[SCM] Samba Shared Repository - branch v4-10-test updated
Karolin Seeger
kseeger at samba.org
Fri Jun 21 11:15:03 UTC 2019
The branch, v4-10-test has been updated
via 48c47f5dbbb wafsamba: Use native waf timer
via d106f5eb971 s3:mdssvc: fix flex compilation error
via 7c80167e2af ctdb-scripts: Fix tcp_tw_recycle existence check
via 4f32284840d docs: Improve documentation of "lanman auth" and "ntlm auth" connection
via 47a96935df0 vfs_fruit: remove a now unnecessary include
via bdc257a1cba vfs_fruit: use VFS functions in ad_read_rsrc_adouble()
via 2d6a2080afb vfs_fruit: use fsp and remove syscalls from ad_convert_blank_rfork()
via 91ed0f8beb9 vfs_fruit: use VFS function in ad_convert_truncate()
via 28cdc4421c2 vfs_fruit: add VFS handle to ad_convert_truncate()
via fef47b90e54 vfs_fruit: use fsp and remove mmap in ad_convert_xattr()
via 7fc300d4655 vfs_fruit: remove use of mmap() from ad_convert_move_reso()
via d49df05e619 vfs_fruit: convert ad_open_rsrc() to open a proper fsp with SMB_VFS_CREATE_FILE()
via f5d1561c5b1 vfs_fruit: only do cross protocol locking on non-internal opens
via 9ebfd4f2e51 vfs_fruit: remove a layer of indirection
via f890c4fb86c vfs_fruit: pass VFS handle to ad_convert_move_reso()
via 8f49fbfdebb vfs_fruit: remove xattr code from the AppleDouble subsystem
via 7bd5ceea7d2 vfs_fruit: remove now unused AppleDouble code for resource fork in xattr
via cc1ff660b80 vfs_fruit: use stream code for resource fork size calculation in readdir_attr_rfork_size()
via d1164d9f374 vfs_fruit: use correct case FRUIT_RSRC_STREAM in readdir_attr_rfork_size()
via 8ceb0486446 vfs_fruit: ignore AppleDouble files in fruit_unlink()
via 30f25ed6214 vfs_fruit: add a missing else
via 8787ac7938c vfs_fruit: add and use is_adouble_file()
via 2b8eeb231e0 vfs_fruit: finally, remove ad_handle from struct adouble
via ef0522b3434 vfs_fruit: pass handle to ad_convert_delete_adfile()
via f2b796844b1 vfs_fruit: pass handle to ad_convert_finderinfo()
via 3ff1b960c5e vfs_fruit: pass handle to ad_convert_blank_rfork()
via 4e22296dc6c vfs_fruit: pass handle to ad_convert_xattr()
via 47e08c03ed8 vfs_fruit: indentation fix
via 03d1328e33b vfs_fruit: pass handle to ad_read_rsrc() and all the way down
via 9b4ad2a32a6 vfs_fruit: use proper VFS function in ad_read_meta()
via fd63fda7769 vfs_fruit: indentation fix
via 7a99bba9294 vfs_fruit: pass handle to ad_read_meta()
via 25ee7f97c6c vfs_fruit: pass handle to ad_read()
via ab9a428f335 vfs_fruit: pass handle to ad_set()
via 92bc9e3e11c vfs_fruit: pass handle to ad_fset()
via 730c24902d5 s3:auth: explicitly add BUILTIN\Guests to the guest token
via b312ceb5730 tests: add a test for guest authentication
via d8e33defa5a selftest: allow guest login in the ad_member_idmap_rid env
via 90a538f4689 s3:smbd: call reinit_guest_session_info() in the conf updated handler
via 7f6b171c3e9 s3:auth: add reinit_guest_session_info()
via 813856c1c4e dsdb:audit_log: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..."
via 49acbea1378 ldb_kv: Skip @ records early in a search full scan
via d9fed540c36 samba-tool domain provision: Fix --interactive module in python3
via 8867c178a9b ldap server: generate correct referral schemes
via 207295b9523 ldap tests: test scheme for referrals
via fa1de54cd92 s3/vfs_glusterfs_fuse: Avoid using NAME_MAX directly
via 778448469bb s3/vfs_glusterfs: Avoid using NAME_MAX directly
via bb688404227 Revert "s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX"
via f830628c3aa Revert "s3/vfs_glusterfs: Dynamically determine NAME_MAX"
from 70e8344a043 VERSION: Bump version up to 4.10.6...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test
- Log -----------------------------------------------------------------
commit 48c47f5dbbb2722a718103267d4a0a40b4eaa6a0
Author: Lukas Slebodnik <lslebodn at fedoraproject.org>
Date: Wed Jun 12 12:27:04 2019 +0200
wafsamba: Use native waf timer
__main__:1: DeprecationWarning: time.clock has been deprecated in Python 3.3
and will be removed from Python 3.8: use time.perf_counter
or time.process_time instead
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13998
Signed-off-by: Lukas Slebodnik <lslebodn at fedoraproject.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 8f082904ce580f1a6b8a06ebcc323c99e892bd1f)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-10-test): Fri Jun 21 11:14:16 UTC 2019 on sn-devel-144
commit d106f5eb9718d4f4e6305101709045314fde03a1
Author: Ralph Boehme <slow at samba.org>
Date: Mon May 27 12:27:57 2019 +0200
s3:mdssvc: fix flex compilation error
[4440/4495] Compiling bin/default/source3/rpc_server/mdssvc/sparql_lexer.lex.c
../../source3/rpc_server/mdssvc/sparql_lexer.l:26: error: "yyalloc" redefined [-Werror]
26 | #define yyalloc SMB_MALLOC
Looks like the dirty redefine trick doesn't work anymore with newer flex
versions. According to the flex manual the right thing to do is to provide own
functions for yyalloc and yyrealloc when passing the options "noyyalloc
noyyrealloc".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13987
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue May 28 11:49:06 UTC 2019 on sn-devel-184
(cherry picked from commit 9053391f86a529e0a7dbcd23fa3a555d85c2207c)
commit 7c80167e2af0afbf530b39efd677cdbffb32ad54
Author: Rafael David Tinoco via samba-technical <samba-technical at lists.samba.org>
Date: Sun Jun 2 23:44:15 2019 -0300
ctdb-scripts: Fix tcp_tw_recycle existence check
net.ipv4.tcp_tw_recycle has been removed from Linux 4.12 but, still,
makes sense to check its existence. Unfortunately, current check does
not test for the procfs file existence. This commit fixes the issue.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13984
Signed-off-by: Rafael David Tinoco <rafaeldtinoco at ubuntu.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jun 4 23:31:24 UTC 2019 on sn-devel-184
