[SCM] Samba Shared Repository - branch v4-7-test updated
Karolin Seeger
kseeger at samba.org
Sat Jul 28 08:58:02 UTC 2018
The branch, v4-7-test has been updated
via a431bdf s3: smbd: Fix AIX sendfile() for SMB2. Ensure we don't spin on EAGAIN.
via 7bf1568 s3: smbd: Fix FreeBSD sendfile() for SMB2. Ensure we don't spin on EAGAIN.
via adb7d6a s3: smbd: Fix HPUX sendfile() for SMB2. Ensure we don't spin on EAGAIN.
via 2c58fbd s3: smbd: Fix Solaris sendfile() for SMB2. Ensure we don't spin on EAGAIN.
via c166fa0 s3: smbd: Fix Linux sendfile() for SMB2. Ensure we don't spin on EAGAIN.
via 2bc9c4d dns wildcards: fix BUG 13536
via c6d9862 dns wildcards: tests to confirm BUG 13536
via 066ba51 s3: smbd: fix path check in smbd_smb2_create_durable_lease_check()
via 0c37304 s4: torture: run test_durable_v2_open_reopen2_lease() in a subdirectory
via 80c7e28 s3: libsmbclient: Fix cli_splice() fallback when reading less than a complete file.
via a7783f5 s3: torture: Test SMB1 cli_splice() fallback path when doing a non-full file splice.
via 6cf5809 docs/vfs_ceph: add CTDB_SAMBA_SKIP_SHARE_CHECK=yes caveat
via be42bf4 vfs_ceph: don't lie about flock support
via 5bfa46c ldb: Refuse to build Samba against a newer minor version of ldb
via 7658ffc samba-tool trust: support discovery via netr_GetDcName
via a500e04 s3:selftest: run rpc.lsa.lookupsids also with explicit [smb1] and [smb2]
via 3aaaeb9 s4:librpc: autonegotiate SMB1/2/3
via 882db91 python/tests: use explicit "client ipc max protocol = NT1" for samba.tests.net_join_no_spnego
via 80a0c49 tests/auth_log: Permit SMB2 service description if empty binding is used for kerberos authentication
via 0af5606 s4:libcli: add smb_connect_nego_{send,recv}()
via faa5c60 s4:libcli: allow a fallback to NTLMSSP if SPNEGO is not supported locally
via 73f0518 s4:libcli: add fallback_to_anonymous to smb2_connect_send()
via b2e0a78 s4:libcli: allow passing an already negotiated connection to smb2_connect_send()
via 384a61f s4:libcli: split out smb2_connect_session_start()
via 630b5b9 s4:libcli: add smb2_transport_raw_init()
via 139ee19 s4:libcli: allow passing an already negotiated connection to smb_composite_connect()
via 5bed1ef s4:libcli: use talloc_zero() for struct smb_composite_connect in fetchfile.c
via 7ee0293 s4:libcli: add smbcli_transport_raw_init()
via b2a3582 s4:libcli: split out smb_raw_negotiate_fill_transport()
via 3f03c9a librpc: add binding handle support for [smb1]
from 5260dbc s3: smbd: always set vuid in check_user_ok()
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test
- Log -----------------------------------------------------------------
commit a431bdf08fdad479471bbb2ab0cf86c595260d23
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jul 18 15:49:29 2018 -0700
s3: smbd: Fix AIX sendfile() for SMB2. Ensure we don't spin on EAGAIN.
For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Jul 20 15:14:24 CEST 2018 on sn-devel-144
(cherry picked from commit 582ce5d6b599516d6d8d619529a2aa809139a175)
Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-7-test): Sat Jul 28 10:57:39 CEST 2018 on sn-devel-144
commit 7bf15686b60c35c853ae469906baa7d5ed51e4b7
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jul 18 15:44:34 2018 -0700
s3: smbd: Fix FreeBSD sendfile() for SMB2. Ensure we don't spin on EAGAIN.
For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 456e520a3be7e4b54f1f144324c3671b8f6e35ea)
commit adb7d6a1f465dcf39e68cdaa3980a0bf65ca35b4
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jul 18 15:36:47 2018 -0700
s3: smbd: Fix HPUX sendfile() for SMB2. Ensure we don't spin on EAGAIN.
For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit d222caa449d9c00bb2dd9da6c79ea509960d47c6)
commit 2c58fbdec214d33561e1d1ddad5724d36cfc07f2
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jul 18 15:29:37 2018 -0700
s3: smbd: Fix Solaris sendfile() for SMB2. Ensure we don't spin on EAGAIN.
