]
ldb_tdb: Use mem_ctx and so avoid leak onto long-term memory on duplicated add.

After a duplicated add a small amount of memory can be leaked onto a
long-term context.

Found by Andrej Gessel https://github.com/andiges

https://github.com/samba-team/samba/commit/e8fb45125e6a279b918694668e0d4fbddac10aee#commitcomment-29334102

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13471
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 15 04:39:41 CEST 2018 on sn-devel-144

(cherry picked from commit f4f3abfa0e18bb4968b37b1cac40cd8c185c8d7b)

14 months agoldb: Fix memory leak on module context
Lukas Slebodnik [Sat, 21 Oct 2017 13:09:01 +0000 (15:09 +0200)]
ldb: Fix memory leak on module context

Introduced in e8cdacc509016d9273d63faf334d9f827585c3eb

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13459

Signed-off-by: Lukas Slebodnik <lslebodn@fedoraproject.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun  1 11:10:24 CEST 2018 on sn-devel-144

(cherry picked from commit d161aa3522576545d269208426bb0014ee2ab35f)

14 months agoldb: Add tests for when we should expect a full scan
Andrew Bartlett [Wed, 23 May 2018 05:15:38 +0000 (17:15 +1200)]
ldb: Add tests for when we should expect a full scan

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13448

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit e99c199d811e607e7867e7b40d82a1642226c647)

14 months agoldb: One-level search was incorrectly falling back to full DB scan
Andrew Bartlett [Mon, 28 May 2018 22:04:29 +0000 (10:04 +1200)]
ldb: One-level search was incorrectly falling back to full DB scan

When no search filter is specified, the code falls back to using
'(|(objectClass=*)(distinguishedName=*)'. ltdb_index_dn() then failed
because matching against '*' is not indexed. The error return then
caused the code to fallback to a full-scan of the DB, which could have a
considerable performance hit.

Instead, we want to continue on and do the ltdb_index_filter() over the
indexed results that were returned.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13448

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit 88ae60ed186c9c479722ad62d65a07d0c2e71469)

14 months agoldb: Explain why an entry can vanish from the index
Andrew Bartlett [Mon, 28 May 2018 02:12:52 +0000 (14:12 +1200)]
ldb: Explain why an entry can vanish from the index

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit 9e143ee9b9f7be53c193cee3153f64c4dedc07e9)

14 months agoldb: Indicate that the ltdb_dn_list_sort() in list_union is a bit subtle.
Andrew Bartlett [Mon, 28 May 2018 01:02:16 +0000 (13:02 +1200)]
ldb: Indicate that the ltdb_dn_list_sort() in list_union is a bit subtle.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit 3632775d7ad31e06437ed76b8731d9895930caa1)

14 months agoldb: Save a copy of the index result before calling the callbacks.
Andrew Bartlett [Mon, 28 May 2018 01:01:18 +0000 (13:01 +1200)]
ldb: Save a copy of the index result before calling the callbacks.

Otherwise Samba modules like subtree_rename can fail as they modify the
index during the callback.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13452

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit d02cd236dcbd8a44ecc85d1f7e95a48c95c0a479)

14 months agosamdb: Fix build error with gcc8
Andreas Schneider [Mon, 18 Jun 2018 08:24:06 +0000 (10:24 +0200)]
samdb: Fix build error with gcc8

../source4/dsdb/samdb/ldb_modules/samldb.c: In function ‘samldb_add’:
../source4/dsdb/samdb/ldb_modules/samldb.c:424:6: error: ‘found’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
   if (found) {
      ^
../source4/dsdb/samdb/ldb_modules/samldb.c:348:11: note: ‘found’ was declared here
  bool ok, found;
           ^~~~~

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 76828876faa3cd463023e323983df0be597c7361)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Tue Jun 26 02:26:15 CEST 2018 on sn-devel-144

14 months agos3:winbind: Fix regression introduced with bso #12851
Andreas Schneider [Wed, 20 Jun 2018 09:38:28 +0000 (11:38 +0200)]
s3:winbind: Fix regression introduced with bso #12851

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12851

Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit c1c764925e24788905ab91aa455b415765d6f71f)

14 months agos3:smbget: Fix buffer truncation issues with gcc8
Andreas Schneider [Mon, 18 Jun 2018 08:43:53 +0000 (10:43 +0200)]
s3:smbget: Fix buffer truncation issues with gcc8

../source3/utils/smbget.c: In function ‘smb_download_file’:
../source3/utils/smbget.c:97:27: error: ‘b’ directive output may be truncated writing 1 byte into a region of size between 0 and 19 [-Werror=format-truncation=]
   snprintf(buffer, l, "%jdb", (intmax_t)s);
                           ^

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 4a3164e0beea35c1f4ce44fbe43547f7104587d1)

14 months agos3:registry: Fix buffer truncation issues issues with gcc8
Andreas Schneider [Mon, 18 Jun 2018 08:34:27 +0000 (10:34 +0200)]
s3:registry: Fix buffer truncation issues issues with gcc8

../source3/registry/reg_perfcount.c: In function ‘reg_perfcount_get_hkpd’:
../source3/registry/reg_perfcount.c:337:29: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation=]
   snprintf(buf, buflen,"%d%s", key_part1, key_part2);

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 29f6842ee86b768f3677b38c5640655e312c398e)

14 months agoheimdal: lib/krb5: do not fail set_config_files due to parse error
Jeffrey Altman [Thu, 16 Jun 2016 20:25:41 +0000 (16:25 -0400)]
heimdal: lib/krb5: do not fail set_config_files due to parse error

Follow Apple's lead and do not fail krb5_set_config_files() simply
because one of the files in the profile list fails to parse correctly.
Doing so can lead to hard to find failures and could lead to an end
user shooting themselves in the foot and no longer be able to login
to their system to fix it.

