Volker Lendecke [Tue, 30 Jan 2018 12:47:35 +0000 (13:47 +0100)]
libsmb: Fix an error path memleak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 07:55:03 +0000 (08:55 +0100)]
libsmb: Fix destructor setup in unexpected.c
The destructor does DLIST_REMOVE, so better make sure "client" is in fact
member of that list when the destructor fires
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 4 Feb 2018 16:41:04 +0000 (16:41 +0000)]
libcli: Fix a cut&paste typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 4 Feb 2018 15:45:57 +0000 (15:45 +0000)]
net: Add some {}
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 29 Jan 2018 09:17:11 +0000 (10:17 +0100)]
nbt_server: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 2 Feb 2018 12:13:31 +0000 (13:13 +0100)]
libnbt: Apply some const
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sat, 3 Feb 2018 12:48:35 +0000 (12:48 +0000)]
libnbt: Use TALLOC_FREE
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Mon, 12 Feb 2018 10:24:26 +0000 (11:24 +0100)]
docs: Fix smbpasswd manpage about password storage
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Feb 13 16:25:33 CET 2018 on sn-devel-144
Volker Lendecke [Wed, 7 Feb 2018 13:32:37 +0000 (14:32 +0100)]
smbd: remove "id" from share_mode_entry
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 13 05:01:38 CET 2018 on sn-devel-144
Volker Lendecke [Wed, 7 Feb 2018 11:28:13 +0000 (12:28 +0100)]
smbd: Pass "file_id" explicitly to send_break_to_none
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 11:24:35 +0000 (12:24 +0100)]
smbd: Pass "file_id" explicitly to send_break_message()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 11:16:10 +0000 (12:16 +0100)]
srvsvc: Avoid a dependency on share_mode_entry->id
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 11:11:10 +0000 (12:11 +0100)]
smbd: Avoid a dependency on share_mode_entry->id
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 10:40:58 +0000 (11:40 +0100)]
smbd: Avoid a dependency on share_mode_entry->id
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 10:39:32 +0000 (11:39 +0100)]
smbd: Pass "file_id" explicitly to message_to_share_mode_entry()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 10:36:51 +0000 (11:36 +0100)]
smbd: Pass "file_id" explicitly into share_mode_entry_to_message()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 10:14:31 +0000 (11:14 +0100)]
smbd: Remove a redundant check
The file ids in all share modes match the share_mode_data's one
We don't have a paranoia check for this, but the share mode is per inode.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 10:13:40 +0000 (11:13 +0100)]
smbd: Use "share_mode_data->id", not "share_mode_entry->id"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 10:10:14 +0000 (11:10 +0100)]
srvsvc: Use the passed-in file_id
The one in share_mode_entry will go
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 10:09:10 +0000 (11:09 +0100)]
smbd: Pass in "file_id" into validate_my_share_entries
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 10:05:33 +0000 (11:05 +0100)]
smbd: Pass in "file_id" into share_mode_str()
This used to directly access share_entry->id, which will go
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 09:52:23 +0000 (10:52 +0100)]
srvsvc: Use the passed-in file id, not the one from share_mode_entry
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 09:43:11 +0000 (10:43 +0100)]
smbd: Pass "file_id" through share_entry_forall
It's also in the share_entry, but that is redundant and will go
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 09:05:57 +0000 (10:05 +0100)]
