IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Before the CVE-2020-25717 fixes we had a fallback from
getpwnam('DOMAIN\user') to getpwnam('user') which was very dangerous and
unpredictable.
Now we do the fallback based on sid_to_uid() followed by
getpwuid() on the returned uid.
This obsoletes 'username map [script]' based workaround adviced
for CVE-2020-25717, when nss_winbindd is not used or
idmap_nss is actually used.
In future we may decide to prefer or only do the SID/UID based
lookup, but for now we want to keep this unchanged as much as possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
[metze@samba.org moved the new logic into the fallback codepath only
in order to avoid behavior changes as much as possible]
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Nov 15 19:01:56 UTC 2021 on sn-devel-184
We already check the sid belongs to the domain, but checking the name
too feels better and make it easier to understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
When introducing FreeIPA support, two places were forgotten:
- schannel gensec module needs to be aware of IPA DC
- _lsa_QueryInfoPolicy should treat IPA DC as PDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14903
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Sat Nov 13 07:01:26 UTC 2021 on sn-devel-184
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 11 19:59:03 UTC 2021 on sn-devel-184
Don't init with 0 just to overwrite again. Probably the compiler will
figure that out anyway, but to me this looks cleaner.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
A separate header file is not required here, everything goes through
the API published by fd_handle.c. This makes it harder to include the
fd_handle definition and violate the guarantees.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Don't talloc_strdup() the stream_name, just to free it again.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is the same as STATUS_STOPPED_ON_SYMLINK, and this is what also
wireshark displays. Avoid some confusion.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This will be useful for smbXcli_create to parse the symlink error
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Simplify symlink_reparse_buffer_parse() slightly, failure cleanup
becomes simpler with that, and this struct will be useful elsewhere
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Handling of -l commandline parameter is already implemented by lib/cmdline/.
is_default_dyn_LOGFILEBASE() == true is the default case and this causes us to
temporarily overwrite the configured logfile with LOGFILEBASE/log.winbindd until
winbindd_reload_services_file() restores it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Let samba-bgqd use the new POPT_COMMON_DAEMON infrastructure.
The calls to setup_logging() can safely be removed as this is already taken care
of by samba_cmdline_init().
To avoid a logfile basename of ".log" when using "%m", we add a call to
set_remote_machine_name().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
add_trusted_domain() should only reject domains
based on is_allowed_domain(), which now also
checks "allow trusted domains = no", if we don't
have an explicit trust to the domain (SEC_CHAN_NULL).
We use at least SEC_CHAN_LOCAL for local domains like
BUILTIN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14899
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Nov 10 11:21:31 UTC 2021 on sn-devel-184
We should not send NTLM[v2] nor plaintext data on the wire if the user
asked for kerberos only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12444
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This is only ever be called in standalone mode with an MIT realm,
so we don't have a PAC/info3 structure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This code is only every called in standalone mode on a MIT realm,
it means we never have a PAC and we also don't have winbindd arround.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should be strict in standalone mode, that we only support MIT realms
without a PAC in order to keep the code sane.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This consolidates the code paths used for NTLMSSP and Kerberos!
I checked what we were already doing for NTLMSSP, which is this:
a) source3/auth/auth_winbind.c calls wbcAuthenticateUserEx()
b) as a domain member we require a valid response from winbindd,
otherwise we'll return NT_STATUS_NO_LOGON_SERVERS
c) we call make_server_info_wbcAuthUserInfo(), which internally
calls make_server_info_info3()
d) auth_check_ntlm_password() calls
smb_pam_accountcheck(unix_username, rhost), where rhost
is only an ipv4 or ipv6 address (without reverse dns lookup)
e) from auth3_check_password_send/auth3_check_password_recv()
server_returned_info will be passed to auth3_generate_session_info(),
triggered by gensec_session_info(), which means we'll call into
create_local_token() in order to transform auth_serversupplied_info
into auth_session_info.
For Kerberos gensec_session_info() will call
auth3_generate_session_info_pac() via the gensec_generate_session_info_pac()
helper function. The current logic is this:
a) gensec_generate_session_info_pac() is the function that
evaluates the 'gensec:require_pac', which defaulted to 'no'
before.
b) auth3_generate_session_info_pac() called
wbcAuthenticateUserEx() in order to pass the PAC blob
to winbindd, but only to prime its cache, e.g. netsamlogon cache
and others. Most failures were just ignored.
c) If the PAC blob is available, it extracted the PAC_LOGON_INFO
from it.
d) Then we called the horrible get_user_from_kerberos_info() function:
- It uses a first part of the tickets principal name (before the @)
as username and combines that with the 'logon_info->base.logon_domain'
if the logon_info (PAC) is present.
- As a fallback without a PAC it's tries to ask winbindd for a mapping
from realm to netbios domain name.