Parse as many of the files as we can.  Only fail krb5_set_config_files()
if init_context_from_config_file() fails.

Change-Id: I122664c6d707a5f926643808ba414bf4f681f8b8

Cherry-pick of Heimdal commit b7cf5e7caf9b270f4d4151d2690177b11a7a1bdf

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11573

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit f05a1554b770c6a2c905170347bfb41157f4aa78)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Mon Jun 25 17:30:14 CEST 2018 on sn-devel-144

14 months agokrb5_plugin: Add winbind localauth plugin for MIT Kerberos
Andreas Schneider [Fri, 15 Jun 2018 12:59:00 +0000 (14:59 +0200)]
krb5_plugin: Add winbind localauth plugin for MIT Kerberos

Applications (like OpenSSH) don't know about users and and
their relationship to Kerberos principals. This plugin allows that
Kerberos principals can be validated against local user accounts.

Administrator@WURST.WORLD -> WURST\Administrator

https://web.mit.edu/kerberos/krb5-latest/doc/plugindev/localauth.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13480

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 5e89a23ffaceccdc83d70a4ab2798ae25c10d580)

14 months agokrb5_wrap: fix keep_old_entries logic for older kerberos libraries
Christof Schmitt [Tue, 19 Jun 2018 22:09:41 +0000 (15:09 -0700)]
krb5_wrap: fix keep_old_entries logic for older kerberos libraries

MIT kerberos 1.13 and older only stores 8 bits of the KVNO. The change
from commit 35b2fb4ff32 resulted in breakage for these kerberos
versions: 'net ads keytab create' reads a large KVNO from AD, and only
the lower 8 bits are stored. The next check then removed the entry again
as the 8 bit value did not match the currently valid KVNO.

Fix this by limiting the check to only 8 bits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13478

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Sat Jun 23 00:57:47 CEST 2018 on sn-devel-144

(cherry picked from commit 97eaeea6a130871cfac5be42459380c0c4e0fae6)

14 months agobla
Karolin Seeger [Mon, 25 Jun 2018 10:45:35 +0000 (12:45 +0200)]
bla

15 months agopython: Fix talloc frame use in make_simple_acl().
Jeremy Allison [Thu, 14 Jun 2018 21:08:36 +0000 (14:08 -0700)]
python: Fix talloc frame use in make_simple_acl().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13474

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This was fixed differently by commit
539f51f0dfbe4ce317a2978982fd0fc9a7fd6922 in master.

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Wed Jun 20 13:53:29 CEST 2018 on sn-devel-144

15 months agos3: smbd: printing: Re-implement delete-on-close semantics for print files missing...
Jeremy Allison [Thu, 31 May 2018 17:35:48 +0000 (10:35 -0700)]
s3: smbd: printing: Re-implement delete-on-close semantics for print files missing since 3.5.x.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13457

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun  1 20:32:03 CEST 2018 on sn-devel-144

(cherry picked from commit 364175b359f018c8641359440fa07b0ea567b045)

15 months agos3: torture: Add DELETE-PRINT test.
Jeremy Allison [Thu, 31 May 2018 17:18:21 +0000 (10:18 -0700)]
s3: torture: Add DELETE-PRINT test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13457

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 42f049858f2037aab5b2097036db3e0375fdbf30)

15 months agolib: Fix array size in audit_logging
Andreas Schneider [Wed, 16 May 2018 11:59:55 +0000 (13:59 +0200)]
lib: Fix array size in audit_logging

../lib/audit_logging/audit_logging.c: In function ‘json_add_timestamp’:
../lib/audit_logging/audit_logging.c:603:12: error: ‘%s’ directive
       output may be truncated writing up to 9 bytes into a region of size
       between 0 and 43 [-Werror=format-truncation=]
   "%s.%06ld%s",
            ^~
../lib/audit_logging/audit_logging.c:606:3:
   tz);
   ~~
../lib/audit_logging/audit_logging.c:600:2: note: ‘snprintf’ output
       between 8 and 70 bytes into a destination of size 50
  snprintf(
  ^~~~~~~~~
   timestamp,
   ~~~~~~~~~~
   sizeof(timestamp),
   ~~~~~~~~~~~~~~~~~~
   "%s.%06ld%s",
   ~~~~~~~~~~~~~
   buffer,
   ~~~~~~~
   tv.tv_usec,
   ~~~~~~~~~~~
   tz);
   ~~~

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 8b7c8eb3907e2123acee67949e88c26072afc81a)

15 months agos4:ntvfs: Fix string copy of share_name
Andreas Schneider [Tue, 15 May 2018 15:55:22 +0000 (17:55 +0200)]
s4:ntvfs: Fix string copy of share_name

../source4/ntvfs/ipc/rap_server.c:70:3: error: ‘strncpy’ specified bound 13 equals destination size [-Werror=stringop-truncation]
   strncpy((char *)r->out.info[j].info1.share_name,
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    snames[i],
    ~~~~~~~~~~
    sizeof(r->out.info[0].info1.share_name));
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 609ef35c12900bbd5ecaa557f7b5d71b5784a103)

15 months agolib:util: Fix size types in debug.c
Andreas Schneider [Tue, 8 May 2018 07:31:51 +0000 (09:31 +0200)]
lib:util: Fix size types in debug.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit fb6cd9c44ac6fcc9f6abe3b63fc742aeac42969a)

15 months agolib:util: Fix parameter aliasing in tfork test
Andreas Schneider [Wed, 9 May 2018 15:52:19 +0000 (17:52 +0200)]
lib:util: Fix parameter aliasing in tfork test