For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 16a587075c8c62c1160869358ca56a133e90247a)
commit c166fa003ae165fc5445dc8b1292719756fa0489
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jul 18 13:32:49 2018 -0700
s3: smbd: Fix Linux sendfile() for SMB2. Ensure we don't spin on EAGAIN.
For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 809967b3eab7a1b48c186517701538ca93536246)
commit 2bc9c4d8d3940a2f529e86b126010355ccd1e9de
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Wed Jul 18 15:33:26 2018 +1200
dns wildcards: fix BUG 13536
The current position in the dns name was not advanced past the '.'
character
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jul 20 04:40:31 CEST 2018 on sn-devel-144
(cherry picked from commit cef1b31cd1f33074e8ab6de52aa0fb74e9b57a9f)
commit c6d98623215e37d6a28e590413a18f8d9aec9c8b
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Wed Jul 18 15:29:21 2018 +1200
dns wildcards: tests to confirm BUG 13536
DNS wildcard matching failing if more than one label to the left of the
wildcard. This commits adds tests to confirm the bug.
Wildcard entry: *.example.org
bar.example.com matches
foo.bar.example.com does not, but it it should.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 0d3aec18679a2637430263a55de5e210a9201e21)
commit 066ba51aac130fbd67fe728a692a08ddabbc6ef8
Author: Ralph Boehme <slow at samba.org>
Date: Tue Jul 17 15:40:04 2018 +0200
s3: smbd: fix path check in smbd_smb2_create_durable_lease_check()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13535
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e60e9368cb3cb512e2506620d814187a692108e0)
commit 0c373043eb13506e92728e2b7ce360b32f401160
Author: Ralph Boehme <slow at samba.org>
Date: Tue Jul 17 15:56:05 2018 +0200
s4: torture: run test_durable_v2_open_reopen2_lease() in a subdirectory
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13535
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 725319743f1f2de934cbde477ca84430f5b2b4b4)
commit 80c7e284afadec4dc346248b1242b771b050f7da
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jul 12 12:18:50 2018 -0700
s3: libsmbclient: Fix cli_splice() fallback when reading less than a complete file.
We were always asking for SPLICE_BLOCK_SIZE even when the
remaining bytes we wanted were smaller than that. This works
when using cli_splice() on a complete file, as the cli_read()
terminated the read at the right place. We always have the
space to read SPLICE_BLOCK_SIZE bytes so this isn't an overflow.
Found by Bailey Berro <baileyberro at google.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13527
Signed-off-by: Bailey Berro <baileyberro at google.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Fri Jul 13 14:57:14 CEST 2018 on sn-devel-144
(cherry picked from commit c9656fd2977557ab20ec4e3d87c385a9b2f1bf43)
commit a7783f5e470d6ca7d4659ba37eb558b6cc06b8a0
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jul 12 12:15:12 2018 -0700
s3: torture: Test SMB1 cli_splice() fallback path when doing a non-full file splice.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13527
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
(cherry picked from commit 1c8d1cceff852acaca4a0ec0da37b053ed03fe4a)
(cherry picked from commit 49d6c3f061284aac31c3ef21f88f9d69bdd86bd8)
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jul 14 00:14:13 CEST 2018 on sn-devel-144
commit 6cf5809762bc10b7b5c29d0ba6a302e9e99511e3
Author: David Disseldorp <ddiss at samba.org>
Date: Fri Jul 6 13:31:43 2018 +0200
docs/vfs_ceph: add CTDB_SAMBA_SKIP_SHARE_CHECK=yes caveat
Mostly copied from the vfs_gluster manpage: the CephFS share path is not
locally mounted, which breaks the ctdb_check_directories_probe() check.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jul 6 23:19:02 CEST 2018 on sn-devel-144
(cherry picked from commit 0cd44821f3889067620d685344c3eaf913a31329)
commit be42bf487da2f2e94506840f18b47457fe31da75
Author: David Disseldorp <ddiss at samba.org>
Date: Thu Jul 5 17:18:15 2018 +0200
vfs_ceph: don't lie about flock support
Instead, match vfs_gluster behaviour and require that users explicitly
disable "kernel share modes".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13506
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 926ae50627d536735cee9b3931ee35bc19060261)
commit 5bfa46c23ecbd4f3dd9ed0238a3fdac9fe1581ea
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Jul 12 12:34:56 2018 +1200
ldb: Refuse to build Samba against a newer minor version of ldb
Samba is not compatible with new versions of ldb (except release versions)
Other users would not notice the breakages, but Samba makes many
more assuptions about the LDB internals than any other package.
