The branch, v4-6-test has been updated
via 76da233 vfs_default: Fix passing of errno from async calls
via 8506375 s3:utils: Remove pointless if-clause for remote_machine
via eabb9ca s3:utils: Make sure we authenticate against our SAM name in
smbpasswd
via ae27c7d s3:utils: Pass domain to password_change() in smbpasswd
via 0434034 s3:utils: Make strings const passed to password_change() in
smbpasswd
via 2523f77 s3:libsmb: Move prototye of remote_password_change()
via 90b5cbb s3:libsmb: Pass domain to remote_password_change()
via 0485080 s3:gse_krb5: make use of precalculated krb5 keys in
fill_mem_keytab_from_secrets()
via b6449bc s3:secrets: allow secrets_fetch_or_upgrade_domain_info() on
an AD DC
via c13ab92 blackbox: Add test for 'net ads changetrustpw'
via 85175f8 s3:libads: Fix changing passwords with Kerberos
via 27f76f4 s3:libsmb: Print the kinit failed message with DBGLVL_NOTICE
via 2e4ac5e s3:utils: Do not report an invalid range for AD DC role
from ba9c6fb vfs_fruit: factor out common code from ad_get() and
ad_fget()
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test
- Log -----------------------------------------------------------------
commit 76da233af1693d38482527bf054ec364f8ed21e5
Author: Christof Schmitt <c...@samba.org>
Date: Wed Aug 23 14:37:28 2017 -0700
vfs_default: Fix passing of errno from async calls
Current code assigns errno from async pthreadpool calls to the
vfs_default internal vfswrap_*_state. The callers of the vfs_*_recv
functions expect the value from errno in vfs_aio_state.error.
Correctly assign errno to vfs_aio_state.error and remove the unused
internal err variable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12983
Signed-off-by: Christof Schmitt <c...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit a6f391b8dd1fbfd1a370667dec1374284984c341)
Autobuild-User(v4-6-test): Karolin Seeger <ksee...@samba.org>
Autobuild-Date(v4-6-test): Mon Aug 28 14:42:02 CEST 2017 on sn-devel-144
commit 85063757ad2f437af1b70df6b194993e045b84c8
Author: Andreas Schneider <a...@samba.org>
Date: Tue Aug 22 15:46:07 2017 +0200
s3:utils: Remove pointless if-clause for remote_machine
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Review with: git show -U20
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlet <abart...@samba.org>
(cherry picked from commit 4a4bfcb539b4489f397b2bc9369215b7e03e620e)
commit eabb9cafa209bbf1b220e030803c954dc3d6a1ac
Author: Andreas Schneider <a...@samba.org>
Date: Fri Aug 18 16:17:08 2017 +0200
s3:utils: Make sure we authenticate against our SAM name in smbpasswd
If a local user wants to change his password using smbpasswd and the
machine is a domain member, we need to make sure we authenticate against
our SAM and not ask winbind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlet <abart...@samba.org>
(cherry picked from commit dc129a968afdac8be70f9756bd18a7bf1f4c3b02)
commit ae27c7d28c79916edb60ee55c19b6ad6b209503b
Author: Andreas Schneider <a...@samba.org>
Date: Fri Aug 18 16:14:57 2017 +0200
s3:utils: Pass domain to password_change() in smbpasswd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlet <abart...@samba.org>
(cherry picked from commit b483340639157fe95777672f5723455c48c3c616)
commit 04340343dbae780e979e73fdf32139299f03c5d1
Author: Andreas Schneider <a...@samba.org>
Date: Fri Aug 18 16:13:15 2017 +0200
s3:utils: Make strings const passed to password_change() in smbpasswd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlet <abart...@samba.org>
(cherry picked from commit 41a31a71abe144362fc7483fabba39aafa866373)
commit 2523f779213b8fa358c1d933d71417a90016e4e3
