Jeremy Allison [Tue, 23 Sep 2014 21:51:18 +0000 (14:51 -0700)]
s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers.
Bug #10831 - SIGCLD Signal handler not correctly reinstalled on old library code use - smbrun etc.
https://bugzilla.samba.org/show_bug.cgi?id=10831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Jeremy Allison [Tue, 23 Sep 2014 21:48:35 +0000 (14:48 -0700)]
lib: util [ctdb]: Signal handling - change CatchChild() and CatchChildLeaveStatus() to return the previous handler.
Bug #10831 - SIGCLD Signal handler not correctly reinstalled on old library code use - smbrun etc.
https://bugzilla.samba.org/show_bug.cgi?id=10831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Jeremy Allison [Tue, 23 Sep 2014 20:32:37 +0000 (13:32 -0700)]
s3: nmbd: Ensure the main nmbd process doesn't create zombies.
Use the same mechanism as setup for smbd and winbindd.
Fixes bug #10830 - nmbd can leave unreaped zombies.
https://bugzilla.samba.org/show_bug.cgi?id=10830
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Tue, 30 Sep 2014 08:16:23 +0000 (10:16 +0200)]
s3:torture: transfer 1M message with fds in LOCAL-MESSAGING-FDPASS2 test
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Sep 30 19:01:30 CEST 2014 on sn-devel-104
Michael Adam [Tue, 30 Sep 2014 08:15:33 +0000 (10:15 +0200)]
s3:torture: wait in tevent-loop for child to confirm receive in FDPASS2 msg test
This is the only way to correctly transfer bigger messages.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Tue, 30 Sep 2014 08:13:17 +0000 (10:13 +0200)]
s3:torture: fix a message in LOCAL-MESSAGING-FDPASS2 test
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Mon, 29 Sep 2014 22:30:58 +0000 (00:30 +0200)]
selftest: run LOCAL-MESSAGING-READ4
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Wed, 24 Sep 2014 22:28:14 +0000 (00:28 +0200)]
s3:torture: add LOCAL-MESSAGING-READ4 - send 1MB message
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Tue, 30 Sep 2014 08:01:51 +0000 (10:01 +0200)]
s3:messaging: explain why the messaging_send*() functions need a tevent-loop.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Tue, 30 Sep 2014 11:06:18 +0000 (13:06 +0200)]
s3:unix_msg: document closing of fds in the receive handler
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Michael Adam [Wed, 24 Sep 2014 22:28:48 +0000 (00:28 +0200)]
s3:unix_msg: close the fds in unix_dgram_recv_handler() after the callback has run
If the caller wants to use passed fds, he should copy them away
and set them to -1.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Tue, 30 Sep 2014 07:48:18 +0000 (09:48 +0200)]
s3:messaging: upon receiving fds, dup them so the caller can safely close them.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Tue, 30 Sep 2014 09:29:22 +0000 (11:29 +0200)]
s3:messaging: allow the messaging receive callback to change the fds
This allows the callback to consume the fds and e.g. set
them to -1 so that the caller can then treat (close) only those
fds that have not been consumed.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Mon, 29 Sep 2014 09:08:53 +0000 (11:08 +0200)]
s3:unix_msg: don't fill cmsg buffer in unix_dgram_send_job()
Do this in queue_msg, instead.
This renders unix_dgram_send_job() as simple as it was before
we introduced fd-passing -- as it is intended.
This also changes struct unix_dgram_msg to not contain
the fd-array, but the correspondingly filled msghdr and cmsg buf.
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 29 Sep 2014 11:31:27 +0000 (13:31 +0200)]
s3:unix_msg: add close_fd_array_cmsg()
Variant of close_fd_array() operating on fd_array inside msghdr.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Mon, 29 Sep 2014 10:54:00 +0000 (12:54 +0200)]
s3:unix_msg: factor extract_fd_array_from_msghdr() out of unix_dgram_recv_handler()
For re-use.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Mon, 29 Sep 2014 10:27:37 +0000 (12:27 +0200)]
s3:unix_msg: simplify queue_msg() by moving space calculations up.
