Garming Sam [Wed, 22 Feb 2017 02:42:46 +0000 (15:42 +1300)]
dbchecker: Stop ignoring linked cases where both objects are alive
Previously, this did nothing and the code was both untested and unused.
Removes the knownfail entry for dbcheck.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600
(cherry picked from commit 0a7c6b56563faeafd61a620cb330349671bc9f3b)
Garming Sam [Wed, 22 Feb 2017 04:43:21 +0000 (17:43 +1300)]
tests/dbcheck: Add a test for two live objects, with a dangling forward link
Handling backlinks appears to be rather non-deterministic, so the
forward link hangs off of the RODC replication group (which has no other
valid forward links). In other situations, it either won't delete the
memberOf, or the expected output order will vary.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600
(cherry picked from commit 6f2deb01fa1c6e81f101df49990dadcbc9c31226)
Garming Sam [Wed, 22 Feb 2017 02:43:34 +0000 (15:43 +1300)]
tests/dbcheck: Add a test for two live objects, with a dangling backlink
Adds dbcheck 4.5.0pre1 to the knownfail, to be removed later.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600
(cherry picked from commit 86f10eaecd4ed9fd9db83d711cbf1f823528d6e5)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Feb 25 06:33:33 CET 2017 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1ee0c0f8280393c708f23361ebcba0776e8b4d33)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d62eb3cc9f97b203d21ec6e75c48c739a43bc163)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8b2b721208dd0b05595d50851f0e13486e0b915f)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 22 00:14:34 CET 2017 on sn-devel-144
talloc/wscript: avoid passing pointless enabled=True to SAMBA_PYTHON()
This is the default and should not be passed explicitly.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb 1 18:16:58 CET 2017 on sn-devel-144
Jeremy Allison [Wed, 11 Jan 2017 19:48:25 +0000 (11:48 -0800)]
lib: talloc: Make it clear that talloc_get_size(NULL) returns 0.
This *isn't* a behavior change, as the previous code could potentially
return the size of null_context, which (currently) is defined as
a named talloc region of ZERO size, but this makes it very clear
what the ABI behavior should be.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jan 12 19:23:25 CET 2017 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 24 22:34:48 CET 2017 on sn-devel-144
s3:winbindd: allow a fallback to NTLMSSP for LDAP connections
This matches the behaviour of pdb_get_trust_credentials() for
our machine account and allows us to fallback to NTLMSSP
when contacting trusted domains.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4e9a0894cd977585ccc94e7c1811de1b0293382d)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ea0bc12ba52166032d5112ee22ab53d831c13e86)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 51caeb7c538b7546e5feccf27a735bb803c78a0b)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ba9d139ec3d71af184a24daf24356304c2e49144)
s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials()
Trust accounts can only use kerberos when contacting other AD domains,
using NTLMSSP will fail.
At the same time it doesn't make sense to try kerberos for NT4 domains,
still NTLMSSP will fail, but the callers has to deal with that
case and just fallback to an anonymous SMB connection.
In all cases we should be able to use NETLOGON SCHANNEL
over any anonymous smb or tcp transport.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d961ae9d14b46708d2693ca91ace04f9f1a53ca2)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c97a29bdfdc0020ec0113073580da56f2d35edc1)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b845f16d3ca02dd27cc40bbf722426d6f81bb4b7)
s3:winbindd: try a NETLOGON connection with noauth over NCACN_NP against trusted domains.
We're using only NCACN_NP here as we rely on the smb signing restrictions
of cm_prepare_connection().
This should fix SMB authentication with a user of a domain
behind a transitive trust.
With this change winbindd is able to call
dcerpc_netr_DsrEnumerateDomainTrusts against the
dc of a trusted domain again. This only works
for two-way trusts.
The main problem is the usage of is_trusted_domain()
which doesn't know about the domain, if winbindd can't
enumerate the domains in the other forest.
is_trusted_domain() is used in make_user_info_map(),
which is called in auth3_check_password() before
auth_check_ntlm_password().
That means we're mapping the user of such a domain
to our own local sam, before calling our auth modules.
A much better fix, which removes the usage of is_trusted_domain()
in planed for master, but this should do the job for current releases.
We should avoid talking to DCs of other domains and always
go via our primary domain. As we should code with one-way trusts
also, we need to avoid relying on a complete list of
domains in future.
