William Brown [Sat, 28 Apr 2018 05:22:29 +0000 (15:22 +1000)]
python/samba/netcmd/schema.py: add schema query and management.
Schema management in active directory is complex and dangerous. Having
a tool that safely wraps administrative tasks as well as allowing query
of the schema will make this complex topic more accessible to administrators.
Signed-off-by: William Brown <william@blackhats.net.au>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
William Brown [Thu, 26 Apr 2018 03:59:06 +0000 (13:59 +1000)]
python/samba/netcmd/group.py: add group show
The samba-tool user command can show the ldif of a user. This is
useful for groups also, especially to determine the objectSID and
objectGUID. Add support for group show to samba-tool.
Signed-off-by: William Brown <william@blackhats.net.au>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
William Brown [Wed, 25 Apr 2018 07:36:17 +0000 (17:36 +1000)]
python/samba/netcmd/{forest.py,main.py}: add configuration controls
With samba-tool we should expose ways to easily administer and control
common configuration options. This adds the base framework for modifying
forest settings, generally stored in cn=configuration partition.
An example is:
samba-tool forest directory_service show
samba-tool forest directory_service dsheuristics X
Signed-off-by: William Brown <william@blackhats.net.au>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 28 May 2018 10:35:20 +0000 (22:35 +1200)]
torture: Cope with WINBINDD_SHOW_SEQUENCE failure for fake trusts
This test has been flapping and we should not be checking the
sequence number of remote trusts in a loop like this. We can write
a test against the trusts we specifically set up if we want to check
remote sequence numbers (and connectivity) against actually working
domains.
When flapping the previous version of the test gave:
WARNING!: ../source4/torture/winbind/struct_based.c:812: WINBINDD_SHOW_SEQUENCE returned 0, expected 1: WINBINDD_SHOW_SEQUENCE
WARNING!: WINBINDD_SHOW_SEQUENCE on domain torturedom failed
Trust list for WINBINDD_SHOW_SEQUENCE was:
BUILTIN
S4MEMBER
SAMBADOMAIN
torturedom
WARNING!: ../source4/torture/winbind/struct_based.c:812: WINBINDD_SHOW_SEQUENCE returned 0, expected 1: WINBINDD_SHOW_SEQUENCE
WARNING!: WINBINDD_SHOW_SEQUENCE on domain TORTURE302 failed
Trust list for WINBINDD_SHOW_SEQUENCE was:
BUILTIN
S4MEMBER
SAMBADOMAIN
TORTURE302
TORTURE306
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 29 02:31:40 CEST 2018 on sn-devel-144
Kai Blin [Sun, 27 May 2018 06:38:19 +0000 (08:38 +0200)]
talloc: Fix some typos in the comments
Now with even more typos fixed. Thanks Rowland.
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Mon May 28 16:16:17 CEST 2018 on sn-devel-144
Christof Schmitt [Tue, 22 May 2018 19:52:58 +0000 (12:52 -0700)]
vfs_gpfs: Use full_path_tos instead of talloc_asprintf
full_path_tos avoids the talloc call for most cases; use that instead of
talloc_asprintf.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 26 01:43:09 CEST 2018 on sn-devel-144
Christof Schmitt [Tue, 22 May 2018 19:25:42 +0000 (12:25 -0700)]
vfs_gpfs: Remove get_full_smb_filename from is_offline check
No stream information is required here.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Tue, 22 May 2018 19:22:06 +0000 (12:22 -0700)]
vfs_gpfs: Remove wrong get_full_smb_filename from ntimes function
Updating the timestamps requires the path to the file, but no stream
information.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Wed, 23 May 2018 22:04:08 +0000 (15:04 -0700)]
vfs_gpfs: Adjust debug level when get_winattrs returns EBADF
This is returned for a get_winattrs call against a non-gpfs file system.
