Mathieu Parent [Fri, 4 May 2018 20:19:08 +0000 (22:19 +0200)]
Fix spelling s/doens't/doesn't/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Mathieu Parent [Fri, 4 May 2018 20:18:54 +0000 (22:18 +0200)]
Fix spelling s/desriptor/descriptor/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Mathieu Parent [Fri, 4 May 2018 20:18:47 +0000 (22:18 +0200)]
Fix spelling s/coult/could/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Mathieu Parent [Fri, 4 May 2018 20:18:16 +0000 (22:18 +0200)]
Fix spelling s/conection/connection/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Mathieu Parent [Fri, 4 May 2018 20:14:34 +0000 (22:14 +0200)]
Fix spelling s/authenticaiton/authentication/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Mathieu Parent [Fri, 4 May 2018 20:13:58 +0000 (22:13 +0200)]
Fix spelling s/anwser/answer/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Mathieu Parent [Fri, 4 May 2018 20:12:14 +0000 (22:12 +0200)]
Fix spelling s/allows to/allows one to/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Joe Guo [Thu, 19 Apr 2018 05:05:21 +0000 (17:05 +1200)]
Fix typo for response
reponse --> response
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Thu, 10 May 2018 10:29:35 +0000 (12:29 +0200)]
s3:smbd: fix interaction between chown and SD flags
A change ownership operation that doesn't set the NT ACLs must not touch
the SD flags (type).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13432
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 11 23:30:32 CEST 2018 on sn-devel-144
Ralph Boehme [Thu, 10 May 2018 10:28:43 +0000 (12:28 +0200)]
s4:torture/smb2: new test for interaction between chown and SD flags
This passes against Windows, but fails against Samba.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13432
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 8 May 2018 06:41:04 +0000 (08:41 +0200)]
printing: Fix CID
1435452 (TAINTED_SCALAR)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Andreas Schneider [Thu, 26 Apr 2018 15:32:42 +0000 (17:32 +0200)]
winbind: Fix UPN handling in canonicalize_username()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 11 12:02:37 CEST 2018 on sn-devel-144
Andreas Schneider [Thu, 26 Apr 2018 10:17:12 +0000 (12:17 +0200)]
winbind: Fix UPN handling in parse_domain_user()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 26 Apr 2018 15:23:41 +0000 (17:23 +0200)]
winbind: Remove unused function parse_domain_user_talloc()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 22 Feb 2018 13:10:28 +0000 (14:10 +0100)]
winbind: Pass upn unmodified to lookup names
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Fri, 20 Apr 2018 09:20:44 +0000 (11:20 +0200)]
nsswitch:tests: Add test for wbinfo --user-info
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Fri, 20 Apr 2018 07:38:24 +0000 (09:38 +0200)]
selftest: Add a user with a different userPrincipalName
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 7 May 2018 11:23:42 +0000 (13:23 +0200)]
nsswitch: Lookup the domain in tests with the wb seperator
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Fri, 4 May 2018 10:43:05 +0000 (12:43 +0200)]
nsswitch: Add a test looking up domain sid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Fri, 20 Apr 2018 09:24:30 +0000 (11:24 +0200)]
nsswitch: Add a test looking up the user using the upn
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 7 May 2018 14:20:30 +0000 (16:20 +0200)]
selftest: Make sure we have correct group mappings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Tim Beale [Thu, 10 May 2018 04:22:06 +0000 (16:22 +1200)]
tests: Add tests for samba-tool passwordsettings commands
I've added a test case for 'samba-tool domain passwordsettings set/show'
to prove I haven't broken it. It's behaviour shouldn't have changed, but
there was no test for it previously.
We'll extend these tests in the very near future, when we add samba-tool
support for managing PSOs.
The base samba_tool test's runsubcmd() only handled commands with
exactly one sub-command, i.e. it would handle the command 'samba-tool
domain passwordsettings' OK, but not 'samba-tool domain passwordsettings
set' (The command still seemed to run OK, but you wouldn't get the
output/err back correctly). A new runsublevelcmd() function now handles
a varying number of sub-commands.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Fri May 11 09:06:10 CEST 2018 on sn-devel-144
Tim Beale [Thu, 3 May 2018 00:12:04 +0000 (12:12 +1200)]
netcmd: Split 'domain passwordsettings' into a super-command
The show and set options are not really related to each other at all, so
it makes sense to split the code into 2 separate commands.
