[Pkg-samba-maint] [Git][samba-team/samba][master] 2190 commits: VERSION: Bump version up to 4.8.0pre1...
Mathieu Parent
gitlab at salsa.debian.org
Thu Mar 15 10:14:37 UTC 2018
Mathieu Parent pushed to branch master at Debian Samba Team / samba
Commits:
a9ab0237 by Karolin Seeger at 2017-07-04T13:11:16+02:00
VERSION: Bump version up to 4.8.0pre1...
and re-enable GIT_SNAPSHOTS.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e317dfec by Karolin Seeger at 2017-07-04T17:41:59+02:00
WHATSNEW: Start release notes for Samba 4.8.0pre1.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(master): Tue Jul 4 17:41:59 CEST 2017 on sn-devel-144
- - - - -
4ad58497 by Lukas Slebodnik at 2017-07-04T21:39:21+02:00
talloc: Use libraries from build dir for testsuite
There was a failure when tests were executed after after extracting
talloc tarball.
sh$ make -j8 check
WAF_MAKE=1 PATH=buildtools/bin:../../buildtools/bin:$PATH waf test
bin/talloc_testsuite: error while loading shared libraries: libtalloc.so.2: cannot open shared object file: No such file or directory
sh: ./lib/talloc/test_magic_differs.sh: No such file or directory
Traceback (most recent call last):
File "test_pytalloc.py", line 11, in <module>
import talloc
ImportError: libtalloc.so.2: cannot open shared object file: No such file or directory
Signed-off-by: Lukas Slebodnik <lslebodn at redhat.com>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9e1cbce2 by Lukas Slebodnik at 2017-07-04T21:39:21+02:00
talloc: Fix execution of test_magic_differs from tarball
make check failed in case of tarball because test_magic_differs.sh
is in top level directory and not in sub-directory lib/talloc
sh: ./lib/talloc/test_magic_differs.sh: No such file or directory
magic differs test returned 127
Signed-off-by: Lukas Slebodnik <lslebodn at redhat.com>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d5d6d209 by Lukas Slebodnik at 2017-07-04T21:39:22+02:00
ldb: Use libraries from build dir for testsuite
There was a failure when tests were executed after after extracting
ldb tarball.
sh$ make -j8 check
WAF_MAKE=1 PATH=buildtools/bin:../../buildtools/bin:$PATH waf test
ldbadd: error while loading shared libraries: libldb.so.1: cannot open shared object file: No such file or directory
cat: write error: Broken pipe
Traceback (most recent call last):
File "tests/python/api.py", line 10, in <module>
import ldb
ImportError: libldb.so.1: cannot open shared object file: No such file or directory
Traceback (most recent call last):
File "tests/python/api.py", line 10, in <module>
import ldb
ImportError: libpyldb-util.so.1: cannot open shared object file: No such file or directory
bin/ldb_tdb_mod_op_test: error while loading shared libraries: libldb.so.1: cannot open shared object file: No such file or directory
testsuite returned 1
Signed-off-by: Lukas Slebodnik <lslebodn at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Alexander Bokovoy <ab at samba.org>
- - - - -
31019d33 by Lumir Balhar at 2017-07-05T02:00:25+02:00
python: tests: Add test for tdb_copy function from tdb_util module.
Signed-off-by: Lumir Balhar <lbalhar at redhat.com>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jul 5 02:00:25 CEST 2017 on sn-devel-144
- - - - -
a15953ae by Stefan Metzmacher at 2017-07-05T02:17:12+02:00
auth/spnego: rename gensec_spnego_server_negTokenTarg() into gensec_spnego_server_response()
gensec_spnego_server_negTokenTarg() will reappear as function that
handles the whole negTokenTarg processing.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7ba307a4 by Stefan Metzmacher at 2017-07-05T02:17:12+02:00
auth/spnego: use a helper variable for spnego.negTokenInit.targetPrincipal
This makes the lines a bit shorter and the future diff easier to review.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9d7a01de by Stefan Metzmacher at 2017-07-05T02:17:12+02:00
auth/spnego: add a struct spnego_negTokenTarg *ta variable to make some lines shorter
This makes future modifications easier to review.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b337d266 by Stefan Metzmacher at 2017-07-05T02:17:12+02:00
auth/spnego: don't pass 'in' to gensec_spnego_create_negTokenInit()
It's always en empty blob.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c0b2f85d by Stefan Metzmacher at 2017-07-05T02:17:12+02:00
auth/spnego: set spnego_state->{state_position,expected_packet} gensec_spnego_create_negTokenInit()
We should only do the state change in a defined place
and not with any error gensec_spnego_create_negTokenInit() might return.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1dfad27c by Stefan Metzmacher at 2017-07-05T02:17:12+02:00
auth/spnego: move SERVER gensec_spnego_create_negTokenInit() handling to the top
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f266b355 by Stefan Metzmacher at 2017-07-05T02:17:12+02:00
auth/spnego: remove useless indentation level for SPNEGO_SERVER_START
Check with git show -w
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
79faf301 by Stefan Metzmacher at 2017-07-05T06:43:17+02:00
auth/spnego: pass spnego_in to gensec_spnego_parse_negTokenInit()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jul 5 06:43:17 CEST 2017 on sn-devel-144
- - - - -
2ab239be by Rowland Penny at 2017-07-05T13:36:09+02:00
Easily edit a users object in AD, as if using ldbedit.
Signed-off-by: Rowland Penny <rpenny at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
3c03ac75 by Rowland Penny at 2017-07-05T13:36:09+02:00
Add test for 'samba-tool user edit'
Signed-off-by: Rowland Penny <rpenny at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
e3707c1b by Rowland Penny at 2017-07-05T17:53:24+02:00
Add code to run the tests for 'samba-tool user edit'
Signed-off-by: Rowland Penny <rpenny at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Alexander Bokovoy <ab at samba.org>
Autobuild-Date(master): Wed Jul 5 17:53:24 CEST 2017 on sn-devel-144
- - - - -
25ef27b2 by Andreas Schneider at 2017-07-05T17:54:10+02:00
waf: Only build unit tests with selftest enabled
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12877
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
5d18c5e5 by Andreas Schneider at 2017-07-05T17:54:10+02:00
unittests: Add missing stdint.h include
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12878
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
1de43903 by Andreas Schneider at 2017-07-05T22:21:06+02:00
unittests: Do not install the test_dummy rpc module
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12879
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jul 5 22:21:06 CEST 2017 on sn-devel-144
- - - - -
b6d6f67b by Richard Sharpe at 2017-07-07T00:52:24+02:00
Add support for passing the max_referral_level into the cli call to get a DFS referral. This is being done so I can write tests of the DFS referral code on the server side.
Signed-off-by: Richard Sharpe <richard.sharpe at primarydata.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
939576d9 by Volker Lendecke at 2017-07-07T00:52:24+02:00
notifyd: Only ask for messaging_ctdb_conn when clustering
Without clustering, messaging_ctdb_conn will fail anyway.
Review with "git show -b".
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d0a7bcca by Volker Lendecke at 2017-07-07T00:52:24+02:00
notifyd: Consolidate two #ifdef CLUSTER into one
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b8dccd11 by Volker Lendecke at 2017-07-07T00:52:24+02:00
notifyd: Avoid an if-expression
Best reviewed with "git show -b -U10"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0c1e08b5 by Volker Lendecke at 2017-07-07T00:52:24+02:00
messaging: make messaging_rec_create public
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b6079af1 by Volker Lendecke at 2017-07-07T00:52:24+02:00
notifyd: Use messaging_register for MSG_SMB_NOTIFY_REC_CHANGE
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
db15feb1 by Volker Lendecke at 2017-07-07T00:52:24+02:00
notifyd: Use messaging_register for MSG_SMB_NOTIFY_TRIGGER
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dc39bb45 by Volker Lendecke at 2017-07-07T00:52:24+02:00
notifyd: Use messaging_register for MSG_SMB_NOTIFY_GET_DB
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9430fab6 by Volker Lendecke at 2017-07-07T00:52:24+02:00
notifyd: Use messaging_register for MSG_SMB_NOTIFY_DB
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
197186a1 by Volker Lendecke at 2017-07-07T00:52:24+02:00
notifyd: Remove notifyd_handler_done
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5eccc2fd by Volker Lendecke at 2017-07-07T05:11:48+02:00
messaging: Remove messaging_handler_send
This did not really take off, notifyd was the only user
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jul 7 05:11:48 CEST 2017 on sn-devel-144
- - - - -
98e30cf4 by Andreas Schneider at 2017-07-07T09:14:26+02:00
waf: Do not install _ldb_text.py if we have system libldb
_ldb_text.py is installed as part of the ldb package and also if you
compile Samba with the system ldb version. This way we have have the
file twice in the same location and run into file confilcts.
This has already been fixed some time ago:
60dc26bfe1573265dcbd87b9dd3439f945e57d97
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12882
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
e9d33bf8 by Jeremy Allison at 2017-07-07T09:14:26+02:00
s3: client: Move struct file_list code to using talloc from malloc.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b6f484ae by Jeremy Allison at 2017-07-07T09:14:26+02:00
s3: smbclient: Add new command deltree.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f2f9f51f by Jeremy Allison at 2017-07-07T09:14:26+02:00
docs: Document new smbclient deltree command.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b21ee14e by Jeremy Allison at 2017-07-07T13:38:24+02:00
s3: tests: Add test for new smbclient "deltree" command.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jul 7 13:38:24 CEST 2017 on sn-devel-144
- - - - -
963d9f12 by Lukas Slebodnik at 2017-07-07T15:51:25+02:00
ldb: Fix index out of bound in ldb_msg_find_common_values
cmocka unit test failed on i386
[==========] Running 2 test(s).
[ RUN ] test_ldb_msg_find_duplicate_val
[ OK ] test_ldb_msg_find_duplicate_val
[ RUN ] test_ldb_msg_find_common_values
[ FAILED ] test_ldb_msg_find_common_values
[==========] 2 test(s) run.
[ ERROR ] --- 0x14 != 0
[ LINE ] --- ../tests/ldb_msg.c:266: error: Failure!
[ PASSED ] 1 test(s).
[ FAILED ] 1 test(s), listed below:
[ FAILED ] test_ldb_msg_find_common_values
1 FAILED TEST(S)
But we were just lucky on other platforms because there is
index out of bound according to valgrind error.
==3298== Invalid read of size 4
==3298== at 0x486FCF6: ldb_val_cmp (ldb_msg.c:95)
==3298== by 0x486FCF6: ldb_msg_find_common_values (ldb_msg.c:266)
==3298== by 0x109A3D: test_ldb_msg_find_common_values (ldb_msg.c:265)
==3298== by 0x48E7490: ??? (in /usr/lib/libcmocka.so.0.4.1)
==3298== by 0x48E7EB0: _cmocka_run_group_tests (in /usr/lib/libcmocka.so.0.4.1)
==3298== by 0x1089B7: main (ldb_msg.c:352)
==3298== Address 0x4b07734 is 4 bytes after a block of size 48 alloc'd
==3298== at 0x483223E: malloc (vg_replace_malloc.c:299)
==3298== by 0x4907AA7: _talloc_array (in /usr/lib/libtalloc.so.2.1.9)
==3298== by 0x486FBF8: ldb_msg_find_common_values (ldb_msg.c:245)
==3298== by 0x109A3D: test_ldb_msg_find_common_values (ldb_msg.c:265)
==3298== by 0x48E7490: ??? (in /usr/lib/libcmocka.so.0.4.1)
==3298== by 0x48E7EB0: _cmocka_run_group_tests (in /usr/lib/libcmocka.so.0.4.1)
==3298== by 0x1089B7: main (ldb_msg.c:352)
Signed-off-by: Lukas Slebodnik <lslebodn at redhat.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
282410fa by Douglas Bagnall at 2017-07-07T15:51:25+02:00
ldb: avoid searching empty lists in ldb_msg_find_common_values
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4b3de611 by Douglas Bagnall at 2017-07-07T20:10:37+02:00
ldb/tests: more thoroughly test empty ldb_msg elements
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jul 7 20:10:37 CEST 2017 on sn-devel-144
- - - - -
b886a944 by Ralph Boehme at 2017-07-07T20:11:22+02:00
s3/smbd: let non_widelink_open() chdir() to directories directly
If the caller passes O_DIRECTORY we just try to chdir() to smb_fname
directly, not to the parent directory.
The security check in check_reduced_name() will continue to work, but
this fixes the case of an open() for a previous version of a
subdirectory that contains snapshopt.
Eg:
[share]
path = /shares/test
vfs objects = shadow_copy2
shadow:snapdir = .snapshots
shadow:snapdirseverywhere = yes
Directory tree with fake snapshots:
$ tree -a /shares/test/
/shares/test/
├── dir
│ ├── file
│ └── .snapshots
│ └── @GMT-2017.07.04-04.30.12
│ └── file
├── dir2
│ └── file
├── file
├── .snapshots
│ └── @GMT-2001.01.01-00.00.00
│ ├── dir2
│ │ └── file
│ └── file
└── testfsctl.dat
./bin/smbclient -U slow%x //localhost/share -c 'ls @GMT-2017.07.04-04.30.12/dir/*'
NT_STATUS_OBJECT_NAME_NOT_FOUND listing \@GMT-2017.07.04-04.30.12\dir\*
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12885
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cc9ba98c by Ralph Boehme at 2017-07-08T00:33:51+02:00
selftest: add a test for accessing previous version of directories with snapdirseverywhere
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12885
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Jul 8 00:33:51 CEST 2017 on sn-devel-144
- - - - -
7dec1e1e by Herb Lewis at 2017-07-08T05:57:55+02:00
delete duplicate test
Signed-off-by: Herb Lewis <herb at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
Autobuild-User(master): Herb Lewis <herb at samba.org>
Autobuild-Date(master): Sat Jul 8 05:57:55 CEST 2017 on sn-devel-144
- - - - -
305eb1b6 by Ralph Boehme at 2017-07-10T16:48:24+02:00
vfs_fruit: fix a typo
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jul 10 16:48:24 CEST 2017 on sn-devel-144
- - - - -
77cbced5 by Stefan Metzmacher at 2017-07-10T23:22:10+02:00
s3:smbd: consistently use talloc_tos() memory for rpc_pipe_open_interface()
The result is only used temporary and should not be leaked on a long term
memory context as 'conn'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12890
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c9172c5a by Ralph Boehme at 2017-07-10T23:22:10+02:00
s3/vfs: remove SMB_VFS_STRICT_UNLOCK
It's just a noop, so let's remove it. SMB_VFS_STRICT_LOCK doesn't set
logs, it just checks for the presence of incompatible locks.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12887
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
67466271 by Ralph Boehme at 2017-07-11T03:37:44+02:00
s3/vfs: rename SMB_VFS_STRICT_LOCK to SMB_VFS_STRICT_LOCK_CHECK
As per MS-SMB2 and MS-FSA and our SMB_VFS_STRICT_LOCK implementation,
we're merely testing for locks, not setting any.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12887
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jul 11 03:37:44 CEST 2017 on sn-devel-144
- - - - -
539714ef by Anoop C S at 2017-07-11T11:45:04+02:00
ctdb-scripts: Fix inline comments in 10.interface
Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue Jul 11 11:45:04 CEST 2017 on sn-devel-144
- - - - -
259e1706 by Günther Deschner at 2017-07-12T03:17:57+02:00
vfs_fruit: add fruit:model = <modelname> parametric option
fruit:model = iMac
fruit:model = MacBook
fruit:model = MacPro
fruit:model = Xserve
will all display a different icon inside Finder.
Formerly, we used "Samba" which resulted in a "?" icon in Finder, with
the new default "MacSamba" we appear with a computer box icon at least.
Guenther
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12840
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Jul 12 03:17:57 CEST 2017 on sn-devel-144
- - - - -
4a7ec5b7 by Ralph Boehme at 2017-07-12T09:01:17+02:00
selftest: add ad_member_idmap_ad server
Add a member server that uses idmap_ad. Gets used in the next commit.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b3d14dae by Ralph Boehme at 2017-07-12T09:01:17+02:00
selftest: add some basic tests for idmap_ad
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fe7020b0 by Dustin L. Howett via samba-technical at 2017-07-12T09:01:17+02:00
idmap_ad: Retry query_user exactly once if we get TLDAP_SERVER_DOWN
All other ldap-querying methods in idmap_ad make a single retry attempt if they get
TLDAP_SERVER_DOWN. This patch brings idmap_ad_query_user in line with that design.
This fixes the symptom described in 12720 at the cost of an additional reconnect per
failed lookup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12720
Signed-off-by: Dustin L. Howett <dustin at howett.net>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2bce9cb7 by Ralph Boehme at 2017-07-12T09:01:17+02:00
ctdb: enable mutexes for volatile TDBs by default
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12891
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a70be432 by Ralph Boehme at 2017-07-12T09:01:18+02:00
dbwrap: enable mutexes by default for volatile TDBs
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12891
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
6ae063a1 by Amitay Isaacs at 2017-07-12T09:01:18+02:00
dbwrap: CTDB ignores tdb_flags passed to db attach controls
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12891
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0077296c by Ralph Boehme at 2017-07-12T09:01:19+02:00
ctdbd_conn: move CTDB_CONTROL_ENABLE_SEQNUM control to db_open_ctdb
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12891
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b2b7e3b9 by Ralph Boehme at 2017-07-12T09:01:19+02:00
ctdbd_conn: pass persistent bool instead of tdb_flags
ctdbd_db_attach() only needs to know the ctdb database model, not the
rest of the flags.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12891
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
de9d2195 by Ralph Boehme at 2017-07-12T13:25:11+02:00
dbwrap: Ask CTDB for local tdb open flags
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12891
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Jul 12 13:25:11 CEST 2017 on sn-devel-144
- - - - -
3799a32e by Jeffrey Altman at 2017-07-12T17:44:50+02:00
CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'. Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.
Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894
(based on heimdal commit 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea)
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jul 12 17:44:50 CEST 2017 on sn-devel-144
- - - - -
9c68f996 by Volker Lendecke at 2017-07-12T17:45:24+02:00
spoolss: Fix CID 1414784 Uninitialized scalar variable
"struct tm" can contain more members than we explicitly initialize.
Initialize them all.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bebf90f7 by Volker Lendecke at 2017-07-12T22:12:21+02:00
libwbclient: Fix CID 1414781 Dereference null return value
Basically a cut&paste error from somewhere else
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jul 12 22:12:22 CEST 2017 on sn-devel-144
- - - - -
3e85cbfd by Martin Schwenke at 2017-07-13T13:30:23+02:00
ctdb-common: Set close-on-exec when creating PID file
Otherwise, for example, the file descriptor for the main PID file will
leak all the way down to event scripts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12898
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4e68d377 by Martin Schwenke at 2017-07-13T17:57:11+02:00
ctdb-docs: Update documentation of ipreallocated event
This was out of date due to the removal of service_check_reconfigure()
and similar.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Thu Jul 13 17:57:11 CEST 2017 on sn-devel-144
- - - - -
df0db9d8 by Ralph Boehme at 2017-07-13T22:21:08+02:00
vfs_fruit: don't use MS NFS ACEs with Windows clients
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12897
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Jul 13 22:21:08 CEST 2017 on sn-devel-144
- - - - -
a4c3ee67 by Steve French at 2017-07-14T02:43:47+02:00
s3:smbclient: Allow last dos attribute to be cleared
With the upgrade to SMB3.1.1 from cifs for smbclient,
setmode no longer works when removing attributes,
if the resultant attribute is 0 it is skipped
(unlike for the old cifs setpathinfo).
When clearing the final attribute, pass in ATTRIBUTE_NORMAL
instead of zero.
This also removes a redundant cli_setatr call
when clearing attributes (cli_setatr was being called
twice).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12899
Signed-off-by: Steve French <sfrench at samba.org>
Reviewed-by: Anne Marie Merritt <annemarie.merritt at primarydata.com>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jul 14 02:43:47 CEST 2017 on sn-devel-144
- - - - -
303a52d8 by Alexander Bokovoy at 2017-07-14T07:10:24+02:00
py3: Make sure to specify METH_VARARGS together with METH_KEYWORDS
A Python 3 bug https://bugs.python.org/issue15657 explains that one should
always use METH_VARARGS|METH_KEYWORDS when defining a function rather
than a lonely METH_KEYWORDS. We had only one definition like this in
Samba and it was the one that affects FreeIPA when running in Python 3
mode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12905
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0ed918ef by Alexander Bokovoy at 2017-07-14T11:36:53+02:00
Build py3 versions of other rpc modules
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12905
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Alexander Bokovoy <ab at samba.org>
Autobuild-Date(master): Fri Jul 14 11:36:53 CEST 2017 on sn-devel-144
- - - - -
85b10a63 by Bernhard M. Wiedemann at 2017-07-14T18:48:07+02:00
s3: drop build_env
As a follow up to eedebe2ef1b ("docs-xml: Sort input file list"), this
change enables reproducible builds, without the added complexity of
https://lists.samba.org/archive/samba-technical/2017-June/121302.html
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12906
Signed-off-by: Bernhard M. Wiedemann <bwiedemann at suse.de>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Fri Jul 14 18:48:08 CEST 2017 on sn-devel-144
- - - - -
7f4e7cfd by Ralph Boehme at 2017-07-15T02:16:18+02:00
s3/notifyd: ensure notifyd doesn't return from smbd_notifyd_init
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12910
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5fe76a54 by Jeremy Allison at 2017-07-15T02:16:18+02:00
s3: smbd: Fix a read after free if a chained SMB1 call goes async.
Reported to the Samba Team by Yihan Lian <lianyihan at 360.cn>, a security
researcher of Qihoo 360 GearTeam. Thanks a lot!
smb1_parse_chain() incorrectly used talloc_tos() for the memory
context of the chained smb1 requests. This gets freed between
requests so if a chained request goes async, the saved request
array also is freed, which causes a crash on resume.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12836
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4cced4da by Andreas Schneider at 2017-07-15T06:43:47+02:00
s3:client: The smbspool krb5 wrapper needs negotiate for authentication
If you create a new printer it doesn't have AuthInfoRequired set and so
cups calls the backend with:
AUTH_INFO_REQUIRED=none
In this case we need to return:
ATTR: auth-info-required=negotiate
and return an error that we require authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12886
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jul 15 06:43:47 CEST 2017 on sn-devel-144
- - - - -
59f89515 by Jeremy Allison at 2017-07-18T09:49:17+02:00
Revert "s3:smbclient: Allow last dos attribute to be cleared"
Incorrect fix - this must be fixed inside cli_setatr(), not
the callers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12899
This reverts commit a4c3ee6767d768365a47bfda32a26cb7994b3787.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
- - - - -
f1cc79a4 by Jeremy Allison at 2017-07-18T09:49:17+02:00
s3: libsmb: Reverse sense of 'clear all attributes', ignore attribute change in SMB2 to match SMB1.
SMB1 uses attr == 0 to clear all attributes
on a file (end up with FILE_ATTRIBUTE_NORMAL),
and attr == FILE_ATTRIBUTE_NORMAL to mean ignore
request attribute change.
SMB2 uses exactly the reverse. Unfortunately as the
cli_setatr() ABI is exposed inside libsmbclient,
we must make the SMB2 cli_smb2_setatr() call
export the same ABI as the SMB1 cli_setatr()
which calls it. This means reversing the sense
of the requested attr argument if it's zero
or FILE_ATTRIBUTE_NORMAL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12899
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
- - - - -
5facd045 by Jeremy Allison at 2017-07-18T14:05:18+02:00
s3: smbclient: Add a test for the setmode command.
Tested over SMB1 and SMB2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12899
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jul 18 14:05:18 CEST 2017 on sn-devel-144
- - - - -
bc951ae0 by Samba-JP oota at 2017-07-18T18:35:15+02:00
docs: Fix a typo in cifsdd.8
Signed-off-by: Samba-JP oota <ribbon at samba.gr.jp>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Jul 18 18:35:16 CEST 2017 on sn-devel-144
- - - - -
b594e0cd by Andreas Schneider at 2017-07-19T07:42:08+02:00
s3:tests: Fix directory creation and deletion of test_local_symlinks()
This should fix flakey autobuild.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12914
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bd7eab16 by Andreas Schneider at 2017-07-19T11:59:52+02:00
s3:tests: Fix directory creation and deletion of test_nosymlinks()
This should fix flakey autobuild.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12914
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jul 19 11:59:52 CEST 2017 on sn-devel-144
- - - - -
f7daa453 by Amitay Isaacs at 2017-07-19T12:00:15+02:00
dbwrap_ctdb: Fix calculation of persistent flag
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12891
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
995aec51 by Ralph Boehme at 2017-07-19T12:00:15+02:00
examples: add gencache.stp
Add a Systemtap script to profile gencache.
Usage:
- profile a single smbd process:
# stap -x 22225 gencache.stp smbd
- profile all winbindd proceses:
# stap gencache.stp winbindd
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1b7b7a92 by Ralph Boehme at 2017-07-19T16:20:56+02:00
examples: add winbindd.stp and a shell script to generate it
Usage:
Instrument all winbindd processes:
# stap winbindd.stp
Instrument a specific winbindd process:
# stap -x PID winbindd.stp
Example output:
# stap winbindd.stp
Collecting data, press ctrl-C to stop... ^C
Winbind request service time
============================
winbindd_getpwnam_send count: 99, sum: 6229 ms (min: 2669 us, avg: 62921 us, max: 157907 us)
Winbind request runtime
=======================
winbindd_getpwnam_send count: 99, sum: 3 ms (min: 21 us, avg: 36 us, max: 77 us)
Winbind domain-child request service time
=========================================
_wbint_LookupName count: 99, sum: 1403 ms (min: 619 us, avg: 14181 us, max: 136613 us)
_wbint_GetNssInfo count: 99, sum: 0 ms (min: 2 us, avg: 3 us, max: 6 us)
_wbint_LookupSid count: 102, sum: 49 ms (min: 13 us, avg: 481 us, max: 6315 us)
_wbint_Sids2UnixIDs count: 101, sum: 2 ms (min: 18 us, avg: 29 us, max: 49 us)
_wbint_LookupSids count: 101, sum: 84 ms (min: 411 us, avg: 838 us, max: 3524 us)
Winbind domain-child AD-backend service time
============================================
sid_to_name count: 56, sum: 45 ms (min: 431 us, avg: 816 us, max: 6275 us)
sequence_number count: 12, sum: 1209 ms (min: 46618 us, avg: 100803 us, max: 131439 us)
name_to_sid count: 99, sum: 176 ms (min: 547 us, avg: 1781 us, max: 9866 us)
...
Regenerate winbindd.stp:
$ examples/systemtap/generate-winbindd.stp.sh
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Jul 19 16:20:56 CEST 2017 on sn-devel-144
- - - - -
0181fcc4 by Volker Lendecke at 2017-07-19T21:22:12+02:00
smbd: Fix a connection run-down race condition
When we do a server exit with active aio jobs, we need to keep the
aio state active for the helper thread. Right now I don't see another
chance than to leak memory in this case. And, I don't really oversee
how cancelling requests works in this case, but this does fix crashes
seen at a customer site.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e54adf51 by Aurelien Aptel at 2017-07-19T21:22:13+02:00
ndr_compression: use MAX_WBITS constant
Signed-off-by: Aurelien Aptel <aaptel at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9a2180cd by Andreas Schneider at 2017-07-19T21:22:13+02:00
librpc:ndr_cab: Cast data pointer correctly
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3b5442e7 by Aurelien Aptel at 2017-07-19T21:22:13+02:00
librpc/ndr: remove trailing whitespace from compression file.
Signed-off-by: Aurelien Aptel <aaptel at suse.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a44bce6d by Günther Deschner at 2017-07-19T21:22:13+02:00
libndr/compression: pass down compressed length in ndr_pull_compression_start
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aa33aa6e by Aurelien Aptel at 2017-07-19T21:22:13+02:00
librpc/ndr: add new ndr_compression_state
Signed-off-by: Aurelien Aptel <aaptel at suse.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
096efc93 by Günther Deschner at 2017-07-19T21:22:13+02:00
librpc/ndr: add new MSZIP compression type for cabinet files
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1edf1266 by Aurelien Aptel at 2017-07-19T21:22:13+02:00
librpc/ndr: add helper functions to setup and free compression states.
Signed-off-by: Aurelien Aptel <aaptel at suse.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
466d5e81 by Aurelien Aptel at 2017-07-19T21:22:13+02:00
librpc: use DATA_BLOB in CFDATA structure
Signed-off-by: Aurelien Aptel <aaptel at suse.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9ec74a31 by Aurelien Aptel at 2017-07-19T21:22:13+02:00
librpc/ndr: remove unused ndr_cab_get_compression() function
Signed-off-by: Aurelien Aptel <aaptel at suse.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a2816122 by Günther Deschner at 2017-07-19T21:22:13+02:00
librpc/ndr: Use MAX_WBITS zlib define and change memLevel in MSZIP code
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7c20a870 by Andreas Schneider at 2017-07-19T21:22:13+02:00
librpc/ndr: Use correct value for max compression size
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
43a1952b by Aurelien Aptel at 2017-07-19T21:22:13+02:00
librpc/ndr: simplify cabinet file size calculation
Signed-off-by: Aurelien Aptel <aaptel at suse.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c60ad394 by Aurelien Aptel at 2017-07-19T21:22:13+02:00
librpc/ndr: add MSZIP compression for cabinet files
Signed-off-by: Aurelien Aptel <aaptel at suse.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7313e7c1 by Günther Deschner at 2017-07-20T01:38:02+02:00
s4-torture: point out why we cannot validate MSZIP compressed files
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jul 20 01:38:02 CEST 2017 on sn-devel-144
- - - - -
c57dcafb by Noel Power at 2017-07-20T18:49:27+02:00
s3/utils: smbcacls failed to detect DIRECTORIES using SMB2 (windows only)
uint16_t get_fileinfo(...) returns file attributes, this function
called
cli_qfileinfo_basic(cli, fnum, &mode, NULL, NULL, NULL,
NULL, NULL, NULL);
which was failing with NT_STATUS_ACCESS_DENIED errors when fnum above
was obtained via (when using protocol > SMB). Note: This only seems to be
an issue when run against a windows server, with smbd SMB1 & SMB2 work fine.
status = cli_ntcreate(cli, filename, 0, CREATE_ACCESS_READ,
0, FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN, 0x0, 0x0, &fnum, NULL);
The failing cli_qfileinfo_basic call above is unnecessary as we can already
obtain the required information from the cli_ntcreate call
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
- - - - -
ff7df3d3 by David Disseldorp at 2017-07-20T23:02:27+02:00
build: fix ceph_statx check when configured with libcephfs_dir
When configured with a custom libcephfs_dir, the ceph_statx check fails
to link. This is due to the location of the ceph-common dependency,
which is installed under a ceph subdirectory.
ceph/build > make DESTDIR=./inst install
...
ceph/build > find inst/|grep -e /libcephfs -e /libceph-common
inst/usr/local/lib64/ceph/libceph-common.so.0
inst/usr/local/lib64/ceph/libceph-common.so
inst/usr/local/lib64/libcephfs.so.2.0.0
inst/usr/local/lib64/libcephfs.so.2
inst/usr/local/lib64/libcephfs.so
inst/usr/local/include/cephfs/libcephfs.h
Signed-off-by: David Disseldorp <ddiss at suse.de>
Reviewed-by: Jeff Layton <jlayton at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Thu Jul 20 23:02:27 CEST 2017 on sn-devel-144
- - - - -
4031b303 by Andrew Bartlett at 2017-07-21T09:30:25+02:00
getncchanges: Do not segfault if somehow we get 0 results from an ldb_search with scope BASE
This should not happen, but we have seen this happen in autobuild
before the whole-DB locking issues were resolved by
https://bugzilla.samba.org/show_bug.cgi?id=12858
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
4e04f025 by Tim Beale at 2017-07-21T13:54:35+02:00
selftest: Add test for password change when NTLM is disabled
When NTLM is disabled, the server should reject NTLM-based password
changes. Changing the password is a bit complicated from python, but
because the server should reject the password change outright with
NTLM_BLOCKED, the test doesn't actually need to provide valid
credentials.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Jul 21 13:54:35 CEST 2017 on sn-devel-144
- - - - -
1dcacff0 by David Disseldorp at 2017-07-21T19:10:46+02:00
vfs_ceph: fix cephwrap_chdir()
When provided a '/' path (i.e. CephFS root), vfs_ceph does a *local*
chdir() to the share path. This breaks smb client directory listings.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12911
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Fri Jul 21 19:10:46 CEST 2017 on sn-devel-144
- - - - -
e3a151e2 by Uri Simchoni at 2017-07-21T19:11:13+02:00
winbindd: cache name-to-sid from PAC based on lookup domain
The name-to-sid lookup for trusted domains is not necessarily
done against the domain - in AD member case it is done
against the primary domain. Therefore the caching should also
be done against the lookup domain.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c819c7d5 by Uri Simchoni at 2017-07-21T19:11:13+02:00
winbindd: queryuser - only get group name if needed
When calculating the user entry for a user, the
primary group id *name* might be needed if it is
part of a home dir / shell template (%g or %G).
Only resolve primary group SID to primary group name
if it is needed, thereby saving a round-trip to the DC
(and better handling situations where it is disconnected).
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5c1e2f56 by Uri Simchoni at 2017-07-21T19:11:13+02:00
winbindd: avoid refreshing sequence number when domain is offline
When there's no connectivity to the domain, avoid attempt to
refresh sequence number. Before the change, this was avoided
only if winbind offline logon was enabled. However, being
able to operate based on cached data is desired even when
offline logons are disabled (offline logons are about caching
credentials for PAM authentication, a user may not want this
and still want service from the SMB server during short
AD disconnects).
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
13f91927 by Stefan Metzmacher at 2017-07-21T23:29:39+02:00
s4:http/gensec: add missing tevent_req_done() to gensec_http_ntlm_update_done()
This was missing in commit d718e92d5e145dccd492c46febc249e462ce50c6.
Sadly we can't have automated tests for this as we only implement
the client side for this protocol.
I've tested with using:
bin/smbtorture \
-W BLA --realm=BLA.BASE \
-s /dev/null -Uadministrator%A1b2C3d4 \
ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \
rpc.epmapper.epmapper.Lookup_simple \
and:
bin/smbtorture \
-W BLA --realm=BLA.BASE \
-s /dev/null -Uadministrator%A1b2C3d4 \
ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \
rpc.epmapper.epmapper.Lookup_simple \
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12919
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jul 21 23:29:39 CEST 2017 on sn-devel-144
- - - - -
be7f6f4d by Stefan Metzmacher at 2017-07-21T23:31:03+02:00
talloc: version 2.1.10
* build, documentation and python3 improvements
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
21b56ffd by Stefan Metzmacher at 2017-07-21T23:31:03+02:00
tevent: avoid calling talloc_get_name(NULL) in tevent_req_default_print()
We have the same information available under req->internal.private_type.
This way it's possible to call tevent_req_print() after
tevent_req_received() was called.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ca3e9848 by Stefan Metzmacher at 2017-07-21T23:31:03+02:00
tevent: handle passing req = NULL to tevent_req_print()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7ad3a99d by Stefan Metzmacher at 2017-07-21T23:31:03+02:00
tevent: version 0.9.33
* make tevent_req_print() more robust against crashes
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
19dfccea by Stefan Metzmacher at 2017-07-22T03:46:25+02:00
ldb: version 1.2.1
* Bug #12882: Do not install _ldb_text.py if we have system libldb
* Use libraries from build dir for testsuite
* Bug #12900: Fix index out of bound in ldb_msg_find_common_values
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Jul 22 03:46:25 CEST 2017 on sn-devel-144
- - - - -
6c45db67 by Andrew Bartlett at 2017-07-22T07:45:31+02:00
s4-drepl: Use tevent_schedule_immediate() in DsReplicaSync handler
When we are sent a DsReplicaSync() we should work on inbound replication
(ideally from the requested source, but so far we just start the whole queue)
right away, not after 1 second.
We should also target inbound replication, not any outbound replication
notification that may happen to be due.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12921
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Jul 22 07:45:31 CEST 2017 on sn-devel-144
- - - - -
890137cf by Thomas Jarosch at 2017-07-22T22:45:05+02:00
s3: libsmb: Fix use-after-free when accessing pointer *p.
talloc_asprintf_append() might call realloc()
and therefore move the memory address of "path".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12927
Signed-off-by: Thomas Jarosch <thomas.jarosch at intra2net.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jul 22 22:45:05 CEST 2017 on sn-devel-144
- - - - -
f1e4ae99 by Andrew Bartlett at 2017-07-23T12:32:49+02:00
s4-drepl: Block GetNCChanges during a DsReplicaSync
If we do not block these, we can get RPC faults
(DCERPC_NCA_S_PROTO_ERROR) which gives WERR_WRITE_FAULT back to the
DsReplicaSync call as there are two outstanding requests on the wire
at the one time.
We will get to the next operation as soon as this is finished
when we call run_pending_ops().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12926
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Sun Jul 23 12:32:49 CEST 2017 on sn-devel-144
- - - - -
507c81a7 by Martin Schwenke at 2017-07-23T15:38:10+02:00
ctdb-scripts: Fix a typo
This is a regression introduced in commit
e847ec3ae24cc6c8c69284c7fe0791a319cf7142
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
312947f8 by Martin Schwenke at 2017-07-23T19:31:08+02:00
ctdb-tests: Add event script startup/shutdown tests
For vsftpd, httpd, winbind. These should help to catch typo
regressions.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Sun Jul 23 19:31:08 CEST 2017 on sn-devel-144
- - - - -
61455ad8 by Andrew Bartlett at 2017-07-24T03:33:01+02:00
selftest: Make --include-env and --exclude-env use the base env name
The code as deployed would have required (eg) '--include-env=ktest
--include-env=ktest:local' which was not done in autobuild, causing
tests to be skipped. This patch restores the intended behaviour.
This causes 33 testsuites to run, one more test (the newly added
samba.tests.ntlmauth) than the old regex provided (before
602772159dfd1213385f42ecbf31136f57693b63).
(The regression dropped us down to matching only 7 tests).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12922
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jul 24 03:33:01 CEST 2017 on sn-devel-144
- - - - -
4779afe0 by Bob Campbell at 2017-07-24T07:14:10+02:00
python/tests: add python test for cracknames
This fails due the bug, which causes the related test in
drsuapi_cracknames.c to flap. It also fails due to us not yet supporting
DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL or
DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12842
Signed-off-by: Bob Campbell <bobcampbell at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
c186e02b by Bob Campbell at 2017-07-24T07:14:10+02:00
samdb/cracknames: do not show recycled when a guid is desired
Previously, when a GUID was desired to
cracknames, it would include recycled objects as well. This would
sometimes result in two objects being returned from a query which is
supposed to return a unique GUID. For example, if a deleted user had
the same sAMAccountName as a non-deleted user and cracknames was used to
find the GUID of this account, it would return two GUIDs, and so would
fail with DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12842
Signed-off-by: Bob Campbell <bobcampbell at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
eb2e7797 by Bob Campbell at 2017-07-24T11:10:26+02:00
samdb/cracknames: support user and service principal as desired format
This adds support for DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL and
DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL as desired formats.
This also causes the test in cracknames.py to no longer fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12842
Signed-off-by: Bob Campbell <bobcampbell at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Jul 24 11:10:26 CEST 2017 on sn-devel-144
- - - - -
9d4a9bd3 by Andrew Bartlett at 2017-07-24T14:50:11+02:00
smb.conf: Explain that "ntlm auth" is a per-passdb setting
This parameter has always applied to this passdb only, not to domain
authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12929
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
314cf608 by Andreas Schneider at 2017-07-24T14:50:11+02:00
s4:kcc: Add a NULL check before qsort()
This fixes building with GCC 7.1.1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9b64b11c by Andreas Schneider at 2017-07-24T18:45:33+02:00
mit-kdb: Fix NULL pointer check after malloc
This fixes building with GCC 7.1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jul 24 18:45:34 CEST 2017 on sn-devel-144
- - - - -
6ab9f789 by Gary Lockyer at 2017-07-24T23:29:22+02:00
dcerpc.idl Add symbolic constant for /root/ncalrpc_as_system
This is string is used several places in the code and tests, so it
should be a constant.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
1898096c by Gary Lockyer at 2017-07-24T23:29:22+02:00
rpc: use symbolic constant to replace /root/ncalrpc_as_system
Modified to use constant AS_SYSTEM_MAGIC_PATH_TOKEN instead of string literal
"/root/ncalrpc_as_system"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
ddfe8aa9 by Gary Lockyer at 2017-07-24T23:29:23+02:00
auth_log: use symbolic constant to replace /root/ncalrpc_as_system
Modified to use constant AS_SYSTEM_MAGIC_PATH_TOKEN instead of
string literal "/root/ncalrpc_as_system"
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
5c27c5b6 by Gary Lockyer at 2017-07-24T23:29:23+02:00
tests auth_log: Modify existing tests to handle NETLOGON messages
Modify the existing tests to ignore auth logging for NETLOGON messages.
NETLOGON authentication is logged once per session, and is tested
separately. Ignoring it in these tests avoids order dependencies.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
f3d3e6da by Gary Lockyer at 2017-07-24T23:29:23+02:00
tests auth_log: Add new tests for NETLOGON
Tests for the logging of NETLOGON authentications in the
netr_ServerAuthenticate3 message processing
Test code based on the existing auth_log tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
efc335a0 by Gary Lockyer at 2017-07-24T23:29:23+02:00
source4 netlogon: Add authentication logging for ServerAuthenticate3
Log NETLOGON authentication activity by instrumenting the
netr_ServerAuthenticate3 processing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
abd821b7 by Andrew Bartlett at 2017-07-24T23:29:23+02:00
s4-netlogon: Extend ServerAuthenticate3 logging to split up username forms
This splits out the username into the input, mapped and obtained
just as we do elsewhere.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
427a11b8 by Andrew Bartlett at 2017-07-24T23:29:23+02:00
s4-netlogon: Use log_escape to protect against un-validated strings
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
a420b1bd by Andrew Bartlett at 2017-07-25T03:21:19+02:00
selftest: Use NETLOGON_NEG_STRONG_KEYS constant in AuthLogTestsNetLogonBadCreds
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Jul 25 03:21:19 CEST 2017 on sn-devel-144
- - - - -
a8417451 by Andreas Schneider at 2017-07-25T09:14:19+02:00
uwrap: Update to version 1.2.4
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a19b08c9 by Andreas Schneider at 2017-07-25T09:14:19+02:00
s3:printing: Do not segfault in vlp if no command has been specified
We should just print the usage() and return
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
924e7f7c by Andreas Schneider at 2017-07-25T09:14:19+02:00
s3:printing: Fix setting the first jobnum
This is just something logical. The define is called first jobnum but
the first one was always 101.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a553f124 by Andreas Schneider at 2017-07-25T09:14:19+02:00
s3:client: Fix the usage of argv in smbspool
We use argv[0] to print the name of the binary, but have shifted it
away. Do not do that.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7a73a130 by Andreas Schneider at 2017-07-25T09:14:19+02:00
s3:client: Make it possible use smbspool in selftest
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d6518d74 by Andreas Schneider at 2017-07-25T09:14:19+02:00
s3:client: Only use kerberos if credential cache exists in smbspool
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5c178ebc by Andreas Schneider at 2017-07-25T09:14:19+02:00
s3:tests: Add test for smbspool
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
dc159541 by Andreas Schneider at 2017-07-25T09:14:19+02:00
s3:client: Use KRB5CCNAME in smbspool_krb5_wrapper if set
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
48309020 by Andreas Schneider at 2017-07-25T13:17:13+02:00
s3:tests: Add tests for smbspool_krb5_wrapper
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jul 25 13:17:13 CEST 2017 on sn-devel-144
- - - - -
404f923e by Andreas Schneider at 2017-07-25T13:51:07+02:00
auth/spnego: Fix withespace and indent in gensec_spnego_server_try_fallback()
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a2a4483c by Stefan Metzmacher at 2017-07-25T13:51:07+02:00
auth/spnego: move gensec_update_ev() out of gensec_spnego_server_try_fallback()
This makes it easier to handle SPNEGO_FALLBACK code path completely async
from the first packet in future.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e243fb51 by Stefan Metzmacher at 2017-07-25T13:51:07+02:00
auth/spnego: skip gensec_update_ev() if sub_sec_ready is already true in gensec_spnego_update_server()
This matches the flow already used in the client case.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c988596c by Stefan Metzmacher at 2017-07-25T13:51:07+02:00
auth/spnego: introduce a 'spnego_in' helper variable in gensec_spnego_update_client()
In the following commits we'll pass that variable from the caller
and this preparation will reduce the diff for the following patches.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
00c195b4 by Stefan Metzmacher at 2017-07-25T13:51:07+02:00
auth/spnego: introduce a 'spnego_in' helper variable in gensec_spnego_update_client()
In the following commits we'll pass that variable from the caller
and this preparation will reduce the diff for the following patches.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6521967c by Stefan Metzmacher at 2017-07-25T13:51:07+02:00
auth/spnego: do parse the incoming blob already in gensec_spnego_update_send()
It's easier to have this in one central place.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3903ba82 by Stefan Metzmacher at 2017-07-25T13:51:07+02:00
auth/spnego: call gensec_spnego_create_negTokenInit() directly in gensec_spnego_update_send()
This simplifies further refactoring.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
dc074180 by Stefan Metzmacher at 2017-07-25T13:51:07+02:00
auth/spnego: simplify the error handling logic in gensec_spnego_parse_negTokenInit()
We can just use GENSEC_UPDATE_IS_NTERROR() as NT_STATUS_INVALID_PARAMETER
is mapped to NT_STATUS_MORE_PROCESSING_REQUIRED in the lines above.
Check with git show -U10
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
eee973a6 by Stefan Metzmacher at 2017-07-25T13:51:07+02:00
auth/spnego: make use of GENSEC_UPDATE_IS_NTERROR() in gensec_spnego_update_send()
Check with git show -U15
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3866d559 by Stefan Metzmacher at 2017-07-25T13:51:07+02:00
auth/spnego: make use of GENSEC_UPDATE_IS_NTERROR() in gensec_spnego_create_negTokenInit()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ce6c80ab by Stefan Metzmacher at 2017-07-25T13:51:07+02:00
auth/spnego: make use of GENSEC_UPDATE_IS_NTERROR() in gensec_spnego_update_client()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3ed3d81e by Stefan Metzmacher at 2017-07-25T13:51:07+02:00
auth/spnego: split out a gensec_spnego_client_negTokenInit() function.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2054008f by Stefan Metzmacher at 2017-07-25T13:51:07+02:00
auth/spnego: split out a gensec_spnego_server_negTokenInit() function.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7128dd8f by Stefan Metzmacher at 2017-07-25T13:51:07+02:00
auth/spnego: make more use of the 'ta' helper variable in gensec_spnego_update_client()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
909d190e by Stefan Metzmacher at 2017-07-25T13:51:08+02:00
auth/spnego: split out a gensec_spnego_client_negTokenTarg() function
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e60222d5 by Stefan Metzmacher at 2017-07-25T13:51:08+02:00
auth/spnego: introduce a 'struct spnego_negTokenTarg *ta' helper variable in gensec_spnego_update_server()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f85f9da2 by Stefan Metzmacher at 2017-07-25T13:51:08+02:00
auth/spnego: split out a gensec_spnego_server_negTokenTarg() function
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fe4521dc by Stefan Metzmacher at 2017-07-25T13:51:09+02:00
auth/spnego: inline gensec_spnego_update_client() into gensec_spnego_update_send()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7c04ee94 by Stefan Metzmacher at 2017-07-25T13:51:09+02:00
auth/spnego: inline gensec_spnego_update_server() into gensec_spnego_update_send()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
482fe65e by Stefan Metzmacher at 2017-07-25T13:51:09+02:00
auth/spnego: let gensec_spnego_parse_negTokenInit() require client provides mechs
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8ddfafdb by Stefan Metzmacher at 2017-07-25T13:51:09+02:00
auth/spnego: inline gensec_spnego_parse_negTokenInit() client logic into gensec_spnego_client_negTokenInit()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1c2ed3de by Stefan Metzmacher at 2017-07-25T13:51:09+02:00
auth/spnego: remove unused indentation level from gensec_spnego_parse_negTokenInit()
gensec_spnego_parse_negTokenInit() is only used as server now.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f2044028 by Stefan Metzmacher at 2017-07-25T13:51:09+02:00
auth/spnego: remove dead code from gensec_spnego_parse_negTokenInit()
Check with git show -U15
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2a846bab by Stefan Metzmacher at 2017-07-25T13:51:09+02:00
auth/spnego: remove one more useless indentation level from gensec_spnego_parse_negTokenInit()
Check with 'git show -w -U45' and carefully check the 'break' vs. 'continue'
changes.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1523a778 by Stefan Metzmacher at 2017-07-25T13:51:09+02:00
auth/spnego: do an early return when we downgraded the mech in gensec_spnego_parse_negTokenInit()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
32836a77 by Stefan Metzmacher at 2017-07-25T13:51:10+02:00
auth/spnego: add an early return for a hard error in gensec_spnego_parse_negTokenInit()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ba9c51d5 by Stefan Metzmacher at 2017-07-25T13:51:10+02:00
auth/spnego: add an early return for OK or MORE PROCESSING in gensec_spnego_parse_negTokenInit()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
efacdf97 by Stefan Metzmacher at 2017-07-25T13:51:10+02:00
auth/spnego: remove more dead code from gensec_spnego_parse_negTokenInit()
Now we finally have a logic that someone can understand while reading it.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
cb8f370a by Stefan Metzmacher at 2017-07-25T13:51:10+02:00
auth/spnego: inline gensec_spnego_parse_negTokenInit() into gensec_spnego_server_negTokenInit()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3bf49464 by Stefan Metzmacher at 2017-07-25T13:51:10+02:00
auth/spnego: split out gensec_spnego_update_pre/post() functions
For now we keep doing sync processing only, in future
we'll do some preprocessing before a gensec_update_send()
on the subcontext in gensec_spnego_update_pre()
and handle the the result of gensec_update_recv()
in gensec_spnego_update_post().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9502f535 by Stefan Metzmacher at 2017-07-25T13:51:10+02:00
auth/spnego: invert the fallback logic in gensec_spnego_client_negTokenInit()
We should do the return first, that will simplify further changes.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
81df16a5 by Stefan Metzmacher at 2017-07-25T13:51:10+02:00
auth/spnego: make the SPNEGO_FALLBACK continuation completely async
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
248be3bf by Stefan Metzmacher at 2017-07-25T13:51:10+02:00
auth/spnego: move the output generation to the end of gensec_spnego_create_negTokenInit()
This will simplify the diff of future patches.
Check with git show -w
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3042107a by Stefan Metzmacher at 2017-07-25T13:51:10+02:00
auth/spnego: introduce an early goto reply: for the server in gensec_spnego_create_negTokenInit()
This removes a useless indentation level and simplifies future patches.
Check with git show -w
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
71ca6fcf by Stefan Metzmacher at 2017-07-25T13:51:10+02:00
auth/spnego: remove one more useless indentation level in gensec_spnego_create_negTokenInit()
Check with git show -w -U20
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
10100348 by Stefan Metzmacher at 2017-07-25T13:51:10+02:00
auth/spnego: make the debug messages in gensec_spnego_create_negTokenInit() more useful
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
1ff53812 by Stefan Metzmacher at 2017-07-25T13:51:10+02:00
auth/spnego: rename 'nt_status' to 'status' in gensec_spnego_create_negTokenInit()
This makes future diffs smaller.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6a3c50f3 by Stefan Metzmacher at 2017-07-25T13:51:10+02:00
auth/spnego: add more error checking to gensec_spnego_create_negTokenInit()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d9e764ed by Stefan Metzmacher at 2017-07-25T13:51:10+02:00
auth/spnego: introduce an early return in gensec_spnego_create_negTokenInit()
This avoids print two debug message for the same failure.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9b4d44a0 by Stefan Metzmacher at 2017-07-25T13:51:11+02:00
auth/spnego: use better variable names in gensec_spnego_create_negTokenInit()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f7f9de40 by Stefan Metzmacher at 2017-07-25T13:51:11+02:00
auth/spnego: do an early return for the success case in gensec_spnego_client_negTokenTarg()
Check with git show -w
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a97057d5 by Stefan Metzmacher at 2017-07-25T13:51:11+02:00
auth/spnego: make sure we don't return OK without sub_sec_ready in gensec_spnego_client_negTokenTarg()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
3e6daa30 by Stefan Metzmacher at 2017-07-25T13:51:11+02:00
auth/spnego: generate a valid packet if gensec_spnego_client_negTokenTarg() gives MORE_PROCESSING_REQUIRED
If we wait for the mechListMIC from the server we should send a valid paket
instead of an empty blob.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
eedb8105 by Stefan Metzmacher at 2017-07-25T13:51:11+02:00
auth/spnego: don't call gensec_spnego_server_response() with a fatal error
It doesn't make sense to produce an output token without
returning OK or MORE_PROCESSING_REQUIRED.
Even in v4-0-test we had gensec_spnego_update_wrapper()
which only passed the constructed output token to the caller
with OK or MORE_PROCESSING_REQUIRED.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c56103e3 by Stefan Metzmacher at 2017-07-25T13:51:11+02:00
auth/spnego: don't produce an output token for errors in gensec_spnego_server_response()
gensec_spnego_server_response() is never called with a fatal error anymore.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e9eb0f3c by Stefan Metzmacher at 2017-07-25T13:51:11+02:00
auth/spnego: split gensec_spnego_create_negTokenInit() into subfunctions
This adds and uses the gensec_spnego_neg_loop() abstraction, which
abstracts start, step and finish hooks.
The start hook does the initial processing on the incoming paket and
may start the first possible subcontext. It indicates that
gensec_update() is required on the subcontext by returning
NT_STATUS_MORE_PROCESSING_REQUIRED and return something useful in
'in_next'. Note that 'in_mem_ctx' is just passed as a hint, the
caller should treat 'in_next' as const and don't attempt to free the
content. NT_STATUS_OK indicates the finish hook should be invoked
directly withing the need of gensec_update() on the subcontext.
Every other error indicates an error that's returned to the caller.
The step hook processes the result of a failed gensec_update() and
can decide to ignore a failure or continue the negotiation by
setting up the next possible subcontext. It indicates that
gensec_update() is required on the subcontext by returning
NT_STATUS_MORE_PROCESSING_REQUIRED and return something useful in
'in_next'. Note that 'in_mem_ctx' is just passed as a hint, the
caller should treat 'in_next' as const and don't attempt to free the
content. NT_STATUS_OK indicates the finish hook should be invoced
directly withing the need of gensec_update() on the subcontext.
Every other error indicated an error that's returned to the caller.
The finish hook processes the result of a successful gensec_update()
(NT_STATUS_OK or NT_STATUS_MORE_PROCESSING_REQUIRED). It forms the
response pdu that will be returned from the toplevel gensec_update()
together with NT_STATUS_OK or NT_STATUS_MORE_PROCESSING_REQUIRED. It
may also alter the state machine to prepare receiving the next pdu
from the peer.
This is the start of using this abstraction for the initial client or server
start with on empty input token from the peer.
This abstraction will be applied to all four other spnego states,
gensec_spnego_{client,server}_negToken{Init,Targ}() in the following
commits.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e337d4f8 by Stefan Metzmacher at 2017-07-25T13:51:11+02:00
auth/spnego: split gensec_spnego_client_negTokenInit() into subfunctions
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7ff159e3 by Stefan Metzmacher at 2017-07-25T13:51:11+02:00
auth/spnego: split gensec_spnego_client_negTokenTarg() into subfunctions
Check with git show -U15
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2d1fcde3 by Stefan Metzmacher at 2017-07-25T13:51:11+02:00
auth/spnego: split gensec_spnego_server_negTokenInit() into subfunctions
Check with git show -U15
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
75e6728b by Stefan Metzmacher at 2017-07-25T13:51:11+02:00
auth/spnego: split gensec_spnego_server_negTokenTarg() into subfunctions
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
832e9ff5 by Stefan Metzmacher at 2017-07-25T13:51:11+02:00
auth/spnego: replace gensec_spnego_neg_loop() by real async processing of {start,step,finish}_fn()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e4929501 by Andreas Schneider at 2017-07-25T13:51:11+02:00
auth/spnego: Rename gensec_spnego_update_sub_abort()
The name is not ideal as someone might think we will panic and abort the
process. So rename it to gensec_spnego_reset_sub_sec().
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
62ffe20f by Andreas Schneider at 2017-07-25T13:51:11+02:00
auth/spnego: Use talloc_get_type_abort() in gsensec_spnego_update_in()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
97788f4a by Andreas Schneider at 2017-07-25T13:51:11+02:00
auth/spnego: Use talloc_get_type_abort() in gsensec_spnego_update_out()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
692425f0 by Stefan Metzmacher at 2017-07-25T13:51:11+02:00
auth/gensec: add some useful debugging to gensec_update_send/gensec_update_done
This makes it easier to spot problems with all the abstraction and async layers.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
eb6b2b63 by Stefan Metzmacher at 2017-07-25T13:51:11+02:00
auth/gensec: introduce gensec_security_ops.glue in order to avoid depending on GENSEC_OID_SPNEGO being special
In future we have get more backends that can negotiate other backends,
we should keep all of them even if we require kerberos.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8268374c by Stefan Metzmacher at 2017-07-25T13:51:11+02:00
s4:lib/http: rewrite http_send_auth_request_*() using gensec_update_send/recv
The new logic makes it much clearer that we have a loop of
gensec_update_send()
gensec_update_recv()
http_send_request_send()
http_send_request_recv()
http_read_response_send()
http_read_response_recv()
Until the local gensec and the server are ready.
I've tested this against Windows 2008R2 like this:
bin/smbtorture \
-W BLA --realm=BLA.BASE \
-s /dev/null -Uadministrator%A1b2C3d4 \
ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \
rpc.epmapper.epmapper.Lookup_simple \
and:
bin/smbtorture \
-W BLA --realm=BLA.BASE \
-s /dev/null -Uadministrator%A1b2C3d4 \
ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \
rpc.epmapper.epmapper.Lookup_simple \
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a7f40124 by Stefan Metzmacher at 2017-07-25T13:51:12+02:00
auth/gensec: make use of gensec_update_send/recv in gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
39353c9a by Stefan Metzmacher at 2017-07-25T13:51:12+02:00
auth/gensec: don't allow gensec_update[_ev] to be called on a subcontext
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ee9f4374 by Stefan Metzmacher at 2017-07-25T17:42:55+02:00
auth/gensec: finally remove unused gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jul 25 17:42:55 CEST 2017 on sn-devel-144
- - - - -
812006fa by Jeremy Allison at 2017-07-25T17:43:15+02:00
s3: libsmbclient: Fix cli_setpathinfo_basic() to treat mode == -1 as no change.
This is only called from SMBC_setatr(), so bring it into line with
the specification for that function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2a15c706 by Jeremy Allison at 2017-07-25T17:43:15+02:00
s3: libsmb: Add cli_smb2_setpathinfo(), to be called by cli_setpathinfo_basic().
Fix to prevent libsmbclient from accidently making SMB1 calls inside an SMB2
connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b1e5b894 by Jeremy Allison at 2017-07-25T17:43:16+02:00
s3: libsmb: Implement cli_smb2_setatr() by calling cli_smb2_setpathinfo().
This removes duplicate code paths and ensures we have only one
function calling the underlying smb2cli_set_info() for setting
info levels by path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bfa07323 by Jeremy Allison at 2017-07-25T17:43:16+02:00
s3: torture: Add a test for cli_setpathinfo_basic() to smbtorture3.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cfb65684 by Volker Lendecke at 2017-07-25T17:43:16+02:00
torture: Add local-g-lock-ping-pong
This is similar to the ctdb ping_pong test.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f0598e98 by Volker Lendecke at 2017-07-25T17:43:16+02:00
dbwrap: Add dbwrap_merge_dbufs
Transitional code to implement dbwrap_record_storev
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
09915bf8 by Volker Lendecke at 2017-07-25T17:43:16+02:00
dbwrap: Convert backend store to storev
Convert all implementors of dbwrap_store to a storev-style call
by using the dbwrap_merge_dbufs call
For dbwrap_tdb, this matches tdb_storev.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
10c59f5b by Volker Lendecke at 2017-07-25T17:43:16+02:00
dbwrap: Add dbwrap_record_storev
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
45f5a55a by Volker Lendecke at 2017-07-25T17:43:16+02:00
dbwrap: Factor out the core dbwrap lock order logic
This will allow dbwrap_do_locked to check the order without talloc
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cb2a28eb by Volker Lendecke at 2017-07-25T17:43:16+02:00
dbwrap: Add dbwrap_do_locked
With a proper implementation this enables modifications without
having to allocate a record. In really performance sensitive code
paths this matters.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
86dbad3d by Volker Lendecke at 2017-07-25T17:43:16+02:00
torture3: Test dbwrap_do_locked
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e3a0f0c1 by Volker Lendecke at 2017-07-25T17:43:16+02:00
dbwrap_tdb: Implement do_locked
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
faa53616 by Volker Lendecke at 2017-07-25T17:43:16+02:00
dbwrap_watch: Introduce dbwrap_watch_rec
The idea is to leave the "watchers" array unparsed until it's needed. This
avoids a few talloc calls and unnecessary parsing.
Also, it deletes quite a few lines of code and .text bytes.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ecb4283f by Volker Lendecke at 2017-07-25T17:43:16+02:00
dbwrap_watch: Implement do_locked
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b03ca948 by Volker Lendecke at 2017-07-25T17:43:16+02:00
g_lock: Walk locks only once in g_lock_trylock
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2b6015f1 by Volker Lendecke at 2017-07-25T17:43:17+02:00
g_lock: simplify g_lock_trylock
The now mandatory talloc_realloc_array will go away soon
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8f2a5f14 by Volker Lendecke at 2017-07-25T17:43:17+02:00
g_lock: add "struct g_lock" without talloc
Enable handing the g_lock.tdb content without having to talloc
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e2aa568b by Volker Lendecke at 2017-07-25T17:43:17+02:00
g_lock: Implement g_lock_unlock without talloc
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a626f822 by Volker Lendecke at 2017-07-25T17:43:17+02:00
g_lock: Initialize variables
gcc -O3 complains, but I think this is a false positive
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8d1e950c by Volker Lendecke at 2017-07-25T17:43:17+02:00
g_lock: Avoid talloc in g_lock_trylock
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
946e334b by Volker Lendecke at 2017-07-25T17:43:17+02:00
g_lock: Use dbwrap_do_locked for g_lock_lock
Don't talloc the record
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fc891872 by Volker Lendecke at 2017-07-25T17:43:17+02:00
g_lock: Use dbwrap_do_locked in g_lock_lock_retry
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f540bbac by Volker Lendecke at 2017-07-25T17:43:17+02:00
torture3: Add verification for g_lock_retry
During development I had a bug that would have been found early
by this
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
241f31db by Volker Lendecke at 2017-07-25T17:43:17+02:00
g_lock: Use dbwrap_do_locked in g_lock_write_data
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
145b9cbb by Volker Lendecke at 2017-07-25T17:43:17+02:00
g_lock: remove unused functions g_lock_put() and g_lock_record_store()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
21df1401 by Volker Lendecke at 2017-07-25T17:43:17+02:00
g_lock: Use parse_record in g_lock_dump
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
667307cd by Volker Lendecke at 2017-07-25T17:43:17+02:00
g_lock: remove unused functions g_lock_get() and g_lock_get_talloc()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
17a472bc by Volker Lendecke at 2017-07-25T17:43:17+02:00
messaging: Factor out messaging_dispatch_waiters
No real code change: This makes dispatching to non-classic receives available
for other callers.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b5610284 by Volker Lendecke at 2017-07-25T17:43:17+02:00
messaging: Add DLIST pointers to messaging_rec
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
33df9c53 by Volker Lendecke at 2017-07-25T17:43:17+02:00
messaging: Keep an array of event contexts registered
This is done with an explicit reference-counting and without talloc
destructors. The code is isolated enough for now that explicit refcount
management seems simpler. This might change in the future, but for
now keep it simple.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
35b4750e by Volker Lendecke at 2017-07-25T17:43:18+02:00
messaging: Broadcast messages to all event contexts
We must give all event contexts that might be interested the chance to pick up
the message. If we send a message to ourselves via messaging_send_iov_from,
nested event contexts need to get a chance to see the message. Before this
patch only the main event context in msg_ctx got it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
26764554 by Volker Lendecke at 2017-07-25T17:43:18+02:00
ctdbd_conn: Pass "ev" through ctdb connection callbacks
This prepares the same logic we've implemented in messages_dgm for clustering
that is used in 6d3c064f1a5: We need to reply for messages from ctdb in nested
event contexts properly.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
db84e7a2 by Volker Lendecke at 2017-07-25T17:43:18+02:00
ctdbd_conn: Pass "ev" through ctdbd_msg_call_back
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3ee2e53b by Volker Lendecke at 2017-07-25T17:43:18+02:00
ctdbd_conn: Pass "ev" through ctdb_handle_message
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
dc390cf9 by Volker Lendecke at 2017-07-25T17:43:18+02:00
ctdbd_conn: Pass "ev" through ctdbd_socket_readable
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bd1e26f0 by Volker Lendecke at 2017-07-25T17:43:18+02:00
messaging: Add messaging_ctdbd_register_tevent_context
We need to listen for the ctdb socket in nested event contexts
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
fdad6209 by Volker Lendecke at 2017-07-25T17:43:18+02:00
messages_ctdb: Handle async msgs for nested event contexts
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9cb13791 by Volker Lendecke at 2017-07-25T17:43:18+02:00
dbwrap: Avoid dbwrap_merge_dbufs in db_ctdb_storev
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5afdce0a by Volker Lendecke at 2017-07-25T17:43:18+02:00
messaging: Add messaging_ctdb_init/destroy
This models connecting to ctdb after the dgm code. The main point
is that we should never open more than more ctdb socket for messaging.
With more than one socket, we might end up with our pid registered with
ctdb on more than one socket. This could lead to memory overconsumption
in ctdb. ctdbd will eventually throw away messages, but they will take
up space unnecessarily.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e26fa998 by Volker Lendecke at 2017-07-25T17:43:18+02:00
messaging: Add messages_ctdb_ref
Modeled after messages_dgm_ref
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1cc970be by Volker Lendecke at 2017-07-25T17:43:18+02:00
dbwrap_ctdb: Use messaging_ctdbd_connection
With messages_ctdb, the global ctdb connection will change after fork.
Don't store the wrong parent connection across a fork. The alternative would
be to do a reinit on all dbwrap_ctdb databases, but that seems overkill
given that we only have one "standard" ctdb connection anyway.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0c70bcda by Volker Lendecke at 2017-07-25T17:43:18+02:00
smbpasswd: Initialize messaging for messaging_ctdb_conn
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
67432fb9 by Volker Lendecke at 2017-07-25T17:43:18+02:00
messages_ctdb: Add messaging_ctdb_connection
This will be the replacement for messaging_ctdbd_connection(). This does not
default to initializing messaging but panics. We just don't have correct
default arguments for messaging_init. Implicit multiple messaging and event
contexts is a bug also.
It *might* be that some tools fail due to this, but this needs fixing in
different ways. See the previous commit for smbpasswd.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
d1add225 by Volker Lendecke at 2017-07-25T17:43:18+02:00
messaging: Use messaging_ctdb_ref()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
af63c0b3 by Volker Lendecke at 2017-07-25T17:43:18+02:00
ctdb_conn: Use messaging_ctdb_connection
Replace messaging_ctdbd_connection
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
7d244129 by Volker Lendecke at 2017-07-25T17:43:18+02:00
messaging: Remove messages_ctdbd.c
Replaced by messages_ctdb.[ch]
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e6846584 by Volker Lendecke at 2017-07-25T21:35:49+02:00
messaging: Remove "struct messaging_backend"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Jul 25 21:35:49 CEST 2017 on sn-devel-144
- - - - -
ad33964f by Volker Lendecke at 2017-07-25T21:36:12+02:00
libsmb: Add smb2cli_notify()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
18011343 by Volker Lendecke at 2017-07-25T21:36:12+02:00
libsmb: Add cli_smb2_notify
We have to do the parsing manually. Looking at librpc/gen_ndr/ndr_notify.c we
have the following code snippet:
size_FileName1_0 = strlen_m(r->FileName1);
NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->FileName1,
size_FileName1_0, sizeof(uint16_t),
CH_UTF16));
which means that we take strlen_m(r->FileName1) before we pull
it off the wire. Not sure how to fix this, but that is clearly
broken pidl output. Once that is fixed, we can convert this
to ndr_pull_struct.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5005a3a6 by Volker Lendecke at 2017-07-26T01:33:25+02:00
libsmb: Enable "cli_notify" for SMB2+
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jul 26 01:33:25 CEST 2017 on sn-devel-144
- - - - -
a17cb9ee by Günther Deschner at 2017-07-26T01:34:12+02:00
s3-printing: pre-create color and PCC directories under print$.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2621a2da by Günther Deschner at 2017-07-26T01:34:12+02:00
s3-printing: add spoolss_get_short_filesys_environment function.
Note this is different from "get_short_archi" and reflects what windows uses
internally.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8865dede by Günther Deschner at 2017-07-26T05:34:14+02:00
s3-printing: precreate DriverStore directories.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jul 26 05:34:15 CEST 2017 on sn-devel-144
- - - - -
ffee37c2 by Christof Schmitt at 2017-07-26T09:30:31+02:00
torture: Add sharemode tests for SMB2
There are two pieces: Test access with different sharemodes through SMB
and verify access, and also provide tests that can be used with file
systems enforcing share modes outside of Samba.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jul 26 09:30:31 CEST 2017 on sn-devel-144
- - - - -
4b56f803 by Marc Muehlfeld at 2017-07-26T21:34:48+02:00
Set log level for "Not authorative for" from 2 to 5
Signed-off-by: Marc Muehlfeld <mmuehlfeld at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Marc Muehlfeld <mmuehlfeld at samba.org>
Autobuild-Date(master): Wed Jul 26 21:34:48 CEST 2017 on sn-devel-144
- - - - -
34ca1b3a by Jeremy Allison at 2017-07-26T21:35:21+02:00
s4: modules. Fix missing TALLOC_CTX in module init function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1c1fce74 by Jeremy Allison at 2017-07-26T21:35:21+02:00
lib: rpc: The registered interfaces are a lists of singletons that are never removed.
Allocate them off the NULL context not the talloc_autofree_context().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fe2ac3e3 by Jeremy Allison at 2017-07-26T21:35:21+02:00
s4: COM: Remove talloc_autofree_context() from (unused) COM code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
41b1f8a2 by Jeremy Allison at 2017-07-26T21:35:21+02:00
lib: ldb: Use NULL to allocate modules not talloc_autofree_context().
ldb modules are not (yet) unloaded and are only loaded once (there is a check
that makes sure of this). Allocate off the NULL context. We never want this
to be freed until process shutdown. If eventually we add the ability to
unload ldb modules we can add a deregister function that walks and frees the list.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
99e4bea8 by Jeremy Allison at 2017-07-26T21:35:22+02:00
lib: ldb: Python. Take care of freeing the passed in module description if ldb_register_module() fails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c27a6438 by Jeremy Allison at 2017-07-26T21:35:22+02:00
s4: schema: Allocate global_schema off the NULL context, not the talloc_autofree_context().
The ldb context keeps a talloc_reference to this also, so the long-live allocation
context can be NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5c8a98c2 by Jeremy Allison at 2017-07-26T21:35:22+02:00
lib: cli: fname is a local variable already freed in the function scope, doesn't need to be on talloc_autofree_context()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1fb46b76 by Jeremy Allison at 2017-07-26T21:35:22+02:00
s3: rpc_client: Allocate struct db_context * off the local frame, as all other variables in this function.
On success, netlogon_creds_cli_set_global_db() reparents it to a long-lived context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1d6b98cd by Jeremy Allison at 2017-07-26T21:35:22+02:00
s3: rpcclient: Split out initialization and free of event context.
Allows us to control shutdown.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b1450af1 by Jeremy Allison at 2017-07-26T21:35:22+02:00
s3: rpcclient: Use event context as the talloc parent of the rpcclient_msg_ctx.
Give control over shutdown.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
74b58979 by Jeremy Allison at 2017-07-26T21:35:22+02:00
s3: rpcclient: Use rpcclient_msg_ctx as the long-lived talloc context for rpcclient_netlogon_creds.
Guaranteed to stay around until the command exits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4cc104d0 by Jeremy Allison at 2017-07-26T21:35:22+02:00
lib: auth: Add a shutdown function for netlogon_creds_cli_global_db.
Will allow us to move off the talloc_autofree_context().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dbd32932 by Jeremy Allison at 2017-07-26T21:35:22+02:00
s3: clients: Use netlogon_creds_cli_close_global_db() in all normal exit paths.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e74081ce by Jeremy Allison at 2017-07-27T01:34:12+02:00
lib: auth: Store the netlogon_creds_cli_global_db pointer on the NULL context.
Now we shutdown correctly it doesn't need the talloc_autofree_context().
Last use of talloc_autofree_context() ourside the talloc test code !
Please don't add it ever again :-).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jul 27 01:34:12 CEST 2017 on sn-devel-144
- - - - -
a2625c44 by Anoop C S at 2017-07-27T06:35:10+02:00
docs/smbget: Fix typo in options within man page
`smbget` utility accepts '--user' as a valid argument. But still the man
page specifies it as '--username'. So fixing the man page to reflect the
current behaviour.
Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jul 27 06:35:10 CEST 2017 on sn-devel-144
- - - - -
5445b2b8 by Omri Mor at 2017-07-27T17:12:28+02:00
s3: smbd: Modernize Avahi DEBUG macros and long if statements
DEBUG(10, (...)) => DBG_DEBUG(...)
if (long... < 0) => ret = long; if (ret < 0)
Signed-off-by: Omri Mor <omri50 at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Jul 27 17:12:28 CEST 2017 on sn-devel-144
- - - - -
35cbed29 by Andrew Bartlett at 2017-07-28T00:25:13+02:00
pycredentials: Allow optional "name" argument to get_named_ccache() to be missing
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
9dd89361 by Andrew Bartlett at 2017-07-28T00:25:13+02:00
pycredentials: Add get_name() for a credentials cache
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a5f62958 by Andrew Bartlett at 2017-07-28T00:25:13+02:00
selftest: Add tests for credentials.get_named_ccache()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
dc940ad0 by Andrew Bartlett at 2017-07-28T00:25:14+02:00
pycredentials: Add set_named_ccache()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f7089c02 by Andrew Bartlett at 2017-07-28T00:25:14+02:00
python/getopt: Add --krb5-ccache (for samba-tool etc) to match the C binaries
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
37cf29ef by Andrew Bartlett at 2017-07-28T00:25:14+02:00
selftest: Use self.runsubcmd() to run samba-tool for _test_join in ridalloc_exop.py
This is the standard way to run samba-tool from in the test scripts and allows
assertion that the command ran as expected
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6a75d4a8 by Andrew Bartlett at 2017-07-28T00:25:14+02:00
selftest: Use self.runsubcmd() to run samba-tool for _test_force_demote in ridalloc_exop.py
This is the standard way to run samba-tool from in the test scripts and allows
assertion that the command ran as expected
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f9bd16d8 by Andrew Bartlett at 2017-07-28T00:25:14+02:00
selftest: Use self.runsubcmd() in DrsReplicaSyncTestCase
This will allow catching the correct error messages and failure when _net_drs_replicate()
is reworked to not use a subprocess.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
24de78e1 by Andrew Bartlett at 2017-07-28T00:25:14+02:00
selftest: Remove unused import in ridalloc_exop.py
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
09ce35ec by Andrew Bartlett at 2017-07-28T00:25:14+02:00
selftest: Port DrsBaseTestCase._net_drs_replicate() to self.runsubcmd()
This avoids forking a subprocess with self.check_run()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
cc3d8367 by Andrew Bartlett at 2017-07-28T00:25:14+02:00
selftest: Port DrsBaseTestCase._enable_inbound_repl() to self.runsubcmd()
This avoids forking a subprocess with self.check_run()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f7c46ed5 by Andrew Bartlett at 2017-07-28T00:25:14+02:00
selftest: Port DrsBaseTestCase._disable_inbound_repl() to self.runsubcmd()
This avoids forking a subprocess with self.check_run()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
4cc5ceb2 by Andrew Bartlett at 2017-07-28T00:25:14+02:00
selftest: Port DrsBaseTestCase._{en,dis}able_all_repl() to self.runsubcmd()
This avoids forking a subprocess with self.check_run()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7ad34d12 by Andrew Bartlett at 2017-07-28T00:25:14+02:00
selftest: Use new --krb5-ccache in drs_base.py
This means that instead of doing a new kinit, the process-wide ccache
is re-used, which is much faster.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e9178254 by Andrew Bartlett at 2017-07-28T00:25:14+02:00
selftest: Add and use new helper function get_creds_ccache_name()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
47a90dcc by Andrew Bartlett at 2017-07-28T00:25:14+02:00
selftest: Use get_creds_ccache_name() in fsmo.py
This avoids a new kinit for every role transfer
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
314b96e1 by Tim Beale at 2017-07-28T00:25:14+02:00
drs: support sync-forced for 'samba-tool drs replicate --local'
The sync-forced option wasn't being passed into the replication request
when the --local option was used. This meant if outbound replication
were disabled on the target DC, then the replicate --local command would
fail.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4bd84670 by Tim Beale at 2017-07-28T00:25:15+02:00
drs_utils: HWM in 'samba-tool drs replicate --local' always zero
The code to check for the 'repsFrom' highwatermark didn't have any
effect because the hwm variable was overwritten (initialized to all
zeroes) further down.
Using a zero HWM probably wouldn't have impacted functionality because
we were still correctly using the uptodatenessvector, which should
avoid a full replication.
This was introduced in commit e2ba17d26af42974e5d, presumably by
accident.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
475a3206 by Tim Beale at 2017-07-28T00:25:15+02:00
libnet: Initialize req_level in become_dc tests
The net.api.become.dc tests would always pass the request into
libnet_vampire_cb_store_chunk() with req_level=0, which meant that
storing the chunk didn't use the correct replica_flags/exop.
I noticed this problem when working on client-side support for GET_TGT.
My changes relied on the critical-only request flag being passed down
into replmd, but because the request flags weren't passed correctly, my
changes caused the become_dc tests to fail.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dddcf806 by Tim Beale at 2017-07-28T00:25:15+02:00
getnc_exop.py: Fix typo in function name
This drove me crazy when I tried to search for it.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
50b638d1 by Tim Beale at 2017-07-28T00:25:15+02:00
getncchanges.c: Remove unused null_scope variable
This was added in 4cc6b5a69b1f94d96a73ac1 but the very next commit
(f1c6bab60e52624f5f3) removed where it was set, which meant the variable
was always false and seemingly pointless.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
69f593ec by Tim Beale at 2017-07-28T00:25:15+02:00
repl: Remove old TODO
This TODO was added in 2007 before we supported linked attributes.
It's no longer relevant.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
22a94b72 by Arvid Requate at 2017-07-28T00:25:15+02:00
s4:torture/ldap: Test netlogon without NtVer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392
Signed-off-by: Arvid Requate <requate at univention.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
88db634e by Arvid Requate at 2017-07-28T00:25:15+02:00
s4-dsdb/netlogon: allow missing ntver in cldap ping
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392
Signed-off-by: Arvid Requate <requate at univention.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0554bc23 by Andrew Bartlett at 2017-07-28T00:25:15+02:00
s4-cldap/netlogon: Match Windows 2012R2 and return NETLOGON_NT_VERSION_5 when version unspecified
The previous patch set this incorrectly to NETLOGON_NT_VERSION_1
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
bc48c4b5 by Andrew Bartlett at 2017-07-28T00:25:15+02:00
s4-rpc_server: ensure we get a new endpoint for netlogon
If we share the single process RPC servers with the multi-process RPC servers
on the same endpoint, they will default to running in an single process
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12939
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1ea6b516 by Andrew Bartlett at 2017-07-28T04:12:08+02:00
s4-rpc_server: Improve debug of new endpoints
This helps us know what process model is required and what one is in use.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12939
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Jul 28 04:12:08 CEST 2017 on sn-devel-144
- - - - -
886c2623 by Richard Sharpe at 2017-07-28T07:53:25+02:00
Fix incorrect error messages:unsetting not setting.
The error messages are wrong and could give testers the wrong idea.
Signed-off-by: Richard Sharpe <realrichardsharpe at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
2186d4d3 by Richard Sharpe at 2017-07-28T11:47:06+02:00
Add a test for unsetting Delete-on-Close before the close by DoC opener.
Windows semantics says that any unset of Delete-on-Close before the client
that opened for Delete-on-Close closes the file is silently ignored and the file
is still deleted on the last close. This test tests that in a single open case.
Signed-off-by: Richard Sharpe <realrichardsharpe at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Jul 28 11:47:06 CEST 2017 on sn-devel-144
- - - - -
33e7fac3 by Ralph Boehme at 2017-07-29T15:09:37+02:00
docs/vfs_fruit: remove period outside of the <para> tag
Period that is outside of the <para> tag causes unneccessary vertical
space in the htmlman output. (Paragraph including only one period will
be created.)
>From matsuand <michio_matsuyama at yahoo.co.jp>.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Jul 29 15:09:37 CEST 2017 on sn-devel-144
- - - - -
9927e199 by Volker Lendecke at 2017-07-31T10:03:27+02:00
lib: Fix 1415704 CID Integer overflowed argument
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9607b66a by Volker Lendecke at 2017-07-31T10:03:27+02:00
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8ab6e51d by Volker Lendecke at 2017-07-31T13:49:01+02:00
lib: Fix an error path memleak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jul 31 13:49:02 CEST 2017 on sn-devel-144
- - - - -
39c62740 by Andrew Bartlett at 2017-08-01T03:59:24+02:00
dsdb: Do not force a re-index of sam.ldb on upgrade to 4.7
This means that no compatibleFeatures or incompatibleFeatures will be honoured
until a re-index, but that can be triggered when these features are set.
New databases will still get this support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12855
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
5b316a4c by Ian Stakenvicius at 2017-08-01T03:59:24+02:00
waf: disable-python - fix talloc wscript if bundling disabled
The pytalloc-util dependency logic in lib/talloc/wscript on a
standalone build checks for pytalloc-util in a manner that will
fail if bundling is disabled, this causes issues on
--disable-python builds of ldb, tevent, and samba.
This patch restructures the logic to skip checks if python
is disabled, instead just setting the temporary state variable
'using_system_pytalloc_util' to False
Successfully tested patch on ldb-1.1.31 and above, tevent-0.9.33,
and samba-4.7_rc3
Signed-off-by: Ian Stakenvicius <axs at gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
d5750f01 by Andrew Bartlett at 2017-08-01T07:52:38+02:00
dsdb: Fix dsdb_next_callback to correctly use ldb_module_done() etc
If we do not call ldb_module_done() then we do not know that up_req->callback()
has been called, and ldb_next_request() will call the callback again.
If called twice, the new ldb_lock_backend_callback() in ldb 1.2.0 will segfault.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12904
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Aug 1 07:52:38 CEST 2017 on sn-devel-144
- - - - -
0f65bb7c by Volker Lendecke at 2017-08-01T07:53:21+02:00
winbindd: Fix a few signed/unsigned hickups
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
- - - - -
bbdfb512 by Volker Lendecke at 2017-08-01T07:53:21+02:00
winbindd: Make wcache_flush_cache static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
- - - - -
d8f85c0f by Volker Lendecke at 2017-08-01T07:53:21+02:00
winbindd: Make wcache_lookup_groupmem static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
- - - - -
8f0bd85c by Volker Lendecke at 2017-08-01T07:53:21+02:00
winbindd: Make wcache_name_to_sid static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
- - - - -
91d4151b by Volker Lendecke at 2017-08-01T07:53:21+02:00
winbindd: Make wcache_lookup_useraliases static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
- - - - -
604f1ced by Volker Lendecke at 2017-08-01T07:53:21+02:00
winbindd: Make init_wcache static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
- - - - -
7736e592 by Volker Lendecke at 2017-08-01T07:53:22+02:00
winbindd: Fix indentation
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
- - - - -
9be8fc2c by Volker Lendecke at 2017-08-01T07:53:22+02:00
winbindd: Make wcache_lookup_usergroups static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
- - - - -
69187d92 by Volker Lendecke at 2017-08-01T07:53:22+02:00
winbindd: Simplify wcache_cached_creds_exist
No need to fetch, use tdb_exists
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
- - - - -
a70ab5f0 by Volker Lendecke at 2017-08-01T11:45:34+02:00
winbindd: Simplify two debug msgs
With DBG_DEBUG we get the function name automatically, DEBUGADD is also
not necessary here
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Aug 1 11:45:34 CEST 2017 on sn-devel-144
- - - - -
8731f1cf by Martin Schwenke at 2017-08-02T03:39:11+02:00
util: pidfile_pid() should not unlink PID file
This causes a race. If 2 callers to pidfile_create() both a find a
stale PID file using pidfile_pid(). The 1st may then return to
pidfile_create() and create a new PID file, which can then be unlinked
by the 2nd caller.
Consequently, PID file creation can not depend on creating the file,
so drop O_EXCL from the call to open().
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
d665b74d by Martin Schwenke at 2017-08-02T03:39:11+02:00
util: Clean up includes
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
4dbfc16b by Martin Schwenke at 2017-08-02T03:39:11+02:00
util: Add pidfile.* to samba-util-core
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
59ebb29e by Martin Schwenke at 2017-08-02T03:39:11+02:00
ctdb-common: Rename pidfile_create() -> pidfile_context_create()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
411b7c87 by Martin Schwenke at 2017-08-02T03:39:11+02:00
util: New functions pidfile_path_create(), pidfile_fd_close()
Uses the core of CTDB's create_pidfile_context() for
pidfile_path_create(). pidfile_fd_close() is a subset of CTDB's
pidfile_context_destructor().
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
09b03988 by Martin Schwenke at 2017-08-02T03:39:12+02:00
util: Reimplement pidfile_create() using pidfile_path_create()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
edf77a11 by Martin Schwenke at 2017-08-02T07:28:44+02:00
ctdb-common: Reimplement pidfile_context_create() using pidfile_path_create()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Wed Aug 2 07:28:44 CEST 2017 on sn-devel-144
- - - - -
977cf751 by Andreas Schneider at 2017-08-03T15:06:34+02:00
lib: Fix integer overflowed argument issue with strtoul()
This fixes CID 1415704
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Aug 3 15:06:34 CEST 2017 on sn-devel-144
- - - - -
3a2a9d8d by Ralph Wuerthner at 2017-08-04T14:08:37+02:00
idmap: remove unused function idmap_is_online()
Signed-off-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Aug 4 14:08:37 CEST 2017 on sn-devel-144
- - - - -
6d65d679 by Gary Lockyer at 2017-08-07T05:34:23+02:00
tests samba_tool: fix flapping user-virtualCryptSHA test
Fix flapping test, occasionally a password would be generated that failed
the password criteria, which resulted in the test user not being
created. The tests relying on this user being present then failed.
This patch ensures that the generated password contains at least one digit,
at least one upper case letter and at least one lower case letter.
The generated passwords do not contain special characters to avoid shell
escaping issues.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Garming Sam <garming at samba.org>
Autobuild-Date(master): Mon Aug 7 05:34:24 CEST 2017 on sn-devel-144
- - - - -
ed3b4661 by Volker Lendecke at 2017-08-07T05:35:13+02:00
winbindd: Make wcache_query_user static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
e5b06696 by Volker Lendecke at 2017-08-07T05:35:13+02:00
winbindd: Add debug for ndr cache hit
When looking through winbind debug logs, it's highly confusing if you don't
find a call in the child that's supposed to handle it. Add a debug if the call
was handled from the cache without calling into the child.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
2b67d936 by Volker Lendecke at 2017-08-07T09:32:09+02:00
winbindd: Simplify an if-condition
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Mon Aug 7 09:32:09 CEST 2017 on sn-devel-144
- - - - -
7b86da08 by Stefan Metzmacher at 2017-08-07T15:20:01+02:00
s4:lib/http: lower HTTP_MAX_HEADER_SIZE from UINT_MAX to 0x1FFFF
We don't need very large headers, the largest ones are
"Authorization" or "WWW-Authenticate", but 128k should be
more than enough for all headers.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e42f12c6 by Stefan Metzmacher at 2017-08-07T15:20:01+02:00
s4:lib/http: let http_read_response_send/recv() also consume the body if it fits into a max value
We need to consume full HTTP responses from the socket during the
authentication exchanges, otherwise our HTTP parser gets out of sync for
the next requests.
This will be important for gensec mechs which use an even number
for authentication packets.
I guess this should be done just based on the Content-Length value and
not based on the response code.
So far I saw bodies with 200 and 401 codes.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
56ab5cdb by Stefan Metzmacher at 2017-08-07T15:20:02+02:00
s4:lib/http: remove indentation level from http_parse_auth_response()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
bdece1df by Stefan Metzmacher at 2017-08-07T15:20:02+02:00
s4:lib/http: use strcasecmp(h->key, "WWW-Authenticate") instead of strncasecmp()
The key is already normalized and should match completely.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a6ae9da9 by Stefan Metzmacher at 2017-08-07T15:20:02+02:00
s4:lib/http: pass a generic prefix blob to http_parse_auth_response()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8d36bbe1 by Stefan Metzmacher at 2017-08-07T15:20:02+02:00
s4:librpc/rpc: remember the target_hostname on ncacn_http connections
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b5854ecc by Stefan Metzmacher at 2017-08-07T15:20:02+02:00
s4:librpc/rpc: pass down HTTP_AUTH_* values directly to dcerpc_pipe_open_roh_send()
They get passed to http_send_auth_request_send() unmodified.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a219c359 by Stefan Metzmacher at 2017-08-07T15:20:02+02:00
s4:http/gensec: rename ntlm.c to generic.c
Check with git show -C
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8813295e by Stefan Metzmacher at 2017-08-07T15:20:02+02:00
s4:http/gensec: make the "NTLM" base64 wrapping more generic
We only need to know the prefix "NTLM" and the submech oid GENSEC_OID_NTLMSSP
everything else can be generic.
This should allow us to implement "Negotiate" with GENSEC_OID_SPNEGO
trivial.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9fd27d7a by Stefan Metzmacher at 2017-08-07T15:20:02+02:00
s4:http/gensec: implement "http_negotiate" using GENSEC_OID_SPNEGO
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d1f479e7 by Stefan Metzmacher at 2017-08-07T15:20:02+02:00
s4:lib/http: add HTTP_AUTH_NEGOTIATE which maps to the "http_negotiate" gensec backend
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
77b44fbe by Stefan Metzmacher at 2017-08-07T15:20:02+02:00
s4:lib/http: pass down the target service/hostname to gensec
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c8d14a55 by Stefan Metzmacher at 2017-08-07T15:20:03+02:00
s4:librpc/rpc: add support for HttpAuthOption=negotiate
Note that rpcproxy.dll on Windows doesn't support kerberos,
it allways downgrades the connection to NTLMSSP.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b10d01d1 by Stefan Metzmacher at 2017-08-07T15:20:03+02:00
s4:rpc_server/netlogon: check auth_level for validation level 6 already in dcesrv_netr_LogonSamLogon_check()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
373da95b by Stefan Metzmacher at 2017-08-07T15:20:03+02:00
s4:rpc_server/netlogon: prepare dcesrv_netr_LogonSamLogon_base for async processing
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
023bd2d1 by Stefan Metzmacher at 2017-08-07T15:20:03+02:00
s4:rpc_server/netlogon: make use of async kdc_check_generic_kerberos_send/recv()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8022b63f by Stefan Metzmacher at 2017-08-07T15:20:03+02:00
s4:rpc_server/netlogon: make use of auth_check_password_send/recv()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
79b891a7 by Stefan Metzmacher at 2017-08-07T15:20:03+02:00
s4:auth_winbind: implement async authentication via IRPC
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
da3baf64 by Stefan Metzmacher at 2017-08-07T15:20:03+02:00
auth/ntlmssp: prepare update_send/recv for real async processing
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
260e5352 by Stefan Metzmacher at 2017-08-07T15:20:03+02:00
auth/ntlmssp: introduce ntlmssp_server_auth_send/recv
We still use the sync ntlmssp_server_check_password().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7d43aecb by Stefan Metzmacher at 2017-08-07T15:20:03+02:00
auth/ntlmssp: merge ntlmssp_server_check_password() into ntlmssp_server_auth_send()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e8264d96 by Stefan Metzmacher at 2017-08-07T15:20:03+02:00
auth/common: add support for auth4_ctx->check_ntlm_password_send/recv()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
690c5e6f by Stefan Metzmacher at 2017-08-07T15:20:03+02:00
s4:auth/ntlm: provide auth_check_password_wrapper_send/recv to auth4_context
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a6ad56cf by Stefan Metzmacher at 2017-08-07T15:20:03+02:00
s4:auth: use "sam winbind" for the netlogon server
This adds authentication support for trusted domains to the
netlogon server.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b88f9384 by Stefan Metzmacher at 2017-08-07T15:20:03+02:00
s4:auth/ntlmssp: add support for using "winbind" as DC
This adds support for trusted domains to the auth stack on AD DCs.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
039ad5c9 by Stefan Metzmacher at 2017-08-07T15:20:03+02:00
winbindd: allow all possible logon levels in wb_irpc_SamLogon()
We should just try to find the correct domain to forward the
request, all logic of not implementing serveral logon levels
belongs to the _winbind_SamLogon() implementation.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0ed6ad45 by Stefan Metzmacher at 2017-08-07T15:20:04+02:00
winbindd: Print debug if we don't know how to route a wb_irpc_SamLogon() request
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
615b0d83 by Stefan Metzmacher at 2017-08-07T15:20:04+02:00
winbindd: as DC we should try to get the target_domain from @SOMETHING part of the username in wb_irpc_SamLogon()
We still need a full routing table including all upn suffixes,
but this is a start to support NTLM authentication using user at REALM
against structed domains.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ccc8c1a4 by Stefan Metzmacher at 2017-08-07T15:20:04+02:00
winbindd: give an IRPC error if wb_irpc_SamLogon() is called without useful routing information
The caller should have checked this already!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d51d4c94 by Marc Muehlfeld at 2017-08-07T15:20:04+02:00
python: Fix incorrect kdc.conf parameter name in kerberos.py
Signed-off-by: Marc Muehlfeld <mmuehlfeld at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
90487259 by Anoop C S at 2017-08-07T15:20:04+02:00
source3/client: Fix typo in help message displayed by default
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12936
Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0a7db4dd by Andreas Schneider at 2017-08-07T15:20:04+02:00
python:tests: Do not overwrite exit code
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
eb691cd0 by Andreas Schneider at 2017-08-07T19:11:02+02:00
python:tests: Add test for warn_pwd_expire
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Aug 7 19:11:02 CEST 2017 on sn-devel-144
- - - - -
9de1411d by Ralph Boehme at 2017-08-08T21:23:10+02:00
s3/smbd: handling of failed DOS attributes reading
Only fall back to using UNIX modes if we get NOT_IMPLEMENTED. This is
exactly what we already do when setting DOS attributes.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
c54fcb7c by Ralph Boehme at 2017-08-08T21:23:10+02:00
s3/smbd: handle EACCES when fetching DOS attributes from xattr
When trying to fetch the DOS attributes xattr via SMB_VFS_GETXATTR() if
the filesystem doesn't grant read access to the file the xattr read
request fails with EACCESS.
But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.
So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call SMB_VFS_GETXATTR() as root,
ensuring we can read the DOS attributes xattr.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
- - - - -
62d73f5b by Ralph Boehme at 2017-08-09T01:21:13+02:00
vfs_gpfs: handle EACCES when fetching DOS attributes from xattr
When trying to fetch the DOS attributes via gpfswrap_get_winattrs_path()
if the filesystem doesn't grant READ_ATTR to the file the function fails
with EACCESS.
But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.
So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call gpfswrap_get_winattrs_path()
with DAC_OVERRIDE_CAPABILITY.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Aug 9 01:21:14 CEST 2017 on sn-devel-144
- - - - -
b5283c70 by Andreas Schneider at 2017-08-09T09:49:08+02:00
s4:samdb: Fix building Samba with -O3
gcc error: ‘result’ may be used uninitialized
This wont happen, because ldb will return and error, but the compiler
doesn't understand this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1c3b678e by Andreas Schneider at 2017-08-09T09:49:08+02:00
s3:torture: Fix spoolss test to build with -O3
Initialize variables so that we do not get a build warning that they
might be used uninitilized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b86f44cb by Andreas Schneider at 2017-08-09T13:37:47+02:00
s3:utils: Fix buffer size for snprintf and format string
GCC 7.1 produces an error:
‘snprintf’ output between 47 and 66 bytes into a destination of size 40
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Aug 9 13:37:47 CEST 2017 on sn-devel-144
- - - - -
ec32f33e by Ralph Boehme at 2017-08-09T18:41:05+02:00
vfs_streams_xattr: invalidate stat info if xattr was not found
We stat the basefile so we leave valid stat info from the base file
behind, even though the xattr for the stream was not there.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
ea906bb4 by Ralph Boehme at 2017-08-09T18:41:06+02:00
vfs_streams_xattr: remove all uses of fd, use name based functions
We don't really need an fd in this module, all calls to the VFS xattr
API can just use the name based versions.
This paves the way for removing the open of the basefile in
streams_xattr_open() in a later commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
4cc59e6d by Ralph Boehme at 2017-08-09T18:41:06+02:00
vfs_streams_xattr: remove fsp argument from get_xattr_size()
Still in the process of changing all handle based operations to use path
based operations.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
0ed3075e by Ralph Boehme at 2017-08-09T18:41:06+02:00
vfs_streams_xattr: always pass NULL as fsp arg to get_ea_value()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
9647af6b by Ralph Boehme at 2017-08-09T18:41:06+02:00
vfs_streams_xattr: implement all missing handle based VFS functions
Implement all missing handle based VFS function. If the call is on a
named stream, implement the appropriate action for the VFS function, in
most cases a no-op.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
0a8559d4 by Ralph Boehme at 2017-08-09T18:41:06+02:00
vfs_streams_xattr: return a fake fd in streams_xattr_open()
The final step in changing vfs_streams_xattr to not call open() on the
basefile anymore. Instead, we just return a fake file fd based on
dup'ing a pipe fd. Previous commits ensured all calls to VFS API
functions use pathname based versions to do their work.
This ensures we don't trigger kernel oplock breaks for client "open
stream" requests when needlessly opening the basefile.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
a334fff8 by Ralph Boehme at 2017-08-09T18:41:06+02:00
s4/torture: reproducer for kernel oplocks issue with streams
test_smb2_kernel_oplocks3() wouldn't have failed without the patches,
I'm just adding it to have at least one test that tests with 2
clients. All other tests use just one client.
test_smb2_kernel_oplocks4() is the reproducer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
- - - - -
bbc225de by Ralph Boehme at 2017-08-09T18:41:06+02:00
s4/torture: additional tests for kernel-oplocks
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
- - - - -
aff6fc49 by Ralph Boehme at 2017-08-09T18:41:06+02:00
vfs_fruit: use path based setxattr call in ad_fset()
This allows later commits to remove opening of the basefile which
conflict with "kernel oplocks = yes".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e92a3925 by Ralph Boehme at 2017-08-09T18:41:06+02:00
vfs_fruit: don't open basefile in ad_open() and simplify API
We never need an fd on the basefile when operating on the metadata, as
we can always use path based syscalls. Opening the basefile conflicts
with "kernel oplocks" so just don't do it.
Additional changes:
- remove the adouble_type_t argument to ad_open(), the type is passed
and set when allocating a struct adouble with ad_alloc()
- additionally pass an optional fsp to ad_open() (so the caller can pass
NULL). With this change we can move the fd inheritance from fsp to ad
into ad_open() itself where it belongs and remove it from the caller
ad_fget()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
- - - - -
7583ee6e by Ralph Boehme at 2017-08-09T18:41:06+02:00
vfs_fruit: return fake pipe fd in fruit_open_meta_netatalk()
Do not open the basefile, that conflict with "kernel oplocks = yes". We
just return a fake file fd based on dup'ing a pipe fd and ensure all VFS
functions that go through vfs_fruit and work on the metadata stream can
deal with it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
d55c27ab by Ralph Boehme at 2017-08-09T22:33:36+02:00
vfs_fruit: factor out common code from ad_get() and ad_fget()
As a result of the previous changes ad_get() and ad_fget() do completey
the same, so factor out the common code to a new helper function. No
change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Aug 9 22:33:36 CEST 2017 on sn-devel-144
- - - - -
5c55c256 by Volker Lendecke at 2017-08-09T22:34:17+02:00
tdb: Consistency check for tdb_storev
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f6a382ff by Volker Lendecke at 2017-08-09T22:34:17+02:00
tdb: Avoid NULL tdb_write
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
47bb2765 by Andreas Schneider at 2017-08-09T22:34:17+02:00
tdb: Write zero data using 8k buffer in transaction_expand_file()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
d7e60bc1 by Andreas Schneider at 2017-08-10T02:26:09+02:00
tdb: Do not allow to pass NULL as the buffer to transaction_write()
This fixes a GCC warning.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Aug 10 02:26:09 CEST 2017 on sn-devel-144
- - - - -
68a02d18 by Martin Schwenke at 2017-08-10T06:43:13+02:00
build: Do not ignore symlinks to directories when building tarballs
Tarballs currently do not contain symbolic links to directories even
if they are committed in git. This means that CTDB tests fail when
run in-tree from a tarball, due to a couple of missing links needed by
unit tests:
ERROR: Directory .../ctdb/tests/var/unit_eventscripts/etc-ctdb/events.d does not exist.
Subdirectories of directories specified via DIST_DIRS() are ignored,
since all the files within them are separately added to the tarball.
Symbolic links to directories are detected as directories, so they are
also ignored, causing them to be missing from the tarball.
Instead, do not treat symbolic links to directories as directories,
but add them to the tarball like normal files.
It is easy to confirm that this change causes no difference to current
tarballs other than causing the missing CTDB test links to be added:
$ diff -u samba-4.8.0pre1-GIT-eb691cd0242.tar.gz.contents samba-4.8.0pre1-GIT-dfb16de0149.tar.gz.contents
--- samba-4.8.0pre1-GIT-eb691cd0242.tar.gz.contents 2017-08-08 20:21:40.022993091 +1000
+++ samba-4.8.0pre1-GIT-dfb16de0149.tar.gz.contents 2017-08-08 20:35:11.001580747 +1000
@@ -578,7 +578,9 @@
ctdb/tests/eventscripts/91.lvs.startup.001.sh
ctdb/tests/eventscripts/91.lvs.startup.002.sh
ctdb/tests/eventscripts/README
+ctdb/tests/eventscripts/etc-ctdb/events.d
ctdb/tests/eventscripts/etc-ctdb/functions
+ctdb/tests/eventscripts/etc-ctdb/nfs-checks.d
ctdb/tests/eventscripts/etc-ctdb/nfs-linux-kernel-callout
ctdb/tests/eventscripts/etc-ctdb/public_addresses
ctdb/tests/eventscripts/etc-ctdb/rc.local
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
769e889e by Martin Schwenke at 2017-08-10T06:43:13+02:00
build: Do not recurse on symlinks to directories when building tarballs
DIST_FILES() causes all files in any specified directory to be
recursively added to the tarball. However, a symbolic link to a
directory is detected as a regular directory so is also subject to
recursion. This means that a symbolic link to a directory is
dereferenced and the directory of files beyond it are added to the
tarball under a directory corresponding to the link. This is almost
certainly not what is intended because it will usually result in
duplicate files. This is because the contents of a symbolic link's
target directory will already be present in the tarball.
Instead, do not treat symbolic links to directories as directories,
but add them to the tarball like normal files.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
eb66ef2e by Martin Schwenke at 2017-08-10T06:43:13+02:00
ctdb-takeover: Do not call ctdb_announce_vnn_iface() for updateip
This causes any tracked connections for the IP address to be lost.
When doing a takeip, the server sends a tickle ACK to the client, the
client responds with a valid ACK and the server's TCP stack responds
with a reset because the connection does not exist. However, in the
updateip, case the connection *does* exist, so the tickle *does not*
cause the connection to be reset.
ctdb_announce_vnn_iface() clears the list of tracked TCP connections
while sending the tickle ACKs. So, if there are no reconnects as in
the takeip case, then the list of connections is simply lost.
The "updateip" event in the 10.interface event script already sends
gratuitous ARPs and tickles connections in both directions. This
ensures that traffic continues after packets may have been dropped
when the script temporarily blocks traffic to the IP address.
All of this means that the call to ctdb_announce_vnn_iface() can just
be deleted.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d0381a3c by Martin Schwenke at 2017-08-10T10:30:58+02:00
ctdb-tests: Add a big no-op LCP2 IP takeover test
Although this tests correctness it is most useful for testing that
changes to IP takeover algorithm do not cause obvious performance
regressions.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Thu Aug 10 10:30:58 CEST 2017 on sn-devel-144
- - - - -
62925cfa by Ralph Boehme at 2017-08-10T14:36:01+02:00
README.Coding: add "Error and out logic"
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Simo <simo at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Aug 10 14:36:01 CEST 2017 on sn-devel-144
- - - - -
b2f2ce0a by Ralph Boehme at 2017-08-11T14:19:24+02:00
examples: add cache effectiveness stats to gencache.stp
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Aug 11 14:19:24 CEST 2017 on sn-devel-144
- - - - -
abd74c3b by Andreas Schneider at 2017-08-11T18:08:04+02:00
heimdal: Fix printing a short int into a string
The size of portstr is too small to print an integer and we should print
a short anyway.
This fixes building with GCC 7.1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Aug 11 18:08:04 CEST 2017 on sn-devel-144
- - - - -
4791c152 by Andreas Schneider at 2017-08-11T18:21:22+02:00
s4:rpc_server:backupkey: Move variable into scope
CID: #1415510
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12959
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b81ca4f9 by Andreas Schneider at 2017-08-11T18:21:22+02:00
s3:libads: Fix changing passwords with Kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
- - - - -
e2c0fd36 by Andreas Schneider at 2017-08-11T22:09:27+02:00
blackbox: Add test for 'net ads changetrustpw'
BUG: BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Aug 11 22:09:27 CEST 2017 on sn-devel-144
- - - - -
ac1b1d8c by Martin Schwenke at 2017-08-14T05:15:25+02:00
ctdb-tests: run_tests.sh sets evironment variable CTDB_TEST_DIR
Instead of just local variable test_dir. The environment variable can
be accessed from other test infrastructure scripts.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
661426df by Martin Schwenke at 2017-08-14T05:15:25+02:00
ctdb-tests: Move die() function to top of script
So it can be called within the script instead of just by scripts that
include it.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
e8c5d0e2 by Martin Schwenke at 2017-08-14T05:15:25+02:00
ctdb-tests: Fix logic to handle PATH additions for tests
When using non-standard test subdirectories, the current code can fail
to find the test bin directory and stupidly just adds /bin to PATH.
Switch to using CTDB_TESTS_ARE_INSTALLED along with some sanity checks
to determine the mode of operation.
With this change, test directories can now be created as
subdirectories of arbitrary component directories. Tests can then be
run directly, either by specifying the subdirectory or individual test
cases.
Integration into the top-level tests/ directory is then done via a
symbolic link, which enables 2 things:
* Ability to run a directory of test cases from top level by simply
specifying the link name.
* Ease of installation - the installation code just works with the
symbolic link.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b171c090 by Martin Schwenke at 2017-08-14T05:15:25+02:00
ctdb-tests: Indentation fixups
The rest of the code in this file now matches the coding guidelines,
so clean up the rest.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
db014a51 by Martin Schwenke at 2017-08-14T05:15:25+02:00
ctdb-scripts: Avoid shellcheck warning SC2188 (redirect without command)
This makes the code look deliberate instead like something has been
accidentally omitted.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
3654694a by Martin Schwenke at 2017-08-14T05:15:25+02:00
ctdb-tools: Avoid shellcheck SC2188 warning (redirect without command)
Shellcheck found a bug!
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4dc41cd2 by Martin Schwenke at 2017-08-14T05:15:25+02:00
ctdb-tools: Reformat and explain complex code
There are multiple command groups and redirects on very long lines.
Reformat the long lines to break them up and add a comment to explain
what is happening.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
aa12ea77 by Martin Schwenke at 2017-08-14T05:15:25+02:00
ctdb-tools: Use a clear and readable if-statement
This is consistent with the if-statement above.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
2b0e266d by Martin Schwenke at 2017-08-14T05:15:25+02:00
ctdb-tools: Avoid shellcheck SC2181 warnings (use of $?) in onnode
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b71becc1 by Martin Schwenke at 2017-08-14T05:15:25+02:00
ctdb-scripts: Ignore shellcheck SC2181 warning (use of $?)
Given the size of the command substitutions it would be less clear to
embed the assignments and substitutions inside a conditional. It is
clearer if the exit code is checked afterwards.
However, do fix some untidy uses of != instead of -ne when comparing
with $?. Make the code easier to understand by reversing the logic
and using -eq and ||.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
79f5d058 by Martin Schwenke at 2017-08-14T09:00:45+02:00
ctdb-tools: Remove duplicate code
These lines are duplicates of those above. It has always been this
way...
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Aug 14 09:00:45 CEST 2017 on sn-devel-144
- - - - -
578a1b17 by Amitay Isaacs at 2017-08-14T09:01:21+02:00
ctdb-client: Server id exists should check if the pid still exists
This matches what the older client code and samba does.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
0f424a11 by Amitay Isaacs at 2017-08-14T09:01:21+02:00
ctdb-protocol: Mark CTDB_CONTROL_CHECK_SRVIDS obsolete
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
31c2d0af by Amitay Isaacs at 2017-08-14T09:01:21+02:00
ctdb-tools: Drop check_srvids command from ctdb tool
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
4041cd75 by Amitay Isaacs at 2017-08-14T09:01:21+02:00
ctdb-client: Drop client code to send CHECK_SRVIDS control
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
66694d89 by Amitay Isaacs at 2017-08-14T09:01:22+02:00
ctdb-protocol: Drop marshalling code for CHECK_SRVIDS control
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
0772cf45 by Amitay Isaacs at 2017-08-14T09:01:22+02:00
ctdb-protocol: Drop unused protocol data structures
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
df41818b by Amitay Isaacs at 2017-08-14T13:00:16+02:00
ctdb-daemon: Drop the implementation of CHECK_SRVIDS control
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Mon Aug 14 13:00:16 CEST 2017 on sn-devel-144
- - - - -
f816de56 by Jeremy Allison at 2017-08-15T08:06:40+02:00
s4: com: Replace erroneous inclusion of internal talloc.h header with external.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 15 08:06:40 CEST 2017 on sn-devel-144
- - - - -
1184770a by Gary Lockyer at 2017-08-15T08:07:10+02:00
dnsserver: Tests for dns wildcard entries
Add tests for dns wildcards.
Tests validated against Windows Server 2012 R2
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
- - - - -
34acf5a9 by Gary Lockyer at 2017-08-15T08:07:10+02:00
dnsserver: Tighten DNS name checking
Add checks for the maximum permitted length, maximum number of labels
and the maximum label length. These extra checks will be used by the
DNS wild card handling.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
- - - - -
edcbc991 by Gary Lockyer at 2017-08-15T08:07:10+02:00
dnsserver: Add support for dns wildcards
Add support for dns wildcard records. i.e. if the following records
exist
exact.samba.example.com 3600 A 1.1.1.1
*.samba.example.com 3600 A 1.1.1.2
look up on exact.samba.example.com will return 1.1.1.1
look up on *.samba.example.com will return 1.1.1.2
look up on other.samba.example.com will return 1.1.1.2
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
- - - - -
3d2bd849 by Gary Lockyer at 2017-08-15T08:07:10+02:00
samba-tool dns: Test support of DNS wild card in names
As DNS wild cards are now supported we need to allow '*' characters in
the domain names.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
- - - - -
29b3a2b0 by Gary Lockyer at 2017-08-15T08:07:10+02:00
samba-tool dns query: Allow '*' in names
As DNS wild cards are now supported we need to allow '*' characters in
the domain names.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
- - - - -
5bb341fb by Andrew Bartlett at 2017-08-15T08:07:10+02:00
s4/lib/tls: Use SHA256 to sign the TLS certificates
The use of SHA-1 has been on the "do not" list for a while now, so make our
self-signed certificates use SHA256 using the new
gnutls_x509_crt_sign2 provided since GNUTLS 1.2.0
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12953
- - - - -
0dbcd6a4 by Andrew Bartlett at 2017-08-15T12:00:58+02:00
py-librpc: Strictly check the type of the incoming sid pointer
This avoids casting another type of object to a void* and then to a SID
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming at samba.org>
Autobuild-Date(master): Tue Aug 15 12:00:58 CEST 2017 on sn-devel-144
- - - - -
5095733f by Volker Lendecke at 2017-08-16T00:27:10+02:00
dbwrap: Convert dbwrap_store to dbwrap_do_locked
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a11450d8 by Volker Lendecke at 2017-08-16T00:27:10+02:00
dbwrap: Convert dbwrap_delete to dbwrap_do_locked
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ae28e4db by Volker Lendecke at 2017-08-16T00:27:10+02:00
dbwrap: Simplify dbwrap_store_int32_bystring
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b01b7c9e by Volker Lendecke at 2017-08-16T00:27:10+02:00
dbwrap: Simplify dbwrap_store_uint32_bystring
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2ddf8e0a by Volker Lendecke at 2017-08-16T00:27:10+02:00
dbwrap: Simplify dbwrap_trans_store
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ef2de247 by Volker Lendecke at 2017-08-16T00:27:10+02:00
dbwrap: Simplify dbwrap_trans_delete
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ff0eed62 by Volker Lendecke at 2017-08-16T00:27:10+02:00
dbwrap: Simplify dbwrap_unmarshall_fn
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
652bf0ca by Volker Lendecke at 2017-08-16T04:11:47+02:00
libhttp: Remove an unneeded include
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Aug 16 04:11:47 CEST 2017 on sn-devel-144
- - - - -
68316a49 by Anoop C S at 2017-08-16T16:26:12+02:00
s3: messaging: Add background job send failure message
Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Wed Aug 16 16:26:12 CEST 2017 on sn-devel-144
- - - - -
bee22f18 by Jeremy Allison at 2017-08-16T20:58:13+02:00
lib: tevent: Use system <tevent.h>, not internal header path (except in self-test).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5473a277 by Jeremy Allison at 2017-08-17T00:53:48+02:00
lib: talloc: Use the system <talloc.h> include.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 17 00:53:48 CEST 2017 on sn-devel-144
- - - - -
e12dbc73 by Douglas Bagnall at 2017-08-17T04:06:06+02:00
traffic_summary: avoid uninitialised variable warning
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
74ebcf6d by Gary Lockyer at 2017-08-17T04:06:06+02:00
blackbox tests: method to check specific exit codes
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
7057abcf by Gary Lockyer at 2017-08-17T04:06:06+02:00
scripts: Scripts to replay and generate samba traffic
Scripts to generate representative network traffic and replay this to a
samba instance. For load testing, performance profiling and capacity
planning.
traffic_learner process a file generated by traffic_summary and
generate a model that can be used by traffic_replay to
generate samba network traffic.
traffic_replay Replay a summary file generated by traffic_summary, or
use a model created by traffic_learner to generate
network traffic.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming at catalyst.net.nz>
Pair-programmed-with: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Pair-Programmed-With: Tim Beale <timbeale at catalyst.net.nz>
- - - - -
beeec1ff by Gary Lockyer at 2017-08-17T07:59:38+02:00
tests: replace traffic_summary test with python blackbox test
Replace the shell subunit test for script/traffic_summary.pl with a
python black box test.
This involves moving the test files to more standard locations.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Thu Aug 17 07:59:38 CEST 2017 on sn-devel-144
- - - - -
2b982fc3 by Martin Schwenke at 2017-08-17T08:00:23+02:00
util: Avoid use of includes.h
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
298af748 by Martin Schwenke at 2017-08-17T08:00:23+02:00
util: Add become_daemon.h
Rename argument no_process_group to no_session to describe what it
actually does. Consistently use "daemon" for name of daemon argument.
Add documentation.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a5009253 by Martin Schwenke at 2017-08-17T08:00:23+02:00
util: Make function definitions consistent with header file
no_process_group -> no_session, name -> daemon, drop _PUBLIC_.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
b9804e9e by Martin Schwenke at 2017-08-17T08:00:23+02:00
util: Modernise logging
Switch to using DBG_ERR(), wrap logging/sd_notifyf() lines.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ed8c914b by Martin Schwenke at 2017-08-17T08:00:23+02:00
util: Move become_daemon.c to samba-util-core
So that CTDB can use it.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
9468d0f4 by Martin Schwenke at 2017-08-17T11:48:32+02:00
util: Add error handling to become_daemon()
Log failure and exit if fork() or setsid() fails.
Leave the logic in the non-setsid() code as it is. This is probably
meant to fall through on failure of either opening /dev/tty or
ioctl(). Documentation for the ioctl() failure case is far from
clear.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Aug 17 11:48:32 CEST 2017 on sn-devel-144
- - - - -
a90702fc by Volker Lendecke at 2017-08-17T11:54:10+02:00
tdb: Clarify the CLEAR_IF_FIRST locked logic
This is another level of indentation, but it took me a while staring at the
if-condition to find that "locked" was assigned the result of "==0", not the
return value of tdb_nest_lock().
Best viewed with "git show -b".
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2311d35f by Volker Lendecke at 2017-08-17T11:54:10+02:00
gencache: Remove tdb_check from gencache_init()
This was legacy from times when we had just one non-transactioned gencache.tdb.
With the split into transactioned gencache.tdb and fast, non-transactioned,
mutexed clear-if-first gencache_notrans.tdb this has become unnecessary.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
988a67d1 by Volker Lendecke at 2017-08-17T15:49:00+02:00
gencache: Simplify gencache_stabilize
The only record that must remain in gencache_notrans.tdb is the last_stabilize
marker. Use tdb_wipe_all and store the marker under the allrecord lock.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Aug 17 15:49:00 CEST 2017 on sn-devel-144
- - - - -
776e9f56 by Martin Schwenke at 2017-08-17T15:50:37+02:00
ctdb-daemon: Fix default socket location
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
16e6b56b by Martin Schwenke at 2017-08-17T15:50:37+02:00
ctdb-daemon: Fix a return value
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
c4771246 by Martin Schwenke at 2017-08-17T19:45:32+02:00
util: Add documentation for PID file handling
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Thu Aug 17 19:45:32 CEST 2017 on sn-devel-144
- - - - -
428fc22e by Jeremy Allison at 2017-08-18T00:51:25+02:00
s3: libsmb: Add cli_smb2_chkpath() and use from cli_chkpath().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12968
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9fb25623 by Stefan Metzmacher at 2017-08-18T04:45:02+02:00
libcli/smb: debug an error if smb1cli_req_writev_submit() is called for SMB2/3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12968
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Aug 18 04:45:03 CEST 2017 on sn-devel-144
- - - - -
d13e7b92 by Tim Beale at 2017-08-18T06:07:11+02:00
werror: Add WERR_DS_DRA_RECYCLED_TARGET
When the DRS client encounters a linked attribute with an unknown target
object, it should return a RECYCLED_TARGET error, which should result in
the client resending the GETNCChanges request with the GET_TGT flag set.
This error code is currently documented by Microsoft under System Error
Codes (8200-8999). I contacted them and they will also add it to the
MS-ERREF doc in future.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
- - - - -
04ce638a by Tim Beale at 2017-08-18T06:07:11+02:00
replmd: Split checking link attr target into new function
We want to re-use this code to check that the linked attribute's target
object exists *before* we try to commit the transaction. This will allow
us to re-request the block with the GET_TGT flag set.
This splits checking the target object exists into a separate function.
Minor changes of note:
- the 'parent' argument was passed to replmd_process_linked_attribute()
as NULL, so I've just replaced where it was used in the refactored code
with NULL.
- I've tweaked the "Failed to find GUID" error message slightly to display
the attribute ID rather than the attribute name (saves repeating
lookups and/or passing extra arguments).
- Tweaked the replmd_deletion_state() logic - it only made sense to call
it in the code block where we actually found the target
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
- - - - -
f69596cd by Tim Beale at 2017-08-18T06:07:11+02:00
drs: Fail replication transaction instead of dropping links
If the DRS client received a linked attribute that it couldn't resolve
the target for, then it would just ignore that link and keep going. That
link would then be lost forever (although a full-sync would resolve
this). Instead of silently ignoring the link, fail the transaction.
This *can* happen on Samba, but it is unusual. The target object and
linked-attribute would need to be added while a replication is still in
progress. It can also happen fairly easily when talking to a Windows DC.
There are two import exceptions to this:
1). Linked attributes that span partitions. We can never guarantee that
we will have received the target object, because it may be in a partition
we haven't replicated yet. Samba doesn't have a great way of handling
this currently, but we shouldn't fail the replication (because that breaks
basic join tests). Just skip that linked attribute and hope that a
subsequent full-sync will fix it.
(I queried Microsoft and they said resolving cross-partition linked
attributes is a implementation-specific problem to solve. GET_TGT won't
resolve it)
2). When the replication involves a subset of objects, e.g.
critical-only. In these cases, we don't increase the highwater-mark, so
it is probably not such a dire problem if we don't add the link. In the
case of critical-only, we will do a subsequent full sync which will then
add the links.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
- - - - -
67617d47 by Tim Beale at 2017-08-18T06:07:12+02:00
drs: Check target object is known after applying objects
Currently we only check that the target object is known at the end of
the transaction (i.e. the .prepare_commit hook). It's too late at this
point to resend the request with GET_TGT. Move this processing earlier
on, after we've applied all the objects (i.e. off the .extended hook).
In reality, we need to perform the checks at both points. I've
split the common code that gets the source/target details out of the
la_entry into a helper function. It's not the greatest function ever,
but seemed to make more sense than duplicating the code.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
- - - - -
cc201c2c by Tim Beale at 2017-08-18T06:07:12+02:00
drepl: Support GET_TGT on periodic replication client
- Update IDL comments to include Microsoft reference doc
- Add support for sending v10 GetNCChanges request (needed for the
GET_TGT flag, which is in the new 'more_flags' field)
- Update to also set the GET_TGT flag in the same place we were setting
GET_ANC (I split this logic out into a separate function).
- The state struct now needs to hold a 'more_flags' field as well (this
flag is different to the GET_ANC replica flag)
Note that using the GET_TGT when replicating from a Windows DC could be
highly inefficient. Because Samba keeps the GET_TGT flag set throughout
the replication cycle, it will basically receive a repeated object from
Windows for every single linked attribute that it receives.
I believe Windows behaviour only expects the client to set the GET_TGT
flag when it actually needs to (i.e. when it receives a target object it
doesn't know about), rather than throughout the replication cycle.
However, this approach won't work with Samba-to-Samba replication,
because when the server receives the GET_TGT flag it restarts the
replication cycle from scratch. So if we only set the GET_TGT flag when
the client encountered an unknown target then Samba-to-Samba could
potentially get into an endless replication loop.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
- - - - -
f87332eb by Tim Beale at 2017-08-18T06:07:12+02:00
replmd: Set GET_ANC if Windows sends a link with unknown source object
Windows replication can send the linked attribute before it sends the
source object. The MS-DRSR spec says that in this case the client should
resend the GetNCChanges request with the GET_ANC flag set. In my testing
this resolves the problem - Windows will include the source object for the
linked attribute in the same replication chunk.
This problem doesn't happen with Samba-to-Samba replication, because the
source object for the linked attribute is guaranteed to have already been
sent.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
- - - - -
f812c29d by Tim Beale at 2017-08-18T06:07:12+02:00
drs_utils: Add GET_TGT support to 'samba-tool drs replicate --local'
Update drs_Replicate.replicate() so it handles being passed the GET_TGT
flag (more_flags). To do this, we need to always use a v10 GetNCChanges
request (v8 and v10 are essentially the same except for the more_flags).
If the replicate_chunk() call into the C bindings throws an error, check
to see whether the error could be fixed by setting the GET_TGT flag, and
re-send the request if so.
Unfortunately because WERR_DS_DRA_RECYCLED_TARGET isn't documented with
the other AD error codes, I've left it hardcoded for now (Microsoft
should be fixing up their Docs).
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
- - - - -
18ea167a by Tim Beale at 2017-08-18T06:07:12+02:00
replmd: Move where we store linked attributes
There was a bug in my previous patch where the code would verify
*all* links in the list, rather than just the ones that are new. And it
would do this for every replication chunk it received, regardless of
whether there were actually any links in that chunk.
The problem is by the time we want to verify the attributes, we don't
actually know which attributes are new. We can fix this by moving where
we store the linked attributes from the start of processing the
replication chunk to the end of processing the chunk. We can then verify
the new linked attributes at the same time we store them.
Longer-term we may want to try to apply the linked attribute at this
point. This would save looking up the source/target objects twice, but
it makes things a bit more complicated (attributes will usually apply at
this point *most* of the time, but not *all* the time).
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
- - - - -
ab12aed7 by Tim Beale at 2017-08-18T06:07:12+02:00
replmd: Avoid dropping links if link target is deleted
The server-side can potentially send the linked attribute before the
target-object. This happens on Microsoft, and will happen on Samba once
server-side GET_TGT support is added. In these cases there is a hole
where the Samba client can silently drop the linked attribute.
If the old copy of the target object was deleted/recycled, then the
client can receive the new linked attribute before it realizes the target
has now been reincarnated. It silently ignores the linked attribute,
thinking its receiving out of date information, when really it's the
client's copy of the target object that's out of date.
In this case we want to retry with the GET_TGT flag set, which will
force the updated version of the target object to be sent along with the
linked attribute. This deleted/recycled target case is the main reason
that Windows added the GET_TGT flag.
If the server sends all the links at the end, instead of along with the
source object, then this case can still be hit. If so, it will cause the
server to restart the replication from the beginning again. This is
probably preferential to silently dropping links.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
- - - - -
89cf5c3f by Tim Beale at 2017-08-18T06:07:12+02:00
replmd: Don't fail cycle if we get link for deleted object with GET_TGT
We are going to end up supporting 2 different server schemes:
A. the old/default behaviour of sending all the linked attributes last,
at the end of the replication cycle.
B. the new/Microsoft way of sending the linked attributes interleaved
with the source/target objects.
Normally if we're talking to a server using the old scheme-A, we won't
ever use the GET_TGT flag. However, there are a couple of cases where
it can happen:
- A link to a new object was added during the replication cycle.
- An object was deleted while the replication was in progress (and
the linked attribute got queued before the object was deleted).
Talking to an Samba DC running the old scheme will just cause it to
start the replication cycle from scratch again, which is fairly
harmless. However, there is a chance that the same thing can happen
again, in which case the replication cycle will fail (because GET_TGT
was already set).
Even if we're using the new scheme (B), we could still potentially hit
this case, as we can still queue up linked attributes between requests
(group memberships can be larger than what can fit into a single
replication chunk).
If GET_TGT is set in the GetNcChanges request, then the local copy of
the target object should always be up-to-date when we process the linked
attribute. So if we still think the target object is deleted/recycled at
this point, then it's safe to ignore the linked attribute (because we
know our local copy is up-to-date). This logic matches the MS spec logic
in ProcessLinkValue().
Not failing the replication cycle may be beneficial if we're trying to
do a full-sync of a large database. Otherwise it might be time-consuming
and frustrating to repeat the sync unnecessarily.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
- - - - -
fae5df89 by Tim Beale at 2017-08-18T06:07:12+02:00
replmd: Try to add forward-link for unknown cross-partition links
Previously Samba would just drop cross-partition links where the link
target object is unknown. Instead, what we want to do is try to add the
forward link for the GUID specified. We can't add the backlink because
we don't know the target, however, dbcheck should be able to fix any
missing backlinks.
The new behaviour should now mean dbcheck will detect the problem and be
able to fix it. It's still not ideal, but it's better than dropping the
link completely.
I've updated the log so that it has higher severity and tells the user
what they need to do to fix it.
These changes now mean that the selftests now detect an error - instead
of completely dropping the serverReference, we now have a missing
backlink. I've updated the selftests to fix up any missing
serverReference backlinks before running dbcheck.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
- - - - -
4cfc2968 by Tim Beale at 2017-08-18T06:07:12+02:00
getncchanges.py: Add a new test for replication
This adds a new test to check that if objects are modified during a
replication, then those objects don't wind up missing from the
replication data.
Note that when this scenario occurs, samba returns the objects in a
different order to Windows. This test doesn't care what order the
replicated objects get returned in, so long as they all have been
received by the end of the test.
As part of this, I've refactored _check_replication() in drs_base.py so
it can be reused in new tests. In these cases, the objects are split up
over multiple different chunks. So asserting that the objects are returned
in a specific order makes it difficult to run the same test on both Samba
and Windows.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
- - - - -
9f0ae6e4 by Tim Beale at 2017-08-18T06:07:12+02:00
getncchanges.py: Add GET_ANC replication test case
This test:
- creates blocks of parent/child objects
- modifies the parents, so the child gets received first in the
replication (which means the client has to use GET_ANC)
- checks that we always receive the parent before the child (if not, it
either retries with GET_ANC, or asserts if GET_ANC is already set)
- modifies the parent objects to change their USN while the
replication is in progress
- checks that all expected objects are received by the end of the
test
I've added a repl_get_next() function to help simulate a client's
behaviour - if it encounters an object it doesn't know the parent of,
then it retries with GET_ANC.
Also added some debug to drs_base.py that developers can turn on to make
it easier to see what objects we're actually receiving in the
responses.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
- - - - -
0bb4d282 by Tim Beale at 2017-08-18T06:07:12+02:00
getncchanges.py: Add test for GET_ANC and linked attributes
Add a basic test that when we use GET_ANC and the parents have linked
attributes, then we receive all the expected links and all the expected
objects by the end of the test.
This extends the test code to track what linked attributes get received
and check whether they match what's present on the DC.
Also made some minor cleanups to store the received objects/links each
time we successfully receive a GETNCChanges response (this saves the
test case having to repeat this code every time).
Note that although this test involves linked attributes, it shouldn't
exercise the GET_TGT case at all.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
- - - - -
37e49a2a by Stefan Metzmacher at 2017-08-18T06:07:12+02:00
s3:secrets: allow secrets_fetch_or_upgrade_domain_info() on an AD DC
The reason for the check is for write access as secrets.ldb is the
master database.
But secrets_fetch_or_upgrade_domain_info() just syncs the values
we got from if they got overwritten by secrets_store_machine_pw_sync().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12973
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cd813f7f by Stefan Metzmacher at 2017-08-18T10:04:56+02:00
s3:gse_krb5: make use of precalculated krb5 keys in fill_mem_keytab_from_secrets()
This avoids a lot of cpu cycles, which were wasted for each single smb
connection, even if the client didn't use kerberos.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12973
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Aug 18 10:04:57 CEST 2017 on sn-devel-144
- - - - -
08cee6cf by Andreas Schneider at 2017-08-18T14:01:27+02:00
s3:utils: Allow to run smbpasswd as user
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12974
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Aug 18 14:01:27 CEST 2017 on sn-devel-144
- - - - -
79cfa2e5 by Volker Lendecke at 2017-08-18T20:49:42+02:00
xattr.id: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Aug 18 20:49:42 CEST 2017 on sn-devel-144
- - - - -
0f9d1024 by Stefan Metzmacher at 2017-08-19T01:41:24+02:00
s3:libsmb: let get_ipc_connect() use CLI_FULL_CONNECTION_FORCE_SMB1
get_ipc_connect() is only used in code paths that require cli_NetServerEnum()
to work, so it must already require SMB1 only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12876
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3111463e by Stefan Metzmacher at 2017-08-19T01:41:24+02:00
s3:smbclient: improve the error messages for smbclient -L
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12863
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
379e5c1c by Stefan Metzmacher at 2017-08-19T01:41:24+02:00
s3:smbclient: don't try any workgroup listing with "client min protocol = SMB2"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12863
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ecca9573 by Stefan Metzmacher at 2017-08-19T01:41:24+02:00
s3:libsmb: don't call cli_NetServerEnum() on SMB2/3 connections in SMBC_opendir_ctx()
This is all we can do with when using we allow SMB2/3 and the server supports
it, 'smb://' can't work unless we implement LLMNR and maybe WSD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12876
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2901ed0d by Stefan Metzmacher at 2017-08-19T01:41:24+02:00
s3:libsmb: let do_connect() debug the negotiation result similar to "session request ok"
Also modify non-specified max_protocol to be PROTOCOL_LATEST
(currently PROTOCOL_SMB3_11).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12881
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fe9067bc by Andreas Schneider at 2017-08-19T05:33:41+02:00
s3:printing: Add NULL check for state_path()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Aug 19 05:33:41 CEST 2017 on sn-devel-144
- - - - -
051a3ff6 by Lumir Balhar at 2017-08-22T13:47:15+02:00
python: scripting: Port ntstatus and werror generators to Python 3 compatible form.
Signed-off-by: Lumir Balhar <lbalhar at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
- - - - -
0ffe030c by Lumir Balhar at 2017-08-22T17:38:17+02:00
python: Make generated modules samba.ntstatus and samba.werror Python 3 compatible.
Signed-off-by: Lumir Balhar <lbalhar at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Aug 22 17:38:17 CEST 2017 on sn-devel-144
- - - - -
a5a19fa5 by Ralph Boehme at 2017-08-22T23:32:13+02:00
tdb: rename struct tdb_traverse_lock hash member to list
The variable stores the hashtable bucket, not the hash. No change in
behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f2b7bc23 by Ralph Boehme at 2017-08-22T23:32:13+02:00
tbd: BUCKET(-1) returns wrong offset because tdb->hash_size is an unsigned int
The following C program demonstrates the issue:
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <stdbool.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <dirent.h>
#include <sys/types.h>
int main(int argc, char **argv)
{
int hash = -1;
int tsize_signed = 10;
unsigned int tsize_unsigned = 10;
int bucket;
#define BUCKET(hash, tsize) ((hash) % (tsize))
bucket = BUCKET(hash, tsize_unsigned);
printf("hash [%d] tsize [%d] bucket [%d]\n", hash, tsize_unsigned, bucket);
bucket = BUCKET(hash, tsize_signed);
printf("hash [%d] tsize [%d] bucket [%d]\n", hash, tsize_signed, bucket);
return 0;
}
Output:
$ ./tmp
hash [-1] tsize [10] bucket [5]
hash [-1] tsize [10] bucket [-1]
The first version is what the current BUCKET() macro does. As a result
we lock the hashtable chain in bucket 5, NOT the freelist.
-1 is sign converted to an unsigned int 4294967295 and
4294967295 % 10 = 5.
As all callers will lock the same wrong list consistently locking is
still consistent.
Stumpled across this when looking at the output of `tdbtool DB list`
which always printed some other hashchain and not the freelist.
The freelist bucket offset computation doesn't use the BUCKET macro in
freelist.c (directly or indirectly) when working on the freelist, it
just directly uses the FREELIST_TOP define, so this problem only affects
tdbtool list.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d2c78695 by Ralph Boehme at 2017-08-22T23:32:13+02:00
tdb: document hashtable bucket offset calculation madness
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a43affd4 by Ralph Boehme at 2017-08-22T23:32:13+02:00
tdb: fix tbdtool list freelist output
Due to the non-fixable bug in the BUCKET macro tdbtool list printed some
other hash chainlist, not the freelist.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12888
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
95e30b08 by Andreas Schneider at 2017-08-23T03:23:55+02:00
s3:utils: Do not report an invalid range for AD DC role
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12629
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Aug 23 03:23:55 CEST 2017 on sn-devel-144
- - - - -
7a554ee7 by Andreas Schneider at 2017-08-23T13:16:20+02:00
s3:libsmb: Pass domain to remote_password_change()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
- - - - -
c773844e by Andreas Schneider at 2017-08-23T13:16:20+02:00
s3:libsmb: Move prototye of remote_password_change()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
- - - - -
41a31a71 by Andreas Schneider at 2017-08-23T13:16:20+02:00
s3:utils: Make strings const passed to password_change() in smbpasswd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
- - - - -
b4833406 by Andreas Schneider at 2017-08-23T13:16:20+02:00
s3:utils: Pass domain to password_change() in smbpasswd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
- - - - -
dc129a96 by Andreas Schneider at 2017-08-23T13:16:20+02:00
s3:utils: Make sure we authenticate against our SAM name in smbpasswd
If a local user wants to change his password using smbpasswd and the
machine is a domain member, we need to make sure we authenticate against
our SAM and not ask winbind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
- - - - -
4a4bfcb5 by Andreas Schneider at 2017-08-23T13:16:20+02:00
s3:utils: Remove pointless if-clause for remote_machine
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Review with: git show -U20
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
- - - - -
531ef64b by Andreas Schneider at 2017-08-23T17:05:48+02:00
s3:tests: Add test for changing the local user password with smbpasswd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12975
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Aug 23 17:05:48 CEST 2017 on sn-devel-144
- - - - -
81a46c0a by Volker Lendecke at 2017-08-24T01:46:07+02:00
acl_common: Pass get_acl_blob_fn as a pointer to get_nt_acl_internal
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ce8a22d2 by Volker Lendecke at 2017-08-24T01:46:07+02:00
acl_common: Pass store_acl_blob_fsp through store_v3_blob
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
48815f8c by Volker Lendecke at 2017-08-24T01:46:07+02:00
acl_common: Avoid "#include vfs_acl_common.c"
This makes vfs_acl_common.c a subsystem of its own that acl_xattr and acl_tdb
now link against, not #include it.
This patch is a bit on the large and clumsy side, but splitting it up would
(I believe) involve a separate intermediate copy of acl_common.c.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a6f391b8 by Christof Schmitt at 2017-08-24T01:46:08+02:00
vfs_default: Fix passing of errno from async calls
Current code assigns errno from async pthreadpool calls to the
vfs_default internal vfswrap_*_state. The callers of the vfs_*_recv
functions expect the value from errno in vfs_aio_state.error.
Correctly assign errno to vfs_aio_state.error and remove the unused
internal err variable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12983
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c66b2145 by Volker Lendecke at 2017-08-24T01:46:08+02:00
tdb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ab132ba7 by Volker Lendecke at 2017-08-24T01:46:08+02:00
configure: Centralize check for posix_fallocate
This checks for posix_fallocate unless we are sitting on an ancient glibc.
With this we don't need HAVE_BROKEN_POSIX_FALLOCATE anymore,
HAVE_POSIX_FALLOCATE will only be defined if we have a valid [g]libc.
./configure tested on Debian, FreeBSD (which does have posix_fallocate) and
OpenBSD (which does not have posix_fallocate). Also tested with changing the
not have an old-enough glibc around. All did the right thing.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3e7efbfb by Volker Lendecke at 2017-08-24T01:46:08+02:00
tdb: Protect against EINTR
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c7211882 by Volker Lendecke at 2017-08-24T01:46:08+02:00
tdb: Truncate the file after expand failure
Without this it's very easy to create virtually huge files: ftruncate expands a
file, the pwrites fail with ENOSPC, thus the write fails. The next writer runs
into the same situation, and ftruncate-expands the file even further. tdb_check
will then spend ages reading the 4GB of zeros byte by byte.
Here we hold the freelist lock or are inside a transaction, so it is safe to
cut the file again. Nobody can have used the space that we have tried to
allocate, so we can't have any stray pointers corrupting the database.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a05debc1 by Volker Lendecke at 2017-08-24T01:46:08+02:00
tdb: Add an intermediate variable
More README.Coding, but I need "ret" in the next commit as well :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a475e1c4 by Volker Lendecke at 2017-08-24T05:38:49+02:00
tdb: Use posix_fallocate
This should be significantly faster than pwriting.
openbsd doesn't have posix_fallocate, so we do need the fallback. Also, it
might have weird failure modes, so we keep the old code in place except for
posix_fallocate returning success or ENOSPC.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 24 05:38:49 CEST 2017 on sn-devel-144
- - - - -
59dc9eb7 by Andreas Schneider at 2017-08-24T05:39:26+02:00
wafsamba: Add INSTALL_DIR function
The install_dir function in waf has been deprecated and it doesn't
support setting directory permissions. So we need to implement our own
function anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4311332a by Andreas Schneider at 2017-08-24T05:39:26+02:00
wafsamba: Call INSTALL_DIR in INSTALL_DIRS
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3a719dc6 by Andreas Schneider at 2017-08-24T09:29:05+02:00
dynconfig: Use INSTALL_DIR to create directories
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Aug 24 09:29:05 CEST 2017 on sn-devel-144
- - - - -
f9c0a8e3 by Andreas Schneider at 2017-08-24T09:30:33+02:00
s3:spoolss: Set timeout values to the one which Windows uses by default
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
f4491774 by Andreas Schneider at 2017-08-24T09:30:33+02:00
s3:script: Untaint user supplied data in modprinter.pl
spoolss_SetPrinter fails because of the error produced by modprinter.pl.
Perl error:
Insecure dependency in open while running setgid at modprinter.pl line 76.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12950
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
731fe596 by Andreas Schneider at 2017-08-24T09:30:33+02:00
s4:torture: Use a different driver name for add_driver tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12984
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
bd44e435 by Andreas Schneider at 2017-08-24T09:30:33+02:00
s4:torture: Delete printer before we remove the driver
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12984
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
c90069b2 by Andreas Schneider at 2017-08-24T13:23:21+02:00
s4:torture: The teardown function should just return
The teardown functions should not return on error but finish cleaning
up!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12984
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Aug 24 13:23:22 CEST 2017 on sn-devel-144
- - - - -
6d7681c7 by Andreas Schneider at 2017-08-24T17:22:18+02:00
s3:libsmb: Print the kinit failed message with DBGLVL_NOTICE
The default debug level of smbclient is set to 'log level = 1'. So we
need to use at least NOTICE to not get the message when we do not force
kerberos.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12704
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Aug 24 17:22:18 CEST 2017 on sn-devel-144
- - - - -
c804f260 by Stefan Metzmacher at 2017-08-24T21:17:48+02:00
tdb: version 1.3.15
* Add protection against EINTR.
* Truncate the file after expand failure, ENOSPC
* Use posix_fallocate() to expand the file
* Fix GCC compiler warnings
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Aug 24 21:17:48 CEST 2017 on sn-devel-144
- - - - -
00f32962 by Volker Lendecke at 2017-08-25T00:15:20+02:00
ctdb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
27fae4ce by Volker Lendecke at 2017-08-25T04:10:25+02:00
schannel.idl: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Aug 25 04:10:25 CEST 2017 on sn-devel-144
- - - - -
205969dd by Amitay Isaacs at 2017-08-25T09:41:25+02:00
ctdb-tests: Add functions to start/stop/restart ctdb on single node
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
9691b72a by Amitay Isaacs at 2017-08-25T09:41:25+02:00
ctdb-tests: Add functions to start/stop/restart a single local daemon
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
9a92d712 by Amitay Isaacs at 2017-08-25T09:41:25+02:00
ctdb-tests: Add a test to check databases are attached with correct flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
4bd0a20a by Amitay Isaacs at 2017-08-25T09:41:25+02:00
ctdb-client: Fix ctdb_ctrl_createdb() to use database flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
9987fe72 by Amitay Isaacs at 2017-08-25T09:41:26+02:00
ctdb-client: Optionally return database id from ctdb_ctrl_createdb()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
1f7f1123 by Amitay Isaacs at 2017-08-25T13:32:58+02:00
ctdb-client: Fix ctdb_attach() to use database flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Fri Aug 25 13:32:58 CEST 2017 on sn-devel-144
- - - - -
d11532c4 by Andreas Schneider at 2017-08-25T16:15:08+02:00
s3:modules: Avoid setting the sign bit to 1.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1e002db7 by Andreas Schneider at 2017-08-25T16:15:08+02:00
s4:torture: Fix talloc_array in test_EnumValue()
Found by Coverity.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ec8ec35b by Andreas Schneider at 2017-08-25T16:15:08+02:00
s4:torture: Do not overrun arrays in test_displayshares()
If we do not 'break', we overrun the array access size.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
11ae26e6 by Andreas Schneider at 2017-08-25T20:05:32+02:00
s3:vfs: Do not overrun array ad->ad_eid
The array is defined as:
struct ad_entry ad_eid[ADEID_MAX]
Found by Coverity.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Aug 25 20:05:32 CEST 2017 on sn-devel-144
- - - - -
fb8e0343 by Ralph Boehme at 2017-08-26T01:15:09+02:00
selftest: enable kernel change notifications in the fileserver environment
This environment is currently not used for any test in the smb2
testsuite, so this change doesn't affect any existing test.
A subsequent commit will add a test for change notifications with kernel
change notify enabled. It verifies a bug (this one) that only crops up
in such a setup and causes rename events to get lost.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
71a68d22 by Ralph Boehme at 2017-08-26T01:15:09+02:00
selftest: run smb2.notify-inotify testsuite against fileserver
Next commit adds the suite and a test.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
51f40a0e by Ralph Boehme at 2017-08-26T05:05:08+02:00
s4/torture: add a test for rename change notification with inotify enabled
This is already fixed in master by
5eccc2fd0072409f166c63e6876266f926411423~10..5eccc2fd0072409f166c63e6876266f926411423.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Aug 26 05:05:08 CEST 2017 on sn-devel-144
- - - - -
9f245aaf by Love Hornquist Astrand at 2017-08-28T11:18:15+02:00
HEIMDAL: allow optional q in DH DomainParameters
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from heimdal commit e8317b955f5a390c4f296871ba6987ad05478c95)
- - - - -
dd3e06f1 by Love Hornquist Astrand at 2017-08-28T15:10:54+02:00
HEIMDAL: don't bother seeing q if not sent
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from heimdal commit 19f9fdbcea11013cf13ac72c416f161ee55dee2b)
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Aug 28 15:10:54 CEST 2017 on sn-devel-144
- - - - -
7b58c8f5 by Ralph Boehme at 2017-08-29T01:00:34+02:00
s3/mdssvc: missing assignment in sl_pack_float
Spotted by -Werror=maybe-uninitialized:
../source3/rpc_server/mdssvc/marshalling.c: In function ‘sl_pack_float’:
../source3/rpc_server/mdssvc/marshalling.c:171:11: error:
‘ieee_fp_union.w’ may be used uninitialized in this function
[-Werror=maybe-uninitialized]
offset = sl_push_uint64_val(buf, offset, bufsize, ieee_fp_union.w);
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12991
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f9d4158f by David Disseldorp via samba-technical at 2017-08-29T04:54:50+02:00
tests/fake_snap: sanitize paths
Ensure fake_snap.pl can be run in taint mode (-T), by sanitizing paths
and the PATH env. This fixes the following samba3.rpc.fsrvp selftest
failures:
Insecure dependency in mkdir while running setgid at (eval 2) line 4.
snap create failed: NT_STATUS_UNSUCCESSFUL
snap create failed for shadow copy of /home/ddiss/isms/samba/st/nt4_dc/share
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12988
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 29 04:54:51 CEST 2017 on sn-devel-144
- - - - -
dd863b60 by Andrew Bartlett at 2017-08-29T07:23:28+02:00
s4-drsuapi: Avoid segfault when replicating as a non-admin with GUID_DRS_GET_CHANGES
Users who are not administrator do not get b_state->sam_ctx_system filled in.
We should probably use the 'sam_ctx' variable in all cases (instead of
b_state->sam_ctx*), but I'll make this change in a separate patch, so
that the bug fix remains independent from other tidy-ups.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12946
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
f8a30d31 by Tim Beale at 2017-08-29T07:23:28+02:00
s4-drsuapi: Use sam_ctx consistently in dcesrv_drsuapi_DsGetNCChanges()
Trying to use bstate->sam_ctx_system by mistake can cause crashes if
non-admin users replicate. To avoid this problem we use the sam_ctx
variable, however it wasn't used consistently everywhere. Replace the
remaining references to b_state->sam_ctx to avoid potential confusion.
This change was made based on review feedback from Metze.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
2feea240 by Andrew Bartlett at 2017-08-29T07:23:28+02:00
dsdb: Use samba.generate_random_password() in dirsync test
We do not like fixed passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12946
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
53512529 by Andrew Bartlett at 2017-08-29T07:23:28+02:00
selftest: Make dirsync test use symobolic name and OA not A
A is for Allow, OA is for Object Allow, which means check the GUID.
The previous ACE allowed all access, which was not the intention.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
607ba1a2 by Andrew Bartlett at 2017-08-29T07:23:28+02:00
s4-drsuapi: Refuse to replicate an NC is that not actually an NC
This prevents replication of an OU, you must replicate a whole NC per Windows 2012R2
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
83f23380 by Andrew Bartlett at 2017-08-29T07:23:28+02:00
selftest: encrypt the LDAP connection in drs_base.py
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
cdb8c4ae by Andrew Bartlett at 2017-08-29T07:23:28+02:00
selftest: Move get_partial_attribute_set() to DrsBaseTestCase
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
87bc8d8f by Andrew Bartlett at 2017-08-29T07:23:28+02:00
selftest: Confirm privileged replication of an OU is not permitted
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
122c8e1f by Tim Beale at 2017-08-29T07:23:28+02:00
selftest: Extend further getnc_unpriv tests to pass against windows 2012R2
An important change in this patch is changing the ACE type from
A (Allow)
to
AO (Object Allow)
as that will then respect the supplied GUID, which we also make use
the constant from the security.idl.
