Stefan Metzmacher [Tue, 3 Feb 2015 17:30:36 +0000 (18:30 +0100)]
s4:rpc_server/lsa: implement dcesrv_lsa_lsaRQueryForestTrustInformation()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 30 Jun 2015 13:13:03 +0000 (15:13 +0200)]
s4:rpc_server/lsa: improve dcesrv_lsa_CreateTrustedDomain_base()
We need to make sure a trusted domain has 'flatName', 'trustPartner'
and 'securityIdentifier' values, which are unique.
Otherwise other code will get INTERNAL_DB_CORRUPTION errors.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 30 Jun 2015 13:10:47 +0000 (15:10 +0200)]
s4:rpc_server/lsa: fix dcesrv_lsa_CreateTrustedDomain()
It needs to pass 'name' as 'netbios_name' and also 'dns_name'.
flatName and trustPartner have the same value for downlevel trusts.
And both are required.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 9 Mar 2015 12:19:06 +0000 (13:19 +0100)]
s4:rpc_server/netlogon: implement dcesrv_netr_ServerTrustPasswordsGet()
We just need to call dcesrv_netr_ServerGetTrustInfo() and ignore trust_info.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 22 Dec 2014 21:02:25 +0000 (22:02 +0100)]
s4:rpc_server/netlogon: implement dcesrv_netr_ServerGetTrustInfo()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 5 Feb 2015 15:53:37 +0000 (15:53 +0000)]
s4:rpc_server/netlogon: let dcesrv_netr_ServerAuthenticate3() fallback to the previous hash for trusts
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 2 Feb 2015 12:12:36 +0000 (13:12 +0100)]
s4:dsdb/common: add dsdb_trust_get_incoming_passwords() helper function
This extracts the current and previous nt hashes from trustAuthIncoming
as the passed TDO ldb_message.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 30 Jan 2015 09:42:15 +0000 (09:42 +0000)]
s4:rpc_server/netlogon: extract and pass down the password version in dcesrv_netr_ServerPasswordSet2()
For domain trusts we need to extract NL_PASSWORD_VERSION from the password
buffer.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 30 Mar 2015 10:31:01 +0000 (12:31 +0200)]
s4:dsdb/password_hash: reject interdomain trust password changes via LDAP
Only the LSA and NETLOGON server should be able to change this, otherwise
the incoming passwords in the trust account and trusted domain object
get out of sync.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 5 Feb 2015 10:42:08 +0000 (10:42 +0000)]
s4:dsdb/common: supported trusted domains in samdb_set_password_sid()
We also need to update trustAuthIncoming of the trustedDomain object.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 5 Feb 2015 10:42:08 +0000 (10:42 +0000)]
s4:dsdb/common: make use of dsdb_search_one() in samdb_set_password_sid()
This will simplify the following commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 5 Feb 2015 11:09:34 +0000 (12:09 +0100)]
s4:dsdb/common: pass optional new_version to samdb_set_password_sid()
For trust account we need to store version number provided by the client.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 25 Mar 2015 15:14:44 +0000 (15:14 +0000)]
s4:dsdb/netlogon: add support for CLDAP requests with AAC=0x00000400(ACB_AUTOLOCK) and user="example.com."
Windows reuses the ACB_AUTOLOCK flag to handle SEC_CHAN_DNS_DOMAIN domains,
but this not documented yet...
This is triggered by the NETLOGON_CONTROL_REDISCOVER with a domain string
of "example.com\somedc.example.com".
