This project is mirrored from https://git.samba.org/samba.git. Pull mirroring updated .
  1. 08 Oct, 2018 2 commits
  2. 27 Sep, 2018 2 commits
  3. 20 Sep, 2018 10 commits
  4. 10 Sep, 2018 1 commit
  5. 05 Sep, 2018 25 commits
    • Alexander Bokovoy's avatar
      krb5-samba: interdomain trust uses different salt principal · 3ea96a25
      Alexander Bokovoy authored and Stefan Metzmacher's avatar Stefan Metzmacher committed
      Salt principal for the interdomain trust is krbtgt/DOMAIN@REALM where
      DOMAIN is the sAMAccountName without the dollar sign ($)
      
      The salt principal for the BLA$ user object was generated wrong.
      
      dn: CN=bla.base,CN=System,DC=w4edom-l4,DC=base
      securityIdentifier: S-1-5-21-4053568372-2049667917-3384589010
      trustDirection: 3
      trustPartner: bla.base
      trustPosixOffset: -2147483648
      trustType: 2
      trustAttributes: 8
      flatName: BLA
      
      dn: CN=BLA$,CN=Users,DC=w4edom-l4,DC=base
      userAccountControl: 2080
      primaryGroupID: 513
      objectSid: S-1-5-21-278041429-3399921908-1452754838-1597
      accountExpires: 9223372036854775807
      sAMAccountName: BLA$
      sAMAccountType: 805306370
      pwdLastSet: 131485652467995000
      
      The salt stored by Windows in the package_PrimaryKerberosBlob
      (within supplementalCredentials) seems to be
      'W4EDOM-L4.BASEkrbtgtBLA' for the above trust
      and Samba stores 'W4EDOM-L4.BASEBLA$'.
      
      While the salt used when building the keys from
      trustAuthOutgoing/trustAuthIncoming is
      'W4EDOM-L4.BASEkrbtgtBLA.BASE', which we handle correct.
      
      BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539
      
      
      
      Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
      Signed-off-by: Alexander Bokovoy's avatarAlexander Bokovoy <ab@samba.org>
      Signed-off-by: Stefan Metzmacher's avatarStefan Metzmacher <metze@samba.org>
      Reviewed-by: Andrew Bartlett's avatarAndrew Bartlett <abartlet@samba.org>
      
      Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
      Autobuild-Date(master): Wed Sep  5 03:57:22 CEST 2018 on sn-devel-144
      
      (cherry picked from commit f3e349be)
      
      Autobuild-User(v4-8-test): Stefan Metzmacher <metze@samba.org>
      Autobuild-Date(v4-8-test): Wed Sep  5 18:32:05 CEST 2018 on sn-devel-144
      3ea96a25
    • Stefan Metzmacher's avatar
      testprogs/blackbox: let test_trust_user_account.sh check the correct kerberos salt · d726535d
      Stefan Metzmacher authored
      This demonstrates the bug we currently have.
      
      BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539
      
      Signed-off-by: Stefan Metzmacher's avatarStefan Metzmacher <metze@samba.org>
      Reviewed-by: Andrew Bartlett's avatarAndrew Bartlett <abartlet@samba.org>
      (cherry picked from commit 1b31fa62)
      d726535d
    • Stefan Metzmacher's avatar
    • Stefan Metzmacher's avatar
      samba-tool: add virtualKerberosSalt attribute to 'user getpassword/syncpasswords' · e311e6e8
      Stefan Metzmacher authored
      This might be useful for someone, but at least it's very useful for
      tests.
      
      BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539
      
      Signed-off-by: Stefan Metzmacher's avatarStefan Metzmacher <metze@samba.org>
      Reviewed-by: Andrew Bartlett's avatarAndrew Bartlett <abartlet@samba.org>
      (cherry picked from commit 39c281a2)
      e311e6e8
    • Alexander Bokovoy's avatar
      s4:selftest: test kinit with the interdomain trust user account · 0534104e
      Alexander Bokovoy authored and Stefan Metzmacher's avatar Stefan Metzmacher committed
      To test it, add a blackbox test that ensures we pass a keytab-based
      authentication with the trust user account for a trusted domain.
      
      BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539
      
      
      
      Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
      Signed-off-by: Alexander Bokovoy's avatarAlexander Bokovoy <ab@samba.org>
      Signed-off-by: Stefan Metzmacher's avatarStefan Metzmacher <metze@samba.org>
      Reviewed-by: Andrew Bartlett's avatarAndrew Bartlett <abartlet@samba.org>
      (cherry picked from commit 7df50529)
      0534104e
    • Ralph Böhme's avatar
      libds: rename UF_MACHINE_ACCOUNT_MASK to UF_TRUST_ACCOUNT_MASK · d39a80ce
      Ralph Böhme authored and Stefan Metzmacher's avatar Stefan Metzmacher committed
      
      
      The name UF_TRUST_ACCOUNT_MASK better reflects the use case and it's not
      yet used.
      Signed-off-by: Ralph Böhme's avatarRalph Boehme <slow@samba.org>
      Reviewed-by: Andrew Bartlett's avatarAndrew Bartlett <abartlet@samba.org>
      (cherry picked from commit 8497d209)
      d39a80ce
    • VL's avatar
      vfs_fruit: Don't unlink the main file · 772600fe
      VL authored and Stefan Metzmacher's avatar Stefan Metzmacher committed
      The original fix for bug 13441 was missing a check that verifies that
      fruit_ftruncate() is actually called on a stream.
      
      Follow-up to
      
      Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441
      
      
      
      Pair-Programmed-With: Volker Lendecke <vl@samba.org>
      Signed-off-by: Ralph Böhme's avatarRalph Boehme <slow@samba.org>
      Reviewed-by: VL's avatarVolker Lendecke <vl@samba.org>
      
      Autobuild-User(master): Volker Lendecke <vl@samba.org>
      Autobuild-Date(master): Thu Aug 23 15:28:48 CEST 2018 on sn-devel-144
      
      (cherry picked from commit 8c142348)
      772600fe
    • VL's avatar
      torture: Make sure that fruit_ftruncate only unlinks streams · 64a91078
      VL authored and Stefan Metzmacher's avatar Stefan Metzmacher committed
      Follow-up to
      
      Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441
      
      Signed-off-by: VL's avatarVolker Lendecke <vl@samba.org>
      Reviewed-by: Ralph Böhme's avatarRalph Boehme <slow@samba.org>
      (cherry picked from commit c39ec642)
      64a91078
    • Ralph Böhme's avatar
      s3:smbd: add a comment stating that file_close_user() is redundant for SMB2 · 37f8294a
      Ralph Böhme authored and Stefan Metzmacher's avatar Stefan Metzmacher committed
      Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549
      
      Signed-off-by: Ralph Böhme's avatarRalph Boehme <slow@samba.org>
      Reviewed-by: Jeremy Allison's avatarJeremy Allison <jra@samba.org>
      
      Autobuild-User(master): Jeremy Allison <jra@samba.org>
      Autobuild-Date(master): Sat Sep  1 01:26:35 CEST 2018 on sn-devel-144
      
      (cherry picked from commit 5d95f79f)
      37f8294a
    • Ralph Böhme's avatar
      s3:smbd: let session logoff close files and tcons before deleting the session · 9fe8691c
      Ralph Böhme authored and Stefan Metzmacher's avatar Stefan Metzmacher committed
      This avoids a race in durable handle reconnects if the reconnect comes
      in while the old session is still in the tear-down phase.
      
      The new session is supposed to rendezvous with and wait for destruction
      of the old session, which is internally implemented with
      dbwrap_watch_send() on the old session record.
      
      If the old session deletes the session record before calling
      file_close_user() which marks all file handles as disconnected, the
      durable handle reconnect in the new session will fail as the records are
      not yet marked as disconnected which is a prerequisite.
      
      Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549
      
      Signed-off-by: Ralph Böhme's avatarRalph Boehme <slow@samba.org>
      Reviewed-by: Jeremy Allison's avatarJeremy Allison <jra@samba.org>
      (cherry picked from commit 8f6edcc1)
      9fe8691c
    • Ralph Böhme's avatar
      s3:smbd: reorder tcon global record deletion and closing files of a tcon · d36fbe95
      Ralph Böhme authored and Stefan Metzmacher's avatar Stefan Metzmacher committed
      As such, this doesn't change overall behaviour, but in case we ever add
      semantics acting on tcon record changes via an API like
      dbwrap_watch_send(), this will make a difference as it enforces
      ordering.
      
      Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549
      
      Signed-off-by: Ralph Böhme's avatarRalph Boehme <slow@samba.org>
      Reviewed-by: Jeremy Allison's avatarJeremy Allison <jra@samba.org>
      (backported from commit b70b8503)
      d36fbe95
    • Ralph Böhme's avatar
      selftest: add a durable handle test with delayed disconnect · e667b177
      Ralph Böhme authored and Stefan Metzmacher's avatar Stefan Metzmacher committed
      Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549
      
      Signed-off-by: Ralph Böhme's avatarRalph Boehme <slow@samba.org>
      Reviewed-by: Jeremy Allison's avatarJeremy Allison <jra@samba.org>
      (cherry picked from commit 5508024a)
      e667b177
    • Ralph Böhme's avatar
      s4:selftest: reformat smb2_s3only list · 34eeed27
      Ralph Böhme authored and Stefan Metzmacher's avatar Stefan Metzmacher committed
      No change besides reformatting the list to one entry per line.
      
      Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549
      
      Signed-off-by: Ralph Böhme's avatarRalph Boehme <slow@samba.org>
      Reviewed-by: Jeremy Allison's avatarJeremy Allison <jra@samba.org>
      (cherry picked from commit 3255822f)
      34eeed27
    • Ralph Böhme's avatar
      vfs_delay_inject: adding delay to VFS calls · 3304d861
      Ralph Böhme authored and Stefan Metzmacher's avatar Stefan Metzmacher committed
      Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549
      
      Signed-off-by: Ralph Böhme's avatarRalph Boehme <slow@samba.org>
      Reviewed-by: Jeremy Allison's avatarJeremy Allison <jra@samba.org>
      (cherry picked from commit 44840ba5)
      3304d861
    • Stefan Metzmacher's avatar
      s4:rpc_server/netlogon: don't treet trusted domains as primary in LogonGetDomainInfo() · a2b04c35
      Stefan Metzmacher authored
      We need to handle trusted domains differently than our primary
      domain. The most important part is that we don't return
      NETR_TRUST_FLAG_PRIMARY for them.
      
      NETR_TRUST_FLAG_{INBOUND,OUTBOUND,IN_FOREST} are the relavant flags
      for trusts.
      
      This is an example of what Windows returns in a complex trust
      environment:
      
