summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* VERSION: Disable GIT_SNAPSHOTS for the 4.4.12 releasesamba-4.4.12Karolin Seeger2017-03-231-1/+1
| | | | | | | CVE-2017-2619: Symlink race allows access outside share definition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 4.4.12.Karolin Seeger2017-03-231-2/+73
| | | | | | | CVE-2017-2619: Symlink race allows access outside share definition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Karolin Seeger <kseeger@samba.org>
* CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function.Jeremy Allison2017-03-221-1/+22
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races.Jeremy Allison2017-03-221-0/+237
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a ↵Jeremy Allison2017-03-221-17/+26
| | | | | | | | | utility function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW ↵Jeremy Allison2017-03-221-5/+1
| | | | | | | | | existing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR ↵Jeremy Allison2017-03-221-8/+7
| | | | | | | | | not supported on system. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to ↵Jeremy Allison2017-03-221-5/+5
| | | | | | | | | just before retuning success. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error.Jeremy Allison2017-03-221-1/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns.Jeremy Allison2017-03-221-13/+21
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir().Jeremy Allison2017-03-221-9/+61
| | | | | | | | | Hardens OpenDir against TOC/TOU races. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR ↵Jeremy Allison2017-03-221-8/+8
| | | | | | | | | failed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation ↵Jeremy Allison2017-03-221-1/+14
| | | | | | | | | for making robust. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* CVE-2017-2619: s4/torture: add SMB2_FIND tests with ↵Ralph Boehme2017-03-221-2/+10
| | | | | | | | | SMB2_CONTINUE_FLAG_REOPEN flag Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir()Ralph Boehme2017-03-221-0/+17
| | | | | | | | | | dptr_CloseDir() will close and invalidate the fsp's file descriptor, we have to reopen it. Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* VERSION: Bump version up to Samba 4.4.12...Karolin Seeger2017-03-171-2/+2
| | | | | | | and re-enable GIT_SNAPSHOTS. Signed-off-by: Karolin Seeger <kseeger@samba.org> (cherry picked from commit ca33b7c71f5851198e5224c58856be0e8aa6425f)
* VERSION: Disable GIT_SNAPSHOTS for the Samba 4.4.11 release.samba-4.4.11Karolin Seeger2017-03-161-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Fix date.Karolin Seeger2017-03-161-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 4.4.11.Karolin Seeger2017-03-141-2/+57
| | | | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org> Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-4-test): Tue Mar 14 16:30:22 CET 2017 on sn-devel-144
* manpages/vfs_fruit: document global optionsRalph Boehme2017-03-141-56/+99
| | | | | | | | | | Some options MUST be set in the global section, better document that. Bug: https://bugzilla.samba.org/show_bug.cgi?id=12615 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 0c212c50b59081583572f807cf5214037d1517c4)
* s4/torture: some tests for kernel oplocksRalph Boehme2017-03-145-1/+150
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (backported from commit fd03420c4f59d3248b80d07a302d1404ce78b09f)
* s3/selftest: adopt config.h check from source4Ralph Boehme2017-03-141-13/+19
| | | | | | | | | | No change in behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (backported from commit 6e54d8d2bda2c9232676f8c08c626f22de50f52b)
* s3/smbd: fix deferred open with streams and kernel oplocksRalph Boehme2017-03-141-11/+103
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I noticed smbd can get stuck in an open() call with kernel oplocks enabled and named streams (provided by vfs_streams_xattr): - client opens a file and with an exclusive oplock - client starts writing to the file - client opens an existing stream of the file - the smbd process gets stuck in an open() What happens is: we had setup a locking.tdb record watch in defer_open(), the watch was triggered, we reattempted the open and got stuck in a blocking open because the oplock holder (ourselves) hadn't given up the oplock yet. Cf e576bf5310bc9de9686a71539e9a1b60b4fba5cc for the commit that added the kernel oplock retry logic. tldr: with kernel oplocks the first open is non-blocking, but the second one is blocking. Detailed analysis follows. When opening a named stream of a file, Samba internally opens the underlying "base" file first. This internal open of the basefile suceeds and does *not* trigger an oplock break (because it is an internal open that doesn't call open() at all) but it is added as an entry to the locking.tdb record of the file. Next, the stream