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 30 Mar 2015 08:22:46 +0000 (10:22 +0200)]
s4:auth/sam: remove unused sam_get_results_trust()
This is replaced by dsdb_trust_search_tdo() now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 30 Mar 2015 08:17:51 +0000 (10:17 +0200)]
s3:pdb_samba_dsdb: make use of dsdb_trust_search_tdo()
dsdb_trust_search_tdo() is almost the same as sam_get_results_trust(),
so we can remove sam_get_results_trust() later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 30 Mar 2015 08:17:51 +0000 (10:17 +0200)]
s4:kdc/db-glue: make use of dsdb_trust_search_tdo()
dsdb_trust_search_tdo() is almost the same as sam_get_results_trust(),
so we can remove sam_get_results_trust() later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 2 Feb 2015 12:12:36 +0000 (13:12 +0100)]
s4:dsdb/common: add dsdb_trust_search_tdo*() helper functions
These are more generic and will replace the existing sam_get_results_trust().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 10 Feb 2015 13:43:01 +0000 (14:43 +0100)]
s4:kdc/db-glue: implement cross forest routing by return HDB_ERR_WRONG_REALM
We lookup the principal against our trust routing table
and return HDB_ERR_WRONG_REALM and the realm of the next trust hoop.
Routing within our own forest is not supported yet.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 2 Feb 2015 12:12:36 +0000 (13:12 +0100)]
s4:dsdb/common: add helper functions for trusted domain objects (tdo)
The most important things is the dsdb_trust_routing_table with the
dsdb_trust_routing_table_load() and dsdb_trust_routing_by_name() functions.
The routing table has knowledge about trusted domains/forests and
enables the dsdb_trust_routing_by_name() function to find the direct trust
that is responsable for the given name.
This will be used in the kdc and later winbindd to handle cross-trust/forest
routing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 10 Feb 2015 13:37:29 +0000 (14:37 +0100)]
heimdal:kdc: add support for HDB_ERR_WRONG_REALM
A backend can return this if asked with HDB_F_GET_CLIENT|HDB_F_FOR_AS_REQ
for a KRB5_NT_ENTERPRISE_PRINCIPAL record or for HDB_F_GET_SERVER | HDB_F_FOR_TGS_REQ.
entry_ex->entry.principal->realm needs to return the real realm of the principal
(or at least a the realm of the next cross-realm trust hop).
This is needed to route enterprise principals between AD domain trusts.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 11 Feb 2015 23:07:14 +0000 (00:07 +0100)]
heimdal:kdc: generic support for 3part servicePrincipalNames
This is not DRSUAPI specific, it works for all 3 part principals.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 13 Feb 2015 07:55:11 +0000 (08:55 +0100)]
heimdal:lib/krb5: add krb5_mk_error_ext() helper function
This gives the caller the ability to skip the client_name
and only provide client_realm. This is required for
KDC_ERR_WRONG_REALM messages.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 10 Feb 2015 12:27:57 +0000 (13:27 +0100)]
heimdal:lib/krb5: correctly follow KRB5_KDC_ERR_WRONG_REALM client referrals
An AS-REQ with an enterprise principal will always directed to a kdc of the local
(default) realm. The KDC directs the client into the direction of the
final realm. See rfc6806.txt.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 10 Jun 2015 08:25:20 +0000 (10:25 +0200)]
s4:kdc/db-glue: let samba_kdc_trust_message2entry always generate the principal
We should always return the principal from the values stored in the database.
This also means we need to ignore a missing HDB_F_CANON.
This was demonstrated by running some new tests against windows.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 1 Jul 2015 03:33:10 +0000 (05:33 +0200)]
s4:kdc/db-glue: preferr the previous password for trust accounts
If no kvno is specified we should return the keys with the lowest value.
For the initial value this means we return the current key with kvno 0 (NULL on
the wire). Later we return the previous key with kvno current - 1.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 10 Apr 2015 20:31:20 +0000 (20:31 +0000)]
s4:kdc/db-glue: allow invalid kvno numbers in samba_kdc_trust_message2entry()
We should fallback to the current password if the trusted KDC used a wrong kvno.
After commit
6f8b868a29fe47a3b589616fde97099829933ce0, we always have the
previous password filled. With the trust creation we typically don't
have a TRUST_AUTH_TYPE_VERSION in the current nor in the previous array.
This means current_kvno is 0. And now previous_kvno is 255.
