Jeremy Allison [Mon, 14 Aug 2017 22:54:39 +0000 (15:54 -0700)]
lib: tevent: Use system <tevent.h>, not internal header path (except in self-test).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Anoop C S [Mon, 14 Aug 2017 09:54:20 +0000 (15:24 +0530)]
s3: messaging: Add background job send failure message
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Aug 16 16:26:12 CEST 2017 on sn-devel-144
Volker Lendecke [Wed, 26 Jul 2017 13:18:16 +0000 (15:18 +0200)]
libhttp: Remove an unneeded include
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 16 04:11:47 CEST 2017 on sn-devel-144
Volker Lendecke [Wed, 26 Jul 2017 13:14:51 +0000 (15:14 +0200)]
dbwrap: Simplify dbwrap_unmarshall_fn
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 26 Jul 2017 13:12:21 +0000 (15:12 +0200)]
dbwrap: Simplify dbwrap_trans_delete
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 26 Jul 2017 13:10:55 +0000 (15:10 +0200)]
dbwrap: Simplify dbwrap_trans_store
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 26 Jul 2017 12:56:53 +0000 (14:56 +0200)]
dbwrap: Simplify dbwrap_store_uint32_bystring
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 26 Jul 2017 12:56:53 +0000 (14:56 +0200)]
dbwrap: Simplify dbwrap_store_int32_bystring
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 9 Nov 2016 15:37:49 +0000 (16:37 +0100)]
dbwrap: Convert dbwrap_delete to dbwrap_do_locked
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 9 Nov 2016 15:34:28 +0000 (16:34 +0100)]
dbwrap: Convert dbwrap_store to dbwrap_do_locked
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Wed, 9 Aug 2017 01:57:13 +0000 (13:57 +1200)]
py-librpc: Strictly check the type of the incoming sid pointer
This avoids casting another type of object to a void* and then to a SID
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Aug 15 12:00:58 CEST 2017 on sn-devel-144
Andrew Bartlett [Wed, 9 Aug 2017 04:44:24 +0000 (16:44 +1200)]
s4/lib/tls: Use SHA256 to sign the TLS certificates
The use of SHA-1 has been on the "do not" list for a while now, so make our
self-signed certificates use SHA256 using the new
gnutls_x509_crt_sign2 provided since GNUTLS 1.2.0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12953
Gary Lockyer [Wed, 19 Jul 2017 21:13:43 +0000 (09:13 +1200)]
samba-tool dns query: Allow '*' in names
As DNS wild cards are now supported we need to allow '*' characters in
the domain names.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
Gary Lockyer [Mon, 7 Aug 2017 01:42:02 +0000 (13:42 +1200)]
samba-tool dns: Test support of DNS wild card in names
As DNS wild cards are now supported we need to allow '*' characters in
the domain names.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
Gary Lockyer [Thu, 3 Aug 2017 03:12:02 +0000 (15:12 +1200)]
dnsserver: Add support for dns wildcards
Add support for dns wildcard records. i.e. if the following records
exist
exact.samba.example.com 3600 A 1.1.1.1
*.samba.example.com 3600 A 1.1.1.2
look up on exact.samba.example.com will return 1.1.1.1
look up on *.samba.example.com will return 1.1.1.2
look up on other.samba.example.com will return 1.1.1.2
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
Gary Lockyer [Thu, 3 Aug 2017 03:12:51 +0000 (15:12 +1200)]
dnsserver: Tighten DNS name checking
Add checks for the maximum permitted length, maximum number of labels
and the maximum label length. These extra checks will be used by the
DNS wild card handling.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
Gary Lockyer [Tue, 25 Jul 2017 02:14:53 +0000 (14:14 +1200)]
dnsserver: Tests for dns wildcard entries
Add tests for dns wildcards.
