[SCM] Samba Shared Repository - branch v4-15-stable updated
Jule Anger
janger at samba.org
Tue Apr 26 14:43:50 UTC 2022
The branch, v4-15-stable has been updated
via 9049b45e55a VERSION: Disable GIT_SNAPSHOT for the 4.15.7 release.
via 78c7b52918d WHATSNEW: Add release notes for Samba 4.15.7
via 4f3c5b21db6 s3:winbind: Remove no longer used domain's private_data pointer
via f9e1cd4e9a6 s3:winbind: Do not use domain's private data to store the ADS_STRUCT
via 29ec750566d s3:winbind: Simplify open_cached_internal_pipe_conn()
via 46f331e2196 s3:winbind: Do not use domain's private data to store the SAMR pipes
via ef96b255edc s3: smbget: Fix auth_fn, order of //server/share parameters is mixed in prompt.
via 799aa4e8892 s3:auth: Fix user_in_list() for UNIX groups
via 26a7e8fa7a3 s3:tests Test "username map" for UNIX groups
via fc3c13d67f4 selftest: Add to "username.map" mapping for jackthemappergroup
via 77370c99542 selftest: Create groups "jackthemappergroup" and "jacknomappergroup"
via 94bed5330df selftest: Create users "jackthemapper" and "jacknomapper"
via a275f517628 vfs_shadow_copy2: implement readdir()
via fbcbe7b96c5 CI: add a test listing a snapshotted directory
via 4d4848e4fae CI: avoid smb2.twrp being run by plansmbtorture4testsuite() directly
via cc08531b0e5 s3: smbd: Preserve the fsp->fsp_name->st buf across a MSG_SMB_FILE_RENAME message.
via 60802b1df92 s3: smbd: Preserve the fsp->fsp_name->st bufs across rename_open_files()
via 057babba5c2 s4: torture: Add test_smb2_close_full_information() test to smb2.rename.
via 1b90b7b1aa3 s4: torture: Add CHECK_CREATED macro to smb2/rename.c. Not yet used.
via 5e42298e69a s4: torture: Add CHECK_VAL macro to smb2/rename.c. Not yet used.
via 23e3863b070 s3: tests.py: Only run smb2.rename against fileserver.
via f475832bd2e s3: smbd: smbd_smb2_setinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via b93079ca2a7 s3: smbd: smbd_smb2_getinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via 0671b340fbb s3: cmd_vfs: cmd_set_nt_acl(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via 687e9cc8458 s3: cmd_vfs: cmd_open(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via 8880efcc4a1 s3: pysmbd.c: init_files_struct(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via df48c005013 s3: smbd: call_trans2setfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via 3905cfe754c s3: smbd: call_trans2qfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via 462ccb63241 s3: smbd: rename_internals_fsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via e51a120f620 s3: smbd: mkdir_internal(). 2 of 2. All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via e191e40de48 s3: smbd: mkdir_internal(). 1 of 2. All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via ae9e3609129 s3: smbd: open_file(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via 7600f2f0da4 s3: smbd: non_widelink_open(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via 1e32786854d s3: smbd: open_internal_dirfsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via 59ef773603a s3: smbd: open_internal_dirfsp() add missing file_free() in error path.
via b3eb7cfdce1 s3: smbd: mdssvc: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via 0b3fdccf2c6 s3: VFS: vxfs: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
via f39b359ac1e s3: smbd: In set_ea_dos_attribute(), if we've stored btime and set XATTR_DOSINFO_CREATE_TIME successfully, we need to clear ST_EX_IFLAG_CALCULATED_BTIME.
via b47077ee770 s3: smbd: In set_ea_dos_attribute() cause root fallback code to exit via the same place.
via 8b8c80d1507 s4: torture: Add regression test for re-opening a durable handle after calling SMB2 setinfo (end of file).
