Andrew Bartlett [Mon, 18 Aug 2014 02:13:39 +0000 (14:13 +1200)]
s3-rpc_client: Do not give NT_STATUS_NO_MEMORY when the source string was NULL
Change-Id: I25a4dcc2239267ee7c219e965693027ca2981983
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Mon, 18 Aug 2014 01:14:04 +0000 (13:14 +1200)]
set_dc_type_and_flags_trustinfo: Use init_dc_connection and wb_open_internal_pipe
This means we call this code, and mark trusted domains as active directory, when we are an AD DC.
Otherwise, in the previous case we would not have domain->active_directory set, and would fail on
connection_ok() due to not having a full connection to our internal DC
Change-Id: I7ccee569d69d6c5466334540db8920e57aafa991
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 17 Aug 2014 22:08:24 +0000 (10:08 +1200)]
dsdb: improve debugging in DsCrackNameOneFilter
Change-Id: I64d8e1eb94d833dc8ebf18fecdf32a83470a087e
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
1
Andrew Bartlett [Sun, 17 Aug 2014 22:07:03 +0000 (10:07 +1200)]
winbindd: Add debugging to assist in locating errors creating NETLOGON pipes
Change-Id: If15483c37ed43267c6474ce8b5e9d96254745bca
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Fri, 15 Aug 2014 03:01:31 +0000 (15:01 +1200)]
passdb: Use sam_get_results_trust() and implement pdb_samba_dsdb_get_trusteddom_pw
We now return the plaintext passwords for trusted domains so winbindd can use them.
Change-Id: Ifcd59b0be815d25b73bdbc41db7477895461c7b6
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Fri, 15 Aug 2014 03:00:25 +0000 (15:00 +1200)]
auth: Split out fetching trusted domain into sam_get_results_trust()
This new helper function will also be used by pdb_samba_dsdb.
Change-Id: I008af94a0822012c211cfcc6108a8b1285f4d7c7
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 14 Aug 2014 02:47:38 +0000 (14:47 +1200)]
provision: Only create hard links for ForestDnsZones if it exists on this DC
We might be a subdomain, and not host this partition.
Andrew Bartlett
Change-Id: I9aa32c5692cd9fd0a6bced8bea37cd8593b31906
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Mon, 11 Aug 2014 05:30:51 +0000 (17:30 +1200)]
selftest: Improve connection between primary domain and subdomain for krb5
Two things help here: The join is done on the lower case name, so we
can match it in the krb5.conf, and we share the krb5.conf between the
"dc" environment and the "subdom_dc" environment. Between these two
measures, this means we can get tickets using the domain trust.
If we used cwrap for DNS queries and we had our internal DNS set up correctly,
we could avoid this (because that is not case sensitive),
but otherwise we need to get SUB.samba.example.org into the krb5.conf,
and this is harder to do an a generic way.
Andrew Bartlett
Change-Id: If378915112728aaf47aa68ce0b071a7e09d756ad
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Mon, 11 Aug 2014 03:53:44 +0000 (15:53 +1200)]
dsdb: Make log message more clear
Change-Id: Ibf3c55748e755d2f6dae57293bfde11cdf7ba3ae
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Mon, 11 Aug 2014 01:36:09 +0000 (13:36 +1200)]
selftest: Set admin password on subdom_dc environment
Change-Id: Ib9edae20004ea6f5a500efcfcd7bbd9fc8015c25
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Sun, 10 Aug 2014 23:47:54 +0000 (11:47 +1200)]
winbindd: Do not segfault if the trusted domain has no SID
Currently we abort, as skipping the domain would make the loop much more complex for a situation not yet seen in the real world.