A FreeIPA/MIT KDC uses kvno=1 in the referral ticket, which triggered
the 'Request for unknown kvno 1 - current kvno is 0' case.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Paul Wayper [Wed, 8 Jul 2015 02:37:31 +0000 (12:37 +1000)]
Spelling correction: exlusive -> exclusive and semantincs -> semantics
Signed-off-by: Paul Wayper <paulway@redhat.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jul 8 15:54:15 CEST 2015 on sn-devel-104
Paul Wayper [Wed, 8 Jul 2015 02:34:25 +0000 (12:34 +1000)]
Spelling correction: exlusive -> exclusive
Signed-off-by: Paul Wayper <paulway@redhat.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Wed, 8 Jul 2015 05:43:20 +0000 (07:43 +0200)]
s3:wscript_build: fix the build using dmapi and fam together
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Jul 8 11:54:24 CEST 2015 on sn-devel-104
Christof Schmitt [Thu, 2 Jul 2015 22:31:29 +0000 (15:31 -0700)]
gpfswrap: Use gpfs.h instead of gpfs_fcntl.h
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Wed Jul 8 05:55:13 CEST 2015 on sn-devel-104
Christof Schmitt [Thu, 2 Jul 2015 22:20:01 +0000 (15:20 -0700)]
gpfswrap: Remove unused wrapper for gpfs_fnctl
With the removal of the fileset quota check this wrapper function is
longer used.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Mon, 23 Mar 2015 19:57:39 +0000 (12:57 -0700)]
vfs_gpfs: Use C99 initializers instead of ZERO_STRUCT
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Mon, 23 Mar 2015 19:54:34 +0000 (12:54 -0700)]
vfs_gpfs: Use ACL defines from GPFS 3.5 header files
GPFS 3.5 is now the oldest support version. Cleanup the ACL code by
using the defines and structs from the 3.5 header file.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Mon, 6 Jul 2015 21:32:15 +0000 (14:32 -0700)]
ctdb: Accept hex format for pdelete and ptrans commands
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 6 Jul 2015 20:07:33 +0000 (13:07 -0700)]
ctdb: Create helper function for optional hex input
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 3 May 2015 16:30:45 +0000 (16:30 +0000)]
Remove ctdb_conn.[ch]
This was only used in notify_internal.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 8 02:53:33 CEST 2015 on sn-devel-104
Volker Lendecke [Tue, 16 Jun 2015 14:57:14 +0000 (14:57 +0000)]
notifyd: Add notifydd
A little standalone notify daemon to play around with.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 15 Jun 2015 12:14:03 +0000 (12:14 +0000)]
utils: add net notify
A little tool to play with the notify daemon
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 9 Jan 2015 12:59:46 +0000 (12:59 +0000)]
notify: Remove two now unused stubs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 12 Dec 2014 14:37:30 +0000 (15:37 +0100)]
smbd: Remove SMB_VFS_NOTIFY_WATCH
No longer needed
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 9 Jan 2015 12:48:56 +0000 (12:48 +0000)]
notify: Re-add notify_walk()
This used to be a tdb traverse wrapper. Now we get the notify db from
notifyd via messages.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 9 Jan 2015 12:24:58 +0000 (12:24 +0000)]
notifyd: Add notifyd_parse_db()
The database format notifyd is "private" to it. This makes it
possible for smbcontrol and others to query notifyd's database with
MSG_SMB_NOTIFY_GET_DB and inspect it without having to know exactly what
format it uses.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 21 Nov 2014 16:28:02 +0000 (17:28 +0100)]
smbd: Remove the notify_fam module
This has been moved to main smbd
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 21 Nov 2014 16:23:18 +0000 (17:23 +0100)]
smbd: Kernel change notify is done by notifyd
smbd itself does not need to call VFS_NOTIFY_WATCH anymore
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 21 Nov 2014 16:05:16 +0000 (17:05 +0100)]
smbd: Replace the tdb-based notify_internal with notify_msg
For the moment, this removes smbstatus -N output. It will come back with
