summaryrefslogtreecommitdiff
path: root/source3
Commit message (Collapse)AuthorAgeFilesLines
* vfs:glusterfs_fuse: ensure fileids are constant across nodesMichael Adam2019-08-261-1/+192
| | | | | | | | | | | | | | | | Instead of adding a new gluster-specific mode to the fileid module, this patches provides a fileid algorithm as part of the glusterfs_fuse vfs module. This can not be configured further, simply adding the glusterfs_fuse vfs module to the vfs objects configuration will enable the new fileid mode. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13972 Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Sat Jul 13 22:54:56 UTC 2019 on sn-devel-184
* lookup_name: allow own domain lookup when flags == 0Alexander Bokovoy2019-08-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In 2007, we've added support for multiple lookup levels for LSA LookupNames family of calls. However, forest-wide lookups, as described in MS-LSAT 2.2.16, never worked because flags passed to lookup_name() were always set to zero, expecting at least default lookup on a DC to apply. lookup_name() was instead treating zero flags as 'skip all checks'. Allow at least own domain lookup in case domain name is the same. This should allow FreeIPA DC to respond to LSA LookupNames3 calls from a trusted AD DC side. For the reference, below is a request Windows Server 2016 domain controller sends to FreeIPA domain controller when attempting to look up a user from a trusted forest root domain that attemps to login to the domain controller. Notice the level in the lsa_LookupNames3 call and resulting flags in lookup_name(). [2019/08/03 07:14:24.156065, 1, pid=23639, effective(967001000, 967001000), real(967001000, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:471(ndr_print_function_debug) lsa_LookupNames3: struct lsa_LookupNames3 in: struct lsa_LookupNames3 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000004c-0000-0000-455d-3018575c0000 num_names : 0x00000001 (1) names: ARRAY(1) names: struct lsa_String length : 0x000a (10) size : 0x000c (12) string : * string : 'XS\ab' sids : * sids: struct lsa_TransSidArray3 count : 0x00000000 (0) sids : NULL level : LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 (6) count : * count : 0x00000000 (0) lookup_options : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0) client_revision : LSA_CLIENT_REVISION_2 (2) [2019/08/03 07:14:24.156189, 6, pid=23639, effective(967001000, 967001000), real(967001000, 0), class=rpc_srv] ../../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 45 5D 30 18 ....L... ....E]0. [0010] 57 5C 00 00 W\.. [2019/08/03 07:14:24.156228, 4, pid=23639, effective(967001000, 967001000), real(967001000, 0)] ../../source3/smbd/sec_ctx.c:215(push_sec_ctx) push_sec_ctx(967001000, 967001000) : sec_ctx_stack_ndx = 2 [2019/08/03 07:14:24.156246, 4, pid=23639, effective(967001000, 967001000), real(967001000, 0)] ../../source3/smbd/uid.c:552(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2019/08/03 07:14:24.156259, 4, pid=23639, effective(967001000, 967001000), real(967001000, 0)] ../../source3/smbd/sec_ctx.c:319(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2019/08/03 07:14:24.156273, 5, pid=23639, effective(967001000, 967001000), real(967001000, 0)] ../../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2019/08/03 07:14:24.156285, 5, pid=23639, effective(967001000, 967001000), real(967001000, 0)] ../../source3/auth/token_util.c:865(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2019/08/03 07:14:24.156311, 5, pid=23639, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/lsa/srv_lsa_nt.c:244(lookup_lsa_sids) lookup_lsa_sids: looking up name XS\ab [2019/08/03 07:14:24.156327, 10, pid=23639, effective(0, 0), real(0, 0)] ../../source3/passdb/lookup_sid.c:112(lookup_name) lookup_name: XS\ab => domain=[XS], name=[ab] [2019/08/03 07:14:24.156340, 10, pid=23639, effective(0, 0), real(0, 0)] ../../source3/passdb/lookup_sid.c:114(lookup_name) lookup_name: flags = 0x00 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14091 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 685bb03de6ab733590831d1df4f5fd60d2ac427d)
* Revert "s3:messages: protect against usage of wrapper tevent_context objects ↵Ralph Boehme2019-08-085-69/+0
| | | | | | | | | | | | | | | | | | | | | | for messaging" This reverts commit 7f2afc20e1b6397c364a98d1be006377c95e4665. See the discussion in https://lists.samba.org/archive/samba-technical/2018-December/131731.html for the reasoning behind this revert. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14033 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 2a62a98f5c7107f2f83c0bfc2892243d83e2c88a) Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-9-test): Thu Aug 8 11:20:26 UTC 2019 on sn-devel-144
