Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • lts-team/packages/samba
  • thctlo/samba-lintianfix
  • arnaudr/samba
  • jrwren/samba
  • paride/samba
  • athos/samba
  • henrich/samba
  • cnotin/samba
  • mimi89999/samba
  • samba-team/samba
  • ahasenack/samba
  • jrtc27/samba
  • noel/samba
13 results
Show changes
Commits on Source (21)
Showing
with 168 additions and 87 deletions
......@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
SAMBA_VERSION_RC_RELEASE=1
SAMBA_VERSION_RC_RELEASE=2
########################################################
# To mark SVN snapshots this should be set to 'yes' #
......
Release Announcements
=====================
This is the first release candidate of Samba 4.19. This is *not*
This is the second release candidate of Samba 4.19. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
......@@ -235,6 +235,27 @@ smb.conf changes
directory name cache size Removed
CHANGES SINCE 4.19.0rc1
=======================
o Andrew Bartlett <abartlet@samba.org>
* BUG 9959: Windows client join fails if a second container CN=System exists
somewhere.
o Noel Power <noel.power@suse.com>
* BUG 15435: regression DFS not working with widelinks = true.
o Arvid Requate <requate@univention.de>
* BUG 9959: Windows client join fails if a second container CN=System exists
somewhere.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15443: Heimdal fails to build on 32-bit FreeBSD.
o Jones Syue <jonessyue@qnap.com>
* BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
KNOWN ISSUES
============
......
......@@ -3034,6 +3034,11 @@ sub provision($$)
msdfs root = yes
msdfs shuffle referrals = yes
guest ok = yes
[msdfs-share-wl]
path = $msdfs_shrdir
msdfs root = yes
wide links = yes
guest ok = yes
[msdfs-share2]
path = $msdfs_shrdir2
msdfs root = yes
......
......@@ -475,7 +475,8 @@ static int aio_pthread_openat_fn(vfs_handle_struct *handle,
aio_allow_open = false;
}
if (fsp->conn->sconn->client->server_multi_channel_enabled) {
if (fsp->conn->sconn->client != NULL &&
fsp->conn->sconn->client->server_multi_channel_enabled) {
/*
* This module is not compatible with multi channel yet.
*/
......
......@@ -106,6 +106,7 @@
struct widelinks_config {
bool active;
bool is_dfs_share;
char *cwd;
};
......@@ -134,7 +135,8 @@ static int widelinks_connect(struct vfs_handle_struct *handle,
DBG_ERR("vfs_widelinks module loaded with "
"widelinks = no\n");
}
config->is_dfs_share =
(lp_host_msdfs() && lp_msdfs_root(SNUM(handle->conn)));
SMB_VFS_HANDLE_SET_DATA(handle,
config,
NULL, /* free_fn */
......@@ -346,7 +348,7 @@ static int widelinks_openat(vfs_handle_struct *handle,
{
struct vfs_open_how how = *_how;
struct widelinks_config *config = NULL;
int ret;
SMB_VFS_HANDLE_GET_DATA(handle,
config,
struct widelinks_config,
......@@ -363,11 +365,33 @@ static int widelinks_openat(vfs_handle_struct *handle,
how.flags = (how.flags & ~O_NOFOLLOW);
}
return SMB_VFS_NEXT_OPENAT(handle,
ret = SMB_VFS_NEXT_OPENAT(handle,
dirfsp,
smb_fname,
fsp,
&how);
if (config->is_dfs_share && ret == -1 && errno == ENOENT) {
struct smb_filename *full_fname = NULL;
int lstat_ret;
full_fname = full_path_from_dirfsp_atname(talloc_tos(),
dirfsp,
smb_fname);
if (full_fname == NULL) {
errno = ENOMEM;
return -1;
}
lstat_ret = SMB_VFS_NEXT_LSTAT(handle,
full_fname);
if (lstat_ret != -1 &&
VALID_STAT(full_fname->st) &&
S_ISLNK(full_fname->st.st_ex_mode)) {
fsp->fsp_name->st = full_fname->st;
}
TALLOC_FREE(full_fname);
errno = ENOENT;
}
return ret;
}
static struct vfs_fn_pointers vfs_widelinks_fns = {
......