the next commits.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 21 Nov 2014 15:58:47 +0000 (16:58 +0100)]
smbd: Don't start the notify cleanup anymore
We don't have a database to clean up anymore
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 21 Nov 2014 15:55:25 +0000 (16:55 +0100)]
smbd: Start the notify daemon
For this we need the kernel change notify stuff to be global: There's only one
notifyd and we have to pass over the kernel change notify watch function
Signed-off-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Fri, 21 Nov 2014 15:52:47 +0000 (16:52 +0100)]
smbd: Add the notify daemon
This adds the notify daemon listening on MSG_SMB_NOTIFY_REC_CHANGE
and MSG_SMB_NOTIFY_TRIGGER messages. It relies on ctdbd to distribute
the notify database and events in a cluster.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 20 Nov 2014 15:30:51 +0000 (15:30 +0000)]
smbd: Add direct notify_fam support
notifyd won't have the VFS around, it is a systemwide daemon without
a connection to specific shares. To continue FAM support, notifyd
needs to be able to link it directly. This adds code to make fam
equivalent to inotify.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 21 Nov 2014 15:02:27 +0000 (16:02 +0100)]
param: Make "kernel change notify" global
With a central notifyd, we can't do this per share anymore. Notifyd will
only look at absolute paths, not shares.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 21 Nov 2014 14:53:53 +0000 (15:53 +0100)]
param: Make "change notify" global
With a central notifyd, we can't do this per share anymore. Notifyd will
only look at absolute paths, not shares.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 9 Jun 2015 05:03:25 +0000 (05:03 +0000)]
lib: Add server_id_db_set_exclusive
This is used for server names where only one instance can exist.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 8 Jun 2015 20:46:54 +0000 (20:46 +0000)]
lib: Add server_id_db_pid()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 26 Apr 2015 09:02:27 +0000 (11:02 +0200)]
lib: Add server_id_db_prune_name
With this you can remove a foreign mapping. Required to clean up dead
processes.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 9 Jul 2014 12:50:24 +0000 (12:50 +0000)]
lib: Add tevent_req_poll_unix
This makes sync wrappers a bit shorter
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Michael Adam [Tue, 7 Jul 2015 07:50:21 +0000 (09:50 +0200)]
librpc:ndr:witness: remove an unneeded block, reducing indentation.
Check with "git diff -w".
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Jul 7 23:37:05 CEST 2015 on sn-devel-104
Michael Adam [Tue, 7 Jul 2015 07:47:51 +0000 (09:47 +0200)]
librpc:ndr:witness: move variables into scope
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Tue, 7 Jul 2015 15:15:00 +0000 (17:15 +0200)]
smbd:trans2: treat new SMB_SIGNING_DESIRED in case
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Tue, 7 Jul 2015 06:52:20 +0000 (08:52 +0200)]
librpc:ndr:witness: fix CID
1311245: Memory - illegal accesses (UNINIT)
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Ralph Boehme [Fri, 27 Mar 2015 16:39:43 +0000 (17:39 +0100)]
WHATSNEW: Spotlight
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jul 7 20:35:07 CEST 2015 on sn-devel-104
Ralph Boehme [Mon, 11 Aug 2014 20:30:53 +0000 (22:30 +0200)]
s3-mdssvc: add documentation for mdssvc and mdssd
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 11 Aug 2014 20:29:09 +0000 (22:29 +0200)]
s3-mdssvc: add mdssd RPC service daemon for mdssvc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 31 Jul 2014 16:01:34 +0000 (18:01 +0200)]
s3-mdssvc: lexer and parser for Spotlight queries
Add a lexer and parser for translating Spotlight query strings to
SPARQL.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 26 Mar 2015 21:39:21 +0000 (22:39 +0100)]
s3-mdssvc: main Spotlight code
Implement all Spotlight RPC commands with the Tracker SPARQL async query
API.
