Commits · samba-4.8.6 · The Samba Team / Samba

This project is mirrored from https://git.samba.org/samba.git. Pull mirroring updated May 24, 2022.

08 Oct, 2018 2 commits
- VERSION: Disable GIT_SNAPSHOT for the 4.8.6 release. · 03a6d361
  Karolin Seeger authored Sep 25, 2018
```
Signed-off-by: Karolin Seeger <kseeger@samba.org>
```
  03a6d361
- WHATSNEW: Add release notes for Samba 4.8.6. · 8b8b0dc6
  Karolin Seeger authored Sep 25, 2018
```
Signed-off-by: Karolin Seeger <kseeger@samba.org>
```
  8b8b0dc6
27 Sep, 2018 2 commits

lib: Hold at most 10 outstanding paged result cookies · 0e259656

VL authored May 07, 2018 and

Karolin Seeger committed Sep 27, 2018

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13362

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 15 09:37:21 CEST 2018 on sn-devel-144

(cherry picked from commit 9fbd4672)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Thu Sep 27 15:32:11 CEST 2018 on sn-devel-144

0e259656

lib: Put "results_store" into a doubly linked list · aa529bc4

VL authored May 07, 2018 and

Karolin Seeger committed Sep 27, 2018

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13362

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8063995a)

aa529bc4

20 Sep, 2018 10 commits

ctdb-recoverd: Set recovery lock handle at start of attempt · 189697a9

Martin Schwenke authored Sep 03, 2018 and

Karolin Seeger committed Sep 20, 2018

This allows the attempt to be cancelled if an election is lost and an
unlock is done before the attempt is completed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Sep 18 02:18:30 CEST 2018 on sn-devel-144

(cherry picked from commit 486022ef)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Thu Sep 20 14:05:59 CEST 2018 on sn-devel-144

189697a9

ctdb-recoverd: Handle cancellation when releasing recovery lock · 21e4884a

Martin Schwenke authored Sep 03, 2018 and

Karolin Seeger committed Sep 20, 2018

If the recovery lock is in the process of being taken then free the
cluster mutex handle but leave the recovery lock handle in place.
This allows ctdb_recovery_lock() to fail.

Note that this isn't yet live because rec->recovery_lock_handle is
still only set at the completion of the attempt to take the lock.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit b1dc5687)

21e4884a

ctdb-recoverd: Return early when the recovery lock is not held · da9bb48a

Martin Schwenke authored Sep 11, 2018 and

Karolin Seeger committed Sep 20, 2018

This makes upcoming changes simpler.

Update to modern debug macro while touching relevant line.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit a755d060)

da9bb48a

ctdb-recoverd: Store recovery lock handle · 72a8c699

Martin Schwenke authored Sep 03, 2018 and

Karolin Seeger committed Sep 20, 2018

... not just cluster mutex handle.

This makes the recovery lock handle long-lived and with allow the
releasing code to cancel an in-progress attempt to take the recovery
lock.

The cluster mutex handle is now allocated off the recovery lock
handle.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit c5221674)

72a8c699

ctdb-recoverd: Use talloc() to allocate recovery lock handle · 97455242

Martin Schwenke authored Sep 03, 2018 and

Karolin Seeger committed Sep 20, 2018

At the moment this is still local and is freed after the mutex is
successfully taken.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit a53b264a)

97455242

ctdb-recoverd: Rename hold_reclock_state to ctdb_recovery_lock_handle · a4c43860

Martin Schwenke authored Sep 03, 2018 and

Karolin Seeger committed Sep 20, 2018

This will be a longer lived structure.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit af22f03d)

a4c43860

ctdb-recoverd: Re-check master on failure to take recovery lock · 9b1cc7af

Martin Schwenke authored Sep 09, 2018 and

Karolin Seeger committed Sep 20, 2018

If the master changed while trying to take the lock then fail gracefully.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit c516e58c)

9b1cc7af

ctdb-recoverd: Clean up taking of recovery lock · 43c1ad15

Martin Schwenke authored Sep 09, 2018 and

Karolin Seeger committed Sep 20, 2018

No functional changes, just coding style cleanups and debug message
tweaks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 59fc0164)

43c1ad15

ctdb-cluster-mutex: Block signals around fork · eb498ec2

Martin Schwenke authored Sep 12, 2018 and

Karolin Seeger committed Sep 20, 2018

If SIGTERM is received and the tevent signal handler setup in the
recovery daemon is still enabled then the signal is handled and a
corresponding event is queued.  The child never runs an event loop so
the signal is effectively ignored.

