summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* s4: torture: Ensure a failed file create doesn't create the file.Jeremy Allison2018-04-061-0/+27
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> (cherry picked from commit 53cdf7a9a18ed547eade4c3cdd80d286058e440d)
* s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without ↵Jeremy Allison2018-04-061-0/+12
| | | | | | | | | | delete access. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> (cherry picked from commit 2514bee0a3b0a12430e2679ee590075c54d4803a)
* ctdb-client: Client code should never free the client contextAmitay Isaacs2018-04-061-1/+0
| | | | | | | | This should never have been done. Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net> (cherry picked from commit 376e9794e2d19e8d17b0bdde36ce8a1a205986c6)
* ctdb-client: Add missing initialization of tevent_contextAmitay Isaacs2018-04-061-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13356 Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net> (cherry picked from commit 4e37be92bfb790150b3791bef552aa4acf8f78b7)
* ctdb-client: Do not try to allocate 0 sized recordAmitay Isaacs2018-04-061-7/+12
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13356 Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net> (cherry picked from commit 92a68af1a8473dc2a5d9d6036830f944e968606d)
* Fix invocation of gnutls_aead_cipher_encrypt()Timur I. Bakeyev2018-04-061-3/+3
| | | | | | | | | | | | | | | | Which was failing with GNUTLS_E_SHORT_MEMORY_BUFFER - The given memory buffer is too short to hold parameters. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13352 Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Fri Mar 23 07:25:30 CET 2018 on sn-devel-144 (cherry picked from commit b9f0c7f93c058685e24d104432978bd40b94b49f)
* Allow AESNI to be used on all processor supporting AESNI, not just Intel's ↵Eric Vannier2018-04-061-16/+0
| | | | | | | | | | | | | | | This improves performance/reduced CPU usage. Tests performed: - Ran on Ivy Bridge and Ryzen and verified that AESNI is detected (crypto tests) - Ran on Ryzen, and observed 50% increased speed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13302 Signed-off-by: Eric Vannier <evannier@google.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Björn Jacke <bjacke@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Mar 27 13:50:09 CEST 2018 on sn-devel-144 (cherry picked from commit 77d88d75f6262a855e818a9b2b4018f8b6ced7b0)
* s3: docs: Add documentation for "smb2" and "smb2_credits" debug classes.Jeremy Allison2018-04-061-0/+2
| | | | | | | | https://bugzilla.samba.org/show_bug.cgi?id=13347 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org> (cherry picked from commit fc922bd29b40a20450f16728fa7347f8f83d3bcd)
* s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues.Jeremy Allison2018-04-063-18/+32
| | | | | | | | https://bugzilla.samba.org/show_bug.cgi?id=13347 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org> (cherry picked from commit ad973fddef00d6d92443be89e7f5404006a94d99)
* lib: debug: Add DBGC_XXX versions of the macros to allow class-specific ↵Jeremy Allison2018-04-061-0/+30
| | | | | | | | | | messages. https://bugzilla.samba.org/show_bug.cgi?id=13347 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org> (cherry picked from commit cdde6d93605d15a59e816a35e8e02ca193bf1403)
* s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all ↵Jeremy Allison2018-04-0624-0/+68
| | | | | | | | | | | | smbd/smb2_*.c files with it. Will allow easier smb2-specific debugging. https://bugzilla.samba.org/show_bug.cgi?id=13347 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org> (cherry picked from commit 8dabcf8948c2e514b489169c34673e093519b583)
* lib:replace: Fix linking when libtirpc-devel overwrites system headersNoel Power2018-04-061-1/+9
| | | | | | | | | | | | | Some systems (like SUSE currently) install the new tirpc headers by overwritting the existing system location used by gcc. This patch will detect if the headers in the system location belong to tirpc or not. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13341 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 618c714b6b6c0b63993299b40b9a466adb753cc2)
