[SCM] Samba Shared Repository - branch v4-6-test updated
Karolin Seeger
kseeger at samba.org
Fri Apr 28 11:08:02 UTC 2017
The branch, v4-6-test has been updated
via 0636b93 s3-tests: assignement in shell shall have no spaces around equal sign
via 249607c _netr_ServerPasswordSet2: use info level 26 to set plain text machine password
via 30586d3 vfs_fruit: lp_case_sensitive() does not return a bool
via 6ffea89 winbindd: only use the domain name from lookup sids if the domain matches
via 37e26bf winbindd: handling of SIDs without domain reference in wb_sids2xids_lookupsids_done()
via 73e1f00 vfs_acl_xattr|tdb: ensure create mask is at least 0666 if ignore_system_acls is set
via 6915ad5 notify: Fix ordering of events in notifyd
from 9602cd0 VERSION: Bump version up to 4.6.4...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test
- Log -----------------------------------------------------------------
commit 0636b9303dee8ecb44540a7dea7003159b370168
Author: Alexander Bokovoy <ab at samba.org>
Date: Tue Apr 18 18:28:29 2017 +0300
s3-tests: assignement in shell shall have no spaces around equal sign
When assigning value to 'failed', no spaces should be around '=' sign.
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Apr 19 02:53:25 CEST 2017 on sn-devel-144
(cherry picked from commit d58481bd133a8f59ae553eeff6335162f3c7071c)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12751
Autobuild-User(v4-6-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-6-test): Fri Apr 28 13:07:55 CEST 2017 on sn-devel-144
commit 249607ce5e9ae9a9e5ba6b5864b9473871357543
Author: Alexander Bokovoy <ab at samba.org>
Date: Fri Mar 31 12:44:58 2017 +0300
_netr_ServerPasswordSet2: use info level 26 to set plain text machine password
To support password change for machine or trusted domain accounts in Active
Directory environment we need to pass down actual plain text password
instead of NT hashes. This would allow a backend like ipasam to update
Kerberos keys as well as NT hashes.
By calling samr_SetUserInfo2 info level 26 we ensure PASSDB layer can
actually get the plain text password. If PASSDB backend implements
pdb_update_sam_account() callback, it then gets the plain text password
from samr_SetUserInfo2.
A plain text password is a data blob represented as up to 256 WCHARs. It
is UTF-16 coded on wire and we have its length from the buffer.
SetUserInfo2 SAMR call chain in decode_pw_buffer() does explicitly
expect 512+4 bytes in the buffer. It then calls convert_string_talloc()
to convert it to UNIX charset passing the correct value of the plaintext
password length. However, convert_string_talloc() expects the length of
input string *including* the terminating null and we pass just the
string length.
convert_string_talloc() then explicitly null-terminates the resulting
string by adding two nulls. In most cases UNIX charset is UTF-8, so we
get null-terminated UTF-8 string down to PASSDB layer.
MS-SAMR does not limit what does the password should contain. It says
it is 'userPassword' value. Either 'userPassword' or 'unicodePwd' cannot
contain null characters according to MS-ADTS 3.1.1.3.1.5 because they
must be proper UTF-8 and UTF-16 strings accordingly.
We are talking to our own SAMR service here.
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ff4fb6935a32e33ef01c97d4ee103bc11ac31da0)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12751
commit 30586d36be13507fb4f8fabb806b69035fc98096
Author: Ralph Boehme <slow at samba.org>
Date: Wed Apr 19 13:12:55 2017 +0200
vfs_fruit: lp_case_sensitive() does not return a bool
lp_case_sensitive() returns an int, not a bool, so with the default
setting of "Auto" by default we set the AAPL flag
SMB2_CRTCTX_AAPL_CASE_SENSITIVE.
This caused the client to believe the volume is case sensitive where it
wasn't, leading to an error when trying to rename files changing only
the case of the name.