smbd: Fix a signed/unsigned hickup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 9 Feb 2018 15:19:53 +0000 (16:19 +0100)]
winbindd: Initialize the domain groups member
==9405== 4 errors in context 1 of 493:
==9405== Conditional jump or move depends on uninitialised value(s)
==9405== at 0x7507F71: vfprintf (in /lib64/libc-2.12.so)
==9405== by 0x75C515B: __vasprintf_chk (in /lib64/libc-2.12.so)
==9405== by 0x2A8728: dbgtext (stdio2.h:199)
==9405== by 0x22DCBB: winbindd_list_groups_done (winbindd_list_groups.c:127)
==9405== by 0x6C7F568: _tevent_req_error (tevent_req.c:167)
==9405== by 0x6C7F568: _tevent_req_error (tevent_req.c:167)
==9405== by 0x6C7F568: _tevent_req_error (tevent_req.c:167)
==9405== by 0x3CDAE8: dcerpc_binding_handle_call_done (binding_handle.c:445)
==9405== by 0x6C7F568: _tevent_req_error (tevent_req.c:167)
==9405== by 0x6C7F568: _tevent_req_error (tevent_req.c:167)
==9405== by 0x202701: wbint_bh_raw_call_done (winbindd_dual_ndr.c:139)
==9405== by 0x6C82C60: tevent_common_loop_timer_delay (tevent_timed.c:341)
==9405== by 0x6C83CA1: epoll_event_loop_once (tevent_epoll.c:911)
==9405== by 0x6C822D5: std_event_loop_once (tevent_standard.c:114)
==9405== by 0x6C7DC3C: _tevent_loop_once (tevent.c:533)
==9405== by 0x1D8A03: main (winbindd.c:1490)
==9405== Uninitialised value was created by a heap allocation
==9405== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==9405== by 0x6A71DCA: _talloc_array (in /usr/lib64/libtalloc.so.2.1.5)
==9405== by 0x22D959: winbindd_list_groups_send (winbindd_list_groups.c:69)
==9405== by 0x1D76BC: winbind_client_request_read (winbindd.c:647)
==9405== by 0x23AF2A: wb_req_read_done (wb_reqtrans.c:126)
==9405== by 0x6C83EA5: epoll_event_loop_once (tevent_epoll.c:728)
==9405== by 0x6C822D5: std_event_loop_once (tevent_standard.c:114)
==9405== by 0x6C7DC3C: _tevent_loop_once (tevent.c:533)
==9405== by 0x1D8A03: main (winbindd.c:1490)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Feb 13 00:25:27 CET 2018 on sn-devel-144
Andreas Schneider [Fri, 9 Feb 2018 14:33:39 +0000 (15:33 +0100)]
winbindd: Free is_parent before we terminate
This makes valgrind happy.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Fri, 9 Feb 2018 14:27:42 +0000 (15:27 +0100)]
winbindd: Free memory before we exit the connect child
This will make valgrind happy.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Fri, 9 Feb 2018 09:27:55 +0000 (10:27 +0100)]
winbind: Improve child selection
This improves the situation when a client request blocks a winbind
child. This might be a slow samlogon or lookupnames to a domain that's
far away. With random selection of the child for new request coming in
we could end up with a long queue when other, non-blocked children
could serve those new requests. Choose the shortest queue.
This is an immediate and simple fix. Step two will be to have a
per-domain and not a per-child queue. Right now we're pre-selecting
the check-out queue at Fry's randomly without looking at the queue
length. With this change we're picking the shortest queue. The better
change will be what Fry's really does: One central queue and red/green
lights on the busy/free checkout counters.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Feb 12 19:51:35 CET 2018 on sn-devel-144
Douglas Bagnall [Fri, 9 Feb 2018 10:09:41 +0000 (23:09 +1300)]
tests/samba-tool user wdigest: fix a flapping test
The output of something like
samba-tool user getpassword $USER --attributes virtualWDigest01
contains an LDIF section with long strings folded on the 77th column.
To unfold this LDIF we were using:
result = re.sub(r"\n\s*", '', out)
which worked fine EXCEPT when a space in the output happened to land
immediately after the fold and got eaten by the \s*.