This can happen for the .. entry when listing a share on the file system
root.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Wed, 16 May 2018 20:25:54 +0000 (13:25 -0700)]
smbd: Move dfree_info struct
As the struct is no longer used as part of connection_struct, move it to
dfree.c.
This is not backported, as it would change the VFS ABI.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Sat, 19 May 2018 03:51:58 +0000 (20:51 -0700)]
smbd: Flush dfree memcache on service reload
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Wed, 16 May 2018 20:17:52 +0000 (13:17 -0700)]
smbd: Cache dfree information based on query path
Sub directories in a SMB share can have different free space information
(e.g. when a different file system is mounted there). Caching the dfree
information per SMB share will return invalid data. Address this by
switching to memcache and store the cached data based on the query path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Wed, 16 May 2018 20:05:36 +0000 (13:05 -0700)]
memcache: Add new cache type for dfree information
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Wed, 23 May 2018 18:25:42 +0000 (11:25 -0700)]
selftest: Add test for 'dfree cache'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Wed, 23 May 2018 18:07:54 +0000 (11:07 -0700)]
selftest: Add dfq_cache share with 'dfree cache time' set
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Fri, 18 May 2018 18:52:23 +0000 (11:52 -0700)]
s3: vfs_fake_acls: Correctly implement the chmod/fchmod algorithm on fake acls.
We now pass samba3hide(nt4_dc), so remove it from knownfail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 25 21:29:32 CEST 2018 on sn-devel-144
Jeremy Allison [Fri, 18 May 2018 18:50:44 +0000 (11:50 -0700)]
s3: smbd: Make map_acl_perms_to_permset() extern.
The vfs_fake_acl module will need it to implement chown/fchown.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Fri, 18 May 2018 18:49:09 +0000 (11:49 -0700)]
s3: smbd: Make unix_perms_to_acl_perms() extern.
The vfs_fake_acl module will need it to implement chown/fchown.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Fri, 18 May 2018 18:37:22 +0000 (11:37 -0700)]
s3: posix_acls: Remove unused 'connection_struct *conn' parameter to map_acl_perms_to_permset().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 17 May 2018 18:49:55 +0000 (11:49 -0700)]
s3: posix_acls: Remove dead functions fchmod_acl()/chmod_acl().
No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 17 May 2018 18:48:55 +0000 (11:48 -0700)]
s3: VFS: Remove SMB_VFS_FCHMOD_ACL().
No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 17 May 2018 18:42:03 +0000 (11:42 -0700)]
s3: torture: Remove cmd_fchmod_acl().
No longer needed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 17 May 2018 18:46:21 +0000 (11:46 -0700)]
s3: modules: vfs_ceph: Remove FCHMOD_ACL in cephwrap_fchmod().
Now I understand the use of the mask in POSIX ACLs
this extra step is no longer needed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 17 May 2018 18:45:05 +0000 (11:45 -0700)]
s3: modules: vfs_default: Remove FCHMOD_ACL in fchmod.
Now I understand the use of the mask in POSIX ACLs
this extra step is no longer needed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 17 May 2018 18:32:58 +0000 (11:32 -0700)]
s3: VFS: Remove SMB_VFS_CHMOD_ACL().
No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 17 May 2018 18:21:14 +0000 (11:21 -0700)]
s3: torture: Remove cmd_chmod_acl().
No longer needed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 17 May 2018 18:19:33 +0000 (11:19 -0700)]
s3: modules: vfs_ceph: Remove CHMOD_ACL in cephwrap_chmod().
Now I understand the use of the mask in POSIX ACLs
this extra step is no longer needed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 17 May 2018 18:18:12 +0000 (11:18 -0700)]
s3: modules: vfs_ceph: Remove CHMOD_ACL in cephwrap_mkdir().
Now I understand the use of the mask in POSIX ACLs
this extra step is no longer needed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 17 May 2018 18:05:20 +0000 (11:05 -0700)]
s3: modules: vfs_default: Remove CHMOD_ACL in chmod.