* s3:smbd: map nterror on smb2_flush errorpathAnton Nefedov via samba-technical2018-04-061-1/+1
| | | | | | | | | | | | smbd_smb2_flush_recv() expects nterror in tevent_req, and otherwise aborts in tevent_req_is_nterror() BUG: https://bugzilla.samba.org/show_bug.cgi?id=13338 Signed-off-by: Anton Nefedov <anton.nefedov@virtuozzo.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 98623129446672521b7fa41d3457b8ce95db828c)
* ctdb-tests: Don't use nc -d or -w optionsMartin Schwenke2018-04-066-6/+6
| | | | | | | | | | | | | | | | | | | nmap-ncat is used in some distributions to replace netcat. It has a different meaning for these options. We can get the same effect as the current combination of -d and -w by piping a sleep process to nc. Subsequent use of $! works because it gets the last process in pipeline. Note that redirecting from /dev/null doesn't work with some versions of nc. They just exit when they get EOF. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13327 Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com> (cherry picked from commit 9e954bcbf43d67a18ee55f84cda0b09028f96b92)
* s3: smbd: Fruit. Make the use of dom_sid_compare_domain() much clearer.Jeremy Allison2018-04-061-2/+3
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 5c909ea4530d4e7e4aa27046c45e3e48b094a411)
* s4: vfs: fruit tests: Add regression test for dealing with NFS ACE entries.Jeremy Allison2018-04-061-0/+171
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Mar 17 04:04:32 CET 2018 on sn-devel-144 (cherry picked from commit a6054c01c29c2507e0d5a6aa110fee4fd5c5eeb9)
* selftest: vfs.fruit: add xattr_tdb where possibleRalph Boehme2018-04-061-6/+6
| | | | | | | | | | This makes the tests indepent from fs xattr support. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 49996ca9324596b6cd72eb8051ca3676dab17191)
* selftest: run vfs.fruit_netatalk test against seperate shareRalph Boehme2018-04-062-1/+11
| | | | | | | | | | | These tests require a fs with xattr support. This allows adding xattr_tdb to all other shares in the next commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 013aaffe7ff0ed4c30495761bb3208c29b3b5de2)
* s3: smbd: vfs_fruit: Replace code in fruit_fget_nt_acl() with ↵Jeremy Allison2018-04-061-28/+7
| | | | | | | | | | remove_virtual_nfs_aces(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 875ff2575feb96d06cf2290e5b6a226b32ef9758)
* s3: smbd: vfs_fruit: Replace code in check_ms_nfs() with ↵Jeremy Allison2018-04-061-37/+1
| | | | | | | | | | remove_virtual_nfs_aces(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit a3c925d80433e3d4fe1b1b315edf6520cacf0a9e)
* s3: smbd: vfs_fruit: Add remove_virtual_nfs_aces() a generic NFS ACE remover.Jeremy Allison2018-04-061-0/+43
| | | | | | | | | | Not yet used, will be used to tidyup existing code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit ef091e2cf836793e2aa533990913609ccab5119a)
* s3: vfs_fruit. Change check_ms_nfs() to remove the virtual ACE's generated ↵Jeremy Allison2018-04-061-1/+42
| | | | | | | | | | | | | | | | by fruit_fget_nt_acl(). Ensures they don't get stored in the underlying ACL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Thu Mar 8 04:09:38 CET 2018 on sn-devel-144 (cherry picked from commit e0b147f650fe59f606d1faffe57059e6e9d7837b)
* s3: vfs_fruit. If the security descriptor was modified, ensure we set the ↵Jeremy Allison2018-04-061-0/+21
| | | | | | | | | | flags correctly to reflect the ACE's left. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 8edad37e476295e25932778721d8ef33713f6853)
* s3: vfs_fruit: Ensure we operate on a copy of the incoming security descriptor.Jeremy Allison2018-04-061-1/+11
| | | | | | | | | | This will allow us to modify it in the next commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 019a1bc4caf3439adcaac48b384e86d84a1ad383)
* s3: vfs_fruit. Ensure we only return one set of the 'virtual' UNIX ACE entries.Jeremy Allison2018-04-061-0/+28
