git.ipfire.org Git - thirdparty/samba.git/log

vfs_fruit: add fruit:model = <modelname> parametric option

fruit:model = iMac
fruit:model = MacBook
fruit:model = MacPro
fruit:model = Xserve

will all display a different icon inside Finder.

Formerly, we used "Samba" which resulted in a "?" icon in Finder, with
the new default "MacSamba" we appear with a computer box icon at least.

Guenther

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12840

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jul 12 03:17:57 CEST 2017 on sn-devel-144

(cherry picked from commit 259e1706e3206b215e136ea9d5beef4c9e3fcdee)

selftest:Samba3: call "net primarytrust dumpinfo" setup_nt4_member() after the join

Here we check that we get 'REDACTED SECRET VALUES' printed, in order
to avoid regression on the non '-f' behavior.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 9530284383f252efd64bfdf138579964c6500eba)

Autobuild-User(v4-5-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-5-test): Thu Jul 13 15:03:29 CEST 2017 on sn-devel-144

s3:secrets: remove unused secrets_store_[prev_]machine_password()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit f513c20ee04fe896900c99ae804753d445414d7d)

s3:libads: make use of secrets_*_password_change() in ads_change_trust_account_password()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b874dc90c91dd41c35e99bf7c4fe04220465edca)

net: make use of secrets_*_password_change() for "net changesecretpw"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 4ae6a3ffb233c9b9576a3b5bb15a51ee56e4dbc3)

s3:trusts_util: make use the workstation password change more robust

We use secrets_{prepare,failed,defer,finish}_password_change() to make
the process more robust.

Even if we just just verified the current password with the DC
it can still happen that the remote password change will fail.

If a server has the RefusePasswordChange=1 under
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters,
it will reject NetrServerPasswordSet2() with NT_STATUS_WRONG_PASSWORD.

This results in a successful local change, but a failing remote change,
which means the domain membership is broken (as we don't fallback to
the previous password for ntlmssp nor kerberos yet).

An (at least Samba) RODC will also reject a password change,
see https://bugzilla.samba.org/show_bug.cgi?id=12773.

Even with this change we still have open problems, e.g. if the password was
changed, but we didn't get the servers response. In order to fix that we need
to use only netlogon and lsa over unprotected transports, just using schannel
authentication (which supports the fallback to the old password).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 40c42af11fda062fef9df96a9b5ae3e02709f07c)

s3:libnet: make use of secrets_store_JoinCtx()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit c3ad8be5d5192070c599350d6ab28c064206b6cf)

net: add "net primarytrust dumpinfo" command that dumps the details of the workstation trust

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit c7c17d9f503d6037aa8ed0bd7ab7cf52f5f28382)

s3:secrets: add infrastructure to use secrets_domain_infoB to store credentials

We now store various hashed keys at change time and maintain a lot of details
that will help debugging failed password changes.

We keep storing the legacy values:
SECRETS/SID/
SECRETS/DOMGUID/
SECRETS/MACHINE_LAST_CHANGE_TIME/
SECRETS/MACHINE_PASSWORD/
SECRETS/MACHINE_PASSWORD.PREV/
SECRETS/SALTING_PRINCIPAL/DES/

This allows downgrades to older Samba versions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5f0038fba612afd7fc15b7ab321df979891170d8)

secrets.idl: add secrets_domain_info that will be used in secrets.tdb for machine account trusts

This blob will be store in secrets.tdb. It makes it possible to store much
more useful details about the workstation trust.

The key feature that that triggered this change is the ability
to store details for the next password change before doing
the remote change. This will allow us to recover from failures.

While being there I also thought about possible new features,
which we may implement in the near future.

We also store the raw UTF16 like cleartext buffer as well as derived
keys like the NTHASH (arcfour-hmac-md5 key) and other kerberos keys.
This will allow us to avoid recalculating the keys for an in memory
keytab in future.