(Specifically, LDB 1.2 and 1.4 broke builds against released
Samba versions)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13519
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
(cherry picked from commit 52efa796538ae004ca62ea32fc8c833472991be6)
commit 7658ffc73ca6bc5f001baed1ca8ec09307b55d3d
Author: Alexander Bokovoy <ab at samba.org>
Date: Sat Feb 24 14:34:44 2018 +0200
samba-tool trust: support discovery via netr_GetDcName
In case a remote DC does not support netr_DsRGetDCNameEx2(),
use netr_GetDcName() instead.
This should help with FreeIPA where embedded smbd runs as a domain
controller but does not implement full Active Directory compatibility.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13538
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Alexander Bokovoy <ab at samba.org>
Autobuild-Date(master): Tue Jul 24 09:55:23 CEST 2018 on sn-devel-144
(cherry picked from commit c390728819e73cefbf02e0d52d22805930f4c45b)
commit a500e042a827f385ed51e3d72b87c65b49ac7796
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 19 07:34:11 2018 +0200
s3:selftest: run rpc.lsa.lookupsids also with explicit [smb1] and [smb2]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 6800077c5c57c257326573537d1f2bb7a8066149)
commit 3aaaeb9d783d4abfe9436b03d09fa236d7f4c4ee
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 18 16:55:33 2018 +0200
s4:librpc: autonegotiate SMB1/2/3
Windows Server 1709 defaults to SMB2 and does not have SMB1 enabled.
When establishing trust, samba-tool does not specify SMB protocol
version and fail by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 4422f7382aad3090cb959ade030a02bf4fef81ac)
commit 882db915e3ccc1691c45319f4da2303a27103703
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jul 23 00:17:35 2018 +0200
python/tests: use explicit "client ipc max protocol = NT1" for samba.tests.net_join_no_spnego
The tests rely on SMB1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 802e43bf742e756896fa73fcd139feca9ae293dd)
commit 80a0c49c49acadefcd80dc33f0dbe85d9c70b11d
Author: Alexander Bokovoy <ab at samba.org>
Date: Thu Jul 19 14:07:39 2018 +0300
tests/auth_log: Permit SMB2 service description if empty binding is used for kerberos authentication
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 70a9cf9ccfc4075cc08209191db1bce2c9b432fc)
commit 0af56069d4f174f480faade12c501ba79efcb3b1
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 18 14:52:43 2018 +0200
s4:libcli: add smb_connect_nego_{send,recv}()
This can be used to create a connection up to a negotiated
smbXcli_conn.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit e4910f35eab008a41cfcac3d97b3647c721ac679)
commit faa5c606b29f285d6d5f30de66006ed2fa2a5070
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 19 23:04:33 2018 +0200
s4:libcli: allow a fallback to NTLMSSP if SPNEGO is not supported locally
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 5188454bdce80f6e2bfc45deca18bd1b7289a7a6)
commit 73f0518062df162391dba8355d6a5f64adcbda79
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 18 23:52:30 2018 +0200
s4:libcli: add fallback_to_anonymous to smb2_connect_send()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit ca000d8901e6acb8a7c59d26d4f75c9d92bafece)
commit b2e0a787ec33cf8221ecfe135eb8c5ceb7113f83
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 18 16:44:16 2018 +0200
s4:libcli: allow passing an already negotiated connection to smb2_connect_send()
It will just do the session setup and tree connect steps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit f20e607c15b4c8ae56ade5d7e68d832542a2cd5e)
commit 384a61f0d8408cf10aebc5332427c1a8e822c362
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 18 16:43:32 2018 +0200
s4:libcli: split out smb2_connect_session_start()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 5ad5b81b6ef601596583b4ad7d6a14241fa99a71)
commit 630b5b9d90dd79bdb542c0de0c0d66b9193073f1
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 18 16:43:04 2018 +0200
s4:libcli: add smb2_transport_raw_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit ce2248c4b5aad2d00155a2e77b3e6340ce824979)