(cherry picked from commit 843fbb1207ee7ac84f3282974b66b9290d8da0ac)
commit 4f32284840dd5d80df6676019641fcb276bf763e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Jun 1 09:04:48 2019 +1200
docs: Improve documentation of "lanman auth" and "ntlm auth" connection
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13981
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit dbf3e81f7f0b28c69dca004b32ea3a7344b0cad3)
commit 47a96935df0a1914ca086410c2592cc96f0a378d
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 24 15:15:59 2019 +0200
vfs_fruit: remove a now unnecessary include
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu May 30 22:12:50 UTC 2019 on sn-devel-184
(cherry picked from commit 9a2c9834cb1b77547b8b932c35870301afb9fc25)
commit bdc257a1cbac7e8c73a084b618ba642476807483
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 24 14:51:17 2019 +0200
vfs_fruit: use VFS functions in ad_read_rsrc_adouble()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9fe84a6345bf5d9fdb1df87a853db3380e6fb0f7)
commit 2d6a2080afb8d2c9c3734904acf7b3e9f75445a1
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 24 12:51:15 2019 +0200
vfs_fruit: use fsp and remove syscalls from ad_convert_blank_rfork()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 70c4a8f0ac307009c26e857523192c95b42a92f5)
commit 91ed0f8beb951de5c13c170e3ce49408256d91d2
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 24 12:07:55 2019 +0200
vfs_fruit: use VFS function in ad_convert_truncate()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 3739ad90cf2bbaa2094a34197c894363d2e24a5a)
commit 28cdc4421c2a93f187b58e709c475881929e0d37
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 24 12:05:51 2019 +0200
vfs_fruit: add VFS handle to ad_convert_truncate()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4e44b1da9357120f0ad74e24c650bc6386085c47)
commit fef47b90e5411c641b5ce8842bbe035e4ea51f0c
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 24 11:54:51 2019 +0200
vfs_fruit: use fsp and remove mmap in ad_convert_xattr()
No need to mmap() anyway, the xattr data is already available in ad->ad_data.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4ff7ea0e0312c737aefd350f7b8fbed4c8602325)
commit 7fc300d4655423e7d3daa3e6261c43d6a3805e27
Author: Ralph Boehme <slow at samba.org>
Date: Thu May 23 22:44:21 2019 +0200
vfs_fruit: remove use of mmap() from ad_convert_move_reso()
We now have an fsp that we can use, so we can get rid of mmap() and
sys_pread()/sys_pwrite().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 0041855af0b05d6c47558880d6eebd1970179272)
commit d49df05e619876b4ea986bdc7d51bb3eaf685c2f
Author: Ralph Boehme <slow at samba.org>
Date: Thu May 23 16:42:52 2019 +0200
vfs_fruit: convert ad_open_rsrc() to open a proper fsp with SMB_VFS_CREATE_FILE()
A first step in converting all raw syscalls to use proper VFS functions. All
existing users of the raw system filedescriptor continue to use the fd from
fsp->fh for now.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 29418c726be74feb1d8c3ac9f7b8c983901a2aab)
commit f5d1561c5b1b2efd99e1fc010d9fe8594dd2620a
Author: Ralph Boehme <slow at samba.org>
Date: Thu May 23 16:22:39 2019 +0200
vfs_fruit: only do cross protocol locking on non-internal opens
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit f5f7d1e9bf7e39933ccf7c874e682f9df80a6fec)
commit 9ebfd4f2e5194bad340d2b9093e15730a15c15a0
Author: Ralph Boehme <slow at samba.org>
Date: Thu May 23 08:27:37 2019 +0200
vfs_fruit: remove a layer of indirection
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 97d485ff2cda85edeba163ea01b6abfa705db20f)
commit f890c4fb86cbb6603da8b040559a4e5704cbe0e4
Author: Ralph Boehme <slow at samba.org>
Date: Thu May 23 08:14:18 2019 +0200
vfs_fruit: pass VFS handle to ad_convert_move_reso()
Not used for now, that comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 3919ea048fe3b763657e14cdfb5920184a900d27)
commit 8f49fbfdebb6ae61556a533cdf56deaae5cec36e
Author: Ralph Boehme <slow at samba.org>
Date: Wed May 22 21:15:22 2019 +0200
vfs_fruit: remove xattr code from the AppleDouble subsystem
The subsystem consumers have been reworked in the previous commits, so this is
not used anymore. ad_init() doesn't need a handle argument anymore due to this,
remove it as well.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e3cb1cb24f2a31d7fd03f3bdf417f4704fb4ac7c)
commit 7bd5ceea7d2d9be05e234ca25dc2b7932b820072
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 17 14:31:15 2019 +0200
vfs_fruit: remove now unused AppleDouble code for resource fork in xattr
This was only needed to get the resourcefork size via the ad_* AppleDouble
function. This is now done with a fstat on the low level xattr fd (remember,
this is Solaris only code...), so we can remove the xattr special casing from
the AppleDouble functions.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit cb9dffa1c66294b6eed85e7576aa99c642d0b541)
commit cc1ff660b804c0270a022ce1780078bc62973d15
Author: Ralph Boehme <slow at samba.org>
Date: Wed May 22 18:08:14 2019 +0200
vfs_fruit: use stream code for resource fork size calculation in readdir_attr_rfork_size()
This works as well, using an fstat() on the filehandle to get the size. This is
tested by the torture test "vfs.fruit.SMB2/CREATE context AAPL".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit a23bcc1916a49bf3e0edece190e5434e39862d2c)
commit d1164d9f374f4b5f7a95a04a0db6213a7cd1318f
Author: Ralph Boehme <slow at samba.org>
Date: Wed May 22 17:02:20 2019 +0200
vfs_fruit: use correct case FRUIT_RSRC_STREAM in readdir_attr_rfork_size()
This is a genuine bug, but luckily this would only impact configs which nobody
uses:
fruit:metadata = netatalk
fruit:resource = stream
With the above configuration the switch in readdir_attr_rfork_size() would hit
the default case and so always report resource forks as 0 bytes in size.
