Jeremy Allison [Fri, 10 Jun 2016 16:32:32 +0000 (09:32 -0700)]
s4: torture: Added raw readX test to ensure 'reserved' fields are zero.
Passes against Win2k12+, and smbd with the previous patch.
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Sat Jun 18 19:32:22 CEST 2016 on sn-devel-144
Jeremy Allison [Mon, 13 Jun 2016 16:30:25 +0000 (09:30 -0700)]
s3: smbd: In reply_read_and_X() SMB1 server is overwriting part of the 'reserved' zero fields with reply data length.
This occurred due to old code that used to do:
SSVAL(smb_buf(req->outbuf),-2,nread);
to set the reply length. This code was not needed,
as srv_set_message() was already correctly setting
the bcc length and was probably left from much
earlier legacy code.
However, in commit
ddaa65ef6e049a185281c4d5deca4045e3b085e2
this was converted to do:
SSVAL(req->outbuf,smb_vwv11,smb_maxcnt);
This code actually overwrites the last 'reserved'
field in the SMB_COM_READ_ANDX packet reply, but we
never noticed as no client (or server code) looks at or
checks vwv11 in a SMB_COM_READ_ANDX reply.
[MS-SMB] shows for SMB_COM_READ_ANDX reply:
SMB_Parameters
{
UCHAR WordCount;
Words
{
UCHAR AndXCommand;
UCHAR AndXReserved;
USHORT AndXOffset;
USHORT Available;
USHORT DataCompactionMode;
USHORT Reserved1;
USHORT DataLength;
USHORT DataOffset;
USHORT DataLengthHigh;
USHORT Reserved2[4];
}
}
SMB_Data
{
USHORT ByteCount;
Bytes
{
UCHAR Pad[] (optional);
UCHAR Data[variable];
}
and indeed checking wireshark from Win2012R2
we find that smbd is writing the returned
read length into smb_vwv11 and Windows leaves
it as zeros (reserved).
Also fix the same problem in the named pipes code.
Torture test to ensure Reserved2[4] replies
are zero to follow.
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Jeremy Allison [Mon, 13 Jun 2016 16:25:02 +0000 (09:25 -0700)]
s3: smbd: Use common function setup_readX_header() in aio read code.
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Jeremy Allison [Mon, 13 Jun 2016 16:22:56 +0000 (09:22 -0700)]
s3: smbd: Make setup_readX_header() externally accessible
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Jeremy Allison [Mon, 13 Jun 2016 16:20:43 +0000 (09:20 -0700)]
s3: smbd: Remove unused 'req' argument from setup_readX_header()
https://bugzilla.samba.org/show_bug.cgi?id=11845
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Jeremy Allison [Sun, 12 Jun 2016 00:51:16 +0000 (17:51 -0700)]
s3: torture: Add test that proves Win2k12 correctly returns pidlow and pidhigh in SMB1 requests.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Per Forlin [Sat, 11 Jun 2016 00:00:55 +0000 (17:00 -0700)]
s3: smbd: Correctly reflect back SMB_PIDHIGH to a client.
Torture test to follow.
Signed-off-by: Per Forlin <per.forlin@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Jeremy Allison [Fri, 10 Jun 2016 23:51:11 +0000 (16:51 -0700)]
s3: libsmb: Widen the internal client smb1.pid to 32-bits as is used on the wire and in libcli/smb/smb1*.c
Note: This has *NO* effect on the lock context code, as on the
wire for all SMB1 locking requests, the pid used as the lock
context is already truncated down to 16-bits - the field is only
16-bits wide.
This allows the cli_XXX() calls to correctly set pidlow AND pidhigh
in SMB1 requests put on the wire by the libcli/smb/smb1*.c code.
Note that currently the smbd server doesn't correctly return
pidhigh yet - a fix (and tests) for that will follow.