This allows for early direct return instead of the goto invalid,
since the fds_copy array is filled later.
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 29 Sep 2014 10:15:54 +0000 (12:15 +0200)]
s3:unix_msg: use an iov in unix_dgram_msg/queue_msg instead of buffer and length
This is equivalent, reads more easily and makes extraction
more obvious.
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 29 Sep 2014 09:39:24 +0000 (11:39 +0200)]
s3:unix_msg: rename a variable buflen->data_len in queue_msg()
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 29 Sep 2014 09:54:12 +0000 (11:54 +0200)]
s3:unix_msg: use a buffer pointer instead of array indexes for the iov buffer
This is more obvious to read and a preparation for following commits.
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 29 Sep 2014 09:06:32 +0000 (11:06 +0200)]
s3:unix_msg: remember errno in unix_dgram_send_job in case of send error.
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 29 Sep 2014 09:04:03 +0000 (11:04 +0200)]
s3:unix_msg: don't close the fd-array at the end of unix_dgram_send_job()
These pthread-pool-jobs should be minimal and ideally only do one
syscall. The closing of the fds is done in unix_dgram_job_finished().
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Sat, 27 Sep 2014 23:42:39 +0000 (01:42 +0200)]
s3:unix_msg: add "close_fds" exit point to unix_msg_recv()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Mon, 29 Sep 2014 09:01:54 +0000 (11:01 +0200)]
s3:messaging: msg_type int->uint32_t in struct messaging_hdr
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Mon, 29 Sep 2014 09:01:11 +0000 (11:01 +0200)]
s3:messaging: fix uninitialized data introduced by padding
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Tue, 30 Sep 2014 12:44:30 +0000 (14:44 +0200)]
tevent: version 0.9.22
* pkgconfig fixes
* Bug #10640 - smbd is not responding - tevent_common_signal_handler()
increments non-atomic variables.
https://bugzilla.samba.org/show_bug.cgi?id=10640
* Minor compile fixes
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Tue, 22 Jul 2014 12:54:11 +0000 (14:54 +0200)]
tevent: remove unused exit_code in tevent_select.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Tue, 22 Jul 2014 12:54:11 +0000 (14:54 +0200)]
tevent: remove unused exit_code in tevent_poll.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andrew Bartlett [Mon, 11 Aug 2014 05:31:53 +0000 (17:31 +1200)]
repl: Specify the target realm in dreplsrv_get_target_principal()
We know what realm we need to contact, so avoid trying to correctly get a referral from our KDC.
Andrew Bartlett
Change-Id: I154ff72f3176d581b64e0c67d4a9c5f1f76b7924
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 30 14:58:50 CEST 2014 on sn-devel-104
Andrew Bartlett [Tue, 23 Sep 2014 20:40:23 +0000 (13:40 -0700)]
WHATSNEW: Include info on secured winbindd connections
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 5 Sep 2014 05:38:38 +0000 (17:38 +1200)]
winbindd: Change value of "ldap sasl wrapping" to sign
This is to disrupt MITM attacks between us and our DC
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 5 Sep 2014 05:00:31 +0000 (17:00 +1200)]
winbindd: Do not make anonymous connections by default
The requirement is that we have "winbind sealed pipes = false" and
"require strong key = false" before we make anonymous connections.
These are a security risk as we cannot prevent MITM attacks.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 24 Sep 2014 18:01:18 +0000 (11:01 -0700)]
provision: Change the default functional level of new Samba domains to 2008R2.
Windows 2003 is going out of support shortly, and we want users to have AES by default
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Sun, 28 Sep 2014 23:10:47 +0000 (16:10 -0700)]
ldb: fix a typo in the comment, LDB_FLAGS_MOD_xxx -> LDB_FLAG_MOD_xxx
Change-Id: I99ac6e272aa0f54a2720c58f630ae472068f255b
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Tue Sep 30 08:19:55 CEST 2014 on sn-devel-104
Christof Schmitt [Thu, 11 Sep 2014 23:39:21 +0000 (16:39 -0700)]
s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call
Create a new lsa_RefDomainList and populate it with the domain SID from
the original query. That avoids the problem that for migrated objects,
LookupSids returns the SID of the new domain, and combining that with
the RID from the input results in an invalid SID.
