[SCM] Samba Shared Repository - branch v4-7-stable updated

Karolin Seeger kseeger at samba.org
Tue Apr 17 07:44:15 UTC 2018


The branch, v4-7-stable has been updated
       via  19a46b0 WHATSNEW: Add release notes for Samba 4.7.7.
       via  5a2066f torture: Test compound request request counters
       via  bb15458 s3:smb2_server: correctly maintain request counters for compound requests
       via  686b2ba winbindd: Do not ignore domain in the LOOKUPNAME request
       via  81c3e2d Add test for wbinfo name lookup
       via  ccbdb3c nsswitch: Fix wbcListGroups test
       via  af5d75d nsswitch: Fix wbcListUsers test
       via  705b1fa test_smbclient_s3.sh: Use correct separator in "list with backup privilege" test
       via  d7f84b6 s3: smbd: Unix extensions attempts to change wrong field in fchown call.
       via  00428e8 s3: smbd: Fix memory leak in vfswrap_getwd()
       via  d217375 s3: lib: messages: Don't use the result of sec_init() before calling sec_init().
       via  c62c1c9 dsdb: Fix CID 1034966 Uninitialized scalar variable
       via  119c28b s3:smbd: don't use the directory cache for SMB2/3
       via  4de5e3b ctdb-scripts: Drop "net serverid wipe" from 50.samba event script
       via  8ac2ffa s4: torture: Test all combinations of directory open with existing directory to ensure behavior is the same.
       via  2500fe7 s4: torture: Test all combinations of directory create to ensure behavior is the same.
       via  ada7126 s4: torture: Test all combinations of file open with existing file to ensure behavior is the same.
       via  1d8c67f s4: torture: Test all combinations of file create to ensure behavior is the same.
       via  052ca44 s4: torture: Ensure a failed file create doesn't create the file.
       via  bd2c850 s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access.
       via  9f2bae3 Allow AESNI to be used on all processor supporting AESNI, not just Intel's This improves performance/reduced CPU usage. Tests performed: - Ran on Ivy Bridge and Ryzen and verified that AESNI is detected (crypto tests) - Ran on Ryzen, and observed 50% increased speed.
       via  b44b079 smbc_opendir should not return EEXIST with invalid login credentials
       via  214291f s3: docs: Add documentation for "smb2" and "smb2_credits" debug classes.
       via  2546926 s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues.
       via  465f3a3 lib: debug: Add DBGC_XXX versions of the macros to allow class-specific messages.
       via  8bfe55e s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all smbd/smb2_*.c files with it.
       via  fe02c78 s3:smbd: map nterror on smb2_flush errorpath
       via  62388a0 s3: smbd: Fruit. Make the use of dom_sid_compare_domain() much clearer.
       via  8b9e15b s4: vfs: fruit tests: Add regression test for dealing with NFS ACE entries.
       via  8df51e5 selftest: vfs.fruit: add xattr_tdb where possible
       via  bb8bbed selftest: run vfs.fruit_netatalk test against seperate share
       via  3893417 s3: smbd: vfs_fruit: Replace code in fruit_fget_nt_acl() with remove_virtual_nfs_aces().
       via  85553b7 s3: smbd: vfs_fruit: Replace code in check_ms_nfs() with remove_virtual_nfs_aces().
       via  bf3e904 s3: smbd: vfs_fruit: Add remove_virtual_nfs_aces() a generic NFS ACE remover.
       via  db293b8 s3: vfs_fruit. Change check_ms_nfs() to remove the virtual ACE's generated by fruit_fget_nt_acl().
       via  a37fad5 s3: vfs_fruit. If the security descriptor was modified, ensure we set the flags correctly to reflect the ACE's left.
       via  9b5d24d s3: vfs_fruit: Ensure we operate on a copy of the incoming security descriptor.
       via  15391e3 s3: vfs_fruit. Ensure we only return one set of the 'virtual' UNIX ACE entries.
       via  ea6c0ae vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async
       via  6d4906c s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir()
       via  520672e s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here.
       via  7a49112 s4:auth_sam: allow logons with an empty domain name
       via  7ea5588 tests/bind.py: Add a bind test with NTLMSSP with no domain
