IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
In notifyd_trigger_parser() while initializing notify_event_msg values from
notify_trigger_msg, 'when' value is ignored. So the smbd process does not get
correct 'when' value and this is causing issues during qsort in
notify_marshall_changes(). Because of this issue, smb2.notify.dir test was
failing.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12756
Signed-off-by: Shilpa Krishnareddy <skrishnareddy@panzura.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Apr 26 17:02:58 CEST 2017 on sn-devel-144
lp_case_sensitive() returns an int, not a bool, so with the default
setting of "Auto" by default we set the AAPL flag
SMB2_CRTCTX_AAPL_CASE_SENSITIVE.
This caused the client to believe the volume is case sensitive where it
wasn't, leading to an error when trying to rename files changing only
the case of the name.
Also fix the existing torture test that verifies AAPL context
negotiation and actually expected the server to return "case sensitive",
while the Samba default is really "case insensitive".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12749
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Not currently used - no logic changes inside.
This will make it possible to pass down a long-lived talloc
context from the loading function for modules to use instead
of having them internally all use talloc_autofree_context()
which is a hidden global.
Updated all known module interface numbers, and added a
WHATSNEW.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12562
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Apr 20 20:50:10 CEST 2017 on sn-devel-144
This should be hidden inside smbldap.c, but this is a quick way to
get smbldap_state private to smbldap.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
This is a pretty big boiler-plate change. I've renamed the struct member
temporarily to find all accessors. Not sure where this leads in the end, but
the goal is to make struct smbldap_struct private to smbldap.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
When assigning value to 'failed', no spaces should be around '=' sign.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 19 02:53:25 CEST 2017 on sn-devel-144
To support password change for machine or trusted domain accounts in Active
Directory environment we need to pass down actual plain text password
instead of NT hashes. This would allow a backend like ipasam to update
Kerberos keys as well as NT hashes.
By calling samr_SetUserInfo2 info level 26 we ensure PASSDB layer can
actually get the plain text password. If PASSDB backend implements
pdb_update_sam_account() callback, it then gets the plain text password
from samr_SetUserInfo2.
A plain text password is a data blob represented as up to 256 WCHARs. It
is UTF-16 coded on wire and we have its length from the buffer.
SetUserInfo2 SAMR call chain in decode_pw_buffer() does explicitly
expect 512+4 bytes in the buffer. It then calls convert_string_talloc()
to convert it to UNIX charset passing the correct value of the plaintext
password length. However, convert_string_talloc() expects the length of
input string *including* the terminating null and we pass just the
string length.
convert_string_talloc() then explicitly null-terminates the resulting
string by adding two nulls. In most cases UNIX charset is UTF-8, so we
get null-terminated UTF-8 string down to PASSDB layer.
MS-SAMR does not limit what does the password should contain. It says
it is 'userPassword' value. Either 'userPassword' or 'unicodePwd' cannot
contain null characters according to MS-ADTS 3.1.1.3.1.5 because they
must be proper UTF-8 and UTF-16 strings accordingly.
We are talking to our own SAMR service here.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a share with "smbd:find async delay usec" set to 10000 and run the
test smb2.compound_find added in the previous commit against this new
share as well.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is just a hack for selftest that will be used in subsequent commits
for torturing compound find requests.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Finally use the new async dbwrap_parse_record_send/recv() functions
respectively the fetch_share_mode_send/recv wrappers for fetching the
write time from locking.tdb.
Previously for a directory with n files we would sit idle in the
directory enumeration loop fo n * m seconds waiting for responses from
ctdb, where m is the response time in seconds for a dbwrap request via
ctbd.
This is known to kill performance and we even have a parameter
"smbd:search ask sharemode" that can be used to disable fetching the
write time from locking.tdb.
Using fetch_write_time_send() works this way: in the directory
enumeration loop that calls smbd_dirptr_lanman2_entry() to marshall the
directory entries we
1. call fetch_write_time_send() after calling smbd_dirptr_lanman2_entry
passing a pointer to the current position in the marshall buffer.
