metze/samba/wip.git
2 years agosmbd: Simplify cleanupdb a bit
Volker Lendecke [Wed, 18 Oct 2017 14:56:49 +0000 (16:56 +0200)]
smbd: Simplify cleanupdb a bit

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agosmbd: cleanupdb.c is used in smbd only
Volker Lendecke [Wed, 18 Oct 2017 15:02:56 +0000 (17:02 +0200)]
smbd: cleanupdb.c is used in smbd only

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_glusterfs: Fix exporting subdirs with shadow_copy2
Michael Adam [Fri, 20 Oct 2017 12:55:10 +0000 (14:55 +0200)]
vfs_glusterfs: Fix exporting subdirs with shadow_copy2

Since the glusterfs vfs module does not operate on a
locally mounted path, but on a "virtual" path starting
at the volume root, some assumptions of the code about
the vfs connect path fail. One example is the shadow_copy2
module which tries to detect the mount point from the
connectpath. In order to circumvent this problem, this
patch forces the "shadow:mountpoint" option to "/", which
skips the mount-point-detection code.

This patch will only have an effect if both the glusterfs
and the shadow_copy2 module are listed in vfs objects
in the right order, i.e. first shadow_copy2, and then
glusterfs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13091

Pair-Programmed-With: Anoop C S <anoopcs@redhat.com>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoselftest: Print link meta-data when developer debugging is used
Tim Beale [Tue, 26 Sep 2017 22:21:48 +0000 (11:21 +1300)]
selftest: Print link meta-data when developer debugging is used

For Windows, DRS is the only way to see the RMD_VERSION of a link, or to
tell what inactive links the DC. Add some debug to display this
information. By default, this debug is turned off.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 20 08:01:35 CEST 2017 on sn-devel-144

2 years agoreplmd: Remove unnecessary replmd_build_la_val() param
Tim Beale [Thu, 28 Sep 2017 03:13:05 +0000 (16:13 +1300)]
replmd: Remove unnecessary replmd_build_la_val() param

replmd_build_la_val() is creating a new link attribute. In this case,
the RMD_ORIGINATING_USN and RMD_LOCAL_USN are always going to be the
same thing, so we don't need to pass them in as 2 separate parameters.

This isn't required for any bug fix, but is just a general code
tidy-up.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: Get rid of duplicated replmd_build_la_val() code
Tim Beale [Thu, 28 Sep 2017 02:48:58 +0000 (15:48 +1300)]
replmd: Get rid of duplicated replmd_build_la_val() code

replmd_build_la_val() and replmd_set_la_val() are pretty much identical.
Keep the replmd_build_la_val() API (as it makes it clearer we're
creating a new linked attribute), but replace the code with a call to
replmd_set_la_val().

This isn't required for any bug fix, but is just a general tidy-up to
avoid code duplication.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: Fix RMD_VERSION inital value to match Windows
Tim Beale [Thu, 28 Sep 2017 02:09:34 +0000 (15:09 +1300)]
replmd: Fix RMD_VERSION inital value to match Windows

The initial value for RMD_VERSION is one on Windows. The MS-DRSR spec
states the following in section 5.11 AttributeStamp:

  dwVersion: A 32-bit integer. Set to 1 when a value for the attribute is
  set for the first time. On each subsequent originating update, if the
  current value of dwVersion is less than 0xFFFFFFFF, then increment it
  by 1; otherwise set it to 0

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13059

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: Remove static values passed to replmd_build_la_val()
Tim Beale [Thu, 28 Sep 2017 02:01:21 +0000 (15:01 +1300)]
replmd: Remove static values passed to replmd_build_la_val()

replmd_build_la_val() is used to populate a new link attribute value
from scratch. The version parameter is always passed in as the initial
value (zero), and deleted is always passed in as false.

For cases (like replication) where we want to set version/deleted to
something other than the defaults, we can use replmd_set_la_val()
instead.

This patch changes these 2 parameters to variables instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13059

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoselftest: Add test for initial link attribute RMD_VERSION value
Tim Beale [Thu, 28 Sep 2017 01:42:08 +0000 (14:42 +1300)]
selftest: Add test for initial link attribute RMD_VERSION value

While testing link conflicts I noticed that links on Windows start from
a different RMD_VERSION compared to Samba. This adds a simple test to
highlight the problem.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13059

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: Small refactor to replmd_check_singleval_la_conflict()
Tim Beale [Wed, 27 Sep 2017 23:10:11 +0000 (12:10 +1300)]
replmd: Small refactor to replmd_check_singleval_la_conflict()

Now that the code is all in one place we can refactor it to make it
slightly more readable.