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit e9059c7b40069cfb036bfb95958b78c6a2c800e4)
* s3: smbd: Fix possible directory fd leak if the underlying OS doesn't ↵Jeremy Allison2018-04-061-3/+6
| | | | | | | | | | | | | | | | support fdopendir() HPUX has this problem. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13270 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Feb 23 22:56:35 CET 2018 on sn-devel-144 (cherry picked from commit 5ad5e7966f555b1d2b39d276646934a2cd2535e6)
* s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't ↵Jeremy Allison2018-04-061-0/+9
| | | | | | | | | | | | | | | | | own it here. Thanks to Isaac Boukris <iboukris@gmail.com> for finding the issue and testing this fix. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13244 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jan 26 02:25:20 CET 2018 on sn-devel-144 (cherry picked from commit e7425bd5245ffea68b7e8f794c9b5f864d103769)
* s3:auth: make use of make_{server,session}_info_anonymous()Stefan Metzmacher2018-03-213-6/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's important to have them separated from make_{server,session}_info_guest(), because there's a fundamental difference between anonymous (the client requested no authentication) and guest (the server lies about the authentication failure). When it's really an anonymous connection, we should reflect that in the resulting session info. This should fix a problem where Windows 10 tries to join a Samba hosted NT4 domain and has SMB2/3 enabled. We no longer return SMB_SETUP_GUEST or SMB2_SESSION_FLAG_IS_GUEST for true anonymous connections. The commit message from a few commit before shows the resulting auth_session_info change. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Mar 16 03:03:31 CET 2018 on sn-devel-144 (cherry picked from commit 1957bf11f127fc08c6622999cadc7dd580ac7d3b) Autobuild-User(v4-8-test): Stefan Metzmacher <metze@samba.org> Autobuild-Date(v4-8-test): Wed Mar 21 02:29:57 CET 2018 on sn-devel-144
* s3:rpc_server: make use of make_session_info_anonymous()Stefan Metzmacher2018-03-201-6/+3
| | | | | | | | | | | For unauthenticated connections we should default to a session info with an anonymous nt token. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 0ee9a550944034718ea188b277cca4b6fc5fbc5c)
* s3:auth: add make_{server,session}_info_anonymous()Stefan Metzmacher2018-03-202-1/+146
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's important to have them separated from make_{server,session}_info_guest(), because there's a fundamental difference between anonymous (the client requested no authentication) and guest (the server lies about the authentication failure). The following is the difference between guest and anonymous token: security_token: struct security_token - num_sids : 0x0000000a (10) - sids: ARRAY(10) - sids : S-1-5-21-3793881525-3372187982-3724979742-501 - sids : S-1-5-21-3793881525-3372187982-3724979742-514 - sids : S-1-22-2-65534 - sids : S-1-22-2-65533 + num_sids : 0x00000009 (9) + sids: ARRAY(9) + sids : S-1-5-7 sids : S-1-1-0 sids : S-1-5-2 - sids : S-1-5-32-546 sids : S-1-22-1-65533 + sids : S-1-22-2-65534 + sids : S-1-22-2-100004 sids : S-1-22-2-100002 sids : S-1-22-2-100003 + sids : S-1-22-2-65533 privilege_mask : 0x0000000000000000 (0) ... unix_token : * unix_token: struct security_unix_token uid : 0x000000000000fffd (65533) gid : 0x000000000000fffe (65534) - ngroups : 0x00000004 (4) - groups: ARRAY(4) + ngroups : 0x00000005 (5) + groups: ARRAY(5) groups : 0x000000000000fffe (65534) - groups : 0x000000000000fffd (65533) + groups : 0x00000000000186a4 (100004) groups : 0x00000000000186a2 (100002) groups : 0x00000000000186a3 (100003) + groups : 0x000000000000fffd (65533) info: struct auth_user_info account_name : * - account_name : 'nobody' + account_name : 'ANONYMOUS LOGON' user_principal_name : NULL user_principal_constructed: 0x00 (0) domain_name : * - domain_name : 'SAMBA-TEST' + domain_name : 'NT AUTHORITY' dns_domain_name : NULL - full_name : NULL - logon_script : NULL - profile_path : NULL - home_directory : NULL - home_drive : NULL - logon_server : NULL + full_name : * + full_name : 'Anonymous Logon' + logon_script : * + logon_script : '' + profile_path : * + profile_path : '' + home_directory : * + home_directory : '' + home_drive : * + home_drive : '' + logon_server : * + logon_server : 'LOCALNT4DC2' last_logon : NTTIME(0) last_logoff : NTTIME(0) acct_expiry : NTTIME(0) last_password_change : NTTIME(0) allow_password_change : NTTIME(0) force_password_change : NTTIME(0) logon_count : 0x0000 (0) bad_password_count : 0x0000 (0) - acct_flags : 0x00000000 (0) + acct_flags : 0x00000010 (16) authenticated : 0x00 (0) security_token: struct security_token num_sids : 0x00000006 (6) sids: ARRAY(6) + sids : S-1-5-7 + sids : S-1-1-0 + sids : S-1-5-2 sids : S-1-22-1-65533 sids : S-1-22-2-65534 sids : S-1-22-2-65533 - sids : S-1-1-0 - sids : S-1-5-2 - sids : S-1-5-32-546 privilege_mask : 0x0000000000000000 (0) BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (similar to commit 6afb6b67a198c88ab8fa3fee931729c43605716d)
* s3:auth: pass the whole auth_session_info from ↵Stefan Metzmacher2018-03-202-33/+23
| | | | | | | | | | | | copy_session_info_serverinfo_guest() to create_local_token() We only need to adjust sanitized_username in order to keep the same behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit a2a289d0446fedb4ea40834b5b5b190fdca30906)
* s3:auth: base make_new_session_info_system() on auth_system_user_info_dc() ↵Stefan Metzmacher2018-03-201-80/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and auth3_create_session_info() The changes in the resulting token look like this: unix_token : * unix_token: struct security_unix_token uid : 0x0000000000000000 (0) gid : 0x0000000000000000 (0) - ngroups : 0x00000000 (0) - groups: ARRAY(0) + ngroups : 0x00000001 (1) + groups: ARRAY(1) + groups : 0x0000000000000000 (0) ... domain_name : * domain_name : 'NT AUTHORITY' dns_domain_name : NULL - full_name : NULL - logon_script : NULL - profile_path : NULL - home_directory : NULL - home_drive : NULL - logon_server : NULL + full_name : * + full_name : 'System' + logon_script : * + logon_script : '' + profile_path : * + profile_path : '' + home_directory : * + home_directory : '' + home_drive : * + home_drive : '' + logon_server : * + logon_server : 'SLOWSERVER' last_logon : NTTIME(0) last_logoff : NTTIME(0) acct_expiry : NTTIME(0) last_password_change : NTTIME(0) allow_password_change : NTTIME(0) force_password_change : NTTIME(0) logon_count : 0x0000 (0) bad_password_count : 0x0000 (0) - acct_flags : 0x00000000 (0) + acct_flags : 0x00000010 (16) authenticated : 0x01 (1) unix_info : * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit e8402ec0486ced6ac2adb640c61a9e5abc77d4e4)
* s3:auth: add auth3_user_info_dc_add_hints() and auth3_session_info_create()Stefan Metzmacher2018-03-202-0/+584
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These functions make it possible to construct a full auth_session_info from the information available from an auth_user_info_dc structure. This has all the logic from create_local_token() that is used to transform a auth_serversupplied_info to a full auth_session_info. In order to workarround the restriction that auth_user_info_dc doesn't contain hints for the unix token/name, we use the special S-1-5-88 (Unix_NFS) sids: - S-1-5-88-1-Y gives the uid=Y - S-1-5-88-2-Y gives the gid=Y - S-1-5-88-3-Y gives flags=Y AUTH3_UNIX_HINT_* The currently implemented flags are: - AUTH3_UNIX_HINT_QUALIFIED_NAME unix_name = DOMAIN+ACCOUNT - AUTH3_UNIX_HINT_ISLOLATED_NAME unix_name = ACCOUNT - AUTH3_UNIX_HINT_DONT_TRANSLATE_FROM_SIDS Don't translate the nt token SIDS into uid/gids using sid mapping. - AUTH3_UNIX_HINT_DONT_TRANSLATE_TO_SIDS Don't translate the unix token uid/gids to S-1-22-X-Y SIDS - AUTH3_UNIX_HINT_DONT_EXPAND_UNIX_GROUPS The unix token won't get expanded gid values from getgroups_unix_user() By using the hints it is possible to keep the current logic where an authentication backend provides uid/gid values and the unix name. Note the S-1-5-88-* SIDS never appear in the final security_token. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit af4bc135e486e17164da0ea918281fbf689892c3)
