Stefan Metzmacher [Tue, 26 Aug 2014 07:24:19 +0000 (09:24 +0200)]
SQ ... Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 15 Aug 2014 03:00:25 +0000 (15:00 +1200)]
TODO REVIEW auth: Split out fetching trusted domain into sam_get_results_trust()
This new helper function will also be used by pdb_samba_dsdb.
Change-Id: I008af94a0822012c211cfcc6108a8b1285f4d7c7
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
TODO Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 14 Aug 2014 02:47:38 +0000 (14:47 +1200)]
TODO??? : provision: Only create hard links for ForestDnsZones if it exists on this DC
We might be a subdomain, and not host this partition.
Andrew Bartlett
Change-Id: I9aa32c5692cd9fd0a6bced8bea37cd8593b31906
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
TODO: Reviewed-by: Stefan Metzmacher <metze@samba.org>
TODO:
- del partfile[domainzonedn]
- del partfile[forestzonedn]
+ del domainzone_file
+ if forestzone_file:
+ del forestzone_file
Is the following:
del partfile[domainzonedn]
really the same as:
domainzone_file = partfile[domainzonedn]
del domainzone_file
???
Andrew Bartlett [Mon, 11 Aug 2014 05:30:51 +0000 (17:30 +1200)]
selftest: Improve connection between primary domain and subdomain for krb5
Two things help here: The join is done on the lower case name, so we
can match it in the krb5.conf, and we share the krb5.conf between the
"dc" environment and the "subdom_dc" environment. Between these two
measures, this means we can get tickets using the domain trust.
If we used cwrap for DNS queries and we had our internal DNS set up correctly,
we could avoid this (because that is not case sensitive),
but otherwise we need to get SUB.samba.example.org into the krb5.conf,
and this is harder to do an a generic way.
Andrew Bartlett
Change-Id: If378915112728aaf47aa68ce0b071a7e09d756ad
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Mon, 11 Aug 2014 03:53:44 +0000 (15:53 +1200)]
dsdb: Make log message more clear
Change-Id: Ibf3c55748e755d2f6dae57293bfde11cdf7ba3ae
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Mon, 11 Aug 2014 01:36:09 +0000 (13:36 +1200)]
selftest: Set admin password on subdom_dc environment
Change-Id: Ib9edae20004ea6f5a500efcfcd7bbd9fc8015c25
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Sun, 10 Aug 2014 23:47:54 +0000 (11:47 +1200)]
winbindd: Do not segfault if the trusted domain has no SID
Currently we abort, as skipping the domain would make the loop much more complex for a situation not yet seen in the real world.
Andrew Bartlett
Change-Id: Ie1e269eb25047d662d8fd0f771ee20de1d48706b
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Sun, 10 Aug 2014 23:46:51 +0000 (11:46 +1200)]
join.py: Ensure we set the SID of the parent domain on the trust record
Change-Id: Ifaf3f2d1240d983a48ee1874fdc9c266354f6754
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Sun, 10 Aug 2014 23:23:57 +0000 (11:23 +1200)]
TODO REVIEW python: Use the security.dom_sid type for ctx.domsid in join.py and provision
Change-Id: I1266f77184d68aae6a39a73bac8a432fdd707b2e
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
TODO: Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Fri, 8 Aug 2014 07:26:46 +0000 (19:26 +1200)]
dsdb: Permit creation of partitions of type INSTANCE_TYPE_UNINSTANT
This is only allowed when we are creating the objects from a DsAddEntry call, not over LDAP.
Change-Id: Ieec6b07556d58741ec04fede8bf9940811f12a62
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Fri, 8 Aug 2014 06:43:47 +0000 (18:43 +1200)]
TODO REVIEW provision: Use names.domainsid and names.domainguid
This is better than passing around parameters to functions all over
the provision stack and makes it easier to pass in a seperate forest
SID when we start to support subdomains.
Change-Id: I3787f4f3433ca04628f888135c7c0c8195379542
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
TODO Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Wed, 16 Oct 2013 02:36:46 +0000 (15:36 +1300)]
s4-gensec: Fix spelling in debug message
Change-Id: Ia0218c4b1f714d1b829ab0ce5851a4d02a1bf5df
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Wed, 16 Oct 2013 01:43:39 +0000 (14:43 +1300)]
provision: Only calculate ForestDNSZone GUID if we need it
Change-Id: Ie33812627ce7ececda681c2d784b1ca97b1b73c4
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Wed, 16 Oct 2013 01:34:43 +0000 (14:34 +1300)]
TODO REVIEW join.py: Reinstate full_nc_list and make creation of NTDS-DSA object common
The new function join_ntdsdsa_obj() returns the object, to be added over LDAP or DsAddEntry().