- added more code comments
- tweaked the 'no conflict' return logic to try to make what it's checking
  for more obvious
- removed conflict_pdn (we can just use active_pdn instead)
- added a placeholder variable and tweaked a parameter name

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: Change replmd_check_singleval_la_conflict() logic flow
Tim Beale [Wed, 27 Sep 2017 23:01:34 +0000 (12:01 +1300)]
replmd: Change replmd_check_singleval_la_conflict() logic flow

Return immediately if there's no conflict, which reduces nesting.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: Move link conflict handling into separate function
Tim Beale [Wed, 27 Sep 2017 21:22:55 +0000 (10:22 +1300)]
replmd: Move link conflict handling into separate function

Link conflict handling is a corner-case. The logic in
replmd_process_linked_attribute() is already reasonably busy/complex.
Split out the handling of link conflicts into a separate function so
that it doesn't detract from the core replmd_process_linked_attribute()
logic too much.

This refactor should not alter functionality.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: Handle single-valued conflicts for an existing link
Tim Beale [Wed, 27 Sep 2017 20:42:14 +0000 (09:42 +1300)]
replmd: Handle single-valued conflicts for an existing link

Currently the code only handles the case where the received link
attribute is a new link (i.e. pdn == NULL). As well as this, we need to
handle the case where the conflicting link already exists, i.e. it's a
deleted link that has been re-added on another DC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: Mark link conflicts as inactive correctly
Tim Beale [Wed, 27 Sep 2017 03:37:59 +0000 (16:37 +1300)]
replmd: Mark link conflicts as inactive correctly

The previous patch to handle link conflicts was simply overriding the
received information and marking the link as deleted. We should be doing
this as a separate operation to make it clear what has happened, and so
that the new (i.e. inactive) link details get replicated out.

This patch changes it so that when a conflict occurs, we immediately
overwrite the received information to mark it as deleted, and to update
the version/USN/timestamp/originating_invocation_id to make it clear
that this is a new change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: Use replmd_set_la_val() when adding new links
Tim Beale [Wed, 27 Sep 2017 03:23:29 +0000 (16:23 +1300)]
replmd: Use replmd_set_la_val() when adding new links

replmd_set_la_val() and replmd_build_la_val() are almost identical. When
we were processing the replicated link attributes we were calling one
function if the link was new, and a different one if the link existed.
I think we should be able to get away with using replmd_set_la_val() in
both cases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: Fix talloc inconsistency in replmd_set_la_val()
Tim Beale [Thu, 28 Sep 2017 03:19:29 +0000 (16:19 +1300)]
replmd: Fix talloc inconsistency in replmd_set_la_val()

All the other talloc_asprintf()s in this function use the mem_ctx, but
for some reason the vstring was using the dsdb_dn->dn. This probably
isn't a big deal, but might have unintentional side-effects.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: Make replmd_set_la_val() closer to replmd_build_la_val()
Tim Beale [Thu, 28 Sep 2017 02:58:16 +0000 (15:58 +1300)]
replmd: Make replmd_set_la_val() closer to replmd_build_la_val()

These two functions are almost identical. The main difference between
them is the RMD_ADDTIME. replmd_set_la_val() tries to use the
RMD_ADDTIME of the old_dsdb_dn. Whereas replmd_build_la_val() always
uses the time passed in.

Change replmd_set_la_val() so it can accept a NULL old_dsdb_dn (i.e. if
it's a new linked attribute that's being set). If so, it'll end up using
the nttime parameter passed in, same as replmd_build_la_val() does.

Also update replmd_process_linked_attribute (which used to use
replmd_build_la_val()) to now pass in a NULL old_dsdb_dn. There
shouldn't be a difference in behaviour either way, but this exercises
the code change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: Handle conflicts for single-valued link attributes better
Tim Beale [Wed, 27 Sep 2017 00:44:29 +0000 (13:44 +1300)]
replmd: Handle conflicts for single-valued link attributes better

If 2 DCs independently set a single-valued linked attribute to differing
values, Samba should be able to resolve this problem when replication
occurs.

