s3:smbd: only pass UCF_PREP_CREATEFILE to filename_convert() if we may create a new file
This fixes a regression introduced by commit f98d10af2a05f0261611f4cabdfe274cd9fe91c0
(smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open)
The main problem was that Windows client seem to verify
the access to user.V2\ntuser.ini is rejected with NT_STATUS_ACCESS_DENIED,
using the machine credentials.
Passing UCF_PREP_CREATEFILE to filename_convert() triggers a code path
that implements a dropbox behaviour. A dropbox is a directory with only -wx permissions,
so get_real_filename fails with EACCESS, it needs to list the directory.
EACCESS is ignored with UCF_PREP_CREATEFILE.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 25 05:33:36 CEST 2016 on sn-devel-144
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Oct 25 11:28:28 CEST 2016 on sn-devel-144
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Mon Oct 24 23:52:48 CEST 2016 on sn-devel-144
Ralph Wuerthner [Mon, 10 Oct 2016 14:26:05 +0000 (16:26 +0200)]
ctdb-conn: add missing variable initialization
Avoid potential crash in TALLOC_FREE(hdr).
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4194c0797f78293fe48105ce5af70f36a3c233a8)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12372
ctdb: bad free in ctdbd_migrate()
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(v4-4-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-4-test): Mon Oct 24 14:24:42 CEST 2016 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 13 00:35:21 CEST 2016 on sn-devel-144
Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 5 19:19:39 CEST 2016 on sn-devel-144
Ignore cldap_socket_init() failure when sending
multiple cldap netlogon requests. Allow cldap_netlogon_send()
to catch the bad address and correctly return through a
tevent subreq.
Make sure cldap_search_send() copes with cldap parameter == NULL.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 18 02:16:20 CEST 2016 on sn-devel-144
Pair-Programmed-With: Uri Simchoni <uri@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c7bcbd166d23b6ebcc2d968b76b0640b9a9beebb)
Don't do a percentage calculation for either memtotal or swaptotal if they
are zero.
Signed-off-by: Jose A. Rivera <jarrpa@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit bf3f22315a281fb44a5cd9b075b7915138145d6e)
Noel Power [Tue, 20 Sep 2016 10:49:49 +0000 (11:49 +0100)]
s3/winbindd: using default domain with user@domain.com format fails
For example for samba client joined to a windows AD DC the following
commands fail if 'winbind use default domain = yes'
getent passwd user@domain.com
ssh -o user=user@domain.com localhost
The same commands succeed if the setting above has the default 'no' value
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Oct 3 23:37:44 CEST 2016 on sn-devel-144
Noel Power [Thu, 29 Sep 2016 15:50:58 +0000 (16:50 +0100)]
Add a blackbox tests for id & getent to test domain@realm type credentials
Using domain@realm credentials has been problematic when
global conf setting "winbind use default domain" is enabled, this patch
creates a new s4member_dflt_domain environment (where
"winbind use default domain" is enabled) and runs getent & id against the
normal s4member & and new s4member_dflt_domain environments
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ebfe3c85d0bbdf5d5f7459ddd61e3b44c3ec2bd3)
s3-lib: Fix %G substitution in AD member environment
If we are a domain member we should look up the user with the domain
name specified else it will only work if we have
'winbind use default domain' set.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 619ca5f63c47ff8b021692aaa756dcb0d883b8dd)
Reported-by: Nick Barrett Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 6 06:14:34 CEST 2016 on sn-devel-144
smbd/ioctl: match WS2016 ReFS get compression behaviour
ReFS doesn't support compression, but responds to get-compression FSCTLs
with a successful COMPRESSION_FORMAT_NONE response. set-compression
results in NT_STATUS_NOT_SUPPORTED.
This commit modifies Samba to match the ReFS behaviour, when run atop
a VFS that doesn't expose compression support.
Reported-by: Nick Barrett Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7a1000222877cdbc8967122b9de29021a42f4c8a)
Anoop C S [Fri, 7 Oct 2016 10:35:29 +0000 (16:05 +0530)]
vfs_glusterfs: Fix a memory leak in connect path
Early return in case of failure to set snapdir-entry-path xlator option
leaks talloced tmp_ctx.
Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Oct 7 19:39:11 CEST 2016 on sn-devel-144
Christian Ambach [Tue, 13 Sep 2016 08:49:47 +0000 (10:49 +0200)]
s4:samba_spnupdate: do not attempt to parse log level, use parsed value
The log level parameter can contain debug class specific entries.
Do not attempt to parse this as int, but use the values that the
debugging system already parsed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9945 Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Wed Sep 14 23:15:18 CEST 2016 on sn-devel-144
Christian Ambach [Tue, 13 Sep 2016 08:49:47 +0000 (10:49 +0200)]
python/join: do not attempt to parse log level, use parsed value
The log level parameter can contain debug class specific entries.
Do not attempt to parse this as int, but use the values that the
debugging system already parsed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9945 Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 92178f02bd09277f783eb68b476cfd1452c7f9ef)
Christian Ambach [Tue, 13 Sep 2016 08:49:47 +0000 (10:49 +0200)]
python/drs_utils: do not attempt to parse log level, use parsed value
The log level parameter can contain debug class specific entries.
Do not attempt to parse this as int, but use the values that the
debugging system already parsed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9945 Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit dd25aa129b6d799853312134628402f77b492eab)
Christian Ambach [Tue, 13 Sep 2016 09:22:38 +0000 (11:22 +0200)]
tests/param add a test for LoadParm.log_level
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fa56dbf6706872c5287eab082bb6ba7b5bd3ccd2)
Christian Ambach [Tue, 13 Sep 2016 08:48:03 +0000 (10:48 +0200)]
s4:param add log_level function to retrieve log level in Python code
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7ba50a200924119ac1a66759e4c1419ece03ba41)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ira Cooper <ira@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 32ae6721cf02412af3c5a82d5da4806f4d931bcd)
Jeremy Allison [Tue, 27 Sep 2016 00:07:44 +0000 (17:07 -0700)]
s3: auth: Use wbcAuthenticateUserEx to prime the caches.
Idea by Volker - use WBC_AUTH_USER_LEVEL_PAC to pass
the PAC to winbind from smbd on auth, this allows
winbind to prime the user info via netsamlogon_cache_store()
and the name2sid cache *before* smbd looks up the user.
Note that as this is merely a cache prime having
winbind not available is not an error.
Martin Schwenke [Mon, 10 Oct 2016 02:16:01 +0000 (13:16 +1100)]
ctdb-scripts: ctdbd_wrapper should never remove the PID file
kill_ctdbd() kills the daemon and then removes the PID file. This is
racy because a new daemon could write a new PID file in between the
kill and the removal. Reversing these steps would be an improvement.
However, none of the places where kill_ctdbd() is called is a safe
place to remove the PID file. There is always a chance that a new
daemon could start, write a new PID file and then kill_ctdbd() could
remove the new PID file.
ctdbd is able to overwrite a stale PID file by checking to see if it
is locked.
Therefore, entirely drop removal of the PID file from ctdbd_wrapper.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jim McDonough <jmcd@samba.org>
(cherry picked from commit 382345126c56e26d3dbc319f1c7c1dae3c4fafc9)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Jim McDonough <jmcd@samba.org>
(cherry picked from commit 124ae4e861f048fe015bff32ace4abff4d3e6c62)
Ralph Boehme [Wed, 14 Sep 2016 10:52:48 +0000 (12:52 +0200)]
s3/smbd: set FILE_ATTRIBUTE_DIRECTORY as necessary
Some VFS modules like GPFS will always return success from
SMB_VFS_GET_DOS_ATTRIBUTES() but only set a subset of the attributes. It
neither sets FILE_ATTRIBUTE_NORMAL nor FILE_ATTRIBUTE_DIRECTORY.
We already handle the case that the VFS stack returns with result==0 and
then add the FILE_ATTRIBUTE_NORMAL, regardless of the type of the
filesystem object. If we want to handle result==0 situation in the
SMB_VFS_GET_DOS_ATTRIBUTES() caller, then do it right by either setting
FILE_ATTRIBUTE_NORMAL or FILE_ATTRIBUTE_DIRECTORY.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 16 00:34:43 CEST 2016 on sn-devel-144
Ralph Boehme [Fri, 26 Aug 2016 08:04:53 +0000 (10:04 +0200)]
vfs_acl_xattr|tdb: enforced settings when ignore system acls=yes
When "ignore system acls" is set to "yes, we need to ensure filesystem
permission always grant access so that when doing our own access checks
we don't run into situations where we grant access but the filesystem
doesn't.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 31 18:41:20 CEST 2016 on sn-devel-144
Ralph Boehme [Tue, 23 Aug 2016 11:11:24 +0000 (13:11 +0200)]
vfs_acl_common: rename pdesc_next to psd_fs
In most realistic cases the "next" VFS op will return the permissions
from the filesystem. This rename makes it explicit where the SD is
originating from. No change in behaviour.