Now I understand the use of the mask in POSIX ACLs
this extra step is no longer needed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 17 May 2018 18:03:53 +0000 (11:03 -0700)]
s3: modules: vfs_default: Remove CHMOD_ACL in mkdir.
Now I understand the use of the mask in POSIX ACLs
this extra step is no longer needed. If the mkdir
succeeded it's already set the correct mode.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 17 May 2018 17:38:34 +0000 (10:38 -0700)]
s3: smbd: Use FCHMOD call, not FCHMOD_ACL call if mode bits reset needed.
This is a behavior change, it will modify the POSIX ACL mask
from a value of rwx instead of modifying the existing ACE
entries to be ANDed with the passed in mode. However it
will have no effect on the underlying permissions, and
better reflects the proper use of POSIX ACLs (i.e. I
didn't understand the use of the mask entry in the
ACL when I first wrote the POSIX ACL code).
In addition, the vfs_acl_common.c module already
filters these calls for all but POSIX opens, which
means the only place this change is exposed to the
client would be a cifsfs unix extensions client doing
posix acl calls (and they would expect the mask to
be set like this on chmod).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 17 May 2018 17:35:58 +0000 (10:35 -0700)]
s3: smbd: Optimization. Only do the FCHMOD_ACL call if mode bits not equal.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 17 May 2018 17:33:38 +0000 (10:33 -0700)]
s3: smbd: optimization. Only do the FCHMOD call if needed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 17 May 2018 17:27:11 +0000 (10:27 -0700)]
s3: smbd: Remove use of SMB_VFS_FCHMOD_ACL() in overwrite case.
We have potentially called SMB_VFS_FCHMOD() here in
the file_set_dosmode() call associated with the comment
/* Overwritten files should be initially set as archive */
at line 3755 above, so there is no need to do any POSIX ACL
mask protection.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 17 May 2018 17:24:35 +0000 (10:24 -0700)]
s3: smbd: Add clarifying comment on mode change on overwritten files.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 17 May 2018 16:37:23 +0000 (09:37 -0700)]
s3: smbd: Remove existing_unx_mode, an unused parameter to open_match_attributes().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Thu, 24 May 2018 09:37:43 +0000 (11:37 +0200)]
smbd: Call smbXsrv_client_global_init in the parent smbd
Otherwise we're missing the clear-if-first optimization for
smbXsrv_client_global.tdb.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri May 25 16:00:08 CEST 2018 on sn-devel-144
Volker Lendecke [Tue, 22 May 2018 08:57:47 +0000 (10:57 +0200)]
vfs_time_audit: Fix a log message
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 9 May 2018 21:09:56 +0000 (09:09 +1200)]
autobuild: cover the Gentoo case with python disabled all down the stack
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri May 25 13:07:47 CEST 2018 on sn-devel-144
Timur I. Bakeyev [Fri, 18 May 2018 02:10:50 +0000 (10:10 +0800)]
Make ldb configuration --disable-python work as intended
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 24 May 2018 01:49:11 +0000 (13:49 +1200)]
torture: Give extra information on WINBINDD_SHOW_SEQUENCE failure
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 23 May 2018 15:35:15 +0000 (17:35 +0200)]
s3:utils: Remove double error check
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu May 24 18:07:03 CEST 2018 on sn-devel-144
Volker Lendecke [Tue, 22 May 2018 15:10:07 +0000 (17:10 +0200)]
ldap_server: Fix CID
1435721 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 24 03:35:00 CEST 2018 on sn-devel-144
Volker Lendecke [Tue, 22 May 2018 15:08:43 +0000 (17:08 +0200)]
kdc: Fix CID
1435720 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 22 May 2018 11:25:41 +0000 (13:25 +0200)]
ldap_server: Fix CID
1435731 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 22 May 2018 11:23:33 +0000 (13:23 +0200)]
ctdbd: Fix CID
1435732 Argument cannot be negative
setenv returns its error in "errno"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 22 May 2018 11:20:17 +0000 (13:20 +0200)]