I also added pointer to an optional lsa_ForestTrustInformation structure,
which might be useful to implement multi-tenancy in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit a59c9cba31a801d90db06b767cfd44776f4ede77)

netlogon.idl: use lsa_TrustType and lsa_TrustAttributes in netr_trust_extension

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 28ac10503476de3c000b3deee2c1f67e0b305578)

netlogon.idl: make netr_TrustFlags [public]

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 60274475332dafdfb829a7c086ea09cd9ed00540)

lsa.idl: make lsa_DnsDomainInfo [public]

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ea0798881a7aaf5897a3a3806149536d3d54fc3b)

s3:trusts_util: also pass the previous_nt_hash to netlogon_creds_cli_auth()

Even in the case where only the password is known to the server, we should
try to leave a valid authentication behind.

We have better ways to indentify which password worked than only using
the current one.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit d60404b032eca5384d889352f52b9b129861b4af)

libcli/auth: pass the cleartext blob to netlogon_creds_cli_ServerPasswordSet*()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0f5945a06df4bef501ca5085c621294057007225)

libcli/auth: add const to set_pw_in_buffer()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 1b48c8515ed8fd29204c82cc47f958f4636cd494)

libcli/auth: pass an array of nt_hashes to netlogon_creds_cli_auth*()

This way the caller can pass more than 2 hashes and can only
know which hash was used for a successful connection.

We allow up to 4 hashes (next, current, old, older).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ddd7ac68ccae8b4df6c6a65b3dad20e21924f538)

s3:trusts_util: pass dcname to trust_pw_change()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 1421abfc733247a6b71eefd819dfeae7151a6d78)

s3:secrets: use secrets_delete for all keys in secrets_delete_machine_password_ex()

We just want all values to be removed at the end, it doesn't matter
if they didn't existed before.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit bfe35abc1fb15e70a99fa74d064051a1ad541ed0)

s3:secrets: let secrets_delete_machine_password_ex() also remove the des_salt key

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit dfaadc81925e313901c9b30cd98a4b4fd2404f9d)

s3:secrets: let secrets_delete_machine_password_ex() remove SID and GUID too

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit cf8a4646fe71a974b6a5ee13ae7d7751a5a0adc9)

s3:secrets: rewrite secrets_delete_machine_password_ex() using helper variables

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5bc2764fe517748c03a57b61f2f7ef889c92825d)

s3:secrets: replace secrets_delete_prev_machine_password() by secrets_delete()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5b95cb74e7b2838d228f9773c0e20982b81d1e7d)

s3:secrets: let secrets_store_machine_pw_sync() delete the des_salt_key when there's no value

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 45eea321a6faa6db1c9c706a27527cc0766dc831)

s3:secrets: make use of secrets_delete() in secrets_store_machine_pw_sync()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit c5ded1123797b2bd152b0989e24eba7cae6a5792)

s3:secrets: re-add secrets_delete() helper to simplify deleting optional keys

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit fde4af1c329655d7ef3f55727632b3f026a3ea73)

s3:secrets: rename secrets_delete() to secrets_delete_entry()

secrets_delete_entry() fails if the key doesn't exist.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit cd1e888773c4fd3db63ce38a496fc3d54eb8e021)

s3:secrets: make use of des_salt_key() in secrets_store_machine_pw_sync()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 4e37d7805b345d80ca6e8a598e39fc81f72a27ce)

s3:secrets: add some const to secrets_store_domain_guid()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 99013685a1114829579e420df3625ed79eb7ee94)

s3:secrets: split out a domain_guid_keystr() function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit d37e30cef7906b7b2b14351ad81d0d884811557b)

s3:secrets: rework des_salt_key() to take the realm as argument

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 072dd87e639d7dbfc583ede5ddf6559d9d433b8b)

s3:secrets: move kerberos_secrets_*salt related functions to machine_account_secrets.c

