Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jan 30 22:26:29 CET 2017 on sn-devel-144
Jeremy Allison [Mon, 23 Jan 2017 18:20:13 +0000 (10:20 -0800)]
s3: VFS: shadow_copy2: Fix usage of saved_errno to only set errno on error.
Rationale:
VFS calls must act like their POSIX equivalents, and the POSIX versions
*only* set errno on a failure. There is actually code in the upper smbd
layers that depends on errno being correct on a fail return from a VFS call.
For a compound VFS module like this, a common pattern is :
SMB_VFS_CALL_X()
{
int ret;
syscall1();
ret = syscall2();
syscall3();
return ret;
}
Where if *any* of the contained syscallX()'s fail, they'll set errno.
However, the actual errno we should return is *only* the one returned
if syscall2() fails (the others are lstat's checking for existence etc.).
So what we should do to correctly return only the errno from syscall2() is:
SMB_VFS_CALL_X()
{
int ret;
int saved_errno = 0;
syscall1()
ret = syscall2();
if (ret == -1) {
saved_errno = errno;
}
syscall3()
Jeremy Allison [Thu, 26 Jan 2017 18:49:51 +0000 (10:49 -0800)]
s3: VFS: shadow_copy2: Fix module to work with variable current working directory.
Completely cleans up the horrible shadow_copy2_strip_snapshot()
and adds an explaination of what it's actually trying to do.
* This function does two things.
*
* 1). Checks if an incoming filename is already a
* snapshot converted pathname.
* If so, it returns the pathname truncated
* at the snapshot point which will be used
* as the connectpath, and then does an early return.
*
* 2). Checks if an incoming filename contains an
* SMB-layer @GMT- style timestamp.
* If so, it strips the timestamp, and returns
* both the timestamp and the stripped path
* (making it cwd-relative).
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 25 04:23:00 CET 2017 on sn-devel-144
Jeremy Allison [Wed, 1 Feb 2017 19:36:25 +0000 (11:36 -0800)]
s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store the same path as streams_xattr_recheck().
If the open is changing directories, fsp->fsp_name->base_name
will be the full path from the share root, whilst
smb_fname will be relative to the $cwd.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 2 01:55:42 CET 2017 on sn-devel-144
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jan 28 01:49:11 CET 2017 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jan 27 12:03:39 CET 2017 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c207f2a989fc791b5f9bf9043d3c6ac31db5cdfd)
Ralph Boehme [Tue, 17 Jan 2017 16:23:51 +0000 (17:23 +0100)]
selftest: disable SMB encryption in simpleserver environment
Encryption is currently not tested in this env so we can safely turn it
off. The next commit will add a blackbox tests that test combinations of
having encryption globally turned off and enabled (desired/required) on
a share.
This also adds a new share "enc_desired" with "smb encrypt = desired"
which will be used by the test in the next commit.
Björn Jacke [Thu, 19 Jan 2017 20:51:41 +0000 (21:51 +0100)]
vfs_default: unlock the right file in copy chunk
Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Sat Jan 21 17:00:54 CET 2017 on sn-devel-144
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 10 17:40:58 CET 2017 on sn-devel-144
s3:librpc/gse: make use of gss_krb5_import_cred() instead of gss_acquire_cred()
This avoids the usage of the ccselect_realm logic in MIT krb5,
which leads to unpredictable results.
The problem is the usage of gss_acquire_cred(), that just creates
a credential handle without ccache.
As result gss_init_sec_context() will trigger a code path
where it use "ccselect" plugins. And the ccselect_realm
module just chooses a random ccache from a global list
where the realm of the provides target principal matches
the realm of the ccache user principal.
In the winbindd case we're using MEMORY:cliconnect to setup
the smb connection to the DC. For ldap connections we use
MEMORY:winbind_ccache.
The typical case is that we do the smb connection first.
If we try to create a new ldap connection, while the
credentials in MEMORY:cliconnect are expired,
we'll do the required kinit into MEMORY:winbind_ccache,
but the ccselect_realm module will select MEMORY:cliconnect
and tries to get a service ticket for the ldap server
using the already expired TGT from MEMORY:cliconnect.
The solution will be to use gss_krb5_import_cred() and explicitly
pass the desired ccache, which avoids the ccselect logic.
We could also use gss_acquire_cred_from(), but that's only available
in modern MIT krb5 versions, while gss_krb5_import_cred() is available
in heimdal and all supported MIT versions (>=1.9).
As far as I can see both call the same internal function in MIT
(at least for the ccache case).
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 7c3ea9fe96336483752adb821f8062a883d52998)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b61a93755ca59a58775c1c8c21baee49fef42fbf)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 6f029d58703f657e46fee35fc663128157db4d9f)
smbd/ioctl: match WS2016 ReFS set compression behaviour
ReFS doesn't support compression, but responds to set-compression FSCTLs
with NT_STATUS_OK if (and only if) the requested compression format is
COMPRESSION_FORMAT_NONE.
Reported-by: Nick Barrett <nick@barrett.org.nz> Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jan 9 23:14:28 CET 2017 on sn-devel-144
This test case was overlooked in the previous bso#12144 update -
set compression requests with format=COMPRESSION_FORMAT_NONE should
succeed if the server / backing storage doesn't offer compression
support.
Confirm that Samba matches Windows Server 2016 ReFS behaviour here.