via c1b4844f988 vfs_gpfs: Initialize litemask to 0
via 95069631759 builtools: Make abi_gen.sh less prone to errors
via 2f5c7c5621c vfs_shadow_copy2: remove async getxattrat
via d50307e09b9 CI: add a test for async dosmode on a file in a shadow_copy2 snapshot
via 10b6c5bd6be CI: enable "smbd async dosmode" on shadow_write share
via c4d8a5a43f2 smbd: also check for NT_STATUS_NOT_SUPPORTED
via f6b1d19ecbc CI: add test "smb2.async_dosmode"
via bf34d2fb5f3 smbd: check "store dos attributes" settings in the async dosmode code
via f0fb1f51873 CI: remove shares referencing removed functionality
via 77352e08d77 s4:kdc: strictly have 2 16-bit parts in krbtgt kvnos
via f2e124e423c s3: smbd: Don't allow setting the delete on close bit on a directory if it contains non-visible files and "delete veto files = no".
via bbd8bdc14c8 s3: torture: Add 2 new tests SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-NO, SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-YES.
via 1b1a20dd579 WHATSNEW: Mention our matrix room as well
via 1bd47cd325f WHATSNEW: IRC is irc.libera.chat according to https://www.samba.org/samba/irc.html
via b4d5a906df8 s4:kdc: redirect pre-authentication failured to an RWDC
via 5aa5648cc4b HEIMDAL: allow HDB_AUTH_WRONG_PASSWORD to result in HDB_ERR_NOT_FOUND_HERE
via 9d91942913e s3:libads: Fix creating local krb5.conf
via 736df42fdf9 s3:libads: Check print_canonical_sockaddr_with_port() for NULL in get_kdc_ip_string()
via 9319309ac1a s3:libads: Remove obsolete free's of kdc_str
via 3016f01d0c4 s3:libads: Allocate all memory on the talloc stackframe
via a76c64f86d8 s3:libads: Use talloc_asprintf_append() in get_kdc_ip_string()
via 1f7b6fc56c5 s3:libads: Improve debug messages for get_kdc_ip_string()
via 5608804f02d s3:libads: Leave early on error in get_kdc_ip_string()
via fd2373c6bcf s3:libads: Remove trailing spaces in kerberos.c
via 12c58adffe4 testprogs: Add test that local krb5.conf has been created
via 9b6e8ae65e2 s3:libsmb: Fix errno for failed authentication in SMBC_server_internal()
via 1f1d6d4e745 s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names
via 54fd8eb1aac auth: let auth logging prefer user_info->orig_client.{account,domain}_name if available
via 5e81cde9fae s4:auth: rename user_info->mapped_state to user_info->cracknames_called
via 2c15a949f5d winbindd: don't set mapped_state in winbindd_dual_auth_passdb()
via 2e41cbc8bec nsswitch: let test_wbinfo.sh also test wbinfo -a $USERNAME@$DOMAIN
via 8cd57a22283 s3:auth: make_user_info_map() should not set mapped_state
via 249b023f2b8 s4:auth: fix confusing DEBUG message in authsam_want_check()
via a304052c4fc s4:auth: check for user_info->mapped.account_name if it needs to be filled
via 070af6f1fa0 s4:rpc_server/samr: don't set mapped_state in auth_usersupplied_info for audit logging
via 63a6fb82a77 s4:kdc: don't set mapped_state in auth_usersupplied_info for audit logging
via c6bb5e62776 s4:dsdb: don't set mapped_state in auth_usersupplied_info for audit logging
via dffebcba823 s4:smb_server: don't set mapped_state explicitly in auth_usersupplied_info
via 240785f4e4f auth/ntlmssp: don't set mapped_state explicitly in auth_usersupplied_info
via db17de0b611 s4:auth: encrypt_user_info() should set password_state instead of mapped_state
via 2d425bb116a s4:auth: a simple bind uses the DCs name as workstation
via 02824c7942d s3:rpc_client: let rpccli_netlogon_network_logon() fallback to workstation = lp_netbios_name()
via e6926484533 rodc: Add tests for simple BIND alongside NTLMSSP binds
via af30bd71cd3 s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as inducation for an interactive logon
via 0fcbfd39583 s3:auth: let make_user_info_netlogon_interactive() set USER_INFO_INTERACTIVE_LOGON
via 0da8b2b3683 dsdb/tests: add test_login_basics_simple()
via ec84a7acfcc dsdb/tests: prepare BasePasswordTestCase for simple bind tests
via 72698f73949 dsdb/tests: introduce assertLoginSuccess
via 7b63119267a dsdb/tests: make use of assertLoginFailure helper
via 92da29a1136 dsdb/tests: let all BasePasswordTestCase tests provide self.host_url[_ldaps]
via 84f7b94852a dsdb/tests: passwords.py don't need to import BasePasswordTestCase
via 2bbb9a4298c python:tests: let insta_creds() also copy the bind_dn from the template
via 39ae6f10fa6 VERSION: Bump version up to Samba 4.15.7...