Andrew Bartlett
Change-Id: Ie1e269eb25047d662d8fd0f771ee20de1d48706b
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Sun, 10 Aug 2014 23:46:51 +0000 (11:46 +1200)]
join.py: Ensure we set the SID of the parent domain on the trust record
Change-Id: Ifaf3f2d1240d983a48ee1874fdc9c266354f6754
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Sun, 10 Aug 2014 23:23:57 +0000 (11:23 +1200)]
python: Use the security.dom_sid type for ctx.domsid in join.py and provision
Change-Id: I1266f77184d68aae6a39a73bac8a432fdd707b2e
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Fri, 8 Aug 2014 07:26:46 +0000 (19:26 +1200)]
dsdb: Permit creation of partitions of type INSTANCE_TYPE_UNINSTANT
This is only allowed when we are creating the objects from a DsAddEntry call, not over LDAP.
Change-Id: Ieec6b07556d58741ec04fede8bf9940811f12a62
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Fri, 8 Aug 2014 06:43:47 +0000 (18:43 +1200)]
provision: Use names.domainsid and names.domainguid
This is better than passing around parameters to functions all over
the provision stack and makes it easier to pass in a seperate forest
SID when we start to support subdomains.
Change-Id: I3787f4f3433ca04628f888135c7c0c8195379542
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Wed, 16 Oct 2013 02:36:46 +0000 (15:36 +1300)]
s4-gensec: Fix spelling in debug message
Change-Id: Ia0218c4b1f714d1b829ab0ce5851a4d02a1bf5df
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Wed, 16 Oct 2013 01:43:39 +0000 (14:43 +1300)]
provision: Only calculate ForestDNSZone GUID if we need it
Change-Id: Ie33812627ce7ececda681c2d784b1ca97b1b73c4
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Wed, 16 Oct 2013 01:34:43 +0000 (14:34 +1300)]
join.py: Reinstate full_nc_list and make creation of NTDS-DSA object common
The new function join_ntdsdsa_obj() returns the object, to be added over LDAP or DsAddEntry().
Andrew Bartlett
Change-Id: I41ac256fb3d4edffc617af4ae580acd941b4de83
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Mon, 9 Sep 2013 05:14:45 +0000 (17:14 +1200)]
selftest: Pass DC_REALM to the subdom_dc environment
This allows 'samba-tool drs kcc' to be run during the environment setup.
Andrew Bartlett
Change-Id: I5d25470f1530b28be0a9413d13c48442fabb1a84
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Fri, 6 Sep 2013 03:48:29 +0000 (15:48 +1200)]
dsdb: Change acl module to look for instanceType flag rather than list of NCs
This avoids any DNs being a free pass beyond the ACL code, instead it is based on the CN=Partitions ACL.
Andrew Bartlett
Change-Id: Ib2f4abe0165e47fa4a71925d126c2eeec68df119
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Jelmer Vernooij [Fri, 29 Aug 2014 23:59:26 +0000 (01:59 +0200)]
Various updates to the pidl README file.
Remove samba3/samba4-specific comments, add comments about backends and files.
Change-Id: Id2253ce85eab7a684b2c50d25f6f2604dc146a8e
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Sun Aug 31 23:47:49 CEST 2014 on sn-devel-104
Jelmer Vernooij [Fri, 29 Aug 2014 23:59:25 +0000 (01:59 +0200)]
Remove trailing whitespace.
Change-Id: I1e0948da34bac278edc62cd63dedd08112426e7a
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Jelmer Vernooij [Fri, 29 Aug 2014 23:57:29 +0000 (01:57 +0200)]
samba.netcmd.domain: desactivating -> deactivating.
Change-Id: I463823589049e81bcd4032f3e7bc6b5f2fb0d28d
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Jelmer Vernooij [Fri, 29 Aug 2014 23:57:28 +0000 (01:57 +0200)]
samba.netcmd.domain: Fix incorrect variable names, causing NameErrors.
Change-Id: I1c78f07f942a8b03ac88de98b18ac636b7124e22
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Jelmer Vernooij [Fri, 29 Aug 2014 23:57:27 +0000 (01:57 +0200)]
samba.netcmd.domain: Remove unused import.
Change-Id: I33f3ba55540be01fd15bfc3d75ebb73cbf5ead9e
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Jelmer Vernooij [Fri, 29 Aug 2014 23:57:26 +0000 (01:57 +0200)]
samba.netcmd.domain: Just catch ImportError, not any parsing errors in cmd_domain_export_keytab.
