Stefan Metzmacher [Thu, 29 Nov 2012 08:57:44 +0000 (09:57 +0100)]
s4:python/ntacl: change dsacl2fsacl() to match a windows client
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 30 Nov 2012 13:50:09 +0000 (14:50 +0100)]
TODO s3:smbcacls: also print the SACL if available
Stefan Metzmacher [Mon, 27 Jun 2016 19:55:47 +0000 (21:55 +0200)]
Revert "TODO breaks tests libcli/security: fix the CREATOR_OWNER order in calculate_inherited_from_parent()"
This reverts commit
80b127c13a0592f8f1569c1cf8f356f292971fd6.
Stefan Metzmacher [Fri, 30 Nov 2012 21:44:58 +0000 (22:44 +0100)]
TODO breaks tests libcli/security: fix the CREATOR_OWNER order in calculate_inherited_from_parent()
The inherited object/container specific CREATOR_OWNER ace should be inserted
before the generic CREATOR_OWNER ace.
This also matches the behavior of a Windows (2008R2) DC
for active directory SDs and also matches the logic for filesystem SDs,
see se_create_child_secdesc().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Sat, 15 Dec 2012 10:14:58 +0000 (11:14 +0100)]
DEBUG s4:torture/dssync: ...
Stefan Metzmacher [Thu, 17 Jan 2013 12:46:11 +0000 (13:46 +0100)]
Revert "TODO this could be wrong, but NULL also...? dsdb-acl: pass the object type to dsdb_module_check_access_on_dn()"
This reverts commit
9020205e512ae075bdfc6d436708e68cd452d5f1.
Stefan Metzmacher [Thu, 17 Jan 2013 12:45:30 +0000 (13:45 +0100)]
TODO this could be wrong, but NULL also...? dsdb-acl: pass the object type to dsdb_module_check_access_on_dn()
Stefan Metzmacher [Fri, 18 Jan 2013 07:56:22 +0000 (08:56 +0100)]
Revert "libcli/security: tree and replace sid are not optional to sec_access_check_ds()"
This reverts commit
34fefc3915ad4e94ba6afd8569e7c19ee13db781.
Stefan Metzmacher [Wed, 16 Jan 2013 09:07:45 +0000 (10:07 +0100)]
libcli/security: tree and replace sid are not optional to sec_access_check_ds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 23 Jan 2013 14:56:13 +0000 (15:56 +0100)]
HACK samba_upgradeprovision backtrace
Stefan Metzmacher [Thu, 14 Feb 2013 11:28:28 +0000 (12:28 +0100)]
Revert "TESTING ONLY: tevent: Force the poll backend"
This reverts commit
81485d356d19a97adb84d8db981c679a8afa3c54.
Volker Lendecke [Thu, 31 Jan 2013 13:35:57 +0000 (14:35 +0100)]
TESTING ONLY: tevent: Force the poll backend
Stefan Metzmacher [Mon, 27 Jun 2016 19:46:30 +0000 (21:46 +0200)]
Revert "TODO... s4:scripting/python: add support for utf-8 passwords from the command line"
This reverts commit
abf0e65752eadc6ff872bd58e504811302043598.
Stefan Metzmacher [Mon, 4 Feb 2013 10:41:39 +0000 (11:41 +0100)]
TODO... s4:scripting/python: add support for utf-8 passwords from the command line
Volker Lendecke [Wed, 6 Feb 2013 21:52:43 +0000 (22:52 +0100)]
start design for the allrecord_lock
Volker Lendecke [Fri, 11 Jan 2013 14:38:23 +0000 (15:38 +0100)]
dbwrap: Run with mutexes for non-persistent tdbs
Stefan Metzmacher [Fri, 15 Feb 2013 11:14:37 +0000 (12:14 +0100)]
Revert "HACK blackbox subunit print ok"
This reverts commit
3c8f2cda9ff4db117b9fba5006052d52f235dcaa.
Stefan Metzmacher [Thu, 14 Feb 2013 14:52:46 +0000 (15:52 +0100)]
HACK blackbox subunit print ok
TDB_NO_FSYNC=1 buildnice make -j test TESTS=LOCAL-WBCLIENT
...
less st/subunit
Stefan Metzmacher [Fri, 15 Feb 2013 11:13:45 +0000 (12:13 +0100)]
Revert "tevent zero..."