           netr_LogonGetDomainInfo: struct netr_LogonGetDomainInfo
              out: struct netr_LogonGetDomainInfo
                  return_authenticator     : *
                      return_authenticator: struct netr_Authenticator
                          cred: struct netr_Credential
                              data                     : f48b51ff12ff8c6c
                          timestamp                : Tue Aug 28 22:59:03 2018 CEST
                  info                     : *
                      info                     : union netr_DomainInfo(case 1)
                      domain_info              : *
                          domain_info: struct netr_DomainInformation
                              primary_domain: struct netr_OneDomainInfo
                                  domainname: struct lsa_StringLarge
                                      length                   : 0x0014 (20)
                                      size                     : 0x0016 (22)
                                      string                   : *
                                          string                   : 'W2012R2-L4'
                                  dns_domainname: struct lsa_StringLarge
                                      length                   : 0x0020 (32)
                                      size                     : 0x0022 (34)
                                      string                   : *
                                          string                   : 'w2012r2-l4.base.'
                                  dns_forestname: struct lsa_StringLarge
                                      length                   : 0x0020 (32)
                                      size                     : 0x0022 (34)
                                      string                   : *
                                          string                   : 'w2012r2-l4.base.'
                                  domain_guid              : 0a133c91-8eac-4df0-96ac-ede69044a38b
                                  domain_sid               : *
                                      domain_sid               : S-1-5-21-2930975464-1937418634-1288008815
                                  trust_extension: struct netr_trust_extension_container
                                      length                   : 0x0000 (0)
                                      size                     : 0x0000 (0)
                                      info                     : NULL
                                  dummy_string2: struct lsa_StringLarge
                                      length                   : 0x0000 (0)
                                      size                     : 0x0000 (0)
                                      string                   : NULL
                                  dummy_string3: struct lsa_StringLarge
                                      length                   : 0x0000 (0)
                                      size                     : 0x0000 (0)
                                      string                   : NULL
                                  dummy_string4: struct lsa_StringLarge
                                      length                   : 0x0000 (0)
                                      size                     : 0x0000 (0)
                                      string                   : NULL
                                  dummy_long1              : 0x00000000 (0)
                                  dummy_long2              : 0x00000000 (0)
                                  dummy_long3              : 0x00000000 (0)
                                  dummy_long4              : 0x00000000 (0)
                              trusted_domain_count     : 0x00000006 (6)
                              trusted_domains          : *
                                  trusted_domains: ARRAY(6)
                                      trusted_domains: struct netr_OneDomainInfo
                                          domainname: struct lsa_StringLarge
                                              length                   : 0x000e (14)
                                              size                     : 0x0010 (16)
                                              string                   : *
                                                  string                   : 'FREEIPA'
                                          dns_domainname: struct lsa_StringLarge
                                              length                   : 0x0018 (24)
                                              size                     : 0x001a (26)
                                              string                   : *
                                                  string                   : 'freeipa.base'
                                          dns_forestname: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          domain_guid              : 00000000-0000-0000-0000-000000000000
                                          domain_sid               : *
                                              domain_sid               : S-1-5-21-429948374-2562621466-335716826
                                          trust_extension: struct netr_trust_extension_container
                                              length                   : 0x0010 (16)
                                              size                     : 0x0010 (16)
                                              info                     : *
                                                  info: struct netr_trust_extension
                                                      length                   : 0x00000008 (8)
                                                      dummy                    : 0x00000000 (0)
                                                      size                     : 0x00000008 (8)
                                                      flags                    : 0x00000022 (34)
                                                             0: NETR_TRUST_FLAG_IN_FOREST
                                                             1: NETR_TRUST_FLAG_OUTBOUND
                                                             0: NETR_TRUST_FLAG_TREEROOT
                                                             0: NETR_TRUST_FLAG_PRIMARY
                                                             0: NETR_TRUST_FLAG_NATIVE
                                                             1: NETR_TRUST_FLAG_INBOUND
                                                             0: NETR_TRUST_FLAG_MIT_KRB5
                                                             0: NETR_TRUST_FLAG_AES
                                                      parent_index             : 0x00000000 (0)
                                                      trust_type               : LSA_TRUST_TYPE_UPLEVEL (2)
                                                      trust_attributes         : 0x00000008 (8)
                                                             0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
                                                             0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
                                                             0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
                                                             1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
                                                             0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
                                                             0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
                                                             0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
                                                             0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
                                          dummy_string2: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_string3: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_string4: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_long1              : 0x00000000 (0)
                                          dummy_long2              : 0x00000000 (0)
                                          dummy_long3              : 0x00000000 (0)
                                          dummy_long4              : 0x00000000 (0)
                                      trusted_domains: struct netr_OneDomainInfo
                                          domainname: struct lsa_StringLarge
                                              length                   : 0x0016 (22)
                                              size                     : 0x0018 (24)
                                              string                   : *
                                                  string                   : 'S1-W2012-L4'
                                          dns_domainname: struct lsa_StringLarge
                                              length                   : 0x0036 (54)
                                              size                     : 0x0038 (56)
                                              string                   : *
                                                  string                   : 's1-w2012-l4.w2012r2-l4.base'
                                          dns_forestname: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          domain_guid              : afe7fbde-af82-46cf-88a2-2df6920fc33e
                                          domain_sid               : *
                                              domain_sid               : S-1-5-21-1368093395-3821428921-3924672915
                                          trust_extension: struct netr_trust_extension_container
                                              length                   : 0x0010 (16)
                                              size                     : 0x0010 (16)
                                              info                     : *
                                                  info: struct netr_trust_extension
                                                      length                   : 0x00000008 (8)
                                                      dummy                    : 0x00000000 (0)
                                                      size                     : 0x00000008 (8)
                                                      flags                    : 0x00000023 (35)
                                                             1: NETR_TRUST_FLAG_IN_FOREST
                                                             1: NETR_TRUST_FLAG_OUTBOUND
                                                             0: NETR_TRUST_FLAG_TREEROOT
                                                             0: NETR_TRUST_FLAG_PRIMARY
                                                             0: NETR_TRUST_FLAG_NATIVE
                                                             1: NETR_TRUST_FLAG_INBOUND
                                                             0: NETR_TRUST_FLAG_MIT_KRB5
                                                             0: NETR_TRUST_FLAG_AES
                                                      parent_index             : 0x00000004 (4)
                                                      trust_type               : LSA_TRUST_TYPE_UPLEVEL (2)