audit_logging: Fix CID
1435739 Dereference null return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 22 May 2018 11:17:25 +0000 (13:17 +0200)]
ctdb: Fix CID
1435740 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Fri, 18 May 2018 03:57:39 +0000 (15:57 +1200)]
autobuild: Include information of disk free in system-info.txt
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 24 00:42:48 CEST 2018 on sn-devel-144
Andrew Bartlett [Fri, 18 May 2018 03:53:33 +0000 (15:53 +1200)]
gitlab-ci: Do not hide a possible out-of-space condition by cleaning up the tree
These are VMs anyway and will soon vanish, so a cleanup is totally wasted in any case.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 18 May 2018 03:51:34 +0000 (15:51 +1200)]
gitlab-ci: Include system-info.txt to give info on possible failures
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Tim Beale [Tue, 15 May 2018 21:45:32 +0000 (09:45 +1200)]
dsdb: Avoid calculating the PSO multiple times
In a typical user login query, the code tries to work out the PSO 2-3
times - once for the msDS-ResultantPSO attribute, and then again for the
msDS-User-Account-Control-Computed & msDS-UserPasswordExpiryTimeComputed
constructed attributes.
The PSO calculation is reasonably expensive, mostly due to the nested
groups calculation. If we've already constructed the msDS-ResultantPSO
attribute, then we can save ourselves extra work by just re-fetching the
result directly, rather than expanding the nested groups again from
scratch.
The previous patch improves efficiency when there are no PSOs in the
system. This should improve the case where there are PSOs that apply to
the users. (Unfortunately, it won't help where there are some PSOs in
the system, but no PSO applies to the user being queried).
Also updated sam.c so the msDS-ResultantPSO gets calculated first,
before the other constructed attributes.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed May 23 10:09:11 CEST 2018 on sn-devel-144
Tim Beale [Tue, 15 May 2018 02:02:32 +0000 (14:02 +1200)]
dsdb: Avoid performance hit if PSOs aren't actually used
The new PSO code adds some additional overhead in extra lookups. To
avoid penalizing existing setups, we can short-circuit the PSO
processing and return early if there are no actual PSO objects in the
DB. The one-level search should be very quick, and it avoids the need to
do more complicated PSO processing (i.e. expanding the nested groups).
The longer-term plan is to rework the tokenGroups lookup so that it only
gets done once, and the result can then be reused by the resultant-PSO
code (rather than computing the nested-groups again). However, in the
short-term, a slight decrease in performance is the price for any users
that want to deploy PSOs.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Thu, 10 May 2018 21:29:01 +0000 (09:29 +1200)]
tests: Add tests for domain pwdHistoryLength
This is not related to PSOs at all, but there's a minor discrepancy
between Windows and Samba password-history-length behaviour that I
noticed during PSO testing.
When the pwdHistoryLength changes from zero to non-zero, Windows
includes the user's current password as invalid immediately, whereas
Samba only includes it as invalid *after* it next changes. It's a
fairly obscure corner-case, and we might not care enough about it to
fix it. However, I've added a test case to highlight the difference and
marked it as a known-fail for now.
I also added a general pwdHistoryLength test case to show that the
basics work (this didn't seem to be tested anywhere else).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Thu, 10 May 2018 23:49:23 +0000 (11:49 +1200)]
tests: Extend passwordsettings tests to cover PSO command options
Add test cases for the new PSO samba-tool command options.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Sun, 22 Apr 2018 22:47:21 +0000 (10:47 +1200)]
netcmd: Add samba-tool support for managing PSOs
Add a new command 'samba-tool domain passwordsettings pso', with the
sub-command options: create, delete, set, list, show, show-user, apply,
unapply. The apply and unapply options apply the PSO to a user or group.