If the received information is better, then we want to set the existing
link attribute in our DB as inactive.

If our own information is better, then we still want to add the received
link attribute, but mark it as inactive so that it doesn't clobber our
own link.

This still isn't a complete solution. When we add the received attribute
as inactive, we really should be incrementing the version, updating the
USN, etc. Also this only deals with the case where the received link is
completely new (i.e. a received link conflicting with an existing
inactive link isn't handled).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: Partial fix for single-valued link conflict
Tim Beale [Mon, 18 Sep 2017 23:59:58 +0000 (11:59 +1200)]
replmd: Partial fix for single-valued link conflict

This is the first part of the fix for resolving a single-valued link
conflict.

When processing the replication data for a linked attribute, if we don't
find a match for the link target value, check if the link is a
single-valued attribute and it currently has an active link. If so, then
use the active link instead.

This change means we delete the existing active link (and backlink)
before adding the new link. This prevents the failure in the subsequent
dsdb_check_single_valued_link() check that was happening previously
(because the link would end up with 2 active values).

This is only a partial fix. It stops replication from failing completely
if we ever hit this situation (which means the test is no longer
hitting an assertion when replicating). However, ideally the existing
active link should be retained and just marked as deleted (with this
change, the existing link is overwritten completely).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoselftest: Add conflict test where the single-valued link already exists
Tim Beale [Wed, 27 Sep 2017 01:43:53 +0000 (14:43 +1300)]
selftest: Add conflict test where the single-valued link already exists

As well as testing scenarios where both variants of the link are new, we
should also check the case where the received link already exists on the
DC as an inactive (i.e. previously deleted) link.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoselftest: Add test for deleted single-valued link conflict
Tim Beale [Tue, 26 Sep 2017 00:55:11 +0000 (13:55 +1300)]
selftest: Add test for deleted single-valued link conflict

Currently we're only testing the case where the links have been modified
independently on 2 different DCs and both the links are active. We also
want to test the case where one link is active and the other is deleted.

Technically, this isn't really a conflict - the links involve different
target DNs, and the end result is still only one active link.

It's still probably worth having these tests to prove that fixing bug
13055 doesn't break anything.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoselftest: Make sure single-link conflict retains the deleted link
Tim Beale [Tue, 19 Sep 2017 01:41:02 +0000 (13:41 +1200)]
selftest: Make sure single-link conflict retains the deleted link

There should only ever be one active value for a single-valued link
attribute. When a conflict occurs the 'losing' value should still be
present, but should be marked as deleted.

This change is just making the test criteria stricter to make sure that
we fix the bug correctly.

Note that the only way to query the deleted link attributes present
is to send a DRS request.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: Remove unused originating_usn variable
Tim Beale [Mon, 18 Sep 2017 04:39:44 +0000 (16:39 +1200)]
replmd: Remove unused originating_usn variable

The previous refactor makes it obvious that we aren't actually using
this variable for anything.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: Refactor logic to check if replicated link is newer
Tim Beale [Mon, 18 Sep 2017 04:33:30 +0000 (16:33 +1200)]
replmd: Refactor logic to check if replicated link is newer

This is precursor work for supporting single-link conflicts.

Split out the code to check if the link update is newer. It's now safe
to call this from the main codepath. This also means we can combine the 2
calls to get the seqnum into a single common call.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: Refactor adding the backlink in replmd_process_linked_attribute()
Tim Beale [Mon, 18 Sep 2017 01:47:56 +0000 (13:47 +1200)]
replmd: Refactor adding the backlink in replmd_process_linked_attribute()

The code to add the backlink is the same in both the 'if' and the 'else'
case, so move it outside the if-else block.