Tests validated against Windows Server 2012 R2
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
Jeremy Allison [Mon, 14 Aug 2017 20:02:30 +0000 (13:02 -0700)]
s4: com: Replace erroneous inclusion of internal talloc.h header with external.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 15 08:06:40 CEST 2017 on sn-devel-144
Amitay Isaacs [Thu, 10 Aug 2017 04:50:02 +0000 (14:50 +1000)]
ctdb-daemon: Drop the implementation of CHECK_SRVIDS control
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Aug 14 13:00:16 CEST 2017 on sn-devel-144
Amitay Isaacs [Fri, 4 Aug 2017 04:30:41 +0000 (14:30 +1000)]
ctdb-protocol: Drop unused protocol data structures
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 4 Aug 2017 04:27:26 +0000 (14:27 +1000)]
ctdb-protocol: Drop marshalling code for CHECK_SRVIDS control
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 4 Aug 2017 04:25:04 +0000 (14:25 +1000)]
ctdb-client: Drop client code to send CHECK_SRVIDS control
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 4 Aug 2017 04:24:33 +0000 (14:24 +1000)]
ctdb-tools: Drop check_srvids command from ctdb tool
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 4 Aug 2017 04:06:25 +0000 (14:06 +1000)]
ctdb-protocol: Mark CTDB_CONTROL_CHECK_SRVIDS obsolete
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 4 Aug 2017 04:22:31 +0000 (14:22 +1000)]
ctdb-client: Server id exists should check if the pid still exists
This matches what the older client code and samba does.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Thu, 10 Aug 2017 10:23:09 +0000 (20:23 +1000)]
ctdb-tools: Remove duplicate code
These lines are duplicates of those above. It has always been this
way...
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Aug 14 09:00:45 CEST 2017 on sn-devel-144
Martin Schwenke [Fri, 11 Aug 2017 02:49:32 +0000 (12:49 +1000)]
ctdb-scripts: Ignore shellcheck SC2181 warning (use of $?)
Given the size of the command substitutions it would be less clear to
embed the assignments and substitutions inside a conditional. It is
clearer if the exit code is checked afterwards.
However, do fix some untidy uses of != instead of -ne when comparing
with $?. Make the code easier to understand by reversing the logic
and using -eq and ||.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 13 Jul 2017 02:58:33 +0000 (12:58 +1000)]
ctdb-tools: Avoid shellcheck SC2181 warnings (use of $?) in onnode
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 11 Aug 2017 04:06:30 +0000 (14:06 +1000)]
ctdb-tools: Use a clear and readable if-statement
This is consistent with the if-statement above.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 9 Aug 2017 07:11:18 +0000 (17:11 +1000)]
ctdb-tools: Reformat and explain complex code
There are multiple command groups and redirects on very long lines.
Reformat the long lines to break them up and add a comment to explain
what is happening.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 13 Jul 2017 03:08:39 +0000 (13:08 +1000)]
ctdb-tools: Avoid shellcheck SC2188 warning (redirect without command)
Shellcheck found a bug!
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 13 Jul 2017 02:52:39 +0000 (12:52 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2188 (redirect without command)
This makes the code look deliberate instead like something has been
accidentally omitted.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 3 Aug 2017 11:01:59 +0000 (21:01 +1000)]
ctdb-tests: Indentation fixups
The rest of the code in this file now matches the coding guidelines,
so clean up the rest.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 15 Mar 2017 04:50:46 +0000 (15:50 +1100)]
ctdb-tests: Fix logic to handle PATH additions for tests
When using non-standard test subdirectories, the current code can fail
to find the test bin directory and stupidly just adds /bin to PATH.
Switch to using CTDB_TESTS_ARE_INSTALLED along with some sanity checks
to determine the mode of operation.
With this change, test directories can now be created as
subdirectories of arbitrary component directories. Tests can then be
run directly, either by specifying the subdirectory or individual test
cases.
Integration into the top-level tests/ directory is then done via a
symbolic link, which enables 2 things:
* Ability to run a directory of test cases from top level by simply
specifying the link name.
* Ease of installation - the installation code just works with the
symbolic link.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 3 Aug 2017 10:57:47 +0000 (20:57 +1000)]
ctdb-tests: Move die() function to top of script
So it can be called within the script instead of just by scripts that
include it.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 3 Aug 2017 10:36:57 +0000 (20:36 +1000)]
ctdb-tests: run_tests.sh sets evironment variable CTDB_TEST_DIR
Instead of just local variable test_dir. The environment variable can
be accessed from other test infrastructure scripts.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Andreas Schneider [Wed, 9 Aug 2017 10:14:34 +0000 (12:14 +0200)]
blackbox: Add test for 'net ads changetrustpw'
BUG: BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 11 22:09:27 CEST 2017 on sn-devel-144
Andreas Schneider [Wed, 9 Aug 2017 16:14:23 +0000 (18:14 +0200)]
s3:libads: Fix changing passwords with Kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Andreas Schneider [Tue, 18 Jul 2017 10:49:05 +0000 (12:49 +0200)]
s4:rpc_server:backupkey: Move variable into scope
CID: #
1415510
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12959
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 9 Aug 2017 15:01:09 +0000 (17:01 +0200)]
heimdal: Fix printing a short int into a string
The size of portstr is too small to print an integer and we should print
a short anyway.