The show-user option shows the actual PSO (and its settings) that will
take effect for a given user.
The new commands are pretty self-contained in a new pso.py file. We
decided to add these new commands under the existing 'samba-tool domain
passwordsettings' command, as that's what users would be already
familiar with.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Thu, 19 Apr 2018 01:51:36 +0000 (13:51 +1200)]
dsdb: Use PSO maxPwdAge for operational msDS-PasswordExpiryTimeComputed
When calculating the Password-Expiry-Time, we should use the PSO's
max-password-age setting, if one applies to the user.
This is code may be inefficient, as it may repeat the PSO-lookup work
several times (once for each constructed attribute that tries to use
it). For now, I've gone for the simplest code change, and efficiency can
be addressed in a subsequent patch (once we have a good test to measure
it).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Wed, 18 Apr 2018 22:46:48 +0000 (10:46 +1200)]
dsdb: Update password_hash to use PSO settings for password changes
Honour the settings in the PSO when changing the password, i.e.
msDS-PasswordComplexityEnabled, msDS-PasswordHistoryLength, etc.
The password_hash code populates dsdb_control_password_change_status's
domain_data with the password settings to use - these are currently
based on the settings for the domain.
Now, if the password_hash code has worked out that a PSO applies to the
user, we override the domain settings with the PSO's values.
This change means the password_settings tests now pass.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Wed, 18 Apr 2018 21:47:42 +0000 (09:47 +1200)]
dsdb: Move anonymous domain_data struct
Anonymous structs and 80 character line-lengths don't mix well. Allow
the struct to be referenced directly.
With the introduction of PSOs, the password-settings are now calculated
per-user rather than per-domain. I've tried to reflect this in the
struct name.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Wed, 18 Apr 2018 02:21:46 +0000 (14:21 +1200)]
dsdb: Lookup PSO's lockout settings for password_hash modifies
When a user's password-hash is modified, we need the PSO settings for
that user, so that any lockout settings get applied correctly.
To do this, we query the msDS-ResultantPSO in the user search. Then, if
a PSO applies to the user, we add in a extra search to retrieve the
PSO's settings. Once the PSO search completes, we continue with the
modify operation.
In the event of error cases, I've tried to fallback to logging the
problem and continuing with the default domain settings. However,
unusual internal errors will still fail the operation.
We can pass the PSO result into dsdb_update_bad_pwd_count(), which means
the PSO's lockout-threshold and observation-window are now used. This is
enough to get the remaining lockout tests passing.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Tue, 8 May 2018 04:07:54 +0000 (16:07 +1200)]
rpc/samr: Fix PSO support in SAMR password_change RPC
To get the SAMR password_lockout test passing, we now just need to query
the msDS-ResultantPSO attribute for the user in the SAMR code. The
common code will then determine that a PSO applies to the user, and use
the PSO's lockout settings.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Tue, 10 Apr 2018 22:33:21 +0000 (10:33 +1200)]
dsdb/rpc: Update effective badPwdCount to use PSO settings
The lockOutObservationWindow is used to calculate the badPwdCount. When
a PSO applies to a user, we want to use the PSO's lockout-observation
window rather the the default domain setting.
This is finally enough to get some of the PSO password_lockout tests
to pass.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Tue, 8 May 2018 03:11:30 +0000 (15:11 +1200)]
dsdb: PSO support for msDS-User-Account-Control-Computed
msDS-User-Account-Control-Computed uses the effective-lockoutDuration to
determine if a user is locked out or not. If a PSO applies to the user,
then the effective-lockoutDuration is the PSO's msDS-LockoutDuration
setting. Otherwise it is the domain default lockoutDuration value.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Fri, 6 Apr 2018 04:42:50 +0000 (16:42 +1200)]
dsdb/auth: Use PSO settings for lockOutThreshold/Duration
If a PSO applies to a user, use its lockOutThreshold/Duration settings
instead of the domain setting. When we lookup a user, we now include the
msDS-ResultantPSO attribute. If the attribute is present for a user,
then we lookup the corresponding PSO object to get the lockOutThreshold/
Duration settings.
