IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov 29 20:57:25 CET 2017 on sn-devel-144
The mapping from name to sid and vice versa has nothing to
do with a specific domain. It is publically available. Thus put
it into gencache without referring to the domain this was
retrieved from
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
namemap_cache.c saves these as strv lists: An array of 0-terminated strings.
"net cache list" only printfs the values, so they would be cut off.
We might want to do this with other gencache values too in the future.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
A few functions to maintain lookupname and lookupsid cache in gencache.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Passing a whole DATA_BLOB is cheap enough to simplify the callers: A caller
does not have to create a separate variable.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This will allow parsing a tdb record without having to talloc_memdup it
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
The initial idea was to have some "atomicity" in this API. Every
caller interested in a record would have to do something with
it once it changes. However, only one caller really used this
feature, and that is easily changed to not use it. So
remove the complexity.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is the only user of the "prec" argument of
dbwrap_watched_watch_recv. The next patch will remove this
functionality, as it's easily replaced here.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Let normalize_name_map fetch the domain itself with
find_domain_from_name_noinit().
This removes two calls to find_domain_from_name_noinit() in the default
configuration of "winbind normalize names = no". The domain is only need
in normalize_name_map if "winbind normalize names" is enabled.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The caller should handle secure-channel-type SEC_CHAN_NULL. The previous
commit already added handling of SEC_CHAN_NULL to
cm_connect_netlogon_transport.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13167
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This partially reverts commit d7e31d9f4d9ce7395e458ac341dd83ac06255a20
"winbindd: Use rpccli_connect_netlogon" and restores handling of SEC_CHAN_NULL.
Without this we fail to enumerate domains in trusted forests so users
from any child-domain (or tree-root) in the trusted forest can't login
via eg SMB.
This is a temporary hack that will go away once we get rid of the trusted domain
list.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13167
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Nov 29 16:58:32 CET 2017 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12934
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12934
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 29 12:50:49 CET 2017 on sn-devel-144
This fixes the problem that conversion failed with
fruit:metadata=stream. Before we were calling ad_set() which stores the
metadata in the Netatalk compatible format.
Rewrite to fully go through the VFS by calling SMB_VFS_CREATE_FILE() and
SMB_VFS_PWRITE().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 29 08:38:06 CET 2017 on sn-devel-144
This reveals that the conversion doesn't work properly with
fruit:metadata=stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The previous use of localdir and torture_setup_local_file() was
motivated by the fact that by default vfs_fruit rejects access to files
with a "._" prefix.
Since a previous commit allowed SMB access to ._ files, rewrite the
test_adouble_conversion() test to create the ._ AppleDouble file over
SMB.
This also renders torture_setup_local_file() obsolete.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is needed for a subsequent commit that modifies an existing test to
write a ._ file over SMB instead of using the ugly local creation hack.
SMB acces of ._ files requires "fruit:veto_appledouble = no", so let's
set it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This needs for work in all possible fruit configs, so test it.
This currently fails with stream_depot, as we don't propely copy over
the resourcefork data from the ._ file to the stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Previously this test, that tests for correct conversion of ':' in stream
names, only worked with streams_xattr with "fruit:metadata" set to
"netatalk".
In order to have test coverage for fruit shares with other configs,
split the test into two:
one test creates the stream over SMB and run against all shares, the
other one is the unmodified existing test and is only run against the
share with streams_xattr and fruit:metadata=netatalk.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
A subsequent commits modifies an existing tests that needs $localdir to
also run against "vfs_fruit_metadata_stream" and
"vfs_fruit_stream_depot". This reveals test failures, those will be
fixed in a subsequent commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This just puts the auth option first matching the first test with the
"vfs_fruit" share directly above the modified lines.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We should not double fork in notify mode or systemd think something
during startup will be wrong and send SIGTERM to the process. So
sometimes the daemon will not start up correctly.
systemd will also handle the process group.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 28 15:31:27 CET 2017 on sn-devel-144
A related problem that affects configuration for the hidden IPC$
share. This share is marked a "autoloaded" and such shares are not
reloaded when requested. That resulted in the tcon to IPC$ still using
encrpytion after running the following sequence of changes:
1. stop Samba
2. set [global] smb encrypt = required
3. start Samba
4. remove [global] smb encrypt = required
5. smbcontrol smbd reload-config
6a bin/smbclient -U slow%x //localhost/raw -c quit, or
6b bin/smbclient -U slow%x -mNT1 //localhost/raw -c ls
In 6a the client simply encrypted packets on the IPC$ tcon. In 6b the
client got a tcon failure with NT_STATUS_ACCESS_DENIED, but silently
ignore the error.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 28 02:02:37 CET 2017 on sn-devel-144
Rename sDefault to _sDefault and make it const. sDefault is make a copy
of _sDefault in in the initialisation function lp_load_ex().
As we may end up in setup_lp_context() without going through
lp_load_ex(), sDefault may still be uninitialized at that point, so I'm
initializing lp_ctx->sDefault from _sDefault.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is in preperation of preventing direct access to sDefault in all
places that currently modify it.
As currently s3/loadparm is afaict not accessing lp_ctx->sDefault, but
changes sDefault indirectly through lp_parm_ptr() this change is just a
safety measure to prevent future breakage.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Currently for sessions where authentication is still in progress we
print uid and gid as -1.
With this change we nicely list them like this:
PID Username Group Machine Protocol Version ....
6604 (auth in progress) 127.0.0.1 (ipv4:127.0.0.1:47930) SMB3_11 ....
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Nov 27 04:51:59 CET 2017 on sn-devel-144
We should never taint the Administrator account as we don't shut down
target envionments!
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Sat Nov 25 14:13:24 CET 2017 on sn-devel-144
This should not happen, but stopping all replication because of it is a pain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Nov 24 19:53:50 CET 2017 on sn-devel-144
USER is memberOf GROUP and they both were deleted on W2K8R2 AD. Domain join ends
with error below.
Failed to apply records: ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:421
8: Failed to remove backlink of memberOf when deleting CN=USER\0ADEL:a1f2a2cc-1
179-4734-b753-c121ed02a34c,CN=Deleted Objects,DC=samdom,DC=intern: dsdb_module_
search_dn: did not find base dn CN=GROUP\0ADEL:030d0be1-3ada-4b93-8371-927f2092
3116,CN=Deleted Objects,DC=samdom,DC=intern (0 results): Operations error
Failed to commit objects: WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13120
Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
These tests now confirm we can handle these issues at runtime
as well as at dbcheck
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
