Volker Lendecke [Tue, 10 Nov 2020 20:25:56 +0000 (21:25 +0100)]
pylibsmb: Add set_sd()
setacl() on a fnum, available asynchronously
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 9 Nov 2020 20:43:19 +0000 (21:43 +0100)]
libsmb: Remove unused sync cli_smb2_set_security_descriptor()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Nov 2020 19:55:29 +0000 (20:55 +0100)]
libsmb: Make cli_set_security_descriptor() async
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 9 Nov 2020 20:40:28 +0000 (21:40 +0100)]
torture3: cli_set_security_descriptor() does smb2 as well
Remove a direct caller
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 11 Nov 2020 12:20:39 +0000 (13:20 +0100)]
pylibsmb: Move get_acl() to python
The previous code was not available in threaded environments
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Nov 2020 20:25:56 +0000 (21:25 +0100)]
pylibsmb: Add get_sd()
getacl() on a fnum, available asynchronously
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 9 Nov 2020 20:43:19 +0000 (21:43 +0100)]
libsmb: Remove unused sync cli_smb2_query_security_descriptor()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 9 Nov 2020 20:37:10 +0000 (21:37 +0100)]
libsmb: Make cli_query_security_descriptor() async
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 9 Nov 2020 20:40:28 +0000 (21:40 +0100)]
torture3: cli_query_security_descriptor() does smb2 as well
Remove a direct caller
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 11 Nov 2020 10:33:18 +0000 (11:33 +0100)]
pylibsmb: Export a few SMB constants
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 9 Nov 2020 18:48:21 +0000 (19:48 +0100)]
pylibsmb: Merge remove_dir() into its only caller
Now that delete_tree is in python code, align py_smb_rmdir() with the
other functions.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 9 Nov 2020 18:48:21 +0000 (19:48 +0100)]
pylibsmb: Merge unlink_file() into its only caller
Now that delete_tree is in python code, align py_smb_unlink() with the
other functions.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Nov 2020 21:08:00 +0000 (22:08 +0100)]
pylibsmb: Move deltree to python code
This is much shorter. There's also another aspect: I'm working on
improving cli_list() to not collect all files before starting to call
the callback function. This means that the cli_list cb will be called
from within tevent_loop_once(). In pylibsmb.c's deltree code this
would create a nested event loop. By moving the deltree code into the
python world this nested event loop is avoided. Now the python code
will first collect everything and then start to delete, avoiding the
nesting. A future development should make listing directories a
generator or something like that.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 11 Nov 2020 10:20:29 +0000 (11:20 +0100)]
pylibsmb: Add a compatible python-level wrapper
Right now this is empty, but it is the basis for moving complexity out
or pylibsmb.c into python code.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Fri, 13 Nov 2020 22:18:43 +0000 (14:18 -0800)]
libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob.
Blob could be NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14210
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Nov 16 09:47:38 UTC 2020 on sn-devel-184
Günther Deschner [Tue, 10 Nov 2020 16:10:27 +0000 (17:10 +0100)]
s4-torture: test file_line_parse as well
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Nov 13 17:47:33 UTC 2020 on sn-devel-184
Jeremy Allison [Tue, 10 Nov 2020 21:52:01 +0000 (13:52 -0800)]
lib: Fix file_lines_parse() to do what people expect. Much safer to use.
Take an incoming const char * pointer and return an allocated
array that must be freed. Don't expose the internal optimization
of file_lines_parse_internal() breaking the passed in string
into lines.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Jeremy Allison [Tue, 10 Nov 2020 21:43:24 +0000 (13:43 -0800)]
lib: create a wrapper for file_lines_parse().
Make the internal function file_lines_parse_internal().
Currently file_lines_parse() just wraps file_lines_parse_internal(),
but this allows me to change file_lines_parse() to take
a const char * to make it safe for callers (no talloc tricks).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Gary Lockyer [Tue, 10 Nov 2020 03:57:11 +0000 (16:57 +1300)]
tests python krb5: add arcfour salt tests
MIT kerberos returns a salt when ARCFOUR_HMAC_MD5 encryption selected,
Heimdal does not.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov 12 22:54:22 UTC 2020 on sn-devel-184
Gary Lockyer [Tue, 10 Nov 2020 03:56:46 +0000 (16:56 +1300)]
tests python krb5: refactor compatability tests
Refactor to aid the adding of tests for the inclusion of a salt when
ARCFOUR_HMAC_MD5 encryption selected
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 5 Nov 2020 20:07:04 +0000 (09:07 +1300)]
tests python krb5: Convert kdc-heimdal to python
Implement the tests in source4/torture/krb5/kdc-heimdal.c in python.