Change-Id: If5710565c74e87fe218a83f31cddcf64605e522e
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Jelmer Vernooij [Fri, 29 Aug 2014 23:54:44 +0000 (01:54 +0200)]
Look for system setproctitle before trying -lbsd.
Change-Id: I390c186d7c1400287c6a18909a5d6587f2052243
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Jelmer Vernooij [Fri, 29 Aug 2014 23:54:43 +0000 (01:54 +0200)]
replace: remove tabs.
Change-Id: Ie87f3c8a60f6292b7d2302425c946f5befaf5fcc
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Jelmer Vernooij [Fri, 29 Aug 2014 23:54:42 +0000 (01:54 +0200)]
replace: remove unused and duplicate imports.
Change-Id: I6cfd2cf80efe19fa31bcd6b3881a1eb01f05d1b4
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Jelmer Vernooij [Fri, 29 Aug 2014 23:50:37 +0000 (01:50 +0200)]
Remove mention of compatibility with Python 2.4.
Change-Id: I1f900e550f4fbed9d7b3ffdbf30aa5b54e799331
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Jelmer Vernooij [Fri, 29 Aug 2014 23:50:36 +0000 (01:50 +0200)]
find_unused_macros: Remove obsolete script that finds unused macros.
There are various static checkers that can do this nowadays, with
better accuracy.
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Jelmer Vernooij [Fri, 29 Aug 2014 23:50:35 +0000 (01:50 +0200)]
source4: Remove script to find unused makefile variables.
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Christof Schmitt [Thu, 28 Aug 2014 21:50:39 +0000 (14:50 -0700)]
s3-winbindd: Document parameters in ads_cached_connection_reuse
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 30 06:10:36 CEST 2014 on sn-devel-104
Christof Schmitt [Thu, 28 Aug 2014 21:44:59 +0000 (14:44 -0700)]
s3-winbindd: Use more descriptive parameter names in ads_cached_connection_connect
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Fri, 22 Aug 2014 16:15:59 +0000 (09:15 -0700)]
s3-winbindd: Use correct realm for trusted domains in idmap child
When authenticating users in a trusted domain, the idmap_ad module
always connects to a local DC instead of one in the trusted domain.
Fix this by passing the correct realm to connect to.
Also Comment parameters passed to ads_cached_connection_connect
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Thu, 7 Aug 2014 22:42:05 +0000 (15:42 -0700)]
torture: Also run raw.read against the aio share
This tests the changes in the aio code path.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 30 02:51:46 CEST 2014 on sn-devel-104
Christof Schmitt [Thu, 7 Aug 2014 21:44:23 +0000 (14:44 -0700)]
torture: Use torture_assert macro for value check in raw.read
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Thu, 7 Aug 2014 21:40:00 +0000 (14:40 -0700)]
torture: Use torture_assert macro for status check in raw.read
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Thu, 7 Aug 2014 21:31:42 +0000 (14:31 -0700)]
torture: Use torture_fail macro in check_buffer for read requests
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Thu, 7 Aug 2014 21:25:13 +0000 (14:25 -0700)]
torture: Add test for 16 bit alignment of readx data
MS-CIFS requires a one byte pad to guarantee 16 bit alignment of the
data:
Pad (1 byte): This field is optional. When using the NT LAN Manager
dialect, this field can be used to align the Data field to a 16-bit
boundary relative to the start of the SMB Header. If Unicode strings are
being used, this field MUST be present. When used, this field MUST be
one padding byte long.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Thu, 7 Aug 2014 21:19:57 +0000 (14:19 -0700)]
s4:libcli/raw: Make flags2 and offset available to callers of readx
This will be used by smbtorture.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Fri, 15 Aug 2014 05:04:33 +0000 (22:04 -0700)]
smbd: Add padding byte to readx response
MS-CIFS 2.2.4.42.2 states: "Pad (1 byte): This field is optional. When
using the NT LAN Manager dialect, this field can be used to align the
Data field to a 16-bit boundary relative to the start of the SMB Header.