A better fix would be querying the RID of the user in the new domain,
but the approach here at least avoids id mappings entries for invalid
SIDs.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 29 13:15:18 CEST 2014 on sn-devel-104
Christof Schmitt [Thu, 11 Sep 2014 23:11:06 +0000 (16:11 -0700)]
s3: Move init_lsa_ref_domain_list to lib
This will be used in the next patch in winbind.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Fri, 26 Sep 2014 01:12:14 +0000 (03:12 +0200)]
s3:net_rpc_printer: make use of cli_credentials_get_username()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 29 10:51:37 CEST 2014 on sn-devel-104
Andrew Bartlett [Tue, 23 Sep 2014 21:05:43 +0000 (14:05 -0700)]
lib/util: Do not duplicate the protocol list, use smb_constants.h
This avoids the two lists getting out of sync, and only applies to a Samba build due to the surrounding #ifdef
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 25 Sep 2014 22:49:37 +0000 (00:49 +0200)]
lib/param: set the kccsrv:samba_kcc option to false by default
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10697
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 11 Oct 2013 02:10:29 +0000 (15:10 +1300)]
s3-winbindd: Require SMB signing by default to disrupt MITM attacks with our DC
This makes it much harder to impersonate the DC, but allows this to be
turned off or returned to IF_REQUIRED with a simple change to the
'client signing' smb.conf parameter.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Sep 28 06:25:55 CEST 2014 on sn-devel-104
Guy Harris [Sat, 27 Sep 2014 13:41:22 +0000 (15:41 +0200)]
pidl: Strip trailing whitespace from pidl, for easier exchange of patches with wireshark.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10843
Change-Id: I7f1c1d9dd03acd35e59f2d16cc94ee0e8f3f1271
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sun Sep 28 03:59:35 CEST 2014 on sn-devel-104
Jelmer Vernooij [Sat, 27 Sep 2014 14:11:43 +0000 (16:11 +0200)]
fileserver: raise debug level for share connection closing for non-IPC to 2.
This reduces spamming during 'make test' runs.
This change is consistent with
aad5eeb9b4f67b03988ceefb7888cb63ecefcf30, which raised the log level for logging of new non-IPC connections.
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Change-Id: I4343570c8d6158b6715e514a8a7cd323a9c727ae
Reviewed-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Fri, 26 Sep 2014 11:25:41 +0000 (13:25 +0200)]
libcli: Remove unreachable code in cldap.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Fri, 26 Sep 2014 11:21:04 +0000 (13:21 +0200)]
libcli: Remove unreachable code in dns_hosts_file.
The count is already checked for 0 above this line so it can never be 0
at this point.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Matthieu Patou [Fri, 26 Sep 2014 16:34:26 +0000 (09:34 -0700)]
Declare empty target as phony otherwise they are caught by the '%' rule
Without that build on the build farm is broken:
'build' finished successfully (8.162s)
WAF_MAKE=1 python ./buildtools/bin/waf --targets=everything
Selected embedded Heimdal build
Waf: Entering directory `/memdisk/build/samba_4_0_test/bin'
Selected embedded Heimdal build
Waf: Leaving directory `/memdisk/build/samba_4_0_test/bin'
target 'everything' does not exist
make: *** [everything] Error 1
Change-Id: Id5bc37f803efd764f00c37f8add560d6de2e3a2f
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Michael Adam <obnox@samba.org>
Andrew Bartlett [Thu, 25 Sep 2014 22:42:16 +0000 (15:42 -0700)]
samba_dnsupdate: Look for ForestDnsZones in the right place
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Sep 27 22:09:29 CEST 2014 on sn-devel-104
Stefan Metzmacher [Wed, 7 Aug 2013 14:34:28 +0000 (16:34 +0200)]
s3:passdb: add pdb_get_trust_credentials()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Jelmer Vernooij [Sat, 27 Sep 2014 14:42:38 +0000 (16:42 +0200)]
acl: Fix typo: structrual -> structural
Change-Id: I859f62042e16d146ab4cb1490ab725d2bfa06db1
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jelmer Vernooij [Sat, 27 Sep 2014 14:28:27 +0000 (16:28 +0200)]
dsdb: Be less verbose when announcing kcc is being invoked.
