The branch, v4-3-test has been updated
via 5bad77f vfs_acl_common: use DBG_LEVEL and remove function prefixes
in DEBUG statements
via 9995be3 s4/torture: tests for vfs_acl_xattr default ACL styles
via 20728fe vfs_acl_common: Windows style default ACL
via 63d0f96 vfs_acl_xattr|tdb: add option to control default ACL style
via f23bb13 vfs_acl_common: check for ignore_system_acls before
fetching filesystem ACL
via eb770f4 vfs_acl_common: move stat stuff to a helper function
via b6519fd vfs_acl_tdb|xattr: use a config handle
via 7a83147 vfs_acl_common: move the ACL blob validation to a helper
function
via 8da9227 vfs_acl_common: simplify ACL logic, cleanup and talloc
hierarchy
via 9d02bf0 vfs_acl_common: remove redundant NULL assignment
via dbe2cf3 vfs_acl_common: rename pdesc_next to psd_fs
via 9c29eb4 vfs_acl_common: rename psd to psd_blob in
get_nt_acl_internal()
via 2a85826 Revert "vfs_acl_xattr: objects without NT ACL xattr"
via dfb366d smbd: allow reading files based on FILE_EXECUTE access right
via 5847f55 smbd: look only at handle readability for COPYCHUNK dest
via 8262a92 s4-smbtorture: pin copychunk exec right behavior
via 0d6240b seltest: allow opening files with arbitrary rights in
smb2.ioctl tests
via f651500 seltest: implicit FILE_READ_DATA non-reporting
via b941e41 s4-selftest: add test for read access check
via 6b1d5dd s4-selftest: add functions which create with desired access
via 8a0458c s4-smbtorture: use standard macros in smb2.read test
via 08a3ca1 s3: oplock: Fix race condition when closing an oplocked
file.
via 508aef7 smbd: oplock: Factor out internals of remove_oplock() into
new remove_oplock_under_lock().
via 0cc4822 smbd: oplock: Fixup debug messages inside remove_oplock().
via 1557d67 gensec/spnego: work around missing server mechListMIC in
SMB servers
via 9871d27 dbcheck: Abandon dbcheck if we get an error during a
transaction
via 5ee8b79 dsdb: Allow missing a mandatory attribute from a dbcheck fix
via ef5dd8e libgpo: Correctly use the 'server' parameter after parsing
it out of the GPO path.
via 927d2fa s3: libsmb: Protect cli_connect_nb_send() from being passed
a NULL hostname and dest_ss.
from d7280b2 script/release.sh: use 8 byte gpg key ids
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-3-test
- Log -----------------------------------------------------------------
commit 5bad77f198940dc2b10329bcde04fb0bbc5e1108
Author: Ralph Boehme <s...@samba.org>
Date: Sat Aug 27 10:11:14 2016 +0200
vfs_acl_common: use DBG_LEVEL and remove function prefixes in DEBUG
statements
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(backported from commit 11dddd59aa01195152199443bc26e3141f162c8f)
Autobuild-User(v4-3-test): Karolin Seeger <ksee...@samba.org>
Autobuild-Date(v4-3-test): Fri Sep 16 15:33:31 CEST 2016 on sn-devel-104
commit 9995be3d6ae8524c5c924b955d4a2a4cc29787a9
Author: Ralph Boehme <s...@samba.org>
Date: Thu Aug 25 16:30:24 2016 +0200
s4/torture: tests for vfs_acl_xattr default ACL styles
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(backported from commit 946b93d0e3f6f23fa2325d7aaba4dc6f4cc17cb6)
commit 20728fe694d7280277e0b639c5929155e58b839d
Author: Ralph Boehme <s...@samba.org>
Date: Thu Aug 25 07:45:34 2016 +0200
vfs_acl_common: Windows style default ACL
Reintroduce Windows style default ACL, but this time as an optional
feature, not changing default behaviour.
