Andrew Bartlett [Tue, 19 Jul 2016 04:48:18 +0000 (16:48 +1200)]
torture: Add another sample of a PAC that broke the old PAC_UPN_DNS_INFO handling
This is included because this sample helped us addres issues in the previous attempt at
handling PAC_UPN_DNS_INFO correctly, and I have Tris's permission to include this in our
tests.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 6 Feb 2013 12:10:44 +0000 (13:10 +0100)]
s4-torture: add another krb5pac buffer to the ndr test.
This one nicely demonstrates that the strings are really non-null terminated.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 13 Dec 2012 11:28:19 +0000 (12:28 +0100)]
s4-torture: add ndr krb5pac testsuite.
Someone changed the PAC buffer union without adding proper tests, now we
sometimes fail to parse the PAC completely due to that...
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 6 Jan 2016 12:27:21 +0000 (13:27 +0100)]
krb5pac.idl: implement PAC_UPN_DNS_INFO correct
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 6 Feb 2013 15:44:12 +0000 (16:44 +0100)]
krb5pac: fix push/pull of subcontexts in PAC_BUFFER
We need to have two subcontexts to get the padding right,
the outer subcontext uses NDR_ROUND(_ndr_size, 8), while
the inner subcontext only uses _ndr_size.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Günther Deschner [Mon, 18 Mar 2013 15:25:06 +0000 (16:25 +0100)]
krb5pac: no need for a noprint PAC_BUFFER.
Guenther
@@ -1,6 +1,7 @@
_PUBLIC_ void ndr_print_PAC_BUFFER(struct ndr_print *ndr, const char *name, const struct PAC_BUFFER *r)
{
ndr_print_struct(ndr, name, "PAC_BUFFER");
+ if (r == NULL) { ndr_print_null(ndr); return; }
ndr->depth++;
ndr_print_PAC_TYPE(ndr, "type", r->type);
ndr_print_uint32(ndr, "_ndr_size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?_ndr_size_PAC_INFO(r->info,r->type,0):r->_ndr_size);
@@ -11,7 +12,7 @@
ndr_print_PAC_INFO(ndr, "info", r->info);
}
ndr->depth--;
- ndr_print_uint32(ndr, "_pad", r->_pad);
+ ndr_print_uint32(ndr, "_pad", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?0:r->_pad);
ndr->depth--;
}
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 20 Jul 2016 04:45:34 +0000 (16:45 +1200)]
s4:torture/ndr: Add supplementalCredentials blob from Win2012R2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 20 Jul 2016 02:53:42 +0000 (14:53 +1200)]
s4:torture/ndr: Add supplementalCredentials blobs from alpha13 and release_4_1_0rc3
This coveres the case without AES keys, and before the IDL was changed for SambaGPG support
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 15 Jul 2016 07:10:03 +0000 (09:10 +0200)]
s4:torture/ndr: add validation checks for strange supplementalCredentials blobs
From the mail to dochelp:
I've also got cases (where I created an account with
UF_NORMAL_ACCOUNT|UF_ACCOUNTDISABLE|UF_SMARTCARD_REQUIRED
in the LDAP add) with the following strange blobs:
One time:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00
and once:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 53
The original issue I reported was the following, a user was created
with a password and then userAccountControl was changed to
UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED. In that case I'm getting:
[0000] 00 00 00 00 62 00 00 00 00 00 00 00 20 00 20 00
[0010] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00
[0020] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00
[0030] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00
[0040] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00
[0050] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00
[0060] 20 00 20 00 20 00 20 00 20 00 20 00 50 00 30
As you see the last byte (unknown3) is always different on Windows,
but always 0x00 from Samba, so I used 0x00 in order to allow the
test to pass.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Günther Deschner [Wed, 6 Feb 2013 11:34:53 +0000 (12:34 +0100)]
s4-torture: rename torture_suite_add_ndr_pullpush_test to torture_suite_add_ndr_pull_validate_test.
Hoping the new name is not as confusing as the old name.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 6 Feb 2013 11:25:43 +0000 (12:25 +0100)]
torture: show the first differing byte and a dump in torture_assert_data_blob_equal().
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 20 May 2016 16:59:20 +0000 (18:59 +0200)]
drsblobs.idl: supplementalCredentialsSubBlob make it possible to parse strange blobs
Windows omits the uint16 num_packages field when the packages array is empty.