We also want to add separate sub-commands for PSOs in a subsequent
patch.
Because of the way the sub-command was implemented previously, it meant
that you could specify other command-line options before the 'set' or
'show' keyword, and the command would still be accepted. However, now
that it's a super-command 'set'/'show' needs to be specified before any
additional arguments, so we need to update the test code to reflect
this.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Tim Beale [Wed, 2 May 2018 23:48:21 +0000 (11:48 +1200)]
netcmd: Small tweak to retrieving pwdProperties
Currently the 'samba-tool domain passwordsettings' command shares a
'set' and 'show' option, but there is very little common code between
the two. The only variable that's shared is pwd_props, but there's a
separate API we can use to get this. This allows us to split the command
into a super-command in a subsequent patch.
Fixed up erroneous comments while I'm at it.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Tim Beale [Wed, 4 Apr 2018 22:51:42 +0000 (10:51 +1200)]
dsdb: Split out construct_generic_token_groups() so we can reuse it
construct_generic_token_groups() currently works out the entire group
membership for a user, including the primaryGroupID. We want to do the
exact same thing for the msDS-ResultantPSO constructed attribute.
However, construct_generic_token_groups() currently adds the resulting
SIDs to the LDB search result, which we don't want to do for
msDS-ResultantPSO.
This patch splits the bulk of the group SID calculation work out into
a separate function that we can reuse for msDS-ResultantPSO. basically
this is just a straight move of the existing code. The only real change
is the TALLOC_CTX is renamed (tmp_ctx --> mem_ctx) and now passed into
the new function (so freeing it if an error conditions is hit is now
done in the caller).
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Tim Beale [Wed, 4 Apr 2018 22:40:03 +0000 (10:40 +1200)]
dsdb: Use attribute-name parameter for error message
We'll reuse this code for working out the msDS-ResultantPSO, so
references to 'tokenGroups' in error messages would be misleading.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Tim Beale [Mon, 7 May 2018 05:33:51 +0000 (17:33 +1200)]
tests: Add a test case for msDS-PasswordReversibleEncryptionEnabled
Add a test for the 'msDS-PasswordReversibleEncryptionEnabled' attribute
on the PSO. The Effective-PasswordReversibleEncryptionEnabled is
based on the PSO setting (if one applies) or else the
DOMAIN_PASSWORD_STORE_CLEARTEXT bit for the domain's pwdProperties.
This indicates whether the user's cleartext password is to be stored
in the supplementalCredentials attribute (as 'Primary:CLEARTEXT').
The password_hash tests already text the cleartext behaviour, so I've
added an additional test case for PSOs. Note that supplementary-
credential information is not returned over LDAP (the password_hash
test uses a local LDB connection), so it made more sense to extend
the password_hash tests than to check this behaviour as part of the
PSO tests (i.e. rather than in password_settings.py).
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Tim Beale [Fri, 20 Apr 2018 00:50:00 +0000 (12:50 +1200)]
tests: Add test for password-lockout via SAMR RPC
The existing password_lockout tests didn't check for changing the
password via the SAMR password_change RPC. This patch adds a test-case
for this, using the default domain lockout settings (which passes), and
then repeats the same test using a PSO (which fails).
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Tim Beale [Sun, 18 Mar 2018 23:56:14 +0000 (12:56 +1300)]
tests: Add PSO test case to existing password_lockout tests
This checks that the lockout settings of the PSO take effect when one is
applied to a user. Import the password_settings code to create/apply a
PSO with the same lockout settings that the test cases normally use.
Then update the global settings so that the default lockout settings are
wildly different (i.e. so the test fails if the default lockout settings
get used instead of the PSO's).
As the password-lockout tests are quite slow, I've selected test cases
that should provide sufficient PSO coverage (rather than repeat every
single password-lockout test case in its entirety).
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Tim Beale [Wed, 11 Apr 2018 00:40:59 +0000 (12:40 +1200)]
tests: Add comments to help explain password_lockout tests
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Tim Beale [Mon, 12 Mar 2018 02:22:24 +0000 (15:22 +1300)]
tests: Add tests for Password Settings Objects
a.k.a Fine-Grained Password Policies
These tests currently all run and pass gainst Windows, but fail against
Samba. (Actually, the permissions test case passes against Samba,
presumably because it's enforced by the Schema permissions).