../lib/util/tests/tfork.c:483:24: error: passing argument 1 to
    restrict-qualified parameter aliases with argument 4 [-Werror=restrict]
   ret = pthread_create(&threads[i],
                        ^~~~~~~~~~~
../lib/util/tests/tfork.c:486:10:
          (void *)&threads[i]);
          ~~~~~~~~~~~~~~~~~~~

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 6f06a0154f5769cb85f6e189eecd78cd7805090a)

15 months agos3:winbind: Fix uninitialzed variable warning
Andreas Schneider [Wed, 9 May 2018 16:07:47 +0000 (18:07 +0200)]
s3:winbind: Fix uninitialzed variable warning

Raised by GCC8.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 6b728b87bf5726f14100d76956c3df3fd9bb1058)

15 months agos3:passdb: Fix size of ascii_p16
Andreas Schneider [Wed, 9 May 2018 16:05:01 +0000 (18:05 +0200)]
s3:passdb: Fix size of ascii_p16

../source3/passdb/pdb_smbpasswd.c: In function ‘mod_smbfilepwd_entry’:
../source3/passdb/pdb_smbpasswd.c:1015:7: error: ‘:LCT-’ directive
    output may be truncated writing 5 bytes into a region of size between 0
    and 255 [-Werror=format-truncat ion=]
    "%s:LCT-%08X:",
       ^~~~~
../source3/passdb/pdb_smbpasswd.c:1015:4: note: using the range [0,
    4294967295] for directive argument
    "%s:LCT-%08X:",
    ^~~~~~~~~~~~~~
In file included from ../source3/include/includes.h:23,
                 from ../source3/passdb/pdb_smbpasswd.c:23:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output
    between 15 and 270 bytes into a destination of size 255
 #define slprintf snprintf
../source3/passdb/pdb_smbpasswd.c:1013:3: note: in expansion of macro ‘slprintf’
   slprintf(&ascii_p16[strlen(ascii_p16)],
   ^~~~~~~~

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 728297ca889b39ce2006778bf6a5bf1c3ce82d6d)

15 months agos3:lib: Use memcpy() in escape_ldap_string()
Andreas Schneider [Wed, 9 May 2018 15:29:39 +0000 (17:29 +0200)]
s3:lib: Use memcpy() in escape_ldap_string()

../source3/lib/ldap_escape.c: In function ‘escape_ldap_string’:
../source3/lib/ldap_escape.c:79:4: error: ‘strncpy’ output truncated
    before terminating nul copying 3 bytes from a string of the same length
[-Werror=stringop-truncation]
    strncpy (p, sub, 3);
    ^~~~~~~~~~~~~~~~~~~

We concatenat and do not care about NUL-termination till the loop has
finished.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit ff7568daaeb19ff30f47f7f600ead247eaf4e826)

15 months agos4:torture: Use strlcpy() in gen_name()
Andreas Schneider [Wed, 9 May 2018 15:35:45 +0000 (17:35 +0200)]
s4:torture: Use strlcpy() in gen_name()

../source4/torture/basic/mangle_test.c: In function ‘gen_name’:
../source4/torture/basic/mangle_test.c:148:3: error: ‘strncpy’ output
    truncated before terminating nul copying 5 bytes from a string of the
    same length [-Werror=stringop-truncation]
   strncpy(p, "ABCDE", 5);
   ^~~~~~~~~~~~~~~~~~~~~~

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 7a00d90d668f53914ffe035c41a5e79e60b51521)

15 months agolib:util: Fix string check in mkdir_p()
Andreas Schneider [Tue, 8 May 2018 07:22:00 +0000 (09:22 +0200)]
lib:util: Fix string check in mkdir_p()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 7cec343a89a0862c09f5ddd4707eb442157a4af2)

15 months agos3-utils: fix format-truncation in smbpasswd
Günther Deschner [Tue, 8 May 2018 12:13:56 +0000 (14:13 +0200)]
s3-utils: fix format-truncation in smbpasswd

../source3/utils/smbpasswd.c: In function ‘process_root’:
../source3/utils/smbpasswd.c:414:37: error: ‘$’ directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
   slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
                                     ^
In file included from ../source3/include/includes.h:23,
                 from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between 2 and 257 bytes into a destination of size 255
 #define slprintf snprintf
../source3/utils/smbpasswd.c:414:3: note: in expansion of macro ‘slprintf’
   slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
   ^~~~~~~~
../source3/utils/smbpasswd.c:397:35: error: ‘$’ directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
   slprintf(buf, sizeof(buf)-1, "%s$", user_name);
                                   ^
In file included from ../source3/include/includes.h:23,
                 from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between 2 and 257 bytes into a destination of size 255
 #define slprintf snprintf
../source3/utils/smbpasswd.c:397:3: note: in expansion of macro ‘slprintf’
   slprintf(buf, sizeof(buf)-1, "%s$", user_name);
   ^~~~~~~~
cc1: some warnings being treated as errors

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Pair-Programmed-With: Andreas Schneider <asn@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 9b6dc8f504c406ed8a044e5becca7e8f01da6c84)

15 months agos4-torture: fix format-truncation warning in smb2 session tests.
Günther Deschner [Tue, 8 May 2018 11:54:53 +0000 (13:54 +0200)]
s4-torture: fix format-truncation warning in smb2 session tests.

