Tim Beale [Thu, 28 Sep 2017 03:19:29 +0000 (16:19 +1300)]
replmd: Fix talloc inconsistency in replmd_set_la_val()
All the other talloc_asprintf()s in this function use the mem_ctx, but
for some reason the vstring was using the dsdb_dn->dn. This probably
isn't a big deal, but might have unintentional side-effects.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Thu, 28 Sep 2017 02:58:16 +0000 (15:58 +1300)]
replmd: Make replmd_set_la_val() closer to replmd_build_la_val()
These two functions are almost identical. The main difference between
them is the RMD_ADDTIME. replmd_set_la_val() tries to use the
RMD_ADDTIME of the old_dsdb_dn. Whereas replmd_build_la_val() always
uses the time passed in.
Change replmd_set_la_val() so it can accept a NULL old_dsdb_dn (i.e. if
it's a new linked attribute that's being set). If so, it'll end up using
the nttime parameter passed in, same as replmd_build_la_val() does.
Also update replmd_process_linked_attribute (which used to use
replmd_build_la_val()) to now pass in a NULL old_dsdb_dn. There
shouldn't be a difference in behaviour either way, but this exercises
the code change.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Wed, 27 Sep 2017 00:44:29 +0000 (13:44 +1300)]
replmd: Handle conflicts for single-valued link attributes better
If 2 DCs independently set a single-valued linked attribute to differing
values, Samba should be able to resolve this problem when replication
occurs.
If the received information is better, then we want to set the existing
link attribute in our DB as inactive.
If our own information is better, then we still want to add the received
link attribute, but mark it as inactive so that it doesn't clobber our
own link.
This still isn't a complete solution. When we add the received attribute
as inactive, we really should be incrementing the version, updating the
USN, etc. Also this only deals with the case where the received link is
completely new (i.e. a received link conflicting with an existing
inactive link isn't handled).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Mon, 18 Sep 2017 23:59:58 +0000 (11:59 +1200)]
replmd: Partial fix for single-valued link conflict
This is the first part of the fix for resolving a single-valued link
conflict.
When processing the replication data for a linked attribute, if we don't
find a match for the link target value, check if the link is a
single-valued attribute and it currently has an active link. If so, then
use the active link instead.
This change means we delete the existing active link (and backlink)
before adding the new link. This prevents the failure in the subsequent
dsdb_check_single_valued_link() check that was happening previously
(because the link would end up with 2 active values).
This is only a partial fix. It stops replication from failing completely
if we ever hit this situation (which means the test is no longer
hitting an assertion when replicating). However, ideally the existing
active link should be retained and just marked as deleted (with this
change, the existing link is overwritten completely).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Wed, 27 Sep 2017 01:43:53 +0000 (14:43 +1300)]
selftest: Add conflict test where the single-valued link already exists
As well as testing scenarios where both variants of the link are new, we
should also check the case where the received link already exists on the
DC as an inactive (i.e. previously deleted) link.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Tue, 26 Sep 2017 00:55:11 +0000 (13:55 +1300)]
selftest: Add test for deleted single-valued link conflict
Currently we're only testing the case where the links have been modified
independently on 2 different DCs and both the links are active. We also
want to test the case where one link is active and the other is deleted.
Technically, this isn't really a conflict - the links involve different
target DNs, and the end result is still only one active link.
It's still probably worth having these tests to prove that fixing bug
13055 doesn't break anything.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Tue, 19 Sep 2017 01:41:02 +0000 (13:41 +1200)]
selftest: Make sure single-link conflict retains the deleted link
There should only ever be one active value for a single-valued link
attribute. When a conflict occurs the 'losing' value should still be
present, but should be marked as deleted.
This change is just making the test criteria stricter to make sure that
we fix the bug correctly.
Note that the only way to query the deleted link attributes present
is to send a DRS request.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Mon, 18 Sep 2017 04:33:30 +0000 (16:33 +1200)]
replmd: Refactor logic to check if replicated link is newer
This is precursor work for supporting single-link conflicts.
Split out the code to check if the link update is newer. It's now safe
to call this from the main codepath. This also means we can combine the 2
calls to get the seqnum into a single common call.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 20 03:37:31 CEST 2017 on sn-devel-144
Douglas Bagnall [Thu, 19 Oct 2017 08:56:15 +0000 (10:56 +0200)]
nwrap: Fix strotoul checks for NSS_WRAPPER_MAX_HOSTENTS
The env and endptr pointers need to be dereferenced, but that is not
enough: we don't really want to regard an empty string (*env == '\0')
as a valid number.