from 8942e18adc4 VERSION: Disable GIT_SNAPSHOT for the 4.15.6 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 88 +++++++-
auth/auth_log.c | 20 +-
auth/common_auth.h | 4 +-
auth/ntlmssp/ntlmssp_server.c | 1 -
buildtools/scripts/abi_gen.sh | 9 +-
nsswitch/tests/test_wbinfo.sh | 2 +
python/samba/tests/__init__.py | 4 +
selftest/knownfail | 1 -
selftest/target/Samba3.pm | 96 ++++----
source3/auth/auth_util.c | 3 +-
source3/auth/user_util.c | 12 +-
source3/libads/kerberos.c | 80 ++++---
source3/libsmb/libsmb_server.c | 2 +-
source3/modules/vfs_default.c | 8 +
source3/modules/vfs_gpfs.c | 4 +-
source3/modules/vfs_shadow_copy2.c | 93 +++++++-
source3/modules/vfs_vxfs.c | 6 +-
source3/rpc_client/cli_netlogon.c | 4 +
source3/rpc_server/mdssvc/mdssvc.c | 6 +-
source3/script/tests/test_shadow_copy_torture.sh | 64 ++++++
source3/script/tests/test_usernamemap.sh | 28 +++
source3/selftest/tests.py | 43 +++-
source3/smbd/dir.c | 16 +-
source3/smbd/dosmode.c | 24 +-
source3/smbd/files.c | 8 +-
source3/smbd/open.c | 44 +++-
source3/smbd/pysmbd.c | 9 +-
source3/smbd/reply.c | 19 +-
source3/smbd/smb2_getinfo.c | 6 +-
source3/smbd/smb2_setinfo.c | 6 +-
source3/smbd/trans2.c | 15 +-
source3/torture/cmd_vfs.c | 20 +-
source3/torture/proto.h | 2 +
source3/torture/test_smb2.c | 244 +++++++++++++++++++++
source3/torture/torture.c | 8 +
source3/utils/smbget.c | 2 +-
source3/winbindd/winbindd.h | 10 +-
source3/winbindd/winbindd_ads.c | 10 +-
source3/winbindd/winbindd_ndr.c | 7 +-
source3/winbindd/winbindd_pam.c | 9 +-
source3/winbindd/winbindd_samr.c | 22 +-
source4/auth/ntlm/auth.c | 7 +-
source4/auth/ntlm/auth_sam.c | 13 +-
source4/auth/ntlm/auth_simple.c | 10 +-
source4/auth/ntlm/auth_util.c | 4 +-
source4/dsdb/samdb/ldb_modules/password_hash.c | 1 -
source4/dsdb/tests/python/login_basics.py | 32 ++-
source4/dsdb/tests/python/password_lockout.py | 7 +-
source4/dsdb/tests/python/password_lockout_base.py | 36 ++-
source4/dsdb/tests/python/passwords.py | 1 -
source4/dsdb/tests/python/rodc_rwdc.py | 66 ++++--
source4/heimdal/kdc/kerberos5.c | 10 +-
source4/kdc/db-glue.c | 51 ++++-
source4/kdc/hdb-samba4.c | 80 ++-----
source4/rpc_server/samr/samr_password.c | 1 -
source4/selftest/tests.py | 2 +
source4/smb_server/smb/sesssetup.c | 2 -
source4/torture/smb2/create.c | 168 ++++++++++++++
source4/torture/smb2/dosmode.c | 71 ++++++
source4/torture/smb2/durable_v2_open.c | 140 ++++++++++++
source4/torture/smb2/rename.c | 147 +++++++++++++
source4/torture/smb2/smb2.c | 1 +
testprogs/blackbox/test_net_ads.sh | 6 +
64 files changed, 1562 insertions(+), 355 deletions(-)
create mode 100755 source3/script/tests/test_usernamemap.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index d1329831b27..4cacd09d12a 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=15
-SAMBA_VERSION_RELEASE=6
+SAMBA_VERSION_RELEASE=7
