[Pkg-samba-maint] [Git][samba-team/samba][upstream_4.8] 103 commits: VERSION: Bump version up to 4.8.1...
Mathieu Parent
gitlab at salsa.debian.org
Sun Apr 29 18:31:12 BST 2018
Mathieu Parent pushed to branch upstream_4.8 at Debian Samba Team / samba
Commits:
5d36aa65 by Karolin Seeger at 2018-03-13T20:02:20+01:00
VERSION: Bump version up to 4.8.1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
ebc21376 by Stefan Metzmacher at 2018-03-20T21:28:29+01:00
s3:torture: add SMB2-ANONYMOUS which asserts no GUEST bit for anonymous
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 82d8aa3b9cb15512d29a97b5a7e55ea1a052734f)
- - - - -
8227b0a6 by Stefan Metzmacher at 2018-03-20T21:28:30+01:00
s3:selftest: run SMB2-ANONYMOUS
This fails against a non AD DC smbd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit bf707a1eba39e996bb19457b63ddb658cc4183c2)
- - - - -
abffcb81 by Ralph Boehme at 2018-03-20T21:28:30+01:00
libcli/security: only announce a session as GUEST if 'Builtin\Guests' is there without 'Authenticated User'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit f564847c8e9d31fe07dd3cbf435986b36f097fa3)
- - - - -
a67e3d00 by Stefan Metzmacher at 2018-03-20T21:28:30+01:00
s3:auth: remove unused auth_serversupplied_info->system
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 28ad1306b880a44824ee956a19656ac29581a1b9)
- - - - -
88c8499c by Stefan Metzmacher at 2018-03-20T21:28:30+01:00
s3:auth: add the "Unix Groups" sid for the primary gid
The primary gid might not be in the gid array.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit f3ca3e71cc35876df47e31ec9c3643308add2405)
- - - - -
253f0d18 by Stefan Metzmacher at 2018-03-20T21:28:30+01:00
s3:auth: move add_local_groups() out of finalize_local_nt_token()
finalize_local_nt_token() will be used in another place,
were we don't want to add local groups in a following commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit df3d278853ec097df27c221369dfb3ed0297d6c8)
- - - - -
03b4684e by Stefan Metzmacher at 2018-03-20T21:28:30+01:00
s3:passdb: handle dom_sid=NULL in create_builtin_{users,administrators}()
We should not crash if we're called with NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit efdc617c76d9043286e33b961f45ad4564232102)
- - - - -
8557994f by Stefan Metzmacher at 2018-03-20T21:28:30+01:00
s3:auth: only call secrets_fetch_domain_sid() once in finalize_local_nt_token()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit c2ffbf9f764a94ef1dc1280741884cf63a017308)
- - - - -
2c148eb8 by Stefan Metzmacher at 2018-03-20T21:28:30+01:00
s3:auth: add add_builtin_guests() handling to finalize_local_nt_token()
We should add Builtin_Guests depending on the current token
not based on 'is_guest'. Even authenticated users can be member
a guest related group and therefore get Builtin_Guests.
Sadly we still need to use 'is_guest' within create_local_nt_token()
as we only have S-1-22-* SIDs there and still need to
add Builtin_Guests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e8dc55d2b969b670322a913799d1af459a1000e7)
- - - - -
3adb292f by Stefan Metzmacher at 2018-03-20T21:28:30+01:00
s3:auth: don't try to expand system or anonymous tokens in finalize_local_nt_token()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 4f81ef9353ad76390aa910c8c17456fec21916c6)
- - - - -
aee33186 by Stefan Metzmacher at 2018-03-20T21:28:30+01:00
s3:auth: pass AUTH_SESSION_INFO_* flags to finalize_local_nt_token()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit d3aae5ba65c7ed0d5e9f8389101cf1c8c1f0a25b)
- - - - -
05fad286 by Stefan Metzmacher at 2018-03-20T21:28:30+01:00
s3:auth: remove static from finalize_local_nt_token()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 7f47f9e1f220d2dd547cf77bbc292357a2173870)
- - - - -
df9ae9d7 by Stefan Metzmacher at 2018-03-20T21:28:30+01:00
auth: add auth_user_info_copy() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 6ff891195855403bc485725aef8d43d4e3cabacb)
- - - - -
59cf56ee by Stefan Metzmacher at 2018-03-20T21:28:30+01:00
s3:auth: add auth3_user_info_dc_add_hints() and auth3_session_info_create()
These functions make it possible to construct a full auth_session_info
from the information available from an auth_user_info_dc structure.
This has all the logic from create_local_token() that is used
to transform a auth_serversupplied_info to a full auth_session_info.
In order to workarround the restriction that auth_user_info_dc
doesn't contain hints for the unix token/name, we use
the special S-1-5-88 (Unix_NFS) sids:
- S-1-5-88-1-Y gives the uid=Y
- S-1-5-88-2-Y gives the gid=Y
- S-1-5-88-3-Y gives flags=Y AUTH3_UNIX_HINT_*
The currently implemented flags are:
- AUTH3_UNIX_HINT_QUALIFIED_NAME
unix_name = DOMAIN+ACCOUNT
- AUTH3_UNIX_HINT_ISLOLATED_NAME
unix_name = ACCOUNT
- AUTH3_UNIX_HINT_DONT_TRANSLATE_FROM_SIDS
Don't translate the nt token SIDS into uid/gids
using sid mapping.
