vlendec/samba-autobuild/.git
15 months agolib:util: Fix parameter aliasing in tfork test
Andreas Schneider [Wed, 9 May 2018 15:52:19 +0000 (17:52 +0200)]
lib:util: Fix parameter aliasing in tfork test

../lib/util/tests/tfork.c:483:24: error: passing argument 1 to
    restrict-qualified parameter aliases with argument 4 [-Werror=restrict]
   ret = pthread_create(&threads[i],
                        ^~~~~~~~~~~
../lib/util/tests/tfork.c:486:10:
          (void *)&threads[i]);
          ~~~~~~~~~~~~~~~~~~~

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 6f06a0154f5769cb85f6e189eecd78cd7805090a)

15 months agos3:winbind: Fix uninitialzed variable warning
Andreas Schneider [Wed, 9 May 2018 16:07:47 +0000 (18:07 +0200)]
s3:winbind: Fix uninitialzed variable warning

Raised by GCC8.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 6b728b87bf5726f14100d76956c3df3fd9bb1058)

15 months agos3:passdb: Fix size of ascii_p16
Andreas Schneider [Wed, 9 May 2018 16:05:01 +0000 (18:05 +0200)]
s3:passdb: Fix size of ascii_p16

../source3/passdb/pdb_smbpasswd.c: In function ‘mod_smbfilepwd_entry’:
../source3/passdb/pdb_smbpasswd.c:1015:7: error: ‘:LCT-’ directive
    output may be truncated writing 5 bytes into a region of size between 0
    and 255 [-Werror=format-truncat ion=]
    "%s:LCT-%08X:",
       ^~~~~
../source3/passdb/pdb_smbpasswd.c:1015:4: note: using the range [0,
    4294967295] for directive argument
    "%s:LCT-%08X:",
    ^~~~~~~~~~~~~~
In file included from ../source3/include/includes.h:23,
                 from ../source3/passdb/pdb_smbpasswd.c:23:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output
    between 15 and 270 bytes into a destination of size 255
 #define slprintf snprintf
../source3/passdb/pdb_smbpasswd.c:1013:3: note: in expansion of macro ‘slprintf’
   slprintf(&ascii_p16[strlen(ascii_p16)],
   ^~~~~~~~

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 728297ca889b39ce2006778bf6a5bf1c3ce82d6d)

15 months agos3:lib: Use memcpy() in escape_ldap_string()
Andreas Schneider [Wed, 9 May 2018 15:29:39 +0000 (17:29 +0200)]
s3:lib: Use memcpy() in escape_ldap_string()

../source3/lib/ldap_escape.c: In function ‘escape_ldap_string’:
../source3/lib/ldap_escape.c:79:4: error: ‘strncpy’ output truncated
    before terminating nul copying 3 bytes from a string of the same length
[-Werror=stringop-truncation]
    strncpy (p, sub, 3);
    ^~~~~~~~~~~~~~~~~~~

We concatenat and do not care about NUL-termination till the loop has
finished.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit ff7568daaeb19ff30f47f7f600ead247eaf4e826)

15 months agos4:torture: Use strlcpy() in gen_name()
Andreas Schneider [Wed, 9 May 2018 15:35:45 +0000 (17:35 +0200)]
s4:torture: Use strlcpy() in gen_name()

../source4/torture/basic/mangle_test.c: In function ‘gen_name’:
../source4/torture/basic/mangle_test.c:148:3: error: ‘strncpy’ output
    truncated before terminating nul copying 5 bytes from a string of the
    same length [-Werror=stringop-truncation]
   strncpy(p, "ABCDE", 5);
   ^~~~~~~~~~~~~~~~~~~~~~

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 7a00d90d668f53914ffe035c41a5e79e60b51521)

15 months agolib:util: Fix string check in mkdir_p()
Andreas Schneider [Tue, 8 May 2018 07:22:00 +0000 (09:22 +0200)]
lib:util: Fix string check in mkdir_p()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 7cec343a89a0862c09f5ddd4707eb442157a4af2)

15 months agos3-utils: fix format-truncation in smbpasswd
Günther Deschner [Tue, 8 May 2018 12:13:56 +0000 (14:13 +0200)]
s3-utils: fix format-truncation in smbpasswd

../source3/utils/smbpasswd.c: In function ‘process_root’:
../source3/utils/smbpasswd.c:414:37: error: ‘$’ directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
   slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
                                     ^
In file included from ../source3/include/includes.h:23,
                 from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between 2 and 257 bytes into a destination of size 255
 #define slprintf snprintf
../source3/utils/smbpasswd.c:414:3: note: in expansion of macro ‘slprintf’
   slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
   ^~~~~~~~
../source3/utils/smbpasswd.c:397:35: error: ‘$’ directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
   slprintf(buf, sizeof(buf)-1, "%s$", user_name);
                                   ^
In file included from ../source3/include/includes.h:23,
                 from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between 2 and 257 bytes into a destination of size 255
 #define slprintf snprintf
../source3/utils/smbpasswd.c:397:3: note: in expansion of macro ‘slprintf’
   slprintf(buf, sizeof(buf)-1, "%s$", user_name);
   ^~~~~~~~
cc1: some warnings being treated as errors

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Pair-Programmed-With: Andreas Schneider <asn@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 9b6dc8f504c406ed8a044e5becca7e8f01da6c84)

15 months agos4-torture: fix format-truncation warning in smb2 session tests.
Günther Deschner [Tue, 8 May 2018 11:54:53 +0000 (13:54 +0200)]
s4-torture: fix format-truncation warning in smb2 session tests.