Original bugreport that got reverted because it changed the default
behaviour: https://bugzilla.samba.org/show_bug.cgi?id=12028
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit 0730cb7e1ce33dbc5fc48a7363204c1220400c68)
commit 63d0f968eb72ec2d9074570d1bc14cf9013263ca
Author: Ralph Boehme <s...@samba.org>
Date: Wed Aug 24 20:31:00 2016 +0200
vfs_acl_xattr|tdb: add option to control default ACL style
Existing behaviour is "posix" style. Next commit will (re)add the
"windows" style. This commit doesn't change behaviour in any way.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(backported from commit 26a9867ae1a9c69659252ce03c280c7c18a6c58f)
commit f23bb1348cb7bcedb742de9dcb523d80a6f66e15
Author: Ralph Boehme <s...@samba.org>
Date: Wed Aug 24 10:43:47 2016 +0200
vfs_acl_common: check for ignore_system_acls before fetching filesystem ACL
If ignore_system_acls is set and we're synthesizing a default ACL, we
were fetching the filesystem ACL just to free it again. This change
avoids this.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(backported from commit f46179ef7310959af095b0ea6234df7523d15457)
commit eb770f42a396e68ec27c4851e7d2d0a638537d52
Author: Ralph Boehme <s...@samba.org>
Date: Wed Aug 24 10:30:15 2016 +0200
vfs_acl_common: move stat stuff to a helper function
Will be reused in the next commit when moving the
make_default_filesystem_acl() stuff to a different place.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(backported from commit 10959698e20de381beec7ab532c8bdc32fa6401c)
commit b6519fdd17055a1a14fba859a888ab311c7267fd
Author: Ralph Boehme <s...@samba.org>
Date: Wed Aug 24 10:01:17 2016 +0200
vfs_acl_tdb|xattr: use a config handle
Better for performance and a subsequent commit will add one more option
where this will pay off.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(backported from commit 61c3d2124fb1a180fae4c8c0b5ab5b32bd56c8ad)
commit 7a831473bbec59b6317be763df90d9015afa2b33
Author: Ralph Boehme <s...@samba.org>
Date: Tue Aug 23 22:32:57 2016 +0200
vfs_acl_common: move the ACL blob validation to a helper function
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(backported from commit 0de5a128cee90694979d074c2590ddbca0071e82)
commit 8da92276aa5c36e9431bb618cde96a2a2c77ba35
Author: Ralph Boehme <s...@samba.org>
Date: Tue Aug 23 17:07:20 2016 +0200
vfs_acl_common: simplify ACL logic, cleanup and talloc hierarchy
No change in behaviour (hopefully! :-). This paves the way for moving
the ACL blob validation to a helper function in the next commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(backported from commit 335527c647331148927feea2a7ae2f2c88986bc6)
commit 9d02bf057ce2888961cd845dac18598bf836c4cf
Author: Ralph Boehme <s...@samba.org>
Date: Tue Aug 23 13:14:50 2016 +0200
vfs_acl_common: remove redundant NULL assignment
The variables are already set to NULL by TALLOC_FREE.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit e6f1254a00a6bf85b8d95bfbafef7d3e39ce1dde)
commit dbe2cf3a6d2a2b3c42517c049258d7e1e16f622d
Author: Ralph Boehme <s...@samba.org>
Date: Tue Aug 23 13:11:24 2016 +0200
vfs_acl_common: rename pdesc_next to psd_fs
In most realistic cases the "next" VFS op will return the permissions
from the filesystem. This rename makes it explicit where the SD is
originating from. No change in behaviour.
This just paves the way for a later change that will simplify the whole
logic and talloc hierarchy.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(backported from commit 9f79084f166208820f586c8e43e1e315d32cd5ce)
commit 9c29eb49728667aeb5bc3899d768bf61440c48fd
Author: Ralph Boehme <s...@samba.org>
Date: Tue Aug 23 13:08:12 2016 +0200
vfs_acl_common: rename psd to psd_blob in get_nt_acl_internal()
This makes it explicit where the SD is originating from. No change in
behaviour.
This just paves the way for a later change that will simplify the whole
logic and talloc hierarchy, therefor this also strictly renames the
occurences after the out label.
Logically, behind the out label, we're dealing with a variable that
points to what we're going to return, so the name psd_blob is
misleading, but I'm desperately trying to avoid logic changes in this
commit and therefor I'm just strictly renaming.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(backported from commit 2367eea928593f12f8914f7e7ba613b1b15516de)
commit 2a8582638e1dae41ae118df8ae59b3120a001f30
Author: Ralph Boehme <s...@samba.org>
Date: Wed Aug 24 10:04:24 2016 +0200
Revert "vfs_acl_xattr: objects without NT ACL xattr"
This reverts commit 961c4b591bb102751079d9cc92d7aa1c37f1958c.
Subsequent commits will add the same functionality as an optional
feature.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit 590b80490c00587b5a4035856891e10defb654f6)
commit dfb366dc108a1c6e21525a53d5c315f2d8d45240
Author: Uri Simchoni <u...@samba.org>
Date: Thu Aug 4 14:59:23 2016 +0300
smbd: allow reading files based on FILE_EXECUTE access right
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149
Signed-off-by: Uri Simchoni <u...@samba.org>
Reviewed-by: David Disseldorp <dd...@samba.org>
Autobuild-User(master): David Disseldorp <dd...@samba.org>
Autobuild-Date(master): Thu Aug 18 18:58:22 CEST 2016 on sn-devel-144
(backported from commit a6073e6130d39dac58f1e6ea9f41ec4ab34c3e29)
commit 5847f550bf4a3e5db3544b2fbef41a21ac708a1e
Author: Uri Simchoni <u...@samba.org>
Date: Sat Aug 13 00:19:33 2016 +0300
smbd: look only at handle readability for COPYCHUNK dest
This commits sets the stage for a change of behavior
in a later commit.