- AUTH3_UNIX_HINT_DONT_TRANSLATE_TO_SIDS
Don't translate the unix token uid/gids to S-1-22-X-Y SIDS
- AUTH3_UNIX_HINT_DONT_EXPAND_UNIX_GROUPS
The unix token won't get expanded gid values
from getgroups_unix_user()
By using the hints it is possible to keep the current logic
where an authentication backend provides uid/gid values and
the unix name.
Note the S-1-5-88-* SIDS never appear in the final security_token.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit af4bc135e486e17164da0ea918281fbf689892c3)
- - - - -
e811adb1 by Stefan Metzmacher at 2018-03-20T21:28:30+01:00
s3:auth: base make_new_session_info_system() on auth_system_user_info_dc() and auth3_create_session_info()
The changes in the resulting token look like this:
unix_token : *
unix_token: struct security_unix_token
uid : 0x0000000000000000 (0)
gid : 0x0000000000000000 (0)
- ngroups : 0x00000000 (0)
- groups: ARRAY(0)
+ ngroups : 0x00000001 (1)
+ groups: ARRAY(1)
+ groups : 0x0000000000000000 (0)
...
domain_name : *
domain_name : 'NT AUTHORITY'
dns_domain_name : NULL
- full_name : NULL
- logon_script : NULL
- profile_path : NULL
- home_directory : NULL
- home_drive : NULL
- logon_server : NULL
+ full_name : *
+ full_name : 'System'
+ logon_script : *
+ logon_script : ''
+ profile_path : *
+ profile_path : ''
+ home_directory : *
+ home_directory : ''
+ home_drive : *
+ home_drive : ''
+ logon_server : *
+ logon_server : 'SLOWSERVER'
last_logon : NTTIME(0)
last_logoff : NTTIME(0)
acct_expiry : NTTIME(0)
last_password_change : NTTIME(0)
allow_password_change : NTTIME(0)
force_password_change : NTTIME(0)
logon_count : 0x0000 (0)
bad_password_count : 0x0000 (0)
- acct_flags : 0x00000000 (0)
+ acct_flags : 0x00000010 (16)
authenticated : 0x01 (1)
unix_info : *
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e8402ec0486ced6ac2adb640c61a9e5abc77d4e4)
- - - - -
07091cd7 by Stefan Metzmacher at 2018-03-20T21:28:30+01:00
s3:auth: pass the whole auth_session_info from copy_session_info_serverinfo_guest() to create_local_token()
We only need to adjust sanitized_username in order to keep the same behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit a2a289d0446fedb4ea40834b5b5b190fdca30906)
- - - - -
a6ecafa7 by Stefan Metzmacher at 2018-03-20T21:28:30+01:00
s3:auth: add make_{server,session}_info_anonymous()
It's important to have them separated from make_{server,session}_info_guest(),
because there's a fundamental difference between anonymous (the client requested
no authentication) and guest (the server lies about the authentication failure).
The following is the difference between guest and anonymous token:
security_token: struct security_token
- num_sids : 0x0000000a (10)
- sids: ARRAY(10)
- sids : S-1-5-21-3793881525-3372187982-3724979742-501
- sids : S-1-5-21-3793881525-3372187982-3724979742-514
- sids : S-1-22-2-65534
- sids : S-1-22-2-65533
+ num_sids : 0x00000009 (9)
+ sids: ARRAY(9)
+ sids : S-1-5-7
sids : S-1-1-0
sids : S-1-5-2
- sids : S-1-5-32-546
sids : S-1-22-1-65533
+ sids : S-1-22-2-65534
+ sids : S-1-22-2-100004
sids : S-1-22-2-100002
sids : S-1-22-2-100003
+ sids : S-1-22-2-65533
privilege_mask : 0x0000000000000000 (0)
...
unix_token : *
unix_token: struct security_unix_token
uid : 0x000000000000fffd (65533)
gid : 0x000000000000fffe (65534)
- ngroups : 0x00000004 (4)
- groups: ARRAY(4)
+ ngroups : 0x00000005 (5)
+ groups: ARRAY(5)
groups : 0x000000000000fffe (65534)
- groups : 0x000000000000fffd (65533)
+ groups : 0x00000000000186a4 (100004)
groups : 0x00000000000186a2 (100002)
groups : 0x00000000000186a3 (100003)
+ groups : 0x000000000000fffd (65533)
info: struct auth_user_info
account_name : *
- account_name : 'nobody'
+ account_name : 'ANONYMOUS LOGON'
user_principal_name : NULL
user_principal_constructed: 0x00 (0)
domain_name : *
- domain_name : 'SAMBA-TEST'
+ domain_name : 'NT AUTHORITY'
dns_domain_name : NULL
- full_name : NULL
- logon_script : NULL
- profile_path : NULL
- home_directory : NULL
- home_drive : NULL
- logon_server : NULL
+ full_name : *
+ full_name : 'Anonymous Logon'
+ logon_script : *
+ logon_script : ''
+ profile_path : *
+ profile_path : ''
+ home_directory : *
+ home_directory : ''
+ home_drive : *
+ home_drive : ''
+ logon_server : *
+ logon_server : 'LOCALNT4DC2'
last_logon : NTTIME(0)
last_logoff : NTTIME(0)
acct_expiry : NTTIME(0)
last_password_change : NTTIME(0)
allow_password_change : NTTIME(0)
force_password_change : NTTIME(0)
logon_count : 0x0000 (0)
bad_password_count : 0x0000 (0)
- acct_flags : 0x00000000 (0)
+ acct_flags : 0x00000010 (16)
authenticated : 0x00 (0)
security_token: struct security_token
num_sids : 0x00000006 (6)
sids: ARRAY(6)
+ sids : S-1-5-7
+ sids : S-1-1-0
+ sids : S-1-5-2
sids : S-1-22-1-65533
sids : S-1-22-2-65534
sids : S-1-22-2-65533
- sids : S-1-1-0
- sids : S-1-5-2
- sids : S-1-5-32-546
privilege_mask : 0x0000000000000000 (0)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(similar to commit 6afb6b67a198c88ab8fa3fee931729c43605716d)
- - - - -
f9d850d3 by Stefan Metzmacher at 2018-03-20T21:28:30+01:00
s3:rpc_server: make use of make_session_info_anonymous()
For unauthenticated connections we should default to a
session info with an anonymous nt token.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 0ee9a550944034718ea188b277cca4b6fc5fbc5c)
- - - - -
cbbb6ef5 by Stefan Metzmacher at 2018-03-21T02:29:57+01:00
s3:auth: make use of make_{server,session}_info_anonymous()
It's important to have them separated from make_{server,session}_info_guest(),
because there's a fundamental difference between anonymous (the client requested
no authentication) and guest (the server lies about the authentication failure).
