Gary Lockyer [Thu, 22 Mar 2018 22:27:10 +0000 (11:27 +1300)]
ldb_tdb: Do not make search or DB modifications without a lock
The ldb_cache startup code would previously not take a read lock
nor a sufficiently wide write transaction.
The new code takes a read lock, and if it needs to write takes a
write lock (transaction) and re-reads before continuing.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 19 Mar 2018 22:25:28 +0000 (11:25 +1300)]
ldb: make key/value backends expose if there is an active transaction
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 6 Mar 2018 02:27:51 +0000 (15:27 +1300)]
ldb_tdb: Make sure max_key_length != 0 requires a GUID index mode
We need to enforce the GUID index mode so end-users do not get a supprise
in mid-operation and we enforce a max key length of 511 so that the
index key trunctation is done correctly.
Otherwise the DB will appear to work until a very long key (DN or index)
is used, after which it will be sad.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 12 Apr 2018 12:31:20 +0000 (14:31 +0200)]
ldb/tests: don't use TEVENT_DEPRECATED in ldb_kv_ops_test.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 11 Apr 2018 13:11:10 +0000 (15:11 +0200)]
torture: Test compound request request counters
This will send an unfixed smbd into the
SMB_ASSERT(op->request_count > 0);
in smbd_smb2_request_reply_update_counts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Apr 12 14:38:39 CEST 2018 on sn-devel-144
Stefan Metzmacher [Wed, 11 Apr 2018 10:14:59 +0000 (12:14 +0200)]
s3:smb2_server: correctly maintain request counters for compound requests
If a session expires during a compound request chain,
we exit smbd_smb2_request_dispatch() with
'return smbd_smb2_request_error(req, ...)' before
calling smbd_smb2_request_dispatch_update_counts().
As req->request_counters_updated was only reset
within smbd_smb2_request_dispatch_update_counts(),
smbd_smb2_request_reply_update_counts() was called
twice on the same request, which triggers
SMB_ASSERT(op->request_count > 0);
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
David Mulder [Wed, 11 Apr 2018 18:45:40 +0000 (12:45 -0600)]
gpo: python chardet is not a dep of samba
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Apr 12 11:27:03 CEST 2018 on sn-devel-144
David Mulder [Wed, 11 Apr 2018 18:40:18 +0000 (12:40 -0600)]
libgpo: gpo_copy_file() shouldn't explicitly call smb1
Don't call cli_openx directly to open a file this
calls smb1 code explicitly, which fails if we did
a multi-protocol negotiate and negotiated smb2+.
Use the higher level cli_open() instead.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Tue, 10 Apr 2018 21:07:34 +0000 (15:07 -0600)]
param: Add python binding for lpcfg_cache_path
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Mon, 12 Mar 2018 15:44:38 +0000 (09:44 -0600)]
gpo: Create a gp_sec_ext module
Move the gp_sec_ext into it's own module,
which is how new gp_ext's will be created.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Thu, 29 Mar 2018 14:32:02 +0000 (08:32 -0600)]
gpo: Move implementation from samba_gpoupdate
The implementation of group policy apply should
not be in the application script. One reason is
to implement user apply, we can call these
functions via the python c-api, (passing creds
via the command line will expose them via ps).
Another reason for this is if some overrides
the smb.conf "gpo update command" option, it
would be useful to have these functions.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Thu, 29 Mar 2018 14:25:05 +0000 (08:25 -0600)]
gpo: Create base class gp_inf_ext
Abstract the process of reading from an ini file,
since other extensions will be reading gpos this
way.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Thu, 29 Mar 2018 14:05:21 +0000 (08:05 -0600)]
gpo: Move the file parse function to gp_ext
A file will always be read from the sysvol the
same way, but the data will be read differently.