* Revert "s3:messages: allow messaging_{dgm,ctdb}_register_tevent_context() to ↵Ralph Boehme2019-08-082-58/+18
| | | | | | | | | | | | | | | | | | | use wrapper tevent_context" This reverts commit 660cf86639753edaa7a7a21a5b5ae207ae7d4260. See the discussion in https://lists.samba.org/archive/samba-technical/2018-December/131731.html for the reasoning behind this revert. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14033 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 1c3676f3aa9c1564eb140a24ced5ee72b859b87f)
* Revert "s3:messages: allow messaging_dgm_ref() to use wrapper tevent_context"Ralph Boehme2019-08-081-12/+12
| | | | | | | | | | | | | | | | | This reverts commit 9dc332060cf5f249ea887dbc60ec7a39b6f91120. See the discussion in https://lists.samba.org/archive/samba-technical/2018-December/131731.html for the reasoning behind this revert. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14033 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 26107832cd9d200fb171ef1f991d7ef5478cac18)
* Revert "s3:messages: allow messaging_filtered_read_send() to use wrapper ↵Ralph Boehme2019-08-081-11/+5
| | | | | | | | | | | | | | | | | | | tevent_context" This reverts commit 2b05f1098187e00166649c8ea7c63e6901b9d242. See the discussion in https://lists.samba.org/archive/samba-technical/2018-December/131731.html for the reasoning behind this revert. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14033 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit e2a5272ac6831b407a0c51bb8615252ec68be6a8)
* vfs_catia: pass stat info to synthetic_smb_fname()Ralph Boehme2019-08-081-21/+21
| | | | | | | | | | | | | | This doesn't cause visible damage in vanilla Samba, but would affect downstream consumers that add additional fields to struct smb_filename. For the same reason there's no test. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14015 RN: Ensure vfs_catia passes stat info to stacked VFS modules Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit ae6dd4853e3e651f6e56ce735bcb0a2264857385)
* vfs:glusterfs_fuse: treat ENOATTR as ENOENTMichael Adam2019-07-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The original implementation of the virtual xattr get_real_filename in gluster was misusing the ENOENT errno as the authoritative anwer that the file/dir that we were asking the real filename for does not exist. But since the getxattr call is done on the parent directory, this is a violation of the getxattr API which uses ENOENT for the case that the file/dir that the getxattr call is done against does not exist. Now after a recent regression for fuse-mount re-exports due to gluster mapping ENOENT to ESTALE in the fuse-bridge, the gluster implementation is changed to more correctly return ENOATTR if the requested file does not exist. This patch changes the glusterfs_fuse vfs module to treat ENOATTR as ENOENT to be fully functional again with latest gluster. - Without this patch, samba against a new gluster will work correctly, but the get_real_filename optimization for a non-existing entry is lost. - With this patch, Samba will not work correctly any more against very old gluster servers: Those (correctly) returned ENOATTR always, which Samba originally interpreted as EOPNOTSUPP, triggering the expensive directory scan. With this patch, ENOATTR is interpreted as ENOENT, the authoritative answer that the requested entry does not exist, which is wrong unless it really does not exist. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14010 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Jun 28 12:52:03 UTC 2019 on sn-devel-184 (cherry picked from commit fee8cf326bfe240d3a8720569eab43f474349aff)
* vfs:glusterfs: treat ENOATTR as ENOENTMichael Adam2019-07-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The original implementation of the virtual xattr get_real_filename in gluster was misusing the ENOENT errno as the authoritative anwer that the file/dir that we were asking the real filename for does not exist. But since the getxattr call is done on the parent directory, this is a violation of the getxattr API which uses ENOENT for the case that the file/dir that the getxattr call is done against does not exist. Now after a recent regression for fuse-mount re-exports due to gluster mapping ENOENT to ESTALE in the fuse-bridge, the gluster implementation is changed to more correctly return ENOATTR if the requested file does not exist. This patch changes the glusterfs vfs module to treat ENOATTR as ENOENT to be fully functional again with latest gluster. - Without this patch, samba against a new gluster will work correctly, but the get_real_filename optimization for a non-existing entry is lost. - With this patch, Samba will not work correctly any more against very old gluster servers: Those (correctly) returned ENOATTR always, which Samba originally interpreted as EOPNOTSUPP, triggering the expensive directory scan. With this patch, ENOATTR is interpreted as ENOENT, the authoritative answer that the requested entry does not exist, which is wrong unless it really does not exist. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14010 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 8899eb21d48b7077328ae560490f9fb9715a6b83)
* s3:rpc_server:netlogon: simplify AUTH_TYPE_SCHANNEL check in ↵Stefan Metzmacher2019-07-081-35/+4
| | | | | | | | | | | | | netr_creds_server_step_check() The gensec schannel module already asserts that at least AUTH_LEVEL_INTEGRITY is used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 0b6e37c9e801435e094194dd60d9213b4868c3de)
* s3:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in ↵Stefan Metzmacher2019-07-081-12/+1
| | | | | | | | | | | | | | | | | netr_ServerAuthenticate*() The domain join with VMWare Horizon Quickprep seems to use netr_ServerAuthenticate3() with just the NEG_STRONG_KEYS (and in addition the NEG_SUPPORTS_AES) just to verify a password. Note: NETLOGON_NEG_SCHANNEL is an alias to NEG_AUTHENTICATED_RPC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13464 (maybe) BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit fa5215ce5b93fb032df341e718d7011e619f0916)
* s3:mdssvc: fix flex compilation errorRalph Boehme2019-06-211-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | [4440/4495] Compiling bin/default/source3/rpc_server/mdssvc/sparql_lexer.lex.c ../../source3/rpc_server/mdssvc/sparql_lexer.l:26: error: "yyalloc" redefined [-Werror] 26 | #define yyalloc SMB_MALLOC Looks like the dirty redefine trick doesn't work anymore with newer flex versions. According to the flex manual the right thing to do is to provide own functions for yyalloc and yyrealloc when passing the options "noyyalloc noyyrealloc". BUG: https://bugzilla.samba.org/show_bug.cgi?id=13987 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue May 28 11:49:06 UTC 2019 on sn-devel-184 (cherry picked from commit 9053391f86a529e0a7dbcd23fa3a555d85c2207c) Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-9-test): Fri Jun 21 11:49:59 UTC 2019 on sn-devel-144
* vfs_fruit: remove a now unnecessary includeRalph Boehme2019-06-211-1/+0
| | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu May 30 22:12:50 UTC 2019 on sn-devel-184 (cherry picked from commit 9a2c9834cb1b77547b8b932c35870301afb9fc25)
* vfs_fruit: use VFS functions in ad_read_rsrc_adouble()Ralph Boehme2019-06-211-7/+6
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 9fe84a6345bf5d9fdb1df87a853db3380e6fb0f7)
* vfs_fruit: use fsp and remove syscalls from ad_convert_blank_rfork()Ralph Boehme2019-06-211-24/+12
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 70c4a8f0ac307009c26e857523192c95b42a92f5)
* vfs_fruit: use VFS function in ad_convert_truncate()Ralph Boehme2019-06-211-6/+4
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 3739ad90cf2bbaa2094a34197c894363d2e24a5a)
* vfs_fruit: add VFS handle to ad_convert_truncate()Ralph Boehme2019-06-211-2/+3
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 4e44b1da9357120f0ad74e24c650bc6386085c47)
* vfs_fruit: use fsp and remove mmap in ad_convert_xattr()Ralph Boehme2019-06-211-24/+5
| | | | | | | | | | No need to mmap() anyway, the xattr data is already available in ad->ad_data. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 4ff7ea0e0312c737aefd350f7b8fbed4c8602325)
* vfs_fruit: remove use of mmap() from ad_convert_move_reso()Ralph Boehme2019-06-211-23/+33
| | | | | | | | | | | We now have an fsp that we can use, so we can get rid of mmap() and sys_pread()/sys_pwrite(). Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 0041855af0b05d6c47558880d6eebd1970179272)
* vfs_fruit: convert ad_open_rsrc() to open a proper fsp with ↵Ralph Boehme2019-06-211-26/+77
| | | | | | | | | | | | | | SMB_VFS_CREATE_FILE() A first step in converting all raw syscalls to use proper VFS functions. All existing users of the raw system filedescriptor continue to use the fd from fsp->fh for now. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 29418c726be74feb1d8c3ac9f7b8c983901a2aab)