This fixes building with GCC 7.1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 11 18:08:04 CEST 2017 on sn-devel-144
Ralph Boehme [Wed, 26 Jul 2017 12:29:33 +0000 (14:29 +0200)]
examples: add cache effectiveness stats to gencache.stp
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Aug 11 14:19:24 CEST 2017 on sn-devel-144
Ralph Boehme [Wed, 9 Aug 2017 13:24:41 +0000 (15:24 +0200)]
README.Coding: add "Error and out logic"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Simo <simo@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Aug 10 14:36:01 CEST 2017 on sn-devel-144
Martin Schwenke [Thu, 13 Jul 2017 05:52:54 +0000 (15:52 +1000)]
ctdb-tests: Add a big no-op LCP2 IP takeover test
Although this tests correctness it is most useful for testing that
changes to IP takeover algorithm do not cause obvious performance
regressions.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Aug 10 10:30:58 CEST 2017 on sn-devel-144
Martin Schwenke [Thu, 27 Jul 2017 05:04:30 +0000 (15:04 +1000)]
ctdb-takeover: Do not call ctdb_announce_vnn_iface() for updateip
This causes any tracked connections for the IP address to be lost.
When doing a takeip, the server sends a tickle ACK to the client, the
client responds with a valid ACK and the server's TCP stack responds
with a reset because the connection does not exist. However, in the
updateip, case the connection *does* exist, so the tickle *does not*
cause the connection to be reset.
ctdb_announce_vnn_iface() clears the list of tracked TCP connections
while sending the tickle ACKs. So, if there are no reconnects as in
the takeip case, then the list of connections is simply lost.
The "updateip" event in the 10.interface event script already sends
gratuitous ARPs and tickles connections in both directions. This
ensures that traffic continues after packets may have been dropped
when the script temporarily blocks traffic to the IP address.
All of this means that the call to ctdb_announce_vnn_iface() can just
be deleted.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 8 Aug 2017 10:50:25 +0000 (20:50 +1000)]
build: Do not recurse on symlinks to directories when building tarballs
DIST_FILES() causes all files in any specified directory to be
recursively added to the tarball. However, a symbolic link to a
directory is detected as a regular directory so is also subject to
recursion. This means that a symbolic link to a directory is
dereferenced and the directory of files beyond it are added to the
tarball under a directory corresponding to the link. This is almost
certainly not what is intended because it will usually result in
duplicate files. This is because the contents of a symbolic link's
target directory will already be present in the tarball.
Instead, do not treat symbolic links to directories as directories,
but add them to the tarball like normal files.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sun, 6 Aug 2017 04:56:17 +0000 (14:56 +1000)]
build: Do not ignore symlinks to directories when building tarballs
Tarballs currently do not contain symbolic links to directories even
if they are committed in git. This means that CTDB tests fail when
run in-tree from a tarball, due to a couple of missing links needed by
unit tests:
ERROR: Directory .../ctdb/tests/var/unit_eventscripts/etc-ctdb/events.d does not exist.
Subdirectories of directories specified via DIST_DIRS() are ignored,
since all the files within them are separately added to the tarball.
Symbolic links to directories are detected as directories, so they are
also ignored, causing them to be missing from the tarball.
Instead, do not treat symbolic links to directories as directories,
but add them to the tarball like normal files.
It is easy to confirm that this change causes no difference to current
tarballs other than causing the missing CTDB test links to be added:
$ diff -u samba-4.8.0pre1-GIT-
eb691cd0242.tar.gz.contents samba-4.8.0pre1-GIT-
dfb16de0149.tar.gz.contents
--- samba-4.8.0pre1-GIT-
eb691cd0242.tar.gz.contents 2017-08-08 20:21:40.
022993091 +1000
+++ samba-4.8.0pre1-GIT-
dfb16de0149.tar.gz.contents 2017-08-08 20:35:11.