[2095/4103] Compiling lib/nss_wrapper/nss_wrapper.c
../lib/nss_wrapper/nss_wrapper.c: In function "nwrap_init":
../lib/nss_wrapper/nss_wrapper.c:1571:13: warning: comparison between pointer and zero character constant [-Wpointer-compare]
if (((env != '\0') && (endptr == '\0')) ||
^~
../lib/nss_wrapper/nss_wrapper.c:1571:9: note: did you mean to dereference the pointer?
if (((env != '\0') && (endptr == '\0')) ||
^
../lib/nss_wrapper/nss_wrapper.c:1571:33: warning: comparison between pointer and zero character constant [-Wpointer-compare]
if (((env != '\0') && (endptr == '\0')) ||
^~
../lib/nss_wrapper/nss_wrapper.c:1571:26: note: did you mean to dereference the pointer?
if (((env != '\0') && (endptr == '\0')) ||
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 19 16:42:17 CEST 2017 on sn-devel-144
Joe Guo [Fri, 15 Sep 2017 04:13:26 +0000 (16:13 +1200)]
python: use communicate to fix Popen deadlock
`Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and the
child process generates large output to a pipe such that it blocks waiting for
the OS pipe buffer to accept more data. Use communicate() to avoid that.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 19 09:27:16 CEST 2017 on sn-devel-144
Joe Guo [Fri, 15 Sep 2017 03:31:34 +0000 (15:31 +1200)]
python: add a failed test to show Popen deadlock
`Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and the
child process generates large output to a pipe such that it blocks waiting for
the OS pipe buffer to accept more data. Use communicate() to avoid that.
This patch is commited to show the issue, a fix patch will come later.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 10 Sep 2017 23:39:39 +0000 (11:39 +1200)]
source4/smbd: replace DEBUG( with DBG_
Update the debug logging to use the currently preferred debug macros
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Tue, 5 Sep 2017 00:31:52 +0000 (12:31 +1200)]
selftest: set ad_dc process model to prefork
Set the process model for ad_dc to prefork, so that the pre-fork gets
exercised during self test.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Thu, 7 Sep 2017 02:30:15 +0000 (14:30 +1200)]
source4/smbd: add a prefork process model.
Add a pre fork process model to bound the number processes forked by
samba. Currently workers are only pre-forked for the ldap server, all
the other services have pre-fork support disabled.
When pre-fork support is disabled a new process is started for each
service, and requests are processed by that process.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Thu, 14 Sep 2017 21:15:35 +0000 (09:15 +1200)]
source4/smbd: Fix code formatting after refactoring.
Fix code formatting from the refactoring in the previous commits.
Done as a separate patch to make the changes to functionality easier
to review.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Mon, 18 Sep 2017 01:02:13 +0000 (13:02 +1200)]
process_standard: Do not log at level 2 every time a child exits
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Mon, 18 Sep 2017 01:05:24 +0000 (13:05 +1200)]
source4/smbd: Do not overstamp the process model with "single"
Instead, except in RPC which is a special SNOWFLAKE, we rely on the struct
service_details in the init function.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Mon, 18 Sep 2017 00:56:09 +0000 (12:56 +1200)]
process_standard: Use the new process_context
Use the new process_context to control the from_parent_fd
This avoids the use of global variables, and will in the next patch
allow process_standard to run as what was known as single without
over-stamping a different process model.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Thu, 14 Sep 2017 19:09:23 +0000 (07:09 +1200)]
source4/smbd: refactor the process model for prefork
Refactor the process model code to allow the addition of a prefork
process model.
- Add a process context to contain process model specific state
- Add a service details structure to allow service to indicate which
process model options they can support.
In the new code the services advertise the features they support to the
process model. The process model context is plumbed through to allow the
process model to keep track of the supported options, and any state
the process model may require.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Tue, 12 Sep 2017 23:21:02 +0000 (11:21 +1200)]
tests: Add a blackbox test for smbcontrol
Add tests to check that samba processes have started and that they can be
pinged.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Volker Lendecke [Wed, 18 Oct 2017 11:26:07 +0000 (13:26 +0200)]
rpc_client: Fix wording in a DEBUG statement
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 19 04:57:44 CEST 2017 on sn-devel-144
Andrew Bartlett [Tue, 17 Oct 2017 10:01:51 +0000 (23:01 +1300)]
dbcheck: Allow removal of one-way links to missing objects
If dbcheck is not run within the tombstone lifetime, these links can
persist in the database forever. The risk of unintentional information loss
is why these links are only removed within the same partition. A
replication may be in progress which has created only one end of
the link, so we must keep that.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Rowland Penny <rpenny@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 19 00:50:19 CEST 2017 on sn-devel-144
Lumir Balhar [Wed, 11 Oct 2017 19:02:24 +0000 (21:02 +0200)]
unittests: Fix missing include of signal.h
Signed-off-by: Lumir Balhar <lbalhar@redhat.com> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Oct 18 14:24:39 CEST 2017 on sn-devel-144
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Oct 18 10:19:48 CEST 2017 on sn-devel-144
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 17 18:53:48 CEST 2017 on sn-devel-144
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 17 11:48:09 CEST 2017 on sn-devel-144
Ralph Boehme [Tue, 29 Aug 2017 13:55:19 +0000 (15:55 +0200)]
s3/smbd: fix access checks in set_ea_dos_attribute()
We wanted to set the DOS attributes and failed with permission denied
from the VFS/kernel/filesystem. Next thing we wanna do here is override
this if either
- "dos filemode = true" is set and the security descriptor gives the
user write access or if
- the stored security descriptor has FILE_WRITE_ATTRIBUTES
The former was working, but the latter was not implemented at all.