Author: Andreas Schneider <a...@samba.org>
Date: Fri Aug 18 16:10:06 2017 +0200
s3:libsmb: Move prototye of remote_password_change()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlet <abart...@samba.org>
(cherry picked from commit c773844e7529b83b2633671c7bcf1e7b84ad7950)
commit 90b5cbb7528f28391678db4b629d893051f1bf25
Author: Andreas Schneider <a...@samba.org>
Date: Fri Aug 18 16:08:46 2017 +0200
s3:libsmb: Pass domain to remote_password_change()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlet <abart...@samba.org>
(cherry picked from commit 7a554ee7dcefdff599ebc6fbf4e128b33ffccf29)
commit 048508034b57c3b36ac73cdf0bd54675d8e320a9
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Aug 17 17:45:21 2017 +0200
s3:gse_krb5: make use of precalculated krb5 keys in
fill_mem_keytab_from_secrets()
This avoids a lot of cpu cycles, which were wasted for each single smb
connection, even if the client didn't use kerberos.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12973
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
Autobuild-Date(master): Fri Aug 18 10:04:57 CEST 2017 on sn-devel-144
(cherry picked from commit cd813f7fd9ee8e9d82a6bf6c98621c437f6974b2)
commit b6449bca2d3e44930f7a76b477ef707386f0560b
Author: Stefan Metzmacher <me...@samba.org>
Date: Thu Aug 17 21:42:34 2017 +0200
s3:secrets: allow secrets_fetch_or_upgrade_domain_info() on an AD DC
The reason for the check is for write access as secrets.ldb is the
master database.
But secrets_fetch_or_upgrade_domain_info() just syncs the values
we got from if they got overwritten by secrets_store_machine_pw_sync().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12973
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
(cherry picked from commit 37e49a2af5bb1c40c17eab18ff9412f2ce79ef71)
commit c13ab92bd8a37e68ce4a4f51d5a0d3a115ec23a4
Author: Andreas Schneider <a...@samba.org>
Date: Wed Aug 9 12:14:34 2017 +0200
blackbox: Add test for 'net ads changetrustpw'
BUG: BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Richard Sharpe <realrichardsha...@gmail.com>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Fri Aug 11 22:09:27 CEST 2017 on sn-devel-144
(cherry picked from commit e2c0fd36ba54d984b554248aecffd3e4e7f43e1f)
commit 85175f8de36a226dfaf277043018d0a3c8e0dc03
Author: Andreas Schneider <a...@samba.org>
Date: Wed Aug 9 18:14:23 2017 +0200
s3:libads: Fix changing passwords with Kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Richard Sharpe <realrichardsha...@gmail.com>
(cherry picked from commit b81ca4f9dcbb378a95fb3ac31bfd9a1cbe505d7d)
commit 27f76f406b6c57a7b19812fbf5c24115cc063af2
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 24 12:51:35 2017 +0200
s3:libsmb: Print the kinit failed message with DBGLVL_NOTICE
The default debug level of smbclient is set to 'log level = 1'. So we
need to use at least NOTICE to not get the message when we do not force
kerberos.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12704
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit 6d7681c73dc68930dc39f05d58c2679b7c84ad97)
commit 2e4ac5e6b8f150647e095222f9eae87e87a44d52
Author: Andreas Schneider <a...@samba.org>
Date: Fri Aug 18 10:35:55 2017 +0200
s3:utils: Do not report an invalid range for AD DC role
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12629
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit 95e30b081f273f2d156792577179c5220c0a10cc)
-----------------------------------------------------------------------
Summary of changes:
source3/include/proto.h | 6 --
source3/libads/krb5_setpw.c | 2 +-