../source4/torture/smb2/session.c: In function ‘test_session_reauth5’:
../source4/torture/smb2/session.c:645:36: error: ‘\file.dat’ directive output may be truncated writing 9 bytes into a region of size between 1 and 256 [-Werror=format-truncation=]
  snprintf(fname, sizeof(fname), "%s\\file.dat", dname);
                                    ^~~~~~~~~~
../source4/torture/smb2/session.c:645:2: note: ‘snprintf’ output between 10 and 265 bytes into a destination of size 256
  snprintf(fname, sizeof(fname), "%s\\file.dat", dname);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../source4/torture/smb2/session.c:696:38: error: ‘\file2.dat’ directive output may be truncated writing 10 bytes into a region of size between 1 and 256 [-Werror=format-truncation=]
  snprintf(fname2, sizeof(fname2), "%s\\file2.dat", dname);
                                      ^~~~~~~~~~~
../source4/torture/smb2/session.c:696:2: note: ‘snprintf’ output between 11 and 266 bytes into a destination of size 256
  snprintf(fname2, sizeof(fname2), "%s\\file2.dat", dname);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5729898248041794ffdd0b769332e015baf12cce)

15 months agos3-printing: fix format-truncation in print_queue_update()
Günther Deschner [Tue, 8 May 2018 11:46:11 +0000 (13:46 +0200)]
s3-printing: fix format-truncation in print_queue_update()

../source3/printing/printing.c: In function ‘print_queue_update’:
../source3/printing/printing.c:1809:42: error: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size 244 [-Werror=format-truncation=]
  snprintf(key, sizeof(key), "MSG_PENDING/%s", sharename);
                                          ^~   ~~~~~~~~~
../source3/printing/printing.c:1809:2: note: ‘snprintf’ output between 13 and 268 bytes into a destination of size 256
  snprintf(key, sizeof(key), "MSG_PENDING/%s", sharename);

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 6326b3415f3e225aafd5912d0965c80abcd7b22c)

15 months agos3-winbindd: remove unused fill_domain_username()
Günther Deschner [Tue, 8 May 2018 09:19:42 +0000 (11:19 +0200)]
s3-winbindd: remove unused fill_domain_username()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b24d4eb7afad82afc3a9bab65e1d799edc4b5172)

15 months agos3-winbindd: use fill_domain_username_talloc() in winbind.
Günther Deschner [Tue, 8 May 2018 09:18:56 +0000 (11:18 +0200)]
s3-winbindd: use fill_domain_username_talloc() in winbind.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 3c6481d75cea175d0a69988577163efb40e2316b)

15 months agos4-heimdal: Fix the format-truncation errors.
Günther Deschner [Wed, 30 May 2018 07:27:49 +0000 (09:27 +0200)]
s4-heimdal: Fix the format-truncation errors.

../source4/heimdal/lib/com_err/compile_et.c: In function ‘generate_h’:
../source4/heimdal/lib/com_err/compile_et.c:138:33: error: ‘%s’ directive output may be truncated writing up to 127 bytes into a region of size 126 [-Werror=format-truncation=]
     snprintf(fn, sizeof(fn), "__%s__", hfn);
                                 ^~     ~~~
../source4/heimdal/lib/com_err/compile_et.c:138:5: note: ‘snprintf’ output between 5 and 132 bytes into a destination of size 128
     snprintf(fn, sizeof(fn), "__%s__", hfn);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../source4/heimdal/lib/com_err/compile_et.c: In function ‘main’:
../source4/heimdal/lib/com_err/compile_et.c:234:35: error: ‘.h’ directive output may be truncated writing 2 bytes into a region of size between 1 and 128 [-Werror=format-truncation=]
     snprintf(hfn, sizeof(hfn), "%s.h", Basename);
                                   ^~
../source4/heimdal/lib/com_err/compile_et.c:234:5: note: ‘snprintf’ output between 3 and 130 bytes into a destination of size 128
     snprintf(hfn, sizeof(hfn), "%s.h", Basename);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../source4/heimdal/lib/com_err/compile_et.c:235:35: error: ‘.c’ directive output may be truncated writing 2 bytes into a region of size between 1 and 128 [-Werror=format-truncation=]
     snprintf(cfn, sizeof(cfn), "%s.c", Basename);
                                   ^~
../source4/heimdal/lib/com_err/compile_et.c:235:5: note: ‘snprintf’ output between 3 and 130 bytes into a destination of size 128
     snprintf(cfn, sizeof(cfn), "%s.c", Basename);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun  8 13:23:51 CEST 2018 on sn-devel-144

15 months agos3: smbtorture: Add new SMB2-DIR-FSYNC test to show behavior of FSYNC on directories.
Jeremy Allison [Thu, 10 May 2018 18:30:24 +0000 (11:30 -0700)]
s3: smbtorture: Add new SMB2-DIR-FSYNC test to show behavior of FSYNC on directories.

Tests against a directory handle on the root of a share,
and a directory handle on a sub-directory in a share.

Check SEC_DIR_ADD_FILE and SEC_DIR_ADD_SUBDIR separately,
either allows flush to succeed.

Passes against Windows.

Regression test for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13428

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 18 02:38:50 CEST 2018 on sn-devel-144

(cherry picked from commit d42f467a25e75e5487a00378609a24809ddc83ee)

15 months agos3: smbd: Fix SMB2-FLUSH against directories.
Jeremy Allison [Thu, 10 May 2018 17:26:52 +0000 (10:26 -0700)]
s3: smbd: Fix SMB2-FLUSH against directories.