commit 139ee191d6320f348a94c989f47857e0f90a2caf
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 18 15:34:55 2018 +0200
s4:libcli: allow passing an already negotiated connection to smb_composite_connect()
It will just do the session setup and tree connect steps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 2b68f9b8b0dd944fa89b9e0037886ddd4fb4e5f9)
commit 5bed1ef4a8e4ca0a42594ad2d0eec094c0567fe3
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 18 15:01:50 2018 +0200
s4:libcli: use talloc_zero() for struct smb_composite_connect in fetchfile.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 87d73397f9a9dee8fa0055a2ff08244b2c85e120)
commit 7ee02936daa1aa42c34db6c493cfeae71f4aea9e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 18 15:36:52 2018 +0200
s4:libcli: add smbcli_transport_raw_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit b7e99c2571e31971a6d7f1898e7458c16dc1031e)
commit b2a3582fe05e3bf66a006318876966d9bc516351
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 18 15:36:31 2018 +0200
s4:libcli: split out smb_raw_negotiate_fill_transport()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 17b12a9b9a9dfd859679de77aa0c7ffbc782f1bc)
commit 3f03c9a39bfad3ff456245b606cb35ae028ae9e7
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 19 07:32:08 2018 +0200
librpc: add binding handle support for [smb1]
This will be used to force smb1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 062b518cabd9fb5f72f96cdf400c978c0b844619)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/vfs_ceph.8.xml | 19 ++
lib/ldb/wscript | 32 ++-
librpc/rpc/binding.c | 1 +
librpc/rpc/rpc_common.h | 2 +
python/samba/netcmd/domain.py | 26 ++-
python/samba/tests/auth_log.py | 28 ++-
python/samba/tests/dns_wildcard.py | 48 +++++
python/samba/tests/net_join_no_spnego.py | 2 +
source3/lib/sendfile.c | 293 ++++++++++++++++++++++++---
source3/libsmb/clireadwrite.c | 4 +-
source3/modules/vfs_ceph.c | 11 +-
source3/selftest/tests.py | 7 +-
source3/smbd/smb2_create.c | 16 +-
source3/torture/torture.c | 153 ++++++++++++++
source4/dns_server/dnsserver_common.c | 1 +
source4/libcli/raw/clitransport.c | 44 ++++
source4/libcli/raw/clitree.c | 1 +
source4/libcli/raw/rawnegotiate.c | 74 ++++---
source4/libcli/smb2/connect.c | 69 ++++++-
source4/libcli/smb2/session.c | 35 +++-
source4/libcli/smb2/transport.c | 35 ++++
source4/libcli/smb_composite/connect.c | 48 ++++-
source4/libcli/smb_composite/connect_nego.c | 209 +++++++++++++++++++
source4/libcli/smb_composite/fetchfile.c | 2 +-
source4/libcli/smb_composite/smb_composite.h | 23 +++
source4/libcli/wscript_build | 20 +-
source4/librpc/rpc/dcerpc_connect.c | 257 +++++++++++------------
source4/ntvfs/cifs/vfs_cifs.c | 1 +
source4/torture/smb2/durable_v2_open.c | 11 +-
29 files changed, 1213 insertions(+), 259 deletions(-)
create mode 100644 source4/libcli/smb_composite/connect_nego.c
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/vfs_ceph.8.xml b/docs-xml/manpages/vfs_ceph.8.xml
index c492d31..c6de28a 100644
--- a/docs-xml/manpages/vfs_ceph.8.xml
+++ b/docs-xml/manpages/vfs_ceph.8.xml
@@ -62,7 +62,26 @@
<programlisting>
<smbconfsection name="[share]"/>
<smbconfoption name="vfs objects">ceph</smbconfoption>
+ <smbconfoption name="path">/non-mounted/cephfs/path</smbconfoption>
+ <smbconfoption name="kernel share modes">no</smbconfoption>
</programlisting>
+
+ <para>
+ Since <command>vfs_ceph</command> does not require a filesystem
+ mount, the share <command>path</command> is treated differently:
+ it is interpreted as an absolute path within the Ceph filesystem
+ on the attached Ceph cluster.
+ In a ctdb cluster environment where ctdb manages Samba,
+ <command>CTDB_SAMBA_SKIP_SHARE_CHECK=yes</command> must be
+ configured to disable local share path checks, otherwise ctdb
+ will not reach a healthy state.
+ </para>
+
+ <para>
+ Note that currently <command>kernel share modes</command> have
+ to be disabled in a share running with the CephFS vfs module for
+ file serving to work properly.
