| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
* CVE-2022-32746 Use-after-free occurring in database audit logging module (bug 15009)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
|
| |
This aims to minimise usage of the error-prone pattern of searching for
a just-added message element in order to make modifications to it (and
potentially finding the wrong element).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, there are many places where we use ldb_msg_add_empty() to add
an empty element to a message, and then call ldb_msg_add_value() or
similar to add values to that element. However, this performs an
unnecessary search of the message's elements to locate the new element.
Moreover, if an element with the same attribute name already exists
earlier in the message, the values will be added to that element,
instead of to the intended newly added element.
A similar pattern exists where we add values to a message, and then call
ldb_msg_find_element() to locate that message element and sets its flags
to (e.g.) LDB_FLAG_MOD_REPLACE. This also performs an unnecessary
search, and may locate the wrong message element for setting the flags.
To avoid these problems, add functions for appending a value to a
message, so that a particular value can be added to the end of a message
in a single operation.
For ADD requests, it is important that no two message elements share the
same attribute name, otherwise things will break. (Normally,
ldb_msg_normalize() is called before processing the request to help
ensure this.) Thus, we must be careful not to append an attribute to an
ADD message, unless we are sure (e.g. through ldb_msg_find_element())
that an existing element for that attribute is not present.
These functions will be used in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
message
Using the newly added ldb flag, we can now detect when a message has
been shallow-copied so that its elements share their values with the
original message elements. Then when adding values to the copied
message, we now make a copy of the shared values array first.
This should prevent a use-after-free that occurred in LDB modules when
new values were added to a shallow copy of a message by calling
talloc_realloc() on the original values array, invalidating the 'values'
pointer in the original message element. The original values pointer can
later be used in the database audit logging module which logs database
requests, and potentially cause a crash.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When making a shallow copy of an ldb message, mark the message elements
of the copy as sharing their values with the message elements in the
original message.
This flag value will be heeded in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
|
|
|
|
|
|
| |
Now unrelated flags will no longer affect the result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
|
|
|
|
|
|
|
|
| |
flags equality check
Now unrelated flags will no longer affect the result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
|
|
|
|
|
|
|
|
| |
equality check
Now unrelated flags will no longer affect the result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
|
|
|
|
|
|
| |
Now unrelated flags will no longer affect the result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LDB_FLAG_MOD_* values are not actually flags, and the previous
comparison was equivalent to
(el->flags & LDB_FLAG_MOD_MASK) == 0
which is only true if none of the LDB_FLAG_MOD_* values are set, so we
would not successfully return if the element was a DELETE. Correct the
expression to what it was intended to be.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LDB_FLAG_MOD_* values are not actually flags, and the previous
comparison was equivalent to
(el->flags & LDB_FLAG_MOD_MASK) == 0
which is only true if none of the LDB_FLAG_MOD_* values are set. Correct
the expression to what it was probably intended to be.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LDB_FLAG_MOD_* values are not actually flags, and the previous
comparison was equivalent to
(req_msg->elements[el_idx].flags & LDB_FLAG_MOD_MASK) != 0
which is true whenever any of the LDB_FLAG_MOD_* values are set. Correct
the expression to what it was probably intended to be.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
|
|
|
|
|
|
|
| |
If an account has an SPN that requires Write Property to set, we should
still be able to delete it with just Validated Write.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
|
|
|
|
| |
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
|
|
|
|
| |
Signed-off-by: Jule Anger <janger@samba.org>
|
|
|
|
| |