2. If fetch_write_time_send() has set the out parameter "stop", we exit
the enumeration loop. This is necessary because we only send dbwrap
requests but don't consume the results. This has the potential to
deadlock so we must stop sending requests as soon as our ctdb send
queue is full.
3. In the fetch_write_time_done() callback, if the recv function got a
locking.tdb record, we push the write time into the marshall buffer
at the offet saved in the request state.
This new feature is still off by default as it doesn't
give any improvement in the non-clustered usecase.
"smbd:async search ask sharemode" can be used to activate it,
which makes only sense with "clustering = yes" (execept for testing).
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The idea is to allow the implementation of an SMB2 request to tell the
main SMB2 processing engine that it wants to handle a requests
asynchronously internally.
This has two use cases:
- it allows (internal) async processing of compound requests that would
otherwise be rejected by the SMB2 processing engine
- it preserves sync semantics at the SMB layer, some clients might not
expect arbitrary SMB2 requests going async
Not used for now, will be used in laters commit for async SMB2 FIND
requests.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Not used for now, needed for async write_time updates in
smbd_smb2_query_directory_send().
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The boolean out parameter "queued" tells the caller whether the
async request is blocked in a full send queue:
false := request is dispatched
true := send queue is full, request waiting to be dispatched
This is useful in a clustered Samba environment where the async dbwrap
request is sent over a socket to the local ctdbd.
If the send queue is full and the caller was issuing multiple async
dbwrap requests in a loop, the caller knows it's probably time to stop
sending requests for now and try again later.
This will be used in subsequent commits in
smbd_smb2_query_directory_send() when implementing async write time
updates. Directories may contain umpteen files so we send many requests
to ctdb without going through tevent and reading the responses which
has the potential to deadlock.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This mainly works like the sync version, but calls ctdbd_parse_send/recv
instead.
We use one global ctdb connection that is used exclusively for async
requests.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Implement the ctdb packet layer for async parse send/recv with tevent.
ctdbd_setup_fde() will is used to create an fde from the
connection fd and will be called from dbwrap_ctdb.
ctdbd_parse_send() and ctdbd_parse_recv() will be used by dbwrap_ctdb
for async packet sending and receiving.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Second arg must be NULL when first arg is 0 (it is in all other places).
Bug report and patch from Hanno Böck <hanno@hboeck.de>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12747
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 18 15:43:02 CEST 2017 on sn-devel-144
If setlen == 0 then the second argument must be ignored.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12747
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
When obtaining the security descriptor via getxattr(), first try
optimistically to supply a buffer of 4K, and if that turns out
to be too small, determine the correct buffer size.
The previous behavior of falling back to a 64K buffer encountered
problem with Linux prior to version 3.6, due to pyisical memory
fragmentation. With those kernels, as long as the buffer is 8K or
smaller, getting the xattr is much less prone to failure due to
memory fragmentation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12737
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 18 04:41:16 CEST 2017 on sn-devel-144
Pure refactoring - add a function that fetches an extended attribute
based on either the file descriptor or the file name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12737
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
With getxattr(), passing a zero buffer size is a
way of obtaining actual xattr size.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12737
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Add a test that fetches an ACL whose size is larger than 4K.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12737
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12739
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Apr 13 15:20:04 CEST 2017 on sn-devel-144
This variable is populated by a list of values where each value should