If Unicode strings are being used, this field MUST be present. When
used, this field MUST be one padding byte long."
Always add the padding byte to all readx responses to avoid additional
complexity.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Fri, 8 Aug 2014 17:48:55 +0000 (10:48 -0700)]
selftest: Add readx test for dc to known fail
The new 16bit alignment check will fail.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Fri, 15 Aug 2014 05:03:22 +0000 (22:03 -0700)]
torture3: Allow padding byte for LARGE_READX responses
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Fri, 29 Aug 2014 10:22:56 +0000 (12:22 +0200)]
ntvfs/posix: don't advertise FS_ATTR_SPARSE_FILES
Handling of the FSCTL_SET_SPARSE ioctl in ntvfs is broken. Removing
FS_ATTR_SPARSE_FILES from the filesystem attributes ensures that
clients, including the smbtorture ioctl tests, don't attempt to use this
functionality.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allson <jra@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Aug 29 22:06:21 CEST 2014 on sn-devel-104
David Disseldorp [Wed, 27 Aug 2014 13:20:08 +0000 (15:20 +0200)]
torture: trivial test_ioctl_network_interface_info cleanup
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allson <jra@samba.org>
David Disseldorp [Wed, 27 Aug 2014 13:17:04 +0000 (15:17 +0200)]
torture: test FSCTL_SET_SPARSE without SetSparse buffer
This test checks for the following MS-FSCC 2.3.63 behaviour:
If there is no data element, the sparse flag for the file is set,
exactly as if the FILE_SET_SPARSE_BUFFER element was supplied and had a
SetSparse value of TRUE.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allson <jra@samba.org>
David Disseldorp [Wed, 27 Aug 2014 12:45:58 +0000 (14:45 +0200)]
torture: test FSCTL_SET_SPARSE against a directory
Expect STATUS_INVALID_PARAMETER, as is returned by Windows Server 2012
and 2008. Samba is currently broken, in that it currently processes the
request and sets the sparse DOS attribute on the directory - fix to
follow.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allson <jra@samba.org>
David Disseldorp [Tue, 26 Aug 2014 17:30:39 +0000 (19:30 +0200)]
torture: test FSCTL_SET_SPARSE
Check that the FILE_ATTRIBUTE_SPARSE is set following FSCTL_SET_SPARSE.
Also confirm that adding the attribute on create doesn't carry through
to subsequent SMB2_GETINFO_FILE requests.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allson <jra@samba.org>
David Disseldorp [Tue, 26 Aug 2014 17:28:55 +0000 (19:28 +0200)]
idl: define sparse file fsctl structures
As documented in MS-FSCC 2.3.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allson <jra@samba.org>
David Disseldorp [Wed, 27 Aug 2014 13:42:00 +0000 (15:42 +0200)]
dosmode: fix FSCTL_SET_SPARSE request validation
Check that FSCTL_SET_SPARSE requests does not refer to directories. Also
reject such requests when issued over IPC or printer share connections.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10787
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 28 04:22:37 CEST 2014 on sn-devel-104
Marc Muehlfeld [Sun, 24 Aug 2014 17:51:15 +0000 (19:51 +0200)]
Fix typo in ldbrename manpage
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Jeremy Allson <jra@samba.org>
Stefan Metzmacher [Thu, 31 Jul 2014 07:30:16 +0000 (09:30 +0200)]
s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() before add/modify
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Aug 27 15:21:19 CEST 2014 on sn-devel-104
Stefan Metzmacher [Wed, 30 Jul 2014 18:12:08 +0000 (20:12 +0200)]
s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() before removing records
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 30 Jul 2014 16:51:39 +0000 (18:51 +0200)]
s4:dlz_bind9: let dlz_bind9 use dns_common_replace()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Change-Id: I2fd2503230cbf89445594e49f39ac321769ff06e
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 30 Jul 2014 15:59:08 +0000 (17:59 +0200)]
s4:dlz_bind9: let dlz_bind9 use dns_common_extract()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Change-Id: I7c661964a3da1a1981f022a06b9bef25bbd33479
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 30 Jul 2014 06:40:32 +0000 (08:40 +0200)]
s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() for name lookup
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Change-Id: I2632fa0ce120a978f6f400fa5cbf18a7fbbd64a3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 26 Aug 2014 10:04:59 +0000 (12:04 +0200)]
torture-dns: Add test for dlz_bind9 updates
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 26 Aug 2014 08:34:17 +0000 (10:34 +0200)]
torture-dns: Add test for dlz_bind9 zonedumps
Change-Id: I074b3e4cdad1a0b69c085dcaa44d6f48e68e863b
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 25 Aug 2014 22:24:27 +0000 (10:24 +1200)]
torture-dns: Add test for dlz_bind9 lookups
Change-Id: I3b9d1b56e3aa873fb8540b98e196b713b82332ca
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 26 Aug 2014 11:48:21 +0000 (13:48 +0200)]
s4:torture:dlz_bind9: fix spnego tests
The dlz_bind9 module uses the special dns-${NETBIOSNAME} account,
and this is only available under the dns/hostname.domain SPN, not
host/hostname.