This happens if the UF_SMARTCARD_REQUIRED flag is set for an account.
A user was created with a password and then userAccountControl was changed to
UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED. In that case I'm getting
(as the whole supplementalCredentialsBlob):
[0000] 00 00 00 00 62 00 00 00 00 00 00 00 20 00 20 00 ....b... .... . .
[0010] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 . . . . . . . .
[0020] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 . . . . . . . .
[0030] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 . . . . . . . .
[0040] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 . . . . . . . .
[0050] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 . . . . . . . .
[0060] 20 00 20 00 20 00 20 00 20 00 20 00 50 00 30 . . . . . .P.0
I've also got cases (where I created an account with
UF_NORMAL_ACCOUNT|UF_ACCOUNTDISABLE|UF_SMARTCARD_REQUIRED
in the LDAP add) with the following strange blobs:
One time:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00
and once:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 53
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 20 May 2016 15:06:23 +0000 (17:06 +0200)]
drsblobs.idl: mark supplementalCredentialsSubBlob as nopull,nopush
This commit moves the autogenerated ndr_{pull,push}_supplementalCredentialsSubBlob()
function to the handwritten librpc/ndr/ndr_drsblobs.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 2 Jun 2016 17:57:15 +0000 (19:57 +0200)]
s4:dsdb/password_hash: explicitly set SUPPLEMENTAL_CREDENTIALS_SIGNATURE
Typically this is automatically set in ndr_push_supplementalCredentialsBlob(),
but we need to change that behavior in order to handle strange formated
values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 3 Jun 2016 14:34:08 +0000 (16:34 +0200)]
s3:libnet_dssync_keytab: ignore empty supplementalCredentialsBlob structures
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 3 Jun 2016 14:34:08 +0000 (16:34 +0200)]
s4:kdc: ignore empty supplementalCredentialsBlob structures
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Martin Schwenke [Wed, 20 Jul 2016 06:42:32 +0000 (16:42 +1000)]
ctdb-tools: Avoid uninitialised memory access
==27786== Syscall param write(buf) points to uninitialised byte(s)
==27786== at 0x62820D0: __write_nocancel (syscall-template.S:84)
==27786== by 0x428B57: ctdb_queue_send (ctdb_io.c:322)
==27786== by 0x41F3B1: ctdb_client_queue_pkt (ctdb_client.c:153)
==27786== by 0x41F3B1: ctdb_client_send_message (ctdb_client.c:603)
==27786== by 0x419FA3: srvid_broadcast.constprop.26 (ctdb.c:1965)
==27786== by 0x41B869: control_reload_nodes_file (ctdb.c:5696)
==27786== by 0x404DBA: main (ctdb.c:6008)
==27786== Address 0x7ead310 is 144 bytes inside a block of size 168 alloc'd
==27786== at 0x4C2BBCF: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27786== by 0x564DBEC: __talloc_with_prefix (talloc.c:675)
==27786== by 0x564DBEC: __talloc (talloc.c:716)
==27786== by 0x564DBEC: _talloc_named_const (talloc.c:873)
==27786== by 0x564DBEC: _talloc_zero (talloc.c:2318)
==27786== by 0x41E1E2: _ctdbd_allocate_pkt (ctdb_client.c:59)
==27786== by 0x41F37D: ctdb_client_send_message (ctdb_client.c:594)
==27786== by 0x419FA3: srvid_broadcast.constprop.26 (ctdb.c:1965)
==27786== by 0x41B869: control_reload_nodes_file (ctdb.c:5696)
==27786== by 0x404DBA: main (ctdb.c:6008)
==27786==
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Martin Schwenke [Wed, 20 Jul 2016 04:41:13 +0000 (14:41 +1000)]
ctdb-client: Fix access after free error
State is stolen onto tmp_ctx above so can't be referenced after
tmp_ctx is freed. So, state->status has to be looked at earlier.
Moving it immediately before the talloc_free(tmp_ctx) isn't sufficient
because invoking the callback appears to cause a recursive call to
ctdb_control_recv(), which also frees state.
Referencing it at the top seems safe.