Instead we remove just a single space after the line break, because
that is always what fold_string() in lib/ldb/common/ldb_ldif.c
inserts, and for this simple replacement we don't need the re module.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb 12 05:21:01 CET 2018 on sn-devel-144
Douglas Bagnall [Fri, 9 Feb 2018 01:29:43 +0000 (14:29 +1300)]
tests: SambaToolCmdTest.assertMatch() indicates what was asserted
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 22:13:12 +0000 (23:13 +0100)]
winbindd: WBFLAG_PAM_AUTH_PAC should call add_trusted_domain_from_auth() is the result is trusted
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Feb 10 13:08:50 CET 2018 on sn-devel-144
Stefan Metzmacher [Fri, 9 Feb 2018 07:38:18 +0000 (08:38 +0100)]
winbindd: rename winbindd_pam_auth_pac_send and let it return validation
Just a preperational step. The next commit will update the caller to
make use of the validation info.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 22:10:42 +0000 (23:10 +0100)]
winbindd: complete WBFLAG_PAM_AUTH_PAC handling in winbindd_pam_auth_crap_send()
winbindd_pam_auth_crap_recv() should not have any real logic.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 22:02:26 +0000 (23:02 +0100)]
winbindd: let winbindd_pam_auth_pac_send() compute info6 from PAC
This way we don't loose the DNS info and UPN. A subsequent commit will
let winbindd_pam_auth_pac_send() return the full validation info.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 21:00:35 +0000 (22:00 +0100)]
winbindd: call add_trusted_domain_from_auth() in winbindd_pam_auth_crap_done()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 20:34:46 +0000 (21:34 +0100)]
winbindd: get netr_SamInfo6 out of winbindd_dual_pam_auth_kerberos()
This way we don't loose dns_domain_name and user principal.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13261
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 20:32:53 +0000 (21:32 +0100)]
s3/rpc_client: add map_info6_to_validation()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13261
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 20:32:25 +0000 (21:32 +0100)]
s3/auth: add create_info6_from_pac()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13261
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 16:58:07 +0000 (17:58 +0100)]
s4/auth_winbind: ask for validation level 6
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13260
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 16:57:37 +0000 (17:57 +0100)]
winbindd: allow validation level 6 in winbind_SamLogon
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13260
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 16:53:49 +0000 (17:53 +0100)]
s3/rpc_client: add copy_netr_SamInfo6() and map_validation_to_info6()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13260
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 2 Feb 2018 14:24:00 +0000 (15:24 +0100)]
winbindd: introduce a cm_connect_netlogon_secure() which gives a valid netlogon_creds_ctx
At lot of callers require a valid schannel connection.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13259
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 16:39:15 +0000 (17:39 +0100)]
winbindd: handle interactive logons in _winbind_SamLogon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 16:37:54 +0000 (17:37 +0100)]
winbindd: pass 'bool interactive' to winbind_dual_SamLogon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 8 Feb 2018 16:23:49 +0000 (17:23 +0100)]
winbindd: add a comment to a parameter in _winbind_SamLogon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 15:36:45 +0000 (16:36 +0100)]
winbindd: separate plaintext given and interactive in winbind_samlogon_retry_loop()
We need to handle 4 cases:
plaintext_given=true interactive=true
plaintext_given=false interactive=true
plaintext_given=true interactive=false
plaintext_given=false interactive=false
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 9 Feb 2018 15:15:18 +0000 (16:15 +0100)]
s3/rpc_client: add rpccli_netlogon_interactive_logon()
This will be used in a subsequent commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 22:19:32 +0000 (23:19 +0100)]
winbindd: add_trusted_domain_from_auth() should not use dns_name = ""
Check whether the DNS domain name in the info6 struct is actually more
then just an empty string. If it is we want to call add_trusted_domain()
with NULL as DNS domain name argument.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13257
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Sun, 4 Feb 2018 21:48:01 +0000 (22:48 +0100)]
wbinfo: avoid segfault in wbinfo_auth_crap() if winbindd is not available
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13256
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 31 Jan 2018 07:22:07 +0000 (08:22 +0100)]
winbindd: fix debug message in find_default_route_domain() on a DC
As we don't support multiple domains in a forest yet,
we don't need to print a warning a log level 0.