When checking FILE_READ_DATA on the COPYCHUNK dest handle,
only check the handle readability and not the extra right
that may have been added due to the FILE_EXECUTE right.
The check for FILE_READ_DATA always seemed strange for the
dest handle, which is not read. It turns out that in Windows,
this check is not done at the SMB layer, but at a lower layer
that processes the IOCTL request - the IOCTL code has bits
that specify what type of access check needs to be done.
Therefore, this lower layer is unaware of the SMB layer's
practice of granting READ access based on the FILE_EXECUTE
right, and it only checks the handle's readability.
This subtle difference has observable behavior - the
COPYCHUNK source handle can have FILE_EXECUTE right instead
of FILE_READ_DATA, but the dest handle cannot.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149
Signed-off-by: Uri Simchoni <u...@samba.org>
Reviewed-by: David Disseldorp <dd...@samba.org>
Autobuild-User(master): David Disseldorp <dd...@samba.org>
Autobuild-Date(master): Tue Aug 16 15:21:03 CEST 2016 on sn-devel-144
(cherry picked from commit 3e42b69d5e1216b6af570a09d58040d281bbbf17)
commit 8262a9219f8bedf336e7dacd56211e9b5888d347
Author: Uri Simchoni <u...@samba.org>
Date: Thu Aug 4 13:12:58 2016 +0300
s4-smbtorture: pin copychunk exec right behavior
Add tests that show copychunk behavior when the
source and dest handles have execute right instead
of read-data right.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149
Signed-off-by: Uri Simchoni <u...@samba.org>
Reviewed-by: David Disseldorp <dd...@samba.org>
(cherry picked from commit 5bf11f6f5b4dab4cba4b00674bcb76138fb55974)
commit 0d6240b48e021165f2f60d1e37c455a7fc33f578
Author: Uri Simchoni <u...@samba.org>
Date: Mon Aug 15 23:39:50 2016 +0300
seltest: allow opening files with arbitrary rights in smb2.ioctl tests
Separate file creation (which requires write access) from the
opening of the file for the test (which might be without write
access).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149
Signed-off-by: Uri Simchoni <u...@samba.org>
Reviewed-by: David Disseldorp <dd...@samba.org>
(cherry picked from commit 6ce0304eda4b464972defcecd591fab03428bd03)
commit f65150098e270594322f757302a8284cfd76ff42
Author: Uri Simchoni <u...@samba.org>
Date: Sat Aug 13 21:23:34 2016 +0300
seltest: implicit FILE_READ_DATA non-reporting
This test (passes against Windows Server 2012R2) shows
that the implicit FILE_READ_DATA that is added whenever
FILE_EXECUTE is granted, is not reported back when querying
the handle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149
Signed-off-by: Uri Simchoni <u...@samba.org>
Reviewed-by: David Disseldorp <dd...@samba.org>
(cherry picked from commit 7dc9f582066d500bf57000891560610e8d2e208c)
commit b941e41923c7e0c3d7e0507b704e9eeb8a7052c0
Author: Uri Simchoni <u...@samba.org>
Date: Sun Jul 31 14:29:37 2016 +0300
s4-selftest: add test for read access check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149
Signed-off-by: Uri Simchoni <u...@samba.org>
Reviewed-by: David Disseldorp <dd...@samba.org>
(backported from commit 55a9d35cabaea6e98211fc058b788cedf9b7b22a)
commit 6b1d5dd81f99132868006456275817cf444a8677
Author: Uri Simchoni <u...@samba.org>
Date: Sun Jul 31 14:26:24 2016 +0300
s4-selftest: add functions which create with desired access
Add functions which create a file or a directory with
specific desired access.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149
Signed-off-by: Uri Simchoni <u...@samba.org>
Reviewed-by: David Disseldorp <dd...@samba.org>
(cherry picked from commit 1b06acafa4e9ea91a50e5ed85da881187057da6e)
commit 8a0458c264cf8aef7fb2782548460c12c0e5c4de
Author: Uri Simchoni <u...@samba.org>
Date: Thu Aug 4 12:59:38 2016 +0300
s4-smbtorture: use standard macros in smb2.read test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149
Signed-off-by: Uri Simchoni <u...@samba.org>
Reviewed-by: David Disseldorp <dd...@samba.org>
(cherry picked from commit 20b9a5bd74fafbca4b7cc7952c27033edcf0eeb8)
commit 08a3ca1f974cb684aada6712b0ce6d406a98dd98
Author: Jeremy Allison <j...@samba.org>
Date: Wed Aug 10 14:42:07 2016 -0700
s3: oplock: Fix race condition when closing an oplocked file.