==23982== Invalid read of size 4
==23982== at 0x4204AE: ctdb_control_recv (ctdb_client.c:1181)
==23982== by 0x420645: invoke_control_callback (ctdb_client.c:971)
==23982== by 0x5E675EC: tevent_common_loop_timer_delay (tevent_timed.c:341)
==23982== by 0x5E68639: epoll_event_loop_once (tevent_epoll.c:911)
==23982== by 0x5E66BD6: std_event_loop_once (tevent_standard.c:114)
==23982== by 0x5E622EC: _tevent_loop_once (tevent.c:533)
==23982== by 0x4255F7: ctdb_client_async_wait (ctdb_client.c:3385)
==23982== by 0x42578A: ctdb_client_async_control (ctdb_client.c:3442)
==23982== by 0x41B405: ctdb_get_nodes_files (ctdb.c:5488)
==23982== by 0x41B405: check_all_node_files_are_identical (ctdb.c:5530)
==23982== by 0x41B405: control_reload_nodes_file (ctdb.c:5673)
==23982== by 0x404DBA: main (ctdb.c:6008)
==23982== Address 0x7e98d9c is 108 bytes inside a block of size 168 free'd
==23982== at 0x4C2CDFB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23982== by 0x5652692: _tc_free_internal (talloc.c:1125)
==23982== by 0x5652692: _tc_free_children_internal (talloc.c:1570)
==23982== by 0x564B952: _tc_free_internal (talloc.c:1081)
==23982== by 0x564B952: _talloc_free_internal (talloc.c:1151)
==23982== by 0x564B952: _talloc_free (talloc.c:1693)
==23982== by 0x4204C9: ctdb_control_recv (ctdb_client.c:1182)
==23982== by 0x4207AA: async_callback (ctdb_client.c:3350)
==23982== by 0x4204AD: ctdb_control_recv (ctdb_client.c:1179)
==23982== by 0x420645: invoke_control_callback (ctdb_client.c:971)
==23982== by 0x5E675EC: tevent_common_loop_timer_delay (tevent_timed.c:341)
==23982== by 0x5E68639: epoll_event_loop_once (tevent_epoll.c:911)
==23982== by 0x5E66BD6: std_event_loop_once (tevent_standard.c:114)
==23982== by 0x5E622EC: _tevent_loop_once (tevent.c:533)
==23982== by 0x4255F7: ctdb_client_async_wait (ctdb_client.c:3385)
==23982== Block was alloc'd at
==23982== at 0x4C2BBCF: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23982== by 0x564DBEC: __talloc_with_prefix (talloc.c:675)
==23982== by 0x564DBEC: __talloc (talloc.c:716)
==23982== by 0x564DBEC: _talloc_named_const (talloc.c:873)
==23982== by 0x564DBEC: _talloc_zero (talloc.c:2318)
==23982== by 0x42017F: ctdb_control_send (ctdb_client.c:1086)
==23982== by 0x425746: ctdb_client_async_control (ctdb_client.c:3431)
==23982== by 0x41B405: ctdb_get_nodes_files (ctdb.c:5488)
==23982== by 0x41B405: check_all_node_files_are_identical (ctdb.c:5530)
==23982== by 0x41B405: control_reload_nodes_file (ctdb.c:5673)
==23982== by 0x404DBA: main (ctdb.c:6008)
==23982==
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Martin Schwenke [Wed, 20 Jul 2016 04:46:58 +0000 (14:46 +1000)]
ctdb-client: Fix incorrect variable reference
The point of this code is almost certainly to return non-zero when
state->errormsg is set. So, return state->status if non-zero, -1
otherwise.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 19 Jul 2016 03:48:28 +0000 (15:48 +1200)]
WHATSNEW: Add features added for Samba 4.5
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Garming Sam [Fri, 15 Jul 2016 02:29:02 +0000 (14:29 +1200)]
samba-tool: Speed up all samba-tool commands
This in particular helps the docs.py test halve in time (at least on my machine)
NOTE: The removal of enable_null_tracking is required because we are no
longer importing join.py in every single samba-tool invocation. Without
removing this line, memory would be hanging from both the actual NULL
context and the talloc_null_context (causing a segfault at system_exit).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Jul 20 12:47:24 CEST 2016 on sn-devel-144
Volker Lendecke [Tue, 19 Jul 2016 12:36:07 +0000 (14:36 +0200)]
notifyd: Move BlockSignals calls to server.c
notifyd_send() is called as part of smbd initialization both in normal daemon
mode after a fork, but also in interactive mode. In interactive mode, notifyd
should not modify the global signal state with BlockSignals(). This patch moves
the signal blocking to the place where we know that notifyd is a child daemon.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 20 09:04:00 CEST 2016 on sn-devel-144
Volker Lendecke [Tue, 21 Jun 2016 14:23:19 +0000 (16:23 +0200)]
smbd: Re-register notify requests
When notifyd is restarted, the parent will broadcast that fact to all workers.