Two helper classes have been added:
- PasswordSettings: creates a PSO object and tracks its values.
- TestUser: creates a user and tracks its password history
This allows other existing tests (e.g. password_lockout, password_hash)
to easily be extended to also cover PSOs.
Most test cases use assert_PSO_applied(), which asserts:
- the correct msDS-ResultantPSO attribute is returned
- the PSO's min-password-length, complexity, and password-history
settings are correctly enforced (this has been temporarily been hobbled
until the basic constructed-attribute support is working).
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Tim Beale [Thu, 10 May 2018 23:03:03 +0000 (11:03 +1200)]
tests: Split out setUp code into separate function for reuse
Any test that wants to change a password has to set the dSHeuristics
and minPwdAge first in order for the password change to work. The code
that does this is duplicated in several tests. This patch splits it out
into a static method so that the code can be reused rather than
duplicated.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Tim Beale [Wed, 14 Mar 2018 23:44:30 +0000 (12:44 +1300)]
tests: Move repeated code into a helper function
Several tests hang all the objects they create off a unique OU.
Having a common OU makes cleanup easier, and having a unique OU (i.e.
adding some randomness) helps protect against one-off test failures
(Replication between testenvs is happening in the background.
Occasionally, when a test finishes on one testenv and moves onto the
next testenv, that testenv may have received the replicated test
objects from the first testenv, but has not received their deletion
yet).
Rather than copy-n-pasting this code yet again, split it out into a
helper function.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Christof Schmitt [Thu, 10 May 2018 17:51:59 +0000 (10:51 -0700)]
loadparm: Remove unused realm_original
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 10 22:47:15 CEST 2018 on sn-devel-144
Gary Lockyer [Sun, 15 Apr 2018 19:59:43 +0000 (07:59 +1200)]
samdb: Add transaction id control
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 11 Apr 2018 18:41:30 +0000 (06:41 +1200)]
samdb: Add remote address to connect
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 4 Apr 2018 00:39:55 +0000 (12:39 +1200)]
dsdb: pass the remote address to samdb connect
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 29 Apr 2018 22:35:25 +0000 (10:35 +1200)]
auth logging tests: Clean up flake8 warnings
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 29 Apr 2018 21:13:58 +0000 (09:13 +1200)]
auth logging tests: Add tests for sessionId
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 9 Apr 2018 18:47:40 +0000 (06:47 +1200)]
auth log: Log the unique session GUID
Log the unique_session_token GUID on successful Authorizations.
This patch adds the "sessionID" attribute to the Authorization object
and increments the version to 1.1
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 9 Apr 2018 18:44:00 +0000 (06:44 +1200)]
auth: Add unique session GUID identifier
Generate a GUID for each successful authorization, this will allow the
tying of events in the logs back to a specific session.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 3 Apr 2018 23:55:00 +0000 (11:55 +1200)]
dsdb: refactor password attibutes to constant
The password attributes are defined as literal in two places in the
password_hash code. They will also be needed to support password change
logging. This patch replaces the individual definitions with a shared
constant.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Wed, 9 May 2018 16:32:45 +0000 (09:32 -0700)]
s3: smbd: Remove unused counters for outstanding aio calls.