We must send the 'oplock released' message whilst the lock
is held in the close path. Otherwise the messaged smbd can
race with the share mode delete.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12139
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit df83b17c60a08a27a7ddd1d88dc125e15b3ee06d)
commit 508aef7574b0d284c586c9c51986c74332dcc177
Author: Jeremy Allison <j...@samba.org>
Date: Wed Aug 10 14:39:52 2016 -0700
smbd: oplock: Factor out internals of remove_oplock() into new
remove_oplock_under_lock().
Allows this to be called elsewhere.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12139
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit cb394abe5206dd8ad8a68f157427991b259129a7)
commit 0cc48224227bc4355e8c66dccef608e71b412b98
Author: Jeremy Allison <j...@samba.org>
Date: Wed Aug 10 14:35:42 2016 -0700
smbd: oplock: Fixup debug messages inside remove_oplock().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12139
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
(cherry picked from commit de7180151fc99893c4763882fecd9d2a623cd061)
commit 1557d67b818e38274c81f33145bfa012747e6fad
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Sep 1 08:08:23 2016 +0200
gensec/spnego: work around missing server mechListMIC in SMB servers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11994
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
Autobuild-User(master): Christian Ambach <a...@samba.org>
Autobuild-Date(master): Fri Sep 2 18:10:44 CEST 2016 on sn-devel-144
(cherry picked from commit 9b45ba5cd53bd513eb777590815a0b8408af64e2)
commit 9871d27cf7bae743d1bdcc0e1f730acfcd7c2ccc
Author: Andrew Bartlett <abart...@samba.org>
Date: Fri Aug 26 15:53:19 2016 +1200
dbcheck: Abandon dbcheck if we get an error during a transaction
Otherwise, anything that the transaction has already done to the DB will be
left in the DB
even despite the failure. For example, if a fix wrote to the DB, but then
failed a post-write
check, then the fix will not be unrolled.
This is because we do not have nested transactions in TDB.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12178
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Mon Aug 29 12:46:21 CEST 2016 on sn-devel-144
(cherry picked from commit db32a0e5ea8f652857e45480cc31ecb1ef884c1a)
commit 5ee8b79af7cebfc4b5a6ec4a87aeade7c1e6763d
Author: Andrew Bartlett <abart...@samba.org>
Date: Fri Aug 26 15:54:35 2016 +1200
dsdb: Allow missing a mandatory attribute from a dbcheck fix
dbcheck of the rid pool (CN=RID Set) for another server will otherwise fail
because
rIDNextRid is not replicated, and so it not present
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12178
Signed-off-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
(cherry picked from commit 9d0c869e36ba2f43fd2ed4cd090b48102d499bc8)
commit ef5dd8ec626473aa454ce2b42998600e1a7187a6
Author: Jeremy Allison <j...@samba.org>
Date: Tue Aug 9 11:57:20 2016 -0700
libgpo: Correctly use the 'server' parameter after parsing it out of the
GPO path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12135
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
(cherry picked from commit 2a8ccc0841184c2df9fc19f8452009b92071c115)
commit 927d2fafeb501570082e30382e0faa9dfefa2cb0
Author: Jeremy Allison <j...@samba.org>
Date: Mon Aug 8 16:53:21 2016 -0700
s3: libsmb: Protect cli_connect_nb_send() from being passed a NULL hostname
and dest_ss.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12135
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
(cherry picked from commit 27ebf64b347a770e0d1ad4f1db645cb1b8dd5861)
-----------------------------------------------------------------------
Summary of changes:
auth/gensec/spnego.c | 69 +-
docs-xml/manpages/vfs_acl_tdb.8.xml | 25 +
docs-xml/manpages/vfs_acl_xattr.8.xml | 25 +
libgpo/gpo_fetch.c | 2 +-
python/samba/dbchecker.py | 7 +
selftest/knownfail | 4 +
selftest/target/Samba3.pm | 9 +
source3/include/smb_macros.h | 8 +
source3/libsmb/cliconnect.c | 6 +-
source3/modules/vfs_acl_common.c | 721 ++++++++++++++-------
source3/modules/vfs_acl_tdb.c | 7 +
source3/modules/vfs_acl_xattr.c | 7 +
source3/selftest/tests.py | 4 +-
source3/smbd/close.c | 10 +-
source3/smbd/oplock.c | 54 +-
source3/smbd/proto.h | 1 +
source3/smbd/smb2_glue.c | 16 +
source3/smbd/smb2_ioctl_network_fs.c | 4 +-
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 9 +-
source4/torture/smb2/getinfo.c | 45 ++
source4/torture/smb2/ioctl.c | 116 +++-
source4/torture/smb2/read.c | 96 ++-
source4/torture/smb2/util.c | 63 +-
source4/torture/vfs/acl_xattr.c | 314 +++++++++
source4/torture/vfs/vfs.c | 1 +
source4/torture/wscript_build | 2 +-
testprogs/blackbox/dbcheck-oldrelease.sh | 10 +
27 files changed, 1300 insertions(+), 335 deletions(-)
create mode 100644 source4/torture/vfs/acl_xattr.c
Changeset truncated at 500 lines:
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 6a82b5f..bed5cd2 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -54,9 +54,11 @@ struct spnego_state {
DATA_BLOB mech_types;
size_t num_targs;
+ bool downgraded;
bool mic_requested;
bool needs_mic_sign;
bool needs_mic_check;
+ bool may_skip_mic_check;
bool done_mic_check;
bool simulate_w2k;
@@ -433,6 +435,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct
gensec_security *gensec_
* Indicate the downgrade and request a
* mic.