This just paves the way for a later change that will simplify the whole
logic and talloc hierarchy.
Ralph Boehme [Tue, 23 Aug 2016 11:08:12 +0000 (13:08 +0200)]
vfs_acl_common: rename psd to psd_blob in get_nt_acl_internal()
This makes it explicit where the SD is originating from. No change in
behaviour.
This just paves the way for a later change that will simplify the whole
logic and talloc hierarchy, therefor this also strictly renames the
occurences after the out label.
Logically, behind the out label, we're dealing with a variable that
points to what we're going to return, so the name psd_blob is
misleading, but I'm desperately trying to avoid logic changes in this
commit and therefor I'm just strictly renaming.
Uri Simchoni [Wed, 24 Aug 2016 11:42:23 +0000 (14:42 +0300)]
vfs_shadow_copy: handle non-existant files and wildcards
During path checking, the vfs connectpath_fn is called to
determine the share's root, relative to the file being
queried (for example, in snapshot file this may be other
than the share's "usual" root directory). connectpath_fn
must be able to answer this question even if the path does
not exist and its parent does exist. The convention in this
case is that this refers to a yet-uncreated file under the parent
and all queries are relative to the parent.
This also serves as a workaround for the case where connectpath_fn
has to handle wildcards, as with the case of SMB1 trans2 findfirst.
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 25 05:35:29 CEST 2016 on sn-devel-144
(cherry picked from commit f41f439335efb352d03a842c370212a0af77262a)
Uri Simchoni [Tue, 23 Aug 2016 11:03:30 +0000 (14:03 +0300)]
selftest: check file readability in shadow_copy2 test
Add tests which verify that a snapshot file is readable
if and only if it its metadata can be retrieved. Also
verify (in most tests) that file is retrieved from the
correct snapshot.
Together with the existing test for number of previous
versions we can stat, this test checks that we can read
those files, and also that we cannot break out of a snapshot
if wide links are not allowed.
Martin Schwenke [Thu, 18 Aug 2016 02:57:33 +0000 (12:57 +1000)]
ctdb-ipalloc: Fix cumulative takeover timeout
Commit c40fc62642ff5ac49b75e9af49c299e33dbc9073 runs the IP allocation
algorithm after calculating the timeout offset. If the algorithm
takes a long time then there may be no attempt to release or take over
IPs.
Instead, reset the timeout just before the RELEASE_IP stage if an
early jump to IPREALLOCATED was not taken.
Martin Schwenke [Fri, 27 May 2016 05:22:27 +0000 (15:22 +1000)]
ctdb-ipalloc: Use a cumulative timeout for takeover run stages
RELEASE_IP sometimes times out because killing TCP connections can
take a long time.
The aim of the takeover timeout is actually to limit the total amount
of time for an IP takeover run. So, calculate a combined timeout
offset once and use it for each of the RELEASE_IP, TAKEOVER_IP,
IPREALLOCATED stages. This gives RELEASE_IP more time to kill TCP
connections but still limits the total time.
Amitay Isaacs [Thu, 23 Jun 2016 11:07:37 +0000 (21:07 +1000)]
ctdb-recovery: Terminate if recovery fails without any banning credits
In case of database recovery failure, if there are no banning credits
assigned, then the async computation is never terminated. The else
condition is missing in (max_credits >= NUM_RETRIES) check.
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Jun 24 09:56:23 CEST 2016 on sn-devel-144
Even though database id is 32-bit, it's sent on wire as 64-bits.
The database id is the first 32-bits on the wire. This needs fixing
eventually, but for now keep the same wire format.
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit bdff6255af113827340adc3da609e127503d9ba5)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Fri Sep 16 12:39:00 CEST 2016 on sn-devel-144
Ralph Boehme [Sun, 11 Sep 2016 13:35:37 +0000 (15:35 +0200)]
s3/smbd: in call_trans2qfilepathinfo call lstat when dealing with posix pathnames
This might be an info level SMB_INFO_QUERY_ALL_EAS which is not covered
by INFO_LEVEL_IS_UNIX(). If smb_fname is a symlink we would then stat it
in POSIX context.
network.target has very little meaning during start-up. [...]