This reworks the tests to check replication with users with the
following rights:
- only GET_CHANGES
- only GET_ALL_CHANGES
- both GET_CHANGES and GET_ALL_CHANGES
- no rights
We basically want to test various different GetNCChanges requests
against each type of user rights, and the only difference is the
error/success value we get back. I've structured the tests this way, so
that we have 4 test_repl_xyz_userpriv() functions (to cover each of the
above user rights cases), and each test sends the same series of
GetNCChanges requests of varying validity.
Currently all these tests fail against Samba because Samba sends
different error codes to Windows.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
3c8fa7b2 by Tim Beale at 2017-08-29T07:23:28+02:00
s4-drsuapi: Change REPL_SECRET error code to match Windows
The existing SOURCE_DISABLED error code doesn't seem to make a lot of
sense. Window sends back an ACCESS_DENIED error in the same situation,
which seems more appropriate.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
6158f183 by Tim Beale at 2017-08-29T07:23:28+02:00
selftest: GetNCChanges can 'accept' a repeated bad request
In theory, if we send the exact same rejected request again, we should
get the same response back from the DC. However, we don't - the request
is accepted if we send it a second time.
This patch updates the repl_rodc test to demonstrate the problem (which
now causes the test to fail).
Note that although the bad GetNCChanges request is not rejected outright,
the response that gets sent back is empty - it has no objects in it, so
it's not an actual security hole. It is annoying problem for writing
self-tests though.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
2d0766a4 by Tim Beale at 2017-08-29T07:23:28+02:00
s4-drsuapi: Set getnc_state *after* we've checked request is valid
We were creating the getnc_state (and storing it on the connection)
before we had done some basic checks that the request was valid. If the
request was not valid and we returned early with an error, then the
partially-initialized getnc_state was left hanging on the connection.
The next request that got sent on the connection would try to use this,
rather than creating a new getnc_state from scratch.
The main side-effect of this was if you sent an invalid GetNCChanges
request twice, then it could be rejected the first time and accepted the
second time.
Note that although an invalid request was accepted, it would typically
not return any objects, so it would not actually leak any secure
information.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
37ed946c by Tim Beale at 2017-08-29T07:23:28+02:00
selftest: Update getnc_unpriv tests to pass against Samba
In general Windows seems to return BAD_DN rather than ACCESS_DENIED for
an unprivileged user. In the the long-term, it's unrealistic to think
that Samba and Windows will agree exactly on every error code returned.
So for the tests to be maintainable and pass against Windows and Samba,
they need to handle differences in expected errors. To get around this
problem, I've changed the expected_error to be a set, so that multiple
error codes (one for Microsoft, one for Samba) can be specified for each
test case. This approach also highlights the cases where Microsoft and
Samba currently differ.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
d6a384b2 by Tim Beale at 2017-08-29T07:23:28+02:00
s4-drsuapi/selftest: Add extra tests for invalid DNs
Add some test cases to check for requests for invalid/non-existent DNs.
This exercises the first return case added in commit:
s4-drsuapi: Refuse to replicate an NC is that not actually an NC
I've also updated the error code returned here to match Windows.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
b6e63795 by Tim Beale at 2017-08-29T07:23:28+02:00
selftest: Use a unique(ish) OU for every run of getnc_unpriv
An intermittent problem I noticed with tests in the past is that the
setup can fail to create the base OU because it already exists.
I believe this is because the previous testenv DC has replicated out the
test object, but not its deletion at the point that the next testenv DC
starts running the test.
This only seemed to happen very occassionally (I haven't seen it
happen with getnc_unpriv yet, but I also haven't run it through the
autobuild yet).
Using same randomness in the test OU should help avoid this sort of
problem, and it matches what some other replication tests do.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
bff81a2c by Andrew Bartlett at 2017-08-29T07:23:29+02:00
ldb: Add LDB_UNPACK_DATA_FLAG_NO_ATTRS
This will allow us to avoid a full unpack in situations where we just want to confirm
if the DN exists
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
3164c0ac by Andrew Bartlett at 2017-08-29T11:13:50+02:00
ldb_tdb: Rework ltdb_modify_internal() to use ltdb_search_dn1() internally
This avoids duplicate code and allows us to use the allocation-avoiding
LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC flag.
We can not use LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC as el2->values
is talloc_realloc()ed in the routine.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Aug 29 11:13:50 CEST 2017 on sn-devel-144
- - - - -
5f5762d6 by Martin Schwenke at 2017-08-29T11:14:09+02:00
ctdb-daemon: Narrow a #include
Only time.h is needed here, not all of samba_util.h.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
710f5d92 by Martin Schwenke at 2017-08-29T11:14:09+02:00
ctdb-daemon: Use become_daemon() instead of custom code
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
8149c984 by Martin Schwenke at 2017-08-29T11:14:09+02:00
ctdb-tests: Add comments describing sock daemon tests
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
fc6fdde6 by Martin Schwenke at 2017-08-29T11:14:09+02:00
ctdb-tests: Add improved PID file check to test2
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b67cc00c by Amitay Isaacs at 2017-08-29T11:14:09+02:00
ctdb-common: Move PID file creation to sock_daemon_run_send()
Only create PID file when actually starting the daemon, rather than
when setting up the context. This will facilitate future changes.
Tweak test to confirm that PID file is no longer created during setup.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4cb56038 by Martin Schwenke at 2017-08-29T11:14:09+02:00
ctdb-tests: Add a sock_daemon test for PID file contention
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
94cc5ead by Martin Schwenke at 2017-08-29T11:14:09+02:00
ctdb-common: Allow sock_daemon to daemonise during startup
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b8380197 by Martin Schwenke at 2017-08-29T11:14:09+02:00
ctdb-tests: Add sock daemon test for create_session
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
5b7bc0ae by Martin Schwenke at 2017-08-29T15:03:33+02:00
ctdb-tests: Add sock daemon test for do_fork
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue Aug 29 15:03:33 CEST 2017 on sn-devel-144
- - - - -
f0b85c1d by Peter Somogyi at 2017-08-30T00:16:51+02:00
s4/torture: make --unclist active with smb2 testcases
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12985
Signed-off-by: Peter Somogyi <psomogyi at hu.ibm.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Aug 30 00:16:51 CEST 2017 on sn-devel-144
- - - - -
7fdeea0f by Andrew Bartlett at 2017-08-30T10:48:19+02:00
dsdb: Add comment showing where the normal password rules are applied
This looks like a footnote, but is actually where the default password rules are applied.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a5dbcbee by Andrew Bartlett at 2017-08-30T10:48:20+02:00
password_hash: Make a common failure with "password hash gpg key ids" clearer
This drove me to strace before I understood what it really meant.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
841e763a by Andrew Bartlett at 2017-08-30T10:48:20+02:00
ldb: Fix tests to call the parent tearDown(), not setUp in tearDown
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
a5a2243f by Andrew Bartlett at 2017-08-30T14:58:32+02:00
ldb: Add tests for indexed and unindexed search expressions
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Aug 30 14:58:32 CEST 2017 on sn-devel-144
- - - - -
73748776 by Amitay Isaacs at 2017-08-30T14:59:21+02:00
ctdb-protocol: Separate marshalling for basic data types
This splits protocol_types.c and creates new protocol_basic.c.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
936fc23e by Amitay Isaacs at 2017-08-30T14:59:21+02:00
ctdb-tests: Reorganize protocol tests
This patch splits the protocol tests from:
protocol_types_test.c
protocol_client_test.c
and creates the following files:
protocol_common.[ch] - common code for data types
protocol_common_ctdb.[ch] - common code for ctdb protocol elements
protocol_common_event.[ch] - common code for eventd protocol elements
protocol_basic_test.c - basic data types
protocol_types_test.c - ctdb data types
protocol_ctdb_test.c - ctdb protocol
protocol_event_test.c - eventd protocol
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
c16d2585 by Amitay Isaacs at 2017-08-30T14:59:21+02:00
ctdb-protocol: Fix marshalling for GET_DB_SEQNUM control
In the control request, database id which is a 32-bit integer is sent
on wire as a 64-bit integer rather than a 32-bit integer. If we
convert the database id to 64-bit integer before sending, the order of
32-bits with database id will vary depending on the endian-ness.
Instead send the database id as first 32-bits and zeros as next 32-bits.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
62229f4c by Amitay Isaacs at 2017-08-30T14:59:21+02:00
ctdb-tests: Add test templates for various data types
These test templates will use new style of len/push/pull functions.
The differences in the new style of marshalling functions are:
1. len/push functions will be passed pointer to a value instead of the value
2. push/pull functions will additionally return the number of bytes consumed
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
5a2b2cc1 by Amitay Isaacs at 2017-08-30T14:59:21+02:00
ctdb-protocol: Add marshalling for uint8_t
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
453ff93b by Amitay Isaacs at 2017-08-30T14:59:21+02:00
ctdb-protocol: Add marshalling for uint16_t
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
5ee30249 by Amitay Isaacs at 2017-08-30T14:59:21+02:00
ctdb-protocol: Fix marshalling for int32_t
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
69a2cb88 by Amitay Isaacs at 2017-08-30T14:59:21+02:00
ctdb-protocol: Fix marshalling for uint32_t
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
890b696a by Amitay Isaacs at 2017-08-30T14:59:21+02:00
ctdb-protocol: Fix marshalling for uint64_t
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
222b6377 by Amitay Isaacs at 2017-08-30T14:59:21+02:00
ctdb-protocol: Fix marshalling for double
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
c1a2f423 by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Add marshalling for bool
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
4ce3e682 by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Add marshalling for fixed size char array
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
12021067 by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Fix marshalling for a string
Always return NULL terminated strings.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
1d684098 by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Fix marshalling for a string with length
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
e0cb2f7b by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Fix marshalling for pid_t
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
0056a9d7 by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Add marshalling for struct timeval
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
c9b541b0 by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Add padding data type to handle structure padding
This takes care of alignment sizes, so that it works on both 32-bit and
64-bit architectures.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
280a550e by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Move tdb_data marshalling code
There is no change in the code.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
3b86c241 by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Fix marshalling for tdb_data
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
ed4b4a2b by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Add marshalling for tdb_data with size
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
fc3f6147 by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Add marshalling for ctdb_latency_counter
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
82b7ec03 by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-tests: Add compatibility test for protocol data types
This patch prepares for testing old and new marshalling codes for
various data types to ensure backward compatibility.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
1cb6640f by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Fix marshalling for ctdb_statistics
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
28734f1b by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Fix marshalling for ctdb_vnn_map
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
917c0eca by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Add marshalling for ctdb_dbid
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
e347e2b4 by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Fix marshalling for ctdb_dbid_map
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
ba0b0903 by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Fix marshalling for ctdb_pulldb
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
04d0b305 by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Fix marshalling for ctdb_pulldb_ext
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
25217a9b by Amitay Isaacs at 2017-08-30T14:59:22+02:00
ctdb-protocol: Fix marshalling for ctdb_ltdb_header
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
b75a097d by Amitay Isaacs at 2017-08-30T14:59:23+02:00
ctdb-protocol: Drop header argument to ctdb_rec_data_pull_data()
Since header is always set to NULL, there is no need to pass header as
an argument.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
adab372e by Amitay Isaacs at 2017-08-30T14:59:23+02:00
ctdb-protocol: Fix marshalling for ctdb_rec_data
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
a57f0621 by Amitay Isaacs at 2017-08-30T14:59:23+02:00
ctdb-protocol: Use ctdb_rec_buffer_traverse to calaculate length of data
If the parser function is NULL, ctdb_rec_buffer_traverse will return the
amount of data used by ctdb_rec_data structures.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
676df877 by Amitay Isaacs at 2017-08-30T14:59:23+02:00
ctdb-protocol: Fix marshalling for ctdb_rec_buffer
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
c882182e by Amitay Isaacs at 2017-08-30T14:59:23+02:00
ctdb-protocol: Fix marshalling for ctdb_traverse_start
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
bad58078 by Amitay Isaacs at 2017-08-30T14:59:23+02:00
ctdb-protocol: Fix marshalling for ctdb_traverse_all
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
5caafc28 by Amitay Isaacs at 2017-08-30T14:59:23+02:00
ctdb-protocol: Fix marshalling for ctdb_traverse_start_ext
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
6f486766 by Amitay Isaacs at 2017-08-30T14:59:23+02:00
ctdb-protocol: Fix marshalling for ctdb_traverse_all_ext
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
32539cd5 by Amitay Isaacs at 2017-08-30T14:59:23+02:00
ctdb-protocol: Fix marshalling for ctdb_sock_addr
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
7f34ad2a by Amitay Isaacs at 2017-08-30T14:59:23+02:00
ctdb-protocol: Fix marshalling for ctdb_connection
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
60cb0678 by Amitay Isaacs at 2017-08-30T14:59:23+02:00
ctdb-protocol: Fix marshalling for ctdb_tunable
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
7f57cc0e by Amitay Isaacs at 2017-08-30T14:59:23+02:00
ctdb-protocol: Fix marshalling for ctdb_node_flag_change
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
c78d69b2 by Amitay Isaacs at 2017-08-30T14:59:23+02:00
ctdb-protocol: Fix marshalling for ctdb_var_list
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
95732609 by Amitay Isaacs at 2017-08-30T14:59:23+02:00
ctdb-protocol: Fix marshalling for ctdb_tunable_list
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
bac67e1a by Amitay Isaacs at 2017-08-30T14:59:23+02:00
ctdb-protocol: Fix marshalling for ctdb_tickle_list
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
4d70b972 by Amitay Isaacs at 2017-08-30T14:59:23+02:00
ctdb-protocol: Fix marshalling for ctdb_addr_info
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
e893b46e by Amitay Isaacs at 2017-08-30T14:59:23+02:00
ctdb-protocol: Fix marshalling for ctdb_transdb
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
d7c247dd by Amitay Isaacs at 2017-08-30T14:59:24+02:00
ctdb-protocol: Fix marshalling for ctdb_uptime
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
9e11de44 by Amitay Isaacs at 2017-08-30T14:59:24+02:00
ctdb-protocol: Fix marshalling for ctdb_public_ip
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
2a8dd025 by Amitay Isaacs at 2017-08-30T14:59:24+02:00
ctdb-protocol: Fix marshalling for ctdb_public_ip_list
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
c060d01b by Amitay Isaacs at 2017-08-30T14:59:24+02:00
ctdb-protocol: Fix marshalling for ctdb_node_and_flags
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
85d0825f by Amitay Isaacs at 2017-08-30T14:59:24+02:00
ctdb-protocol: Fix marshalling for ctdb_node_map
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
21171290 by Amitay Isaacs at 2017-08-30T14:59:24+02:00
ctdb-protocol: Fix marshalling for ctdb_script
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
74eaa036 by Amitay Isaacs at 2017-08-30T14:59:24+02:00
ctdb-protocol: Fix marshalling for ctdb_script_list
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
57a4d2e6 by Amitay Isaacs at 2017-08-30T14:59:24+02:00
ctdb-protocol: Fix marshalling for ctdb_ban_state
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
091ef60e by Amitay Isaacs at 2017-08-30T14:59:24+02:00
ctdb-protocol: Fix marshalling for ctdb_notify_data
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
1790509b by Amitay Isaacs at 2017-08-30T14:59:24+02:00
ctdb-protocol: Fix marshalling for ctdb_iface
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
a8569128 by Amitay Isaacs at 2017-08-30T14:59:24+02:00
ctdb-protocol: Fix marshalling for ctdb_iface_list
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
b03f3b56 by Amitay Isaacs at 2017-08-30T14:59:24+02:00
ctdb-protocol: Fix marshalling for ctdb_public_ip_info
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
132f201f by Amitay Isaacs at 2017-08-30T14:59:24+02:00
ctdb-protocol: Fix marshalling for ctdb_statistics_list
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
819b6310 by Amitay Isaacs at 2017-08-30T14:59:24+02:00
ctdb-protocol: Fix marshalling for ctdb_key_data
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
2abf9c1b by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-protocol: Fix marshalling for ctdb_db_statistics
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
d8309d95 by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-protocol: Fix marshalling for ctdb_election_message
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
95ae006d by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-protocol: Fix marshalling for ctdb_srvid_message
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
4d8359ad by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-protocol: Fix marshalling for ctdb_disable_message
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
a0bce370 by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-protocol: Fix marshalling for ctdb_server_id
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
0d5cc74a by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-protocol: Fix marshalling for ctdb_g_lock
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
3f5f61b9 by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-protocol: Fix marshalling for ctdb_g_lock_list
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
a8e50c1b by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-tests: Add test templates for ctdb protocol elements
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
b0ce8183 by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-tests: Add compatibility test for ctdb protocol elements
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
97184a8d by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-protocol: Fix marshalling for ctdb_req_header
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
abbf6626 by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-protocol: Fix marshalling for ctdb_req_call
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
aad7a3e0 by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-protocol: Fix marshalling for ctdb_reply_call
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
5eac7150 by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-protocol: Fix marshalling for ctdb_reply_error
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
dbe16ce0 by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-protocol: Fix marshalling for ctdb_req_dmaster
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
4c4094cd by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-protocol: Fix marshalling for ctdb_reply_dmaster
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
c88c317a by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-protocol: Fix marshalling for ctdb_req_control_data
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
e4fa09fa by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-protocol: Fix marshalling for ctdb_reply_control_data
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
bf782343 by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-protocol: Fix marshalling for ctdb_req_control
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
955426d4 by Amitay Isaacs at 2017-08-30T14:59:25+02:00
ctdb-protocol: Fix marshalling for ctdb_reply_control
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
504c486b by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Fix marshalling for ctdb_message_data
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
582ebec0 by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Fix marshalling for ctdb_req_message
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
3f2495a4 by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Fix marshalling for ctdb_req_message_data
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
f02a1a11 by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Add marshalling for ctdb_req_keepalive
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
b9b0c683 by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-tests: Remove unused #defines
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
9d892aeb by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-tests: Add test templates for eventd protocol elements
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
b880ac82 by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Fix marshalling for ctdb_event
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
672a9857 by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Fix marshalling for ctdb_event_command
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
ebba89ed by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Fix marshalling for ctdb_event_status_state
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
67174ebf by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Fix marshalling for ctdb_event_request_run
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
98715abe by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Fix marshalling for ctdb_event_request_status
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
933a0fa7 by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Fix marshalling for ctdb_event_request_script_enable
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
28414e09 by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Fix marshalling for ctdb_event_request_script_disable
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
a0a162a8 by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Fix marshalling for ctdb_event_request_data
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
4788016c by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Fix marshaling for ctdb_event_reply_status
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
ab88bad3 by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Fix marshalling for ctdb_event_reply_script_list
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
f8e1aaa3 by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Fix marshalling for ctdb_event_reply_data
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
54421df6 by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Fix marshalling for ctdb_event_header
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
b107397d by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Fix marshalling for ctdb_event_request
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
a8bdcf9c by Amitay Isaacs at 2017-08-30T14:59:26+02:00
ctdb-protocol: Fix marshalling of ctdb_event_reply
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
01dd8dd7 by Amitay Isaacs at 2017-08-30T18:55:42+02:00
ctdb-tests: Drop unused test template
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Wed Aug 30 18:55:42 CEST 2017 on sn-devel-144
- - - - -
ef3b31ab by Volker Lendecke at 2017-08-30T18:56:13+02:00
winbind: Fix a signed/unsigned hickup
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cc639765 by Volker Lendecke at 2017-08-30T22:44:45+02:00
winbind: Rename winbindd_cm_conn->netlogon_creds to _ctx
We have too many variables called _creds :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Aug 30 22:44:45 CEST 2017 on sn-devel-144
- - - - -
ff98e3fb by Volker Lendecke at 2017-08-31T17:44:22+02:00
pthreadpool: Fix fork behaviour
glibc's pthread_cond_wait(&c, &m) increments m.__data.__nusers, making
pthread_mutex_destroy return EBUSY. Thus we can't allow any thread waiting for
a job across a fork. Also, the state of the condvar itself is unclear across a
fork. Right now to me it looks like an initialized but unused condvar can be
used in the child. Busy worker threads don't cause any trouble here, they don't
hold mutexes or condvars. Also, they can't reach the condvar because _prepare
holds all mutexes.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13006
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
981e674a by Volker Lendecke at 2017-08-31T21:34:57+02:00
pthreadpool: Test fork with an active thread
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13006
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Aug 31 21:34:57 CEST 2017 on sn-devel-144
- - - - -
fc493780 by Amitay Isaacs at 2017-09-01T00:13:06+02:00
ctdb-tests: Shutdown local daemons unconditionally
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
ef46d352 by Martin Schwenke at 2017-09-01T00:13:06+02:00
ctdb-tests: Drop onnode test README file and buggy onnode example
These are of no value. The test system is documented elsewhere. An
old version of onnode can always be retrieved from git.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d6b77c30 by Martin Schwenke at 2017-09-01T00:13:06+02:00
ctdb-tools: Remove broken natgwlist command
The replacement was documented for Samba 4.5, so this is not worth fixing.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0dce39e2 by Martin Schwenke at 2017-09-01T00:13:06+02:00
ctdb-tests: Add tests to ensure reset of server end of connections
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
e78d2cbf by Martin Schwenke at 2017-09-01T00:13:06+02:00
ctdb-tests: Improve releaseip connection resetting tests
Make the tests more general by setting up the IP address using a
"takeip" event.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
15c91774 by Martin Schwenke at 2017-09-01T04:06:32+02:00
ctdb-common: Parse IPv4-mapped IPv6 addresses into IPv4 addresses
Tools like ctdb_killtcp can't route packets to IPv4-mapped IPv6
addresses so this works around that.
Add a test case to confirm that this works.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Fri Sep 1 04:06:32 CEST 2017 on sn-devel-144
- - - - -
1787a4b6 by Amitay Isaacs at 2017-09-01T08:52:07+02:00
ctdb-protocol: Add a generic packet header
This will avoid duplication when new daemons (and new client-server
protocols) are created out of the main ctdb daemon.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
164d65ac by Amitay Isaacs at 2017-09-01T08:52:07+02:00
ctdb-protocol: Replace ctdb_event_header with sock_packet_header
This removes the static declaration and adds prototype declarations
of ctdb_event_header marshalling functions to avoid compiler warnings.
These functions will be removed.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
dfa87862 by Amitay Isaacs at 2017-09-01T08:52:07+02:00
ctdb-protocol: Drop struct ctdb_event_header
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
dcc1eaf5 by Amitay Isaacs at 2017-09-01T08:52:07+02:00
ctdb-common: Add sock_client abstraction
This sets up boilerplate required for a client code connecting to a
server over unix domain socket. The communication between client
and server is "request" from client to server and "reply" from
server to client.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
dccd9630 by Amitay Isaacs at 2017-09-01T12:49:27+02:00
ctdb-client: Use sock_client abstraction for eventd client
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Fri Sep 1 12:49:27 CEST 2017 on sn-devel-144
- - - - -
19004113 by Christof Schmitt at 2017-09-04T10:09:23+02:00
vfs_gpfs: Do not map DELETE sharemode access to WRITE
A SMB client can deny the WRITE sharemode, but still grant the DELETE
sharemode. Mapping the requested DELETE access to WRITE access breaks
this case. Fix this by removing the incorrect mapping from DELETE access
to WRITE access.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
139bbf32 by Christof Schmitt at 2017-09-04T14:08:45+02:00
vfs_gpfs: Request DENY_DELETE sharemode when possible
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Sep 4 14:08:45 CEST 2017 on sn-devel-144
- - - - -
b74599b4 by Amitay Isaacs at 2017-09-05T11:20:15+02:00
ctdb-protocol: Fix CID 1417433
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
40c5361d by Amitay Isaacs at 2017-09-05T11:20:15+02:00
ctdb-protocol: Fix CID 1417430
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
587bdfe6 by Amitay Isaacs at 2017-09-05T15:16:06+02:00
ctdb-protocol: Fix CID 1417428
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Sep 5 15:16:06 CEST 2017 on sn-devel-144
- - - - -
d1c96dc0 by Volker Lendecke at 2017-09-05T19:12:34+02:00
messaging: Avoid a socket leak after fork
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13006
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Sep 5 19:12:34 CEST 2017 on sn-devel-144
- - - - -
970f78ea by Anoop C S at 2017-09-05T19:13:12+02:00
Remove misleading entry from vfs_streams_xattr man page
The line which is being removed says that streams_xattr vfs module
cannot be used when kernel oplocks is enabled. But the underlying
bug(#7537) and another dependant bug(#12791) has been resolved
sometime back.
Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5b53254f by Volker Lendecke at 2017-09-05T19:13:12+02:00
lib: Fix 1417431 Unchecked return value from library
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f8b491fa by Volker Lendecke at 2017-09-05T23:06:41+02:00
cli_credentials: Fix a return value
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Sep 5 23:06:42 CEST 2017 on sn-devel-144
- - - - -
47c03979 by Andreas Schneider at 2017-09-05T23:58:20+02:00
dynconfig: Change permission of the private dir to 0700
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
- - - - -
3b1aa2ca by Andreas Schneider at 2017-09-05T23:58:20+02:00
python:samba: Remove code to change group
This is the wrong place, it will just prepare the ldif. The file is not
created here.
The code is corrently changing the group in:
python/samba/provision/__init__.py
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
- - - - -
4c9608fb by Andreas Schneider at 2017-09-05T23:58:20+02:00
param: Add 'binddns dir' parameter
This allows to us to have restricted access to the directory by the group
'named' which bind is a member of.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
- - - - -
3fa7c43e by Andreas Schneider at 2017-09-05T23:58:20+02:00
s4:bind_dlz: Use the 'binddns dir' if possible
The code makes sure we are backwards compatible. It will first check if
we still have files in the private directory, if yes it will use those.
If the the file is not in the private directory it will try the binddns
dir.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
- - - - -
8f2dee25 by Andreas Schneider at 2017-09-05T23:58:20+02:00
python:samba: Use 'binddns dir' in samba-tool and samba_upgradedns
This provisions the bind_dlz files in the 'binddns dir'. If you want to
migrate to the new files strcuture you can run samba_upgradedns!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
- - - - -
2d0e1383 by Andreas Schneider at 2017-09-06T03:54:19+02:00
python:samba: Add code to remove obsolete files in the private dir
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 6 03:54:19 CEST 2017 on sn-devel-144
- - - - -
022aa5ea by Lumir Balhar at 2017-09-06T11:35:18+02:00
python: Port samba.security to Python 3 compatible form.
Signed-off-by: Lumir Balhar <lbalhar at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
6f877285 by Lumir Balhar at 2017-09-06T11:35:18+02:00
python: Add tests for check_access function from samba.security.
Signed-off-by: Lumir Balhar <lbalhar at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c81aff36 by Lumir Balhar at 2017-09-06T11:35:18+02:00
python: Fix bad type in conversion of NTSTATUS.
More info: https://lists.samba.org/archive/samba-technical/2017-August/122574.html
Signed-off-by: Lumir Balhar <lbalhar at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8c365c5f by Lumir Balhar at 2017-09-06T15:29:58+02:00
python: Enable execution of samba.tests.security with Python 3.
Signed-off-by: Lumir Balhar <lbalhar at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Sep 6 15:29:58 CEST 2017 on sn-devel-144
- - - - -
421fa346 by Jeremy Allison at 2017-09-07T02:01:08+02:00
third_party: Add the Intel Add support for AES-NI acceleration.
This commit takes the Linux kernel AES-NI code, and puts it into a
third_party private library. The Linux kernel code is under GPLv2+
so is compatible with Samba.
This can result in massive speed improvements (up to 200% on some
platforms), by using Intel AES-NI instructions.
These are the pristine check-ins of Linux kernel files for Intel AESNI crypto.
git show 8691ccd764f9ecc69a6812dfe76214c86ac9ba06:arch/x86/crypto/aesni-intel_asm.S
git show 2baad6121e2b2fa3428ee6cb2298107be11ab23a:arch/x86/include/asm/inst.h
Show the exact Linux kernel git refspecs we have imported.
These files are not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
Based on original work by Justin Maggard <jmaggard at netgear.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
11a56768 by Jeremy Allison at 2017-09-07T02:01:08+02:00
third_party: Add build capability to aesni-intel.
Minor modifications to code to allow building as a Samba
shared library.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
Based on original work by Justin Maggard <jmaggard at netgear.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3324b55b by Jeremy Allison at 2017-09-07T02:01:08+02:00
lib: crypt: Prepare the existing code to switch to Intel AES hardware instructions.
Rename the old struct aes_key as an intermediate struct aes_key_rj
and wrap it in a union so we can chose an alternate aes_key struct
when using Intel AES hardware.
Rename the original software implementations of:
AES_set_encrypt_key()
AES_set_decrypt_key()
AES_encrypt()
AES_decrypt()
by adding an _rj on the end, and call them via a wrapper
function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
Based on original work by Justin Maggard <jmaggard at netgear.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
53ac0f7c by Jeremy Allison at 2017-09-07T02:01:08+02:00
lib: crypto: Plumb in the Intel AES instructions.
Causes:
AES_set_encrypt_key()
AES_set_decrypt_key()
AES_encrypt()
AES_decrypt()
to probe for the Intel AES instructions at runtime (only once)
and then call the hardware implementations if so, otherwise
fall back to the software implementations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
Based on original work by Justin Maggard <jmaggard at netgear.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5f87a05a by Jeremy Allison at 2017-09-07T02:01:08+02:00
lib: crypto: Add the ability to select Intel AESNI instruction set at configure time.
Add --accel-aes=[none|intelaesni] to select.
Default is none.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c754f485 by Jeremy Allison at 2017-09-07T02:01:09+02:00
WHATSNEW: Add Using x86_64 Accelerated AES Crypto Instructions section.
Describes --accel-aes configure time option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1e4c32e3 by Volker Lendecke at 2017-09-07T05:56:14+02:00
cli_credentials: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Sep 7 05:56:14 CEST 2017 on sn-devel-144
- - - - -
070f24bc by Andrew Bartlett at 2017-09-07T06:56:26+02:00
selftest: Avoid a build started just before midnight failing
By allowing 41 or 42 days, we still test the expiry but are less sensitive to the
current time.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
da1e2341 by Andrew Bartlett at 2017-09-07T06:56:26+02:00
ldb_tdb: Use memcmp() to compare TDB keys in re_index()
The keys may not always be a null terminated string, they could well
be a binary GUID in a future revision, for efficiency..
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13016
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2d0007ee by Andrew Bartlett at 2017-09-07T06:56:26+02:00
ldb_tdb: Do not trigger the unique index check during a re-index, use another pass
We want to rename the objects, then scan looking for the index values.
This avoids a DB modify during the index scan traverse (the index values
are actually added to an in-memory TDB, written in prepare_commit()).
This allows us to remove the "this might already exist" case in the
index handling, we now know that the entry did not exist in the index
before we add it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
fec666b3 by Andrew Bartlett at 2017-09-07T06:56:26+02:00
ldb_tdb: Create a common ltdb_key_is_record() allowing multiple key forms
If backported, this allows old ldb versions to full-search and re-index newer databases
and in current code allows the transition to and from a GUID or incrementing ID based index
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13016
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3ce80cfb by Andrew Bartlett at 2017-09-07T06:56:26+02:00
ldb_tdb: Use memcmp rather than strncmp() in ltdb_key_is_record(), re_key() and re_index()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ffc8023a by Andrew Bartlett at 2017-09-07T06:56:26+02:00
ldb_tdb: Check for errors during tdb operations in ltdb_reindex()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6246c326 by Andrew Bartlett at 2017-09-07T06:56:26+02:00
ldb_tdb: Check for talloc_strdup() failure in ltdb_index_add1()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
54636011 by Andrew Bartlett at 2017-09-07T06:56:26+02:00
ldb_tdb: Use braces in ltdb_dn_list_find_val()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
01c49b1a by Andrew Bartlett at 2017-09-07T06:56:27+02:00
ldb_tdb: Refuse to re-index very old database with no DN in the record
These are not found on any AD DC, and would segfault previous LDB
versions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13015
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
37bb6299 by Andrew Bartlett at 2017-09-07T06:56:27+02:00
ldb: Add new ldb_ldif_message_redacted_string() with tests
This is designed to be a drop in replacement for
ldb_ldif_message_string() while better protecting privacy.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ba548168 by Andrew Bartlett at 2017-09-07T06:56:27+02:00
ldb: version 1.2.2
* Bug #13017: Add ldb_ldif_message_redacted_string() to allow debug
of redacted log messages, avoiding showing secret values
* Bug #13015: Allow re-index of newer databases with binary GUID TDB keys
(this officially removes support for re-index of the original
pack format 0, rather than simply segfaulting).
* Avoid memory allocation and so make modify of records in ldb_tdb faster
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
cc78de55 by Andrew Bartlett at 2017-09-07T06:56:27+02:00
repl_meta_data: Use ldb_ldif_message_redacted_string() to avoid printing secrets in logs
This avoids printing un-encrypted secret values in logs
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
7cfaf706 by Andrew Bartlett at 2017-09-07T06:56:27+02:00
linked_attributes: Use ldb_ldif_message_redacted_string() for consistency
This avoids printing un-encrypted secret values in logs, and while links are not likely
secret, this avoids a future copy and paste using ldb_ldif_message_string() again.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e3988f8f by Andrew Bartlett at 2017-09-07T06:56:27+02:00
repl_meta_data: Re-work printing of replicated entries
This re-work of our LDIF printing avoids some of the privacy issue from
printing the full LDIF at level 4, while showing the entry that actually fails.
Instead, we print the DN only at level 4, then the full message at 8.
While all of the DRS replication data is potentially sensitive
the passwords are most sensitive, and are now not printed unencrypted.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
4a5c2bfe by Andrew Bartlett at 2017-09-07T06:56:27+02:00
Use the rpc_parse debug class for PIDL genrated code
This means that the default print binding string qualifier will now go via this debug class
as will explicit calls to ndr_print_debug() and ndr_print_union_debug().
Calls to ndr_print_debugc() are not changed.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
51289a6f by Andrew Bartlett at 2017-09-07T06:56:27+02:00
debug: Add new debug class "drs_repl" for DRS replication processing
This is used in the client and in the server
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
dc48fa98 by Andrew Bartlett at 2017-09-07T06:56:27+02:00
drs repl: Only print raw DRS replication traffic at level 9
This can be sensitive even with the passwords still encrypted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8d8d31eb by Andrew Bartlett at 2017-09-07T06:56:27+02:00
dsdb: Add missing \n to debug
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
544084d4 by Andrew Bartlett at 2017-09-07T06:56:27+02:00
libcli/security: Move debug message to DBG_DEBUG()
This message shows up a lot at level 6 for no particularly good reason
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
cbb3dcf2 by Andrew Bartlett at 2017-09-07T06:56:27+02:00
librpc/dceprc_util.c: Move debug message to DBG_DEBUG()
This message shows up a lot (every packet) at level 6 for the succesful case
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c938f61d by Andrew Bartlett at 2017-09-07T10:43:33+02:00
python: Allow debug classes to be specified on the command line for python tools
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Sep 7 10:43:33 CEST 2017 on sn-devel-144
- - - - -
47b4fcab by Sachin Prabhu via samba-technical at 2017-09-08T02:33:14+02:00
s3-lib: Fix error mapping for EROFS
EROFS is incorrectly mapped to NT_STATUS_ACCESS_DENIED. This should
instead be mapped to NT_STATUS_MEDIA_WRITE_PROTECTED.
This change has already been done for the client in
unix_nt_errmap in libcli/util/errmap_unix.c
commit 9d055846f225 ("r3278: - rewrote the client side rpc...)")
SMB1 specs for SMB_COM_DELETE also specifies this mapping for EROFS
https://msdn.microsoft.com/en-us/library/ee441772.aspx
RH bz: 1171705
This problem was reported by Red Hat glusterfs QE who encountered
different errors when performing the same operation on a fuse mount and
on a cifs mount of the same underlying gluster filesystem.
Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: Gunther Deschner <gdeschne at redhat.com>
Reported-by: Surabhi Bhalothia <sbhaloth at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
13971ba0 by Justin Maggard via samba-technical at 2017-09-08T06:26:52+02:00
smbd: add missing newline to debug message in daemon_status()
Signed-off-by: Justin Maggard <jmaggard at netgear.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Sep 8 06:26:52 CEST 2017 on sn-devel-144
- - - - -
4591a91c by Ralph Boehme at 2017-09-09T01:07:17+02:00
vfs/nfs4_acls: move special handling of SMB_ACE4_SYNCHRONIZE to vfs_zfsacl
Commit 99a74ff5e6a9f87ad7a650cb44e0f925f834b3a1 added special handling
of SMB_ACE4_SYNCHRONIZE, always setting it in the access_mask when
fabricating an ACL. While at the same time removing it from the
access_mask when setting an ACL, but this is done direclty in
vfs_zfsacl, not it the common code.
Forcing SMB_ACE4_SYNCHRONIZE to be always set is only needed on ZFS, the
other VFS modules using the common NFSv4 infrastructure should not be
made victims of the special ZFS behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7909
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a6657285 by Ralph Boehme at 2017-09-09T01:07:18+02:00
vfs_zfsacl: pass smb_fname to zfs_get_nt_acl_common
This is in preperation of moving SMB_ACE4_ADD_FILE /
SMB_ACE4_DELETE_CHILD mapping from the common NFSv4 framework into this
module excusively.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bdc7fc62 by Ralph Boehme at 2017-09-09T01:07:18+02:00
vfs_zfsacl: ensure zfs_get_nt_acl_common() has access to stat info
We'll need this in the next commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
41026975 by Ralph Boehme at 2017-09-09T04:59:51+02:00
s3/vfs: move ACE4_ADD_FILE/ACE4_DELETE_CHILD mapping from NFSv4 framework to vfs_zfsacl
This was added in e6a5f11865a55e9644292ae92e4a4b5ec0662ccd to adopt the
NFSv4 framework to follow ZFS permission rules. But this is the wrong
place, other filesystems like GPFS do not allow deletion when the user
has SEC_DIR_ADD_FILE.
This patch therefor moves the change from the NFS4 framework into the
ZFS module.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Sep 9 04:59:51 CEST 2017 on sn-devel-144
- - - - -
eb16d4a6 by Amitay Isaacs at 2017-09-09T10:53:10+02:00
ctdb-tools: Use ssize_t instead of int for checking the status of read()
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
83039d6a by Amitay Isaacs at 2017-09-09T10:53:10+02:00
ctdb-tools: Fix CID 1414746
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
d0a20baf by Amitay Isaacs at 2017-09-09T10:53:10+02:00
ctdb-daemon: Fix implementation of process_exists control
Only check processes that are CTDB clients.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
7dec80a7 by Amitay Isaacs at 2017-09-09T10:53:10+02:00
ctdb-tests: Fix the implementation of process-exists in fake daemon
Keep track of clients and their pids.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
3067db5b by Amitay Isaacs at 2017-09-09T10:53:10+02:00
ctdb-tests: Add a dummy ctdb client for testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
87f7d32a by Amitay Isaacs at 2017-09-09T14:44:57+02:00
ctdb-tests: Fix ctdb process-exist tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Sat Sep 9 14:44:57 CEST 2017 on sn-devel-144
- - - - -
7e0b2af4 by Ralph Boehme at 2017-09-12T02:45:46+02:00
s3/smbd: sticky write time offset miscalculation causes broken timestamps
The offset calculation for the offset that got passed to
fetch_write_time_send() in the enumeration loop was wrong as it passed
the offset before smbd_dirptr_lanman2_entry() added required padding.
This resulted in broken timestamps in the find response.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13024
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Sep 12 02:45:46 CEST 2017 on sn-devel-144
- - - - -
bd67fab6 by Rowland Penny at 2017-09-12T02:46:14+02:00
packaging: Remove RHEL-CTDB directory and contents
Signed-off-by: Rowland Penny <rpenny at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
ce61ce76 by Rowland Penny at 2017-09-12T02:46:14+02:00
packaging: Remove RHEL directory and contents
Signed-off-by: Rowland Penny <rpenny at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
54e6f158 by Rowland Penny at 2017-09-12T06:46:35+02:00
packaging: Remove Solaris directory and contents
Signed-off-by: Rowland Penny <rpenny at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Sep 12 06:46:35 CEST 2017 on sn-devel-144
- - - - -
1a7c0f77 by Jeremy Allison at 2017-09-12T06:47:21+02:00
s3: VFS: streams_xattr: Compression is only set/get on base filenames.
Can be ignored (pass-through) in streams_xattr VFS module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13003
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3ff1b83a by Jeremy Allison at 2017-09-12T10:50:57+02:00
s3: vfs: catia: compression get/set must act only on base file, and must cope with fsp==NULL.
Correctly do filename conversion.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13003
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Sep 12 10:50:57 CEST 2017 on sn-devel-144
- - - - -
ff75f083 by Martin Schwenke at 2017-09-12T12:23:18+02:00
ctdb-tests: Wait up to 30 seconds for process to be registered in ctdbd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
This avoids a potential race where the client is not properly
registered before "ctdb process-exists" is called.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
96aef237 by Amitay Isaacs at 2017-09-12T12:23:18+02:00
ctdb-tests: Fix ctdb test binary name in path testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
5d2f2677 by Amitay Isaacs at 2017-09-12T12:23:18+02:00
ctdb-daemon: Add a function to check if db access is allowed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13021
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
f57d3794 by Amitay Isaacs at 2017-09-12T12:23:18+02:00
ctdb-daemon: GET_DB_SEQNUM should read database conditionally
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13021
Once the recovery starts and databases are frozen, then all the record
access is postponed till the recovery is complete except reading the
database sequence number. Database access for reading sequence number
is done via a control which does not check if the databases are frozen
or not.
If the database is frozen and if the freeze transaction is not started
(this can happen when a node is inactive, or during recovery when the
database is frozen but the transaction has not yet started), then trying
to read sequence number will cause ctdb daemon to deadlock.
Before reading the sequence number, check if the database access is
allowed.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
6e588913 by Amitay Isaacs at 2017-09-12T12:23:19+02:00
ctdb-recoverd: Abort recovery/takeover if recmaster changes
Recovery and takeover are run via helper from recovery daemon. While the
helpers are running, it's possible for the current node to lose election.
If that happens, abort the currently running recovery/takeover helper.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
bff8d410 by Martin Schwenke at 2017-09-12T12:23:19+02:00
ctdb-daemon: Don't release all IPs before "startup" event
This doesn't belong in the monitoring/startup code and it is already
done in the 10.interface "init" event.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
ff635f90 by Martin Schwenke at 2017-09-12T12:23:19+02:00
ctdb-scripts: Clean up ctdb_check_unix_socket()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
1aff2f87 by Martin Schwenke at 2017-09-12T12:23:19+02:00
ctdb-scripts: Switch ctdb_check_unix_socket() to use ss
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
1eec073e by Martin Schwenke at 2017-09-12T12:23:19+02:00
ctdb-tests: Enhance ss stub to check for listening Unix domain sockets
Generalise command-line parsing, taking hints from old netstat stub,
and use FAKE_NETSTAT_UNIX_LISTEN to specify listening Unix domain
sockets.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
8d9a050a by Martin Schwenke at 2017-09-12T16:14:12+02:00
ctdb-tests: Add 31.clamd eventscript unit tests
These test that ctdb_check_unix_socket() is working.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Sep 12 16:14:12 CEST 2017 on sn-devel-144
- - - - -
1b6aa39f by Christof Schmitt at 2017-09-14T10:58:12+02:00
vfs_streams_xattr: Fix segfault when running with log level 10
This happens when vfs_streams_xattr is loaded, log level is set to 10
and the default stream of a file or directory is accessed. In that case
streams_xattr_open does not allocate the stream_io fsp extension. The
DBG_DEBUG message in streams_xattr_fstat tries to access the stream_io
before checking for a NULL value, resulting in the crash. Fix this by
moving the debug message after the check for a NULL pointer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13032
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Sep 14 10:58:12 CEST 2017 on sn-devel-144
- - - - -
f0a90a12 by Jeremy Allison at 2017-09-14T14:48:19+02:00
libcli: SMB2: NetApps negotiate SMB3_11 but also set the SMB2_CAP_ENCRYPTION flag.
This is a SHOULD not, not a MUST not.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13009
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Steve French <sfrench at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Sep 14 14:48:20 CEST 2017 on sn-devel-144
- - - - -
77c17b03 by Amitay Isaacs at 2017-09-14T14:49:15+02:00
ctdb-daemon: Free up record data if a call request is deferred
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13029
If a call request for a key (migration request) is in flight, then all
the subsequent call requests for the same key are deferred. In that case,
the data corresponding to key read from the local tdb is useless and there
is no need to keep it around. Once the deferred call is reprocessed,
the data corresponding to that key will be fetched again.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
a878171c by Amitay Isaacs at 2017-09-14T14:49:15+02:00
ctdb-client: Initialize ctdb_ltdb_header completely for empty record
ctdb_ltdb_fetch() only fills in relevant portion of ctdb_ltdb_header
if the record does not exist. This can result in uninitialized writes
to ctdb_rec_buffer.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
5a782a24 by Martin Schwenke at 2017-09-14T14:49:15+02:00
ctdb-tests: Drop unused monitoring status support
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
873db694 by Martin Schwenke at 2017-09-14T14:49:15+02:00
ctdb-daemon: Skip monitoring when node is inactive
This is currently handled by explicitly disabling monitoring in
various places. However, those places shouldn't need to know about
monitoring but it is OK for monitoring to know about global node
states.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
12cf6640 by Martin Schwenke at 2017-09-14T14:49:15+02:00
ctdb-daemon: Skip monitoring when not in RUNNING runstate
Monitoring does not need to be done in other states.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
173aa683 by Martin Schwenke at 2017-09-14T14:49:15+02:00
ctdb-daemon: Don't explicitly disable monitoring when stopping a node
Monitoring is now avoided for inactive nodes anyway.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4656b081 by Martin Schwenke at 2017-09-14T14:49:15+02:00
ctdb-daemon: Don't explicitly disable monitoring around recovery
Monitoring can fail during recovery due to databases (e.g. registry)
being unavailable. This has been avoided by explicitly disabling
monitoring around recovery via the START_RECOVERY and END_RECOVERY
controls. With this approach only there is still a window between
enabling recovery mode and START_RECOVERY when monitoring could be
attempted. However, explicitly disabling monitoring is unnecessary
because monitoring is not done when a node is in recovery.
So remove the explicit disable/enable of monitoring and rely on
monitoring being skipped when recovery mode is active.
The only possible change of behaviour with this change is that there
is now a window between setting recovery mode to normal and the
END_RECOVERY control where monitoring is enabled. However, at this
point databases would be available and the "recovered" event will
cancel any in-progress monitoring.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
19318d28 by Martin Schwenke at 2017-09-14T14:49:15+02:00
ctdb-daemon: Don't explicitly stop monitoring during shutdown
Monitoring is skipped when not in run state RUNNING, so remove the
dependency on the monitoring code.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
53ae91a4 by Martin Schwenke at 2017-09-14T14:49:15+02:00
ctdb-tools: Drop monitoring-related ctdb commands
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4b016219 by Martin Schwenke at 2017-09-14T14:49:15+02:00
ctdb-docs: Drop mention of unimplemented commands
Some of these are only in a comment but git grep finds them.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
74f29a48 by Martin Schwenke at 2017-09-14T14:49:15+02:00
ctdb-daemon: Mark monitoring controls obsolete
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b00e3605 by Martin Schwenke at 2017-09-14T14:49:16+02:00
ctdb-daemon: Drop implementation of monitor controls
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
690e3e13 by Martin Schwenke at 2017-09-14T14:49:16+02:00
ctdb-tests: Drop implementation of monitor controls
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
64225c63 by Martin Schwenke at 2017-09-14T14:49:16+02:00
ctdb-daemon: Drop monitoring mode
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b1191042 by Martin Schwenke at 2017-09-14T14:49:16+02:00
ctdb-daemon: Remove unused function ctdb_stop_monitoring()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
98f5f112 by Martin Schwenke at 2017-09-14T14:49:16+02:00
ctdb-client: Drop old client code for monitor controls
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
28eda778 by Martin Schwenke at 2017-09-14T14:49:16+02:00
ctdb-client: Drop client code for monitor controls
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a808c020 by Martin Schwenke at 2017-09-14T18:42:28+02:00
ctdb-protocol: Drop marshalling for monitor controls
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Thu Sep 14 18:42:28 CEST 2017 on sn-devel-144
- - - - -
51be2752 by Andrew Bartlett at 2017-09-14T18:43:16+02:00
selftest: Check re-opening sam.ldb corrects the @ATTRIBUTES and @INDEXLIST
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
5d9bb80a by Andrew Bartlett at 2017-09-14T18:43:16+02:00
schema: Rework dsdb_schema_set_indices_and_attributes() db operations
Commit ec9b1e881c3eef503d6b4b311594113acf7d47d8 did not fully fix this.
There is no value in using dsdb_replace(), we are under the read lock
and replace just confuses things further.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13025
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
b0f22f26 by Andrew Bartlett at 2017-09-14T18:43:16+02:00
selftest: reindex in dbcheck-oldrelease after modifying the backend DB
Modifying the backend DB is not a supported operation, but helps us create test
situations.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
24600e8e by Andrew Bartlett at 2017-09-14T18:43:16+02:00
repl_meta_data: Show failing replicated entry in error code
This re-work of our LDIF printing avoids some of the privacy issue from
printing the full LDIF at level 4, while showing the entry that actually fails.
Instead, with e3988f8f74f4a11e8f26a548e0a33d20f4e863f7 we now print the DN
only at level 4, then the full message at 8.
With this patch on failure, we print the redacted failing message at 5.
While all of the DRS replication data is potentially sensitive
the passwords are most sensitive, and are now not printed unencrypted.
This discourages users from sending the full failing trace, as the
last entry is much more likely the issue.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
9516d422 by Andrew Bartlett at 2017-09-14T18:43:16+02:00
s4-provision: Ensure the dummy main-domain DB used for DLZ has an @INDEXLIST
The other databases are created from copies of the main provision, but this one
is not, so did not previously get a valid @INDEXLIST.
This is important as otherwise we will not correctly notice support for
the GUID index or new DSDB features in @SAMBA_DSDB as this is gated
on seeing @SAMBA_FEATURES_SUPPORTED in @INDEXLIST.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
3f0938b9 by Alexander Bokovoy at 2017-09-14T22:29:39+02:00
Install dcerpc/__init__.py for all Python environments
Also fix whitespace. We use tabs, not spaces in Python/waf code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13030
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Sep 14 22:29:39 CEST 2017 on sn-devel-144
- - - - -
c18ecdec by Stefan Metzmacher at 2017-09-14T22:30:20+02:00
charset/tests: assert the exact values of str[n]casecmp_m()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13018
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2a3d4fe0 by Stefan Metzmacher at 2017-09-14T22:30:20+02:00
charset/tests: add more str[n]casecmp_m() tests to demonstrate the bug
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13018
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9d99b640 by Stefan Metzmacher at 2017-09-14T22:30:20+02:00
charset/tests: also tests the system str[n]casecmp()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13018
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3ed9c903 by Stefan Metzmacher at 2017-09-15T02:23:29+02:00
charset: fix str[n]casecmp_m() by comparing lower case values
The commits c615ebed6e3d273a682806b952d543e834e5630d^..f19ab5d334e3fb15761fb009e5de876dfc6ea785
replaced Str[n]CaseCmp() by str[n]casecmp_m().
The logic we had in str[n]casecmp_w() used to compare
the upper cased as well as the lower cased versions of the
characters and returned the difference between the lower cased versions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13018
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Sep 15 02:23:29 CEST 2017 on sn-devel-144
- - - - -
240e4336 by Tim Beale at 2017-09-15T06:18:12+02:00
getncchanges.c: Rename anc_cache to obj_cache
When we add GET_TGT support we will reuse the ancestor cache and it
should work the same way - if we've already sent an object because it
was needed for resolving a child object or a link target, then there's
no point sending it again.
This just renames anc_cache --> obj_cache.
An extra is_get_anc flag has been added to getnc_state - once GET_TGT
support is added, we can't assume GET_ANC based solely on the existence
of the obj_cache.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
46b3aab5 by Tim Beale at 2017-09-15T06:18:12+02:00
getncchanges.c: Split sorting linked attributes into separate function
Longer-term we want to split up the links so that they're sent over
multiple GetNCChanges response messages. So it makes sense to split this
code out into its own function. In the short-term, this removes some of
the complexity from dcesrv_drsuapi_DsGetNCChanges() so that the function
is not quite so big.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2abdd09a by Tim Beale at 2017-09-15T06:18:12+02:00
getncchanges.c: Split GET_ANC block out into its own function
When we add GET_TGT support, it's going to need to reuse all this code
(i.e. to add any ancestors of the link target). This also trims down
the rather large dcesrv_drsuapi_DsGetNCChanges() function a bit.
Note also fixed a compiler warning in the WERR_DS_DRA_INCONSISTENT_DIT
error block which may have caused issues previously (statement was
terminated by a ',' rather than a ';').
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
4057438e by Tim Beale at 2017-09-15T06:18:12+02:00
getncchanges.c: Add ancestor links when the object normally gets sent
Currently we add links each time we send an object, but we don't
actually send these links until the end of the replication cycle.
In subsequent patches we want the links to be sent in the same chunk as
their source object, ideally in as close to USN order as possible.
Processing ancestors complicates this a bit, as the ancestor will have a
higher USN than what we're currently up to, and so potentially will the
ancestor's links.
This patch moves where the ancestor's links get added to the
getnc_state->la_list. The ancestor's links now get added when the object
would normally get sent based purely on its USN (we update the highwater
mark at this point too).
This should not affect functionality, i.e. because we send all the links
at the end, it should make no difference at what point they get added to
the list.
This duplicates a tiny bit of code, but this will be cleaned up in the
next patch.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f77d55f1 by Tim Beale at 2017-09-15T06:18:12+02:00
getncchanges.c: Refactor how we add ancestor links
If the current object had already been sent as an ancestor, we were
duplicating the code that added its links and updated the HWM mark.
We want these to occur when we reach the place where the object's USN
naturally occurs.
Instead of duplicating this code, we can just skip the call to
get_nc_changes_build_object() if the object has already been sent.
There is already an existing 'nothing to send'/continue case after we've
updated the highwater mark.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
63818f02 by Tim Beale at 2017-09-15T06:18:12+02:00
getncchanges.c: Refactor how objects get added to the response
Adding GET_TGT support is going to make things more complicated, and I
think we are going to struggle to do this without refactoring things a
bit.
This patch adds a helper struct to store state related to a single
GetNCChanges chunk. I plan to add to this with things like max_links,
max_objects, etc, which will cutdown on the number of variables/
parameters we pass around.
I found the double-pointer logic where we add objects to the response
confusing - hopefully this refactor simplifies things slightly, and it
allows us to reuse the code for the GET_TGT case.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
b4b843b7 by Tim Beale at 2017-09-15T06:18:12+02:00
getncchanges.c: Replace hard-coded numbers with a define
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
85898a6e by Tim Beale at 2017-09-15T06:18:12+02:00
getncchanges.c: Remove a really old TODO
This TODO was added in 2009 (before Samba supported linked_attributes
in getNCChanges())
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
1d70375a by Tim Beale at 2017-09-15T06:18:13+02:00
getncchanges.c: Remove unused ncRoot_dn parameter
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
ec8a7fa2 by Tim Beale at 2017-09-15T06:18:13+02:00
getncchanges.c: Reduce the parameters to get_nc_changes_build_object()
Fifteen parameters seems a bit excessive. Instead, pass it the structs
containing the information it cares about.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3a8dfcc6 by Tim Beale at 2017-09-15T06:18:13+02:00
getncchanges.c: Split out code to get an object for a response
Basically, everytime we try to add an object to the response, we want
to:
- Build it (i.e. pack it into an RPC message format)
- Add it to our object-cache if we're keeping one
- Add any ancestors needed for the client to resolve it (if GET_ANC)
GET_TGT is going to use the exact same code, so split this out into a
separate function, rather than duplicating it.
The GET_ANC case also uses almost identical code, but it differs in a
couple of minor aspects. I've left this as is for now, as I'm not sure
if this is by accident or by design.
Because all the memory was talloc'd off the 'obj' variable, we now need
to replace it with a tmp TALLOC_CTX.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c15c5381 by Tim Beale at 2017-09-15T06:18:13+02:00
getnchanges.c: Avoid unnecessary continue
There's not really much after the continue that we're skipping now. We
can just flip the logic and avoid the continue.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
e115a423 by Tim Beale at 2017-09-15T10:07:33+02:00
getncchanges.c: Send linked attributes in each chunk
Instead of sending all the linked attributes at the end, add a
configurable option to send the links in each replication chunk.
The benefits of this approach are:
- it can reduce memory overhead, as we don't have to keep all the links
in memory over the entire replication cycle.
- the client should never end up knowing about objects but not their
links. (Although we're not sure that this has actually resulted in
replication problems, i.e. missing links).
Note that until we support GET_TGT, this approach can mean we now send
a link where the client doesn't know about the target object, causing
the client to siliently drop that linked attribute. Hence, this option
is switched off by default.
Implementation-wise, this code works fairly the same as before. Instead
of sorting the entire getnc_state->la_sorted array at the end and then
splitting it up over chunks, we now split the links up over chunks and
then sort them when we copy them into the message. This should be OK, as
I believe the MS-DRSR Doc says the links in the message should be sorted
(rather than sorting *all* the links overall). Windows behaviour seems
to chunk the links based on USN and then sort them.
getnc_state->la_idx now tracks which links in getnc_state->la_list[]
have already been sent (instead of tracking getnc_state->la_sorted).
This means the la_sorted array no longer needs to be stored in
getnc_state and we can free the array's memory once we've copied the
links into the message. Unfortunately, the link_given/link_total debug
no longer reports the correct information, so I've moved these into
getncchanges_state struct (and now free the struct a bit later so it's
safe to reference in the debug).
The vampire_dc testenv has been updated to use this new behaviour.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Fri Sep 15 10:07:33 CEST 2017 on sn-devel-144
- - - - -
2bf9b5e1 by Andreas Schneider at 2017-09-16T00:57:24+02:00
wafsamba: Do not chmod already existing dirs on install
This might break backward compatibility.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4880e8a7 by Andreas Schneider at 2017-09-16T00:57:24+02:00
samba:provision: Give a hint to copy the krb5.conf and not symlink it
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1c29a8b3 by Andreas Schneider at 2017-09-16T00:57:24+02:00
dynconfig: Fix location of the default 'binddns dir'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bf64939d by Andreas Schneider at 2017-09-16T00:57:24+02:00
s4:bind_dlz: Try the 'binddns dir' first
The directory is normally empty if you did not provision or call
samba_upgradedns for the bind_dlz module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
591b086b by Andreas Schneider at 2017-09-16T00:57:24+02:00
python:provision: Change the group of the 'binddns dir' too
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ffb7d6b5 by Andreas Schneider at 2017-09-16T00:57:24+02:00
python:provision: Do not change the owner of the sam.ldb.d dir
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
aef2b915 by Andreas Schneider at 2017-09-16T00:57:24+02:00
samba_upgradedns: Change the group of the 'binddns dir' too
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8cf5c5f0 by Andreas Schneider at 2017-09-16T00:57:25+02:00
samba_upgradedns: Print better hints after we migrated the config
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
05169a60 by Andreas Schneider at 2017-09-16T00:57:25+02:00
samba_upgradedns: When we setup the internal dns cleanup bind-dns dir
Make sure to remove everything from the bind-dns directory to avoid
possible security issues with the named group having write access to all
AD partions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e5a2e629 by Andreas Schneider at 2017-09-16T04:47:29+02:00
wafsamba: We need to honor DESTDIR in INSTALL_DIR
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Sep 16 04:47:29 CEST 2017 on sn-devel-144
- - - - -
2a003b1a by Jeremy Allison at 2017-09-16T08:35:39+02:00
lib: tevent: Remove select backend.
select() is no longer useful on modern systems.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Sat Sep 16 08:35:39 CEST 2017 on sn-devel-144
- - - - -
d1d298bb by Volker Lendecke at 2017-09-16T08:36:16+02:00
lib: util_tdb.h needs tdb.h
It uses TDB_DATA
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
43c104a8 by Volker Lendecke at 2017-09-16T08:36:16+02:00
s3: Avoid netlogon_creds_cli.h in includes.h
There's no point recompiling all of source3 if netlogon_creds_cli.h is changed
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2968bfdd by Volker Lendecke at 2017-09-16T08:36:17+02:00
netlogon_creds_cli: Add "dns_domain" to netlogon_creds_cli_context
Used later for creating schannel cli_credentials
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
849e63ff by Volker Lendecke at 2017-09-16T08:36:17+02:00
netlogon_creds_cli: Pass "server_dns_domain" through netlogon_creds_cli_context_global
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9dd0b7fb by Volker Lendecke at 2017-09-16T08:36:17+02:00
cli_netlogon: Pass server_dns_domain through rpccli_create_netlogon_creds
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a6ad0da2 by Volker Lendecke at 2017-09-16T08:36:17+02:00
libnet: Use rpccli_create_netlogon_creds_with_creds in join_unsecure
rpccli_create_netlogon_creds_with_creds just extracts the values we set here
from cli_credentials, and the lower-level interface is supposed to go away.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fe3dfd9a by Volker Lendecke at 2017-09-16T08:36:17+02:00
cli_netlogon: Make rpccli_create_netlogon_creds static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
696a387d by Volker Lendecke at 2017-09-16T08:36:17+02:00
libnet: Use rpccli_setup_netlogon_creds_with_creds in join_unsecure
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
db92fd6a by Volker Lendecke at 2017-09-16T08:36:17+02:00
cli_netlogon: Make rpccli_setup_netlogon_creds static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7a3d1b5a by Volker Lendecke at 2017-09-16T08:36:17+02:00
cli_netlogon: Rename rpccli_create_netlogon_creds_with_creds
This creates a context with access to a credentials, not credentials
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b62bba83 by Volker Lendecke at 2017-09-16T08:36:17+02:00
cli_netlogon: Eliminate rpccli_setup_netlogon_creds_with_creds
Inlining the code from rpccli_setup_netlogon_creds
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3101ac93 by Volker Lendecke at 2017-09-16T08:36:17+02:00
netlogon_creds_cli: Avoid a static const struct
Same number of .text bytes, but simpler code.
Yes, this is {{0}} instead of {0}, which I always promote. I've just read a
comment on stackoverflow (which I've unfortunately just closed the tab for :-()
that {{0}} might actually be the correct way to init a struct to zero if the
first struct element is again a struct. I'm lost. 25 years of C coding and I
have no clue of the language :-(
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
47557ac9 by Volker Lendecke at 2017-09-16T08:36:17+02:00
netlogon_creds_cli: Remove an obsolete comment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1de1fd86 by Volker Lendecke at 2017-09-16T08:36:17+02:00
netlogon_creds_cli: A netlogon_creds_cli_context needs a msg_ctx
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2591e320 by Volker Lendecke at 2017-09-16T08:36:17+02:00
rpc_client3: Fix a debug message
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f08a04c1 by Volker Lendecke at 2017-09-16T08:36:17+02:00
netlogon_creds_cli: Simplify netlogon_creds_cli_context_common
printf knows to only print part of a string. No need to talloc_strdup.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7f09c086 by Volker Lendecke at 2017-09-16T08:36:17+02:00
netlogon_creds_cli: Simplify netlogon_creds_cli_context_common
IMHO a full talloc_stackframe is overkill for the one allocation that is left
here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6344570a by Volker Lendecke at 2017-09-16T08:36:18+02:00
netlogon_creds_cli: Simplify netlogon_creds_cli_context_global
(require_sign_or_seal == false) looks odd :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6222cd71 by Volker Lendecke at 2017-09-16T08:36:18+02:00
netlogon_creds_cli: Use data_blob_cmp in netlogon_creds_cli_validate
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aea214fc by Volker Lendecke at 2017-09-16T08:36:18+02:00
notifyd: Clarify a comment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
602ec888 by Volker Lendecke at 2017-09-16T08:36:18+02:00
libcli: Apply some const
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
adf46ff0 by Volker Lendecke at 2017-09-16T12:28:17+02:00
cli_credentials: Apply some const
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Sep 16 12:28:17 CEST 2017 on sn-devel-144
- - - - -
28edf701 by Gary Lockyer at 2017-09-16T19:53:22+02:00
tests util/tfork: Tests for status and event fd
Add tests to ensure that:
- The event_fd becomes readable once the worker process has terminated
- That the event_fd is not closed by the tfork code.
- If this is done in tevent code and the event fde has not been
freed, "Bad talloc magic value - " errors can result.
- That the status call does not block if the parent process launches
more than one child process.
- The status file descriptor for a child is passed to the
subsequent children. These processes hold the FD open, so that
closing the fd does not make the read end go readable, and the
process calling status blocks.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13037
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f6a40ff2 by Gary Lockyer at 2017-09-16T19:53:23+02:00
util/tfork: Write to the status pipe
The previous design relied on only calling close() of the status pipe.
We now write a single 0 byte to the status FD as well as closing it in the
parent process. Both of these operations typically trigger a read
event on the other end of the FD, held in the waiter process (the child).
The child process blocks on the status FD, until it becomes readable.
However if there is a sibling process that was launched after the waiter
process they also will hold the status FD open and the status FD would,
until this change, never become readable to the waiter process (the child).
This caused the waiter process (child) not to exit and the parent process
to hang in tfork_status() while expecting the waitpid() to return.
That is, file descriptors are essentially global variables copied
to children in the process tree. The last child that (unwittingly) holds
the file descriptor open is the one that needs to trigger the close() this
code previously depended on.
Without this change, there is no notification of process death until
all these unrelated children exit for their own reasons.
We can write up to 4K (PIPE_BUF) into this pipe before blocking,
but we only write one byte. Additionally sys_write() refuses to block.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13037
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6c36ea07 by Ralph Boehme at 2017-09-16T19:53:23+02:00
lib/util: only close the event_fd in tfork if the caller didn't call tfork_event_fd()
Make closing of the event_fd the global responsibility of the
parent process if it called tfork_event_fd().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13037
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
563bbb9c by Gary Lockyer at 2017-09-16T23:50:27+02:00
util_runcmd: Free the fde in event handler.
Free the fde in the event handler to prevent the event triggering again
While not strictly necessary in this case, this code serves as an
example of the usage of tfork.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13037
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Sep 16 23:50:27 CEST 2017 on sn-devel-144
- - - - -
c8e325c7 by Volker Lendecke at 2017-09-17T23:35:51+02:00
winbindd: Remove an obsolete comment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Sun Sep 17 23:35:51 CEST 2017 on sn-devel-144
- - - - -
af38d73b by Gary Lockyer at 2017-09-18T04:39:50+02:00
s4/smbd: set the process group.
Set the process group in the samba daemon, the --no-process-group option
allows this to be disabled. The no-process-group option needs to be
disabled in self test.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Sep 18 04:39:50 CEST 2017 on sn-devel-144
- - - - -
172eedc0 by Tim Beale at 2017-09-18T05:51:24+02:00
getnc_exop.py: Fix GET_TGT behaviour in DRS tests
The existing code never passed the more_flags parameter into the
actual getNCChanges request, i.e. _getnc_req10(). This meant the
existing GET_TGT tests effectively did nothing.
Passing the flag through properly means we have to now change the tests
as the DNs returned by Windows now include any target objects in the
linked attributes. These tests now fail against Samba (because it
doesn't support GET_TGT yet).
Also added comments to the tests to help explain what they are actually
doing.
Note that Samba and Windows can return the objects in different orders,
due to significant differences in their underlying DB implementations
(Windows stores links in a separate DB, so sends links ordered strictly
by USN, whereas Samba sends links based on the USN of the source
object). To make the test a fair comparison between Windows and Samba,
we need to use dn_ordered=False.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
af82bdef by Tim Beale at 2017-09-18T05:51:24+02:00
getncchanges.py: Add some GET_TGT test cases
test_repl_get_tgt:
- Adds 2 sets of objects
- Links one set to the other
- Changes the order so the target object comes last in the
replication (which means the client has to use GET_TGT)
- Checks that when GET_TGT is used that we have received all target
objects we need to resolve the linked attibutes
- Checks that we expect to receive the linked attributes *before*
the last chunk is sent (by default, Samba sends all the links at
the end, so this fails)
- Checks that we eventually receive all expected objects, and all
links we receive match what is expected
test_repl_get_tgt_chain:
This adds the linked attributes in a more complicated chain. We add
300 objects, but the links for 100 objects will point to a linked
chain of 200 objects.
This was mainly to determine whether or not Windows follows the
target object (i.e. whether it sends all the links for the target
object as well). It turns out Windows maintains its own linked
attribute DB, so it sends the links based on USN.
Note that the 2 testenvs fail for different reasons. promoted_dc fails
because it is sending all the linked attributes last. vampire_dc fails
because it doesn't support GET_TGT yet, so it sends the link before the
peer knows about the target object.
Note that to test against vampire_dc (rather than the ad_dc_ntvfs DC),
we need to send the GetNCChanges requests to DC2 instead of DC1.
I've left the DC numbering scheme as is, but I've addeed a test_ldb_dc
handle to drs_base.py - it defaults to DC1, but tests can override it
easily and still have everything work.
While running the new tests through autobuild, I noticed an intermittent
LDAP_ENTRY_ALREADY_EXISTS failure in the test setup(). This appears to
be due to a timing issue in the background replication between the
multiple testenvs. Adding some randomness so that the test base OU is
unique seems to avoid the problem.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
6ec9ef2b by Tim Beale at 2017-09-18T05:51:24+02:00
getncchanges.py: Add test for adding links during replication
We have identified a case where the Samba server can send linked
attributes but not the target object. In this case, the Samba DRS client
would hit the "Failed to re-resolve GUID" case in replmd and silently
discard the linked attribute.
However, Samba will resend the linked attribute in the next cycle
(because its USN is still higher than the committed HWM), so it should
recover OK. On older releases, this may have caused problems if the
first error resulting in a hanging link (which might mean the second
time it's processed it still fails to be added).
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
00b20c82 by Tim Beale at 2017-09-18T05:51:24+02:00
getncchanges.py: Add test for GET_ANC and GET_TGT combined
The code has to handle needing GET_ANC and GET_TGT in combination, i.e.
where we fetch the target object for the linked attribute and the target
object's parent is unknown as well. This patch adds a test case to
exercise this code path.
The second part of this test exercises GET_ANC/GET_TGT for an
incremental replication, where the objects are getting filtered by an
uptodateness-vector/HWM.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
469aed08 by Tim Beale at 2017-09-18T05:51:24+02:00
getnc_exop.py: Extend EXOP_REPL_OBJ test case to use GET_TGT
We already check that when we use GET_ANC that we still only receive a
single object when EXOP_REPL_OBJ is used. This extends the test to also
check that only a single object is returned when GET_TGT is used.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
821094d5 by Tim Beale at 2017-09-18T05:51:24+02:00
getncchanges.py: Add tests for object deletion during replication
Add tests that delete the source and target objects for linked
attributes in the middle of a replication cycle.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
ed2fc522 by Tim Beale at 2017-09-18T05:51:24+02:00
drs: Add basic GET_TGT support
This adds basic DRS_GET_TGT support. If the GET_TGT flag is specified
then the server will use the object cache to store the objects it sends
back. If the target object for a linked attribute is not in the cache
(i.e. it has not been sent already), then it is added to the response
message.
Note that large numbers of linked attributes will not be handled well
yet - the server could potentially try to send more than will fit in a
single repsonse message.
Also note that the client can sometimes set the GET_TGT flag even if the
server is still sending the links last. In this case, we know the client
supports GET_TGT so it's safe to send the links interleaved with the
source objects (the alternative of fetching the target objects but not
sending the links until last doesn't really make any sense).
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
96971906 by Tim Beale at 2017-09-18T05:51:24+02:00
getncchanges.py: Add test for replicating reanimated objects
Reading between the lines, this scenario seems to be the main reason
that Microsoft added the GET_TGT flag. MS AD can handle getting links
for unknown targets OK, but if it receives links for a deleted/recycled
target then it would tend to drop the received links. Samba client also
used to drop the links if talking to a Microsoft DC (or a Samba server
with GET_TGT support).
The specific scenario is the client side already knows about a deleted
object. That object is then re-animated and used as the target for a
linked attribute. *Then* the target object gets updated again so it gets
sent in a later replication chunk to the linked attribute, i.e. the
client receives the link before it learns that the target object has
been re-animated.
In this test we're interested in particular at how the client behaves
when it receives a linked attribute for a deleted object. (It *should*
retry with GET_TGT to make sure the target is up-to-date. However, it
was just dropping the linked attribute).
To exercise the client-side, we disable replication, setup the
links/objects on one DC the way we want them, then force a replication
to the second DC. We then check that when we query each DC, they both
tell us about the links/objects we're expecting (i.e. no links got
lost).
Note that this wasn't a problem with older versions of Samba-to-Samba
because sending the links last guaranteed that the target objects were
always up-to-date.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
693e3adc by Tim Beale at 2017-09-18T05:51:24+02:00
getncchanges.py: Add a test for dropped cross-partition links
Samba would drop linked attributes that span partitions if it didn't
know about the target object. This patch adds a test that exposes the
problem.
I've re-used the code from the previous re-animation test to do this.
I've also added a very basic DcConnection helper class that basically
stores the connection state information the drs_base.py uses for
replication. This allows us to switch the DC we want to replicate from
easily. This approach could potentially be retro-fitted to some of the
existing test cases, as it allows us to test both the DRS client code
and server code at the same time.
Note this test case relates to the code change for commit
fae5df891c11f642cb.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
10df9f6b by Tim Beale at 2017-09-18T05:51:25+02:00
getncchanges.py: Add a multi-valued linked attribute test
Add a test where a source object links to multiple different targets.
First we do the replication without GET_TGT and check that the server
can handle sending a chunk containing only links (in the middle of the
replication). Then we repeat the replication forcing GET_TGT to be used.
To avoid having to create 1500 objects/links, I've lowered the 'max
link sync' setting on the vampire_dc testenv to 250.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
7ba10844 by Garming Sam at 2017-09-18T05:51:25+02:00
getncchanges.c: Refactor to track more state using repl_chunk
To prepare GET_TGT to deal with a large number of links better, there
is now a 'repl_chunk' struct to help keep track of all the factors
relating to the current chunk of replication data (i.e. how many
objects/links we can send and how many we've already processed). This
means we can have a consistent way of working out whether the current
chunk is full (whether that be due to objects, links, or just too much
time taken).
This patch should not alter functionality. This is just a refactor to
add the basic framework, which will be used in the next patch.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
278039ff by Tim Beale at 2017-09-18T05:51:25+02:00
getncchanges.c: Support GET_TGT better with large numbers of links
A source object can potentially link to thousands of target objects.
We have to be careful not to overfill the GetNCChanges response message
with more data than it's possible to send. We also don't want the client
to timeout while we're busy checking the linked attributes. The GET_TGT
support added so far is fairly dumb - this patch extends it to better
handle larger numbers of links.