They will then re-register their notify requests.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 24 Jun 2016 14:29:28 +0000 (16:29 +0200)]
smbd: Restart notifyd
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 24 Jun 2016 14:27:34 +0000 (16:27 +0200)]
smbd: Store notify filters in fsp->notify
When notifyd crashes, it will be restarted. We need to restore the filters with
notifyd
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 23 Jun 2016 12:24:32 +0000 (14:24 +0200)]
smbd: Log which notifyd was found
Just a debugging aid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 21 Jun 2016 12:13:06 +0000 (14:13 +0200)]
smbd: Remember notifyd's serverid
Similarly to cleanupd, this is necessary to restart notifyd
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 21 Jun 2016 11:04:25 +0000 (13:04 +0200)]
notify_msg: Deregister handler upon talloc_free
So far, we haven't TALLOC_FREE'ed the notify context. This will change.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 14 Jun 2016 13:03:35 +0000 (15:03 +0200)]
smbd: Remove "listel" from notify_msg
We have all information that was kept in "notify_list" in other parts of smbd
as well. The only possible downside of this patch is that we possibly have a
lot more fsp's than fsp's with notifies, so notify_callback() might be a bit
slower in this situation. If this turns out to be a problem, I'd rather put
some more smarts into the notifyd protocol to enable a better indexed
notify_callback(). For now, this avoids data to be kept in two places.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 14 Jun 2016 13:00:29 +0000 (15:00 +0200)]
smbd: Protect notify_callback from stray pointers
This protection right now lives in notify_msg.c with the notify_list, but that
will go.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 14 Jun 2016 12:54:32 +0000 (14:54 +0200)]
smbd: Pass "sconn" via notify to notify_callback()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 14 Jun 2016 09:55:13 +0000 (11:55 +0200)]
smbd: There's only one notify_callback
We do not have different callbacks per notify, put the callback function into
the notify context
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 14 Jun 2016 04:54:11 +0000 (06:54 +0200)]
smbd: Make notify_callback() public
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 Jun 2016 16:08:58 +0000 (18:08 +0200)]
smbd: "path" is no longer needed in notify_list
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 Jun 2016 16:06:08 +0000 (18:06 +0200)]
smbd: Add "path" to notify_remove
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 Jun 2016 14:22:31 +0000 (16:22 +0200)]
smbd: Avoid a talloc_asprintf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 13 Jun 2016 14:12:54 +0000 (16:12 +0200)]
smbd: Add fsp_fullbasepath
Okay, this is similar to full_path_tos, but with variable arrays now and much
simpler :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 23 Jun 2016 10:53:47 +0000 (12:53 +0200)]
smbd: Factor out notify_init
Before this patch, failure of notify_init was ignored. Also, no proper error
handling of a messaging_register failure was done. Fix those, also adding some
debug messages.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 15 Jun 2016 08:21:48 +0000 (10:21 +0200)]
smbd: sconn->sys_notify_ctx is not used
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 21 Jun 2016 14:10:14 +0000 (16:10 +0200)]
smbd: Don't stop sending to children when one send fails
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 19 Jul 2016 16:24:38 +0000 (09:24 -0700)]
s3: torture: Regression test case to specify exactly how UNIX extensions should act on files with streams.
If a stream is open, refuse the unlink. Ensure UNIX unlink
request can remove a file containing streams.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12021
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jul 20 05:20:29 CEST 2016 on sn-devel-144
Jeremy Allison [Tue, 19 Jul 2016 16:21:08 +0000 (09:21 -0700)]
s3: smbd: Fix delete operations enumerating streams inside a file. This must always be done as a Windows operation.