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index c2d172a5e68..4ad852d8713 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,85 @@
+ ==============================
+ Release Notes for Samba 4.15.7
+ April 26, 2022
+ ==============================
+
+
+This is the latest stable release of the Samba 4.15 release series.
+
+
+Changes since 4.15.6
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 14831: Share and server swapped in smbget password prompt.
+ * BUG 15022: Durable handles won't reconnect if the leased file is written
+ to.
+ * BUG 15023: rmdir silently fails if directory contains unreadable files and
+ hide unreadable is yes.
+ * BUG 15038: SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on
+ renamed file handle.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 14957: vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback.
+ * BUG 15035: shadow_copy2 fails listing snapshotted dirs with
+ shadow:fixinodes.
+
+o Samuel Cabrero <scabrero at samba.org>
+ * BUG 15046: PAM Kerberos authentication incorrectly fails with a clock skew
+ error.
+
+o Pavel Filipenský <pfilipen at redhat.com>
+ * BUG 15041: username map - samba erroneously applies unix group memberships
+ to user account entries.
+
+o Elia Geretto <elia.f.geretto at gmail.com>
+ * BUG 14983: NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES
+ in SMBC_server_internal.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 13879: Simple bind doesn't work against an RODC (with non-preloaded
+ users).
+ * BUG 14641: Crash of winbind on RODC.
+ * BUG 14865: uncached logon on RODC always fails once.
+ * BUG 14951: KVNO off by 100000.
+ * BUG 15001: LDAP simple binds should honour "old password allowed period".
+ * BUG 15003: wbinfo -a doesn't work reliable with upn names.
+
+o Garming Sam <garming at catalyst.net.nz>
+ * BUG 13879: Simple bind doesn't work against an RODC (with non-preloaded
+ users).
+
+o Christof Schmitt <cs at samba.org>
+ * BUG 15027: Uninitialized litemask in variable in vfs_gpfs module.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 15016: Regression: create krb5 conf = yes doesn't work with a single
+ KDC.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.15.6
March 15, 2022
@@ -79,8 +161,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.15.5
January 31, 2022
@@ -301,7 +382,8 @@ Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
-joining the #samba-technical IRC channel on irc.freenode.net.
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
diff --git a/auth/auth_log.c b/auth/auth_log.c
index 60bc6334591..dc1cea12390 100644
--- a/auth/auth_log.c
+++ b/auth/auth_log.c
@@ -152,6 +152,12 @@ static void log_authentication_event_json(
char negotiate_flags[11];
char logon_id[19];
int rc = 0;
+ const char *clientDomain = ui->orig_client.domain_name ?
+ ui->orig_client.domain_name :
+ ui->client.domain_name;
+ const char *clientAccount = ui->orig_client.account_name ?