To do so, this extends the repl_chunk usage so that it also works out if
the current chunk is full of links. Now as soon as the chunk is full of
either links or objects, we stop and send it back.
These changes now mean that we need to also check:
- that all the links for the last source object in the previous chunk
have been sent, before we move on and send the next object. This only
takes effect when immediate_link_sync is configured. It also means
that a chunk in the middle of the replication cycle can now contain
only links, and no objects.
- when GET_TGT is used, we only send back the links that we've verified
the target object for. i.e. if we stop checking links because we timed
out, we only send back the links whose targets were checked.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
44ca8416 by Tim Beale at 2017-09-18T05:51:25+02:00
replmd: Allow missing targets if GET_TGT has already been set
While running the selftests, I noticed a case where DC replication
unexpectedly sends a linked attribute for a deleted object (created in
the drs.ridalloc_exop tests). The problem is due to the
msDS-NC-Replica-Locations attribute, which is a (known) one-way link.
Because it is a one-way link, when the test demotes the DC and deletes
the link target, there is no backlink to delete the link from the source
object.
After much debate and head-scratching, we decided that there wasn't an
ideal way to resolve this problem. Any automated intervention could
potentially do the wrong thing, especially if the link spans partitions.
Running dbcheck will find this problem and is able to fix it (providing
the deleted object is still a tombstone). So the recommendation is to
run dbcheck on your DCs every 6 months (or more frequently if using a
lower tombstone lifetime setting).
However, it does highlight a problem with the current GET_TGT
implementation. If the tombstone object had been expunged and you
upgraded to 4.8, then you would be stuck - replication would fail
because the target object can't be resolved, even with GET_TGT, and
dbcheck would not be able to fix the hanging link. The solution is to
not fail the replication for an unknown target if GET_TGT has already
been set (i.e. the dsdb_repl_flags contains
DSDB_REPL_FLAG_TARGETS_UPTODATE).
It's debatable whether we should add a hanging link in this case or
ignore/drop the link. Some cases to consider:
- If you're talking to a DC that still sends all the links last, you
could still get object deletion between processing the source object's
links and sending the target (GET_TGT just restarts the replication
cycle from scratch). Adding a hanging link in this case would be
incorrect and would add spurious information to the DB.
- Suppose there's a bug in Samba that incorrectly results in an object
disappearing. If other DCs then remove any links that pointed to that
object, it makes recovering from the problem harder. However, simply
ignoring the link shouldn't result in data loss, i.e. replication won't
remove the existing link information from other DCs. Data loss in this
case would only occur if a new DC were brought online, or if it were a
new link that was affected.
Based on this, I think ignoring the link does the least harm.
This problem also highlights that we should really be using the same
logic in both the unknown target and the deleted target cases.
Combining the logic and moving it into a common
replmd_allow_missing_target() function fixes the problem. (This also has
the side-effect of fixing another logic flaw - in the deleted object
case we would unnecessarily retry with GET_TGT if the target object was
in another partition. This is pointless work, because GET_TGT won't
resolve the target).
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
3c0d80d0 by Tim Beale at 2017-09-18T05:51:25+02:00
replmd: Avoid duplicated debug/warnings
We display warnings if a target object is missing but it's still OK to
continue the replication. Currently we need to check the target twice -
once to verify it when we first receive it, and once when we actually
commit it (we can't skip the 2nd check altogether because in the join
case, they could occur quite far apart).
One annoying side-effect is we get the same warning message coming out
twice in these special cases.
In the cases where we're checking the dsdb_repl_flags, we can actually
just bypass the verification checks for the target object (if it doesn't
exist we still continue anyway). This may save us a tiny bit of
unnecessary work.
For cross-partition links, we can limit logging these warnings to when
the objects are actually being committed. This avoids spurious warnings
in the join case (i.e. we receive the link before we receive the target
object's partition, but we have received all partitions by the time we
actually commit the objects).
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
46c1f7bd by Tim Beale at 2017-09-18T05:51:25+02:00
getncchanges.c: max_links calculation didn't work well in some cases
The max_links calculation didn't work particularly well if max_links was
set to a value lower than max_objects.
As soon as repl_chunk->object_count exceeded repl_chunk->max_links, the
chunk would be deemed full, even if there was only one link to send (or
even worse, no links to send). For example, if max_objects=100 and
max_links=10, then it would send back chunks of 10 objects (or 9 objects
and 1 link).
I believe the historic reason this logic exists is to avoid overfilling
the response message. It's hard to tell what the appropriate limit would
be because the total message size would depend on how many attributes
each object has.
I couldn't think of logic that would be suitable for all cases. I toyed
with the idea of working out a percentage of how full the message is.
However, adjusting the max_links doesn't really make sense when the
settings are small enough, e.g. max_objects=100 and max_links=100 is
never going to overfill the message, so there's no reason to alter the
values.
In the end I went with:
- If the user is using non-default values, just use those.
- In the default value case, just use the historic calculation
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
1541c50b by Tim Beale at 2017-09-18T09:56:41+02:00
selftest: Add some tests for linked attribute conflicts
Currently we have tests that check we can resolve object conflicts, but
these don't test anything related to conflicting linked attributes.
This patch adds some basic tests that checks that Samba can resolve
conflicting linked attributes.
This highlights some problems with Samba, as the following tests
currently fail:
- test_conflict_single_valued_link: Samba currently can't resolve a
conflicting targets for a single-valued linked attribute - the
replication exits with an error.
- test_link_deletion_conflict: If 2 DCs add the same linked attribute,
currently when they resolve this conflict the RMD_VERSION for the
linked attribute incorrectly gets incremented. This means the version
numbers get out of step and subsequent changes to the linked attribute
can be dropped/ignored.
- test_full_sync_link_conflict: fails for the same reason as above.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming at samba.org>
Autobuild-Date(master): Mon Sep 18 09:56:41 CEST 2017 on sn-devel-144
- - - - -
d0d80597 by Martin Schwenke at 2017-09-19T01:28:13+02:00
Revert "ctdb-daemon: Remove unused function ctdb_stop_monitoring()"
This reverts commit b119104267635d96b1f99a2e98d35438841585bf.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
b0244d46 by Martin Schwenke at 2017-09-19T01:28:13+02:00
Revert "ctdb-daemon: Don't explicitly stop monitoring during shutdown"
This reverts commit 19318d28354190a9cfafa1696e41c90351f85af9.
With this commit, a shutdown that occurs while the startup event is
running can cause an abort because the startup callback will try to
decrease the run state from SHUTDOWN to RUNNING.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
68c3ea77 by Martin Schwenke at 2017-09-19T05:32:22+02:00
selftest: Avoid a build started just before midnight failing
It looks like commit 070f24bc9d2 was incomplete because it doesn't
match on the trailing fullstop and newline.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Sep 19 05:32:22 CEST 2017 on sn-devel-144
- - - - -
2c745cfa by Günther Deschner at 2017-09-19T09:36:40+02:00
s4-torture: move lease break handler outside the lease testsuite.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Pair-Programmed-With: Jose A. Rivera <jarrpa at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Sep 19 09:36:40 CEST 2017 on sn-devel-144
- - - - -
2550a88e by Martin Schwenke at 2017-09-19T13:30:26+02:00
ctdb-build: Fix dependency for ctdbd
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
3783b66f by Martin Schwenke at 2017-09-19T13:30:26+02:00
ctdb-build: Split protocol-util as a separate subsystem
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
3816270c by Martin Schwenke at 2017-09-19T13:30:26+02:00
ctdb-common: Initialise socket addresses before reading into them
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
eb32b8d3 by Martin Schwenke at 2017-09-19T13:30:26+02:00
ctdb-protocol: Add server and client aliases in ctdb_connection
The current code is ambiguous in its use of src and dst. This allows
new code to use server and client for clarity.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
22de111e by Martin Schwenke at 2017-09-19T13:30:26+02:00
ctdb-protocol: Add ctdb_sock_addr_port() and sock_addr_set_port()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
de9f05e8 by Martin Schwenke at 2017-09-19T13:30:26+02:00
ctdb-protocol: Add utility function ctdb_sock_addr_to_buf()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
93668f50 by Martin Schwenke at 2017-09-19T13:30:26+02:00
ctdb-protocol: Optionally print port for address printing functions
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
6f1b1a05 by Martin Schwenke at 2017-09-19T13:30:26+02:00
ctdb-protocol: Add ctdb_sock_addr_from_string()
This and the supporting functions duplicate functionality (parse_ip()
and parse_ip_port()) from common/system_util.c. The old functions
will be removed at a later time.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
28502036 by Martin Schwenke at 2017-09-19T13:30:26+02:00
ctdb-protocol: Factor out static function ctdb_sock_addr_cmp_family()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
ef676d5a by Martin Schwenke at 2017-09-19T13:30:26+02:00
ctdb-protocol: Add ctdb_connection utilities
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
d6f9cd19 by Martin Schwenke at 2017-09-19T13:30:26+02:00
ctdb-protocol: Add new data structure ctdb_connection_list
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
e50cb8cb by Martin Schwenke at 2017-09-19T13:30:26+02:00
ctdb-protocol: Add marshalling for ctdb_connection_list
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
6d9fef46 by Martin Schwenke at 2017-09-19T13:30:27+02:00
ctdb-protocol: Add ctdb_connection_list utilities
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
c355fd97 by Martin Schwenke at 2017-09-19T13:30:27+02:00
ctdb-tools: Use ctdb_connection and ctdb_connection_list structs
Also use new connection and sock addr utilities.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
6ac5cb4e by Martin Schwenke at 2017-09-19T13:30:27+02:00
ctdb-tools: Use db_hash in ctdb_killtcp
One less use of trbt_tree_t. The code is easier to read and is
significantly smaller.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
7a2db541 by Martin Schwenke at 2017-09-19T13:30:27+02:00
ctdb-tools: Drop global variable prog
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
3f78ddde by Martin Schwenke at 2017-09-19T13:30:27+02:00
ctdb-tools: Improve error handling
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
44cdda4e by Martin Schwenke at 2017-09-19T13:30:27+02:00
ctdb-tools: New function ctdb_kill_tcp_init()
This replaces ctdb_killtcp(), which did the initialisation inside a
loop. The new logic is inverted, making it more natural.
The variable containing all the state is called "state" in
anticipation of the next commit that will convert this to a tevent_req
computation. This will mean less churn.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
fd54d478 by Martin Schwenke at 2017-09-19T13:30:27+02:00
ctdb-tools: Rework killtcp logic into a tevent_req-based computation
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
8fb6c1ad by Martin Schwenke at 2017-09-19T13:30:27+02:00
ctdb-tools: Move special case of 0 connections into computation
This avoids other potential users from unnecessarily setting up file
descriptors and such.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
c715da3b by Martin Schwenke at 2017-09-19T13:30:27+02:00
ctdb-tools: Add debug to ctdb_killtcp
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
24996c60 by Martin Schwenke at 2017-09-19T17:31:18+02:00
ctdb-tools: Fix a typo for a talloc context
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Sep 19 17:31:18 CEST 2017 on sn-devel-144
- - - - -
75e88e40 by Andrew Bartlett at 2017-09-20T02:25:30+02:00
ldb_tdb: Map TDB error codes into LDB error codes in ltdb_lock_read()
The ltdb_lock_read() routine did not return an LDB error code, but -1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13033
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
13777d35 by Andrew Bartlett at 2017-09-20T02:25:30+02:00
ldb_tdb: Give a debug message as well as setting the error string if prepare_commit() fails
This is a serious condition, and should be logged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13033
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
22854f9b by Andrew Bartlett at 2017-09-20T02:25:30+02:00
ldb_tdb: Change ltdb_connect() NOT to request a kernel-level read only TDB
We support opening and LDB multiple times in a process, but do not support this in tdb.
As we can open the ldb with different flags, we must ensure a later read-write
open is possible.
Additionally, a read-only TDB will refuse the all-record lock, preventing
the ldb from even loading.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13033
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
f5f3657c by Gary Lockyer at 2017-09-20T02:25:30+02:00
ldb: Add tests for read only behaviour
As the kernel is no longer enforcing the read-only DB
add some tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13033
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
6c28abc2 by Andrew Bartlett at 2017-09-20T02:25:30+02:00
ldb: Release 1.2.3
* Bug #13033 LDB open with LDB_FLG_RDONLY can cause the database
to fail to open
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13033
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c1e41d48 by Andrew Bartlett at 2017-09-20T02:25:30+02:00
samdb: Rework samdb_connect_url() to return LDB error code and an error string
This allows debugging of why the LDB failed to start up.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
dd53be27 by Andrew Bartlett at 2017-09-20T02:25:30+02:00
ldap_server: Plumb ldb error string from a failed connect to ldapsrv_terminate_connection()
However, do not plumb it to the client-seen error string, as it could contain server paths.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
3e1870c2 by Garming Sam at 2017-09-20T06:28:07+02:00
kcc: Remove unused, untested KCC code
This code tries to implement the full KCC algorithm, but never
actually worked correctly.
Removing this doesn't affect the full-mesh KCC. This code only
attempted to calculate a graph using the "proper" algorithm, though it
neglected to write its results back into the database. The full-mesh
calculation occurs elsewhere.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Sep 20 06:28:07 CEST 2017 on sn-devel-144
- - - - -
c1747021 by Andrew Bartlett at 2017-09-20T08:15:21+02:00
s4-dnsserver: Always encode user-supplied names when looking up DNS records
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12994
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
9e9a8d8f by Andrew Bartlett at 2017-09-20T08:15:21+02:00
s4-dnsserver: Check for too many DNS results
If we had this check in when the wildcard DNS tests were written, we would have
noticed that the name needed to be escaped (see previous commit).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12994
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
da575f01 by Andrew Bartlett at 2017-09-20T08:15:22+02:00
selftest: sort dbcheck output to avoid sort order impacting results
The GUID index code will change the returned results order
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
ee4418e7 by Andrew Bartlett at 2017-09-20T12:29:49+02:00
dsdb: Only trigger a re-index once per @INDEXLIST modification
A modify of both @INDEXLIST and @ATTRIBUTES will still trigger two re-index passes
but that is a task for later.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9527
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Sep 20 12:29:49 CEST 2017 on sn-devel-144
- - - - -
ace72741 by Stefan Metzmacher at 2017-09-20T13:04:10+02:00
CVE-2017-12151: s3:libsmb: add cli_state_is_encryption_on() helper function
This allows to check if the current cli_state uses encryption
(either via unix extentions or via SMB3).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3d1c488c by Stefan Metzmacher at 2017-09-20T13:04:10+02:00
CVE-2017-12151: s3:libsmb: make use of cli_state_is_encryption_on()
This will keep enforced encryption across dfs referrals.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
44b47f2b by Stefan Metzmacher at 2017-09-20T13:04:10+02:00
CVE-2017-12150: s3:popt_common: don't turn a guessed username into a specified one
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
52d967e1 by Stefan Metzmacher at 2017-09-20T13:04:10+02:00
CVE-2017-12150: s3:lib: get_cmdline_auth_info_signing_state smb_encrypt SMB_SIGNING_REQUIRED
This is an addition to the fixes for CVE-2015-5296.
It applies to smb2mount -e, smbcacls -e and smbcquotas -e.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9c1ead50 by Stefan Metzmacher at 2017-09-20T13:04:10+02:00
CVE-2017-12150: s3:pylibsmb: make use of SMB_SIGNING_DEFAULT for 'samba.samba3.libsmb_samba_internal'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6ca2cfaf by Stefan Metzmacher at 2017-09-20T13:04:10+02:00
CVE-2017-12150: libgpo: make use of SMB_SIGNING_REQUIRED in gpo_connect_server()
It's important that we use a signed connection to get the GPOs!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7074a1b7 by Stefan Metzmacher at 2017-09-20T13:04:10+02:00
CVE-2017-12150: auth/credentials: cli_credentials_authentication_requested() should check for NTLM_CCACHE/SIGN/SEAL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
22e22d8f by Stefan Metzmacher at 2017-09-20T13:04:10+02:00
CVE-2017-12150: libcli/smb: add smbXcli_conn_signing_mandatory()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
35051a86 by Stefan Metzmacher at 2017-09-20T13:04:10+02:00
CVE-2017-12150: s3:libsmb: only fallback to anonymous if authentication was not requested
With forced encryption or required signing we should also don't fallback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b092ed38 by Jeremy Allison at 2017-09-20T17:06:23+02:00
CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from writing server memory to file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13020
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(master): Wed Sep 20 17:06:23 CEST 2017 on sn-devel-144
- - - - -
2d97c8a4 by Richard Sharpe at 2017-09-20T22:48:15+02:00
Make sure smbtorture tests can run if someone has set their min protocol above NT1.
This code is SMB1 only, and already modifies
maxprotocol, so this change is appropriate.
Signed-off-by: Richard Sharpe <richard.sharpe at primarydata.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fe736f24 by Volker Lendecke at 2017-09-20T22:48:15+02:00
rpcclient: Remove sam_sync related commands
These three commands don't use the netlogon credential chain
correctly. They are missing the netlogon_creds_store after the dcerpc
call, so they destroy the correct use of the netlogon creds.
The only valid server for these calls that I know of would be NT4, and
that should be gone long ago.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4e9877d3 by Volker Lendecke at 2017-09-20T22:48:15+02:00
net: Remove rpc samdump
This uses the NT4 replication commands. Samba does not have a server
for this, no tests, and whoever needs to migrate a native domain can
use an old Samba version
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
adecdad2 by Volker Lendecke at 2017-09-20T22:48:15+02:00
net: Remove rpc vampire from NT4 domains
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
df7e7c65 by Volker Lendecke at 2017-09-20T22:48:15+02:00
net: Remove NT4-based rpc vampire ldif
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
66c608a6 by Volker Lendecke at 2017-09-20T22:48:15+02:00
net: Remove NT4-based vampire keytab
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a2fc00b1 by Volker Lendecke at 2017-09-20T22:48:15+02:00
net: Don't depend on libnet_samsync anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3a06a7a1 by Volker Lendecke at 2017-09-20T22:48:15+02:00
libnet: Remove libnet_samsync
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f0df2426 by Volker Lendecke at 2017-09-20T22:48:15+02:00
WHATSNEW: Mention code removal from "net" and "rpcclient"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
30ffc120 by Volker Lendecke at 2017-09-21T02:49:32+02:00
testsuite: Fix the 32-bit test build
samba_init_module returns 32-bit. For some reason on my
32-bit lxc "return 0" was converted to something but
NT_STATUS_OK, making initialization fail.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Sep 21 02:49:32 CEST 2017 on sn-devel-144
- - - - -
e675f346 by Amitay Isaacs at 2017-09-21T08:53:26+02:00
ctdb-common: Extend srvid_exists() check to support optional private_data
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13042
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
e5b133a1 by Amitay Isaacs at 2017-09-21T08:53:26+02:00
ctdb-protocol: Add new control CTDB_CONTROL_CHECK_PID_SRVID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13042
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
5d12006e by Amitay Isaacs at 2017-09-21T08:53:26+02:00
ctdb-protocol: Add marshalling for struct ctdb_pid_srvid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13042
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
7115378f by Amitay Isaacs at 2017-09-21T08:53:26+02:00
ctdb-protocol: Add marshalling for control CHECK_PID_SRVID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13042
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
02ae3d9f by Amitay Isaacs at 2017-09-21T08:53:26+02:00
ctdb-daemon: Add implementation of control CHECK_PID_SRVID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13042
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
c6a35200 by Amitay Isaacs at 2017-09-21T08:53:26+02:00
ctdb-client: Add client code for control CHECK_PID_SRVID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13042
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
1c472dff by Amitay Isaacs at 2017-09-21T08:53:26+02:00
ctdb-tool: Update process-exists command to pass optional srvid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13042
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
c480cc01 by Amitay Isaacs at 2017-09-21T08:53:26+02:00
ctdb-tests: Reimplement message handlers using srvid abstraction
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13042
This is required for CHECK_PID_SRVID control implementation.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
7d034fe1 by Amitay Isaacs at 2017-09-21T08:53:26+02:00
ctdb-tests: Implement control CHECK_PID_SRVID in fake daemon
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13042
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
503bc399 by Amitay Isaacs at 2017-09-21T12:56:30+02:00
ctdb-tests: Add tests for PID with srvid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13042
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Thu Sep 21 12:56:30 CEST 2017 on sn-devel-144
- - - - -
75c152c0 by Volker Lendecke at 2017-09-22T00:02:29+02:00
auth3: Remove auth_domain
If you're a domain member, use winbind. Auth_domain is from times when we did
not have winbind. It has served its purpose, but we should move on.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Sep 22 00:02:29 CEST 2017 on sn-devel-144
- - - - -
835f5068 by Richard Sharpe at 2017-09-22T05:44:08+02:00
s3: Fix a small spelling mistake in smbcacls.
Signed-off-by: Richard Sharpe <realrichardsharpe at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Sep 22 05:44:09 CEST 2017 on sn-devel-144
- - - - -
cfa2c308 by Christof Schmitt at 2017-09-22T05:45:21+02:00
smbd: Move check for SMB2 compound request to new function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13047
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a2b081e1 by Christof Schmitt at 2017-09-22T05:45:21+02:00
smbd/aio: Do not go async for SMB2 compound requests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13047
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
508aebf4 by Christof Schmitt at 2017-09-22T05:45:21+02:00
torture: Add testcase for compound CREATE-WRITE-CLOSE request
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13047
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3a360f55 by Christof Schmitt at 2017-09-22T09:49:30+02:00
selftest: Also run smbtorture smb2.compound with aio enabled
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13047
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Sep 22 09:49:30 CEST 2017 on sn-devel-144
- - - - -
e342f1f0 by Amitay Isaacs at 2017-09-22T16:59:06+02:00
ctdb-daemon: Check all connections from a process in CHECK_PID_SRVID control
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13042
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
6ed2ed7e by Amitay Isaacs at 2017-09-22T16:59:06+02:00
ctdb-tests: Check all connections from a process in CHECK_PID_SRVID control
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13042
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
90f7e06c by Amitay Isaacs at 2017-09-22T16:59:06+02:00
ctdb-tests: Add support for multiple ctdb connections in dummy_client
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13042
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
4df3dcdd by Amitay Isaacs at 2017-09-22T20:58:46+02:00
ctdb-tests: Add tests for client with multiple connections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13042
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Sep 22 20:58:46 CEST 2017 on sn-devel-144
- - - - -
d8a22884 by Andrew Bartlett at 2017-09-22T21:20:20+02:00
ldb_tdb: Make ldb_match_message() available to ldb_tdb
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
cd8ecb33 by Andrew Bartlett at 2017-09-22T21:20:20+02:00
ldb_tdb: Add helper function ltdb_search_and_return_base()
This avoids an extra DB lookup for the base, when that is the only
record we will return, and avoids going into the index code for
a base search, as that won't work for special DNs once the GUID
index mode is enabled.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
1b310ad9 by Andrew Bartlett at 2017-09-22T21:20:20+02:00
ldb_tdb: provide ldb_key_dn() and ldb_key_msg()
This will in time allow us to generate a TDB key from
the msg, eg from an objectGUID.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
d4c1a600 by Andrew Bartlett at 2017-09-22T21:20:20+02:00
ldb_tdb: Use ltdb_key_msg() in re_index()
This will allow changing to a GUID tdb key in the future
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
6db80958 by Andrew Bartlett at 2017-09-22T21:20:20+02:00
ldb_tdb: Add ltdb_search_key()
This allows us to slowly split out the tdb key in the DB from being the DN
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
dded0159 by Andrew Bartlett at 2017-09-22T21:20:20+02:00
ldb_tdb: Use a more complete error mapping in ltdb_search_key()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
3d952157 by Andrew Bartlett at 2017-09-22T21:20:20+02:00
ldb_tdb: Provide struct ltdb_private to index routines
This will make it easier to switch the GUID index mode on and off
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
26dd6f63 by Andrew Bartlett at 2017-09-22T21:20:20+02:00
ldb_tdb: Add GUID_index_attribute to ltdb_private
This will be used to determine if we are in GUID index mode
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
a44d3aed by Andrew Bartlett at 2017-09-22T21:20:20+02:00
ldb_tdb: Do not allow a modification of the GUID_index_attribute (objectGUID)
This would totally break our index scheme if this could be modified.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
c1740482 by Andrew Bartlett at 2017-09-22T21:20:20+02:00
ldb_tdb: replace strange dn_list_cmp() in index code
This replaces dn_list_cmp() with functions that do not attempt to
to care about string termination. All index values are case sensitive
and correctly length-bound already, even for a DN index
so just use a length check and memcmp()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
367b7ab7 by Andrew Bartlett at 2017-09-22T21:20:20+02:00
ldb_tdb: Move constants into ldb_tdb.h
This helps ensure we keep these all in sync.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
f6e953d3 by Andrew Bartlett at 2017-09-22T21:20:21+02:00
ldb_tdb: Store GUID index values in one packed ldb attribute
This should make them more memory efficient
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
ad26b4e2 by Andrew Bartlett at 2017-09-22T21:20:21+02:00
ldb_tdb: Read GUID index values as one packed LDB attribute
This packing should be more efficient to read than the ldb_pack format.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
91e6028c by Andrew Bartlett at 2017-09-22T21:20:21+02:00
ldb_tdb: Refuse to load a GUID index that is not a multiple of 16 bytes
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
de641db8 by Andrew Bartlett at 2017-09-22T21:20:21+02:00
ldb_tdb: Write GUID index values as version 3
Nothing reads these currently, but we should refuse to load a mixed up index
in the future
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
e8cdacc5 by Andrew Bartlett at 2017-09-22T21:20:21+02:00
ldb_tdb: modify ltdb_delete_noindex() to take a struct ldb_message
This will make it easier to delete records with the GUID TDB key
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
4c01ccb4 by Andrew Bartlett at 2017-09-22T21:20:21+02:00
ldb_tdb: Delete a successful tdb_store on index add fail in ltdb_add_internal()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
9d9ae1c0 by Andrew Bartlett at 2017-09-22T21:20:21+02:00
ldb_tdb: Pass the full ldb_message to ldb index funtions
This allows the objectGUID, rather than the DN, to be the index key
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
b154acb0 by Andrew Bartlett at 2017-09-22T21:20:21+02:00
ldb_tdb: Optionally use a GUID index key in ltdb_dn_list_find_msg()
This function is used to find an existing index value and this
change allows it to find the value by GUID rather than by DN once
the GUID index is enabled.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
754329a9 by Andrew Bartlett at 2017-09-22T21:20:21+02:00
ldb_tdb: Optionally store a GUID as the index record
This allows, when enabled, the index record to contain (say) the objectGUID, not the DN
of the record.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
c24df8e4 by Andrew Bartlett at 2017-09-22T21:20:21+02:00
ldb_tdb: Implement ltdb_search_base() for a GUID index
The GUID index case can not directly use ltdb_key_dn() and tdb_exists() to
show that a records exists.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
b2aff123 by Andrew Bartlett at 2017-09-22T21:20:21+02:00
ldb_tdb: Prepare to handle rename with GUID index by using ltdb_search_base()
This will allow use of a GUID TDB key in the future. While ltdb_search_base()
might be marginally slower than tdb_exists(), no allocation is done for the
attributes or DN, and renmaes are not a very common operation.
This allows a check if the target DN exists even when the direct DN -> key
link is broken.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
98e82113 by Andrew Bartlett at 2017-09-22T21:20:21+02:00
ldb_tdb: Split ltdb_index_onelevel() into a helper function
This will allow the code to be re-used for storing the DN->GUID index
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
ec30439c by Andrew Bartlett at 2017-09-22T21:20:21+02:00
ldb_tdb: Add/remove a GUID index of the DN during ltdb_index_add_all()/ltdb_index_delete()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
06e67c58 by Andrew Bartlett at 2017-09-22T21:20:21+02:00
ldb_tdb: Give LDB_ERR_ENTRY_ALREADY_EXISTS when a duplicate DN index is detected
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
2bac00a7 by Andrew Bartlett at 2017-09-22T21:20:21+02:00
ldb_tdb: Give LDB_ERR_CONSTRAINT_VIOLATION when a duplicate GUID index is detected
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
19ee0438 by Andrew Bartlett at 2017-09-22T21:20:22+02:00
ldb_tdb: Pass ltdb_private to ltdb_dn_list_load()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
3b0698e0 by Andrew Bartlett at 2017-09-22T21:20:22+02:00
ldb_tdb: Do not directly assign DN into the index result list
With the GUID index option, the values in the index result list may
not be a DN but the objectGUID. We look up the @IDXDN index with the
case-folded DN to get that if required.
We re-use the code from the SCOPE_BASE search do avoid duplication
and for reliablity.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8555f6cc by Andrew Bartlett at 2017-09-22T21:20:22+02:00
ldb_tdb: add control points for the new GUID index mode
The @IDXGUID attribute in the @INDEXLIST will be objectGUID
in Samba.
The @IDX_DN_GUID attribute in the @INDEXLIST will be GUID
in Samba.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
aa68957f by Andrew Bartlett at 2017-09-22T21:20:22+02:00
ldb_tdb: Load the syntax of the GUID index attr during ltdb_cache_load()
This allows us to use the ldif_write function later to create a string GUID for the TDB key.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
f26d1a8c by Andrew Bartlett at 2017-09-22T21:20:22+02:00
ldb_tdb: Add a function to take a GUID and make the TDB_DATA key
This allows us to format the TDB key as DN=GUID=f7c953ee-cf9c-433f-b423-21ce04d09591
and so be compatible with an un-indexed search and a re-index with an old ldb.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
ccb94436 by Andrew Bartlett at 2017-09-22T21:20:22+02:00
ldb_tdb: Add a function to get the GUID key for a DN
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
e394b9a8 by Andrew Bartlett at 2017-09-22T21:20:22+02:00
ldb_tdb: Add an index shortcut for a <GUID= DN
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
fb77ad42 by Andrew Bartlett at 2017-09-22T21:20:22+02:00
ldb_tdb: Check version number on index
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
6ad4bdc9 by Andrew Bartlett at 2017-09-22T21:20:22+02:00
ldb_tdb: Add mem_ctx to ltdb_key_dn() and ltdb_key_msg()
This follows modern Samba coding style where memory
returned is allocated on a supplied memory context.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
f253dcf8 by Andrew Bartlett at 2017-09-22T21:20:22+02:00
ldb_tdb: Use ltdb_key_msg() in ltdb_delete_noindex()
This allows the optional use of GUID based TDB key.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
fa44c526 by Andrew Bartlett at 2017-09-22T21:20:22+02:00
ldb_tdb: Use the objectGUID (or similar) as the TDB key in ltdb_key_msg()
When we have the full ldb_message we can read the objectGUID as the TDB key
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
60083821 by Andrew Bartlett at 2017-09-22T21:20:22+02:00
ldb_tdb: Optionally use GUID index in ltdb_search_dn1()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
c4f35462 by Andrew Bartlett at 2017-09-22T21:20:22+02:00
ldb_tdb: Do not query an index on the GUID_index_attribute
The objectGUID (or similar) is already the record key, there is
no need to index it to itself.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
ba762fac by Andrew Bartlett at 2017-09-22T21:20:22+02:00
ldb_tdb: Do not add an index for GUID_index_attribute
This would be pointless and we no longer query for it.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
e4562e58 by Andrew Bartlett at 2017-09-22T21:20:22+02:00
ldb_tdb: Add ltdb_idx_to_key() and use it in ltdb_index_filter()
This will allow a common point to parse index records into a TDB key,
allowing them to be a GUID or DN in the future
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
93b18984 by Andrew Bartlett at 2017-09-22T21:20:22+02:00
ldb_tdb: Trust the BASE and ONELEVEL index
This avoids re-checking the fetched DN against the scope
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
2f8a8c76 by Andrew Bartlett at 2017-09-22T21:20:23+02:00
ldb_tdb: Optionally use GUID index values a direct TDB keys
This connects the GUID based index records to GUID based TDB keys.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
50f36e4f by Andrew Bartlett at 2017-09-22T21:20:23+02:00
ldb_tdb: Read from @INDEXLIST or an override if we are using a GUID index
This allows all the previous patches to be enabled.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
1f42ded4 by Andrew Bartlett at 2017-09-22T21:20:23+02:00
ldb_tdb: Add improved error strings on ltdb_key_dn_from_idx() failure
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
b97d5567 by Andrew Bartlett at 2017-09-22T21:20:23+02:00
ldb_tdb: Improve debugging in ltdb_modify_index_dn() on casefold failure
This is unlikely, but when it happens it will be really painful to debug.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
e16c8aa5 by Andrew Bartlett at 2017-09-22T21:20:23+02:00
ldb_tdb: Add unique index checking for @IDXDN
This will give us errors earlier if the index code becomes broken
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
e8fb4512 by Andrew Bartlett at 2017-09-22T21:20:23+02:00
ldb_tdb: Re-add of both existing DN and GUID must gives LDB_ERR_ENTRY_ALREADY_EXISTS
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
cf853706 by Andrew Bartlett at 2017-09-22T21:20:23+02:00
ldb_tdb: Change error code on unique index violation
The LDB_ERR_ENTRY_ALREADY_EXISTS error code is detected in repl_meta_data as indicating
that the DN exists, and that a conflict record should be created.
This is really a constraint violation, not a duplicate record.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
9c9d9ef6 by Andrew Bartlett at 2017-09-22T21:20:23+02:00
binsearch.h: Re-licence under LGPLv3 per agreement of the copyright holders
Documented in mails to contributing at samba.org.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1390e55b by Andrew Bartlett at 2017-09-22T21:20:23+02:00
ldb_tdb: sort GUID index list at add time by inserting in sorted order
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
b86a46df by Andrew Bartlett at 2017-09-22T21:20:23+02:00
ldb_tdb: Sort inputs to list_union()
This allows us to merge the lists finding common values.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
fdff9a70 by Andrew Bartlett at 2017-09-22T21:20:23+02:00
ldb_tdb: Rework list_union to not return duplicates, and keep sort order
This allows the binary search to still operate on the list, even after
a or operator in the search expression
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
b6bf7e7b by Andrew Bartlett at 2017-09-22T21:20:23+02:00
ldb_tdb: Use a binary search to speed up ltdb_dn_list_find_val()
This only works if we have the GUID index format, as otherwise these are unsorted.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
97b026a7 by Andrew Bartlett at 2017-09-22T21:20:23+02:00
ldb_tdb: Use the binary search more efficiently in list_intersect()
This change ensures we walk the short list and look up into the longer of the two lists.
ltdb_dn_list_find_val() will do a binary search for the GUID case.
Before GUID indexes this was O(n*m), now it is O(n*log(m)).
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
3c6977b1 by Andrew Bartlett at 2017-09-22T21:20:23+02:00
ldb_tdb: Reduce memory consumption in list_intersect()
We will never have more results than is in either list or list2.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
a2ada584 by Andrew Bartlett at 2017-09-22T21:20:23+02:00
ldb_tdb: Duplicate values are no longer permitted in the index
By removing the qsort() we avoid work.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
64b4fbc6 by Andrew Bartlett at 2017-09-22T21:20:23+02:00
ldb: Add an unused objectGUID to each record in SearchTests
This will then be used by the GUID index tests.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
24c71ed2 by Andrew Bartlett at 2017-09-22T21:20:23+02:00
ldb: Also test the new GUID index mode
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
23e0a553 by Andrew Bartlett at 2017-09-22T21:20:23+02:00
ldb_tdb: Add tests for add/modify with the GUID index
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
dfe85eca by Andrew Bartlett at 2017-09-22T21:20:24+02:00
ldb_tdb: Use the DN extracted from the DB to filter the message later
This should ensure that the upper or lower case the user chooses does not impact
on the filtering, at least for database that have checkBaseOnSearch set.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
f14370d4 by Andrew Bartlett at 2017-09-22T21:20:24+02:00
ldb: Add tests for base DN of a different case
This ensures we cover the case where the DN does not match the DB exactly
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
b0a6b5ab by Andrew Bartlett at 2017-09-22T21:20:24+02:00
ldb_tdb: Optimise ltdb_search_and_return_base() to re-use casefolding
The casefolding of a DN is one of the more expensive and pointless things in LDB
operation. The ldb_dn abstraction works hard to avoid duplicating this work, but
we can work harder to save that information.
Here we copy in the DN, that has been casefolded already for the index,
and keep that as the returned DN, after stripping any extended components.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
4e997850 by Andrew Bartlett at 2017-09-22T21:20:24+02:00
ldb_tdb: Move constants into ldb_tdb.h
This helps ensure we keep these all in sync.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
d198a43b by Andrew Bartlett at 2017-09-22T21:20:24+02:00
ldb_tdb: Avoid allocation of a DN between the GUID index and the DB lookup
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
3e60f027 by Andrew Bartlett at 2017-09-22T21:20:24+02:00
ldb_tdb: Clean up list in after use in ltdb_key_dn_from_idx()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
b9d561b0 by Andrew Bartlett at 2017-09-22T21:20:24+02:00
ldb_tdb: Avoid canonicalise and base64 work for DN values, these are already OK
This is important with the GUID index, as a DN lookup is much more common now.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
3113d871 by Andrew Bartlett at 2017-09-22T21:20:24+02:00
ldb_tdb: Give a good error message on add without an objectGUID
(or whatever the @IDX_GUID value is)
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
83bc6074 by Andrew Bartlett at 2017-09-22T21:20:24+02:00
ldb_tdb: Describe index format and control points
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
29c303f2 by Andrew Bartlett at 2017-09-22T21:20:24+02:00
ldb_tdb: Clean up index records on ltdb_index_add_new() failure.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
561ef206 by Andrew Bartlett at 2017-09-22T21:20:24+02:00
ldb_tdb: Remove LTDB_FLAG_HIDDEN and ignore "HIDDEN" in @ATTRIBUTES
This was (unintentionally) disabled by
6ef61825541131e16a03975cdbd344e2bbebf810 in 2006.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
00410ba9 by Andrew Bartlett at 2017-09-22T21:20:24+02:00
ldb_tdb: Add UNIQUE_INDEX as a possible flag
This allows easy testing of our unique index code and behaivour from python
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
0503f098 by Andrew Bartlett at 2017-09-22T21:20:24+02:00
ldb: Add more tests covering in-transaction GUID index and unique index behaviour
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
c71ddab9 by Andrew Bartlett at 2017-09-22T21:20:24+02:00
ldb_tdb: Remove incorrect early return from re-index
The ltdb->cache->attribute_indexes test is not correct with the GUID index mode
so for consistency remove it. This will make re-index on a large un-indexed
database slower, but that is better than making the wrong choice on a large
GUID-indexed database.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
61b66b8d by Andrew Bartlett at 2017-09-22T21:20:24+02:00
ldb_tdb: Print progress messages on re-index
A re-index of 10,000 entries is slow enough and rare enought that we can
justify the message being at LDB_DEBUG_WARNING as otherwise the administrator
will be sure the "lockup" was one.
The default for ldb is to print LDB_DEBUG_WARNING in comand-line tools
and the default for Samba is to log it at level 2.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
f4f9acf7 by Andrew Bartlett at 2017-09-22T21:20:25+02:00
ldb_tdb: Update comments for the delete_index() pass of ltdb_reindex()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
f0624d38 by Andrew Bartlett at 2017-09-22T21:20:25+02:00
ldb_tdb: Also ban a (indexed) search against like @IDXDN=foo
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
8565ca1c by Andrew Bartlett at 2017-09-22T21:20:25+02:00
ldb: Add test showing a search against the index is not possible
This is not actually a great test, as the filter would
fail to match these anyway, but it at least checks the
codepath is safe.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
a0b46ecd by Andrew Bartlett at 2017-09-22T21:20:25+02:00
ldb: Do not make an ldb file for API tests
An ldb context is valid without a backing file for tests of ldb.Message and ldb.MessageElement
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
644b3ffb by Andrew Bartlett at 2017-09-22T21:20:25+02:00
ldb: Ensure we do not run out of File descriptors in autobuild
The python TestCase API will keep a reference to the test object until the end
of the tests, long after we need the actual LDB or the fd.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
303739e8 by Andrew Bartlett at 2017-09-22T21:20:25+02:00
ldb_tdb: Treat distinguishedName and objectGUID (in Samba) as unique
This avoids loading any second index for these cases.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
c40531d9 by Andrew Bartlett at 2017-09-23T01:24:19+02:00
ldb: Release ldb 1.3.0
* GUID Index support.
NOTE: When activated by setting @IDXGUID in the @INDEXLIST dn, all
entries in the DB are re-keyed in a way that is NOT visible to
ldb 1.2.2 and earlier. To re-key back to the previous format, remove
the @IDXGUID attribute from @INDEXLIST using ldb 1.2.2 or later.
(ldb 1.2.2 can re-key, but not otherwise read, the new DB format).
* Give LDB_ERR_CONSTRAINT_VIOLATION, not LDB_ERR_ENTRY_ALREADY_EXISTS
when a duplicate value is detected in a unique index
* Print status information during a > 10,000 entry re-index
(as this can be slow)
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Sep 23 01:24:19 CEST 2017 on sn-devel-144
- - - - -
6a531773 by Lutz Justen at 2017-09-23T01:25:24+02:00
lib: gpo: Changes order to match GPO application order.
The order of GPOs in a gpo_list generated by ads_get_gpo_list
did not match the order of application. Since GPOs are pushed
to the FRONT of gpo_list, GPOs have to be pushed in the opposite
order of application. (Pushing to front is useful to get
inheritance blocking right).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13046
Signed-off-by: Lutz Justen <ljusten at google.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
69410c0a by Lutz Justen at 2017-09-23T01:25:24+02:00
lib: gpo: Fixes issue with GPOPTIONS_BLOCK_INHERITANCE.
GP links with the GPOPTIONS_BLOCK_INHERITANCE option set
were blocking GPOs from the same link (i.e. an OU with
the flag set would block its own GPOs). This patch makes
sure the GPOs from the link are added to the list.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13046
Signed-off-by: Lutz Justen <ljusten at google.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
- - - - -
5f2576a9 by Lutz Justen at 2017-09-23T05:25:19+02:00
lib: gpo: Put enforced GPOs at the end of the list.
Enforced GPOs should be applied on top of all non-enforced GPOs,
so that they override policies set in non-enforced GPOs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13046
Signed-off-by: Lutz Justen <ljusten at google.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Sat Sep 23 05:25:19 CEST 2017 on sn-devel-144
- - - - -
eabc3444 by Andrew Bartlett at 2017-09-23T05:26:15+02:00
provision: make clear that the tmp ldb is running in @IDXGUID mode
This happended when the schema was set on the DB, forcing the full set of Samba behaviours
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
7665d999 by Andrew Bartlett at 2017-09-23T05:26:15+02:00
provision: Add a fixed objectGUID to the tmp DB used for LDAP backend schema work
This DB holds a copy of the schema, but now needs to have an objectGUID on each record.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
a2053696 by Andrew Bartlett at 2017-09-23T05:26:15+02:00
provision: Add a fixed GUID to the samba4top objectclass definition
This is only used in the OpenLDAP backend and will certainly be removed before this becomes production.
(a production backend will use the real AD top objectclass)
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
effac548 by Andrew Bartlett at 2017-09-23T05:26:15+02:00
dsdb: Set that Samba uses the GUID index in LDB
This is optional, but only to aid the downgrade script (and in case
there is some major issue found with it). We don't support that mode,
as that would require us to test and maintain multiple code paths and
not optimise queries to be GUID centric.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
5d404eae by Andrew Bartlett at 2017-09-23T05:26:15+02:00
Do not re-use the attribute @IDXVERSION for SAMDB_INDEXING_VERSION
Confusing these two concepts is not a good idea, SAMDB_INDEXING_VERSION refers to
a change in a Samba rule to canonicalise one of our attributes, not the
in-DB index format.
As we already change @INDEXLIST in this version, this commit
is at no extra cost.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
7ddf4795 by Andrew Bartlett at 2017-09-23T09:16:31+02:00
scripting: Add script (backportable) to undo a GUID index
This script allows the DB to be read, and re-indexed, by an earlier Samba version,
most likely 4.7 with some backported patches.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Sep 23 09:16:31 CEST 2017 on sn-devel-144
- - - - -
954167a0 by Volker Lendecke at 2017-09-25T09:43:11+02:00
netlogon_creds_cli: Fix talloc_stackframe leaks
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
86364965 by Volker Lendecke at 2017-09-25T09:43:11+02:00
netlogon_creds_cli: Simplify netlogon_creds_cli_context_global
netlogon_creds_cli_open_global_db() already contains the NULL check. Use that.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a969fc99 by Volker Lendecke at 2017-09-25T09:43:11+02:00
cli_netlogon: Rename "netlogon_creds" to "creds_ctx"
Trying to understand this code it's important for me to name variables
indicating their use: A netlogon_creds_cli_context is a context with access to
credentials, it's not the credentials itself.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c234599a by Volker Lendecke at 2017-09-25T09:43:11+02:00
cli_netlogon: Remove an unnecessary if-condition
We don't need to check this here. rpccli_create_netlogon_creds_ctx via
netlogon_creds_cli_context_global returns NT_STATUS_INVALID_PARAMETER for an
unknown schannel type. Slightly different error code, but we could change the
one in netlogon_creds_cli_context_global if necessary.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
154b28b6 by Volker Lendecke at 2017-09-25T09:43:12+02:00
netlogon_creds_cli: Simplify netlogon_creds_cli_store
Don't implicitly TALLOC_FREE(creds) in the pure store routine. This
mixes up responsibilities, and there's not enough callers to justify
the TALLOC_FREE to be centralized.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fa536175 by Volker Lendecke at 2017-09-25T09:43:12+02:00
netlogon_creds_cli: Simplify netlogon_creds_cli_delete
Don't implicitly TALLOC_FREE(creds) in the pure delete routine
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b92b10d7 by Volker Lendecke at 2017-09-25T09:43:12+02:00
netlogon_creds_cli: Remove unused code
According to metze this was meant for test code that never materialized
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b750a6db by Volker Lendecke at 2017-09-25T09:43:12+02:00
netlogon_creds_cli: Remove tevent_req handling from netlogon_creds_cli_lock_fetch
Disentangle concerns, make netlogon_creds_cli_lock_fetch usable for
other callers
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c377c915 by Volker Lendecke at 2017-09-25T09:43:12+02:00
netlogon_creds_cli: Transfer a comment
This part of from netlogon_creds_cli_get will go
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
71fb0a89 by Volker Lendecke at 2017-09-25T09:43:12+02:00
netlogon_creds_cli: Rename netlogon_creds_cli_lock_fetch->get_internal
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0463527e by Volker Lendecke at 2017-09-25T09:43:12+02:00
netlogon_creds_cli: Simplify netlogon_creds_cli_get
netlogon_creds_cli_get_internal almost does everything needed, only
the invalidating for credential chain use is missing.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
62e65556 by Volker Lendecke at 2017-09-25T09:43:12+02:00
netlogon_creds_cli: Print netlogon_creds_CredentialState
Add some debugging for the tdb records
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c0e28638 by Volker Lendecke at 2017-09-25T09:43:12+02:00
netlogon_creds_cli: Factor out netlogon_creds_cli_store_internal
In a future commit we'll need a version that does not check for
context->db.locked_state
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
dac48cf2 by Volker Lendecke at 2017-09-25T09:43:12+02:00
netlogon_creds_cli: Factor out netlogon_creds_cli_delete_internal
In a future commit we'll need a version that does not check for
context->db.locked_state
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6f879b78 by Volker Lendecke at 2017-09-25T09:43:12+02:00
netlogon_creds_cli: Create cli_credentials from netlogon creds ctx
A netlogon_creds_cli_context holds all information required to do an
schannel bind. Used in the next commit.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4b97de8a by Volker Lendecke at 2017-09-25T09:43:12+02:00
rpc_client3: Avoid "cli_credentials" in cli_rpc_pipe_open_schannel_with_creds
This provides cleaner data dependencies. A netlogon_creds_ctx contains
everything required to open an schannel, there is no good reason to
require cli_credentials here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3e72a12d by Volker Lendecke at 2017-09-25T09:43:12+02:00
netlogon_creds_cli: Add netlogon_creds_cli_lck
This adds an external locking scheme to protect our
netlogon_creds_CredentialState. This is needed because the routines
exposed by netlogon_creds_cli.h need a more flexible locking to
set up our credentials in a properly protected way.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d61545a5 by Volker Lendecke at 2017-09-25T09:43:12+02:00
netlogon_creds_cli: Add netlogon_creds_cli_delete_lck
Like netlogon_creds_cli_delete, protected by netlogon_creds_cli_lck
instead of netlogon_creds_cli_lock.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f6e39450 by Volker Lendecke at 2017-09-25T09:43:12+02:00
netlogon_creds_cli: Protect netlogon_creds_cli_check by _lck
netlogon_creds_cli_lck provides the locking around the operation
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4d19f8b4 by Volker Lendecke at 2017-09-25T09:43:13+02:00
netlogon_creds_cli: Protect netlogon_creds_cli_auth by _lck
This widens the lock range to cover the check for established
credentials. Before this patch it could happen that more than one
winbind finds no credentials and does the auth3. This can pile up.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9f4fc9f8 by Volker Lendecke at 2017-09-25T09:43:13+02:00
cli_netlogon: Factor out rpccli_setup_netlogon_creds_locked
This does the reqchallenge/serverauth while assuming we have the
netlogon_creds_cli_lck already held. The _locked flavor will be called
from a routine that covers more under one single lock.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
de2279df by Volker Lendecke at 2017-09-25T09:43:13+02:00
rpcclient3: Factor out cli_rpc_pipe_open_bind_schannel()
This will be used for the "fast path" to netlogon when we already have
credentials.
This slightly widens the area of code covered by the netlogon_creds
lock: cli_rpc_pipe_open is now also covered by the lock.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f7807c1b by Volker Lendecke at 2017-09-25T09:43:13+02:00
cli_netlogon: Return flags from rpccli_setup_netlogon_creds_locked
This will be used in a later commit in the rpcclient "capabilities"
command. Avoids another netlogon_creds_cli_get in the next commit.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
71c54af0 by Volker Lendecke at 2017-09-25T09:43:13+02:00
cli_netlogon: rpccli_connect_netlogon
This is the one-stop shop to a working, schannel'ed connection to the
netlogon RPC interface. Jeremy tells me it needs more comments :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d7e31d9f by Volker Lendecke at 2017-09-25T09:43:13+02:00
winbindd: Use rpccli_connect_netlogon
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
32e823e0 by Volker Lendecke at 2017-09-25T09:43:13+02:00
netlogon_creds_cli: Pass "capabilities" up from creds_cli_check
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
82c17bc9 by Volker Lendecke at 2017-09-25T13:42:19+02:00
rpcclient: Fix "capabilities" command
This used to not properly store the chained credentials back into the
netlogon_creds_cli tdb. This by the way is the bug that all the
routines for the NT4 style sam replication had that just disappeared.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Sep 25 13:42:19 CEST 2017 on sn-devel-144
- - - - -
1a1c4ad7 by Tim Beale at 2017-09-26T00:41:16+02:00
selftest: Add new AD DC testenv with NTLM disabled
This is so that we test the source4 case as well. Currently the only
testenv with NTLM disabled is ktest, and that only exercises the source3
code.
I've tried to support the new test environment with minimal changes to the
Samba4.pm setup code.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
8c56aa2c by Tim Beale at 2017-09-26T00:41:16+02:00
selftest: Rename ntlmauth tests to ntlmdisabled
There are already some existing ntlm_auth tests, so the new tests I've
added make things a bit confusing. Also, ntlmdisabled probably better
reflects the specific case we're trying to test.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
25b9e06f by Tim Beale at 2017-09-26T00:41:16+02:00
selftest: Use a unique hostname/IP for the no_nss testenv
The ad_dc_no_nss was re-using the ad_dc testenv but changing an
environment variable to disable the NSS wrapper module.
Presumably this would setup a second AD DC server with the same
hostname/IP as another DC (but with NSS disabled). This doesn't seem
like a good thing to be doing in the selftests. This patch changes
it so that the no_nss testenv uses a unique IP/hostname.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
4f84b6df by Gary Lockyer at 2017-09-26T00:41:16+02:00
s4:smbd: call setproctitle_init
Call setproctitle_init() in main which suppresses the
"samba: setproctitle not initialized, please either call
setproctitle_init() or link against libbsd-ctor."
messages, but more importantly it displays meaningful details in ps
output.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9816
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
4aa1c09d by Gary Lockyer at 2017-09-26T00:41:16+02:00
s4:smbd: set samba root process title
Set the process title in the samba root process to clearly identify it
in ps output.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3982b774 by Gary Lockyer at 2017-09-26T04:38:59+02:00
tfork: set waiter process title
Display a meaningful process title for the waiter process, now that smbd is
calling setproctitle_init() and this value will be displayed in ps
output.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Sep 26 04:38:59 CEST 2017 on sn-devel-144
- - - - -
1b395f48 by Tim Beale at 2017-09-26T05:33:17+02:00
selftest: replica_sync did not fully cleanup if test failed
Normally the replica_sync tests do the cleanup at the end of the test
case, rather than in the tearDown(). However, if the tests don't run to
completion (because they fail), then the objects may not get cleaned up
properly, which causes the tests to fail on the 2nd test-env.
The problem is the object deletion only occurs on DC2 and it relies on
replication to propagate the deletion to DC1. Presumably this
propagation could be missed because the tests are repeatedly turning off
inbound replication on both DCs.
This patch changes the tearDown() so it tries to delete the objects off
both DCs, which appears to fix the problem.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
d278f5ea by Tim Beale at 2017-09-26T05:33:17+02:00
selftest: Windows resolves object conflicts differently to Samba
While testing link conflicts I noticed that Windows resolves conflicts
differently to Samba. Samba considers the version number first when
resolving the conflict, whereas Windows always takes the latest change.
The existing object conflict test cases didn't detect this problem
because they were both modifying the object the same number of times (so
they had the same version number).
I've added new tests that highlight the problem. They are basically the
same as the existing rename tests, except that only one DC does the
rename. Samba will always pick the renamed object as the winner, whereas
Windows picks the most recent change.
I've marked this test as a known fail for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13039
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
5f93ac1f by Tim Beale at 2017-09-26T05:33:17+02:00
selftest: Add test for a re-animated object conflict
Added a test to simulate a user accidentally being deleted and 2
different admins trying to resolve the problem simultaneously - one by
re-animating the object and one by just creating a new object with
the same name.
Currently this test fails on Samba because it chooses the higher
version
number as the winner instead of the latest change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13039
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
0d4c3e5e by Tim Beale at 2017-09-26T09:36:48+02:00
replmd: RMD_VERSION incorrectly incremented for link conflicts
This problem was noticed when 2 DCs added the same linked attribute at
roughly the same time. One DC would have a later timestamp than the
other, so it would re-apply the same link information. However, when it
did this, replmd_update_la_val() would incorrectly increment the
RMD_VERSION for the attribute. We then end up with one DC having a
higher RMD_VERSION than the others (and it doesn't replicate the new
RMD_VERSION out).
During replication RMD_VERSION is used to determine whether a linked
attribute is old (and should be ignored), or whether the information is
new and should be applied to the DB. This RMD_VERSION discrepancy could
potentially cause a subsequent linked attribute update to be ignored.
Normally when a local DB operation is performed, we just pass in a
version of zero and get replmd_update_la_val() to increment what's
already in the DB. However, we *never* want this to happen during
replication - we should always use the version we receive from the peer
DC.
This patch fixes the problem by separating the API into two:
- replmd_update_la_val(): we're updating a linked attribute in the DB,
and so as part of this operation we always want to increment the
version number (the version no longer need to be passed in because
we can work it out from the existing DB entry).
- replmd_set_la_val(): we want to set a linked attribute to use the
exact values we're telling it, including the version. This is what
replication needs to use.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13038
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Sep 26 09:36:48 CEST 2017 on sn-devel-144
- - - - -
a919ded1 by Volker Lendecke at 2017-09-26T09:37:13+02:00
ctdbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
e12ed08b by Volker Lendecke at 2017-09-26T09:37:13+02:00
ctdb: Centralize ctdb_version_string
Whenever the current git hash changes, we recompile ctdb.c and
ctdb_daemon.c. As both have quite a few warnings with -Wall, this
makes it quite difficult to see the real warnings that pop up during
development. Centralize the ctdb_version_string to just a single file
without warnings.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
f059585f by Volker Lendecke at 2017-09-26T09:37:13+02:00
lib: Add "unique_id" to ctdbd_process_exists
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13042
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
61de3496 by Volker Lendecke at 2017-09-26T13:47:31+02:00
lib: Use CTDB_CONTROL_CHECK_PID_SRVID
Also check the unique ID for remote server ids, just like we do for
local server ids
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13042
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Sep 26 13:47:31 CEST 2017 on sn-devel-144
- - - - -
15d14d61 by Yvan Masson at 2017-09-27T18:44:44+02:00
docs/ntvfshandler: remove duplicate value
The "posix" value of option "ntvfs handler" was written two times. This commit
deletes the first occurrence so that the default value is the first seen by
reader.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13053
Signed-off-by: Yvan Masson <yvan at masson-informatique.fr>
Reviewed-by: Marc Muehlfeld <mmuehlfeld at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Sep 27 18:44:45 CEST 2017 on sn-devel-144
- - - - -
0ac94ad9 by Justin Maggard via samba-technical at 2017-09-27T22:11:11+02:00
smb.conf: Update multi-channel warning text
Since Samba 4.4.x is going EOL soon, update the server multi channel
support warning text to reflect the fact that it's still experimental in
4.7, and it won't be getting fixed in a future 4.4.x version.
Signed-off-by: Justin Maggard <jmaggard at netgear.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
575f1e2b by Christof Schmitt at 2017-09-27T22:11:11+02:00
lib/util: Fix build for lttng libraries that does not support tracef
On a system that has older lttng-ust development headers installed that
do not yet provide the tracef api, configure fails with:
Checking for library lttng-ust : yes
ERROR: Target 'lttng-ust' in directory /samba/lib/util re-defined as EMPTY - was SYSLIB
Fix the initialization order in waf, to not redefine the lttng-ust
target
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
099df25f by Gary Lockyer at 2017-09-28T02:08:34+02:00
source4 smbd: remove global control pipe from process_standard.
The standard model uses a pipe to signal the worker processes spawned on
accept that the controlling process has terminated and that they should
shut down. This pipe is currently a static global variable in
process_standard.c.
This patch replaces that global pipe with a file descriptor passed into
the process model init functions, giving a single mechanism across all process
models. This paves the way for the addition of a pre-fork process model.
Ensuring that the correct file descriptors are closed, is difficult so
it is best do this only once rather than require the process models to
do this individually.
Notes on debugging pipe ownership:
Add code to log the process id and the file descriptor of the writeable
pipe.
run:
lsof | grep FIFO | grep samba | grep <process id>
this will produce lines like:
samba 25624 him 4w FIFO 0,10 0t0 472206 pipe
where: 4w is the file descriptor and mode and the number to the left
of "pipe" is the pipe id.
then:
lsof | grep FIFO | grep samba | grep <pipe id>
This will display all the processes with the pipe open and the mode
only the smbd master process should have it open in write mode.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Sep 28 02:08:34 CEST 2017 on sn-devel-144
- - - - -
7e728c86 by Amitay Isaacs at 2017-09-29T08:38:10+02:00
notifyd: Broadcast to all connected nodes
CTDB_BROADCAST_VNNMAP includes only the nodes with lmaster roles.
CTDB_BROADCAST_CONNECTED includes all the running nodes.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Fri Sep 29 08:38:10 CEST 2017 on sn-devel-144
- - - - -
196bd545 by Ralph Wuerthner at 2017-09-29T14:35:16+02:00
s3:winbind: unmapped Unix groups in getgrgid must be resolved locally
Signed-off-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
05beefd5 by Ralph Wuerthner at 2017-09-29T18:33:21+02:00
s3:winbind: unmapped Unix users must be resolved locally
Signed-off-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Sep 29 18:33:21 CEST 2017 on sn-devel-144
- - - - -
2c50bdfe by Noel Power at 2017-09-29T22:37:08+02:00
docs: Improve wording around 'winbind expand groups' param
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jim McDonough <jmcd at samba.org>
Autobuild-User(master): Jim McDonough <jmcd at samba.org>
Autobuild-Date(master): Fri Sep 29 22:37:08 CEST 2017 on sn-devel-144
- - - - -
0e9fcc3e by Marc Muehlfeld at 2017-09-30T02:41:46+02:00
vfs_snapper man page: Fixed typo
This commit corrects a small typo in vfs_snapper manpage.
Signed-off-by: Yvan Masson <yvan at masson-informatique.fr>
Reviewed-by: Marc Muehlfeld <mmuehlfeld at samba.org>
Autobuild-User(master): Marc Muehlfeld <mmuehlfeld at samba.org>
Autobuild-Date(master): Sat Sep 30 02:41:46 CEST 2017 on sn-devel-144
- - - - -
3794fa0a by Pooja Mahadik at 2017-09-30T06:42:10+02:00
Changes in samba vxfs plugin.
Implemented two VFS operations(set/fset dos attribute) for vxfs plugin.
Trapping set/clear of read-only attribute.
Signed-off-by: Pooja Mahadik <pooja.mahadik at veritas.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Sep 30 06:42:10 CEST 2017 on sn-devel-144
- - - - -
762fba44 by Volker Lendecke at 2017-09-30T08:01:24+02:00
winbind: Remove the use of "talloc_dict"
As members we only collect names, indexed by sids. This is served
well by just a simple dbwrap_rbt.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
197304c9 by Volker Lendecke at 2017-09-30T08:01:24+02:00
lib: Remove talloc_dict
Looked like a good idea at its time, but its only user did not need
it anyway
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ac521c2d by Volker Lendecke at 2017-09-30T08:01:24+02:00
lib: Fix a signed/unsigned hickup
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9a8eeabd by Ralph Boehme at 2017-09-30T08:01:24+02:00
lib/util/run_cmd: prevent zombies in samba_runcmd_send on timeout
Ensure the state desctructor calls tfork_destroy to reap the waiter and
worker processes. Otherwise we leave the waiter process as a zombie
behind us as we never call waitpid on it in case of a timeout
or talloc_free() from the caller.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13062
Pair-programmed-with: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
4aaf072d by Ralph Boehme at 2017-09-30T08:01:24+02:00
lib/util/run_cmd: ensure fd_stdin gets set to -1 in the destructor
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13062
Pair-programmed-with: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
94a8331e by Ralph Boehme at 2017-09-30T08:01:25+02:00
lib/util/run_cmd: remove a printf
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13062
Pair-programmed-with: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
6539cc8a by Ralph Boehme at 2017-09-30T12:14:56+02:00
lib/util/run_cmd: use a cleanup function instead of a destructor
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13062
Pair-programmed-with: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Sep 30 12:14:57 CEST 2017 on sn-devel-144
- - - - -
064e17c0 by Ralph Boehme at 2017-10-02T15:17:00+02:00
net: groupmap cleanup should not delete BUILTIN mappings
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13065
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Oct 2 15:17:00 CEST 2017 on sn-devel-144
- - - - -
174e6cb5 by Kevin Anderson at 2017-10-04T10:06:15+02:00
vfs_fruit: Add Time Machine support
Add a configuration option to disable/enable Time Machine support via
the FULLSYNC AAPL flag.
Signed-off-by: Kevin Anderson <andersonkw2 at gmail.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4d654459 by Kevin Anderson at 2017-10-04T10:06:15+02:00
docs/vfs_fruit: Add Time Machine support
Add the capability to advertise FULLSYNC volume capabilities
to clients that request them. This is mainly used for supporting
Mac OS Time Machine backups from clients. The capability does
not perform any additional action.
Signed-off-by: Kevin Anderson <andersonkw2 at gmail.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
127b18eb by Omri Mor at 2017-10-04T10:06:15+02:00
s3/smbd: register Time Machine shares with Avahi
Adds support for automatically registering the required _adisk._tcp
mDNS record based on the setting of "fruit:time machine".
Signed-off-by: Omri Mor <omri50 at gmail.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d774aeba by Jorge Schrauwen via samba-technical at 2017-10-04T10:06:15+02:00
vfs_solarisacl: fix build for samba 4.7 and up
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13049
Signed-off-by: Jorge Schrauwen <sjorge at blackdot.be>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fb9ce068 by Jeremy Allison at 2017-10-04T10:06:15+02:00
s3: VFS: Ensure sys_getwd() doesn't leak memory on error on really old systems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13069
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4800ed35 by Jeremy Allison at 2017-10-04T10:06:15+02:00
s3: VFS: Protect errno if sys_getwd() fails across free() call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13069
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b07f2215 by Jeremy Allison at 2017-10-04T14:05:33+02:00
s3: VFS: Ensure default SMB_VFS_GETWD() call can't return a partially completed struct smb_filename.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13068
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Oct 4 14:05:33 CEST 2017 on sn-devel-144
- - - - -
70d30637 by Amitay Isaacs at 2017-10-05T05:19:21+02:00
ctdb-daemon: Send broadcast to connected nodes, not configured nodes
https://bugzilla.samba.org/show_bug.cgi?id=13056
Database recovery takes care of attaching missing databases on all the nodes.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
bf11bea5 by Amitay Isaacs at 2017-10-05T05:19:21+02:00
ctdb-tests: Send broadcast to connected nodes, not configured nodes
https://bugzilla.samba.org/show_bug.cgi?id=13056
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
ddd97553 by Amitay Isaacs at 2017-10-05T05:19:21+02:00
ctdb-common: Do not queue a packet if queue does not have valid fd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13056
The only time a ctdb_queue is created without valid fd is when CTDB
is trying to establish connections with other nodes in the cluster.
All the other uses always create a ctdb_queue with valid fd.
This avoids queueing up packets for dead nodes or nodes that are not
running in the cluster and stops consuming memory.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
96e3ea54 by Martin Schwenke at 2017-10-05T05:19:21+02:00
ctdb-tools: Use ctdb_connection_list_read()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
cadd0d51 by Martin Schwenke at 2017-10-05T05:19:21+02:00
ctdb-common: Remove unused function ctdb_parse_connections()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
3ee9822f by Martin Schwenke at 2017-10-05T05:19:21+02:00
ctdb-tools: Replace parse_ip_port() -> ctdb_sock_addr_from_string()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4683ef28 by Martin Schwenke at 2017-10-05T05:19:21+02:00
ctdb-common: Remove unused function parse_ip_port()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
a0051b80 by Martin Schwenke at 2017-10-05T05:19:21+02:00
ctdb-tools: Replace parse_ip() -> ctdb_sock_addr_from_string()
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
330436bd by Martin Schwenke at 2017-10-05T05:19:21+02:00
ctdb-tests: Replace parse_ip() -> ctdb_sock_addr_from_string()
... and ctdb_sock_addr_set_port() where required.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
c98691c3 by Martin Schwenke at 2017-10-05T05:19:21+02:00
ctdb-common: Replace parse_ip() -> ctdb_sock_addr_from_string()
... and ctdb_sock_addr_set_port().
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
e1a8c9b2 by Martin Schwenke at 2017-10-05T09:19:31+02:00
ctdb-common: Make parse_ip() and parse_ipv4() static
parse_ip() has interface checking for IPv6 that is still used
indirectly by the IP takeover code via parse_ip_mask(). This will be
removed eventually.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Thu Oct 5 09:19:31 CEST 2017 on sn-devel-144
- - - - -
fc03049c by Samuel Cabrero at 2017-10-06T05:21:25+02:00
s3: spoolss: Fix GUID string format on GetPrinter info
Fix regression introduced by commit a4157e7c5d75 which removed the braces
around the printer GUID in the printer info level 7 structure.
MS-RPRN section 2.2 says this protocol uses curly-braced GUIDs so printers
are deleted from the directory by the domain controller's pruning service.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12993
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Oct 6 05:21:25 CEST 2017 on sn-devel-144
- - - - -
a826394a by Ralph Boehme at 2017-10-07T00:04:54+02:00
smbcacls: no need to fetch the sd when changing ownership
Reading the SD may be denied but changing ownership could be allowed. As
we don't really need the server SD for the change ownership request,
don't fetch it.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Oct 7 00:04:54 CEST 2017 on sn-devel-144
- - - - -
272f1c9f by Jeremy Allison at 2017-10-09T23:01:17+02:00
s3: smbd: Currently if getwd() fails after a chdir(), we panic.
Change this to return to the previous $cwd, and return -1 for the chdir().
If the return to the previous $cwd fails, still panic as we
can't return an unknown state.
Also do early return from failing SMB_VFS_CHDIR, reducing indentation level
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13027
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: Ralph Böhme <slow at samba.org>
- - - - -
0f8de2de by Ralph Boehme at 2017-10-09T23:01:17+02:00
selftest: fix acl_xattr test: changing owner
Don't give ownership to user "force_user" as user "$USERNAME", this
would fail with NT_STATUS_INVALID_OWNER, instead just take ownership as
user "force_user". Adding a corresponding ACE for "force_user" with FULL
rights ensures this works.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
71a2d06a by Ralph Boehme at 2017-10-09T23:01:17+02:00
selftest: fix acl_xattr test: group, not user
In nt_affects_chgrp() check for domadmins *group*, not user. This didn't
trigger an error as nt_affects_chgrp() isn't actually called, see next
commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1fabe253 by Ralph Boehme at 2017-10-09T23:01:17+02:00
selftest: fix acl_xattr test: grep ouput before munging
The check of the smbclient getfacl output for presence of a "^# group:"
line must be done before munging the saved output with a sed filter.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ea0ea829 by Ralph Boehme at 2017-10-09T23:01:17+02:00
selftest: fix acl_xattr test: sn-devel unreliable gid
The "nt_affects_chgrp" kept failing in a full autobuild on sn-devel
because the actual gid of the created file as returned by smbclient -c
getfacl was reliably the unix gid of my account. It should have been the
mapped domusers group for the primary users "Domain Users"
group. Running the test individually or even the full set of
"samba3.blackbox" tests didn't trigger the error.
Looks like an issue with vfs_fake_acls and vfs_xattr_tdb, but I wasn't
able to track it down. As the test only really want to ensure that
smbcacls -G set the gid to the requested value, just remove the check
for the actual initial gid.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3aff6315 by Ralph Boehme at 2017-10-09T23:01:17+02:00
selftest: fix acl_xattr test script test_acl_xattr.sh
The two "nt_affects_chgrp" tests called the wrong function so the
function nt_affects_chgrp() was never run.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ff199d8e by Ralph Boehme at 2017-10-09T23:01:17+02:00
selftest: fix samba3.blackbox.inherit_owner.default test script test_inherit_owner.sh
Grant the test-user SeRestorePrivilege, this is needed for
give-ownership operations. And then granting SeRestorePrivilege requires
`net`, so add that as an additional argument to the script.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4b2e171e by Ralph Boehme at 2017-10-09T23:01:18+02:00
selftest: tests for change ownership on a file
This test verifies that SEC_STD_WRITE_OWNER only effectively grants
take-ownership permissions but NOT give-ownership. The latter requires
SeRestorePrivilege privilege.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cc555be4 by Ralph Boehme at 2017-10-09T23:01:18+02:00
s3/smbd/posix_acls: return correct status in try_chown
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e62f90a6 by Ralph Boehme at 2017-10-09T23:01:18+02:00
vfs_acl_common: factor out a variable declaration
Just some refactoring, no change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7e7afef8 by Ralph Boehme at 2017-10-09T23:01:18+02:00
vfs_acl_common: fix take ownership vs give ownership
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0666093c by Ralph Boehme at 2017-10-09T23:01:18+02:00
vfs_fake_acls: deny give-ownership
Windows doesn't allow giving ownership away unless the user has
SEC_PRIV_RESTORE privilege.
This follows from MS-FSA 2.1.5.1, so it's a property of the filesystem
layer, not the SMB layer. By implementing this restriction here, we can
now have test for this restriction.
Other filesystems may want to deliberately allow this behaviour --
although I'm not aware of any that does -- therefor I'm putting in this
restriction in the implementation of the chmod VFS function and not into
the caller.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
76a1c5a1 by Ralph Boehme at 2017-10-10T02:57:40+02:00
wbinfo: return "NOT MAPPED" instead of "S-0-0" for unmapped id-to-sid
Currently wbinfo --unix-ids-to-sids prints "S-0-0" for failed
mappings. Let it print "NOT MAPPED" instead.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Oct 10 02:57:40 CEST 2017 on sn-devel-144
- - - - -
c202b188 by Amitay Isaacs at 2017-10-10T11:45:18+02:00
ctdb-protocol: Add REQ_TUNNEL packet type
This allows to tunnel new protocols using ctdb transport.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
a41571a7 by Amitay Isaacs at 2017-10-10T11:45:18+02:00
ctdb-protocol: Add controls to register/deregister tunnels
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
9c515357 by Amitay Isaacs at 2017-10-10T11:45:18+02:00
ctdb-daemon: Add implementation of tunnel controls
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
f4f5e7d2 by Amitay Isaacs at 2017-10-10T11:45:19+02:00
ctdb-protocol: Add req_tunnel counts to ctdb statistics
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
2cb5fdac by Amitay Isaacs at 2017-10-10T11:45:19+02:00
ctdb-daemon: Add code to process ctdb_req_tunnel packets
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
4467c611 by Amitay Isaacs at 2017-10-10T11:45:19+02:00
ctdb-protocol: Add protocol marshalling for tunnel controls
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
24e41971 by Amitay Isaacs at 2017-10-10T11:45:19+02:00
ctdb-client: Add client code for tunnel controls
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
c700464d by Amitay Isaacs at 2017-10-10T11:45:19+02:00
ctdb-protocol: Add protocol marshalling for CTDB_REQ_TUNNEL
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
ad1a9176 by Amitay Isaacs at 2017-10-10T11:45:19+02:00
ctdb-client: Add client api for using tunnels
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
6fed8a73 by Amitay Isaacs at 2017-10-10T11:45:19+02:00
ctdb-protocol: Add tunnel id prefix for testing
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
79a44d15 by Amitay Isaacs at 2017-10-10T11:45:19+02:00
ctdb-tests: Add test for tunnels
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
046427b0 by Amitay Isaacs at 2017-10-10T15:50:04+02:00
ctdb-tests: Add interactive test for tunnels
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Oct 10 15:50:04 CEST 2017 on sn-devel-144
- - - - -
59438bfd by Ralph Boehme at 2017-10-10T15:51:27+02:00
winbindd: add domain SID to idmap mapping domains
Fetch the domain SID for every domain in the idmap-domain map. This is
in preperation of passing the domain SID as an additional argument to
xid2sid requests to the idmap child.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
71f99cb1 by Ralph Boehme at 2017-10-10T15:51:27+02:00
winbindd: pass domain SID to wbint_UnixIDs2Sids
This makes the domain SID available to the idmap child for
wbint_UnixIDs2Sids mapping request. It's not used yet anywhere, this
comes in the next commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
108675c4 by Ralph Boehme at 2017-10-10T15:51:27+02:00
winbindd: idmap_rid: don't rely on the static domain list
The domain list in the idmap child is inherited from the parent winbindd
process and may not contain all domains in case enumerating trusted
domains didn't finish before the first winbind request that triggers the
idmap child fork comes along.