When using UNIX extensions to delete a file containing streams,
the open for delete and close operations need to enumerate the
contained streams and do CREATE and UNLINK operations on the
stream names. These must always be done as Windows operations
(remove the SMB_FILENAME_POSIX_PATH flag) as the stream names
are Windows paths.
Without this the create operation under the unlink will
recurse and cause the client to time out (or a server crash).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12021
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Tue, 19 Jul 2016 02:03:57 +0000 (14:03 +1200)]
VLV tests: remove vestigial pdb stub
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 19 17:22:51 CEST 2016 on sn-devel-144
Douglas Bagnall [Tue, 19 Jul 2016 01:39:45 +0000 (13:39 +1200)]
VLV tests: add tests with show_deleted control
These tests add a few deleted users and ensure they are VLV-able.
In a `make test` context there will be other deleted users lying
around, so we can't assert the expected results of the search without
looking first.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 8 Jul 2016 02:20:15 +0000 (14:20 +1200)]
VLV: fix handling with show_deleted and similar controls
The first search in each round of VLV performs the search then saves
the results in the form of an array of GUIDs, which subsequent calls
refer to to get different ranges from the same search. These
subsequent calls make an individual search for each GUID. If the
original search had the show_deleted control, the array may contain
GUIDs for deleted items, which would not be seen on the later
searches without the same control.
So we save all controls except the VLV itself and the sort control
(which won't affect the search for a single GUID) and reuse them on
the subsequent VLV searches.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 19 Jul 2016 01:16:25 +0000 (13:16 +1200)]
VLV tests: comment typo
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 12 Jul 2016 02:07:13 +0000 (14:07 +1200)]
VLV tests: reduce test duplication hence elapsed time
This makes before/after lattice sparser for the slower tests. While
we're doing that, some of the tests are changed to traverse the
lattice in a different order just in case that matters.
There is very little chance that any particular combination of before
and after parameters will behave uniquely wrongly.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 18 Jul 2016 04:58:04 +0000 (16:58 +1200)]
join.py: Remove talloc enable_null_tracking
The removal of enable_null_tracking is required because we will no
longer importing join.py in every single samba-tool invocation. Without
removing this line, memory would be hanging from both the actual NULL
context and the talloc_null_context (causing a segfault at system_exit).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Sun, 17 Jul 2016 21:54:16 +0000 (09:54 +1200)]
pytalloc: Add a warning about enable_null_tracking
If it is called in the middle of a script such as samba-tool, memory
would be hanging from both the actual NULL context and the
talloc_null_context (causing a segfault at system_exit).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Jul 2016 04:55:50 +0000 (16:55 +1200)]
selftest: Disable all replication during most replication tests
Rather than just disabling inbound replication, consider that there may be another server
in the test network, and ensure we do not replicate to or from it either.
replica_sync.py is omitted, as it tests some more subtle variations
of the DISABLE_INBOUND_REPL flag.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Jul 2016 01:04:02 +0000 (13:04 +1200)]
selftest: Ensure we can call DRSUAPI_EXOP_REPL_OBJ with replication disabled
We add the forced flag, so that we can leave replication otherwise disabled
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Jul 2016 05:05:40 +0000 (17:05 +1200)]
drs: pass the forced-replication flag from DsReplicaSync to GetNCChanges
This ensures we and sync from a server with DISABLE_OUTBOUND_REPL set
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Jul 2016 04:53:27 +0000 (16:53 +1200)]
selftest: Disable replication before doing forced pre-test replicate
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Jul 2016 04:35:28 +0000 (16:35 +1200)]
selftest: Make repl_move more robust by disabling replication before the test
We do this before we ensure the two DCs are in sync, and then force the sync
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Jul 2016 03:53:20 +0000 (15:53 +1200)]
selftest: Make repl_schema more robust by disabling replication before the test
We also ensure the two DCs are in sync before the test starts
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Jul 2016 03:47:03 +0000 (15:47 +1200)]
samba-tool: Put full command and subcommand in informative name when testing samba-tool
These are not used for anything other than to print in the usage, but
it seems nicer to match normal invocation of these commands
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 7 Jul 2016 22:03:38 +0000 (10:03 +1200)]
ldb: Add better debugging to ldb_wait()
To keep line lengths short, the code is re-factored to the
early return pattern.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Sat, 9 Jul 2016 04:51:56 +0000 (16:51 +1200)]
repl: Remove check for parentGUID being NULL in dsdb_convert_object_ex()
We find that Windows 2012R2 sends a NULL parent_guid here, probably when no change to name is replicated.