                                                      trust_attributes         : 0x00000020 (32)
                                                             0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
                                                             0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
                                                             0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
                                                             0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
                                                             0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
                                                             1: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
                                                             0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
                                                             0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
                                          dummy_string2: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_string3: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_string4: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_long1              : 0x00000000 (0)
                                          dummy_long2              : 0x00000000 (0)
                                          dummy_long3              : 0x00000000 (0)
                                          dummy_long4              : 0x00000000 (0)
                                      trusted_domains: struct netr_OneDomainInfo
                                          domainname: struct lsa_StringLarge
                                              length                   : 0x0006 (6)
                                              size                     : 0x0008 (8)
                                              string                   : *
                                                  string                   : 'BLA'
                                          dns_domainname: struct lsa_StringLarge
                                              length                   : 0x0010 (16)
                                              size                     : 0x0012 (18)
                                              string                   : *
                                                  string                   : 'bla.base'
                                          dns_forestname: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          domain_guid              : 00000000-0000-0000-0000-000000000000
                                          domain_sid               : *
                                              domain_sid               : S-1-5-21-4053568372-2049667917-3384589010
                                          trust_extension: struct netr_trust_extension_container
                                              length                   : 0x0010 (16)
                                              size                     : 0x0010 (16)
                                              info                     : *
                                                  info: struct netr_trust_extension
                                                      length                   : 0x00000008 (8)
                                                      dummy                    : 0x00000000 (0)
                                                      size                     : 0x00000008 (8)
                                                      flags                    : 0x00000022 (34)
                                                             0: NETR_TRUST_FLAG_IN_FOREST
                                                             1: NETR_TRUST_FLAG_OUTBOUND
                                                             0: NETR_TRUST_FLAG_TREEROOT
                                                             0: NETR_TRUST_FLAG_PRIMARY
                                                             0: NETR_TRUST_FLAG_NATIVE
                                                             1: NETR_TRUST_FLAG_INBOUND
                                                             0: NETR_TRUST_FLAG_MIT_KRB5
                                                             0: NETR_TRUST_FLAG_AES
                                                      parent_index             : 0x00000000 (0)
                                                      trust_type               : LSA_TRUST_TYPE_UPLEVEL (2)
                                                      trust_attributes         : 0x00000008 (8)
                                                             0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
                                                             0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
                                                             0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
                                                             1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
                                                             0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
                                                             0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
                                                             0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
                                                             0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
                                          dummy_string2: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_string3: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_string4: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_long1              : 0x00000000 (0)
                                          dummy_long2              : 0x00000000 (0)
                                          dummy_long3              : 0x00000000 (0)
                                          dummy_long4              : 0x00000000 (0)
                                      trusted_domains: struct netr_OneDomainInfo
                                          domainname: struct lsa_StringLarge
                                              length                   : 0x000c (12)
                                              size                     : 0x000e (14)
                                              string                   : *
                                                  string                   : 'S4XDOM'
                                          dns_domainname: struct lsa_StringLarge
                                              length                   : 0x0016 (22)
                                              size                     : 0x0018 (24)
                                              string                   : *
                                                  string                   : 's4xdom.base'
                                          dns_forestname: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          domain_guid              : 00000000-0000-0000-0000-000000000000
                                          domain_sid               : *
                                              domain_sid               : S-1-5-21-313966788-4060240134-2249344781
                                          trust_extension: struct netr_trust_extension_container
                                              length                   : 0x0010 (16)
                                              size                     : 0x0010 (16)
                                              info                     : *
                                                  info: struct netr_trust_extension
                                                      length                   : 0x00000008 (8)
                                                      dummy                    : 0x00000000 (0)
                                                      size                     : 0x00000008 (8)
                                                      flags                    : 0x00000022 (34)
                                                             0: NETR_TRUST_FLAG_IN_FOREST
                                                             1: NETR_TRUST_FLAG_OUTBOUND
                                                             0: NETR_TRUST_FLAG_TREEROOT
                                                             0: NETR_TRUST_FLAG_PRIMARY
                                                             0: NETR_TRUST_FLAG_NATIVE
                                                             1: NETR_TRUST_FLAG_INBOUND
                                                             0: NETR_TRUST_FLAG_MIT_KRB5
                                                             0: NETR_TRUST_FLAG_AES
                                                      parent_index             : 0x00000000 (0)
                                                      trust_type               : LSA_TRUST_TYPE_UPLEVEL (2)
                                                      trust_attributes         : 0x00000008 (8)
                                                             0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
                                                             0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
                                                             0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
                                                             1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
                                                             0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
                                                             0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
                                                             0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
                                                             0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
                                          dummy_string2: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_string3: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_string4: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_long1              : 0x00000000 (0)
                                          dummy_long2              : 0x00000000 (0)
                                          dummy_long3              : 0x00000000 (0)
                                          dummy_long4              : 0x00000000 (0)
                                      trusted_domains: struct netr_OneDomainInfo
                                          domainname: struct lsa_StringLarge
                                              length                   : 0x0014 (20)
                                              size                     : 0x0016 (22)
                                              string                   : *
                                                  string                   : 'W2012R2-L4'
                                          dns_domainname: struct lsa_StringLarge
                                              length                   : 0x001e (30)