+ </para>
</refsect1>
<refsect1>
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index 5ea5231..6d5be7a 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -62,23 +62,33 @@ def configure(conf):
conf.env.standalone_ldb = conf.IN_LAUNCH_DIR()
if not conf.env.standalone_ldb:
+ max_ldb_version = [int(x) for x in VERSION.split(".")]
+ max_ldb_version[2] = 999
+ max_ldb_version_dots = "%d.%d.%d" % tuple(max_ldb_version)
+
if conf.env.disable_python:
- if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=VERSION,
- onlyif='talloc tdb tevent',
- implied_deps='replace talloc tdb tevent'):
+ if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb',
+ minversion=VERSION,
+ maxversion=max_ldb_version_dots,
+ onlyif='talloc tdb tevent',
+ implied_deps='replace talloc tdb tevent'):
conf.define('USING_SYSTEM_LDB', 1)
else:
using_system_pyldb_util = True
- if not conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util', minversion=VERSION,
- onlyif='talloc tdb tevent',
- implied_deps='replace talloc tdb tevent ldb'):
+ if not conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util',
+ minversion=VERSION,
+ maxversion=max_ldb_version_dots,
+ onlyif='talloc tdb tevent',
+ implied_deps='replace talloc tdb tevent ldb'):
using_system_pyldb_util = False
# We need to get a pyldb-util for all the python versions
# we are building for
if conf.env['EXTRA_PYTHON']:
name = 'pyldb-util' + conf.all_envs['extrapython']['PYTHON_SO_ABI_FLAG']
- if not conf.CHECK_BUNDLED_SYSTEM_PKG(name, minversion=VERSION,
+ if not conf.CHECK_BUNDLED_SYSTEM_PKG(name,
+ minversion=VERSION,
+ maxversion=max_ldb_version_dots,
onlyif='talloc tdb tevent',
implied_deps='replace talloc tdb tevent ldb'):
using_system_pyldb_util = False
@@ -86,9 +96,11 @@ def configure(conf):
if using_system_pyldb_util:
conf.define('USING_SYSTEM_PYLDB_UTIL', 1)
- if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=VERSION,
- onlyif='talloc tdb tevent pyldb-util',
- implied_deps='replace talloc tdb tevent'):
+ if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb',
+ minversion=VERSION,
+ maxversion=max_ldb_version_dots,
+ onlyif='talloc tdb tevent pyldb-util',
+ implied_deps='replace talloc tdb tevent'):
conf.define('USING_SYSTEM_LDB', 1)
if conf.CONFIG_SET('USING_SYSTEM_LDB'):
diff --git a/librpc/rpc/binding.c b/librpc/rpc/binding.c
index 63ba682..aa8cc6b 100644
--- a/librpc/rpc/binding.c
+++ b/librpc/rpc/binding.c
@@ -103,6 +103,7 @@ static const struct ncacn_option {
{"print", DCERPC_DEBUG_PRINT_BOTH},
{"padcheck", DCERPC_DEBUG_PAD_CHECK},
{"bigendian", DCERPC_PUSH_BIGENDIAN},
+ {"smb1", DCERPC_SMB1},
{"smb2", DCERPC_SMB2},
{"ndr64", DCERPC_NDR64},
{"packet", DCERPC_PACKET},
diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h
index d6b2d5d..cdc9fe8 100644
--- a/librpc/rpc/rpc_common.h
+++ b/librpc/rpc/rpc_common.h
@@ -108,6 +108,8 @@ struct dcerpc_binding;
#define DCERPC_PACKET (1<<26)
+#define DCERPC_SMB1 (1<<27)
+
/* The following definitions come from ../librpc/rpc/dcerpc_error.c */
const char *dcerpc_errstr(TALLOC_CTX *mem_ctx, uint32_t fault_code);
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index e3a0e49..65df895 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -1774,6 +1774,15 @@ class DomainTrustCommand(Command):
return (policy, info)
+ def get_netlogon_dc_unc(self, conn, server, domain):
+ try:
+ info = conn.netr_DsRGetDCNameEx2(server,
+ None, 0, None, None, None,
+ netlogon.DS_RETURN_DNS_NAME)
+ return info.dc_unc
+ except RuntimeError:
+ return conn.netr_GetDcName(server, domain)
+
def get_netlogon_dc_info(self, conn, server):
info = conn.netr_DsRGetDCNameEx2(server,
None, 0, None, None, None,
@@ -2408,7 +2417,8 @@ class cmd_domain_trust_create(DomainTrustCommand):
raise self.RemoteRuntimeError(self, error, "failed to connect netlogon server")
try:
- remote_netlogon_info = self.get_netlogon_dc_info(remote_netlogon, remote_server)
+ remote_netlogon_dc_unc = self.get_netlogon_dc_unc(remote_netlogon,
+ remote_server, domain)
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "failed to get netlogon dc info")
@@ -2558,9 +2568,9 @@ class cmd_domain_trust_create(DomainTrustCommand):