All deployment that I've seen that use fruit:resource=stream also use
fruit:metadata=stream, so the switch takes FRUIT_META_STREAM case which runs the
correct code readdir_attr_rfork_size_stream().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 83179a74119de84d20f796c241aae6bccb83a68b)
commit 8ceb048644605affc6fbefbb7d14c512d24af79e
Author: Ralph Boehme <slow at samba.org>
Date: Tue May 21 11:42:47 2019 +0200
vfs_fruit: ignore AppleDouble files in fruit_unlink()
Otherwise, if SMB_VFS_UNLINK() is called for an AppleDouble path "._file", we
try to delete "._._file" which doesn't make sense. AppleDouble files don't have
AppleDouble themselves.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 797dc649456f39add4af8b54b60db0268ad4e90e)
commit 30f25ed6214aca17de70da3482a2b26bbac2ebcd
Author: Ralph Boehme <slow at samba.org>
Date: Tue May 21 11:40:33 2019 +0200
vfs_fruit: add a missing else
Luckily the missing else has the same control flow due to the previous if and
else blocks calling return.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 44d8568001c87d28962dfc4e3fde6d0f7f409997)
commit 8787ac7938c94e7ba21477354afc1059ab804e67
Author: Ralph Boehme <slow at samba.org>
Date: Tue May 21 11:39:18 2019 +0200
vfs_fruit: add and use is_adouble_file()
This adds a helper function that checks whether the last component of a path is
an AppleDouble sidecar file with "._" name prefix.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit ad70c947c759aa0965ee57f973fb8dc1909e0e39)
commit 2b8eeb231e0df6a85a51e8d9029deb3789cdae03
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 17 12:19:06 2019 +0200
vfs_fruit: finally, remove ad_handle from struct adouble
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e266daaed149561b746dbb8d5e9523862f0057b5)
commit ef0522b3434735db2c5e2673709277725e823e3a
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 17 12:17:28 2019 +0200
vfs_fruit: pass handle to ad_convert_delete_adfile()
On the course of removing ad_handle from struct adouble, step 10.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 5f4d16b40e07acf8d27fee62f1a56de175663a1d)
commit f2b796844b1f8dc8486e7859db8c9798db9562f8
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 17 12:05:07 2019 +0200
vfs_fruit: pass handle to ad_convert_finderinfo()
On the course of removing ad_handle from struct adouble, step 9.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 50874c1548d62ab0ddaaa6dd4124279ee5029fcf)
commit 3ff1b960c5efab543e60e7758c4e2e3cfe85234e
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 17 12:02:46 2019 +0200
vfs_fruit: pass handle to ad_convert_blank_rfork()
On the course of removing ad_handle from struct adouble, step 8.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit adc7ac38b849b4dce4a85fd6442c8d4b9da57686)
commit 4e22296dc6c716c7df4e386ca331c6a0163ad1c5
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 17 11:54:10 2019 +0200
vfs_fruit: pass handle to ad_convert_xattr()
On the course of removing ad_handle from struct adouble, step 7.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit fd2f4cf828ee4c31e3b5a27a79d3a0ee12a5877a)
commit 47e08c03ed8d419d6ce021fabab34c09e84f65ef
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 17 11:23:17 2019 +0200
vfs_fruit: indentation fix
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 400b3c2f8c82b1defe1e321e0cdae486b930344f)
commit 03d1328e33bbf8dcbbc8c1c35c72bc5551e8dae4
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 17 11:47:26 2019 +0200
vfs_fruit: pass handle to ad_read_rsrc() and all the way down
On the course of removing ad_handle from struct adouble, step 5.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 661dfa4a19673fdb30d5bf36279cdf867454b947)
commit 9b4ad2a32a620f9d21be095beeb3a5d5c7cc32b8
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 17 11:42:06 2019 +0200
vfs_fruit: use proper VFS function in ad_read_meta()
Continuing to ignore a possible error for now, this is in an error codepath
anyway.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 30ca328c698c2e035e240359bda7c9dcbeb646df)
commit fd63fda7769e31dc5e907be1dfc90dfbcf22589f
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 17 11:23:17 2019 +0200
vfs_fruit: indentation fix
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 47721d8d359ef78b8dd4f77f92c30c2caf2c4a80)
commit 7a99bba92946a1b61495501ce9f026d789643073
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 17 11:22:24 2019 +0200
vfs_fruit: pass handle to ad_read_meta()
On the course of removing ad_handle from struct adouble, step 4.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit f8df09157f31b53dbe73eaf4349fc071bfcc1b90)
commit 25ee7f97c6cf7973a359c4aec5831283cd095c05
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 17 11:19:53 2019 +0200
vfs_fruit: pass handle to ad_read()