That is, if there has not been a rename, this is not required information, as we
can just merge with the existing object, not matter where it is
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Sun, 10 Jul 2016 09:53:04 +0000 (21:53 +1200)]
Remove unused and untested source4 ntptr and spoolss systems
These were never finished, were not tested and clearly will not be revived
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Sat, 9 Jul 2016 05:36:18 +0000 (17:36 +1200)]
param: Correct the defaults for "dcerpc endpoint services"
We must not list any services that we skip building, as otherwise all RPC services fail to start.
We now build without the source4 spoolss server in non-developer builds
This fixes commit
0b4c741b9c03d147ee5f56d027bacda75c1b5282
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12025
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Sat, 9 Jul 2016 05:34:39 +0000 (17:34 +1200)]
build: Always build eventlog6. This is not a duplicate of eventlog
The eventlog6 pipe is not a duplicate with the source3 code, so should be built even
for the default build with smbd for file serving
This fixes commit
0b4c741b9c03d147ee5f56d027bacda75c1b5282
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12026
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Ralph Boehme [Fri, 15 Jul 2016 15:48:19 +0000 (17:48 +0200)]
vfs_acl_xattr: objects without NT ACL xattr
Even with "ignore system acls" set to "yes", for objects without NT ACL
xattr we use the underlying filesystem permissions to construct an NT
ACL. This can result in *very* unexpected permissions, eg:
- a directory with the following ACL:
$ ./bin/smbcacls -Uslow%pass //localhost/normal ""
REVISION:1
CONTROL:SR|DP
OWNER:SLOW\slow
GROUP:Unix Group\root
ACL:SLOW\slow:ALLOWED/0x0/FULL
So only one non-inheritable(!) ACE.
- creating a subdirectory:
$ ./bin/smbclient -Uslow%pass //localhost/normal -c "mkdir dir1"
- checking whether there's an ACL xattr:
$ getfattr -m "" /Volumes/normal/dir1
getfattr: Removing leading '/' from absolute path names
system.posix_acl_access
system.posix_acl_default
user.DOSATTRIB
So there isn't an ACL xattr, because there where no inheritable ACEs on
the parent folder.
- reading the new subdirectories ACL:
$ ./bin/smbcacls -Uslow%pass //localhost/normal "dir1"
REVISION:1
CONTROL:SR|DP
OWNER:SLOW\slow
GROUP:Unix Group\slow
ACL:SLOW\slow:ALLOWED/0x0/FULL
ACL:Unix Group\slow:ALLOWED/0x0/READ
ACL:Everyone:ALLOWED/0x0/READ
ACL:NT Authority\SYSTEM:ALLOWED/0x0/FULL
The ACES for "SLOW\slow", "Unix Group\slow" and "Everyone" are coming
from the underlying filesystem. This is the problem.
