The branch, v4-6-test has been updated via 76da233 vfs_default: Fix passing of errno from async calls via 8506375 s3:utils: Remove pointless if-clause for remote_machine via eabb9ca s3:utils: Make sure we authenticate against our SAM name in smbpasswd via ae27c7d s3:utils: Pass domain to password_change() in smbpasswd via 0434034 s3:utils: Make strings const passed to password_change() in smbpasswd via 2523f77 s3:libsmb: Move prototye of remote_password_change() via 90b5cbb s3:libsmb: Pass domain to remote_password_change() via 0485080 s3:gse_krb5: make use of precalculated krb5 keys in fill_mem_keytab_from_secrets() via b6449bc s3:secrets: allow secrets_fetch_or_upgrade_domain_info() on an AD DC via c13ab92 blackbox: Add test for 'net ads changetrustpw' via 85175f8 s3:libads: Fix changing passwords with Kerberos via 27f76f4 s3:libsmb: Print the kinit failed message with DBGLVL_NOTICE via 2e4ac5e s3:utils: Do not report an invalid range for AD DC role from ba9c6fb vfs_fruit: factor out common code from ad_get() and ad_fget()
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test - Log ----------------------------------------------------------------- commit 76da233af1693d38482527bf054ec364f8ed21e5 Author: Christof Schmitt <c...@samba.org> Date: Wed Aug 23 14:37:28 2017 -0700 vfs_default: Fix passing of errno from async calls Current code assigns errno from async pthreadpool calls to the vfs_default internal vfswrap_*_state. The callers of the vfs_*_recv functions expect the value from errno in vfs_aio_state.error. Correctly assign errno to vfs_aio_state.error and remove the unused internal err variable. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12983 Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit a6f391b8dd1fbfd1a370667dec1374284984c341) Autobuild-User(v4-6-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-6-test): Mon Aug 28 14:42:02 CEST 2017 on sn-devel-144 commit 85063757ad2f437af1b70df6b194993e045b84c8 Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 22 15:46:07 2017 +0200 s3:utils: Remove pointless if-clause for remote_machine BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 Review with: git show -U20 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlet <abart...@samba.org> (cherry picked from commit 4a4bfcb539b4489f397b2bc9369215b7e03e620e) commit eabb9cafa209bbf1b220e030803c954dc3d6a1ac Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 18 16:17:08 2017 +0200 s3:utils: Make sure we authenticate against our SAM name in smbpasswd If a local user wants to change his password using smbpasswd and the machine is a domain member, we need to make sure we authenticate against our SAM and not ask winbind. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlet <abart...@samba.org> (cherry picked from commit dc129a968afdac8be70f9756bd18a7bf1f4c3b02) commit ae27c7d28c79916edb60ee55c19b6ad6b209503b Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 18 16:14:57 2017 +0200 s3:utils: Pass domain to password_change() in smbpasswd BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlet <abart...@samba.org> (cherry picked from commit b483340639157fe95777672f5723455c48c3c616) commit 04340343dbae780e979e73fdf32139299f03c5d1 Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 18 16:13:15 2017 +0200 s3:utils: Make strings const passed to password_change() in smbpasswd BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlet <abart...@samba.org> (cherry picked from commit 41a31a71abe144362fc7483fabba39aafa866373) commit 2523f779213b8fa358c1d933d71417a90016e4e3 Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 18 16:10:06 2017 +0200 s3:libsmb: Move prototye of remote_password_change() BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlet <abart...@samba.org> (cherry picked from commit c773844e7529b83b2633671c7bcf1e7b84ad7950) commit 90b5cbb7528f28391678db4b629d893051f1bf25 Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 18 16:08:46 2017 +0200 s3:libsmb: Pass domain to remote_password_change() BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlet <abart...