Directories opened with either FILE_ADD_FILE or
FILE_ADD_SUBDIRECTORY can be flushed even if
they're not writable in the conventional sense.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13428

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 42aadf42f27053e621f2a6b72448afebb3f5082a)

15 months agosmbd: Flush dfree memcache on service reload
Christof Schmitt [Sat, 19 May 2018 03:51:58 +0000 (20:51 -0700)]
smbd: Flush dfree memcache on service reload

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e30d0c0e0d11f65b2d1886be3c0fe9e32eaf3926)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Thu Jun  7 14:09:12 CEST 2018 on sn-devel-144

15 months agosmbd: Cache dfree information based on query path
Christof Schmitt [Wed, 16 May 2018 20:17:52 +0000 (13:17 -0700)]
smbd: Cache dfree information based on query path

Sub directories in a SMB share can have different free space information
(e.g. when a different file system is mounted there). Caching the dfree
information per SMB share will return invalid data. Address this by
switching to memcache and store the cached data based on the query path.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8f121747b06ca78cf51801a3931b2ddd1a424c77)

15 months agomemcache: Add new cache type for dfree information
Christof Schmitt [Wed, 16 May 2018 20:05:36 +0000 (13:05 -0700)]
memcache: Add new cache type for dfree information

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f5d05562679f6aa691b98b4a75952f7dda7ed343)

15 months agoselftest: Add test for 'dfree cache'
Christof Schmitt [Wed, 23 May 2018 18:25:42 +0000 (11:25 -0700)]
selftest: Add test for 'dfree cache'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit a55b3d2fcc2f7737a2702bf908dcf1f80969bf21)

15 months agoselftest: Add dfq_cache share with 'dfree cache time' set
Christof Schmitt [Wed, 23 May 2018 18:07:54 +0000 (11:07 -0700)]
selftest: Add dfq_cache share with 'dfree cache time' set

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7ffcbd5ce1222971cb9879f78765d87cdc4102a8)

15 months agolib/util: Call log_stack_trace() in smb_panic_default()
Andrew Bartlett [Tue, 10 Apr 2018 04:37:45 +0000 (16:37 +1200)]
lib/util: Call log_stack_trace() in smb_panic_default()

This matches the AD DC with the behaviour in smbd.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13454

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 11 04:03:07 CEST 2018 on sn-devel-144

(cherry picked from commit 462eb4a44cc51dc17aebbcd5c609c9ff7f088554)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Mon Jun  4 14:30:55 CEST 2018 on sn-devel-144

15 months agolib/util: Move log_stack_trace() to common code
Andrew Bartlett [Tue, 10 Apr 2018 04:35:07 +0000 (16:35 +1200)]
lib/util: Move log_stack_trace() to common code

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13454
(cherry picked from commit bf9551902afdb32310db4a3381964c435dd08bf0)

15 months agolib/util: Log PANIC before calling pacic action just like s3
Andrew Bartlett [Tue, 10 Apr 2018 04:06:12 +0000 (16:06 +1200)]
lib/util: Log PANIC before calling pacic action just like s3

This is like the changes made in s3 by
4fa555980070d78b39711ef21d77628d26055bc2

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13454
(cherry picked from commit 3acc00b6808d5d5ad035d9d43526204db1608c8a)

15 months agos3-lib: Remove support for libexc for IRIX backtraces
Andrew Bartlett [Tue, 10 Apr 2018 03:54:10 +0000 (15:54 +1200)]
s3-lib: Remove support for libexc for IRIX backtraces

IRIX is long dead, and this code needs become_root() which is not in
the top level code.

Additionally, the check for libexc never made it into waf, so this
has been dead code since Samba 4.1.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13454
(cherry picked from commit 85dc9ee14023a8fb84b5c74555d43008bb6bb0c0)

15 months agos3:utils: Do not segfault on error in DoDNSUpdate()
Andreas Schneider [Thu, 17 May 2018 09:53:18 +0000 (11:53 +0200)]
s3:utils: Do not segfault on error in DoDNSUpdate()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13440

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit cdd98aa1e2116fb97e16718d115ee883fe1bc8ba)

15 months agoauth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a server
Stefan Metzmacher [Mon, 7 May 2018 12:50:27 +0000 (14:50 +0200)]
auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a server

This fixes "NTLMSSP NTLM2 packet check failed due to invalid signature!"
error messages, which were generated if the client only sends
NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL on an LDAP
connection.

This fixes a regession in the combination of commits
77adac8c3cd2f7419894d18db735782c9646a202 and
3a0b835408a6efa339e8b34333906bfe3aacd6e3.

We need to evaluate GENSEC_FEATURE_LDAP_STYLE at the end
of the authentication (as a server, while we already
do so at the beginning as a client).

As a reminder I introduced GENSEC_FEATURE_LDAP_STYLE
(as an internal flag) in order to let us work as a
Windows using NTLMSSP for LDAP. Even if only signing is
negotiated during the authentication the following PDUs
will still be encrypted if NTLMSSP is used. This is exactly the
same as if the client would have negotiated NTLMSSP_NEGOTIATE_SEAL.
I guess it's a bug in Windows, but we have to reimplement that
bug. Note this only applies to NTLMSSP and only to LDAP!
Signing only works fine for LDAP with Kerberos
or DCERPC and NTLMSSP.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 16 03:26:03 CEST 2018 on sn-devel-144

(cherry picked from commit c7a3ce95ac4ce837d8fde36578b3b1f56c3ac2fa)

15 months agos4:selftest: run test_ldb_simple.sh with more auth options
Stefan Metzmacher [Wed, 9 May 2018 11:33:05 +0000 (13:33 +0200)]
s4:selftest: run test_ldb_simple.sh with more auth options

This demonstrates the broken GENSEC_FEATURE_LDAP_STYLE
handling in our LDAP server.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fc1c5bd3be2c3f90eab2f31e43cf053f7ff13782)

15 months agoauth/ntlmssp: add ntlmssp_client:ldap_style_send_seal option
Stefan Metzmacher [Wed, 9 May 2018 11:30:13 +0000 (13:30 +0200)]
auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal option

This will be used to similate a Windows client only
using NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL
on an LDAP connection, which is indicated internally by
GENSEC_FEATURE_LDAP_STYLE.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7f2bebf09cd8056b3f901dd9ff1fc9e9525f3e9d)

15 months agolibgpo: Fix the build --without-ads
Volker Lendecke [Sat, 3 Feb 2018 06:07:55 +0000 (07:07 +0100)]
libgpo: Fix the build --without-ads

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Feb  6 15:36:01 CET 2018 on sn-devel-144