001580747 +1000
@@ -578,7 +578,9 @@
ctdb/tests/eventscripts/91.lvs.startup.001.sh
ctdb/tests/eventscripts/91.lvs.startup.002.sh
ctdb/tests/eventscripts/README
+ctdb/tests/eventscripts/etc-ctdb/events.d
ctdb/tests/eventscripts/etc-ctdb/functions
+ctdb/tests/eventscripts/etc-ctdb/nfs-checks.d
ctdb/tests/eventscripts/etc-ctdb/nfs-linux-kernel-callout
ctdb/tests/eventscripts/etc-ctdb/public_addresses
ctdb/tests/eventscripts/etc-ctdb/rc.local
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Andreas Schneider [Wed, 9 Aug 2017 07:58:35 +0000 (09:58 +0200)]
tdb: Do not allow to pass NULL as the buffer to transaction_write()
This fixes a GCC warning.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 10 02:26:09 CEST 2017 on sn-devel-144
Andreas Schneider [Wed, 9 Aug 2017 08:53:12 +0000 (10:53 +0200)]
tdb: Write zero data using 8k buffer in transaction_expand_file()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Wed, 9 Aug 2017 08:16:36 +0000 (10:16 +0200)]
tdb: Avoid NULL tdb_write
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Wed, 9 Aug 2017 08:15:27 +0000 (10:15 +0200)]
tdb: Consistency check for tdb_storev
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Wed, 24 May 2017 07:17:19 +0000 (09:17 +0200)]
vfs_fruit: factor out common code from ad_get() and ad_fget()
As a result of the previous changes ad_get() and ad_fget() do completey
the same, so factor out the common code to a new helper function. No
change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug 9 22:33:36 CEST 2017 on sn-devel-144
Ralph Boehme [Tue, 23 May 2017 15:44:16 +0000 (17:44 +0200)]
vfs_fruit: return fake pipe fd in fruit_open_meta_netatalk()
Do not open the basefile, that conflict with "kernel oplocks = yes". We
just return a fake file fd based on dup'ing a pipe fd and ensure all VFS
functions that go through vfs_fruit and work on the metadata stream can
deal with it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Tue, 23 May 2017 15:31:47 +0000 (17:31 +0200)]
vfs_fruit: don't open basefile in ad_open() and simplify API
We never need an fd on the basefile when operating on the metadata, as
we can always use path based syscalls. Opening the basefile conflicts
with "kernel oplocks" so just don't do it.
Additional changes:
- remove the adouble_type_t argument to ad_open(), the type is passed
and set when allocating a struct adouble with ad_alloc()
- additionally pass an optional fsp to ad_open() (so the caller can pass
NULL). With this change we can move the fd inheritance from fsp to ad
into ad_open() itself where it belongs and remove it from the caller
ad_fget()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Ralph Boehme [Tue, 23 May 2017 15:39:46 +0000 (17:39 +0200)]
vfs_fruit: use path based setxattr call in ad_fset()
This allows later commits to remove opening of the basefile which
conflict with "kernel oplocks = yes".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Thu, 18 May 2017 11:17:38 +0000 (13:17 +0200)]
s4/torture: additional tests for kernel-oplocks
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Ralph Boehme [Wed, 10 May 2017 09:38:06 +0000 (11:38 +0200)]
s4/torture: reproducer for kernel oplocks issue with streams
test_smb2_kernel_oplocks3() wouldn't have failed without the patches,
I'm just adding it to have at least one test that tests with 2
clients. All other tests use just one client.
test_smb2_kernel_oplocks4() is the reproducer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Ralph Boehme [Thu, 11 May 2017 16:08:56 +0000 (18:08 +0200)]
vfs_streams_xattr: return a fake fd in streams_xattr_open()
The final step in changing vfs_streams_xattr to not call open() on the
basefile anymore. Instead, we just return a fake file fd based on
dup'ing a pipe fd. Previous commits ensured all calls to VFS API
functions use pathname based versions to do their work.
This ensures we don't trigger kernel oplock breaks for client "open
stream" requests when needlessly opening the basefile.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Thu, 11 May 2017 16:05:18 +0000 (18:05 +0200)]
vfs_streams_xattr: implement all missing handle based VFS functions
Implement all missing handle based VFS function. If the call is on a
named stream, implement the appropriate action for the VFS function, in
most cases a no-op.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Thu, 11 May 2017 15:38:00 +0000 (17:38 +0200)]
vfs_streams_xattr: always pass NULL as fsp arg to get_ea_value()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Thu, 11 May 2017 15:36:15 +0000 (17:36 +0200)]
vfs_streams_xattr: remove fsp argument from get_xattr_size()
Still in the process of changing all handle based operations to use path
based operations.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Thu, 11 May 2017 13:05:23 +0000 (15:05 +0200)]
vfs_streams_xattr: remove all uses of fd, use name based functions
We don't really need an fd in this module, all calls to the VFS xattr
API can just use the name based versions.