       via  35c8220 tests/py_creds: Add a SamLogonEx test with an empty string domain
       via  04cc893 s3:cliconnect.c: remove useless ';'
       via  4c087a0 s3:libsmb: allow -U"\administrator" to work
       via  6c1dde6 s3:auth: make use of make_{server,session}_info_anonymous()
       via  47b1336 s3:rpc_server: make use of make_session_info_anonymous()
       via  8f69498 s3:auth: add make_{server,session}_info_anonymous()
       via  c3fdc61 s3:auth: pass the whole auth_session_info from copy_session_info_serverinfo_guest() to create_local_token()
       via  1902652 s3:auth: base make_new_session_info_system() on auth_system_user_info_dc() and auth3_create_session_info()
       via  b8c518d s3:auth: add auth3_user_info_dc_add_hints() and auth3_session_info_create()
       via  104de61 auth: add auth_user_info_copy() function
       via  8b5253e s3:auth: remove static from finalize_local_nt_token()
       via  627a86b s3:auth: pass AUTH_SESSION_INFO_* flags to finalize_local_nt_token()
       via  ecee945 s3:auth: don't try to expand system or anonymous tokens in finalize_local_nt_token()
       via  7687d26 s3:auth: add add_builtin_guests() handling to finalize_local_nt_token()
       via  e0e4aa1 s3:auth: only call secrets_fetch_domain_sid() once in finalize_local_nt_token()
       via  c1f61c0 s3:passdb: handle dom_sid=NULL in create_builtin_{users,administrators}()
       via  85097b1 s3:auth: move add_local_groups() out of finalize_local_nt_token()
       via  1258f28 s3:auth: add the "Unix Groups" sid for the primary gid
       via  b991dca s3:auth: remove unused auth_serversupplied_info->system
       via  ff7a8e4 libcli/security: only announce a session as GUEST if 'Builtin\Guests' is there without 'Authenticated User'
       via  e39a5bd s3:selftest: run SMB2-ANONYMOUS
       via  23d1850 s3:torture: add SMB2-ANONYMOUS which asserts no GUEST bit for anonymous
       via  17977a9 Merge tag 'samba-4.7.6' into v4-7-test
       via  cc04ea1 VERSION: Bump version up to 4.7.7.
       via  2f57b6d VERSION: Disable GIT_SNAPSHOT for the 4.7.6 release.
       via  f17ddb9 WHATSNEW: Add release notes for Samba 4.7.6.
       via  49b49f1 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control
       via  7d8de68 CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID
       via  f797e86 CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
       via  c5a663f CVE-2018-1057: s4:dsdb/acl: run password checking only once
       via  7cc3749 CVE-2018-1057: s4/dsdb: correctly detect password resets
       via  a192242 CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights()
       via  fd1817c CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
       via  0820307 CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks
       via  0bb68f5 CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights()
       via  b3746a4 CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights()
       via  7ee55ea CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values
       via  43a5d96 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE
       via  d15b66c CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete
       via  b59ca4d CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs.
       via  af47cdb s3:smbd: Do not crash if we fail to init the session table
       via  1efaec6 libsmb: Use smb2 tcon if conn_protocol >= SMB2_02
       via  e8a69b9 torture: Add test for channel sequence number handling
       via  164b38c smbXcli: Add "force_channel_sequence"
       via  f2d311e smbd: Fix channel sequence number checks for long-running requests
       via  d5c0ad6 smbd: Remove a "!" from an if-condition for easier readability
       via  caca68c torture4: Fix typos
       via  09200da smbd: Fix a typo
       via  b276495 build: fix libceph-common detection
       via  4978ee1 subnet: Avoid a segfault when renaming subnet objects
       via  1fa65b4 build: fix ceph_statx check when configured with libcephfs_dir
       via  5c782d5 VERSION: Bump version up to 4.7.6...
      from  5cfa947 VERSION: Disable GIT_SNAPSHOT for the 4.7.6 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-stable


- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 VERSION                                            |   2 +-
 WHATSNEW.txt                                       | 109 ++-
 auth/auth_sam_reply.c                              |  35 +
 auth/auth_sam_reply.h                              |   3 +
 auth/credentials/tests/bind.py                     |  26 +-
 ctdb/config/events.d/50.samba                      |   2 -
 docs-xml/smbdotconf/logging/loglevel.xml           |   2 +
 .../smbdotconf/misc/directorynamecachesize.xml     |   5 +-
 lib/crypto/aes.c                                   |  16 -
 lib/util/debug.c                                   |   2 +
 lib/util/debug.h                                   |  32 +
 libcli/security/session.c                          |  18 +-
 libcli/smb/smbXcli_base.c                          |  15 +-
 libcli/smb/smbXcli_base.h                          |   4 +
 nsswitch/libwbclient/tests/wbclient.c              |  66 +-
 nsswitch/tests/test_wbinfo_name_lookup.sh          |  40 +
 python/samba/subnets.py                            |  33 +
 python/samba/tests/py_credentials.py               |  27 +
 selftest/target/Samba3.pm                          |  18 +-
 source3/auth/auth_builtin.c                        |   2 +-
 source3/auth/auth_ntlmssp.c                        |   5 +-
 source3/auth/auth_util.c                           | 852 ++++++++++++++++++---
 source3/auth/proto.h                               |  38 +
 source3/auth/token_util.c                          | 251 ++++--
 source3/include/auth.h                             |   6 +-
 source3/lib/messages.c                             |   9 +-
 source3/libads/ldap_utils.c                        |   9 +
 source3/librpc/idl/smbXsrv.idl                     |   3 +-
 source3/libsmb/cliconnect.c                        |   9 +-
 source3/libsmb/clientgen.c                         |   2 +-
 source3/libsmb/libsmb_server.c                     |   4 +-
 source3/modules/vfs_default.c                      |   9 +-
 source3/modules/vfs_fruit.c                        |  93 ++-
 source3/modules/vfs_glusterfs.c                    |   2 +-
 source3/passdb/pdb_util.c                          |  10 +-
 source3/rpc_server/rpc_server.c                    |   9 +-
 source3/script/tests/test_smbclient_s3.sh          |  10 +-
 source3/selftest/tests.py                          |   7 +-
 source3/smbd/dir.c                                 |  32 +-
 source3/smbd/globals.h                             |   1 +
 source3/smbd/negprot.c                             |  23 +-
 source3/smbd/open.c                                |  12 +
 source3/smbd/smb2_break.c                          |   3 +
 source3/smbd/smb2_close.c                          |   3 +
 source3/smbd/smb2_create.c                         |   3 +
 source3/smbd/smb2_flush.c                          |   5 +-
 source3/smbd/smb2_getinfo.c                        |   3 +
 source3/smbd/smb2_glue.c                           |   3 +
 source3/smbd/smb2_ioctl.c                          |   3 +
 source3/smbd/smb2_ioctl_dfs.c                      |   3 +
 source3/smbd/smb2_ioctl_filesys.c                  |   3 +
 source3/smbd/smb2_ioctl_named_pipe.c               |   3 +
 source3/smbd/smb2_ioctl_network_fs.c               |   3 +
 source3/smbd/smb2_keepalive.c                      |   3 +
 source3/smbd/smb2_lock.c                           |   3 +
 source3/smbd/smb2_negprot.c                        |   3 +
 source3/smbd/smb2_notify.c                         |   3 +
 source3/smbd/smb2_query_directory.c                |  12 +-
 source3/smbd/smb2_read.c                           |   3 +
 source3/smbd/smb2_server.c                         |  84 +-
 source3/smbd/smb2_sesssetup.c                      |   3 +
 source3/smbd/smb2_setinfo.c                        |   3 +
 source3/smbd/smb2_tcon.c                           |   3 +
 source3/smbd/smb2_write.c                          |   3 +
 source3/smbd/trans2.c                              |   4 +-
 source3/torture/proto.h                            |   1 +
 source3/torture/test_smb2.c                        |  42 +
 source3/torture/torture.c                          |   1 +
 source3/winbindd/winbindd_lookupname.c             |  33 +-
 source3/wscript                                    |  11 +-
 source4/auth/ntlm/auth_sam.c                       |  16 +-
 source4/dsdb/samdb/ldb_modules/samldb.c            |   9 +-
 source4/dsdb/tests/python/sites.py                 |  45 ++
 source4/torture/basic/delete.c                     | 257 ++++++-
 source4/torture/smb2/compound.c                    |  77 ++
 source4/torture/smb2/replay.c                      | 117 ++-
 source4/torture/vfs/fruit.c                        | 171 +++++
 77 files changed, 2489 insertions(+), 306 deletions(-)
 create mode 100755 nsswitch/tests/test_wbinfo_name_lookup.sh