Resetting the SIGTERM handler isn't enough.  A signal can arrive
before that.

Block SIGTERM before forking and then immediately unblock it in the
parent.

In the child, unblock SIGTERM after the signal handler is reset.  An
explicit unblock is needed because according to sigprocmask(2) "the
signal mask is preserved across execve(2)".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit e789d0da)

eb498ec2

ctdb-cluster-mutex: Reset SIGTERM handler in cluster mutex child · 1954a942

Martin Schwenke authored Sep 12, 2018 and

Karolin Seeger committed Sep 20, 2018

If SIGTERM is received and the tevent signal handler setup in the
recovery daemon is still enabled then the signal is handled and a
corresponding event is queued.  The child never runs an event loop so
the signal is effectively ignored.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 5a6b1398)

1954a942

10 Sep, 2018 1 commit

wafsamba: Fix 'make -j<jobs>' · b29d90ff

Andreas Schneider authored Sep 06, 2018 and

Karolin Seeger committed Sep 10, 2018

Currently only 'make -j' enables parallel builds and e.g. 'make -j4'
results in no parallel compile jobs at all.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13606

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Sep  7 20:24:46 CEST 2018 on sn-devel-144

(cherry picked from commit 70169d47)

Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Mon Sep 10 16:45:04 CEST 2018 on sn-devel-144

b29d90ff

05 Sep, 2018 25 commits

krb5-samba: interdomain trust uses different salt principal · 3ea96a25

Alexander Bokovoy authored Feb 16, 2018 and

Stefan Metzmacher committed Sep 05, 2018

Salt principal for the interdomain trust is krbtgt/DOMAIN@REALM where
DOMAIN is the sAMAccountName without the dollar sign ($)

The salt principal for the BLA$ user object was generated wrong.

dn: CN=bla.base,CN=System,DC=w4edom-l4,DC=base
securityIdentifier: S-1-5-21-4053568372-2049667917-3384589010
trustDirection: 3
trustPartner: bla.base
trustPosixOffset: -2147483648
trustType: 2
trustAttributes: 8
flatName: BLA

dn: CN=BLA$,CN=Users,DC=w4edom-l4,DC=base
userAccountControl: 2080
primaryGroupID: 513
objectSid: S-1-5-21-278041429-3399921908-1452754838-1597
accountExpires: 9223372036854775807
sAMAccountName: BLA$
sAMAccountType: 805306370
pwdLastSet: 131485652467995000

The salt stored by Windows in the package_PrimaryKerberosBlob
(within supplementalCredentials) seems to be
'W4EDOM-L4.BASEkrbtgtBLA' for the above trust
and Samba stores 'W4EDOM-L4.BASEBLA$'.

While the salt used when building the keys from
trustAuthOutgoing/trustAuthIncoming is
'W4EDOM-L4.BASEkrbtgtBLA.BASE', which we handle correct.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539



Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep  5 03:57:22 CEST 2018 on sn-devel-144

(cherry picked from commit f3e349be)

Autobuild-User(v4-8-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-8-test): Wed Sep  5 18:32:05 CEST 2018 on sn-devel-144

3ea96a25

testprogs/blackbox: let test_trust_user_account.sh check the correct kerberos salt · d726535d

Stefan Metzmacher authored Sep 04, 2018

This demonstrates the bug we currently have.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1b31fa62)

d726535d

testprogs/blackbox: add testit[_expect_failure]_grep() to subunit.sh · 04fee9eb

Stefan Metzmacher authored Sep 04, 2018

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8526feb1)

04fee9eb

samba-tool: add virtualKerberosSalt attribute to 'user getpassword/syncpasswords' · e311e6e8

Stefan Metzmacher authored Sep 04, 2018

This might be useful for someone, but at least it's very useful for
tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 39c281a2)

e311e6e8

s4:selftest: test kinit with the interdomain trust user account · 0534104e

Alexander Bokovoy authored Feb 16, 2018 and

Stefan Metzmacher committed Sep 05, 2018

To test it, add a blackbox test that ensures we pass a keytab-based
authentication with the trust user account for a trusted domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539



Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7df50529)

0534104e

libds: rename UF_MACHINE_ACCOUNT_MASK to UF_TRUST_ACCOUNT_MASK · d39a80ce

Ralph Böhme authored Mar 08, 2018 and

Stefan Metzmacher committed Sep 05, 2018



The name UF_TRUST_ACCOUNT_MASK better reflects the use case and it's not
yet used.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8497d209)

d39a80ce

vfs_fruit: Don't unlink the main file · 772600fe

VL authored Aug 07, 2018 and

Stefan Metzmacher committed Sep 05, 2018

The original fix for bug 13441 was missing a check that verifies that
fruit_ftruncate() is actually called on a stream.

Follow-up to

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441



Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Aug 23 15:28:48 CEST 2018 on sn-devel-144

(cherry picked from commit 8c142348)

772600fe

torture: Make sure that fruit_ftruncate only unlinks streams · 64a91078

VL authored Aug 07, 2018 and

Stefan Metzmacher committed Sep 05, 2018

Follow-up to

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c39ec642)

64a91078

s3:smbd: add a comment stating that file_close_user() is redundant for SMB2 · 37f8294a

Ralph Böhme authored Aug 30, 2018 and

Stefan Metzmacher committed Sep 05, 2018

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep  1 01:26:35 CEST 2018 on sn-devel-144

(cherry picked from commit 5d95f79f)

37f8294a

s3:smbd: let session logoff close files and tcons before deleting the session · 9fe8691c

Ralph Böhme authored Aug 29, 2018 and

Stefan Metzmacher committed Sep 05, 2018

This avoids a race in durable handle reconnects if the reconnect comes
in while the old session is still in the tear-down phase.

The new session is supposed to rendezvous with and wait for destruction
of the old session, which is internally implemented with
dbwrap_watch_send() on the old session record.

If the old session deletes the session record before calling
file_close_user() which marks all file handles as disconnected, the
durable handle reconnect in the new session will fail as the records are
not yet marked as disconnected which is a prerequisite.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8f6edcc1)

9fe8691c

s3:smbd: reorder tcon global record deletion and closing files of a tcon · d36fbe95

Ralph Böhme authored Aug 30, 2018 and

Stefan Metzmacher committed Sep 05, 2018

As such, this doesn't change overall behaviour, but in case we ever add
semantics acting on tcon record changes via an API like
dbwrap_watch_send(), this will make a difference as it enforces
ordering.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit b70b8503)

d36fbe95

selftest: add a durable handle test with delayed disconnect · e667b177

Ralph Böhme authored Aug 30, 2018 and

Stefan Metzmacher committed Sep 05, 2018

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 5508024a)

e667b177

s4:selftest: reformat smb2_s3only list · 34eeed27

Ralph Böhme authored Aug 31, 2018 and

Stefan Metzmacher committed Sep 05, 2018

No change besides reformatting the list to one entry per line.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3255822f)

34eeed27

vfs_delay_inject: adding delay to VFS calls · 3304d861

Ralph Böhme authored Aug 30, 2018 and

Stefan Metzmacher committed Sep 05, 2018

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 44840ba5)

3304d861

s4:rpc_server/netlogon: don't treet trusted domains as primary in LogonGetDomainInfo() · a2b04c35

Stefan Metzmacher authored Aug 28, 2018

We need to handle trusted domains differently than our primary
domain. The most important part is that we don't return
NETR_TRUST_FLAG_PRIMARY for them.

NETR_TRUST_FLAG_{INBOUND,OUTBOUND,IN_FOREST} are the relavant flags
for trusts.