The following tests were not re-implemented as they are client side
tests for the "Orpheus Lyre" attack:
TORTURE_KRB5_TEST_CHANGE_SERVER_OUT
TORTURE_KRB5_TEST_CHANGE_SERVER_IN
TORTURE_KRB5_TEST_CHANGE_SERVER_BOTH
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 10 Nov 2020 00:51:39 +0000 (13:51 +1300)]
tests python krb5: raw_testcase permit RC4 salts
MIT kerberos returns a salt when ARCFOUR_HMAC_MD5, this commit removes
the check that a salt is not returned. A test for the difference
between MIT and Heimdal will be added in the subsequent commits.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 9 Nov 2020 22:20:58 +0000 (11:20 +1300)]
tests python krb5: Refactor compatability test constants
Modify tests to use the constants defined in rfc4120_constants.py
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 9 Nov 2020 22:20:03 +0000 (11:20 +1300)]
tests python krb5: Refactor canonicalization test constants
Modify tests to use the constants defined in rfc4120_constants.py
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 9 Nov 2020 22:19:02 +0000 (11:19 +1300)]
tests python krb5: Add constants module
Extract the constants used in the tests into a separate module.
To reduce code duplication
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Anoop C S [Thu, 12 Nov 2020 14:57:24 +0000 (20:27 +0530)]
vfs_shadow_copy2: Preserve all open flags assuming ROFS
Instead of replacing open flags with just O_RDONLY, filter out all those
flags unrelated to a Read Only File System
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14573
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Nov 12 17:23:19 UTC 2020 on sn-devel-184
Andreas Schneider [Wed, 11 Nov 2020 12:42:06 +0000 (13:42 +0100)]
s3:smbd: Fix possible null pointer dereference in token_contains_name()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14572
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Nov 12 15:13:47 UTC 2020 on sn-devel-184
Alexander Bokovoy [Wed, 11 Nov 2020 12:42:55 +0000 (14:42 +0200)]
auth_sam: use pdb_get_domain_info to look up DNS forest information
When Samba is used as a part of FreeIPA domain controller, Windows
clients for a trusted AD forest may try to authenticate (perform logon
operation) as a REALM\name user account.
Fix auth_sam plugins to accept DNS forest name if we are running on a DC
with PASSDB module providing domain information (e.g. pdb_get_domain_info()
returning non-NULL structure). Right now, only FreeIPA or Samba AD DC
PASSDB backends return this information but Samba AD DC configuration is
explicitly ignored by the two auth_sam (strict and netlogon3) modules.
Detailed logs below:
[2020/11/11 09:23:53.281296, 1, pid=42677, effective(65534, 65534), real(65534, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:482(ndr_print_function_debug)
netr_LogonSamLogonWithFlags: struct netr_LogonSamLogonWithFlags
in: struct netr_LogonSamLogonWithFlags
server_name : *
server_name : '\\master.ipa.test'
computer_name : *
computer_name : 'AD1'
credential : *
credential: struct netr_Authenticator
cred: struct netr_Credential
data :
529f4b087c5f6546
timestamp : Wed Nov 11 09:23:55 AM 2020 UTC
return_authenticator : *
return_authenticator: struct netr_Authenticator
cred: struct netr_Credential
data :
204f28f622010000
timestamp : Fri May 2 06:37:50 AM 1986 UTC
logon_level : NetlogonNetworkTransitiveInformation (6)
logon : *
logon : union netr_LogonLevel(case 6)
network : *
network: struct netr_NetworkInfo
identity_info: struct netr_IdentityInfo
domain_name: struct lsa_String
length : 0x0010 (16)
size : 0x01fe (510)
string : *
string : 'IPA.TEST'
parameter_control : 0x00002ae0 (10976)
0: MSV1_0_CLEARTEXT_PASSWORD_ALLOWED
0: MSV1_0_UPDATE_LOGON_STATISTICS
0: MSV1_0_RETURN_USER_PARAMETERS
0: MSV1_0_DONT_TRY_GUEST_ACCOUNT
1: MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
1: MSV1_0_RETURN_PASSWORD_EXPIRY
1: MSV1_0_USE_CLIENT_CHALLENGE
0: MSV1_0_TRY_GUEST_ACCOUNT_ONLY
1: MSV1_0_RETURN_PROFILE_PATH
0: MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY
1: MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
0: MSV1_0_DISABLE_PERSONAL_FALLBACK
1: MSV1_0_ALLOW_FORCE_GUEST
0: MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED
0: MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY
0: MSV1_0_ALLOW_MSVCHAPV2
0: MSV1_0_S4U2SELF
0: MSV1_0_CHECK_LOGONHOURS_FOR_S4U
0: MSV1_0_SUBAUTHENTICATION_DLL_EX
logon_id : 0x0000000000884ef2 (
8933106)
account_name: struct lsa_String
length : 0x000e (14)
size : 0x000e (14)
string : *
string : 'idmuser'
workstation: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : *
string : ''
challenge :
417207867bd33c74
nt: struct netr_ChallengeResponse
length : 0x00c0 (192)
size : 0x00c0 (192)
data : *
data: ARRAY(192)
[0000] A5 24 62 6E 31 DF 69 66 9E DC 54 D6 63 4C D6 2F .$bn1.if ..T.cL./
[0010] 01 01 00 00 00 00 00 00 50 37 D7 60 0C B8 D6 01 ........ P7.`....
[0020] 15 1B 38 4F 47 95 4D 62 00 00 00 00 02 00 0E 00 ..8OG.Mb ........
[0030] 57 00 49 00 4E 00 32 00 30 00 31 00 36 00 01 00 W.I.N.2. 0.1.6...
[0040] 06 00 41 00 44 00 31 00 04 00 18 00 77 00 69 00 ..A.D.1. ....w.i.
[0050] 6E 00 32 00 30 00 31 00 36 00 2E 00 74 00 65 00 n.2.0.1. 6...t.e.
[0060] 73 00 74 00 03 00 20 00 61 00 64 00 31 00 2E 00 s.t... . a.d.1...
[0070] 77 00 69 00 6E 00 32 00 30 00 31 00 36 00 2E 00 w.i.n.2. 0.1.6...
[0080] 74 00 65 00 73 00 74 00 05 00 18 00 77 00 69 00 t.e.s.t. ....w.i.
[0090] 6E 00 32 00 30 00 31 00 36 00 2E 00 74 00 65 00 n.2.0.1. 6...t.e.
[00A0] 73 00 74 00 07 00 08 00 50 37 D7 60 0C B8 D6 01 s.t..... P7.`....
[00B0] 06 00 04 00 02 00 00 00 00 00 00 00 00 00 00 00 ........ ........
lm: struct netr_ChallengeResponse
length : 0x0018 (24)
size : 0x0018 (24)
data : *
data :
000000000000000000000000000000000000000000000000
validation_level : 0x0006 (6)
flags : *
flags : 0x00000000 (0)
0: NETLOGON_SAMLOGON_FLAG_PASS_TO_FOREST_ROOT
0: NETLOGON_SAMLOGON_FLAG_PASS_CROSS_FOREST_HOP
0: NETLOGON_SAMLOGON_FLAG_RODC_TO_OTHER_DOMAIN
0: NETLOGON_SAMLOGON_FLAG_RODC_NTLM_REQUEST
In such case checks for a workgroup name will not match the DNS forest
name used in the username specification:
[2020/11/11 09:23:53.283055, 3, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:200(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [IPA.TEST]\[idmuser]@[] with the new password interface
[2020/11/11 09:23:53.283073, 3, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:203(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [IPA.TEST]\[idmuser]@[]
[2020/11/11 09:23:53.283082, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:213(auth_check_ntlm_password)
check_ntlm_password: auth_context challenge created by fixed
[2020/11/11 09:23:53.283091, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:216(auth_check_ntlm_password)
challenge is:
[2020/11/11 09:23:53.283099, 5, pid=42677, effective(65534, 65534), real(65534, 0)] ../../lib/util/util.c:678(dump_data)
[0000] 41 72 07 86 7B D3 3C 74 Ar..{.<t
[2020/11/11 09:23:53.283113, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth_sam.c:209(auth_sam_netlogon3_auth)
auth_sam_netlogon3_auth: Check auth for: [IPA.TEST]\[idmuser]
[2020/11/11 09:23:53.283123, 5, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth_sam.c:234(auth_sam_netlogon3_auth)
auth_sam_netlogon3_auth: IPA.TEST is not our domain name (DC for IPA)
[2020/11/11 09:23:53.283131, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:249(auth_check_ntlm_password)
auth_check_ntlm_password: sam_netlogon3 had nothing to say
and overall authentication attempt will fail: auth_winbind will complain
that this domain is not a trusted one and refuse operating on it:
[2020/11/11 09:23:53.283784, 10, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd.c:742(process_request_send)
process_request_send: process_request: Handling async request smbd(42677):PAM_AUTH_CRAP
[2020/11/11 09:23:53.283796, 3, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_pam_auth_crap.c:110(winbindd_pam_auth_crap_send)
[42677]: pam auth crap domain: [IPA.TEST] user: idmuser
[2020/11/11 09:23:53.283810, 3, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_pam.c:409(find_auth_domain)
Authentication for domain [IPA.TEST] refused as it is not a trusted domain
[2020/11/11 09:23:53.283825, 10, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd.c:810(process_request_done)
process_request_done: [smbd(42677):PAM_AUTH_CRAP]: NT_STATUS_NO_SUCH_USER
[2020/11/11 09:23:53.283844, 10, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd.c:855(process_request_written)
process_request_written: [smbd(42677):PAM_AUTH_CRAP]: delivered response to client