Also the dlz_ssumatch() function returns isc_boolean_t instead
of isc_result_t. As ISC_R_SUCCESS and ISC_FALSE have the same value
we didn't notice this problem.
Change-Id: I48539c3f48f5dde9eaa2fff6da0f3be2f9f66311
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 28 Apr 2014 16:54:13 +0000 (18:54 +0200)]
s4:setup/dns_update_list: make use of the new substitution variables
This let us register the same names as Windows Servers.
We only exception are the NS records. In future we could add them
by using something like this:
samba-tool dns add ${HOSTNAME} ${DNSDOMAIN} @ NS ${HOSTNAME}
samba-tool dns add ${HOSTNAME} _msdcs.${DNSFOREST} @ NS ${HOSTNAME}
samba-tool dns add ${HOSTNAME} ${DNSFOREST} _msdcs NS ${HOSTNAME}
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 26 11:38:54 CEST 2014 on sn-devel-104
Stefan Metzmacher [Mon, 28 Apr 2014 15:33:50 +0000 (17:33 +0200)]
s4:samba_dnsupdate: provide more substitution variables e.g. IF_RODC
This will make the dns_update_list more flexible.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 7 Jul 2014 22:05:03 +0000 (00:05 +0200)]
s4:samba_dnsupdate: don't try to be smart when verifying NS records
We can't rely on the DNS delegation to be correct in the parent domain.
What we really want is to check if we already have registered ourself
as a NS record in our own domain.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 28 Apr 2014 06:29:40 +0000 (08:29 +0200)]
s4:samba_dnsupdate: cache the already registered records
This way we can delete records which are not used anymore.
E.g. if the ip address changed.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 28 Apr 2014 06:27:26 +0000 (08:27 +0200)]
s4:samba_dnsupdate: fix dnsobj.__str__()
We should not implicitly use the global variable 'd'.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 28 Apr 2014 15:26:51 +0000 (17:26 +0200)]
s4:samba_dnsupdate: don't lower case the registered names
This matches Windows...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 19 Aug 2014 08:33:11 +0000 (10:33 +0200)]
python/join: use lowercase for the dnshostname.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 19 Jun 2014 15:21:16 +0000 (17:21 +0200)]
selftest/Samba3: also bind to ipv6
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 19 Jun 2014 15:21:16 +0000 (17:21 +0200)]
selftest/Samba4: also bind to ipv6
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 19 Jun 2014 15:21:16 +0000 (17:21 +0200)]
selftest: export _IPV6 environment variables
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 10 Jul 2014 05:25:08 +0000 (07:25 +0200)]
libcli/dns: ignore NS entries in dns_hosts_file.c at a higher log level for now
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 10 Jul 2014 05:25:08 +0000 (07:25 +0200)]
libcli/dns: add AAAA support to dns_hosts_file.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 30 Jul 2014 15:57:13 +0000 (17:57 +0200)]
s4:dlz_bind9: do an early talloc_free(el_ctx) in dlz_allnodes()
We don't have to keep everything arround while walking the whole zone.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 27 Feb 2014 08:59:51 +0000 (09:59 +0100)]
s4:dlz_bind9: avoid some compiler warnings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 31 Jul 2014 07:35:26 +0000 (09:35 +0200)]