(We're going to rework this block of code quite a bit in order to
support single-value linked attribute conflicts, aka bug #13055).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13055

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplace: Link to -lbsd when building replace.c by hand
Andrew Bartlett [Sat, 14 Oct 2017 09:38:18 +0000 (22:38 +1300)]
replace: Link to -lbsd when building replace.c by hand

This ensures that we correctly detect HAVE_IFACE_GETIFADDRS
et al, which are based on a "build the source" style test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13087

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agos3:cli_netlogon: let rpccli_connect_netlogon() retry once after NT_STATUS_NETWORK_ACC...
Stefan Metzmacher [Wed, 18 Oct 2017 11:36:59 +0000 (13:36 +0200)]
s3:cli_netlogon: let rpccli_connect_netlogon() retry once after NT_STATUS_NETWORK_ACCESS_DENIED

Otherwise we could easily endup with an endless loop.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos3:cli_netlogon: make sure rpccli_connect_netlogon only returns NT_STATUS_OK on success
Stefan Metzmacher [Wed, 18 Oct 2017 11:36:59 +0000 (13:36 +0200)]
s3:cli_netlogon: make sure rpccli_connect_netlogon only returns NT_STATUS_OK on success

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos3:tests: Fix the smblcient utimes test in Europe
Andreas Schneider [Thu, 19 Oct 2017 16:03:27 +0000 (18:03 +0200)]
s3:tests: Fix the smblcient utimes test in Europe

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 20 03:37:31 CEST 2017 on sn-devel-144

2 years agos4:smbd: Add missing unistd.h include to fix build of process_prefork
Andreas Schneider [Thu, 19 Oct 2017 15:27:23 +0000 (17:27 +0200)]
s4:smbd: Add missing unistd.h include to fix build of process_prefork

error: implicit declaration of function ‘getpgrp’; did you mean ‘getpt’?
[-Werror=implicit-function-declaration]

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agonwrap: Fix strotoul checks for NSS_WRAPPER_MAX_HOSTENTS
Douglas Bagnall [Thu, 19 Oct 2017 08:56:15 +0000 (10:56 +0200)]
nwrap: Fix strotoul checks for NSS_WRAPPER_MAX_HOSTENTS

The env and endptr pointers need to be dereferenced, but that is not
enough: we don't really want to regard an empty string (*env == '\0')
as a valid number.

Found by GCC 8.0.0 20170705 (experimental).

[2095/4103] Compiling lib/nss_wrapper/nss_wrapper.c
../lib/nss_wrapper/nss_wrapper.c: In function "nwrap_init":
../lib/nss_wrapper/nss_wrapper.c:1571:13: warning: comparison between pointer and zero character constant [-Wpointer-compare]
   if (((env != '\0') && (endptr == '\0')) ||
                ^~
                ../lib/nss_wrapper/nss_wrapper.c:1571:9: note: did you mean to dereference the pointer?
   if (((env != '\0') && (endptr == '\0')) ||
            ^
            ../lib/nss_wrapper/nss_wrapper.c:1571:33: warning: comparison between pointer and zero character constant [-Wpointer-compare]
   if (((env != '\0') && (endptr == '\0')) ||
                                    ^~
                                    ../lib/nss_wrapper/nss_wrapper.c:1571:26: note: did you mean to dereference the pointer?
   if (((env != '\0') && (endptr == '\0')) ||

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 19 16:42:17 CEST 2017 on sn-devel-144

2 years agopython: use communicate to fix Popen deadlock
Joe Guo [Fri, 15 Sep 2017 04:13:26 +0000 (16:13 +1200)]
python: use communicate to fix Popen deadlock

`Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and the
child process generates large output to a pipe such that it blocks waiting for
the OS pipe buffer to accept more data. Use communicate() to avoid that.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 19 09:27:16 CEST 2017 on sn-devel-144

2 years agopython: add a failed test to show Popen deadlock
Joe Guo [Fri, 15 Sep 2017 03:31:34 +0000 (15:31 +1200)]
python: add a failed test to show Popen deadlock

`Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and the
child process generates large output to a pipe such that it blocks waiting for
the OS pipe buffer to accept more data. Use communicate() to avoid that.

This patch is commited to show the issue, a fix patch will come later.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agosource4/smbd: replace DEBUG( with DBG_
Gary Lockyer [Sun, 10 Sep 2017 23:39:39 +0000 (11:39 +1200)]
source4/smbd: replace DEBUG( with DBG_

Update the debug logging to use the currently preferred debug macros

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoselftest: set ad_dc process model to prefork
Gary Lockyer [Tue, 5 Sep 2017 00:31:52 +0000 (12:31 +1200)]
selftest: set ad_dc process model to prefork

Set the process model for ad_dc to prefork, so that the pre-fork gets
exercised during self test.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agosource4/smbd: add a prefork process model.
Gary Lockyer [Thu, 7 Sep 2017 02:30:15 +0000 (14:30 +1200)]
source4/smbd: add a prefork process model.