open ends up in streams_xattr where a non-blocking open() on the base file is called. This open fails with EWOULDBLOCK because we have another fd with a kernel oplock on the file. So we call defer_open() which sets up a watch on the locking.tdb record. In the subsequent error unwinding code in open_file_ntcreate() and callers we close the internal open file handle of the basefile which also removes the entry from the locking.tdb record and so *changes the record*. This fires the record watch and in the callback defer_open_done() we don't check whether the condition (oplock gone) we're interested in is actually met. The callback blindly reschedules the open request with schedule_deferred_open_message_smb(). schedule_deferred_open_message_smb() schedules an immediate tevent event which has precedence over the IPC fd events in messaging, so the open is always (!) reattempted before processing the oplock break message. As explained above, this second open will be a blocking one so we get stuck in a blocking open. It doesn't help to make all opens non-blocking, that would just result in a busy loop failing the open, as we never process the oplock break message (remember, schedule_deferred_open_message_smb() used immediate tevent events). To fix this we must add some logic to the record watch callback to check whether the record watch was done for a kernel oplock file and if yes, check if the oplock state changed. If not, simply reschedule the deferred open and keep waiting. This logic is only needed for kernel oplocks, not for Samba-level oplocks, because there's no risk of deadlocking, the worst that can happen is a rescheduled open that fails again in the oplock checks and gets deferred again. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (backported from commit b35a296a27a0807c780f2a9e7af2f2e93feefaa8)
* s3/smbd: all callers of defer_open() pass a lckRalph Boehme2017-03-141-31/+33
| | | | | | | | | | | No change in behaviour. Update the function comment explaining how it works and relies on lck for a record watch. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (backported from commit 1a6c82e5d5a3462827ee3fe1edab01f535f831a9)
* s3/smbd: remove async_open arg from defer_open()Ralph Boehme2017-03-141-6/+4
| | | | | | | | | | All remaining callers pass false. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 7fa2f1159437c9f1aa47f51e65655b4d9afa5c0a)
* s3/smbd: fix schedule_async_open() timerRalph Boehme2017-03-141-5/+37
| | | | | | | | | | | | | | | | | | | schedule_async_open() was calling defer_open with sharemode lock = NULL, as a result there was never an active 20 s timeout. This has been broken since the commits in $ git log --reverse -p -10 8283fd0e0090ed12b0b12d5acb550642d621b026 Just roll our own deferred record instead of calling defer_open() and also set up timer that, as a last resort, catches stuck opens and just exits for now. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit ad8c36125f72e0d5f9ebfc94037a4ae9e7608aad)
* s3/smbd: add and use retry_open() instead of defer_open() in two placesRalph Boehme2017-03-141-4/+36
| | | | | | | | | | | | | | | | | | | | | | | Add a new function that does an immediate open rescheduling. The first deferred open this commit changes was never scheduled, as the scheduling relies on a timeout of the watch on the sharemode lock. This has been broken since the commits in $ git log --reverse -p -10 8283fd0e0090ed12b0b12d5acb550642d621b026 That patchset added the dbwrap watch record logic to defer_open() and removed the timers. I'm doing this mainly to untangle the defer_open() logic which is complicated by the lck arg. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit beaba6222848fb4ff4392b2247c5be1094b1d65b)
* s3/smbd: simplify defer_open()Ralph Boehme2017-03-141-55/+58
| | | | | | | | | | | | | | | Add a helper function deferred_open_record_create() that creates a deferred_open_record and let all callers pass all needed arguments individually. While we're at it, enhance the debug message in defer_open() to print all variables. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit b17ff9b181b7b9730d32534e720c45faabfa6799)
* s3/smbd: req is already validated at the beginning of open_file_ntcreate()Ralph Boehme2017-03-141-3/+1
| | | | | | | | | | | req can't be NULL because the if condition surrounding this code checks !(oplock_request & INTERNAL_OPEN_ONLY). Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 8580adc1d968304b69237f289d13950972394b48)
* s3/smbd: add comments and some reformatting to open_file_ntcreate()Ralph Boehme2017-03-141-12/+33
| | | | | | | | | | No change in behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit f5631f6b3520326d4c9a6bae5636fd8d53e66b29)
* s3/smbd: add const to get_lease_type() argsRalph Boehme2017-03-142-2/+4