This reverts commit
0425ebb8848964f9c334d0b720ab470c75ba790f.
Stefan Metzmacher [Fri, 15 Feb 2013 08:18:50 +0000 (09:18 +0100)]
tevent zero...
Stefan Metzmacher [Sun, 17 Feb 2013 21:45:32 +0000 (22:45 +0100)]
s4:torture/smb2: test_notify_tcp_dis trigger idle event every 0.25s
This is 1000 times longer than before and is less likely to
change the timing behavior whe n running under valgrind.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Sun, 17 Feb 2013 21:43:49 +0000 (22:43 +0100)]
s4:torture/raw: test_notify_tcp_dis trigger idle event every 0.25s
This is 1000 times longer than before and is less likely to
change the timing behavior whe n running under valgrind.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Sun, 17 Feb 2013 21:41:00 +0000 (22:41 +0100)]
s4:libcli/smb2: don't schedule idle handlers on a dead connection
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Sun, 17 Feb 2013 21:39:40 +0000 (22:39 +0100)]
s4:libcli/raw: don't schedule idle handlers on a dead connection
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Wed, 13 Feb 2013 13:31:33 +0000 (14:31 +0100)]
Revert "TODO: s3:smb2:durable: get up-to-date stat in vfs_default_durable_disconnect"
This reverts commit
6796f09aa9de931f61aeb8065fe49fb3879b6c95.
Michael Adam [Tue, 12 Feb 2013 16:22:33 +0000 (17:22 +0100)]
TODO: s3:smb2:durable: get up-to-date stat in vfs_default_durable_disconnect
strangely, the st_ex_mode was masked down to the permissions for me
so S_ISREG() failed, and disconnect failed, and file was closed recgularly
Michael Adam [Tue, 12 Feb 2013 12:45:28 +0000 (13:45 +0100)]
TODO.net_serverid_wipedbs
Stefan Metzmacher [Sun, 17 Feb 2013 15:44:39 +0000 (16:44 +0100)]
Revert "HACK compile kqueue backend"
This reverts commit
35be41edea23c792a0f7cdd0b4acdd5ff65c6c84.
Stefan Metzmacher [Sun, 17 Feb 2013 14:35:34 +0000 (15:35 +0100)]
HACK compile kqueue backend
Stefan Metzmacher [Sun, 17 Feb 2013 14:03:03 +0000 (15:03 +0100)]
TODO/UNTESTED: tevent: add kqueue backend
Shyamsunder Rathi [Sun, 26 Jun 2016 23:26:53 +0000 (16:26 -0700)]
s3:utils/net: Add new option 'unregister' in 'net ads dns' command.
This new option allows DNS names to be unregistered and removes all
IP entries for a given name in the specified AD server.
Signed-off-by: Shyamsunder Rathi <shyam.rathi@nutanic.com>
Reviewed-by: Richard SHarpe <rsharpe@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Mon Jun 27 20:43:26 CEST 2016 on sn-devel-144
Stefan Metzmacher [Fri, 27 May 2016 14:52:00 +0000 (16:52 +0200)]
s4:dsdb/tests: add pwdLastSet tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun 27 08:52:48 CEST 2016 on sn-devel-144
Stefan Metzmacher [Wed, 1 Jun 2016 09:13:47 +0000 (11:13 +0200)]
s4:dsdb/samldb: pwdLastSet = -1 requires Unexpire-Password right
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 27 May 2016 14:54:40 +0000 (16:54 +0200)]
s4:dsdb/samldb: fix comment "lockoutTime" reset as per MS-SAMR 3.1.1.8.10
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 13:21:58 +0000 (15:21 +0200)]
s4:dsdb/password_hash: only allow pwdLastSet as "0" or "-1"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 24 May 2016 06:51:45 +0000 (08:51 +0200)]
s4:rpc_server/samr: only set pwdLastSet to "0" or "-1"
The password_hash module will take care of translating "-1"
to the current time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 11 Feb 2016 19:07:18 +0000 (20:07 +0100)]
s4:dsdb/password_hash: allow pwdLastSet only changes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 13:21:58 +0000 (15:21 +0200)]
s4:dsdb/password_hash: make it possible to specify pwdLastSet together with a password change
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 13:21:58 +0000 (15:21 +0200)]
s4:dsdb/password_hash: handle the DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET control
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 30 May 2016 15:12:51 +0000 (17:12 +0200)]
s4:dsdb/password_hash: make the DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET code path more robust
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 09:44:43 +0000 (11:44 +0200)]
s4:dsdb/password_hash: only set pwdLastSet if required
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 08:53:57 +0000 (10:53 +0200)]
s4:dsdb/password_hash: create a shallow copy of the client message for the final update
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 08:39:23 +0000 (10:39 +0200)]
s4:dsdb/password_hash: move ldb_msg_add_empty() calls to update_final_msg()
We should only replace attributes when we're asked to do so.