As pidhigh is not checked in any client code (mid is used
to differentiate different requests) this has no effect
other than a correctness fix.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Jeremy Allison [Fri, 10 Jun 2016 23:15:22 +0000 (16:15 -0700)]
s4: libcli: Internal SMB1 pid is already stored as and uses 32-bits. Correct getpid() cast.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Fri, 17 Jun 2016 08:01:19 +0000 (10:01 +0200)]
selftest: Remove nbt wait time
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 17 22:15:09 CEST 2016 on sn-devel-144
Andreas Schneider [Fri, 17 Jun 2016 08:47:06 +0000 (10:47 +0200)]
selftest: Add newlines for info output
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 17 Jun 2016 07:48:19 +0000 (09:48 +0200)]
selftest: Fix indentation in wait_for_start()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 17 Jun 2016 07:23:49 +0000 (09:23 +0200)]
selftest: Consistently check for provision return code
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 17 Jun 2016 11:03:48 +0000 (13:03 +0200)]
selftest: Remove unneeded sleep before first ldbsearch execution
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 17 Jun 2016 11:03:34 +0000 (13:03 +0200)]
selftest: Use the correct smb.conf for ldbsearch
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 15 Jun 2016 03:42:18 +0000 (15:42 +1200)]
lib/ldb-samba: We can confirm a GUID is a GUID by length
The GUID_from_ndr_blob() is pointless and costly
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 17 18:13:56 CEST 2016 on sn-devel-144
Andrew Bartlett [Tue, 14 Jun 2016 08:08:40 +0000 (20:08 +1200)]
selftest: Do not run local.ndr 3 times
This is already run from under source4/selftest/tests.py
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Fri, 17 Jun 2016 00:51:47 +0000 (12:51 +1200)]
flapping: remove samba_dnsupdate from flapping
nsupdate is now installed
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 13 Jun 2016 04:41:08 +0000 (16:41 +1200)]
repl: Avoid excessive stack use and instead sort the links in the heap
The two large stack-based arrays would overflow the stack, this avoids
a duplicate of the struct drsuapi_DsReplicaLinkedAttribute array
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Thu, 9 Jun 2016 05:03:18 +0000 (17:03 +1200)]
getncchanges: Match Windows on linked attribute sort
The order of linked attributes depends on comparison of the NDR packed
GUIDs (not its struct GUID form).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
Garming Sam [Mon, 6 Jun 2016 23:56:49 +0000 (11:56 +1200)]
getncchanges: sort with precalculated target guid array
This avoids reparsing the linked attribute and schema refetching.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
Garming Sam [Mon, 6 Jun 2016 23:57:02 +0000 (11:57 +1200)]
getncchanges: remove some whitespace
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
Garming Sam [Thu, 9 Jun 2016 03:54:25 +0000 (15:54 +1200)]
tests/drs: change sort order in tests to match Windows
Although we attempted to sort by GUID based on DRSR, it is actually
sorted by the ndr packed GUID.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
Garming Sam [Thu, 9 Jun 2016 02:55:57 +0000 (14:55 +1200)]
tests/drs: assert sorted identifier GUIDs across getncchanges
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
Garming Sam [Wed, 8 Jun 2016 22:56:28 +0000 (10:56 +1200)]
tests/drs: make cleanup more robust
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
Garming Sam [Tue, 7 Jun 2016 23:10:58 +0000 (11:10 +1200)]
tests/drs: extend getnc_exop test to check linked attributes
Assert that linked attributes propagate across DRS and come in a
particular sorted order.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
Michael Adam [Wed, 15 Jun 2016 22:15:00 +0000 (00:15 +0200)]
libnet: only create local private krb5.conf if joining an AD domain
This prevents irritating warning messages.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 17 08:13:55 CEST 2016 on sn-devel-144
Jim McDonough [Wed, 15 Jun 2016 19:57:01 +0000 (15:57 -0400)]
winbind: honor 'socket options' in winbind
Set socket options from smb.conf before negprot, as done by libsmbclient
Signed-off-by: Jim McDonough <jmcd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 16 Jun 2016 04:25:59 +0000 (21:25 -0700)]
s4: dns: Correctly check for talloc failure.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jun 16 16:55:15 CEST 2016 on sn-devel-144
Garming Sam [Wed, 15 Jun 2016 04:32:23 +0000 (16:32 +1200)]
flapping: temporarily add samba_dnsupdate test
This should be removed when we can run nsupdate on sn-devel
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Jun 16 08:37:56 CEST 2016 on sn-devel-144
Garming [Tue, 14 Jun 2016 22:05:34 +0000 (10:05 +1200)]
drs: Send DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP by default
This flag is not implemented in Samba, however, on an RODC replicating from
Windows, failing to send this flag leaves out group memberships.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 14 Jun 2016 07:55:44 +0000 (19:55 +1200)]
selftest: Remove print attribute from getnc_exop test
This otherwise fills the logs with every object
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 10 Jun 2016 03:40:59 +0000 (15:40 +1200)]
selftest: Add a DNS test matching Windows
This performs the same steps as Windows does
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Mon, 30 May 2016 22:48:15 +0000 (10:48 +1200)]
dns_server: Fix typo in dns_authoritative_for_zone() name.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 1 Sep 2015 03:58:30 +0000 (15:58 +1200)]
selftest: confirm samba_dnsupdate works in both nsupdate and samba_tool mode
This can be extended, but already checks the basic functionality
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 10 Jun 2016 03:43:37 +0000 (15:43 +1200)]
selftest: Always set up a resolv.conf and use it in samba_dnsupdate
This allows samba_dnsupdate to be tested without resolv_wrapper.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 28 Aug 2015 03:07:49 +0000 (15:07 +1200)]
selftest: Ensure we write 127. addresses into DNS
The --all-interfaces option is required both with and without the dns_host_file
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 12 Aug 2015 23:34:36 +0000 (11:34 +1200)]
samba_dnsupdate: Give the administrator more detail when DNS lookups fail
This avoids treating server errors identically to name-not-present status values
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 11 Aug 2015 00:37:01 +0000 (12:37 +1200)]
samba_dnsupdate: Implement RPC <ZONE> prefix in dns_update_list
This allows us to update the stub records as well as the zone itself.