Change-Id: I94ab7d92e7e4f4311f0b20b1072c3ad05155d068
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Michael Adam [Wed, 24 Sep 2014 17:11:27 +0000 (19:11 +0200)]
s3:torture: in LOCAL-MESSAGING-FDPASS2, close fds after passing them
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Sep 27 12:44:55 CEST 2014 on sn-devel-104
Michael Adam [Thu, 25 Sep 2014 17:56:52 +0000 (19:56 +0200)]
s3:unix_msg: fix a tab<->space mixup in unix_msg_recv()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Fri, 26 Sep 2014 04:31:58 +0000 (06:31 +0200)]
smbd:smb2: improve smbd_smb2_protocol_dialect_match(), removing code duplication
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andrew Bartlett [Mon, 22 Sep 2014 19:19:11 +0000 (12:19 -0700)]
WHATSNEW: Update WHATSNEW for new default winbind implementation
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Sep 27 04:01:33 CEST 2014 on sn-devel-104
Andrew Bartlett [Mon, 22 Sep 2014 23:43:18 +0000 (16:43 -0700)]
credentials: Allow the secrets.tdb password to be newer than the secrets.ldb password
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 22 Sep 2014 06:38:10 +0000 (23:38 -0700)]
Fix commented out code in kpasswd server to use correct function
The fix in
ac2d31e24cfa24f6674b645b3661a1a2ce9ab060 picked the wrong function name. This is meant
to be the remote address, not the local one, if we ever have to re-instate this code.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 27 Aug 2014 03:09:22 +0000 (15:09 +1200)]
provision: explain why this is required
Change-Id: Iaf8b13010b52e03db2eefe1ad565d7ca768ffb48
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 23 Sep 2014 03:45:55 +0000 (20:45 -0700)]
librpc: gensec is our security provider abstraction, remove a void *
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 23 Sep 2014 06:19:46 +0000 (23:19 -0700)]
librpc: Remove user/domain from struct pipe_auth_data
This does require that we always fill in the gensec pointer, but the
simplification is worth the extra allocations.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 23 Sep 2014 17:02:57 +0000 (10:02 -0700)]
idl: Merge NETR_TRUST and LSA_TRUST definitions into one set only in lsa.idl
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Tue, 23 Sep 2014 20:45:32 +0000 (13:45 -0700)]
librpc/ndr_drsuapi: Allow ndrdump to dump dsinfo52 blobs
Change-Id: I6968b25c67587296b928b2193a9d48093c69c01a
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 4 Sep 2014 02:06:40 +0000 (14:06 +1200)]
torture: Fix use-after-free in ldap.nested-search
Found by AddressSanitizer
Change-Id: Ie3bb4054201382cacb4b296308d561a3548f8cff
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 26 Sep 2014 19:06:38 +0000 (21:06 +0200)]
s4-auth/kerberos: fix salting principal, make sure hostname is lowercase.
Found at MS interop event while working on AES kerberos key support.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Sep 26 23:37:09 CEST 2014 on sn-devel-104
Günther Deschner [Fri, 23 Nov 2012 11:34:27 +0000 (12:34 +0100)]
s3-libnet: set list of allowed krb5 encryption types in AD >= 2008.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 24 Sep 2014 21:36:19 +0000 (23:36 +0200)]
s3-net: add manpage documentation for "net ads enctypes".
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 24 Sep 2014 20:16:20 +0000 (22:16 +0200)]
s3-net: add "net ads enctypes {list,set,delete}".