# this triggers netr_GetForestTrustInformation to our domain.
# and lsaRSetForestTrustInformation() remotely, but new top level
# names are disabled by default.
- remote_forest_info = remote_netlogon.netr_DsRGetForestTrustInformation(remote_netlogon_info.dc_unc,
- local_lsa_info.dns_domain.string,
- netlogon.DS_GFTI_UPDATE_TDO)
+ remote_forest_info = remote_netlogon.netr_DsRGetForestTrustInformation(remote_netlogon_dc_unc,
+ local_lsa_info.dns_domain.string,
+ netlogon.DS_GFTI_UPDATE_TDO)
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "netr_DsRGetForestTrustInformation() failed")
@@ -2611,10 +2621,10 @@ class cmd_domain_trust_create(DomainTrustCommand):
if remote_trust_info.trust_direction & lsa.LSA_TRUST_DIRECTION_OUTBOUND:
self.outf.write("Validating incoming trust...\n")
try:
- remote_trust_verify = remote_netlogon.netr_LogonControl2Ex(remote_netlogon_info.dc_unc,
- netlogon.NETLOGON_CONTROL_TC_VERIFY,
- 2,
- local_lsa_info.dns_domain.string)
+ remote_trust_verify = remote_netlogon.netr_LogonControl2Ex(remote_netlogon_dc_unc,
+ netlogon.NETLOGON_CONTROL_TC_VERIFY,
+ 2,
+ local_lsa_info.dns_domain.string)
except RuntimeError as error:
raise self.RemoteRuntimeError(self, error, "NETLOGON_CONTROL_TC_VERIFY failed")
diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py
index 6b032a8..6233228 100644
--- a/python/samba/tests/auth_log.py
+++ b/python/samba/tests/auth_log.py
@@ -33,6 +33,7 @@ from samba.credentials import Credentials, DONT_USE_KERBEROS, MUST_USE_KERBEROS
from samba import NTSTATUSError
from subprocess import call
from ldb import LdbError
+import re
class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
@@ -71,6 +72,20 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
messages = self.waitForMessages(isLastExpectedMessage, x)
checkFunction(messages, authTypes, service, binding, protection)
+ def _assert_ncacn_np_serviceDescription(self, binding, serviceDescription):
+ # Turn "[foo,bar]" into a list ("foo", "bar") to test
+ # lambda x: x removes anything that evaluates to False,
+ # including empty strings, so we handle "" as well
+ binding_list = filter(lambda x: x, re.compile('[\[,\]]').split(binding))
+
+ # Handle explicit smb2, smb1 or auto negotiation
+ if "smb2" in binding_list:
+ self.assertEquals(serviceDescription, "SMB2")
+ elif "smb1" in binding_list:
+ self.assertEquals(serviceDescription, "SMB")
+ else:
+ self.assertIn(serviceDescription, ["SMB", "SMB2"])
+
def rpc_ncacn_np_ntlm_check(self, messages, authTypes, service,
binding, protection):
@@ -83,14 +98,14 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
msg = messages[0]
self.assertEquals("Authentication", msg["type"])
self.assertEquals("NT_STATUS_OK", msg["Authentication"]["status"])
- self.assertEquals("SMB",
- msg["Authentication"]["serviceDescription"])
+ self._assert_ncacn_np_serviceDescription(binding,
+ msg["Authentication"]["serviceDescription"])
self.assertEquals(authTypes[1], msg["Authentication"]["authDescription"])
# Check the second message it should be an Authorization
msg = messages[1]
self.assertEquals("Authorization", msg["type"])
- self.assertEquals("SMB",
+ self._assert_ncacn_np_serviceDescription(binding,
msg["Authorization"]["serviceDescription"])
self.assertEquals(authTypes[2], msg["Authorization"]["authType"])
self.assertEquals("SMB", msg["Authorization"]["transportProtection"])
@@ -139,12 +154,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
# Check the third message it should be an Authorization
msg = messages[2]
self.assertEquals("Authorization", msg["type"])
- serviceDescription = "SMB"
- print "binding %s" % binding
- if binding == "[smb2]":
- serviceDescription = "SMB2"
-
- self.assertEquals(serviceDescription,
+ self._assert_ncacn_np_serviceDescription(binding,
msg["Authorization"]["serviceDescription"])
self.assertEquals(authTypes[3], msg["Authorization"]["authType"])
self.assertEquals("SMB", msg["Authorization"]["transportProtection"])
diff --git a/python/samba/tests/dns_wildcard.py b/python/samba/tests/dns_wildcard.py
index ca8426a..01e06b8 100644
--- a/python/samba/tests/dns_wildcard.py
+++ b/python/samba/tests/dns_wildcard.py
@@ -172,6 +172,30 @@ class TestWildCardQueries(DNSTest):
self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A)
self.assertEquals(response.answers[0].rdata, WILDCARD_IP)
+ def test_one_a_query_match_wildcard_2_labels(self):
+ """ Query an A record, should match the wild card entry
+ have two labels to the left of the wild card target.
