s3: smbd: smb2-posix: Wrap get_reparse_point in a function so it can be worked on separately.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: smb2-posix: Add SAMBA_XATTR_REPARSE_ATTRIB "user.SmbReparse" name.

Ensure it's prohibited for normal user access.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: smb2-posix: Allow POSIX open/create of a reparse point handle.

Some restrictions apply :-).

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: smb2-posix: Add is_reparsepoint bool to files_struct.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Check appropriate lp_smb1_unix_extensions() or lp_smb2_unix_extensions().

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Enable unix extensions if SMB1 or SMB2 parameter turned on.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: docs: Add "smb2 unix extensions" parameter.

Defaults to "no".

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Rename 'unix extensions' -? 'smb1 unix extensions'.

Make 'unix extensions' a synonym.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Change uses of lp_unix_extensions() -> unix_extensions_enabled().

Will allow us to split this into smb1_unix_extensions() and
smb2_unix_extensions() later.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: param: Wrap 'lp_unix_extensions()' with 'unix_extensions_enabled()'

Not yet used. Moving to splitting out the smb1 and smb2 unix extensions
parameter.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Mark unix directory opens as case-sensitive.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Use case_sensitive bool in struct smb_Dir

No change in behavior.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Add a case_sensitive field to struct smb_Dir.

Initialize from conn->case_sensitive. Will be used to decouple
SMB2 UNIX case sensitive from conn struct.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: posix filenames are never mangled.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Add wrapper function for mangle_is_mangled().

No current change.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Correctly set case settings for SMB2 posix pathnames.

Signed-off-by: Jeremy Allison <jra@samba.org>

Use local variables for case_sensitive/case_preserve/short_case_preserve.

Will allow easy change for SMB2 posix pathnames.

Signed-off-by: Jeremy Allison <jra@samba.org>

WIP: s3: smbd: Allow fchmod from the NFS-style mode ACL in set_nt_acl() for a SMB2 POSIX handle.

To set a mode, send a one-element ACL.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: smbd_do_query_security_desc() can now be made static to nttrans.c

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Expand smb2_query_security_desc() into a copy of smbd_do_query_security_desc().

Make the called functions smbd_fetch_security_desc()/smbd_marshall_security_desc()
public.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Add smb2_query_security_desc() - currently a wrapper for smbd_do_query_security_desc().

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Add smbd_marshall_security_desc().

Split smbd_do_query_security_desc() into two calls:

smbd_fetch_security_desc()
smbd_marshall_security_desc()

This will allow SMB2 POSIX handles to insert security descriptor ACE
elements between them.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Split out smbd_fetch_security_desc() from smbd_do_query_security_desc().

I'm going to split this up into a fetch()/marshal() pair to allow
smb2 posix handles to insert the extra mode info between the two.

Signed-off-by: Jeremy Allison <jra@samba.org>

Plumb SMB2_FIND_POSIX_INFORMATION through the directory reading code.

Signed-off-by: Jeremy Allison <jra@samba.org>

Add SMB2_FIND_POSIX_INFORMATION definition for SMB2 unix extensions.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Add SMB2_FILE_POSIX_INFORMATION getinfo info level (100 on the wire).

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: Update VFS version comment.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Plumb in POSIX lock requests through SMB2 lock calls if done on a POSIX handle.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Add lock_flav element to struct smbd_lock_element.

In preparation for passing through POSIX lock requests on a
posix-open smb2 handle using the normal lock calls.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Remove the overloading of file_attributes with POSIX permissions on a posix open.

Add a new mode_t parameter, but only look at it if file_attributes & FILE_FLAG_POSIX_SEMANTICS
is true.

Signed-off-by: Jeremy Allison <jra@samba.org>

Update note on VFS interface number.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Convert uses of FILE_FLAG_POSIX_SEMANTICS in VFS_CREATE to passing in smb2 posix create context.

Signed-off-by: Jeremy Allison <jra@samba.org>

Move the handling of the internals of the SMB2 posix create context into open.c

Signed-off-by: Jeremy Allison <jra@samba.org>

Add make_smb2_posix_create_ctx().