Also fix the existing torture test that verifies AAPL context
negotiation and actually expected the server to return "case sensitive",
while the Samba default is really "case insensitive".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12749
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 36612723b2b18675116b6197183bdfe5e1d9e06f)
commit 6ffea89a6d62f3a8684614c735b09f5a8043fa6b
Author: Ralph Boehme <slow at samba.org>
Date: Mon Apr 10 14:28:18 2017 +0200
winbindd: only use the domain name from lookup sids if the domain matches
With the use of sIDHistory it happens that two sids map to the same name:
S-1-5-21-1387724271-3540671778-1971508351-1115 DOMAIN2\d1u1 (1)
S-1-5-21-3293503978-489118715-2763867031-1106 DOMAIN2\d1u1 (1)
On the net it looks like this:
lsa_LookupSids: struct lsa_LookupSids
in: struct lsa_LookupSids
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 344f3586-7de4-4e1d-96a9-8c6c23e4b2f0
sids : *
sids: struct lsa_SidArray
num_sids : 0x00000002 (2)
sids : *
sids: ARRAY(2)
sids: struct lsa_SidPtr
sid : *
sid : S-1-5-21-1387724271-3540671778-1971508351-1115
sids: struct lsa_SidPtr
sid : *
sid : S-1-5-21-3293503978-489118715-2763867031-1106
names : *
names: struct lsa_TransNameArray
count : 0x00000000 (0)
names : NULL
level : LSA_LOOKUP_NAMES_ALL (1)
count : *
count : 0x00000000 (0)
lsa_LookupSids: struct lsa_LookupSids
out: struct lsa_LookupSids
domains : *
domains : *
domains: struct lsa_RefDomainList
count : 0x00000001 (1)
domains : *
domains: ARRAY(1)
domains: struct lsa_DomainInfo
name: struct lsa_StringLarge
length : 0x000e (14)
size : 0x0010 (16)
string : *
string : 'DOMAIN2'
sid : *
sid : S-1-5-21-1387724271-3540671778-1971508351
max_size : 0x00000020 (32)
names : *
names: struct lsa_TransNameArray
count : 0x00000002 (2)
names : *
names: ARRAY(7)
names: struct lsa_TranslatedName
sid_type : SID_NAME_USER (1)
name: struct lsa_String
length : 0x0008 (8)
size : 0x0008 (8)
string : *
string : 'd1u1'
sid_index : 0x00000000 (0)
names: struct lsa_TranslatedName
sid_type : SID_NAME_USER (1)
name: struct lsa_String
length : 0x0008 (8)
size : 0x0008 (8)
string : *
string : 'd1u1'
sid_index : 0x00000000 (0)
count : *
count : 0x00000002 (2)
result : NT_STATUS_OK
So the name for S-1-5-21-3293503978-489118715-2763867031-1106 has
S-1-5-21-1387724271-3540671778-1971508351 in referenced lsa_DomainInfo
structure. In that case we should not use the domain name from lsa_DomainInfo,
because we would use the wrong idmap backend.
For the case where the domain part of the sIDHistory sid is a still existing
domain, which can be found our internal list of trusted domains, we now use the
correct idmap backend: the idmap domain from the historic SID.
If the historic domain does no longer exist, we will fallback to the default
idmap domain.
The next step would be doing a lookup sid call for the domain sid, which may
help with one-way trusts.
The long term goal needs to be that idmap backends are based on sids only and
only the smb.conf allows names to be used which will be converted to sids on
startup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12702
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
Autobuild-User(master): Uri Simchoni <uri at samba.org>
Autobuild-Date(master): Wed Apr 12 16:43:30 CEST 2017 on sn-devel-144
(cherry picked from commit 9d419c3fe3654f038fbc978ecb7fa87cf8a5cc3b)
commit 37e26bfd9a5c96f1328f9b288fe39c24bb179fed
Author: Ralph Boehme <slow at samba.org>
Date: Tue Apr 4 14:51:09 2017 +0200
winbindd: handling of SIDs without domain reference in wb_sids2xids_lookupsids_done()
This lets wb_sids2xids_lookupsids_done() deal with wp_lookupsids
returning UINT32_MAX as domain index for SIDs from unknown domains.
Call find_domain_from_sid_noinit() to search our list of known
domains. If a matching domain is found, use it's name, otherwise use the
empty string "". This needed to handle Samba DCs which always returns
sid_index UINT32_MAX for unknown SIDs, even from known domains.