Reported-by: Nick Barrett <nick@barrett.org.nz> Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6fde123176409e261d955e24b3d28e5124f33bed)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Jan 9 14:18:47 CET 2017 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 4ef772be3a7259b48253643392574fab28c37916)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit f464f69b33b40c81d6ee57bebf9d59837431739b)
Reported and proposed fix by Shilpa K <shilpa.krishnareddy@gmail.com>.
When processing DENY ACE entries for owner rights SIDs (S-1-3-4) the
code OR's in the deny access mask bits without taking into account if
they were being requested in the requested access mask.
prohibits an open request by the owner for READ_DATA - even though this
is explicitly allowed.
Furthermore a non-canonical ACL containing:
[0] SID: User SID 1-5-21-something
TYPE: ALLOW
MASK: READ_DATA
[1] SID: S-1-3-4
TYPE: DENY
MASK: READ_DATA
[2] SID: User SID 1-5-21-something
TYPE: ALLOW
MASK: WRITE_DATA
prohibits an open request by the owner for READ_DATA|WRITE_DATA - even
though READ_DATA is explicitly allowed in ACE no 0 and is thus already
filtered out of the "access-still-needed" mask when the deny ACE no 1 is
evaluated.
Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 29b02cf22f3c0f2d556408e9e768d68c1efc3b96)
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu Dec 8 14:52:52 CET 2016 on sn-devel-144
Due to a misspelling in the option parser in all Samba versions up to
and including 4.5.1 this options must be given "fruit:ressource", ie
with two "s".
Samba 4.6 will accept both the correct the correct and the wrong
spelling, Samba 4.7 onwards will only accept the correct
spelling.
Jeremy Allison [Fri, 18 Nov 2016 18:20:41 +0000 (10:20 -0800)]
s3/smbd: fix the last resort check that sets the file type attribute
The rule is, a directory (with any other attributes) should always also
set FILE_ATTRIBUTE_DIRECTORY, a file should only set
FILE_ATTRIBUTE_NORMAL if no other attributes is set.
Iow, if a file contains any existing attributes (e.g. FILE_ATTRIBUTE_HIDDEN),
don't add in the FILE_ATTRIBUTE_NORMAL attribute.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Nov 19 11:55:35 CET 2016 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 08d1ac0e36339e97e4464f6a6724464b0a568347)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed Nov 30 15:50:43 CET 2016 on sn-devel-144
The test is known to be failing if sealing is turned on in some
circumstances. In this case a secret is created and then the function
dcerpc_fetch_session_key() fails. The secret is not removed!
We use torturesecret-%08x with random() to fill in the number. Sometimes
it happens that random() returns a number we already used. So we end up
trying to create a secret for an entry which already exists and run
into a collision
This change makes sure we always cleanup behind us and do not leave
secret objects we created.
Pair-Programmed-With: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 17 22:30:36 CET 2016 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9c0f2576d8aa3dd95be1c5ddda2b10d891add0bc)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4d9f4bfc69a5899bdf91406dfb7efb70a530446c)
Earlier we were relying on SCHED_RESET_ON_FORK to reset the priority of lock
helper processes. Since SCHED_RESET_ON_FORK support has been removed, the
scheduling priority of child processes created using vfork() need to be reset
explicitly in the helper processes.
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Nov 18 10:18:27 CET 2016 on sn-devel-144
Andrew Bartlett [Tue, 25 Oct 2016 11:06:12 +0000 (00:06 +1300)]
build: Fix build with perl on debian sid.
build: Fix build with perl on debian sid.
It appears that "." is no longer in perl_inc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12395 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Oct 29 09:32:37 CEST 2016 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 2611fd02a0a6a0a0a506df70fe1a1eb4a2e76062)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Nov 14 15:56:11 CET 2016 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c160ae9afb222466c50ae170447a6a0805f7169f)
Michael Adam [Thu, 20 Oct 2016 22:15:06 +0000 (00:15 +0200)]
vfs:glusterfs: preallocate result for glfs_realpath
https://bugzilla.samba.org/show_bug.cgi?id=12404
This makes us independent of the allocation
method used inside glfs_realpath.
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 22 00:28:41 CEST 2016 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e714dc03e0ccf9ec17da6bacc1bcfcaea7518e22)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Fri Nov 4 15:18:16 CET 2016 on sn-devel-144
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 28 03:42:25 CEST 2016 on sn-devel-144
s3:smbd: only pass UCF_PREP_CREATEFILE to filename_convert() if we may create a new file
This fixes a regression introduced by commit f98d10af2a05f0261611f4cabdfe274cd9fe91c0
(smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open)
The main problem was that Windows client seem to verify
the access to user.V2\ntuser.ini is rejected with NT_STATUS_ACCESS_DENIED,
using the machine credentials.
Passing UCF_PREP_CREATEFILE to filename_convert() triggers a code path
that implements a dropbox behaviour. A dropbox is a directory with only -wx permissions,
so get_real_filename fails with EACCESS, it needs to list the directory.
EACCESS is ignored with UCF_PREP_CREATEFILE.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 25 05:33:36 CEST 2016 on sn-devel-144
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Oct 25 11:28:28 CEST 2016 on sn-devel-144
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Mon Oct 24 23:52:48 CEST 2016 on sn-devel-144
Ralph Wuerthner [Mon, 10 Oct 2016 14:26:05 +0000 (16:26 +0200)]
ctdb-conn: add missing variable initialization
Avoid potential crash in TALLOC_FREE(hdr).
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4194c0797f78293fe48105ce5af70f36a3c233a8)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12372
ctdb: bad free in ctdbd_migrate()
projects / thirdparty / samba.git / log