+ ui->orig_client.account_name :
+ ui->client.account_name;
authentication = json_new_object();
if (json_is_invalid(&authentication)) {
@@ -203,12 +209,12 @@ static void log_authentication_event_json(
goto failure;
}
rc = json_add_string(
- &authentication, "clientDomain", ui->client.domain_name);
+ &authentication, "clientDomain", clientDomain);
if (rc != 0) {
goto failure;
}
rc = json_add_string(
- &authentication, "clientAccount", ui->client.account_name);
+ &authentication, "clientAccount", clientAccount);
if (rc != 0) {
goto failure;
}
@@ -594,6 +600,12 @@ static void log_authentication_event_human_readable(
char *trust_account_name = NULL;
char *logon_line = NULL;
const char *password_type = NULL;
+ const char *clientDomain = ui->orig_client.domain_name ?
+ ui->orig_client.domain_name :
+ ui->client.domain_name;
+ const char *clientAccount = ui->orig_client.account_name ?
+ ui->orig_client.account_name :
+ ui->client.account_name;
frame = talloc_stackframe();
@@ -640,8 +652,8 @@ static void log_authentication_event_human_readable(
" %s\n",
ui->service_description,
ui->auth_description,
- log_escape(frame, ui->client.domain_name),
- log_escape(frame, ui->client.account_name),
+ log_escape(frame, clientDomain),
+ log_escape(frame, clientAccount),
ts,
password_type,
nt_errstr(status),
diff --git a/auth/common_auth.h b/auth/common_auth.h
index 0452c673ebc..d922b66ab4d 100644
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -49,14 +49,14 @@ struct auth_usersupplied_info
uint32_t logon_parameters;
- bool mapped_state;
+ bool cracknames_called;
bool was_mapped;
uint64_t logon_id;
/* the values the client gives us */
struct {
const char *account_name;
const char *domain_name;
- } client, mapped;
+ } client, mapped, orig_client;
enum auth_password_state password_state;
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index ce78af1d32d..e077c2f7379 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -771,7 +771,6 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security,
user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
user_info->flags = 0;
- user_info->mapped_state = false;
user_info->client.account_name = ntlmssp_state->user;
user_info->client.domain_name = ntlmssp_state->domain;
user_info->workstation_name = ntlmssp_state->client.netbios_name;
diff --git a/buildtools/scripts/abi_gen.sh b/buildtools/scripts/abi_gen.sh
index 6dd6d321f77..ddb0a7cc36f 100755
--- a/buildtools/scripts/abi_gen.sh
+++ b/buildtools/scripts/abi_gen.sh
@@ -10,9 +10,14 @@ cat <<EOF
set height 0
set width 0
EOF
-nm "$SHAREDLIB" | cut -d' ' -f2- | egrep '^[BDGTRVWS]' | grep -v @ | egrep -v ' (__bss_start|_edata|_init|_fini|_end)' | cut -c3- | sort | while read s; do
+
+# On older linker versions _init|_fini symbols are not hidden.
+objdump --dynamic-syms "${SHAREDLIB}" | \
+ awk '$0 !~ /.hidden/ {if ($2 == "g" && $3 ~ /D(F|O)/ && $4 ~ /(.bss|.rodata|.text)/) print $NF}' | \
+ sort | \
+ while read -r s; do
echo "echo $s: "
- echo p $s
+ echo p "${s}"
done
) > $GDBSCRIPT
diff --git a/nsswitch/tests/test_wbinfo.sh b/nsswitch/tests/test_wbinfo.sh
index 2ac83828a0e..198918494cf 100755
--- a/nsswitch/tests/test_wbinfo.sh
+++ b/nsswitch/tests/test_wbinfo.sh