+ """
+
+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+ questions = []
+
+ # Check the record
+ name = "label2.label1.wildcardtest.%s" % self.get_dns_domain()
+ q = self.make_name_question(name,
+ dns.DNS_QTYPE_A,
+ dns.DNS_QCLASS_IN)
+ questions.append(q)
+
+ self.finish_name_packet(p, questions)
+ (response, response_packet) =\
+ self.dns_transaction_udp(p, host=self.server_ip)
+ self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
+ self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY)
+ self.assertEquals(response.ancount, 1)
+ self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A)
+ self.assertEquals(response.answers[0].rdata, WILDCARD_IP)
+
def test_one_a_query_wildcard_entry(self):
"Query the wildcard entry"
@@ -239,6 +263,30 @@ class TestWildCardQueries(DNSTest):
self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A)
self.assertEquals(response.answers[0].rdata, LEVEL2_WILDCARD_IP)
+ def test_one_a_query_match_wildcard_l2_2_labels(self):
+ """Query an A record, should match the level 2 wild card entry
+ have two labels to the left of the wild card target
+ """
+
+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+ questions = []
+
+ # Check the record
+ name = "label1.label2.level2.wildcardtest.%s" % self.get_dns_domain()
+ q = self.make_name_question(name,
+ dns.DNS_QTYPE_A,
+ dns.DNS_QCLASS_IN)
+ questions.append(q)
+
+ self.finish_name_packet(p, questions)
+ (response, response_packet) =\
+ self.dns_transaction_udp(p, host=self.server_ip)
+ self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
+ self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY)
+ self.assertEquals(response.ancount, 1)
+ self.assertEquals(response.answers[0].rr_type, dns.DNS_QTYPE_A)
+ self.assertEquals(response.answers[0].rdata, LEVEL2_WILDCARD_IP)
+
def test_one_a_query_exact_match_l2(self):
"""Query an entry that matches the wild card but has an exact match as
well.
diff --git a/python/samba/tests/net_join_no_spnego.py b/python/samba/tests/net_join_no_spnego.py
index 09a2856..0f45913 100644
--- a/python/samba/tests/net_join_no_spnego.py
+++ b/python/samba/tests/net_join_no_spnego.py
@@ -42,6 +42,7 @@ class NetJoinNoSpnegoTests(samba.tests.TestCaseInTempDir):
super(NetJoinNoSpnegoTests, self).tearDown()
def test_net_join_no_spnego(self):
+ self.lp.set("client ipc max protocol", "NT1")
self.lp.set("client use spnego", "no")
netbios_name = "NetJoinNoSpnego"
machinepass = "abcdefghij"
@@ -65,6 +66,7 @@ class NetJoinNoSpnegoTests(samba.tests.TestCaseInTempDir):
self.fail("Shoud have rejected NTLMv2 without SPNEGO")
def test_net_join_no_spnego_ntlmv1(self):
+ self.lp.set("client ipc max protocol", "NT1")
self.lp.set("client use spnego", "no")
self.lp.set("client ntlmv2 auth", "no")
netbios_name = "NetJoinNoSpnego"
diff --git a/source3/lib/sendfile.c b/source3/lib/sendfile.c
index 3d457bd..d3effaf 100644
--- a/source3/lib/sendfile.c
+++ b/source3/lib/sendfile.c
@@ -24,6 +24,7 @@
*/
#include "includes.h"
+#include "system/filesys.h"
#if defined(LINUX_SENDFILE_API)
@@ -36,8 +37,10 @@
ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset, size_t count)
{
size_t total=0;
- ssize_t ret;
+ ssize_t ret = -1;
size_t hdr_len = 0;
+ int old_flags = 0;
+ bool socket_flags_changed = false;
/*
* Send the header first.