On the course of removing ad_handle from struct adouble, step 3.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit d0abf945e683766029d28915541a4baf9f3879ab)
commit ab9a428f33589225b1d5e1a00c4ee00202c53cf4
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 17 10:43:55 2019 +0200
vfs_fruit: pass handle to ad_set()
On the course of removing ad_handle from struct adouble, step 2.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit c78ba30ac4534b7037b979ac96b77b834b2eb2fe)
commit 92bc9e3e11c73429c7f3059991c8673ece58bc55
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 17 10:41:29 2019 +0200
vfs_fruit: pass handle to ad_fset()
On the course of removing ad_handle from struct adouble, step 1.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 585d4d49770b4ddc3f7d9dcbb3e322f072767781)
commit 730c24902d5e3dd88ab62072d9f3eaee8657fca2
Author: Ralph Boehme <slow at samba.org>
Date: Mon May 13 20:16:47 2019 +0200
s3:auth: explicitly add BUILTIN\Guests to the guest token
This changes ensures that smbd always adds BUILTIN\Guests to the guest token
which is required for guest authentication.
Currently the guest token depends on the on-disk configured group mappings. If
there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not
a member, the final guest token won't contain BUILTIN\Guests.
For SMB2 the flag SMB2_SESSION_FLAG_IS_GUEST will not be set in the final SMB2
SESSION_SETUP response, because smbd sets it based on the token containing the
BUILTIN\Guests SID S-1-5-32-546.
At the same time, the packet is not signed which causes Windows clients and
smbclient to reject the unsigned SMB2 SESSION_SETUP response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944
Pair-programmed-with: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Jun 5 16:55:26 UTC 2019 on sn-devel-184
(cherry picked from commit a66af4c96accba4ee64eeb1958458b69f3ccec1d)
commit b312ceb5730bf76a989d5b0a9744ebfdeca22e27
Author: Ralph Boehme <slow at samba.org>
Date: Thu May 16 12:47:34 2019 +0200
tests: add a test for guest authentication
This verifies that smbd always adds BUILTIN\Guests to the guest token which is
required for guest authentication.
Currently the guest token depends on the on-disk configured group mappings. If
there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not
a member, the final guest token won't contain BUILTIN\Guests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0e88f98855e24cfddb55bef65c5910b8e662c630)
commit d8e33defa5a167d80dc304fffe860345b3a1aaa9
Author: Ralph Boehme <slow at samba.org>
Date: Thu May 16 12:43:40 2019 +0200
selftest: allow guest login in the ad_member_idmap_rid env
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ac2167eb2349dc1c453e14a65692f16c8ba6532e)
commit 90a538f4689488a9adc3ab9f504cc9bc1716e1ff
Author: Ralph Boehme <slow at samba.org>
Date: Thu May 16 12:42:54 2019 +0200
s3:smbd: call reinit_guest_session_info() in the conf updated handler
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f4e340a48b6f059a1daa66deb9c26da9e8fcd5e7)
commit 7f6b171c3e94ab96ed53633657254eaf2d562668
Author: Ralph Boehme <slow at samba.org>
Date: Thu May 16 12:42:29 2019 +0200
s3:auth: add reinit_guest_session_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8096cc7eb2b36b074ff17a52dc3540be4ecff6bb)
commit 813856c1c4ee7954e1de8e7112db40a11b8f8001
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 26 14:31:46 2019 +0000
dsdb:audit_log: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..."
We better print "... remote host [Unknown] SID [S-1-5-18] ..."
in 'dsdb_audit' message, this matches what we print for
'dsdb_json_audit'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13916
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 706aba5bf62e674ae12786f6ab275752b8714464)
commit 49acbea1378152eccb37dc6d25e2855bd7faf461
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Apr 5 10:46:50 2019 +1300
ldb_kv: Skip @ records early in a search full scan
@ records like @IDXLIST are only available via a base search on the specific name
but the method by which they were excluded was expensive, after the unpack the
DN is exploded and ldb_match_msg_error() would reject it for failing to match the
scope.
This uses the fact that @ records have the DN=@ prefix on their TDB/LMDB key
to quickly exclude them from consideration.
Based on analysis by Garming Sam.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13893
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 10 06:23:39 UTC 2019 on sn-devel-144
(cherry picked from commit 49b77d8df2d7113ac7ddb75e78de6628933ff852)
commit d9fed540c3669564919997cdfb1500e34f397cc5
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Mar 10 23:38:27 2019 +0000
samba-tool domain provision: Fix --interactive module in python3
The prompts were not being printed to the screen because the stream
was not being flushed.