Add a pre fork process model to bound the number processes forked by
samba.  Currently workers are only pre-forked for the ldap server,  all
the other services have pre-fork support disabled.

When pre-fork support is disabled a new process is started for each
service, and requests are processed by that process.

This commit partially reverts commit
b5be45c453bd51373bade26c29828b500ba586ec.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agosource4/smbd: Fix code formatting after refactoring.
Gary Lockyer [Thu, 14 Sep 2017 21:15:35 +0000 (09:15 +1200)]
source4/smbd: Fix code formatting after refactoring.

Fix code formatting from the refactoring in the previous commits.
Done as a separate patch to make the changes to functionality easier
to review.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoprocess_standard: Do not log at level 2 every time a child exits
Gary Lockyer [Mon, 18 Sep 2017 01:02:13 +0000 (13:02 +1200)]
process_standard: Do not log at level 2 every time a child exits

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agosource4/smbd: Do not overstamp the process model with "single"
Gary Lockyer [Mon, 18 Sep 2017 01:05:24 +0000 (13:05 +1200)]
source4/smbd: Do not overstamp the process model with "single"

Instead, except in RPC which is a special SNOWFLAKE, we rely on the struct
service_details in the init function.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoprocess_standard: Honour proc_ctx->inhibit_fork_on_accept
Gary Lockyer [Thu, 19 Oct 2017 02:15:33 +0000 (15:15 +1300)]
process_standard: Honour proc_ctx->inhibit_fork_on_accept

This allows the service to control if it should fork per accept() without needing
to replace the whole process model with process_single.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoprocess_standard: Move child pipe setup further down standard_accept_connection()
Gary Lockyer [Thu, 19 Oct 2017 02:14:16 +0000 (15:14 +1300)]
process_standard: Move child pipe setup further down standard_accept_connection()

This avoids cleaning up on error from accept() but more importantly
allows a future mode that acts like process_single and so has no child.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoprocess_standard: Use the new process_context
Gary Lockyer [Mon, 18 Sep 2017 00:56:09 +0000 (12:56 +1200)]
process_standard: Use the new process_context

Use the new process_context to control the from_parent_fd
This avoids the use of global variables, and will in the next patch
allow process_standard to run as what was known as single without
over-stamping a different process model.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years ago source4/smbd: refactor the process model for prefork
Gary Lockyer [Thu, 14 Sep 2017 19:09:23 +0000 (07:09 +1200)]
 source4/smbd: refactor the process model for prefork

    Refactor the process model code to allow the addition of a prefork
    process model.

    - Add a process context to contain process model specific state
    - Add a service details structure to allow service to indicate which
      process model options they can support.

    In the new code the services advertise the features they support to the
    process model.  The process model context is plumbed through to allow the
    process model to keep track of the supported options, and any state
    the process model may require.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agotests: Add a blackbox test for smbcontrol
Gary Lockyer [Tue, 12 Sep 2017 23:21:02 +0000 (11:21 +1200)]
tests: Add a blackbox test for smbcontrol

Add tests to check that samba processes have started and that they can be
pinged.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agorpc_client: Fix wording in a DEBUG statement
Volker Lendecke [Wed, 18 Oct 2017 11:26:07 +0000 (13:26 +0200)]
rpc_client: Fix wording in a DEBUG statement

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 19 04:57:44 CEST 2017 on sn-devel-144

2 years agoRemoved unused 'oplock contention limit' config parameter
Christof Schmitt [Tue, 17 Oct 2017 21:49:17 +0000 (14:49 -0700)]
Removed unused 'oplock contention limit' config parameter

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3: tests: Add smbclient test for utimes command.
Jeremy Allison [Wed, 18 Oct 2017 20:54:22 +0000 (13:54 -0700)]
s3: tests: Add smbclient test for utimes command.

Signed-off-by: Jeremy Allison <jra@samba.org>
2 years agos3:Add a utimes command to smbclient so we can set the Windows times.
Richard Sharpe [Mon, 16 Oct 2017 20:51:51 +0000 (13:51 -0700)]
s3:Add a utimes command to smbclient so we can set the Windows times.