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 6924e72ade20e98ac470fcb6ba7120c61b06bb0f)
* s3/wscript: fix Linux kernel oplock detectionRalph Boehme2017-03-141-3/+3
| | | | | | | | | | | Fix a copy/paste error, the Linux kernel oplocks check was copied from the change notify support check. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit fe473f805af885a23bb16046c9d26d756e164f30)
* replace: Include sysmacros.hAndreas Schneider2017-03-141-0/+4
| | | | | | | | | | | | | In the GNU C Library, "makedev" is defined by <sys/sysmacros.h>. For historical compatibility, it is currently defined by <sys/types.h> as well, but it is planned to remove this soon. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12686 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 0127bdd33b251a52c6ffc44b6cb3b82b16a80741)
* smbd: Do an early exit on negprot failureVolker Lendecke2017-03-131-7/+16
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12610 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit cf9acf9a3da932fca115967eb3d9d9ed48fcbbfc) Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-4-test): Mon Mar 13 13:03:15 CET 2017 on sn-devel-144
* vfs_fruit: enabling AAPL extensions must be a global switchRalph Boehme2017-03-131-4/+8
| | | | | | | | | | | | | | | | | | Apple's SMB2 AAPL extension is enabled once per SMB2 connection. Unfortunately the (per se correct) fix for bug #12541 results in vfs_fruit checking a per tcon config state variable to determine whether AAPL has been negotiated. This variable will be false for all but the first tcon. We must make it a global variable. Bug: https://bugzilla.samba.org/show_bug.cgi?id=12604 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Autobuild-User(master): Uri Simchoni <uri@samba.org> Autobuild-Date(master): Thu Mar 2 04:34:10 CET 2017 on sn-devel-144 (cherry picked from commit 41204a4972ea62b7b656ad81e24bd052990f7e87)
* s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained.Jeremy Allison2017-03-061-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | When the send queue grows greater than xconn->smb2.credits.max/16, smbd_smb2_request_next_incoming() doesn't allocate a new request in state->req. After smbd_smb2_io_handler() is called, it marks the fd not readable as state->req == NULL, and never marks it readable again. Fix by calling smbd_smb2_request_next_incoming() to restart reads inside smbd_smb2_flush_send_queue() which drains the send queue. Reported by <chen.yehua@h3c.com> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12608 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Mar 3 02:23:20 CET 2017 on sn-devel-144 (cherry picked from commit 1e0c79ddb34be9a2b9fa92d35387c443c4a381ae) Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-4-test): Mon Mar 6 16:02:16 CET 2017 on sn-devel-144
* s3:winbindd: fix endless forest trust scanStefan Metzmacher2017-03-062-0/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 0392ebcd1d48e9f472f2148b85316a77d9cc953b effectively disabled the enumeration of trusts in other forests. The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691 changed the way we fill domain->domain_flags for domains in other forests. Commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6 readded the ability to enumerate trusts of other forests again, in order to fix https://bugzilla.samba.org/show_bug.cgi?id=11830 Now we have the problem that multiple domains (even outside of our forest) are considert to be our forest root, as they have the following flags: NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Thu Mar 2 17:53:14 CET 2017 on sn-devel-144 (cherry picked from commit f9aaddcdd8f9ea648c9c5ea804f56ee3ff6c4c67)
* vfs_fruit: only veto AppleDouble files with fruit:resource=fileRalph Boehme2017-03-062-7/+14
| | | | | | | | | | | | | vfs_fruit only creates AppleDouble files itself when "fruit:resource" is set to "file" (the default). It is only then the these AppleDouble files should be treated as an internal representation and should be inaccessible from clients. Bug: https://bugzilla.samba.org/show_bug.cgi?id=12526> Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> (cherry picked from commit 708767da8c366c021d6d15a3ae71d009357c3320)
* VERSION: Bump version up to 4.4.11...Karolin Seeger2017-03-011-2/+2
| | | | | | and re-enable git snapshots. Signed-off-by: Karolin Seeger <kseeger@samba.org>
* VERSION: Disable GIT_SNAPSHOTS for the 4.4.10 release.samba-4.4.10Karolin Seeger2017-03-011-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 4.4.10.Karolin Seeger2017-03-011-2/+109
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* s3:winbindd: allow a fallback to NTLMSSP for LDAP connectionsStefan Metzmacher2017-02-281-0/+2