*/
+ spnego_state->downgraded = true;
spnego_state->mic_requested = true;
break;
}
@@ -1077,7 +1080,7 @@ static NTSTATUS gensec_spnego_update(struct
gensec_security *gensec_security, TA
DEBUG(3,("GENSEC SPNEGO: client preferred mech (%s) not
accepted, server wants: %s\n",
gensec_get_name_by_oid(gensec_security,
spnego_state->neg_oid),
gensec_get_name_by_oid(gensec_security,
spnego.negTokenTarg.supportedMech)));
-
+ spnego_state->downgraded = true;
spnego_state->no_response_expected = false;
talloc_free(spnego_state->sub_sec_security);
nt_status = gensec_subcontext_start(spnego_state,
@@ -1134,6 +1137,23 @@ static NTSTATUS gensec_spnego_update(struct
gensec_security *gensec_security, TA
return NT_STATUS_INVALID_PARAMETER;
}
+ if (spnego.negTokenTarg.mechListMIC.length == 0
+ && spnego_state->may_skip_mic_check) {
+ /*
+ * In this case we don't require
+ * a mechListMIC from the server.
+ *
+ * This works around bugs in the Azure
+ * and Apple spnego implementations.
+ *
+ * See
+ *
https://bugzilla.samba.org/show_bug.cgi?id=11994
+ */
+ spnego_state->needs_mic_check = false;
+ nt_status = NT_STATUS_OK;
+ goto client_response;
+ }
+
nt_status =
gensec_check_packet(spnego_state->sub_sec_security,
spnego_state->mech_types.data,
spnego_state->mech_types.length,
@@ -1189,9 +1209,56 @@ static NTSTATUS gensec_spnego_update(struct
gensec_security *gensec_security, TA
*/
new_spnego = false;
}
+
break;
case SPNEGO_ACCEPT_INCOMPLETE:
+ if (spnego.negTokenTarg.mechListMIC.length > 0)
{
+ new_spnego = true;
+ break;
+ }
+
+ if (spnego_state->downgraded) {
+ /*
+ * A downgrade should be protected if
+ * supported
+ */
+ break;
+ }
+
+ /*
+ * The caller may just asked for
+ * GENSEC_FEATURE_SESSION_KEY, this
+ * is only reflected in the want_features.
+ *
+ * As it will imply
+ * gensec_have_features(GENSEC_FEATURE_SIGN)
+ * to return true.
+ */
+ if (gensec_security->want_features &
GENSEC_FEATURE_SIGN) {
+ break;
+ }
+ if (gensec_security->want_features &
GENSEC_FEATURE_SEAL) {
+ break;
+ }
+ /*
+ * Here we're sure our preferred mech was
+ * selected by the server and our caller doesn't
+ * need GENSEC_FEATURE_SIGN nor
+ * GENSEC_FEATURE_SEAL support.
+ *
+ * In this case we don't require
+ * a mechListMIC from the server.
+ *
+ * This works around bugs in the Azure
+ * and Apple spnego implementations.