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Fri, 26 Sep 2014 06:32:50 +0000 (23:32 -0700)]
Add some plumbing in our top level Makefile to make life easier
For instance you can type make bin/smbd to build just smbd (and it's
dependencies still) or make bin/smbd bin/smbtorture
You can also do make service_drepl if you want just to build the stuff
related to DRS
Change-Id: I61bdaeff79ecfb1a15728c2de7e6a6a14dd8bc7d
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Fri Sep 26 11:48:11 CEST 2014 on sn-devel-104
Günther Deschner [Fri, 26 Sep 2014 01:35:43 +0000 (03:35 +0200)]
s3-libnet: Make sure we do not overwrite precreated SPNs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Sep 26 08:22:45 CEST 2014 on sn-devel-104
Andreas Schneider [Fri, 26 Sep 2014 01:09:08 +0000 (03:09 +0200)]
s3-libnet: Add libnet_join_get_machine_spns().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Wed, 24 Sep 2014 08:51:33 +0000 (10:51 +0200)]
s3-libads: Add all machine account principals to the keytab.
This adds all SPNs defined in the DC for the computer account to the
keytab using 'net ads keytab create -P'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9985
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Wed, 24 Sep 2014 07:23:58 +0000 (09:23 +0200)]
s3-libads: Add function to search for an element in an array.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Wed, 24 Sep 2014 07:22:03 +0000 (09:22 +0200)]
s3-libads: Add a function to retrieve the SPNs of a computer account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Tue, 23 Sep 2014 12:09:41 +0000 (14:09 +0200)]
s3-libads: Improve service principle guessing.
If the name passed to the net command with the -S options is the long
hostname of the domaincontroller and not the 15 char NetBIOS name we
should construct a FQDN with the realm to get a Kerberos ticket.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10829
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Jeremy Allison [Mon, 22 Sep 2014 23:08:26 +0000 (16:08 -0700)]
s4: libcli: ldap message - Ensure all asn1_XX returns are checked.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 26 03:15:00 CEST 2014 on sn-devel-104
Jeremy Allison [Mon, 22 Sep 2014 20:28:18 +0000 (13:28 -0700)]
s4: libcli: ldap controls - Ensure all asn1_XX returns are checked.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Jeremy Allison [Fri, 19 Sep 2014 22:21:06 +0000 (15:21 -0700)]
s3: tldap_util: Ensure all asn1_XX returns are checked.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Jeremy Allison [Fri, 19 Sep 2014 22:16:38 +0000 (15:16 -0700)]
s4: auth: gensec: asn1 fixes - check all returns.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Jeremy Allison [Fri, 19 Sep 2014 22:10:46 +0000 (15:10 -0700)]
s3: tldap: Ensure all asn1_XX returns are checked.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Jeremy Allison [Fri, 19 Sep 2014 21:27:58 +0000 (14:27 -0700)]
s3: libsmb: Ensure all asn1_XX returns are checked.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Jeremy Allison [Fri, 19 Sep 2014 20:42:39 +0000 (13:42 -0700)]
libcli: auth: Ensure all asn1_XX returns are checked.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Jeremy Allison [Fri, 19 Sep 2014 19:46:49 +0000 (12:46 -0700)]
lib: util: asn1 tests. Check every asn1 return.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Jeremy Allison [Fri, 19 Sep 2014 19:41:22 +0000 (12:41 -0700)]
auth: gensec: asn1 fixes - check all returns.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Jeremy Allison [Fri, 19 Sep 2014 19:39:19 +0000 (12:39 -0700)]
lib: util: asn1 fixes - check all returns.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Ralph Boehme [Mon, 15 Sep 2014 11:53:22 +0000 (13:53 +0200)]
vfs_fruit: update rfork size in AppleDouble header
Update the AppleDouble entry with the new size when ftruncating a
resource fork.
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 25 23:43:35 CEST 2014 on sn-devel-104
Ralph Boehme [Mon, 15 Sep 2014 11:49:48 +0000 (13:49 +0200)]
vfs_fruit: ad_write: path may be NULL for rfork
In preperation of the next commit where we want to call ad_write() on
a resource fork without having a name, just an fsp, which is fine for
resource forks.