source3/librpc/crypto/gse_krb5.c | 180 +++++++++++++++----------------
source3/libsmb/cliconnect.c | 2 +-
source3/libsmb/passchange.c | 5 +-
source3/libsmb/proto.h | 10 ++
source3/modules/vfs_default.c | 15 +--
source3/passdb/machine_account_secrets.c | 15 +--
source3/utils/smbpasswd.c | 57 +++++++---
source3/utils/testparm.c | 16 +--
testprogs/blackbox/test_net_ads.sh | 4 +
11 files changed, 171 insertions(+), 141 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index baa5799..67e1a9d 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -832,12 +832,6 @@ bool get_dc_name(const char *domain,
fstring srv_name,
struct sockaddr_storage *ss_out);
-/* The following definitions come from libsmb/passchange.c */
-
-NTSTATUS remote_password_change(const char *remote_machine, const char
*user_name,
- const char *old_passwd, const char *new_passwd,
- char **err_str);
-
/* The following definitions come from libsmb/smberr.c */
const char *smb_dos_err_name(uint8_t e_class, uint16_t num);
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 630c2e4..bc96ac6 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -251,7 +251,7 @@ static ADS_STATUS ads_krb5_chg_password(const char
*kdc_host,
ret = krb5_set_password(context,
&creds,
discard_const_p(char, newpw),
- princ,
+ NULL,
&result_code,
&result_code_string,
&result_string);
diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c
index 2c9fc03..cc8cb90 100644
--- a/source3/librpc/crypto/gse_krb5.c
+++ b/source3/librpc/crypto/gse_krb5.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "smb_krb5.h"
#include "secrets.h"
+#include "librpc/gen_ndr/secrets.h"
#include "gse_krb5.h"
#include "lib/param/loadparm.h"
#include "libads/kerberos_proto.h"
@@ -85,45 +86,15 @@ out:
return ret;
}
-static krb5_error_code get_host_principal(krb5_context krbctx,
- krb5_principal *host_princ)
-{
- krb5_error_code ret;
- char *host_princ_s = NULL;
- int err;
-
- err = asprintf(&host_princ_s, "%s$@%s", lp_netbios_name(), lp_realm());
- if (err == -1) {
- return -1;
- }
-
- if (!strlower_m(host_princ_s)) {
- SAFE_FREE(host_princ_s);
- return -1;
- }
- ret = smb_krb5_parse_name(krbctx, host_princ_s, host_princ);
- if (ret) {
- DEBUG(1, (__location__ ": smb_krb5_parse_name(%s) "
- "failed (%s)\n",
- host_princ_s, error_message(ret)));
- }
-
- SAFE_FREE(host_princ_s);
- return ret;
-}
-
static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
krb5_keytab keytab,
krb5_principal princ,
krb5_kvno vno,
- krb5_data *password)
+ struct
secrets_domain_info1_password *pw)
{
krb5_error_code ret;
krb5_enctype *enctypes;
- krb5_keytab_entry kt_entry;
- unsigned int i;
- krb5_principal salt_princ = NULL;
- char *salt_princ_s = NULL;
+ uint16_t i;
ret = smb_krb5_get_allowed_etypes(krbctx, &enctypes);
if (ret) {
@@ -132,61 +103,47 @@ static krb5_error_code
fill_keytab_from_password(krb5_context krbctx,
return ret;
}
- salt_princ_s = kerberos_secrets_fetch_salt_princ();
- if (salt_princ_s == NULL) {
- ret = ENOMEM;
- goto out;
- }
- ret = krb5_parse_name(krbctx, salt_princ_s, &salt_princ);
- SAFE_FREE(salt_princ_s);
- if (ret != 0) {
- goto out;
- }
-
- for (i = 0; enctypes[i]; i++) {
+ for (i = 0; i < pw->num_keys; i++) {
+ krb5_keytab_entry kt_entry;
krb5_keyblock *key = NULL;
- int rc;
+ unsigned int ei;
+ bool found_etype = false;
- if (!(key = SMB_MALLOC_P(krb5_keyblock))) {
- ret = ENOMEM;
- goto out;
+ for (ei=0; enctypes[ei] != 0; ei++) {
+ if ((uint32_t)enctypes[ei] != pw->keys[i].keytype) {
+ continue;
+ }
+
+ found_etype = true;
+ break;
}
- rc = create_kerberos_key_from_string(krbctx,
- princ,
- salt_princ,
- password,
- key,