Based on a proposed syntax by metze.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 10 Aug 2015 00:15:04 +0000 (12:15 +1200)]
samba_dnsupdate: Simplify logic and add more verbose debugging
By reducing the intendation this code is a little clearer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 7 Aug 2015 02:57:20 +0000 (14:57 +1200)]
samba_dnsupdate: Allow admin to force a particular IP into samba_dnsupdate
This should help in deployements beyind NAT.
It will also help in testing.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 2 Mar 2015 00:37:54 +0000 (13:37 +1300)]
dns_update_list: Add in NS records
This is as suggested by metze in
4383ec5b83d12bd19749582217f082cbaa31a128
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 25 Feb 2015 23:29:23 +0000 (12:29 +1300)]
samba_dnsupdate: Add a mode that calls samba-tool dns, rather than nsupdate
This mode is more likely to work when we change hostname or IP
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andreas Schneider [Tue, 25 Aug 2015 15:26:05 +0000 (17:26 +0200)]
samba_dnsupdate: Work around a bug in nsupdate
The doio_send() function of bind fails on a short write with sendmsg().
See https://bugzilla.redhat.com/show_bug.cgi?id=
1250921
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 26 May 2016 02:12:40 +0000 (14:12 +1200)]
samba_dnsupdate: Fix typo in -no-substitutions name
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Tue, 7 Jun 2016 23:11:15 +0000 (11:11 +1200)]
tests/drs: cleanup some whitespace
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
Garming Sam [Wed, 8 Jun 2016 02:19:42 +0000 (14:19 +1200)]
drsuapi.idl: Add attid used in testing in idl
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
Andrew Bartlett [Thu, 9 Jun 2016 02:56:02 +0000 (14:56 +1200)]
selftest: Check a user with only primaryGroupID is correct in samr.GetUserGroups() reply
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 9 Jun 2016 02:55:24 +0000 (14:55 +1200)]
selftest: Test that primaryGroupID is first in samr.GetUserGroups() reply
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 9 Jun 2016 02:54:47 +0000 (14:54 +1200)]
selftest: Add alias membership to the tokengroups test
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 8 Jun 2016 04:49:01 +0000 (16:49 +1200)]
s4-samr: Rework GetGroupsForUser to use memberOf
By reading the SID values from the memberOf links, we avoid an un-indexed search on
the member attribute.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 7 Jun 2016 03:43:29 +0000 (15:43 +1200)]
s4-libcli/raw: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 7 Jun 2016 03:43:13 +0000 (15:43 +1200)]
s4-kcc: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 7 Jun 2016 03:43:01 +0000 (15:43 +1200)]
s3-vfs/snapper: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 7 Jun 2016 03:42:41 +0000 (15:42 +1200)]
s3-libnet: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 7 Jun 2016 03:42:33 +0000 (15:42 +1200)]
s3-client: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 7 Jun 2016 03:42:23 +0000 (15:42 +1200)]
libgpo: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 7 Jun 2016 03:42:15 +0000 (15:42 +1200)]
libcli/smb: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 8 Jun 2016 02:46:07 +0000 (14:46 +1200)]
selftest: Expand tokenGroups test to also compare with samr.GetGroupsForUser
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 8 Jun 2016 02:45:47 +0000 (14:45 +1200)]
selftest: Expand tokenGroups test to also build nested groups
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 9 Jun 2016 02:56:44 +0000 (14:56 +1200)]
s4-samr: Fix samr.QueryUserInfo level 1 primary group
Because of this typo, the primary group ID was returned as 0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 31 May 2016 02:54:45 +0000 (14:54 +1200)]
samba-tool domain join: Refuse to re-join a DC with a still-valid password
While the DC will eventually get back to the same state, it can take a
while, so try harder not to overwrite our already-working account
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 3 Jun 2016 02:50:55 +0000 (14:50 +1200)]
samba-tool: Improve fsmo handling
This makes a clear seperation between data and display variables
and improves the tests.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 1 Jun 2016 09:27:07 +0000 (21:27 +1200)]
selftest: Rebase DrsBaseTestCase on SambaToolCmdTest
This then makes SambaToolCmdTest based on BlackboxTestCase.