When it's really an anonymous connection, we should reflect that in the
resulting session info.
This should fix a problem where Windows 10 tries to join
a Samba hosted NT4 domain and has SMB2/3 enabled.
We no longer return SMB_SETUP_GUEST or SMB2_SESSION_FLAG_IS_GUEST
for true anonymous connections.
The commit message from a few commit before shows the resulting
auth_session_info change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Mar 16 03:03:31 CET 2018 on sn-devel-144
(cherry picked from commit 1957bf11f127fc08c6622999cadc7dd580ac7d3b)
Autobuild-User(v4-8-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-8-test): Wed Mar 21 02:29:57 CET 2018 on sn-devel-144
- - - - -
a02a98af by Jeremy Allison at 2018-04-06T08:21:12+02:00
s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here.
Thanks to Isaac Boukris <iboukris at gmail.com> for finding the
issue and testing this fix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13244
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jan 26 02:25:20 CET 2018 on sn-devel-144
(cherry picked from commit e7425bd5245ffea68b7e8f794c9b5f864d103769)
- - - - -
67855509 by Jeremy Allison at 2018-04-06T08:21:12+02:00
s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir()
HPUX has this problem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13270
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Feb 23 22:56:35 CET 2018 on sn-devel-144
(cherry picked from commit 5ad5e7966f555b1d2b39d276646934a2cd2535e6)
- - - - -
f1c0db35 by Jeremy Allison at 2018-04-06T08:21:12+02:00
s3: vfs_fruit. Ensure we only return one set of the 'virtual' UNIX ACE entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e9059c7b40069cfb036bfb95958b78c6a2c800e4)
- - - - -
9fab1ddc by Jeremy Allison at 2018-04-06T08:21:12+02:00
s3: vfs_fruit: Ensure we operate on a copy of the incoming security descriptor.
This will allow us to modify it in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 019a1bc4caf3439adcaac48b384e86d84a1ad383)
- - - - -
8ea9d133 by Jeremy Allison at 2018-04-06T08:21:12+02:00
s3: vfs_fruit. If the security descriptor was modified, ensure we set the flags correctly to reflect the ACE's left.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 8edad37e476295e25932778721d8ef33713f6853)
- - - - -
0aed4732 by Jeremy Allison at 2018-04-06T08:21:12+02:00
s3: vfs_fruit. Change check_ms_nfs() to remove the virtual ACE's generated by fruit_fget_nt_acl().
Ensures they don't get stored in the underlying ACL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Mar 8 04:09:38 CET 2018 on sn-devel-144
(cherry picked from commit e0b147f650fe59f606d1faffe57059e6e9d7837b)
- - - - -
2fc537b7 by Jeremy Allison at 2018-04-06T08:21:12+02:00
s3: smbd: vfs_fruit: Add remove_virtual_nfs_aces() a generic NFS ACE remover.
Not yet used, will be used to tidyup existing code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit ef091e2cf836793e2aa533990913609ccab5119a)
- - - - -
9c80cb6a by Jeremy Allison at 2018-04-06T08:21:12+02:00
s3: smbd: vfs_fruit: Replace code in check_ms_nfs() with remove_virtual_nfs_aces().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit a3c925d80433e3d4fe1b1b315edf6520cacf0a9e)
- - - - -
134c4125 by Jeremy Allison at 2018-04-06T08:21:12+02:00
s3: smbd: vfs_fruit: Replace code in fruit_fget_nt_acl() with remove_virtual_nfs_aces().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 875ff2575feb96d06cf2290e5b6a226b32ef9758)
- - - - -
1f93e4d2 by Ralph Boehme at 2018-04-06T08:21:12+02:00
selftest: run vfs.fruit_netatalk test against seperate share
These tests require a fs with xattr support. This allows adding
xattr_tdb to all other shares in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 013aaffe7ff0ed4c30495761bb3208c29b3b5de2)
- - - - -
c45da7ee by Ralph Boehme at 2018-04-06T08:21:12+02:00
selftest: vfs.fruit: add xattr_tdb where possible
This makes the tests indepent from fs xattr support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 49996ca9324596b6cd72eb8051ca3676dab17191)
- - - - -
47b1ec0a by Jeremy Allison at 2018-04-06T08:21:12+02:00
s4: vfs: fruit tests: Add regression test for dealing with NFS ACE entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Mar 17 04:04:32 CET 2018 on sn-devel-144
(cherry picked from commit a6054c01c29c2507e0d5a6aa110fee4fd5c5eeb9)
- - - - -
65ca5574 by Jeremy Allison at 2018-04-06T08:21:12+02:00
s3: smbd: Fruit. Make the use of dom_sid_compare_domain() much clearer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 5c909ea4530d4e7e4aa27046c45e3e48b094a411)
- - - - -
f66a35b8 by Martin Schwenke at 2018-04-06T08:21:12+02:00
ctdb-tests: Don't use nc -d or -w options
nmap-ncat is used in some distributions to replace netcat. It has a
different meaning for these options.