......@@ -3317,9 +3317,13 @@ static NTSTATUS pdb_samba_dsdb_set_trusted_domain(struct pdb_methods *methods,
goto out;
}
msg->dn = ldb_dn_copy(tmp_ctx, base_dn);
msg->dn = samdb_system_container_dn(state->ldb, tmp_ctx);
if (msg->dn == NULL) {
status = NT_STATUS_NO_MEMORY;
goto out;
}
ok = ldb_dn_add_child_fmt(msg->dn, "cn=%s,cn=System", td->domain_name);
ok = ldb_dn_add_child_fmt(msg->dn, "cn=%s", td->domain_name);
if (!ok) {
status = NT_STATUS_NO_MEMORY;
goto out;
......@@ -3544,13 +3548,13 @@ static NTSTATUS pdb_samba_dsdb_del_trusted_domain(struct pdb_methods *methods,
return NT_STATUS_OK;
}
tdo_dn = ldb_dn_copy(tmp_ctx, ldb_get_default_basedn(state->ldb));
tdo_dn = samdb_system_container_dn(state->ldb, tmp_ctx);
if (tdo_dn == NULL) {
status = NT_STATUS_NO_MEMORY;
goto out;
}
ok = ldb_dn_add_child_fmt(tdo_dn, "cn=%s,cn=System", domain);
ok = ldb_dn_add_child_fmt(tdo_dn, "cn=%s", domain);
if (!ok) {
TALLOC_FREE(tmp_ctx);
status = NT_STATUS_NO_MEMORY;
......
#!/bin/sh
# regression test for dfs access with wide links enabled on dfs share
if [ $# -lt 5 ]; then
cat <<EOF
Usage: test_smbclient_basic.sh SERVER SERVER_IP DOMAIN USERNAME PASSWORD SMBCLIENT <smbclient arguments>
EOF
exit 1
fi
SERVER="$1"
SERVER_IP="$2"
USERNAME="$3"
PASSWORD="$4"
smbclient="$5"
CONFIGURATION="$6"
shift 6
ADDARGS="$@"
incdir=$(dirname $0)/../../../testprogs/blackbox
. $incdir/subunit.sh
. $incdir/common_test_fns.inc
# TEST
test_smbclient "smbclient as $DOMAIN\\$USERNAME" 'ls' "//$SERVER/msdfs-share-wl" -U$DOMAIN\\$USERNAME%$PASSWORD $ADDARGS -c 'cd msdfs-src1' || failed=$(expr $failed + 1)
exit $failed
......@@ -1725,6 +1725,16 @@ if have_cluster_support:
"$SERVERCONFFILE",
"$SERVER_IP"])
plantestsuite("samba3.blackbox.smbclient-bug15435",
"fileserver",
[os.path.join(samba3srcdir, "script/tests/test_bug15435_widelink_dfs.sh"),
"$SERVER",
"$SERVER_IP",
"$USERNAME",
"$PASSWORD",
smbclient3,
configuration])
plantestsuite(
"samba3.net_lookup_ldap",
"ad_dc:local",
......
......@@ -1276,6 +1276,25 @@ struct ldb_dn *samdb_infrastructure_dn(struct ldb_context *sam_ctx, TALLOC_CTX *
return new_dn;
}
struct ldb_dn *samdb_system_container_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx)
{
struct ldb_dn *new_dn = NULL;
bool ok;
new_dn = ldb_dn_copy(mem_ctx, ldb_get_default_basedn(sam_ctx));
if (new_dn == NULL) {
return NULL;
}
ok = ldb_dn_add_child_fmt(new_dn, "CN=System");
if (!ok) {
TALLOC_FREE(new_dn);
return NULL;
}
return new_dn;
}
struct ldb_dn *samdb_sites_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx)
{
struct ldb_dn *new_dn;
......
......@@ -2459,17 +2459,12 @@ NTSTATUS dsdb_trust_search_tdo(struct ldb_context *sam_ctx,
return NT_STATUS_INVALID_PARAMETER_MIX;
}
system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx));
system_dn = samdb_system_container_dn(sam_ctx, frame);
if (system_dn == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
if (netbios != NULL) {
netbios_encoded = ldb_binary_encode_string(frame, netbios);
if (netbios_encoded == NULL) {
......@@ -2617,17 +2612,12 @@ NTSTATUS dsdb_trust_search_tdo_by_sid(struct ldb_context *sam_ctx,
return NT_STATUS_NO_MEMORY;
}
system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx));
system_dn = samdb_system_container_dn(sam_ctx, frame);
if (system_dn == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
filter = talloc_asprintf(frame,
"(&"
"(objectClass=trustedDomain)"
......@@ -2794,17 +2784,12 @@ NTSTATUS dsdb_trust_search_tdos(struct ldb_context *sam_ctx,
*res = NULL;
system_dn = ldb_dn_copy(frame, ldb_get_default_basedn(sam_ctx));
system_dn = samdb_system_container_dn(sam_ctx, frame);
if (system_dn == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
if (!ldb_dn_add_child_fmt(system_dn, "CN=System")) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
if (exclude != NULL) {
exclude_encoded = ldb_binary_encode_string(frame, exclude);
if (exclude_encoded == NULL) {
......