+ *
+ * See
+ *
https://bugzilla.samba.org/show_bug.cgi?id=11994
+ */
+ spnego_state->may_skip_mic_check = true;
+ break;
+
case SPNEGO_REQUEST_MIC:
if (spnego.negTokenTarg.mechListMIC.length > 0)
{
new_spnego = true;
diff --git a/docs-xml/manpages/vfs_acl_tdb.8.xml
b/docs-xml/manpages/vfs_acl_tdb.8.xml
index becbc55..9ef3962 100644
--- a/docs-xml/manpages/vfs_acl_tdb.8.xml
+++ b/docs-xml/manpages/vfs_acl_tdb.8.xml
@@ -63,6 +63,31 @@
</para>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term>acl_tdb:default acl style = [posix|windows]</term>
+ <listitem>
+ <para>
+ This parameter determines the type of ACL that is synthesized in
+ case a file or directory lacks an
+ <emphasis>security.NTACL</emphasis> xattr.
+ </para>
+ <para>
+ When set to <emphasis>posix</emphasis>, an ACL will be
+ synthesized based on the POSIX mode permissions for user, group
+ and others, with an additional ACE for <emphasis>NT
+ Authority\SYSTEM</emphasis> will full rights.
+ </para>
+ <para>
+ When set to <emphasis>windows</emphasis>, an ACL is synthesized
+ the same way Windows does it, only including permissions for the
+ owner and <emphasis>NT Authority\SYSTEM</emphasis>.
+ </para>
+ <para>
+ The default for this option is <emphasis>posix</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
diff --git a/docs-xml/manpages/vfs_acl_xattr.8.xml
b/docs-xml/manpages/vfs_acl_xattr.8.xml
index 82a919a..17cb3d3 100644
--- a/docs-xml/manpages/vfs_acl_xattr.8.xml
+++ b/docs-xml/manpages/vfs_acl_xattr.8.xml
@@ -67,6 +67,31 @@
</para>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term>acl_xattr:default acl style = [posix|windows]</term>
+ <listitem>
+ <para>
+ This parameter determines the type of ACL that is synthesized in
+ case a file or directory lacks an
+ <emphasis>security.NTACL</emphasis> xattr.
+ </para>
+ <para>
+ When set to <emphasis>posix</emphasis>, an ACL will be
+ synthesized based on the POSIX mode permissions for user, group
+ and others, with an additional ACE for <emphasis>NT
+ Authority\SYSTEM</emphasis> will full rights.
+ </para>
+ <para>
+ When set to <emphasis>windows</emphasis>, an ACL is synthesized
+ the same way Windows does it, only including permissions for the
+ owner and <emphasis>NT Authority\SYSTEM</emphasis>.
+ </para>
+ <para>
+ The default for this option is <emphasis>posix</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
diff --git a/libgpo/gpo_fetch.c b/libgpo/gpo_fetch.c
index 07141d4..6b01544 100644
--- a/libgpo/gpo_fetch.c
+++ b/libgpo/gpo_fetch.c
@@ -166,7 +166,7 @@ NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx,
/* for now reuse the existing ds connection */
- result = gpo_connect_server(ads, ads->server.ldap_server, service,
&cli);
+ result = gpo_connect_server(ads, server, service, &cli);
NT_STATUS_NOT_OK_RETURN(result);
result = gpo_prepare_local_store(mem_ctx, cache_dir, unix_path);
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 69b4c61..295033f 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -31,6 +31,7 @@ from samba.common import dsdb_Dn
from samba.dcerpc import security
from samba.descriptor import get_wellknown_sds, get_diff_sds
from samba.auth import system_session, admin_session
+from samba.netcmd import CommandError
class dbcheck(object):
@@ -192,6 +193,8 @@ class dbcheck(object):
controls = controls + ["local_oid:%s:0" %
dsdb.DSDB_CONTROL_DBCHECK]
self.samdb.delete(dn, controls=controls)
except Exception, err:
+ if self.in_transaction:
+ raise CommandError("%s : %s" % (msg, err))
self.report("%s : %s" % (msg, err))
return False
return True
@@ -204,6 +207,8 @@ class dbcheck(object):
controls = controls + ["local_oid:%s:0" %
dsdb.DSDB_CONTROL_DBCHECK]
self.samdb.modify(m, controls=controls, validate=validate)
except Exception, err:
+ if self.in_transaction:
+ raise CommandError("%s : %s" % (msg, err))
self.report("%s : %s" % (msg, err))
return False
return True
@@ -221,6 +226,8 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn),
str(to_base)))
controls = controls + ["local_oid:%s:0" %
dsdb.DSDB_CONTROL_DBCHECK]
self.samdb.rename(from_dn, to_dn, controls=controls)
except Exception, err:
+ if self.in_transaction:
+ raise CommandError("%s : %s" % (msg, err))
self.report("%s : %s" % (msg, err))
return False
return True
diff --git a/selftest/knownfail b/selftest/knownfail
index 0973e06..40ac696 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -340,3 +340,7 @@
