Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Sat Jan 13 17:12:38 CET 2018 on sn-devel-144
Ralph Boehme [Tue, 28 Nov 2017 16:32:59 +0000 (17:32 +0100)]
winbindd: transitive trust logic in trust_is_transitive()
trust_is_transitive() currently defaults to transitive=true, unless
LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE, LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN or
LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL trust attribute is set.
This is not correct, for the trust to be transative,
LSA_TRUST_ATTRIBUTE_WITHIN_FOREST or LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE must
be set.
Ralph Boehme [Wed, 13 Dec 2017 16:08:10 +0000 (17:08 +0100)]
winbindd: add find_default_route_domain()
On a member server this is just our primary domain. The logic for DCs is
not yet implemented, on a DC of a child-domain in a forrest this would
be the parent domain.
This extends add_trusted_domain() to be a the one true one-stop function
to add winbindd domain.
add_trusted_domain_from_tdc() used a struct winbindd_tdc_domain to fill
in the winbindd domain which made it hard to track which attributes
would be required and which are optional.
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 15 Dec 2017 20:13:52 +0000 (21:13 +0100)]
winbindd: only use NetBIOS name when searching domain list in add_trusted_domain_from_tdc()
Unique key for domains is the NetBIOS name, period. If the the caller
passes a domain name that matches a different domains DNS name or vice
versa, that is an error. The same applies to SIDs.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Sat, 2 Dec 2017 09:34:28 +0000 (10:34 +0100)]
winbindd: set info6 data in append_info3_as_txt
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jan 13 12:53:59 CET 2018 on sn-devel-144
Ralph Boehme [Mon, 11 Dec 2017 22:26:38 +0000 (23:26 +0100)]
winbindd: let winbind_samlogon_retry_loop return validation info
Return the validation info instead of the already mapped info3. Higher
layers need info6 if available, this is the first step in passing the
unmapped info up to callers.
Ralph Boehme [Thu, 30 Nov 2017 22:35:40 +0000 (23:35 +0100)]
s3/rpc_client: return validation from rpccli_netlogon functions
Return the validation info instead of the already mapped info3. Higher
layers need info6 if available, this is the first step in passing the
unmapped info up to callers.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Sat, 2 Dec 2017 21:35:36 +0000 (22:35 +0100)]
s3/rpc_client: move copy_netr_SamInfo3() to util_netlogon
The next commit will add an additional caller that in rpc_client and I
don't want to pull in AUTH_COMMON. The natural place to consolidate
netlogon related helper functions seems to be util_netlogon.c which
already has copy_netr_SamBaseInfo().
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
s3/smbd: Fix error code for unsupported SET_INFO requests
FileValidDataLengthInformation and FileShortNameInformation are both
valid FileInfoClasses that we don't support. According to [MS-SMB2]
3.3.5.21.1, we should be returning STATUS_NOT_SUPPORTED instead of
NT_STATUS_INVALID_LEVEL for these.
Signed-off-by: Justin Maggard <jmaggard@netgear.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jan 13 07:25:42 CET 2018 on sn-devel-144
David Disseldorp [Wed, 10 Jan 2018 13:03:09 +0000 (14:03 +0100)]
vfs_default: use VFS statvfs macro in fs_capabilities
Currently the vfs_default fs_capabilities handler calls statvfs
directly, rather than calling the vfs macro. This behaviour may cause
issues for VFS modules that delegate fs_capabilities handling to
vfs_default but offer their own statvfs hook.
David Disseldorp [Wed, 10 Jan 2018 00:37:14 +0000 (01:37 +0100)]
vfs_ceph: add fs_capabilities hook to avoid local statvfs
Adding the fs_capabilities() hook to the CephFS VFS module avoids
fallback to the vfs_default code-path, which calls statvfs() against the
share path on the *local* filesystem.
Douglas Bagnall [Fri, 12 Jan 2018 01:39:49 +0000 (14:39 +1300)]
Mark wbinfo test flapping
please fix and revert
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 13 03:01:10 CET 2018 on sn-devel-144
* Intersect the index from SCOPE_ONELEVEL with the index for the search expression
(bug #13191)
* smaller/greater comparison tests
* Show the last successful DN when failing to parse LDIF
* ldb_index: Add an attriubute flag to require a unique value.