Signed-off-by: Jule Anger <janger@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Consider the following AD topology where all trusts are parent-child
trusts:
ADOM.AFOREST.AD
|
ACHILD.ADOM.AFOREST.AD
|
AGRANDCHILD.ACHILD.ADOM.AFOREST.AD <-- Samba joined
When logging into the Samba machine using pam_winbind with kerberos enabled
with user ACHILD\user1, the ccache content is:
Default principal: user1@ACHILD.ADOM.AFOREST.AD
Valid starting Expires Service principal
07/06/2022 16:09:23 07/06/2022 16:14:23 krbtgt/ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD
renew until 07/13/2022 16:09:23
--> 07/06/2022 16:09:23 07/06/2022 16:14:23 krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT ticket
renew until 07/13/2022 16:09:23
07/06/2022 16:09:23 07/06/2022 16:14:23 SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
renew until 07/13/2022 16:09:23
But when logging in with user ADOM\user1, the ccache content is:
Default principal: user1@ADOM.AFOREST.AD
Valid starting Expires Service principal
07/06/2022 16:04:37 07/06/2022 16:09:37 krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD
renew until 07/13/2022 16:04:37
07/06/2022 16:04:37 07/06/2022 16:09:37 SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
renew until 07/13/2022 16:04:37
MIT does not store the intermediate TGTs when there is more than one hop:
ads_krb5_cli_get_ticket: Getting ticket for service [SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD] using creds from [FILE:/tmp/krb5cc_11105] and impersonating [(null)]
Getting credentials user1@ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD using ccache FILE:/tmp/krb5cc_11105
Starting with TGT for client realm: user1@ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD
Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ADOM.AFOREST.AD using TGT krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD
Sending request to ADOM.AFOREST.AD
Received answer from stream 192.168.101.32:88
TGS reply is for user1@ADOM.AFOREST.AD -> krbtgt/ACHILD.ADOM.AFOREST.AD@ADOM.AFOREST.AD with session key rc4-hmac/D88B
--> Received TGT for offpath realm ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT ticket is not stored
Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD using TGT krbtgt/ACHILD.ADOM.AFOREST.AD@ADOM.AFOREST.AD
Sending request (1748 bytes) to ACHILD.ADOM.AFOREST.AD
Received answer (1628 bytes) from stream 192.168.101.33:88
TGS reply is for user1@ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD with session key rc4-hmac/D015
--> Received TGT for service realm: krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT is not stored
Requesting tickets for SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD, referrals on
Sending request (1721 bytes) to AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
Received answer (1647 bytes) from stream 192.168.101.34:88
TGS reply is for user1@ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD with session key aes256-cts/345A
Received creds for desired service SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
Storing user1@ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_11105
In the case of ACHILD\user1:
ads_krb5_cli_get_ticket: Getting ticket for service [SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD] using creds from [FILE:/tmp/krb5cc_2000] and impersonating [(null)]
Getting credentials user1@ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD using ccache FILE:/tmp/krb5cc_2000
Starting with TGT for client realm: user1@ACHILD.ADOM.AFOREST.AD -> krbtgt/ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD
Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD using TGT krbtgt/ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD
Sending request to ACHILD.ADOM.AFOREST.AD
Received answer from stream 192.168.101.33:88
TGS reply is for user1@ACHILD.ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD with session key rc4-hmac/0F60
--> Storing user1@ACHILD.ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_2000 <-- NOTE this TGT is stored
Received TGT for service realm: krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ACHILD.ADOM.AFOREST.AD
Requesting tickets for SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD, referrals on
Sending request (1745 bytes) to AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
Received answer (1675 bytes) from stream 192.168.101.34:88
TGS reply is for user1@ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD with session key aes256-cts/3576
Received creds for desired service SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
Storing user1@ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_2000
The result is that winbindd can't refresh the tickets for ADOM\user1
because the local realm is used to build the TGT service name.