This also adds a missing \n.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13255
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 15:35:52 +0000 (16:35 +0100)]
s4/rpc_server: trigger trusts reload in winbindd after successfull trust info acquisition
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 15:35:13 +0000 (16:35 +0100)]
winbindd: rename MSG_WINBIND_NEW_TRUSTED_DOMAIN to MSG_WINBIND_RELOAD_TRUSTED_DOMAINS
This reflects the new implementation in winbindd.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 10:32:30 +0000 (11:32 +0100)]
s4/rpc_server: remove unused data argument from MSG_WINBIND_NEW_TRUSTED_DOMAIN
winbindd doesn't use that data anymore.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 10:30:53 +0000 (11:30 +0100)]
winbindd: use add_trusted_domains_dc in wb_imsg_new_trusted_domain
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 10:28:20 +0000 (11:28 +0100)]
winbindd: move loading of trusted domains on a DC to a seperate function
This allows using the split out function in a subsequent commit in the
MSG_WINBIND_NEW_TRUSTED_DOMAIN message handler.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 12:02:04 +0000 (13:02 +0100)]
winbindd: don't force using LSA_LOOKUP_NAMES_ALL for non workstation trusts.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13236
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:57:11 +0000 (12:57 +0100)]
s3:rpc_client: pass down lsa_LookupNamesLevel to dcerpc_lsa_lookup_sids_generic()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13236
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:06:50 +0000 (12:06 +0100)]
winbindd: prepare find_lookup_domain_from_{name,sid}() transitive trusts on a DC
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13235
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:06:50 +0000 (12:06 +0100)]
winbindd: prepare find_auth_domain() transitive trusts on a DC
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13235
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:03:11 +0000 (12:03 +0100)]
winbindd: remove const from set_routing_domain()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13235
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:02:05 +0000 (12:02 +0100)]
winbindd: use Netlogon{Interactive,Network}TransitiveInformation on transitive trusts
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13234
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:00:19 +0000 (12:00 +0100)]
s3:rpc_client: allow passing NetlogonNetwork[Transitive]Information to rpccli_netlogon_network_logon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13234
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 10:58:31 +0000 (11:58 +0100)]
s3:rpc_client: allow Netlogon{Network,Interactive}TransitiveInformation in rpccli_netlogon_password_logon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13234
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 07:38:59 +0000 (08:38 +0100)]
winbindd: add routing_domain as parameter to add_trusted_domain
This also fixes the following CIDs:
CID
1427622: Null pointer dereferences (REVERSE_INULL)
CID
1427619: Null pointer dereferences (REVERSE_INULL)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13233
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 13:30:48 +0000 (14:30 +0100)]
winbindd: add missing can_do_ncacn_ip_tcp initialisation
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13232
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 13:30:12 +0000 (14:30 +0100)]
winbindd: remove useless calls to get_trust_credentials() before cli_rpc_pipe_open_schannel_with_creds()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13231
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 13:24:47 +0000 (14:24 +0100)]
winbindd: fix LSA connections via DCERPC_AUTH_SCHANNEL
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13231
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Thu, 1 Feb 2018 03:08:34 +0000 (16:08 +1300)]
sambatool drs showrepl: prefer self over ctx in python classes
and the line length too.
(Now only python/samba/join.py uses ctx for self, but at least it does
it consistently. This was the only ctx function in the class).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 9 12:34:06 CET 2018 on sn-devel-144
Douglas Bagnall [Thu, 1 Feb 2018 02:28:28 +0000 (15:28 +1300)]
samba-tool rodc: consistently use self.outf, not stdout
This increases the output of some commands from the point of view of
tests which read the outf, so we also need to change those tests a
bit.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 8 Feb 2018 20:51:54 +0000 (09:51 +1300)]
subunit.run: report failure in process return code
The protocol requires that the TestResult object remembers when it has failed, but
in subclassing unittest.TestResult we forgot to ensure this is true.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 1 Feb 2018 21:35:25 +0000 (10:35 +1300)]
python samdb.newuser(): use user DN not samaccountname to set password
This is noticably faster in cases (e.g. tests) where the same user
is added and deleted many times.
The rreason is samaccountname is retained for deleted objects, so the
search finds multiple objects that need to be filtered out internally.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 31 Jan 2018 23:02:29 +0000 (12:02 +1300)]
tests/samba_tool user virtualCryptSHA: remove unused py3 incompatible import
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 31 Jan 2018 23:01:10 +0000 (12:01 +1300)]
tests/password_hash: avoid py3-incompatible md5 module
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 31 Jan 2018 22:56:06 +0000 (11:56 +1300)]
tests/samba-tool user_wdigest: avoid py3-incompatible md5 module
In Python3, the md5 and sha modules are gone, but the functions are
available via hashlib (which is also in python 2.5+).