Anoop C S [Fri, 13 Oct 2017 15:08:31 +0000 (20:38 +0530)]
vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR
Pointer to directory 'dh' inside fruit_rmdir() is obtained using
SMB_VFS_OPENDIR. But this handle is closed directly by invoking
closedir() rather than SMB_VFS_CLOSEDIR. This will result in a
smbd crash if this handle was not obtained from local file system.
Therefore use SMB_VFS_CLOSEDIR corresponding to SMB_VFS_OPENDIR
to correctly close the directory handle.
Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Oct 16 19:56:55 CEST 2017 on sn-devel-144
Anoop C S [Mon, 16 Oct 2017 09:19:41 +0000 (14:49 +0530)]
docs-xml: Fix a typo in manpage for vfs_fruit
Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Oct 16 15:55:35 CEST 2017 on sn-devel-144
Martin Schwenke [Wed, 11 Oct 2017 08:16:25 +0000 (19:16 +1100)]
ctdb-tests: Check an unchecked return value
This can't fail but check it for completeness... just in case Coverity
decides to notice it.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Oct 16 09:27:17 CEST 2017 on sn-devel-144
Signed-Off-By: Alexander Bokovoy <ab@samba.org> Reviewed-By: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Oct 14 11:31:07 CEST 2017 on sn-devel-144
Content of each separate parameter description file is added
into a parameters.all.xml file before compiling smb.conf.5.
The issue is that POSIX file systems generally don't give any
promises over how glob-produced files are sorted. Thus, we need to sort
them in a predictable way.
This patch adds sorting based on a file name as a string. Since all
parameter files named after the parameter itself (plus .xml), we can
use file name sorting.
Tim Beale [Mon, 2 Oct 2017 01:33:47 +0000 (14:33 +1300)]
selftest: Add sanity-check RODC can't use cache to reveal secrets
Bug 12977 highlighted that Samba only checks exop GetNcChanges requests
once, when they're first received. This makes sense because valid exop
requests should only ever involve a single request. For regular
(non-exop) GetNcChanges requests, the server stores a cache of the
object GUIDs to return.
What we don't want to happen is for a malicious/compromised RODC to use
this cache to circumvent privilege checks, and receive secrets that it's
normally not permitted to access (e.g. the administrator's password).
The specific scenario we're concerned about is:
- The RODC sends a regular GetNcChanges request for all objects (without
secrets). (This causes the server to build its GUID array cache).
- The RODC then sends a follow-on request for the next chunk, but sets
the REPL_SECRET exop this time.
The only thing inadvertently preventing Samba from leaking secrets in
this case is updating msDS-RevealedUsers for auditing. It's possible
that a future code change may alter the codepath and open up a
security-hole without realizing. This patch adds a test case so if that
ever did happen, the selftests would detect the problem.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Oct 14 06:02:50 CEST 2017 on sn-devel-144
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 13 21:44:02 CEST 2017 on sn-devel-144
Ralph Boehme [Wed, 11 Oct 2017 16:11:12 +0000 (18:11 +0200)]
vfs_fruit: fix ftruncating resource fork
fruit_ftruncate_rsrc_adouble() is called to effectively ftruncate() the
._ AppleDouble file to the requested size.
The VFS function SMB_VFS_NEXT_FTRUNCATE() otoh would attempt to truncate
to fsp *stream* in any way the next VFS module seems fit. As we know
we're stacked with a streams module, the module will attempt to truncate
the stream. So we're not truncating the ._ file.
This went unnoticed as the AppleDouble file header contains the
authorative resource fork size that was updated correctly.
Ralph Boehme [Wed, 11 Oct 2017 09:35:15 +0000 (11:35 +0200)]
vfs_catia: factor out mapping functions
This moves the core mapping functions to a seperate file and makes them
global.
string_replace_init_map() is called to parse a mapping in string and
produce a mapping object that can then be passed to
string_replace_allocate() to do the actual mapping of a string.