smb_krb5_renew_ticket: Using FILE:/tmp/krb5cc_11105 as ccache for client 'user1@ADOM.AFOREST.AD' and service 'krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD'
Retrieving user1@ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD@ADOM.AFOREST.AD from FILE:/tmp/krb5cc_11105 with result: -1765328243/Matching credential not found (filename: /tmp/krb5cc_11105)
The canonical realm name must be used instead:
smb_krb5_renew_ticket: Using FILE:/tmp/krb5cc_11105 as ccache for client 'user1@ADOM.AFOREST.AD' and service 'krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD'
Retrieving user1@ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD from FILE:/tmp/krb5cc_11105 with result: 0/Success
Get cred via TGT krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD after requesting krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD (canonicalize off)
Sending request to ADOM.AFOREST.AD
Received answer from stream 192.168.101.32:88
TGS reply is for user1@ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD with session key aes256-cts/8C7B
Storing user1@ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD@ADOM.AFOREST.AD in FILE:/tmp/krb5cc_11105
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul 12 12:38:55 UTC 2022 on sn-devel-184
(cherry picked from commit 116af0df4f74aa450cbb77c79f8cac4bfc288631)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Jul 18 09:40:12 UTC 2022 on sn-devel-184
|
|
|
|
|
|
|
|
|
|
|
| |
The function can build the service principal itself, there is no
need to do it in the caller. This removes code duplication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 8bef8e3de9fc96ff45319f80529e878977563f3a)
|
|
|
|
|
|
|
|
|
|
|
| |
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15118
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Jul 12 13:33:14 UTC 2022 on sn-devel-184
(cherry picked from commit 11d3d2aeac599ebbedd5332c5520465970319448)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Split lib/krb5/crypto to its own subsystem to built with its own CFLAGS
and avoid the following error:
[1510/4771] Compiling third_party/heimdal/lib/krb5/crypto.c
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘_krb5_internal_hmac’:
../../third_party/heimdal/lib/krb5/crypto.c:302:24: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual]
302 | iov[0].data.data = (void *) data;
| ^
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘derive_key_sp800_hmac’:
../../third_party/heimdal/lib/krb5/crypto.c:2427:18: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual]
2427 | label.data = (void *)constant;
| ^
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal_derived’:
../../third_party/heimdal/lib/krb5/crypto.c:1280:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free]
1280 | free(p);
| ^~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c:1278:20: note: call to ‘realloc’ here
1278 | result->data = realloc(p, l);
| ^~~~~~~~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal_enc_then_cksum’:
../../third_party/heimdal/lib/krb5/crypto.c:1365:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free]
1365 | free(p);
| ^~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c:1363:20: note: call to ‘realloc’ here
1363 | result->data = realloc(p, l);
| ^~~~~~~~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal’:
../../third_party/heimdal/lib/krb5/crypto.c:1431:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free]
1431 | free(p);
| ^~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c:1429:20: note: call to ‘realloc’ here
1429 | result->data = realloc(p, l);
| ^~~~~~~~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal_special’:
../../third_party/heimdal/lib/krb5/crypto.c:1478:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free]
1478 | free(p);
| ^~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c:1476:20: note: call to ‘realloc’ here
1476 | result->data = realloc(p, sz);
| ^~~~~~~~~~~~~~
cc1: all warnings being treated as errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Tue Jun 14 10:16:18 UTC 2022 on sn-devel-184
(cherry picked from commit 971441ca5244b0e56f6b664d785fcefa3867ede1)
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 89e0c732b1c45f6498ed0f39add77c2a52afddce)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 86f7af84 introduced a problem that a chown is always attempted,
even when the owning gid did not change. Then the ACL is set in the file
system as root. Fix the check by correctly comparing with gid, not uid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15120
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Wed Jul 13 17:30:30 UTC 2022 on sn-devel-184
(cherry picked from commit a6ccceb97ebd43d453ae4f835927cbacde0fdcef)
|
|
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15106
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit fbf134c8d9e2fe0615824eee6ae7ccdbef4b59dc)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Jul 11 11:33:49 UTC 2022 on sn-devel-184
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15106
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d96a6cafe558eedc0419affc784049f915d0a6a2)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you pass in dirfsp!=conn->cwd_fsp and a stream fsp, we don't chdir
to the parent pathname, and thus we also don't overwrite
fsp->base_fsp.