This is an example of what Windows returns in a complex trust
environment:

netr_LogonGetDomainInfo: struct netr_LogonGetDomainInfo
out: struct netr_LogonGetDomainInfo
return_authenticator : *
return_authenticator: struct netr_Authenticator
cred: struct netr_Credential
data : f48b51ff12ff8c6c
timestamp : Tue Aug 28 22:59:03 2018 CEST
info : *
info : union netr_DomainInfo(case 1)
domain_info : *
domain_info: struct netr_DomainInformation
primary_domain: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x0014 (20)
size : 0x0016 (22)
string : *
string : 'W2012R2-L4'
dns_domainname: struct lsa_StringLarge
length : 0x0020 (32)
size : 0x0022 (34)
string : *
string : 'w2012r2-l4.base.'
dns_forestname: struct lsa_StringLarge
length : 0x0020 (32)
size : 0x0022 (34)
string : *
string : 'w2012r2-l4.base.'
domain_guid : 0a133c91-8eac-4df0-96ac-ede69044a38b
domain_sid : *
domain_sid : S-1-5-21-2930975464-1937418634-1288008815
trust_extension: struct netr_trust_extension_container
length : 0x0000 (0)
size : 0x0000 (0)
info : NULL
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domain_count : 0x00000006 (6)
trusted_domains : *
trusted_domains: ARRAY(6)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x000e (14)
size : 0x0010 (16)
string : *
string : 'FREEIPA'
dns_domainname: struct lsa_StringLarge
length : 0x0018 (24)
size : 0x001a (26)
string : *
string : 'freeipa.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid : 00000000-0000-0000-0000-000000000000
domain_sid : *
domain_sid : S-1-5-21-429948374-2562621466-335716826
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x00000022 (34)
0: NETR_TRUST_FLAG_IN_FOREST
1: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
1: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000000 (0)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000008 (8)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x0016 (22)
size : 0x0018 (24)
string : *
string : 'S1-W2012-L4'
dns_domainname: struct lsa_StringLarge
length : 0x0036 (54)
size : 0x0038 (56)
string : *
string : 's1-w2012-l4.w2012r2-l4.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid : afe7fbde-af82-46cf-88a2-2df6920fc33e
domain_sid : *
domain_sid : S-1-5-21-1368093395-3821428921-3924672915
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x00000023 (35)
1: NETR_TRUST_FLAG_IN_FOREST
1: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
1: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000004 (4)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000020 (32)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
1: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x0006 (6)
size : 0x0008 (8)
string : *
string : 'BLA'
dns_domainname: struct lsa_StringLarge
length : 0x0010 (16)
size : 0x0012 (18)
string : *
string : 'bla.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid : 00000000-0000-0000-0000-000000000000
domain_sid : *
domain_sid : S-1-5-21-4053568372-2049667917-3384589010
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x00000022 (34)
0: NETR_TRUST_FLAG_IN_FOREST
1: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
1: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000000 (0)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000008 (8)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x000c (12)
size : 0x000e (14)
string : *
string : 'S4XDOM'
dns_domainname: struct lsa_StringLarge
length : 0x0016 (22)
size : 0x0018 (24)
string : *
string : 's4xdom.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid : 00000000-0000-0000-0000-000000000000
domain_sid : *
domain_sid : S-1-5-21-313966788-4060240134-2249344781
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x00000022 (34)
0: NETR_TRUST_FLAG_IN_FOREST
1: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
1: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000000 (0)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000008 (8)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x0014 (20)
size : 0x0016 (22)
string : *
string : 'W2012R2-L4'
dns_domainname: struct lsa_StringLarge
length : 0x001e (30)
size : 0x0020 (32)
string : *
string : 'w2012r2-l4.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid : 0a133c91-8eac-4df0-96ac-ede69044a38b
domain_sid : *
domain_sid : S-1-5-21-2930975464-1937418634-1288008815
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x0000001d (29)
1: NETR_TRUST_FLAG_IN_FOREST
0: NETR_TRUST_FLAG_OUTBOUND
1: NETR_TRUST_FLAG_TREEROOT
1: NETR_TRUST_FLAG_PRIMARY
1: NETR_TRUST_FLAG_NATIVE
0: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000000 (0)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000000 (0)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x0016 (22)
size : 0x0018 (24)
string : *
string : 'S2-W2012-L4'
dns_domainname: struct lsa_StringLarge
length : 0x004e (78)
size : 0x0050 (80)
string : *
string : 's2-w2012-l4.s1-w2012-l4.w2012r2-l4.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid : 29daace6-cded-4ce3-a754-7482a4d9127c
domain_sid : *
domain_sid : S-1-5-21-167342819-981449877-2130266853
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x00000001 (1)
1: NETR_TRUST_FLAG_IN_FOREST
0: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
0: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000001 (1)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000000 (0)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
lsa_policy: struct netr_LsaPolicyInformation
policy_size : 0x00000000 (0)
policy : NULL
dns_hostname: struct lsa_StringLarge
length : 0x0036 (54)
size : 0x0038 (56)
string : *
string : 'torturetest.w2012r2-l4.base'
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
workstation_flags : 0x00000003 (3)
1: NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS
1: NETR_WS_FLAG_HANDLES_SPN_UPDATE
supported_enc_types : 0x0000001f (31)
1: KERB_ENCTYPE_DES_CBC_CRC
1: KERB_ENCTYPE_DES_CBC_MD5
1: KERB_ENCTYPE_RC4_HMAC_MD5
1: KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96
1: KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96
0: KERB_ENCTYPE_FAST_SUPPORTED
0: KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED
0: KERB_ENCTYPE_CLAIMS_SUPPORTED
0: KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
result : NT_STATUS_OK