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 57dfd64..f9f4813 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=7
-SAMBA_VERSION_RELEASE=6
+SAMBA_VERSION_RELEASE=7
 
 ########################################################
 # If a official release has a serious bug              #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 021f2e7..3eea285 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,109 @@
                    =============================
+                   Release Notes for Samba 4.7.7
+                           April 12, 2018
+                   =============================
+
+
+This is the latest stable release of the Samba 4.7 release series.
+
+
+Changes since 4.7.6:
+--------------------
+
+o  Jeremy Allison <jra at samba.org>
+   * BUG 13206: s4:auth_sam: Allow logons with an empty domain name.
+   * BUG 13244: s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on
+     error, we don't own it here.
+   * BUG 13270: s3: smbd: Fix possible directory fd leak if the underlying
+     OS doesn't support fdopendir().
+   * BUG 13319: Round-tripping ACL get/set through vfs_fruit will increase
+     the number of ACE entries without limit.
+   * BUG 13347: s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically
+     debug credit issues.
+   * BUG 13358: s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE
+     without delete access.
+   * BUG 13372: s3: smbd: Fix memory leak in vfswrap_getwd().
+   * BUG 13375: s3: smbd: Unix extensions attempts to change wrong field
+     in fchown call.
+
+o  Ralph Boehme <slow at samba.org>
+   * BUG 13363: s3:smbd: Don't use the directory cache for SMB2/3.
+
+o  G√ľnther Deschner <gd at samba.org>
+   * BUG 13277: build: Fix libceph-common detection.
+
+o  David Disseldorp <ddiss at suse.de>
+   * BUG 13250: build: Fix ceph_statx check when configured with libcephfs_dir.
+
+o  Poornima G <pgurusid at redhat.com>
+   * BUG 13297: vfs_glusterfs: Fix the wrong pointer being sent in
+     glfs_fsync_async.
+
+o  Amitay Isaacs <amitay at gmail.com>
+   * BUG 13359: ctdb-scripts: Drop 'net serverid wipe' from 50.samba event
+     script.
+
+o  Lutz Justen <ljusten at google.com>
+   * BUG 13368: s3: lib: messages: Don't use the result of sec_init() before
+     calling sec_init().
+
+o  Volker Lendecke <vl at samba.org>
+   * BUG 13215: smbd can panic if the client-supplied channel sequence number
+     wraps.
+   * BUG 13367: dsdb: Fix CID 1034966 Uninitialized scalar variable.
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUG 13206: s3:libsmb: Allow -U"\\administrator" to work.
+   * BUG 13328: Windows 10 cannot logon on Samba NT4 domain.
+
+o  David Mulder <dmulder at suse.com>
+   * BUG 13050: smbc_opendir should not return EEXIST with invalid login
+     credentials.
+
+o  Anton Nefedov
+   * BUG 13338: s3:smbd: map nterror on smb2_flush errorpath.
+
+o  Dan Robertson <drobertson at tripwire.com>
+   * BUG 13310: libsmb: Use smb2 tcon if conn_protocol >= SMB2_02.
+
+o  Garming Sam <garming at catalyst.net.nz>
+   * BUG 13031: subnet: Avoid a segfault when renaming subnet objects.
+
+o  Christof Schmitt <cs at samba.org>
+   * BUG 13312: 'wbinfo --name-to-sid' returns misleading result on invalid
+     query.
+
+o  Andreas Schneider <asn at samba.org>
+   * BUG 13315: s3:smbd: Do not crash if we fail to init the session table.
+
+o  Eric Vannier <evannier at google.com>
+   * BUG 13302: Allow AESNI to be used on all processor supporting AESNI.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+                   =============================
                    Release Notes for Samba 4.7.6
                            March 13, 2018
                    =============================
@@ -71,8 +176,8 @@ database (https://bugzilla.samba.org/).
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
 
                    =============================
                    Release Notes for Samba 4.7.5
diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c
index 15d17b0..bd69515 100644
--- a/auth/auth_sam_reply.c
+++ b/auth/auth_sam_reply.c
@@ -333,6 +333,41 @@ NTSTATUS make_user_info_SamBaseInfo(TALLOC_CTX *mem_ctx,
 	return NT_STATUS_OK;
 }
 