../source4/torture/smb2/session.c: In function ‘test_session_reauth5’:
../source4/torture/smb2/session.c:645:36: error: ‘\file.dat’ directive output may be truncated writing 9 bytes into a region of size between 1 and 256 [-Werror=format-truncation=]
  snprintf(fname, sizeof(fname), "%s\\file.dat", dname);
                                    ^~~~~~~~~~
../source4/torture/smb2/session.c:645:2: note: ‘snprintf’ output between 10 and 265 bytes into a destination of size 256
  snprintf(fname, sizeof(fname), "%s\\file.dat", dname);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../source4/torture/smb2/session.c:696:38: error: ‘\file2.dat’ directive output may be truncated writing 10 bytes into a region of size between 1 and 256 [-Werror=format-truncation=]
  snprintf(fname2, sizeof(fname2), "%s\\file2.dat", dname);
                                      ^~~~~~~~~~~
../source4/torture/smb2/session.c:696:2: note: ‘snprintf’ output between 11 and 266 bytes into a destination of size 256
  snprintf(fname2, sizeof(fname2), "%s\\file2.dat", dname);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5729898248041794ffdd0b769332e015baf12cce)

15 months agos3-printing: fix format-truncation in print_queue_update()
Günther Deschner [Tue, 8 May 2018 11:46:11 +0000 (13:46 +0200)]
s3-printing: fix format-truncation in print_queue_update()

../source3/printing/printing.c: In function ‘print_queue_update’:
../source3/printing/printing.c:1809:42: error: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size 244 [-Werror=format-truncation=]
  snprintf(key, sizeof(key), "MSG_PENDING/%s", sharename);
                                          ^~   ~~~~~~~~~
../source3/printing/printing.c:1809:2: note: ‘snprintf’ output between 13 and 268 bytes into a destination of size 256
  snprintf(key, sizeof(key), "MSG_PENDING/%s", sharename);

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 6326b3415f3e225aafd5912d0965c80abcd7b22c)

15 months agos3-winbindd: remove unused fill_domain_username()
Günther Deschner [Tue, 8 May 2018 09:19:42 +0000 (11:19 +0200)]
s3-winbindd: remove unused fill_domain_username()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b24d4eb7afad82afc3a9bab65e1d799edc4b5172)

15 months agos3-winbindd: use fill_domain_username_talloc() in winbind.
Günther Deschner [Tue, 8 May 2018 09:18:56 +0000 (11:18 +0200)]
s3-winbindd: use fill_domain_username_talloc() in winbind.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 3c6481d75cea175d0a69988577163efb40e2316b)

15 months agos4-heimdal: Fix the format-truncation errors.
Günther Deschner [Wed, 30 May 2018 07:27:49 +0000 (09:27 +0200)]
s4-heimdal: Fix the format-truncation errors.

../source4/heimdal/lib/com_err/compile_et.c: In function ‘generate_h’:
../source4/heimdal/lib/com_err/compile_et.c:138:33: error: ‘%s’ directive output may be truncated writing up to 127 bytes into a region of size 126 [-Werror=format-truncation=]
     snprintf(fn, sizeof(fn), "__%s__", hfn);
                                 ^~     ~~~
../source4/heimdal/lib/com_err/compile_et.c:138:5: note: ‘snprintf’ output between 5 and 132 bytes into a destination of size 128
     snprintf(fn, sizeof(fn), "__%s__", hfn);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../source4/heimdal/lib/com_err/compile_et.c: In function ‘main’:
../source4/heimdal/lib/com_err/compile_et.c:234:35: error: ‘.h’ directive output may be truncated writing 2 bytes into a region of size between 1 and 128 [-Werror=format-truncation=]
     snprintf(hfn, sizeof(hfn), "%s.h", Basename);
                                   ^~
../source4/heimdal/lib/com_err/compile_et.c:234:5: note: ‘snprintf’ output between 3 and 130 bytes into a destination of size 128
     snprintf(hfn, sizeof(hfn), "%s.h", Basename);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../source4/heimdal/lib/com_err/compile_et.c:235:35: error: ‘.c’ directive output may be truncated writing 2 bytes into a region of size between 1 and 128 [-Werror=format-truncation=]
     snprintf(cfn, sizeof(cfn), "%s.c", Basename);
                                   ^~
../source4/heimdal/lib/com_err/compile_et.c:235:5: note: ‘snprintf’ output between 3 and 130 bytes into a destination of size 128
     snprintf(cfn, sizeof(cfn), "%s.c", Basename);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun  8 13:23:51 CEST 2018 on sn-devel-144

15 months agos3: smbtorture: Add new SMB2-DIR-FSYNC test to show behavior of FSYNC on directories.
Jeremy Allison [Thu, 10 May 2018 18:30:24 +0000 (11:30 -0700)]
s3: smbtorture: Add new SMB2-DIR-FSYNC test to show behavior of FSYNC on directories.

Tests against a directory handle on the root of a share,
and a directory handle on a sub-directory in a share.

Check SEC_DIR_ADD_FILE and SEC_DIR_ADD_SUBDIR separately,
either allows flush to succeed.

Passes against Windows.

Regression test for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13428

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 18 02:38:50 CEST 2018 on sn-devel-144

(cherry picked from commit d42f467a25e75e5487a00378609a24809ddc83ee)

15 months agos3: smbd: Fix SMB2-FLUSH against directories.
Jeremy Allison [Thu, 10 May 2018 17:26:52 +0000 (10:26 -0700)]
s3: smbd: Fix SMB2-FLUSH against directories.

Directories opened with either FILE_ADD_FILE or
FILE_ADD_SUBDIRECTORY can be flushed even if
they're not writable in the conventional sense.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13428

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 42aadf42f27053e621f2a6b72448afebb3f5082a)

16 months agosmbd: Flush dfree memcache on service reload
Christof Schmitt [Sat, 19 May 2018 03:51:58 +0000 (20:51 -0700)]
smbd: Flush dfree memcache on service reload

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e30d0c0e0d11f65b2d1886be3c0fe9e32eaf3926)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Thu Jun  7 14:09:12 CEST 2018 on sn-devel-144

16 months agosmbd: Cache dfree information based on query path
Christof Schmitt [Wed, 16 May 2018 20:17:52 +0000 (13:17 -0700)]
smbd: Cache dfree information based on query path

Sub directories in a SMB share can have different free space information
(e.g. when a different file system is mounted there). Caching the dfree
information per SMB share will return invalid data. Address this by
switching to memcache and store the cached data based on the query path.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8f121747b06ca78cf51801a3931b2ddd1a424c77)

16 months agomemcache: Add new cache type for dfree information
Christof Schmitt [Wed, 16 May 2018 20:05:36 +0000 (13:05 -0700)]
memcache: Add new cache type for dfree information

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f5d05562679f6aa691b98b4a75952f7dda7ed343)