                                              size                     : 0x0020 (32)
                                              string                   : *
                                                  string                   : 'w2012r2-l4.base'
                                          dns_forestname: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          domain_guid              : 0a133c91-8eac-4df0-96ac-ede69044a38b
                                          domain_sid               : *
                                              domain_sid               : S-1-5-21-2930975464-1937418634-1288008815
                                          trust_extension: struct netr_trust_extension_container
                                              length                   : 0x0010 (16)
                                              size                     : 0x0010 (16)
                                              info                     : *
                                                  info: struct netr_trust_extension
                                                      length                   : 0x00000008 (8)
                                                      dummy                    : 0x00000000 (0)
                                                      size                     : 0x00000008 (8)
                                                      flags                    : 0x0000001d (29)
                                                             1: NETR_TRUST_FLAG_IN_FOREST
                                                             0: NETR_TRUST_FLAG_OUTBOUND
                                                             1: NETR_TRUST_FLAG_TREEROOT
                                                             1: NETR_TRUST_FLAG_PRIMARY
                                                             1: NETR_TRUST_FLAG_NATIVE
                                                             0: NETR_TRUST_FLAG_INBOUND
                                                             0: NETR_TRUST_FLAG_MIT_KRB5
                                                             0: NETR_TRUST_FLAG_AES
                                                      parent_index             : 0x00000000 (0)
                                                      trust_type               : LSA_TRUST_TYPE_UPLEVEL (2)
                                                      trust_attributes         : 0x00000000 (0)
                                                             0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
                                                             0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
                                                             0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
                                                             0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
                                                             0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
                                                             0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
                                                             0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
                                                             0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
                                          dummy_string2: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_string3: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_string4: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_long1              : 0x00000000 (0)
                                          dummy_long2              : 0x00000000 (0)
                                          dummy_long3              : 0x00000000 (0)
                                          dummy_long4              : 0x00000000 (0)
                                      trusted_domains: struct netr_OneDomainInfo
                                          domainname: struct lsa_StringLarge
                                              length                   : 0x0016 (22)
                                              size                     : 0x0018 (24)
                                              string                   : *
                                                  string                   : 'S2-W2012-L4'
                                          dns_domainname: struct lsa_StringLarge
                                              length                   : 0x004e (78)
                                              size                     : 0x0050 (80)
                                              string                   : *
                                                  string                   : 's2-w2012-l4.s1-w2012-l4.w2012r2-l4.base'
                                          dns_forestname: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          domain_guid              : 29daace6-cded-4ce3-a754-7482a4d9127c
                                          domain_sid               : *
                                              domain_sid               : S-1-5-21-167342819-981449877-2130266853
                                          trust_extension: struct netr_trust_extension_container
                                              length                   : 0x0010 (16)
                                              size                     : 0x0010 (16)
                                              info                     : *
                                                  info: struct netr_trust_extension
                                                      length                   : 0x00000008 (8)
                                                      dummy                    : 0x00000000 (0)
                                                      size                     : 0x00000008 (8)
                                                      flags                    : 0x00000001 (1)
                                                             1: NETR_TRUST_FLAG_IN_FOREST
                                                             0: NETR_TRUST_FLAG_OUTBOUND
                                                             0: NETR_TRUST_FLAG_TREEROOT
                                                             0: NETR_TRUST_FLAG_PRIMARY
                                                             0: NETR_TRUST_FLAG_NATIVE
                                                             0: NETR_TRUST_FLAG_INBOUND
                                                             0: NETR_TRUST_FLAG_MIT_KRB5
                                                             0: NETR_TRUST_FLAG_AES
                                                      parent_index             : 0x00000001 (1)
                                                      trust_type               : LSA_TRUST_TYPE_UPLEVEL (2)
                                                      trust_attributes         : 0x00000000 (0)
                                                             0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
                                                             0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
                                                             0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
                                                             0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
                                                             0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
                                                             0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
                                                             0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
                                                             0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
                                          dummy_string2: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_string3: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_string4: struct lsa_StringLarge
                                              length                   : 0x0000 (0)
                                              size                     : 0x0000 (0)
                                              string                   : NULL
                                          dummy_long1              : 0x00000000 (0)
                                          dummy_long2              : 0x00000000 (0)
                                          dummy_long3              : 0x00000000 (0)
                                          dummy_long4              : 0x00000000 (0)
                              lsa_policy: struct netr_LsaPolicyInformation
                                  policy_size              : 0x00000000 (0)
                                  policy                   : NULL
                              dns_hostname: struct lsa_StringLarge
                                  length                   : 0x0036 (54)
                                  size                     : 0x0038 (56)
                                  string                   : *
                                      string                   : 'torturetest.w2012r2-l4.base'
                              dummy_string2: struct lsa_StringLarge
                                  length                   : 0x0000 (0)
                                  size                     : 0x0000 (0)
                                  string                   : NULL
                              dummy_string3: struct lsa_StringLarge
                                  length                   : 0x0000 (0)
                                  size                     : 0x0000 (0)
                                  string                   : NULL
                              dummy_string4: struct lsa_StringLarge
                                  length                   : 0x0000 (0)
                                  size                     : 0x0000 (0)
                                  string                   : NULL
                              workstation_flags        : 0x00000003 (3)
                                     1: NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS
                                     1: NETR_WS_FLAG_HANDLES_SPN_UPDATE
                              supported_enc_types      : 0x0000001f (31)
                                     1: KERB_ENCTYPE_DES_CBC_CRC
                                     1: KERB_ENCTYPE_DES_CBC_MD5
                                     1: KERB_ENCTYPE_RC4_HMAC_MD5
                                     1: KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96
                                     1: KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96
                                     0: KERB_ENCTYPE_FAST_SUPPORTED
                                     0: KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED
                                     0: KERB_ENCTYPE_CLAIMS_SUPPORTED
                                     0: KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED
                              dummy_long3              : 0x00000000 (0)
                              dummy_long4              : 0x00000000 (0)
                  result                   : NT_STATUS_OK
      