- Windows assigns the following ACL in this situation:
$ ./bin/smbcacls -UAdministrator%Passw0rd //10.10.10.14/data "dir"
REVISION:1
CONTROL:SR|PD|DI|DP
OWNER:VORDEFINIERT\Administratoren
GROUP:WIN2008R2\Domänen-Benutzer
ACL:WIN2008R2\Administrator:ALLOWED/0x0/FULL
$ ./bin/smbclient -UAdministrator%Passw0rd //10.10.10.14/data -c "mkdir dir\dir1"
$ ./bin/smbcacls -UAdministrator%Passw0rd //10.10.10.14/data "dir\dir1"
REVISION:1
CONTROL:SR|DI|DP
OWNER:VORDEFINIERT\Administratoren
GROUP:WIN2008R2\Domänen-Benutzer
ACL:VORDEFINIERT\Administratoren:ALLOWED/0x0/FULL
ACL:NT-AUTORITÄT\SYSTEM:ALLOWED/0x0/FULL
By changing make_default_filesystem_acl() to only adds user and system
ACE to the ACL of objects that lack an ACL xattr, we match Windows
behaviour:
$ ./bin/smbclient -Uslow%pass //localhost/normal -c "mkdir dir2"
$ ./bin/smbcacls -Uslow%pass //localhost/normal "dir2"
REVISION:1
CONTROL:SR|DP
OWNER:SLOW\slow
GROUP:Unix Group\slow
ACL:SLOW\slow:ALLOWED/0x0/FULL
ACL:NT Authority\SYSTEM:ALLOWED/0x0/FULL
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12028
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jul 19 10:22:05 CEST 2016 on sn-devel-144
Ralph Boehme [Fri, 15 Jul 2016 15:56:02 +0000 (17:56 +0200)]
s3/smbd: move make_default_filesystem_acl() to vfs_acl_common.c
This function is only used in vfs_acl_common.c and will be modified in
the next commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12028
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Fri, 15 Jul 2016 19:16:18 +0000 (12:16 -0700)]
notify_inotify: Map inotify mask back to filter
Instead of reporting that an inotify event triggered all possible filter
masks, map the inotify event back to the filter mask. This is slightly
more accurate, although there can still be mismatches due to the
mapping.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jul 18 18:50:55 CEST 2016 on sn-devel-144
Christof Schmitt [Fri, 15 Jul 2016 19:15:15 +0000 (12:15 -0700)]
notify_inotify: Move mapping table to top of file
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Thu, 14 Jul 2016 22:44:46 +0000 (15:44 -0700)]
smbd: Allow passing notify filter from inotify and fam
This only adds a parameter to the callback without any functional
change.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Thu, 14 Jul 2016 20:35:15 +0000 (13:35 -0700)]
smbtorture: Correctly initialize notify request in smb2.notify.tree
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Fri, 15 Jul 2016 08:55:54 +0000 (10:55 +0200)]
lib: Fix a signed/unsigned mixup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul 16 00:17:03 CEST 2016 on sn-devel-144
Volker Lendecke [Fri, 15 Jul 2016 09:00:36 +0000 (11:00 +0200)]
dbwrap: Remove dbwrap_watchers.tdb based code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 14 Jul 2016 05:43:20 +0000 (07:43 +0200)]
smbd: Remove a reference to dbwrap_watch_db()
This has never been watched, so it's an unnecessary overhead on
dbwrap_record_store().
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jul 15 20:32:19 CEST 2016 on sn-devel-144
Volker Lendecke [Wed, 13 Jul 2016 05:41:02 +0000 (07:41 +0200)]
smbd: Convert smbXsrv_open_global.tdb to new dbwrap_watch
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 13 Jul 2016 05:27:30 +0000 (07:27 +0200)]
smbd: Convert locking.tdb to new dbwrap_watch
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 13 Jul 2016 05:26:52 +0000 (07:26 +0200)]
lib: Convert g_lock to new dbwrap_watch
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 12 Jul 2016 13:59:56 +0000 (15:59 +0200)]
dbwrap: Add an alternative implementation of dbwrap_watch_record_send
The existing one with a separate dbwrap_watchers.tdb turns out to
create a performance penalty in a clustered environment. Non-clustered,
dbwrap_parse_record on non-existent records is very cheap, but in a
cluster environment this is very noticable.
This implementation puts the watcher information into the records itself. For
large records, this might be another performance penalty, because we have to
assemble the final record together with talloc and memcpy, but this might be
fixed later with a tdb_storev call.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 12 Jul 2016 13:57:29 +0000 (15:57 +0200)]
dbwrap: Add overflow protection to dbwrap_record_watchers_key()
It's highly unlinkely that this will ever kick in, because our current tdb keys
are rather small, but offset calculations without overflow checks are bad.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 12 Jul 2016 14:07:51 +0000 (16:07 +0200)]
g_lock: Use "blocker" argument to dbwrap_record_watch_send
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 10 Mar 2016 13:37:12 +0000 (14:37 +0100)]
dbwrap: Add "blocker" to record_watch_send
Typicall, when we watch a record, we wait for a process to give up some
resource. Be it an oplock, a share mode or the g_lock. If everything goes well,
the blocker sends us a message. If the blocker dies hard, we want to also be
informed immediately.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 12 Jul 2016 13:33:59 +0000 (15:33 +0200)]
lib: Add server_id_watch_send
This is a brute force variant, trying twice a second. We'll have better
variants with tmsgd in the future.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Garming Sam [Tue, 12 Jul 2016 00:44:10 +0000 (12:44 +1200)]
renamedc: Make a more targeted dbcheck
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Fri Jul 15 13:40:40 CEST 2016 on sn-devel-144
Garming Sam [Thu, 14 Jul 2016 11:54:59 +0000 (13:54 +0200)]
flapping: Remove dbcheck from flapping
This reverts commit
019bdcd0bbac1e10be75ba37a22d4255bb31ebd6.