Add an update to the smbclient man page.

Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agodbcheck: Allow removal of one-way links to missing objects
Andrew Bartlett [Tue, 17 Oct 2017 10:01:51 +0000 (23:01 +1300)]
dbcheck: Allow removal of one-way links to missing objects

If dbcheck is not run within the tombstone lifetime, these links can
persist in the database forever.  The risk of unintentional information loss
is why these links are only removed within the same partition.  A
replication may be in progress which has created only one end of
the link, so we must keep that.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 19 00:50:19 CEST 2017 on sn-devel-144

2 years agounittests: Fix missing include of signal.h
Lumir Balhar [Wed, 11 Oct 2017 19:02:24 +0000 (21:02 +0200)]
unittests: Fix missing include of signal.h

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Oct 18 14:24:39 CEST 2017 on sn-devel-144

2 years agopython: Fix Python 2.6 compatibility
Lumir Balhar [Wed, 11 Oct 2017 19:00:29 +0000 (21:00 +0200)]
python: Fix Python 2.6 compatibility

PyErr_NewExceptionWithDoc() isn't available in Python 2.6 so it can
be used only in higher versions of Python.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agotests: Improve tests of samba.registry Python module
Lumir Balhar [Wed, 11 Oct 2017 11:05:01 +0000 (13:05 +0200)]
tests: Improve tests of samba.registry Python module

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agopython: Port samba.registry module to Python 3 compatible form
Lumir Balhar [Wed, 11 Oct 2017 10:46:11 +0000 (12:46 +0200)]
python: Port samba.registry module to Python 3 compatible form

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoctdb-tests: Add tests for event scripts with multiple '.'s
Amitay Isaacs [Thu, 12 Oct 2017 03:44:03 +0000 (14:44 +1100)]
ctdb-tests: Add tests for event scripts with multiple '.'s

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13070

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Oct 18 10:19:48 CEST 2017 on sn-devel-144

2 years agoctdb-common: Ignore event scripts with multiple '.'s
Amitay Isaacs [Thu, 12 Oct 2017 03:42:59 +0000 (14:42 +1100)]
ctdb-common: Ignore event scripts with multiple '.'s

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13070

This avoids running event script copies left by a package manager.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agovfs_catia: Fix a potential memleak
Volker Lendecke [Mon, 16 Oct 2017 15:43:09 +0000 (17:43 +0200)]
vfs_catia: Fix a potential memleak

Together with the previous commit this fixes a memleak (twice) that
happens when vfs_catia is loaded with no mappings defined.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13090

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 17 18:53:48 CEST 2017 on sn-devel-144

2 years agovfs_catia: Fix a memory leak
Volker Lendecke [Tue, 17 Oct 2017 09:28:36 +0000 (11:28 +0200)]
vfs_catia: Fix a memory leak

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13090

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agovfs_catia: Make "srt_head" static to the module
Volker Lendecke [Tue, 17 Oct 2017 09:20:20 +0000 (11:20 +0200)]
vfs_catia: Make "srt_head" static to the module

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agoUpdate .ycm_extra_conf.py
Ralph Boehme [Tue, 17 Oct 2017 11:13:53 +0000 (13:13 +0200)]
Update .ycm_extra_conf.py

The previous commit removed many includes. Why? This commit adds back
includes generated by running the latest YCM-Generator/config_gen.py.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos3/smbd: use correct access in get_file_handle_for_metadata
Ralph Boehme [Tue, 29 Aug 2017 14:08:06 +0000 (16:08 +0200)]
s3/smbd: use correct access in get_file_handle_for_metadata

All we want here is FILE_WRITE_ATTRIBUTES, not FILE_WRITE_DATA.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 17 11:48:09 CEST 2017 on sn-devel-144

2 years agos3/smbd: fix access checks in set_ea_dos_attribute()
Ralph Boehme [Tue, 29 Aug 2017 13:55:19 +0000 (15:55 +0200)]
s3/smbd: fix access checks in set_ea_dos_attribute()

We wanted to set the DOS attributes and failed with permission denied
from the VFS/kernel/filesystem. Next thing we wanna do here is override
this if either