The previous commits added the domain SID as an additional argument to
the wbint_UnixIDs2Sids request, storing the domain SID in struct
idmap_domain.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
490c35df by Ralph Boehme at 2017-10-10T19:57:37+02:00
winbindd: idmap_rid: error code for failing id-to-sid mapping request
NT_STATUS_NO_SUCH_DOMAIN triggers complete request failure in the parent
winbindd. By returning NT_STATUS_NONE_MAPPED winbindd lets the individual
mapping fail but keeps processing any remaining mapping requests.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Oct 10 19:57:37 CEST 2017 on sn-devel-144
- - - - -
015bdbd1 by Samuel Cabrero at 2017-10-11T06:39:00+02:00
s3: spoolss: Extend publish_toggle test to check returned GUID string format
Extend the rpc.spoolss.printer.addprinter.publish_toggle test to
check the format of the returned GUID string in GetPrinter info
level 7 structure.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12993
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Disseldorp <ddiss at suse.de>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Oct 11 06:39:00 CEST 2017 on sn-devel-144
- - - - -
70146841 by Stefan Metzmacher at 2017-10-11T08:30:13+02:00
krb5_wrap: KRB5_ADDRESS_INET6 is not a define in Heimdal
All supported versions of Heimal already have KRB5_ADDRESS_INET6,
so there's no need for an explicit check.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13079
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
- - - - -
96e471ee by Stefan Metzmacher at 2017-10-11T08:30:13+02:00
krb5_wrap: ADDRTYPE_INET6 is available in all supported MIT versions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13079
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
- - - - -
2717263c by Stefan Metzmacher at 2017-10-11T12:33:42+02:00
s4:heimdal_build: there's no need to define HAVE_KRB5_ADDRESSES twice
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Oct 11 12:33:42 CEST 2017 on sn-devel-144
- - - - -
36cbb4ad by Marc Muehlfeld at 2017-10-12T21:14:13+02:00
Updated error message text and reduced its debug level
Previously, "net rpc share add|remove" commands failed if no
"add|delete share command" parameter was set in smb.conf. However,
the error was only logged at level 10 and not very clear.
This patch updates the error message text and sets the log level of this
error to 1 to make it more obvious what is missing.
Signed-off-by: Marc Muehlfeld <mmuehlfeld at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
156015ae by Ralph Boehme at 2017-10-13T01:22:05+02:00
selftest: add some debugging to test_give_owner.sh
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Oct 13 01:22:05 CEST 2017 on sn-devel-144
- - - - -
f8bd63e1 by Ralph Boehme at 2017-10-13T17:40:07+02:00
vfs_catia: factor out mapping functions
This moves the core mapping functions to a seperate file and makes them
global.
string_replace_init_map() is called to parse a mapping in string and
produce a mapping object that can then be passed to
string_replace_allocate() to do the actual mapping of a string.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
3d7932a3 by Ralph Boehme at 2017-10-13T17:40:07+02:00
vfs_fruit: fix ftruncating resource fork
fruit_ftruncate_rsrc_adouble() is called to effectively ftruncate() the
._ AppleDouble file to the requested size.
The VFS function SMB_VFS_NEXT_FTRUNCATE() otoh would attempt to truncate
to fsp *stream* in any way the next VFS module seems fit. As we know
we're stacked with a streams module, the module will attempt to truncate
the stream. So we're not truncating the ._ file.
This went unnoticed as the AppleDouble file header contains the
authorative resource fork size that was updated correctly.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
b5a664e2 by Ralph Boehme at 2017-10-13T17:40:07+02:00
vfs_fruit: add AppleDouble xattr structure definitions
Reference:
https://opensource.apple.com/source/xnu/xnu-4570.1.46/bsd/vfs/vfs_xattr.c
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
ab8d0195 by Ralph Boehme at 2017-10-13T17:40:07+02:00
vfs_fruit: allocate ad_data buffer up to AD_XATTR_MAX_HDR_SIZE bytes
This is in preperation of reading potential xattr header data from the
AppleDouble file, not just reading a fixed amount of bytes.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
fb137d60 by Ralph Boehme at 2017-10-13T17:40:07+02:00
vfs_fruit: unpack AppleDouble xattr header if present
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
386249ee by Ralph Boehme at 2017-10-13T17:40:07+02:00
vfs_fruit: pass smb_fname to ad_convert
This will be needed in a later commit when converting xattrs in sidecar
AppleDouble files.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
ce516a34 by Ralph Boehme at 2017-10-13T17:40:07+02:00
vfs_fruit: static string fruit_catia_maps
In a later commit these will be used somewhere else too.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
d7068324 by Ralph Boehme at 2017-10-13T17:40:07+02:00
vfs_fruit: on-access conversion of AppleDouble xattr data
This finally adds on-access conversion of xattr data stored in sidecar
AppleDouble files.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
c5b25d40 by Ralph Boehme at 2017-10-13T17:40:07+02:00
s4/torture: vfs_fruit: replace AppleDouble data blob with xattr data
The osx_adouble_w_xattr datablob is used to test conversion from sidecar
._ file metdata to Samba compatible ._ file.
The previous data blob didn't contain xattr data, the new one does.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
5f52a0fb by Ralph Boehme at 2017-10-13T21:44:01+02:00
s4/torture: vfs_fruit: test xattr unpacking
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Oct 13 21:44:02 CEST 2017 on sn-devel-144
- - - - -
7abf0ace by Ralph Boehme at 2017-10-14T06:02:50+02:00
selftest: prevent interpretation of escape sequences in test_give_owner.sh
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Oct 14 06:02:50 CEST 2017 on sn-devel-144
- - - - -
4c9b3805 by Tim Beale at 2017-10-14T07:28:18+02:00
selftest: Add sanity-check RODC can't use cache to reveal secrets
Bug 12977 highlighted that Samba only checks exop GetNcChanges requests
once, when they're first received. This makes sense because valid exop
requests should only ever involve a single request. For regular
(non-exop) GetNcChanges requests, the server stores a cache of the
object GUIDs to return.
What we don't want to happen is for a malicious/compromised RODC to use
this cache to circumvent privilege checks, and receive secrets that it's
normally not permitted to access (e.g. the administrator's password).
The specific scenario we're concerned about is:
- The RODC sends a regular GetNcChanges request for all objects (without
secrets). (This causes the server to build its GUID array cache).
- The RODC then sends a follow-on request for the next chunk, but sets
the REPL_SECRET exop this time.
The only thing inadvertently preventing Samba from leaking secrets in
this case is updating msDS-RevealedUsers for auditing. It's possible
that a future code change may alter the codepath and open up a
security-hole without realizing. This patch adds a test case so if that
ever did happen, the selftests would detect the problem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12977
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
543c0af4 by Alexander Bokovoy at 2017-10-14T07:28:18+02:00
smb.conf.5: sort parameters alphabetically
Content of each separate parameter description file is added
into a parameters.all.xml file before compiling smb.conf.5.
The issue is that POSIX file systems generally don't give any
promises over how glob-produced files are sorted. Thus, we need to sort
them in a predictable way.
This patch adds sorting based on a file name as a string. Since all
parameter files named after the parameter itself (plus .xml), we can
use file name sorting.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13081
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-By: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7d47f75b by Alexander Bokovoy at 2017-10-14T11:31:07+02:00
man pages: properly ident lists
It took me some time (original bug was filed in 2013!) but now
lists in smb.conf.5 are properly idented.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9613
Signed-Off-By: Alexander Bokovoy <ab at samba.org>
Reviewed-By: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Oct 14 11:31:07 CEST 2017 on sn-devel-144
- - - - -
1eec3184 by Martin Schwenke at 2017-10-16T05:28:19+02:00
ctdb-protocol: Fix typo in type of return variable
This causes failures to be folded down to 1, which is incorrect.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
a0c5d2e2 by Martin Schwenke at 2017-10-16T05:28:19+02:00
ctdb-tests: Strengthen some tests
Check for the expected result instead of just any failure.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
9b880def by Martin Schwenke at 2017-10-16T05:28:19+02:00
ctdb-client: Fix a typo
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
e0cf8a4d by Martin Schwenke at 2017-10-16T05:28:19+02:00
ctdb-test: Fix CID 1419118 (Error handling issues)
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
71bedfab by Martin Schwenke at 2017-10-16T09:27:17+02:00
ctdb-tests: Check an unchecked return value
This can't fail but check it for completeness... just in case Coverity
decides to notice it.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Mon Oct 16 09:27:17 CEST 2017 on sn-devel-144
- - - - -
2abc1272 by Anoop C S at 2017-10-16T15:55:35+02:00
docs-xml: Fix a typo in manpage for vfs_fruit
Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Oct 16 15:55:35 CEST 2017 on sn-devel-144
- - - - -
7917f972 by Anoop C S at 2017-10-16T19:56:55+02:00
vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR
Pointer to directory 'dh' inside fruit_rmdir() is obtained using
SMB_VFS_OPENDIR. But this handle is closed directly by invoking
closedir() rather than SMB_VFS_CLOSEDIR. This will result in a
smbd crash if this handle was not obtained from local file system.
Therefore use SMB_VFS_CLOSEDIR corresponding to SMB_VFS_OPENDIR
to correctly close the directory handle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13086
Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Mon Oct 16 19:56:55 CEST 2017 on sn-devel-144
- - - - -
fbad6420 by Ralph Boehme at 2017-10-17T07:46:20+02:00
s3/smbd: README.Coding fixes in set_ea_dos_attribute
While I'm at it, some README.Coding fixes in set_ea_dos_attribute.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
143d2628 by Ralph Boehme at 2017-10-17T07:46:20+02:00
s3/smbd: fix access checks in set_ea_dos_attribute()
We wanted to set the DOS attributes and failed with permission denied
from the VFS/kernel/filesystem. Next thing we wanna do here is override
this if either
- "dos filemode = true" is set and the security descriptor gives the
user write access or if
- the stored security descriptor has FILE_WRITE_ATTRIBUTES
The former was working, but the latter was not implemented at all.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a3cc2fed by Ralph Boehme at 2017-10-17T11:48:07+02:00
s3/smbd: use correct access in get_file_handle_for_metadata
All we want here is FILE_WRITE_ATTRIBUTES, not FILE_WRITE_DATA.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Oct 17 11:48:09 CEST 2017 on sn-devel-144
- - - - -
11660b03 by Ralph Boehme at 2017-10-17T14:55:07+02:00
Update .ycm_extra_conf.py
The previous commit removed many includes. Why? This commit adds back
includes generated by running the latest YCM-Generator/config_gen.py.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
de0d9ec4 by Volker Lendecke at 2017-10-17T14:55:07+02:00
vfs_catia: Make "srt_head" static to the module
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
e77b7aff by Volker Lendecke at 2017-10-17T14:55:07+02:00
vfs_catia: Fix a memory leak
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13090
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f6d6af3b by Volker Lendecke at 2017-10-17T18:53:48+02:00
vfs_catia: Fix a potential memleak
Together with the previous commit this fixes a memleak (twice) that
happens when vfs_catia is loaded with no mappings defined.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13090
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Oct 17 18:53:48 CEST 2017 on sn-devel-144
- - - - -
7720ca07 by Amitay Isaacs at 2017-10-18T06:20:18+02:00
ctdb-common: Ignore event scripts with multiple '.'s
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13070
This avoids running event script copies left by a package manager.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
3bc8880e by Amitay Isaacs at 2017-10-18T10:19:48+02:00
ctdb-tests: Add tests for event scripts with multiple '.'s
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13070
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Wed Oct 18 10:19:48 CEST 2017 on sn-devel-144
- - - - -
87154bcf by Lumir Balhar at 2017-10-18T10:20:26+02:00
python: Port samba.registry module to Python 3 compatible form
Signed-off-by: Lumir Balhar <lbalhar at redhat.com>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
88dc82d1 by Lumir Balhar at 2017-10-18T10:20:26+02:00
tests: Improve tests of samba.registry Python module
Signed-off-by: Lumir Balhar <lbalhar at redhat.com>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
01e89ada by Lumir Balhar at 2017-10-18T10:20:26+02:00
python: Fix Python 2.6 compatibility
PyErr_NewExceptionWithDoc() isn't available in Python 2.6 so it can
be used only in higher versions of Python.
Signed-off-by: Lumir Balhar <lbalhar at redhat.com>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
09104dc4 by Lumir Balhar at 2017-10-18T14:24:39+02:00
unittests: Fix missing include of signal.h
Signed-off-by: Lumir Balhar <lbalhar at redhat.com>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Oct 18 14:24:39 CEST 2017 on sn-devel-144
- - - - -
962a1b32 by Andrew Bartlett at 2017-10-19T00:50:19+02:00
dbcheck: Allow removal of one-way links to missing objects
If dbcheck is not run within the tombstone lifetime, these links can
persist in the database forever. The risk of unintentional information loss
is why these links are only removed within the same partition. A
replication may be in progress which has created only one end of
the link, so we must keep that.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Rowland Penny <rpenny at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Oct 19 00:50:19 CEST 2017 on sn-devel-144
- - - - -
0030ce90 by Richard Sharpe at 2017-10-19T00:55:24+02:00
s3:Add a utimes command to smbclient so we can set the Windows times.
Add an update to the smbclient man page.
Signed-off-by: Richard Sharpe <realrichardsharpe at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
44bcb08f by Jeremy Allison at 2017-10-19T00:55:24+02:00
s3: tests: Add smbclient test for utimes command.
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
267cd252 by Christof Schmitt at 2017-10-19T00:55:24+02:00
Removed unused 'oplock contention limit' config parameter
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f7cdd396 by Volker Lendecke at 2017-10-19T04:57:44+02:00
rpc_client: Fix wording in a DEBUG statement
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Oct 19 04:57:44 CEST 2017 on sn-devel-144
- - - - -
6d7a8d80 by Gary Lockyer at 2017-10-19T05:33:09+02:00
tests: Add a blackbox test for smbcontrol
Add tests to check that samba processes have started and that they can be
pinged.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
b852ad04 by Gary Lockyer at 2017-10-19T05:33:09+02:00
source4/smbd: refactor the process model for prefork
Refactor the process model code to allow the addition of a prefork
process model.
- Add a process context to contain process model specific state
- Add a service details structure to allow service to indicate which
process model options they can support.
In the new code the services advertise the features they support to the
process model. The process model context is plumbed through to allow the
process model to keep track of the supported options, and any state
the process model may require.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
17d3a9d4 by Gary Lockyer at 2017-10-19T05:33:10+02:00
process_standard: Use the new process_context
Use the new process_context to control the from_parent_fd
This avoids the use of global variables, and will in the next patch
allow process_standard to run as what was known as single without
over-stamping a different process model.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
193afc55 by Gary Lockyer at 2017-10-19T05:33:10+02:00
process_standard: Move child pipe setup further down standard_accept_connection()
This avoids cleaning up on error from accept() but more importantly
allows a future mode that acts like process_single and so has no child.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
62d7bf9e by Gary Lockyer at 2017-10-19T05:33:10+02:00
process_standard: Honour proc_ctx->inhibit_fork_on_accept
This allows the service to control if it should fork per accept() without needing
to replace the whole process model with process_single.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
08402526 by Gary Lockyer at 2017-10-19T05:33:10+02:00
source4/smbd: Do not overstamp the process model with "single"
Instead, except in RPC which is a special SNOWFLAKE, we rely on the struct
service_details in the init function.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
e027871b by Gary Lockyer at 2017-10-19T05:33:10+02:00
process_standard: Do not log at level 2 every time a child exits
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
778e9a81 by Gary Lockyer at 2017-10-19T05:33:10+02:00
source4/smbd: Fix code formatting after refactoring.
Fix code formatting from the refactoring in the previous commits.
Done as a separate patch to make the changes to functionality easier
to review.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
123042c2 by Gary Lockyer at 2017-10-19T05:33:10+02:00
source4/smbd: add a prefork process model.
Add a pre fork process model to bound the number processes forked by
samba. Currently workers are only pre-forked for the ldap server, all
the other services have pre-fork support disabled.
When pre-fork support is disabled a new process is started for each
service, and requests are processed by that process.
This commit partially reverts commit
b5be45c453bd51373bade26c29828b500ba586ec.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
1d030287 by Gary Lockyer at 2017-10-19T05:33:10+02:00
selftest: set ad_dc process model to prefork
Set the process model for ad_dc to prefork, so that the pre-fork gets
exercised during self test.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
ea0cd977 by Gary Lockyer at 2017-10-19T05:33:10+02:00
source4/smbd: replace DEBUG( with DBG_
Update the debug logging to use the currently preferred debug macros
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
8ed3cac9 by Joe Guo at 2017-10-19T05:33:10+02:00
python: add a failed test to show Popen deadlock
`Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and the
child process generates large output to a pipe such that it blocks waiting for
the OS pipe buffer to accept more data. Use communicate() to avoid that.
This patch is commited to show the issue, a fix patch will come later.
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5dc773a5 by Joe Guo at 2017-10-19T09:27:15+02:00
python: use communicate to fix Popen deadlock
`Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and the
child process generates large output to a pipe such that it blocks waiting for
the OS pipe buffer to accept more data. Use communicate() to avoid that.
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Oct 19 09:27:16 CEST 2017 on sn-devel-144
- - - - -
42e76712 by Douglas Bagnall at 2017-10-19T16:42:17+02:00
nwrap: Fix strotoul checks for NSS_WRAPPER_MAX_HOSTENTS
The env and endptr pointers need to be dereferenced, but that is not
enough: we don't really want to regard an empty string (*env == '\0')
as a valid number.
Found by GCC 8.0.0 20170705 (experimental).
[2095/4103] Compiling lib/nss_wrapper/nss_wrapper.c
../lib/nss_wrapper/nss_wrapper.c: In function "nwrap_init":
../lib/nss_wrapper/nss_wrapper.c:1571:13: warning: comparison between pointer and zero character constant [-Wpointer-compare]
if (((env != '\0') && (endptr == '\0')) ||
^~
../lib/nss_wrapper/nss_wrapper.c:1571:9: note: did you mean to dereference the pointer?
if (((env != '\0') && (endptr == '\0')) ||
^
../lib/nss_wrapper/nss_wrapper.c:1571:33: warning: comparison between pointer and zero character constant [-Wpointer-compare]
if (((env != '\0') && (endptr == '\0')) ||
^~
../lib/nss_wrapper/nss_wrapper.c:1571:26: note: did you mean to dereference the pointer?
if (((env != '\0') && (endptr == '\0')) ||
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Oct 19 16:42:17 CEST 2017 on sn-devel-144
- - - - -
5bfe93b4 by Andreas Schneider at 2017-10-19T23:41:11+02:00
s4:smbd: Add missing unistd.h include to fix build of process_prefork
error: implicit declaration of function ‘getpgrp’; did you mean ‘getpt’?
[-Werror=implicit-function-declaration]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1d1e1da2 by Andreas Schneider at 2017-10-20T03:37:30+02:00
s3:tests: Fix the smblcient utimes test in Europe
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Oct 20 03:37:31 CEST 2017 on sn-devel-144
- - - - -
90d57ec0 by Stefan Metzmacher at 2017-10-20T04:05:20+02:00
s3:cli_netlogon: make sure rpccli_connect_netlogon only returns NT_STATUS_OK on success
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9c207adb by Stefan Metzmacher at 2017-10-20T04:05:20+02:00
s3:cli_netlogon: let rpccli_connect_netlogon() retry once after NT_STATUS_NETWORK_ACCESS_DENIED
Otherwise we could easily endup with an endless loop.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
593dacd2 by Andrew Bartlett at 2017-10-20T04:05:20+02:00
replace: Link to -lbsd when building replace.c by hand
This ensures that we correctly detect HAVE_IFACE_GETIFADDRS
et al, which are based on a "build the source" style test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13087
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
91951d86 by Tim Beale at 2017-10-20T04:05:20+02:00
replmd: Refactor adding the backlink in replmd_process_linked_attribute()
The code to add the backlink is the same in both the 'if' and the 'else'
case, so move it outside the if-else block.
(We're going to rework this block of code quite a bit in order to
support single-value linked attribute conflicts, aka bug #13055).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
21179feb by Tim Beale at 2017-10-20T04:05:20+02:00
replmd: Refactor logic to check if replicated link is newer
This is precursor work for supporting single-link conflicts.
Split out the code to check if the link update is newer. It's now safe
to call this from the main codepath. This also means we can combine the 2
calls to get the seqnum into a single common call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c9ea47ec by Tim Beale at 2017-10-20T04:05:20+02:00
replmd: Remove unused originating_usn variable
The previous refactor makes it obvious that we aren't actually using
this variable for anything.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9c54e748 by Tim Beale at 2017-10-20T04:05:20+02:00
selftest: Make sure single-link conflict retains the deleted link
There should only ever be one active value for a single-valued link
attribute. When a conflict occurs the 'losing' value should still be
present, but should be marked as deleted.
This change is just making the test criteria stricter to make sure that
we fix the bug correctly.
Note that the only way to query the deleted link attributes present
is to send a DRS request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
77abba58 by Tim Beale at 2017-10-20T04:05:20+02:00
selftest: Add test for deleted single-valued link conflict
Currently we're only testing the case where the links have been modified
independently on 2 different DCs and both the links are active. We also
want to test the case where one link is active and the other is deleted.
Technically, this isn't really a conflict - the links involve different
target DNs, and the end result is still only one active link.
It's still probably worth having these tests to prove that fixing bug
13055 doesn't break anything.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
20c0f3e1 by Tim Beale at 2017-10-20T04:05:20+02:00
selftest: Add conflict test where the single-valued link already exists
As well as testing scenarios where both variants of the link are new, we
should also check the case where the received link already exists on the
DC as an inactive (i.e. previously deleted) link.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
70d532a5 by Tim Beale at 2017-10-20T04:05:20+02:00
replmd: Partial fix for single-valued link conflict
This is the first part of the fix for resolving a single-valued link
conflict.
When processing the replication data for a linked attribute, if we don't
find a match for the link target value, check if the link is a
single-valued attribute and it currently has an active link. If so, then
use the active link instead.
This change means we delete the existing active link (and backlink)
before adding the new link. This prevents the failure in the subsequent
dsdb_check_single_valued_link() check that was happening previously
(because the link would end up with 2 active values).
This is only a partial fix. It stops replication from failing completely
if we ever hit this situation (which means the test is no longer
hitting an assertion when replicating). However, ideally the existing
active link should be retained and just marked as deleted (with this
change, the existing link is overwritten completely).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f196897b by Tim Beale at 2017-10-20T04:05:21+02:00
replmd: Handle conflicts for single-valued link attributes better
If 2 DCs independently set a single-valued linked attribute to differing
values, Samba should be able to resolve this problem when replication
occurs.
If the received information is better, then we want to set the existing
link attribute in our DB as inactive.
If our own information is better, then we still want to add the received
link attribute, but mark it as inactive so that it doesn't clobber our
own link.
This still isn't a complete solution. When we add the received attribute
as inactive, we really should be incrementing the version, updating the
USN, etc. Also this only deals with the case where the received link is
completely new (i.e. a received link conflicting with an existing
inactive link isn't handled).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a607a3e8 by Tim Beale at 2017-10-20T04:05:21+02:00
replmd: Make replmd_set_la_val() closer to replmd_build_la_val()
These two functions are almost identical. The main difference between
them is the RMD_ADDTIME. replmd_set_la_val() tries to use the
RMD_ADDTIME of the old_dsdb_dn. Whereas replmd_build_la_val() always
uses the time passed in.
Change replmd_set_la_val() so it can accept a NULL old_dsdb_dn (i.e. if
it's a new linked attribute that's being set). If so, it'll end up using
the nttime parameter passed in, same as replmd_build_la_val() does.
Also update replmd_process_linked_attribute (which used to use
replmd_build_la_val()) to now pass in a NULL old_dsdb_dn. There
shouldn't be a difference in behaviour either way, but this exercises
the code change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f183dcfa by Tim Beale at 2017-10-20T04:05:21+02:00
replmd: Fix talloc inconsistency in replmd_set_la_val()
All the other talloc_asprintf()s in this function use the mem_ctx, but
for some reason the vstring was using the dsdb_dn->dn. This probably
isn't a big deal, but might have unintentional side-effects.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7649652b by Tim Beale at 2017-10-20T04:05:21+02:00
replmd: Use replmd_set_la_val() when adding new links
replmd_set_la_val() and replmd_build_la_val() are almost identical. When
we were processing the replicated link attributes we were calling one
function if the link was new, and a different one if the link existed.
I think we should be able to get away with using replmd_set_la_val() in
both cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f36b2bb1 by Tim Beale at 2017-10-20T04:05:21+02:00
replmd: Mark link conflicts as inactive correctly
The previous patch to handle link conflicts was simply overriding the
received information and marking the link as deleted. We should be doing
this as a separate operation to make it clear what has happened, and so
that the new (i.e. inactive) link details get replicated out.
This patch changes it so that when a conflict occurs, we immediately
overwrite the received information to mark it as deleted, and to update
the version/USN/timestamp/originating_invocation_id to make it clear
that this is a new change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
82b56e63 by Tim Beale at 2017-10-20T04:05:21+02:00
replmd: Handle single-valued conflicts for an existing link
Currently the code only handles the case where the received link
attribute is a new link (i.e. pdn == NULL). As well as this, we need to
handle the case where the conflicting link already exists, i.e. it's a
deleted link that has been re-added on another DC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
841e724e by Tim Beale at 2017-10-20T04:05:21+02:00
replmd: Move link conflict handling into separate function
Link conflict handling is a corner-case. The logic in
replmd_process_linked_attribute() is already reasonably busy/complex.
Split out the handling of link conflicts into a separate function so
that it doesn't detract from the core replmd_process_linked_attribute()
logic too much.
This refactor should not alter functionality.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c83dffc6 by Tim Beale at 2017-10-20T04:05:21+02:00
replmd: Change replmd_check_singleval_la_conflict() logic flow
Return immediately if there's no conflict, which reduces nesting.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
83195365 by Tim Beale at 2017-10-20T04:05:21+02:00
replmd: Small refactor to replmd_check_singleval_la_conflict()
Now that the code is all in one place we can refactor it to make it
slightly more readable.
- added more code comments
- tweaked the 'no conflict' return logic to try to make what it's checking
for more obvious
- removed conflict_pdn (we can just use active_pdn instead)
- added a placeholder variable and tweaked a parameter name
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
499fa6b4 by Tim Beale at 2017-10-20T04:05:21+02:00
selftest: Add test for initial link attribute RMD_VERSION value
While testing link conflicts I noticed that links on Windows start from
a different RMD_VERSION compared to Samba. This adds a simple test to
highlight the problem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13059
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cef17ce4 by Tim Beale at 2017-10-20T04:05:21+02:00
replmd: Remove static values passed to replmd_build_la_val()
replmd_build_la_val() is used to populate a new link attribute value
from scratch. The version parameter is always passed in as the initial
value (zero), and deleted is always passed in as false.
For cases (like replication) where we want to set version/deleted to
something other than the defaults, we can use replmd_set_la_val()
instead.
This patch changes these 2 parameters to variables instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13059
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4cb260f8 by Tim Beale at 2017-10-20T04:05:21+02:00
replmd: Fix RMD_VERSION inital value to match Windows
The initial value for RMD_VERSION is one on Windows. The MS-DRSR spec
states the following in section 5.11 AttributeStamp:
dwVersion: A 32-bit integer. Set to 1 when a value for the attribute is
set for the first time. On each subsequent originating update, if the
current value of dwVersion is less than 0xFFFFFFFF, then increment it
by 1; otherwise set it to 0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13059
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cd936a72 by Tim Beale at 2017-10-20T04:05:21+02:00
replmd: Get rid of duplicated replmd_build_la_val() code
replmd_build_la_val() and replmd_set_la_val() are pretty much identical.
Keep the replmd_build_la_val() API (as it makes it clearer we're
creating a new linked attribute), but replace the code with a call to
replmd_set_la_val().
This isn't required for any bug fix, but is just a general tidy-up to
avoid code duplication.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9b3b09ce by Tim Beale at 2017-10-20T04:05:21+02:00
replmd: Remove unnecessary replmd_build_la_val() param
replmd_build_la_val() is creating a new link attribute. In this case,
the RMD_ORIGINATING_USN and RMD_LOCAL_USN are always going to be the
same thing, so we don't need to pass them in as 2 separate parameters.
This isn't required for any bug fix, but is just a general code
tidy-up.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
da8af833 by Tim Beale at 2017-10-20T08:01:35+02:00
selftest: Print link meta-data when developer debugging is used
For Windows, DRS is the only way to see the RMD_VERSION of a link, or to
tell what inactive links the DC. Add some debug to display this
information. By default, this debug is turned off.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Oct 20 08:01:35 CEST 2017 on sn-devel-144
- - - - -
1249801e by Michael Adam at 2017-10-20T20:03:12+02:00
vfs_glusterfs: Fix exporting subdirs with shadow_copy2
Since the glusterfs vfs module does not operate on a
locally mounted path, but on a "virtual" path starting
at the volume root, some assumptions of the code about
the vfs connect path fail. One example is the shadow_copy2
module which tries to detect the mount point from the
connectpath. In order to circumvent this problem, this
patch forces the "shadow:mountpoint" option to "/", which
skips the mount-point-detection code.
This patch will only have an effect if both the glusterfs
and the shadow_copy2 module are listed in vfs objects
in the right order, i.e. first shadow_copy2, and then
glusterfs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13091
Pair-Programmed-With: Anoop C S <anoopcs at redhat.com>
Signed-off-by: Michael Adam <obnox at samba.org>
Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
37725f0b by Volker Lendecke at 2017-10-20T20:03:12+02:00
smbd: cleanupdb.c is used in smbd only
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a15f58a6 by Volker Lendecke at 2017-10-20T20:03:12+02:00
smbd: Simplify cleanupdb a bit
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
05bc26cb by Volker Lendecke at 2017-10-20T20:03:13+02:00
torture: Remove GETADDRINFO test
This was the only user of getaddrinfo_send and not run anyway
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4b84d7cb by Volker Lendecke at 2017-10-20T20:03:13+02:00
lib: Remove unused getaddinfo_send/recv
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
629fc066 by Volker Lendecke at 2017-10-21T00:04:58+02:00
lib: Remove fncall.c
This was meant as a nice wrapper around pthreadpool_add_job.
pthreadpool_tevent_job_send does the same thing. The
getaddrinfo_send/recv was the only example and can easily be re-added on
top of pthreadpool_tevent_job_send.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Oct 21 00:04:59 CEST 2017 on sn-devel-144
- - - - -
718fa0e6 by Ralph Boehme at 2017-10-21T14:00:10+02:00
s3/smbd: use struct initializer for smbd_smb2_create_state
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7c5d996e by Ralph Boehme at 2017-10-21T14:00:10+02:00
s3/smbd: add tevent context to smbd_smb2_create_state
...and use it in everywhere in smbd_smb2_create_send().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4179a3e6 by Ralph Boehme at 2017-10-21T14:00:10+02:00
s3/smbd: move some setup code in smbd_smb2_create_send a few lines up
This is just one of the last steps before splitting out large code parts
into _before() and _after() functions. No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ef7cabb4 by Ralph Boehme at 2017-10-21T14:00:10+02:00
s3/smbd: modernize a DEBUG statement
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b11ce878 by Ralph Boehme at 2017-10-21T14:00:10+02:00
s3/smbd: factor out smbd_smb2_create_finish from smbd_smb2_create_send
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bb072ba4 by Ralph Boehme at 2017-10-21T14:00:10+02:00
s3/smbd: leverage early return added in the previous commit
Now that the other cases handled in the if/else blocks do early returns,
we can move the logic handling file opens out of the final else block.
No change in behaviour, best viewed with
$ git show -w COMMIT
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
29d654a1 by Ralph Boehme at 2017-10-21T14:00:10+02:00
s3/smbd: move result into smbd_smb2_create_state
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0a8263a9 by Ralph Boehme at 2017-10-21T14:00:10+02:00
s3/smbd: move replay_operation into smbd_smb2_create_state
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
dafb1ad4 by Ralph Boehme at 2017-10-21T14:00:10+02:00
s3/smbd: move requested_oplock_level into smbd_smb2_create_state
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
127715c6 by Ralph Boehme at 2017-10-21T14:00:10+02:00
s3/smbd: add in_oplock_level to smbd_smb2_create_state
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b0ee889a by Ralph Boehme at 2017-10-21T14:00:11+02:00
s3/smbd: add in_create_disposition to smbd_smb2_create_state
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4bb7acfe by Ralph Boehme at 2017-10-21T14:00:11+02:00
s3/smbd: move info into smbd_smb2_create_state
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4cbd2f13 by Ralph Boehme at 2017-10-21T14:00:11+02:00
s3/smbd: remove unneeded args from smbd_smb2_create_finish
The previous commits moved all arguments into smbd_smb2_create_state.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
82294733 by Ralph Boehme at 2017-10-21T14:00:11+02:00
s3/smbd: move create contexts into smbd_smb2_create_state
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cadf4d56 by Ralph Boehme at 2017-10-21T14:00:11+02:00
s3/smbd: move create ctx extraction and validation to a helper func
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
403f024d by Ralph Boehme at 2017-10-21T14:00:11+02:00
s3/smbd: remove all stack variables of smbd_smb2_create_send into smbd_smb2_create_state
This allows factoring out smbd_smb2_create_after|before_exec() in the
next steps.
Moving all variable in one big fell swoop instead of one per commit,
because if I'd miss to adjust a variable access the commit wouldn't
compile.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6478a2b1 by Ralph Boehme at 2017-10-21T14:00:11+02:00
s3/smbd: factor out smbd_smb2_create_before_exec from smbd_smb2_create_send
No change in behaviour, best viewed with:
$ git show --diff-algorithm=histogram COMMIT
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e55949c4 by Ralph Boehme at 2017-10-21T14:00:11+02:00
s3/smbd: factor out smbd_smb2_create_after_exec from smbd_smb2_create_send
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
18a7ea8c by Ralph Boehme at 2017-10-21T14:00:11+02:00
s3/smbd: use early returns in smbd_smb2_create_send
Now that we have the nice smbd_smb2_create_after_exec() and
smbd_smb2_create_finish() functions, use early returns for the create
replay and durable handle reconnect case.
No change in behaviour, best viewed with
$ git show -w COMMIT
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e6f3631e by Ralph Boehme at 2017-10-21T18:08:46+02:00
s3/smbd: update some more DEBUG macros in smbd_smb2_create_send
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Oct 21 18:08:46 CEST 2017 on sn-devel-144
- - - - -
5c520f79 by Volker Lendecke at 2017-10-22T17:46:15+02:00
nfs4acls: Fix a debug message
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
abcb9834 by Volker Lendecke at 2017-10-22T17:46:15+02:00
nfs4acls: Slightly simplify smb_add_ace4
The comment was a bit confusing to me, it took a few seconds too many to figure
out *why* setting NULL is not required. Remove it :-)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0bd5d7bc by Volker Lendecke at 2017-10-22T17:46:15+02:00
nfs4acls: Don't generate an interface table for nfs4acls.idl
Nobody uses the function nfs4acl_test.
It took a while to figure out how to get this to build. The "uuid" line in the
idl file triggers pidl to generate the function table entry, which in turn then
triggers tables.pl to register this interface
./bin/default/source4/librpc/gen_ndr/tables.c. We could for example do the same
with xattr_parse_DOSATTRIB. Nobody uses this.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c3a13483 by Volker Lendecke at 2017-10-22T21:40:16+02:00
xattr.idl: Don't generate an interface table
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Sun Oct 22 21:40:16 CEST 2017 on sn-devel-144
- - - - -
806c1bca by Lumir Balhar at 2017-10-23T11:42:19+02:00
python: Port samba.messaging module to Python 3 compatible form.
Signed-off-by: Lumir Balhar <lbalhar at redhat.com>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e583a926 by Lumir Balhar at 2017-10-23T15:40:48+02:00
python: Port tests of samba.messaging to Python 3 compatible form.
Signed-off-by: Lumir Balhar <lbalhar at redhat.com>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Oct 23 15:40:48 CEST 2017 on sn-devel-144
- - - - -
adde9307 by Amitay Isaacs at 2017-10-23T15:41:10+02:00
ctdb-tools: Drop duplicate output from dbstatistics
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
65442e17 by Amitay Isaacs at 2017-10-23T19:45:08+02:00
ctdb-client: Fix CID 1419820
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Mon Oct 23 19:45:08 CEST 2017 on sn-devel-144
- - - - -
d4d9d194 by Jeremy Allison at 2017-10-24T19:35:08+02:00
s3: client: Add new utility function client_clean_name().
Correctly canonicalizes a remote pathname removing '..'
elements before sending to a remote server. '..' elements
work in SMB1 pathnames, but not in SMB2.
Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13093
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f81c34c2 by Jeremy Allison at 2017-10-24T19:35:08+02:00
s3: smbclient: Ensure we call client_clean_name() before all operations on remote pathnames.
This allows names containing .. components to be resolved on the client side
before being sent to the server. Relative names work in SMB1 but not in SMB2.
Fix both client.c and clitar.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13093
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7abe56cc by Jeremy Allison at 2017-10-24T23:32:58+02:00
s3: smbclient: Test we can rename with a name containing.
Samba always allowed this anyway, but it's a good place
to ensure we don't regress.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13093
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Oct 24 23:32:58 CEST 2017 on sn-devel-144
- - - - -
2d260b28 by Andreas Schneider at 2017-10-25T22:28:39+02:00
s4:scripting: Fix ntstatus_gen.h generation on 32bit
The hex() function results in different output on 32bit systems. It adds
a L for long for some numbers. Thus we have a different header file.
This patch makes sure we have a consistent file generation on different
paltforms.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13099
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Wed Oct 25 22:28:39 CEST 2017 on sn-devel-144
- - - - -
046fc1f7 by Douglas Bagnall at 2017-10-26T01:32:14+02:00
linked attribute tests: test against duplicates in replace
We should not be able to introduce duplicate links using MOD_REPLACE.
It turns out we could and weren't testing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
625e65d9 by Douglas Bagnall at 2017-10-26T01:32:14+02:00
replmd: check for duplicate values in MOD_REPLACE case
Because we already have a sorted parsed_dn list, this is a simple
linear scan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7cf3bbcc by Douglas Bagnall at 2017-10-26T01:32:14+02:00
linked attribute tests: ensure duplicate deletes fail
We can't remove the same thing twice in the same message.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b6294c84 by Douglas Bagnall at 2017-10-26T01:32:14+02:00
linked attribute tests: fix logic for add test
We were ensuring that when we got an LdbError it was the right type,
but we weren't ensuring we got one at all.
The new test doesn't fail.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0f0acb00 by Douglas Bagnall at 2017-10-26T01:32:14+02:00
replmd: use check_parsed_dn_duplicates() more widely
replmd_add_fix_la() was already making the same check; here we move it
a bit earlier.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1e62bbae by Douglas Bagnall at 2017-10-26T01:32:14+02:00
linked_attribute tests: helper assert function for expected LdbError
The logic involved in asserting that a function raises an LdbError with
a particular error value has shown itself to be too complicated for me
to repeat too often.
To test this function, you would want a put a test in a bit like this:
def test_assertRaisesLdbError(self):
for i in [1, 2, ldb.ERR_ENTRY_ALREADY_EXISTS, 999]:
def f(*args, **kwargs):
raise ldb.LdbError(i, 'msg %s' % i)
self.assertRaisesLdbError(i, 'a message', f, 'la la', la='la')
def f2(*args, **kwargs):
raise ldb.LdbError(i + 1, 'msg %s' % i)
def f3(*args, **kwargs):
pass
for f in (f2, f3):
try:
self.assertRaisesLdbError(i, 'a message', f, 'la la', la='la')
except AssertionError as e:
print i, e, f
pass
else:
print i, f
self.fail('assertRaisesLdbError() failed to fail!')
..but a self-testing test-tester is getting a too meta to run in every
autobuild.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
30584a27 by Douglas Bagnall at 2017-10-26T05:36:11+02:00
linked attribute tests: correct add_all_at_once test
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Oct 26 05:36:11 CEST 2017 on sn-devel-144
- - - - -
16389bed by Andreas Schneider at 2017-10-26T09:34:40+02:00
s3:vfs_glusterfs: Fix a double free in vfs_gluster_getwd()
Found by cppcheck.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13100
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Oct 26 09:34:40 CEST 2017 on sn-devel-144
- - - - -
d6989923 by Martin Schwenke at 2017-10-26T09:35:25+02:00
ctdb-tests: Allow wait_until() to be used in unit tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13097
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
dcbaebc2 by Martin Schwenke at 2017-10-26T09:35:25+02:00
ctdb-tests: Wait for ctdb_eventd to start, fail if it doesn't
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13097
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
274fef9b by Martin Schwenke at 2017-10-26T09:35:25+02:00
ctdb-tests: Skip starting fake_ctdbd when current node is disconnected
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13097
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
6fad4210 by Martin Schwenke at 2017-10-26T09:35:25+02:00
ctdb-tests: Wait for fake_ctdbd to start, fail if it doesn't
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13097
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
0e8b781e by Martin Schwenke at 2017-10-26T13:32:24+02:00
ctdb-tests: Process-exists unit tests should wait until PID is registered
Otherwise the client registration can race with the check in the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13097
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Thu Oct 26 13:32:24 CEST 2017 on sn-devel-144
- - - - -
4f458437 by Andreas Schneider at 2017-10-26T17:31:40+02:00
s3:vfs_glusterfs: Use SAFE_FREE
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Oct 26 17:31:40 CEST 2017 on sn-devel-144
- - - - -
d6a418c1 by Andreas Schneider at 2017-10-27T01:00:25+02:00
s3:secrets: Do not leak memory of pw and old_pw
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5274beba by Andreas Schneider at 2017-10-27T01:00:26+02:00
s3:passdb: Make sure the salt is fully initialized before passing
Otherwise the magic member is not initialized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
32719089 by Andreas Schneider at 2017-10-27T04:54:22+02:00
s3:modules: Check correct variable for NULL in posixacl_xattr
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Oct 27 04:54:22 CEST 2017 on sn-devel-144
- - - - -
ab44be7a by Andreas Schneider at 2017-10-27T11:29:12+02:00
s4:kdc: Pass down the task to get access to model_ops for kpasswd server
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0a796f56 by Andreas Schneider at 2017-10-27T15:22:43+02:00
testprogs: Update the kpasswd setpassword test
This has been fixed with b81ca4f9dcbb378a95fb3ac31bfd9a1cbe505d7d
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Oct 27 15:22:43 CEST 2017 on sn-devel-144
- - - - -
9f3151a4 by Andreas Schneider at 2017-10-27T20:33:24+02:00
libsmbclient: Use const for the user
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b012f158 by Andreas Schneider at 2017-10-27T20:33:25+02:00
s4:torture: Avoid useless strdup in libsmbclient test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e56626e8 by Andreas Schneider at 2017-10-27T20:33:25+02:00
s4:pyparam: Fix resource leaks on error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e7a4c310 by Volker Lendecke at 2017-10-27T20:33:25+02:00
samba: Fix CID 1420180 Null pointer dereferences
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6475293b by Volker Lendecke at 2017-10-27T20:33:25+02:00
samba: Fix CID 1420179 Code maintainability issues UNUSED_VALUE
I don't think pid is used at all here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dea1881f by Volker Lendecke at 2017-10-27T20:33:25+02:00
smbd: Remove an indentation level in smb2_negprot
Do an early return. Best viewed with "git show -b"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7e4908d7 by Volker Lendecke at 2017-10-27T20:33:25+02:00
lib: Use all_zero where appropriate
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e62253a5 by Volker Lendecke at 2017-10-27T20:33:25+02:00
smbd: Fix the memory hierarchy in the unix token
"groups" should hang off the token itself, not its parent
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e03e947e by Volker Lendecke at 2017-10-27T20:33:25+02:00
printing: Avoid an "extern current_user"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
61176a66 by Volker Lendecke at 2017-10-27T20:33:25+02:00
printing: Avoid an "extern current_user"
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e5251ee1 by Volker Lendecke at 2017-10-28T00:31:58+02:00
winbindd: Remove a misleading comment
The reality is a bit more complex than this comment indicates. We should never
suggest anywhere that we can connect to domains that we don't have a direct
trust account to. For the member case, it's "our" domain, and for the DC case,
it's the direct trusts. Everything else is pure luck.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Oct 28 00:31:58 CEST 2017 on sn-devel-144
- - - - -
3e0cc6e9 by Günther Deschner at 2017-10-30T00:15:06+01:00
s3-auth: remove leftover prototype from auth_domain.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Oct 30 00:15:07 CET 2017 on sn-devel-144
- - - - -
b838c14b by Andrew Bartlett at 2017-10-30T00:16:39+01:00
repl_meta_data: Avoid printf() and use binary direct RDN creation for deleted objects
This makes it clearer that we are just replacing the RDN and ensures we do not
somehow create multiple components inside ldb_dn_add_child_fmt().
We also avoid an escape/un-escape round-trip.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
5eff04e9 by Andrew Bartlett at 2017-10-30T00:16:39+01:00
repl_meta_data: Move creation of deleted DN into helper: replmd_make_deleted_child_dn()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
5364f8d3 by Andrew Bartlett at 2017-10-30T00:16:39+01:00
repl_meta_data: Split replmd_make_deleted_child_dn() into a helper function
This will allow it to be used in common with replmd_conflict_dn()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
68de8c66 by Andrew Bartlett at 2017-10-30T00:16:39+01:00
repl_meta_data: Use replmd_make_prefix_child_dn() in replmd_conflict_dn()
Now both routines avoid the escape/unescape implicit in ldb_dn_add_child_fmt()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
cdb42eae by Andrew Bartlett at 2017-10-30T00:16:39+01:00
repl_meta_data: Explain that we do not truncate the DN at present
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
c3aa8809 by Andrew Bartlett at 2017-10-30T04:16:42+01:00
repl_meta_data: Initialise parent_dn to NULL
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming at samba.org>
Autobuild-Date(master): Mon Oct 30 04:16:42 CET 2017 on sn-devel-144
- - - - -
910b0ce2 by Günther Deschner at 2017-10-30T21:09:14+01:00
s4-torture: remove obsolete comment in libsmbclient torture suite.
Since smbc_setX calls now handle string allocation using malloc
themselves (since commit 2d41b1ab78639abe4ae030ff482573f464564dd7) we
indeed no longer need to provide malloced strings (the extra malloc
already got removed earlier).
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Oct 30 21:09:14 CET 2017 on sn-devel-144
- - - - -
8be4236b by Joe Guo at 2017-10-31T15:32:16+01:00
gitlab-ci: add .gitlab-ci.yml
Add .gitlab-ci.yml file, and define build jobs in groups.
Once gitlab-runner set up, builds and tests can be triggered
automatically in parallel when push to gitlab.
Also, with gitlab-runner autoscale mode, build instances
will be created and removed on demand.
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Oct 31 15:32:16 CET 2017 on sn-devel-144
- - - - -
11da1e5c by Ralph Boehme at 2017-11-02T03:16:10+01:00
vfs_zfsacl: fix compilation error
Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Nov 2 03:16:11 CET 2017 on sn-devel-144
- - - - -
4d056974 by Andrew Bartlett at 2017-11-02T03:17:38+01:00
s4-smbtorture: Add test krb5.kdc to prove fix for CVE-2017-11103
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
dc3adc89 by Andrew Bartlett at 2017-11-02T07:16:50+01:00
s4-smbtorture: Show that the KDC provides no protection from CVE-2017-11103
The server name in the AS-REQ is unprotected, sadly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Nov 2 07:16:50 CET 2017 on sn-devel-144
- - - - -
3bb854ce by Ralph Boehme at 2017-11-03T19:05:05+01:00
vfs_fruit: avoid dereferencing a freed object in an error case
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Nov 3 19:05:05 CET 2017 on sn-devel-144
- - - - -
c9e996d7 by Ralph Wuerthner at 2017-11-05T08:30:19+01:00
s3: smbd: Fix delete-on-close after smb2_find
Both dptr_create() and can_delete_directory_fsp() are calling OpenDir_fsp()
to get a directory handle. This causes an issue when delete-on-close is
set after smb2_find because both directory handle instances share the same
underlying file descriptor. In addition the SMB_ASSERT() in destructor
smb_Dir_destructor() gets triggered.
To avoid this use OpenDir() instead of OpenDir_fsp().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13118
Signed-off-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
44c018bd by Ralph Wuerthner at 2017-11-05T12:31:12+01:00
s4: torture: Add smb2 FIND_and_set_DOC test case.
Regression tests doing an SMB2_find followed by
a set delete on close and then close on a directory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13118
Signed-off-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Sun Nov 5 12:31:12 CET 2017 on sn-devel-144
- - - - -
28d6356a by Martin Schwenke at 2017-11-07T03:53:27+01:00
ctdb-common: Ensure unused bytes in union are initialised
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
f025f5c0 by Martin Schwenke at 2017-11-07T03:53:27+01:00
ctdb-tests: Have fake daemon log when it parses public IPs
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
4b652c15 by Martin Schwenke at 2017-11-07T03:53:27+01:00
ctdb-scripts: Don't bother checking PID file when starting ctdbd
This is an optimisation that can cause incorrect results. If ctdbd
was killed and there is a stale PID file then this will often cause
"CTDB exited during initialisation". The wrapper reads the old PID
from the PID file, finds the PID gone, complains and exits.
It is better to drop this code and finally get this right. If ctdbd
does exit early then it will take CTDB_STARTUP_TIMEOUT (default 10)
seconds before the wrapper fails. That's not too bad...
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
- - - - -
ad8d7209 by Amitay Isaacs at 2017-11-07T03:53:27+01:00
ctdb-common: Fix stale socket removal
Sockets need to be created from sock_daemon_run_send(). This means
that stale socket removal can depend on the PID file context being
initialised.
Also fix associated test.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
5c354e10 by Martin Schwenke at 2017-11-07T07:51:02+01:00
ctdb-tests: Add sock_daemon test for stale socket handling
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue Nov 7 07:51:02 CET 2017 on sn-devel-144
- - - - -
f3f119e4 by Ralph Boehme at 2017-11-08T00:20:07+01:00
selftest: split out failing owner related subtest from samba3.raw.acls.create_file|dir
All the other subtests in samba3.raw.acls.create_file|dir pass with
nfs4acl_xattr, it's just the subtest that tries to set the owner which
fails with everything else then acl_xattr.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c373102f by Ralph Boehme at 2017-11-08T00:20:07+01:00
vfs_acl_common: directly pass default_acl_style
This is in preperation of moving make_default_filesystem_acl() and
making it globally accessible. No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
33c0b0df by Ralph Boehme at 2017-11-08T00:20:07+01:00
s3/smbd: make make_default_filesystem_acl public
This will be used by another VFS module in a subsequent commit.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
dd366063 by Ralph Boehme at 2017-11-08T00:20:07+01:00
s3/posix_acls: add default ACL style "everyone"
This synthesizes an ACL with a single ACE with full permissions for
everyone. Not used for now, this comes later.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
914dfe6e by Ralph Boehme at 2017-11-08T00:20:07+01:00
vfs_nfs4acl_xattr: remove a layer of indirection
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
afe11cbd by Ralph Boehme at 2017-11-08T00:20:08+01:00
vfs_nfs4acl_xattr: move interesting functions pointers to the top
Move interesting functions to the top of the vfs_fn_pointers struct, no
change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
20d3ae6a by Ralph Boehme at 2017-11-08T00:20:08+01:00
librpc/idl: rename NFS4 ACL xattr name define
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
df99ac27 by Ralph Boehme at 2017-11-08T00:20:08+01:00
librpc/idl: rename NFS4 ACL xattr name
The "system" xattr namespace is reserved for the kernel. Any attempt to
use xattrs in that namesspace will fail with EOPNOTSUPP, regardless of
priveleges. In autobuild we're using the xattr_tdb VFS module, so it
works there.
Using the "security" namespace instead makes this module generally
usable with Linux filesystem xattrs as storage backend.
Additionally prefix the xattr name with "_ndr". This is in preperation
of later commits that add a ACL blob marshalling format based on XDR. To
avoid xattr name collision, both format will use distinct xattr names by
default.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5890c74f by Ralph Boehme at 2017-11-08T00:20:08+01:00
librpc/idl: add versions consts to nfs4acl.idl
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
31a8fbff by Ralph Boehme at 2017-11-08T00:20:08+01:00
vfs_nfs4acl_xattr: add a runtime configuration object
No change in behaviour, all option defaults are set to the original
behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7f62b16a by Ralph Boehme at 2017-11-08T00:20:08+01:00
vfs_nfs4acl_xattr: modernize ACL inheritance
This changes the way ACL inheritance is achieved in this
module.
Previously the module recursed to the next parent directory until the
share root was reached or a directory with an ACL xattr. If the share
root didn't contain an ACL xattr either a default ACL would be used.
This commit removed this recursive scanning and replaces it with the
same mechanism used by vfs_acl_xattr: by setting "inherit acls = yes"
just let smbd do the heavy lefting and inheritance.
For any file without ACL xattr we still synthesize a default ACL,
leveraging the existing default ACL function used by vfs_acl_xattr.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
383312ab by Ralph Boehme at 2017-11-08T00:20:08+01:00
vfs_nfs4acl_xattr: code polish
README.Coding adjustments, DEBUG macro modernisation, variable name
sanitizing. No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2fb6b0c2 by Ralph Boehme at 2017-11-08T00:20:08+01:00
vfs_nfs4acl_xattr: refactoring
Refactor the code in preperation of factoring out ACL blob to smb4acl
and vice versa mapping functions.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d4d7e38b by Ralph Boehme at 2017-11-08T00:20:08+01:00
vfs_nfs4acl_xattr: fsp->fh->fd can legally be -1
We only open the underlying file if the open access mode contains
FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f5b2c66e by Ralph Boehme at 2017-11-08T00:20:08+01:00
vfs_nfs4acl_xattr: move the meat of the implementation to a seperate file
This is in preperation of modularizing the storage backend. Currently we
store the NFS4 ACL as an IDL/NDR encoded blob in a xattr.
Later commits will add a different backend storing the NFS4 ACL as an
XDR encoded blob in a xattr.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e2950327 by Ralph Boehme at 2017-11-08T00:20:08+01:00
librpc/idl: add NFS 4.1 ACL flags
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0697f794 by Ralph Boehme at 2017-11-08T00:20:08+01:00
vfs_nfs4acl_xattr: add support for NFS 4.1 ACL flags in the NDR backend
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
12f4263b by Ralph Boehme at 2017-11-08T00:20:08+01:00
selftest: add explicit default NFS4 acl version
This is the current default, just make it explicit. A subsequent commit
will bump the default to 4.1.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
60c80906 by Ralph Boehme at 2017-11-08T00:20:08+01:00
nfs4acls: update default NFS4 ACL version to 4.1
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
08a6ae44 by Ralph Boehme at 2017-11-08T00:20:08+01:00
selftest: test vfs_nfs4acl_xattr with NFS 4.1 ACLs
Only tests with "nfs4:mode = simple" as mode special is supposed to be
broken anyway and simple is recommended.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b4072961 by Ralph Boehme at 2017-11-08T00:20:08+01:00
vfs_nfs4acl_xattr: do xattr ops as root
This ensures we can always fetch the ACL xattr blob when we wanted,
unrestricted of filesystem permissions or Linux xattr security namespace
restrictions.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0fdbe624 by Ralph Boehme at 2017-11-08T00:20:08+01:00
vfs_nfs4acl_xattr: add POSIX mode check and reset
The vfs_nfs4acl_xattr VFS module is supposed to work the same as
vfs_acl_xattr|tdb with "ignore system acls" set to true. That is,
filesystem permissions should never restrict access and the actual
access checks are done by smbd in userspace.
To better cope with POSIX mode changes via other protocols (eg NFS) or
local filesystem access, add the following tweaks:
o validate ACL blob: if POSIX mode is not 0777/0666 discard the ACL blob
from the xattr and synthesize a default ACL based on the POSIX mode
o when setting an ACL, check and reset POSIX mode to 0777/0666
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8b1b1cd8 by Ralph Boehme at 2017-11-08T00:20:08+01:00
vfs_nfs4acl_xattr: implement take-ownership as in vfs_acl_common
This allows take-ownership to work if the user has SEC_STD_WRITE_OWNER.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a1671558 by Ralph Boehme at 2017-11-08T00:20:08+01:00
vfs_nfs4acl_xattr: add XDR backend
Add a NFS4 ACL backend that stores the ACL blob in an XDR encoded xattr,
by default in "security.nfs4acl_xdr".
This backend is enabled by setting "nfs4acl_xattr:encoding = xdr" in a
share definition.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e981b41a by Ralph Boehme at 2017-11-08T00:20:09+01:00
selftest: run raw.acls tests against a share with XDR NFS4 ACLs
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d1476988 by Ralph Boehme at 2017-11-08T00:20:09+01:00
selftest: run raw.acls test with XDR NFS41 ACLs
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d12ba2d3 by Ralph Boehme at 2017-11-08T04:27:28+01:00
manpages: add vfs_nfs4acl_xattr.8
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Nov 8 04:27:28 CET 2017 on sn-devel-144
- - - - -
aed7faea by Martin Schwenke at 2017-11-08T11:28:40+01:00
ctdb-tests: Fix some harmless CIDs
CID 1420632: Resource leaks (RESOURCE LEAK)
CID 1420631: Security best practices violations (TOCTOU)
CID 1417432: Resource leaks (RESOURCE LEAK)
CID 1417429: Security best practices violations (TOCTOU)
CID 1417427: Resource leaks (RESOURCE LEAK)
These are all in test code and constrained to the test environment, so
can't result in privilege escape. No backport necessary. However, we
might as well get them off the list.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Wed Nov 8 11:28:40 CET 2017 on sn-devel-144
- - - - -
e00ba05d by Lumir Balhar at 2017-11-08T17:57:21+01:00
python: Port ntvfs posix bindings to Python 3 compatible form
Signed-off-by: Lumir Balhar <lbalhar at redhat.com>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
de5e23c2 by Lumir Balhar at 2017-11-08T21:54:59+01:00
python: tests: Add tests for samba.posix_eadb module
Signed-off-by: Lumir Balhar <lbalhar at redhat.com>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Nov 8 21:54:59 CET 2017 on sn-devel-144
- - - - -
7470b9b1 by David Mulder at 2017-11-09T01:49:06+01:00
smbc_opendir should not return EEXIST with invalid login credentials
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jim McDonough <jmcd at samba.org>
Autobuild-User(master): Jim McDonough <jmcd at samba.org>
Autobuild-Date(master): Thu Nov 9 01:49:06 CET 2017 on sn-devel-144
- - - - -
732ba3c8 by Niels de Vos at 2017-11-09T22:37:30+01:00
vfs_glusterfs: include glusterfs/api/glfs.h without relying on -I options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13125
The glfs.h header file has always resided under glusterfs/api/ in the
standard include directory. The glusterfs-api.pc file adds the unneeded
-I${includedir}/glusterfs compiler option. This option will be removed
from future versions of the pkg-config file.
This change can safely be backported to older versions if there is a
need to have them build against glusterfs-3.13 or newer.
URL: https://review.gluster.org/18576
CC: Andrea Bolognani <abologna at redhat.com>
Signed-off-by: Niels de Vos <ndevos at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Nov 9 22:37:30 CET 2017 on sn-devel-144
- - - - -
62a556d5 by Jeremy Allison at 2017-11-10T23:27:10+01:00
Revert "s3/smbd: fix deferred open with streams and kernel oplocks"
This reverts commit b35a296a27a0807c780f2a9e7af2f2e93feefaa8.
This was the cause of
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13058
1. client of smbd-1 opens the file and sets the oplock.
2. client of smbd-2 tries to open the file. open() fails(EAGAIN) and open is deferred.
3. client of smbd-1 sends oplock break request to the client.
4. client of smbd-1 closes the file.
5. client of smbd-1 opens the file and sets the oplock.
6. client of smbd-2 calls defer_open_done(), sees that the file lease was not changed
and does not reschedule open.
and is no longer needed now vfs_streams_xattr.c no longer opens
the base file internally.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
15597a95 by Jeremy Allison at 2017-11-10T23:27:10+01:00
s4: torture: kernel_oplocks. Create a regression test case for bug #13058.
It implements the following test case:
1. client of smbd-1 opens the file and sets the oplock.
2. client of smbd-2 tries to open the file. open() fails(EAGAIN) and open is deferred.
3. client of smbd-1 sends oplock break request to the client.
4. client of smbd-1 closes the file.
5. client of smbd-1 opens the file and sets the oplock.
6. client of smbd-2 calls defer_open_done(), sees that the file lease was not changed
and does not reschedule open.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13058
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
71720e2e by Volker Lendecke at 2017-11-10T23:27:10+01:00
libcli: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Richard Sharpe <sharpe at samba.org>
- - - - -
20cfcb7d by Volker Lendecke at 2017-11-11T03:20:09+01:00
tevent: Fix a race condition
We can't rely on tctx to exist after we unlocked the mutex. It took a
while, but this does lead to data corruption. If *tctx is replaced with
something where tctx->wakeup_fd points to a real, existing file
descriptor, we're screwed. And by screwed, this means file corruption
on disk.
Again. I am not tall enough for this business.
http://bholley.net/blog/2015/must-be-this-tall-to-write-multi-threaded-code.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13130
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Nov 11 03:20:09 CET 2017 on sn-devel-144
- - - - -
6381044c by Volker Lendecke at 2017-11-11T04:49:27+01:00
vfs: Remove aio_linux
Triggered by https://bugzilla.samba.org/show_bug.cgi?id=13128 I think
this module should go. Once Linux aio will do what Samba needs, this
might be worth another look.
What we should instead do soon is support Linux preadv2 and the
RWF_NOWAIT flag to avoid the thread context switch whenever possible.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
f53ee128 by Uri Simchoni at 2017-11-11T04:49:27+01:00
smbd: remove calls to dptr_init_search_op()
dptr_init_search_op() invokes a VFS operation which is
a no-op in all in-tree VFS modules. Furthermore,
dptr_init_search_op() is not being called from SMB2 search
code, which hints that no out-of-tree VFS module needs it.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b8aa599f by Uri Simchoni at 2017-11-11T04:49:27+01:00
smbd: remove calls to dptr_init_search_op() from TRANS2 search code
dptr_init_search_op() invokes VFS operations which are no-op in all
in-tree VFS modules. Furthermore, it's not being called by the SMB2
search code, so probably it's not being used by any out-of-tree VFS
module either.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1d9e8ff8 by Uri Simchoni at 2017-11-11T04:49:27+01:00
smbd: remove dptr_init_search_op()
This function is now not being used.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fd1aa4a6 by Uri Simchoni at 2017-11-11T04:49:27+01:00
VFS examples: remove init_search_ops
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0f1dede9 by Uri Simchoni at 2017-11-11T04:49:27+01:00
vfs_glusterfs: remove init_search_op handling
This VFS function is about to be removed. It can be
removed by a separate commit because both the glusterfs
and the default implementations are no-ops.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fba8bd6c by Uri Simchoni at 2017-11-11T04:49:27+01:00
vfs_time_audit: remove init_search_op implementation
This VFS call is about to be removed in a following commit.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7a34ed88 by Uri Simchoni at 2017-11-11T04:49:27+01:00
vfs_media_harmony: remove handling of init_search_op
This VFS function is about to be removed in a following commit.
In the meantime, not handling it by vfs_media_harmony poses no
issue because the underlying implenentation is a no-op.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bb40fa84 by Uri Simchoni at 2017-11-11T04:49:27+01:00
vfs_unityed_media: remove handling of init_search_op
init_search_op is about to be removed from the VFS in
a following commit. In the meantime, removing it poses
no issue because he underlying impementation is a no-op.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
37ac8ad4 by Uri Simchoni at 2017-11-11T04:49:27+01:00
vfs: remove SMB_VFS_INIT_SEARCH_OP
This VFS is no longer being called, hence removed.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a0f6ea8d by Jeremy Allison at 2017-11-11T08:44:36+01:00
libsmbclient: Allow server (NetApp) to return STATUS_INVALID_PARAMETER from an echo.
It does this if we send a session ID of zero. The server still replied.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13007
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Nov 11 08:44:37 CET 2017 on sn-devel-144
- - - - -
47c13fc1 by Jeremy Allison at 2017-11-11T16:09:17+01:00
s3: smbd: kernel oplocks. Replace retry_open() with setup_kernel_oplock_poll_open().
If a O_NONBLOCK open fails with EWOULDBLOCK, this code changes smbd to
do a retry open every second, until either the timeout or we get a successful
open. If we're opening a file that has a kernel lease set by a non-smbd
process, this is the best we can do.
Prior to this, smbd would block on the second open on such a leased file
(not using O_NONBLOCK) which freezes active clients.
Regression test to follow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13121
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
ad82557e by Jeremy Allison at 2017-11-11T20:12:26+01:00
s4: torture: kernel oplocks. Add smb2.kernel-oplocks.kernel_oplocks8
Test if the server blocks whilst waiting on a kernel lease held by
a non-smbd process.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13121
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Nov 11 20:12:26 CET 2017 on sn-devel-144
- - - - -
142f778c by Andreas Schneider at 2017-11-13T10:09:10+01:00
vfs_fruit: Unlink memory on error
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f56ce215 by Andreas Schneider at 2017-11-13T14:05:46+01:00
s3:passdb: Fix a memory leak in secrets_fetch_or_upgrade_domain_info()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Nov 13 14:05:46 CET 2017 on sn-devel-144
- - - - -
2e573eea by Stefan Metzmacher at 2017-11-13T18:02:46+01:00
tevent: version 0.9.34
* Remove unused select backend
* Fix a race condition in tevent_threaded_schedule_immediate()
(bug #13130)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Nov 13 18:02:46 CET 2017 on sn-devel-144
- - - - -
fe4e24e1 by Volker Lendecke at 2017-11-13T23:54:46+01:00
netsamlogon_cache: Use ndr_pull_struct_blob_all
Be a bit more strict for error checking
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b0e2c669 by Volker Lendecke at 2017-11-13T23:54:46+01:00
libcli: Fix a signed/unsigned hickup
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3c502755 by Volker Lendecke at 2017-11-13T23:54:46+01:00
passdb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cd5d726c by Volker Lendecke at 2017-11-13T23:54:46+01:00
util_tdb: Make a few functions static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1f071b1a by Volker Lendecke at 2017-11-13T23:54:46+01:00
smbd: Avoid an "else"
We always return in the if-branch before. The else is redundant
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1c6e2704 by Volker Lendecke at 2017-11-13T23:54:46+01:00
lib: Avoid a ZERO_STRUCT, save a few bytes .text
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3b2ba9c8 by Volker Lendecke at 2017-11-13T23:54:46+01:00
rpcclient: Avoid a ZERO_STRUCT, save a few bytes .text
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
01a54627 by Volker Lendecke at 2017-11-13T23:54:47+01:00
lib: Save a few bytes of .text
Looks surprising, but this does save bytes if you look at the object with
"size".
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
a1b2daa0 by Volker Lendecke at 2017-11-13T23:54:47+01:00
dreplsrv: Use is_null_sid
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2e5ea35f by Volker Lendecke at 2017-11-14T03:55:37+01:00
smbtorture: Remove an unused variable
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Nov 14 03:55:37 CET 2017 on sn-devel-144
- - - - -
70056092 by ulkuderner at 2017-11-15T13:52:05+01:00
pam_winbind: initial Turkish translation
Reviewed-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Karolin Seeger <kseeger at samba.org>
Autobuild-User(master): Björn Jacke <bj at sernet.de>
Autobuild-Date(master): Wed Nov 15 13:52:05 CET 2017 on sn-devel-144
- - - - -
eefc7a27 by Jeremy Allison at 2017-11-15T15:56:24+01:00
s3: libsmb: smbc_statvfs is missing the supporting SMB2 calls.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13138
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
aaa52ab7 by Jeremy Allison at 2017-11-15T15:56:24+01:00
s3: smbclient: Implement "volume" command over SMB2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13140
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f8cd211a by Jeremy Allison at 2017-11-15T19:50:54+01:00
s3: smbclient: tests: Test "volume" command over SMB1 and SMB2+.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13140
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Nov 15 19:50:54 CET 2017 on sn-devel-144
- - - - -
6c0d053e by Jeremy Allison at 2017-11-16T22:27:06+01:00
s4: torture: Ensure kernel oplock test can't hang in pause().
Use an alarm to break out of waiting for a signal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13121
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Nov 16 22:27:06 CET 2017 on sn-devel-144
- - - - -
3b16bfe4 by Ralph Boehme at 2017-11-17T02:35:52+01:00
pthreadpool: create a tevent_threaded_context per registered event context
We just need one tevent_threaded_context per unique combintation of
tevent event contexts and pthreadpool_tevent pools, not multiple copies
for identical combinations of a tevent contexts and a pthreadpool_tevent
pools.
With this commit we register tevent contexts in a list in the
pthreadpool_tevent structure and will only have one
tevent_threaded_context object per tevent context per pool.
With many pthreadpool_tevent_job_send reqs this pays off, I've seen a
small decrease in cpu-ticks with valgrind callgrind and a modified
local.messaging.ping-speed torture test. The test modification ensured
messages we never directly send, but always submitted via
pthreadpool_tevent_job_send.
Pair-Programmed-With: Jeremy Allison <jra at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Nov 17 02:35:52 CET 2017 on sn-devel-144
- - - - -
993fa579 by Jeremy Allison at 2017-11-17T12:43:01+01:00
lib: tevent: Minor cleanup. wakeup_fd can always be gotten from the event context.
We don't need to store it. I prefer this as it shows that we must always
get wakeup_fd from the event context at time of use, rather than possibly
storing an out-of-date variable.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Nov 17 12:43:01 CET 2017 on sn-devel-144
- - - - -
625d27d3 by Volker Lendecke at 2017-11-18T00:09:15+01:00
libsmb: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c19b49ba by Volker Lendecke at 2017-11-18T00:09:15+01:00
tevent: Fix typos
While there, fix comment formatting
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
df5a5341 by Volker Lendecke at 2017-11-18T00:09:15+01:00
nsswitch: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
03be840a by Volker Lendecke at 2017-11-18T00:09:15+01:00
winbindd: Fix some signed/unsigned warnings
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2a86876c by Volker Lendecke at 2017-11-18T00:09:15+01:00
lib: Avoid a pointless static variable
Saves a few bytes of .text
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
98dd651f by Volker Lendecke at 2017-11-18T00:09:16+01:00
lib: Simplify is_ipaddress_v6
Do an early return, avoid an "else", avoid an indentation level
Review with git show -b
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
73533b90 by Volker Lendecke at 2017-11-18T00:09:16+01:00
lib: Fix a false/NULL hickup
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e83f3891 by Volker Lendecke at 2017-11-18T00:09:16+01:00
lib: Save a few bytes of .text
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
87c44325 by Volker Lendecke at 2017-11-18T00:09:16+01:00
libwbclient: Fix two signed/unsigned hickups
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5781cefc by Volker Lendecke at 2017-11-18T00:09:16+01:00
ntlm_auth: Use libwbclient in winbind_separator()
Avoid direct winbindd_request_response()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
25e85a45 by Volker Lendecke at 2017-11-18T00:09:16+01:00
ntlm_auth: Use libwbclient in get_winbind_domain()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
403003b5 by Volker Lendecke at 2017-11-18T00:09:16+01:00
ntlm_auth: Use libwbclient in get_require_membership_sid()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ffbf393f by Volker Lendecke at 2017-11-18T00:09:16+01:00
ntlm_auth: Use libwbclient in get_winbind_netbios_name()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d74c6080 by Volker Lendecke at 2017-11-18T00:09:16+01:00
nsswitch: Slightly simplify winbindd_request_response
We don't need a separate variable, C passes a copy on the stack
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9466796c by Stefan Metzmacher at 2017-11-18T00:09:16+01:00
s3:selftest: add samba3.blackbox.net_rpc_oldjoin test
This demonstrates that "net rpc oldjoin" is currently broken.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13149
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d27f38d3 by Stefan Metzmacher at 2017-11-18T00:09:16+01:00
libnet_join: fix "net rpc oldjoin"
We need to open the ncacn_np (smb) transport connection with
anonymous credentials.
In order to do netr_ServerPasswordSet*() we need to
establish a 2nd netlogon connection using dcerpc schannel
authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13149
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7e83d148 by Volker Lendecke at 2017-11-18T00:09:16+01:00
winbind: Replace winbind_event_context with server_event_context
There's no point in having two global event contexts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e1f12acc by Volker Lendecke at 2017-11-18T00:09:16+01:00
winbind: Remove winbind_event_context
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d8a01d09 by Volker Lendecke at 2017-11-18T00:09:16+01:00
winbind: winbind_messaging_context -> server_messaging_context
Don't use winbind_messaging_context anymore.
This fixes a bug analysed by Peter Somogyi <PSOMOGYI at hu.ibm.com>: If a
parent winbind forks, it only called reinit_after_fork on
winbind_messaging_context. On the other hand, deep in dbwrap_open we use
server_messaging_context(). This is not reinitialized by
winbind_reinit_after fork, so the parent and child share a ctdb
connection. This is invalid, because replies from ctdb end up in the
wrong process.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
050ca45d by Volker Lendecke at 2017-11-18T04:07:23+01:00
winbind: Remove winbind_messaging_context
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Nov 18 04:07:24 CET 2017 on sn-devel-144
- - - - -
88bdecae by Ralph Boehme at 2017-11-19T15:14:13+01:00
winbindd: tdb_exists returns 1 if a record is found
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Sun Nov 19 15:14:13 CET 2017 on sn-devel-144
- - - - -
d11473b1 by Gary Lockyer at 2017-11-20T07:20:13+01:00
source3: remove sock_exec
Remove the sock_exec code which is no longer needed and additionally has been
used by exploit code.
This was originally test support code, the tests relying on the sock_exec
code have been removed.
Past exploits have used sock_exec as a proxy for system() matching a talloc
destructor prototype.
See for example:
Exploit for Samba vulnerabilty (CVE-2015-0240) at
https://gist.github.com/worawit/051e881fc94fe4a49295
and the Red Hat post at
https://access.redhat.com/blogs/766093/posts/1976553
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Nov 20 07:20:13 CET 2017 on sn-devel-144
- - - - -
a80296b1 by Andrew Bartlett at 2017-11-20T21:41:14+01:00
waf: Move script list to one-per-line
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
6159b8eb by David Mulder at 2017-11-20T21:41:14+01:00
gpo: move mkdir_p to lib/util
Move the mkdir_p function to lib/util so it can be used elsewhere
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a70aa65f by Garming Sam at 2017-11-20T21:41:14+01:00
Revert "libgpo: remove unused libgpo wscript_build."