Currently that's always the case, but that will change soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 08:09:58 +0000 (10:09 +0200)]
s4:dsdb/password_hash: remember if we need to update the passwords and/or pwdLastSet
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 3 Jun 2016 14:20:39 +0000 (16:20 +0200)]
s4:dsdb/password_hash: call ndr_pull_supplementalCredentialsBlob in setup_io()
We should setup io->o.* (the old password attributes) completely in setup_io().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 07:43:57 +0000 (09:43 +0200)]
s4:dsdb/password_hash: move the check for old passwords into setup_io()
We get everything else of the existing object there too.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 07:39:07 +0000 (09:39 +0200)]
s4:dsdb/password_hash: leave the current value of pwdLastSet as 0 an add
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 25 May 2016 11:43:29 +0000 (13:43 +0200)]
s4:dsdb/password_hash: make the variable names in setup_io() more clear
We get the message from the client and (optional) the existing object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 07:25:37 +0000 (09:25 +0200)]
s4:dsdb/password_hash: split out a update_final_msg() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 06:16:07 +0000 (08:16 +0200)]
s4:dsdb/password_hash: split out a password_hash_needed() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 12 Feb 2016 12:56:26 +0000 (13:56 +0100)]
s4:dsdb/password_hash: use full NTTIME resolution for pwdLastSet
Windows does the same...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 25 May 2016 14:00:29 +0000 (16:00 +0200)]
s4:dsdb/common: add some const to helper functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 27 May 2016 14:53:48 +0000 (16:53 +0200)]
s4:samldb: pass down DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID with changed userAccountControl details
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 27 May 2016 14:52:54 +0000 (16:52 +0200)]
s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 11 Feb 2016 07:31:46 +0000 (08:31 +0100)]
s4:dsdb/samldb: add DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID when defaulting pwdLastSet=0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 11 Feb 2016 07:31:46 +0000 (08:31 +0100)]
s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID
This will be used to let the "password_hash" module know that
the value of pwdLastSet was defaulted to 0 in the "samldb" module
on add.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 11 Feb 2016 07:59:09 +0000 (08:59 +0100)]
s3:pdb_samba_dsdb: fix calucating of dsdb_flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 22:18:05 +0000 (00:18 +0200)]
s4:dsdb/tests: use more useful userAccountControl/pwdLastSet values in the urgent_replication test
Using UF_SMARDCARD_REQUIRED has some side effects, so we better use
UF_DONT_EXPIRE_PASSWD which doesn't trigger additional actions.
Setting pwdLastSet to "1" is not allowed, only "-1" is able to change
an existing value of "0".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 4 Feb 2016 16:44:05 +0000 (17:44 +0100)]
s4:selftest: run samba4.ldap.password_lockout.python only against ad_dc_ntvfs
This test runs over 4-5 mins.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 25 May 2016 15:28:38 +0000 (17:28 +0200)]
s4:dsdb/repl_meta_data: pass now to replmd_add_fix_la
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 25 May 2016 14:05:14 +0000 (16:05 +0200)]
s4:dsdb/tests: improve error message in test_new_user_default_attributes()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Jun 2016 13:08:43 +0000 (15:08 +0200)]
s4:dsdb/tests: let the user_account_control.py test recover from a previous failure
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Jun 2016 13:08:43 +0000 (15:08 +0200)]
s4:dsdb/tests: use GENSEC_SEAL for ldap connections in sam.py
This allows the tests to pass against a fully patched Windows Server.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Jun 2016 13:08:43 +0000 (15:08 +0200)]
s4:dsdb/tests: use ncacn_ip_tcp:server[seal] for samr connections
This allows the tests to pass against a fully patched Windows Server.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 25 May 2016 15:30:05 +0000 (17:30 +0200)]
s4:dsdb/tests: make user_account_control.py executable
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 2 Jun 2016 13:15:52 +0000 (15:15 +0200)]
samba-tool: really deprecate 'samba-tool user add'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 6 Jan 2016 12:25:45 +0000 (13:25 +0100)]
librpc/ndr: add support for NDR_ALIGN* to ndr_push_short_relative_ptr2()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 6 Jan 2016 12:28:02 +0000 (13:28 +0100)]
librpc/tools: correctly validate relative pointers in ndrdump
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 22 Jan 2016 20:24:31 +0000 (21:24 +0100)]
selftest: add save.env.sh helper script.