For now "wbinfo -m" lists domains behind a two-way transitive
trust again, but that is likely to change in future again!
s3:winbindd: make sure cm_prepare_connection() only returns OK with a valid tree connect
If cm_get_ipc_credentials() returned anonymous creds and signing is required
we were returning the result of cm_get_ipc_credentials() instead of
the original error.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit cebcc2adc7e568d492466bb69f21ba2a9630a0d2)
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 22 08:25:46 CET 2017 on sn-devel-144
libcli/auth: use the correct creds value against servers without LogonSamLogonEx
If we use the credential chain we need to use the value from
netlogon_creds_client_authenticator() to make sure we have the current
value to encrypt in logon info.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0ed2a65593b5abc9ba7f40992ed0ed8f448f5836)
librpc/rpc: fix regression in NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping
Commit 1eef70872930fa4f9d3dedd23476b34cae638428 changed the mapping for
DCERPC_NCA_S_FAULT_INVALID_TAG from NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
to NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c97e39b34fcf260ded42ef1a9efe7ed55e65a1cf)
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Feb 23 19:25:11 CET 2017 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Feb 21 20:08:16 CET 2017 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 383432d2cd3046c2c3768c1ae452211c7e583604)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ea57a204a1f6b4999e5347c1edb5753bed933fba)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f04e09e1968c40483b8dc2f92b9c15bce0b0b55a)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b2fac99ac63739398aa716c26d8e187a25bb8400)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d7840e77961cdc4ccc4f5549494d458b6b2c2cf4)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b86c29b1e6fb2fb4cf203aa38c7764084d855730)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 99b8d6beccf4d3d24f9d87a4d8e5eadfe0e0dd33)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0ed258bfe48995db6b345cc14e1747c4af9d076d)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e9c184088cbbb47e48d9e96fc753a56c544301dc)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 21cbf8e4db6928a8a3fb712b3750bb50c1201948)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 13fd543929c72fa5af1ae6e21ca8dda9a57a0f55)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 77edef9555acd6e0c843582637bc367fa0d2a203)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 00136940757ea6947f97c9c92b25207d9413727b)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c21e9981d04fa016ef708941ea82051d0438b7a7)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 9e26ad86fbd7e6f39f98fb9d037ac86f3146cb11)
s3:libsmb: let trust_pw_change() verify the new password at the end.
We should notice problems as early as possible, it makes no
sense to keep things working for a while and later find out
the we lost our trust relationship with our domain.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit a2877541681e07f09aee7d7c21adbe50346755e3)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4185689dbf0085fcb3840ad8b520df21a33e5d2a)
lib/util: add generate_random_machine_password() function
It generates more random password for the use as machine password,
restricted to codepoints <= 0xFFFF in order to be compatible
with MIT krb5 and Heimdal.
Note: the fallback to ascii if 'unix charset' is not 'utf8'.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ad12cfae42cc592166d6a1c1ee323f1aae82f235)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit abe427775ee8ed1d278d5094ca127f85289ca5a3)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 8a209e5a0ca810d8cf0e5ebc1902fae8c5cb241e)
Andrew Bartlett [Wed, 22 Feb 2017 17:32:20 +0000 (06:32 +1300)]
WHATSNEW: Fix spelling of Messages
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(v4-6-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-6-test): Thu Feb 23 17:22:50 CET 2017 on sn-devel-144
Martin Schwenke [Mon, 13 Feb 2017 22:04:41 +0000 (09:04 +1100)]
ctdb-scripts: Initialise CTDB_NFS_CALLOUT in statd-callout
Some configurations may set CTDB_NFS_CALLOUT to the empty string.
They may do this if they allow a choice of NFS implementations. In
this case the default call-out for Linux kernel NFS should be used.
However, statd-callout does not call nfs_callout_init() to set the
default. Therefore, statd-callout is unable to restart the lock
manager, so the grace period is never entered.
statd-callout must call nfs_callout_init() before trying to restart
the lock manager.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Feb 16 09:21:03 CET 2017 on sn-devel-144
comm_write_send() creates a new tevent_req and adds it to the queue
of requests to be processed. If this tevent_req is freed, then the
queue entry is not removed causing use-after-free error.
If the tevent_req returned by comm_write_send() is freed, then that
request should be removed from the queue and any pending actions based
on that request should also be removed.
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 9db7785fc6ffbaad434ee189c0f46c488358aab5)
Pair-programmed-with: Ralph Boehme <slow@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 16 22:06:51 CET 2017 on sn-devel-144
Jeremy Allison [Wed, 15 Feb 2017 23:42:52 +0000 (15:42 -0800)]
s3: smbd: Don't loop infinitely on bad-symlink resolution.
In the FILE_OPEN_IF case we have O_CREAT, but not
O_EXCL. Previously we went into a loop trying first
~(O_CREAT|O_EXCL), and if that returned ENOENT
try (O_CREAT|O_EXCL). We kept looping indefinately
until we got an error, or the file was created or
opened.