Andrew Bartlett
Change-Id: I41ac256fb3d4edffc617af4ae580acd941b4de83
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
TODO Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Mon, 9 Sep 2013 05:14:45 +0000 (17:14 +1200)]
selftest: Pass DC_REALM to the subdom_dc environment
This allows 'samba-tool drs kcc' to be run during the environment setup.
Andrew Bartlett
Change-Id: I5d25470f1530b28be0a9413d13c48442fabb1a84
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Fri, 6 Sep 2013 03:48:29 +0000 (15:48 +1200)]
dsdb: Change acl module to look for instanceType flag rather than list of NCs
This avoids any DNs being a free pass beyond the ACL code, instead it is based on the CN=Partitions ACL.
Andrew Bartlett
Change-Id: Ib2f4abe0165e47fa4a71925d126c2eeec68df119
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 31 Jul 2014 07:30:16 +0000 (09:30 +0200)]
s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() before add/modify
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 30 Jul 2014 18:12:08 +0000 (20:12 +0200)]
s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() before removing records
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 30 Jul 2014 16:51:39 +0000 (18:51 +0200)]
TODO/REVIEW s4:dlz_bind9: let dlz_bind9 use dns_common_replace()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
TODO: Reviewed-by: Andrew Bartlett <abartlet@samba.org>
FIXED/readded in dlz_subrdataset():
if (i == num_recs) {
talloc_free(rec);
return ISC_R_NOTFOUND;
}
Stefan Metzmacher [Wed, 30 Jul 2014 15:59:08 +0000 (17:59 +0200)]
TODO/REVIEW: s4:dlz_bind9: let dlz_bind9 use dns_common_extract()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
TODO: Reviewed-by: Andrew Bartlett <abartlet@samba.org>
FIXED: i vs. j
+ for (j=0; j < num_recs; j++) {
+ isc_result_t result;
- result = b9_putnamedrr(state, allnodes, name, &rec);
+ result = b9_putnamedrr(state, allnodes, name, &recs[i]);
=>
+ result = b9_putnamedrr(state, allnodes, name, &recs[j]);
Stefan Metzmacher [Wed, 30 Jul 2014 06:40:32 +0000 (08:40 +0200)]
s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() for name lookup
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 26 Aug 2014 10:04:59 +0000 (12:04 +0200)]
TODO/REVIEW torture-dns: Add test for dlz_bind9 updates
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 26 Aug 2014 08:34:17 +0000 (10:34 +0200)]
TODO/REVIEW torture-dns: Add test for dlz_bind9 zonedumps
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 25 Aug 2014 22:24:27 +0000 (10:24 +1200)]
TODO SIGN-OFF torture-dns: Add test for dlz_bind9 lookups
Change-Id: I3b9d1b56e3aa873fb8540b98e196b713b82332ca
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
TODO Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 26 Aug 2014 11:48:21 +0000 (13:48 +0200)]
TODO/REVIEW s4:torture:dlz_bind9: fix spnego tests
The dlz_bind9 module uses the special dns-${NETBIOSNAME} account.
Also the dlz_ssumatch() function returns isc_boolean_t instead
of isc_result_t. As ISC_R_SUCCESS and ISC_FALSE have the same value
we didn't notice this problem.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 28 Apr 2014 16:54:13 +0000 (18:54 +0200)]
s4:setup/dns_update_list: make use of the new substitution variables
This let us register the same names as Windows Servers.
We only exception are the NS records. In future we could add them
by using something like this:
samba-tool dns add ${HOSTNAME} ${DNSDOMAIN} @ NS ${HOSTNAME}
samba-tool dns add ${HOSTNAME} _msdcs.${DNSFOREST} @ NS ${HOSTNAME}
samba-tool dns add ${HOSTNAME} ${DNSFOREST} _msdcs NS ${HOSTNAME}
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 28 Apr 2014 15:33:50 +0000 (17:33 +0200)]
s4:samba_dnsupdate: provide more substitution variables e.g. IF_RODC
This will make the dns_update_list more flexible.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 7 Jul 2014 22:05:03 +0000 (00:05 +0200)]
s4:samba_dnsupdate: don't try to be smart when verifying NS records
We can't rely on the DNS delegation to be correct in the parent domain.