* auth: add auth_user_info_copy() functionStefan Metzmacher2018-03-202-0/+38
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 6ff891195855403bc485725aef8d43d4e3cabacb)
* s3:auth: remove static from finalize_local_nt_token()Stefan Metzmacher2018-03-202-4/+4
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 7f47f9e1f220d2dd547cf77bbc292357a2173870)
* s3:auth: pass AUTH_SESSION_INFO_* flags to finalize_local_nt_token()Stefan Metzmacher2018-03-201-19/+39
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit d3aae5ba65c7ed0d5e9f8389101cf1c8c1f0a25b)
* s3:auth: don't try to expand system or anonymous tokens in ↵Stefan Metzmacher2018-03-201-0/+24
| | | | | | | | | | finalize_local_nt_token() BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 4f81ef9353ad76390aa910c8c17456fec21916c6)
* s3:auth: add add_builtin_guests() handling to finalize_local_nt_token()Stefan Metzmacher2018-03-201-8/+114
| | | | | | | | | | | | | | | | We should add Builtin_Guests depending on the current token not based on 'is_guest'. Even authenticated users can be member a guest related group and therefore get Builtin_Guests. Sadly we still need to use 'is_guest' within create_local_nt_token() as we only have S-1-22-* SIDs there and still need to add Builtin_Guests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit e8dc55d2b969b670322a913799d1af459a1000e7)
* s3:auth: only call secrets_fetch_domain_sid() once in finalize_local_nt_token()Stefan Metzmacher2018-03-201-16/+19
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit c2ffbf9f764a94ef1dc1280741884cf63a017308)
* s3:passdb: handle dom_sid=NULL in create_builtin_{users,administrators}()Stefan Metzmacher2018-03-201-4/+6
| | | | | | | | | | We should not crash if we're called with NULL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit efdc617c76d9043286e33b961f45ad4564232102)
* s3:auth: move add_local_groups() out of finalize_local_nt_token()Stefan Metzmacher2018-03-201-7/+15
| | | | | | | | | | | finalize_local_nt_token() will be used in another place, were we don't want to add local groups in a following commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit df3d278853ec097df27c221369dfb3ed0297d6c8)
* s3:auth: add the "Unix Groups" sid for the primary gidStefan Metzmacher2018-03-201-0/+4
| | | | | | | | | | The primary gid might not be in the gid array. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit f3ca3e71cc35876df47e31ec9c3643308add2405)
* s3:auth: remove unused auth_serversupplied_info->systemStefan Metzmacher2018-03-202-2/+0
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 28ad1306b880a44824ee956a19656ac29581a1b9)
* libcli/security: only announce a session as GUEST if 'Builtin\Guests' is ↵Ralph Boehme2018-03-201-7/+11
| | | | | | | | | | there without 'Authenticated User' BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit f564847c8e9d31fe07dd3cbf435986b36f097fa3)
* s3:selftest: run SMB2-ANONYMOUSStefan Metzmacher2018-03-202-0/+2
| | | | | | | | | | This fails against a non AD DC smbd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit bf707a1eba39e996bb19457b63ddb658cc4183c2)
* s3:torture: add SMB2-ANONYMOUS which asserts no GUEST bit for anonymousStefan Metzmacher2018-03-203-0/+44
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 82d8aa3b9cb15512d29a97b5a7e55ea1a052734f)
* VERSION: Bump version up to 4.8.1...Karolin Seeger2018-03-131-2/+2
| | | | | | and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger <kseeger@samba.org>
* VERSION: Bump version up to 4.8.0...samba-4.8.0Karolin Seeger2018-03-131-2/+2
| | | | | | and disable GIT_SNAPSHOT for the 4.8.0 release. Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 4.8.0.Karolin Seeger2018-03-131-10/+30
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs.Jeremy Allison2018-03-131-0/+13
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11343 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(v4-8-test): Stefan Metzmacher <metze@samba.org> Autobuild-Date(v4-8-test): Tue Mar 13 15:58:25 CET 2018 on sn-devel-144
View Lorry Controller Status