This paves the way for removing the open of the basefile in
streams_xattr_open() in a later commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Thu, 11 May 2017 05:59:20 +0000 (07:59 +0200)]
vfs_streams_xattr: invalidate stat info if xattr was not found
We stat the basefile so we leave valid stat info from the base file
behind, even though the xattr for the stream was not there.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Wed, 9 Aug 2017 06:37:38 +0000 (08:37 +0200)]
s3:utils: Fix buffer size for snprintf and format string
GCC 7.1 produces an error:
‘snprintf’ output between 47 and 66 bytes into a destination of size 40
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 9 13:37:47 CEST 2017 on sn-devel-144
Andreas Schneider [Wed, 9 Aug 2017 06:23:29 +0000 (08:23 +0200)]
s3:torture: Fix spoolss test to build with -O3
Initialize variables so that we do not get a build warning that they
might be used uninitilized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Wed, 9 Aug 2017 05:45:04 +0000 (07:45 +0200)]
s4:samdb: Fix building Samba with -O3
gcc error: ‘result’ may be used uninitialized
This wont happen, because ldb will return and error, but the compiler
doesn't understand this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Thu, 8 Jun 2017 17:18:36 +0000 (19:18 +0200)]
vfs_gpfs: handle EACCES when fetching DOS attributes from xattr
When trying to fetch the DOS attributes via gpfswrap_get_winattrs_path()
if the filesystem doesn't grant READ_ATTR to the file the function fails
with EACCESS.
But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.
So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call gpfswrap_get_winattrs_path()
with DAC_OVERRIDE_CAPABILITY.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 9 01:21:14 CEST 2017 on sn-devel-144
Ralph Boehme [Thu, 8 Jun 2017 17:10:20 +0000 (19:10 +0200)]
s3/smbd: handle EACCES when fetching DOS attributes from xattr
When trying to fetch the DOS attributes xattr via SMB_VFS_GETXATTR() if
the filesystem doesn't grant read access to the file the xattr read
request fails with EACCESS.
But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.
So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call SMB_VFS_GETXATTR() as root,
ensuring we can read the DOS attributes xattr.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Ralph Boehme [Thu, 8 Jun 2017 17:05:48 +0000 (19:05 +0200)]
s3/smbd: handling of failed DOS attributes reading
Only fall back to using UNIX modes if we get NOT_IMPLEMENTED. This is
exactly what we already do when setting DOS attributes.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Andreas Schneider [Tue, 1 Aug 2017 14:07:58 +0000 (16:07 +0200)]
python:tests: Add test for warn_pwd_expire
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Aug 7 19:11:02 CEST 2017 on sn-devel-144
Andreas Schneider [Tue, 1 Aug 2017 14:05:57 +0000 (16:05 +0200)]
python:tests: Do not overwrite exit code
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Anoop C S [Mon, 31 Jul 2017 10:09:19 +0000 (15:39 +0530)]
source3/client: Fix typo in help message displayed by default
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12936
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Marc Muehlfeld [Sun, 6 Aug 2017 09:50:55 +0000 (11:50 +0200)]
python: Fix incorrect kdc.conf parameter name in kerberos.py
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 21 Jul 2017 10:29:31 +0000 (12:29 +0200)]
winbindd: give an IRPC error if wb_irpc_SamLogon() is called without useful routing information
The caller should have checked this already!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 21 Jul 2017 10:29:31 +0000 (12:29 +0200)]
winbindd: as DC we should try to get the target_domain from @SOMETHING part of the username in wb_irpc_SamLogon()
We still need a full routing table including all upn suffixes,
but this is a start to support NTLM authentication using user@REALM
against structed domains.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 21 Jul 2017 10:29:31 +0000 (12:29 +0200)]
winbindd: Print debug if we don't know how to route a wb_irpc_SamLogon() request
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 21 Jul 2017 10:29:31 +0000 (12:29 +0200)]
winbindd: allow all possible logon levels in wb_irpc_SamLogon()
We should just try to find the correct domain to forward the
request, all logic of not implementing serveral logon levels
belongs to the _winbind_SamLogon() implementation.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 16 Jun 2017 23:06:46 +0000 (01:06 +0200)]
s4:auth/ntlmssp: add support for using "winbind" as DC
This adds support for trusted domains to the auth stack on AD DCs.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 22 Mar 2017 10:16:47 +0000 (11:16 +0100)]