16 months agoselftest: Add test for 'dfree cache'
Christof Schmitt [Wed, 23 May 2018 18:25:42 +0000 (11:25 -0700)]
selftest: Add test for 'dfree cache'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit a55b3d2fcc2f7737a2702bf908dcf1f80969bf21)

16 months agoselftest: Add dfq_cache share with 'dfree cache time' set
Christof Schmitt [Wed, 23 May 2018 18:07:54 +0000 (11:07 -0700)]
selftest: Add dfq_cache share with 'dfree cache time' set

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7ffcbd5ce1222971cb9879f78765d87cdc4102a8)

16 months agolib/util: Call log_stack_trace() in smb_panic_default()
Andrew Bartlett [Tue, 10 Apr 2018 04:37:45 +0000 (16:37 +1200)]
lib/util: Call log_stack_trace() in smb_panic_default()

This matches the AD DC with the behaviour in smbd.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13454

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 11 04:03:07 CEST 2018 on sn-devel-144

(cherry picked from commit 462eb4a44cc51dc17aebbcd5c609c9ff7f088554)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Mon Jun  4 14:30:55 CEST 2018 on sn-devel-144

16 months agolib/util: Move log_stack_trace() to common code
Andrew Bartlett [Tue, 10 Apr 2018 04:35:07 +0000 (16:35 +1200)]
lib/util: Move log_stack_trace() to common code

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13454
(cherry picked from commit bf9551902afdb32310db4a3381964c435dd08bf0)

16 months agolib/util: Log PANIC before calling pacic action just like s3
Andrew Bartlett [Tue, 10 Apr 2018 04:06:12 +0000 (16:06 +1200)]
lib/util: Log PANIC before calling pacic action just like s3

This is like the changes made in s3 by
4fa555980070d78b39711ef21d77628d26055bc2

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13454
(cherry picked from commit 3acc00b6808d5d5ad035d9d43526204db1608c8a)

16 months agos3-lib: Remove support for libexc for IRIX backtraces
Andrew Bartlett [Tue, 10 Apr 2018 03:54:10 +0000 (15:54 +1200)]
s3-lib: Remove support for libexc for IRIX backtraces

IRIX is long dead, and this code needs become_root() which is not in
the top level code.

Additionally, the check for libexc never made it into waf, so this
has been dead code since Samba 4.1.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13454
(cherry picked from commit 85dc9ee14023a8fb84b5c74555d43008bb6bb0c0)

16 months agos3:utils: Do not segfault on error in DoDNSUpdate()
Andreas Schneider [Thu, 17 May 2018 09:53:18 +0000 (11:53 +0200)]
s3:utils: Do not segfault on error in DoDNSUpdate()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13440

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit cdd98aa1e2116fb97e16718d115ee883fe1bc8ba)

16 months agoauth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a server
Stefan Metzmacher [Mon, 7 May 2018 12:50:27 +0000 (14:50 +0200)]
auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a server

This fixes "NTLMSSP NTLM2 packet check failed due to invalid signature!"
error messages, which were generated if the client only sends
NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL on an LDAP
connection.

This fixes a regession in the combination of commits
77adac8c3cd2f7419894d18db735782c9646a202 and
3a0b835408a6efa339e8b34333906bfe3aacd6e3.

We need to evaluate GENSEC_FEATURE_LDAP_STYLE at the end
of the authentication (as a server, while we already
do so at the beginning as a client).

As a reminder I introduced GENSEC_FEATURE_LDAP_STYLE
(as an internal flag) in order to let us work as a
Windows using NTLMSSP for LDAP. Even if only signing is
negotiated during the authentication the following PDUs
will still be encrypted if NTLMSSP is used. This is exactly the
same as if the client would have negotiated NTLMSSP_NEGOTIATE_SEAL.
I guess it's a bug in Windows, but we have to reimplement that
bug. Note this only applies to NTLMSSP and only to LDAP!
Signing only works fine for LDAP with Kerberos
or DCERPC and NTLMSSP.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 16 03:26:03 CEST 2018 on sn-devel-144

(cherry picked from commit c7a3ce95ac4ce837d8fde36578b3b1f56c3ac2fa)

16 months agos4:selftest: run test_ldb_simple.sh with more auth options
Stefan Metzmacher [Wed, 9 May 2018 11:33:05 +0000 (13:33 +0200)]
s4:selftest: run test_ldb_simple.sh with more auth options

This demonstrates the broken GENSEC_FEATURE_LDAP_STYLE
handling in our LDAP server.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fc1c5bd3be2c3f90eab2f31e43cf053f7ff13782)

16 months agoauth/ntlmssp: add ntlmssp_client:ldap_style_send_seal option
Stefan Metzmacher [Wed, 9 May 2018 11:30:13 +0000 (13:30 +0200)]
auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal option

This will be used to similate a Windows client only
using NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL
on an LDAP connection, which is indicated internally by
GENSEC_FEATURE_LDAP_STYLE.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7f2bebf09cd8056b3f901dd9ff1fc9e9525f3e9d)

16 months agolibgpo: Fix the build --without-ads
Volker Lendecke [Sat, 3 Feb 2018 06:07:55 +0000 (07:07 +0100)]
libgpo: Fix the build --without-ads

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Feb  6 15:36:01 CET 2018 on sn-devel-144

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13331

(cherry picked from commit a222b7506b53e689708834237f18877231dca589)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Thu May 24 16:37:02 CEST 2018 on sn-devel-144

16 months agos3:smbd: fix interaction between chown and SD flags
Ralph Boehme [Thu, 10 May 2018 10:29:35 +0000 (12:29 +0200)]
s3:smbd: fix interaction between chown and SD flags

A change ownership operation that doesn't set the NT ACLs must not touch
the SD flags (type).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13432

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 11 23:30:32 CEST 2018 on sn-devel-144

(cherry picked from commit ced55850034a3653525823bf9623912a4fcf18a0)

16 months agos4:torture/smb2: new test for interaction between chown and SD flags
Ralph Boehme [Thu, 10 May 2018 10:28:43 +0000 (12:28 +0200)]
s4:torture/smb2: new test for interaction between chown and SD flags

This passes against Windows, but fails against Samba.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13432