We'll probably end up using this in the client code,
but for now I want it so I can remove uses of the horrid
posix_paths ? FILE_FLAG_POSIX_SEMANTICS|0777
idiom, or at least hide them inside source3/smbd/open.c

Signed-off-by: Jeremy Allison <jra@samba.org>

SQUASH: Ensure we can only set permission bits.

Signed-off-by: Jeremy Allison <jra@samba.org>

SQUASH: We should be using unix_perms_to_wire here.

Signed-off-by: Jeremy Allison <jra@samba.org>

SQUASH: Fix offset when linearizing posix info blob.

Signed-off-by: Jeremy Allison <jra@samba.org>

WIP.

Signed-off-by: Jeremy Allison <jra@samba.org>

WIP. Implement the server-side of the SMB2 create context code.

Signed-off-by: Jeremy Allison <jra@samba.org>

WIP. Add client support to ask for UNIX extensions.

Signed-off-by: Jeremy Allison <jra@samba.org>

WIP. Allow server to return SMB2 UNIX extensions if client requests it.

Signed-off-by: Jeremy Allison <jra@samba.org>

smb2-unix: Add definitions for negprot and create context.

Signed-off-by: Jeremy Allison <jra@samba.org>

libcli: Pass buf/len to smb2_negotiate_context_add

Every caller did a data_blob_const() right before calling
smb2_negotiate_context_add(). Avoid that.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Feb 25 21:07:22 CET 2019 on sn-devel-144

libsmb: Resolve special _recv handling in cli_ntcreate

cli_smb2_create_fnum_recv will gain output create blobs soon and thus
differ from the NT1 function.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

smbd: Align integer types

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

torture: Use GUID_zero()

10 lines less...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path.

Previous regression test ensures we still return the correct
error code for POSIX pathname operations.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Feb 25 09:33:27 CET 2019 on sn-devel-144

s3: torture: Add additional POSIX mkdir tests.

Ensure that if POSIX_foo exists as a file
we return the correct error code NT_STATUS_OBJECT_PATH_NOT_FOUND
if we try and traverse it as a directory.

Also ensure creation/deletion of POSIX_foo/foo fails
for directories and files with NT_STATUS_OBJECT_PATH_NOT_FOUND
if the directory POSIX_foo/ doesn't exist.

knownfail is back :-).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-cluster-mutex: Separate out command and file handling

This code is difficult to read and there really is no common code
between the 2 cases.  For example, there is no need to split a
filename into words.  Separating each of the 2 cases into its own
function makes the logic much easier to understand.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Feb 25 03:40:16 CET 2019 on sn-devel-144

ctdb-tests: Add a test for configuring the recovery lock as a command

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-tests: Add -R option for local daemons to use recovery lock command

Under the covers, a command is always used.  However, there is no way
of testing of the code path where a command is explicitly configured.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-tests: Force test failure if local daemon setup fails

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-recoverd: Time out attempt to take recovery lock after 120s

Currently this will wait forever.  It really needs a timeout in case
the cluster filesystem (or other lock mechanism) is completely wedged.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-recoverd: Ban node on unknown error when taking recovery lock

We really shouldn't see unknown errors.  They probably represent a
misconfigured recovery lock or similar.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-recoverd: Make recoverd context available in recovery lock handle

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-recoverd: Clean up logging on failure to take recovery lock

Add an explicit case for a timeout and clean up the other messages.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-recoverd: Free cluster mutex handler on failure to take lock

If nested events occur while the file descriptor handler is still
active then chaos can ensue.  For example, if a node is banned and the
lock is explicitly cancelled (e.g. due to election loss) then
double-talloc-free()s abound.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-config: Change example recovery lock setting to one that fails

ctdbd will start without a recovery lock configured.  It will log a
message saying that this is not optimal.  However, a careless user may
overlook both this message and the importance of setting a recovery
lock.  If the existing example configuration is uncommented then the
directory containing it will be created (by 01.reclock.script) and the
failure (i.e. multiple nodes able to take the lock) will be confusing.

Instead, change the example setting to one that will result in banned
nodes, encouraging users to consciously configure (or deconfigure) the
recovery lock.  Tweak the corresponding comment.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13790

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths.