Only a debug message used this.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 9 22:24:38 CEST 2018 on sn-devel-144
David Disseldorp [Wed, 9 May 2018 14:51:34 +0000 (16:51 +0200)]
vfs_ceph: add fake async pwrite/pread send/recv hooks
As found by Jeremy, VFS modules that don't provide pread_send() or
pwrite_send() hooks result in vfs_default fallback, which is
catastrophic for VFS modules with non-mounted filesystems such as
vfs_ceph.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13425
Reported-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 9 May 2018 08:14:37 +0000 (10:14 +0200)]
libcli: remove unused se_create_child_secdesc_buf()
Commit
e2c9ad93cb914186b89e2055f1bed3cceee1f768 removed the last caller
of this.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May 9 19:18:44 CEST 2018 on sn-devel-144
Simo Sorce [Mon, 7 May 2018 12:04:17 +0000 (08:04 -0400)]
Fix Jean François name to be UTF-8
Signed-off-by: Simo Sorce <idra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May 9 10:38:57 CEST 2018 on sn-devel-144
Andrew Bartlett [Wed, 9 May 2018 00:53:53 +0000 (12:53 +1200)]
ldb: Ensure we can open a new LDB after a fork()
Based on work for an mdb-specific test by Gary Lockyer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 9 07:27:24 CEST 2018 on sn-devel-144
Andrew Bartlett [Mon, 7 May 2018 00:59:00 +0000 (12:59 +1200)]
ldb: Add tests for ldb_tdb use after a fork()
We need to show that despite the internal cache of TDB pointers that it
is safe to open a ldb_tdb after a fork()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 4 May 2018 10:22:26 +0000 (22:22 +1200)]
ldb_tdb: Allow use of a TDB for ldb_tdb after as fork()
Otherwise we rely on the caller doing tdb_reopen_all() which should
not be their job.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 7 May 2018 00:59:49 +0000 (12:59 +1200)]
ldb: Reset errno before checking it in ltdb_connect()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Tue, 8 May 2018 23:02:41 +0000 (11:02 +1200)]
ldb/tests: add tests for transaction_{start,commit}/lock_read across forks
(Split from a larger commit by Andrew Bartlett)
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 4 May 2018 02:35:14 +0000 (14:35 +1200)]
ldb_tdb: Prevent ldb_tdb reuse after a fork()
We may relax this restriction in the future, but for now do not assume
that the caller has done a tdb_reopen_all() at the right time.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Vandana Rungta [Tue, 8 May 2018 18:27:47 +0000 (11:27 -0700)]
s3: VFS: Fix memory leak in vfs_ceph.
Centralize error handling.
https://bugzilla.samba.org/show_bug.cgi?id=13424
Signed-off-by: Vandana Rungta <vrungta@amazon.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 9 04:28:11 CEST 2018 on sn-devel-144
Volker Lendecke [Tue, 8 May 2018 13:02:28 +0000 (15:02 +0200)]
samba-tool: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 8 23:48:07 CEST 2018 on sn-devel-144
Amitay Isaacs [Tue, 8 May 2018 05:25:12 +0000 (15:25 +1000)]
third_party: Update popt to 1.16 release
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May 8 12:55:04 CEST 2018 on sn-devel-144
Volker Lendecke [Tue, 8 May 2018 06:35:18 +0000 (08:35 +0200)]
dsdb: Fix CID
1435453 Null pointer dereferences
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Thu, 19 Apr 2018 02:13:47 +0000 (14:13 +1200)]
traffic: ensure we are using the same division in py 2 and 3
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sat May 5 07:25:13 CEST 2018 on sn-devel-144
Douglas Bagnall [Thu, 22 Mar 2018 22:24:16 +0000 (11:24 +1300)]
autobuild: do not try to send email to no recipient
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Wed, 14 Mar 2018 22:55:40 +0000 (11:55 +1300)]
samba_kcc: remove an unused variable
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Fri, 9 Mar 2018 02:20:53 +0000 (15:20 +1300)]
sambatool tests: make assertMatch use assertIn
With a note to tidy this up at some point
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Thu, 10 Aug 2017 00:00:45 +0000 (12:00 +1200)]
.gitignore .agignore
.agingore is used by "the silver searcher", ag, which is a form of
grep with more useful defaults and prettier colours for searching
source trees.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Wed, 9 Aug 2017 23:59:44 +0000 (11:59 +1200)]
gitignore .gdb_history anywhere in the tree
For when you run gdb in places like lib/ldb/ and it decides to leave
behind a history file.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Thu, 24 Aug 2017 03:02:43 +0000 (15:02 +1200)]
perftest: ad_dc_medley failing base search failed to catch exception
This meant it only happened once.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Fri, 4 May 2018 03:26:47 +0000 (15:26 +1200)]
autobuild: add compiler version to results tarball
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Thu, 19 Apr 2018 04:21:06 +0000 (16:21 +1200)]
auth/ntlmssp_client: correct spelling of response
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Thu, 19 Apr 2018 04:20:25 +0000 (16:20 +1200)]
auth/pycredentials: correct spelling of reponse
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Jeremy Allison [Tue, 24 Apr 2018 20:47:54 +0000 (13:47 -0700)]
tests: libsmbclient: Add a readdirplus() test suite.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 5 04:31:18 CEST 2018 on sn-devel-144
Puran Chand [Mon, 9 Apr 2018 17:10:28 +0000 (10:10 -0700)]
s3: libsmbclient: Add new function SMBC_readdirplus_ctx().