# we don't allow auth_level_connect anymore...
#
^samba3.blackbox.rpcclient.*ncacn_np.*with.*connect.*rpcclient # we don't
allow auth_level_connect anymore
+#nt-vfs server blocks read with execute access
+^samba4.smb2.read.access
+#ntvfs server blocks copychunk with execute access on read handle
+^samba4.smb2.ioctl.copy_chunk_bad_access
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 319d00b..06d547c 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1574,6 +1574,15 @@ sub provision($$$$$$$$)
vfs objects = shadow_copy2
shadow:mountpoint = $shadow_mntdir
wide links = yes
+
+[acl_xattr_ign_sysacl_posix]
+ copy = tmp
+ acl_xattr:ignore system acls = yes
+ acl_xattr:default acl style = posix
+[acl_xattr_ign_sysacl_windows]
+ copy = tmp
+ acl_xattr:ignore system acls = yes
+ acl_xattr:default acl style = windows
";
close(CONF);
diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h
index 42a9756..f8656c7 100644
--- a/source3/include/smb_macros.h
+++ b/source3/include/smb_macros.h
@@ -56,6 +56,14 @@
((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) && \
(fsp->access_mask & FILE_EXECUTE))))
+/* An IOCTL readability check (validating read access
+ * when the IOCTL code requires it)
+ *
http://social.technet.microsoft.com/wiki/contents/articles/24653.decoding-io-control-codes-ioctl-fsctl-and-deviceiocodes-with-table-of-known-values.aspx
+ * ). On Windows servers, this is done by the IO manager, which is unaware of
+ * the "if execute is granted then also grant read" arrangement.
+ */
+#define CHECK_READ_IOCTL(fsp, req) (((fsp)->fh->fd != -1) && ((fsp)->can_read))
+
#define CHECK_WRITE(fsp) ((fsp)->can_write && ((fsp)->fh->fd != -1))
#define ERROR_WAS_LOCK_DENIED(status) (NT_STATUS_EQUAL((status),
NT_STATUS_LOCK_NOT_GRANTED) || \
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index ebba8f2..33759d9 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -3108,11 +3108,15 @@ static struct tevent_req *cli_connect_nb_send(
}
state->desthost = host;
- } else {
+ } else if (dest_ss != NULL) {
state->desthost = print_canonical_sockaddr(state, dest_ss);
if (tevent_req_nomem(state->desthost, req)) {
return tevent_req_post(req, ev);
}
+ } else {
+ /* No host or dest_ss given. Error out. */
+ tevent_req_error(req, EINVAL);
+ return tevent_req_post(req, ev);
}
subreq = cli_connect_sock_send(state, ev, host, name_type, dest_ss,
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index f5af666..9675fca 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -46,6 +46,47 @@ static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,
SECINFO_DACL | \
SECINFO_SACL)
+enum default_acl_style {DEFAULT_ACL_POSIX, DEFAULT_ACL_WINDOWS};
+
+static const struct enum_list default_acl_style[] = {
+ {DEFAULT_ACL_POSIX, "posix"},
+ {DEFAULT_ACL_WINDOWS, "windows"}
+};
+
+struct acl_common_config {
+ bool ignore_system_acls;
+ enum default_acl_style default_acl_style;
+};
+
+static bool init_acl_common_config(vfs_handle_struct *handle)
+{
+ struct acl_common_config *config = NULL;
+
+ config = talloc_zero(handle->conn, struct acl_common_config);
+ if (config == NULL) {
+ DBG_ERR("talloc_zero() failed\n");
+ errno = ENOMEM;
+ return false;
+ }
+
+ config->ignore_system_acls = lp_parm_bool(SNUM(handle->conn),
+ ACL_MODULE_NAME,
+ "ignore system acls",
+ false);
+ config->default_acl_style = lp_parm_enum(SNUM(handle->conn),
+ ACL_MODULE_NAME,
+ "default acl style",
+ default_acl_style,
+ DEFAULT_ACL_POSIX);
+
+ SMB_VFS_HANDLE_SET_DATA(handle, config, NULL,
+ struct acl_common_config,
+ return false);
+
+ return true;
+}
+
+
/*******************************************************************
Hash a security descriptor.