What we really want is to check if we already have registered ourself
as a NS record in our own domain.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 28 Apr 2014 06:29:40 +0000 (08:29 +0200)]
s4:samba_dnsupdate: cache the already registered records
This way we can delete records which are not used anymore.
E.g. if the ip address changed.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 28 Apr 2014 06:27:26 +0000 (08:27 +0200)]
s4:samba_dnsupdate: fix dnsobj.__str__()
We should not implicitly use the global variable 'd'.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 28 Apr 2014 15:26:51 +0000 (17:26 +0200)]
s4:samba_dnsupdate: don't lower case the registered names
This matches Windows...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 19 Aug 2014 08:33:11 +0000 (10:33 +0200)]
python/join: use lowercase for the dnshostname.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 19 Jun 2014 15:21:16 +0000 (17:21 +0200)]
selftest/Samba3: also bind to ipv6
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 19 Jun 2014 15:21:16 +0000 (17:21 +0200)]
selftest/Samba4: also bind to ipv6
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 19 Jun 2014 15:21:16 +0000 (17:21 +0200)]
selftest: export _IPV6 environment variables
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 10 Jul 2014 05:25:08 +0000 (07:25 +0200)]
libcli/dns: ignore NS entries in dns_hosts_file.c at a higher log level for now
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 10 Jul 2014 05:25:08 +0000 (07:25 +0200)]
libcli/dns: add AAAA support to dns_hosts_file.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 30 Jul 2014 15:57:13 +0000 (17:57 +0200)]
s4:dlz_bind9: do an early talloc_free(el_ctx) in dlz_allnodes()
We don't have to keep everything arround while walking the whole zone.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 27 Feb 2014 08:59:51 +0000 (09:59 +0100)]
s4:dlz_bind9: avoid some compiler warnings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 31 Jul 2014 07:35:26 +0000 (09:35 +0200)]
s4:dns_server: handle tombstones in handle_one_update()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 31 Jul 2014 08:44:41 +0000 (10:44 +0200)]
s4:dns_server: add DNS_TYPE_TOMBSTONE support to dns_common_replace()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 31 Jul 2014 06:54:17 +0000 (08:54 +0200)]
s4:dns_server: make sure dns_common_lookup() doesn't return tombstones
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 31 Jul 2014 07:32:00 +0000 (09:32 +0200)]
s4:dns_server: use .wType = DNS_TYPE_TOMBSTONE instead of ZERO_STRUCT()
The result is the same, but it is clearer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 30 Jul 2014 16:27:56 +0000 (18:27 +0200)]
s4:dns_server: split out dns_common_replace()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 31 Jul 2014 09:32:02 +0000 (11:32 +0200)]
s4:dns_server: remove const from dns_replace_records()
All callers are find we the record array gets modified.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 30 Jul 2014 06:24:10 +0000 (08:24 +0200)]
s4:dns_server: split out dns_common_extract() and dns_common_lookup()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 30 Jul 2014 06:01:11 +0000 (08:01 +0200)]
s4:dns_server: split out a private 'dnsserver_common' library
This will contain common code for the internal dns server, the dlz_bind9 module
and the rpc dns management server.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 31 Jul 2014 06:19:50 +0000 (08:19 +0200)]
s4:dns_server: map LDB_ERR_NO_SUCH_OBJECT to WERR_DNS_ERROR_NAME_DOES_NOT_EXIST
This is the correct fix for commit
8b24c43b382740106474e26dec59e1419ba77306
and Bug: https://bugzilla.samba.org/show_bug.cgi?id=9559
With this change we have a consistent behavior between internal server
and the bind dlz module. We keep a dangling LDAP object without
dnsRecord attribute arround forever. This will be fixed in the following
commits.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 30 Jul 2014 15:55:57 +0000 (17:55 +0200)]
s4:dns_server: handle WERR_DNS_ERROR_NAME_DOES_NOT_EXIST in werr_to_dns_err()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Tue, 19 Aug 2014 14:32:15 +0000 (14:32 +0000)]
smbd: Properly initialize mangle_hash
[Bug 10782] mangle_hash() can fail to initialize charset (smbd crash).
https://bugzilla.samba.org/show_bug.cgi?id=10782
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 26 01:30:38 CEST 2014 on sn-devel-104
Arvid Requate [Thu, 17 Jan 2013 15:44:28 +0000 (16:44 +0100)]
passdb: fix NT_STATUS_NO_SUCH_GROUP
Share options like "force group" and "valid users = @group1"
triggered a NT_STATUS_NO_SUCH_GROUP. While the group was found in
the SAM backend, its objectclass was not retrived.