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Mon, 15 Sep 2014 11:51:41 +0000 (13:51 +0200)]
vfs_fruit: fix resource fork length calculation
Don't add the AppleDouble header size to the resource fork size.
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Mon, 15 Sep 2014 14:38:09 +0000 (16:38 +0200)]
s4:torture:vfs_fruit: add size checks for resource fork IO
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Sat, 30 Aug 2014 08:24:05 +0000 (10:24 +0200)]
vfs_fruit: fix unpacking of AppleDouble files
OS X AppleDouble files may contain a FinderInfo AppleDouble entry
larger then 32 bytes containing additional packed xattrs. ad_unpack()
must deal with this in a way that allows callers to possibly fixup
the entry.
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Sat, 30 Aug 2014 08:21:31 +0000 (10:21 +0200)]
s4:torture:vfs_fruit: add test for OS X AppleDouble conversion
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Amitay Isaacs [Thu, 25 Sep 2014 07:55:15 +0000 (17:55 +1000)]
ctdb-daemon: Fix the usage for lock helper
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Sep 25 17:16:31 CEST 2014 on sn-devel-104
Amitay Isaacs [Thu, 25 Sep 2014 07:17:04 +0000 (17:17 +1000)]
ctdb-recoverd: If obtaining recovery lock fails, try again
When ctdb daemon starts up, it considers itself the recovery master
and tries to do first recovery. However, it's possible that there is
already a recovery master and the current node has not yet heard from it.
So do not ban ourselves immediately if ctdb_recovery_lock() fails when
doing first recovery.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 25 Sep 2014 02:46:22 +0000 (12:46 +1000)]
ctdb-scripts: Fix the regular expresssion for parsing /proc/locks
The major and minor device numbers are hexadecimal not decimal.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Sep 25 07:19:59 CEST 2014 on sn-devel-104
Amitay Isaacs [Thu, 25 Sep 2014 02:44:59 +0000 (12:44 +1000)]
ctdb-locking: Reset ttimer before doing an early return
When timer expires, timeout handler routine sets lock_ctx->ttimer
to a newly created timer event. However, when a node is INACTIVE,
timeout handler returns early with lock_ctx->ttimer set to the previous
timer event. This timer event gets freed when the callback returns and
lock_ctx->ttimer remains set to already freed timer event.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Volker Lendecke [Wed, 24 Sep 2014 17:46:17 +0000 (19:46 +0200)]
tdb: Improve wording in a comment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 25 00:59:16 CEST 2014 on sn-devel-104
Michael Adam [Tue, 23 Sep 2014 07:52:16 +0000 (09:52 +0200)]
s3:torture: in LOCAL-MESSAGING-READ3, print some messages to child
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Sep 24 11:09:43 CEST 2014 on sn-devel-104
Michael Adam [Tue, 23 Sep 2014 07:51:40 +0000 (09:51 +0200)]
s3:torture: in LOCAL-MESSAGING-READ3, tell child to exit and wait
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Wed, 24 Sep 2014 05:19:03 +0000 (07:19 +0200)]
selftest: run smbtorture3 LOCAL-MESSAGING-FDPASS2 test
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Tue, 23 Sep 2014 07:53:15 +0000 (09:53 +0200)]
s3:torture: work on LOCAL-MESSAGING-FDPASS2
- parent: fork
- parent: create up and down pipes,
- parent: pass read end of up pipe and write end of down pipe to child
- parent: write to up pipe
- child: read from up pipe
- child: write to down pipe
- parent: read from down pipe
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 22 Sep 2014 18:13:39 +0000 (20:13 +0200)]
selftest: run smbtorture3 LOCAL-MESSAGING-FDPASS1 test
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 18 Aug 2014 16:20:34 +0000 (18:20 +0200)]
s3:torture: add test LOCAL-MESSAGING-FDPASS1
Verify that a process can not pass an fd to itself.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Sat, 17 May 2014 13:19:18 +0000 (15:19 +0200)]
s3:messaging: add fds-array to messaging_send_iov()
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>