* vfs_fruit: only do cross protocol locking on non-internal opensRalph Boehme2019-06-211-1/+3
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit f5f7d1e9bf7e39933ccf7c874e682f9df80a6fec)
* vfs_fruit: remove a layer of indirectionRalph Boehme2019-06-211-11/+4
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 97d485ff2cda85edeba163ea01b6abfa705db20f)
* vfs_fruit: pass VFS handle to ad_convert_move_reso()Ralph Boehme2019-06-211-2/+3
| | | | | | | | | | Not used for now, that comes next. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 3919ea048fe3b763657e14cdfb5920184a900d27)
* vfs_fruit: remove xattr code from the AppleDouble subsystemRalph Boehme2019-06-211-27/+8
| | | | | | | | | | | | The subsystem consumers have been reworked in the previous commits, so this is not used anymore. ad_init() doesn't need a handle argument anymore due to this, remove it as well. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit e3cb1cb24f2a31d7fd03f3bdf417f4704fb4ac7c)
* vfs_fruit: remove now unused AppleDouble code for resource fork in xattrRalph Boehme2019-06-211-67/+3
| | | | | | | | | | | | | This was only needed to get the resourcefork size via the ad_* AppleDouble function. This is now done with a fstat on the low level xattr fd (remember, this is Solaris only code...), so we can remove the xattr special casing from the AppleDouble functions. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit cb9dffa1c66294b6eed85e7576aa99c642d0b541)
* vfs_fruit: use stream code for resource fork size calculation in ↵Ralph Boehme2019-06-211-1/+1
| | | | | | | | | | | | | readdir_attr_rfork_size() This works as well, using an fstat() on the filehandle to get the size. This is tested by the torture test "vfs.fruit.SMB2/CREATE context AAPL". Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit a23bcc1916a49bf3e0edece190e5434e39862d2c)
* vfs_fruit: use correct case FRUIT_RSRC_STREAM in readdir_attr_rfork_size()Ralph Boehme2019-06-211-1/+1
| | | | | | | | | | | | | | | | | | | | | This is a genuine bug, but luckily this would only impact configs which nobody uses: fruit:metadata = netatalk fruit:resource = stream With the above configuration the switch in readdir_attr_rfork_size() would hit the default case and so always report resource forks as 0 bytes in size. All deployment that I've seen that use fruit:resource=stream also use fruit:metadata=stream, so the switch takes FRUIT_META_STREAM case which runs the correct code readdir_attr_rfork_size_stream(). Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 83179a74119de84d20f796c241aae6bccb83a68b)
* vfs_fruit: ignore AppleDouble files in fruit_unlink()Ralph Boehme2019-06-211-0/+2
| | | | | | | | | | | | Otherwise, if SMB_VFS_UNLINK() is called for an AppleDouble path "._file", we try to delete "._._file" which doesn't make sense. AppleDouble files don't have AppleDouble themselves. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 797dc649456f39add4af8b54b60db0268ad4e90e)
* vfs_fruit: add a missing elseRalph Boehme2019-06-211-1/+1
| | | | | | | | | | | Luckily the missing else has the same control flow due to the previous if and else blocks calling return. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 44d8568001c87d28962dfc4e3fde6d0f7f409997)
* vfs_fruit: add and use is_adouble_file()Ralph Boehme2019-06-211-5/+22
| | | | | | | | | | | This adds a helper function that checks whether the last component of a path is an AppleDouble sidecar file with "._" name prefix. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit ad70c947c759aa0965ee57f973fb8dc1909e0e39)
* vfs_fruit: finally, remove ad_handle from struct adoubleRalph Boehme2019-06-211-2/+0
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit e266daaed149561b746dbb8d5e9523862f0057b5)
* vfs_fruit: pass handle to ad_convert_delete_adfile()Ralph Boehme2019-06-211-4/+5
| | | | | | | | | | On the course of removing ad_handle from struct adouble, step 10. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 5f4d16b40e07acf8d27fee62f1a56de175663a1d)
* vfs_fruit: pass handle to ad_convert_finderinfo()Ralph Boehme2019-06-211-3/+4
| | | | | | | | | | On the course of removing ad_handle from struct adouble, step 9. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 50874c1548d62ab0ddaaa6dd4124279ee5029fcf)
* vfs_fruit: pass handle to ad_convert_blank_rfork()Ralph Boehme2019-06-211-3/+4
| | | | | | | | | | On the course of removing ad_handle from struct adouble, step 8. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit adc7ac38b849b4dce4a85fd6442c8d4b9da57686)
* vfs_fruit: pass handle to ad_convert_xattr()Ralph Boehme2019-06-211-4/+5