Currently the wb_lookupsids adds these fake domains with an empty string
as domain name, but that's not the correct place to do it. We need the
domain name as it gets passed to the idmap child where the choise of
idmap backend is based on the domain name. This will possibly be changed
in the future to be based on domain SIDs, not the name.
Prerequisite for bug: https://bugzilla.samba.org/show_bug.cgi?id=12702
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 1efaeb072e55735421191fbae9cc586db6d07bb1)
commit 73e1f00711bf5e3413694d5bc1bfa86639621493
Author: Ralph Boehme <slow at samba.org>
Date: Mon Feb 6 12:47:41 2017 +0100
vfs_acl_xattr|tdb: ensure create mask is at least 0666 if ignore_system_acls is set
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12562
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Apr 20 20:50:10 CEST 2017 on sn-devel-144
(cherry picked from commit 375d772d04338861d92e683ae3c6c9d7ecb846ad)
commit 6915ad57efb12c7a6802c551ba36ea2732646b46
Author: Shilpa Krishnareddy <skrishnareddy at panzura.com>
Date: Tue Apr 25 16:59:45 2017 +0200
notify: Fix ordering of events in notifyd
In notifyd_trigger_parser() while initializing notify_event_msg values from
notify_trigger_msg, 'when' value is ignored. So the smbd process does not get
correct 'when' value and this is causing issues during qsort in
notify_marshall_changes(). Because of this issue, smb2.notify.dir test was
failing.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12756
Signed-off-by: Shilpa Krishnareddy <skrishnareddy at panzura.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Apr 26 17:02:58 CEST 2017 on sn-devel-144
(cherry picked from commit 5701880655c8a82b6d533c7c2e131cc803e7570b)
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_acl_tdb.c | 24 +++++++--
source3/modules/vfs_acl_xattr.c | 24 +++++++--
source3/modules/vfs_fruit.c | 20 +++++--
source3/rpc_server/netlogon/srv_netlog_nt.c | 79 ++++++++++++++++++++++------
source3/script/tests/test_net_cred_change.sh | 6 +--
source3/smbd/notifyd/notifyd.c | 3 +-
source3/winbindd/wb_sids2xids.c | 37 ++++++++++---
source4/torture/vfs/fruit.c | 4 +-
8 files changed, 161 insertions(+), 36 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c
index 174affe..a71bfdc 100644
--- a/source3/modules/vfs_acl_tdb.c
+++ b/source3/modules/vfs_acl_tdb.c
@@ -342,12 +342,30 @@ static int connect_acl_tdb(struct vfs_handle_struct *handle,
return -1);
if (config->ignore_system_acls) {
- DBG_NOTICE("setting 'create mask = 0666', "
- "'directory mask = 0777', "
+ mode_t create_mask = lp_create_mask(SNUM(handle->conn));
+ char *create_mask_str = NULL;
+
+ if ((create_mask & 0666) != 0666) {
+ create_mask |= 0666;
+ create_mask_str = talloc_asprintf(handle, "0%o",
+ create_mask);
+ if (create_mask_str == NULL) {
+ DBG_ERR("talloc_asprintf failed\n");
+ return -1;
+ }
+
+ DBG_NOTICE("setting 'create mask = %s'\n", create_mask_str);
+
+ lp_do_parameter (SNUM(handle->conn),
+ "create mask", create_mask_str);
+
+ TALLOC_FREE(create_mask_str);
+ }
+
+ DBG_NOTICE("setting 'directory mask = 0777', "
"'store dos attributes = yes' and all "
"'map ...' options to 'no'\n");
- lp_do_parameter(SNUM(handle->conn), "create mask", "0666");
lp_do_parameter(SNUM(handle->conn), "directory mask", "0777");
lp_do_parameter(SNUM(handle->conn), "map archive", "no");
lp_do_parameter(SNUM(handle->conn), "map hidden", "no");
diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