These don't use any krb5_context related functions and they just
work on secrets.tdb, so they really belong to machine_account_secrets.c.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 504b446d8dc7410ad63eba9d214e9cf271cf3b2f)

s3:libads: remove unused kerberos_fetch_salt_princ_for_host_princ()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 1a26805ad9f19f02a52d9eaa4f2f11ff20ee76ac)

s3:libads: make use of kerberos_secrets_fetch_salt_princ() in ads_keytab_add_entry()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b0928a2687a9ffe92ebdce7b5252781d62e7e02d)

s3:libnet: make use of kerberos_secrets_fetch_salt_princ()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 51ae7b42d4d52016b39b79447a3e28d473e676cb)

s3:gse_krb5: simplify fill_keytab_from_password() by using kerberos_fetch_salt_princ()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 1d1cf9792f9227e65857c85ff66a961331e3c16e)

s3:libads: provide a simpler kerberos_fetch_salt_princ() function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5fe939e32cdaf7bb5b6dac67e7b0118ce65846be)

s3:libads: remove kerberos_secrets_fetch_salting_principal() fallback

The handling for per encryption type salts was removed in
Samba 3.0.23a (Jul 21, 2006). It's very unlikely that someone
has such an installation that got constantly upgraded over 10 years
with an automatic password change nor rejoin. It also means
that the KDC only has salt-less arcfour-hmac-md5 key together
with the salted des keys. So there would only be a problem
if the client whould try to use a des key to contact the smb server.

Having this legacy code adds quite some complexity for no
good reason.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 487b4717b58a6f1ba913708ce8419145b7f4fac8)

s3:libnet_join: move kerberos_secrets_store_des_salt() to libnet_join_joindomain_store_secrets()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 7d2eea39112fd69d2b710181b23301562efea387)

s3:libnet_join: move libnet_join_joindomain_store_secrets() to libnet_join_post_processing()

We should not store the secrets before we did all remote changes
(except the optional dns updates).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit a922e01baeccedc3ffc8a893f1d6072bb203220f)

s3:libnet_join: call do_JoinConfig() after we did remote changes on the server

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 559de1e7236fd4a38f2a1f9980216db95d0430ce)

s3:libnet_join: split libnet_join_post_processing_ads() into modify/sync

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0ab7944a2b00df4aa155a239c86f97e4e731b864)

s3:libnet_join: move kerberos_secrets_store_des_salt() out of libnet_join_derive_salting_principal()

We should separate the calculation and the storing steps.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0c65d5f41023076fd201c3a179df77dd615cdb01)

s3:libnet_join: remember r->out.krb5_salt in libnet_join_derive_salting_principal()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 549c9d9a07d3002442cbbb7a90d0a7fef4a92bff)

s3:libnet_join.idl: add krb5_salt to libnet_JoinCtx

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 3b13e4d2d0f73c6374ffdae57528cd1a7f333792)

s3:libnet_join: remember the domain_guid for AD domains

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit fc2bad0cf34fca5e65fba7e036acf1d8c61f05c0)

s3:libnet_join.idl: return the domain_guid in libnet_JoinCtx

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 03e455f5a815ce2134e216dc28929646a964384f)

s3:libnet_join: calculate r->out.account_name in libnet_join_pre_processing()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 826223cc8d36871c2bcb37fe23241f1dbe99a0db)

s3:libnet_join: remove dead code from libnet_join_connect_ads()

username[strlen(username)] is *always* '\0'!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5958c6790fbceb39065353c07fe25f74ddf09ef0)

krb5_wrap: add smb_krb5_salt_principal2data()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ec2da944d304852d76137e8f9d234462bc807c6b)

krb5_wrap: add smb_krb5_salt_principal()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5df46700cfb0a15fec2d366e12728cd497188741)

s3:libads: remove unused kerberos_secrets_store_salting_principal()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit c56043a94a10c76a220ce3c7eb7cb8cf2e992cab)

s3:librpc: let NDR_SECRETS depend on NDR_SECURITY

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 4260b52a399667bcdbaa375a20952237ff68449c)

idl_types.h: add NDR_SECRET shortcut

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 969ab12c56cd12dcc0e63e9b662397c1604a0cc0)

librpc/ndr: add LIBNDR_FLAG_IS_SECRET handling

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 32aa3a199dfd61eb5982e158008964b4747599b8)

librpc/ndr: align the definition of LIBNDR_STRING_FLAGS with currently defined flags

The range included the unused (1<<14) before.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 91d8272e8604b5d87bcc0ce365b553bc760c8ed3)

pidl:NDR/Parser: add missing {start,end}_flags() to ParseElementPrint()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 81bbfb010599b65308aca89cc50532372ca4cb00)

werror: replace WERR_SETUP_NOT_JOINED with WERR_NERR_SETUPNOTJOINED in source3/libnet/libnet_join.c

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
(cherry picked from commit 3bb394f3d62aaeda5c71cf1d508a7b67fd6e742d)

krb5_wrap: add smb_krb5_free_data_contents() compat define (for v4-5)

4.6 and higher have renamed kerberos_free_data_contents() into
smb_krb5_free_data_contents() in commit
e8632e2af50588dd47dc00fb72e85a398c844622.