This fix also revealed a talloc access after free in the group
branch of pdb_samba_dsdb_getgrfilter.
[Bug 9570] Access failure for shares with "force group" or "valid users = @group"
https://bugzilla.samba.org/show_bug.cgi?id=9570
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Roel van Meer [Fri, 22 Aug 2014 13:11:04 +0000 (15:11 +0200)]
Don't discard result of checking grouptype
The pdb_samba_dsdb_getgrfilter() function first determines the security type
of a group and sets map->sid_name_use accordingly. A little later, this
variable is set again, undoing the previous work.
https://bugzilla.samba.org/show_bug.cgi?id=10777
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 23 02:48:52 CEST 2014 on sn-devel-104
Volker Lendecke [Thu, 21 Aug 2014 18:41:49 +0000 (18:41 +0000)]
messaging3: Avoid messaging_is_self_send
This was a bad API, and it was used in a buggy way: In
messaging_dispatch_rec we always did the defer, we referenced the
destination pid, not the source. In messaging_send_iov this is the right
thing to do to reference the destination, but when we have arrived in
messaging_dispatch_rec we should compare source and destination.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 21 Aug 2014 18:36:33 +0000 (18:36 +0000)]
lib: Introduce server_id_same_process()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 21 Aug 2014 19:55:06 +0000 (19:55 +0000)]
pthreadpool: Slightly serialize jobs
Using the new msg_source program with 1.500 instances against a single
msg_sink I found the msg_source process to spawn two worker threads for
synchronously sending the data towards the receiving socket. This should
not happen: Per destination node we only create one queue. We strictly
only add pthreadpool jobs one after the other, so a single helper thread
should be perfectly sufficient.
It turned out that under heavy overload the main sending thread was
scheduled before the thread that just had finished its send() job. So
the helper thread was not able to increment the pool->num_idle variable
indicating that we don't have to create a new thread when the new job
is added.
This patch moves the signalling write under the mutex. This means that
indicating readiness via the pipe and the pool->num_idle variable happen both
under the same mutex lock and thus are atomic. No superfluous threads anymore.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 21 Aug 2014 14:32:07 +0000 (14:32 +0000)]
messaging3: Add msg_sink/source -- perftest
With this pair of programs I did some performance tests of the messaging
system. Guess what -- I found two bugs :-)
See the subsequent patches.
With 1500 msg_source processes I can generate message overload: A
Intel(R) Xeon(R) CPU L5640 @ 2.27GHz
can receive roughly 100k messages per second. When using
messaging_read_send/recv user/system time is roughly even, a bit more
work done in user space. When using messaging_register, due to less
malloc activity, user space chews a lot less.
By the way: 1.500 helper threads in a blocking sendto() against a single
datagram socket reading as fast as it can (with epoll_wait in between)
only drove the loadavg to 12 on a 24-core machine. So I guess unix domain
datagram sockets are pretty well protected against overload. No thundering
herd or so. Interestingly "top" showed msg_sink at less than 90% CPU,
although it was clearly the bottleneck. But that must be a "top" artifact.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 6 Aug 2014 14:54:43 +0000 (16:54 +0200)]
selftest/Samba4: avoid warnings about 'path' not specified on 'ntvfs handler = cifs' shares
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 20 Aug 2014 09:53:28 +0000 (09:53 +0000)]
torture: Fix cleanup2 to utilize on-demand cleanup
Now we check the cleanup when conflicts happen, not when we first open
the file. This means we don't have to re-open the connection to make
cleanup happen.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 20 Aug 2014 09:52:39 +0000 (09:52 +0000)]
torture: Run the cleanup2 test against 2 nodes
This enables testing the brlock cleanup across ctdb
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 20 Aug 2014 09:07:14 +0000 (09:07 +0000)]
brlock: Remove validate_lock_entries
This is now only called during brl_forall. It does not really hurt if we list
dead processes here. If the upper layers really care, they can filter it out
themselves. The real lock conflicts are not removed on-demand.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 19 Aug 2014 12:36:55 +0000 (12:36 +0000)]
brlock: Do auto-cleanup at conflict time
This avoids the need to do sweeping validate_lock_entries calls
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 21 Aug 2014 23:28:42 +0000 (16:28 -0700)]
s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common().