We can get the same effect as the current combination of -d and -w by
piping a sleep process to nc. Subsequent use of $! works because it
gets the last process in pipeline.
Note that redirecting from /dev/null doesn't work with some versions
of nc. They just exit when they get EOF.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13327
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 9e954bcbf43d67a18ee55f84cda0b09028f96b92)
- - - - -
ccda6d9b by Anton Nefedov via samba-technical at 2018-04-06T08:21:12+02:00
s3:smbd: map nterror on smb2_flush errorpath
smbd_smb2_flush_recv() expects nterror in tevent_req, and otherwise
aborts in tevent_req_is_nterror()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13338
Signed-off-by: Anton Nefedov <anton.nefedov at virtuozzo.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 98623129446672521b7fa41d3457b8ce95db828c)
- - - - -
43cbf7f7 by Noel Power at 2018-04-06T08:21:12+02:00
lib:replace: Fix linking when libtirpc-devel overwrites system headers
Some systems (like SUSE currently) install the new tirpc headers by
overwritting the existing system location used by gcc. This patch will
detect if the headers in the system location belong to tirpc or not.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13341
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 618c714b6b6c0b63993299b40b9a466adb753cc2)
- - - - -
49a9c984 by Jeremy Allison at 2018-04-06T08:21:12+02:00
s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all smbd/smb2_*.c files with it.
Will allow easier smb2-specific debugging.
https://bugzilla.samba.org/show_bug.cgi?id=13347
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
(cherry picked from commit 8dabcf8948c2e514b489169c34673e093519b583)
- - - - -
e9f54762 by Jeremy Allison at 2018-04-06T08:21:12+02:00
lib: debug: Add DBGC_XXX versions of the macros to allow class-specific messages.
https://bugzilla.samba.org/show_bug.cgi?id=13347
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
(cherry picked from commit cdde6d93605d15a59e816a35e8e02ca193bf1403)
- - - - -
b5bc2f59 by Jeremy Allison at 2018-04-06T08:21:13+02:00
s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues.
https://bugzilla.samba.org/show_bug.cgi?id=13347
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
(cherry picked from commit ad973fddef00d6d92443be89e7f5404006a94d99)
- - - - -
58befddf by Jeremy Allison at 2018-04-06T08:21:13+02:00
s3: docs: Add documentation for "smb2" and "smb2_credits" debug classes.
https://bugzilla.samba.org/show_bug.cgi?id=13347
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
(cherry picked from commit fc922bd29b40a20450f16728fa7347f8f83d3bcd)
- - - - -
8a77ae09 by Eric Vannier at 2018-04-06T08:21:13+02:00
Allow AESNI to be used on all processor supporting AESNI, not just Intel's This improves performance/reduced CPU usage. Tests performed: - Ran on Ivy Bridge and Ryzen and verified that AESNI is detected (crypto tests) - Ran on Ryzen, and observed 50% increased speed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13302
Signed-off-by: Eric Vannier <evannier at google.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 27 13:50:09 CEST 2018 on sn-devel-144
(cherry picked from commit 77d88d75f6262a855e818a9b2b4018f8b6ced7b0)
- - - - -
25edad41 by Timur I. Bakeyev at 2018-04-06T08:21:13+02:00
Fix invocation of gnutls_aead_cipher_encrypt()
Which was failing with GNUTLS_E_SHORT_MEMORY_BUFFER - The given memory
buffer is too short to hold parameters.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13352
Signed-off-by: Timur I. Bakeyev <timur at iXsystems.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming at samba.org>
Autobuild-Date(master): Fri Mar 23 07:25:30 CET 2018 on sn-devel-144
(cherry picked from commit b9f0c7f93c058685e24d104432978bd40b94b49f)
- - - - -
aeed66ec by Amitay Isaacs at 2018-04-06T08:21:13+02:00
ctdb-client: Do not try to allocate 0 sized record
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13356
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 92a68af1a8473dc2a5d9d6036830f944e968606d)
- - - - -
a630cb9a by Amitay Isaacs at 2018-04-06T08:21:13+02:00
ctdb-client: Add missing initialization of tevent_context
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13356
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 4e37be92bfb790150b3791bef552aa4acf8f78b7)
- - - - -
879fccbb by Amitay Isaacs at 2018-04-06T08:21:13+02:00
ctdb-client: Client code should never free the client context
This should never have been done.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 376e9794e2d19e8d17b0bdde36ce8a1a205986c6)
- - - - -
03876304 by Jeremy Allison at 2018-04-06T08:21:13+02:00
s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke at SerNet.DE>
(cherry picked from commit 2514bee0a3b0a12430e2679ee590075c54d4803a)
- - - - -
2f418222 by Jeremy Allison at 2018-04-06T08:21:13+02:00
s4: torture: Ensure a failed file create doesn't create the file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke at SerNet.DE>
(cherry picked from commit 53cdf7a9a18ed547eade4c3cdd80d286058e440d)
- - - - -
d3ac7882 by Jeremy Allison at 2018-04-06T08:21:13+02:00
s4: torture: Test all combinations of file create to ensure behavior is the same.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke at SerNet.DE>
(cherry picked from commit 22fe8dcb77565495886244e88bb0433363d1f80a)