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13331

(cherry picked from commit a222b7506b53e689708834237f18877231dca589)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Thu May 24 16:37:02 CEST 2018 on sn-devel-144

15 months agos3:smbd: fix interaction between chown and SD flags
Ralph Boehme [Thu, 10 May 2018 10:29:35 +0000 (12:29 +0200)]
s3:smbd: fix interaction between chown and SD flags

A change ownership operation that doesn't set the NT ACLs must not touch
the SD flags (type).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13432

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 11 23:30:32 CEST 2018 on sn-devel-144

(cherry picked from commit ced55850034a3653525823bf9623912a4fcf18a0)

15 months agos4:torture/smb2: new test for interaction between chown and SD flags
Ralph Boehme [Thu, 10 May 2018 10:28:43 +0000 (12:28 +0200)]
s4:torture/smb2: new test for interaction between chown and SD flags

This passes against Windows, but fails against Samba.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13432

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 12f6d56c4814fca64e0e3c636018e70d71ad0be5)

15 months agowinbind: Fix UPN handling in canonicalize_username()
Andreas Schneider [Thu, 26 Apr 2018 15:32:42 +0000 (17:32 +0200)]
winbind: Fix UPN handling in canonicalize_username()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 11 12:02:37 CEST 2018 on sn-devel-144

(cherry picked from commit 1766f77493c5a76e4d7d1e5eedcaa150cc9ea552)

15 months agowinbind: Fix UPN handling in parse_domain_user()
Andreas Schneider [Thu, 26 Apr 2018 10:17:12 +0000 (12:17 +0200)]
winbind: Fix UPN handling in parse_domain_user()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit a05b63db627fdbe0bdea4d144dfaeedb39025592)

15 months agowinbind: Remove unused function parse_domain_user_talloc()
Andreas Schneider [Thu, 26 Apr 2018 15:23:41 +0000 (17:23 +0200)]
winbind: Remove unused function parse_domain_user_talloc()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 32770e929ace8fe3f2469037ed887be14b3c5503)

15 months agowinbind: Pass upn unmodified to lookup names
Stefan Metzmacher [Thu, 22 Feb 2018 13:10:28 +0000 (14:10 +0100)]
winbind: Pass upn unmodified to lookup names

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 789c89e6ecb7d388fb5acdd5abc8fe99c58524f0)

15 months agonsswitch:tests: Add test for wbinfo --user-info
Andreas Schneider [Fri, 20 Apr 2018 09:20:44 +0000 (11:20 +0200)]
nsswitch:tests: Add test for wbinfo --user-info

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 2715f52f54e66a73131a92d752a8c2447da1fd33)

15 months agoselftest: Add a user with a different userPrincipalName
Andreas Schneider [Fri, 20 Apr 2018 07:38:24 +0000 (09:38 +0200)]
selftest: Add a user with a different userPrincipalName

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 5319cae00096dcecc29aa9fa675a983352ad64d8)

15 months agonsswitch: Lookup the domain in tests with the wb seperator
Andreas Schneider [Mon, 7 May 2018 11:23:42 +0000 (13:23 +0200)]
nsswitch: Lookup the domain in tests with the wb seperator

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 4fa811ec7bc301e96f5e40ba281e8d4e8709b94f)

15 months agonsswitch: Add a test looking up domain sid
Andreas Schneider [Fri, 4 May 2018 10:43:05 +0000 (12:43 +0200)]
nsswitch: Add a test looking up domain sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 0aceca6a94e868f9c01a66f79624ca10d80560ab)

15 months agonsswitch: Add a test looking up the user using the upn
Andreas Schneider [Fri, 20 Apr 2018 09:24:30 +0000 (11:24 +0200)]
nsswitch: Add a test looking up the user using the upn

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 0d2f743d826b87b369e25fc6bb9ff61f2b0896aa)

15 months agoselftest: Make sure we have correct group mappings
Andreas Schneider [Mon, 7 May 2018 14:20:30 +0000 (16:20 +0200)]
selftest: Make sure we have correct group mappings

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 9bc2b922bbc6539341a2056f33f117ac350e61f1)

16 months agoVERSION: Bump version up to 4.8.3...
Karolin Seeger [Wed, 16 May 2018 10:06:21 +0000 (12:06 +0200)]
VERSION: Bump version up to 4.8.3...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
16 months agoVERSION: Disable GIT_SNAPSHOT for the 4.8.2 release. samba-4.8.2
Karolin Seeger [Wed, 16 May 2018 10:05:10 +0000 (12:05 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.8.2 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
16 months agoWHATSNEW: Add release notes for Samba 4.8.2.
Karolin Seeger [Wed, 16 May 2018 10:04:38 +0000 (12:04 +0200)]
WHATSNEW: Add release notes for Samba 4.8.2.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
16 months agowinbindd: Do re-connect if the RPC call fails in the passdb case
Andrew Bartlett [Wed, 21 Mar 2018 07:44:31 +0000 (20:44 +1300)]
winbindd: Do re-connect if the RPC call fails in the passdb case

This is very, very unlikely but possible as in the AD case the RPC server is in
another process that may eventually be able to restart.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13430

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit fc9150dcab231fe9beb72e198b0c2742d5f2505f)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Mon May 14 15:11:11 CEST 2018 on sn-devel-144

16 months agowinbindd: Add a cache of the samr and lsa handles for the passdb domain
Andrew Bartlett [Wed, 21 Mar 2018 07:43:10 +0000 (20:43 +1300)]
winbindd: Add a cache of the samr and lsa handles for the passdb domain

This domain is very close, in AD DC configurations over a internal ncacn_np pipe
and otherwise in the same process via C linking.  It is however very expensive
to re-create the binding handle per SID->name lookup, so keep a cache.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13430

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d418d0ca33afb41a793a2fff19ca68871aa5e9ef)

16 months agovfs_ceph: add fake async pwrite/pread send/recv hooks
David Disseldorp [Wed, 9 May 2018 14:51:34 +0000 (16:51 +0200)]
vfs_ceph: add fake async pwrite/pread send/recv hooks

As found by Jeremy, VFS modules that don't provide pread_send() or
pwrite_send() hooks result in vfs_default fallback, which is
catastrophic for VFS modules with non-mounted filesystems such as
vfs_ceph.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13425

Reported-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f0e6453b0420fe9d062936d4ddc05f44b40cf2ba)

16 months agos3: VFS: Fix memory leak in vfs_ceph.
Vandana Rungta [Tue, 8 May 2018 18:27:47 +0000 (11:27 -0700)]
s3: VFS: Fix memory leak in vfs_ceph.