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 6 Nov 2020 11:35:04 +0000 (12:35 +0100)]
selftest/subunithelper: also output as much of unterminated DETAILS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Nov 11 22:43:46 UTC 2020 on sn-devel-184
Stefan Metzmacher [Thu, 5 Nov 2020 13:19:11 +0000 (14:19 +0100)]
selftest/subunithelper: only let ']\n' lines to terminate
It should not be enough that a line ends with ']\n' is accident,
subunit DETAILS are terminated with '\n]\n'!
This gives a much higher chance to see the actual problem
without having them filtered by various 'filter-subunit' invocations.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Stefan Metzmacher [Thu, 5 Nov 2020 12:46:27 +0000 (13:46 +0100)]
SambaToolCmdTest: let assertCmdSuccess() escape ']\n' lines
This gives a much higher chance to see the actual problem
without having them filtered by various 'filter-subunit' invocations.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Stefan Metzmacher [Fri, 6 Nov 2020 11:32:10 +0000 (12:32 +0100)]
testprogs/blackbox: make sure subunit.sh always terminates DETAILS with '\n]\n'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Jeremy Allison [Tue, 10 Nov 2020 18:18:18 +0000 (10:18 -0800)]
s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function.
file_lines_parse() plays horrible tricks with
the passed-in talloc pointers and the hierarcy
which makes freeing hard to get right.
As we know mem_ctx is freed by the caller, after
calling file_lines_parse don't free on exit and let the caller
handle it. This violates good Samba coding practice
but we know we're not leaking here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Nov 11 15:02:27 UTC 2020 on sn-devel-184
Alexander Bokovoy [Tue, 10 Nov 2020 15:35:24 +0000 (17:35 +0200)]
lookup_name: allow lookup names prefixed with DNS forest root for FreeIPA DC
In FreeIPA deployment with active Global Catalog service, when a two-way
trust to Active Directory forest is established, Windows systems can
look up FreeIPA users and groups. When using a security tab in Windows
Explorer on AD side, a lookup over a trusted forest might come as
realm\name instead of NetBIOS domain name:
--------------------------------------------------------------------
[2020/01/13 11:12:39.859134, 1, pid=33253, effective(
1732401004,
1732401004), real(
1732401004, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:471(ndr_print_function_debug)
lsa_LookupNames3: struct lsa_LookupNames3
in: struct lsa_LookupNames3
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
0000000e-0000-0000-1c5e-
a750e5810000
num_names : 0x00000001 (1)
names: ARRAY(1)
names: struct lsa_String
length : 0x001e (30)
size : 0x0020 (32)
string : *
string : 'ipa.test\admins'
sids : *
sids: struct lsa_TransSidArray3
count : 0x00000000 (0)
sids : NULL
level : LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 (6)
count : *
count : 0x00000000 (0)
lookup_options : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0)
client_revision : LSA_CLIENT_REVISION_2 (2)
--------------------------------------------------------------------
If we are running as a DC and PASSDB supports returning domain info
(pdb_get_domain_info() returns a valid structure), check domain of the
name in lookup_name() against DNS forest name and allow the request to
be done against the primary domain. This corresponds to FreeIPA's use of
Samba as a DC. For normal domain members a realm-based lookup falls back
to a lookup over to its own domain controller with the help of winbindd.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Nov 11 10:59:01 UTC 2020 on sn-devel-184
Andrew Bartlett [Tue, 10 Nov 2020 00:50:37 +0000 (13:50 +1300)]
selftest: Windows 2019 implements the RemoveDollar behaviour for Enterprise principals
This is documented in MS-KILE.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed Nov 11 02:38:46 UTC 2020 on sn-devel-184
Andrew Bartlett [Mon, 9 Nov 2020 22:27:06 +0000 (11:27 +1300)]
selftest: Add in encrypted-pa-data from RFC 6806
This comes from Windows 2019 which supports FAST.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Mon, 9 Nov 2020 22:21:24 +0000 (11:21 +1300)]