But here we don't want to backport that commit,
while making it easy to backports patches from master.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:smbd: consistently use talloc_tos() memory for rpc_pipe_open_interface()

The result is only used temporary and should not be leaked on a long term
memory context as 'conn'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12890

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 77cbced5d2f8bf65c8d02f5edfaba8cbad519d08)

selftest: add a test for accessing previous version of directories with snapdirseverywhere

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12885

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jul 8 00:33:51 CEST 2017 on sn-devel-144

(cherry picked from commit cc9ba98c08665e0ed6927fd81fa43a7bb7842e45)

s3/smbd: let non_widelink_open() chdir() to directories directly

If the caller passes O_DIRECTORY we just try to chdir() to smb_fname
directly, not to the parent directory.

The security check in check_reduced_name() will continue to work, but
this fixes the case of an open() for a previous version of a
subdirectory that contains snapshopt.

Eg:

[share]
    path = /shares/test
    vfs objects = shadow_copy2
    shadow:snapdir = .snapshots
    shadow:snapdirseverywhere = yes

Directory tree with fake snapshots:

$ tree -a /shares/test/
/shares/test/
├── dir
│   ├── file
│   └── .snapshots
│       └── @GMT-2017.07.04-04.30.12
│           └── file
├── dir2
│   └── file
├── file
├── .snapshots
│   └── @GMT-2001.01.01-00.00.00
│       ├── dir2
│       │   └── file
│       └── file
└── testfsctl.dat

./bin/smbclient -U slow%x //localhost/share -c 'ls @GMT-2017.07.04-04.30.12/dir/*'
NT_STATUS_OBJECT_NAME_NOT_FOUND listing \@GMT-2017.07.04-04.30.12\dir\*

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12885

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b886a9443d49f6e27fa3863d87c9e24d12e62874)

VERSION: Bump version up to 4.5.13...

and re-enable GIT_SNAPSHOTS.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

VERSION: Release Samba 4.5.12 for CVE-2017-11103

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

WHATSNEW: Add release notes for Samba 4.5.12

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation

In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'. Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.

Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.

Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894
(based on heimdal commit 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

VERSION: Bump version up to 4.5.12...

and re-enable GIT_SNAPSHOTS.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

VERSION: Disable GIT_SNAPSHOTS for the 4.5.11 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.5.11.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

ldb: protect Samba < 4.7 against incompatible ldb versions and require ldb < 1.2.0

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12859

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Mon Jul 3 17:09:41 CEST 2017 on sn-devel-144

wafsamba: add maxversion and version_blacklist to CHECK_BUNDLED_SYSTEM[_PKG]()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12859

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 4ca48ee4d060f773dcdf9f78a5e4c1b1263b61f4)

s3:gse_krb5: fix a possible crash in fill_mem_keytab_from_system_keytab()

If the keytab file isn't readable, we may call
krb5_kt_end_seq_get() with an invalid kt_cursor.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10490

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Michael Saxl <mike@mwsys.mine.bz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit a9780a2eaa9cba4ab87cc3371d97fa494fa0198c)

s3:smb2_create: avoid reusing the 'tevent_req' within smbd_smb2_create_send()

As the caller ("smbd_smb2_request_process_create()") already sets the callback,
the first time, it's not safe to reuse the tevent_req structure.

The typical 'tevent_req_nterror(); return tevent_req_post()' will
crash as the tevent_req_nterror() already triggered the former callback,
which calls smbd_smb2_create_recv(), were tevent_req_received() invalidates
the tevent_req structure, so that tevent_req_post() will crash.

We just remember the required values from the old state
and move them to the new state.