Centralize error handling.

https://bugzilla.samba.org/show_bug.cgi?id=13424

Signed-off-by: Vandana Rungta <vrungta@amazon.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May  9 04:28:11 CEST 2018 on sn-devel-144

(cherry picked from commit 4e78aeedb8329953df83fc7f2c191b2c97a051d0)

16 months agos4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base...
Stefan Metzmacher [Fri, 11 May 2018 04:43:14 +0000 (06:43 +0200)]
s4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base_map() calls

This completes the regression fix of commit 7e091e505156381e385235ab4518b4d133a98497.

There might be strings allocated on state, which are part of the
result.

The reason for the TALLOC_FREE(state) was to cleanup the possible
irpc_handle before leaving the function. Now we call
TALLOC_FREE(state->wb.irpc_handle) explicitly in
dcesrv_lsa_Lookup{Names,Sids}_base_done() instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13420

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun May 13 10:27:28 CEST 2018 on sn-devel-144

(cherry picked from commit 9a513304adadd79d1c63d55fcf06b67ed45d43ba)

16 months agos4-lsa: Fix use-after-free in LSA server
Andrew Bartlett [Thu, 3 May 2018 04:22:19 +0000 (16:22 +1200)]
s4-lsa: Fix use-after-free in LSA server

This is a regression introduced in ab7988aa2fd1a43f576a4b73a6893c61c7ef1957.

The state variable contains the data to be returned to the client
and packed into NDR after the function returned.

This memory needs to be kept (on mem_ctx as parent) until that is
pushed and freed by the caller.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13420

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 7e091e505156381e385235ab4518b4d133a98497)

16 months agos3:cleanupd: sends MSG_SMB_UNLOCK twice to interested peers
Ralph Boehme [Tue, 1 May 2018 07:53:36 +0000 (09:53 +0200)]
s3:cleanupd: sends MSG_SMB_UNLOCK twice to interested peers

MSG_SMB_UNLOCK should be send to smbd that are waiting on blocked
byte-range-locks when a lock holder died.

In smbd_cleanupd_unlock() we do this twice: once via a broadcast and
then again via brl_revalidate() to processes that are actually recorded
in brlock.tdb.

As brl_revalidate() should already take care of signaling anyone who
would be interested in the message, there's no need to broadcast.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13416

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May  4 03:02:28 CEST 2018 on sn-devel-144

(cherry picked from commit 53ff08a2cf838c0f1c3f050ac2aa13fc3acc5981)

16 months agos3:smbspool: Fix cmdline argument handling
Andreas Schneider [Thu, 3 May 2018 08:17:12 +0000 (10:17 +0200)]
s3:smbspool: Fix cmdline argument handling

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13417

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit a753ccfd946aaad320977ae8c5f483f73077c3f8)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Wed May  9 14:22:22 CEST 2018 on sn-devel-144

16 months agosmbspool: Improve URI handling code
Andreas Schneider [Fri, 5 Jan 2018 09:50:57 +0000 (10:50 +0100)]
smbspool: Improve URI handling code

This also checks that the URI given via the environment variables
starts with smb://

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit a6eac8f64989235e7a297c14e349d98a3fc70e47)

16 months agos3: libsmbclient: Fix hard-coded connection error return of ETIMEDOUT.
Jeremy Allison [Wed, 2 May 2018 18:19:31 +0000 (11:19 -0700)]
s3: libsmbclient: Fix hard-coded connection error return of ETIMEDOUT.

We shouldn't hard-code the connection error as ETIMEDOUT when
we have a perfectly good NT_STATUS to map from.

Found by the ChromeOS guys trying to connect an SMB2-only client
to an SMB1-only supporting server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13419

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May  3 02:42:20 CEST 2018 on sn-devel-144

(cherry picked from commit 795ec751ac5f6e58966385bec25063c4af4f185d)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Mon May  7 14:25:28 CEST 2018 on sn-devel-144

16 months agos3:cleanupd: use MSG_SMB_BRL_VALIDATE to signal cleanupd unclean process shutdown
Ralph Boehme [Mon, 30 Apr 2018 17:03:41 +0000 (19:03 +0200)]
s3:cleanupd: use MSG_SMB_BRL_VALIDATE to signal cleanupd unclean process shutdown

Since 6423ca4bf293cac5e2f84b1a37bb29b06b5c05ed messaging_send_all()
broadcasts messages in a cluster, so cleanupd receives those broadcasts
and acts upon it by re-broadcasting the message. Result: message
storm.

By reactivating the currently unused MSG_SMB_BRL_VALIDATE for the
trigger message to cleanupd we avoid the storm.