This can be used to store the environment from within
make testenv.
It can be restored with:
. bin/restore.env.source
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sun, 26 Jun 2016 19:15:02 +0000 (07:15 +1200)]
Revert "source4/scripting: add an option to samba_dnsupdate to add ns records."
This reverts a totally unnecessary change to samba_dnsupdate. The self test
environment does the correct things with NS records now.
This reverts commit
af08cb2eee9dc9fabad6ca62ca11728209297222.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun 27 04:13:04 CEST 2016 on sn-devel-144
Andrew Bartlett [Fri, 17 Jun 2016 03:04:21 +0000 (15:04 +1200)]
dsdb: Make less talloc() for parsed_dn.guid
This is always allocated, so do not make it a pointer.
This now also uses the talloc-less GUID_buf_string() when printing
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 16 Jun 2016 02:04:44 +0000 (14:04 +1200)]
dsdb: Avoid talloc() calls in dsdb_get_extended_dn_*()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 15 Jun 2016 21:31:21 +0000 (09:31 +1200)]
dsdb: Apply linked attribute backlinks as we apply the forward links
Otherwise, we spend a lot of time checking if the link is in the list, which is pointless
and very costly in large domains
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 17 Jun 2016 01:28:59 +0000 (13:28 +1200)]
ldb: Do not allocate the extended DN name
The name must be a hard-coded value from struct ldb_dn_extended_syntax
so just point to that constant pointer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 15 Jun 2016 04:11:28 +0000 (16:11 +1200)]
ldb: Allow repl_meta_data to override the O(^2) loop checking for duplciates
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 15 Jun 2016 03:54:06 +0000 (15:54 +1200)]
librpc: Avoid talloc in GUID_from_data_blob()
This is often found in inner loops in the dsdb code, because LDB DNs often contain a GUID string
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 15 Jun 2016 03:43:55 +0000 (15:43 +1200)]
dsdb: Only fetch changed attributes in replmd_update_rpmd
This avoids fetching every attribute, including in particular links that may
require additional work to resolve, when we will not look at them anyway
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 14 Jun 2016 22:36:16 +0000 (10:36 +1200)]
dsdb: Fix use-after-free of parent_dn in operational module
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 14 Jun 2016 21:59:57 +0000 (09:59 +1200)]
dsdb: Provide shortcuut for repl_meta_data avoiding search of link targets
This makes processing of large numbers of linked attributes much faster, as we never care about the
names during that processing
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 14 Jun 2016 08:25:21 +0000 (20:25 +1200)]
selftest: Do not run winbind tests against ad_dc_ntvfs
This runs the same winbindd as ad_dc, there is no need to duplicate the runs
Andrew Bartlett [Tue, 14 Jun 2016 08:02:03 +0000 (20:02 +1200)]
selftest: Avoid running local.nss test against ad_dc_ntvfs
This environment uses the same winbindd as ad_dc
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andreas Schneider [Wed, 22 Jun 2016 09:13:15 +0000 (11:13 +0200)]
libutil: Support systemd 230
systemd 230 version finally deprecated
libsystemd-daemon/libsystemd-journal split and put everything in
libsystemd library.
Make sure HAVE_LIBSYSTEMD define is supported in the code (we already
have it defined by the waf).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11936
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Mon Jun 27 00:01:55 CEST 2016 on sn-devel-144
Jose A. Rivera [Sat, 25 Jun 2016 15:47:52 +0000 (10:47 -0500)]
krb5_wrap: Fix build error when not using heimdal.