@@ -48,8 +51,25 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
hdr_len = header->length;
while (total < hdr_len) {
ret = sys_send(tofd, header->data + total,hdr_len - total, MSG_MORE);
- if (ret == -1)
- return -1;
+ if (ret == -1) {
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ /*
+ * send() must complete before we can
+ * send any other outgoing data on the
+ * socket. Ensure socket is in blocking
+ * mode. For SMB2 by default the socket
+ * is in non-blocking mode.
+ */
+ old_flags = fcntl(tofd, F_GETFL, 0);
+ ret = set_blocking(tofd, true);
+ if (ret == -1) {
+ goto out;
+ }
+ socket_flags_changed = true;
+ continue;
+ }
+ goto out;
+ }
total += ret;
}
}
@@ -59,8 +79,34 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
ssize_t nwritten;
do {
nwritten = sendfile(tofd, fromfd, &offset, total);
- } while (nwritten == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK));
+ } while (nwritten == -1 && errno == EINTR);
if (nwritten == -1) {
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ if (socket_flags_changed) {
+ /*
+ * We're already in blocking
+ * mode. This is an error.
+ */
+ ret = -1;
+ goto out;
+ }
+
+ /*
+ * Sendfile must complete before we can
+ * send any other outgoing data on the socket.
+ * Ensure socket is in blocking mode.
+ * For SMB2 by default the socket is in
+ * non-blocking mode.
+ */
+ old_flags = fcntl(tofd, F_GETFL, 0);
+ ret = set_blocking(tofd, true);
+ if (ret == -1) {
+ goto out;
+ }
+ socket_flags_changed = true;
+ continue;
+ }
+
if (errno == ENOSYS || errno == EINVAL) {
/* Ok - we're in a world of pain here. We just sent
* the header, but the sendfile failed. We have to
@@ -72,17 +118,41 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
*/
errno = EINTR; /* Normally we can never return this. */
}
- return -1;
+ ret = -1;
+ goto out;
}
if (nwritten == 0) {
/*
* EOF, return a short read
*/
- return hdr_len + (count - total);
+ ret = hdr_len + (count - total);
+ goto out;
}
total -= nwritten;
}
- return count + hdr_len;
+
+ ret = count + hdr_len;
+
+ out:
+
+ if (socket_flags_changed) {
+ int saved_errno;
+ int err;
+
+ if (ret == -1) {
+ saved_errno = errno;
+ }
+ /* Restore the old state of the socket. */
+ err = fcntl(tofd, F_SETFL, old_flags);
+ if (err == -1) {
+ return -1;
+ }
+ if (ret == -1) {
+ errno = saved_errno;
+ }
+ }
+
+ return ret;
}
#elif defined(SOLARIS_SENDFILE_API)
@@ -99,6 +169,9 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
size_t total, xferred;
struct sendfilevec vec[2];
ssize_t hdr_len = 0;
+ int old_flags = 0;
+ ssize_t ret = -1;
+ bool socket_flags_changed = false;
if (header) {
sfvcnt = 2;
@@ -135,17 +208,37 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
xferred = 0;
nwritten = sendfilev(tofd, vec, sfvcnt, &xferred);
- if (nwritten == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) {
+ if (nwritten == -1 && errno == EINTR) {
if (xferred == 0)
continue; /* Nothing written yet. */
else
nwritten = xferred;
}
- if (nwritten == -1)
- return -1;
- if (nwritten == 0)
- return -1; /* I think we're at EOF here... */
+ if (nwritten == -1) {
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ /*
+ * Sendfile must complete before we can
+ * send any other outgoing data on the socket.
+ * Ensure socket is in blocking mode.
+ * For SMB2 by default the socket is in
+ * non-blocking mode.
+ */
+ old_flags = fcntl(tofd, F_GETFL, 0);
+ ret = set_blocking(tofd, true);
+ if (ret == -1) {
+ goto out;
+ }
+ socket_flags_changed = true;
+ continue;
--
Samba Shared Repository
More information about the samba-cvs
mailing list