This patch moves the parse function to gp_ext,
and requires subclasses to implement the read()
function to interpret the data.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Thu, 29 Mar 2018 15:07:53 +0000 (09:07 -0600)]
gpo: Move gp_sec_ext __init__ to base class
For this class to be extensible, the constructor
should be available to subclasses.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Thu, 29 Mar 2018 14:00:15 +0000 (08:00 -0600)]
gpo: Rename the inf_to class to gp_ext_setter
This class will be subclassed and used for more
than just inf settings application.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Arvid Requate [Wed, 11 Apr 2018 19:46:25 +0000 (21:46 +0200)]
Check "auth event notification" param in log_json
When Samba is compiled with JSON support it logs an error message
at log level 3 by default for every authentication event:
get_auth_event_server: Failed to find 'auth_event' registered on the
message bus to send JSON authentication events to:
NT_STATUS_OBJECT_NAME_NOT_FOUND
This patch adjusts the log_json function to consider the smb.conf
parameter "auth event notification" before calling auth_message_send.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13381
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr 12 08:12:39 CEST 2018 on sn-devel-144
Gary Lockyer [Tue, 13 Mar 2018 03:43:54 +0000 (16:43 +1300)]
ldb-samba: require pid match for cached ldb
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 15 Mar 2018 00:44:52 +0000 (13:44 +1300)]
ldb_wrap: Remove the magic cache of database handles except for sam.ldb
sam.ldb is handled in samdb_connect_url(), not this function.
This cache caused issues when "private dir" was changed in a testing script, but also
just generates many-owner shared mutable state that is frowned upon these days.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Apr 2018 01:34:56 +0000 (13:34 +1200)]
dsdb: Use talloc_get_type_abort() in schema_load_{start,end}_transaction
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13379
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 9 Apr 2018 06:13:59 +0000 (18:13 +1200)]
dsdb: ensure we take out a read lock during the dsdb_init
We have to also take it out in the partitions code when we load the
partition backends.
This ensures that the init handlers hold a whole-db lock just as the
search code does.
To ensure the locking count in schema_load is balanced, the
private data is now created in the first lock_read() call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13379
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Wed, 11 Apr 2018 00:29:18 +0000 (12:29 +1200)]
dsdb: Rework schema reload during the read lock
Rather than refusing the reload based on making cached sequence numbers match
just load it once at the time the DB is globally locked, if required.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13379
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Apr 2018 23:58:22 +0000 (11:58 +1200)]
dsdb: Load schema during the read_lock() hook, not the search
This should trigger slightly less often and is the more correct place, as
we only load it during the first lock when not in a transaction.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13379
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 10 Apr 2018 04:34:21 +0000 (16:34 +1200)]
dsdb: Allow search before init() is called in extended_dn_out
This matches the earlier check of p && p->normalise.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13379
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 9 Apr 2018 19:54:20 +0000 (07:54 +1200)]
dsdb: Move ldb_set_default_dns() into rootdse_get_private_data()
This call needs to be done at the very first chance, in this case
during the first call to the lock_read() hook, otherwise the
schema_data module can't find the schema.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13379
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 9 Apr 2018 19:58:07 +0000 (07:58 +1200)]
dsdb: Create rootdse_get_private_data()
This will get the private data on the first call, allowing that not to be
the init() hook.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13379
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Wed, 11 Apr 2018 00:51:49 +0000 (12:51 +1200)]
selftest: Make a transaction before @INDEXLIST etc is checked in dsdb_schema_attributes.py
This helps us remove the write to the database from the (soon to be
read locked) init code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13379
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 9 Apr 2018 09:59:01 +0000 (21:59 +1200)]
dsdb: Wait until a transaction starts to call dsdb_schema_set_indices_and_attributes()
This avoids starting a transaction in schema_load_init() and allows it
to operate with a read lock held, which will avoid locking issues
(deadlock detected due to lock odering if we do not have a global
read lock).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13379
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 9 Apr 2018 09:15:25 +0000 (21:15 +1200)]
dsdb: Allow search before init() call in encrypted_secrets
Simply do not decrypt anything until the init call is run.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13379
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 9 Apr 2018 05:51:57 +0000 (17:51 +1200)]
dsdb: Do not create a transaction in partition_init()
This will allow us to lock the databases for read during all of the Samba init
hooks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13379
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 9 Apr 2018 02:52:47 +0000 (14:52 +1200)]
dsdb: Ensure to cancel the transaction if we fail to save the prefixMap
This rare error case forgot to call ldb_transaction_cancel()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 15 Mar 2018 00:42:17 +0000 (13:42 +1300)]
ldb_wrap: Remove ldb_transaction_cancel_noerr from ldb_wrap_fork_hook()
Writing to a TDB, without locks (these are per-process) in a forked child is never going to
end well, if a transaction is open at this point we have bigger problems.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Wed, 11 Apr 2018 10:47:03 +0000 (22:47 +1200)]
dsdb: check for dSHeuristics more carefully
This check would pass if the dSHeuristics was treated as always being
000000000 for searches which is not enough, we must check for a value
of
000000001 (userPassword enabled).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13378
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Wed, 11 Apr 2018 10:49:31 +0000 (22:49 +1200)]
dsdb: Check for userPassword support after loading the databases
The net result of this is only that userPassword values (which were
world readable when set) would still be visible after userPassword
started setting the main DB password.