- Finally is falls back to using the realm as netbios domain name
With this information is builds 'userdomain+winbind_separator+useraccount'
and calls map_username() followed by smb_getpwnam() with create=true,
Note this is similar to the make_server_info_info3() => check_account()
=> smb_getpwnam() logic under 3.
- It also calls smb_pam_accountcheck(), but may pass the reverse DNS lookup name
instead of the ip address as rhost.
- It does some MAP_TO_GUEST_ON_BAD_UID logic and auto creates the
guest account.
e) We called create_info3_from_pac_logon_info()
f) make_session_info_krb5() calls gets called and triggers this:
- If get_user_from_kerberos_info() mapped to guest, it calls
make_server_info_guest()
- If create_info3_from_pac_logon_info() created a info3 from logon_info,
it calls make_server_info_info3()
- Without a PAC it tries pdb_getsampwnam()/make_server_info_sam() with
a fallback to make_server_info_pw()
From there it calls create_local_token()
I tried to change auth3_generate_session_info_pac() to behave similar
to auth_winbind.c together with auth3_generate_session_info() as
a domain member, as we now rely on a PAC:
a) As domain member we require a PAC and always call wbcAuthenticateUserEx()
and require a valid response!
b) we call make_server_info_wbcAuthUserInfo(), which internally
calls make_server_info_info3(). Note make_server_info_info3()
handles MAP_TO_GUEST_ON_BAD_UID and make_server_info_guest()
internally.
c) Similar to auth_check_ntlm_password() we now call
smb_pam_accountcheck(unix_username, rhost), where rhost
is only an ipv4 or ipv6 address (without reverse dns lookup)
d) From there it calls create_local_token()
As standalone server (in an MIT realm) we continue
with the already existing code logic, which works without a PAC:
a) we keep smb_getpwnam() with create=true logic as it
also requires an explicit 'add user script' option.
b) In the following commits we assert that there's
actually no PAC in this mode, which means we can
remove unused and confusing code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14646
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
As we want to reduce use of 'classic domain controller' role but FreeIPA
relies on it internally, add a separate role to mark FreeIPA domain
controller role.
It means that role won't result in ROLE_STANDALONE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We always require a running winbindd on a domain member, so
we should better fail a request instead of silently alter
the behaviour, which results in a different unix token, just
because winbindd might be restarted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
So far we tried getpwnam("DOMAIN\account") first and
always did a fallback to getpwnam("account") completely
ignoring the domain part, this just causes problems
as we mix "DOMAIN1\account", "DOMAIN2\account",
and "account"!
As we require a running winbindd for domain member setups
we should no longer do a fallback to just "account" for
users served by winbindd!
For users of the local SAM don't use this code path,
as check_sam_security() doesn't call check_account().
The only case where smb_getpwnam("account") happens is
when map_username() via ("username map [script]") mapped
"DOMAIN\account" to something without '\', but that is
explicitly desired by the admin.
Note: use 'git show -w'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
So far we autocreated local user accounts based on just the
account_name (just ignoring any domain part).
This only happens via a possible 'add user script',
which is not typically defined on domain members
and on NT4 DCs local users already exist in the
local passdb anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is not strictly needed, but makes it easier to audit
that we don't miss important places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is not strictly needed, but makes it easier to audit
that we don't miss important places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is not strictly needed, but makes it easier to audit
that we don't miss important places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is not strictly needed, but makes it easier to audit
that we don't miss important places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We need to make sure that temporary failures don't trigger a fallback
to the local SAM that silently ignores the domain name part for users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
api_RNetShareEnum() unconditionally attempts to reload printers via
delete_and_reload_printers(). Add a lp_load_printers() check to
obey smb.conf "load printers = off" settings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14895
Reported-by: Nate Stuyvesant <nstuyvesant@gmail.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Nov 8 13:27:40 UTC 2021 on sn-devel-184
If we overwrite with ret=0, we return NT_STATUS_OK even when we goto err.
This function should be restructured to use NT_STATUS internally,
and make 'int ret' transitory, but that's a patch for another
time.
Remove knownfail.
BUG: BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Nov 4 09:10:27 UTC 2021 on sn-devel-184
Exposes an existing problem where "ret" is overwritten
in the directory scan.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is used in a hot codepath (directory enumeration) so we should avoiding the
string comparisions by adding an early exit.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 3 17:33:00 UTC 2021 on sn-devel-184
This comes from times before we had pathref fsps. Back then if you wanted to
check if fsp->fh->fd contained a valid value != -1, you'd also first check that
the passed in fsp and fsp->fh are non NULL. With pathref fsps we don't need this
anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14890
RN: Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Not caught be the tests in bugs 14878, 14879 as can_delete_directory_fsp()
doesn't have the same bug.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov 3 14:33:49 UTC 2021 on sn-devel-184
Remove indentation with early return, best reviewed with
git show -b
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 3 08:36:00 UTC 2021 on sn-devel-184
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Nov 1 07:29:47 UTC 2021 on sn-devel-184
Original logic for separating path from base name assumed
that we were using same string to determine offset when
getting the parent dir name (smb_fname->base_name).