This reverts commit feffac806800c1740521133e88a7ac777ce8f368.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
148b7ae7 by Luke Morrison at 2017-11-20T21:41:14+01:00
gpo: Add python libgpo bindings
Split from "Initial commit for GPO work done by Luke Morrison" by David Mulder
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Luke Morrison <luke at hubtrek.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5194cd4e by Luke Morrison at 2017-11-20T21:41:14+01:00
gpo: Initial commit for GPO work
Enclosed is my Summer of Code 2013 patch to have vital password GPO always applied to the Samba4 Domain Controller using a GPO update service.
To try it out "make -j" your samba with the patch, apply a security password GPO and see the difference in ~20 seconds. It also takes GPO hierarchy into account.
Split from "Initial commit for GPO work done by Luke Morrison" by David Mulder
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Luke Morrison <luke at hubtrek.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
115615d8 by David Mulder at 2017-11-20T21:41:14+01:00
gpo: Make the gpoupdate script much more reliable
Using a static file blanks the file when samba_gpoupdate crashes. Transformed
to a tdb file and added transactions. Add info logging to monitor gpo changes,
etc. Also handle parse errors and log an error message, then recover. Modified
the parsing code to use ConfigParser. Also, use the backslash in path names
when opening smb files, otherwise it fails against a windows server.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5662e49b by Garming Sam at 2017-11-20T21:41:14+01:00
gpo: Create the gpo update service
Split from "Initial commit for GPO work done by Luke Morrison" by David Mulder
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Luke Morrison <luke at hubtrek.com>
Signed-off-by: David Mulder <dmulder at suse.com>
Then adapted to current master
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2e432ef2 by Andrew Bartlett at 2017-11-20T21:41:14+01:00
gpoupdate: Do not DEBUG(0) every scan interval
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
a6ea6828 by Andrew Bartlett at 2017-11-20T21:41:14+01:00
gpoupdate: Correct comment about hard-coded 5 second runing of the script
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
377c0681 by Andrew Bartlett at 2017-11-20T21:41:14+01:00
gpoupdate: Remove developer path from the comment
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
50a64b7c by Luke Morrison at 2017-11-20T21:41:14+01:00
gpo: enable gpo update with addition to build system
Split from "Initial commit for GPO work done by Luke Morrison" by Garming Sam
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Luke Morrison <luke at hubtrek.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
78fd02cf by Garming Sam at 2017-11-20T21:41:14+01:00
gpo: fix the building of gpext to only once
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
41d1ff74 by David Mulder at 2017-11-20T21:41:14+01:00
libgpo: Add libgpo python bindings
Create libgpo python bindings for GROUP_POLICY_OBJECT, ADS_STRUCT, gpo_get_unix_path, ads_connect, and ads_get_gpo_list.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8eba3b5d by David Mulder at 2017-11-20T21:41:15+01:00
gpo: Make the gpclass more easily extensible
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
de9cee22 by David Mulder at 2017-11-20T21:41:15+01:00
gpoupdate: Rewrite samba_gpoupdate
Use new python bindings and remove obsoleted code
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
05235a56 by David Mulder at 2017-11-20T21:41:15+01:00
gpo: Install the samba_gpoupdate script
The samba_gpoupdate script was not being installed by waf.
Added samba_gpoupdate to the wscripts so it gets installed as part of a make install.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e750e4a3 by David Mulder at 2017-11-20T21:41:15+01:00
gpo: Add gpo tests
Lays down a sysvol gpttmpl.inf with password policies, then runs the samba_gpoupdate command. Verifies policies are applied to the samdb.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8d4c7229 by David Mulder at 2017-11-20T21:41:15+01:00
gpo: Add GPO unapply
Keep a log of applied settings, and add an option to samba_gpoupdate to allow unapply. An unapply will revert settings to a state prior to any policy application.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4a7ccbea by David Mulder at 2017-11-20T21:41:15+01:00
gpo: Always enforce policy, even if unchanged
Policies should always be enforced, even if the gpo hasn't changed.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e60f4978 by David Mulder at 2017-11-20T21:41:15+01:00
gpo: Apply kerberos settings
Add kdc kerberos settings to gpo.tdb, then retrieve those settings in
lpcfg_default_kdc_policy.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8be71f97 by David Mulder at 2017-11-20T21:41:15+01:00
doc: Add samba_gpoupdate man page, update WHATSNEW
Signed-off-by: David Mulder <dmulder at suse.com>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
9339227e by Andrew Bartlett at 2017-11-20T21:41:15+01:00
pygpo: Check for errors in gpo.gpo_get_sysvol_gpt_version()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
6d77776c by Andrew Bartlett at 2017-11-20T21:41:15+01:00
python: This function converts days to a relative (ie negative) NTTIME
It is not nttime2unix as it claimed.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
3bc0c1f8 by Andrew Bartlett at 2017-11-20T21:41:15+01:00
gpoupdate: Move closer to 80 columns
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
0da76af1 by Andrew Bartlett at 2017-11-20T21:41:15+01:00
python: Use py_check_dcerpc_type() to safely check for credentials
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
3ba077f4 by Andrew Bartlett at 2017-11-20T21:41:15+01:00
python: Remove Python 2.4 compat macro
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
f0e3c2da by Andrew Bartlett at 2017-11-20T21:41:15+01:00
Use talloc_stackframe() not talloc_tos() in namequery.c
The pygpo code calls these functions but there was not stackframe set up so
tallos_tos() fails.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
d65f6dd4 by David Mulder at 2017-11-20T21:41:15+01:00
libgpo: Setup the stack frame in ads_connect
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
85f90188 by Andrew Bartlett at 2017-11-20T21:41:15+01:00
python: Remove talloc_stackframe() held in an object
talloc_stackframe() must not be held after the return from a function.
If this causes warnings (talloc_tos() use without a stackframe), this
must be fixed in each function.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
644bbf08 by Andrew Bartlett at 2017-11-20T21:41:15+01:00
python: Convert gop.GROUP_POLICY_OBJECT to pytalloc
This avoids PyCapsule calls not available in Python 2.6
We remove the __init__ function as it is useless, the
object is created by py_ads_get_gpo_list() which now
returns a python list rather than an iterator.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
6e7d037a by Garming Sam at 2017-11-21T01:51:59+01:00
Fix formating of sources to be less than 80 lines
Signed-off-by: David Mulder <dmulder at suse.com>
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Garming Sam <garming at samba.org>
Autobuild-Date(master): Tue Nov 21 01:51:59 CET 2017 on sn-devel-144
- - - - -
757a120f by Jeremy Allison at 2017-11-21T05:03:16+01:00
s3: utils: net. Fix return paths that don't free talloc stackframe.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13151
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
848f2425 by Amitay Isaacs at 2017-11-21T05:03:16+01:00
ctdb-daemon: Allocate deferred calls off calling context
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13152
This makes sure that if a client disconnects, all the deferred calls
from the client are correctly freed.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
49308f7f by Amitay Isaacs at 2017-11-21T05:03:16+01:00
ctdb-common: Call missing tevent_wakeup_recv() in sock_daemon
https://bugzilla.samba.org/show_bug.cgi?id=13153
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
a6296bad by Amitay Isaacs at 2017-11-21T05:03:16+01:00
ctdb-common: Do not use sock->req outside sock_socket functions
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
fbb5ac84 by Amitay Isaacs at 2017-11-21T05:03:16+01:00
ctdb-common: Return status from sock_daemon startup()/reconfigure()
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
001ae550 by Amitay Isaacs at 2017-11-21T05:03:16+01:00
ctdb-common: Start wait computation only after successful startup
This orders the startup events in sock_daemon code.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
984c3f4f by Amitay Isaacs at 2017-11-21T05:03:17+01:00
ctdb-common: Start listening to sockets only on successful startup
Fix tests to use wait_send() instead of startup() as a synchronization
point to ensure that the socket is listening.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
3b8f0cc2 by Amitay Isaacs at 2017-11-21T05:03:17+01:00
ctdb-common: Handle errors on unexpected socket close in sock_daemon
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
ba3e9e6e by Amitay Isaacs at 2017-11-21T05:03:17+01:00
ctdb-tests: Create sock_daemon_funcs per test
This avoids defining sock_daemon functions that are not needed in the test.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
7558592d by Amitay Isaacs at 2017-11-21T05:03:17+01:00
ctdb-common: Add async version of startup in sock_daemon
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
41d888af by Amitay Isaacs at 2017-11-21T05:03:17+01:00
ctdb-common: Add async version of reconfigure in sock_daemon
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
c1b4a74f by Amitay Isaacs at 2017-11-21T08:58:45+01:00
ctdb-common: Add async version of shutdown in sock_daemon
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Tue Nov 21 08:58:45 CET 2017 on sn-devel-144
- - - - -
8212c34a by Volker Lendecke at 2017-11-21T15:45:20+01:00
docs: Fix the "aio r/w size" smb.conf entries
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Nov 21 15:45:20 CET 2017 on sn-devel-144
- - - - -
deda0438 by Jeremy Allison at 2017-11-21T15:46:12+01:00
s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746
When setting up the chain, always use 'next->' variables
not the 'req->' one.
Bug discovered by 连一汉 <lianyihan at 360.cn>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13041
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
33f88abe by Jeremy Allison at 2017-11-21T19:42:22+01:00
s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown.
Ensure we zero out unused grown area.
CVE-2017-15275
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13077
Signed-off-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(master): Tue Nov 21 19:42:22 CET 2017 on sn-devel-144
- - - - -
4806f050 by Volker Lendecke at 2017-11-21T22:04:13+01:00
libgpo: Fix CID 1422262 Explicit null dereferenced
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
76f370ed by Volker Lendecke at 2017-11-22T02:03:16+01:00
libgpo: Fix CID 1422263 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Nov 22 02:03:17 CET 2017 on sn-devel-144
- - - - -
4fcf6613 by Uri Simchoni at 2017-11-22T10:20:20+01:00
nfs4acl: fix picky build in case rpc/xdr.h is not available
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5aa8af0c by Uri Simchoni at 2017-11-22T10:20:20+01:00
torture: remove spurious semicolon
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1d74e4f6 by Uri Simchoni at 2017-11-22T10:20:20+01:00
lib/crypto: remove unused code
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3cca62a2 by Uri Simchoni at 2017-11-22T10:20:20+01:00
ldb: silence some clang warnings in picky developer mode
Avoid const in casting since it doesn't increase code
safety in this case and causes clang to generate const-qual
warning. Also initialize a pointer to NULL to silence clang
uninitialized variable warning.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
98813a60 by Uri Simchoni at 2017-11-22T10:20:20+01:00
build: allow passing custom cflags to end of library build
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2606c99e by Uri Simchoni at 2017-11-22T10:20:20+01:00
build: allow adding cflags to end of python module build command
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a74896d4 by Uri Simchoni at 2017-11-22T10:20:20+01:00
build: detect availability of -Wno-unused-function
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9ad9f7bc by Uri Simchoni at 2017-11-22T10:20:20+01:00
librpc-build: ignore unused functions in generated code
Some pidl-generated code includes static functions that are
to be optimized-away by the compiler if not used. When
running picky developer with clang that breaks the build. This
change ignores this warning for the pidl-generated python binding
files.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5b1de1ae by Uri Simchoni at 2017-11-22T10:20:20+01:00
ldb-samba: use ldap enum instead of ldb enum
This silences a picky compiler warning.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5fd04020 by Uri Simchoni at 2017-11-22T10:20:20+01:00
dns server: fix warning about enum mismatch
Fix picky developer clang warning about assignment
of an enum value to a variable of a different enum type.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a83953a0 by Uri Simchoni at 2017-11-22T10:20:20+01:00
s4-torture: fix file time checks
NTTIME is an unsigned quantity. When comparing two
of them, first calculate a signed difference, then
take absolute value.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2947945d by Uri Simchoni at 2017-11-22T10:20:20+01:00
s4-torture: get rid of extra parentheses
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1a2da5b0 by Uri Simchoni at 2017-11-22T10:20:20+01:00
s4-lib-policy: fix type of enum
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4171191d by Uri Simchoni at 2017-11-22T10:20:21+01:00
s2-rpc-server: fix enum type in assignment
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
80b4b53f by Uri Simchoni at 2017-11-22T10:20:21+01:00
s3-rpc-server: fix type of enum in lsa server
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8efe057a by Uri Simchoni at 2017-11-22T10:20:21+01:00
smbspool_krb5_wrapper: fix some error messages
Make cups_smb_debug declaration printf-aware to
avoid picky warning about printf with variable
format string. This in turn revealed some formatting
errors.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
90203345 by Uri Simchoni at 2017-11-22T10:20:21+01:00
s3-torture: fix some truncation warnings
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7a2d8aa0 by Uri Simchoni at 2017-11-22T10:20:21+01:00
s3-torture: fix an always-true comparison
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e973ac06 by Uri Simchoni at 2017-11-22T10:20:21+01:00
build: disable format-zero-length warning
format-zero-length warns against printf-style calls with
zero-length format string. vfs_full_audit module has such
calls, and up until now there was no warning against it because
the do_log in vfs_full_audit is not recognized as printf-style
function. In a following commit the do_log will be converted to
a printf-style function, hence the need to disable this warning.
(an alternative would be to disable only for vfs_full_audit, but that
would complicate things needlessly).
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
90508f46 by Uri Simchoni at 2017-11-22T10:20:21+01:00
pam_wrapper: #ifdef-out unused functions
When pam_vsyslog is not available, avoid building functions
that are being used to wrap it, in order to avoid picky
compiler warnings.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
34b4be09 by Uri Simchoni at 2017-11-22T10:20:21+01:00
build: allow specifying prerequisite flags when checking flags
In gcc, "-Wformat-security" is ignored unless "-Wformat" is also
specified. This patch allow adding a "prerequisite flag" to a flag
we're testing during configuration.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2e53d6a3 by Uri Simchoni at 2017-11-22T10:20:21+01:00
build: specify -Wformat as a prerequisite of -Wformat-security
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
667335a4 by Uri Simchoni at 2017-11-22T14:19:20+01:00
build: ensure compiler flags are properly detected
While checking for compiler flag availability, treat warnings
as errors. Thus if the compiler only warns about unsupported flag,
it will fail the test and the flag shall be marked as unsupported.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Nov 22 14:19:20 CET 2017 on sn-devel-144
- - - - -
84a7baee by Andreas Schneider at 2017-11-24T01:13:14+01:00
python:tests: Use bin/tdbdump only if built
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
17f1c6f9 by Garming Sam at 2017-11-24T01:13:14+01:00
schema: Make writing indices flag an enum for a new state
In schema_load_init, we find that the writing of indices is not locked
in any way. This leads to race conditions. To resolve this, we need to
have a new state (SCHEMA_COMPARE) which can report to the caller that we
need to open a transaction to write the indices.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8eb95bc1 by Garming Sam at 2017-11-24T01:13:14+01:00
schema_set: Add comment about set schema from ldif in a transaction
This is normally called with a transaction or before access is shared.
The python code and some tests may also cause an issue, but as these are
fixed at runtime, this is only a temporary issue that resolves itself.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
11c95b8c by Andreas Schneider at 2017-11-24T01:13:14+01:00
s3:torture: Fix building with -O3 and gcc 7
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
786e3c1d by Uri Simchoni at 2017-11-24T01:13:15+01:00
pam_winbind: fix const discard warnings
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
89905701 by Uri Simchoni at 2017-11-24T01:13:15+01:00
winbind_nss_freebsd: fix const discard warning
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
559367ed by Uri Simchoni at 2017-11-24T01:13:15+01:00
s4-torture: fix truncation warnings
Fix various places where there is potential truncation
while doing time / size calculations.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2bf01b28 by Uri Simchoni at 2017-11-24T01:13:15+01:00
s4-torture: fix type of enum in various places
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d97feb40 by Uri Simchoni at 2017-11-24T01:13:15+01:00
vfs_full_audit: make do_log() printf-aware
Add PRINTF_ATTRIBUTE() to do_log(). This removes
picky compiler warning about printf with variable
format string, and adds compiler checks for the format
strings supplied to do_log. This in turn spurred some
warnings which are fixed.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
98b1beee by Uri Simchoni at 2017-11-24T01:13:15+01:00
pam_wrapper: use uintptr_t as base for const-discarding
Seems like HAVE_INTPTR_T is not available on FreeBSD. Use
the uintptr_t-base const discarding to avoid picky compiler
warnings (other places in Samba also use uintptr_t).
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(ported from pam_wrapper c611121eec7b5f2c39cab7b1c0295eddefdddb1d)
- - - - -
4fc4e417 by Uri Simchoni at 2017-11-24T01:13:15+01:00
pam_wrapper: Use a constant string format specifier in test
This fixes a warning about non-constant format specifier.
clang 4.0.0 warns against non-constant format specifier since
it cannot validate the format against the parameters.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(ported from pam_wrapper 9265da3857e9cfa7a00d1ab35aae1e0b0286efad)
- - - - -
16cedcb1 by Uri Simchoni at 2017-11-24T01:13:15+01:00
lib/smbreadline: detect picky compile issue with readline.h
readline.h has build issues with clang if -Wstrict-prototypes
is enabled. Detect this and also detect whether the known
workaround works.
Fix suggested by Timur I. Bakeyev <timur at freebsd.org>
cf. https://lists.gnu.org/archive/html/bug-readline/2014-04/msg00018.html
cf. https://lists.samba.org/archive/samba-technical/2017-November/123923.html
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
926e7a7c by Uri Simchoni at 2017-11-24T05:16:10+01:00
lib/replace: apply readline -Wstrict-prototypes workaround
clang -Wstrict-prototypes has issues with readline > 6.3.
Fix suggested by Timur I. Bakeyev <timur at freebsd.org>
cf. https://lists.gnu.org/archive/html/bug-readline/2014-04/msg00018.html
cf. https://lists.samba.org/archive/samba-technical/2017-November/123923.html
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Nov 24 05:16:10 CET 2017 on sn-devel-144
- - - - -
c19fc7c9 by Amitay Isaacs at 2017-11-24T11:49:19+01:00
ctdb-tests: Make sure child processes are waited on after termination
Looks like the if a process holding fcntl lock (on pid file) is killed,
then the lock is not released till the process is reaped using either
wait() or waitpid().
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
ada9e95c by Amitay Isaacs at 2017-11-24T11:49:19+01:00
ctdb-common: Add special monitor handling to run_event abstraction
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
f0263146 by Amitay Isaacs at 2017-11-24T15:49:46+01:00
ctdb-eventd: Simplify eventd code
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Fri Nov 24 15:49:46 CET 2017 on sn-devel-144
- - - - -
3b111fbd by Andrew Bartlett at 2017-11-24T15:50:15+01:00
dbcheck: Clarify error count bumping in deleted/gone DN handling
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
527f2c95 by Andrew Bartlett at 2017-11-24T15:50:16+01:00
dbcheck: Use the GUID as the DN to fix replPropertyMetaData
This allows this to still work after an object is renamed under the deleted objects container.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7be38c60 by Andrew Bartlett at 2017-11-24T15:50:16+01:00
selftest: add more dbcheck tests
This validates some more combinations and ensures that the changes
in 962a1b32201fce0a49c6be55943d4fbb57ed781e are tested.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b99d2ee1 by Andrew Bartlett at 2017-11-24T15:50:16+01:00
selftest: Split out dbcheck runs from dangling_multi_valued test
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
25ae8d72 by Andrew Bartlett at 2017-11-24T15:50:16+01:00
selftest: Split out creation of complex (often invalid) links
This will allow us to test other run-time behaviour with broken
databases.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a784cc3a by Andrew Bartlett at 2017-11-24T15:50:16+01:00
selftest: Additional check for a backlink pointing at a deleted object
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
126d28d0 by Stefan Metzmacher at 2017-11-24T15:50:16+01:00
s4:schema_samba4: mark DSDB_CONTROL_INVALID_NOT_IMPLEMENTED 1.3.6.1.4.1.7165.4.3.32 as allocated
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1eb8d8ec by Stefan Metzmacher at 2017-11-24T15:50:16+01:00
s4:dsdb: allocate DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS oid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9a1e23a1 by Stefan Metzmacher at 2017-11-24T15:50:16+01:00
dsdb:repl_meta_data: implement DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS control
This will be used by dbcheck to fix duplicate link values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
83aa2226 by Stefan Metzmacher at 2017-11-24T15:50:16+01:00
dsdb:extended_dn_store: implement DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS control
This will be used by dbcheck to fix duplicate link values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eb6bd651 by Stefan Metzmacher at 2017-11-24T15:50:16+01:00
dbcheck: remove indentation level
Check with git show -w
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9a631560 by Stefan Metzmacher at 2017-11-24T15:50:16+01:00
dbcheck: only calculate linked attribute helper variables once in check_dn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
239fbeb1 by Stefan Metzmacher at 2017-11-24T15:50:16+01:00
dbcheck: detect and fix duplicate links
Check with git show -w
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
70bf809e by Stefan Metzmacher at 2017-11-24T15:50:16+01:00
selftest: add dbcheck tests for duplicate links
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4815efc0 by Andrew Bartlett at 2017-11-24T15:50:16+01:00
selftest: Add more corruption cases for runtime and dbcheck
These tests now confirm we can handle these issues at runtime
as well as at dbcheck
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
40bd7e14 by Andrej Gessel at 2017-11-24T15:50:16+01:00
repl_meta_data: Fix removing of backlink on deleted objects
USER is memberOf GROUP and they both were deleted on W2K8R2 AD. Domain join ends
with error below.
Failed to apply records: ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:421
8: Failed to remove backlink of memberOf when deleting CN=USER\0ADEL:a1f2a2cc-1
179-4734-b753-c121ed02a34c,CN=Deleted Objects,DC=samdom,DC=intern: dsdb_module_
search_dn: did not find base dn CN=GROUP\0ADEL:030d0be1-3ada-4b93-8371-927f2092
3116,CN=Deleted Objects,DC=samdom,DC=intern (0 results): Operations error
Failed to commit objects: WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13120
Signed-off-by: Andrej Gessel <Andrej.Gessel at janztec.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6cf7abbc by Andrew Bartlett at 2017-11-24T19:53:50+01:00
repl_meta_data: Allow delete of an object with dangling backlinks
This should not happen, but stopping all replication because of it is a pain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Nov 24 19:53:50 CET 2017 on sn-devel-144
- - - - -
22bf36c8 by Andreas Schneider at 2017-11-25T10:14:13+01:00
build: Move socket_wrapper to third_party
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
5d2b5e98 by Andreas Schneider at 2017-11-25T10:14:13+01:00
build: Move nss_wrapper to third_party
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
ac650704 by Andreas Schneider at 2017-11-25T10:14:13+01:00
build: Move resolv_wrapper to third_party
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
6fbc8b81 by Andreas Schneider at 2017-11-25T10:14:13+01:00
build: Move uid_wrapper to third_party
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
8635465d by Andreas Schneider at 2017-11-25T10:14:13+01:00
build: Move pam_wrapper to third_party
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
6f8e3f7c by Andreas Schneider at 2017-11-25T14:13:23+01:00
python:tests: Create a test user for the dsdb test
We should never taint the Administrator account as we don't shut down
target envionments!
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Sat Nov 25 14:13:24 CET 2017 on sn-devel-144
- - - - -
aace1f83 by Volker Lendecke at 2017-11-27T04:51:59+01:00
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Mon Nov 27 04:51:59 CET 2017 on sn-devel-144
- - - - -
eb6dd7dc by Ralph Boehme at 2017-11-27T22:08:17+01:00
s3/smbstatus: add a NULL check
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
81e9ae13 by Ralph Boehme at 2017-11-27T22:08:17+01:00
smbstatus: correctly denote not fully authenticated sessions
Currently for sessions where authentication is still in progress we
print uid and gid as -1.
With this change we nicely list them like this:
PID Username Group Machine Protocol Version ....
6604 (auth in progress) 127.0.0.1 (ipv4:127.0.0.1:47930) SMB3_11 ....
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1fc10354 by Ralph Boehme at 2017-11-27T22:08:17+01:00
s3/loadparm: allocate a fresh sDefault object per lp_ctx
This is in preperation of preventing direct access to sDefault in all
places that currently modify it.
As currently s3/loadparm is afaict not accessing lp_ctx->sDefault, but
changes sDefault indirectly through lp_parm_ptr() this change is just a
safety measure to prevent future breakage.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ea4e6f95 by Ralph Boehme at 2017-11-27T22:08:17+01:00
s3/loadparm: ensure default service options are not changed
Rename sDefault to _sDefault and make it const. sDefault is make a copy
of _sDefault in in the initialisation function lp_load_ex().
As we may end up in setup_lp_context() without going through
lp_load_ex(), sDefault may still be uninitialized at that point, so I'm
initializing lp_ctx->sDefault from _sDefault.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
deaaff68 by Ralph Boehme at 2017-11-28T02:02:37+01:00
s3/loadparm: don't mark IPC$ as autoloaded
A related problem that affects configuration for the hidden IPC$
share. This share is marked a "autoloaded" and such shares are not
reloaded when requested. That resulted in the tcon to IPC$ still using
encrpytion after running the following sequence of changes:
1. stop Samba
2. set [global] smb encrypt = required
3. start Samba
4. remove [global] smb encrypt = required
5. smbcontrol smbd reload-config
6a bin/smbclient -U slow%x //localhost/raw -c quit, or
6b bin/smbclient -U slow%x -mNT1 //localhost/raw -c ls
In 6a the client simply encrypted packets on the IPC$ tcon. In 6b the
client got a tcon failure with NT_STATUS_ACCESS_DENIED, but silently
ignore the error.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Nov 28 02:02:37 CET 2017 on sn-devel-144
- - - - -
bfafabfb by Andreas Schneider at 2017-11-28T11:37:06+01:00
s4:samba: Do not segfault if we run into issues
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8736013d by Andreas Schneider at 2017-11-28T11:37:06+01:00
s4:samba: Allow samba daemon to run in foreground
We are passing the no_process_group to become_daemon() that setsid() is
not called. In case we are double forking, we run in SysV daemon mode,
setsid() should be called!
See:
https://www.freedesktop.org/software/systemd/man/daemon.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8b6f5819 by Andreas Schneider at 2017-11-28T15:31:27+01:00
systemd: Start processes in forground and without a process group
We should not double fork in notify mode or systemd think something
during startup will be wrong and send SIGTERM to the process. So
sometimes the daemon will not start up correctly.
systemd will also handle the process group.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Nov 28 15:31:27 CET 2017 on sn-devel-144
- - - - -
06542b2c by Ralph Boehme at 2017-11-29T04:35:24+01:00
selftest: reorder arguments for fruit tests
This just puts the auth option first matching the first test with the
"vfs_fruit" share directly above the modified lines.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3c1bdafd by Ralph Boehme at 2017-11-29T04:35:24+01:00
selftest: add localdir option to fruit subtests
A subsequent commits modifies an existing tests that needs $localdir to
also run against "vfs_fruit_metadata_stream" and
"vfs_fruit_stream_depot". This reveals test failures, those will be
fixed in a subsequent commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
75a3c0f3 by Ralph Boehme at 2017-11-29T04:35:24+01:00
s4/torture: rework stream names tests usage of local xattr call
Previously this test, that tests for correct conversion of ':' in stream
names, only worked with streams_xattr with "fruit:metadata" set to
"netatalk".
In order to have test coverage for fruit shares with other configs,
split the test into two:
one test creates the stream over SMB and run against all shares, the
other one is the unmodified existing test and is only run against the
share with streams_xattr and fruit:metadata=netatalk.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9af9c5c0 by Ralph Boehme at 2017-11-29T04:35:24+01:00
s4/torture: use torture_assert_goto in a vfs.fruit test
No change in behavior.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e28dd6a0 by Ralph Boehme at 2017-11-29T04:35:24+01:00
selftest: run AppleDouble sidecar-file conversion test runs against all fruit shares
This needs for work in all possible fruit configs, so test it.
This currently fails with stream_depot, as we don't propely copy over
the resourcefork data from the ._ file to the stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ac880848 by Ralph Boehme at 2017-11-29T04:35:24+01:00
s4/torture: let write_stream() deal with stream=NULL
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3f9b45a4 by Ralph Boehme at 2017-11-29T04:35:24+01:00
selftest: add "fruit:veto_appledouble = no" to fruit shares
This is needed for a subsequent commit that modifies an existing test to
write a ._ file over SMB instead of using the ugly local creation hack.
SMB acces of ._ files requires "fruit:veto_appledouble = no", so let's
set it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ebbffd80 by Ralph Boehme at 2017-11-29T04:35:25+01:00
s4/torture: fruit: remove use of localdir from test_adouble_conversion test
The previous use of localdir and torture_setup_local_file() was
motivated by the fact that by default vfs_fruit rejects access to files
with a "._" prefix.
Since a previous commit allowed SMB access to ._ files, rewrite the
test_adouble_conversion() test to create the ._ AppleDouble file over
SMB.
This also renders torture_setup_local_file() obsolete.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7b00b558 by Ralph Boehme at 2017-11-29T04:35:25+01:00
s4/torture: fruit: in test_adouble_conversion() also check stream list and AFPINFO_STREAM
This reveals that the conversion doesn't work properly with
fruit:metadata=stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
84976cb6 by Ralph Boehme at 2017-11-29T04:35:25+01:00
vfs_fruit: add AfpInfo prototypes
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1da17204 by Ralph Boehme at 2017-11-29T08:38:06+01:00
vfs_fruit: proper VFS-stackable conversion of FinderInfo
This fixes the problem that conversion failed with
fruit:metadata=stream. Before we were calling ad_set() which stores the
metadata in the Netatalk compatible format.
Rewrite to fully go through the VFS by calling SMB_VFS_CREATE_FILE() and
SMB_VFS_PWRITE().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Nov 29 08:38:06 CET 2017 on sn-devel-144
- - - - -
06859547 by Uri Simchoni at 2017-11-29T12:50:49+01:00
pam_winbind: avoid non-literal-format warning
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Nov 29 12:50:49 CET 2017 on sn-devel-144
- - - - -
e9e4cd4d by Timur I. Bakeyev at 2017-11-29T12:52:28+01:00
Fix typo in the "wide links" description for the getwd cache.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12934
Signed-off-by: Timur I. Bakeyev <timur at iXsystems.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
- - - - -
8034b88d by Timur I. Bakeyev at 2017-11-29T12:52:28+01:00
Add vfs_zfsacl manpage to the list of manpages if we have this module enabled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12934
Signed-off-by: Timur I. Bakeyev <timur at iXsystems.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
- - - - -
3e43f80a by Timur I. Bakeyev at 2017-11-29T16:58:32+01:00
Replace tabs with spaces to comply with PEP8, reorder list of manpages in the alphanumeric sort order.
Signed-off-by: Timur I. Bakeyev <timur at iXsystems.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
Autobuild-User(master): Uri Simchoni <uri at samba.org>
Autobuild-Date(master): Wed Nov 29 16:58:32 CET 2017 on sn-devel-144
- - - - -
a8e0bdc9 by Ralph Boehme at 2017-11-29T16:59:15+01:00
winbindd: restore SEC_CHAN_NULL fallback in cm_connect_netlogon_transport
This partially reverts commit d7e31d9f4d9ce7395e458ac341dd83ac06255a20
"winbindd: Use rpccli_connect_netlogon" and restores handling of SEC_CHAN_NULL.
Without this we fail to enumerate domains in trusted forests so users
from any child-domain (or tree-root) in the trusted forest can't login
via eg SMB.
This is a temporary hack that will go away once we get rid of the trusted domain
list.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13167
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
96b44e9d by Ralph Boehme at 2017-11-29T16:59:15+01:00
s3/cli_netlogon: remove SEC_CHAN_NULL fallback from rpccli_connect_netlogon()
The caller should handle secure-channel-type SEC_CHAN_NULL. The previous
commit already added handling of SEC_CHAN_NULL to
cm_connect_netlogon_transport.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13167
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1ce165a7 by Ralph Boehme at 2017-11-29T16:59:15+01:00
winbindd: let normalize_name_map() call find_domain_from_name_noinit()
Let normalize_name_map fetch the domain itself with
find_domain_from_name_noinit().
This removes two calls to find_domain_from_name_noinit() in the default
configuration of "winbind normalize names = no". The domain is only need
in normalize_name_map if "winbind normalize names" is enabled.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4e86c322 by Volker Lendecke at 2017-11-29T16:59:15+01:00
smbd: Avoid using dbwrap_watched_watch_recv's prec argument
This is the only user of the "prec" argument of
dbwrap_watched_watch_recv. The next patch will remove this
functionality, as it's easily replaced here.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2f8055f6 by Volker Lendecke at 2017-11-29T16:59:15+01:00
dbwrap_watch: Remove the "prec" parameter from watch_recv
The initial idea was to have some "atomicity" in this API. Every
caller interested in a record would have to do something with
it once it changes. However, only one caller really used this
feature, and that is easily changed to not use it. So
remove the complexity.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
805ae8a4 by Volker Lendecke at 2017-11-29T16:59:15+01:00
lib: Pass in "strv_len" to strv_valid_entry
Preparation for a later commit
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
8e824ad6 by Volker Lendecke at 2017-11-29T16:59:15+01:00
lib: Only call strlen if necessary in strv
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
71e255fd by Volker Lendecke at 2017-11-29T16:59:16+01:00
lib: Allow parsing a strv from a non-talloc const buf
This will allow parsing a tdb record without having to talloc_memdup it
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
089cb9e2 by Volker Lendecke at 2017-11-29T16:59:16+01:00
lib: Pass blob instead of &blob to gencache_set_data_blob
Passing a whole DATA_BLOB is cheap enough to simplify the callers: A caller
does not have to create a separate variable.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3e556bf3 by Volker Lendecke at 2017-11-29T16:59:16+01:00
lib: Add namemap_cache
A few functions to maintain lookupname and lookupsid cache in gencache.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
19afcd0e by Volker Lendecke at 2017-11-29T16:59:16+01:00
net: Parse namemap_cache in "net cache list"
namemap_cache.c saves these as strv lists: An array of 0-terminated strings.
"net cache list" only printfs the values, so they would be cut off.
We might want to do this with other gencache values too in the future.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9789dbd7 by Volker Lendecke at 2017-11-29T16:59:16+01:00
torture3: Test namemap_cache
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
650f29e2 by Volker Lendecke at 2017-11-29T16:59:16+01:00
winbindd: Factor out winbindd_domain_init_backend from get_cache()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
80506136 by Volker Lendecke at 2017-11-29T16:59:16+01:00
winbindd: Move name<->sid cache to gencache
The mapping from name to sid and vice versa has nothing to
do with a specific domain. It is publically available. Thus put
it into gencache without referring to the domain this was
retrieved from
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
926b8be2 by Volker Lendecke at 2017-11-29T20:57:25+01:00
winbindd: Name<->SID cache is not sequence number based anymore
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Nov 29 20:57:25 CET 2017 on sn-devel-144
- - - - -
3048ae31 by Noel Power at 2017-11-29T21:48:17+01:00
s3:libads: net ads keytab list fails with "Key table name malformed"
When keytab_name is NULL don't call smb_krb5_kt_open use ads_keytab_open
instead, this function will determine the correct keytab to use.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13166
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4be05c83 by Noel Power at 2017-11-29T21:48:17+01:00
testprogs: Test net ads keytab list
Test that correct keytab is picked up.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13166
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9f9c5d33 by Noel Power at 2017-11-30T01:47:24+01:00
testprogs: Fix a typo in the net ads test
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Nov 30 01:47:24 CET 2017 on sn-devel-144
- - - - -
5c8032b6 by Jeremy Allison at 2017-11-30T05:47:10+01:00
s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv().
cli_smb2_close_fnum_recv() uses tevent_req_simple_recv_ntstatus(req), which
frees req, then uses the state pointer which was owned by req.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13171
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Nov 30 05:47:12 CET 2017 on sn-devel-144
- - - - -
3e4286ec by Andrew Bartlett at 2017-11-30T05:48:34+01:00
torture: Use torture_assert{,_int_equal}_goto() in smb2.kernel-oplocks
This allows this test to be added as flapping.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
27bb8814 by Andrew Bartlett at 2017-11-30T09:47:22+01:00
selftest: mark samba3.smb2.kernel-oplocks as flapping
This flaps on sn-devel occaionally, and more often elsewhere
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Nov 30 09:47:22 CET 2017 on sn-devel-144
- - - - -
2b253f6b by Amitay Isaacs at 2017-11-30T11:34:20+01:00
ctdb-takeover: Refactor code to send tickle lists for all public IPs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13154
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
73e261b4 by Amitay Isaacs at 2017-11-30T11:34:20+01:00
ctdb-takeover: Send tcp tickles immediately on STARTUP control
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13154
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
d7a5cd58 by Amitay Isaacs at 2017-11-30T15:29:48+01:00
ctdb-daemon: Send STARTUP control after startup event
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13154
STARTUP control is primarily used to synchronise tcp tickles from running
nodes to a node which has just started up. Earlier STARTUP control was
sent (using BROADCAST_ALL) after setup event. Once the other nodes in
the cluster connected to this node, the queued up messages would be sent
and the tcp tickles would get synchronised.
Recent fix to drop messages to disconnected or not-yet-connected nodes,
the STARTUP control was never sent to the remote nodes and the tcp
tickles did not get synchronised.
To fix this problem send the STARTUP control (using BROADCAST_CONNECTED)
after startup event. By this time all the running nodes in the cluster
are connected.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Thu Nov 30 15:29:48 CET 2017 on sn-devel-144
- - - - -
8448dcaa by Jeremy Allison at 2017-11-30T15:30:23+01:00
s3: client: Rename <oldname> to <link_target> in cmd_symlink() and cli_posix_symlink().
Stops us from mixing up the old and new names. Only behavior change
is correcting the names printed in the error messages.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13172
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
abbc9b9a by Jeremy Allison at 2017-11-30T15:30:23+01:00
s3: libsmb: Fix reversing of oldname/newname paths when creating a reparse point symlink on Windows from smbclient.
This happened as smbd doesn't support reparse points so we couldn't test.
This was the reverse of the (tested) symlink parameters in the unix extensions
symlink command.
Rename parameters to link_target instead of oldname so this is clearer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13172
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
54b3706a by Jeremy Allison at 2017-11-30T19:32:21+01:00
WHATSNEW: Explain reversal of smbclient symlink parameters against Windows server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13172
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Nov 30 19:32:21 CET 2017 on sn-devel-144
- - - - -
8860f501 by Karolin Seeger at 2017-12-01T23:46:13+01:00
WHATSNEW: Remove old entry about accelerated AES
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
bfd063d7 by Karolin Seeger at 2017-12-01T23:46:13+01:00
WHATSNEW: Add new smb.conf parameter
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9f83d435 by Jeremy Allison at 2017-12-01T23:46:14+01:00
s4: torture: Fix race condition in test_smb2_kernel_oplocks8.
The child process gets the kernel lease and then notifies
the parent process to continue by writing a byte up a pipe.
It then sets the alarm and calls pause() to wait for the
parent process to contact the smbd and get it to trigger
the break request using an open call.
It is possible for the parent to run and trigger the break
request after the child has written to the pipe, but *before*
the child calls pause(). We then miss the signal notifying
the child to break the lease.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13121
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
d80b8f29 by Jeremy Allison at 2017-12-02T03:50:39+01:00
Revert "selftest: mark samba3.smb2.kernel-oplocks as flapping"
The correct fix is in the previous commit, to block the
RT_SIGNAL_LEASE until we're ready to receive it.
This reverts commit 27bb8814a526adbd22452ce58754d18e1b00d426.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Dec 2 03:50:39 CET 2017 on sn-devel-144
- - - - -
2dac8eb2 by Volker Lendecke at 2017-12-05T00:56:12+01:00
messaging_dgm: Protect against fork without reinit
In the wake of bug 13150 we've discussed that this could happen even
without clustering. This adds code to make sure that whenever messaging
is used the pid and the files used match.
It's pretty heavy-weight, thus I made it DEVELOPER only. My gut feeling
is that the getsockname is cheap, but the stat call might be a bit too
expensive.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
fc2f0023 by Volker Lendecke at 2017-12-05T00:56:12+01:00
messaging: Remove the "n_sent" arg from message_send_all
The only user of this is an informative message in smbcontrol. I don't think
that's worth the effort.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6b5b999d by Volker Lendecke at 2017-12-05T00:56:12+01:00
messaging: Add messaging_dgm_forall
This factors out the traversal function from _wipe. It will be used to
replace message_send_all soon.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
05647d47 by Volker Lendecke at 2017-12-05T00:56:12+01:00
messaging_dgm: Use messaging_dgm_forall in dgm_wipe
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e8ac34d3 by Volker Lendecke at 2017-12-05T00:56:12+01:00
smbcontrol: Use messaging_dgm_forall
Doing stacktraces can be done locally only anyway
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c9022d59 by Volker Lendecke at 2017-12-05T00:56:12+01:00
net: Remove "net serverid wipe"
This used to be a hygiene command for clustered node startup. In
clustered mode, CLEAR_IF_FIRST does not work, records can stay alive
by means of recovery. serverid.tdb will soon die, so remove this
command.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2dfabd85 by Volker Lendecke at 2017-12-05T00:56:12+01:00
net: Remove "net serverid list"
Traversing a clustered tdb is a pretty expensive operation. If someone
really needs this command-line interface, we can re-add it for the local
node using messaging_dgm_forall. If someone needs that globally, there's
the "onnode all" script that could be used. Alternatively, we could
implement an enhanced ping broadcast message also returning a processes
unique id.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
84fd51ba by Volker Lendecke at 2017-12-05T00:56:12+01:00
messaging: Remove an unused #define
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
2fdde4a0 by Volker Lendecke at 2017-12-05T00:56:12+01:00
messaging: Always register CTDB_SRVID_SAMBA_PROCESS
This will be used to broadcast to all processes, avoiding the costly
traverse of serverid.tdb.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
77cccbc6 by Volker Lendecke at 2017-12-05T00:56:13+01:00
lib: Add messaging_send_all
This will replace message_send_all. With messaging_dgm_forall we have
a local broadcast mechanism, and ctdb can also broadcast
everywhere. So there's no need for a separate traverse/send mechanism.
There's no good error reporting mechanism for broadcasting, so make
this function void.
This drops the message_type filtering. I believe that this does not matter in
practice, since messaging is a lot cheaper with dgm instead of the old tdb
based messaging. If someone presents a use case where this matters, nowadays
I'd much rather extend the messaging_dgm lock file format (where the unique id
lives right now) with the filter bits.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6423ca4b by Volker Lendecke at 2017-12-05T00:56:13+01:00
lib: Use messaging_send_all instead of message_send_all
Just a global search&replace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
41cfc737 by Volker Lendecke at 2017-12-05T04:58:26+01:00
lib: Remove unused serverid.tdb
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Dec 5 04:58:26 CET 2017 on sn-devel-144
- - - - -
26f01f37 by Jeremy Allison at 2017-12-05T08:55:44+01:00
s3: test_smbclient_s3: Correctly set and unset TZ variable for test.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Dec 5 08:55:44 CET 2017 on sn-devel-144
- - - - -
75a87098 by Volker Lendecke at 2017-12-05T17:54:18+01:00
WHATSNEW: Mention removed net serverid subcommands
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Dec 5 17:54:18 CET 2017 on sn-devel-144
- - - - -
c39d3fcb by David Disseldorp at 2017-12-05T23:43:20+01:00
vfs: return type via VFS_ADD_FSP_EXTENSION
The type is passed in as a parameter, so should be used to properly type
the returned pointer, instead of using a void *.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
9e1f792b by David Disseldorp at 2017-12-06T03:43:48+01:00
vfs: drop casts for VFS_ADD_FSP_EXTENSION() callers
VFS_ADD_FSP_EXTENSION() now returns a properly typed pointer.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Dec 6 03:43:48 CET 2017 on sn-devel-144
- - - - -
f29b5923 by Jeremy Allison at 2017-12-06T15:02:16+01:00
s3: libsmb: Rename cli_close_create() -> cli_smb1_close_create().
Move cli_smb1_close_done() next to its caller. This is SMB1 specific.
Prepare to wrap cli_close_send/cli_close_recv to handle SMB2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13159
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
1b6e8e52 by Jeremy Allison at 2017-12-06T15:02:16+01:00
s3: libsmb: Make cli_close_send()/cli_close_recv() work for SMB1 and SMB2.
Remove the escape into synchronous smb2 code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13159
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4581bfe7 by Jeremy Allison at 2017-12-06T15:02:16+01:00
s3: libsmb: Add SMB2 calls cli_smb2_set_reparse_point_fnum_send()/cli_smb2_set_reparse_point_fnum_recv().
Allow reparse points to be created over SMB2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13159
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
cd0e0b11 by Jeremy Allison at 2017-12-06T15:02:16+01:00
s3: libsmb: Plumb in the new SMB2 reparse point calls into the cli_symlink_create_XXX() calls.
Reparse point symlinks can now be created over SMB1 and SMB2 from
smbclient.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13159
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
eb3028a4 by Jeremy Allison at 2017-12-06T15:02:16+01:00
s3: libsmb: Do a naive response to SMB2 "stopped on symlink". Assume the last component was the reparse point.
Attempt re-open with FILE_OPEN_REPARSE_POINT. This matches the SMB1
behavior for smbclient.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13159
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
- - - - -
a373a8a5 by Jeremy Allison at 2017-12-06T15:02:16+01:00
s3: libsmb: Add SMB2 calls cli_smb2_get_reparse_point_fnum_send()/cli_smb2_get_reparse_point_fnum_recv().
Allow reparse points to be queried over SMB2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13159
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a8529261 by Jeremy Allison at 2017-12-06T19:05:34+01:00
s3: libsmb: Plumb in the new SMB2 get reparse point calls into the cli_readlink_XXXX() calls.
Reparse point symlinks can now be queried over SMB1 and SMB2 from smbclient.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13159
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Dec 6 19:05:34 CET 2017 on sn-devel-144
- - - - -
6015cfad by Björn Baumbach at 2017-12-06T19:06:21+01:00
third_party: Link th aesni-intel library with -z noexecstack
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13174
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
e7e68958 by Andreas Schneider at 2017-12-06T19:06:21+01:00
third_party: Fix a typo in the option name
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13174
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
19606e4d by Andreas Schneider at 2017-12-06T19:06:21+01:00
third_party: Update socket_wrapper to version 1.1.9
* Fixed thread - signal deadlock issue
* Added support for openat()
* Added support for open64() and fopen64()
* Always turn on logging
* Increased maximum of wrapped interfaces to 64
* Improved fd duplication code
* Fixed strict-aliasing issues
* Fixed some use after free issues
* Fixed issues on ppc64le
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
183e5d1e by Stefan Metzmacher at 2017-12-06T19:06:21+01:00
HEIMDAL:kdc: fix dh->q allocation check in get_dh_param()
Thanks to Doug Nazar <nazard at nazar.ca> for spotting this!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from heimdal commit a79b59ba27070a015479e8d981b7e685dbe34310)
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
aaa946bb by Stefan Metzmacher at 2017-12-06T23:16:54+01:00
s4:kdc: only map SDB_ERR_NOT_FOUND_HERE to HDB_ERR_NOT_FOUND_HERE
HDB_ERR_NOT_FOUND_HERE indicated a very specific error on an RODC.
We should not map any error to HDB_ERR_NOT_FOUND_HERE,
we should just pass errors along unmapped.
Otherwise we'll hit the logic bug in:
if (ret == KDC_PROXY_REQUEST) {
uint16_t port;
if (!sock->kdc_socket->kdc->am_rodc) {
DEBUG(0,("kdc_udp_call_loop: proxying requested when not RODC"));
talloc_free(call);
goto done;
}
And just don't send an error message to the client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13132
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Dec 6 23:16:54 CET 2017 on sn-devel-144
- - - - -
949ccc3e by Christof Schmitt at 2017-12-08T09:43:12+01:00
pthreadpool: Move creating of thread to new function
No functional change, but this simplifies error handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
065fb5d9 by Christof Schmitt at 2017-12-08T09:43:12+01:00
pthreadpool: Undo put_job when returning error
When an error is returned to the caller of pthreadpool_add_job, the job
should not be kept in the internal job array. Otherwise the caller might
free the data structure and a later worker thread would still reference
it.
When it is not possible to create a single worker thread, the system
might be out of resources or hitting a configured limit. In this case
fall back to calling the job function synchronously instead of raising
the error to the caller and possibly back to the SMB client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
8e17be1c by Christof Schmitt at 2017-12-08T09:43:12+01:00
wscript: Add check for --wrap linker flag
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
8cdb3995 by Christof Schmitt at 2017-12-08T13:54:20+01:00
pthreadpool: Add test for pthread_create failure
This is implemented using cmocka and the __wrap override for
pthread_create.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170
Signed-off-by: Christof Schmitt <cs at samba.org
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Fri Dec 8 13:54:20 CET 2017 on sn-devel-144
- - - - -
b8d0602e by Andrew Bartlett at 2017-12-08T21:47:55+01:00
selftest: Rework samba.dsdb locking test to samba.dsdb_lock
This avoids running the test while samba is modifying and locking the same database,
as this can lead to a deadlock.
The deadlock is not seen in production as the LDB read lock is not held while
waiting for another process, but this test needs to do this to demonstrate
the locking safety.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Dec 8 21:47:55 CET 2017 on sn-devel-144
- - - - -
18307f87 by Kevin Anderson at 2017-12-08T22:58:17+01:00
Add mdns name configuration option
Add the mdns name configuration variable to control the mdns hostname.
The default is to use the NETBIOS name of the system to match previous
versions which is typically the hostname in all capitals. A value of mdns
can be provided to defer the hostname to the mdns library.
With the recent patch to support time machine being merged this patch
allows for a user to configure the server name that is advertised to
be lower cased through Avahi advertisements.
Signed-off-by: Kevin Anderson <andersonkw2 at gmail.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ad0d2756 by Andreas Schneider at 2017-12-08T22:58:17+01:00
s3:winbindd: Use a stackframe for memory management in _wbint_QueryGroupList
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
25a40782 by Jeremy Allison at 2017-12-08T22:58:17+01:00
s3: test_smbclient_s3: Fix restore of TZ.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
1cbbe18c by Jamie McClymont at 2017-12-09T02:56:18+01:00
s3-selftest: fix creation of large file
The dd command was skipping the first 20MB of /dev/zero then writing only one,
while indending to create a 20MB sparse file.
Signed-off-by: Jamie McClymont <jamiemcclymont at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Dec 9 02:56:18 CET 2017 on sn-devel-144
- - - - -
f6858505 by Volker Lendecke at 2017-12-09T20:28:11+01:00
pthreadpool: Fix starvation after fork
After the race is before the race:
1) Create an idle thread
2) Add a job: This won't create a thread anymore
3) Immediately fork
The idle thread will be woken twice before it's actually woken up: Both
pthreadpool_add_job and pthreadpool_prepare_pool call cond_signal, for
different reasons. We must look at pool->prefork_cond first because otherwise
we will end up in a blocking job deep within a fork call, the helper thread
must take its fingers off the condvar as quickly as possible. This means that
after the fork there's no idle thread around anymore that would pick up the job
submitted in 2). So we must keep the idle threads around across the fork.
The quick solution to re-create one helper thread in pthreadpool_parent has a
fatal flaw: What do we do if that pthread_create call fails? We're deep in an
application calling fork(), and doing fancy signalling from there is really
something we must avoid.
This has one potential performance issue: If we have hundreds of idle threads
(do we ever have that) during the fork, the call to pthread_mutex_lock on the
fork_mutex from pthreadpool_server (the helper thread) will probably cause a
thundering herd when the _parent call unlocks the fork_mutex. The solution for
this to just keep one idle thread around. But this adds code that is not
strictly required functionally for now.
More detailed explanation from Jeremy:
First, understanding the problem the test reproduces:
add a job (num_jobs = 1) -> creates thread to run it.
job finishes, thread sticks around (num_idle = 1).
num_jobs is now zero (initial job finished).
a) Idle thread is now waiting on pool->condvar inside
pthreadpool_server() in pthread_cond_timedwait().
Now, add another job ->
pthreadpool_add_job()
-> pthreadpool_put_job()
This adds the job to the queue.
Oh, there is an idle thread so don't
create one, do:
pthread_cond_signal(&pool->condvar);
and return.
Now call fork *before* idle thread in (a) wakes from
the signaling of pool->condvar.
In the parent (child is irrelevent):
Go into: pthreadpool_prepare() ->
pthreadpool_prepare_pool()
Set the variable to tell idle threads to exit:
pool->prefork_cond = &prefork_cond;
then wake them up with:
pthread_cond_signal(&pool->condvar);
This does nothing as the idle thread
is already awoken.
b) Idle thread wakes up and does:
Reduce idle thread count (num_idle = 0)
pool->num_idle -= 1;
Check if we're in the middle of a fork.
if (pool->prefork_cond != NULL) {
Yes we are, tell pthreadpool_prepare()
we are exiting.
pthread_cond_signal(pool->prefork_cond);
And exit.
pthreadpool_server_exit(pool);
return NULL;
}
So we come back from the fork in the parent with num_jobs = 1,
a job on the queue but no idle threads - and the code that
creates a new thread on job submission was skipped because
an idle thread existed at point (a).
OK, assuming that the previous explaination is correct, the
fix is to create a new pthreadpool context mutex:
pool->fork_mutex
and in pthreadpool_server(), when an idle thread wakes up and
notices we're in the prepare fork state, it puts itself to
sleep by waiting on the new pool->fork_mutex.
And in pthreadpool_prepare_pool(), instead of waiting for
the idle threads to exit, hold the pool->fork_mutex and
signal each idle thread in turn, and wait for the pool->num_idle
to go to zero - which means they're all blocked waiting on
pool->fork_mutex.
When the parent continues, pthreadpool_parent()
unlocks the pool->fork_mutex and all the previously
'idle' threads wake up (and you mention the thundering
herd problem, which is as you say vanishingly small :-)
and pick up any remaining job.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13179
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
53f7bbca by Volker Lendecke at 2017-12-09T20:28:11+01:00
pthreadpool: Add a test for the race condition fixed in the last commit
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13179
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b3d50723 by Andreas Schneider at 2017-12-10T00:46:26+01:00
s3:glock: Move sanity check in g_lock_parse()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Sun Dec 10 00:46:26 CET 2017 on sn-devel-144
- - - - -
07332867 by Gary Lockyer at 2017-12-10T00:47:29+01:00
tests dsdb: Add tests for optionally unique objectSID's
It is possible for foreign security principals to have duplicate object
sids, this can be the result of:
a replication race condition generating conflict resolution objects
or the foreign security principal being deleted and then re-added on a
join.
Rather than remove unique check on all objectSIDs we wish to allow
duplicate objectSIDs for foreign security principals. But enforce the
unique constraint for local objects.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13004
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
2599f291 by Gary Lockyer at 2017-12-10T00:47:29+01:00
ldb ldb_index: Add an attriubute flag to require a unique value.
Add attribute flag LDB_FLAG_INTERNAL_UNIQUE_VALUE, to request that the
added attribute is unique on the index.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13004
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
4d5da6c7 by Gary Lockyer at 2017-12-10T00:47:29+01:00
source4 dsdb modules: Add new module "unique_object_sids"
New module that sets the LDB_FLAG_INTERNAL_UNIQUE_VALUE on all local
objectSIDS and ensure it is cleared for any foreign security principals.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13004
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
704bbae2 by Gary Lockyer at 2017-12-10T00:47:29+01:00
source4 dsdb: Allow duplicate non local objectSIDs
Remove the unique constraint on the objectSID index, and enable the
unique_object_sids module.
This allows duplicate objectSIDs on foreign security principals, and
disallows duplicates for local objectSIDs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13004
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
698d28ee by Jamie McClymont at 2017-12-10T00:47:30+01:00
samba-tool: validate password early in `domain provision`
Checks password against default quality and length standards when it is entered,
allowing a second chance to enter one (if interactive), rather than running
through the provisioning process and bailing on an exception
Includes unit tests for the newly-added python wrapper of check_password_quality
plus black-box tests for the checks in samba-tool.
Breaks an openldap test which uses an invalid password.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9710
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12235
Signed-off-by: Jamie McClymont <jamiemcclymont at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
d2b9f18a by Jamie McClymont at 2017-12-10T00:47:30+01:00
tests: make password valid in openldap provision test
Test was using an invalid password, which causes test failure with early
password validation patch
Signed-off-by: Jamie McClymont <jamiemcclymont at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
2ab9847f by Puran Chand at 2017-12-10T04:56:23+01:00
Added smbc_SetLogCallback which lets third party code to capture libsmbclient logs
Signed-off-by: Puran Chand <pchand at vmware.com>
Reviewed-by: Garming Sam <garming at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sun Dec 10 04:56:23 CET 2017 on sn-devel-144
- - - - -
70f92025 by Zentaro Kavanagh at 2017-12-12T20:37:08+01:00
Remove unsupported colon from configure msg.
- When cross-compiling an answers file must be supplied via
--cross-compile --cross-answers=<path to answers>.
- The lines in the answer file have the form;
Config Msg: Answer
- The colon is used to delimit the msg and the answer when reading
the answers file.
- WAF doesn't support the message containing a colon.
- It's not possible to override this variable so cross compile fails.
Signed-off-by: Zentaro Kavanagh <zentaro at google.com>
Reviewed-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a3a4d9cc by Volker Lendecke at 2017-12-12T20:37:08+01:00
messaging: Don't do self-sends in messaging_send_all
This leads to cleanupd doing endless MSG_SMB_UNLOCK calls, as it triggers
itself in the send_all. This worked correctly before the serverid.tdb removal
because cleanupd did not register in serverid.tdb (which was a bug, but it
helped us there).
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5f31c911 by Volker Lendecke at 2017-12-12T20:37:08+01:00
messaging: Ignore messages from ourselves
For non-clustered messaging this should have never gone through the socket, we
should have caught it before in messaging_send_iov_from.
It can come in on a socket from ctdb when broadcasting in clustered mode. There
ctdb does the broadcasting.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
5a48f5b2 by Volker Lendecke at 2017-12-12T20:37:08+01:00
torture: Check messaging_send_all
We must make sure not to receive our own broadcast
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
3190cd15 by Volker Lendecke at 2017-12-12T20:37:08+01:00
smbd: Fix async large read
We also do the 128k reads asynchronously, just not the huge 24MB
ones. smb_setlen does not work well for >64k.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d25e6c34 by Volker Lendecke at 2017-12-12T20:37:08+01:00
vfs_aio_fork: Drop "volatile" from the mmap area in aio_fork
We don't do that in tdb either, and the mmap/memcpy prototypes don't
have it either
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f2dcec97 by Volker Lendecke at 2017-12-12T20:37:08+01:00
vfs_aio_fork: Fix a crash in aio_fork
Since the introduction of the vfs_aio_fork:erratic_testing_mode this
crashed reliably, as we had two different structs behind
SMB_VFS_HANDLE_SET_DATA. I had always believed that due to the fact that
we have specific aio_fork tests in our autobuild, this would have been
tested. But it was not, because the share definition missed the the "aio
read/write size = 1" to actually use the async code in vfs_aio_fork.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c73195ef by Volker Lendecke at 2017-12-12T20:37:08+01:00
vfs_aio_fork: Fix vfs_aio_pread
Copy the data that the child read into the caller's buffer. This can't
have been used in half a decade at least...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
4091179c by Volker Lendecke at 2017-12-12T20:37:08+01:00
vfs_aio_fork: Fix vfs_aio_pwrite
Make the data to write available to the child
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
18c2c591 by Volker Lendecke at 2017-12-12T20:37:08+01:00
vfs_aio_fork: Use a shorter random delay
Otherwise the rw2 test takes ages for no good reason
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
35eb4962 by Volker Lendecke at 2017-12-12T20:37:08+01:00
smbd: Enable async I/O by default
We've had this code in for long enough that we should enable it by default.
Modern clients do overlapping I/O, we should utilize that if possible.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
74aa416b by Volker Lendecke at 2017-12-12T20:37:08+01:00
pthreadpool: Simplify the logic in add_job a bit
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6c9ac731 by Volker Lendecke at 2017-12-13T00:44:56+01:00
pthreadpool: Add some asserts
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Dec 13 00:44:57 CET 2017 on sn-devel-144
- - - - -
dfc46706 by Volker Lendecke at 2017-12-13T04:46:12+01:00
pthreadpool: Fix deadlock
Christof's idea from
https://lists.samba.org/archive/samba-technical/2017-December/124384.html
was that the thread already exited. It could also be that the thread is
not yet idle when the new pthreadpool_add_jobs comes around the corner.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Wed Dec 13 04:46:12 CET 2017 on sn-devel-144
- - - - -
d2b14b75 by Andrew Bartlett at 2017-12-13T04:47:37+01:00
selftest: Fix flapping samba.dsdb test
The check for the final digit in the SID was wrong, any domain SID
ending with a zero would fail the test.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
- - - - -
2a8b5070 by Andrew Bartlett at 2017-12-13T08:47:05+01:00
selftest: Add cleanup of ForeignSecurityPrincipal in samba.dsdb test
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Dec 13 08:47:05 CET 2017 on sn-devel-144
- - - - -
495cc4ed by Amitay Isaacs at 2017-12-13T08:48:18+01:00
ctdb-build: Apply dependency to correct subsystem
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
43145c88 by Amitay Isaacs at 2017-12-13T08:48:18+01:00
ctdb-common: Avoid using void ** argument
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
cb5e6e8c by Amitay Isaacs at 2017-12-13T08:48:18+01:00
ctdb-client: Add async version for ctdb_client_init()
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
de3f0d88 by Amitay Isaacs at 2017-12-13T08:48:18+01:00
ctdb-recovery-helper: Deregister message handler in error paths
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13188
If PULL_DB control times out but the remote node is still sending the
data, then the tevent_req for pull_database_send will be freed without
removing the message handler. So when the data is received, srvid
handler will be called and it will try to access tevent_req which will
result in use-after-free and abort.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
- - - - -
9f4eda9c by Andrew Bartlett at 2017-12-13T13:03:16+01:00
selftest: Fix copyright header on samba.dsdb_lock
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13178
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Wed Dec 13 13:03:16 CET 2017 on sn-devel-144
- - - - -
00d30192 by Karolin Seeger at 2017-12-13T13:20:08+01:00
docs-xml/Makefile.settings.in: make sure we don't require network access
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9531
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
2abb55b7 by Stefan Metzmacher at 2017-12-13T13:20:08+01:00
docs-xml: autogenerate a doc.version XML entity.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9531
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Karolin Seeger <kseeger at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
fcaeffde by Karolin Seeger at 2017-12-13T17:22:01+01:00
docs-xml/manpages: Use new doc.version XML entity.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9531
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Dec 13 17:22:01 CET 2017 on sn-devel-144
- - - - -
fc5bdac5 by Bjoern Jacke at 2017-12-13T20:34:23+01:00
doc: move wins related man page to wins subdir
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
823f5c9a by Bjoern Jacke at 2017-12-13T20:34:23+01:00
doc: remove section on ancient history of the docs
This is quite historically, we should drop this.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f3a7c767 by Bjoern Jacke at 2017-12-13T20:34:23+01:00
doc: update and tidy up the main samba(7) man page
my favourite one here was "If you have access to a WWW viewer..." :)
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7bbec4d8 by Björn Jacke at 2017-12-13T20:34:23+01:00
s4: remove ipv6:enabled parameteric option
this was never disabling ipv6, only v6-only interfaces. This can be achieved
with the interfaces parameter also if wanted.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
16316e15 by Stefan Metzmacher at 2017-12-13T20:34:23+01:00
examples/scripts: remove unused shares directory
These scripts are not that useful anymore, as they rely
on parameters to be defined in loadparm.c
It's confusing to get 'git grep' matches for parameters there...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e7bc23e4 by Stefan Metzmacher at 2017-12-13T20:34:23+01:00
s3:auth: remove "map untrusted to domain" handling
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
443984b8 by Stefan Metzmacher at 2017-12-13T20:34:23+01:00
docs-xml: remove unused "map untrusted to domain" option
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
24ed4adf by Stefan Metzmacher at 2017-12-13T20:34:23+01:00
pdbtest: also verify the authentication path for local users via winbindd
This basically inlines the logic from the 'winbind_wbclient' backend,
which will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4e99b91b by Stefan Metzmacher at 2017-12-13T20:34:23+01:00
s4:selftest: remove samba.blackbox.pdbtest.s4winbind_wbclient test
The "winbind_wbclient" backend is unused and will be removed soon.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2c720b20 by Stefan Metzmacher at 2017-12-13T20:34:23+01:00
s4:selftest: remove samba.blackbox.pdbtest.s4winbind test
This is marked as knownfail for quite some time.
I don't think such a test is a reason to the 'auth methods' option.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
584ef261 by Stefan Metzmacher at 2017-12-13T20:34:24+01:00
s3:auth: remove lp_auth_methods() handling
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a382e05a by Stefan Metzmacher at 2017-12-13T20:34:24+01:00
s4:auth/ntlm: remove lpcfg_auth_methods() handling
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b681810d by Stefan Metzmacher at 2017-12-13T20:34:24+01:00
s4:auth_sam: remove unused 'sam_failtrusts' backend
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0b72d0b7 by Stefan Metzmacher at 2017-12-13T20:34:24+01:00
s4:auth_winbind: remove unused 'winbind_rodc' backend
This is no longer useful as the 'winbind' backend also
handles the rodc case now.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6fb5704c by Stefan Metzmacher at 2017-12-13T20:34:24+01:00
s4:auth_winbind: remove unused 'winbind_wbclient' backend
This is no longer useful as it doesn't support async requests.
It could be readded using pthreadpool_tevent_job_send()
and wbcCtxAuthenticateUserEx() if required.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e2a052b3 by Stefan Metzmacher at 2017-12-13T20:34:24+01:00
docs-xml: remove unused "auth methods" option
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ec646089 by Stefan Metzmacher at 2017-12-13T20:34:24+01:00
s3:auth: is_trusted_domain() is now only useful (and used as DC)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
df1a0607 by Stefan Metzmacher at 2017-12-13T20:34:24+01:00
tests/posixacl.py: remove useless 'profile acls' based test
test_setntacl_smbd_dont_invalidate_getntacl_smbd() is basically
the same as test_setntacl_smbd_getntacl_smbd()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5dd30792 by Stefan Metzmacher at 2017-12-13T20:34:24+01:00
s3:smbd: remove deprecated handling of "profile acls = yes"
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
19ba1b75 by Stefan Metzmacher at 2017-12-13T20:34:24+01:00
docs-xml: remove deprecated 'profile acls' option
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
e8b801da by Stefan Metzmacher at 2017-12-14T00:40:31+01:00
WHATSNEW: document the removal of 'auth methods', 'map untrusted to domain' and 'profile acls'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Dec 14 00:40:31 CET 2017 on sn-devel-144
- - - - -
4ea7aa92 by Andrew Bartlett at 2017-12-14T08:20:14+01:00
ldb: Show the last successful DN when failing to parse LDIF
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
07f094f6 by Garming Sam at 2017-12-14T08:20:14+01:00
flags.h: Introduce the 2016 function level constant
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f4286f35 by Garming Sam at 2017-12-14T08:20:14+01:00
typo: Change case to match DN
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ed6a3ddb by Garming Sam at 2017-12-14T08:20:14+01:00
ms_schema: Allow for CN=X and DC=X replacements
These occur in the newer 2012 and 2016 schemas.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0f6e52a2 by Garming Sam at 2017-12-14T08:20:14+01:00
schema: 2012 and 2012 R2 AD schema attributes and classes
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3257c7f6 by Garming Sam at 2017-12-14T08:20:15+01:00
ms_schema: Properly handle base64 encoded attributes
There used to be a special case for omobjectclass, but now there is just
generic handling for such attributes.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d9c6f478 by Garming Sam at 2017-12-14T08:20:15+01:00
objectclass: Ensure that backlinks are not replicated
Adprep schema adds backlinks, but they do not have the NOT_REPLICATED
bit. We need to force this in locally to ensure we have it.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d66cbca4 by Garming Sam at 2017-12-14T08:20:15+01:00
adprep: Add the LDF data needed to upgrade to 2012R2 schema
This patch adds the LDF files corresponding to the changes that the
Windows Adprep.exe tool makes when upgrading a AD schema to Windows
2012R2.
This is based on information Microsoft has made public on github
(Schema-Updates.md - see the README.txt for more details).
The LDF files 48-56 are for upgrading to Windows Server 2012, and 57-69
are for Windows Server 2012 R2.
Unfortunately, the raw LDF information from Microsoft wasn't enough to
get the schema working. The .diff files contain changes we needed to
make on top of the raw LDF content from Microsoft.
The basic steps to regenerate the .LDF files are documented in the
README.txt file. The files used to generate the .LDF files are in the
WindowsServerDocs/ sub-directory. (The .LDF generation is done at runtime
during provision).
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2650e925 by Garming Sam at 2017-12-14T08:20:15+01:00
schema: Allow schemaUpdateNow to refresh schema during a transaction
When we upgrade a schema from 2008R2 to 2012R2, we want to apply all the
changes in a single transaction - if we can't apply all the updates then
we don't want to be left with a schema halfway in between the two.
However, as we apply each LDIF update, we also want to refresh the
schema. There are 2 reasons for this:
1. The adprep .LDIF files provided by Microsoft have some writes to
schemaUpdateNow in them.
2. Microsoft uses attribute OIDs in their adprep .LDIF files, which
Samba doesn't handle so well. However, we can replace the OIDs with the
attribute's ldapDisplayName and they work fine. But to do this, we need
to query the schema to map the OID to attribute name. And to query the
schema successfully, the schema needs to be refreshed after the new
attribute object has been added.
Basically this patch avoids bailing out during the dsdb_schema_refresh()
if we are writing schemaUpdateNow as part of a larger transaction.
Pair-programmed-with: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
580e6bab by Tim Beale at 2017-12-14T08:20:15+01:00
domain.py: Add schema upgrade option to samba-tool
Microsoft has published the Schema updates that its Adprep.exe tool
applies when it upgrades a 2008R2 schema to 2012R2.
This patch adds an option to samba-tool to go through these update files
and apply each change one by one. Along the way we need to make a few
changes to the LDIF operations, e.g. change 'ntdsschemaadd' to 'add' and
so on.
The bulk of the changes involve parsing the .ldif file and separating
out each update into a separate operation.
There are a couple of errors that we've chosen to ignore:
- Trying to set isDefunct for an object we don't know about.
- Trying to set a value for an attribute OID that we don't know about
(we may need to fix this in future, but it'll require some help from
Microsoft about what the OIDs actually are).
To try to make life easier, I've added a ldif_schema_update helper
class. This provides convenient access of the DN the change applies to
and other such details (whether it's setting isDefunct, etc).
Pair-programmed-with: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f9059c7c by Tim Beale at 2017-12-14T08:20:15+01:00
domain.py: Make schemaupgrade option work regardless of config
Currently the 'samba-tool domain schemaupgrade' command will only work
if the Samba config has the non-default option 'dsdb:schema update
allowed = yes'. The whole point of running this samba-tool option is to
upgrade the schema, so it would seem to make sense to bypass the setting
temporarily, in order to apply the schema updates successfully.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9327c5a3 by Tim Beale at 2017-12-14T08:20:15+01:00
domain.py: Add a schemaupgrade option to apply missing 2008R2 schema
We've identified some cases where we've gotten our implementation of the
2008R2 schema wrong. We can fix these up for new provisions going
forward, but it'd be nice to have some way of fixing up the schema on
existing DCs.
A lot of what we're missing is already documented in Microsoft's
Sch45.ldf file:
https://technet.microsoft.com/en-us/library/dd378890(v=ws.10).aspx
Unfortunately we can't just apply the Sch45.ldf file using the existing
'samba-tool domain schema-upgrade' option because:
- We have got some of the Sch45.ldf changes, just not all of them.
- We already say the Samba schema objectVersion is 47 (2008R2), so
there's no way to tell if the Samba instance does or doesn't have the
missing changes (apart from querying each change).
We may want to add this to dbcheck eventually, but the simplest
implementation option for now is to extend the new schemaupgrade command
to allow us to specify a particular .LDF file to apply.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7bc9c200 by Andrew Bartlett at 2017-12-14T08:20:15+01:00
provision: Import extended rights schema from MS-ADTS v47.0
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
7fad4896 by Andrew Bartlett at 2017-12-14T08:20:15+01:00
provision: Remove section numbers from extended rights, replace with dn
This makes this file more like LDIF so we can process it automatically as well as
use it as a text document.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
67210522 by Andrew Bartlett at 2017-12-14T08:20:15+01:00
provision: Reformat appliesTo in Extended Rights into LDIF
We remove comments about Schema 45 and earlier as this is the base
level that Samba supports. A future commit will move to a
machine-parsable flag for the 2012 schema and remove the 2016 elements.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
593a8456 by Andrew Bartlett at 2017-12-14T08:20:15+01:00
provision: Align extended-rights.ldif with the adprep LDIF for 2012R2
This removes the additional rights for 2016 and flags the 2012R2 changes to allow
the same file to be used to produce a 2008R2 or 2012R2 domain
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
9840ee76 by Andrew Bartlett at 2017-12-14T08:20:15+01:00
provision: Fill in validAccesses in extended-rights.ldif for Control Access Rights
MS-ATDS 5.1.3.2.1 Control Access Rights specifies the value of RIGHT_DS_CONTROL_ACCESS which is
256 (0x100) per 5.1.3.2 Access Rights.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
7657168e by Andrew Bartlett at 2017-12-14T08:20:15+01:00
provision: Fill in validAccesses in extended-rights.ldif for Validated Writes
MS-ATDS 5.1.3.2.2 Validated Writes specifies the value of RIGHT_DS_WRITE_PROPERTY_EXTENDED which is
8 (0x08) per 5.1.3.2 Access Rights.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
b9f0fbde by Andrew Bartlett at 2017-12-14T08:20:15+01:00
provision: Fill in validAccesses in extended-rights.ldif for Property Sets
A Property Right has the value of RIGHT_DS_READ_PROPERTY|RIGHT_DS_WRITE_PROPERTY which is
48 (0x30) per 5.1.3.2 Access Rights.