*******************************************************************/
@@ -103,8 +144,8 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob,
(ndr_pull_flags_fn_t)ndr_pull_xattr_NTACL);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DEBUG(5, ("parse_acl_blob: ndr_pull_xattr_NTACL failed: %s\n",
- ndr_errstr(ndr_err)));
+ DBG_INFO("ndr_pull_xattr_NTACL failed: %s\n",
+ ndr_errstr(ndr_err));
TALLOC_FREE(frame);
return ndr_map_error2ntstatus(ndr_err);
}
@@ -200,8 +241,8 @@ static NTSTATUS create_acl_blob(const struct
security_descriptor *psd,
(ndr_push_flags_fn_t)ndr_push_xattr_NTACL);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DEBUG(5, ("create_acl_blob: ndr_push_xattr_NTACL failed: %s\n",
- ndr_errstr(ndr_err)));
+ DBG_INFO("ndr_push_xattr_NTACL failed: %s\n",
+ ndr_errstr(ndr_err));
return ndr_map_error2ntstatus(ndr_err);
}
@@ -246,8 +287,8 @@ static NTSTATUS create_sys_acl_blob(const struct
security_descriptor *psd,
(ndr_push_flags_fn_t)ndr_push_xattr_NTACL);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DEBUG(5, ("create_acl_blob: ndr_push_xattr_NTACL failed: %s\n",
- ndr_errstr(ndr_err)));
+ DBG_INFO("ndr_push_xattr_NTACL failed: %s\n",
+ ndr_errstr(ndr_err));
return ndr_map_error2ntstatus(ndr_err);
}
@@ -304,10 +345,7 @@ static NTSTATUS
add_directory_inheritable_components(vfs_handle_struct *handle,
mode = dir_mode | file_mode;
- DEBUG(10, ("add_directory_inheritable_components: directory %s, "
- "mode = 0%o\n",
- name,
- (unsigned int)mode ));
+ DBG_DEBUG("directory %s, mode = 0%o\n", name, (unsigned int)mode);
if (num_aces) {
memcpy(new_ace_list, psd->dacl->aces,
@@ -359,10 +397,10 @@ static NTSTATUS
add_directory_inheritable_components(vfs_handle_struct *handle,
return NT_STATUS_OK;
}
-static NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
- const char *name,
- SMB_STRUCT_STAT *psbuf,
- struct security_descriptor **ppdesc)
+static NTSTATUS make_default_acl_posix(TALLOC_CTX *ctx,
+ const char *name,
+ SMB_STRUCT_STAT *psbuf,
+ struct security_descriptor **ppdesc)
{
struct dom_sid owner_sid, group_sid;
size_t size = 0;
@@ -372,17 +410,18 @@ static NTSTATUS make_default_filesystem_acl(TALLOC_CTX
*ctx,
struct security_acl *new_dacl = NULL;
int idx = 0;
- DEBUG(10,("make_default_filesystem_acl: file %s mode = 0%o\n",
- name, (int)mode ));
+ DBG_DEBUG("file %s mode = 0%o\n",name, (int)mode);
uid_to_sid(&owner_sid, psbuf->st_ex_uid);
gid_to_sid(&group_sid, psbuf->st_ex_gid);
/*
- * We provide 2 ACEs:
- * - Owner
- * - NT System
- */
+ We provide up to 4 ACEs
+ - Owner
+ - Group
+ - Everyone
+ - NT System
+ */
if (mode & S_IRUSR) {
if (mode & S_IWUSR) {
@@ -402,6 +441,39 @@ static NTSTATUS make_default_filesystem_acl(TALLOC_CTX
*ctx,
0);
idx++;
+ access_mask = 0;
+ if (mode & S_IRGRP) {
+ access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
+ }
+ if (mode & S_IWGRP) {
+ /* note that delete is not granted - this matches posix
behaviour */
+ access_mask |= SEC_RIGHTS_FILE_WRITE;
+ }
+ if (access_mask) {
+ init_sec_ace(&aces[idx],
+ &group_sid,
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
+ access_mask,
+ 0);
+ idx++;
+ }
+
+ access_mask = 0;
+ if (mode & S_IROTH) {
+ access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
+ }
+ if (mode & S_IWOTH) {
+ access_mask |= SEC_RIGHTS_FILE_WRITE;
+ }
+ if (access_mask) {
+ init_sec_ace(&aces[idx],
+ &global_sid_World,
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
+ access_mask,
+ 0);
+ idx++;
+ }
+
init_sec_ace(&aces[idx],
&global_sid_System,
SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -432,20 +504,131 @@ static NTSTATUS make_default_filesystem_acl(TALLOC_CTX
*ctx,
return NT_STATUS_OK;
}
-/*******************************************************************
- Pull a DATA_BLOB from an xattr given a pathname.
- If the hash doesn't match, or doesn't exist - return the underlying
- filesystem sd.
-*******************************************************************/
+static NTSTATUS make_default_acl_windows(TALLOC_CTX *ctx,
+ const char *name,
+ SMB_STRUCT_STAT *psbuf,
+ struct security_descriptor **ppdesc)
--
Samba Shared Repository