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 12f6d56c4814fca64e0e3c636018e70d71ad0be5)

16 months agowinbind: Fix UPN handling in canonicalize_username()
Andreas Schneider [Thu, 26 Apr 2018 15:32:42 +0000 (17:32 +0200)]
winbind: Fix UPN handling in canonicalize_username()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 11 12:02:37 CEST 2018 on sn-devel-144

(cherry picked from commit 1766f77493c5a76e4d7d1e5eedcaa150cc9ea552)

16 months agowinbind: Fix UPN handling in parse_domain_user()
Andreas Schneider [Thu, 26 Apr 2018 10:17:12 +0000 (12:17 +0200)]
winbind: Fix UPN handling in parse_domain_user()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit a05b63db627fdbe0bdea4d144dfaeedb39025592)

16 months agowinbind: Remove unused function parse_domain_user_talloc()
Andreas Schneider [Thu, 26 Apr 2018 15:23:41 +0000 (17:23 +0200)]
winbind: Remove unused function parse_domain_user_talloc()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 32770e929ace8fe3f2469037ed887be14b3c5503)

16 months agowinbind: Pass upn unmodified to lookup names
Stefan Metzmacher [Thu, 22 Feb 2018 13:10:28 +0000 (14:10 +0100)]
winbind: Pass upn unmodified to lookup names

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 789c89e6ecb7d388fb5acdd5abc8fe99c58524f0)

16 months agonsswitch:tests: Add test for wbinfo --user-info
Andreas Schneider [Fri, 20 Apr 2018 09:20:44 +0000 (11:20 +0200)]
nsswitch:tests: Add test for wbinfo --user-info

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 2715f52f54e66a73131a92d752a8c2447da1fd33)

16 months agoselftest: Add a user with a different userPrincipalName
Andreas Schneider [Fri, 20 Apr 2018 07:38:24 +0000 (09:38 +0200)]
selftest: Add a user with a different userPrincipalName

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 5319cae00096dcecc29aa9fa675a983352ad64d8)

16 months agonsswitch: Lookup the domain in tests with the wb seperator
Andreas Schneider [Mon, 7 May 2018 11:23:42 +0000 (13:23 +0200)]
nsswitch: Lookup the domain in tests with the wb seperator

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 4fa811ec7bc301e96f5e40ba281e8d4e8709b94f)

16 months agonsswitch: Add a test looking up domain sid
Andreas Schneider [Fri, 4 May 2018 10:43:05 +0000 (12:43 +0200)]
nsswitch: Add a test looking up domain sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 0aceca6a94e868f9c01a66f79624ca10d80560ab)

16 months agonsswitch: Add a test looking up the user using the upn
Andreas Schneider [Fri, 20 Apr 2018 09:24:30 +0000 (11:24 +0200)]
nsswitch: Add a test looking up the user using the upn

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 0d2f743d826b87b369e25fc6bb9ff61f2b0896aa)

16 months agoselftest: Make sure we have correct group mappings
Andreas Schneider [Mon, 7 May 2018 14:20:30 +0000 (16:20 +0200)]
selftest: Make sure we have correct group mappings

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 9bc2b922bbc6539341a2056f33f117ac350e61f1)

17 months agoVERSION: Bump version up to 4.8.3...
Karolin Seeger [Wed, 16 May 2018 10:06:21 +0000 (12:06 +0200)]
VERSION: Bump version up to 4.8.3...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
17 months agoVERSION: Disable GIT_SNAPSHOT for the 4.8.2 release. samba-4.8.2
Karolin Seeger [Wed, 16 May 2018 10:05:10 +0000 (12:05 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.8.2 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
17 months agoWHATSNEW: Add release notes for Samba 4.8.2.
Karolin Seeger [Wed, 16 May 2018 10:04:38 +0000 (12:04 +0200)]
WHATSNEW: Add release notes for Samba 4.8.2.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
17 months agowinbindd: Do re-connect if the RPC call fails in the passdb case
Andrew Bartlett [Wed, 21 Mar 2018 07:44:31 +0000 (20:44 +1300)]
winbindd: Do re-connect if the RPC call fails in the passdb case

This is very, very unlikely but possible as in the AD case the RPC server is in
another process that may eventually be able to restart.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13430

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit fc9150dcab231fe9beb72e198b0c2742d5f2505f)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Mon May 14 15:11:11 CEST 2018 on sn-devel-144

17 months agowinbindd: Add a cache of the samr and lsa handles for the passdb domain
Andrew Bartlett [Wed, 21 Mar 2018 07:43:10 +0000 (20:43 +1300)]
winbindd: Add a cache of the samr and lsa handles for the passdb domain

This domain is very close, in AD DC configurations over a internal ncacn_np pipe
and otherwise in the same process via C linking.  It is however very expensive
to re-create the binding handle per SID->name lookup, so keep a cache.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13430

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d418d0ca33afb41a793a2fff19ca68871aa5e9ef)

17 months agovfs_ceph: add fake async pwrite/pread send/recv hooks
David Disseldorp [Wed, 9 May 2018 14:51:34 +0000 (16:51 +0200)]
vfs_ceph: add fake async pwrite/pread send/recv hooks

As found by Jeremy, VFS modules that don't provide pread_send() or
pwrite_send() hooks result in vfs_default fallback, which is
catastrophic for VFS modules with non-mounted filesystems such as
vfs_ceph.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13425

Reported-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f0e6453b0420fe9d062936d4ddc05f44b40cf2ba)

17 months agos3: VFS: Fix memory leak in vfs_ceph.
Vandana Rungta [Tue, 8 May 2018 18:27:47 +0000 (11:27 -0700)]
s3: VFS: Fix memory leak in vfs_ceph.

Centralize error handling.

https://bugzilla.samba.org/show_bug.cgi?id=13424

Signed-off-by: Vandana Rungta <vrungta@amazon.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May  9 04:28:11 CEST 2018 on sn-devel-144

(cherry picked from commit 4e78aeedb8329953df83fc7f2c191b2c97a051d0)

17 months agos4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base...
Stefan Metzmacher [Fri, 11 May 2018 04:43:14 +0000 (06:43 +0200)]
s4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base_map() calls

This completes the regression fix of commit 7e091e505156381e385235ab4518b4d133a98497.