This allows us to use better command output testing in the fsmo tests
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Wed, 4 May 2016 12:26:16 +0000 (14:26 +0200)]
selftest: add test for DNS updates with TKEY/TSIG
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Jun 16 04:07:41 CEST 2016 on sn-devel-144
Ralph Boehme [Mon, 30 May 2016 14:44:00 +0000 (16:44 +0200)]
s4/dns_server: enable sending of TSIG error records
This final patch enables sending TSIG error records by adding
DNS_RCODE_NOTAUTH to the set of error conditions that are allowed to
trigger sending a full generated response.
See RFC 2845 "4.5.1. KEY check and error handling" and "4.5.3. MAC check
and error handling".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Mon, 30 May 2016 14:42:14 +0000 (16:42 +0200)]
s4/dns_server: prepare sending correct error responses for dns_verify_tsig() errors
Call dns_verify_tsig() after updating state.flags and assign and use
out_packet for dns_verify_tsig().
We will need the updated flags when sending TSIG error responses when
TSIG request MAC verification fails and dns_verify_tsig() uses the
passed in packet as response, so we have to make sure we copy in_packet
to out_packet before calling out and pass out_packet.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Mon, 30 May 2016 15:25:56 +0000 (17:25 +0200)]
s4/dns_server: don't compute TSIG MAC in TSIG error records
See RFC 2845 "4.3. TSIG on TSIG Error returns".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Mon, 30 May 2016 14:40:45 +0000 (16:40 +0200)]
s4/dns_server: error codes for failing MAC verification in TSIG requests
According to RFC 2845 "4.5.3. MAC check and error handling" we must
return NOTAUTH and DNS_RCODE_BADSIG when MAC verification fails.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Mon, 30 May 2016 14:37:32 +0000 (16:37 +0200)]
s4/dns_server: ensure we store the key name in error code paths
We need the TKEY name when adding TSIG records to error responses.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Mon, 30 May 2016 14:56:21 +0000 (16:56 +0200)]
s4/dns_server: not finding the key here is a fatal error
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Mon, 30 May 2016 14:03:33 +0000 (16:03 +0200)]
s4/dns_server: split out function that does the MAC computation
Split out function that does the MAC computation from the TSIG record
creating function. This will later simplify the code when creating error
responsed to TSIG requests with bad MACs where we have to add the TSIG
record with an empty MAC.
No functional behaviour change besides hard coding "gss-tsig" algorithm
name: later when sending a TSIG error response for a TKEY request with a
bad keyname, we won't have a tkey to fetch the algorithm name from.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Mon, 23 May 2016 17:09:05 +0000 (19:09 +0200)]
s4/dns_server: include request MAC in TSIG response MAC calculation
According to RFC 2845 "4.2 TSIG on Answers", when the request is signed,
the request MAC must be included in the response MAC calculation.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Sat, 14 May 2016 17:08:51 +0000 (19:08 +0200)]
librpc/dns: remove original_id from dns_fake_tsig_rec
Cf RFC2845, 3.4.2. "TSIG Variables", the request id (original_id) is not
used in the MAC calculation. This also explains the mysterious 2 bytes
padding.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Tue, 17 May 2016 12:34:52 +0000 (14:34 +0200)]
librpc/dns: don't compress strings in TKEY and TSIG responses
Certain DNS clients fail TSIG record MAC validation if the TSIG record
contains compressed strings.
Windows DNS server behaviour seems to be to not send compressed names in
TKEY and TSIG records.
This patch ensures we conform to this behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Tue, 17 May 2016 10:30:46 +0000 (12:30 +0200)]
librpc/ndr: add flag LIBNDR_FLAG_NO_COMPRESSION
This flag can be used to change marshalling behaviour with regard to
compression.
Example: DNS packets make use of so called DNS name compression which
means that for identical strings in a DNS packet, the second string is
replaced with a reference (an offset) to the first.
Setting this flag requests to turns off the marshalling compression.
This will be used in the next commit to prevent name compression in DNS
TSIG records.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Günther Deschner [Tue, 31 May 2016 16:47:34 +0000 (18:47 +0200)]
s3:libnet: accept empty realm for AD domains when only security=domain is set.