As reported on the samba mailing list by Adam Xu:
https://lists.samba.org/archive/samba/2019-March/221753.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13828
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>
(cherry picked from commit 31aecee1446c5006771aaa535ae85810bbfb5db0)
commit 8867c178a9b22f5ed85ec056498ac4647d7f6de5
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Tue May 21 13:17:22 2019 +1200
ldap server: generate correct referral schemes
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri May 24 05:12:14 UTC 2019 on sn-devel-184
(cherry picked from commit 1958cd8a7fb81ec51b81944ecf4dd0fb5c4208fa)
commit 207295b952365c3785a2f2165c3510b3d4864d77
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Tue May 21 13:14:08 2019 +1200
ldap tests: test scheme for referrals
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 6ccf74cf878c295903673e3a1d1ed924a5e87547)
commit fa1de54cd92c96bbf914eb39d712f59d5a2f3160
Author: Günther Deschner <gd at samba.org>
Date: Mon Jun 3 16:28:36 2019 +0200
s3/vfs_glusterfs_fuse: Avoid using NAME_MAX directly
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Tue Jun 11 00:29:19 UTC 2019 on sn-devel-184
commit 778448469bbe68b2942083a4c9b020717213ed25
Author: Günther Deschner <gd at samba.org>
Date: Mon Jun 3 16:25:46 2019 +0200
s3/vfs_glusterfs: Avoid using NAME_MAX directly
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit bb6884042272b943449a225a76d7fab18c2ca00f
Author: Günther Deschner <gd at samba.org>
Date: Mon Jun 3 14:27:44 2019 +0200
Revert "s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX"
This reverts commit e28d172b00cadf492c22bd892e2dda3bf2fe2d70.
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit f830628c3aaf7e7e6243b889c67dfe661f568f24
Author: Günther Deschner <gd at samba.org>
Date: Mon Jun 3 14:27:18 2019 +0200
Revert "s3/vfs_glusterfs: Dynamically determine NAME_MAX"
This reverts commit 8e3a042eb9e502821b147f1bbb2d98d59f17a095.
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_deps.py | 25 +-
ctdb/config/nfs-linux-kernel-callout | 4 +-
docs-xml/smbdotconf/security/lanmanauth.xml | 14 +-
docs-xml/smbdotconf/security/ntlmauth.xml | 9 +-
lib/ldb/include/ldb_module.h | 5 +
lib/ldb/ldb_key_value/ldb_kv.c | 12 +-
lib/ldb/ldb_key_value/ldb_kv.h | 7 +-
lib/ldb/ldb_key_value/ldb_kv_index.c | 14 +-
lib/ldb/ldb_key_value/ldb_kv_search.c | 19 +-
python/samba/netcmd/domain.py | 1 +
python/samba/tests/ldap_referrals.py | 91 ++++++
selftest/target/Samba3.pm | 1 +
source3/auth/auth_util.c | 26 ++
source3/auth/proto.h | 1 +
source3/modules/vfs_fruit.c | 485 +++++++++++++---------------
source3/modules/vfs_glusterfs.c | 41 +--
source3/modules/vfs_glusterfs_fuse.c | 34 +-
source3/rpc_server/mdssvc/sparql_lexer.l | 12 +-
source3/script/tests/test_guest_auth.sh | 103 ++++++
source3/selftest/tests.py | 5 +
source3/smbd/server.c | 6 +
source4/dsdb/samdb/ldb_modules/audit_log.c | 4 +-
source4/dsdb/samdb/ldb_modules/partition.c | 16 +-
source4/ldap_server/ldap_backend.c | 18 ++
source4/ldap_server/ldap_server.c | 1 +
source4/ldap_server/ldap_server.h | 6 +
source4/selftest/tests.py | 9 +
27 files changed, 609 insertions(+), 360 deletions(-)
create mode 100644 python/samba/tests/ldap_referrals.py
create mode 100755 source3/script/tests/test_guest_auth.sh
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_deps.py b/buildtools/wafsamba/samba_deps.py
index f8c38809bd2..03c37079a8c 100644
--- a/buildtools/wafsamba/samba_deps.py
+++ b/buildtools/wafsamba/samba_deps.py
@@ -1,6 +1,6 @@
# Samba automatic dependency handling and project rules
-import os, sys, re, time
+import os, sys, re
from waflib import Build, Options, Logs, Utils, Errors
from waflib.Logs import debug
@@ -1102,8 +1102,7 @@ def check_project_rules(bld):
if not force_project_rules and load_samba_deps(bld, tgt_list):
return
- global tstart
- tstart = time.clock()
+ timer = Utils.Timer()
bld.new_rules = True
Logs.info("Checking project rules ...")