Tidy-up of code obsoleted by fixes for bug #10773 (SECINFO_PROTECTED_DACL is not ignored).
We now never pass SECINFO_PROTECTED_DACL in security_information flags to this layer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 22 11:26:57 CEST 2014 on sn-devel-104
Volker Lendecke [Sat, 2 Aug 2014 11:26:44 +0000 (13:26 +0200)]
messaging_dgm: Factor out messaging_dgm_lockfile_name
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 22 05:20:43 CEST 2014 on sn-devel-104
Volker Lendecke [Sat, 2 Aug 2014 11:57:43 +0000 (13:57 +0200)]
messaging_dgm: Use %ju to fill lockfile
... much nicer than PRIu64
Also, append a \n. Makes it better readable when looking at the lockfile
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 20 Aug 2014 13:00:59 +0000 (15:00 +0200)]
libcli/security: add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 22 02:52:50 CEST 2014 on sn-devel-104
Stefan Metzmacher [Wed, 20 Aug 2014 11:58:38 +0000 (13:58 +0200)]
s3:smbd: mask security_information input values with SMB_SUPPORTED_SECINFO_FLAGS
Sometimes Windows clients doesn't filter SECINFO_[UN]PROTECTED_[D|S]ACL flags
before sending the security_information to the server.
security_information = SECINFO_PROTECTED_DACL| SECINFO_DACL
results in a NULL dacl being returned from an GetSecurityDecriptor
request. This happens because posix_get_nt_acl_common()
has the following logic:
if ((security_info & SECINFO_DACL) && !(security_info & SECINFO_PROTECTED_DACL)) {
... create DACL ...
}
I'm not sure if the logic is correct or wrong in this place (I guess it's
wrong...).
But what I know is that the SMB server should filter the given
security_information flags before passing to the filesystem.
[MS-SMB2] 3.3.5.20.3 Handling SMB2_0_INFO_SECURITY
...
The server MUST ignore any flag value in the AdditionalInformation field that
is not specified in section 2.2.37.
Section 2.2.37 lists:
OWNER_SECURITY_INFORMATION
GROUP_SECURITY_INFORMATION
DACL_SECURITY_INFORMATION
SACL_SECURITY_INFORMATION
LABEL_SECURITY_INFORMATION
ATTRIBUTE_SECURITY_INFORMATION
SCOPE_SECURITY_INFORMATION
BACKUP_SECURITY_INFORMATION
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 20 Aug 2014 11:43:13 +0000 (13:43 +0200)]
security.idl: add SMB_SUPPORTED_SECINFO_FLAGS
A SMB server should only care about specific SECINFO flags
and ignore others e.g. SECINFO_PROTECTED_DACL.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ross Lagerwall [Thu, 21 Aug 2014 06:32:36 +0000 (07:32 +0100)]
s3:libsmb: Set a max charge for SMB2 connections
Set a max charge for SMB2 connections so that larger request sizes can
be used and more requests can be in flight.