+struct auth_user_info *auth_user_info_copy(TALLOC_CTX *mem_ctx,
+					   const struct auth_user_info *src)
+{
+	struct auth_user_info *dst = NULL;
+
+	dst = talloc_zero(mem_ctx, struct auth_user_info);
+	if (dst == NULL) {
+		return NULL;
+	}
+
+	*dst = *src;
+#define _COPY_STRING(_mem, _str) do { \
+	if ((_str) != NULL) { \
+		(_str) = talloc_strdup((_mem), (_str)); \
+		if ((_str) == NULL) { \
+			TALLOC_FREE(dst); \
+			return NULL; \
+		} \
+	} \
+} while(0)
+	_COPY_STRING(dst, dst->account_name);
+	_COPY_STRING(dst, dst->user_principal_name);
+	_COPY_STRING(dst, dst->domain_name);
+	_COPY_STRING(dst, dst->dns_domain_name);
+	_COPY_STRING(dst, dst->full_name);
+	_COPY_STRING(dst, dst->logon_script);
+	_COPY_STRING(dst, dst->profile_path);
+	_COPY_STRING(dst, dst->home_directory);
+	_COPY_STRING(dst, dst->home_drive);
+	_COPY_STRING(dst, dst->logon_server);
+#undef _COPY_STRING
+
+	return dst;
+}
+
 /**
  * Make a user_info_dc struct from the info3 returned by a domain logon
  */
diff --git a/auth/auth_sam_reply.h b/auth/auth_sam_reply.h
index 4aa3096..e4b26e9 100644
--- a/auth/auth_sam_reply.h
+++ b/auth/auth_sam_reply.h
@@ -38,6 +38,9 @@ NTSTATUS make_user_info_SamBaseInfo(TALLOC_CTX *mem_ctx,
 				    bool authenticated,
 				    struct auth_user_info **_user_info);
 
+struct auth_user_info *auth_user_info_copy(TALLOC_CTX *mem_ctx,
+					   const struct auth_user_info *src);
+
 NTSTATUS auth_convert_user_info_dc_saminfo6(TALLOC_CTX *mem_ctx,
 					   const struct auth_user_info_dc *user_info_dc,
 					   struct netr_SamInfo6 **_sam6);
diff --git a/auth/credentials/tests/bind.py b/auth/credentials/tests/bind.py
index 91e493d..4aa4498 100755
--- a/auth/credentials/tests/bind.py
+++ b/auth/credentials/tests/bind.py
@@ -43,6 +43,7 @@ creds_machine = copy.deepcopy(creds)
 creds_user1 = copy.deepcopy(creds)
 creds_user2 = copy.deepcopy(creds)
 creds_user3 = copy.deepcopy(creds)
+creds_user4 = copy.deepcopy(creds)
 
 class BindTests(samba.tests.TestCase):
 
@@ -64,7 +65,7 @@ class BindTests(samba.tests.TestCase):
         self.config_dn = self.info_dc["configurationNamingContext"][0]
         self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn
         self.password = "P at ssw0rd"
-        self.username = "BindTestUser_" + time.strftime("%s", time.gmtime())
+        self.username = "BindTestUser"
 
     def tearDown(self):
         super(BindTests, self).tearDown()
@@ -113,6 +114,7 @@ unicodePwd:: """ + base64.b64encode("\"P at ssw0rd\"".encode('utf-16-le')) + """
                                       expression="(samAccountName=%s)" % self.username)
         self.assertEquals(len(ldb_res), 1)
         user_dn = ldb_res[0]["dn"]
+        self.addCleanup(delete_force, self.ldb, user_dn)
 
         # do a simple bind and search with the user account in format user at realm
         creds_user1.set_bind_dn(self.username + "@" + creds.get_realm())
@@ -138,5 +140,27 @@ unicodePwd:: """ + base64.b64encode("\"P at ssw0rd\"".encode('utf-16-le')) + """
                                               lp=lp, ldap_only=True)
         res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
 