Note: This is not quite enough to make the PSO lockout tests pass, as
msDS-User-Account-Control-Computed is still constructed based on the
domain lockoutDuration setting rather than the PSO.
Updating the password_hash.c code properly will be done in a subsequent
commit.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Tue, 8 May 2018 02:45:17 +0000 (14:45 +1200)]
tests: Extend PSO tests to cover password-history/length/complexity
Unhobble the PSO test cases so that they not only check the
msDS-ResultantPSO constructed attribute, but also that the corresponding
PSO's password-history, minimum password length, and complexity settings
are actually used.
The tests now fail once more, as actually using the PSO's settings isn't
implemented yet.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Tue, 20 Mar 2018 21:45:38 +0000 (10:45 +1300)]
dsdb: Add msDS-ResultantPSO constructed attribute support
Add support for the msDS-ResultantPSO constructed attribute, which
indicates the PSO (if any) that should apply to a given user. First we
consider any PSOs that apply directly to a user. If none apply directly,
we consider PSOs that apply to any groups the user is a member of. (PSO
lookups are done by finding any 'msDS-PSOAppliesTo' links that apply to
the user or group SIDs we're interested in.
Note: the PSO should be selected based on the RevMembGetAccountGroups
membership, which doesn't include builtin groups. Looking at the spec,
it appears that perhaps our tokenGroups implementation should also
exclude builtin groups. However, in the short-term, I've added a new
ACCOUNT_GROUPS option to the enum, which is only used internally for
PSOs.
The PSO test cases (which are currently only checking the constructed
attribute) now pass, showing that the correct msDS-ResultantPSO value is
being returned, even if the corresponding password-policy settings are
not yet being applied.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 14 May 2018 02:34:25 +0000 (14:34 +1200)]
autobuild: build ldb --without-ldb-lmdb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 23 05:11:13 CEST 2018 on sn-devel-144
Andrew Bartlett [Mon, 14 May 2018 00:14:06 +0000 (12:14 +1200)]
selftest: Run ad_dc and vampire_dc with --backend-store=mdb
This ensures the LMDB backend is tested in make test
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Tue, 6 Mar 2018 00:40:21 +0000 (13:40 +1300)]
ldb-samba: Handle generic mdb:// url scheme in ldb_relative_path()
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 18 May 2018 19:10:15 +0000 (07:10 +1200)]
ldb: Reject a possible future ldb_mdb with the index in a sub-database
This ensures we do not corrupt such an index by making changes to the
main database without knowing that the index values are now in a
sub-database.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Tue, 6 Mar 2018 02:11:23 +0000 (15:11 +1300)]
ldb: Add MDB support to ldb://
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Gary Lockyer [Tue, 13 Mar 2018 02:08:10 +0000 (15:08 +1300)]
ldb_mdb/tests: add tests for multiple opens across forks
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Mon, 12 Mar 2018 19:14:09 +0000 (08:14 +1300)]
ldb_mdb/tests: test large index key value
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Thu, 22 Mar 2018 22:29:25 +0000 (11:29 +1300)]
ldb_mdb: Remove implicit read lock and remove transaction counter
The way to know if we are in a transaction is if there is a non-NULL
transaction handle.
This allows the ldb_mdb_kv_ops_test test to be run.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 8 May 2018 23:40:36 +0000 (11:40 +1200)]
ldb_mdb: Run the ldb_mdb_mod_op_test
ldb_mdb is now able to pass the full ldb_mod_op_test when compiled against lmdb.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Thu, 8 Mar 2018 03:47:59 +0000 (16:47 +1300)]
ldb_mdb/tests: Tests for wrap open
Tests to ensure that the mdb_env wrapping code correctly handles
multiple ldb's point to the same physical database file.