For posix_pathnames don't blunder into the name_has_wildcard OR
get_real_filename() codepaths as they may be doing case insensitive lookups.
So when creating a new POSIX directory 'Foo' they might
match on name 'foo'.

Remove POSIX-MKDIR from knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Feb 24 14:04:14 CET 2019 on sn-devel-144

smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for UCF_UNIX_NAME_LOOKUP flag.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug.

Test does:

mkdir POSIX_foo
mkdir POSIX_Foo
mkdir POSIX_foo/Foo
mkdir POSIX_foo/foo
mkdir POSIX_Foo/Foo
mkdir POSIX_Foo/foo

Which should pass a SMB1 POSIX extensions server
as posix mkdir should always be case sensitive
no matter what the share is set to.

Mark as knownfail for now.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

winbindd: set idmap cache entries as the last step in async wb_xids2sids

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Feb 23 09:23:22 CET 2019 on sn-devel-144

winbindd: track whether a result from xid2sid was coming from the cache

This is needed in preparation of moving the step to update the idmap
cache from the per-idmap-domain callback wb_xids2sids_dom_done() to the
top-level callback wb_xids2sids_done().

Currently the sequence of action is:

* check cache, if not found:
  * ask backends
  * cache result from backend
* return results

Iow, if we got something from the cache, we don't write the cache.

The next commit defers updating the cache to the top-level callback, so
the sequence becomes

* check cache, if not found:
  * ask backends
* cache results
* return results

This has two problems:

* it needlessly writes to the cache what we just got from it

* it possibly overwrites the ID_TYPE_BOTH for a SID-to-xid mapping in
  the following case:

  - existing ID_TYPE_BOTH mapping in the cache, eg:

    IDMAP/SID2XID/S-1-5-21-2180672342-2513613279-2566592647-512 -> Value: 3000000:B

  - someone calls wb_xids2sids_send() with xid.id=3000000,xid.type=ID_TYPE_GID

  - cache lookup with idmap_cache_find_gid2sid() succeeds

  - when caching results we'd call idmap_cache_set_sid2unixid() with the
    callers xid.type=ID_TYPE_GID, so idmap_cache_set_sid2unixid() will
    overwrite the SID-to-xid mapping with ID_TYPE_GID

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

winbindd: switch send-next/done order

In preparation of adding more logic to the done step. No change in
behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

winbindd: update xid in wb_xids2sids_state->xids with what we got

In preparation of priming the idmap cache in the top-level
wb_xids2sids_done(), not in the per-idmap-domain callback
wb_xids2sids_dom_done().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

winbindd: convert id to a pointer in wb_xids2sids_dom_done()

No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

winbindd: make xids a const argument to wb_xids2sids_send()

The previous commit made an internal copy of xids, this commit makes it
more obvious that we must not mess with the xids argument but treat it as
an in-parameter and don't write to it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

winbindd: make a copy of xid's in wb_xids2sids_send()

This is in preparation of setting the result of the mapping in the top-
level callback wb_xids2sids_done(), not in the per-idmap-domain callback
wb_xids2sids_dom_done().

When caching the mapping we need the id-type from the backend, so we
need a way to pass up that information from wb_xids2sids_dom_done() up
to wb_xids2sids_done()

The xids array copy gets passed from wb_xids2sids_send() to
wb_xids2sids_dom_send(), so wb_xids2sids_dom_done() can then directly
update the top-level copy.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3:winbindd: Remove unused arcfour.h from PAM handling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 22 23:16:40 CET 2019 on sn-devel-144

s3:rpc_server: Remove unused arcfour.h from netlogon

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:auth: Remove unused arcfour.h from auth_util.c

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:auth: Remove unused arcfour.h header from server_info.c

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:dns_crypto: Remove unused include of hmac_md5.h

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Fix a resource leak in cli_posix_mkdir

smbd does posix_mkdir if the wire flags are exactly

if (wire_open_mode == (SMB_O_CREAT|SMB_O_DIRECTORY))

open_flags_to_wire however adds a SMB_O_RDONLY, so that we enter the
normal open routine which happens to create a directory as well. The
main difference is that posix_mkdir does *NOT* return an open
handle. As we did not enter this code path due to the SMB_O_RDONLY we
leak a SMB1 fd per cli_posix_mkdir call.