Just a small typo fix where type and variable were flipped.
Signed-off-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jun 25 22:43:27 CEST 2016 on sn-devel-144
Ralph Boehme [Thu, 23 Jun 2016 17:13:05 +0000 (19:13 +0200)]
s4/torture: add a test for dosmode and hidden files
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Jun 2016 10:24:33 +0000 (12:24 +0200)]
s3/smbd: only use stored dos attributes for open_match_attributes() check
This changes the way we check for old vs new DOS attributes on open with
overwrite: only check against the DOS attributes actually set by a
client and stored in the DOS attributes xattr.
With this change "hide dot files" and "hide files" continue to work with
"store dos attributes = yes".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Jun 2016 15:14:55 +0000 (17:14 +0200)]
s3/smbd: move check for "hide files" to dos_mode_from_name()
Consolidate the "hide dot files" and "hide files" handling stuff in one
function. No change in overall behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Jun 2016 14:40:15 +0000 (16:40 +0200)]
s3/smbd: call dos_mode_from_name after SMB_VFS_GET_DOS_ATTRIBUTES()
This doesn't change overall behaviour in any way, it just prepares for
the next step where the IS_HIDDEN_PATH() stuff will be moved to the
function dos_mode_from_name().
It allows an optimisation by not checking "hide to files" patch if
FILE_ATTRIBUTE_HIDDEN was already set in the DOS xattr.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Jun 2016 10:23:33 +0000 (12:23 +0200)]
s3/smbd: add helper func dos_mode_from_name()
This just moves the computation of "hide dot files" files to a helper
functions without changing overall behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Amitay Isaacs [Fri, 24 Jun 2016 09:22:02 +0000 (19:22 +1000)]
s3-ctdb: Return an error when unexpected reply is received
CTDB can send CTDB_REPLY_ERROR in case it encounters an error condition.
This is treated as successful migration as "ret" is not set.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jun 24 22:39:23 CEST 2016 on sn-devel-144
Stefan Metzmacher [Thu, 23 Jun 2016 10:06:40 +0000 (12:06 +0200)]
python/tests: add auth_pad test for the dcerpc raw_protocol test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 24 18:08:44 CEST 2016 on sn-devel-144
Stefan Metzmacher [Thu, 23 Jun 2016 11:50:39 +0000 (13:50 +0200)]
s4:rpc_server: generate the correct error when we got an invalid auth_pad_length on BIND,ALTER,AUTH3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 20 Jun 2016 14:26:56 +0000 (16:26 +0200)]
librpc/rpc: ignore invalid auth_pad_length values in BIND, ALTER and AUTH3 pdus
This is a workarround for a bug in old Samba releases.
For BIND_ACK <= 3.5.x and for ALTER_RESP <= 4.2.x (see bug #11061).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 20 Jun 2016 14:25:12 +0000 (16:25 +0200)]
librpc/rpc: let dcerpc_pull_auth_trailer() check that auth_pad_length fits within the whole pdu.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 20 Jun 2016 14:17:45 +0000 (16:17 +0200)]
librpc/rpc: let dcerpc_pull_auth_trailer() only accept auth_length!=NULL or auth_data_only=true
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 20 Jun 2016 14:16:23 +0000 (16:16 +0200)]
s4:librpc/rpc: don't ask for auth_length if we ask for auth data only
dcerpc_pull_auth_trailer() handles auth_length=NULL just fine.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 20 Jun 2016 14:11:37 +0000 (16:11 +0200)]
s4:rpc_server: parse auth data only for BIND,ALTER_REQ,AUTH3
We should tell dcerpc_pull_auth_trailer() that we only want
auth data.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Sat, 26 Sep 2015 00:43:30 +0000 (02:43 +0200)]
s3:rpc_client: remove unused rpc_pipe_client->max_recv_frag
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 15 Jul 2015 10:02:32 +0000 (12:02 +0200)]
s4:rpc_server: remove unused dcesrv_connection_context->assoc_group
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 15 Jul 2015 10:01:35 +0000 (12:01 +0200)]
s4:rpc_server: remove unused '_unused_auth_state'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 15 Jul 2015 08:15:31 +0000 (10:15 +0200)]
s4:rpc_server: context_id fields of presentation contexts are just 16bit
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
git.samba.org / metze / samba / wip.git / log