| | | | | | | | | | | | | | | This matches the behaviour of pdb_get_trust_credentials() for our machine account and allows us to fallback to NTLMSSP when contacting trusted domains. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 4e9a0894cd977585ccc94e7c1811de1b0293382d) Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-4-test): Tue Feb 28 13:13:04 CET 2017 on sn-devel-144
* s3:libads: add more debugging to ads_sasl_spnego_bind()Stefan Metzmacher2017-02-281-1/+24
| | | | | | | | | Any fallbacks to other authentication methods should be logged. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598 Signed-off-by: Stefan Metzmacher <metze@samba.org> (similar to commit ea0bc12ba52166032d5112ee22ab53d831c13e86)
* s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()Stefan Metzmacher2017-02-281-11/+0
| | | | | | | | | | | | | | The implementation of pdb_get_trust_credentials() should have all the details to set the kerberos_state to a useful value. This should enable the fallback to NTLMSSP again, when using our machine account against trusted domains. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 51caeb7c538b7546e5feccf27a735bb803c78a0b)
* s3:winbindd: add more debugging to cm_prepare_connection()Stefan Metzmacher2017-02-281-10/+31
| | | | | | | | | Any fallbacks to other authentication methods should be logged. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598 Signed-off-by: Stefan Metzmacher <metze@samba.org> (similar to commit ba9d139ec3d71af184a24daf24356304c2e49144)
* s3:passdb: use cli_credentials_set_kerberos_state() for trusts in ↵Stefan Metzmacher2017-02-281-0/+17
| | | | | | | | | | | | | | | | | | | | pdb_get_trust_credentials() Trust accounts can only use kerberos when contacting other AD domains, using NTLMSSP will fail. At the same time it doesn't make sense to try kerberos for NT4 domains, still NTLMSSP will fail, but the callers has to deal with that case and just fallback to an anonymous SMB connection. In all cases we should be able to use NETLOGON SCHANNEL over any anonymous smb or tcp transport. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit d961ae9d14b46708d2693ca91ace04f9f1a53ca2)
* s3:winbindd: fix the valid usage anonymous smb authenticationStefan Metzmacher2017-02-281-5/+5
| | | | | | | | | | | | | | | | If we are in a situation where we don't have credentials to contact the remote domain or against an NT4 with the following settings: workgroup = NT4DOM security = domain require strong key = no client use spnego = no client ipc signing = auto BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587 Signed-off-by: Stefan Metzmacher <metze@samba.org> (similar to commit c97a29bdfdc0020ec0113073580da56f2d35edc1)
* auth/credentials: try to use kerberos with the machine account unless we're ↵Stefan Metzmacher2017-02-281-1/+16
| | | | | | | | | | in an AD domain BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit b845f16d3ca02dd27cc40bbf722426d6f81bb4b7)
* s3:winbindd: try a NETLOGON connection with noauth over NCACN_NP against ↵Stefan Metzmacher2017-02-281-1/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | trusted domains. We're using only NCACN_NP here as we rely on the smb signing restrictions of cm_prepare_connection(). This should fix SMB authentication with a user of a domain behind a transitive trust. With this change winbindd is able to call dcerpc_netr_DsrEnumerateDomainTrusts against the dc of a trusted domain again. This only works for two-way trusts. The main problem is the usage of is_trusted_domain() which doesn't know about the domain, if winbindd can't enumerate the domains in the other forest. is_trusted_domain() is used in make_user_info_map(), which is called in auth3_check_password() before auth_check_ntlm_password(). That means we're mapping the user of such a domain to our own local sam, before calling our auth modules. A much better fix, which removes the usage of is_trusted_domain() in planed for master, but this should do the job for current releases. We should avoid talking to DCs of other domains and always go via our primary domain. As we should code with one-way trusts also, we need to avoid relying on a complete list of domains in future. For now "wbinfo -m" lists domains behind a two-way transitive trust again, but that is likely to change in future again! BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> (cherry picked from commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6)
* s3:winbindd: make sure cm_prepare_connection() only returns OK with a valid ↵Stefan Metzmacher2017-02-281-3/+11
| | | | | | | | | | | | | | tree connect If cm_get_ipc_credentials() returned anonymous creds and signing is required we were returning the result of cm_get_ipc_credentials() instead of the original error. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12588 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (similar to commit cebcc2adc7e568d492466bb69f21ba2a9630a0d2)
View Lorry Controller Status