- - - - -
29aa75e6 by Jeremy Allison at 2018-04-06T08:21:13+02:00
s4: torture: Test all combinations of file open with existing file to ensure behavior is the same.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke at SerNet.DE>
(cherry picked from commit 820b35bb1ceb445eb3659b67eedfb0a2f5b2f976)
- - - - -
1f94e367 by Jeremy Allison at 2018-04-06T08:21:13+02:00
s4: torture: Test all combinations of directory create to ensure behavior is the same.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke at SerNet.DE>
(cherry picked from commit fd9084336e7e86ccec83141d880fd7c336c23b6c)
- - - - -
8e149c84 by Jeremy Allison at 2018-04-06T13:50:18+02:00
s4: torture: Test all combinations of directory open with existing directory to ensure behavior is the same.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke at SerNet.DE>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 29 23:13:42 CEST 2018 on sn-devel-144
(cherry picked from commit c98cd0f25edaae7558f18fd331e2fef3aabb61f2)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-8-test): Fri Apr 6 13:50:18 CEST 2018 on sn-devel-144
- - - - -
9230fe25 by Björn Baumbach at 2018-04-10T09:40:08+02:00
samba-tool visualize: fix python2.6 incompatibility
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13337
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Mar 21 09:25:51 CET 2018 on sn-devel-144
(cherry picked from commit 9312a1cdafbd5a0140d72502487c4e478dc578d2)
- - - - -
365569df by Björn Baumbach at 2018-04-10T09:40:08+02:00
ms_schema: fix python2.6 incompatibility
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13337
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit a27db0b61e40b6b503b53e3579867e227f1971b8)
- - - - -
eb9085b3 by Amitay Isaacs at 2018-04-10T09:40:08+02:00
ctdb-scripts: Drop "net serverid wipe" from 50.samba event script
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13359
There is no serverid database anymore.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Sat Mar 31 08:34:00 CEST 2018 on sn-devel-144
(cherry picked from commit 6b75d2c650aa9ee632122fa87ea8a2a98f1fa613)
- - - - -
a9ed1968 by Ralph Boehme at 2018-04-10T09:40:08+02:00
s3:smbd: don't use the directory cache for SMB2/3
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13363
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Mar 30 03:51:48 CEST 2018 on sn-devel-144
(cherry picked from commit 66052fdccd28922cf1caa2bc750e39051a6414cf)
- - - - -
2c3060b6 by Volker Lendecke at 2018-04-10T09:40:08+02:00
dsdb: Fix CID 1034966 Uninitialized scalar variable
"continue" in a do-while loop jumps to the "while"-check, so "id_exists" needs
to be initialized by that point.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13367
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 925d1f23291c4bdbc832977b2b4577964b8301c8)
- - - - -
5afebb25 by Lutz Justen at 2018-04-10T09:40:08+02:00
s3: lib: messages: Don't use the result of sec_init() before calling sec_init().
Commit ad8c7171ba86e8a47d78b0c7329bb814e5a8871e accidently
moved sec_init() to the point after sec_initial_uid() is
called in the call to directory_create_or_exist_strict().
I missed this in the review (sorry). This works as root
as initial_uid/initial_gid are static (and so initialized
as zero) but doesn't work on ChromeOS as this code isn't
running as root.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13368
Signed-off-by: Lutz Justen <ljusten at google.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Apr 4 23:52:02 CEST 2018 on sn-devel-144
(cherry picked from commit e895b6cf4a7eb3d50d618a022be74db85975bf69)
- - - - -
bc11f285 by Jeremy Allison at 2018-04-10T14:44:28+02:00
s3: smbd: Fix memory leak in vfswrap_getwd()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13372
Signed-off-by: Andrew Walker <awalker at ixsystems.com>.
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Apr 9 21:48:12 CEST 2018 on sn-devel-144
(cherry picked from commit 461a1172ff819692aa0a2dc5ce7fc5379c8a529e)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-8-test): Tue Apr 10 14:44:28 CEST 2018 on sn-devel-144
- - - - -
7abe54b5 by Jeremy Allison at 2018-04-11T11:52:25+02:00
s3: smbd: Unix extensions attempts to change wrong field in fchown call.
Cut and paste error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13375
Reported-by: Rungta, Vandana <vrungta at amazon.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Tue Apr 10 00:45:56 CEST 2018 on sn-devel-144
(cherry picked from commit 3227b110d065500ed84fc70063da70ab35823a2e)
- - - - -
d2799ab5 by Christof Schmitt at 2018-04-11T11:52:25+02:00
test_smbclient_s3.sh: Use correct separator in "list with backup privilege" test
Samba selftest uses the forward slash as winbind separator and in the
USERNAME passed to the test. "net sam rights" expect the backslash. Map
the separator used in selftest to a backslash to avoid creating an
incorrect username DOMAIN\DOMAIN/USERNAME.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 6f07afad07d9c670a00d9d314a8134efdda5e424)
- - - - -
f901e8cc by Christof Schmitt at 2018-04-11T11:52:25+02:00
nsswitch: Fix wbcListUsers test
With an AD DC, wbcListUsers returns the users in the DOMAIN SEPARATOR
USERNAME format. The test then calls wbcLookupName with the domain name
and the previous string (including domain and separator) as username.