There might be strings allocated on state, which are part of the
result.

The reason for the TALLOC_FREE(state) was to cleanup the possible
irpc_handle before leaving the function. Now we call
TALLOC_FREE(state->wb.irpc_handle) explicitly in
dcesrv_lsa_Lookup{Names,Sids}_base_done() instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13420

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun May 13 10:27:28 CEST 2018 on sn-devel-144

(cherry picked from commit 9a513304adadd79d1c63d55fcf06b67ed45d43ba)

17 months agos4-lsa: Fix use-after-free in LSA server
Andrew Bartlett [Thu, 3 May 2018 04:22:19 +0000 (16:22 +1200)]
s4-lsa: Fix use-after-free in LSA server

This is a regression introduced in ab7988aa2fd1a43f576a4b73a6893c61c7ef1957.

The state variable contains the data to be returned to the client
and packed into NDR after the function returned.

This memory needs to be kept (on mem_ctx as parent) until that is
pushed and freed by the caller.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13420

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 7e091e505156381e385235ab4518b4d133a98497)

17 months agos3:cleanupd: sends MSG_SMB_UNLOCK twice to interested peers
Ralph Boehme [Tue, 1 May 2018 07:53:36 +0000 (09:53 +0200)]
s3:cleanupd: sends MSG_SMB_UNLOCK twice to interested peers

MSG_SMB_UNLOCK should be send to smbd that are waiting on blocked
byte-range-locks when a lock holder died.

In smbd_cleanupd_unlock() we do this twice: once via a broadcast and
then again via brl_revalidate() to processes that are actually recorded
in brlock.tdb.

As brl_revalidate() should already take care of signaling anyone who
would be interested in the message, there's no need to broadcast.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13416

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May  4 03:02:28 CEST 2018 on sn-devel-144

(cherry picked from commit 53ff08a2cf838c0f1c3f050ac2aa13fc3acc5981)

17 months agos3:smbspool: Fix cmdline argument handling
Andreas Schneider [Thu, 3 May 2018 08:17:12 +0000 (10:17 +0200)]
s3:smbspool: Fix cmdline argument handling

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13417

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit a753ccfd946aaad320977ae8c5f483f73077c3f8)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Wed May  9 14:22:22 CEST 2018 on sn-devel-144

17 months agosmbspool: Improve URI handling code
Andreas Schneider [Fri, 5 Jan 2018 09:50:57 +0000 (10:50 +0100)]
smbspool: Improve URI handling code

This also checks that the URI given via the environment variables
starts with smb://

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit a6eac8f64989235e7a297c14e349d98a3fc70e47)

17 months agos3: libsmbclient: Fix hard-coded connection error return of ETIMEDOUT.
Jeremy Allison [Wed, 2 May 2018 18:19:31 +0000 (11:19 -0700)]
s3: libsmbclient: Fix hard-coded connection error return of ETIMEDOUT.

We shouldn't hard-code the connection error as ETIMEDOUT when
we have a perfectly good NT_STATUS to map from.

Found by the ChromeOS guys trying to connect an SMB2-only client
to an SMB1-only supporting server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13419

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May  3 02:42:20 CEST 2018 on sn-devel-144

(cherry picked from commit 795ec751ac5f6e58966385bec25063c4af4f185d)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Mon May  7 14:25:28 CEST 2018 on sn-devel-144

17 months agos3:cleanupd: use MSG_SMB_BRL_VALIDATE to signal cleanupd unclean process shutdown
Ralph Boehme [Mon, 30 Apr 2018 17:03:41 +0000 (19:03 +0200)]
s3:cleanupd: use MSG_SMB_BRL_VALIDATE to signal cleanupd unclean process shutdown

Since 6423ca4bf293cac5e2f84b1a37bb29b06b5c05ed messaging_send_all()
broadcasts messages in a cluster, so cleanupd receives those broadcasts
and acts upon it by re-broadcasting the message. Result: message
storm.

By reactivating the currently unused MSG_SMB_BRL_VALIDATE for the
trigger message to cleanupd we avoid the storm.

Note that MSG_SMB_BRL_VALIDATE was unused only in the sense that noone
*listened* to it, but we were still *sending* the message in
smbd_parent_ctdb_reconfigured(). de6fe2a1dd6ab03b1c369b61da17fded72305b2d
removed listening for MSG_SMB_BRL_VALIDATE from cleanupd. This commits
brings it back.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13414

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d3b9d11bade8bc52d08688ee66a4a20fe0a31a04)

17 months agoceph: VFS: Add asynchronous fsync to ceph module, fake using synchronous call.
Jeremy Allison [Fri, 27 Apr 2018 21:25:54 +0000 (14:25 -0700)]
ceph: VFS: Add asynchronous fsync to ceph module, fake using synchronous call.

This will allow me to ultimately simplify the VFS by removing the synchronous
fsync VFS call.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13412

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Apr 30 21:48:55 CEST 2018 on sn-devel-144

(cherry picked from commit aefe444d17a2eee3c0ff38bd34cf9e3f012ecf51)

17 months agoctdb-client: Remove ununsed functions from old client code
Amitay Isaacs [Mon, 30 Apr 2018 09:32:13 +0000 (19:32 +1000)]
ctdb-client: Remove ununsed functions from old client code

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13411

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 01c8dc7e15b8764a9b8c8e34b84d0cab790edf47)

17 months agorpc_server: Fix NetSessEnum with stale sessions
Christof Schmitt [Tue, 24 Apr 2018 20:53:41 +0000 (13:53 -0700)]
rpc_server: Fix NetSessEnum with stale sessions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13407

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 25 22:49:07 CEST 2018 on sn-devel-144

(cherry picked from commit a6fade4e10760284ef56abf45d3fa70038091cbe)

17 months agoselftest: Add testcase for querying sessions after smbd crash
Christof Schmitt [Tue, 24 Apr 2018 20:52:59 +0000 (13:52 -0700)]
selftest: Add testcase for querying sessions after smbd crash

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13407

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e04846c7df8e3eec1f3dbb2fc5eaf47ceb1c44d2)

17 months agorpcclient: Print number of entries for NetSessEnum
Christof Schmitt [Tue, 24 Apr 2018 19:18:49 +0000 (12:18 -0700)]
rpcclient: Print number of entries for NetSessEnum