In AD, those values become hidden once the dSHeuristics bit is set,
but Samba lost that when fixing a performance issue with
f26a2845bd42e580ddeaf0eecc9b46b823a0c6bc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13378
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Jeremy Allison [Wed, 11 Apr 2018 17:33:22 +0000 (10:33 -0700)]
s3: tests: Regression test to ensure we can never return a DIRECTORY attribute on a stream.
Tests streams_xattr and also streams_depot.
Inspired from a real-world test case by Andrew Walker <awalker@ixsystems.com>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13380
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 12 02:04:28 CEST 2018 on sn-devel-144
Jeremy Allison [Wed, 11 Apr 2018 18:05:14 +0000 (11:05 -0700)]
s3: smbd. Generic fix for incorrect reporting of stream dos attributes on a directory
According to MS-FSA a stream name does not have
separate DOS attribute metadata, so we must return
the DOS attribute from the base filename. With one caveat,
a non-default stream name can never be a directory.
As this is common to all streams data stores, we handle
it here instead of inside all stream VFS modules.
Otherwise identical logic would have to be added to
all streams modules in their [f]get_dos_attribute_fn()
VFS calls.
Found in real-world use case by Andrew Walker <awalker@ixsystems.com>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13380
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 11 Apr 2018 15:41:00 +0000 (08:41 -0700)]
s3: vfs: vfs_streams_xattr: Don't blindly re-use the base file mode bits.
When returning the stat struct for an xattr stream,
we originally base the st_ex_mode field on the value
from the base file containing the xattr. If the base
file is a directory, it will have S_IFDIR set in st_ex_mode,
but streams can never be directories, they must be reported
as regular files.
The original code OR'ed in S_IFREG, but neglected to
AND out S_IFDIR.
Note this is not a complete to fix bug 13380 as
it doesn't fix the generic case with all streams
modules. See later fix and regression test.
Found in real-world use case by Andrew Walker <awalker@ixsystems.com>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13380
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Volker Lendecke [Wed, 11 Apr 2018 06:27:41 +0000 (08:27 +0200)]
credentials: Fix CID
1414796 Explicit null dereferenced
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 11 21:58:00 CEST 2018 on sn-devel-144
Volker Lendecke [Wed, 11 Apr 2018 06:26:33 +0000 (08:26 +0200)]
credentials: Fix line length
... just because I'll modify that line in the next commit
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 11 Apr 2018 06:21:23 +0000 (08:21 +0200)]
credentials: Revert "credentials: Fix CID
1414796 Explicit null dereferenced"
This reverts commit
90c02ec64d0e3c860f8d6906cf849bdd2c7bcc54.
We have code to take care of password==NULL, this CID must be fixed in a
different way
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Apr 2018 19:27:47 +0000 (21:27 +0200)]
smbd: Fix CID
1414783 Double unlock
The loop is unnecessary, both susv4 as well as the Linux manpage
explicitly say:
> These functions shall not return an error code of [EINTR].
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Apr 2018 19:18:15 +0000 (21:18 +0200)]
dnsrpc: Use TALLOC_FREE instead of an explicit if-statement
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Apr 2018 19:13:37 +0000 (21:13 +0200)]
winbind: Fix CID
1427625 Calling risky function
Probably not really a problem, but we have generate_random(), so why not
use it?