Whether any network interfaces are already configured when it is
reached is undefined. [...]
network-online.target is a target that actively waits until the
ne[t]work is "up",
CTDB expects to be able to bind a socket to a node address and expects
interfaces for public IP addresses to exist. CTDB also doesn't expect
time to jump, so also wait until time is synchronised.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Steve French <sfrench@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com> Tested-by: Steve French <sfrench@samba.org>
(cherry picked from commit 35dcaadc8ebc9ec80e04f1d2eee694ebc6914a31)
Martin Schwenke [Tue, 30 Aug 2016 22:29:13 +0000 (08:29 +1000)]
ctdb-daemon: Don't steal control structure before synchronous reply
If *async_reply isn't set then the calling code will reply to the
control and free the control structure. In some places the control
structure pointer is stolen onto state before a synchronous exit due
to an error condition. The error handling then frees state and
returns an error. The calling code will access-after-free when trying
to reply to the control.
To make this easier to understand, the convention is that any
(immediate) error results in a synchronous reply to the control via an
error return code AND *async_reply not being set. In this case the
control structure pointer should never be stolen onto state. State is
never used for a synchronous reply, it is only ever used by a
callback.
Also initialise state->c to NULL so that any premature call to a
callback (e.g. in an immediate error path) is more obvious.
Martin Schwenke [Fri, 26 Aug 2016 06:38:56 +0000 (16:38 +1000)]
ctdb-daemon: Handle failure immediately, do housekeeping later
The callback should never be called before an immediate return. The
callback might reply to a control and the caller of
ctdb_event_script_callback_v() may not have assigned/stolen the
pointer to control structure into the private data. Therefore,
calling the callback can dereference an uninitialised pointer to the
control structure when attempting to reply.
An event script isn't being run until the child has been forked. So
update relevant state and set the destructor after this.
If the child can't be forked then free the state and return with an
error. The callback will not be called and the caller will process
the error correctly.
Martin Schwenke [Fri, 26 Aug 2016 06:29:47 +0000 (16:29 +1000)]
ctdb-daemon: Schedule running of callback if there are no event scripts
The callback should never be called before an immediate return. The
callback might reply to a control and the caller of
ctdb_event_script_callback_v() may not have assigned/stolen the
pointer to control structure into the private data. Therefore,
calling the callback can dereference an uninitialised pointer to the
control structure when attempting to reply.
ctdb_event_script_callback_v() must succeed when there are no event
scripts. On success the caller will mark the call as asynchronous and
expect the callback to be called. Given that it can't be called
before return then it needs to be scheduled.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f5401ff3146aabc5fb2dac25e4856c6c3756c8f7)
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Sun Aug 21 22:45:33 CEST 2016 on sn-devel-144
Many years ago takeover_callback_state was used for both IP takeover
and release. Now it is only used when releasing an IP so rename it to
improve clarity.
Martin Schwenke [Thu, 11 Aug 2016 04:07:44 +0000 (14:07 +1000)]
ctdb-daemon: Use release_ip_post() when releasing all IP addresses
This has the advantage of using common code. Also, if there was
previously a failed attempt to release the IP address as part of a
delete, then this will finish processing the delete.
Extra care needs to be taken when a VNN is actually deleted.
Martin Schwenke [Thu, 11 Aug 2016 03:57:43 +0000 (13:57 +1000)]
ctdb-daemon: Factor out new function release_ip_post()
This contains the cleanup that needs to be done after an IP address is
released from an interface.
state->vnn is set to the return value from release_ip_post(), which is
either the original VNN, or NULL if it was deleted. This allows
correct handling of the in-flight flag in the destructor for state.
Martin Schwenke [Thu, 11 Aug 2016 03:41:12 +0000 (13:41 +1000)]
ctdb-daemon: Do not copy address for RELEASE_IP message
If there's an allocation failure then the implicit early return in
CTDB_NO_MEMORY_VOID() means that no reply is sent to the control.
ctdb_daemon_send_message() makes a copy of the data, so don't copy it
here and remove an unnecessary chance of failure.
projects / thirdparty / samba.git / log