+    def test_user_account_bind_no_domain(self):
+        # create user
+        self.ldb.newuser(username=self.username, password=self.password)
+        ldb_res = self.ldb.search(base=self.domain_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % self.username)
+        self.assertEquals(len(ldb_res), 1)
+        user_dn = ldb_res[0]["dn"]
+        self.addCleanup(delete_force, self.ldb, user_dn)
+
+        creds_user4.set_username(self.username)
+        creds_user4.set_password(self.password)
+        creds_user4.set_domain('')
+        creds_user4.set_workstation('')
+        print "BindTest (no domain) with: " + self.username
+        try:
+            ldb_user4 = samba.tests.connect_samdb(host, credentials=creds_user4,
+                                              lp=lp, ldap_only=True)
+        except:
+            self.fail("Failed to connect without the domain set")
+
+        res = ldb_user4.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
 
 TestProgram(module=__name__, opts=subunitopts)
diff --git a/ctdb/config/events.d/50.samba b/ctdb/config/events.d/50.samba
index 4c32e4e..f0d8e84 100755
--- a/ctdb/config/events.d/50.samba
+++ b/ctdb/config/events.d/50.samba
@@ -53,8 +53,6 @@ service_start ()
     # start Samba service. Start it reniced, as under very heavy load
     # the number of smbd processes will mean that it leaves few cycles
     # for anything else
-    net serverid wipe
-
     if [ -n "$CTDB_SERVICE_NMB" ] ; then
 	nice_service "$CTDB_SERVICE_NMB" start || die "Failed to start nmbd"
     fi
diff --git a/docs-xml/smbdotconf/logging/loglevel.xml b/docs-xml/smbdotconf/logging/loglevel.xml
index 1a3767d..d3b5c45 100644
--- a/docs-xml/smbdotconf/logging/loglevel.xml
+++ b/docs-xml/smbdotconf/logging/loglevel.xml
@@ -22,6 +22,8 @@
 	<listitem><para><parameter moreinfo="none">printdrivers</parameter></para></listitem>
 	<listitem><para><parameter moreinfo="none">lanman</parameter></para></listitem>
 	<listitem><para><parameter moreinfo="none">smb</parameter></para></listitem>
+	<listitem><para><parameter moreinfo="none">smb2</parameter></para></listitem>
+	<listitem><para><parameter moreinfo="none">smb2_credits</parameter></para></listitem>
 	<listitem><para><parameter moreinfo="none">rpc_parse</parameter></para></listitem>
 	<listitem><para><parameter moreinfo="none">rpc_srv</parameter></para></listitem>
 	<listitem><para><parameter moreinfo="none">rpc_cli</parameter></para></listitem>
diff --git a/docs-xml/smbdotconf/misc/directorynamecachesize.xml b/docs-xml/smbdotconf/misc/directorynamecachesize.xml
index 7a89bf2..22999a6 100644
--- a/docs-xml/smbdotconf/misc/directorynamecachesize.xml
+++ b/docs-xml/smbdotconf/misc/directorynamecachesize.xml
@@ -4,8 +4,9 @@
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
 	<para>
-	This parameter specifies the size of the directory name cache.
-	It will be needed to turn this off for *BSD systems.
+	This parameter specifies the size of the directory name cache for SMB1
+	connections. It is not used for SMB2. It will be needed to turn this off
+	for *BSD systems.
 	</para>
 
 </description>
diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c
index c226ac1..d16d715 100644
--- a/lib/crypto/aes.c
+++ b/lib/crypto/aes.c
@@ -66,22 +66,6 @@ static bool has_intel_aes_instructions(void)
 		return (bool)has_aes_instructions;
 	}
 
-	__cpuid(cpuid_results, 0);
-	/*
-	 *        MSB         LSB
-	 *  EBX = 'u' 'n' 'e' 'G'
-	 *  EDX = 'I' 'e' 'n' 'i'
-	 *  ECX = 'l' 'e' 't' 'n'
-	 */
-	if (memcmp((unsigned char *)&cpuid_results[1], "Genu", 4) != 0 ||
-			memcmp((unsigned char *)&cpuid_results[3],
-				"ineI", 4) != 0 ||
-			memcmp((unsigned char *)&cpuid_results[2],
-				"ntel", 4) != 0) {
-		has_aes_instructions = 0;
-		return (bool)has_aes_instructions;
-	}
-
 	__cpuid(cpuid_results, 1);
 	has_aes_instructions = !!(cpuid_results[2] & (1 << 25));
 	return (bool)has_aes_instructions;
diff --git a/lib/util/debug.c b/lib/util/debug.c
index 8b28002..135cdb6 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -541,6 +541,8 @@ static const char *default_classname_table[] = {
 	[DBGC_AUTH_AUDIT_JSON] = "auth_json_audit",
 	[DBGC_KERBEROS] =       "kerberos",
 	[DBGC_DRS_REPL] =       "drs_repl",
+	[DBGC_SMB2] =           "smb2",
+	[DBGC_SMB2_CREDITS] =   "smb2_credits",
 };
 