s4:dns_server: handle tombstones in handle_one_update()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 31 Jul 2014 08:44:41 +0000 (10:44 +0200)]
s4:dns_server: add DNS_TYPE_TOMBSTONE support to dns_common_replace()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 31 Jul 2014 06:54:17 +0000 (08:54 +0200)]
s4:dns_server: make sure dns_common_lookup() doesn't return tombstones
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 31 Jul 2014 07:32:00 +0000 (09:32 +0200)]
s4:dns_server: use .wType = DNS_TYPE_TOMBSTONE instead of ZERO_STRUCT()
The result is the same, but it is clearer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 30 Jul 2014 16:27:56 +0000 (18:27 +0200)]
s4:dns_server: split out dns_common_replace()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 31 Jul 2014 09:32:02 +0000 (11:32 +0200)]
s4:dns_server: remove const from dns_replace_records()
All callers are find we the record array gets modified.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 30 Jul 2014 06:24:10 +0000 (08:24 +0200)]
s4:dns_server: split out dns_common_extract() and dns_common_lookup()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 30 Jul 2014 06:01:11 +0000 (08:01 +0200)]
s4:dns_server: split out a private 'dnsserver_common' library
This will contain common code for the internal dns server, the dlz_bind9 module
and the rpc dns management server.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 31 Jul 2014 06:19:50 +0000 (08:19 +0200)]
s4:dns_server: map LDB_ERR_NO_SUCH_OBJECT to WERR_DNS_ERROR_NAME_DOES_NOT_EXIST
This is the correct fix for commit
8b24c43b382740106474e26dec59e1419ba77306
and Bug: https://bugzilla.samba.org/show_bug.cgi?id=9559
With this change we have a consistent behavior between internal server
and the bind dlz module. We keep a dangling LDAP object without
dnsRecord attribute arround forever. This will be fixed in the following
commits.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 30 Jul 2014 15:55:57 +0000 (17:55 +0200)]
s4:dns_server: handle WERR_DNS_ERROR_NAME_DOES_NOT_EXIST in werr_to_dns_err()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Tue, 19 Aug 2014 14:32:15 +0000 (14:32 +0000)]
smbd: Properly initialize mangle_hash
[Bug 10782] mangle_hash() can fail to initialize charset (smbd crash).
https://bugzilla.samba.org/show_bug.cgi?id=10782
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 26 01:30:38 CEST 2014 on sn-devel-104
Arvid Requate [Thu, 17 Jan 2013 15:44:28 +0000 (16:44 +0100)]
passdb: fix NT_STATUS_NO_SUCH_GROUP
Share options like "force group" and "valid users = @group1"
triggered a NT_STATUS_NO_SUCH_GROUP. While the group was found in
the SAM backend, its objectclass was not retrived.
This fix also revealed a talloc access after free in the group
branch of pdb_samba_dsdb_getgrfilter.
[Bug 9570] Access failure for shares with "force group" or "valid users = @group"
https://bugzilla.samba.org/show_bug.cgi?id=9570
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Roel van Meer [Fri, 22 Aug 2014 13:11:04 +0000 (15:11 +0200)]
Don't discard result of checking grouptype
The pdb_samba_dsdb_getgrfilter() function first determines the security type
of a group and sets map->sid_name_use accordingly. A little later, this
variable is set again, undoing the previous work.