Pretty hard to test automatically, this would be an interaction with
smbstatus.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Pull up wire_flags calculation from open_internal

This avoids passing down a boolean

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Convert cli_posix_open to normal tevent_req pattern

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

set caller allocation units in statvfs f_bavail

Signed-off-by: Mark Niggemann <mark.niggemann@ge.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Fri Feb 22 15:04:55 CET 2019 on sn-devel-144

notifyd: Fix SIGBUS on sparc

Problem is the structure "struct notify_instance" can lay in message buffer on
address not dividable by 8 but this structure begins by uint_64 (secs in
time-stamp). Structure should be re-packed to standalone buffer before the use.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13704
Signed-off-by: jiri.sasek@oracle.com
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Fri Feb 22 12:30:11 CET 2019 on sn-devel-144

ctdb-tests: Add test for ctdb_io.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13791

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Feb 22 03:51:37 CET 2019 on sn-devel-144

ctdb: buffer write beyond limits

In order to calculate the number of bytes correctly which
are to be read into the buffer, the buffer.offset must be taken
into account.

This patch fixes a regression introduced by 382705f495dd.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13791

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

selftest: Confirm new and old SDDL strings differ after a samba-tool dsacl set

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 21 05:37:31 CET 2019 on sn-devel-144

selftest: Add test for samba-tool dsacl get, cross-checked with samba-tool dsacl set

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

samba-tool dsacl: Mark old and new descriptor output correctly

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Add command "samba-tool dsacl get" This code is very equal to "samba-tool dsacl set", except it only prints out the current sddl of an object.

Signed-off-by: Martin Krämer <mk.maddin@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Update dsacl.py - add_ace to handle/verify sddl parameter correct

Test for samba-tool dsacl set --sddl parmeter

Update tests.py - add dsacl (dsacl.py / samba-tool dsacl set) test

Signed-off-by: <Martin Krämer mk.maddin@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

bootstrap/README.md: add README.md

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

bootstrap/dists: add rendered files for dists

Add these into repo, then we can link it to samba wiki,
for people to get a latest and precise pkg list

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

bootstrap/docker.py: add cli to build/tag/push docker images

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

bootstrap/template.py: add cli to render templates

- bootstrap for each dist
- Dockerfile for each dist
- Vagrantfile all in one

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

bootstrap/config.py: define package lists and templates

Define default pkg list, and allow to override for each dist.
Also define bootstrap/Dockerfile/Vagrantfile templates.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest/tests: add smoketests for dbcheck --quick-membership-checks

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest/tests: add helper method to simplify plantestsuite

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

dbcheck: skip reverse member link checks when cli option specified

currently dbcheck cmd tooks about 1 day to finish on a 100k user database.
We can skip member reverse link checks to speed it up dramatically.
A new cli option is added to enable the skipping.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4/param: Fix provision_get_schema leaking python object

provision_get_schema returns a ldb_context object which is stored
in a python object. As a result the parent python object is never
decrefed and probably not released ever.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

vfs_ceph: refactor if-error-return-else logic

vfs_ceph has quite a few occurrences of:
if (result < 0) {
WRAP_RETURN(result); /* calls return */
} else {
...
}

This change drops the superfluous else {} encapsulation and also removes
duplication of ceph statx debug messages.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Feb 20 13:56:09 CET 2019 on sn-devel-144

vfs_glusterfs: check for VFS_ADD_FSP_EXTENSION() failure

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

WHATSNEW: winbind authentication logging

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb 20 07:43:10 CET 2019 on sn-devel-144

winbind: Log PAM and NTLM authentications.

Generate JSON authentication messages for winbind PAM_AUTH and
PAM_AUTH_CRAP requests.  The logon_id in these messages can be used to
link them to the SamLogon messages.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

winbind: Generate and pass logon ID

Generate a random logon_id and pass it in the SamLogon calls.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

kdc hdb: Generate and pass logon ID

Generate and pass the logon_id in SamLogon calls

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>