* silence some clang warnings in picky developer mode
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Mon, 8 Jan 2018 04:34:31 +0000 (17:34 +1300)]
talloc: Do not disclose the random talloc magic in free()'ed memory
This may help us avoid exploits via memory read attacks on Samba by ensuring that if the read
is on an invalid chunk that the talloc magic disclosed there is not useful
to create a valid chunk and so set a destructor.
Andrew Bartlett [Mon, 8 Jan 2018 04:29:19 +0000 (17:29 +1300)]
talloc: Remove talloc_abort_magic()
The check required for talloc_abort_magic() prevents the 'access after free error'
from being printed.
It is also no longer possible to determine the difference between invalid memory
and a talloc version mismatch as the magic is now random on many platforms.
s3:tests: Fix test_net_tdb.sh with system tdb-tools
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 10 18:30:56 CET 2018 on sn-devel-144
Ralph Boehme [Tue, 9 Jan 2018 09:46:40 +0000 (10:46 +0100)]
selftest: split a large system invocation line
Small cleanup for better code readability, no change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jan 10 05:19:26 CET 2018 on sn-devel-144
Douglas Bagnall [Tue, 9 Jan 2018 11:08:01 +0000 (00:08 +1300)]
vfs_fruit: initialise bandsize to please a compiler
GCC on a Ubuntu 16.04 instance said:
[3174/4240] Compiling source3/modules/vfs_cap.c
In file included from ../source3/include/includes.h:301:0,
from ../source3/modules/vfs_fruit.c:20:
../source3/modules/vfs_fruit.c: In function
‘fruit_disk_free’:
../source3/../lib/util/debug.h:217:7: error: ‘bandsize’ may be used
uninitialized in this function [-Werror=maybe-uninitialized]
&& (dbgtext body) )
^
../source3/modules/vfs_fruit.c:6302:9: note: ‘bandsize’ was
declared here
size_t bandsize;
^
[3175/4240] Compiling source3/modules/vfs_expand_msdfs.c
[3176/4240] Compiling source3/modules/vfs_shadow_copy.c
[3177/4240] Compiling source3/modules/vfs_shadow_copy2.c
cc1: all warnings being treated as errors
Waf: Leaving directory
/home/ubuntu/autobuild/b17854/samba-o3/bin'
Build failed: -> task failed (err #1):
{task: cc vfs_fruit.c -> vfs_fruit_25.o}
make: *** [all] Error 1
As far as I can tell, it is wrong, and the bandsize variable never
gets passed uninititalised to DEBUG.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Wed, 6 Dec 2017 21:09:52 +0000 (22:09 +0100)]
vfs_fruit: set delete-on-close for empty finderinfo
We previously removed the stream from the underlying filesystem stream
backing store when the client zeroes out FinderInfo in the AFP_AfpInfo
stream, but this causes certain operations to fail (eg stat) when trying
to access the stream over any file-handle open on that stream.
So instead of deleting, set delete-on-close on the stream. The previous
commit already implemented not to list list streams with delete-on-close
set which is necessary to implemenent correct macOS semantics for this
particular stream.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jan 9 17:09:12 CET 2018 on sn-devel-144
Ralph Boehme [Thu, 7 Dec 2017 16:32:35 +0000 (17:32 +0100)]
vfs_fruit: filter out AFP_AfpInfo streams with pending delete-on-close
This is in preperation of fixing the implementation of removing the
AFP_AfpInfo stream by zeroing the FinderInfo out.
We currently remove the stream blob from the underyling filesystem
backing store, but that results in certain operations to fail on any
still open file-handle.
The fix comes in the next commit which will convert to backing store
delete operation to a set delete-on-close on the stream.
This commit adds filtering on streams that have the delete-on-close
set. It is only needed for the fruit:metadata=stream case, as with
fruit:metadata=netatalk the filtering is already done in
fruit_streaminfo_meta_netatalk().
projects / thirdparty / samba.git / log