Note that MSG_SMB_BRL_VALIDATE was unused only in the sense that noone
*listened* to it, but we were still *sending* the message in
smbd_parent_ctdb_reconfigured(). de6fe2a1dd6ab03b1c369b61da17fded72305b2d
removed listening for MSG_SMB_BRL_VALIDATE from cleanupd. This commits
brings it back.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13414

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d3b9d11bade8bc52d08688ee66a4a20fe0a31a04)

16 months agoceph: VFS: Add asynchronous fsync to ceph module, fake using synchronous call.
Jeremy Allison [Fri, 27 Apr 2018 21:25:54 +0000 (14:25 -0700)]
ceph: VFS: Add asynchronous fsync to ceph module, fake using synchronous call.

This will allow me to ultimately simplify the VFS by removing the synchronous
fsync VFS call.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13412

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Apr 30 21:48:55 CEST 2018 on sn-devel-144

(cherry picked from commit aefe444d17a2eee3c0ff38bd34cf9e3f012ecf51)

16 months agoctdb-client: Remove ununsed functions from old client code
Amitay Isaacs [Mon, 30 Apr 2018 09:32:13 +0000 (19:32 +1000)]
ctdb-client: Remove ununsed functions from old client code

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13411

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 01c8dc7e15b8764a9b8c8e34b84d0cab790edf47)

16 months agorpc_server: Fix NetSessEnum with stale sessions
Christof Schmitt [Tue, 24 Apr 2018 20:53:41 +0000 (13:53 -0700)]
rpc_server: Fix NetSessEnum with stale sessions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13407

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 25 22:49:07 CEST 2018 on sn-devel-144

(cherry picked from commit a6fade4e10760284ef56abf45d3fa70038091cbe)

16 months agoselftest: Add testcase for querying sessions after smbd crash
Christof Schmitt [Tue, 24 Apr 2018 20:52:59 +0000 (13:52 -0700)]
selftest: Add testcase for querying sessions after smbd crash

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13407

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e04846c7df8e3eec1f3dbb2fc5eaf47ceb1c44d2)

16 months agorpcclient: Print number of entries for NetSessEnum
Christof Schmitt [Tue, 24 Apr 2018 19:18:49 +0000 (12:18 -0700)]
rpcclient: Print number of entries for NetSessEnum

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13407

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 501819fa9e7926c2f54cb92d508ac0e8437fd476)

16 months agoprinting: return the same error code as windows does on upload failures
Björn Jacke [Thu, 19 Apr 2018 14:14:38 +0000 (16:14 +0200)]
printing: return the same error code as windows does on upload failures

Some print drivers inf files are broken and cause driver installation to fail
on Samba servers. Windows returns WERR_APP_INIT_FAILURE in that case, we should
do the same. Windows machines are less unlucky with that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13395

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Apr 25 13:55:25 CEST 2018 on sn-devel-144

(cherry picked from commit 35f2afe411a3b22fb1befadb3bee8da1bc14753c)

16 months agos3: tests: Regression test to ensure we can never return a DIRECTORY attribute on...
Jeremy Allison [Wed, 11 Apr 2018 17:33:22 +0000 (10:33 -0700)]
s3: tests: Regression test to ensure we can never return a DIRECTORY attribute on a stream.

Tests streams_xattr and also streams_depot.

Inspired from a real-world test case by Andrew Walker <awalker@ixsystems.com>.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13380

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 12 02:04:28 CEST 2018 on sn-devel-144

(cherry picked from commit 82beaf868f252c4bc975ddafd80240af6f679b83)

16 months agos3: smbd. Generic fix for incorrect reporting of stream dos attributes on a directory
Jeremy Allison [Wed, 11 Apr 2018 18:05:14 +0000 (11:05 -0700)]
s3: smbd. Generic fix for incorrect reporting of stream dos attributes on a directory

According to MS-FSA a stream name does not have
separate DOS attribute metadata, so we must return
the DOS attribute from the base filename. With one caveat,
a non-default stream name can never be a directory.

As this is common to all streams data stores, we handle
it here instead of inside all stream VFS modules.

Otherwise identical logic would have to be added to
all streams modules in their [f]get_dos_attribute_fn()
VFS calls.

Found in real-world use case by Andrew Walker <awalker@ixsystems.com>.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13380

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
(cherry picked from commit 118e77d86a7171f589f805fa4f63246b0cb63672)

16 months agos3: vfs: vfs_streams_xattr: Don't blindly re-use the base file mode bits.
Jeremy Allison [Wed, 11 Apr 2018 15:41:00 +0000 (08:41 -0700)]
s3: vfs: vfs_streams_xattr: Don't blindly re-use the base file mode bits.

When returning the stat struct for an xattr stream,
we originally base the st_ex_mode field on the value
from the base file containing the xattr. If the base
file is a directory, it will have S_IFDIR set in st_ex_mode,
but streams can never be directories, they must be reported
as regular files.

The original code OR'ed in S_IFREG, but neglected to
AND out S_IFDIR.

Note this is not a complete to fix bug 13380 as
it doesn't fix the generic case with all streams
modules. See later fix and regression test.

Found in real-world use case by Andrew Walker <awalker@ixsystems.com>.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13380

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
(cherry picked from commit 4d839d0f46b723ed6809bb932b9ebe4ead2cec82)

16 months agonsswitch: fix memory leak in winbind_open_pipe_sock() when the privileged pipe is...
Stefan Metzmacher [Tue, 24 Apr 2018 08:59:05 +0000 (10:59 +0200)]
nsswitch: fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13400

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit ffe970007bf934955f72ec2d73bf8f94a2b796eb)

Autobuild-User(v4-8-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-8-test): Wed May  2 18:56:45 CEST 2018 on sn-devel-144

16 months agoldb: Release ldb 1.3.3 ldb-1.3.3
Andrew Bartlett [Sun, 29 Apr 2018 23:15:55 +0000 (11:15 +1200)]
ldb: Release ldb 1.3.3

* Fix failure to upgrade to the GUID index DB format
* Add tests for GUID index behaviour

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13306

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>