Signed-off-by: Ross Lagerwall <rosslagerwall@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 21 17:31:11 CEST 2014 on sn-devel-104
Volker Lendecke [Mon, 18 Aug 2014 08:24:35 +0000 (08:24 +0000)]
smbcontrol: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <Ira@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Aug 21 14:58:37 CEST 2014 on sn-devel-104
Volker Lendecke [Mon, 18 Aug 2014 11:59:00 +0000 (11:59 +0000)]
smbd: Only DEBUG errors from messaging_cleanup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ronnie sahlberg <ronniesahlberg@gmail.com>
Volker Lendecke [Mon, 18 Aug 2014 11:58:05 +0000 (11:58 +0000)]
messaging3: Don't print a message if there's nothing to clean up
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ronnie sahlberg <ronniesahlberg@gmail.com>
Volker Lendecke [Tue, 19 Aug 2014 09:20:49 +0000 (09:20 +0000)]
lib: Check socket length in ctdbd_connect
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ronnie sahlberg <ronniesahlberg@gmail.com>
Amitay Isaacs [Wed, 30 Jul 2014 09:57:42 +0000 (19:57 +1000)]
s4-rpc: dnsserver: Do not return NS_GLUE records with VIEW_GLUE_DATA filter
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10751
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug 21 11:36:55 CEST 2014 on sn-devel-104
Amitay Isaacs [Wed, 30 Jul 2014 08:53:44 +0000 (18:53 +1000)]
s4-rpc: dnsserver: Correctly set rank for glue NS records
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10751
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Amitay Isaacs [Thu, 21 Aug 2014 04:47:23 +0000 (14:47 +1000)]
ctdb-build: Add missing dependency on popt
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Amitay Isaacs [Thu, 21 Aug 2014 04:46:54 +0000 (14:46 +1000)]
ctdb-build: Remove unnecessary third_party symlink
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Amitay Isaacs [Thu, 21 Aug 2014 04:34:03 +0000 (14:34 +1000)]
ldb: Fix check for third_party
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Amitay Isaacs [Thu, 21 Aug 2014 04:33:42 +0000 (14:33 +1000)]
wafsamba: Correctly locate the 'third_party' directory
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Martin Schwenke [Mon, 4 Aug 2014 04:52:00 +0000 (14:52 +1000)]
ctdb-build: Avoid unused variable warning in output from rpcgen
default/ctdb/utils/smnotify/gen_xdr.c: In function ‘xdr_status’:
default/ctdb/utils/smnotify/gen_xdr.c:11:20: warning: unused variable ‘buf’ [-Wunused-variable]
register int32_t *buf;
^
When generating the code, change it to assign the variable to itself.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Aug 21 07:11:02 CEST 2014 on sn-devel-104
Martin Schwenke [Mon, 4 Aug 2014 04:50:17 +0000 (14:50 +1000)]
ctdb-daemon: Fix some strict-aliasing warnings
Seeing these with -Wall:
../server/ctdb_call.c:1117:3: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
record_flags = *(uint32_t *)&c->data[c->keylen + c->datalen];
^
memcpy() seems to be the easiest way to get fix these. The
alternative would be to use unmarshalling functions.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 30 Jul 2014 11:10:01 +0000 (21:10 +1000)]
ctdb-util: Fix warning about ignored result from system()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 30 Jul 2014 11:03:53 +0000 (21:03 +1000)]
ctdb: Use sys_read() and sys_write() to ensure correct signal interaction
... and avoid compiler warnings in some cases.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 30 Jul 2014 10:50:59 +0000 (20:50 +1000)]
ctdb-common: Copy functions sys_read() and sys_write() from source3
We really should extricate these from source3 and into some common
code. However, just copy them for now to help get rid of a lot of
warnings.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 20 Aug 2014 23:26:39 +0000 (09:26 +1000)]
ctdb-tools: Be more helpful when CTDB CLI tool is run on unconfigured node
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 8 Aug 2014 00:43:44 +0000 (10:43 +1000)]
ctdb-tools: Factor out new function find_node_xpnn() from control_xpnn()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 31 Jul 2014 01:03:59 +0000 (11:03 +1000)]
replace: Remove unused item returned by FAILED()
The (return) value of FAILED() is a constant 1. However, it is never
used, so the compiler complains when run with -Wall:
lib/replace/test/os2_delete.c: In function ‘cleanup’:
lib/replace/test/os2_delete.c:39:163: warning: right-hand operand of comma expression has no effect [-Wunused-value]
FAILED("system");
So just get remove the ", 1" since it is the bit that does nothing and
is never used.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Aug 20 16:54:31 CEST 2014 on sn-devel-104
Ralph Boehme [Fri, 11 Jul 2014 10:58:37 +0000 (12:58 +0200)]
s4:torture:vfs_fruit: add tests for resource fork IO
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Aug 18 20:08:32 CEST 2014 on sn-devel-104
Ralph Boehme [Thu, 10 Jul 2014 14:40:28 +0000 (16:40 +0200)]
s4:torture:vfs_fruit: add test writing Netatalk metadata
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Tue, 8 Jul 2014 03:50:09 +0000 (05:50 +0200)]
s4:torture:vfs_fruit: add test reading Netatalk metadata
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Tue, 8 Jul 2014 03:47:02 +0000 (05:47 +0200)]
s4:torture: add boilerplate code for vfs_fruit
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Tue, 8 Jul 2014 03:39:49 +0000 (05:39 +0200)]
s4:torture: add wrapper functions
Add wrapper functions that connect two trees with sharenames taken
from passed option.