The dbcheck should no longer be flapping now that the stale links are
cleaned up by an earlier check.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Jul 2016 22:36:38 +0000 (10:36 +1200)]
dbcheck.sh: Remove all the plausible stale links
This ensures the subsequent dbcheck doesn't fail. The reason these stale
links occur is because they are effectively one-way links at this point
we have no efficient method of checking the opposite end of a one-way
link (without doing a full traversal).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Jul 2016 22:31:50 +0000 (10:31 +1200)]
dbcheck: Split out valid stale DN links and invalid ones
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Jul 2016 01:30:35 +0000 (13:30 +1200)]
dbcheck.sh: Fix the arguments supplied as $@
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 11 Jul 2016 21:54:14 +0000 (09:54 +1200)]
tests/dbcheck: One way links are expected to be stale
Run a targeted dbcheck to fix only the one way links.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 11 Jul 2016 03:14:47 +0000 (15:14 +1200)]
dbcheck: change argument to specify a partial --yes
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 23:19:54 +0000 (11:19 +1200)]
dbcheck linked attribute tests: save environment with bad links
We save a database snapshot that contains linked attributes that
should have been deleted, and make sure dbcheck fixes those links
without ruining anything else.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 23:22:11 +0000 (11:22 +1200)]
blackbox/dbcheck-oldrelease: more accurate temp filename
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 28 Jun 2016 01:58:41 +0000 (13:58 +1200)]
s4/selftest/provisions/dump.sh: dump to target dir if supplied
This is clearly what was meant to happen.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 04:17:37 +0000 (16:17 +1200)]
dbcheck: check for linked atributes that should not exist
In order to do this we need to use the reveal internals control, which
breaks the comparison against extended DNs. So we compare the
components instead.
Because this patch makes our code notice and fix stale one-way-links
(eg, after a rename) now, the renamedc test needs to be adjusted to
match.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Garming Sam [Thu, 14 Jul 2016 11:53:23 +0000 (13:53 +0200)]
flapping: Add dbcheck to flapping
This is required as the tests will pass or not depending on if it is run
solely or not. This will be removed in the later patches.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 04:15:35 +0000 (16:15 +1200)]
dbcheck: cache linkIDs and reverse attribute names
This avoids fetching the same same schema things again and again.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Jul 2016 01:29:19 +0000 (13:29 +1200)]
extended_dn_out: Force showing of one-way links if they exist
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 14 Jul 2016 04:56:50 +0000 (16:56 +1200)]
link_attrs: Add tests for one way links (and pseudo one-way)
Tested against Win2012R2. The deactivated link control has no effect on either
one way links or pseudo ones (only two-way ones presumably).
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Jul 2016 06:03:33 +0000 (18:03 +1200)]
drs tests: querying linked attribute over DRS
Without the deactivated links control, we assert certain conditions over DRS
instead.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 04:35:08 +0000 (16:35 +1200)]
dsdb tests: add linked attribute tests
Note that this test will not work properly across ldap as the
marked-deleted linked attributes will not appear.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 5 Jul 2016 23:54:25 +0000 (11:54 +1200)]
dsdb: add vanish links control
Normally linked attributes are deleted by marking them as with RMD flags,
but sometimes we want them to vanish without trace. At those times we
set the DSDB_CONTROL_REPLMD_VANISH_LINKS control.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 5 Jul 2016 23:53:19 +0000 (11:53 +1200)]
repl_meta_data: free context on error in replmd_modify_la_delete()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 03:43:33 +0000 (15:43 +1200)]
replmd_modify_delete: check talloc_new()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 1 Jun 2016 21:25:00 +0000 (09:25 +1200)]
s4/dsdb/repl_meta_data: use local bool version of flag
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 14 Jul 2016 00:27:32 +0000 (12:27 +1200)]
match_rules: Make cleanup faster and more efficient
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>