The big problem here is dangling symlinks. Opening
without O_NOFOLLOW means both bad symlink
and missing path return -1, ENOENT from open(). As POSIX
is pathname based it's not possible to tell
the difference between these two cases in a
non-racy way, so change to try only two attempts before
giving up.
We don't have this problem for the O_NOFOLLOW
case as we just return NT_STATUS_OBJECT_PATH_NOT_FOUND
mapped from the ELOOP POSIX error and immediately
returned.
Pair-programmed-with: Ralph Boehme <slow@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 10c3e3923022485c720f322ca4f0aca5d7501310)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6c3aaccd0eb648e31fd2717aaca0187966e125d5)
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 15 06:20:52 CET 2017 on sn-devel-144
Ralph Boehme [Fri, 3 Feb 2017 13:57:45 +0000 (14:57 +0100)]
s3/util: mvxattr, a tool to rename extended attributes
Usage: mvxattr -s STRING -d STRING PATH [PATH ...]
-s, --from=STRING xattr source name
-d, --to=STRING xattr destination name
-l, --follow-symlinks follow symlinks, the default is to ignore them
-p, --print print files where the xattr got renamed
-v, --verbose print files as they are checked
-f, --force force overwriting of destination xattr
Help options:
-?, --help Show this help message
--usage Display brief usage message
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 10 22:24:59 CET 2017 on sn-devel-144
Ralph Boehme [Fri, 3 Feb 2017 17:08:12 +0000 (18:08 +0100)]
lib/replace: validate xattr namespace prefix on FreeBSD
We should validate the xattr name string ensuring it either begins with
"sytem." or "user.". If it doesn't, we should fail the request with
EINVAL.
The FreeBSD xattr API uses namespaces but doesn't put the namespace name
as a string prefix at the beginning of the xattr name. It gets passed as
an additional int arg instead.
On the other hand, our libreplace xattr API expects the caller to put a
namespace prefix into the xattr name.
Unfortunately the conversion and stripping of the namespace string prefix
from the xattr name gives the following unexpected result on FreeBSD:
rep_setxattr("foo.bar", ...) => xattr with name "bar"
The code checks if the name begins with "system.", if it doesn't find
it, it defaults to the user namespace and then does a strchr(name, '.')
which skips *any* leading string before the first dot.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Feb 14 21:26:01 CET 2017 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 85d5b4339237a12d369c3522dbb44e98fd3a6c54)
Autobuild-User(v4-6-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-6-test): Tue Feb 14 12:46:23 CET 2017 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Jan 12 04:02:21 CET 2017 on sn-devel-144
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Feb 2 08:25:57 CET 2017 on sn-devel-144
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jan 30 22:26:29 CET 2017 on sn-devel-144
Jeremy Allison [Mon, 23 Jan 2017 18:20:13 +0000 (10:20 -0800)]
s3: VFS: shadow_copy2: Fix usage of saved_errno to only set errno on error.
Rationale:
VFS calls must act like their POSIX equivalents, and the POSIX versions
*only* set errno on a failure. There is actually code in the upper smbd
layers that depends on errno being correct on a fail return from a VFS call.
For a compound VFS module like this, a common pattern is :
SMB_VFS_CALL_X()
{
int ret;
syscall1();
ret = syscall2();
syscall3();
return ret;
}
Where if *any* of the contained syscallX()'s fail, they'll set errno.
However, the actual errno we should return is *only* the one returned
if syscall2() fails (the others are lstat's checking for existence etc.).
So what we should do to correctly return only the errno from syscall2() is:
SMB_VFS_CALL_X()
{
int ret;
int saved_errno = 0;
syscall1()
ret = syscall2();
if (ret == -1) {
saved_errno = errno;
}
syscall3()
Jeremy Allison [Thu, 26 Jan 2017 18:49:51 +0000 (10:49 -0800)]
s3: VFS: shadow_copy2: Fix module to work with variable current working directory.
Completely cleans up the horrible shadow_copy2_strip_snapshot()
and adds an explaination of what it's actually trying to do.
* This function does two things.
*
* 1). Checks if an incoming filename is already a
* snapshot converted pathname.
* If so, it returns the pathname truncated
* at the snapshot point which will be used
* as the connectpath, and then does an early return.
*
* 2). Checks if an incoming filename contains an
* SMB-layer @GMT- style timestamp.
* If so, it strips the timestamp, and returns
* both the timestamp and the stripped path
* (making it cwd-relative).
projects / thirdparty / samba.git / log