@@ -294,6 +294,8 @@ testit "wbinfo --user-sids against $TARGET" $wbinfo --user-sids $admin_sid || fa
testit "wbinfo -a against $TARGET with domain creds" $wbinfo -a "$DOMAIN/$USERNAME"%"$PASSWORD" || failed=`expr $failed + 1`
+testit "wbinfo -a against $TARGET with domain upn creds" $wbinfo -a "$USERNAME@$DOMAIN"%"$PASSWORD" || failed=$(expr $failed + 1)
+
testit "wbinfo --getdcname against $TARGET" $wbinfo --getdcname=$DOMAIN
testit "wbinfo -p against $TARGET" $wbinfo -p || failed=`expr $failed + 1`
diff --git a/python/samba/tests/__init__.py b/python/samba/tests/__init__.py
index 6d4993ac255..3bb7995052c 100644
--- a/python/samba/tests/__init__.py
+++ b/python/samba/tests/__init__.py
@@ -171,6 +171,8 @@ class TestCase(unittest.TestCase):
username = template.get_username()
userpass = template.get_password()
+ simple_bind_dn = template.get_bind_dn()
+
if kerberos_state is None:
kerberos_state = template.get_kerberos_state()
@@ -184,6 +186,8 @@ class TestCase(unittest.TestCase):
c.set_gensec_features(c.get_gensec_features()
| gensec.FEATURE_SEAL)
c.set_kerberos_state(kerberos_state)
+ if simple_bind_dn:
+ c.set_bind_dn(simple_bind_dn)
return c
def assertStringsEqual(self, a, b, msg=None, strip=False):
diff --git a/selftest/knownfail b/selftest/knownfail
index 9f362c02b47..b5e52753968 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -365,7 +365,6 @@
^samba.tests.auth_log_pass_change.samba.tests.auth_log_pass_change.AuthLogPassChangeTests.test_rap_change_password\(ad_dc_ntvfs\)
# We currently don't send referrals for LDAP modify of non-replicated attrs
^samba4.ldap.rodc.python\(rodc\).__main__.RodcTests.test_modify_nonreplicated.*
-^samba4.ldap.rodc_rwdc.python.*.__main__.RodcRwdcTests.test_change_password_reveal_on_demand_kerberos
# NETLOGON is disabled in any non-DC environments
^samba.tests.netlogonsvc.python\(ad_member\)
^samba.tests.netlogonsvc.python\(simpleserver\)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index c1d0c60d96a..8d309f9c99a 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1466,8 +1466,10 @@ sub setup_ad_member_idmap_nss
my $extra_member_options = "
# bob:x:65521:65531:localbob gecos:/:/bin/false
# jane:x:65520:65531:localjane gecos:/:/bin/false
+ # jackthemapper:x:65519:65531:localjackthemaper gecos:/:/bin/false
+ # jacknomapper:x:65518:65531:localjacknomaper gecos:/:/bin/false
idmap config $dcvars->{DOMAIN} : backend = nss
- idmap config $dcvars->{DOMAIN} : range = 65520-65521
+ idmap config $dcvars->{DOMAIN} : range = 65518-65521
# Support SMB1 so that we can use posix_whoami().
client min protocol = CORE
@@ -1488,6 +1490,8 @@ sub setup_ad_member_idmap_nss
open(USERMAP, ">$prefix/lib/username.map") or die("Unable to open $prefix/lib/username.map");
print USERMAP "
+!jacknomapper = \@jackthemappergroup
+!root = jacknomappergroup
root = $dcvars->{DOMAIN}/root
bob = $dcvars->{DOMAIN}/bob
";
@@ -1539,31 +1543,11 @@ sub setup_simpleserver
aio_pthread:aio open = yes
smbd async dosmode = yes
-[vfs_aio_pthread_async_dosmode_force_sync1]
+[async_dosmode_shadow_copy2]
path = $prefix_abs/share
read only = no
- vfs objects = aio_pthread
- store dos attributes = yes
- aio_pthread:aio open = yes
- smbd async dosmode = yes
- # This simulates non linux systems
- smbd:force sync user path safe threadpool = yes