- enctypes[i],
- false);
- if (rc != 0) {
- DEBUG(10, ("Failed to create key for enctype %d "
- "(error: %s)\n",
- enctypes[i], error_message(ret)));
- SAFE_FREE(key);
+ if (!found_etype) {
continue;
}
+ ZERO_STRUCT(kt_entry);
kt_entry.principal = princ;
kt_entry.vno = vno;
- *(KRB5_KT_KEY(&kt_entry)) = *key;
+
+ key = KRB5_KT_KEY(&kt_entry);
+ KRB5_KEY_TYPE(key) = pw->keys[i].keytype;
+ KRB5_KEY_DATA(key) = pw->keys[i].value.data;
+ KRB5_KEY_LENGTH(key) = pw->keys[i].value.length;
ret = krb5_kt_add_entry(krbctx, keytab, &kt_entry);
if (ret) {
DEBUG(1, (__location__ ": Failed to add entry to "
"keytab for enctype %d (error: %s)\n",
- enctypes[i], error_message(ret)));
- krb5_free_keyblock(krbctx, key);
+ (unsigned)pw->keys[i].keytype,
+ error_message(ret)));
goto out;
}
-
- krb5_free_keyblock(krbctx, key);
}
ret = 0;
out:
- krb5_free_principal(krbctx, salt_princ);
SAFE_FREE(enctypes);
return ret;
}
@@ -197,27 +154,43 @@ out:
static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx,
krb5_keytab *keytab)
{
+ TALLOC_CTX *frame = talloc_stackframe();
krb5_error_code ret;
- char *pwd = NULL;
- size_t pwd_len;
+ const char *domain = lp_workgroup();
+ struct secrets_domain_info1 *info = NULL;
+ const char *realm = NULL;
+ const DATA_BLOB *ct = NULL;
krb5_kt_cursor kt_cursor;
krb5_keytab_entry kt_entry;
- krb5_data password;
krb5_principal princ = NULL;
krb5_kvno kvno = 0; /* FIXME: fetch current vno from KDC ? */
- char *pwd_old = NULL;
+ NTSTATUS status;
if (!secrets_init()) {
DEBUG(1, (__location__ ": secrets_init failed\n"));
+ TALLOC_FREE(frame);
return KRB5_CONFIG_CANTOPEN;
}
- pwd = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
- if (!pwd) {
- DEBUG(2, (__location__ ": failed to fetch machine password\n"));
+ status = secrets_fetch_or_upgrade_domain_info(domain,
+ frame,
+ &info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("secrets_fetch_or_upgrade_domain_info(%s) - %s\n",
+ domain, nt_errstr(status));
+ TALLOC_FREE(frame);
return KRB5_LIBOS_CANTREADPWD;
}
- pwd_len = strlen(pwd);
+ ct = &info->password->cleartext_blob;
+
+ if (info->domain_info.dns_domain.string != NULL) {
+ realm = strupper_talloc(frame,
+ info->domain_info.dns_domain.string);
+ if (realm == NULL) {
+ TALLOC_FREE(frame);
+ return ENOMEM;
+ }
+ }
ZERO_STRUCT(kt_entry);
ZERO_STRUCT(kt_cursor);
@@ -249,9 +222,9 @@ static krb5_error_code
fill_mem_keytab_from_secrets(krb5_context krbctx,
/* found private entry,
* check if keytab is up to date */
- if ((pwd_len ==
KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry))) &&
+ if ((ct->length ==
KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry))) &&
(memcmp(KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)),
- pwd, pwd_len) == 0)) {
+ ct->data, ct->length) == 0)) {
/* keytab is already up to date, return */
smb_krb5_kt_free_entry(krbctx, &kt_entry);
goto out;
@@ -277,32 +250,51 @@ static krb5_error_code
fill_mem_keytab_from_secrets(krb5_context krbctx,
/* keytab is not up to date, fill it up */
- ret = get_host_principal(krbctx, &princ);
+ ret = smb_krb5_make_principal(krbctx, &princ, realm,
+ info->account_name, NULL);
if (ret) {
DEBUG(1, (__location__ ": Failed to get host principal!\n"));
goto out;
}
- password.data = pwd;
- password.length = pwd_len;
ret = fill_keytab_from_password(krbctx, *keytab,
- princ, kvno, &password);
+ princ, kvno,
+ info->password);
if (ret) {
- DEBUG(1, (__location__ ": Failed to fill memory keytab!\n"));
+ DBG_WARNING("fill_keytab_from_password() failed for "
+ "info->password.\n.");
goto out;
}
- pwd_old = secrets_fetch_prev_machine_password(lp_workgroup());