| | | | | | | | | | On the course of removing ad_handle from struct adouble, step 7. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit fd2f4cf828ee4c31e3b5a27a79d3a0ee12a5877a)
* vfs_fruit: indentation fixRalph Boehme2019-06-211-2/+2
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 400b3c2f8c82b1defe1e321e0cdae486b930344f)
* vfs_fruit: pass handle to ad_read_rsrc() and all the way downRalph Boehme2019-06-211-9/+12
| | | | | | | | | | On the course of removing ad_handle from struct adouble, step 5. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 661dfa4a19673fdb30d5bf36279cdf867454b947)
* vfs_fruit: use proper VFS function in ad_read_meta()Ralph Boehme2019-06-211-1/+3
| | | | | | | | | | | Continuing to ignore a possible error for now, this is in an error codepath anyway. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 30ca328c698c2e035e240359bda7c9dcbeb646df)
* vfs_fruit: indentation fixRalph Boehme2019-06-211-1/+1
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 47721d8d359ef78b8dd4f77f92c30c2caf2c4a80)
* vfs_fruit: pass handle to ad_read_meta()Ralph Boehme2019-06-211-3/+4
| | | | | | | | | | On the course of removing ad_handle from struct adouble, step 4. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit f8df09157f31b53dbe73eaf4349fc071bfcc1b90)
* vfs_fruit: pass handle to ad_read()Ralph Boehme2019-06-211-2/+4
| | | | | | | | | | On the course of removing ad_handle from struct adouble, step 3. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit d0abf945e683766029d28915541a4baf9f3879ab)
* vfs_fruit: pass handle to ad_set()Ralph Boehme2019-06-211-4/+8
| | | | | | | | | | On the course of removing ad_handle from struct adouble, step 2. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit c78ba30ac4534b7037b979ac96b77b834b2eb2fe)
* vfs_fruit: pass handle to ad_fset()Ralph Boehme2019-06-211-8/+12
| | | | | | | | | | On the course of removing ad_handle from struct adouble, step 1. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 585d4d49770b4ddc3f7d9dcbb3e322f072767781)
* s3:auth: explicitly add BUILTIN\Guests to the guest tokenRalph Boehme2019-06-211-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | This changes ensures that smbd always adds BUILTIN\Guests to the guest token which is required for guest authentication. Currently the guest token depends on the on-disk configured group mappings. If there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not a member, the final guest token won't contain BUILTIN\Guests. For SMB2 the flag SMB2_SESSION_FLAG_IS_GUEST will not be set in the final SMB2 SESSION_SETUP response, because smbd sets it based on the token containing the BUILTIN\Guests SID S-1-5-32-546. At the same time, the packet is not signed which causes Windows clients and smbclient to reject the unsigned SMB2 SESSION_SETUP response. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944 Pair-programmed-with: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 5 16:55:26 UTC 2019 on sn-devel-184 (cherry picked from commit a66af4c96accba4ee64eeb1958458b69f3ccec1d)
* tests: add a test for guest authenticationRalph Boehme2019-06-212-0/+108
| | | | | | | | | | | | | | | This verifies that smbd always adds BUILTIN\Guests to the guest token which is required for guest authentication. Currently the guest token depends on the on-disk configured group mappings. If there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not a member, the final guest token won't contain BUILTIN\Guests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 0e88f98855e24cfddb55bef65c5910b8e662c630)
* s3:smbd: call reinit_guest_session_info() in the conf updated handlerRalph Boehme2019-06-211-0/+6
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit f4e340a48b6f059a1daa66deb9c26da9e8fcd5e7)
* s3:auth: add reinit_guest_session_info()Ralph Boehme2019-06-212-0/+12
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 8096cc7eb2b36b074ff17a52dc3540be4ecff6bb)
* s3/vfs_glusterfs_fuse: Avoid using NAME_MAX directlyGünther Deschner2019-06-211-5/+7
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872 Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Tue Jun 11 00:29:19 UTC 2019 on sn-devel-184
* s3/vfs_glusterfs: Avoid using NAME_MAX directlyGünther Deschner2019-06-211-5/+7
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872 Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* Revert "s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX"Günther Deschner2019-06-211-26/+6
| | | | | | | This reverts commit e28d172b00cadf492c22bd892e2dda3bf2fe2d70. Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
View Lorry Controller Status