 /*
diff --git a/lib/util/debug.h b/lib/util/debug.h
index e82553a..1e184b4 100644
--- a/lib/util/debug.h
+++ b/lib/util/debug.h
@@ -93,6 +93,8 @@ bool dbghdr( int level, const char *location, const char *func);
 #define DBGC_AUTH_AUDIT_JSON	25
 #define DBGC_KERBEROS           26
 #define DBGC_DRS_REPL           27
+#define DBGC_SMB2               28
+#define DBGC_SMB2_CREDITS       29
 
 /* So you can define DBGC_CLASS before including debug.h */
 #ifndef DBGC_CLASS
@@ -216,6 +218,14 @@ extern int  *DEBUGLEVEL_CLASS;
 		&& (dbgtext("%s: ", __func__))				\
 		&& (dbgtext body) )
 
+/* Prefix messages with the function name - class specific */
+#define DBGC_PREFIX(dbgc_class, level, body ) \
+	(void)( ((level) <= MAX_DEBUG_LEVEL) &&			\
+		unlikely(DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))	\
+		&& (dbghdrclass(level, dbgc_class, __location__, __func__ )) \
+		&& (dbgtext("%s: ", __func__))				\
+		&& (dbgtext body) )
+
 /*
  * Debug levels matching RFC 3164
  */
@@ -231,12 +241,34 @@ extern int  *DEBUGLEVEL_CLASS;
 #define DBG_INFO(...)		DBG_PREFIX(DBGLVL_INFO,		(__VA_ARGS__))
 #define DBG_DEBUG(...)		DBG_PREFIX(DBGLVL_DEBUG,	(__VA_ARGS__))
 
+#define DBGC_ERR(dbgc_class, ...)	DBGC_PREFIX(dbgc_class, \
+						DBGLVL_ERR, (__VA_ARGS__))
+#define DBGC_WARNING(dbgc_class, ...)	DBGC_PREFIX(dbgc_class, \
+						DBGLVL_WARNING,	(__VA_ARGS__))
+#define DBGC_NOTICE(dbgc_class, ...)	DBGC_PREFIX(dbgc_class, \
+						DBGLVL_NOTICE,	(__VA_ARGS__))
+#define DBGC_INFO(dbgc_class, ...)	DBGC_PREFIX(dbgc_class, \
+						DBGLVL_INFO,	(__VA_ARGS__))
+#define DBGC_DEBUG(dbgc_class, ...)	DBGC_PREFIX(dbgc_class, \
+						DBGLVL_DEBUG,	(__VA_ARGS__))
+
 #define D_ERR(...)		DEBUG(DBGLVL_ERR,	(__VA_ARGS__))
 #define D_WARNING(...)		DEBUG(DBGLVL_WARNING,	(__VA_ARGS__))
 #define D_NOTICE(...)		DEBUG(DBGLVL_NOTICE,	(__VA_ARGS__))
 #define D_INFO(...)		DEBUG(DBGLVL_INFO,	(__VA_ARGS__))
 #define D_DEBUG(...)		DEBUG(DBGLVL_DEBUG,	(__VA_ARGS__))
 
+#define DC_ERR(...)		DEBUGC(dbgc_class, \
+					DBGLVL_ERR,	(__VA_ARGS__))
+#define DC_WARNING(...)		DEBUGC(dbgc_class, \
+					DBGLVL_WARNING,	(__VA_ARGS__))
+#define DC_NOTICE(...)		DEBUGC(dbgc_class, \
+					DBGLVL_NOTICE,	(__VA_ARGS__))
+#define DC_INFO(...)		DEBUGC(dbgc_class, \
+					DBGLVL_INFO,	(__VA_ARGS__))
+#define DC_DEBUG(...)		DEBUGC(dbgc_class, \
+					DBGLVL_DEBUG,	(__VA_ARGS__))
+
 /* The following definitions come from lib/debug.c  */
 