The test_ldb_close_with_multiple_connections tests are in
ldb_mod_op_test due to the utility code it uses from
elsewhere in that test.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 17 May 2018 01:10:25 +0000 (13:10 +1200)]
ldb_mdb: Use mdb_env_get_fd() to get the FD for fstat() and FD_CLOEXEC
This ensures we leave the FD behind if we exec() in a child process.
This deliberatly the same as TDB, as we want the same behaviour as
we have come to expect with that backend.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Tue, 13 Mar 2018 02:08:10 +0000 (15:08 +1300)]
ldb_mdb: prevent MDB_env reuse across forks
MDB_env's may not be reused accross forks. Check the pid that the lmdb
structure was created by, and return an error if it is being used by a
different process.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Tue, 20 Mar 2018 22:38:22 +0000 (11:38 +1300)]
ldb_mdb: handle EBADE from mdb_env_open
Under some circumstances mdb_env_open returns EBADE, we treat this as
indicating the file is not a valid lmdb format file.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Tue, 6 Mar 2018 23:05:34 +0000 (12:05 +1300)]
ldb_mdb: Wrap mdb_env_open
Wrap mdb_env_open to ensure that we only have one MDB_env opened per
database in each process
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Tue, 6 Mar 2018 02:27:51 +0000 (15:27 +1300)]
ldb_mdb: Apply LMDB key length restrictions at key-value layer
We need to enforce the GUID index mode so end-users do not get a
supprise in mid-operation and we enforce a max key length of 511 so
that the index key trunctation is done correctly.
Otherwise the DB will appear to work until a very long key (DN or
index) is used, after which it will be sad.
Because the previous ldb_lmdb_test confirmed the key length by
creating a large DN, those tests are re-worked to use the GUID index
mode. In turn, new tests are written that create a special DN around
the maximum key length.
Finally a test is included that demonstrates that adding entries to
the LMDB DB without GUID index mode fails.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Mon, 5 Mar 2018 20:13:31 +0000 (09:13 +1300)]
ldb_mdb/tests: Run api and index test also on lmdb
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Fri, 2 Feb 2018 02:30:53 +0000 (15:30 +1300)]
ldb_mdb/tests: Add tests to check for max key length and DB size
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Tue, 6 Mar 2018 23:05:34 +0000 (12:05 +1300)]
ldb_mdb: Don't allow modify operations on a read only db
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Mon, 5 Mar 2018 03:04:03 +0000 (16:04 +1300)]
ldb_mdb: Store pid to change destructor on fork
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 1 Mar 2018 03:53:07 +0000 (16:53 +1300)]
ldb_mdb: Enable LDB_FLG_NOSYNC in ldb_mdb
This is used in selftest with 'ldb:nosync = true'.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 11 Jan 2017 04:10:19 +0000 (17:10 +1300)]
ldb_mdb: Implement the lmdb backend for ldb
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sun, 20 May 2018 22:40:00 +0000 (10:40 +1200)]
selftest: Clean up ldb on tearDown from each packet in TrafficEmulatorPacketTests
Otherwise the LDB (and so the server resources) are in use until the end of the whole test
due to the way the objects are maintained in python for reporting.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 23 00:53:25 CEST 2018 on sn-devel-144
Amitay Isaacs [Mon, 14 May 2018 06:52:58 +0000 (16:52 +1000)]
socket_wrapper: Add missing dependency on tirpc
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue May 22 13:57:07 CEST 2018 on sn-devel-144
Andrew Bartlett [Mon, 21 May 2018 01:58:12 +0000 (13:58 +1200)]
auth: Use DBGC_AUTH as DBGC_CLASS for AD DC auth session code.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 22 02:42:32 CEST 2018 on sn-devel-144
Andrew Bartlett [Mon, 21 May 2018 01:53:01 +0000 (13:53 +1200)]
s4-drsuapi: Call security_token_debug() with DBGC_DRS_REPL and a proper log level
Selftest logs are full of calls to security_token_debug() with no context
and this is never a log level 0 event, so tidy it up.