fsp->base_fsp!=NULL is thus the wrong condition to restore the
original base fsp name: If we open a stream with a non-cwd_fsp dirfsp,
we would overwrite fsp->base_fsp->fsp_name with NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15105
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 280e9191cbf8a766e69ab138450f2beccbedd879)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the new dcerpc architecture we need to keep printer-list.tdb
around. A spoolss dcerpc call will start rpc-spoolssd which will then
start the background queue process. However in order to enum the
printers we need have a printer-list.tdb. Depending on the number of
printers this task can take several seconds. It is unlinkly that
the printer-list will change all the time, so we might provide outdated
data till it gets refreshed, but this is better than providing no
printer list at all.
If there are a lot of printers, the idle_seconds for the rpc-spoolssd
should be increased so that the background task can finish.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15082
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9080cd30d517cb50954e440bb4475c2eeb678906)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Error: ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15108
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 8458449ddf1a5c939784116aa3f9d21edaf93a05)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Jun 27 08:25:10 UTC 2022 on sn-devel-184
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
streams_xattr_unlinkat() as used in streams_xattr_renameat().
vfs_fruit passes a synthetic filename here where smb_fname->fsp==NULL
when configured to use "fruit:resource = stream" so we need to use
synthetic_pathref() to get an fsp on the smb_fname->base_name
in order to call SMB_VFS_FREMOVEXATTR().
This is the same change we already use in streams_xattr_renameat()
and streams_xattr_stat(), the other pathname operations we implement
here.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15099
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Jun 20 14:24:20 UTC 2022 on sn-devel-184
(backported from commit 808a7b8b76dbcaac1db0508fd410d0bcf702af7a)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Thu Jun 23 08:43:30 UTC 2022 on sn-devel-184
|
|
|
|
|
|
|
|
|
|
|
|
| |
fruit:resource = stream on deleting a file.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15099
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(backported from commit 238b2cbb8f352375c448d86b462f13752640e16b)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
since 4cc4938a2866738aaff4dc91550bb7a5ad05d7fb do_list seems
to deal with non dfs root path, hence we need to resolve the
path before calling cli_unlink.
Also remove the knownfail
We additionally have to also remove the fallback to remove 'file3'
int the smbcacls_dfs_propagate_inherit.teardown as the deltree
that happens in the baseclass now succeeds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 17 17:12:07 UTC 2022 on sn-devel-184
(cherry picked from commit 81fdcf95ae92a02f83501753dec0f29ddd555eeb)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Jun 20 10:56:52 UTC 2022 on sn-devel-184
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
deltree of a file on a DFS share results in NT_STATUS_OBJECT_PATH_NOT_FOUND
Addionally add a knownfail for this (to be removed in subsequent patch
to fix bug)
We also need to add a knownfail (which will not be removed) for the
new test which will fail in smb1 envs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 23a5a05db03a8f14ab701005a8bec9a3eeff3d77)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
since 4cc4938a2866738aaff4dc91550bb7a5ad05d7fb do_list seems
to deal with non dfs root path, hence we need to resolve the
path before calling cli_unlink.
Also remove the knownfail
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7c4cb4982330cd2eda53950e977179920b1e3b04)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
del of a file on a DFS share results in NT_STATUS_OBJECT_PATH_NOT_FOUND
Addionally add a knownfail (will be removed in following patch to
fix the bug)
We also need to add a knownfail (which will not be removed) for the
new test which will fail in smb1 envs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit db1b4df0ab3b18821da3c2dbe6d6058f0c3019b8)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also add another node within msdfs-share2 pointing to normal share
This patch is in preperation for creating a test for 'del' &
'deltree' on DFS shares. The extra redirection is necessary to
reproduce the bug
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 39672a9676bff53d3ccc0ad7c1fa65a95cbceaab)
|
|
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15097
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 7009fb1a10c579262dfa62894ea674197fcee354)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Sat Jun 18 09:55:28 UTC 2022 on sn-devel-184
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The first time round we maybe didn't know which files we wanted to log to.