@@ -1112,26 +1111,26 @@ def check_project_rules(bld):
expand_subsystem_deps(bld)
- debug("deps: expand_subsystem_deps: %f" % (time.clock() - tstart))
+ debug("deps: expand_subsystem_deps: %s" % str(timer))
replace_grouping_libraries(bld, tgt_list)
- debug("deps: replace_grouping_libraries: %f" % (time.clock() - tstart))
+ debug("deps: replace_grouping_libraries: %s" % str(timer))
build_direct_deps(bld, tgt_list)
- debug("deps: build_direct_deps: %f" % (time.clock() - tstart))
+ debug("deps: build_direct_deps: %s" % str(timer))
break_dependency_loops(bld, tgt_list)
- debug("deps: break_dependency_loops: %f" % (time.clock() - tstart))
+ debug("deps: break_dependency_loops: %s" % str(timer))
if Options.options.SHOWDEPS:
show_dependencies(bld, Options.options.SHOWDEPS, set())
calculate_final_deps(bld, tgt_list, loops)
- debug("deps: calculate_final_deps: %f" % (time.clock() - tstart))
+ debug("deps: calculate_final_deps: %s" % str(timer))
if Options.options.SHOW_DUPLICATES:
show_object_duplicates(bld, tgt_list)
@@ -1140,7 +1139,7 @@ def check_project_rules(bld):
for f in [ build_dependencies, build_includes, add_init_functions ]:
debug('deps: project rules checking %s', f)
for t in tgt_list: f(t)
- debug("deps: %s: %f" % (f, time.clock() - tstart))
+ debug("deps: %s: %s" % (f, str(timer)))
debug('deps: project rules stage1 completed')
@@ -1148,17 +1147,17 @@ def check_project_rules(bld):
Logs.error("Duplicate sources present - aborting")
sys.exit(1)
- debug("deps: check_duplicate_sources: %f" % (time.clock() - tstart))
+ debug("deps: check_duplicate_sources: %s" % str(timer))
if not bld.check_group_ordering(tgt_list):
Logs.error("Bad group ordering - aborting")
sys.exit(1)
- debug("deps: check_group_ordering: %f" % (time.clock() - tstart))
+ debug("deps: check_group_ordering: %s" % str(timer))
show_final_deps(bld, tgt_list)
- debug("deps: show_final_deps: %f" % (time.clock() - tstart))
+ debug("deps: show_final_deps: %s" % str(timer))
debug('deps: project rules checking completed - %u targets checked',
len(tgt_list))
@@ -1166,7 +1165,7 @@ def check_project_rules(bld):
if not bld.is_install:
save_samba_deps(bld, tgt_list)
- debug("deps: save_samba_deps: %f" % (time.clock() - tstart))
+ debug("deps: save_samba_deps: %s" % str(timer))
Logs.info("Project rules pass")
diff --git a/ctdb/config/nfs-linux-kernel-callout b/ctdb/config/nfs-linux-kernel-callout
index 3d1dc63c590..12ed17c6d9e 100755
--- a/ctdb/config/nfs-linux-kernel-callout
+++ b/ctdb/config/nfs-linux-kernel-callout
@@ -281,8 +281,8 @@ nfs_startup ()
basic_stop "nfs" || true
basic_start "nfs"
_f="${PROCFS_PATH}/sys/net/ipv4/tcp_tw_recycle"
- if [ "$_f" ] ; then
- echo 1 >"$_f"
+ if [ -f "$_f" ] ; then
+ echo 1 >"$_f"
fi
}
diff --git a/docs-xml/smbdotconf/security/lanmanauth.xml b/docs-xml/smbdotconf/security/lanmanauth.xml
index a9e4f88b89f..97f2fb04dcb 100644
--- a/docs-xml/smbdotconf/security/lanmanauth.xml
+++ b/docs-xml/smbdotconf/security/lanmanauth.xml
@@ -24,16 +24,18 @@
auth is re-enabled later on.
</para>
- <para>Unlike the <command moreinfo="none">encrypt
- passwords</command> option, this parameter cannot alter client
+ <para>Unlike the <parameter moreinfo="none">encrypt
+ passwords</parameter> option, this parameter cannot alter client
behaviour, and the LANMAN response will still be sent over the
network. See the <command moreinfo="none">client lanman
auth</command> to disable this for Samba's clients (such as smbclient)</para>
- <para>If this option, and <command moreinfo="none">ntlm
- auth</command> are both disabled, then only NTLMv2 logins will be
- permited. Not all clients support NTLMv2, and most will require
- special configuration to use it.</para>
+ <para>This parameter is overriden by <parameter moreinfo="none">ntlm
+ auth</parameter>, so unless that it is also set to
+ <constant>ntlmv1-permitted</constant> or <constant>yes</constant>,
+ then only NTLMv2 logins will be permited and no LM hash will be
+ stored. All modern clients support NTLMv2, and but some older
+ clients require special configuration to use it.</para>
</description>
<value type="default">no</value>
diff --git a/docs-xml/smbdotconf/security/ntlmauth.xml b/docs-xml/smbdotconf/security/ntlmauth.xml
index dceae44d81b..dd5dbaea117 100644
--- a/docs-xml/smbdotconf/security/ntlmauth.xml
+++ b/docs-xml/smbdotconf/security/ntlmauth.xml
@@ -19,11 +19,9 @@
control NTLM authentiation for domain users, this must option must
be configured on each DC.</para>
- <para>By default with <command moreinfo="none">lanman
- auth</command> set to <constant>no</constant> and
- <command moreinfo="none">ntlm auth</command> set to