Ralph Boehme [Thu, 12 Oct 2017 15:07:15 +0000 (17:07 +0200)]
selftest: add some debugging to test_give_owner.sh
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 13 01:22:05 CEST 2017 on sn-devel-144
Marc Muehlfeld [Wed, 11 Oct 2017 07:49:45 +0000 (09:49 +0200)]
Updated error message text and reduced its debug level
Previously, "net rpc share add|remove" commands failed if no
"add|delete share command" parameter was set in smb.conf. However,
the error was only logged at level 10 and not very clear.
This patch updates the error message text and sets the log level of this
error to 1 to make it more obvious what is missing.
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
s4:heimdal_build: there's no need to define HAVE_KRB5_ADDRESSES twice
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 11 12:33:42 CEST 2017 on sn-devel-144
Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@suse.de>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 11 06:39:00 CEST 2017 on sn-devel-144
Ralph Boehme [Mon, 9 Oct 2017 11:29:05 +0000 (13:29 +0200)]
winbindd: idmap_rid: error code for failing id-to-sid mapping request
NT_STATUS_NO_SUCH_DOMAIN triggers complete request failure in the parent
winbindd. By returning NT_STATUS_NONE_MAPPED winbindd lets the individual
mapping fail but keeps processing any remaining mapping requests.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 10 19:57:37 CEST 2017 on sn-devel-144
Ralph Boehme [Mon, 25 Sep 2017 13:42:08 +0000 (15:42 +0200)]
winbindd: idmap_rid: don't rely on the static domain list
The domain list in the idmap child is inherited from the parent winbindd
process and may not contain all domains in case enumerating trusted
domains didn't finish before the first winbind request that triggers the
idmap child fork comes along.
The previous commits added the domain SID as an additional argument to
the wbint_UnixIDs2Sids request, storing the domain SID in struct
idmap_domain.
Ralph Boehme [Mon, 25 Sep 2017 13:39:39 +0000 (15:39 +0200)]
winbindd: pass domain SID to wbint_UnixIDs2Sids
This makes the domain SID available to the idmap child for
wbint_UnixIDs2Sids mapping request. It's not used yet anywhere, this
comes in the next commit.
Ralph Boehme [Mon, 25 Sep 2017 11:25:57 +0000 (13:25 +0200)]
winbindd: add domain SID to idmap mapping domains
Fetch the domain SID for every domain in the idmap-domain map. This is
in preperation of passing the domain SID as an additional argument to
xid2sid requests to the idmap child.
Amitay Isaacs [Fri, 11 Aug 2017 05:53:28 +0000 (15:53 +1000)]
ctdb-tests: Add interactive test for tunnels
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Oct 10 15:50:04 CEST 2017 on sn-devel-144
Ralph Boehme [Mon, 9 Oct 2017 11:25:21 +0000 (13:25 +0200)]
wbinfo: return "NOT MAPPED" instead of "S-0-0" for unmapped id-to-sid
Currently wbinfo --unix-ids-to-sids prints "S-0-0" for failed
mappings. Let it print "NOT MAPPED" instead.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 10 02:57:40 CEST 2017 on sn-devel-144
Ralph Boehme [Fri, 6 Oct 2017 13:25:54 +0000 (15:25 +0200)]
vfs_fake_acls: deny give-ownership
Windows doesn't allow giving ownership away unless the user has
SEC_PRIV_RESTORE privilege.
This follows from MS-FSA 2.1.5.1, so it's a property of the filesystem
layer, not the SMB layer. By implementing this restriction here, we can
now have test for this restriction.
Other filesystems may want to deliberately allow this behaviour --
although I'm not aware of any that does -- therefor I'm putting in this
restriction in the implementation of the chmod VFS function and not into
the caller.
Ralph Boehme [Fri, 6 Oct 2017 13:31:20 +0000 (15:31 +0200)]
selftest: tests for change ownership on a file
This test verifies that SEC_STD_WRITE_OWNER only effectively grants
take-ownership permissions but NOT give-ownership. The latter requires
SeRestorePrivilege privilege.
Ralph Boehme [Sat, 7 Oct 2017 07:11:56 +0000 (09:11 +0200)]
selftest: fix samba3.blackbox.inherit_owner.default test script test_inherit_owner.sh
Grant the test-user SeRestorePrivilege, this is needed for
give-ownership operations. And then granting SeRestorePrivilege requires
`net`, so add that as an additional argument to the script.
The "nt_affects_chgrp" kept failing in a full autobuild on sn-devel
because the actual gid of the created file as returned by smbclient -c
getfacl was reliably the unix gid of my account. It should have been the
mapped domusers group for the primary users "Domain Users"
group. Running the test individually or even the full set of
"samba3.blackbox" tests didn't trigger the error.
Looks like an issue with vfs_fake_acls and vfs_xattr_tdb, but I wasn't
able to track it down. As the test only really want to ensure that
smbcacls -G set the gid to the requested value, just remove the check
for the actual initial gid.
projects / thirdparty / samba.git / log