We tried to write reproducers for this, but sadly weren't able to trigger
the backtrace we had from a create a customer (using recent code)
with commit 6beba782f1bf951236813e0b46115b8102212c03
included. And this patch fixed the situation for the
customer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12832

Pair-Programmed-With: Volker Lendecke <vl@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 02146ea5ee729de0e49ecf617e6983f4e61fbe59)

Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Fri Jun 30 14:57:14 CEST 2017 on sn-devel-144

s3: libsmb: Correctly save and restore connection tcon in smbclient, smbcacls and smbtorture3.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit bd31d538a26bb21cbb53986a6105204da4392e2d)

s3: libsmb: Correctly do lifecycle management on cli->smb1.tcon and cli->smb2.tcon.

Treat them identically. Create them on demand after for a tcon call,
and delete them on a tdis call.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit 50f50256aa8805921c42d0f9f2f8f89d06d9bd93)

s3: libsmb: Fix cli_state_has_tcon() to cope with SMB2 connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit c9178ed9cc69b9089292db28ac1a0b7a0519bc2c)

s3: libsmb: Widen cli_state_get_tid() / cli_state_set_tid() to 32-bits.

Copes with SMB2 connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit 93fa0c8660e47cb2605d70dac1156576ab719d64)

s3: smbtorture: Show correct use of cli_state_save_tcon() / cli_state_restore_tcon().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit 5c0efc9a5ef8ddf96dc394110063bebd5f057415)

s3: libsmb: Add cli_state_save_tcon() / cli_state_restore_tcon().

Save and restore tcon pointers in smb1 or smb2 structs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit 39026f1c5dbb83120b70b3d9131138a9c2344ba6)

libcli: smb: Add smb2cli_tcon_set_id().

Will be used in test and client code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit e726b60226105d0f52a66dac47bfc5797cfc18e7)

libcli: smb: Add smbXcli_tcon_copy().

Makes a deep copy of a struct smbXcli_tcon *, will
be used later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit 655e10685840fd5ebfde24396853b74020a1dc85)

auth/spnego: fix gensec_update_ev() argument order for the SPNEGO_FALLBACK case

This went unnoticed so long as we don't use -Wc++-compat
and gensec_update_ev() used the sync update() hook for all
NTLMSSP and Kerberos.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12788

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 31691963b3d9ac460df0c56d36f81ec815db0225)

s3:smbd: unimplement FSCTL_VALIDATE_NEGOTIATE_INFO with "server max protocol = SMB2_02"

A client that supports SMB3 will do a signed FSCTL_VALIDATE_NEGOTIATE_INFO
after a tree connect. This FSCTL_VALIDATE_NEGOTIATE_INFO call contains
the client capabilities, client guid, security mode and the array of supported
dialects. But if SMB 2.02 is negotiated the doesn't send these values to the
server in the first connection attempt (when the client starts with a SMB1 Negotiate).

Windows servers that only support SMB2 just return NT_STATUS_FILE_CLOSED
as answer to FSCTL_VALIDATE_NEGOTIATE_INFO.

We should do the same if we just pretend to support SMB 2.02,
as SMB 2.10 always include an SMB2 Negotiate request we can leave it as is.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 295c9f7b322e6377d0df1b49cb26597d66e80eda)

samba-tool: fix log message of 'samba-tool user syncpasswords'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12768

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri May 5 01:37:45 CEST 2017 on sn-devel-144

(cherry picked from commit 4c17850ae7b6c85e99e5d4d5bc5d8e89a9ba6d47)

auth/ntlmssp: enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2 client case

Some servers may not announce the NTLMSSP_NEGOTIATE_NTLM2
(a.k.a. NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) bit.

But if we're acting as a client using NTLMv2 we need to
enforce this flag, because it's not really a negotiationable
in that case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12862

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8ee4f8236830eb3fa1b273fa6927792a800f86bd)

Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Wed Jun 28 15:32:51 CEST 2017 on sn-devel-144

s3: smbd: fix regression with non-wide symlinks to directories over SMB3.