+ <para>By default with <command moreinfo="none">ntlm auth</command> set to
<constant>ntlmv2-only</constant> only NTLMv2 logins will be
- permited. Most clients support NTLMv2 by default, but some older
+ permited. All modern clients support NTLMv2 by default, but some older
clients will require special configuration to use it.</para>
<para>The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.</para>
@@ -35,6 +33,9 @@
<para><constant>ntlmv1-permitted</constant>
(alias <constant>yes</constant>) - Allow NTLMv1 and above for all clients.</para>
+ <para>This is the required setting for to enable the <parameter
+ moreinfo="none">lanman auth</parameter> parameter.</para>
+
</listitem>
<listitem>
diff --git a/lib/ldb/include/ldb_module.h b/lib/ldb/include/ldb_module.h
index 6ba2a49300a..c73fc37f3aa 100644
--- a/lib/ldb/include/ldb_module.h
+++ b/lib/ldb/include/ldb_module.h
@@ -103,6 +103,11 @@ struct ldb_module;
* attributes, not to be printed in trace messages */
#define LDB_SECRET_ATTRIBUTE_LIST_OPAQUE "LDB_SECRET_ATTRIBUTE_LIST"
+/*
+ * The scheme to be used for referral entries, i.e. ldap or ldaps
+ */
+#define LDAP_REFERRAL_SCHEME_OPAQUE "LDAP_REFERRAL_SCHEME"
+
/*
these function pointers define the operations that a ldb module can intercept
*/
diff --git a/lib/ldb/ldb_key_value/ldb_kv.c b/lib/ldb/ldb_key_value/ldb_kv.c
index d4f896736a2..31bdfb532f2 100644
--- a/lib/ldb/ldb_key_value/ldb_kv.c
+++ b/lib/ldb/ldb_key_value/ldb_kv.c
@@ -63,12 +63,22 @@ struct ldb_kv_req_spy {
* Determine if this key could hold a record. We allow the new GUID
* index, the old DN index and a possible future ID=
*/
-bool ldb_kv_key_is_record(struct ldb_val key)
+bool ldb_kv_key_is_normal_record(struct ldb_val key)
{
if (key.length < 4) {
return false;
}
+ /*
+ * @ records are not normal records, we don't want to index
+ * them nor search on them
+ */
+ if (key.length > 4 &&
+ memcmp(key.data, "DN=@", 4) == 0) {
+ return false;
+ }
+
+ /* All other DN= records are however */
if (memcmp(key.data, "DN=", 3) == 0) {
return true;
}
diff --git a/lib/ldb/ldb_key_value/ldb_kv.h b/lib/ldb/ldb_key_value/ldb_kv.h
index 5070a588c00..cbc5213c765 100644
--- a/lib/ldb/ldb_key_value/ldb_kv.h
+++ b/lib/ldb/ldb_key_value/ldb_kv.h
@@ -231,10 +231,11 @@ int ldb_kv_search(struct ldb_kv_context *ctx);
/*
* The following definitions come from lib/ldb/ldb_key_value/ldb_kv.c */
/*
- * Determine if this key could hold a record. We allow the new GUID
- * index, the old DN index and a possible future ID=
+ * Determine if this key could hold a normal record. We allow the new
+ * GUID index, the old DN index and a possible future ID= but not
+ * DN=@.
*/
-bool ldb_kv_key_is_record(struct ldb_val key);
+bool ldb_kv_key_is_normal_record(struct ldb_val key);
struct ldb_val ldb_kv_key_dn(struct ldb_module *module,
TALLOC_CTX *mem_ctx,
struct ldb_dn *dn);
diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c
index 6d02c91a597..af02107b5d2 100644
--- a/lib/ldb/ldb_key_value/ldb_kv_index.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_index.c
@@ -2925,12 +2925,7 @@ static int re_key(struct ldb_kv_private *ldb_kv,
ldb = ldb_module_get_ctx(module);
- if (key.length > 4 &&
- memcmp(key.data, "DN=@", 4) == 0) {
- return 0;
- }
-
- is_record = ldb_kv_key_is_record(key);
+ is_record = ldb_kv_key_is_normal_record(key);
if (is_record == false) {
return 0;
}
@@ -3012,12 +3007,7 @@ static int re_index(struct ldb_kv_private *ldb_kv,
ldb = ldb_module_get_ctx(module);
- if (key.length > 4 &&
- memcmp(key.data, "DN=@", 4) == 0) {
- return 0;
- }
-
- is_record = ldb_kv_key_is_record(key);
+ is_record = ldb_kv_key_is_normal_record(key);
if (is_record == false) {
return 0;
}
diff --git a/lib/ldb/ldb_key_value/ldb_kv_search.c b/lib/ldb/ldb_key_value/ldb_kv_search.c
index a384ee92367..a54f6149b60 100644
--- a/lib/ldb/ldb_key_value/ldb_kv_search.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_search.c
@@ -512,7 +512,24 @@ static int search_func(struct ldb_kv_private *ldb_kv,
ac = talloc_get_type(state, struct ldb_kv_context);
ldb = ldb_module_get_ctx(ac->module);
- if (ldb_kv_key_is_record(key) == false) {
+ /*
+ * We want to skip @ records early in a search full scan
+ *
+ * @ records like @IDXLIST are only available via a base
+ * search on the specific name but the method by which they
+ * were excluded was expensive, after the unpack the DN is
+ * exploded and ldb_match_msg_error() would reject it for
+ * failing to match the scope.
+ *
+ * ldb_kv_key_is_normal_record() uses the fact that @ records
+ * have the DN=@ prefix on their TDB/LMDB key to quickly
+ * exclude them from consideration.