The RODC would trigger this each time there is an attempted preload
of a user in the Denied RODC replication group.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Mon, 21 May 2018 01:51:16 +0000 (13:51 +1200)]
auth: Use DBGC_AUTH as DBGC_CLASS for AD DC NTLM auth code.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 5 Dec 2017 07:28:28 +0000 (08:28 +0100)]
vfs_zfsacl: return synthesized ACL when ZFS return ENOTSUP
This allows accessing the ZFS .snapshots directory where ZFS returns
ENOTSUP when calling acl(".snapshots").
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 18 22:03:21 CEST 2018 on sn-devel-144
Ralph Boehme [Fri, 18 May 2018 11:14:57 +0000 (13:14 +0200)]
s3:smbd: make psbuf arg to make_default_acl_posix() const
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Fri, 4 May 2018 11:20:36 +0000 (12:20 +0100)]
python/samba/netcmd: Py2/Py3 misc replace range with enumerate
Replace various instances of xrange with enumerate.
Signed-off-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Fri May 18 05:24:42 CEST 2018 on sn-devel-144
Jeremy Allison [Thu, 10 May 2018 18:30:24 +0000 (11:30 -0700)]
s3: smbtorture: Add new SMB2-DIR-FSYNC test to show behavior of FSYNC on directories.
Tests against a directory handle on the root of a share,
and a directory handle on a sub-directory in a share.
Check SEC_DIR_ADD_FILE and SEC_DIR_ADD_SUBDIR separately,
either allows flush to succeed.
Passes against Windows.
Regression test for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13428
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 18 02:38:50 CEST 2018 on sn-devel-144
Jeremy Allison [Thu, 10 May 2018 17:26:52 +0000 (10:26 -0700)]
s3: smbd: Fix SMB2-FLUSH against directories.
Directories opened with either FILE_ADD_FILE or
FILE_ADD_SUBDIRECTORY can be flushed even if
they're not writable in the conventional sense.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13428
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 17 May 2018 19:35:06 +0000 (12:35 -0700)]
s3: profile: Cleanup - we no longer use read/write/fsync syscalls.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Wed, 16 May 2018 11:59:55 +0000 (13:59 +0200)]
lib: Fix array size in audit_logging
../lib/audit_logging/audit_logging.c: In function ‘json_add_timestamp’:
../lib/audit_logging/audit_logging.c:603:12: error: ‘%s’ directive
output may be truncated writing up to 9 bytes into a region of size
between 0 and 43 [-Werror=format-truncation=]
"%s.%06ld%s",
^~
../lib/audit_logging/audit_logging.c:606:3:
tz);
~~
../lib/audit_logging/audit_logging.c:600:2: note: ‘snprintf’ output
between 8 and 70 bytes into a destination of size 50
snprintf(
^~~~~~~~~
timestamp,
~~~~~~~~~~
sizeof(timestamp),
~~~~~~~~~~~~~~~~~~
"%s.%06ld%s",
~~~~~~~~~~~~~
buffer,
~~~~~~~
tv.tv_usec,
~~~~~~~~~~~
tz);
~~~
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu May 17 20:17:35 CEST 2018 on sn-devel-144
Andreas Schneider [Tue, 15 May 2018 15:55:22 +0000 (17:55 +0200)]
s4:ntvfs: Fix string copy of share_name
../source4/ntvfs/ipc/rap_server.c:70:3: error: ‘strncpy’ specified bound 13 equals destination size [-Werror=stringop-truncation]
strncpy((char *)r->out.info[j].info1.share_name,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
snames[i],
~~~~~~~~~~
sizeof(r->out.info[0].info1.share_name));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>