The property Sets are listed in MS-ATDS 3.1.1.2.3.3 and can also be found by looking
at the attributeSecurityGuid on the schema objects.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
d44c811a by Andrew Bartlett at 2017-12-14T08:20:16+01:00
provision: Fill in a nicer displayName for Extended Rights
We replace all the hyphens with a space.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
e8b200fa by Andrew Bartlett at 2017-12-14T08:20:16+01:00
provision: Align displayName of Property Sets with MS-ADTS 3.1.1.2.3.3
This gives some better names than what the CN of the object was.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
d6e0f43a by Andrew Bartlett at 2017-12-14T08:20:16+01:00
provision: Make clarifying header an LDIF comment in extended-rights.ldif
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
d67f706b by Andrew Bartlett at 2017-12-14T08:20:16+01:00
schema: Re-work extended rights handling in provision (prep for 2012R2)
Add the changes needed to provision a 2012 DC (mostly this just affects
the Extended Rights objects) by moving to the new extended-rights.ldif
The localizationDisplayId is not documented in MS-ATDS so these values
are moved to provision_configuation_modify.ldif and applied after the
display-specifiers.ldif
We don't enable the 2012R2 mode yet. The ${INC2012} variable
just gets replaced with '#' so the lines get commented out and not
applied.
This approach allows us to support provisioning both a 2008R2 DC or
a 2012R2 DC (so that we can test we can upgrade a 2008 DC to 2012).
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
ff98bf96 by Andrew Bartlett at 2017-12-14T08:20:16+01:00
2008R2: Missing extended rights for objectVersion 45
We appear to have been missing some extended rights from 2008R2. These were
added in samba by the extended-rights.ldif
On Windows this was in Sch45.ldf (triggered by adprep schema updates).
We add these changes to adprep/samba-4.7-missing-for-schema-45.ldif,
which can be used to apply the changes to an existing Samba instance.
This is not extracted from the Sch45.ldf file provided by Microsoft
but is instead extracted using ldapcmp against a Samba install running
the new extended-rights.ldif.
Finally, these schema changes mean that the upgradeprovision test starts
failing. This is because it's using an old 4.0.0 schema (that doesn't
have these schema changes), but it's comparing it against a fresh
provision (which does have the changes). We can avoid this failure by
using the 'samba-tool domain schemaupgrade' to bring the old 4.0.0 schema
in line with a fresh provision. Note that the 'upgradeprovision --full'
test doesn't need this change as it seems to more aggressively copy over
any schema differences with a fresh provision.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d157f975 by Andrew Bartlett at 2017-12-14T08:20:16+01:00
2008R2: Missing flags on optional features container for objectVersion 45
To match Windows 2008R2, this should have the same flags as the
recycle bin enabled feature.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f4d9b797 by Andrew Bartlett at 2017-12-14T08:20:16+01:00
selftest: Fix upgradeprovision test by importing new objects for schema 45
The recent schema changes mean that the upgradeprovision test starts
failing. This is because it's using an old 4.0.0 schema (that doesn't
have these schema changes), but it's comparing it against a fresh
provision (which does have the changes). We can avoid this failure by
using the 'samba-tool domain schemaupgrade' to bring the old 4.0.0 schema
in line with a fresh provision. Note that the 'upgradeprovision --full'
test doesn't need this change as it seems to more aggressively copy over
any schema differences with a fresh provision.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
1f60f5b5 by Tim Beale at 2017-12-14T08:20:16+01:00
schema: Add option of specifying the base schema for a provision
Add the ability to override the base schema files being used for the
new provision, e.g. instead of using the default supported schema,
the code can now potentially specify an older or newer schema to use.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ea9cde92 by Tim Beale at 2017-12-14T08:20:16+01:00
domain.py: Add base-schema option to samba-tool provision
Allow a different base-schema to be used when provisioning a new domain.
This allows us to test the new 2012 schema without committing Samba to
using it by default.
If, in future, we change the default to use the 2012 schema, some
existing Samba tests (like upgradeprovision) rely on the 2012 schema.
So making the base-schema optional allows these tests to continue using
the older schema.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c22d022c by Tim Beale at 2017-12-14T08:20:16+01:00
upgradeprovision: Change test to always use 2008 R2 schema
This tool (and the corresponding test) is designed to migrate a Samba DC
from a pre-4.0.0 release up to a more recent schema (i.e. Windows 2008R2).
Going further than 2008R2 turns this test into a bit of a nightmare. We
now have a better adprep/'samba-tool domain schemaupgrade' option for
upgrading from 2008R2 to a more recent schema.
It seems to make most sense to leave this tests just running against
2008R2 schema provisions and add new tests to migrate from 2008R2 to
2012R2.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c870c34d by Garming Sam at 2017-12-14T08:20:16+01:00
schema: Some 2012 objects were missing systemflags
The adprep LDIF files were adding the systemFlags, but they weren't
present in the 2012 schema files. This is not just a Microsoft
documentation problem - the difference was present when doing a provision
of a 2012 Windows server vs using Adprep.exe to upgrade an older Windows
server.
Samba might as well use the correct systemFlags right from the start.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5db10e06 by Garming Sam at 2017-12-14T08:20:16+01:00
domain.py: Add a base dir option for schema upgrades
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6bdbcb1d by Garming Sam at 2017-12-14T08:20:16+01:00
domain.py: Auto-patch the diffs for the adprep schemaupgrade
This creates a temporary directory where the markdown is parsed and the
diffs are then applied.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
19788383 by Tim Beale at 2017-12-14T08:20:16+01:00
selftest: Add basic test for schema upgrade
This tests that we can provision using both the 2008 and 2012 schema,
that we can upgrade a 2008 Samba instance to use the 2012 schema, and
that when we do that the result (more or less) matches a straight
2012 provision.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8519f986 by Garming Sam at 2017-12-14T08:20:17+01:00
provision: RODC revision level should be at 2
This number had been mistakenly updated alongside the standard forest
updates revision. This version number appears to be independent of the
other revision levels.
Also add the change to a new .ldf file, which can be used to apply
the schema change to an existing Samba 4.7 (or earlier) instance.
Update the provision/upgrade test to do just this (otherwise it
complains about differences between a new provision and an older Samba
4.0.0 instance).
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8019c76b by Andrew Bartlett at 2017-12-14T08:20:17+01:00
schema: 2016 AD schema attributes and classes
Obtained under the Open Protocols Specifications licence from
https://www.microsoft.com/en-us/download/details.aspx?id=23782
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
1daba6f2 by Andrew Bartlett at 2017-12-14T08:20:17+01:00
schema: 2008R2 AD schema attributes and classes
Obtained under the Open Protocols Specifications licence from
https://www.microsoft.com/en-us/download/details.aspx?id=23782
These are more complete than the version we have had in the tree until now.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
4f20416b by Andrew Bartlett at 2017-12-14T08:20:17+01:00
provision: Use the official MS 2008R2 schema by default
This fixes us to have the official adminDescription etc. While both schema were provided by
Microsoft this is a better quality one, but still under the same licence.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
964bc8d1 by Garming Sam at 2017-12-14T12:34:03+01:00
markdown: Rename ms_markdown.py -> ms_schema_markdown.py
We also reduce the scope of the import so that python-markdown is only
required if interacting with 2012 code.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Dec 14 12:34:04 CET 2017 on sn-devel-144
- - - - -
a194fb38 by Garming Sam at 2017-12-15T21:43:18+01:00
libgpo: Always check for ldap_server argument
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cb29ccca by Garming Sam at 2017-12-15T21:43:18+01:00
libgpo: typo credentaials -> credentials
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8065c2f4 by Garming Sam at 2017-12-15T21:43:19+01:00
libgpo: Tidy up some if statements
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
045d900e by Garming Sam at 2017-12-15T21:43:19+01:00
libgpo: Remedy some longer lines
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
9ace2343 by David Mulder at 2017-12-15T21:43:19+01:00
gpo: Fix the empty apply log
The apply log wasn't being saved, apparently the pointers to elements
of the tree were getting lost.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ac56f870 by David Mulder at 2017-12-15T21:43:19+01:00
gpo: Only commit the earliest change to the log
Otherwise we overwrite the original value,
leaving the setting tattooed on unapplied
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b468245c by David Mulder at 2017-12-15T21:43:19+01:00
gpo: Test that unapply works
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
24623d53 by Christof Schmitt at 2017-12-15T21:43:19+01:00
vfs_error_inject: Add new module
This module allow injecting errors in vfs calls. It only implements one
case (return ESTALE from chdir), but the idea is to extend this to more
vfs functions and more errors when needed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13189
Signed-off-by: Christof Schmitt <cs at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
8b6402f3 by Christof Schmitt at 2017-12-15T21:43:19+01:00
selftest: Add share for error injection testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13189
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b0e1fc74 by Christof Schmitt at 2017-12-15T21:43:19+01:00
selftest: Make location of log file available in tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13189
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0d3000be by Christof Schmitt at 2017-12-15T21:43:19+01:00
selftest: Add test for failing chdir call in smbd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13189
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
7fa91fc4 by Christof Schmitt at 2017-12-16T01:56:06+01:00
smbd: Fix coredump on failing chdir during logoff
server_exit does an internal tree disconnect which requires a chdir to
the share directory. In case the file system encountered a problem and
the chdir call returns an error, this triggers a SERVER_EXIT_ABNORMAL
which in turn results in a panic and a coredump. As the log already
indicates the problem (chdir returned an error), avoid the
SERVER_EXIT_ABNORMAL in this case and not trigger a coredump.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13189
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Dec 16 01:56:06 CET 2017 on sn-devel-144
- - - - -
e5ce0a4d by Gary Lockyer at 2017-12-18T00:10:16+01:00
pyglue: Add function to generate a random byte string
Adds a function to generate a random byte string using the samba random
routines.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b29ab3a0 by Gary Lockyer at 2017-12-18T00:10:16+01:00
tests dsdb encrypted secrets module
Add tests to check that the encrypted_secrets module encrypts
secrets/sensitive attributes on disk.
This test also proves that the provision and join operations correctly
configure the encrypted_secrets module.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1d3ae2d9 by Gary Lockyer at 2017-12-18T00:10:16+01:00
dsdb encrypted secrets module
Encrypt the samba secret attributes on disk. This is intended to
mitigate the inadvertent disclosure of the sam.ldb file, and to mitigate
memory read attacks.
Currently the key file is stored in the same directory as sam.ldb but
this could be changed at a later date to use an HSM or similar mechanism
to protect the key.
Data is encrypted with AES 128 GCM. The encryption uses gnutls where
available and if it supports AES 128 GCM AEAD modes, otherwise nettle is
used.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d120d7fe by Gary Lockyer at 2017-12-18T00:10:17+01:00
provision: Changes to support encrypted_secrets module
Changes to provision and join to create a database with
encrypted_secrets enabled and a key file generated.
Also adds the --plaintext-secrets option to join and provision commands
to allow the creation of unencrypted databases.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
957bf8ce by Gary Lockyer at 2017-12-18T00:10:17+01:00
selftest fl2000dc provision with --plaintext-secrets
Provision fl2000dc provision with --plaintext-secrets to test that the
--plaintext-secrets option functions correctly.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
142060d0 by Gary Lockyer at 2017-12-18T04:36:19+01:00
WHATSNEW: Encrypted secrets
Document the encrypted secrets feature in WHATSNEW.txt
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Dec 18 04:36:19 CET 2017 on sn-devel-144
- - - - -
954eddd0 by Gary Lockyer at 2017-12-18T04:38:19+01:00
lib/tevent/echo_server.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8b3c5825 by Gary Lockyer at 2017-12-18T04:38:19+01:00
lib/async_req/async_sock.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9ccf1645 by Gary Lockyer at 2017-12-18T04:38:20+01:00
ctdb/server/ctdb_daemon.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
34f78947 by Gary Lockyer at 2017-12-18T04:38:20+01:00
ctdb/tcp/tcp_connect.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3a504d48 by Gary Lockyer at 2017-12-18T04:38:20+01:00
source3/rpc_server/rpc_server.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
215d6089 by Gary Lockyer at 2017-12-18T04:38:20+01:00
source3/lib/server_prefork.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
92e801aa by Gary Lockyer at 2017-12-18T04:38:20+01:00
source3/smbd/server.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
40877f3e by Gary Lockyer at 2017-12-18T04:38:20+01:00
source3/libsmb/unexpected.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
562ac9a9 by Gary Lockyer at 2017-12-18T04:38:20+01:00
source3/utils/smbfilter.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
242aacb0 by Gary Lockyer at 2017-12-18T04:38:20+01:00
source3/winbindd/winbindd.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
416b7e93 by Gary Lockyer at 2017-12-18T08:49:57+01:00
source4/lib/socket/socket_ip.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Dec 18 08:49:57 CET 2017 on sn-devel-144
- - - - -
679850e4 by Björn Jacke at 2017-12-18T09:17:10+01:00
docs-xml/manpages: fix some trailing version strings from the doc.version change
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4003736a by Christof Schmitt at 2017-12-18T13:31:59+01:00
vfs: Use static_decl_vfs in all VFS modules
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Dec 18 13:32:00 CET 2017 on sn-devel-144
- - - - -
e72a8793 by Matthias Dieter Wallnöfer at 2017-12-19T03:09:12+01:00
LDB:test-generic.sh - fix smaller/greater comparison tests
The comparison result has been ignored, which is not good. Also remove
the "ldbsearch" command in the error branch which has not much sense.
The scripts needs to be run through test-tdb.sh, test-ldap.sh or
test-sqlite3.sh which I didn't realise before. Hence less changes are needed
and this is a reduced version of the patch published on the mailing list.
Signed-off-by: Matthias Dieter Wallnöfer <mdw at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Matthias Dieter Wallnöfer <mdw at samba.org>
Autobuild-Date(master): Tue Dec 19 03:09:12 CET 2017 on sn-devel-144
- - - - -
93a5dce9 by Christof Schmitt at 2017-12-19T07:18:58+01:00
winbind: Fix backslash in format string
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Dec 19 07:18:58 CET 2017 on sn-devel-144
- - - - -
071ad56a by Andrew Bartlett at 2017-12-19T07:19:21+01:00
dns_server: Use the indexed "name" attribute in wildcard lookup
(the RDN, being 'dc' in this use case, does not have an index in
the AD schema).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
948791ac by Andrew Bartlett at 2017-12-19T07:19:21+01:00
dns_server: Do not look for a wildcard for @
This query is made for every record returned via BIND9 DLZ.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
3efc879d by Andrew Bartlett at 2017-12-19T07:19:21+01:00
dns_server: Do the exact match query first, then do the wildcard lookup
The wildcard lookup is SCOPE_ONELEVEL combined with an index on the name
attribute. This is not as efficient as a base DN lookup, so we try for
that first.
A not-found and wildcard response will still fall back to the ONELEVEL
index.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
38ed5920 by Björn Baumbach at 2017-12-19T07:19:21+01:00
doc/ctdb: fix two typos
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0806ff7d by Andrew Bartlett at 2017-12-19T11:24:29+01:00
s4:samba: Fix default to be running samba as a deamon
Commit 8736013dc42c5755b75bbb2e843a290bcd545909 got the (confusing) sense of opt_fork
wrong.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Dec 19 11:24:29 CET 2017 on sn-devel-144
- - - - -
0e571054 by Andreas Schneider at 2017-12-20T04:21:51+01:00
systemd: Only start samba and nmbd when network interfaces are up
For samba and nmbd we need to wait till a network interface is up or
they wont be operational.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13184
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Dec 20 04:21:51 CET 2017 on sn-devel-144
- - - - -
44eee9ce by Andrew Bartlett at 2017-12-20T04:22:09+01:00
selftest: Do not use dn= filter string
This accidentially worked with SCOPE_ONELEVEL against Samba but dn= filters are
not valid in AD.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
ef240aac by Andrew Bartlett at 2017-12-20T04:22:09+01:00
ldb: Intersect the index from SCOPE_ONELEVEL with the index for the search expression
This helps ensure we do not have to scan all objects at this level
which could be very many (one per DNS zone entry).
However, due to the O(n*m) behaviour in list_intersect() for older
databases, we only do this in the GUID index mode, leaving the behaviour
unchanged for existing callers that do not specify the GUID index mode.
NOTE WELL: the behaviour of disallowDNFilter is enforced
in the index code, so this fixes SCOPE_ONELEVEL to also
honour disallowDNFilter, hence the additional tests.
The change to select the SUBTREE index in the absense of
the ONELEVEL index enforces this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
bfcbc9be by Jamie McClymont at 2017-12-20T04:22:10+01:00
selftest: fix samba3.rpc.samba3.netlogon running after an nt4_member test
samba3.rpc.samba3.netlogon is using get_myname to find a username with which to
perform a join. This means that the test tries to join with the existing
localnt4dc2 user, which happens to work if get_myname is working
correctly (which it isn't -- see next commit about NSS_WRAPPER_HOSTNAME!)
This commit fixes a test run with, for example:
TESTS="samba3.blackbox.smbclient_ntlm.plain samba3.rpc.samba3.netlogon"
(given samba3.blackbox.smbclient_ntlm.plain is in the nt4_member env)
...which previously failed due to the combination of this and the
NSS_WRAPPER_HOSTNAME bug.
Signed-off-by: Jamie McClymont <jamiemcclymont at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
af005fcc by Jamie McClymont at 2017-12-20T04:22:10+01:00
selftest: apply NSS_WRAPPER_HOSTNAME to child processes
Currently, Samba3.pm returns a value for NSS_WRAPPER_HOSTNAME in provision, but
selftest.pl does not apply it, so Samba3.pm /also/ sets it in its own
environment. This breaks a command like this:
make test TESTS="samba3.blackbox.smbclient_ntlm.plain samba3.rpc.samba3.netlogon"
... since samba3.blackbox.smbclient_ntlm.plain runs in an nt4_member env,
thereby setting ENV{NSS_WRAPPER_HOSTNAME} to the value for a member, and
samba3.rpc.samba3.netlogon depended on NSS_WRAPPER_HOSTNAME as a username (until
previous commit).
Signed-off-by: Jamie McClymont <jamiemcclymont at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
676261fa by Jamie McClymont at 2017-12-20T08:50:25+01:00
selftest: replace global with explicit environment variables
This patch removes setting of NSS_WRAPPER and RESOLV_WRAPPER variables globally
in Samba3.pm (because setting them persistently/globally can create hidden
ordering dependencies). Instead, they are set on subprocesses as required, which
appears to be the following two places (aside from those places where they are
already set explicitly):
* calls to createuser in provision
* calls to wbinfo --ping-dc in wait_for_start
Signed-off-by: Jamie McClymont <jamiemcclymont at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Dec 20 08:50:26 CET 2017 on sn-devel-144
- - - - -
3242bce6 by Volker Lendecke at 2017-12-20T16:04:18+01:00
dsdb: Fix CID 1426727 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
287236ea by Volker Lendecke at 2017-12-20T16:04:18+01:00
dsdb: Fix CID 1426728 Structurally dead code
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
23a62c9f by Andreas Schneider at 2017-12-20T16:04:18+01:00
dsdb: Improve code and directly close fp
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
1b1f9bfd by Stefan Metzmacher at 2017-12-20T16:04:18+01:00
torture3: add LOCAL-G-LOCK6 test
This is a regression test for bug #13195.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13195
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
576fb4fb by Stefan Metzmacher at 2017-12-20T20:31:48+01:00
g_lock: fix cleanup of stale entries in g_lock_trylock()
g_lock_trylock() always incremented the counter 'i', even after cleaning a stale
entry at position 'i', which means it skipped checking for a conflict against
the new entry at position 'i'.
As result a process could get a write lock, while there're still
some read lock holders. Once we get into that problem, also more than
one write lock are possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13195
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Dec 20 20:31:48 CET 2017 on sn-devel-144
- - - - -
1f63ffc9 by Garming Sam at 2017-12-20T23:13:10+01:00
wscript: Install missing .ldf files
With the update to the newer version of the 2008 R2 schemas, the files
were not available on install.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
83c4c3b3 by Garming Sam at 2017-12-20T23:13:10+01:00
sambadns: Allow functional level 2016 (when added)
This is currently just a harmless check anyways.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0efc061a by Garming Sam at 2017-12-20T23:13:11+01:00
ldapcmp: Add otherWellKnownObjects to ignore when using --two
wellKnownObjects already exists in this list.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3cddb6ad by Garming Sam at 2017-12-20T23:13:11+01:00
2008R2: Missing operation (75, 76) for ActiveDirectoryUpdate version 5 (FL)
Operation 75 {5e1574f6-55df-493e-a6-71-aa-ef-fc-a6-a1-00}
- Create the CN=Managed Service Accounts object
Operation 76 {d262aae8-41f7-48ed-9f-35-56-bb-b6-77-57-3d}
- Add otherWellKnownObject link for CN=Managed Service Accounts
Referenced in the page 'Windows Server 2008R2: Domain-Wide Updates':
https://technet.microsoft.com/en-us/library/dd378973(v=ws.10).aspx
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1bb0715c by Garming Sam at 2017-12-20T23:13:11+01:00
2008R2: Missing operation (77) for ActiveDirectoryUpdate version 5 (FL)
Operation 77: {82112ba0-7e4c-4a44-89d9-d46c9612bf91}
- Create the CN=PSPs,CN=System object
Referenced in the page 'Windows Server 2008R2: Domain-Wide Updates':
https://technet.microsoft.com/en-us/library/dd378973(v=ws.10).aspx
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b6c33c0c by Garming Sam at 2017-12-20T23:13:11+01:00
WindowsServerDocs: Update README to get rid of the references to ./gen/
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7cc1dfec by Garming Sam at 2017-12-20T23:13:11+01:00
Forest-Wide-Updates.md: Include the description of forest wide updates
This is sourced from the WindowsServerDocs repository on Github under an
MIT/CC 4.0 attribution license. A huge thanks is required for these
being provided and the work done in the process, as they mean a lot less
work for us to repeat.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
87cbd97e by Garming Sam at 2017-12-20T23:13:11+01:00
WindowsServerDocs: Update README for clarity
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8a4085fc by Garming Sam at 2017-12-20T23:13:11+01:00
ms_forest_updates_markdown: Write a parser for the forest updates .md
Unlike the schema markdown which appears generally as ldif, these
descriptions are textual.
We are only handling the add cases, with the rest being manually encoded.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
23dbcb40 by Garming Sam at 2017-12-20T23:13:11+01:00
domain_update: Create a module to apply domain prep updates
These updates are referenced in documentation much like our
Forest-Wide-Updates.md file under the same MIT and CC attribution
licenses.
https://github.com/MicrosoftDocs/windowsserverdocs/blob/master/WindowsServerDocs/identity/ad-ds/deploy/Domain-Wide-Updates.md
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
551ec22d by Garming Sam at 2017-12-20T23:13:11+01:00
domain_update: Respect the fix=False flag
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
60b70e95 by Garming Sam at 2017-12-20T23:13:11+01:00
domain_update: Allow the revision version to be set
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b5f7677a by Garming Sam at 2017-12-20T23:13:11+01:00
domain_update: Add an additional error with revision
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
107fbaa8 by Garming Sam at 2017-12-20T23:13:11+01:00
domain_update: Add a new docstring for the main entry point
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c4262753 by Garming Sam at 2017-12-20T23:13:11+01:00
forest_update: Create a module to apply forest prep updates
This module uses information sourced from the Forest-Wide-Updates.md
file from one of Microsoft's Github repos to generate the operation
information.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
66895701 by Garming Sam at 2017-12-20T23:13:11+01:00
forest_update: Allow the script to add the missing forest containers
Before we set the prep level higher in default provisions, we should add
these objects to the initial ldif (so that our initial ldif represents a
full 2008R2 domain which we build consistently on).
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b2d831f2 by Garming Sam at 2017-12-20T23:13:11+01:00
domain.py: Force schema upgrade to be used only on the schema master
While this may be enforced at lower levels, it would be better to warn
earlier rather than later.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c419ac4a by Garming Sam at 2017-12-20T23:13:12+01:00
domain.py: Command for prepping the domain for higher functional levels
Currently we support the 2012 and 2012 R2 prep levels.
Forest prep requires use of the schema master role.
Domain prep requires use of the infrastructure master role.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
03f1ca86 by Garming Sam at 2017-12-20T23:13:12+01:00
release-4-8-0-pre1: New database dump for checking that functional prep works
Next will be a test which compares the current run of the script against
this reference provision.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
87eeb897 by Garming Sam at 2017-12-20T23:13:12+01:00
functionalprep.sh: New test for ensuring that the prep works correctly
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
aee8464a by Garming Sam at 2017-12-20T23:13:12+01:00
functionalprep.sh: Add a test to show that functional prep works on old databases
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c4895cfd by Garming Sam at 2017-12-20T23:13:12+01:00
upgradeprovision: Mark tests as passing again (using functional prep)
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fafc6da6 by Garming Sam at 2017-12-21T03:41:19+01:00
ldapcmp: Improve the difference checker of ldapcmp for 2012 R2
There are a number of new attributes which may be considered DNs.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Garming Sam <garming at samba.org>
Autobuild-Date(master): Thu Dec 21 03:41:19 CET 2017 on sn-devel-144
- - - - -
6a6f0952 by Andrew Bartlett at 2017-12-21T08:28:51+01:00
samba-tool domain schemaupgrade: Avoid reindex after every hunk
This takes advantage of the fact that a single LDB operation is atomic
even inside our transaction and so we can retry it after updating the
schema.
This makes the smaba-tool domain schemaupgrade take 1m30s compared with 4m4s.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming at samba.org>
Autobuild-Date(master): Thu Dec 21 08:28:51 CET 2017 on sn-devel-144
- - - - -
d6f5ee67 by Uri Simchoni at 2017-12-21T19:12:07+01:00
pysmbd: fix use of sysacl API
Fix pysmbd to use the sysacl (POSIX ACL support) as intended, and
not assume too much about the inner structure and implementation
of the permissions in the sysacl API.
This will allow the inner structure to change in a following commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13176
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
75e7da97 by Uri Simchoni at 2017-12-21T19:12:08+01:00
sysacls: change datatypes to 32 bits
The SMB_ACL_PERMSET_T and SMB_ACL_PERM_T were defined as
mode_t, which is 16-bits on some (non-Linux) systems. However,
pidl *always* encodes mode_t as uint32_t. That created a bug on
big-endian systems as sys_acl_get_permset() returns a SMB_ACL_PERMSET_T
pointer to an internal a_perm structure member defined in IDL as a mode_t,
which pidl turns into a uin32_t in the emitted header file.
Changing to 32 bits fixes that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13176
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ca289d4d by Volker Lendecke at 2017-12-21T19:12:08+01:00
torture: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe at gmail.com>
- - - - -
f60af3b6 by Stefan Metzmacher at 2017-12-21T19:12:08+01:00
s4:torture: add smb2.session.expire2 test
This demonstrates the interaction of NT_STATUS_NETWORK_SESSION_EXPIRED
and various SMB2 opcodes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13197
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cfaba684 by Stefan Metzmacher at 2017-12-21T19:12:09+01:00
s3:smbd: return the correct error for cancelled SMB2 notifies on expired sessions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13197
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c4919d4d by Stefan Metzmacher at 2017-12-21T23:28:41+01:00
s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions
Windows client at least doesn't have code to replay
a SMB2 Close after getting NETWORK_SESSION_EXPIRED,
which locks out a the client and generates an endless
loop around NT_STATUS_SHARING_VIOLATION.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13197
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Dec 21 23:28:42 CET 2017 on sn-devel-144
- - - - -
abcc9552 by Uri Simchoni at 2017-12-22T03:30:12+01:00
selftest: pass location of perl executable from waf to test-envs
Many perl scripts in the codebase are executables with a
"/usr/bin/perl" shebang. Running them as executables is not
portable as some OS's have a different location for the perl
interpreter.
During the configuration process, waf finds the location of the perl
interpreter. Some or all invocations of perl scripts from within
test environment setup code are actually "$PERL <script>",
but since PERL env var is typically not set, this amounts to the
unportable "<script>", which invokes /usr/bin/perl.
This patch exports the location of perl as found by the configuration
process to the test environment, causing "$PERL <script>" to be
"<correct place of perl interpreter> <script>".
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cef83c0c by Douglas Bagnall at 2017-12-22T03:30:12+01:00
samba-tool: --help test, ensuring help tree coverage
`samba-tool [COMMAND] --help` will list sub-commands of COMMAND
(or top-level commands if COMMAND is omitted). This ensures that
`samba-tool COMMAND SUBCOMMAND --help` works for all the commands
found in the help tree.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
769197df by Douglas Bagnall at 2017-12-22T03:30:12+01:00
samba-tool: give cache_loader pseudo-dict a .get() method
This makes it more dict-like, and makes the next patch (adding
samba-tool help) simpler.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
316594f2 by Douglas Bagnall at 2017-12-22T03:30:12+01:00
samba-tool: treat 'samba-tool help foo' as 'samba-tool foo --help'
Vaguely keeping up with the modern style.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
8a429547 by Douglas Bagnall at 2017-12-22T07:50:21+01:00
samba-tool test: ensure `samba-tool help` works
We make sure the output is identical to `samba-tool --help` for the same
subcommands.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Dec 22 07:50:21 CET 2017 on sn-devel-144
- - - - -
dcfa6c02 by Volker Lendecke at 2017-12-28T02:22:04+01:00
torture: Fix CID 1426987 Incorrect expression (UNUSED_VALUE)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Dec 28 02:22:04 CET 2017 on sn-devel-144
- - - - -
a0f810e7 by Douglas Bagnall at 2017-12-29T02:48:59+01:00
selftest: allow more time for tests
Maybe make test *should* run in under 4 hours, but it currently
doesn't.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Dec 29 02:48:59 CET 2017 on sn-devel-144
- - - - -
d8d21ec4 by Stefan Metzmacher at 2018-01-01T19:19:22+01:00
Happy New Year 2018!
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jan 1 19:19:22 CET 2018 on sn-devel-144
- - - - -
e29d31f7 by Björn Jacke at 2018-01-02T13:34:20+01:00
doc-xml: fix dependency as the xml targets depend on Makefile.settings
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7277590f by Bjoern Jacke at 2018-01-02T18:01:17+01:00
smbldap: don't try start tls on ldaps:// connections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6079
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Björn Jacke <bj at sernet.de>
Autobuild-Date(master): Tue Jan 2 18:01:17 CET 2018 on sn-devel-144
- - - - -
11239f07 by Andreas Schneider at 2018-01-03T14:37:12+01:00
credentials: Simplify cli_credentials_get_server_gss_creds()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jan 3 14:37:12 CET 2018 on sn-devel-144
- - - - -
f7f15c25 by Volker Lendecke at 2018-01-04T00:37:20+01:00
tsocket: Fix typos
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
d8e30cb0 by Volker Lendecke at 2018-01-04T00:37:21+01:00
libdns: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
507c9b69 by Volker Lendecke at 2018-01-04T00:37:21+01:00
dsdb: Fix the build on 32-bit FreeBSD
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
62388308 by Volker Lendecke at 2018-01-04T00:37:21+01:00
libdns: dns/tcp client
Same signature as the UDP client in the same file. This opens and closes
the socket per request. In the future, we might want to create a
persistent TCP connection for our internal DNS server's forwarder. That
will require proper handling of in-flight requests. Something for
another day.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
0bb92d7f by Volker Lendecke at 2018-01-04T00:37:21+01:00
libdns: Add dns_cli_request
First UDP, then TCP if truncation happened
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
300821b7 by Volker Lendecke at 2018-01-04T00:37:21+01:00
dns_server: Use dns_cli_request instead of direct udp
This skips adding the DNS option for a larger UDP packet size than
512. This is a different fix for bug 9632.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
15748c32 by Volker Lendecke at 2018-01-04T00:37:21+01:00
ndr_dns: fix pushing unknown resource records
When pulling for example an RRSIG record, we end up with length!=0 *and*
unexpected.length != 0, but with an unknown rrec. We should be able to
marshall what we retrieved from the wire.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
cc3f9c26 by Volker Lendecke at 2018-01-04T00:37:21+01:00
dns_server: Remove unused "dns" parameter from ask_forwarder_send
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
35683a60 by Volker Lendecke at 2018-01-04T00:37:21+01:00
dns_server: Remove unused "dns_generate_options"
This was part of the previous bugfix for 9632, which has been replaced
by TCP fallback code. We can dig this up from git if needed.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
36ab213a by Volker Lendecke at 2018-01-04T05:08:02+01:00
dns_server: Remove "max_payload" from dns_server
This would have to be retrieved from the interface type we have I guess.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jan 4 05:08:02 CET 2018 on sn-devel-144
- - - - -
114f5da2 by Jeremy Allison at 2018-01-04T16:03:38+01:00
s3: smbd: Use identical logic to test for kernel oplocks on a share.
Due to inconsistent use of lp_kernel_oplocks() we could miss kernel
oplocks being on/off in some of our oplock handling code, and thus
use the wrong logic.
Ensure all logic around koplocks and lp_kernel_oplocks() is consistent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13193
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jan 4 16:03:38 CET 2018 on sn-devel-144
- - - - -
03f0ba71 by Björn Jacke at 2018-01-04T16:04:09+01:00
docs-xml: figure out samba version for the docs automatically
Signed-off-by: Bjoern Jacke <bjoern at samba.org>
Reviewed-by: Karolin Seeger <kseeger at samba.org>
- - - - -
7a0a765d by Björn Jacke at 2018-01-04T20:32:21+01:00
docs-xml: plain file URIs need three slashes
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Autobuild-User(master): Björn Jacke <bj at sernet.de>
Autobuild-Date(master): Thu Jan 4 20:32:21 CET 2018 on sn-devel-144
- - - - -
523bd03f by Jamie McClymont at 2018-01-04T22:29:08+01:00
source4/tests: typo in env name
Signed-off-by: Jamie McClymont <jamiemcclymont at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
2245a4bf by Jamie McClymont at 2018-01-05T02:51:09+01:00
autobuild: fix quoting of --restrict-tests
Currently, passing multiple tests causes those other than the first to be
passed to make, causing failures.
Signed-off-by: Jamie McClymont <jamiemcclymont at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Fri Jan 5 02:51:09 CET 2018 on sn-devel-144
- - - - -
a2f5b3b8 by Björn Jacke at 2018-01-05T15:29:13+01:00
docs-xml: generate build/catalog.xml via Makefile target
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Karolin Seeger <kseeger at samba.org>
- - - - -
9b27948d by Björn Jacke at 2018-01-05T15:29:13+01:00
docs-xml: set a reasonable XML_CATALOG_FILES in Makefile
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Karolin Seeger <kseeger at samba.org>
- - - - -
3cbeaf40 by Björn Jacke at 2018-01-05T19:55:29+01:00
docs-xml: add basic Makefile dependencies for targets that use xsltproc
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Karolin Seeger <kseeger at samba.org>
Autobuild-User(master): Björn Jacke <bj at sernet.de>
Autobuild-Date(master): Fri Jan 5 19:55:29 CET 2018 on sn-devel-144
- - - - -
74eebac9 by Ralph Boehme at 2018-01-06T00:07:17+01:00
vfs_fruit: add "time machine max size" option
This can be used to configure a per client filesystem size limit on
TimeMachine shares.
It's a nasty hack but it was reportedly working well in Netatalk where
it's taken from.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e1fb902c by Ralph Boehme at 2018-01-06T00:07:17+01:00
s4/torture: test vfs_fruit "fruit:time machine max size" option
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
361ea743 by Volker Lendecke at 2018-01-06T00:07:17+01:00
samba: Only use async signal-safe functions in signal handler
Otherwise shutdown can hang
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
74dbeba7 by Volker Lendecke at 2018-01-06T00:07:17+01:00
dnscli: Make a few functions static
We might want to use the tcp flavor in the future in the forwarder for a
single, persistent TCP connection. Then we can easily re-publish it.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
d0def3b2 by Volker Lendecke at 2018-01-06T00:07:17+01:00
tests: The pthreadpooltests do not need a full environment
Makes "make test TESTS=pthreadpool" faster
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
5cce620b by Ralph Boehme at 2018-01-06T00:07:17+01:00
vfs_fileid: add a DEBUG message to log dev and inode
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
326df161 by Ralph Boehme at 2018-01-06T00:07:17+01:00
vfs_fileid: preserve errno in an error code path
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
99624957 by Ralph Wuerthner at 2018-01-06T00:07:17+01:00
vfs_fileid: add "fstype/mntdir deny/allow list" option
When using the fsname or fsid algorithm a stat() and statfs() call is
required for all mounted file systems to generate the file_id. If e.g.
an NFS file system is unresponsive such a call might block and the smbd
process will become unresponsive. Add "fileid:fstype deny",
"fileid:fstype allow", "fileid:mntdir deny", and "fileid:mntdir allow"
options to ignore potentially unresponsive file systems.
See also https://lists.samba.org/archive/samba-technical/2016-January/111553.html
for a discussion about why this is useful.
Signed-off-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
6a8764eb by Ralph Boehme at 2018-01-06T00:07:17+01:00
vfs_fileid: convert dev argument of the device_mapping_fn to SMB_STRUCT_STAT
This is in preperation of adding an additional mapping function that
acts differently depending of the file type. No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
495c646e by Ralph Boehme at 2018-01-06T00:07:17+01:00
vfs_fileid: add fileid:algorithm = hostname
Using fileid:algorithm = hostname makes fileid generate
fileids based on the hostname. This breaks cluster lock coherence.
Based-on-a-patch-by: Christian Ambach <ambi at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
b599cb21 by Ralph Boehme at 2018-01-06T00:07:17+01:00
vfs_fileid: add fileid:algorithm = fsname_nodirs
Enabling fileid:algorithm = fsname_nodirs uses the hostname algorithm
for directories and thus breaks cluster lock coherence for directories.
Based-on-a-patch-by: Christian Ambach <ambi at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
1468dd21 by Ralph Boehme at 2018-01-06T00:07:17+01:00
vfs_fileid: add fileid:nolockinode parameter
Based-on-a-patch-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
debf8ba7 by Ralph Boehme at 2018-01-06T04:41:24+01:00
vfs_fileid: add fileid:algorithm = fsname_norootdir
Based-on-a-patch-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jan 6 04:41:24 CET 2018 on sn-devel-144
- - - - -
7bc329fc by Ralph Boehme at 2018-01-08T03:16:30+01:00
vfs_fileid: fix a use after free
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jan 8 03:16:30 CET 2018 on sn-devel-144
- - - - -
9010d54d by Andrew Bartlett at 2018-01-08T03:34:17+01:00
travis-ci: Update package list to match the wiki
This in turn is based on what we use at Catalyst minus some helpful packages like editors
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
ce2ca7fa by kkplein at 2018-01-08T03:34:17+01:00
Update util.c to include DBGC_AUTH class
Signed-off-by: Mourik Jan C Heupink <heupink at merit.unu.edu>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d39664fc by kkplein at 2018-01-08T03:34:17+01:00
define DBGC_AUTH class
Signed-off-by: Mourik Jan C Heupink <heupink at merit.unu.edu>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ca66efc2 by Dr. Thomas Orgis at 2018-01-08T03:34:17+01:00
Add substitutions %t, %j, and %J as path-safe variants of %T, %i, and %I.
Rationale: Using the existing substitutions in construction of paths
(dynamic shares, created on client connect) results in directory names with
colons and dots in them. Those can be hard to use when accessed from a
different share, as Windows does not allow : in paths and has some ideas about
dots.
Signed-off-by: Dr. Thomas Orgis <thomas.orgis at uni-hamburg.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
3089a566 by Andreas Schneider at 2018-01-08T03:34:18+01:00
crypto: Update the REQUIREMENTS
Update after call with the GnuTLS maintainer to see what is supported in
GnuTLS, what is working in FIPS mode or not, and what features we require
to move to GnuTLS in future. The benefit will be FIPS certification and
more hardware accelerated crypto.
Bugs have been opened against GnuTLS to implment the missing features or
add functions to declare use of old crypto functions as non-crypto use.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
080d590d by Aurelien Aptel at 2018-01-08T03:34:18+01:00
packaging: add configure option to preprocess and install systemd files
Turn the systemd service files under packaging into template (.in) files
with @VAR@ substitutions and add configure options to install and tweak
them.
Signed-off-by: Aurelien Aptel <aaptel at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
ece75ea9 by Björn Jacke at 2018-01-08T03:34:18+01:00
tests:docs: don't try to test parametric option defaults
we don't get the values of the parametric options.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
e3cc2af0 by Björn Jacke at 2018-01-08T03:34:18+01:00
tests:docs: remove explicit exceptions for parametric options
we don't need to list them all as special cases because we exclude parametric
options generally now from the default value test.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
5621139f by Bjoern Jacke at 2018-01-08T03:34:18+01:00
doc: document wins server's smb.conf parameters
this is from the WINS server, which was released earlier as samba4wins.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
eae6d76a by Björn Jacke at 2018-01-08T03:34:18+01:00
docs-xml: mention that the man pages are "part of" version x
writing that they are correct for version x is not always precise. But we're
working on that also :-)
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
babf0a7b by Jamie McClymont at 2018-01-08T03:34:18+01:00
selftest: close connections after tests in samba4.ldap.acl.python
Over the length of a run of this suite (which runs under the standard process
model), memory usage from LDAP connection handlers reaches 4GB. This patch
reduces it to a manageable amount.
Signed-off-by: Jamie McClymont <jamiemcclymont at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
fe164a08 by Jamie McClymont at 2018-01-08T08:02:15+01:00
selftest: close connections after tests in samba4.ldap.secdesc.python
This test suite had a memory impact of around 2.2GB, from LDAP connection
handlers under the standard process model.
Signed-off-by: Jamie McClymont <jamiemcclymont at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Jan 8 08:02:15 CET 2018 on sn-devel-144
- - - - -
778d5fd0 by Ralph Boehme at 2018-01-08T15:22:10+01:00
selftest: use net rpc join when joining NT4-style domains
Otherwise net join when failing at the CLDAP ping stage will put a
negative entry for the DC in the conncache which can trigger *hard* to
debug problems later in winbindd.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Jan 8 15:22:10 CET 2018 on sn-devel-144
- - - - -
c5fb6512 by Andreas Schneider at 2018-01-08T21:04:16+01:00
pwrap: Build libpamtest as a subsystem to avoid issues
Making it a subsystem adds the correct include directory for
libpamtest.h.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jan 8 21:04:16 CET 2018 on sn-devel-144
- - - - -
7901f7c3 by Jamie McClymont at 2018-01-09T08:22:27+01:00
selftest: close connections after tests in samba4.ldap.rodc_rwdc.python
This test suite had a memory impact of around 2.5GB, from built-up LDAP
connection handlers under the standard process model.
Signed-off-by: Jamie McClymont <jamiemcclymont at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Jan 9 08:22:27 CET 2018 on sn-devel-144
- - - - -
a22833c2 by Ralph Boehme at 2018-01-09T12:53:32+01:00
s4/torture/fruit: ensure AFP_AfpInfo blobs are 0-initialized
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13181
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
df31e94e by Ralph Boehme at 2018-01-09T12:53:32+01:00
s4/torture/fruit: enhance zero AFP_AfpInfo stream test
This test more operations in the zeroed out FinderInfo test, ensuring
after zeroing out FinderInfo, operations on the filehandle still work
and that enumerating streams doesn't return the stream anymore.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13181
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
c41e1ea9 by Ralph Boehme at 2018-01-09T12:53:32+01:00
vfs_fruit: factor out delete_invalid_meta_stream() from fruit_streaminfo_meta_stream()
No change in behaviour, just some refactoring before adding more code to
fruit_streaminfo_meta_stream() in the next commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13181
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
70d8f7c5 by Ralph Boehme at 2018-01-09T12:53:32+01:00
vfs_fruit: filter out AFP_AfpInfo streams with pending delete-on-close
This is in preperation of fixing the implementation of removing the
AFP_AfpInfo stream by zeroing the FinderInfo out.
We currently remove the stream blob from the underyling filesystem
backing store, but that results in certain operations to fail on any
still open file-handle.
The fix comes in the next commit which will convert to backing store
delete operation to a set delete-on-close on the stream.
This commit adds filtering on streams that have the delete-on-close
set. It is only needed for the fruit:metadata=stream case, as with
fruit:metadata=netatalk the filtering is already done in
fruit_streaminfo_meta_netatalk().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13181
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
e61e9e98 by Ralph Boehme at 2018-01-09T17:09:12+01:00
vfs_fruit: set delete-on-close for empty finderinfo
We previously removed the stream from the underlying filesystem stream
backing store when the client zeroes out FinderInfo in the AFP_AfpInfo
stream, but this causes certain operations to fail (eg stat) when trying
to access the stream over any file-handle open on that stream.
So instead of deleting, set delete-on-close on the stream. The previous
commit already implemented not to list list streams with delete-on-close
set which is necessary to implemenent correct macOS semantics for this
particular stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13181
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Jan 9 17:09:12 CET 2018 on sn-devel-144
- - - - -
3022da1a by Volker Lendecke at 2018-01-09T18:25:07+01:00
libnet: Add NULL checks to py_net_finddc
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
977b3f60 by Volker Lendecke at 2018-01-09T22:41:28+01:00
python: Print the finddcs error message
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Jan 9 22:41:28 CET 2018 on sn-devel-144
- - - - -
502ab53d by Douglas Bagnall at 2018-01-10T01:01:23+01:00
vfs_fruit: initialise bandsize to please a compiler
GCC on a Ubuntu 16.04 instance said:
[3174/4240] Compiling source3/modules/vfs_cap.c
In file included from ../source3/include/includes.h:301:0,
from ../source3/modules/vfs_fruit.c:20:
../source3/modules/vfs_fruit.c: In function
‘fruit_disk_free’:
../source3/../lib/util/debug.h:217:7: error: ‘bandsize’ may be used
uninitialized in this function [-Werror=maybe-uninitialized]
&& (dbgtext body) )
^
../source3/modules/vfs_fruit.c:6302:9: note: ‘bandsize’ was
declared here
size_t bandsize;
^
[3175/4240] Compiling source3/modules/vfs_expand_msdfs.c
[3176/4240] Compiling source3/modules/vfs_shadow_copy.c
[3177/4240] Compiling source3/modules/vfs_shadow_copy2.c
cc1: all warnings being treated as errors
Waf: Leaving directory
/home/ubuntu/autobuild/b17854/samba-o3/bin'
Build failed: -> task failed (err #1):
{task: cc vfs_fruit.c -> vfs_fruit_25.o}
make: *** [all] Error 1
As far as I can tell, it is wrong, and the bandsize variable never
gets passed uninititalised to DEBUG.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
da3f60b1 by Ralph Boehme at 2018-01-10T01:01:23+01:00
winbindd: use setproctitle
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
22e309e5 by Stefan Metzmacher at 2018-01-10T01:01:23+01:00
s3:g_lock: keep old mylock on error and don't store new mylock on error
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
- - - - -
6d339b48 by Stefan Metzmacher at 2018-01-10T01:01:23+01:00
winbindd: remove 'winbind trusted domains only' handling
This parameter is already deprecated in favor of the newer idmap_nss backend.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c4659908 by Stefan Metzmacher at 2018-01-10T01:01:24+01:00
docs-xml: remove deprecated of 'winbind trusted domains only' option
This parameter is already deprecated in favor of the newer idmap_nss backend.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bb3944c6 by Stefan Metzmacher at 2018-01-10T01:01:24+01:00
WHATSNEW: document removal 'winbind trusted domains only' option
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b6d55eef by Stefan Metzmacher at 2018-01-10T01:01:24+01:00
s4:selftest: replace --option=usespnego= with --option=clientusespnego=
I guess that's what we try to test here, as 'use spnego' was only evaluated
on in the smb server part.
The basically tests the 'raw NTLMv2 auth' option, we set it to yes on
some environments, but keep a knownfail for the ad_member.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
502aa787 by Stefan Metzmacher at 2018-01-10T01:01:24+01:00
s3:smbd: remove deprecated 'use spnego = no" handling
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
343b0e0a by Stefan Metzmacher at 2018-01-10T01:01:24+01:00
s4:smb_server: remove deprecated 'use spnego = no" handling
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
cb5e1927 by Stefan Metzmacher at 2018-01-10T01:01:24+01:00
docs-xml: remove deprecated 'use spnego" option
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
1f91cdc8 by Stefan Metzmacher at 2018-01-10T01:01:24+01:00
WHATSNEW: document removal of 'use spnego" option
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
c7acae90 by Stefan Metzmacher at 2018-01-10T01:01:24+01:00
docs-xml: deprecate "client schannel" and change the default to "yes"
This is already the default, because "require strong key = yes" is
the default.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3a7d9311 by Stefan Metzmacher at 2018-01-10T01:01:24+01:00
selftest: explicitly configure some dcs with 'server schannel = auto'
This is required for some tests.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0341e83d by Stefan Metzmacher at 2018-01-10T01:01:24+01:00
docs-xml: deprecate "server schannel" and change the default to "yes"
No client should use the old protocol without DCERPC level integrity/privacy,
but Maybe there're some lagacy OEM file servers, which require this.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
b1c88c01 by Stefan Metzmacher at 2018-01-10T01:01:24+01:00
WHATSNEW: document the changes/deprecation of 'client schannel' and 'server schannel'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
09da62f1 by Stefan Metzmacher at 2018-01-10T01:01:24+01:00
s4:lib/tls: fix the developer build without gnutls support
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a206cf2d by Stefan Metzmacher at 2018-01-10T01:01:24+01:00
s4:dns_server: avoid debug noise on successful updates
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12423
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
0f5b1bd9 by Ralph Boehme at 2018-01-10T01:01:24+01:00
selftest: fix creation of builtin users in wait_for_start
If "BUILTIN\Users" already exists, attempting to create it would fail,
so we should check for the existence prior to the creation.
It is unclear *why* the mapping sometimes already exist and sometime
not. There are two places where they would have been created:
1. libnet_join_add_dom_rids_to_builtins tries to add the mapping when
joining a domain, but at that point winbindd isn't running
2. when a user is authenticated in smbd, which clearly can't have
happended when in the function wait_for_start
Go figure...
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
53f709d6 by Ralph Boehme at 2018-01-10T01:01:24+01:00
selftest: remove second loop waiting for winbindd from wait_for_start()
A few lines above we already checked that winbindd is running.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
686fc412 by Ralph Boehme at 2018-01-10T01:01:24+01:00
selftest: set wrapper env variables when running net groupmap
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
584a8ac4 by Ralph Boehme at 2018-01-10T01:01:24+01:00
selftest: split a large system invocation line
Small cleanup for better code readability, no change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ee6e0b19 by Ralph Boehme at 2018-01-10T01:01:25+01:00
selftest: split a large system invocation line
Small cleanup for better code readability, no change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
a0780427 by Ralph Boehme at 2018-01-10T05:19:26+01:00
selftest: split a large system invocation line
Small cleanup for better code readability, no change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Jan 10 05:19:26 CET 2018 on sn-devel-144
- - - - -
79cb5cfa by Andreas Schneider at 2018-01-10T14:03:26+01:00
selftest: Use the ad_dc with smbfs for ad_member env
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4519134e by Andreas Schneider at 2018-01-10T18:30:56+01:00
s3:tests: Fix test_net_tdb.sh with system tdb-tools
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jan 10 18:30:56 CET 2018 on sn-devel-144
- - - - -
00ee9da5 by Andrew Bartlett at 2018-01-12T22:42:21+01:00
talloc: Remove talloc_abort_magic()
The check required for talloc_abort_magic() prevents the 'access after free error'
from being printed.
It is also no longer possible to determine the difference between invalid memory
and a talloc version mismatch as the magic is now random on many platforms.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13210
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
e2497b26 by Andrew Bartlett at 2018-01-12T22:42:21+01:00
talloc: Add tests to require use-after-free to give the correct talloc_abort() string
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13210
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
06230975 by Andrew Bartlett at 2018-01-12T22:42:21+01:00
talloc: Do not disclose the random talloc magic in free()'ed memory
This may help us avoid exploits via memory read attacks on Samba by ensuring that if the read
is on an invalid chunk that the talloc magic disclosed there is not useful
to create a valid chunk and so set a destructor.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13211
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
efe317c5 by Stefan Metzmacher at 2018-01-12T22:42:22+01:00
talloc: version 2.1.11
* disable-python - fix talloc wscript if bundling disabled
* Do not disclose the random talloc magic in free()'ed memory
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6dd0a8c1 by Stefan Metzmacher at 2018-01-12T22:42:22+01:00
tevent: version 0.9.35
* Minor cleanup. wakeup_fd can always be gotten from the event context.
* Use smb_set_close_on_exec() in example code.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
bf19b6cc by Stefan Metzmacher at 2018-01-12T22:42:22+01:00
ldb: version 1.3.1
* Intersect the index from SCOPE_ONELEVEL with the index for the search expression
(bug #13191)
* smaller/greater comparison tests
* Show the last successful DN when failing to parse LDIF
* ldb_index: Add an attriubute flag to require a unique value.
* silence some clang warnings in picky developer mode
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
23ec73e0 by Douglas Bagnall at 2018-01-12T22:42:22+01:00
Mark rfc2307 test flapping
Please fix and revert
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6b09ab21 by Douglas Bagnall at 2018-01-12T22:42:22+01:00
Mark whoami test flapping
please fix and revert!
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3297f4c9 by Douglas Bagnall at 2018-01-13T03:01:10+01:00
Mark wbinfo test flapping
please fix and revert
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Sat Jan 13 03:01:10 CET 2018 on sn-devel-144
- - - - -
2724e0ca by David Disseldorp at 2018-01-13T03:03:46+01:00
vfs_ceph: add fs_capabilities hook to avoid local statvfs
Adding the fs_capabilities() hook to the CephFS VFS module avoids
fallback to the vfs_default code-path, which calls statvfs() against the
share path on the *local* filesystem.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13208
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
4b25c9f4 by David Disseldorp at 2018-01-13T03:03:46+01:00
vfs_default: use VFS statvfs macro in fs_capabilities
Currently the vfs_default fs_capabilities handler calls statvfs
directly, rather than calling the vfs macro. This behaviour may cause
issues for VFS modules that delegate fs_capabilities handling to
vfs_default but offer their own statvfs hook.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13208
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
- - - - -
ce884eeb by Justin Maggard via samba-technical at 2018-01-13T03:03:46+01:00
s3/smbd: Add new file information classes
Add definitions for missing file information classes documented in
[MS-FSCC] section 2.4.
Signed-off-by: Justin Maggard <jmaggard at netgear.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
f1befc5d by Justin Maggard via samba-technical at 2018-01-13T07:25:42+01:00
s3/smbd: Fix error code for unsupported SET_INFO requests
FileValidDataLengthInformation and FileShortNameInformation are both
valid FileInfoClasses that we don't support. According to [MS-SMB2]
3.3.5.21.1, we should be returning STATUS_NOT_SUPPORTED instead of
NT_STATUS_INVALID_LEVEL for these.
Signed-off-by: Justin Maggard <jmaggard at netgear.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jan 13 07:25:42 CET 2018 on sn-devel-144
- - - - -
a79df4e7 by Björn Jacke at 2018-01-13T08:24:08+01:00
params: mark "unicode" parameter as deprecated
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
98ba88a7 by Björn Jacke at 2018-01-13T08:24:08+01:00
params: mark "ldap ssl ads" as deprecated
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
561a3b7e by Stefan Metzmacher at 2018-01-13T08:24:08+01:00
s3:vfs: remove unused smb_vfs_call_{is,set}_offline() prototypes
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
dcb45d5c by Ralph Boehme at 2018-01-13T08:24:08+01:00
s3/torture: fix an error message
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ef279421 by Ralph Boehme at 2018-01-13T08:24:08+01:00
s3/rpc_client: fix overly long lines
Just long lines cleanup, no further changes. Best viewed with git show -w.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5812c7cb by Ralph Boehme at 2018-01-13T08:24:08+01:00
winbindd: fix overly long lines
Just another long lines cleanup. Best viewed with git show -w.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ca4d5ea3 by Ralph Boehme at 2018-01-13T08:24:08+01:00
winbindd: remove a space
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
751fa043 by Ralph Boehme at 2018-01-13T08:24:08+01:00
winbindd: remove an else branch
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e9a9a94d by Ralph Boehme at 2018-01-13T08:24:08+01:00
winbindd: simplify if condition in find_domain_from_name_noinit()
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a1a9feb7 by Ralph Boehme at 2018-01-13T08:24:08+01:00
winbindd: prevent long lines in a later commit
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
158c8906 by Ralph Boehme at 2018-01-13T08:24:08+01:00
s3/rpc_client: move copy_netr_SamInfo3() to util_netlogon
The next commit will add an additional caller that in rpc_client and I
don't want to pull in AUTH_COMMON. The natural place to consolidate
netlogon related helper functions seems to be util_netlogon.c which
already has copy_netr_SamBaseInfo().
No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a001f4b5 by Ralph Boehme at 2018-01-13T08:24:08+01:00
s3/rpc_client: in map_validation_to_info3() make a deep copy
In later commits we want to map a validation to info3 without modifying
the validation data. Otherwise no change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7eed1661 by Ralph Boehme at 2018-01-13T08:24:08+01:00
s3/rpc_client: make map_validation_to_info3() public and move to util_netlogon
Will be needed in the next commit.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7082ebbb by Ralph Boehme at 2018-01-13T08:24:08+01:00
s3/rpc_client: add map_info3_to_validation()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
489e942a by Ralph Boehme at 2018-01-13T08:24:08+01:00
s3/rpc_client: return validation from rpccli_netlogon functions
Return the validation info instead of the already mapped info3. Higher
layers need info6 if available, this is the first step in passing the
unmapped info up to callers.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
aae75d12 by Ralph Boehme at 2018-01-13T08:24:08+01:00
winbindd: remove a redundant check from winbindd_dual_pam_auth_samlogon
result is already checked a few lines above.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cc3ee55a by Ralph Boehme at 2018-01-13T08:24:08+01:00
winbindd: let winbind_samlogon_retry_loop return validation info
Return the validation info instead of the already mapped info3. Higher
layers need info6 if available, this is the first step in passing the
unmapped info up to callers.
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
13d0d524 by Ralph Boehme at 2018-01-13T08:24:08+01:00
winbindd: let winbindd_dual_pam_auth_samlogon() return validation info
Pass up validation info instead of info3. No change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
1337104c by Ralph Boehme at 2018-01-13T08:24:08+01:00
winbindd: remove a space in winbind_dual_SamLogon
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f153c951 by Ralph Boehme at 2018-01-13T08:24:09+01:00
winbindd: let winbind_dual_SamLogon return validation
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7b30f698 by Ralph Boehme at 2018-01-13T08:24:09+01:00
winbindd: simplify an if condition in winbindd_dual_pam_auth
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
194a9e49 by Ralph Boehme at 2018-01-13T08:24:09+01:00
winbindd: pass down validation to append_auth_data()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
7290b5cf by Ralph Boehme at 2018-01-13T08:24:09+01:00
winbindd: pass validation in append_info3_as_txt
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
59cb1f6f by Ralph Boehme at 2018-01-13T08:24:09+01:00
nsswitch: add "validation_level" and "info6" to winbindd_response
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
c8f76bfd by Ralph Boehme at 2018-01-13T08:24:09+01:00
nsswitch: fill out wbcAuthUserInfo user_principal and dns_domain_name from info6
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e43ee33a by Ralph Boehme at 2018-01-13T12:53:59+01:00
winbindd: set info6 data in append_info3_as_txt
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Jan 13 12:53:59 CET 2018 on sn-devel-144
- - - - -
c7c06fd2 by Ralph Boehme at 2018-01-13T12:55:06+01:00
winbindd: enforce valid SID in add_trusted_domain_from_tdc()
It's the callers responsibility to ensure we get a valid SID. Adding
half-baked domains with only partially valid data is a recipe for
desaster.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5ffade7b by Ralph Boehme at 2018-01-13T12:55:06+01:00
winbindd: only use NetBIOS name when searching domain list in add_trusted_domain_from_tdc()
Unique key for domains is the NetBIOS name, period. If the the caller
passes a domain name that matches a different domains DNS name or vice
versa, that is an error. The same applies to SIDs.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
126d6cee by Stefan Metzmacher at 2018-01-13T12:55:06+01:00
winbindd: rename alternative_name to dns_name
This reduces the diff in the following commit.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
85874458 by Stefan Metzmacher at 2018-01-13T12:55:06+01:00
winbindd: initialize some stack pointers to NULL
This reduces the diff in the following commit.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
5bf2979b by Ralph Boehme at 2018-01-13T12:55:06+01:00
winbindd: rework add_trusted_domain(), replacing add_trusted_domain_from_tdc()
This extends add_trusted_domain() to be a the one true one-stop function
to add winbindd domain.
add_trusted_domain_from_tdc() used a struct winbindd_tdc_domain to fill
in the winbindd domain which made it hard to track which attributes
would be required and which are optional.
Pair-programmed-with: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b724e01e by Stefan Metzmacher at 2018-01-13T12:55:07+01:00
winbindd: remember the secure_channel_type in winbindd_domain
This way we have an indication of non direct trusts with
SEC_CHAN_NULL.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2385e719 by Stefan Metzmacher at 2018-01-13T12:55:07+01:00
winbindd: add find_trust_from_{name,sid}_noinit()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4b0641bf by Stefan Metzmacher at 2018-01-13T12:55:07+01:00
winbindd: use find_trust_from_name_noinit when we require a direct trust
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f1bd7c8b by Ralph Boehme at 2018-01-13T12:55:07+01:00
s3/torture/pdbtest: creating a trusted domain requires a valid SID
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
8fde1c64 by Ralph Boehme at 2018-01-13T12:55:07+01:00
s3/torture/pdbtest: delete trusted domain at test end
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
f3623873 by Stefan Metzmacher at 2018-01-13T12:55:07+01:00
s4:dsdb: add dsdb_trust_search_tdo_by_sid() helper function
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
6f9232e2 by Stefan Metzmacher at 2018-01-13T12:55:07+01:00
pdb_samba_dsdb: implement pdb_samba_dsdb_enum_trusteddoms()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3091ea3b by Stefan Metzmacher at 2018-01-13T12:55:07+01:00
pdb_samba_dsdb: implement PDB_CAP_TRUSTED_DOMAINS_EX related functions
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
a5564370 by Ralph Boehme at 2018-01-13T12:55:07+01:00
pdb_samba_dsdb: implement pdb_samba_dsdb_set_trusted_domain
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
f8bcd370 by Ralph Boehme at 2018-01-13T12:55:07+01:00
pdb_samba_dsdb: implement pdb_samba_dsdb_del_trusted_domain
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
fa3b81b2 by Ralph Boehme at 2018-01-13T12:55:07+01:00
pdb_samba_dsdb: set PDB_CAP_TRUSTED_DOMAINS_EX
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
29e6d559 by Stefan Metzmacher at 2018-01-13T12:55:07+01:00
winbindd: load the trusted domains on a DC already in init_domain_list()
We should do that in the parent as early as possible.
Similar to our primary domain, which is also a direct trust.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
40c91150 by Stefan Metzmacher at 2018-01-13T12:55:08+01:00
winbindd: avoid automatic enumerating trusts on DCs
We have a static list of trust based on our configuration.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
2e644af1 by Ralph Boehme at 2018-01-13T12:55:08+01:00
winbindd: add find_default_route_domain()
On a member server this is just our primary domain. The logic for DCs is
not yet implemented, on a DC of a child-domain in a forrest this would
be the parent domain.
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
b2ea3606 by Ralph Boehme at 2018-01-13T12:55:08+01:00
winbindd: add set_routing_domain()
- - - - -
f4d27f2b by Ralph Boehme at 2018-01-13T12:55:08+01:00
winbindd: add add_trusted_domain_from_auth
Function to add a new trusted domain to the domain list and TDC after an
successfull authentication. On Member servers only, not on DCs though.
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
939592c6 by Ralph Boehme at 2018-01-13T12:55:08+01:00
winbindd: use add_trusted_domain_from_auth
After a successfully authentication, ensure we have the users domain in our
domain list and the TDC.
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
a39cf19c by Ralph Boehme at 2018-01-13T12:55:08+01:00
winbindd: transitive trust logic in trust_is_transitive()
trust_is_transitive() currently defaults to transitive=true, unless
LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE, LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN or
LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL trust attribute is set.
This is not correct, for the trust to be transative,
LSA_TRUST_ATTRIBUTE_WITHIN_FOREST or LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE must
be set.
Logic taken from dsdb_trust_routing_by_name().
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
09021f92 by Ralph Boehme at 2018-01-13T12:55:08+01:00
winbindd: fix trust_is_inbound()
A trust is only inbound if NETR_TRUST_FLAG_INBOUND is set. Trust flags = 0x0
does not imply an inbound trust, nor does NETR_TRUST_FLAG_IN_FOREST.
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
f12a43f4 by Ralph Boehme at 2018-01-13T12:55:08+01:00
winbindd: fix trust_is_oubound()
A trust is only inbound if NETR_TRUST_FLAG_OUTBOUND is set. Trust flags = 0x0
does not imply an outbound trust, nor does NETR_TRUST_FLAG_IN_FOREST.
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
ec85579d by Ralph Boehme at 2018-01-13T12:55:08+01:00
libwbclient: add trust routing and more trust-types
This adds the struct member and the defines, the implementation comes
later.
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
05558ddd by Ralph Boehme at 2018-01-13T12:55:08+01:00
wbinfo: support for local, workstation and routed trust types
Prepare wbinfo for additional trust types and trust routing.
This also modifies the output line for a "None" trust type by skipping
the transitivity and direction -- that just doesn't make sense without a
trust.
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
95e33079 by Ralph Boehme at 2018-01-13T12:55:08+01:00
libwbclient: add more trust types
Prepare libwbclient for additional trust types and trust routing.
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
9fb36370 by Ralph Boehme at 2018-01-13T12:55:08+01:00
winbindd: add more trust types to get_trust_type_string
Add support for the following trust types: "Local", "Workstation",
"RWDC", "RODC"´and "Routed (via ...)".
Where we previously returned "None" this now returns "Routed (via ...)",
otherwise (hopefully) no change in behaviour.
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
b4e1e301 by Stefan Metzmacher at 2018-01-13T12:55:08+01:00
winbindd: add "winbind scan trusted domains = no" to avoid trust enumeration
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
4b17d365 by Stefan Metzmacher at 2018-01-13T17:12:38+01:00
WHATSNEW: document some more new options
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Karolin Seeger <kseeger at samba.org>
Autobuild-User(master): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(master): Sat Jan 13 17:12:38 CET 2018 on sn-devel-144
- - - - -
6678f332 by Stefan Metzmacher at 2018-01-13T17:37:06+01:00
s4:torture/samba_tool_drs: demote the test dc at the end of test_samba_tool_replicate_local()
Otherwise this taints other tests which might follow.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
3f2762d0 by Douglas Bagnall at 2018-01-13T17:37:06+01:00
samba_kcc: documentation fix
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f2762d08 by Douglas Bagnall at 2018-01-13T17:37:06+01:00
python tests: assert string equality, with diff
In the success case this works just like self.assertEqual(),
but when things fail you get a better representation of where it went
wrong (a unified diff).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a46c4a39 by Douglas Bagnall at 2018-01-13T17:37:07+01:00
python: module containing ANSI colour sequences
This is going to be used by `samba-tool visualize` and samba_kcc.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e579d5bd by Douglas Bagnall at 2018-01-13T17:37:07+01:00
samba_kcc: kcc.debug module defers to samba.colour
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b4a90a65 by Douglas Bagnall at 2018-01-13T17:37:07+01:00
samba_kcc: respect kcc.read_only flag on RODC
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
cebad22c by Douglas Bagnall at 2018-01-13T17:37:07+01:00
python/graph: module for generating ASCII and graphviz visualisations
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ba2306f0 by Douglas Bagnall at 2018-01-13T17:37:07+01:00
samba_kcc: use new graph module for writing dot files
We avoid changing the (annoying) signature of write_dot_file().
Using samba_kcc to write dot files may be deprecated.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c6294c3c by Douglas Bagnall at 2018-01-13T17:37:07+01:00
samba-tool visualize for understanding AD DC behaviour
To work out what is happening in a replication graph, it is sometimes
helpful to use visualisations. We introduce a samba-tool subcommand to
write Graphviz dot output and generate text-based heatmaps of the
distance in hops between DCs.
There are two subcommands, two graphical modes, and (roughly) two modes of
operation with respect to the location of authority.
`samba-tool visualize ntdsconn` looks at NTDS Connections.
`samba-tool visualize reps` looks at repsTo and repsFrom objects.
In '--distance' mode (default), the distances between DCs are shown in
a matrix in the terminal. With '--color=yes', this is depicted as a
heatmap. With '--utf8' it is a lttle prettier.
In '--dot' mode, Graphviz dot output is generated. When viewed using
dot or xdot, this shows the network as a graph with DCs as vertices
and connections edges. Certain types of degenerate edges are shown in
different colours or line-styles.
Normally samba-tool talks to one database; with the '-r' (a.k.a.
'--talk-to-remote') option attempts are made to contact all the DCs
known to the first database. This is necessary to get sensible results
from `samba-tool visualize reps` because the repsFrom/To objects are
not replicated, and it can reveal replication issues in other modes.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a090d7ef by Douglas Bagnall at 2018-01-13T17:37:07+01:00
samba_kcc: remove an unused function
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d3c54205 by Douglas Bagnall at 2018-01-13T17:37:07+01:00
samba_kcc: fix dot_file_dir documentation
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d3f4429c by Douglas Bagnall at 2018-01-13T17:37:07+01:00
samba_kcc: remove unused functions
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
315f445a by Douglas Bagnall at 2018-01-13T17:37:07+01:00
samba_kcc: clarify readonly logging, removing now unused function
The unused function was somewhat misnamed.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
81484f32 by Douglas Bagnall at 2018-01-13T17:37:07+01:00
samba_kcc: simplify NCReplica constructor
There is nothing to be gained from setting the dn and guid separately
except subtle bugs.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
a00312df by Douglas Bagnall at 2018-01-13T17:37:07+01:00
samba_kcc: simplify NCReplica.set_instantiated_flags()
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
08651a08 by Andrej Gessel at 2018-01-13T22:01:49+01:00
samba_kcc: do not commit new nTDSConnection, if we are rodc
Traceback (most recent call last):
/usr/local/samba/sbin/samba_kcc: File "/usr/local/samba/sbin/samba_kcc", line 337, in <module>
/usr/local/samba/sbin/samba_kcc: attempt_live_connections=opts.attempt_live_connections)
/usr/local/samba/sbin/samba_kcc: File "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/__init__.py", line 2644, in run
/usr/local/samba/sbin/samba_kcc: all_connected = self.intersite(ping)
/usr/local/samba/sbin/samba_kcc: File "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/__init__.py", line 1883, in intersite
/usr/local/samba/sbin/samba_kcc: all_connected = self.create_intersite_connections()
/usr/local/samba/sbin/samba_kcc: File "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/__init__.py", line 1817, in create_intersite_connections
/usr/local/samba/sbin/samba_kcc: part, True)
/usr/local/samba/sbin/samba_kcc: File "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/__init__.py", line 1769, in create_connections
/usr/local/samba/sbin/samba_kcc: partial_ok, detect_failed)
/usr/local/samba/sbin/samba_kcc: File "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/__init__.py", line 1594, in create_connection
/usr/local/samba/sbin/samba_kcc: lbh.commit_connections(self.samdb)
/usr/local/samba/sbin/samba_kcc: File "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/kcc_utils.py", line 827, in commit_connections
/usr/local/samba/sbin/samba_kcc: connect.commit_added(samdb, ro)
/usr/local/samba/sbin/samba_kcc: File "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/kcc_utils.py", line 1123, in commit_added
/usr/local/samba/sbin/samba_kcc: (self.dnstr, estr))
/usr/local/samba/sbin/samba_kcc: samba.kcc.kcc_utils.KCCError: Could not add nTDSConnection for (CN=862f0429-c72c-4a81-ae9a-96820bb2f96d,CN=NTDS Settings,
CN=BUILDHOST,CN=Servers,CN=Testsite,CN=Sites,CN=Configuration,DC=samdom,DC=com) - (Invalid LDB reply type 1)
../source4/dsdb/kcc/kcc_periodic.c:693: Failed samba_kcc - NT_STATUS_ACCESS_DENIED
Signed-off-by: Andrej Gessel <Andrej.Gessel at janztec.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(master): Sat Jan 13 22:01:49 CET 2018 on sn-devel-144
- - - - -
ef49d0b9 by David Mulder at 2018-01-13T22:38:05+01:00
gpo: Fix crashes in gpo unapply
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
88152ade by David Mulder at 2018-01-13T22:38:05+01:00
gpo: Continue parsing GPOs even if one fails
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
fb5241aa by David Mulder at 2018-01-13T22:38:05+01:00
Revert "gpo: Create the gpo update service"
This reverts commit 5662e49b49f6557c80f216f510f224bbf800f40a.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2ca73cba by David Mulder at 2018-01-13T22:38:05+01:00
gpo: Add the winbind call to gpupdate
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0eec2b6e by Garming Sam at 2018-01-14T03:08:01+01:00
docs: Remove reference to environment variables for now
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Sun Jan 14 03:08:01 CET 2018 on sn-devel-144
- - - - -
9b423fe8 by Ralph Boehme at 2018-01-14T10:26:05+01:00
winbindd: set routing_domain when enumerating trusts
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e8636e7a by Volker Lendecke at 2018-01-14T10:26:05+01:00
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
71cee279 by Volker Lendecke at 2018-01-14T10:26:05+01:00
torture4: Fix typos
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
03f65a7c by Volker Lendecke at 2018-01-14T10:26:05+01:00
smbd: Remove a "!" from an if-condition for easier readability
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0b574341 by Volker Lendecke at 2018-01-14T10:26:05+01:00
smbd: Fix channel sequence number checks for long-running requests
When the client's supplied csn overflows and hits a pending, long-running
request's csn, we panic. Fix this by counting the overflows in
smbXsrv_open_global0->channel_generation
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13215
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cd288a08 by Volker Lendecke at 2018-01-14T10:26:05+01:00
smbXcli: Add "force_channel_sequence"
This enables use of the channel sequence number even for
non-multi-channel servers. This makes our client invalid, but we need to
protect against broken clients with tests.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0abe16a5 by Volker Lendecke at 2018-01-14T14:47:15+01:00
torture: Add test for channel sequence number handling
We run into an assert when the csn wraps
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Sun Jan 14 14:47:15 CET 2018 on sn-devel-144
- - - - -
df68af9f by Mathieu Parent at 2018-01-14T17:38:26+01:00
systemd: syslog.target is obsolete
After=syslog.target is unnecessary by now because syslog is
socket-activated and will therefore be started when needed.
Ref: https://lintian.debian.org/tags/systemd-service-file-refers-to-obsolete-target.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12402
Signed-off-by: Mathieu Parent <math.parent at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
a653b62a by Mathieu Parent at 2018-01-14T17:38:26+01:00
systemd: Add documentation to Unit files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12402
Signed-off-by: Mathieu Parent <math.parent at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
c69938ef by Mathieu Parent at 2018-01-14T17:38:26+01:00
systemd: Fix kill path
Bug-Debian: https://bugs.debian.org/828730
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12402
Signed-off-by: Mathieu Parent <math.parent at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
e131ce4d by Mathieu Parent at 2018-01-14T17:38:26+01:00
waf: Remove build system info (uname -a)
Preventing reproducible builds while adding minor benefit.