be a known option. This patch ensures that illegal values are detected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12739
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Apr 13 02:44:38 CEST 2017 on sn-devel-144
With the use of sIDHistory it happens that two sids map to the same name:
S-1-5-21-1387724271-3540671778-1971508351-1115 DOMAIN2\d1u1 (1)
S-1-5-21-3293503978-489118715-2763867031-1106 DOMAIN2\d1u1 (1)
On the net it looks like this:
lsa_LookupSids: struct lsa_LookupSids
in: struct lsa_LookupSids
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 344f3586-7de4-4e1d-96a9-8c6c23e4b2f0
sids : *
sids: struct lsa_SidArray
num_sids : 0x00000002 (2)
sids : *
sids: ARRAY(2)
sids: struct lsa_SidPtr
sid : *
sid : S-1-5-21-1387724271-3540671778-1971508351-1115
sids: struct lsa_SidPtr
sid : *
sid : S-1-5-21-3293503978-489118715-2763867031-1106
names : *
names: struct lsa_TransNameArray
count : 0x00000000 (0)
names : NULL
level : LSA_LOOKUP_NAMES_ALL (1)
count : *
count : 0x00000000 (0)
lsa_LookupSids: struct lsa_LookupSids
out: struct lsa_LookupSids
domains : *
domains : *
domains: struct lsa_RefDomainList
count : 0x00000001 (1)
domains : *
domains: ARRAY(1)
domains: struct lsa_DomainInfo
name: struct lsa_StringLarge
length : 0x000e (14)
size : 0x0010 (16)
string : *
string : 'DOMAIN2'
sid : *
sid : S-1-5-21-1387724271-3540671778-1971508351
max_size : 0x00000020 (32)
names : *
names: struct lsa_TransNameArray
count : 0x00000002 (2)
names : *
names: ARRAY(7)
names: struct lsa_TranslatedName
sid_type : SID_NAME_USER (1)
name: struct lsa_String
length : 0x0008 (8)
size : 0x0008 (8)
string : *
string : 'd1u1'
sid_index : 0x00000000 (0)
names: struct lsa_TranslatedName
sid_type : SID_NAME_USER (1)
name: struct lsa_String
length : 0x0008 (8)
size : 0x0008 (8)
string : *
string : 'd1u1'
sid_index : 0x00000000 (0)
count : *
count : 0x00000002 (2)
result : NT_STATUS_OK
So the name for S-1-5-21-3293503978-489118715-2763867031-1106 has
S-1-5-21-1387724271-3540671778-1971508351 in referenced lsa_DomainInfo
structure. In that case we should not use the domain name from lsa_DomainInfo,
because we would use the wrong idmap backend.
For the case where the domain part of the sIDHistory sid is a still existing
domain, which can be found our internal list of trusted domains, we now use the
correct idmap backend: the idmap domain from the historic SID.
If the historic domain does no longer exist, we will fallback to the default
idmap domain.
The next step would be doing a lookup sid call for the domain sid, which may
help with one-way trusts.
The long term goal needs to be that idmap backends are based on sids only and
only the smb.conf allows names to be used which will be converted to sids on
startup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12702
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Apr 12 16:43:30 CEST 2017 on sn-devel-144
If PAM support is enabled, refuse to build if the prerequisite
libraries are not in place, instead of silently disabling PAM
support and continuing with the build.
This simplifies inclusion of pam_wrapper in the tree.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Less lines, less bytes .text
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 12 05:40:36 CEST 2017 on sn-devel-144
This isn't 100% the same flow, but before this patch we initialized
domain->primary to "false" via "talloc_zero". This means that the
end-result should be the same before and after this patch that IMHO
simplifies the logic a bit.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We're only calling lookuprids for our local SAM and BUILTIN domains, if
that results in a failed lookup for some rid, sending it again via
lookupsids() won't help, it will just fail again.
If the caller wrongly had sent any other SID that is not from our SAM or
BUILTIN via lookuprids(), that it is up to the caller to fix that, not
us.
The retry logic with going through the single sids lookup at the end
added a fake domain with an empty string. The wb_lookupsids caller
wb_sids2xids needed this, as it wasn't doing the needed error handling
itself. As wb_sids2xids has been fixed to cope, we can just fail the
lookupsids here.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
If lookupsids() returned any other error then OK, SOME_NOT_MAPPED or
NONE_MAPPED we must just bail out.
If some or all SIDs could not be mapped via lookupds(), don't fallback
to lookupsid(), it will just fail again.
The retry logic with going through the single sids lookup at the end
added a fake domain with an empty string. The wb_lookupsids caller
wb_sids2xids needed this, as it wasn't doing the needed error handling
itself. As wb_sids2xids has been fixed to cope, we can just fail the
lookupsids here.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