Suppose, for example, we had an smb.conf with
log level = 1 dsdb_group_json_audit:5@/var/log/group_json.log
we wouldn't see anything in "/var/log/group_json.log", while the level
5 dsdb_group_json_audit messages would go into the main log.
Note that the named file would still be opened by winbindd and others
that use the s3 code, but would remain empty as they don't have anything
to say about dsdb_group_json_audit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15076
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 9537ac723cfdc43e718fdd08dc28883e7057a372)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems nothing has changed since 9.16 for our purposes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14986
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andreas Hasenack <andreas@canonical.com>
Pair-programmed-with: Andreas Hasenack <andreas@canonical.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Mon May 23 00:53:09 UTC 2022 on sn-devel-184
(cherry picked from commit 03036442deac25f58be4119e6c9ce2586e0abf51)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Directly using dbgtext() with file logging results in a log entry with
no header, which is wrong. This is a regression, introduced in commit
10d15c9e5dfe4e8595d0b322c96f474fc7078f46. Prior to this, CTDB's
callback for file logging would always add a header.
Use DEBUG() instead dbgtext(). Note that DEBUG() effectively compares
the passed script_log_level with DEBUGLEVEL, so an explicit check is
no longer necessary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jun 16 13:33:10 UTC 2022 on sn-devel-184
(cherry picked from commit e752f841e682cc571006c09249b03d82aea5f8cd)
|
|
|
|
|
|
|
|
|
|
|
|
| |
These aren't set anywhere in the code.
Drop the log argument because it is also no longer used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 88f35cf86285b7a818282d5f465711de66dfad59)
|
|
|
|
|
|
|
|
|
|
| |
This allows ctdb_set_child_logging() to work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 1596a3e84babb8fdd86af0c4b98906b309be7907)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CTDB doesn't want this redirection of stderr to the log file. It
expects to be able to capture stderr of subprocesses and log them with
a header. This redirection stops that from happening.
Unfortunately this has to be a negative option (i.e. "no" in the name)
so that the default of 0/false maintains existing behaviour.
Note that the default behaviour is sub-optimal because it causes raw
data (i.e. debug data without a header) to appear in the log.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit a8091bd0c565a3f14542731e642319dbb68b4786)
|
|
|
|
|
|
| |
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
|
|
|
|
| |
Signed-off-by: Jule Anger <janger@samba.org>
|
|
|
|
| |
Signed-off-by: Jule Anger <janger@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This partly reverts commit 620de975f147ac9427b51ea0e1e3eabda443d4b6.
Drop chunk including system/nis.h, drop wscript_build modifications,
use getdomainname() from glibc instead of yp_get_default_domain() from
libnsl.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b3034f1209a6c45873882415c4291dde7eee76db)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Sun Jun 12 10:17:00 UTC 2022 on sn-devel-184
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This partly reverts commit edda7a329e5bed442418de9782cec9f567092aae.
Revert the chunks related to netgroups and skip NIS support related ones.
Use getdomainname() from glibc instead of yp_get_default_domain() from
libnsl to get the NIS domain name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 21796ef8f807d88e01627dc993b757e251788980)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This partly reverts commit a72bc3e15d3ed62e9ad2c0a97ce5d6d653abb048.
Revert only the chunks related to netgroups and skip NIS related ones.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f74e284a9d7fa8dc45f22b70dcea27f1aa8bd232)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This partly reverts commit 6dc463d3e2eb229df1c4f620cfcaf22ac71738d4.
Reverted to allow next revert commits to apply cleanly. Do not recreate
selftest/knownfail.d/usernamemap file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit dbf3d217e3424fae64d9bd00e4762dc4d2bda6c2)
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix build problems
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15071
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(v4-16-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-16-test): Thu Jun 9 12:14:04 UTC 2022 on sn-devel-184
|