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13407

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 501819fa9e7926c2f54cb92d508ac0e8437fd476)

17 months agoprinting: return the same error code as windows does on upload failures
Björn Jacke [Thu, 19 Apr 2018 14:14:38 +0000 (16:14 +0200)]
printing: return the same error code as windows does on upload failures

Some print drivers inf files are broken and cause driver installation to fail
on Samba servers. Windows returns WERR_APP_INIT_FAILURE in that case, we should
do the same. Windows machines are less unlucky with that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13395

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Apr 25 13:55:25 CEST 2018 on sn-devel-144

(cherry picked from commit 35f2afe411a3b22fb1befadb3bee8da1bc14753c)

17 months agos3: tests: Regression test to ensure we can never return a DIRECTORY attribute on...
Jeremy Allison [Wed, 11 Apr 2018 17:33:22 +0000 (10:33 -0700)]
s3: tests: Regression test to ensure we can never return a DIRECTORY attribute on a stream.

Tests streams_xattr and also streams_depot.

Inspired from a real-world test case by Andrew Walker <awalker@ixsystems.com>.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13380

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 12 02:04:28 CEST 2018 on sn-devel-144

(cherry picked from commit 82beaf868f252c4bc975ddafd80240af6f679b83)

17 months agos3: smbd. Generic fix for incorrect reporting of stream dos attributes on a directory
Jeremy Allison [Wed, 11 Apr 2018 18:05:14 +0000 (11:05 -0700)]
s3: smbd. Generic fix for incorrect reporting of stream dos attributes on a directory

According to MS-FSA a stream name does not have
separate DOS attribute metadata, so we must return
the DOS attribute from the base filename. With one caveat,
a non-default stream name can never be a directory.

As this is common to all streams data stores, we handle
it here instead of inside all stream VFS modules.

Otherwise identical logic would have to be added to
all streams modules in their [f]get_dos_attribute_fn()
VFS calls.

Found in real-world use case by Andrew Walker <awalker@ixsystems.com>.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13380

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
(cherry picked from commit 118e77d86a7171f589f805fa4f63246b0cb63672)

17 months agos3: vfs: vfs_streams_xattr: Don't blindly re-use the base file mode bits.
Jeremy Allison [Wed, 11 Apr 2018 15:41:00 +0000 (08:41 -0700)]
s3: vfs: vfs_streams_xattr: Don't blindly re-use the base file mode bits.

When returning the stat struct for an xattr stream,
we originally base the st_ex_mode field on the value
from the base file containing the xattr. If the base
file is a directory, it will have S_IFDIR set in st_ex_mode,
but streams can never be directories, they must be reported
as regular files.

The original code OR'ed in S_IFREG, but neglected to
AND out S_IFDIR.

Note this is not a complete to fix bug 13380 as
it doesn't fix the generic case with all streams
modules. See later fix and regression test.

Found in real-world use case by Andrew Walker <awalker@ixsystems.com>.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13380

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
(cherry picked from commit 4d839d0f46b723ed6809bb932b9ebe4ead2cec82)

17 months agonsswitch: fix memory leak in winbind_open_pipe_sock() when the privileged pipe is...
Stefan Metzmacher [Tue, 24 Apr 2018 08:59:05 +0000 (10:59 +0200)]
nsswitch: fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13400

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit ffe970007bf934955f72ec2d73bf8f94a2b796eb)

Autobuild-User(v4-8-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-8-test): Wed May  2 18:56:45 CEST 2018 on sn-devel-144

17 months agoldb: Release ldb 1.3.3 ldb-1.3.3
Andrew Bartlett [Sun, 29 Apr 2018 23:15:55 +0000 (11:15 +1200)]
ldb: Release ldb 1.3.3

* Fix failure to upgrade to the GUID index DB format
* Add tests for GUID index behaviour

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13306

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
17 months agoldb: Add test to show a reindex failure must not leave the DB corrupt
Andrew Bartlett [Mon, 26 Mar 2018 03:07:45 +0000 (16:07 +1300)]
ldb: Add test to show a reindex failure must not leave the DB corrupt

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13335

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr  5 07:53:10 CEST 2018 on sn-devel-144

(cherry picked from commit 653a0a1ba932fc0cc567253f3e153b2928505ba2)

17 months agolib ldb tests: Prepare to run api and index test on tdb and lmdb
Gary Lockyer [Mon, 5 Mar 2018 20:13:31 +0000 (09:13 +1300)]
lib ldb tests: Prepare to run api and index test on tdb and lmdb

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13335

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 06d9566ef7005588de18c5a1d07a5b9cd179d17b)

17 months agoldb_tdb: Ensure we can not commit an index that is corrupt due to partial re-index
Andrew Bartlett [Mon, 26 Mar 2018 03:01:13 +0000 (16:01 +1300)]
ldb_tdb: Ensure we can not commit an index that is corrupt due to partial re-index

The re-index traverse can abort part-way though and we need to ensure
that the transaction is never committed as that will leave an un-useable db.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13335

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from commit e481e4f30f4dc540f6f129b4f2faea48ee195673)

17 months agoldb_tdb: Add tests for truncated index keys
Gary Lockyer [Wed, 21 Feb 2018 02:12:40 +0000 (15:12 +1300)]
ldb_tdb: Add tests for truncated index keys

Tests for the index truncation code as well as the GUID index
format in general.

Covers truncation of both the DN and equality search keys.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar  3 09:58:40 CET 2018 on sn-devel-144

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13335

(cherry picked into 4.8 and cut down to operate without truncated
index values from master commit 4c0c888b571d4c21ab267024178353925a8c087c
by Andrew Bartlett)

17 months agoldb_tdb: Do not fail in GUID index mode if there is a duplicate attribute
Gary Lockyer [Tue, 27 Feb 2018 22:47:22 +0000 (11:47 +1300)]
ldb_tdb: Do not fail in GUID index mode if there is a duplicate attribute

It is not the job of the index code to enforce this, but do give a
a warning given it has been detected.

However, now that we do allow it, we must never return the same
object twice to the caller, so filter for it in ltdb_index_filter().