More information at <https://reproducible-builds.org/>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213
Signed-off-by: Mathieu Parent <math.parent at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
- - - - -
8d90f2a0 by Andreas Schneider at 2018-01-14T17:38:26+01:00
s3:test: Always validate the join after changing the secret
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Pair-Programmed-With: Ralph Boehme <slow at samba.org>
- - - - -
0580a23d by Andreas Schneider at 2018-01-14T22:09:24+01:00
s4:torture: Improve error message in whoami test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Sun Jan 14 22:09:24 CET 2018 on sn-devel-144
- - - - -
59a07e3f by Karolin Seeger at 2018-01-14T22:11:00+01:00
WHATSNEW: Add release notes for Samba 4.8.0rc1.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e5f4aff6 by Karolin Seeger at 2018-01-14T22:11:00+01:00
VERSION: Bump version up to 4.8.0rc1...
and disable GIT_SNAPSHOT for the release.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
80a1b2b2 by Karolin Seeger at 2018-01-15T10:12:04+01:00
VERSION: Bump version up to 4.8.0rc2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
16f7f9cc by Andreas Schneider at 2018-01-25T15:04:21+01:00
s3:winbindd: Improve logic so it is easier to understand
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13209
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 264249db0f5515d8333d16218f1553ae9f0e7193)
- - - - -
e089bed1 by Andreas Schneider at 2018-01-25T15:04:21+01:00
s3:winbind: Use a goto for cleaning up at the end
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13209
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 00d176c6c592af59cc14271de4af1614578090a3)
- - - - -
197262e4 by Andreas Schneider at 2018-01-25T15:04:21+01:00
s3:winbind: Use a stackframe and cleanup when leaving
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13209
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit bfc727f0b2d837a97fc9eb94a8811f23a656c4e4)
- - - - -
1844f890 by Andreas Schneider at 2018-01-25T15:04:21+01:00
s3:rpc_client: Clenup copy_netr_SamInfo3() code
This gets rid of some strange macro and makes sure we clenaup at the
end.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13209
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 05ebafd91ee2dd511372ce63d656e9fc6735ee28)
- - - - -
2d4987b2 by Christof Schmitt at 2018-01-25T15:04:21+01:00
Remove file system sharemode before calling unlink
GPFS implements the DENY_DELETE sharemode, which prevents unlink() from
deleting the file.. This causes the problem that deleting a file through
"delete on close" fails, as the code in close.c first calls unlink() and
only later removes the file system sharemode.
Fix this by removing the file system sharemode before calling unlink().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13217
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Wed Jan 17 01:31:53 CET 2018 on sn-devel-144
(cherry picked from commit e77f8e4628ba868f09cbcf2970caac6c69fe080c)
- - - - -
75d1ec23 by Günther Deschner at 2018-01-25T15:04:21+01:00
packaging: fix default systemd-dir path.
https://bugzilla.samba.org/show_bug.cgi?id=13227
By default we should not end up with a
/usr/usr/lib/systemd/system path.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Tue Jan 16 21:02:28 CET 2018 on sn-devel-144
- - - - -
579985dc by Andreas Schneider at 2018-01-25T15:04:21+01:00
s3:waf: Move HAVE_NETGROUP to wscript
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13238
Pair-Programmed-With: Guenther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit ca5eaf0cdcf8257ac52786aa7439c8f081a2fe0d)
- - - - -
c6c8b8e8 by Andreas Schneider at 2018-01-25T15:04:21+01:00
include: Create system/nis.h in libreplace
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13238
Pair-Programmed-With: Guenther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit c29d087e1ea4c92717ef86e372fe80f410580fdc)
- - - - -
3bf03879 by Günther Deschner at 2018-01-25T15:04:21+01:00
build: deal with recent glibc sunrpc header removal
We need to rely on libtirpc or libntirpc to be around in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13238
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10976
Guenther
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit ee0be7eb723be1420fd601ea1abe0af748562953)
- - - - -
0970c824 by Andreas Schneider at 2018-01-25T15:04:21+01:00
wafsamba: Allow passing 'lib' to CHECK_STRUCTURE_MEMBER
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13238
We need to be able to point it to the right header location, so we need
to be able to pass the 'lib' that it gets set.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 87f105d76ce074bff08fd507d72568be88d48d00)
- - - - -
3c46eef8 by Andreas Schneider at 2018-01-25T15:04:21+01:00
waf: Fix NFS quota support with libtirpc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13238
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jan 22 17:26:52 CET 2018 on sn-devel-144
(cherry picked from commit 39a6ea766dfe55d84ab2284b8d5ed01d66da11dd)
- - - - -
666e7f2c by Stefan Metzmacher at 2018-01-25T15:04:22+01:00
testprogs:blackbox: add regression test for unsorted links in tombstones-expunge.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit c34c2dd55545b99fba46cf374a1653bad96cea9e)
- - - - -
d7a312ff by Stefan Metzmacher at 2018-01-25T15:04:22+01:00
repl_meta_data: fix linked attribute corruption on databases with unsorted links on expunge
This is really critical bug, it removes valid linked attributes.
When a DC was provisioned/joined with a Samba version older than 4.7
is upgraded to 4.7 (or later), it can happen that the garbage collection
(dsdb_garbage_collect_tombstones()), triggered periodically by the 'kcc' task
of 'samba' or my 'samba-tool domain tombstones expunge' corrupt the linked attributes.
This is similar to Bug #13095 - Broken linked attribute handling,
but it's not triggered by an originating change.
The bug happens in replmd_modify_la_delete()
were get_parsed_dns_trusted() generates a sorted array of
struct parsed_dn based on the values in old_el->values.
If the database doesn't support the sortedLinks compatibleFeatures
in the @SAMBA_DSDB record, it's very likely that
the array of old_dns is sorted differently than the values
in old_el->values.
The problem is that struct parsed_dn has just a pointer
'struct ldb_val *v' that points to the corresponding
value in old_el->values.
Now if vanish_links is true the damage happens here:
if (vanish_links) {
unsigned j = 0;
for (i = 0; i < old_el->num_values; i++) {
if (old_dns[i].v != NULL) {
old_el->values[j] = *old_dns[i].v;
j++;
}
}
old_el->num_values = j;
}
old_el->values[0] = *old_dns[0].v;
can change the value old_dns[1].v is pointing at!
That means that some values can get lost while others
are stored twice, because the LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK
allows it to be stored.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit a25c99c9f1fd1814c56c21848c748cd0e038eed7)
- - - - -
e981b811 by Stefan Metzmacher at 2018-01-25T20:04:53+01:00
dbcheck: disable fixing duplicate linked attributes until we can recover lost forward links
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 850a8027f32185e523614231cca76505134bb5e4)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-8-test): Thu Jan 25 20:04:53 CET 2018 on sn-devel-144
- - - - -
27662cdd by Karolin Seeger at 2018-01-25T20:52:11+01:00
WHATSNEW: Add release notes for Samba 4.8.0rc2.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
20fe4347 by Karolin Seeger at 2018-01-25T20:52:41+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.8.0rc2 release.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
ad481bd7 by Karolin Seeger at 2018-01-25T20:53:19+01:00
VERSION: Bump version up to 4.8.0rc3...
and re-eanble GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
b37223ec by David Mulder at 2018-02-09T09:30:20+01:00
gpo: Correct documentation
The doc still contains a reference to env var
policy (which isn't present in this release).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13223
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
7b784dfb by David Mulder at 2018-02-09T09:30:20+01:00
gpo: Correct WHATSNEW
The WHATSNEW incorrectly explains how to enable gpo.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13223
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
ef18e12c by Günther Deschner at 2018-02-09T09:30:20+01:00
python: fix the build with python3.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13221
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
- - - - -
8f20444a by Trever L. Adams at 2018-02-09T09:30:20+01:00
Samba-VirusFilter: memcache changes.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13246
Signed-off-by: Trever L. Adams <trever.adams at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 70d7f7d03c46c8727833f322bdc03da1b2aad720)
- - - - -
63f9a037 by Trever L. Adams at 2018-02-09T09:30:20+01:00
Samba-VirusFilter: common headers and sources.
Samba-VirusFilter Contributors:
SATOH Fumiyasu @ OSS Technology Corp., Japan
Module creator/maintainer
Luke Dixon luke.dixon at zynstra.com
Samba 4 support
Trever L. Adams
Documentation
Code contributions
Samba-master merge work
With many thanks to the Samba Team.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13246
Signed-off-by: Trever L. Adams <trever.adams at gmail.com>
Signed-off-by: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit b1e69edd0592d3b4b0f958792826a236dd3466e1)
- - - - -
326a1e4e by Trever L. Adams at 2018-02-09T09:30:21+01:00
Samba-VirusFilter: Sophos VFS backend.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13246
Signed-off-by: Trever L. Adams <trever.adams at gmail.com>
Signed-off-by: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 0b25089edd453270e52f2d8e6858a9996bb29a0d)
- - - - -
36ec386b by Trever L. Adams at 2018-02-09T09:30:21+01:00
Samba-VirusFilter: F-Secure AntiVirus (fsav) VFS and man page.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13246
Signed-off-by: Trever L. Adams <trever.adams at gmail.com>
Signed-off-by: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 5970d68bf651fb8dbf1ac4e79d8f2e9467154870)
- - - - -
9511aa8a by Trever L. Adams at 2018-02-09T09:30:21+01:00
Samba-VirusFilter: clamav VFS and man page.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13246
Signed-off-by: Trever L. Adams <trever.adams at gmail.com>
Signed-off-by: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Jan 24 15:08:59 CET 2018 on sn-devel-144
(cherry picked from commit cbf743d329730387ede92a9d329893d1c651e97a)
- - - - -
52109e50 by Trever L. Adams at 2018-02-09T09:30:21+01:00
Samba-VirusFilter: fix virusfilter_vfs_close() crash
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13246
Signed-off-by: Trever L. Adams <trever.adams at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
(cherry picked from commit c890011a769b497855748e130fa41e998babc305)
- - - - -
849a6880 by David Disseldorp at 2018-02-09T09:30:21+01:00
WHATSNEW: briefly mention the new vfs_virusfilter module
Signed-off-by: David Disseldorp <ddiss at samba.org>
- - - - -
659e3900 by Stefan Metzmacher at 2018-02-09T09:30:21+01:00
python:tests: use TestCaseInTempDir for "samba.tests.common"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 681e0a1745b45c6ac22d394b9e78cb67007d7dc4)
- - - - -
b8741f18 by Stefan Metzmacher at 2018-02-09T09:30:21+01:00
python:tests: remove test_dsdb_Dn() to test_dsdb_Dn_binary()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 1341780dcf9ec0c5d852fbbb77c5e00db2ad6564)
- - - - -
ba0c3781 by Stefan Metzmacher at 2018-02-09T09:30:21+01:00
python:tests: add test_dsdb_Dn_sorted() to "samba.tests.common"
Failing until dsdb_Dn implements the correct __cmp__() function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit c56eb49119117a1a06afb0a76630ae5c7a1ca30c)
- - - - -
07e3be67 by Stefan Metzmacher at 2018-02-09T09:30:21+01:00
python/common: add __cmp__ function to dsdb_Dn similar to parsed_dn_compare()
Linked attribute values are sorted by objectGUID of the link target.
For C code we have parsed_dn_compare() to implement the logic,
the same is now available on python dsdb_Dn objects.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 55d466549a3113f7625acdd6eb42f71cf63719b5)
- - - - -
910d2b24 by Ralph Boehme at 2018-02-09T09:30:21+01:00
Revert "dbcheck: disable fixing duplicate linked attributes until we can recover lost forward links"
This reverts commit 43e3f79d54c5aeaea820865d298d4249cf47af99.
The real fix will follow in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 8c01acd56274a5cb5926622cacab997cb62dd5a9)
- - - - -
f4940e69 by Ralph Boehme at 2018-02-09T09:30:21+01:00
selftest/dbcheck: add a test for corrupt forward links restoration
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 52bd0b09804621e6de9ee0a377a442a42e07ee05)
- - - - -
cae3003f by Ralph Boehme at 2018-02-09T09:30:21+01:00
dbcheck: rename and reorder err_orphaned_backlink arguments
In preperation of adding more arguments.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4a71394c6a30e8a1b5c6553f7410148dbf2e4a80)
- - - - -
0e24b58d by Ralph Boehme at 2018-02-09T09:30:21+01:00
dbcheck: add forward_syntax argument to err_orphaned_backlink
Will be used in a subsequent commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 6f77503871fcb815e474cb76d14e22f7a8f083c9)
- - - - -
08dcf2e4 by Stefan Metzmacher at 2018-02-09T09:30:21+01:00
dbcheck: only pass obj_dn to err_orphaned_backlink()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 9f47fe6c4a8bde4abfee3c774d9667e6a3439a45)
- - - - -
973b7228 by Ralph Boehme at 2018-02-09T09:30:21+01:00
dbcheck: rename err_duplicate_links arguments
In preperation of adding more arguments.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a651cc79d64b9bcc1d5fee9b2ef8800a1579dea1)
- - - - -
9971ea32 by Ralph Boehme at 2018-02-09T09:30:21+01:00
dbcheck: add link direction to error message for duplicate links
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit dc43d31cd20fd12d2758b73ec0318215b8fbedfb)
- - - - -
c17794d5 by Ralph Boehme at 2018-02-09T09:30:21+01:00
dbcheck: rename err_duplicate_links() to err_recover_forward_links() and adjust the output message
It's really a fatal error to have duplicate values as it's very likely that
some forward links got lost.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit ec433f8531a822dd40b343fbf3244157a5ecd544)
- - - - -
528cee7a by Stefan Metzmacher at 2018-02-09T09:30:22+01:00
dbcheck: remove ldb.FLAG_MOD_REPLACE when replacing search results for forward links
Search results don't have an ldb.FLAG_MOD_* flags set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit b0bc3f60084e5998dd34aada2ac7377d390affc6)
- - - - -
65642396 by Stefan Metzmacher at 2018-02-09T09:30:22+01:00
dbcheck: store fixed forward link attributes with the correct sorting
The corruption we're trying to fix messed up the sorting,
so there's no point in keeping the current order.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 7df17c0a8dffceb053ca806c9426d493b4837b1a)
- - - - -
84519065 by Ralph Boehme at 2018-02-09T09:30:22+01:00
dbcheck: split out check_duplicate_links from check_dn
Refactoring, no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 44a8782d71676517f0991f279f2472391ecede3b)
- - - - -
f4cb28b1 by Ralph Boehme at 2018-02-09T09:30:22+01:00
dbcheck: add a dict where we remember attributes with duplicate links
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit e4cc062fa98f65369f3bde24a987c2651632cb06)
- - - - -
54b7de0c by Ralph Boehme at 2018-02-09T09:30:22+01:00
dbcheck: add a helper function that checks is a value has duplicate links
Will be used in a subsequent commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit e258b4fb281d8577c425e05b35ce05cf128617ea)
- - - - -
5f933b99 by Stefan Metzmacher at 2018-02-09T09:30:22+01:00
dbcheck: make sure we always ask for the objectGUID attribute explicitly
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 20598033866ca3d0fdad1edf3cb39e4614eae112)
- - - - -
307ffdcb by Stefan Metzmacher at 2018-02-09T09:30:22+01:00
dbcheck: make sure we ask for replPropertyMetaData if we need to process any forward link attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 182fb3c4c9db8715d0dbcbc3d1aa0655b5cb29f1)
- - - - -
367970e4 by Ralph Boehme at 2018-02-09T09:30:22+01:00
dbcheck: add find_missing_forward_links_from_backlinks()
find_missing_forward_links_from_backlinks() finds and returns missing forward-links by
searching all for all objects that link to the object in the backlink attribute.
This will be used in the next commit to restore forward links in a corrupted
forward link attribute by passing the missing backling objects to
err_recover_forward_links().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit d59f201388e8a16688adda145734dab8e27b785f)
- - - - -
a3a17681 by Ralph Boehme at 2018-02-09T09:30:22+01:00
dbcheck: add support for restoring missing forward links
This recovers broken databases with duplicate and missing
forward links.
See commit a25c99c9f1fd1814c56c21848c748cd0e038eed7 for
the fix that prevents to problem from happening.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 5bf823d68bd33ee3160175a18a3838eff4e3cbb2)
- - - - -
0ae4e26f by Stefan Metzmacher at 2018-02-09T09:30:22+01:00
dbcheck: skip find_missing_forward_links_from_backlinks() if the db has the sortedLinks feature
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Feb 5 18:32:51 CET 2018 on sn-devel-144
(cherry picked from commit 0c3348feb09f4f0ba85455b8c3ff5c5fa60d139b)
- - - - -
74208beb by Andrew Bartlett at 2018-02-09T09:30:22+01:00
WHATSNEW: Mention new option "apply group policies"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13223
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Feb 1 07:57:54 CET 2018 on sn-devel-144
(cherry picked from commit b3673824adc16a2b26c5fd3c661062d95c3c83eb)
- - - - -
a9b71efb by Andrew Bartlett at 2018-02-09T09:30:22+01:00
WHATSNEW: Add section for "samba-tool visualize"
(text from the commit message by Douglas adding the feature)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13226
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit 83d42203d7d7f7171d44724720fa5cd99590b90b)
- - - - -
b368ad24 by Karolin Seeger at 2018-02-09T13:51:35+01:00
docs-xml: Add 'samba-tool visualize' to man samba-tool.8.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13226
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 0109b5965f8a5f467aa12aa505be849ae33e1f8e)
Autobuild-User(v4-8-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-8-test): Fri Feb 9 13:51:35 CET 2018 on sn-devel-144
- - - - -
8ee283ab by Volker Lendecke at 2018-02-11T11:12:07+01:00
pdb: Fix CID 1427624 Resource leak
It's not exactly a resource leak (we only really realloc if we shrink
dramatically), but assigning the result from tdb_realloc looks nicer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13263
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e4f62d4e4b91395d46c99c2a5313b0536793cca7)
- - - - -
4360d83f by Volker Lendecke at 2018-02-11T11:12:08+01:00
winbind: Fix CID 1427626 Uninitialized scalar variable
Likely a false positive, but Coverity can't follow all the paths leading
to line 2030
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13263
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 92131d08987ac7c2fb219bf2e8300f3bc7b702f9)
- - - - -
d800e1cd by Volker Lendecke at 2018-02-11T11:12:08+01:00
pdb: Fix CID 1427620 Resource leak
It's not exactly a resource leak (we only really realloc if we shrink
dramatically), but assigning the result from tdb_realloc looks nicer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13263
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 4e5c9427085f001941adaf761b18740a2e169240)
- - - - -
099b7201 by Volker Lendecke at 2018-02-11T11:12:08+01:00
winbind: Fix CID 1427626 Uninitialized scalar variable
Likely a false positive, but Coverity can't follow all the paths leading
to line 1598.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13263
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Jan 17 23:58:34 CET 2018 on sn-devel-144
(cherry picked from commit 3be1e68ce69f7ab8ac2cac97920c0e7f65b5ed6f)
- - - - -
ae13d62d by Stefan Metzmacher at 2018-02-11T11:12:08+01:00
winbindd: fix LSA connections via DCERPC_AUTH_SCHANNEL
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13231
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 53484d0d98475f55ae3bd02e1a86b9c45b20e33d)
- - - - -
3a78306d by Stefan Metzmacher at 2018-02-11T11:12:08+01:00
winbindd: remove useless calls to get_trust_credentials() before cli_rpc_pipe_open_schannel_with_creds()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13231
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 1918a870c38c29bd3a05cd3f660ffe6623121bf3)
- - - - -
8cd948fe by Stefan Metzmacher at 2018-02-11T11:12:08+01:00
winbindd: add missing can_do_ncacn_ip_tcp initialisation
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13232
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 9fef5d1891e6c1aebea29fbfbb90e77631b7836c)
- - - - -
0f86338b by Ralph Boehme at 2018-02-11T11:12:08+01:00
winbindd: add routing_domain as parameter to add_trusted_domain
This also fixes the following CIDs:
CID 1427622: Null pointer dereferences (REVERSE_INULL)
CID 1427619: Null pointer dereferences (REVERSE_INULL)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13233
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 9a613f4bccf171c40ede3e6ead9236463fcc5883)
- - - - -
a8958733 by Stefan Metzmacher at 2018-02-11T11:12:08+01:00
s3:rpc_client: allow Netlogon{Network,Interactive}TransitiveInformation in rpccli_netlogon_password_logon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13234
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit fe47041b4bf8d2ef6f6f9ba15a80038f1c60da3f)
- - - - -
5dc2e891 by Stefan Metzmacher at 2018-02-11T11:12:08+01:00
s3:rpc_client: allow passing NetlogonNetwork[Transitive]Information to rpccli_netlogon_network_logon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13234
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 7329706a037fef75e8ced63bfb7ab93b64482eda)
- - - - -
74bbba0e by Stefan Metzmacher at 2018-02-11T11:12:08+01:00
winbindd: use Netlogon{Interactive,Network}TransitiveInformation on transitive trusts
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13234
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 70bb9c27cf8c464d5af79acbe11a0d2d0e20f5a8)
- - - - -
d1037277 by Stefan Metzmacher at 2018-02-11T11:12:08+01:00
winbindd: remove const from set_routing_domain()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13235
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit c5bd18c0021b428c669dbbc35f65a3d436b4add5)
- - - - -
296f677b by Stefan Metzmacher at 2018-02-11T11:12:08+01:00
winbindd: prepare find_auth_domain() transitive trusts on a DC
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13235
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit af9a37aa1925a18709365ceb93460d8ae0f66f51)
- - - - -
33d901ba by Stefan Metzmacher at 2018-02-11T11:12:08+01:00
winbindd: prepare find_lookup_domain_from_{name,sid}() transitive trusts on a DC
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13235
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 8b7bf6d4d81cde099d78cd9cc03aa085cec672d4)
- - - - -
5db31e7d by Stefan Metzmacher at 2018-02-11T11:12:08+01:00
s3:rpc_client: pass down lsa_LookupNamesLevel to dcerpc_lsa_lookup_sids_generic()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13236
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 7fc19747ef346df9cc72bb516b45a8309f462dd8)
- - - - -
304c95c2 by Stefan Metzmacher at 2018-02-11T11:12:08+01:00
winbindd: don't force using LSA_LOOKUP_NAMES_ALL for non workstation trusts.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13236
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 728fb7c593230abeb681854d924e4619d6f4cf37)
- - - - -
523ca1b4 by Ralph Boehme at 2018-02-11T11:12:08+01:00
winbindd: move loading of trusted domains on a DC to a seperate function
This allows using the split out function in a subsequent commit in the
MSG_WINBIND_NEW_TRUSTED_DOMAIN message handler.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4274ef681bf3b974ce99b8f21fda3a86a5b305bc)
- - - - -
e465b1fc by Ralph Boehme at 2018-02-11T11:12:08+01:00
winbindd: use add_trusted_domains_dc in wb_imsg_new_trusted_domain
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit d8e4e7cae57eb192c6fcab6b9aef95fb10eeb5a8)
- - - - -
cc7592e5 by Ralph Boehme at 2018-02-11T11:12:09+01:00
s4/rpc_server: remove unused data argument from MSG_WINBIND_NEW_TRUSTED_DOMAIN
winbindd doesn't use that data anymore.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit ffa9eb7d6453eb6c6f3a50ad72288d3891361752)
- - - - -
bf8e88d2 by Ralph Boehme at 2018-02-11T11:12:09+01:00
winbindd: rename MSG_WINBIND_NEW_TRUSTED_DOMAIN to MSG_WINBIND_RELOAD_TRUSTED_DOMAINS
This reflects the new implementation in winbindd.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 9f96ede6f500cc1a7c76e67ee785b44a99244d0d)
- - - - -
bf361c56 by Ralph Boehme at 2018-02-11T11:12:09+01:00
s4/rpc_server: trigger trusts reload in winbindd after successfull trust info acquisition
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 6151909c823016417f863c22e77c8a136f3fbb95)
- - - - -
2fae4128 by Stefan Metzmacher at 2018-02-11T11:12:09+01:00
winbindd: fix debug message in find_default_route_domain() on a DC
As we don't support multiple domains in a forest yet,
we don't need to print a warning a log level 0.
This also adds a missing \n.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13255
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit b112cbc2462edf810473026c133b0802d1e18468)
- - - - -
c549aa4f by Stefan Metzmacher at 2018-02-11T11:12:09+01:00
wbinfo: avoid segfault in wbinfo_auth_crap() if winbindd is not available
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13256
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 8b0e1a77ae5f7ef6d8db9a05718afa8d472a971b)
- - - - -
6fac5451 by Stefan Metzmacher at 2018-02-11T11:12:09+01:00
winbindd: add_trusted_domain_from_auth() should not use dns_name = ""
Check whether the DNS domain name in the info6 struct is actually more
then just an empty string. If it is we want to call add_trusted_domain()
with NULL as DNS domain name argument.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13257
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 2ee2551409e0bd0cd5bf130cc1e3736e58b8c14d)
- - - - -
05b79720 by Stefan Metzmacher at 2018-02-11T11:12:09+01:00
s3/rpc_client: add rpccli_netlogon_interactive_logon()
This will be used in a subsequent commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit be26a472ae082d612f9aec28c932d25e2317f9ba)
- - - - -
fb14f0ff by Stefan Metzmacher at 2018-02-11T11:12:09+01:00
winbindd: separate plaintext given and interactive in winbind_samlogon_retry_loop()
We need to handle 4 cases:
plaintext_given=true interactive=true
plaintext_given=false interactive=true
plaintext_given=true interactive=false
plaintext_given=false interactive=false
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit d1c3676197032487505e9069c0655427b5fd385c)
- - - - -
ce965d3b by Stefan Metzmacher at 2018-02-11T11:12:09+01:00
winbindd: add a comment to a parameter in _winbind_SamLogon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 2268f1c0dd1e8543c126553f80d94e80a1e32487)
- - - - -
41c06989 by Stefan Metzmacher at 2018-02-11T11:12:09+01:00
winbindd: pass 'bool interactive' to winbind_dual_SamLogon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 8c6c47aec0e91ab3944bea5f6eda8072f5db959d)
- - - - -
4dac1645 by Stefan Metzmacher at 2018-02-11T11:12:09+01:00
winbindd: handle interactive logons in _winbind_SamLogon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit d76bcdb0854cff9b08010d47469fd48324d902bc)
- - - - -
b06743ec by Stefan Metzmacher at 2018-02-11T11:12:09+01:00
winbindd: introduce a cm_connect_netlogon_secure() which gives a valid netlogon_creds_ctx
At lot of callers require a valid schannel connection.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13259
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit b60c634123ee00021efc5b5aaa03e1663474d3da)
- - - - -
dafb6140 by Stefan Metzmacher at 2018-02-11T11:12:09+01:00
s3/rpc_client: add copy_netr_SamInfo6() and map_validation_to_info6()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13260
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 60aa5e7657608c1a5519c03e690cce58efd67abd)
- - - - -
974b4ead by Stefan Metzmacher at 2018-02-11T11:12:09+01:00
winbindd: allow validation level 6 in winbind_SamLogon
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13260
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 1a9857369d2fae08fefef613cf6cbd3354092a4a)
- - - - -
f85ff761 by Stefan Metzmacher at 2018-02-11T11:12:09+01:00
s4/auth_winbind: ask for validation level 6
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13260
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e1ba81996033e7c2cfeba13124ee7f404ded2031)
- - - - -
e57baf76 by Stefan Metzmacher at 2018-02-11T11:12:09+01:00
s3/auth: add create_info6_from_pac()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13261
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit d4ba23fd353ad387a374a5d7f6f6d085a0699d2c)
- - - - -
95ca85d0 by Stefan Metzmacher at 2018-02-11T11:12:09+01:00
s3/rpc_client: add map_info6_to_validation()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13261
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 2b0181877806f171eee053c246dcb2eda2300261)
- - - - -
8269dc95 by Stefan Metzmacher at 2018-02-11T11:12:09+01:00
winbindd: get netr_SamInfo6 out of winbindd_dual_pam_auth_kerberos()
This way we don't loose dns_domain_name and user principal.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13261
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 021d75fb223630d06a256a605659abda9ece853f)
- - - - -
be33ac40 by Stefan Metzmacher at 2018-02-11T11:12:09+01:00
winbindd: call add_trusted_domain_from_auth() in winbindd_pam_auth_crap_done()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 42e445396881c5b6651a0dde0abde3d6bb0740bf)
- - - - -
c1ab6c5e by Stefan Metzmacher at 2018-02-11T11:12:10+01:00
winbindd: let winbindd_pam_auth_pac_send() compute info6 from PAC
This way we don't loose the DNS info and UPN. A subsequent commit will
let winbindd_pam_auth_pac_send() return the full validation info.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 5ce3cb2fb468d8798980b49d84568782becf25ea)
- - - - -
df6062e1 by Stefan Metzmacher at 2018-02-11T11:12:10+01:00
winbindd: complete WBFLAG_PAM_AUTH_PAC handling in winbindd_pam_auth_crap_send()
winbindd_pam_auth_crap_recv() should not have any real logic.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 5444cc4e7ed8ea0c063110f3b78f360d91b0b0a5)
- - - - -
7e8ee67c by Stefan Metzmacher at 2018-02-11T11:12:10+01:00
winbindd: rename winbindd_pam_auth_pac_send and let it return validation
Just a preperational step. The next commit will update the caller to
make use of the validation info.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 8422c001bec169a73657b1d638ec8ec4c35c243a)
- - - - -
ca877093 by Stefan Metzmacher at 2018-02-11T15:37:51+01:00
winbindd: WBFLAG_PAM_AUTH_PAC should call add_trusted_domain_from_auth() is the result is trusted
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Feb 10 13:08:50 CET 2018 on sn-devel-144
(cherry picked from commit 597e755328940fc964b861333b557b0650666b24)
Autobuild-User(v4-8-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-8-test): Sun Feb 11 15:37:51 CET 2018 on sn-devel-144
- - - - -
4b6a12ef by Karolin Seeger at 2018-02-12T08:36:33+01:00
WHATSNEW: Add release notes for Samba 4.8.0rc3.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
4348e647 by Karolin Seeger at 2018-02-12T08:36:33+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.8.0rc3 release.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
f20fcacb by Karolin Seeger at 2018-02-12T08:36:33+01:00
VERSION: Bump version up to 4.8.0rc4...
and disable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
11acdbe8 by Jamie McClymont at 2018-02-12T11:28:49+01:00
selftest: fix envvars for creation of default user in wait_for_start
Resolves failure of ad_member to start up under ad_dc (if
the user is determined to be needed).
Signed-off-by: Jamie McClymont <jamiemcclymont at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13225
Autobuild-User(master): Garming Sam <garming at samba.org>
Autobuild-Date(master): Tue Jan 16 07:12:01 CET 2018 on sn-devel-144
(cherry picked from commit 7a3f97f2662c6197913aeb50e5e3c0c09ff8307f)
- - - - -
83b2971f by Amitay Isaacs at 2018-02-12T11:28:49+01:00
ctdb-tests: Avoid race condition in sock_daemon test 5
This test fails when it takes more than 10s to run. This can occur
when the system is loaded and socket-wrapper is used.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 33c0f5599d93a34619c8f37945f79a6e399a1b5e)
- - - - -
e7af9b0b by Martin Schwenke at 2018-02-12T11:28:49+01:00
ctdb-tests: Add timeout for individual tests, default is 10 minutes
This will cause a hung test to time out and fail rather than letting a
test run hang indefinitely. Some tests can take 5 minutes to run, so
10 minutes should be plenty.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit da3aaf972ab5b339b51ba1e802329b69885ccfe4)
- - - - -
10ffffa6 by Martin Schwenke at 2018-02-12T11:28:49+01:00
ctdb-tests: Only use socket-wrapper for simple, local daemon tests
The run_tests.sh -S option now takes the path to the socker-wrapper
shared library.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit e17d02d4039001563d189b33200c30e3906ce845)
- - - - -
74e2d615 by Martin Schwenke at 2018-02-12T11:28:49+01:00
ctdb-tests: Add a UNIT pseudo-test-suite
This runs all of the unit tests.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 50150d75814de6a1e2cb28fb7af72caa31d73e3c)
- - - - -
6711e701 by Martin Schwenke at 2018-02-12T11:28:50+01:00
ctdb-tests: Fix a typo
This typo causes the script to be run with the default shell. If this
is not bash then the shell will fail to parse integration.bash.
This is a regression caused by commit
c607989d91b64d837253aae794b1a3d6013eb3e0. Clearly nobody has run this
test on Debian for a long time. :-(
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Wed Jan 24 10:28:52 CET 2018 on sn-devel-144
(cherry picked from commit 8b82d10856160d3b3f172bf7d45ac561002dbcac)
- - - - -
f093cdd2 by Martin Schwenke at 2018-02-12T15:54:28+01:00
ctdb-tests: Set test timeout to an hour
The current 10 minute timeout is causing autobuild failures in some
environments.
This timeout is simply meant to stop a test run from hanging
indefinitely due to a broken test. A 1 hour timeout is better than no
timeout.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Feb 8 04:42:56 CET 2018 on sn-devel-144
(cherry picked from commit a3485c41b826e307b31a1113abcea9843ca78540)
The last 6 patches address https://bugzilla.samba.org/show_bug.cgi?id=13265
Autobuild-User(v4-8-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-8-test): Mon Feb 12 15:54:28 CET 2018 on sn-devel-144
- - - - -
a46dc613 by Garming Sam at 2018-02-20T17:54:43+01:00
subnet: Avoid a segfault when renaming subnet objects
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13031
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(v4-8-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-8-test): Tue Feb 20 17:54:43 CET 2018 on sn-devel-144
- - - - -
4d47c722 by Sachin Prabhu at 2018-02-27T16:00:10+01:00
vfs_glusterfs: Add fallocate support for vfs_glusterfs
Adds fallocate support to the vfs glusterfs plugin.
v2: Add check for glusterfs-api version.
RHBZ: 1478875
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13303
Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jan 17 06:09:29 CET 2018 on sn-devel-144
(cherry picked from commit 0edce86e97a49f4bd79f4431015ac2b788105e46)
- - - - -
6b9c0943 by Poornima G at 2018-02-27T16:00:10+01:00
vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13297
Pair-Programmed-With: Anoop C S <anoopcs at redhat.com>
Signed-off-by: Poornima G <pgurusid at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Mon Feb 26 20:17:50 CET 2018 on sn-devel-144
(cherry picked from commit 46e6626f73f42c84f254507c3ec2b591e2e732ba)
- - - - -
e0025141 by Alexander Bokovoy at 2018-02-27T16:00:10+01:00
mit-kdb: support MIT Kerberos 1.16 KDB API changes
MIT Kerberos 1.16 adds ability to audit local and remote addresses
during AS_REQ processing. As result, audit_as_req callback signature
was changed to include the addresses and KDB API version was increased.
Change mit-kdb code to properly expose audit_as_req signature KDC
expects in 1.16 version. Also update #ifdefs to account for the new
KDB API version.
This commit does not add actual audit of the local and remote IP
addresses, it only makes it possible to compile against MIT Kerberos
1.16.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13304
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jan 19 01:36:22 CET 2018 on sn-devel-144
(cherry picked from commit 7c1c8c68174ed484fe86a0d9e429daad3a47a57d)
- - - - -
d1136294 by Volker Lendecke at 2018-02-27T16:00:11+01:00
vfs_fileid: Fix the 32-bit build
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13305
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit c6999a248ad78f75cbfcc0f461298021b20905b4)
- - - - -
3c426d6e by Stefan Metzmacher at 2018-02-27T16:00:11+01:00
winbindd: don't split the rid for SID_NAME_DOMAIN sids in wb_lookupsids
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13279
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 17c48f26dea5701feed1c24769348f332695391c)
- - - - -
41562d17 by Stefan Metzmacher at 2018-02-27T16:00:11+01:00
winbindd: initialize type = SID_NAME_UNKNOWN in wb_lookupsids_single_done()
We check for !NT_STATUS_LOOKUP_ERR(), but wb_lookupsid_recv()
only initializes the results together with NT_STATUS_OK.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13280
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit b5ffa0e21f74fa0c452df38cf50e542eb278562d)
- - - - -
00b55da6 by Stefan Metzmacher at 2018-02-27T16:00:11+01:00
s3:cli_lsarpc: use talloc_zero_array() in dcerpc_lsa_lookup_sids_generic()
It just feels better for such a complex function.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13281
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 5cae7da1de302b38ee0059590b1e93a3d60ee42c)
- - - - -
d90f8fee by Stefan Metzmacher at 2018-02-27T16:00:11+01:00
s3:cli_lsarpc: use talloc_zero_array() in dcerpc_lsa_lookup_names_generic()
It just feels better for such a complex function.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13281
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 569c910b950df24b22777c545fe9f6427a19b035)
- - - - -
2d1b48a7 by Stefan Metzmacher at 2018-02-27T16:00:11+01:00
winbindd: make use of talloc_zero_array() in wb_lookupsids*()
It just feels better for such a complex function.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13281
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit c376ab29d1d9f4b06fbb3a713029d79ecac80b59)
- - - - -
3bc00eca by Stefan Metzmacher at 2018-02-27T16:00:11+01:00
s4:torture: zero initialize variables in test_LookupSidsReply()
This avoids crashes if the server returns unexpected results. The test
should just report the failure in that case.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13282
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 7b86b94c71268cdab434ced74caedcdd5eb20e12)
- - - - -
2ba86390 by Stefan Metzmacher at 2018-02-27T16:00:11+01:00
nsswitch: fix double free errors in nsstest.c
We need to zero out static pointers on free.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13283
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit da784305e7b306664b79d30a734d45582f5bf4dd)
- - - - -
46f95077 by Stefan Metzmacher at 2018-02-27T16:00:11+01:00
traffic_packets.py: let Lookup{Sids,Names}() work against a sane server
In order to resolve predefined sids or names we need to use
level = LSA_LOOKUP_NAMES_ALL (1).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13284
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 1a258b6b0f667ec077639a7cfe826e5e25f46768)
- - - - -
92f0b552 by Stefan Metzmacher at 2018-02-27T16:00:11+01:00
provision: fix the 'dnsdomain' for the local sam of a domain member
A member has a local AD database, which should not use the 'dnsdomain'
as the one on domain controllers.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13285
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit b02de5ad3e04babe1565868c69422cfc778458d9)
- - - - -
0d4e2c88 by Ralph Boehme at 2018-02-27T16:00:11+01:00
rpcclient: fix variable initialisation and add parenthesis to if clauses
Just a few README.Coding fixes.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 9ccc6eef145c1f67e24cbb1c21402714f612c607)
- - - - -
5e399aae by Stefan Metzmacher at 2018-02-27T16:00:11+01:00
rpcclient: add lookupsids_level command
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 76868818e8b98a0cd4881d319e0735de5091b8b1)
- - - - -
d68a14e0 by Stefan Metzmacher at 2018-02-27T16:00:11+01:00
s4:rpc_server/lsa: use LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES/LSA_CLIENT_REVISION_1 in compat code
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 3909f8fcfe6b82575ad8974acacde3270ce849fe)
- - - - -
a4a619dd by Stefan Metzmacher at 2018-02-27T16:00:11+01:00
s4:rpc_server/lsa: make sure dcesrv_lsa_LookupSids_common() gets prepared [ref] pointers
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit f6e60d2c2e1f0a4eb6426c7da683abaa11babd05)
- - - - -
efe06efc by Stefan Metzmacher at 2018-02-27T16:00:11+01:00
s4:rpc_server/lsa: expect prepared [ref] pointers in dcesrv_lsa_LookupNames_common()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 3339a1c57266181570d5ca5e389719951f26b41d)
- - - - -
0c331d5b by Stefan Metzmacher at 2018-02-27T16:00:11+01:00
s4:rpc_server/lsa: make sure dcesrv_lsa_LookupNames2() gets prepared [ref] pointers
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit fe43dd8678e4f598e0ae802e3d93ad9b28988783)
- - - - -
62879feb by Stefan Metzmacher at 2018-02-27T16:00:11+01:00
s4:rpc_server/lsa: remove unused 'status' variable in dcesrv_lsa_LookupSids_common()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e8a0223633fd2e6ebb3d864570b76932bc3e293a)
- - - - -
42768011 by Stefan Metzmacher at 2018-02-27T16:00:12+01:00
s4:rpc_server/lsa: simplify [ref] pointer handling in dcesrv_lsa_LookupSids()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 5d868fd875803e361653ccca4e61c5c25dc114aa)
- - - - -
d210946f by Stefan Metzmacher at 2018-02-27T16:00:12+01:00
s4:rpc_server/lsa: simplify [ref] pointer handling in dcesrv_lsa_LookupNames()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 7c1c9bf53ffc24a25038326767e33f008c7a5552)
- - - - -
552b0f75 by Stefan Metzmacher at 2018-02-27T16:00:12+01:00
s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupSids_common()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit c0f6103ddea9a825f0f0dcf169e70a5f6a55c2e2)
- - - - -
7c8c5ed7 by Stefan Metzmacher at 2018-02-27T16:00:12+01:00
s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupSids2()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit c78c17dc2fbaf523d1957bb748aa75ecd81e793b)
- - - - -
b45afd30 by Stefan Metzmacher at 2018-02-27T16:00:12+01:00
s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupNames2()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit ec55c18ceda5c430eaec97c5d7e594941e3a31fc)
- - - - -
7ab3d8c0 by Stefan Metzmacher at 2018-02-27T16:00:12+01:00
s4:rpc_server/lsa: base dcesrv_lsa_LookupNames() on dcesrv_lsa_LookupNames_common()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 37cb34d16406d27831be74e952ee744e58b79fb4)
- - - - -
82a36e4a by Stefan Metzmacher at 2018-02-27T16:00:12+01:00
s4:rpc_server/lsa: base dcesrv_lsa_LookupNames2() on dcesrv_lsa_LookupNames_common()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e6c9984bd563525dc312b67fe69ea7e4be04ee4e)
- - - - -
6a2ff190 by Stefan Metzmacher at 2018-02-27T16:00:12+01:00
s4:rpc_server/lsa: prepare dcesrv_lsa_LookupSids* for async processing
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit ab7988aa2fd1a43f576a4b73a6893c61c7ef1957)
- - - - -
4e6f20a1 by Stefan Metzmacher at 2018-02-27T16:00:12+01:00
s4:rpc_server/lsa: prepare dcesrv_lsa_LookupNames* for async processing
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 9b6a0b1a63f2ebfbd578047401dfbe38606c8c44)
- - - - -
6075763e by Stefan Metzmacher at 2018-02-27T16:00:12+01:00
s4:dsdb: add dsdb_trust_domain_by_{sid,name}()
This gets the lsa_ForestTrustDomainInfo for the searched
domain as well as the lsa_TrustDomainInfoInfoEx for the
direct trust (which might be the same for external trust or
the forest root domain).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e9ace1852ff88ebb7778e8db9a49bc5c61512d16)
- - - - -
80266e19 by Stefan Metzmacher at 2018-02-27T16:00:12+01:00
libcli/security: add dom_sid_lookup_predefined_{sid,name}()
This basically implements [MS-LSAT] 3.1.1.1.1 Predefined Translation Database
and Corresponding View.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit d7780c66866144eba59408c03af50256825165ba)
- - - - -
5defe8cb by Stefan Metzmacher at 2018-02-27T16:00:12+01:00
test_trust_ntlm.sh: add lookup name tests
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 475a761637bbcc93edbe8d83fc13037e1087941a)
- - - - -
bd083ae7 by Stefan Metzmacher at 2018-02-27T16:00:12+01:00
s4:rpc_server/lsa: rewrite lookup sids/names code to honor the given lookup level
[MS-LSAT] 2.2.16 LSAP_LOOKUP_LEVEL defines the which views each level should
consult.
Up to now we support some wellknown sids, the builtin domain and our
account domain, but all levels query all views.
This commit implements 3 views (predefined, builtin, account domain)
+ a dummy winbind view (which will later be used to implement the
gc, forest and trust views)..
Depending on the level we select the required views.
This might not be perfect in all details, but it's enough
to pass all existing tests, which already revealed bugs
during the development of this patch.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 3801c417db5891ee4a45b09e8841d8f1ff4500f9)
- - - - -
d130e1f0 by Stefan Metzmacher at 2018-02-27T16:00:12+01:00
winbindd: implement wb_irpc_lsa_{LookupNames4,LookupSids3}()
This will be used by the LSA Server on an AD DC to request remote views
from trusts.
In future we should implement wb_lookupnames_send/recv similar to
wb_lookupsids_send/recv, but for now using wb_lookupname_send/recv in a loop
works as a first step.
We also need to make use of req->in.level and req->in.client_revision
once we want to support more than one domain within our own forest.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 3ffebee3de4aa313027779bc98cb6326fa17be85)
- - - - -
bb2dc6c9 by Stefan Metzmacher at 2018-02-27T16:00:12+01:00
s4:rpc_server/lsa: implement forwarding lsa_Lookup{Sids,Names}() requests to winbindd
This might not be perfect yet, but it's enough to allow names from trusted
forests/domain to be resolved, which is very important for samba based
domain members.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e9d5b8b6b41155a8a043275ae497bdb87044d476)
- - - - -
0fa49866 by Stefan Metzmacher at 2018-02-27T16:00:12+01:00
tests:dcerpc/raw_protocol: reproduce call_id truncation bug
We need to make sure the server handles call_id values > UINT16_MAX.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13289
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 65e8edb382fbc7450919aad8b42cfcae9e779d11)
- - - - -
a72353ac by Stefan Metzmacher at 2018-02-27T16:00:12+01:00
s4:rpc_server: fix call_id truncation in dcesrv_find_fragmented_call()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13289
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Feb 21 19:02:56 CET 2018 on sn-devel-144
(cherry picked from commit 5d113f80944f2e1d2a7e80f73aea7a4cfdfbd140)
- - - - -
0b69a7a3 by Stefan Metzmacher at 2018-02-27T16:00:13+01:00
s3:libsmb: allow -U"\\administrator" to work
cli_credentials_get_principal() returns NULL in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0786a65cabb92a812cf1c692d0d26914f74a6f87)
- - - - -
cacf4bbd by Stefan Metzmacher at 2018-02-27T16:00:13+01:00
s3:cliconnect.c: remove useless ';'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e039e9b0d2a16b21ace019b028e5c8244486b8a3)
- - - - -
f0a233dd by Garming Sam at 2018-02-27T16:00:13+01:00
tests/py_creds: Add a SamLogonEx test with an empty string domain
This test passes against 4.6, but failed against 4.7.5 and master.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 5c625eae3f54e8de434de26e9f6a0f2fde557c18)
- - - - -
e3bbe2c8 by Garming Sam at 2018-02-27T16:00:13+01:00
tests/bind.py: Add a bind test with NTLMSSP with no domain
Confirmed to pass against Windows 2012 R2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2e49a97777ebf5bffbeadca03517b4a21bca24c0)
- - - - -
73121c48 by Stefan Metzmacher at 2018-02-27T16:00:13+01:00
s4:auth_sam: allow logons with an empty domain name
It turns out that an empty domain name maps to the local SAM.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Feb 23 04:08:26 CET 2018 on sn-devel-144
(cherry picked from commit 57762229da971e837b923f09ca01bad6151f9419)
- - - - -
5eaf80b8 by Stefan Metzmacher at 2018-02-27T16:00:13+01:00
tevent: improve documentation of tevent_queue_add_optimize_empty()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13291
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 88d6703b89f9a7f847b6ec47d97569432927dcff)
- - - - -
8a29a03d by Stefan Metzmacher at 2018-02-27T16:00:13+01:00
tevent: add tevent_queue_entry_untrigger()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13291
Pair-Programmed-With: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 5c6f31697a8edb03d36eece5c79581b952743b5b)
- - - - -
5e43980e by Stefan Metzmacher at 2018-02-27T16:00:13+01:00
tevent: version 0.9.36
* improve documentation of tevent_queue_add_optimize_empty()
* add tevent_queue_entry_untrigger()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13291
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit f00c7cf9f5f325de0b754b127fcc0f07bea2d825)
- - - - -
456d7eb7 by Volker Lendecke at 2018-02-27T16:00:13+01:00
winbind: Improve child selection
This improves the situation when a client request blocks a winbind
child. This might be a slow samlogon or lookupnames to a domain that's
far away. With random selection of the child for new request coming in
we could end up with a long queue when other, non-blocked children
could serve those new requests. Choose the shortest queue.
This is an immediate and simple fix. Step two will be to have a
per-domain and not a per-child queue. Right now we're pre-selecting
the check-out queue at Fry's randomly without looking at the queue
length. With this change we're picking the shortest queue. The better
change will be what Fry's really does: One central queue and red/green
lights on the busy/free checkout counters.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13290
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Feb 12 19:51:35 CET 2018 on sn-devel-144
(cherry picked from commit b4384b7f0ecf3b47dd60acaf77636b679e3adc05)
- - - - -
be881cbc by Stefan Metzmacher at 2018-02-27T16:00:13+01:00
winbind: use tevent_queue_wait_send/recv in wb_child_request_*()
We need a way to keep the child->queue blocked without relying on
the current 'req' (wb_child_request_state).
The next commit will make use of this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13290
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit d29dda141e08af42c535e8718226f95c45aadab8)
- - - - -
4c1e32d5 by Stefan Metzmacher at 2018-02-27T16:00:13+01:00
winbind: protect a pending wb_child_request against a talloc_free()
If the (winbind) client gave up we call TALLOC_FREE(state->mem_ctx)
in remove_client(). This triggers a recursive talloc_free() for all
in flight requests.
In order to maintain the winbindd parent-child protocol, we need
to keep the orphaned wb_simple_trans request until the parent
got the response from the child.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13290
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 43af57d8728883c5ddbe169e1483181246fb68a8)
- - - - -
f9103fc0 by Stefan Metzmacher at 2018-02-27T16:00:13+01:00
winbind: call lp_winbind_enum_{users,groups}() already in set{pw,gr}ent()
This way we don't keep winbindd_cli_state->{pw,gr}ent_state arround forever,
if the client forgets an explicit end{pw,gr}ent().
This allows client_is_idle() return true in more cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13293
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 6548b82b5c1ed30ce14e17e4ba9d4bc24ab49c42)
- - - - -
00322968 by Stefan Metzmacher at 2018-02-27T16:00:13+01:00
winbind: cleanup winbindd_cli_state->grent_state if winbindd_getgrent_recv() returns an error
A client may skip the explicit endgrent() if getgrent() fails.
This allows client_is_idle() return true in more cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13293
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit b7789da8468c3f070727011639d5f74aca76cb59)
- - - - -
a993d0fc by Stefan Metzmacher at 2018-02-27T16:00:13+01:00
winbind: cleanup winbindd_cli_state->pwent_state if winbindd_getpwent_recv() returns an error
A client may skip the explicit endpwent() if getgrent() fails.
This allows client_is_idle() return true in more cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13293
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit b158d4e4c1c3fee0a8884bc5e8f0c5a5ce49687f)
- - - - -
3b490537 by Stefan Metzmacher at 2018-02-27T16:00:13+01:00
winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection
domain->dcname was converted from fstring to char * by commit
14bae61ba36814ea5eca7c51cf1cc039e9e6803f.
Luckily this was only ever called with an empty string in
state->request->data.init_conn.dcname.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13294
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit d73e3d451976e692c6c346f98547d7123f7b9006)
- - - - -
8996baad by Stefan Metzmacher at 2018-02-27T16:00:13+01:00
winbind: use state->{ev,request} in wb_domain_request_send()
This will reduce the diff for the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13295
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 4d804f5f3e65df0e2f646d4f88793cab8e2f32d1)
- - - - -
52de1322 by Stefan Metzmacher at 2018-02-27T16:00:13+01:00
winbind: improve wb_domain_request_send() to use wb_dsgetdcname_send() for a foreign domain
Commit ed3bc614cccec6167c64ac58d78344b6426cd019 got the logic wrong while
trying to implement the logic we had in init_child_connection(),
which was removed by commit d61f3626b79e0523beadff355453145aa7b0195c.
Instead of doing a WINBINDD_GETDCNAME request (which would caused an error
because the implementation was removed in commit
958fdaf5c3ba17969a5110e6b2b08babb9096d7e), we sent the callers request
and interpreted the result as WINBINDD_GETDCNAME response, which
led to an empty dcname variable. As result the domain child
opened a connection to the primary domain in order to lookup
a dc.
If we want to connect the primary domain from the parent via
a domain child of the primary domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13295
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 1f41193e005df37401a28004f0a95d4d73b98ccd)
- - - - -
f613d22a by Stefan Metzmacher at 2018-02-27T16:00:14+01:00
winbind: add idmap_child_handle() and use it instead of child->binding_handle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13292
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit c2d78a0a0a3f9b9ade61cf707f23e59a1a16c61b)
- - - - -
d4970bcc by Stefan Metzmacher at 2018-02-27T16:00:14+01:00
winbind: add locator_child_handle() and use it instead of child->binding_handle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13292
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 44ebaaac8933f5fc16a043b8c15a9449746af47b)
- - - - -
0dc0c594 by Stefan Metzmacher at 2018-02-27T16:00:14+01:00
winbind: make choose_domain_child() static
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13292
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 5116aff286bdffe4abc9ddda09cf64ab999fd13e)
- - - - -
04659852 by Volker Lendecke at 2018-02-27T16:00:14+01:00
winbind: Maintain a binding handle per domain and always go via wb_domain_request_send()
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13292
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit b518cb0597d269002105644302c58ca8f9f0f717)
- - - - -
95355500 by Stefan Metzmacher at 2018-02-27T16:00:14+01:00
winbind: Use one queue for all domain children
If we have multiple domain children, it's important
that the first idle child takes over the next waiting request.
Before we had the problem that a request could get stuck in the
queue of a busy child, while later requests could get served fine by
other children.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13292
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Feb 23 09:04:23 CET 2018 on sn-devel-144
(cherry picked from commit 7f2d45a6c2a88dd8833fc66d314ec21507dd52c3)
- - - - -
c6f69f7b by Stefan Metzmacher at 2018-02-27T16:00:14+01:00
dsdb/encrypted_secrets: remove dependency to libnettle and use our own aes_gcm_128_*()
We already rely on gnutls in order to implement SSL/TLS, so using that
to speed up crypto like aes gcm 128 is fine, but as we already have
code for that algorithm, we should use that instead of adding a new
dependency to libnettle.
Some (I guess newer versions) of gnutls use nettle internally, so
we may end up using that code, but we should not have a direct dependency.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13276
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 07844a9a13506b4ca9181cfde05d9e4170208f88)
- - - - -
cdcb8a95 by Stefan Metzmacher at 2018-02-27T16:00:14+01:00
s3:smb_macros.h: add IS_AD_DC as addition to IS_DC
In the long run we should remove this again (as well as IS_DC).
But for now this makes some code changes in winbindd easier to
follow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit c58f8c3cd84ab18d04bd39ad7d5f53676e092abb)
- - - - -
ceaf7acd by Stefan Metzmacher at 2018-02-27T16:00:14+01:00
winbind: force the usage of schannel in cm_connect_lsa() as AD DC
This makes sure we only talk to direct trusts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 3e17a3b7cd4083299037ba9377931bea792b2d18)
- - - - -
ae962f80 by Stefan Metzmacher at 2018-02-27T16:00:14+01:00
winbind: let cm_connect_netlogon_transport() only work against direct trust as AD DC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 532a14dc684e7a6d8c584d5671a4ebbad00aa4fc)
- - - - -
24f81708 by Stefan Metzmacher at 2018-02-27T16:00:14+01:00
winbind: make sure we don't contact trusted domains via SAMR as AD DC
This is not needed for the normal operation of an AD DC.
Administrators should just use other tools instead of
wbinfo to list and query users and groups.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 32a63e3ea985c967ca2aadbcd9e0c60ade2d0367)
- - - - -
f767b7b7 by Stefan Metzmacher at 2018-02-27T16:00:14+01:00
winbind: make sure we don't contact trusted domains via LDAP as AD DC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 18f27b5385240852e537cd5010cedb09f0bf233d)
- - - - -
61af154f by Stefan Metzmacher at 2018-02-27T16:00:14+01:00
winbind: set_dc_type_and_flags() is not needed on a DC
On a DC we load the trusts in the parent in add_trusted_domains_dc()
from our local configuration. There's no need to find out the trust details
via network calls.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 55c3af89f1b0baecf5e2d6c2646902edd0684aa8)
- - - - -
0b0664b4 by Stefan Metzmacher at 2018-02-27T16:00:14+01:00
winbind: don't try to do an authenticated SMB connection as AD DC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Feb 23 17:58:23 CET 2018 on sn-devel-144
(cherry picked from commit 06601b3a9293db35feda1b033fa864dc1a764164)
- - - - -
59725be6 by Garming Sam at 2018-02-27T16:00:14+01:00
tests/replica_sync: Add some additional replication in setUp
This should avoid some failures due to stale objects.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13269
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 19fcd872ec76afffbc4952266fdfad9a352c4871)
- - - - -
8d81d9bd by Garming Sam at 2018-02-27T16:00:14+01:00
tests/drs_base: Allow the net drs replicate to try with a single object
This eventually passes down the replicate single object exop.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ff9e63f976ef76f7f70221d4f6276e221ecd167f)
- - - - -
7e178970 by Garming Sam at 2018-02-27T16:00:14+01:00
selftest: Add RODC variables to list of those exported
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e694b8a1b993bf7213b191e1132c5d02e16ab85d)
- - - - -
c57f17b0 by Garming Sam at 2018-02-27T16:00:14+01:00
tests/replica_sync_rodc: Test conflict handling on an RODC
There are two cases we are interested in:
1) RODC receives two identical DNs which conflict
2) RODC receives a rename to a DN which already exists
Currently these issues are ignored, but the UDV and HWM are being
updated, leading to objects/updates being skipped.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 45d19167d52e42bd2f9369dbe37a233902cc81b0)
- - - - -
1765edc7 by Garming Sam at 2018-02-27T16:00:15+01:00
repl_metadata: Avoid silent skipping an object during DRS (due to RODC name collisions)
No error code was being set in this case, and so, we would commit the
HWM and UDV without actually having all the updates.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 59fa9e7ecf84bd4c2469e9a6835855769c4f6287)
- - - - -
633df988 by Garming Sam at 2018-02-27T16:00:15+01:00
repl_metadata: Avoid silent skipping an object during DRS (due to RODC rename collisions)
No error code was being set in this case, and so, we would commit the
HWM and UDV without actually having all the updates.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Garming Sam <garming at samba.org>
Autobuild-Date(master): Thu Feb 15 10:18:42 CET 2018 on sn-devel-144
(cherry picked from commit 9952eda7a1923971f77f3183cfa4c505386b30ee)
- - - - -
105a5b09 by Douglas Bagnall at 2018-02-27T20:59:27+01:00
repl_md: avoid returning LDB_SUCCESS on failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit bc56913271e9d3a30143ef5a45d32430766d9dc3)
Autobuild-User(v4-8-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-8-test): Tue Feb 27 20:59:28 CET 2018 on sn-devel-144
- - - - -
93cfa463 by Gary Lockyer at 2018-03-01T00:42:25+01:00
ldb tests: fix null test on incorrect variable
Fix up tests that were performing a null check on the wrong variable
after a call to ldb_msg_new
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Feb 24 15:50:35 CET 2018 on sn-devel-144
(cherry picked from commit 1ed693423d7a30c3810ddc1b6f052d376c8cd4e7)
- - - - -
da216fa4 by Andrew Bartlett at 2018-03-01T00:42:25+01:00
ldb_debug: Fix binary data in debug log
When duplicate objects were added, the GUID was printed in the debug log
The GUID was not escaped and therefore displayed as binary content.
This patch splits out the duplicate DN creation error and the duplicate
GIUD error. Duplicate DN's are a normal event and don't require debug
logging.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13185
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
(cherry picked from commit c5a14306c82f702f4788faea262c9ec6ade584cb)
- - - - -
7aee235f by Gary Lockyer at 2018-03-01T00:42:25+01:00
ldb_debug tests: Fix binary data in debug log
Tests to ensure:
When duplicate objects are added, the GUID was printed in the debug log
are passed through the escape function.
And that duplicate DN's do not generate debug log entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13185
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Feb 26 07:29:49 CET 2018 on sn-devel-144
(cherry picked from commit 2a85bcb3f486ae6f473b934bbe920d1733b7f7a4)
- - - - -
b0120b58 by Stefan Metzmacher at 2018-03-01T00:42:25+01:00
ldb: version 1.3.2
* Expose the SHOW_BINARY, ENABLE_TRACING and DONT_CREATE_DB flag constants
in the python api.
* Extend dn.is_child_of() test.
* Don't load LDB_MODULESDIR as a module file.
* Fix binary data in debug log (bug #13185).
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Feb 28 04:54:21 CET 2018 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13306
(cherry picked from commit cb58e188008bf920df88dc0212b9f9bb23263179)
- - - - -
222a3613 by Andrew Bartlett at 2018-03-01T00:42:25+01:00
WHATSNEW: Explain implications of GUID index change
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
95dd73c1 by Günther Deschner at 2018-03-01T00:42:25+01:00
build: fix libceph-common detection
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13277
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Feb 22 19:30:12 CET 2018 on sn-devel-144
(cherry picked from commit 6a59619844e0def505a6bfa778c17721c062e0ee)
- - - - -
a775187f by Ralph Boehme at 2018-03-01T00:42:25+01:00
vfs_fruit: use off_t, not size_t for TM size calculations
size_t is only a 32-bit integer on 32-bit platforms. We must use off_t
for file sizes.
https://bugzilla.samba.org/show_bug.cgi?id=13296
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit f9e2cb1369fa9636ff613a4e9c7387151409eafc)
- - - - -
896a5303 by Stefan Metzmacher at 2018-03-01T00:42:25+01:00
winbindd: disable support for CROSS_ORGANIZATION domains
We don't support selective authentication yet,
so we shouldn't silently allow domain wide authentication
for such a trust.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13299
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit afd97e72090aaf31b084646b5fcecaeb8cde653d)
- - - - -
b524562f by Stefan Metzmacher at 2018-03-01T00:42:26+01:00
s4:kdc: make use of dsdb_trust_parse_tdo_info() in samba_kdc_trust_message2entry()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13299
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 274209f5cd4eec2ffe4ffe12bfbb41eb8ed0c9df)
- - - - -
1d92e79c by Stefan Metzmacher at 2018-03-01T00:42:26+01:00
s4:kdc: only support LSA_TRUST_TYPE_UPLEVEL domains in samba_kdc_trust_message2entry()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13299
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit d0a813a173be630c2def93cc55e4514204d265a2)
- - - - -
4cfa1f5e by Stefan Metzmacher at 2018-03-01T06:08:56+01:00
s4:kdc: disable support for CROSS_ORGANIZATION domains
We don't support selective authentication yet,
so we shouldn't silently allow domain wide authentication
for such a trust.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13299
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Feb 28 19:45:13 CET 2018 on sn-devel-144
(cherry picked from commit 31b5328c46c5f510ba234f75688886987276ee9e)
Autobuild-User(v4-8-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-8-test): Thu Mar 1 06:08:56 CET 2018 on sn-devel-144
- - - - -
44685eb9 by Stefan Metzmacher at 2018-03-01T20:35:11+01:00
WHATSNEW: move descriptions of removed features to "REMOVED FEATURES"
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
608d1b81 by Stefan Metzmacher at 2018-03-01T20:35:11+01:00
WHATSNEW: reference 'smbclient reparse point symlink parameters reversed' to 'UPGRADING'
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
c76d2e06 by Stefan Metzmacher at 2018-03-01T20:35:11+01:00
WHATSNEW: add 'Improved support for trusted domains (as AD DC)' section
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
- - - - -
0486f44b by Ralph Boehme at 2018-03-01T20:35:11+01:00
WHATSNEW: document changed wbinfo -m --verbose output
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9d4ae41f by Karolin Seeger at 2018-03-01T21:02:15+01:00
WHATSNEW: Add changes since rc4.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
562b3857 by Karolin Seeger at 2018-03-01T21:02:59+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.8.0rc4 release.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
efaf354f by Karolin Seeger at 2018-03-01T21:03:53+01:00
VERSION: Bump version up to 4.8.0rc5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
e176cabd by Andreas Schneider at 2018-03-07T15:15:22+01:00
s3:smbd: Do not crash if we fail to init the session table
This should the following segfault with SMB1:
#6 sig_fault (sig=<optimized out>) at ../lib/util/fault.c:94
#7 <signal handler called>
#8 smbXsrv_session_create (conn=conn at entry=0x5654d3512af0, now=now at entry=131594481900356690, _session=_session at entry=0x7ffc93a778e8)
at ../source3/smbd/smbXsrv_session.c:1212
#9 0x00007f7618aa21ef in reply_sesssetup_and_X (req=req at entry=0x5654d35174b0) at ../source3/smbd/sesssetup.c:961
#10 0x00007f7618ae17b0 in switch_message (type=<optimized out>, req=req at entry=0x5654d35174b0) at ../source3/smbd/process.c:1726
#11 0x00007f7618ae3550 in construct_reply (deferred_pcd=0x0, encrypted=false, seqnum=0, unread_bytes=0, size=140, inbuf=0x0, xconn=0x5654d35146d0)
at ../source3/smbd/process.c:1762
#12 process_smb (xconn=xconn at entry=0x5654d3512af0, inbuf=<optimized out>, nread=140, unread_bytes=0, seqnum=0, encrypted=<optimized out>,
deferred_pcd=deferred_pcd at entry=0x0) at ../source3/smbd/process.c:2008
#13 0x00007f7618ae4c41 in smbd_server_connection_read_handler (xconn=0x5654d3512af0, fd=40) at ../source3/smbd/process.c:2608
#14 0x00007f761587eedb in epoll_event_loop_once () from /lib64/libtevent.so.0
Inspection the core shows that:
conn->client-session_table is NULL
conn->protocol is PROTOCOL_NONE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13315
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit a89a7146563f2d9eb8bc02f1c090158ee499c878)
- - - - -
d6753a1c by Dan Robertson at 2018-03-07T15:15:22+01:00
libsmb: Use smb2 tcon if conn_protocol >= SMB2_02
When the connection protocol is SMB2 the tid from the smb1 member is
used instead of smb2 in cli_state_set_tid which often results in a null
deref.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13310
Signed-off-by: Dan Robertson <drobertson at tripwire.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit b67ffaf518c971817b167b41bf6226cddfdcfd2f)
- - - - -
e73deca6 by Ralph Boehme at 2018-03-07T15:15:22+01:00
nsswitch: fix wbinfo -m --verbose trust type "Local"
Remove wrong "Local" strcmp(), there's another one, the correct one, a few lines
below. Since commit 95e3307917b5731ab883ee5fce530c5b559b4934
WBC_DOMINFO_TRUSTTYPE_NONE, which corresponded to the string "None" in the
winbindd response, is not used anymore.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13313
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Mar 2 05:49:18 CET 2018 on sn-devel-144
(cherry picked from commit f59f6cefa11c4866d2ede47d9c9b415e3d5e233d)
- - - - -
60c7969e by Stefan Metzmacher at 2018-03-07T20:18:51+01:00
WHATSNEW: Domain member setups require winbindd
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(v4-8-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-8-test): Wed Mar 7 20:18:51 CET 2018 on sn-devel-144
- - - - -
ccb38e96 by Ralph Boehme at 2018-03-13T10:23:09+01:00
CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete
Note that the request using the clearTextPassword attribute for the
password change is already correctly rejected by the server.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
231ed984 by Ralph Boehme at 2018-03-13T10:23:09+01:00
CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9a3f754e by Ralph Boehme at 2018-03-13T10:23:09+01:00
CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
be3c583e by Ralph Boehme at 2018-03-13T10:23:10+01:00
CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9e7dc491 by Ralph Boehme at 2018-03-13T10:23:10+01:00
CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
93e11c7f by Ralph Boehme at 2018-03-13T10:23:10+01:00
CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b152db93 by Ralph Boehme at 2018-03-13T10:23:10+01:00
CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
bd396088 by Ralph Boehme at 2018-03-13T10:23:10+01:00
CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
4e305473 by Ralph Boehme at 2018-03-13T10:23:10+01:00
CVE-2018-1057: s4/dsdb: correctly detect password resets
This change ensures we correctly treat the following LDIF
dn: cn=testuser,cn=users,...
changetype: modify
delete: userPassword
add: userPassword
userPassword: thatsAcomplPASS1
as a password reset. Because delete and add element counts are both
one, the ACL module wrongly treated this as a password change
request.
For a password change we need at least one value to delete and one value
to add. This patch ensures we correctly check attributes and their
values.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
f8ff72d7 by Ralph Boehme at 2018-03-13T10:23:10+01:00
CVE-2018-1057: s4:dsdb/acl: run password checking only once
This is needed, because a later commit will let the acl module add a
control to the change request msg and we must ensure that this is only
done once.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
6335660e by Ralph Boehme at 2018-03-13T10:23:10+01:00
CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
Will be used to pass "user password change" vs "password reset" from the
ACL to the password_hash module, ensuring both modules treat the request
identical.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
5c957af0 by Ralph Boehme at 2018-03-13T10:23:10+01:00
CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID
This is used to pass information about which password change operation (change
or reset) the acl module validated, down to the password_hash module.
It's very important that both modules treat the request identical.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
87b10d37 by Ralph Boehme at 2018-03-13T10:23:10+01:00
CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control
This is not strictly needed to fig bug 13272, but it makes sense to also
fix this while fixing the overall ACL checking logic.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
9f5577d3 by Mathieu Parent at 2018-03-13T10:53:27+01:00
Update d/gbp.conf and d/watch for 4.8
- - - - -
03e63dd9 by Jeremy Allison at 2018-03-13T15:58:25+01:00
CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11343
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(v4-8-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-8-test): Tue Mar 13 15:58:25 CET 2018 on sn-devel-144
- - - - -
9c2a2150 by Karolin Seeger at 2018-03-13T20:02:20+01:00
WHATSNEW: Add release notes for Samba 4.8.0.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
5a9d09fe by Karolin Seeger at 2018-03-13T20:02:20+01:00
VERSION: Bump version up to 4.8.0...
and disable GIT_SNAPSHOT for the 4.8.0 release.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
7c25ac38 by Mathieu Parent at 2018-03-13T20:30:51+01:00
New upstream version 4.8.0+dfsg
- - - - -
2164de60 by Mathieu Parent at 2018-03-13T20:37:13+01:00
Update upstream source from tag 'upstream/4.8.0+dfsg'
Update to upstream version '4.8.0+dfsg'
with Debian dir cd1e6051d971900ca480f7bf5921722b9189135a
- - - - -
10c823d5 by Jelmer Vernooij at 2018-03-13T22:12:02+01:00
Always specify rpath for private libraries
Last-Update: 2012-02-24
Applied-Upstream: no
- - - - -
f07cbbcf by Christian Perrier at 2018-03-13T22:12:02+01:00
64 bit fix for libsmbclient
Bug-Debian: http://bugs.debian.org/221618
Forwarded: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=221618#27
- - - - -
35ecf8b3 by Christian Perrier at 2018-03-13T22:12:02+01:00
Mention smbldap-tools package in examples/LDAP/README
Bug-Debian: http://bugs.debian.org/341934
Forwarded: not-needed
- - - - -
c2a52c5a by Steve Langasek at 2018-03-13T22:12:02+01:00
Use the pager alternative as pager is PAGER is undefined
Bug-Debian: http://bugs.debian.org/135603
Forwarded: not-needed
- - - - -
3d675bba by mathiaz at ubuntu.com at 2018-03-13T22:12:02+01:00
Enable net usershares by default at build time
Enable net usershares by default at build time, with a limit of 100, and update
the corresponding documentation.
Bug-Debian: http://bugs.debian.org/443230
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/128548
Forwarded: not-needed
- - - - -
c556b082 by Eloy A. Paris at 2018-03-13T22:12:02+01:00
Add "Debian" as vendor suffix
Forwarded: not-needed
- - - - -
b2a89dc4 by Jeroen Dekkers at 2018-03-13T22:12:03+01:00
Add so version number to private libraries for dpkg-shlibdeps
We also want dpkg-shlibdeps to generate correct dependency information
for the private libraries in our binary packages, but dpkg-shlibdeps
only works when the library has a version number.
Origin: vendor
Forwarded: not-needed
- - - - -
71e62114 by Brian May at 2018-03-13T22:12:03+01:00
Patch in symbol table from rfc3454, for Heimdal scripts
Status: cherry-picked from heimdal package
- - - - -
599c5516 by Mathieu Parent at 2018-03-13T22:18:22+01:00
Remove patches merged upstream
no_build_system.patch
systemd-syslog.target-is-obsolete.patch
Add-documentation-to-systemd-Unit-files.patch
fix_kill_path_in_units.patch
nmbd-requires-a-working-network.patch
CVE-2018-1050-11343-4.7.patch
CVE-2018-1057-v4-7.metze01.patches.txt
- - - - -
27333453 by Mathieu Parent at 2018-03-13T22:23:33+01:00
Bump build-depends talloc >= 2.1.11~, tdb >= 1.3.15~, tevent >= 0.9.36~ and ldb >= 2:1.3.2~
- - - - -
e8fb071c by Mathieu Parent at 2018-03-13T22:30:34+01:00
Update README.source
- - - - -
c20d4256 by Mathieu Parent at 2018-03-13T22:41:51+01:00
Drop Build-Conflicts-Arch: libaio-dev, vfs_aio_linux was dropped
- - - - -
97355828 by Mathieu Parent at 2018-03-13T22:41:52+01:00
Changelog for previous commits
- - - - -
2aa475bf by Mathieu Parent at 2018-03-15T11:13:56+01:00
Update instructions in debian/README.source
- - - - -
22 changed files:
- + .gitlab-ci.yml
- .travis.yml
- .ycm_extra_conf.py
- README.Coding
- VERSION
- WHATSNEW.txt
- auth/common_auth.h
- auth/credentials/credentials.c
- auth/credentials/credentials.h
- auth/credentials/credentials_krb5.c
- auth/credentials/credentials_ntlm.c
- auth/credentials/credentials_secrets.c
- auth/credentials/pycredentials.c
- auth/credentials/tests/bind.py
- auth/gensec/external.c
- auth/gensec/gensec.c
- auth/gensec/gensec.h
- auth/gensec/gensec_internal.h
- auth/gensec/gensec_start.c
- auth/gensec/gensec_util.c
- auth/gensec/ncalrpc.c
- auth/gensec/schannel.c
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/22cf7ca9f7f19f0ffb7d8ef379e378ac4a5a9cfa...2aa475bfebf5536bdfc2ca38d0f02c281aec4c29
---
View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/22cf7ca9f7f19f0ffb7d8ef379e378ac4a5a9cfa...2aa475bfebf5536bdfc2ca38d0f02c281aec4c29
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20180315/09fcb105/attachment-0001.html>
More information about the Pkg-samba-maint
mailing list