- if (!pwd_old) {
- DEBUG(10, (__location__ ": no prev machine password\n"));
- } else {
- password.data = pwd_old;
- password.length = strlen(pwd_old);
+ if (info->old_password != NULL) {
+ ret = fill_keytab_from_password(krbctx, *keytab,
+ princ, kvno - 1,
+ info->old_password);
+ if (ret) {
+ DBG_WARNING("fill_keytab_from_password() failed for "
+ "info->old_password.\n.");
+ goto out;
+ }
+ }
+
+ if (info->older_password != NULL) {
ret = fill_keytab_from_password(krbctx, *keytab,
- princ, kvno -1, &password);
+ princ, kvno - 2,
+ info->older_password);
if (ret) {
- DEBUG(1, (__location__
- ": Failed to fill memory keytab!\n"));
+ DBG_WARNING("fill_keytab_from_password() failed for "
+ "info->older_password.\n.");
+ goto out;
+ }
+ }
+
+ if (info->next_change != NULL) {
+ ret = fill_keytab_from_password(krbctx, *keytab,
+ princ, kvno - 3,
+ info->next_change->password);
+ if (ret) {
+ DBG_WARNING("fill_keytab_from_password() failed for "
+ "info->next_change->password.\n.");
goto out;
}
}
@@ -314,8 +306,8 @@ static krb5_error_code
fill_mem_keytab_from_secrets(krb5_context krbctx,
kt_entry.vno = 0;
KRB5_KEY_TYPE(KRB5_KT_KEY(&kt_entry)) = CLEARTEXT_PRIV_ENCTYPE;
- KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry)) = pwd_len;
- KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)) = (uint8_t *)pwd;
+ KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry)) = ct->length;
+ KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)) = ct->data;
ret = krb5_kt_add_entry(krbctx, *keytab, &kt_entry);
if (ret) {
@@ -328,9 +320,6 @@ static krb5_error_code
fill_mem_keytab_from_secrets(krb5_context krbctx,
ret = 0;
out:
- SAFE_FREE(pwd);
- SAFE_FREE(pwd_old);
-
if (!all_zero((uint8_t *)&kt_cursor, sizeof(kt_cursor)) && *keytab) {
krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor);
}
@@ -339,6 +328,7 @@ out:
krb5_free_principal(krbctx, princ);
}
+ TALLOC_FREE(frame);
return ret;
}
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 6803d02..75bcae4 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -349,7 +349,7 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state
*cli,
0 /* no time correction for now */,
NULL);
if (ret != 0) {
- int dbglvl = DBGLVL_WARNING;
+ int dbglvl = DBGLVL_NOTICE;
if (krb5_state == CRED_MUST_USE_KERBEROS) {
dbglvl = DBGLVL_ERR;
diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index c89b7ca..48ffba8 100644
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@@ -30,7 +30,8 @@
Change a password on a remote machine using IPC calls.
*************************************************************/
-NTSTATUS remote_password_change(const char *remote_machine, const char
*user_name,
+NTSTATUS remote_password_change(const char *remote_machine,
+ const char *domain, const char *user_name,
const char *old_passwd, const char *new_passwd,
char **err_str)
{
@@ -55,7 +56,7 @@ NTSTATUS remote_password_change(const char *remote_machine,
const char *user_nam
creds = cli_session_creds_init(cli,
user_name,
- NULL, /* domain */
+ domain,
NULL, /* realm */
old_passwd,
false, /* use_kerberos */
diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
index a583a8e..44f4d04 100644
--- a/source3/libsmb/proto.h
+++ b/source3/libsmb/proto.h
@@ -31,6 +31,9 @@
struct smb_trans_enc_state;
struct cli_credentials;
+struct cli_state;
+struct file_info;
+struct print_job_info;
/* The following definitions come from libsmb/cliconnect.c */
@@ -964,4 +967,11 @@ NTSTATUS cli_readlink(struct cli_state *cli, const char
*fname,
TALLOC_CTX *mem_ctx, char **psubstitute_name,
char **pprint_name, uint32_t *pflags);