Best viewed with: git show --histogram -w

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2099add0)

a2b04c35

s4:rpc_server/netlogon: make use of talloc_zero_array() for the netr_OneDomainInfo array · 73e383f2

Stefan Metzmacher authored Aug 28, 2018

It's much safer than having uninitialized memory when we hit an error
case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ef0b489a)

73e383f2

s4:rpc_server/netlogon: use samdb_domain_guid()/dsdb_trust_local_tdo_info() to... · 2e7e58a5

Stefan Metzmacher authored Aug 28, 2018

s4:rpc_server/netlogon: use samdb_domain_guid()/dsdb_trust_local_tdo_info() to build our netr_OneDomainInfo values

The logic for constructing the values for our own primary domain differs
from the values of trusted domains. In order to make the code easier to
understand we have a new fill_our_one_domain_info() helper that
only takes care of our primary domain.

The cleanup for the trust case will follow in a separate commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 61333f77)

2e7e58a5

s4:dsdb/common: add samdb_domain_guid() helper function · e7b43132

Stefan Metzmacher authored Aug 28, 2018

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 0e442e09)

e7b43132

dsdb:util_trusts: add dsdb_trust_local_tdo_info() helper function · 66a05543

Stefan Metzmacher authored Feb 01, 2018

This is similar to dsdb_trust_xref_tdo_info(), but will also work
if we ever support more than one domain in our forest.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit c1b0ac95)

66a05543

dsdb/util_trusts: domain_dn is an input parameter of dsdb_trust_crossref_tdo_info() · 96ae85bc

Stefan Metzmacher authored Feb 01, 2018

We should not overwrite it within the function.
Currently it doesn't matter as we don't have multiple domains
within our forest, but that will change in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit f5f96f55)

96ae85bc

s4:torture/rpc/netlogon: verify the trusted domains output of LogonGetDomainInfo() · b7bd12dd

Stefan Metzmacher authored Aug 28, 2018

This makes sure we don't treat trusted domains in the same way we treat
our primary domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d5dd8fdc)

b7bd12dd

s4:torture/rpc/netlogon: assert that cli_credentials_get_{workstation,password} don't return NULL · 7276bdb5

Stefan Metzmacher authored Sep 03, 2018

This is better that generating a segfault while dereferencing a NULL
pointer later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit dffc182c)

7276bdb5

smbd: Fix a memleak in async search ask sharemode · 91a5d382

VL authored Sep 03, 2018 and

Stefan Metzmacher committed Sep 05, 2018

fetch_share_mode_unlocked_parser() takes a "struct
fetch_share_mode_unlocked_state *" as
"private_data". fetch_share_mode_send() used a talloc_zero'ed "struct
share_mode_lock". This lead to the parser putting a "struct
share_mode_lock on the NULL talloc_context where nobody really picked it
up.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13602

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0bd109b7)

91a5d382

ctdb-daemon: Log complete eventd startup command · 8385a0c8

Martin Schwenke authored Sep 03, 2018 and

Stefan Metzmacher committed Sep 05, 2018

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 6d3d9a85)

8385a0c8

ctdb-daemon: Do not retry connection to eventd · f3a2f0b7

Martin Schwenke authored Aug 27, 2018 and

Stefan Metzmacher committed Sep 05, 2018

Confirmation is now received from eventd that it is accepting
connections, so this is no longer needed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit b430a1ac)

f3a2f0b7