Tracker uses glib for implemeting async tasks, we thus have to use a
glib mainloop for processing sheduled tasks in threads.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 31 Jul 2014 15:56:44 +0000 (17:56 +0200)]
s3-mdssvc: Spotlight attribute mappings
Add mappings for metadata attribute between Spotlight and NEPOMUK for
use with Tracker.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 31 Jul 2014 15:07:28 +0000 (17:07 +0200)]
s3-mdssvc: (un)marshalling Spotlight RPC blob
Add code for marshalling and unmarshalling Spotlight RPC blobs
from/into a dalloc object store.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 31 Jul 2014 14:27:36 +0000 (16:27 +0200)]
s3-mdssvc: dalloc: dynamic object store based on talloc
dalloc is a hack with a bizarre API, but it does its job: it's a
simple object store that allows for storing simple and complex data
types.
We'll use it for storing Spotlight query data.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 31 Jul 2014 11:49:49 +0000 (13:49 +0200)]
s3-mdssvc: add new option 'spotlight'
Per share option: it reflects whether a share is indexed by Tracker or
not. The global switch that controls whether Spotlight is enabled or
not, are the mdsvc RPC switches.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Wed, 23 Jul 2014 07:58:45 +0000 (09:58 +0200)]
s3-mdssvc: add Spotlight RPC stubs
'mdssvc' aka 'Metadata Search Service' is an RPC service used by Apple
for passing marshalled Spotlight search queries and results between
client to server.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Wed, 23 Jul 2014 07:58:45 +0000 (09:58 +0200)]
mdssvc: IDL file for new RPC service
'mdssvc' aka 'Metadata Search Service' is an RPC service used by Apple
for passing marshalled Spotlight search queries and results between
client to server.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Wed, 23 Jul 2014 05:15:50 +0000 (07:15 +0200)]
s3-mdssvc: add configure option --enable-spotlight
configure check with pkg-config for libtracker-sparql, default is
disabled.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 17 Jan 2014 12:39:45 +0000 (13:39 +0100)]
s4:torture/rpc: use dcerpc_secondary_auth_connection with creds
This is the same as calling dcerpc_secondary_connection/dcerpc_bind_auth.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Jul 7 17:07:49 CEST 2015 on sn-devel-104
Stefan Metzmacher [Fri, 17 Jan 2014 08:54:39 +0000 (09:54 +0100)]
s4:torture/rpc: use dcerpc_secondary_auth_connection with anon creds
This is the same as calling dcerpc_secondary_connection/dcerpc_bind_auth_none.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 16 Jan 2014 06:20:37 +0000 (07:20 +0100)]
s4:torture/samba3rpc: use pipe_bind_smb_auth()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 16 Jan 2014 06:20:20 +0000 (07:20 +0100)]
s4:torture/samba3rpc: add pipe_bind_smb_auth()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 16 Jan 2014 06:19:49 +0000 (07:19 +0100)]
s4:torture/samba3rpc: use pipe_bind_smb2()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 16 Jan 2014 06:19:26 +0000 (07:19 +0100)]
s4:torture/samba3rpc: add pipe_bind_smb2()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 16 Jan 2014 06:18:30 +0000 (07:18 +0100)]
s4:torture/samba3rpc: use pipe_bind_smb() in more places
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 16 Jan 2014 06:17:00 +0000 (07:17 +0100)]
s4:torture/samba3rpc: move pipe_bind_smb() to the top
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 22 Jan 2014 11:49:58 +0000 (12:49 +0100)]
s4:libnet: make use of dcerpc_secondary_auth_connection_send/recv()
This avoid the bogus usage of dcerpc_pipe_auth().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 16 Jan 2014 07:57:30 +0000 (08:57 +0100)]
s4:libcli/clilsa: only remember the dcerpc_binding_handle
We don't need the 'dcerpc_pipe'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 17 Jan 2014 08:31:51 +0000 (09:31 +0100)]
s4:librpc/rpc: add dcerpc_secondary_auth_connection()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 26 Jun 2015 20:12:49 +0000 (22:12 +0200)]
dcerpc.idl: fix calculatin of uint16 secondary_address_size;
This should be 0 for secondary_address = "".