@samba.org> (cherry picked from commit 7a554ee7dcefdff599ebc6fbf4e128b33ffccf29) commit 048508034b57c3b36ac73cdf0bd54675d8e320a9 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Aug 17 17:45:21 2017 +0200 s3:gse_krb5: make use of precalculated krb5 keys in fill_mem_keytab_from_secrets() This avoids a lot of cpu cycles, which were wasted for each single smb connection, even if the client didn't use kerberos. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12973 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Fri Aug 18 10:04:57 CEST 2017 on sn-devel-144 (cherry picked from commit cd813f7fd9ee8e9d82a6bf6c98621c437f6974b2) commit b6449bca2d3e44930f7a76b477ef707386f0560b Author: Stefan Metzmacher <me...@samba.org> Date: Thu Aug 17 21:42:34 2017 +0200 s3:secrets: allow secrets_fetch_or_upgrade_domain_info() on an AD DC The reason for the check is for write access as secrets.ldb is the master database. But secrets_fetch_or_upgrade_domain_info() just syncs the values we got from if they got overwritten by secrets_store_machine_pw_sync(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12973 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> (cherry picked from commit 37e49a2af5bb1c40c17eab18ff9412f2ce79ef71) commit c13ab92bd8a37e68ce4a4f51d5a0d3a115ec23a4 Author: Andreas Schneider <a...@samba.org> Date: Wed Aug 9 12:14:34 2017 +0200 blackbox: Add test for 'net ads changetrustpw' BUG: BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Richard Sharpe <realrichardsha...@gmail.com> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Fri Aug 11 22:09:27 CEST 2017 on sn-devel-144 (cherry picked from commit e2c0fd36ba54d984b554248aecffd3e4e7f43e1f) commit 85175f8de36a226dfaf277043018d0a3c8e0dc03 Author: Andreas Schneider <a...@samba.org> Date: Wed Aug 9 18:14:23 2017 +0200 s3:libads: Fix changing passwords with Kerberos BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Richard Sharpe <realrichardsha...@gmail.com> (cherry picked from commit b81ca4f9dcbb378a95fb3ac31bfd9a1cbe505d7d) commit 27f76f406b6c57a7b19812fbf5c24115cc063af2 Author: Andreas Schneider <a...@samba.org> Date: Thu Aug 24 12:51:35 2017 +0200 s3:libsmb: Print the kinit failed message with DBGLVL_NOTICE The default debug level of smbclient is set to 'log level = 1'. So we need to use at least NOTICE to not get the message when we do not force kerberos. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12704 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> (cherry picked from commit 6d7681c73dc68930dc39f05d58c2679b7c84ad97) commit 2e4ac5e6b8f150647e095222f9eae87e87a44d52 Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 18 10:35:55 2017 +0200 s3:utils: Do not report an invalid range for AD DC role BUG: https://bugzilla.samba.org/show_bug.cgi?id=12629 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit 95e30b081f273f2d156792577179c5220c0a10cc) ----------------------------------------------------------------------- Summary of changes: source3/include/proto.h | 6 -- source3/libads/krb5_setpw.c | 2 +- source3/librpc/crypto/gse_krb5.c | 180 +++++++++++++++---------------- source3/libsmb/cliconnect.c | 2 +- source3/libsmb/passchange.c | 5 +- source3/libsmb/proto.h | 10 ++ source3/modules/vfs_default.c | 15 +-- source3/passdb/machine_account_secrets.c | 15 +-- source3/utils/smbpasswd.c | 57 +++++++--- source3/utils/testparm.c | 16 +-- testprogs/blackbox/test_net_ads.sh | 4 + 11 files changed, 171 insertions(+), 141 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index baa5799..67e1a9d 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -832,12 +832,6 @@ bool get_dc_name(const char *domain, fstring srv_name, struct sockaddr_storage *ss_out); -/* The following definitions come from libsmb/passchange.c */ - -NTSTATUS remote_password_change(const char *remote_machine, const char *user_name, - const char *old_passwd, const char *new_passwd, - char **err_str); - /* The following definitions come from libsmb/smberr.c */ const char *smb_dos_err_name(uint8_t e_class, uint16_t num); diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index 630c2e4..bc96ac6 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -251,7 +251,7 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host, ret = krb5_set_password(context, &creds, discard_const_p(char, newpw), - princ, + NULL, &result_code, &result_code_string, &result_string); diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c index 2c9fc03..cc8cb90 100644 --- a/source3/librpc/crypto/gse_krb5.c +++ b/source3/librpc/crypto/gse_krb5.c @@ -20,6 +20,7 @@ #include "includes.h" #include "smb_krb5.h" #include "secrets.h" +#include "librpc/gen_ndr/secrets.h" #include "gse_krb5.h" #include "lib/param/loadparm.h" #include "libads/kerberos_proto.h" @@ -85,45 +86,15 @@ out: return ret; } -static krb5_error_code get_host_principal(krb5_context krbctx, - krb5_principal *host_princ) -{ - krb5_error_code ret; - char *host_princ_s = NULL; - int err; - - err = asprintf(&host_princ_s, "%s$@%s", lp_netbios_name(), lp_realm()); - if (err == -1) { - return -1; - } - - if (!strlower_m(host_princ_s)) { - SAFE_FREE(host_princ_s); - return -1; - } - ret = smb_krb5_parse_name(krbctx, host_princ_s, host_princ); - if (ret) { - DEBUG(1, (__location__ ": smb_krb5_parse_name(%s) " - "failed (%s)\n", - host_princ_s, error_message(ret))); - } - - SAFE_FREE(host_princ_s); - return ret; -} - static krb5_error_code fill_keytab_from_password(krb5_context krbctx, krb5_keytab keytab, krb5_principal princ, krb5_kvno vno, - krb5_data *password) + struct secrets_domain_info1_password *pw) { krb5_error_code ret; krb5_enctype *enctypes; - krb5_keytab_entry kt_entry; - unsigned int i; - krb5_principal salt_princ = NULL; - char *salt_princ_s = NULL; + uint16_t i; ret = smb_krb5_get_allowed_etypes(krbctx, &enctypes); if (ret) { @@ -132,61 +103,47 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx, return ret; } - salt_princ_s = kerberos_secrets_fetch_salt_princ(); - if (salt_princ_s == NULL) { - ret = ENOMEM; - goto out; - } - ret = krb5_parse_name(krbctx, salt_princ_s, &salt_princ); - SAFE_FREE(salt_princ_s); - if (ret != 0) { - goto out; - } - - for (i = 0; enctypes[i]; i++) { + for (i = 0; i < pw->num_keys; i++) { + krb5_keytab_entry kt_entry; krb5_keyblock *key = NULL; - int rc; + unsigned int ei; + bool found_etype = false; - if (!(key = SMB_MALLOC_P(krb5_keyblock))) { - ret = ENOMEM; - goto out; + for (ei=0; enctypes[ei] != 0; ei++) { + if ((uint32_t)enctypes[ei] != pw->keys[i].keytype) { + continue; + } + + found_etype = true; + break; } - rc = create_kerberos_key_from_string(krbctx, - princ, - salt_princ, - password, - key, - enctypes[i], - false); - if (rc != 0) { - DEBUG(10, ("Failed to create key for enctype %d " - "(error: %s)\n", - enctypes[i], error_message(ret))); - SAFE_FREE(key); + if (!found_etype) { continue; } + ZERO_STRUCT(kt_entry); kt_entry.principal = princ; kt_entry.vno = vno; - *(KRB5_KT_KEY(&kt_entry)) = *key; + + key = KRB5_KT_KEY(&kt_entry); + KRB5_KEY_TYPE(key) = pw->keys[i].keytype; + KRB5_KEY_DATA(key) = pw->keys[i].value.data; + KRB5_KEY_LENGTH(key) = pw->keys[i].value.length; ret = krb5_kt_add_entry(krbctx, keytab, &kt_entry); if (ret) { DEBUG(1, (__location__ ": Failed to add entry to " "keytab for enctype %d (error: %s)\n", - enctypes[i], error_message(ret))); - krb5_free_keyblock(krbctx, key); + (unsigned)pw->keys[i].keytype, + error_message(ret))); goto out; } - - krb5_free_keyblock(krbctx, key); } ret = 0; out: - krb5_free_principal(krbctx, salt_princ); SAFE_FREE(enctypes); return ret; } @@ -197,27 +154,43 @@ out: static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx, krb5_keytab *keytab) { + TALLOC_CTX *frame = talloc_stackframe(); krb5_error_code ret; - char *pwd = NULL; - size_t pwd_len; + const char *domain = lp_workgroup(); + struct secrets_domain_info1 *info = NULL; + const char *realm = NULL; + const DATA_BLOB *ct = NULL; krb5_kt_cursor kt_cursor; krb5_keytab_entry kt_entry; - krb5_data password; krb5_principal princ = NULL; krb5_kvno kvno = 0; /* FIXME: fetch current vno from KDC ? */ - char *pwd_old = NULL; + NTSTATUS status; if (!secrets_init()) { DEBUG(1, (__location__ ": secrets_init failed\n")); + TALLOC_FREE(frame); return KRB5_CONFIG_CANTOPEN; } - pwd = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); - if (!pwd) { - DEBUG(2, (__location__ ": failed to fetch machine password\n")); + status = secrets_fetch_or_upgrade_domain_info(domain, + frame, + &info); + if (!NT_STATUS_IS_OK(status)) { + DBG_WARNING("secrets_fetch_or_upgrade_domain_info(%s) - %s\n", + domain, nt_errstr(status)); + TALLOC_FREE(frame); return KRB5_LIBOS_CANTREADPWD; } - pwd_len = strlen(pwd); + ct = &info->password->cleartext_blob; + + if (info->domain_info.dns_domain.string != NULL) { + realm = strupper_talloc(frame, + info->domain_info.dns_domain.string); + if (realm == NULL) { + TALLOC_FREE(frame); + return ENOMEM; + } + } ZERO_STRUCT(kt_entry); ZERO_STRUCT(kt_cursor); @@ -249,9 +222,9 @@ static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx, /* found private entry, * check if keytab is up to date */ - if ((pwd_len == KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry))) && + if ((ct->length == KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry))) && (memcmp(KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)), - pwd, pwd_len) == 0)) { + ct->data, ct->length) == 0)) { /* keytab is already up to date, return */ smb_krb5_kt_free_entry(krbctx, &kt_entry); goto out; @@ -277,32 +250,51 @@ static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx, /* keytab is not up to date, fill it up */ - ret = get_host_principal(krbctx, &princ); + ret = smb_krb5_make_principal(krbctx, &princ, realm, + info->account_name, NULL); if (ret) { DEBUG(1, (__location__ ": Failed to get host principal!\n")); goto out; } - password.data = pwd; - password.length = pwd_len; ret = fill_keytab_from_password(krbctx, *keytab, - princ, kvno, &password); + princ, kvno, + info->password); if (ret) { - DEBUG(1, (__location__ ": Failed to fill memory keytab!\n")); + DBG_WARNING("fill_keytab_from_password() failed for " + "info->password.\n."); goto out; } - pwd_old = secrets_fetch_prev_machine_password(lp_workgroup()); - if (!pwd_old) { - DEBUG(10, (__location__ ": no prev machine password\n")); - } else { - password.data = pwd_old; - password.length = strlen(pwd_old); + if (info->old_password != NULL) { + ret = fill_keytab_from_password(krbctx, *keytab, + princ, kvno - 1, + info->old_password); + if (ret) { + DBG_WARNING("fill_keytab_from_password() failed for " + "info->old_password.\n."); + goto out; + } + } + + if (info->older_password != NULL) { ret = fill_keytab_from_password(krbctx, *keytab, - princ, kvno -1, &password); + princ, kvno - 2, + info->older_password); if (ret) { - DEBUG(1, (__location__ - ": Failed to fill memory keytab!\n")); + DBG_WARNING("fill_keytab_from_password() failed for " + "info->older_password.\n."); + goto out; + } + } + + if (info->next_change != NULL) { + ret = fill_keytab_from_password(krbctx, *keytab, + princ, kvno - 3, + info->next_change->password); + if (ret) { + DBG_WARNING("fill_keytab_from_password() failed for " + "info->next_change->password.\n."); goto out; } } @@ -314,8 +306,8 @@ static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx, kt_entry.vno = 0; KRB5_KEY_TYPE(KRB5_KT_KEY(&kt_entry)) = CLEARTEXT_PRIV_ENCTYPE; - KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry)) = pwd_len; - KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)) = (uint8_t *)pwd; + KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry)) = ct->length; + KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)) = ct->data; ret = krb5_kt_add_entry(krbctx, *keytab, &kt_entry); if (ret) { @@ -328,9 +320,6 @@ static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx, ret = 0; out: - SAFE_FREE(pwd); - SAFE_FREE(pwd_old); - if (!all_zero((uint8_t *)&kt_cursor, sizeof(kt_cursor)) && *keytab) { krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor); } @@ -339,6 +328,7 @@ out: krb5_free_principal(krbctx, princ); } + TALLOC_FREE(frame); return ret; } diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 6803d02..75bcae4 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -349,7 +349,7 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli, 0 /* no time correction for now */, NULL); if (ret != 0) { - int dbglvl = DBGLVL_WARNING; + int dbglvl = DBGLVL_NOTICE; if (krb5_state == CRED_MUST_USE_KERBEROS) { dbglvl = DBGLVL_ERR; diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c index c89b7ca..48ffba8 100644 --- a/source3/libsmb/passchange.c +++ b/source3/libsmb/passchange.c @@ -30,7 +30,8 @@ Change a password on a remote machine using IPC calls. *************************************************************/ -NTSTATUS remote_password_change(const char *remote_machine, const char *user_name, +NTSTATUS remote_password_change(const char *remote_machine, + const char *domain, const char *user_name, const char *old_passwd, const char *new_passwd, char **err_str) { @@ -55,7 +56,7 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam creds = cli_session_creds_init(cli, user_name, - NULL, /* domain */ + domain, NULL, /* realm */ old_passwd, false, /* use_kerberos */ diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h index a583a8e..44f4d04 100644 --- a/source3/libsmb/proto.h +++ b/source3/libsmb/proto.h @@ -31,6 +31,9 @@ struct smb_trans_enc_state; struct cli_credentials; +struct cli_state; +struct file_info; +struct print_job_info; /* The following definitions come from libsmb/cliconnect.c */ @@ -964,4 +967,11 @@ NTSTATUS cli_readlink(struct cli_state *cli, const char *fname, TALLOC_CTX *mem_ctx, char **psubstitute_name, char **pprint_name, uint32_t *pflags); +/* The following definitions come from libsmb/passchange.c */ + +NTSTATUS remote_password_change(const char *remote_machine, + const char *domain, const char *user_name, + const char *old_passwd, const char *new_passwd, + char **err_str); + #endif /* _LIBSMB_PROTO_H_ */ diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index 53a116c..ce1b6e2 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -722,7 +722,6 @@ static int vfswrap_init_pool(struct smbd_server_connection *conn) struct vfswrap_pread_state { ssize_t ret; - int err; int fd; void *buf; size_t count; @@ -796,7 +795,9 @@ static void vfs_pread_do(void *private_data) state->offset); } while ((state->ret == -1) && (errno == EINTR)); - state->err = errno; + if (state->ret == -1) { + state->vfs_aio_state.error = errno; + } PROFILE_TIMESTAMP(&end_time); @@ -845,7 +846,6 @@ static ssize_t vfswrap_pread_recv(struct tevent_req *req, struct vfswrap_pwrite_state { ssize_t ret; - int err; int fd; const void *buf; size_t count; @@ -919,7 +919,9 @@ static void vfs_pwrite_do(void *private_data) state->offset); } while ((state->ret == -1) && (errno == EINTR)); - state->err = errno; + if (state->ret == -1) { + state->vfs_aio_state.error = errno; + } PROFILE_TIMESTAMP(&end_time); @@ -968,7 +970,6 @@ static ssize_t vfswrap_pwrite_recv(struct tevent_req *req, struct vfswrap_fsync_state { ssize_t ret; - int err; int fd; struct vfs_aio_state vfs_aio_state; @@ -1029,7 +1030,9 @@ static void vfs_fsync_do(void *private_data) state->ret = fsync(state->fd); } while ((state->ret == -1) && (errno == EINTR)); - state->err = errno; + if (state->ret == -1) { + state->vfs_aio_state.error = errno; + } PROFILE_TIMESTAMP(&end_time); diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c index 3d1cb5b..5a0f7a8 100644 --- a/source3/passdb/machine_account_secrets.c +++ b/source3/passdb/machine_account_secrets.c @@ -832,7 +832,8 @@ static NTSTATUS secrets_store_domain_info1_by_key(const char *key, return NT_STATUS_OK; } -static NTSTATUS secrets_store_domain_info(const struct secrets_domain_info1 *info) +static NTSTATUS secrets_store_domain_info(const struct secrets_domain_info1 *info, + bool upgrade) { TALLOC_CTX *frame = talloc_stackframe(); const char *domain = info->domain_info.name.string; @@ -853,7 +854,7 @@ static NTSTATUS secrets_store_domain_info(const struct secrets_domain_info1 *inf switch (info->secure_channel_type) { case SEC_CHAN_WKSTA: case SEC_CHAN_BDC: - if (role >= ROLE_ACTIVE_DIRECTORY_DC) { + if (!upgrade && role >= ROLE_ACTIVE_DIRECTORY_DC) { DBG_ERR("AD_DC not supported for %s\n", domain); TALLOC_FREE(frame); @@ -1490,7 +1491,7 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain, secrets_debug_domain_info(DBGLVL_INFO, info, "upgrade"); - status = secrets_store_domain_info(info); + status = secrets_store_domain_info(info, true /* upgrade */); if (!NT_STATUS_IS_OK(status)) { DBG_ERR("secrets_store_domain_info() failed " "for %s - %s\n", domain, nt_errstr(status)); @@ -1647,7 +1648,7 @@ NTSTATUS secrets_store_JoinCtx(const struct libnet_JoinCtx *r) secrets_debug_domain_info(DBGLVL_INFO, info, "join"); - status = secrets_store_domain_info(info); + status = secrets_store_domain_info(info, false /* upgrade */); if (!NT_STATUS_IS_OK(status)) { DBG_ERR("secrets_store_domain_info() failed " "for %s - %s\n", domain, nt_errstr(status)); @@ -1739,7 +1740,7 @@ NTSTATUS secrets_prepare_password_change(const char *domain, const char *dcname, secrets_debug_domain_info(DBGLVL_INFO, info, "prepare_change"); - status = secrets_store_domain_info(info); -- Samba Shared Repository