New ABI function, move to library version 0.33.
Signed-off-by: Puran Chand <pchand@vmware.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Puran Chand [Fri, 6 Apr 2018 21:50:39 +0000 (14:50 -0700)]
s3: libsmbclient: Add function add_dirplus() to fill the list from a returned file info.
Not yet externally visible.
Signed-off-by: Puran Chand <pchand@vmware.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Puran Chand [Fri, 6 Apr 2018 21:17:35 +0000 (14:17 -0700)]
s3: libsmbclient: Add readdirplus cleanup code on directory close.
Signed-off-by: Puran Chand <pchand@vmware.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Puran Chand [Fri, 6 Apr 2018 21:08:03 +0000 (14:08 -0700)]
s3: libsmbclient: Add internal/external structures needed for readdirplus.
Not yet used.
Signed-off-by: Puran Chand <pchand@vmware.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Jeremy Allison [Fri, 6 Apr 2018 20:35:05 +0000 (13:35 -0700)]
s3: client: Add btime_ts to struct finfo.
Fill it in when available, else return it as zero.
Based on a patch from Puran Chand <pchand@vmware.com>.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Jeremy Allison [Wed, 2 May 2018 23:56:33 +0000 (16:56 -0700)]
s3: VFS: Remove SMB_VFS_WRITE() function and all implementations.
All code in Samba now uses SMB_VFS_PWRITE or SMB_VFS_PWRITE_SEND.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat May 5 01:38:07 CEST 2018 on sn-devel-144
Jeremy Allison [Wed, 2 May 2018 23:49:56 +0000 (16:49 -0700)]
s3: torture: Remove the last user of SMB_VFS_WRITE.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 2 May 2018 23:47:22 +0000 (16:47 -0700)]
s3: VFS: ceph: Replace the lseek/write ftruncate extend with pwrite.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 2 May 2018 23:44:23 +0000 (16:44 -0700)]
s3: VFS: Remove vfs_write_data(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 2 May 2018 23:39:16 +0000 (16:39 -0700)]
s3: smbd: Remove the handling of offset == -1 in real_write_file().
All SMB1/2/3 offsets over the wire are absolute.
The only caller with offset == -1 is on a print-spool file
in reply_printwrite(), and write_file() redirects this
to print_spool_write(), which correctly handles the -1.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 2 May 2018 23:38:05 +0000 (16:38 -0700)]
s3: VFS: default: Remove recursion into the VFS inside the default pwrite call.
We already know we're at the POSIX level here.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 2 May 2018 23:35:41 +0000 (16:35 -0700)]
s3: VFS: default: Remove fallback if we don't have HAVE_PWRITE set. Samba doesn't work without pwrite.
Start of the changes to remove synchronous VFS write.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 1 May 2018 19:05:44 +0000 (12:05 -0700)]
s3: VFS: Remove SMB_VFS_READ() function and all implementations.
All code in Samba now uses SMB_VFS_PREAD or SMB_VFS_PREAD_SEND.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 1 May 2018 18:53:10 +0000 (11:53 -0700)]
s3: torture: Make cmd_read use read_file().
Removed last user of SMB_VFS_READ.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 1 May 2018 18:51:43 +0000 (11:51 -0700)]
s3: printing: Remove the LSEEK in printing_pread_data() and use read_file() instead.
Removes last-but-one user of SMB_VFS_READ.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 1 May 2018 18:47:24 +0000 (11:47 -0700)]
s3: printing: Now we never pass an offset of -1, remove the off_t==-1 protections from printing_pread_data().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 1 May 2018 18:19:49 +0000 (11:19 -0700)]
s3: printing: Use offset tracking in printing_pread_data() to remove the seek in handle_ne_file().