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 11:01:16 +0000 (13:01 +0200)]
pidl:Samba4/NDR/Parser: always initialize _mem_save_ pointers to NULL
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 19 Mar 2014 09:41:52 +0000 (10:41 +0100)]
pidl:Samba3/ServerNDR: add pidl_reset() and pidl_return() helper functions
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 19 Mar 2014 09:36:04 +0000 (10:36 +0100)]
pidl:Samba3/ServerNDR: make CallWithStruct() more flexible
We now pass multiple callbacks $check, $cleanup, $return
down to AllocOutVar().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 19 Mar 2014 09:35:14 +0000 (10:35 +0100)]
pidl:Samba3/ServerNDR: simplify CallWithStruct()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Tue, 30 Jun 2015 15:46:36 +0000 (17:46 +0200)]
docs:smb.conf: explain effect of new setting 'desired' of smb encrypt
Thereby clarify some details.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Wed, 1 Jul 2015 15:41:38 +0000 (17:41 +0200)]
smbd:smb2: use encryption_desired in send_break
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Wed, 1 Jul 2015 16:07:52 +0000 (18:07 +0200)]
smbd:smb2: only enable encryption in tcon if desired
Don't enforce it but only announce DATA_ENCRYPT,
making use of encryption_desired in tcon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Wed, 1 Jul 2015 16:07:26 +0000 (18:07 +0200)]
smbd:smb2: only enable encryption in session if desired
Don't enforce it but only announce ENCRYPT_DATA, using the
encryption_desired flag in session setup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Wed, 1 Jul 2015 15:42:58 +0000 (17:42 +0200)]
smbd:smb2: separate between encryption required and enc desired
this means we:
- accept unencrypted requests if encryption only desired
and not required,
- but we always send encrypted responses in the desired
case, not only when the request was encrypted.
For this purpose, the do_encryption in the request
structure is separated into was_encrypted and do_encryption.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Wed, 1 Jul 2015 15:34:45 +0000 (17:34 +0200)]
smbXsrv: add bools encryption_desired to session and tcon
This is to indicate that we should sen the ENCRYPT_DATA
flag on session or tcon replies.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Tue, 30 Jun 2015 12:16:19 +0000 (14:16 +0200)]
Introduce setting "desired" for 'smb encrypt' and 'client/server signing'
This should trigger the behaviour where the server requires
signing when the client supports it, but does not reject
clients that don't support it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Volker Lendecke [Tue, 7 Jul 2015 07:04:22 +0000 (09:04 +0200)]
vfs_fruit: Fix CID
1311244 Out-of-bounds read
We should not call memcpy if the offset is exactly AFP_INFO_SIZE
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jul 7 14:04:39 CEST 2015 on sn-devel-104
Douglas Bagnall [Thu, 18 Jun 2015 00:38:22 +0000 (12:38 +1200)]
Treat uid_t, git_t as 64 bit in Pidl Python bindings
This follows their treatment in librpc/ndr/ndr_basic.c.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 7 07:19:49 CEST 2015 on sn-devel-104
Christof Schmitt [Thu, 2 Jul 2015 20:06:32 +0000 (13:06 -0700)]
ctdb: Accept the key in hex format for the pstore command
This follows the same pattern as the tstore command, and it allows
specifying key strings with a trailing \0 character.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 6 23:23:22 CEST 2015 on sn-devel-104
Christof Schmitt [Tue, 30 Jun 2015 23:15:57 +0000 (01:15 +0200)]
sharesec: Remove error message for unmarshall_sec_desc failure
In a cluster setup, running sharesec -D results in an empty record that
triggers this message. The situation is correctly handled in the code
(unmarshall_sec_desc fails and sharesec uses the default), so simply
remove the message in this case.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 3 Jul 2015 13:10:17 +0000 (15:10 +0200)]
docs: Document smbclient "notify" command
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jul 3 18:30:21 CEST 2015 on sn-devel-104
Stefan Metzmacher [Mon, 29 Jun 2015 18:37:01 +0000 (20:37 +0200)]
lib/util:charset/tests: improve strlen_m[_term[_null]]() testing
They differ in their "" vs. NULL handling.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jul 3 05:02:45 CEST 2015 on sn-devel-104