selftest: Fix formatting of failure (traceback and options swapped in format string)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Nov 2020 00:47:30 +0000 (13:47 +1300)]
selftest: Make as_canonicalization_tests.py auto-detect the NT4 domain name
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Nov 2020 00:46:28 +0000 (13:46 +1300)]
samdb: Add samdb.domain_netbios_name()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Mon, 9 Nov 2020 22:12:13 +0000 (11:12 +1300)]
selftest: Make as_canonicalization_tests.py easier to run outside "make test"
This takes the realm from the LDAP base DN and so avoids one
easy mistake to make. So far the NT4 domain name is not
auto-detected, so much be read from the smb.conf.
By using .guess() the smb.conf is read for the unspecified
parts (eg workstation for an NTLM login to the LDAP server if
the target server is an IP address).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Mon, 9 Nov 2020 22:09:59 +0000 (11:09 +1300)]
selftest: Fix flipped machine and user constants
This naturally does not change the test, but reduces developer
confusion.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Mon, 9 Nov 2020 22:09:13 +0000 (11:09 +1300)]
selftest: Send enterprise principals tagged as such
This test passed against Samba but failed against Windows when
an enterprise principal (user@domain.com@REALM) was encoded as
NT_PRINCIPAL.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Volker Lendecke [Wed, 4 Nov 2020 11:39:48 +0000 (12:39 +0100)]
locking: hide share_mode_lock definition
This makes "struct share_mode_lock" an opaque data structure opened up
only to the code in locking/. This makes it much safer to modify the
data structure with defined accessor functions in share_mode_lock.c.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 10 21:12:48 UTC 2020 on sn-devel-184
Volker Lendecke [Thu, 5 Nov 2020 14:39:51 +0000 (15:39 +0100)]
locking: move share_mode_flags_[gs]et to share_mode_lock.c
These routines parse and marshall the uint16 summary flag in
share_mode_data. open_file_ntcreate() and open_directory() are the
only real users of this. The user in oplock.c is just the lazy reset
of the "read lease exists somewhere" after asynchronously breaking
read oplocks after a write request.
This moves handling the flags into locking/ to consolidate data
structure handling of "share_mode_data" there.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 5 Nov 2020 09:42:10 +0000 (10:42 +0100)]
smbd: Avoid references to share_mode_data->id
When calling open_mode_check() we know the file id. We can pass it to
the lower levels without dereferencing struct share_mode_lock.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 5 Nov 2020 09:39:10 +0000 (10:39 +0100)]
smbd: Remove a variable used just once
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 14:51:51 +0000 (15:51 +0100)]
smbd: Don't set share_mode_lock modified in grant_new_fsp_lease()
A new lease never triggers a retry. Setting d->modified to true just
triggered the watchers needlessly.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 14:28:16 +0000 (15:28 +0100)]
net_tdb: Use share_mode_data_dump()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 14:27:56 +0000 (15:27 +0100)]
locking: Add share_mode_data_dump() accessor function
This is a special case for net tdb dump. The alternative would be to
change the net tdb dump behaviour.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 14:12:33 +0000 (15:12 +0100)]
net_tdb: Use share_mode_filename()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 14:11:40 +0000 (15:11 +0100)]
net_tdb: Use share_mode_servicepath()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 14:09:40 +0000 (15:09 +0100)]
net_tdb: Slightly restructure net_tdb_locking()
Remove the net_tdb_locking_fetch() subroutine. All of net_tdb_locking() is
still very simple, and net_tdb_locking_fetch() did the fetch as such plus
parsing the hex key. With this restructuring it was possible to avoid a direct
reference to lck->data->id.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 12:46:02 +0000 (13:46 +0100)]
smbd: Use share_mode_servicepath() in scavenger.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 12:42:03 +0000 (13:42 +0100)]
locking: Add share_mode_servicepath() accessor function
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 12:35:26 +0000 (13:35 +0100)]