https://bugzilla.samba.org/show_bug.cgi?id=10777
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 23 02:48:52 CEST 2014 on sn-devel-104
Volker Lendecke [Thu, 21 Aug 2014 18:41:49 +0000 (18:41 +0000)]
messaging3: Avoid messaging_is_self_send
This was a bad API, and it was used in a buggy way: In
messaging_dispatch_rec we always did the defer, we referenced the
destination pid, not the source. In messaging_send_iov this is the right
thing to do to reference the destination, but when we have arrived in
messaging_dispatch_rec we should compare source and destination.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 21 Aug 2014 18:36:33 +0000 (18:36 +0000)]
lib: Introduce server_id_same_process()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 21 Aug 2014 19:55:06 +0000 (19:55 +0000)]
pthreadpool: Slightly serialize jobs
Using the new msg_source program with 1.500 instances against a single
msg_sink I found the msg_source process to spawn two worker threads for
synchronously sending the data towards the receiving socket. This should
not happen: Per destination node we only create one queue. We strictly
only add pthreadpool jobs one after the other, so a single helper thread
should be perfectly sufficient.
It turned out that under heavy overload the main sending thread was
scheduled before the thread that just had finished its send() job. So
the helper thread was not able to increment the pool->num_idle variable
indicating that we don't have to create a new thread when the new job
is added.
This patch moves the signalling write under the mutex. This means that
indicating readiness via the pipe and the pool->num_idle variable happen both
under the same mutex lock and thus are atomic. No superfluous threads anymore.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 21 Aug 2014 14:32:07 +0000 (14:32 +0000)]
messaging3: Add msg_sink/source -- perftest
With this pair of programs I did some performance tests of the messaging
system. Guess what -- I found two bugs :-)
See the subsequent patches.
With 1500 msg_source processes I can generate message overload: A
Intel(R) Xeon(R) CPU L5640 @ 2.27GHz
can receive roughly 100k messages per second. When using
messaging_read_send/recv user/system time is roughly even, a bit more
work done in user space. When using messaging_register, due to less
malloc activity, user space chews a lot less.
By the way: 1.500 helper threads in a blocking sendto() against a single
datagram socket reading as fast as it can (with epoll_wait in between)
only drove the loadavg to 12 on a 24-core machine. So I guess unix domain
datagram sockets are pretty well protected against overload. No thundering
herd or so. Interestingly "top" showed msg_sink at less than 90% CPU,
although it was clearly the bottleneck. But that must be a "top" artifact.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 6 Aug 2014 14:54:43 +0000 (16:54 +0200)]
selftest/Samba4: avoid warnings about 'path' not specified on 'ntvfs handler = cifs' shares
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 20 Aug 2014 09:53:28 +0000 (09:53 +0000)]
torture: Fix cleanup2 to utilize on-demand cleanup
Now we check the cleanup when conflicts happen, not when we first open
the file. This means we don't have to re-open the connection to make
cleanup happen.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 20 Aug 2014 09:52:39 +0000 (09:52 +0000)]
torture: Run the cleanup2 test against 2 nodes
This enables testing the brlock cleanup across ctdb
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 20 Aug 2014 09:07:14 +0000 (09:07 +0000)]
brlock: Remove validate_lock_entries
This is now only called during brl_forall. It does not really hurt if we list
dead processes here. If the upper layers really care, they can filter it out
themselves. The real lock conflicts are not removed on-demand.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 19 Aug 2014 12:36:55 +0000 (12:36 +0000)]
brlock: Do auto-cleanup at conflict time
This avoids the need to do sweeping validate_lock_entries calls
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 21 Aug 2014 23:28:42 +0000 (16:28 -0700)]
s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common().
Tidy-up of code obsoleted by fixes for bug #10773 (SECINFO_PROTECTED_DACL is not ignored).
We now never pass SECINFO_PROTECTED_DACL in security_information flags to this layer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 22 11:26:57 CEST 2014 on sn-devel-104
Volker Lendecke [Sat, 2 Aug 2014 11:26:44 +0000 (13:26 +0200)]
messaging_dgm: Factor out messaging_dgm_lockfile_name
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 22 05:20:43 CEST 2014 on sn-devel-104
Volker Lendecke [Sat, 2 Aug 2014 11:57:43 +0000 (13:57 +0200)]
messaging_dgm: Use %ju to fill lockfile
... much nicer than PRIu64
Also, append a \n. Makes it better readable when looking at the lockfile
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>