Simplify by using parent_dirname() to split the path
from base name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14888
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 30 04:34:53 UTC 2021 on sn-devel-184
Author: eaglegai <eaglegai@163.com>
Signed-off-by: eaglegai <eaglegai@163.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 29 20:29:26 UTC 2021 on sn-devel-184
Still need to add the same logic in can_delete_directory_fsp()
before we can delete the knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Fix the comments to match what the code actually does. The
exit at the end of the scan directory loop if we find a client
visible filename is a change in behavior, but the previous
behavior (not exist on visible filename, but delete it) was
a bug and in non-tested code. Now it's testd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 20 12:54:54 UTC 2021 on sn-devel-184
This should come from lib/replace/replace.h to cope with
system (MacOSX etc.) differences.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 14 19:51:59 UTC 2021 on sn-devel-184
This adds two options that are used by the Spotlight query parser to optionally
ignore unknown attributes or types in a query.
elasticsearch:ignore unknown attribute = yes | no (default: no)
elasticsearch:ignore unknown type = yes | no (default: no)
Example Spotlight query with unknown attributes and type:
kMDItemContentType=="public.calendar-event"||kMDItemSubject=="Kalender*"cdw||
kMDItemTitle=="Kalender*"cdw||kMDItemTopic=="Kalender*"cdw||
kMDItemTextContent=="Kalender*"cd||*=="Kalender*"cdw||
kMDItemTextContent=="Kalender*"cdw
The unknown attributes are "kMDItemTopic" and "kMDItemSubject". The unkown type
is "public.calendar-event".
Currently the parser will outright fail to parse the query and the search will
enter an error state.
To give users some control over the mapping the above options can be used to
tell the parser to simply ignore such unknown attributes and types.
(meta.title:Kalender* OR content:Kalender* OR Kalender* OR content:Kalender*)
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Lower the debug levels to debug from error. No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
We need to include rpc/types.h first to include this header.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 13 02:33:05 UTC 2021 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The format string uses PRIx64, so we should be using uint64_t and not
uintmax_t.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
On macOS environ is defined to (*_NSGetEnviron()) in lib/replace/replace.h
and otherwise the `extern char **environ` can be found there.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Don't use path-based calls.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14685
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 12 18:14:27 UTC 2021 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14852
Handling of logfile name for main and child winbindd must ensure:
1) Log directory is selected in this order:
* -l option of winbindd
* "log file" parameter in smb.conf
* compile time value '/usr/local/samba/var'
2) Log filename pattern
* parent process uses log.winbindd
* child uses log.wb-<name>
3) Log reopen works for both parent and child (i.e. log filename is not changed)
* kill -HUP <pid>
* smbcontrol <pid> reload-config
This commit removes 3 calls of is_default_dyn_LOGFILEBASE() to make sure that:
- 1st removal: child uses log.wb-<name> after the fork
- 2nd removal: child after HUP signal, does not switch to log.winbindd
- 3rd removal: child after smbcontrol reload-config, does not switch to
log.winbindd
Interesting commits: bfa1b2a81484b7f33b015a4cd1f7a371
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This will ensure we *always* call into the VFS_SMB_CHDIR backends
on security context switch. The $cwd was an optimization that
was only looking at the raw filesystem path. We could delete it
completely but that is a patch for another day.
Remove knownfail on regression test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682
RN: vfs_shadow_copy2: core dump in make_relative_path
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 8 21:28:04 UTC 2021 on sn-devel-184
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 8 20:21:21 UTC 2021 on sn-devel-184
We missed these values which follow from MS-FSCC 2.3.80 “FSCTL_OFFLOAD_READ
Reply”:
Flags (4 bytes):
A 32-bit unsigned integer that indicates which flags were returned for this
operation. Possible values for the flags follow. All unused bits are reserved
for future use, SHOULD be set to 0, and MUST be ignored.
OFFLOAD_READ_FLAG_ALL_ZERO_BEYOND_CURRENT_RANGE (0x00000001)
=> The data beyond the current range is logically equivalent to zero.
TransferLength (8 bytes):
A 64-bit unsigned integer that contains the amount, in bytes, of data that the
Token logically represents. This value indicates a contiguous region of the
file from the beginning of the requested offset in the FileOffset field in the
FSCTL_OFFLOAD_READ_INPUT data element (section 2.3.79). This value can be
smaller than the CopyLength field specified in the FSCTL_OFFLOAD_READ_INPUT
data element, which indicates that less data was logically
represented (logically read) with the Token than was requested. The value of
this field MUST be greater than 0x0000000000000000 and MUST be aligned to a
logical sector boundary on the volume.
As we currently only implement COPY_CHUNK over the OFFLOAD VFS interface, the
VFS COPY_CHUNK backend in vfs_default just sets both values to 0 and they are
unused in the SMB frontend.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Make this available as a shared structure for both source3 and source4
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