smbd: Avoid share_mode_lock dereference in scavenger
Pass "struct file_id" to callees without accessing share_mode_lock
internals
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 12:32:14 +0000 (13:32 +0100)]
smbd: Use share_mode_filename() in scavenger.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 12:20:09 +0000 (13:20 +0100)]
smbstatus: Use share_mode_filename()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 12:19:46 +0000 (13:19 +0100)]
locking: Add share_mode_filename() accessor function
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 12:00:55 +0000 (13:00 +0100)]
smbd: Use share_mode_changed_write_time() in smbd/close.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 11:53:47 +0000 (12:53 +0100)]
smbd: Use share_mode_changed_write_time() in durable_disconnect()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 11:53:29 +0000 (12:53 +0100)]
locking: Add share_mode_changed_write_time() accessor function
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 11:53:03 +0000 (12:53 +0100)]
smbd: Move setting d->modified=true to reset_share_mode_entry()
This function is only called from
vfs_default_durable_reconnect(). It is really the lower-level routine
that triggers the write of the locking.tdb record.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Nov 2020 16:36:08 +0000 (17:36 +0100)]
locking: Make share_mode_watch_send() take "share_mode_lock"
This makes clear that this can only be done under a lock
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 10:34:54 +0000 (11:34 +0100)]
smbd: Move "struct share_mode_lock" to share_mode_lock.h
share_mode_lock.c is where it's created
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Nov 2020 12:25:57 +0000 (13:25 +0100)]
smbd: Move share_mode_cleanup_disonnected() to scavenger.c
Reduce the complexity of share_mode_lock.c, scavenger.c is the only
user of this routine.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 28 Oct 2020 11:09:39 +0000 (12:09 +0100)]
smbd: Give locking/share_mode_lock.c its own header file
To me this is then easier to figure out what is defined there, and
where it's exactly used.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 10:29:21 +0000 (11:29 +0100)]
smbd: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 10:12:59 +0000 (11:12 +0100)]
passdb: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 4 Nov 2020 10:09:06 +0000 (11:09 +0100)]
auth: Align an integer type
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 30 Oct 2020 14:43:03 +0000 (15:43 +0100)]
vfs_error_inject: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Nov 2020 11:33:12 +0000 (12:33 +0100)]
lib: Slightly optimize smb_fname_str_dbg()
Don't leak "fname"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 30 Oct 2020 10:04:21 +0000 (11:04 +0100)]
lib: Fix a theoretical out-of-bounds write
This routine looked fishy: We do cap_vals[num_cap_vals++] = XXX based
on #ifdefs and capabilities. Then later on we did a check that we did
not overwrite the stack. The change I did is to just count the number
of num_cap_vals++, right now it's 5. I know it is in different switch
branches, but with the #ifdefs it's a bit clumsy to read the exact
number of actual num_cap_vals++ that can happen in one run. On debian
buster, cap_val_t is an int, so this is not really wasting too much.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 30 Oct 2020 10:02:31 +0000 (11:02 +0100)]
lib: Fix a signed/unsigned warning
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 28 Oct 2020 14:40:39 +0000 (15:40 +0100)]
smbd: Use ISDOT[DOT] in can_delete_directory_fsp()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 28 Oct 2020 10:47:49 +0000 (11:47 +0100)]
locking: Remove an unused anonymous struct reference
This was used in share_mode_do_locked()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 26 Oct 2020 10:51:44 +0000 (11:51 +0100)]
lib: Move generate_unique_u64_state into generate_unique_u64()
Make clear that generate_unique_u64() is the only function referencing
it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Mon, 9 Nov 2020 19:50:09 +0000 (11:50 -0800)]
lib: talloc: Remove the ALWAYS_REALLOC code paths.
This is now never set, and also never tested, and only makes
the talloc code more complicated.