Fix this by passing the correct username and adding some additional
checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 3c146be404affc894c0c702bbfbfcc4fb9ed902b)
- - - - -
80560167 by Christof Schmitt at 2018-04-11T11:52:25+02:00
nsswitch: Fix wbcListGroups test
With an AD DC, wbcListGroups returns the users in the DOMAIN SEPARATOR
GROUPNAME format. The test then calls wbcLookupName with the domain
name and the previous string (including domain and separator) as
username. Fix this by passing the correct username and adding some
additional checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit f4db4e86c341a89357082e81e30c302440647530)
- - - - -
40ee7863 by Christof Schmitt at 2018-04-11T11:52:25+02:00
Add test for wbinfo name lookup
This demonstrates that wbinfo -n / --name-to-sid returns information
instead of failing the request. More specifically the query for
INVALIDDOMAIN//user returns the user SID for the joined domain, instead
of failing the request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 552a00ec1f6795b9025298931a6cc50ebe552052)
- - - - -
bb5526d0 by Christof Schmitt at 2018-04-11T17:11:19+02:00
winbindd: Do not ignore domain in the LOOKUPNAME request
A LOOKUPNAME request with a domain and a name containing a winbind
separator character would return the result for the joined domain,
instead of the specified domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Apr 6 21:03:31 CEST 2018 on sn-devel-144
(cherry picked from commit 1775ac8aa4dc00b9a0845ade238254ebb8b32429)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-8-test): Wed Apr 11 17:11:21 CEST 2018 on sn-devel-144
- - - - -
de398573 by Stefan Metzmacher at 2018-04-12T17:26:33+02:00
s3:smb2_server: correctly maintain request counters for compound requests
If a session expires during a compound request chain,
we exit smbd_smb2_request_dispatch() with
'return smbd_smb2_request_error(req, ...)' before
calling smbd_smb2_request_dispatch_update_counts().
As req->request_counters_updated was only reset
within smbd_smb2_request_dispatch_update_counts(),
smbd_smb2_request_reply_update_counts() was called
twice on the same request, which triggers
SMB_ASSERT(op->request_count > 0);
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 87e25cd1e45bfe57292b62ffc44ddafc01c61ca0)
- - - - -
7e010280 by Volker Lendecke at 2018-04-12T22:55:22+02:00
torture: Test compound request request counters
This will send an unfixed smbd into the
SMB_ASSERT(op->request_count > 0);
in smbd_smb2_request_reply_update_counts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Apr 12 14:38:39 CEST 2018 on sn-devel-144
(cherry picked from commit 40edd1bc273f664d5567ef5be169033899acee1f)
Autobuild-User(v4-8-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-8-test): Thu Apr 12 22:55:22 CEST 2018 on sn-devel-144
- - - - -
9f3ab35a by Volker Lendecke at 2018-04-19T11:40:11+02:00
libads: Fix the build --without-ads
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Tue Feb 6 02:47:44 CET 2018 on sn-devel-144
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13273
(cherry picked from commit 859698d29b547217356851094ed8188236e717b6)
- - - - -
a25ec76b by Volker Lendecke at 2018-04-19T11:40:11+02:00
rpc_server: Init local_server_* in make_internal_rpc_pipe_socketpair
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13370
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Apr 11 15:19:19 CEST 2018 on sn-devel-144
(cherry picked from commit 212815969f4a706bc8395e2f6dbf225318ff2ad7)
- - - - -
daf2c88a by Volker Lendecke at 2018-04-19T11:40:11+02:00
libsmb: Handle long-running smb2cli_notify
This likely runs into a timeout. Properly cancel the smb2 request,
allowing the higher-level caller to re-issue this request on an existing
handle.
I did not see a proper way to achieve this with tevent_req_set_endtime or
something like that.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13382
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 91c0f497816bb88d8935a8a79c146c08379ecf53)
- - - - -
61470f63 by Volker Lendecke at 2018-04-19T11:40:11+02:00
libsmb: Handle IO_TIMEOUT in cli_smb2_notify properly
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13382
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit abfe482828e8c1dc233d67657a4d11a91a731f70)
- - - - -
c45c96e9 by Volker Lendecke at 2018-04-19T16:16:40+02:00
smbclient: Handle ENUM_DIR in "notify" command
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13382
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Apr 5 04:05:52 CEST 2018 on sn-devel-144
(cherry picked from commit 1452677ef0044815df0702de5424d4711e18144b)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-8-test): Thu Apr 19 16:16:41 CEST 2018 on sn-devel-144
- - - - -
ade0d545 by Volker Lendecke at 2018-04-20T11:56:21+02:00
utils: Add destroy_netlogon_creds_cli
This is a pure testing utility that will garble the netlogon_creds_cli
session_key. This creates a similar effect to our schannel credentials
as does a domain controller reboot.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit bffae41842fe218959fe6f8b43df694feec1589c)
- - - - -
ad0b42ae by Volker Lendecke at 2018-04-20T11:56:21+02:00
winbind: Add smbcontrol disconnect-dc