- smbd:force sync user chdir safe threadpool = yes
- smbd:force sync root path safe threadpool = yes
- smbd:force sync root chdir safe threadpool = yes
-
-[vfs_aio_pthread_async_dosmode_force_sync2]
- path = $prefix_abs/share
- read only = no
- vfs objects = aio_pthread xattr_tdb
- store dos attributes = yes
- aio_pthread:aio open = yes
+ vfs objects = shadow_copy2 xattr_tdb
smbd async dosmode = yes
- # This simulates non linux systems
- smbd:force sync user path safe threadpool = yes
- smbd:force sync user chdir safe threadpool = yes
- smbd:force sync root path safe threadpool = yes
- smbd:force sync root chdir safe threadpool = yes
[vfs_aio_fork]
path = $prefix_abs/share
@@ -1691,6 +1675,11 @@ sub setup_fileserver
my $virusfilter_sharedir="$share_dir/virusfilter";
push(@dirs,$virusfilter_sharedir);
+ my $delete_unwrite_sharedir="$share_dir/delete_unwrite";
+ push(@dirs,$delete_unwrite_sharedir);
+ push(@dirs, "$delete_unwrite_sharedir/delete_veto_yes");
+ push(@dirs, "$delete_unwrite_sharedir/delete_veto_no");
+
my $ip4 = Samba::get_ipv4_addr("FILESERVER");
my $fileserver_options = "
kernel change notify = yes
@@ -1816,6 +1805,18 @@ sub setup_fileserver
path = $veto_sharedir
delete veto files = yes
+[delete_yes_unwrite]
+ read only = no
+ path = $delete_unwrite_sharedir
+ hide unwriteable files = yes
+ delete veto files = yes
+
+[delete_no_unwrite]
+ read only = no
+ path = $delete_unwrite_sharedir
+ hide unwriteable files = yes
+ delete veto files = no
+
[virusfilter]
path = $virusfilter_sharedir
vfs objects = acl_xattr virusfilter
@@ -1902,6 +1903,14 @@ sub setup_fileserver
##
create_file_chmod("$bad_iconv_sharedir/\xED\x9F\xBF", 0644) or return undef;
+ ##
+ ## create unwritable files inside inside the delete unwrite veto share dirs.
+ ##
+ unlink("$delete_unwrite_sharedir/delete_veto_yes/file_444");
+ create_file_chmod("$delete_unwrite_sharedir/delete_veto_yes/file_444", 0444) or return undef;
+ unlink("$delete_unwrite_sharedir/delete_veto_no/file_444");
+ create_file_chmod("$delete_unwrite_sharedir/delete_veto_no/file_444", 0444) or return undef;
+
return $vars;
}
@@ -1940,32 +1949,6 @@ sub setup_fileserver_smb1
aio_pthread:aio open = yes
smbd async dosmode = yes
-[vfs_aio_pthread_async_dosmode_force_sync1]
- path = $prefix_abs/share
- read only = no
- vfs objects = aio_pthread
- store dos attributes = yes
- aio_pthread:aio open = yes
- smbd async dosmode = yes
- # This simulates non linux systems
- smbd:force sync user path safe threadpool = yes
- smbd:force sync user chdir safe threadpool = yes
- smbd:force sync root path safe threadpool = yes
- smbd:force sync root chdir safe threadpool = yes
-
-[vfs_aio_pthread_async_dosmode_force_sync2]
- path = $prefix_abs/share
- read only = no
- vfs objects = aio_pthread xattr_tdb
- store dos attributes = yes
- aio_pthread:aio open = yes
- smbd async dosmode = yes
- # This simulates non linux systems
- smbd:force sync user path safe threadpool = yes
- smbd:force sync user chdir safe threadpool = yes
- smbd:force sync root path safe threadpool = yes
- smbd:force sync root chdir safe threadpool = yes
-
[vfs_aio_fork]
path = $prefix_abs/share
vfs objects = aio_fork
@@ -2546,6 +2529,8 @@ sub provision($$)