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Tue, 8 Jul 2014 03:36:46 +0000 (05:36 +0200)]
s4:torture: add boilerplate code for testing specific VFS modules
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Fri, 27 Jun 2014 23:09:58 +0000 (01:09 +0200)]
s4:torture:smb2: add utility function torture_smb2_con_sopt()
Add a utility function that takes an option name as parameter and then
uses the value of the option 'torture:NAME' as share name in a tree
connect.
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Mon, 23 Jun 2014 15:01:30 +0000 (17:01 +0200)]
vfs_fruit: add manpage
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Mon, 23 Jun 2014 14:59:45 +0000 (16:59 +0200)]
New VFS module vfs_fruit
This module provides enhanced compatibility with Apple SMB clients and
interoperability with a Netatalk 3 AFP fileserver.
The module intercepts the OS X special streams "AFP_AfpInfo" and
"AFP_Resource" and handles them in a special way. All other named
streams are deferred to vfs_streams_xattr.
The OS X client maps all NTFS illegal characters to the Unicode
private range. This module optionally stores the charcters using their
native ASCII encoding.
Open modes are optionally checked against Netatalk AFP share modes.
The "AFP_AfpInfo" named stream is a binary blob containing OS X
extended metadata for files and directories. This module optionally
reads and stores this metadata in a way compatible with Netatalk 3
which stores the metadata in an EA "org.netatalk.metadata". Cf
source3/include/MacExtensions.h for a description of the binary blobs
content.
The "AFP_Resource" named stream may be arbitrarily large, thus it
can't be stored in an EA on most filesystem. ZFS on Solaris is an
exception to the rule, because it there EAs can be of any size and EAs
are first-class filesystem objects that can be used with normal file
syscalls like open(), read(), write(), fcntl() asf. This module stores
the AFP_Resource stream in an AppleDouble file, prepending "._" to the
filename. On Solaris and ZFS the stream is optionally stored in an EA
"org.netatalk.ResourceFork".
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Thu, 10 Jul 2014 14:32:15 +0000 (16:32 +0200)]
Fix AFP_BackupTime byte order and use ISO C99 integer types
AFP_BackupTime value must be 0x80000000 and all existing defines use
native byte order, not byte swapped.
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Mon, 18 Aug 2014 13:10:15 +0000 (15:10 +0200)]
s4:torture: use torture_assert instead of torture_comment and return in defer_open test
The fix missed one instance, as autobuild has just told me...
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Aug 18 17:42:00 CEST 2014 on sn-devel-104
Michael Adam [Mon, 18 Aug 2014 09:42:27 +0000 (11:42 +0200)]
build: fix configure to honour --without-dmapi
Previously, --without-dmapi would still autodetect and link a useable dmapi
library. This change allows to build without dmapi support even when a dmapi
library is found.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10369
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
David Disseldorp [Fri, 15 Aug 2014 12:47:49 +0000 (14:47 +0200)]
tdbtorture: print details when run with -n 1
Currently tdbtorture prints the test details (processes, loops, etc.)
from the first forked child process.
When run with -n 1 (one process), the test is run from within the
parent and no details are printed. This change ensures that they are.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Aug 18 13:26:32 CEST 2014 on sn-devel-104
Andrew Bartlett [Fri, 21 Feb 2014 02:24:24 +0000 (15:24 +1300)]
dsdb: Also redact the clearTextPassword input-only attribute
We go to a great deal of effort to avoid administrators posting their
passwords in Samba logs, and one of the ways we do that is to remove
them from internal ldif dumps Samba produces while operating as an AD
DC.
clearTextPassword is not a real attribute, but it functions as one for
an input path.
Change-Id: Iaacf3354fc9bfff18d6774f49b17a9ba962347d5
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Aug 16 01:05:07 CEST 2014 on sn-devel-104