The GUID list is sorted, which makes this cheap to handle, thankfully.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13335

(cherry picked from commit 5c1504b94d1417894176811f18c5d450de22cfd2)

17 months agoVERSION: Bump version up to 4.8.2...
Karolin Seeger [Thu, 26 Apr 2018 07:17:47 +0000 (09:17 +0200)]
VERSION: Bump version up to 4.8.2...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
17 months agoVERSION: Disable GIT_SNAPSHOT for the 4.8.1 release. samba-4.8.1
Karolin Seeger [Thu, 26 Apr 2018 07:16:58 +0000 (09:16 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.8.1 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
17 months agoWHATSNEW: Add release notes for Samba 4.8.1.
Karolin Seeger [Thu, 26 Apr 2018 07:16:27 +0000 (09:16 +0200)]
WHATSNEW: Add release notes for Samba 4.8.1.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
17 months agos3:modules: fix the build of vfs_aixacl2.c
Stefan Metzmacher [Wed, 21 Mar 2018 06:48:16 +0000 (07:48 +0100)]
s3:modules: fix the build of vfs_aixacl2.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13345

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Apr  3 20:18:58 CEST 2018 on sn-devel-144

(cherry picked from commit 702665cc52d5dc05ae636519e1ffe9c296f5ef77)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Fri Apr 20 16:53:16 CEST 2018 on sn-devel-144

17 months agoldb/tests: avoid 'return void_function();' which isn't portable
Stefan Metzmacher [Wed, 21 Mar 2018 06:33:16 +0000 (07:33 +0100)]
ldb/tests: avoid 'return void_function();' which isn't portable

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
(cherry picked from commit 666dda907b7f190b2dff1f2639bd2518240b9fb2)

17 months agolib/crypto: avoid 'return void_function();' which isn't portable
Stefan Metzmacher [Wed, 21 Mar 2018 06:33:16 +0000 (07:33 +0100)]
lib/crypto: avoid 'return void_function();' which isn't portable

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
(cherry picked from commit 7ae77db3b29ef08e1f74aa413049b995a598a5dd)

17 months agos3:modules: make virusfilter_io_connect_path() more portable
Stefan Metzmacher [Wed, 21 Mar 2018 06:25:11 +0000 (07:25 +0100)]
s3:modules: make virusfilter_io_connect_path() more portable

We have existing utility functions to prepare a socket.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
(cherry picked from commit 74278a70389e2479d80ec5c88b01a09c141e8d39)

17 months agos3:modules: fix the picky-developer build of vfs_virusfilter.c on FreeBSD 11
Stefan Metzmacher [Tue, 20 Mar 2018 11:10:01 +0000 (12:10 +0100)]
s3:modules: fix the picky-developer build of vfs_virusfilter.c on FreeBSD 11

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
(cherry picked from commit fb7b67af984812784756574df4f0fb55d472181b)

17 months agovfs_virusfilter: Fix CID 1428738 Macro compares unsigned to 0
Volker Lendecke [Tue, 30 Jan 2018 11:37:30 +0000 (12:37 +0100)]
vfs_virusfilter: Fix CID 1428738 Macro compares unsigned to 0

vsnprintf returns "int" and not "size_t"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 31 05:28:48 CET 2018 on sn-devel-144

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343

(cherry picked from commit 21eb5169f46b8d819a5d5d028baff581e4e63de6)

17 months agovfs_virusfilter: Fix CID 1428740 Macro compares unsigned to 0
Volker Lendecke [Tue, 30 Jan 2018 11:36:14 +0000 (12:36 +0100)]
vfs_virusfilter: Fix CID 1428740 Macro compares unsigned to 0

vsnprintf returns "int" and not "size_t"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343

(cherry picked from commit 734404bbe911fd4aa6565b2a2aaecab4fbbf3c45)

17 months agovfs_virusfilter: Fix CID 1428739 Buffer not null terminated
Volker Lendecke [Tue, 30 Jan 2018 11:34:11 +0000 (12:34 +0100)]
vfs_virusfilter: Fix CID 1428739 Buffer not null terminated

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343

(cherry picked from commit 8a4409c956bdbe5d928e685b7c219566d467a627)

17 months agonsswitch: fix the developer build of nsswitch/wins.c on freebsd 11
Stefan Metzmacher [Sat, 21 Oct 2017 12:15:12 +0000 (14:15 +0200)]
nsswitch: fix the developer build of nsswitch/wins.c on freebsd 11

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
(cherry picked from commit dc160247d13e2c63574a7e7ec7720fc4c690483b)

17 months agonsswitch: add some const to _nss_winbind_initgroups_dyn() prototype
Stefan Metzmacher [Sat, 21 Oct 2017 12:14:34 +0000 (14:14 +0200)]
nsswitch: add some const to _nss_winbind_initgroups_dyn() prototype

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
(cherry picked from commit d5be3b3279162005d9ebea2eda71d455e4c48739)

17 months agonsswitch: maintain prototypes for the linux based functions only once
Stefan Metzmacher [Sat, 21 Oct 2017 12:08:15 +0000 (14:08 +0200)]
nsswitch: maintain prototypes for the linux based functions only once

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
(cherry picked from commit b8c30abb02f461f16af4da83eecd173993974dc1)

17 months agolib/replace: define __[u]intptr_t_defined if we prove an replacement
Stefan Metzmacher [Tue, 20 Mar 2018 20:46:12 +0000 (21:46 +0100)]
lib/replace: define __[u]intptr_t_defined if we prove an replacement

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
(cherry picked from commit 329a229af3c3c9475b9254ca68c413ec18fa3b71)

17 months agos3:passdb: Do not return OK if we don't have pinfo set up
Andreas Schneider [Tue, 17 Apr 2018 06:55:23 +0000 (08:55 +0200)]
s3:passdb: Do not return OK if we don't have pinfo set up

This prevents a crash in fill_mem_keytab_from_secrets()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13376

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 99859479fc6e12b2f74ce2dfa83da56d8b8f3d26)

17 months agolib/util: remove unused '#include <sys/syscall.h>' from tests/tfork.c
Stefan Metzmacher [Tue, 20 Mar 2018 15:49:30 +0000 (16:49 +0100)]
lib/util: remove unused '#include <sys/syscall.h>' from tests/tfork.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13342