index 421860b..bb2e565 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_xattr.c
@@ -243,12 +243,30 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle,
return -1);
if (config->ignore_system_acls) {
- DBG_NOTICE("setting 'create mask = 0666', "
- "'directory mask = 0777', "
+ mode_t create_mask = lp_create_mask(SNUM(handle->conn));
+ char *create_mask_str = NULL;
+
+ if ((create_mask & 0666) != 0666) {
+ create_mask |= 0666;
+ create_mask_str = talloc_asprintf(handle, "0%o",
+ create_mask);
+ if (create_mask_str == NULL) {
+ DBG_ERR("talloc_asprintf failed\n");
+ return -1;
+ }
+
+ DBG_NOTICE("setting 'create mask = %s'\n", create_mask_str);
+
+ lp_do_parameter (SNUM(handle->conn),
+ "create mask", create_mask_str);
+
+ TALLOC_FREE(create_mask_str);
+ }
+
+ DBG_NOTICE("setting 'directory mask = 0777', "
"'store dos attributes = yes' and all "
"'map ...' options to 'no'\n");
- lp_do_parameter(SNUM(handle->conn), "create mask", "0666");
lp_do_parameter(SNUM(handle->conn), "directory mask", "0777");
lp_do_parameter(SNUM(handle->conn), "map archive", "no");
lp_do_parameter(SNUM(handle->conn), "map hidden", "no");
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 89d7bfe..9a55c9e 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -2201,9 +2201,23 @@ static NTSTATUS check_aapl(vfs_handle_struct *handle,
}
if (req_bitmap & SMB2_CRTCTX_AAPL_VOLUME_CAPS) {
- SBVAL(p, 0,
- lp_case_sensitive(SNUM(handle->conn->tcon->compat)) ?
- SMB2_CRTCTX_AAPL_CASE_SENSITIVE : 0);
+ int val = lp_case_sensitive(SNUM(handle->conn->tcon->compat));
+ uint64_t caps = 0;
+
+ switch (val) {
+ case Auto:
+ break;
+
+ case True:
+ caps |= SMB2_CRTCTX_AAPL_CASE_SENSITIVE;
+ break;
+
+ default:
+ break;
+ }
+
+ SBVAL(p, 0, caps);
+
ok = data_blob_append(req, &blob, p, 8);
if (!ok) {
return NT_STATUS_UNSUCCESSFUL;
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index ef2c827..aef4c94 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -33,6 +33,7 @@
#include "../librpc/gen_ndr/ndr_lsa_c.h"
#include "rpc_client/cli_lsarpc.h"
#include "rpc_client/init_lsa.h"
+#include "rpc_client/init_samr.h"
#include "rpc_server/rpc_ncacn_np.h"
#include "../libcli/security/security.h"
#include "../libcli/security/dom_sid.h"
@@ -1138,14 +1139,27 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p,
return status;
}
+
/*************************************************************************
*************************************************************************/
+struct _samr_Credentials_t {
+ enum {
+ CRED_TYPE_NT_HASH,
+ CRED_TYPE_PLAIN_TEXT,
+ } cred_type;
+ union {
+ struct samr_Password *nt_hash;
+ const char *password;
+ } creds;
+};
+
+
static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
struct auth_session_info *session_info,
struct messaging_context *msg_ctx,
const char *account_name,
- struct samr_Password *nt_hash)
+ struct _samr_Credentials_t *cr)
{
NTSTATUS status;
NTSTATUS result = NT_STATUS_OK;
@@ -1155,9 +1169,11 @@ static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
uint32_t acct_ctrl;
union samr_UserInfo *info;
struct samr_UserInfo18 info18;
+ struct samr_UserInfo26 info26;
DATA_BLOB in,out;
int rc;
DATA_BLOB session_key;
+ enum samr_UserInfoLevel infolevel;
ZERO_STRUCT(user_handle);
@@ -1229,22 +1245,44 @@ static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
goto out;
}
- ZERO_STRUCT(info18);
+ switch(cr->cred_type) {
+ case CRED_TYPE_NT_HASH:
+ ZERO_STRUCT(info18);
+