Make a winbind child drop all DC connections
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(backported from commit 0af88b98e7e1bba14827305257e77b63dc82d902)
- - - - -
1e60ca51 by Volker Lendecke at 2018-04-20T11:56:21+02:00
winbind: Keep "force_reauth" in invalidate_cm_connection
Right now I don't see a way to actually force a re-serverauth
from the client side as long as an entry in netlogon_creds_cli.tdb
exists. cm_connect_netlogon goes through invalidate_cm_connection, and
this wipes our wish to force a reauthenticatoin. Keep this intact until
we actually did reauthenticate.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4b7a9d560a51b51ac88f30276c87edc097b00d0b)
- - - - -
586a0ff3 by Ralph Boehme at 2018-04-20T11:56:22+02:00
winbindd: add and use ldap_reconnect_need_retry() in winbindd_reconnect_ads.c
ldap_reconnect_need_retry() is a copy of reconnect_need_retry() minus
the RPC connection invalidation.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit a8d5e4d36768bc199c631626488b2d0acbd6e91a)
- - - - -
5c701c46 by Ralph Boehme at 2018-04-20T11:56:22+02:00
winbindd: check for NT_STATUS_IO_DEVICE_ERROR in reset_cm_connection_on_error()
reconnect_need_retry() already checks for this error, it surfaces up
from tstream_smbXcli_np as a mapping for EIO.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit a33c1d25e0422483c903001dd246626f84c4cbc1)
- - - - -
4d2968cb by Ralph Boehme at 2018-04-20T11:56:22+02:00
winbindd: make reset_cm_connection_on_error() public
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 17749a5d9fa08da1c61de45728656a2c9b85782d)
- - - - -
7d9aa1d5 by Ralph Boehme at 2018-04-20T11:56:22+02:00
winbindd: call reset_cm_connection_on_error() from reconnect_need_retry()
This ensures we use the same disconnect logic in the reconnect backend,
which calls reconnect_need_retry(), and in the dual_srv frontend which
calls reset_cm_connection_on_error.
Both reset_cm_connection_on_error() and reconnect_need_retry() are very
similar, both return a bool indicating whether a retry should be
attempted, unfortunately the functions have a different default return,
so I don't dare unifying them, but instead just call one from the other.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 2837b796af3e491b6bb34bd441758ae214f629ee)
- - - - -
cde7022c by Ralph Boehme at 2018-04-20T11:56:22+02:00
winbindd: force netlogon reauth for certain errors in reset_cm_connection_on_error()
NT_STATUS_RPC_SEC_PKG_ERROR is returned by the server if the server
doesn't know the server-side netlogon credentials anymore, eg after a
reboot. If this happens we must force a full netlogon reauth.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2d1f00cc3ad77bed4e810dc910979e6cdf582216)
- - - - -
c4fd5a39 by Ralph Boehme at 2018-04-20T11:56:22+02:00
winbindd: call dcerpc_binding_handle_is_connected() from reset_cm_connection_on_error()
To consolidate the error handling for RPC calls, add the binding handle
as an additional argument to reset_cm_connection_on_error().
All callers pass NULL for now, so no change in behaviour up to here.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 966ff3793a867a5ffe1a49e48c8ab3ecb02f8359)
- - - - -
5bf61b01 by Ralph Boehme at 2018-04-20T11:56:22+02:00
winbindd: fix logic calling dcerpc_binding_handle_is_connected()
The calls were missing the negation operator, a retry should be
attempted is the binding handle got somehow disconnected behind the
scenes and is NOT connected.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 08718af36f3ed6cf2308beb3800abfb0414f94b9)
- - - - -
6e1018e5 by Ralph Boehme at 2018-04-20T11:56:22+02:00
winbindd: use reset_cm_connection_on_error() instead of dcerpc_binding_handle_is_connected()
This catches more errors and triggers retry as appropriate.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 6244a2beb184de8d050389e304f087ef153d61dd)
- - - - -
f9ccb90f by Ralph Boehme at 2018-04-20T11:56:22+02:00
winbindd: add retry to _wbint_LookupSids()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit c2cd2d3f3137e27cd6e4cabd34f27b49251f078d)
- - - - -
ce6357b6 by Ralph Boehme at 2018-04-20T11:56:22+02:00
winbindd: add retry to _wbint_DsGetDcName
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit fcf8edf9b8cdf5f3897c1a63ed97c302a231742f)
- - - - -
71eb2d9c by Ralph Boehme at 2018-04-20T11:56:22+02:00
winbindd: add retry to _winbind_DsrUpdateReadOnlyServerDnsRecords
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit e608f058b8f2d2295e24498daa35852de3212b23)
- - - - -
f8abea57 by Ralph Boehme at 2018-04-20T11:56:22+02:00
winbindd: add retry to _winbind_SendToSam
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Mar 15 20:57:44 CET 2018 on sn-devel-144
(cherry picked from commit c37fbfcb248e5a8d6088a28eb0c1a62423f94502)
- - - - -
cd2cc69e by Stefan Metzmacher at 2018-04-20T11:56:22+02:00
lib/util: remove unused '#include <sys/syscall.h>' from tests/tfork.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13342
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit f2ff61ce9e8ab56d8a69fce29c9f214d5d98f89e)
- - - - -
f11278fa by Andreas Schneider at 2018-04-20T11:56:22+02:00
s3:passdb: Do not return OK if we don't have pinfo set up