Initial patch from Matt Rogers @ RedHat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977
Guenther
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jun 15 20:28:31 CEST 2016 on sn-devel-144
Günther Deschner [Wed, 15 Jun 2016 14:04:29 +0000 (16:04 +0200)]
s3-libnet: Print error string even on successfuly completion of libnetjoin.
Sometimes useful information should be printed to the users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Wed, 15 Jun 2016 14:05:58 +0000 (16:05 +0200)]
s3-libnetapi: Correctly check for lp_realm.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Alexander Bokovoy [Tue, 14 Jun 2016 19:37:31 +0000 (22:37 +0300)]
libnet_join: use sitename if it was set by pre-join detection
When domain member is joined to AD, we need to use the same DC to
authenticate against after the join because the machine account might
not be replicated yet to other domain controllers, including off-site.
Bug https://bugzilla.samba.org/show_bug.cgi?id=11769 dealt with
detection of the site pre-join. However, we rewrite private local
krb5.conf afterwards without taking the discovered site name into
account.
Fix this by reusing the site discovered pre-join.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11975
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 15 15:25:44 CEST 2016 on sn-devel-144
Volker Lendecke [Fri, 10 Jun 2016 09:40:33 +0000 (11:40 +0200)]
lib: Add a little closefrom() test
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jun 13 14:11:11 CEST 2016 on sn-devel-144
Volker Lendecke [Thu, 9 Jun 2016 19:27:09 +0000 (21:27 +0200)]
libreplace: Add a closefrom() implementation
There is closefrom in some BSDs, but Linux ships this only as part
of libbsd. Add a new implementation of it in libreplace. The one in
libbsd of jessie and upstream differ and it has for example optimizations
for FreeBSD, but it gets some of the array calculations slightly wrong
from my point of view. If you want those, use libbsd. This replacement
is optimized on Linux only looking at /proc/self/fd/, everything else
would do the OPEN_MAX brute force fallback.
Signed-off-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Mon, 30 May 2016 09:18:48 +0000 (11:18 +0200)]
lib: Fix a signed/unsigned mixup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Fri, 10 Jun 2016 14:51:18 +0000 (16:51 +0200)]
s3-winbind: Fix schannel connections against trusted domain DCs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Michael Adam [Wed, 8 Jun 2016 10:32:04 +0000 (12:32 +0200)]
ctdb: use properly configured ctdb in debug-hung-script.sh
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Jun 11 10:23:03 CEST 2016 on sn-devel-144
Michael Adam [Wed, 8 Jun 2016 10:28:56 +0000 (12:28 +0200)]
ctdb: use properly configured ctdb in statd-callout
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 11:05:03 +0000 (13:05 +0200)]
ctdb: use properly configured ctdb in 99.timeout
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 11:04:48 +0000 (13:04 +0200)]
ctdb: use properly configured ctdb in 91.lvs
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 10:44:28 +0000 (12:44 +0200)]
ctdb: use properly configured ctdb in 70.iscsi
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 10:37:00 +0000 (12:37 +0200)]
ctdb: use properly configured ctdb in 10.interfaces
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 11:23:07 +0000 (13:23 +0200)]
ctdb: use properly configured ctdb in 13.per_ip_routing
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 11:22:44 +0000 (13:22 +0200)]
ctdb: use properly configured ctdb in 10.external
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 11:22:24 +0000 (13:22 +0200)]
ctdb: use properly configured ctdb in 01.reclock
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 11:21:56 +0000 (13:21 +0200)]
ctdb: use properly configured ctdb in 00.ctdb
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Tue, 7 Jun 2016 07:44:53 +0000 (07:44 +0000)]
ctdb: use properly configured ctdb in ctdbd_wrapper
This makes ctdbd_wrapper usable in non-standard installs.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 10:28:36 +0000 (12:28 +0200)]
ctdb: use properly configured ctdb in functions
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Thu, 9 Jun 2016 11:55:29 +0000 (13:55 +0200)]
ctdb: make sure scripts using $CTDB called by test find ctdb
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 10:08:35 +0000 (12:08 +0200)]
ctdb: set the path to 'ctdb' in 'functions' in CTDB
Allow this to be overridden from the caller.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Andreas Schneider [Tue, 7 Jun 2016 11:49:39 +0000 (13:49 +0200)]
s3-script: Install the findsmb script
When we transitioned from autotools to waf we dropped installing the
findsmb script. However we create and install the manpage for it so
install it in the system again.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 9 19:10:15 CEST 2016 on sn-devel-144
Andreas Schneider [Tue, 7 Jun 2016 08:23:59 +0000 (10:23 +0200)]
selftest: Set the correct hostname
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>