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Apr 2018 19:05:09 +0000 (21:05 +0200)]
vfs_fruit: Fix CID
1416474 Dereference null return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Apr 2018 18:58:11 +0000 (20:58 +0200)]
tevent: Fix CID
1414792 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 11 Apr 2018 08:42:21 +0000 (10:42 +0200)]
rpc_server: Init local_server_* in make_internal_rpc_pipe_socketpair
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13370
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Apr 11 15:19:19 CEST 2018 on sn-devel-144
Andrew Bartlett [Tue, 10 Apr 2018 04:37:45 +0000 (16:37 +1200)]
lib/util: Call log_stack_trace() in smb_panic_default()
This matches the AD DC with the behaviour in smbd.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 11 04:03:07 CEST 2018 on sn-devel-144
Andrew Bartlett [Tue, 10 Apr 2018 04:35:07 +0000 (16:35 +1200)]
lib/util: Move log_stack_trace() to common code
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Tue, 10 Apr 2018 04:06:12 +0000 (16:06 +1200)]
lib/util: Log PANIC before calling pacic action just like s3
This is like the changes made in s3 by
4fa555980070d78b39711ef21d77628d26055bc2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Tue, 10 Apr 2018 03:54:10 +0000 (15:54 +1200)]
s3-lib: Remove support for libexc for IRIX backtraces
IRIX is long dead, and this code needs become_root() which is not in
the top level code.
Additionally, the check for libexc never made it into waf, so this
has been dead code since Samba 4.1.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 10 Mar 2018 17:06:03 +0000 (18:06 +0100)]
libsmb: Pass "account_name/flags" through nb_getdc
Don't hardcode values that we might want to change later
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 10 Mar 2018 17:06:03 +0000 (18:06 +0100)]
libsmb: Pass "account_name/flags" through prep_getdc_request
Don't hardcode values that we might want to change later
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 10 Mar 2018 17:01:08 +0000 (18:01 +0100)]
libsmb: Introduce a helper variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 5 Jan 2018 13:21:05 +0000 (14:21 +0100)]
libsmb: Give dsgetdcname.c its own header
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 10 Mar 2018 14:31:11 +0000 (15:31 +0100)]
libsmb: Give namequery.c its own header
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 10 Mar 2018 14:35:43 +0000 (15:35 +0100)]
libsmb: Remove unused trustdom_cache.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 25 Jan 2018 13:21:22 +0000 (14:21 +0100)]
nmbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 25 Jan 2018 13:07:53 +0000 (14:07 +0100)]
nmbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Apr 2018 14:58:46 +0000 (16:58 +0200)]
tdbtool: Use tdb_wipe_all in "erase" command
This is a lot quicker on large, fragmented databases. tdb_delete can
leave the freelist in a fragmented mess.
Also, it's a lot more robust: I've got a 4GB tdb file that was affected
by the problem fixed with
c7211882a79. These databases have large space
at the end that is not part of any record or freelist
entry. tdb_wipe_all converts this space into a freelist entry. One
downside is that with those broken databases (which should not happen
after
c7211882a79) have unallocated blocks in their file range after
this operation.
I think the speed advantage outweighs this disadvantage.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
William Brown [Tue, 10 Apr 2018 04:51:06 +0000 (14:51 +1000)]
s4:ldb/password_hash.c: improve krb5 context error message
When heimdal encounters a MIT krb5.conf that it does not understand,
it would emit an "ldb operations error". Sadly this does not help
or communicate to the administrator the root cause of the issue.
Improve the error message for when krb init fails during password_hash.c
Signed-off-by: William Brown <william@blackhats.net.au>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Mon, 9 Apr 2018 16:32:23 +0000 (09:32 -0700)]
s3: smbd: Unix extensions attempts to change wrong field in fchown call.
Cut and paste error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13375
Reported-by: Rungta, Vandana <vrungta@amazon.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Apr 10 00:45:56 CEST 2018 on sn-devel-144
Jeremy Allison [Fri, 6 Apr 2018 20:52:52 +0000 (13:52 -0700)]
s3: smbd: Fix memory leak in vfswrap_getwd()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13372
Signed-off-by: Andrew Walker <awalker@ixsystems.com>.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Apr 9 21:48:12 CEST 2018 on sn-devel-144
Ralph Wuerthner [Thu, 29 Mar 2018 08:00:41 +0000 (10:00 +0200)]
s3:smb2_tcon: Add check to prevent non-DFS clients from connecting to an msdfs proxy.