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f2ff61ce9e8ab56d8a69fce29c9f214d5d98f89e)

17 months agowinbindd: add retry to _winbind_SendToSam
Ralph Boehme [Mon, 12 Mar 2018 18:54:37 +0000 (19:54 +0100)]
winbindd: add retry to _winbind_SendToSam

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Mar 15 20:57:44 CET 2018 on sn-devel-144

(cherry picked from commit c37fbfcb248e5a8d6088a28eb0c1a62423f94502)

17 months agowinbindd: add retry to _winbind_DsrUpdateReadOnlyServerDnsRecords
Ralph Boehme [Mon, 12 Mar 2018 18:53:53 +0000 (19:53 +0100)]
winbindd: add retry to _winbind_DsrUpdateReadOnlyServerDnsRecords

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit e608f058b8f2d2295e24498daa35852de3212b23)

17 months agowinbindd: add retry to _wbint_DsGetDcName
Ralph Boehme [Mon, 12 Mar 2018 18:53:26 +0000 (19:53 +0100)]
winbindd: add retry to _wbint_DsGetDcName

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit fcf8edf9b8cdf5f3897c1a63ed97c302a231742f)

17 months agowinbindd: add retry to _wbint_LookupSids()
Ralph Boehme [Mon, 12 Mar 2018 16:09:34 +0000 (17:09 +0100)]
winbindd: add retry to _wbint_LookupSids()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit c2cd2d3f3137e27cd6e4cabd34f27b49251f078d)

17 months agowinbindd: use reset_cm_connection_on_error() instead of dcerpc_binding_handle_is_conn...
Ralph Boehme [Mon, 12 Mar 2018 15:53:49 +0000 (16:53 +0100)]
winbindd: use reset_cm_connection_on_error() instead of dcerpc_binding_handle_is_connected()

This catches more errors and triggers retry as appropriate.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 6244a2beb184de8d050389e304f087ef153d61dd)

17 months agowinbindd: fix logic calling dcerpc_binding_handle_is_connected()
Ralph Boehme [Mon, 12 Mar 2018 15:15:02 +0000 (16:15 +0100)]
winbindd: fix logic calling dcerpc_binding_handle_is_connected()

The calls were missing the negation operator, a retry should be
attempted is the binding handle got somehow disconnected behind the
scenes and is NOT connected.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 08718af36f3ed6cf2308beb3800abfb0414f94b9)

17 months agowinbindd: call dcerpc_binding_handle_is_connected() from reset_cm_connection_on_error()
Ralph Boehme [Mon, 12 Mar 2018 15:11:37 +0000 (16:11 +0100)]
winbindd: call dcerpc_binding_handle_is_connected() from reset_cm_connection_on_error()

To consolidate the error handling for RPC calls, add the binding handle
as an additional argument to reset_cm_connection_on_error().

All callers pass NULL for now, so no change in behaviour up to here.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 966ff3793a867a5ffe1a49e48c8ab3ecb02f8359)

17 months agowinbindd: force netlogon reauth for certain errors in reset_cm_connection_on_error()
Ralph Boehme [Mon, 12 Mar 2018 12:39:59 +0000 (13:39 +0100)]
winbindd: force netlogon reauth for certain errors in reset_cm_connection_on_error()

NT_STATUS_RPC_SEC_PKG_ERROR is returned by the server if the server
doesn't know the server-side netlogon credentials anymore, eg after a
reboot. If this happens we must force a full netlogon reauth.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332

Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 2d1f00cc3ad77bed4e810dc910979e6cdf582216)

17 months agowinbindd: call reset_cm_connection_on_error() from reconnect_need_retry()
Ralph Boehme [Mon, 12 Mar 2018 11:20:04 +0000 (12:20 +0100)]
winbindd: call reset_cm_connection_on_error() from reconnect_need_retry()

This ensures we use the same disconnect logic in the reconnect backend,
which calls reconnect_need_retry(), and in the dual_srv frontend which
calls reset_cm_connection_on_error.

Both reset_cm_connection_on_error() and reconnect_need_retry() are very
similar, both return a bool indicating whether a retry should be
attempted, unfortunately the functions have a different default return,
so I don't dare unifying them, but instead just call one from the other.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 2837b796af3e491b6bb34bd441758ae214f629ee)

17 months agowinbindd: make reset_cm_connection_on_error() public
Ralph Boehme [Mon, 12 Mar 2018 10:29:22 +0000 (11:29 +0100)]
winbindd: make reset_cm_connection_on_error() public

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 17749a5d9fa08da1c61de45728656a2c9b85782d)

17 months agowinbindd: check for NT_STATUS_IO_DEVICE_ERROR in reset_cm_connection_on_error()
Ralph Boehme [Mon, 12 Mar 2018 10:12:34 +0000 (11:12 +0100)]
winbindd: check for NT_STATUS_IO_DEVICE_ERROR in reset_cm_connection_on_error()

reconnect_need_retry() already checks for this error, it surfaces up
from tstream_smbXcli_np as a mapping for EIO.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit a33c1d25e0422483c903001dd246626f84c4cbc1)

17 months agowinbindd: add and use ldap_reconnect_need_retry() in winbindd_reconnect_ads.c
Ralph Boehme [Mon, 12 Mar 2018 12:30:01 +0000 (13:30 +0100)]
winbindd: add and use ldap_reconnect_need_retry() in winbindd_reconnect_ads.c

ldap_reconnect_need_retry() is a copy of reconnect_need_retry() minus
the RPC connection invalidation.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit a8d5e4d36768bc199c631626488b2d0acbd6e91a)

17 months agowinbind: Keep "force_reauth" in invalidate_cm_connection
Volker Lendecke [Wed, 28 Feb 2018 15:09:28 +0000 (15:09 +0000)]
winbind: Keep "force_reauth" in invalidate_cm_connection

Right now I don't see a way to actually force a re-serverauth
from the client side as long as an entry in netlogon_creds_cli.tdb
exists. cm_connect_netlogon goes through invalidate_cm_connection, and
this wipes our wish to force a reauthenticatoin. Keep this intact until
we actually did reauthenticate.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 4b7a9d560a51b51ac88f30276c87edc097b00d0b)