+/* The following definitions come from libsmb/passchange.c */
+
+NTSTATUS remote_password_change(const char *remote_machine,
+ const char *domain, const char *user_name,
+ const char *old_passwd, const char *new_passwd,
+ char **err_str);
+
#endif /* _LIBSMB_PROTO_H_ */
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 53a116c..ce1b6e2 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -722,7 +722,6 @@ static int vfswrap_init_pool(struct smbd_server_connection
*conn)
struct vfswrap_pread_state {
ssize_t ret;
- int err;
int fd;
void *buf;
size_t count;
@@ -796,7 +795,9 @@ static void vfs_pread_do(void *private_data)
state->offset);
} while ((state->ret == -1) && (errno == EINTR));
- state->err = errno;
+ if (state->ret == -1) {
+ state->vfs_aio_state.error = errno;
+ }
PROFILE_TIMESTAMP(&end_time);
@@ -845,7 +846,6 @@ static ssize_t vfswrap_pread_recv(struct tevent_req *req,
struct vfswrap_pwrite_state {
ssize_t ret;
- int err;
int fd;
const void *buf;
size_t count;
@@ -919,7 +919,9 @@ static void vfs_pwrite_do(void *private_data)
state->offset);
} while ((state->ret == -1) && (errno == EINTR));
- state->err = errno;
+ if (state->ret == -1) {
+ state->vfs_aio_state.error = errno;
+ }
PROFILE_TIMESTAMP(&end_time);
@@ -968,7 +970,6 @@ static ssize_t vfswrap_pwrite_recv(struct tevent_req *req,
struct vfswrap_fsync_state {
ssize_t ret;
- int err;
int fd;
struct vfs_aio_state vfs_aio_state;
@@ -1029,7 +1030,9 @@ static void vfs_fsync_do(void *private_data)
state->ret = fsync(state->fd);
} while ((state->ret == -1) && (errno == EINTR));
- state->err = errno;
+ if (state->ret == -1) {
+ state->vfs_aio_state.error = errno;
+ }
PROFILE_TIMESTAMP(&end_time);
diff --git a/source3/passdb/machine_account_secrets.c
b/source3/passdb/machine_account_secrets.c
index 3d1cb5b..5a0f7a8 100644
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -832,7 +832,8 @@ static NTSTATUS secrets_store_domain_info1_by_key(const
char *key,
return NT_STATUS_OK;
}
-static NTSTATUS secrets_store_domain_info(const struct secrets_domain_info1
*info)
+static NTSTATUS secrets_store_domain_info(const struct secrets_domain_info1
*info,
+ bool upgrade)
{
TALLOC_CTX *frame = talloc_stackframe();
const char *domain = info->domain_info.name.string;
@@ -853,7 +854,7 @@ static NTSTATUS secrets_store_domain_info(const struct
secrets_domain_info1 *inf
switch (info->secure_channel_type) {
case SEC_CHAN_WKSTA:
case SEC_CHAN_BDC:
- if (role >= ROLE_ACTIVE_DIRECTORY_DC) {
+ if (!upgrade && role >= ROLE_ACTIVE_DIRECTORY_DC) {
DBG_ERR("AD_DC not supported for %s\n",
domain);
TALLOC_FREE(frame);
@@ -1490,7 +1491,7 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char
*domain,
secrets_debug_domain_info(DBGLVL_INFO, info, "upgrade");
- status = secrets_store_domain_info(info);
+ status = secrets_store_domain_info(info, true /* upgrade */);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("secrets_store_domain_info() failed "
"for %s - %s\n", domain, nt_errstr(status));
@@ -1647,7 +1648,7 @@ NTSTATUS secrets_store_JoinCtx(const struct
libnet_JoinCtx *r)
secrets_debug_domain_info(DBGLVL_INFO, info, "join");
- status = secrets_store_domain_info(info);
+ status = secrets_store_domain_info(info, false /* upgrade */);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("secrets_store_domain_info() failed "
"for %s - %s\n", domain, nt_errstr(status));
@@ -1739,7 +1740,7 @@ NTSTATUS secrets_prepare_password_change(const char
*domain, const char *dcname,
secrets_debug_domain_info(DBGLVL_INFO, info, "prepare_change");
- status = secrets_store_domain_info(info);
--
Samba Shared Repository