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 7 05:05:22 CEST 2018 on sn-devel-144
Volker Lendecke [Fri, 6 Apr 2018 13:57:36 +0000 (15:57 +0200)]
pdb_nds: Fix CID
1273401 Unused value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Apr 2018 09:04:24 +0000 (11:04 +0200)]
idmap: Fix CID
1363261 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Apr 2018 09:02:48 +0000 (11:02 +0200)]
idmap: Use TALLOC_FREE instead of explicit code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 12 Jan 2018 11:29:17 +0000 (12:29 +0100)]
s4/torture: spelling fix in vfs_fruit test
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 12 Jan 2018 11:28:18 +0000 (12:28 +0100)]
s4/torture: spelling fix in vfs_fruit test
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 11 Jan 2018 11:25:49 +0000 (12:25 +0100)]
s4/test: fix AAPL size check
A recent commit changed the ModelString from "Samba" to "MacSamba".
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Wed, 28 Feb 2018 19:05:34 +0000 (12:05 -0700)]
winbindd: Do not ignore domain in the LOOKUPNAME request
A LOOKUPNAME request with a domain and a name containing a winbind
separator character would return the result for the joined domain,
instead of the specified domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 6 21:03:31 CEST 2018 on sn-devel-144
Christof Schmitt [Wed, 28 Feb 2018 20:10:43 +0000 (13:10 -0700)]
Add test for wbinfo name lookup
This demonstrates that wbinfo -n / --name-to-sid returns information
instead of failing the request. More specifically the query for
INVALIDDOMAIN//user returns the user SID for the joined domain, instead
of failing the request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Christof Schmitt [Fri, 30 Mar 2018 21:35:03 +0000 (14:35 -0700)]
nsswitch: Fix wbcListGroups test
With an AD DC, wbcListGroups returns the users in the DOMAIN SEPARATOR
GROUPNAME format. The test then calls wbcLookupName with the domain
name and the previous string (including domain and separator) as
username. Fix this by passing the correct username and adding some
additional checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Christof Schmitt [Fri, 30 Mar 2018 21:28:46 +0000 (14:28 -0700)]
nsswitch: Fix wbcListUsers test
With an AD DC, wbcListUsers returns the users in the DOMAIN SEPARATOR
USERNAME format. The test then calls wbcLookupName with the domain name
and the previous string (including domain and separator) as username.
Fix this by passing the correct username and adding some additional
checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Christof Schmitt [Fri, 16 Mar 2018 20:52:14 +0000 (13:52 -0700)]
test_smbclient_s3.sh: Use correct separator in "list with backup privilege" test
Samba selftest uses the forward slash as winbind separator and in the
USERNAME passed to the test. "net sam rights" expect the backslash. Map
the separator used in selftest to a backslash to avoid creating an
incorrect username DOMAIN\DOMAIN/USERNAME.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 6 Apr 2018 11:42:35 +0000 (13:42 +0200)]
ldb: Fix trailing whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Apr 6 17:57:04 CEST 2018 on sn-devel-144
Ralph Boehme [Fri, 6 Apr 2018 09:27:52 +0000 (11:27 +0200)]
ldb/tests: remove lmdb.h include from test
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Apr 6 14:58:48 CEST 2018 on sn-devel-144
Andrew Bartlett [Fri, 6 Apr 2018 04:21:15 +0000 (16:21 +1200)]
samba-tool: Use same method for removing trailing $ as elsewhere in the tool
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr 6 09:30:14 CEST 2018 on sn-devel-144
Andrew Bartlett [Fri, 6 Apr 2018 04:20:22 +0000 (16:20 +1200)]
samba-tool: Escape username and computername in ldb search filter
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Thu, 5 Apr 2018 15:14:32 +0000 (17:14 +0200)]
s3-mdssvc: allow build with --enable-spotlight and libtracker-sparql-2.0
adds libtracker-sparql version 2.0 to configure check with pkg-config.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Fri, 16 Mar 2018 03:39:08 +0000 (16:39 +1300)]
docs-xml:samba-tool.8: improve doc for computer management commands
Add docs for new options:
1. --ip-address
2. --service-prinicipal-name
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Wed, 7 Mar 2018 09:15:06 +0000 (10:15 +0100)]
docs-xml:samba-tool.8: document computer management commands
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Tue, 13 Mar 2018 03:47:58 +0000 (16:47 +1300)]
samba-tool: improve computer management commands
This pathch is based on Björn Baumbach's work:
1. Add `--ip-address` option for create subcommand, to allow user set DNS
A or AAAA records while creating the computer.