Once this is gone we can start looking at the memlimit
stuff.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Björn Jacke [Fri, 30 Oct 2020 11:59:06 +0000 (12:59 +0100)]
winbind: alternatively use prama fini for destructors if supported
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 10 08:17:53 UTC 2020 on sn-devel-184
Björn Jacke [Fri, 30 Oct 2020 11:57:42 +0000 (12:57 +0100)]
talloc: alternatively use prama init for constructors if supported
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Fri, 30 Oct 2020 11:55:54 +0000 (12:55 +0100)]
waf: check for pragma init/fini support for constructors/destructors
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Mon, 26 Oct 2020 10:30:06 +0000 (11:30 +0100)]
util_net: fix a statement not reached warning
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Mon, 26 Oct 2020 11:49:05 +0000 (12:49 +0100)]
ldb_parse_test: studio compiler doesn't like empty struct definitions
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Sun, 25 Oct 2020 16:13:57 +0000 (17:13 +0100)]
ldb_key_value_test: studio compiler doesn't like empty struct definitions
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Mon, 19 Oct 2020 00:39:46 +0000 (02:39 +0200)]
ldb_kv_index: fix empty initializer compile warning
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Mon, 19 Oct 2020 00:35:02 +0000 (02:35 +0200)]
torture/sharemode: fix empty initializer compile warning
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Mon, 19 Oct 2020 00:03:02 +0000 (02:03 +0200)]
pidl: use unused attribute only if supported by feature macro
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Thu, 7 Mar 2019 11:50:29 +0000 (12:50 +0100)]
tdb: fix studio compiler build
Solaris Studio compiler 12.4 is pedantic about prototypes in headers having
the external visibility declarations too. It throws errors like:
redeclaration must have the same or more restrictive linker scoping: ...
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Sun, 18 Oct 2020 19:55:22 +0000 (21:55 +0200)]
talloc/pytalloc: fix studio compler build
Solaris Studio compiler 12.4 is pedantic about prototypes in headers having
the external visibility declarations too. It throws errors like:
redeclaration must have the same or more restrictive linker scoping: ...
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Wed, 6 Mar 2019 23:40:12 +0000 (00:40 +0100)]
talloc: fix studio compiler build
Solaris Studio compiler 12.4 is pedantic about prototypes in headers having
the external visibility declarations too. It throws errors like:
redeclaration must have the same or more restrictive linker scoping: ...
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Sun, 18 Oct 2020 19:07:14 +0000 (21:07 +0200)]
auth_generic: fix empty initializer compile warning
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Sun, 18 Oct 2020 18:43:26 +0000 (20:43 +0200)]
http_conn.c: fix "void function cannot return value" error
this made the studio compiler build break
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Sun, 18 Oct 2020 18:21:56 +0000 (20:21 +0200)]
debug: remove a cast, which makes the Solaris Studio compiler unhappy
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14526
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Sun, 18 Oct 2020 18:15:36 +0000 (20:15 +0200)]
waf: use _POSIX_PTHREAD_SEMANTIC on Solaris
Solaris uses POSIX draft function calls by default for a number of functions,
unless you set _POSIX_PTHREAD_SEMANTIC
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Sun, 18 Oct 2020 17:18:34 +0000 (19:18 +0200)]
heimdal_build: silence warning: macro redefined
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Sun, 18 Oct 2020 14:24:08 +0000 (16:24 +0200)]
replace: define BOOL_DEFINED to fix header yp_prot header check on Solaris
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Sun, 18 Oct 2020 14:22:55 +0000 (16:22 +0200)]
waf/texpect: add required nsl dependency for Solaris
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Jacke [Thu, 7 Mar 2019 12:10:11 +0000 (13:10 +0100)]
replace/waf: fix libnsl checking on Solaris
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Anoop C S [Thu, 5 Nov 2020 10:42:09 +0000 (16:12 +0530)]
manpages/vfs_glusterfs: Mention silent skipping of write-behind translator
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Nov 9 13:30:06 UTC 2020 on sn-devel-184
Andreas Schneider [Fri, 6 Nov 2020 09:13:48 +0000 (10:13 +0100)]
sefltest: Enable the dcerpc.createtrustrelax test against ad_dc_fips
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Nov 9 10:22:51 UTC 2020 on sn-devel-184
Andreas Schneider [Thu, 20 Aug 2020 11:51:39 +0000 (13:51 +0200)]
s4:rpc_server: Allow to use RC4 for creating trusts
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>