+ *
+ * (any other non-records are also excluded by the same key
+ * match)
+ */
+
+ if (ldb_kv_key_is_normal_record(key) == false) {
return 0;
}
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 8ebaefa26d6..916c88c87a0 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -390,6 +390,7 @@ class cmd_domain_provision(Command):
print("%s [%s]: " % (prompt, default), end=' ')
else:
print("%s: " % (prompt,), end=' ')
+ sys.stdout.flush()
return sys.stdin.readline().rstrip("\n") or default
try:
diff --git a/python/samba/tests/ldap_referrals.py b/python/samba/tests/ldap_referrals.py
new file mode 100644
index 00000000000..86a39d4e602
--- /dev/null
+++ b/python/samba/tests/ldap_referrals.py
@@ -0,0 +1,91 @@
+# Test that ldap referral entiries are created and formatted correctly
+#
+# Copyright (C) Andrew Bartlett 2019
+#
+# Based on Unit tests for the notification control
+# Copyright (C) Stefan Metzmacher 2016
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+from __future__ import print_function
+import optparse
+import os
+import sys
+
+import samba
+from samba.auth import system_session
+import samba.getopt as options
+from samba import ldb
+from samba.samdb import SamDB
+import samba.tests
+from samba.tests.subunitrun import SubunitOptions
+
+sys.path.insert(0, "bin/python")
+parser = optparse.OptionParser("ldap_referrals.py [options]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+# use command line creds if available
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+subunitopts = SubunitOptions(parser)
+parser.add_option_group(subunitopts)
+opts, args = parser.parse_args()
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+
+class LdapReferralTest(samba.tests.TestCase):
+
+ def setUp(self):
+ super(LdapReferralTest, self).setUp()
+
+ # The referral entries for an ldap request should have the ldap scheme
+ # i.e. then should all start with "ldap://"
+ def test_ldap_search(self):
+ server = os.environ["SERVER"]
+ url = "ldap://{0}".format(server)
+ db = SamDB(
+ url, credentials=creds, session_info=system_session(lp), lp=lp)
+ res = db.search(
+ base=db.domain_dn(),
+ expression="(objectClass=nonexistent)",
+ scope=ldb.SCOPE_SUBTREE,
+ attrs=["objectGUID", "samAccountName"])
+
+ referals = res.referals
+ for referal in referals:
+ self.assertTrue(
+ referal.startswith("ldap://"),
+ "{0} does not start with ldap://".format(referal))
+
+ # The referral entries for an ldaps request should have the ldaps scheme
+ # i.e. then should all start with "ldaps://"
+ def test_ldaps_search(self):
+ server = os.environ["SERVER"]
+ url = "ldaps://{0}".format(server)
+ db = SamDB(
+ url, credentials=creds, session_info=system_session(lp), lp=lp)
+ res = db.search(
+ base=db.domain_dn(),
+ expression="(objectClass=nonexistent)",
+ scope=ldb.SCOPE_SUBTREE,
+ attrs=["objectGUID", "samAccountName"])
+
+ referals = res.referals
+ for referal in referals:
+ self.assertTrue(
+ referal.startswith("ldaps://"),
+ "{0} does not start with ldaps://".format(referal))
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 892a6a15e2d..9d88253c9fe 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -609,6 +609,7 @@ sub setup_ad_member_idmap_rid
# Prevent overridding the provisioned lib/krb5.conf which sets certain
# values required for tests to succeed
create krb5 conf = no
+ map to guest = bad user
";
my $ret = $self->provision($prefix, $dcvars->{DOMAIN},
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index d78dbed14b2..8ff20c33759 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1387,6 +1387,21 @@ static NTSTATUS make_new_session_info_guest(TALLOC_CTX *mem_ctx,
goto done;
}
+ /*
+ * It's ugly, but for now it's
+ * needed to force Builtin_Guests
+ * here, because memberships of
+ * Builtin_Guests might be incomplete.
+ */
+ status = add_sid_to_array_unique(session_info->security_token,
+ &global_sid_Builtin_Guests,
+ &session_info->security_token->sids,
+ &session_info->security_token->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("Failed to force Builtin_Guests to nt token\n");
+ goto done;
+ }
+
/* annoying, but the Guest really does have a session key, and it is
all zeros! */
session_info->session_key = data_blob_talloc_zero(session_info, 16);
@@ -1722,6 +1737,17 @@ bool init_guest_session_info(TALLOC_CTX *mem_ctx)
return true;
}
+bool reinit_guest_session_info(TALLOC_CTX *mem_ctx)
+{
+ TALLOC_FREE(guest_info);
+ TALLOC_FREE(guest_server_info);
+ TALLOC_FREE(anonymous_info);
+
+ DBG_DEBUG("Reinitialing guest info\n");
+
+ return init_guest_session_info(mem_ctx);
+}
+
NTSTATUS make_server_info_guest(TALLOC_CTX *mem_ctx,
struct auth_serversupplied_info **server_info)
{
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 75cf1e6724f..fcfd1f36ca2 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -271,6 +271,7 @@ NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx,
bool is_guest,
struct auth_session_info **session_info);
bool init_guest_session_info(TALLOC_CTX *mem_ctx);
+bool reinit_guest_session_info(TALLOC_CTX *mem_ctx);
NTSTATUS init_system_session_info(TALLOC_CTX *mem_ctx);
bool session_info_set_session_key(struct auth_session_info *info,
DATA_BLOB session_key);
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index be85c9f5412..20121818129 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -29,7 +29,6 @@
#include "messages.h"
#include "libcli/security/security.h"
#include "../libcli/smb/smb2_create_ctx.h"
-#include "lib/util/sys_rw.h"
#include "lib/util/tevent_ntstatus.h"
#include "lib/util/tevent_unix.h"
#include "offload_token.h"
@@ -411,8 +410,7 @@ struct ad_entry {
};
struct adouble {
- vfs_handle_struct *ad_handle;
- int ad_fd;
+ files_struct *ad_fsp;
bool ad_opened;
adouble_type_t ad_type;
uint32_t ad_magic;
@@ -450,18 +448,6 @@ struct ad_entry_order entry_order_dot_und[ADEID_NUM_DOT_UND + 1] = {
{0, 0, 0}
};
-/*
- * Fake AppleDouble entry oder for resource fork xattr. The xattr
- * isn't an AppleDouble file, it simply contains the resource data,
- * but in order to be able to use some API calls like ad_getentryoff()
- * we build a fake/helper struct adouble with this entry order struct.
- */
-static const
--
Samba Shared Repository
More information about the samba-cvs
mailing list