+ infolevel = UserInternal1Information;
+
+ in = data_blob_const(cr->creds.nt_hash, 16);
+ out = data_blob_talloc_zero(mem_ctx, 16);
+ sess_crypt_blob(&out, &in, &session_key, true);
+ memcpy(info18.nt_pwd.hash, out.data, out.length);
+
+ info18.nt_pwd_active = true;
+
+ info->info18 = info18;
+ break;
+ case CRED_TYPE_PLAIN_TEXT:
+ ZERO_STRUCT(info26);
- in = data_blob_const(nt_hash->hash, 16);
- out = data_blob_talloc_zero(mem_ctx, 16);
- sess_crypt_blob(&out, &in, &session_key, true);
- memcpy(info18.nt_pwd.hash, out.data, out.length);
+ infolevel = UserInternal5InformationNew;
- info18.nt_pwd_active = true;
+ init_samr_CryptPasswordEx(cr->creds.password,
+ &session_key,
+ &info26.password);
- info->info18 = info18;
+ info26.password_expired = PASS_DONT_CHANGE_AT_NEXT_LOGON;
+ info->info26 = info26;
+ break;
+ default:
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto out;
+ break;
+ }
become_root();
status = dcerpc_samr_SetUserInfo2(h,
mem_ctx,
&user_handle,
- UserInternal1Information,
+ infolevel,
info,
&result);
unbecome_root();
@@ -1274,6 +1312,7 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
NTSTATUS status = NT_STATUS_OK;
int i;
struct netlogon_creds_CredentialState *creds = NULL;
+ struct _samr_Credentials_t cr = { CRED_TYPE_NT_HASH, {0}};
DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));
@@ -1308,11 +1347,12 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
DEBUG(100,("%02X ", r->in.new_password->hash[i]));
DEBUG(100,("\n"));
+ cr.creds.nt_hash = r->in.new_password;
status = netr_set_machine_account_password(p->mem_ctx,
p->session_info,
p->msg_ctx,
creds->account_name,
- r->in.new_password);
+ &cr);
return status;
}
@@ -1327,7 +1367,7 @@ NTSTATUS _netr_ServerPasswordSet2(struct pipes_struct *p,
struct netlogon_creds_CredentialState *creds = NULL;
DATA_BLOB plaintext;
struct samr_CryptPassword password_buf;
- struct samr_Password nt_hash;
+ struct _samr_Credentials_t cr = { CRED_TYPE_PLAIN_TEXT, {0}};
become_root();
status = netr_creds_server_step_check(p, p->mem_ctx,
@@ -1350,6 +1390,10 @@ NTSTATUS _netr_ServerPasswordSet2(struct pipes_struct *p,
return status;
}
+ DEBUG(3,("_netr_ServerPasswordSet2: Server Password Seti2 by remote "
+ "machine:[%s] on account [%s]\n",
+ r->in.computer_name, creds->computer_name));
+
memcpy(password_buf.data, r->in.new_password->data, 512);
SIVAL(password_buf.data, 512, r->in.new_password->length);
@@ -1359,18 +1403,23 @@ NTSTATUS _netr_ServerPasswordSet2(struct pipes_struct *p,
netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
}
- if (!extract_pw_from_buffer(p->mem_ctx, password_buf.data, &plaintext)) {
+ if (!decode_pw_buffer(p->mem_ctx,
+ password_buf.data,
+ (char**) &plaintext.data,
+ &plaintext.length,
+ CH_UTF16)) {
+ DEBUG(2,("_netr_ServerPasswordSet2: unable to extract password "
+ "from a buffer. Rejecting auth request as a wrong password\n"));
TALLOC_FREE(creds);
return NT_STATUS_WRONG_PASSWORD;
}
- mdfour(nt_hash.hash, plaintext.data, plaintext.length);
-
+ cr.creds.password = (const char*) plaintext.data;
status = netr_set_machine_account_password(p->mem_ctx,
p->session_info,
p->msg_ctx,
creds->account_name,
- &nt_hash);
+ &cr);
TALLOC_FREE(creds);
return status;
}
diff --git a/source3/script/tests/test_net_cred_change.sh b/source3/script/tests/test_net_cred_change.sh
index 9013d07..de56be5 100755
--- a/source3/script/tests/test_net_cred_change.sh
+++ b/source3/script/tests/test_net_cred_change.sh