      Best viewed with: git show --histogram -w
      
      BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517
      
      Signed-off-by: Stefan Metzmacher's avatarStefan Metzmacher <metze@samba.org>
      Reviewed-by: Andrew Bartlett's avatarAndrew Bartlett <abartlet@samba.org>
      (cherry picked from commit 2099add0)
      a2b04c35
    • Stefan Metzmacher's avatar
      s4:rpc_server/netlogon: make use of talloc_zero_array() for the netr_OneDomainInfo array · 73e383f2
      Stefan Metzmacher authored
      It's much safer than having uninitialized memory when we hit an error
      case.
      
      BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517
      
      Signed-off-by: Stefan Metzmacher's avatarStefan Metzmacher <metze@samba.org>
      Reviewed-by: Andrew Bartlett's avatarAndrew Bartlett <abartlet@samba.org>
      (cherry picked from commit ef0b489a)
      73e383f2
    • Stefan Metzmacher's avatar
      s4:rpc_server/netlogon: use samdb_domain_guid()/dsdb_trust_local_tdo_info() to... · 2e7e58a5
      Stefan Metzmacher authored
      s4:rpc_server/netlogon: use samdb_domain_guid()/dsdb_trust_local_tdo_info() to build our netr_OneDomainInfo values
      
      The logic for constructing the values for our own primary domain differs
      from the values of trusted domains. In order to make the code easier to
      understand we have a new fill_our_one_domain_info() helper that
      only takes care of our primary domain.
      
      The cleanup for the trust case will follow in a separate commit.
      
      BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517
      
      Signed-off-by: Stefan Metzmacher's avatarStefan Metzmacher <metze@samba.org>
      Reviewed-by: Andrew Bartlett's avatarAndrew Bartlett <abartlet@samba.org>
      (cherry picked from commit 61333f77)
      2e7e58a5
    • Stefan Metzmacher's avatar
    • Stefan Metzmacher's avatar
      dsdb:util_trusts: add dsdb_trust_local_tdo_info() helper function · 66a05543
      Stefan Metzmacher authored
      This is similar to dsdb_trust_xref_tdo_info(), but will also work
      if we ever support more than one domain in our forest.
      
      BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517
      
      Signed-off-by: Stefan Metzmacher's avatarStefan Metzmacher <metze@samba.org>
      Reviewed-by: Andrew Bartlett's avatarAndrew Bartlett <abartlet@samba.org>
      (cherry picked from commit c1b0ac95)
      66a05543
    • Stefan Metzmacher's avatar
      dsdb/util_trusts: domain_dn is an input parameter of dsdb_trust_crossref_tdo_info() · 96ae85bc
      Stefan Metzmacher authored
      We should not overwrite it within the function.
      Currently it doesn't matter as we don't have multiple domains
      within our forest, but that will change in future.
      
      BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517
      
      Signed-off-by: Stefan Metzmacher's avatarStefan Metzmacher <metze@samba.org>
      Reviewed-by: Andrew Bartlett's avatarAndrew Bartlett <abartlet@samba.org>
      (cherry picked from commit f5f96f55)
      96ae85bc
    • Stefan Metzmacher's avatar
      s4:torture/rpc/netlogon: verify the trusted domains output of LogonGetDomainInfo() · b7bd12dd
      Stefan Metzmacher authored
      This makes sure we don't treat trusted domains in the same way we treat
      our primary domain.
      
      BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517
      
      Signed-off-by: Stefan Metzmacher's avatarStefan Metzmacher <metze@samba.org>
      Reviewed-by: Andrew Bartlett's avatarAndrew Bartlett <abartlet@samba.org>
      (cherry picked from commit d5dd8fdc)
      b7bd12dd
    • Stefan Metzmacher's avatar
      s4:torture/rpc/netlogon: assert that cli_credentials_get_{workstation,password} don't return NULL · 7276bdb5
      Stefan Metzmacher authored
      This is better that generating a segfault while dereferencing a NULL
      pointer later.
      
      BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517
      
      Signed-off-by: Stefan Metzmacher's avatarStefan Metzmacher <metze@samba.org>
      Reviewed-by: Andrew Bartlett's avatarAndrew Bartlett <abartlet@samba.org>
      (cherry picked from commit dffc182c)
      7276bdb5
    • VL's avatar
      smbd: Fix a memleak in async search ask sharemode · 91a5d382
      VL authored and Stefan Metzmacher's avatar Stefan Metzmacher committed
      fetch_share_mode_unlocked_parser() takes a "struct
      fetch_share_mode_unlocked_state *" as
      "private_data". fetch_share_mode_send() used a talloc_zero'ed "struct
      share_mode_lock". This lead to the parser putting a "struct
      share_mode_lock on the NULL talloc_context where nobody really picked it
      up.
      
      Bug: https://bugzilla.samba.org/show_bug.cgi?id=13602
      
      Signed-off-by: VL's avatarVolker Lendecke <vl@samba.org>
      Reviewed-by: Ralph Böhme's avatarRalph Boehme <slow@samba.org>
      (cherry picked from commit 0bd109b7)
      91a5d382
    • Martin Schwenke's avatar
      ctdb-daemon: Log complete eventd startup command · 8385a0c8
      Martin Schwenke authored and Stefan Metzmacher's avatar Stefan Metzmacher committed
      BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592
      
      Signed-off-by: Martin Schwenke's avatarMartin Schwenke <martin@meltin.net>
      Reviewed-by: Amitay Isaacs's avatarAmitay Isaacs <amitay@gmail.com>
      (cherry picked from commit 6d3d9a85)
      8385a0c8
    • Martin Schwenke's avatar
      ctdb-daemon: Do not retry connection to eventd · f3a2f0b7
      Martin Schwenke authored and Stefan Metzmacher's avatar Stefan Metzmacher committed
      Confirmation is now received from eventd that it is accepting
      connections, so this is no longer needed.
      
      BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592
      
      Signed-off-by: Martin Schwenke's avatarMartin Schwenke <martin@meltin.net>
      Reviewed-by: Amitay Isaacs's avatarAmitay Isaacs <amitay@gmail.com>
      (cherry picked from commit b430a1ac)
      f3a2f0b7