2. Delete above DNS records while deleting the computer.
3. Add `--service-principal-name` option for create command, to allow user
set `servicePrincipalName` while creating the computer.
4. Tests.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Tue, 6 Feb 2018 21:11:12 +0000 (22:11 +0100)]
tests/samba-tool: add tests for new computer management commands
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Thu, 7 Dec 2017 20:38:28 +0000 (21:38 +0100)]
samba-tool: implement computer management commands
Usage: samba-tool computer <subcommand>
Computer management.
Available subcommands:
create - Create a new computer.
delete - Delete a computer.
list - List all computers.
move - Move a computer to an organizational unit/container.
show - Display a computer AD object
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Gary Lockyer [Wed, 21 Mar 2018 23:50:45 +0000 (12:50 +1300)]
upgradeprovision: detect and handle lmdb databases
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr 6 05:12:11 CEST 2018 on sn-devel-144
Gary Lockyer [Thu, 22 Mar 2018 22:23:39 +0000 (11:23 +1300)]
ldb: Unwind transaction counter if start_transaction fails
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Tue, 20 Mar 2018 00:14:38 +0000 (13:14 +1300)]
source3: initilize_password_db after a fork.
This is required because we need a new pointer for LDB after the fork,
and with LMDB we can not longer rely on tdb_reopen_all() to do that
for us.
This can not be done in reinit_after_fork() due to the dependency loop
this would create.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 6 Feb 2018 22:10:34 +0000 (11:10 +1300)]
dsdb: add lmdbLevelOne as a required feature.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 22 Mar 2018 21:58:11 +0000 (10:58 +1300)]
provision: Set @INDEXLIST first when building dummy sam.ldb
The new LMDB backed will not allow normal records to be added before the @INDEXLIST
as this is what forces the GUID index mode.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Tue, 20 Mar 2018 01:38:19 +0000 (14:38 +1300)]
provision: allow provisioning of a different database backend
This sets the backendStore field in @PARTITION, depending on which
argument you set in the provision.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 4 Apr 2018 04:17:51 +0000 (16:17 +1200)]
python: Add wrapper of mdb_copy that we can call from python
This is like the use of tdbbackup for tdb files.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 19 Mar 2018 23:15:12 +0000 (12:15 +1300)]
ldb tests: add cmocka tests of kv operations
Add tests for the behaviour the ldb layer expects the key value layer to
provide. This should make it easier to add another KV store
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 14 Mar 2018 22:37:06 +0000 (11:37 +1300)]
ldb_tdb: ltdb_tdb_delete require active transaction
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 14 Mar 2018 22:36:33 +0000 (11:36 +1300)]
ldb_tdb: ltdb_tdb_store require active transaction
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 14 Mar 2018 22:33:32 +0000 (11:33 +1300)]
ldb_tdb: ltdb_tdb_parse_record map tdb error codes
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 19 Mar 2018 22:20:35 +0000 (11:20 +1300)]
ldb tests: ldb_mod_op_test use correct ldb to create dn
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 12 Mar 2018 23:43:25 +0000 (12:43 +1300)]
ldb test: close pipes to stop forked tests failing on failure
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 12 Mar 2018 19:45:28 +0000 (08:45 +1300)]
ldb index: Add tests for truncated base 64 index keys
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 4 Apr 2018 02:00:57 +0000 (14:00 +1200)]
ldb_tdb: A more robust check for if we can fit the index string in
This avoids magic numbers and also is careful against overflow
from a long attr_for_dn.
This is done as a distinct commit to make the previous behaviour
change more clear, and to show that this does not change the
calculations, only improves the overflow check.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Mon, 12 Mar 2018 19:10:54 +0000 (08:10 +1300)]
ldb index: Fix truncation key length calculation
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 22 Mar 2018 22:10:25 +0000 (11:10 +1300)]
ldb: Allow GUID index mode to be tested on TDB
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>