The errno returned by open() is ambiguous when called with flags O_NOFOLLOW and
O_DIRECTORY on a symlink. With ELOOP, we know for certain that we've tried to
open a symlink. With ENOTDIR, we might have hit a symlink, and need to perform
further checks to be sure. Adjust non_widelink_open() accordingly. This fixes
a regression where symlinks to directories within the same share were no
longer followed for some call paths on systems returning ENOTDIR in the above
case.

Also remove the knownfail added in previous commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860

Signed-off-by: Daniel Kobras <d.kobras@science-computing.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit acc16592b451905dabc093f1d261e93cd3b59520)

s3: smbd: Add regression test for non-wide symlinks to directories fail over SMB3.

Mark as knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f1f388ef80a6516c2f44b7778420f8ffe28c6471)

s3: smbd: When deleting an fsp pointer ensure we don't keep any references to it around.

Based on a suggestion from <lev@zadarastorage.com>

https://bugzilla.samba.org/show_bug.cgi?id=12818

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 22 00:12:49 CEST 2017 on sn-devel-144

ctdb-recovery: Do not run local ip verification when in recovery

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857

If we drop public IPs because CTDB is in recovery for too long, then
avoid spamming logs "Trigger takeoverrun" every second.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit ea46699b27ef8d4ac7b5dd07035465cb3df09ea4)

Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Mon Jun 26 16:57:51 CEST 2017 on sn-devel-144

ctdb-recovery: Get recmode unconditionally in the main_loop

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857

This can be used later in the main_loop to avoid the local ip check.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 2fd2ccd4c8617cfa7374d7a5ee3d1cc61c4fa4ad)

ctdb-recovery: Finish processing for recovery mode ACTIVE first

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857

This simplifies the code and avoids complicated conditions.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit f8200153b21f5b19c9a1d57be3e05e739d9fafcd)

ctdb-recovery: Simplify logging of recovery mode setting

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit d74dadd7f26a9e8c48ba92468d7d0c4a7aa5a8e5)

ctdb-recovery: Setting up of recmode should be idempotent

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857

If the recovery mode is already set to the expected value, there is
nothing to do.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit f2771fcbf438e8b06321752c7203f01bbe33b573)

ctdb-recovery: Assign banning credits if database fails to freeze

https://bugzilla.samba.org/show_bug.cgi?id=12857

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit c9d9f56bffe1e19665dba8e0cf899399d3d9fb72)

ctdb-scripts: Don't send empty argument string to logger

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12856

This stops logger reading from stdin.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Jun 24 14:37:48 CEST 2017 on sn-devel-144

(cherry picked from commit 2fa069e870c0e6f1daa2a08be5aacac7b1063a5e)

Bug 15852. There are valid paths where conn->lsa_pipe_tcp->transport is NULL. Protect against this.

Based on a suggestion from Metze.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12852

Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 22 23:16:46 CEST 2017 on sn-devel-144

(cherry picked from commit 03042b85c8140842633b36f3124e504b97b852a1)

s3:smb2_sesssetup: allow a compound request after a SessionSetup

This is not a full fix yet as we don't allow compound requests
after going async.

With SMB 3.11 requiring signed TreeConnect requests it's pointless
to try to compound requests after a SessionSetup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12845

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 17 10:55:25 CEST 2017 on sn-devel-144

(cherry picked from commit bb5c394fde03dc8230d5089a66fea1a2541952f5)

s3:smb2_tcon: allow a compound request after a TreeConnect

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12844

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f8974bcdbf8abe3803340dcd20206ff4de9d5079)

libcli:smb2: Gracefully handle not supported for FSCTL_VALIDATE_NEGOTIATE_INFO

If FSCTL_VALIDATE_NEGOTIATE_INFO is not implemented, e.g. in a SMB2 only
server then gracefully handle NT_STATUS_NOT_SUPPORTED too.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12808

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jun 15 17:32:45 CEST 2017 on sn-devel-144

(cherry picked from commit a4d9438ecf92614a0915b9cf61f905ea8170043a)

Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Mon Jun 19 15:16:54 CEST 2017 on sn-devel-144

ctdb-tests: Add more NFS eventscript tests for call-out failures

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12837

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 323291a46e26e0493d43052550e57e2989b83b97)