The md5.hexdigest() does what binascii.hexlify(md5.digest()) does.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 9 Feb 2018 03:51:22 +0000 (16:51 +1300)]
lib/crypto/REQUIREMENTS: DRSUAPI replication replicated secrets was missing from the RC4 section
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Volker Lendecke [Sun, 3 Dec 2017 19:47:02 +0000 (20:47 +0100)]
lib: Make g_lock_locks use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Feb 8 14:50:49 CET 2018 on sn-devel-144
Volker Lendecke [Sun, 3 Dec 2017 19:47:02 +0000 (20:47 +0100)]
lib: Make g_lock_dump use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 3 Dec 2017 19:47:02 +0000 (20:47 +0100)]
lib: Make g_lock_do use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 3 Dec 2017 19:47:02 +0000 (20:47 +0100)]
lib: Make g_lock_write_data use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 3 Dec 2017 19:47:02 +0000 (20:47 +0100)]
lib: Make g_lock_unlock use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 3 Dec 2017 19:47:02 +0000 (20:47 +0100)]
lib: Make g_lock_lock use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 3 Dec 2017 19:47:02 +0000 (20:47 +0100)]
lib: Make g_lock_lock_send use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Garming Sam [Wed, 31 Jan 2018 03:13:14 +0000 (16:13 +1300)]
samba-tool/tests: Check that dns cleanup does not spuriously remove entries
This might happen in the multi-record case.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 8 10:00:13 CET 2018 on sn-devel-144
Garming Sam [Wed, 31 Jan 2018 03:12:05 +0000 (16:12 +1300)]
samba-tool/dns: Clarify the cleanup subcommand
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Garming Sam [Tue, 30 Jan 2018 22:53:40 +0000 (11:53 +1300)]
tests/samba-tool: dns cleanup should work with a missing name
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Garming Sam [Tue, 30 Jan 2018 22:52:34 +0000 (11:52 +1300)]
remove_dc: Allow remove_dns_references to ignore missing server names
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Fri, 12 Jan 2018 01:14:00 +0000 (14:14 +1300)]
samba-tool: add dns cleanup cmd
1. Add new command to cleanup dns records for a dns host name
2. Add test to verify the command is working
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Wed, 24 Jan 2018 16:00:35 +0000 (17:00 +0100)]
tests/samba-tool: add tests for samba-tool group move command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Wed, 24 Jan 2018 17:01:42 +0000 (18:01 +0100)]
docs-xml:samba-tool.8: document "group move" command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Mon, 27 Nov 2017 20:00:07 +0000 (21:00 +0100)]
samba-tool group: implement the group move command
This new command allows to move a a group into an ou or container.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Mon, 18 Dec 2017 15:12:13 +0000 (16:12 +0100)]
tests/samba-tool: add tests for user move command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Wed, 24 Jan 2018 16:59:29 +0000 (17:59 +0100)]
docs-xml:samba-tool.8: document "user move" command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Mon, 27 Nov 2017 19:40:49 +0000 (20:40 +0100)]
samba-tool user: implement the user move command
This new command allows to move an user into an ou or container.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Fri, 8 Dec 2017 11:08:18 +0000 (12:08 +0100)]
samba-tool user: fix some typos
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Wed, 29 Nov 2017 14:22:20 +0000 (15:22 +0100)]
tests/samba-tool: add test for samba-tool user show command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Thu, 25 Jan 2018 09:49:33 +0000 (10:49 +0100)]
docs-xml:samba-tool.8: document "user show" command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Thu, 25 Jan 2018 09:49:17 +0000 (10:49 +0100)]
samba-tool: implement user show command to display a user AD object
This command displays a user account and it's attributes in the
Active Directory domain.
The username specified on the command is the sAMAccountName.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Wed, 24 Jan 2018 17:58:11 +0000 (18:58 +0100)]
docs-xml:samba-tool.8: document ou management commands
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Wed, 29 Nov 2017 15:51:21 +0000 (16:51 +0100)]
tests/samba-tool: add tests for new ou management commands
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Thu, 16 Nov 2017 11:31:11 +0000 (12:31 +0100)]
samba-tool: implement ou management commands
Available subcommands:
create - Create an organizational unit.
delete - Delete an organizational unit.
list - List all organizational units
listobjects - List all objects in an organizational unit.
move - Move an organizational unit.
rename - Rename an organizational unit.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>