......@@ -1009,19 +1009,20 @@ static int get_pso_count(struct ldb_module *module, TALLOC_CTX *mem_ctx,
{
static const char * const attrs[] = { NULL };
int ret;
struct ldb_dn *domain_dn = NULL;
struct ldb_dn *psc_dn = NULL;
struct ldb_result *res = NULL;
struct ldb_context *ldb = ldb_module_get_ctx(module);
bool psc_ok;
*pso_count = 0;
domain_dn = ldb_get_default_basedn(ldb);
psc_dn = ldb_dn_new_fmt(mem_ctx, ldb,
"CN=Password Settings Container,CN=System,%s",
ldb_dn_get_linearized(domain_dn));
psc_dn = samdb_system_container_dn(ldb, mem_ctx);
if (psc_dn == NULL) {
return ldb_oom(ldb);
}
psc_ok = ldb_dn_add_child_fmt(psc_dn, "CN=Password Settings Container");
if (psc_ok == false) {
return ldb_oom(ldb);
}
/* get the number of PSO children */
ret = dsdb_module_search(module, mem_ctx, &res, psc_dn,
......@@ -1088,8 +1089,8 @@ static int pso_search_by_sids(struct ldb_module *module, TALLOC_CTX *mem_ctx,
int i;
struct ldb_context *ldb = ldb_module_get_ctx(module);
char *sid_filter = NULL;
struct ldb_dn *domain_dn = NULL;
struct ldb_dn *psc_dn = NULL;
bool psc_ok;
const char *attrs[] = {
"msDS-PasswordSettingsPrecedence",
"objectGUID",
......@@ -1117,13 +1118,14 @@ static int pso_search_by_sids(struct ldb_module *module, TALLOC_CTX *mem_ctx,
}
/* only PSOs located in the Password Settings Container are valid */
domain_dn = ldb_get_default_basedn(ldb);
psc_dn = ldb_dn_new_fmt(mem_ctx, ldb,
"CN=Password Settings Container,CN=System,%s",
ldb_dn_get_linearized(domain_dn));
psc_dn = samdb_system_container_dn(ldb, mem_ctx);
if (psc_dn == NULL) {
return ldb_oom(ldb);
}
psc_ok = ldb_dn_add_child_fmt(psc_dn, "CN=Password Settings Container");
if (psc_ok == false) {
return ldb_oom(ldb);
}
ret = dsdb_module_search(module, mem_ctx, result, psc_dn,
LDB_SCOPE_ONELEVEL, attrs,
......
......@@ -5402,14 +5402,9 @@ static int check_rename_constraints(struct ldb_message *msg,
/* Objects under CN=System */
dn1 = ldb_dn_copy(ac, ldb_get_default_basedn(ldb));
dn1 = samdb_system_container_dn(ldb, ac);
if (dn1 == NULL) return ldb_oom(ldb);
if ( ! ldb_dn_add_child_fmt(dn1, "CN=System")) {
talloc_free(dn1);
return LDB_ERR_OPERATIONS_ERROR;
}
if ((ldb_dn_compare_base(dn1, olddn) == 0) &&
(ldb_dn_compare_base(dn1, newdn) != 0)) {
talloc_free(dn1);
......
......@@ -59,10 +59,10 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
const char *name,
const DATA_BLOB *lsa_secret)
{
TALLOC_CTX *frame = talloc_stackframe();
struct ldb_message *msg;
struct ldb_result *res;
struct ldb_dn *domain_dn;
struct ldb_dn *system_dn;
struct ldb_dn *system_dn = NULL;
struct ldb_val val;
int ret;
char *name2;
......@@ -72,13 +72,9 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
NULL
};
domain_dn = ldb_get_default_basedn(ldb);
if (!domain_dn) {
return NT_STATUS_INTERNAL_ERROR;
}
msg = ldb_msg_new(mem_ctx);
msg = ldb_msg_new(frame);
if (msg == NULL) {
talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
......@@ -92,15 +88,15 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
* * taillor the function to the particular needs of backup protocol
*/
system_dn = samdb_search_dn(ldb, msg, domain_dn, "(&(objectClass=container)(cn=System))");
system_dn = samdb_system_container_dn(ldb, frame);
if (system_dn == NULL) {
talloc_free(msg);
talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
name2 = talloc_asprintf(msg, "%s Secret", name);
if (name2 == NULL) {
talloc_free(msg);
talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
......@@ -110,7 +106,7 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
if (ret != LDB_SUCCESS || res->count != 0 ) {
DEBUG(2, ("Secret %s already exists !\n", name2));
talloc_free(msg);
talloc_free(frame);
return NT_STATUS_OBJECT_NAME_COLLISION;
}
......@@ -119,41 +115,41 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
* here only if the key didn't exists before
*/