@@ -9,8 +9,8 @@ fi
incdir=`dirname $0`/../../../testprogs/blackbox
. $incdir/subunit.sh
-testit "first change" $VALGRIND $BINDIR/wbinfo -c || failed =`expr $failed + 1`
-testit "first join" $VALGRIND $BINDIR/net rpc testjoin $@ || failed =`expr $failed + 1`
-testit "second change" $VALGRIND $BINDIR/wbinfo -c || failed =`expr $failed + 1`
+testit "first change" $VALGRIND $BINDIR/wbinfo -c || failed=`expr $failed + 1`
+testit "first join" $VALGRIND $BINDIR/net rpc testjoin $@ || failed=`expr $failed + 1`
+testit "second change" $VALGRIND $BINDIR/wbinfo -c || failed=`expr $failed + 1`
testok $0 $failed
diff --git a/source3/smbd/notifyd/notifyd.c b/source3/smbd/notifyd/notifyd.c
index 70f52cd..087952a 100644
--- a/source3/smbd/notifyd/notifyd.c
+++ b/source3/smbd/notifyd/notifyd.c
@@ -734,7 +734,8 @@ static void notifyd_trigger_parser(TDB_DATA key, TDB_DATA data,
{
struct notifyd_trigger_state *tstate = private_data;
- struct notify_event_msg msg = { .action = tstate->msg->action };
+ struct notify_event_msg msg = { .action = tstate->msg->action,
+ .when = tstate->msg->when };
struct iovec iov[2];
size_t path_len = key.dsize;
struct notifyd_instance *instances = NULL;
diff --git a/source3/winbindd/wb_sids2xids.c b/source3/winbindd/wb_sids2xids.c
index 9bb8fa8..b8ad300 100644
--- a/source3/winbindd/wb_sids2xids.c
+++ b/source3/winbindd/wb_sids2xids.c
@@ -185,20 +185,45 @@ static void wb_sids2xids_lookupsids_done(struct tevent_req *subreq)
}
for (i=0; i<state->num_non_cached; i++) {
+ const struct dom_sid *sid = &state->non_cached[i];
struct dom_sid dom_sid;
- struct lsa_DomainInfo *info;
struct lsa_TranslatedName *n = &names->names[i];
struct wbint_TransID *t = &state->ids.ids[i];
int domain_index;
+ const char *domain_name = NULL;
- sid_copy(&dom_sid, &state->non_cached[i]);
- sid_split_rid(&dom_sid, &t->rid);
+ if (n->sid_index != UINT32_MAX) {
+ const struct lsa_DomainInfo *info;
+ bool match;
- info = &domains->domains[n->sid_index];
- t->type = lsa_SidType_to_id_type(n->sid_type);
+ info = &domains->domains[n->sid_index];
+ match = dom_sid_in_domain(info->sid, sid);
+ if (match) {
+ domain_name = info->name.string;
+ }
+ }
+ if (domain_name == NULL) {
+ struct winbindd_domain *wb_domain = NULL;
+
+ /*
+ * This is needed to handle Samba DCs
+ * which always return sid_index == UINT32_MAX for
+ * unknown sids.
+ */
+ wb_domain = find_domain_from_sid_noinit(sid);
+ if (wb_domain != NULL) {
+ domain_name = wb_domain->name;
+ }
+ }
+ if (domain_name == NULL) {
+ domain_name = "";
+ }
+ sid_copy(&dom_sid, sid);
+ sid_split_rid(&dom_sid, &t->rid);
+ t->type = lsa_SidType_to_id_type(n->sid_type);
domain_index = init_lsa_ref_domain_list(
- state, &state->idmap_doms, info->name.string, &dom_sid);
+ state, &state->idmap_doms, domain_name, &dom_sid);
if (domain_index == -1) {
tevent_req_oom(req);
return;
diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c
index 5182c00..bb8f36e 100644
--- a/source4/torture/vfs/fruit.c
+++ b/source4/torture/vfs/fruit.c
@@ -2068,9 +2068,9 @@ static bool test_aapl(struct torture_context *tctx,
}
aapl_vol_caps = BVAL(aapl->data.data, 24);
- if (aapl_vol_caps != SMB2_CRTCTX_AAPL_CASE_SENSITIVE) {
+ if (aapl_vol_caps != 0) {
/* this will fail on a case insensitive fs ... */
- torture_warning(tctx,
+ torture_result(tctx, TORTURE_FAIL,
"(%s) unexpected vol_caps: %d",
__location__, (int)aapl_vol_caps);
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list