Uses the fact that: lseek(fd, 0, SEEK_CUR) is merely getting the current file position,
which we have already tracked in in_pos.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 1 May 2018 18:16:02 +0000 (11:16 -0700)]
s3: printing: Use passed in offset, and offset tracking in printing_pread_data() to remove seeks from handle_pe_file().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 1 May 2018 18:11:01 +0000 (11:11 -0700)]
s3: printing: Add existing offset position as a parameter to handle_pe_file(), handle_ne_file()
Not yet used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 1 May 2018 18:08:40 +0000 (11:08 -0700)]
s3: printing: Use auto-updating of offset in printing_pread_data() to remove offset tracking in get_file_version().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 2 May 2018 20:45:44 +0000 (13:45 -0700)]
s3: printing: Make printing_pread_data() update the offset paramter, if not passed in as -1.
As all callers pass -1 here, still not used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 1 May 2018 18:38:49 +0000 (11:38 -0700)]
s3: printing: Rename printing_read_data() -> printing_pread_data() and add an offset parameter.
Currently pass -1 as the offset, so it's not used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 30 Apr 2018 23:04:23 +0000 (16:04 -0700)]
s3: printing: Rename vfs_read_data() -> printing_read_data().
This is an internal printing call, nothing to do with the VFS.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 30 Apr 2018 22:50:14 +0000 (15:50 -0700)]
s3: printing: Move handle_ne_file code into a separate function.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 30 Apr 2018 22:06:39 +0000 (15:06 -0700)]
s3: printing: Split handling of PE file into separate function.
This is *horrible* old code...
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 30 Apr 2018 18:57:52 +0000 (11:57 -0700)]
s3: printing: Reformatting of parts of this file to modern coding standards.
This should not change the code behavior in any way, it is just being
done to make it easier for me to move this code to calling the
standard read_file() function later on, which takes a file offset
to read from (and uses pread internally).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Garming Sam [Mon, 26 Mar 2018 23:19:31 +0000 (12:19 +1300)]
netlogon: Allow zero-GUID to act the same as NULL in GetDCNameEx2
This matches Windows behaviour and allows rpcclient to work against
Samba without knowing the GUID ahead of time. Errors related to this
don't appear to occur within selftest.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13365
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Fri May 4 09:11:19 CEST 2018 on sn-devel-144
Garming Sam [Mon, 26 Mar 2018 01:32:07 +0000 (14:32 +1300)]
netlogon: Store the client site to clobber any plausibly returned via winbind
So far, I have never observed the case where the winbind call ever
bothered to return a proper site, but in case it ever does so, we
clobber it here. This has implications for returning a non-local domain
site name, but for now, we ignore them.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13365
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Tue, 20 Mar 2018 22:25:19 +0000 (11:25 +1300)]
netlogon: Forward GetDCNameEx2 to winbind via IRPC
Here we simply forward everything without alteration (the same struct is
returned). This helps us to fix the case where the DC does not exist in
the target site, furthermore, this is supposed to work for trusted
domains.
In calling out to winbind, we now also notice if you provide a site
which exists in multiple domains and provide the correct domain (instead
of accidentally returning ourselves).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13365
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Tue, 20 Mar 2018 22:25:19 +0000 (11:25 +1300)]
winbindd_irpc: Add an IRPC call to trigger a DC locate
Calling the top level winbindd API would probably be more appropriate,
but we lack certain structures. We introduce this call in order to
return the result to NETLOGON (in order to give site-aware and domain
aware DC location).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13365
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 28 Mar 2018 04:16:25 +0000 (17:16 +1300)]
tests/getdcname: Add a number of tests for GetDCNameEx
This will test the winbind forwarding to deal with sites that the target
DC does not exist in.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13365
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 28 Mar 2018 00:05:11 +0000 (13:05 +1300)]
netlogon: Allow return of error code in future asynchronous winbind forwards
We change the naming conventions to match dcesrv_netr_*_base_call used elsewhere.
This is important when we make the underlying Ex2 call asynchronous.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13365
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 26 Mar 2018 01:25:45 +0000 (14:25 +1300)]
dsdb: Allow the disable of the Windows server site fallback
A usage in GetDCNameEx2 could return the wrong result. This may need to
be fixed in other places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13365
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>