msg->dn = ldb_dn_copy(mem_ctx, system_dn);
msg->dn = ldb_dn_copy(frame, system_dn);
if (msg->dn == NULL) {
talloc_free(msg);
talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
if (!ldb_dn_add_child_fmt(msg->dn, "cn=%s", name2)) {
talloc_free(msg);
talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
ret = ldb_msg_add_string(msg, "cn", name2);
if (ret != LDB_SUCCESS) {
talloc_free(msg);
talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
ret = ldb_msg_add_string(msg, "objectClass", "secret");
if (ret != LDB_SUCCESS) {
talloc_free(msg);
talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "priorSetTime", nt_now);
ret = samdb_msg_add_uint64(ldb, frame, msg, "priorSetTime", nt_now);
if (ret != LDB_SUCCESS) {
talloc_free(msg);
talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
val.data = lsa_secret->data;
val.length = lsa_secret->length;
ret = ldb_msg_add_value(msg, "currentValue", &val, NULL);
if (ret != LDB_SUCCESS) {
talloc_free(msg);
talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
ret = samdb_msg_add_uint64(ldb, mem_ctx, msg, "lastSetTime", nt_now);
ret = samdb_msg_add_uint64(ldb, frame, msg, "lastSetTime", nt_now);
if (ret != LDB_SUCCESS) {
talloc_free(msg);
talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
......@@ -167,11 +163,11 @@ static NTSTATUS set_lsa_secret(TALLOC_CTX *mem_ctx,
DEBUG(2,("Failed to create secret record %s: %s\n",
ldb_dn_get_linearized(msg->dn),
ldb_errstring(ldb)));
talloc_free(msg);
talloc_free(frame);
return NT_STATUS_ACCESS_DENIED;
}
talloc_free(msg);
talloc_free(frame);
return NT_STATUS_OK;
}
......@@ -183,8 +179,7 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
{
TALLOC_CTX *tmp_mem;
struct ldb_result *res;
struct ldb_dn *domain_dn;
struct ldb_dn *system_dn;
struct ldb_dn *system_dn = NULL;
const struct ldb_val *val;
uint8_t *data;
const char *attrs[] = {
......@@ -196,17 +191,12 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
lsa_secret->data = NULL;
lsa_secret->length = 0;
domain_dn = ldb_get_default_basedn(ldb);
if (!domain_dn) {
return NT_STATUS_INTERNAL_ERROR;
}
tmp_mem = talloc_new(mem_ctx);
if (tmp_mem == NULL) {
return NT_STATUS_NO_MEMORY;
}
system_dn = samdb_search_dn(ldb, tmp_mem, domain_dn, "(&(objectClass=container)(cn=System))");
system_dn = samdb_system_container_dn(ldb, tmp_mem);
if (system_dn == NULL) {
talloc_free(tmp_mem);
return NT_STATUS_NO_MEMORY;
......
......@@ -146,10 +146,9 @@ NTSTATUS dcesrv_lsa_get_policy_state(struct dcesrv_call_state *dce_call,
/* work out the system_dn - useful for so many calls its worth
fetching here */
state->system_dn = samdb_search_dn(state->sam_ldb, state,
state->domain_dn, "(&(objectClass=container)(cn=System))");
if (!state->system_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
state->system_dn = samdb_system_container_dn(state->sam_ldb, state);
if (state->system_dn == NULL) {
return NT_STATUS_NO_MEMORY;
}
state->builtin_sid = dom_sid_parse_talloc(state, SID_BUILTIN);
......
......@@ -3941,11 +3941,9 @@ static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx,
return WERR_INVALID_FLAGS;
}
system_dn = samdb_search_dn(sam_ctx, mem_ctx,
ldb_get_default_basedn(sam_ctx),
"(&(objectClass=container)(cn=System))");
if (!system_dn) {
return WERR_GEN_FAILURE;
system_dn = samdb_system_container_dn(sam_ctx, mem_ctx);
if (system_dn == NULL) {
return WERR_NOT_ENOUGH_MEMORY;
}
ret = gendb_search(sam_ctx, mem_ctx, system_dn,
......
......@@ -1978,10 +1978,10 @@ _kdc_pk_validate_freshness_token(astgs_request_t r,
token_time, sizeof(token_time), TRUE);
kdc_log(r->context, r->config, 4, "Freshness token has too large time skew: "
"time in token %s is out by %ld > %ld seconds — %s",
"time in token %s is out by %ld > %jd seconds — %s",
token_time,
time_diff,
r->context->max_skew,
(intmax_t)(r->context->max_skew),
r->cname);
r->e_text = NULL;
......