s4:auth: use "sam winbind" for the netlogon server
This adds authentication support for trusted domains to the
netlogon server.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 16 Jun 2017 21:07:04 +0000 (23:07 +0200)]
s4:auth/ntlm: provide auth_check_password_wrapper_send/recv to auth4_context
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 16 Jun 2017 15:18:17 +0000 (17:18 +0200)]
auth/common: add support for auth4_ctx->check_ntlm_password_send/recv()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 16 Jun 2017 15:14:35 +0000 (17:14 +0200)]
auth/ntlmssp: merge ntlmssp_server_check_password() into ntlmssp_server_auth_send()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 16 Jun 2017 14:16:15 +0000 (16:16 +0200)]
auth/ntlmssp: introduce ntlmssp_server_auth_send/recv
We still use the sync ntlmssp_server_check_password().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 14 Jun 2017 22:34:26 +0000 (00:34 +0200)]
auth/ntlmssp: prepare update_send/recv for real async processing
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 16 Jun 2017 22:56:09 +0000 (00:56 +0200)]
s4:auth_winbind: implement async authentication via IRPC
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 17 Mar 2017 18:36:08 +0000 (19:36 +0100)]
s4:rpc_server/netlogon: make use of auth_check_password_send/recv()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 21 Jul 2017 06:10:02 +0000 (08:10 +0200)]
s4:rpc_server/netlogon: make use of async kdc_check_generic_kerberos_send/recv()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 17 Mar 2017 18:27:38 +0000 (19:27 +0100)]
s4:rpc_server/netlogon: prepare dcesrv_netr_LogonSamLogon_base for async processing
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 21 Jul 2017 05:39:11 +0000 (07:39 +0200)]
s4:rpc_server/netlogon: check auth_level for validation level 6 already in dcesrv_netr_LogonSamLogon_check()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 11:06:58 +0000 (13:06 +0200)]
s4:librpc/rpc: add support for HttpAuthOption=negotiate
Note that rpcproxy.dll on Windows doesn't support kerberos,
it allways downgrades the connection to NTLMSSP.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 14:11:48 +0000 (16:11 +0200)]
s4:lib/http: pass down the target service/hostname to gensec
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 11:03:40 +0000 (13:03 +0200)]
s4:lib/http: add HTTP_AUTH_NEGOTIATE which maps to the "http_negotiate" gensec backend
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 11:03:03 +0000 (13:03 +0200)]
s4:http/gensec: implement "http_negotiate" using GENSEC_OID_SPNEGO
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 11:00:27 +0000 (13:00 +0200)]
s4:http/gensec: make the "NTLM" base64 wrapping more generic
We only need to know the prefix "NTLM" and the submech oid GENSEC_OID_NTLMSSP
everything else can be generic.
This should allow us to implement "Negotiate" with GENSEC_OID_SPNEGO
trivial.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 10:07:18 +0000 (12:07 +0200)]
s4:http/gensec: rename ntlm.c to generic.c
Check with git show -C
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 11:05:39 +0000 (13:05 +0200)]
s4:librpc/rpc: pass down HTTP_AUTH_* values directly to dcerpc_pipe_open_roh_send()
They get passed to http_send_auth_request_send() unmodified.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 21:05:53 +0000 (23:05 +0200)]
s4:librpc/rpc: remember the target_hostname on ncacn_http connections
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 13:48:35 +0000 (15:48 +0200)]
s4:lib/http: pass a generic prefix blob to http_parse_auth_response()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 13:46:38 +0000 (15:46 +0200)]
s4:lib/http: use strcasecmp(h->key, "WWW-Authenticate") instead of strncasecmp()
The key is already normalized and should match completely.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 12:44:51 +0000 (14:44 +0200)]
s4:lib/http: remove indentation level from http_parse_auth_response()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 16:12:27 +0000 (18:12 +0200)]
s4:lib/http: let http_read_response_send/recv() also consume the body if it fits into a max value
We need to consume full HTTP responses from the socket during the
authentication exchanges, otherwise our HTTP parser gets out of sync for
the next requests.
This will be important for gensec mechs which use an even number
for authentication packets.
I guess this should be done just based on the Content-Length value and
not based on the response code.
So far I saw bodies with 200 and 401 codes.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>