This prevents a crash in fill_mem_keytab_from_secrets()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13376
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 99859479fc6e12b2f74ce2dfa83da56d8b8f3d26)
- - - - -
63d9b532 by Stefan Metzmacher at 2018-04-20T11:56:22+02:00
lib/replace: define __[u]intptr_t_defined if we prove an replacement
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 329a229af3c3c9475b9254ca68c413ec18fa3b71)
- - - - -
5cc7432b by Stefan Metzmacher at 2018-04-20T11:56:22+02:00
nsswitch: maintain prototypes for the linux based functions only once
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit b8c30abb02f461f16af4da83eecd173993974dc1)
- - - - -
f0aa869b by Stefan Metzmacher at 2018-04-20T11:56:22+02:00
nsswitch: add some const to _nss_winbind_initgroups_dyn() prototype
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit d5be3b3279162005d9ebea2eda71d455e4c48739)
- - - - -
9e1b535d by Stefan Metzmacher at 2018-04-20T11:56:23+02:00
nsswitch: fix the developer build of nsswitch/wins.c on freebsd 11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit dc160247d13e2c63574a7e7ec7720fc4c690483b)
- - - - -
c703cfb4 by Volker Lendecke at 2018-04-20T11:56:23+02:00
vfs_virusfilter: Fix CID 1428739 Buffer not null terminated
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343
(cherry picked from commit 8a4409c956bdbe5d928e685b7c219566d467a627)
- - - - -
932bdb20 by Volker Lendecke at 2018-04-20T11:56:23+02:00
vfs_virusfilter: Fix CID 1428740 Macro compares unsigned to 0
vsnprintf returns "int" and not "size_t"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343
(cherry picked from commit 734404bbe911fd4aa6565b2a2aaecab4fbbf3c45)
- - - - -
bade8dc3 by Volker Lendecke at 2018-04-20T11:56:23+02:00
vfs_virusfilter: Fix CID 1428738 Macro compares unsigned to 0
vsnprintf returns "int" and not "size_t"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jan 31 05:28:48 CET 2018 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343
(cherry picked from commit 21eb5169f46b8d819a5d5d028baff581e4e63de6)
- - - - -
deb624c8 by Stefan Metzmacher at 2018-04-20T11:56:23+02:00
s3:modules: fix the picky-developer build of vfs_virusfilter.c on FreeBSD 11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit fb7b67af984812784756574df4f0fb55d472181b)
- - - - -
08d5ade3 by Stefan Metzmacher at 2018-04-20T11:56:23+02:00
s3:modules: make virusfilter_io_connect_path() more portable
We have existing utility functions to prepare a socket.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 74278a70389e2479d80ec5c88b01a09c141e8d39)
- - - - -
8c0a598b by Stefan Metzmacher at 2018-04-20T11:56:23+02:00
lib/crypto: avoid 'return void_function();' which isn't portable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 7ae77db3b29ef08e1f74aa413049b995a598a5dd)
- - - - -
74da4c87 by Stefan Metzmacher at 2018-04-20T11:56:23+02:00
ldb/tests: avoid 'return void_function();' which isn't portable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 666dda907b7f190b2dff1f2639bd2518240b9fb2)
- - - - -
98fb60b1 by Stefan Metzmacher at 2018-04-20T16:53:16+02:00
s3:modules: fix the build of vfs_aixacl2.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13345
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Apr 3 20:18:58 CEST 2018 on sn-devel-144
(cherry picked from commit 702665cc52d5dc05ae636519e1ffe9c296f5ef77)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-8-test): Fri Apr 20 16:53:16 CEST 2018 on sn-devel-144
- - - - -
4ec99393 by Karolin Seeger at 2018-04-26T09:16:27+02:00
WHATSNEW: Add release notes for Samba 4.8.1.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
e5b036dd by Karolin Seeger at 2018-04-26T09:16:58+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.8.1 release.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
6a83fb45 by Mathieu Parent at 2018-04-26T20:41:39+02:00
New upstream version 4.8.1+dfsg
- - - - -
30 changed files:
- VERSION
- WHATSNEW.txt
- auth/auth_sam_reply.c
- auth/auth_sam_reply.h
- ctdb/client/client_connect.c
- ctdb/client/client_db.c
- ctdb/config/events.d/50.samba
- ctdb/doc/ctdb-etcd.7
- ctdb/doc/ctdb-statistics.7
- ctdb/doc/ctdb-tunables.7
- ctdb/doc/ctdb.1
- ctdb/doc/ctdb.7
- ctdb/doc/ctdb_diagnostics.1
- ctdb/doc/ctdb_mutex_ceph_rados_helper.7
- ctdb/doc/ctdbd.1
- ctdb/doc/ctdbd.conf.5
- ctdb/doc/ctdbd_wrapper.1
- ctdb/doc/ltdbtool.1
- ctdb/doc/onnode.1
- ctdb/doc/ping_pong.1
- ctdb/tests/complex/30_nfs_tickle_killtcp.sh
- ctdb/tests/complex/31_nfs_tickle.sh
- ctdb/tests/complex/32_cifs_tickle.sh
- ctdb/tests/complex/34_nfs_tickle_restart.sh
- ctdb/tests/complex/36_smb_reset_server.sh
- ctdb/tests/complex/37_nfs_reset_server.sh
- docs-xml/smbdotconf/logging/loglevel.xml
- docs-xml/smbdotconf/misc/directorynamecachesize.xml
- docs/manpages/cifsdd.8
- docs/manpages/dbwrap_tool.1
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/7c25ac38aa566235d1ac79ddcdfbdd31b05d1e9e...6a83fb4544607589cd85c95f2fa4a57b327d2d1b
---
View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/7c25ac38aa566235d1ac79ddcdfbdd31b05d1e9e...6a83fb4544607589cd85c95f2fa4a57b327d2d1b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20180429/744cdc4e/attachment-0001.html>
More information about the Pkg-samba-maint
mailing list