my ($gid_nobody, $gid_nogroup, $gid_root, $gid_domusers, $gid_domadmins);
my ($gid_userdup, $gid_everyone);
my ($gid_force_user);
+ my ($gid_jackthemapper);
+ my ($gid_jacknomapper);
my ($uid_user1);
my ($uid_user2);
my ($uid_gooduser);
@@ -2553,6 +2538,8 @@ sub provision($$)
my ($uid_slashuser);
my ($uid_localbob);
my ($uid_localjane);
+ my ($uid_localjackthemapper);
+ my ($uid_localjacknomapper);
if ($unix_uid < 0xffff - 13) {
$max_uid = 0xffff;
@@ -2575,6 +2562,8 @@ sub provision($$)
$uid_slashuser = $max_uid - 13;
$uid_localbob = $max_uid - 14;
$uid_localjane = $max_uid - 15;
+ $uid_localjackthemapper = $max_uid - 16;
+ $uid_localjacknomapper = $max_uid - 17;
if ($unix_gids[0] < 0xffff - 8) {
$max_gid = 0xffff;
@@ -2590,6 +2579,8 @@ sub provision($$)
$gid_userdup = $max_gid - 6;
$gid_everyone = $max_gid - 7;
$gid_force_user = $max_gid - 8;
+ $gid_jackthemapper = $max_gid - 9;
+ $gid_jacknomapper = $max_gid - 10;
##
## create conffile
@@ -3147,6 +3138,7 @@ sub provision($$)
error_inject:pwrite = EBADF
shadow:mountpoint = $shadow_tstdir
shadow:fixinodes = yes
+ smbd async dosmode = yes
[dfq]
path = $shrdir/dfree
@@ -3318,6 +3310,8 @@ eviluser:x:$uid_eviluser:$gid_domusers:eviluser gecos::/bin/false
slashuser:x:$uid_slashuser:$gid_domusers:slashuser gecos:/:/bin/false
bob:x:$uid_localbob:$gid_domusers:localbob gecos:/:/bin/false
jane:x:$uid_localjane:$gid_domusers:localjane gecos:/:/bin/false
+jackthemapper:x:$uid_localjackthemapper:$gid_domusers:localjackthemaper gecos:/:/bin/false
+jacknomapper:x:$uid_localjacknomapper:$gid_domusers:localjacknomaper gecos:/:/bin/false
";
if ($unix_uid != 0) {
print PASSWD "root:x:$uid_root:$gid_root:root gecos:$prefix_abs:/bin/false
@@ -3337,6 +3331,8 @@ domadmins:X:$gid_domadmins:
userdup:x:$gid_userdup:$unix_name
everyone:x:$gid_everyone:
force_user:x:$gid_force_user:
+jackthemappergroup:x:$gid_jackthemapper:jackthemapper
+jacknomappergroup:x:$gid_jacknomapper:jacknomapper
";
if ($unix_gids[0] != 0) {
print GROUP "root:x:$gid_root:
@@ -3382,6 +3378,8 @@ force_user:x:$gid_force_user:
createuser($self, "gooduser", $password, $conffile, \%createuser_env) || die("Unable to create gooduser");
createuser($self, "eviluser", $password, $conffile, \%createuser_env) || die("Unable to create eviluser");
createuser($self, "slashuser", $password, $conffile, \%createuser_env) || die("Unable to create slashuser");
+ createuser($self, "jackthemapper", "mApsEcrEt", $conffile, \%createuser_env) || die("Unable to create jackthemapper");
+ createuser($self, "jacknomapper", "nOmApsEcrEt", $conffile, \%createuser_env) || die("Unable to create jacknomapper");
open(DNS_UPDATE_LIST, ">$prefix/dns_update_list") or die("Unable to open $$prefix/dns_update_list");
print DNS_UPDATE_LIST "A $server. $server_ip\n";
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 28850cd8520..b60dd2647c8 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -137,8 +137,6 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx,
lm_interactive_pwd, nt_interactive_pwd,
plaintext, password_state);
if (NT_STATUS_IS_OK(result)) {
- /* We have tried mapping */
- (*user_info)->mapped_state = true;
/* did we actually map the user to a different name? */
--
Samba Shared Repository
More information about the samba-cvs
mailing list