 /** Possible destinations for the debug log (in order of precedence -
diff --git a/libcli/security/session.c b/libcli/security/session.c
index 0fbb87d..f17e884 100644
--- a/libcli/security/session.c
+++ b/libcli/security/session.c
@@ -26,6 +26,9 @@
 enum security_user_level security_session_user_level(struct auth_session_info *session_info,
 						     const struct dom_sid *domain_sid)
 {
+	bool authenticated = false;
+	bool guest = false;
+
 	if (!session_info) {
 		return SECURITY_ANONYMOUS;
 	}
@@ -38,8 +41,13 @@ enum security_user_level security_session_user_level(struct auth_session_info *s
 		return SECURITY_ANONYMOUS;
 	}
 
-	if (security_token_has_builtin_guests(session_info->security_token)) {
-		return SECURITY_GUEST;
+	authenticated = security_token_has_nt_authenticated_users(session_info->security_token);
+	guest = security_token_has_builtin_guests(session_info->security_token);
+	if (!authenticated) {
+		if (guest) {
+			return SECURITY_GUEST;
+		}
+		return SECURITY_ANONYMOUS;
 	}
 
 	if (security_token_has_builtin_administrators(session_info->security_token)) {
@@ -60,9 +68,5 @@ enum security_user_level security_session_user_level(struct auth_session_info *s
 		return SECURITY_DOMAIN_CONTROLLER;
 	}
 
-	if (security_token_has_nt_authenticated_users(session_info->security_token)) {
-		return SECURITY_USER;
-	}
-
-	return SECURITY_ANONYMOUS;
+	return SECURITY_USER;
 }
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 7322380..f1f90d9 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -138,6 +138,8 @@ struct smbXcli_conn {
 
 		uint8_t io_priority;
 
+		bool force_channel_sequence;
+
 		uint8_t preauth_sha512[64];
 	} smb2;
 
@@ -549,6 +551,17 @@ const struct GUID *smbXcli_conn_server_guid(struct smbXcli_conn *conn)
 	return &conn->smb1.server.guid;
 }
 
+bool smbXcli_conn_get_force_channel_sequence(struct smbXcli_conn *conn)
+{
+	return conn->smb2.force_channel_sequence;
+}
+
+void smbXcli_conn_set_force_channel_sequence(struct smbXcli_conn *conn,
+					     bool v)
+{
+	conn->smb2.force_channel_sequence = v;
+}
+
 struct smbXcli_conn_samba_suicide_state {
 	struct smbXcli_conn *conn;
 	struct iovec iov;
@@ -2899,7 +2912,7 @@ struct tevent_req *smb2cli_req_create(TALLOC_CTX *mem_ctx,
 	uint32_t flags = 0;
 	uint32_t tid = 0;
 	uint64_t uid = 0;
-	bool use_channel_sequence = false;
+	bool use_channel_sequence = conn->smb2.force_channel_sequence;
 	uint16_t channel_sequence = 0;
 	bool use_replay_flag = false;
 
diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index 6d9198a..2532084 100644
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -59,6 +59,10 @@ uint16_t smbXcli_conn_max_requests(struct smbXcli_conn *conn);
 NTTIME smbXcli_conn_server_system_time(struct smbXcli_conn *conn);
 const DATA_BLOB *smbXcli_conn_server_gss_blob(struct smbXcli_conn *conn);
 const struct GUID *smbXcli_conn_server_guid(struct smbXcli_conn *conn);
+bool smbXcli_conn_get_force_channel_sequence(struct smbXcli_conn *conn);
+void smbXcli_conn_set_force_channel_sequence(struct smbXcli_conn *conn,
+					     bool v);
+
 
 struct tevent_req *smbXcli_conn_samba_suicide_send(TALLOC_CTX *mem_ctx,
 						   struct tevent_context *ev,
diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c
index e80afc4..d107942 100644
--- a/nsswitch/libwbclient/tests/wbclient.c
+++ b/nsswitch/libwbclient/tests/wbclient.c


-- 
Samba Shared Repository



More information about the samba-cvs mailing list