- "dos filemode = true" is set and the security descriptor gives the
  user write access or if

- the stored security descriptor has FILE_WRITE_ATTRIBUTES

The former was working, but the latter was not implemented at all.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: README.Coding fixes in set_ea_dos_attribute
Ralph Boehme [Thu, 12 Oct 2017 13:41:01 +0000 (15:41 +0200)]
s3/smbd: README.Coding fixes in set_ea_dos_attribute

While I'm at it, some README.Coding fixes in set_ea_dos_attribute.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR
Anoop C S [Fri, 13 Oct 2017 15:08:31 +0000 (20:38 +0530)]
vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR

Pointer to directory 'dh' inside fruit_rmdir() is obtained using
SMB_VFS_OPENDIR. But this handle is closed directly by invoking
closedir() rather than SMB_VFS_CLOSEDIR. This will result in a
smbd crash if this handle was not obtained from local file system.
Therefore use SMB_VFS_CLOSEDIR corresponding to SMB_VFS_OPENDIR
to correctly close the directory handle.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13086

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Oct 16 19:56:55 CEST 2017 on sn-devel-144

2 years agodocs-xml: Fix a typo in manpage for vfs_fruit
Anoop C S [Mon, 16 Oct 2017 09:19:41 +0000 (14:49 +0530)]
docs-xml: Fix a typo in manpage for vfs_fruit

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Oct 16 15:55:35 CEST 2017 on sn-devel-144

2 years agoctdb-tests: Check an unchecked return value
Martin Schwenke [Wed, 11 Oct 2017 08:16:25 +0000 (19:16 +1100)]
ctdb-tests: Check an unchecked return value

This can't fail but check it for completeness... just in case Coverity
decides to notice it.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Oct 16 09:27:17 CEST 2017 on sn-devel-144

2 years agoctdb-test: Fix CID 1419118 (Error handling issues)
Martin Schwenke [Wed, 11 Oct 2017 08:04:28 +0000 (19:04 +1100)]
ctdb-test: Fix CID 1419118 (Error handling issues)

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agoctdb-client: Fix a typo
Martin Schwenke [Tue, 10 Oct 2017 03:51:40 +0000 (14:51 +1100)]
ctdb-client: Fix a typo

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agoctdb-tests: Strengthen some tests
Martin Schwenke [Mon, 9 Oct 2017 03:56:00 +0000 (14:56 +1100)]
ctdb-tests: Strengthen some tests

Check for the expected result instead of just any failure.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agoctdb-protocol: Fix typo in type of return variable
Martin Schwenke [Mon, 9 Oct 2017 03:52:30 +0000 (14:52 +1100)]
ctdb-protocol: Fix typo in type of return variable

This causes failures to be folded down to 1, which is incorrect.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agoman pages: properly ident lists
Alexander Bokovoy [Fri, 6 Oct 2017 19:52:36 +0000 (22:52 +0300)]
man pages: properly ident lists

It took me some time (original bug was filed in 2013!) but now
lists in smb.conf.5 are properly idented.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9613

Signed-Off-By: Alexander Bokovoy <ab@samba.org>
Reviewed-By: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Oct 14 11:31:07 CEST 2017 on sn-devel-144

2 years agosmb.conf.5: sort parameters alphabetically
Alexander Bokovoy [Fri, 6 Oct 2017 19:49:11 +0000 (22:49 +0300)]
smb.conf.5: sort parameters alphabetically

Content of each separate parameter description file is added
into a parameters.all.xml file before compiling smb.conf.5.

The issue is that POSIX file systems generally don't give any
promises over how glob-produced files are sorted. Thus, we need to sort
them in a predictable way.

This patch adds sorting based on a file name as a string. Since all
parameter files named after the parameter itself (plus .xml), we can
use file name sorting.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13081

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-By: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoselftest: Add sanity-check RODC can't use cache to reveal secrets
Tim Beale [Mon, 2 Oct 2017 01:33:47 +0000 (14:33 +1300)]
selftest: Add sanity-check RODC can't use cache to reveal secrets

Bug 12977 highlighted that Samba only checks exop GetNcChanges requests
once, when they're first received. This makes sense because valid exop
requests should only ever involve a single request. For regular
(non-exop) GetNcChanges requests, the server stores a cache of the
object GUIDs to return.

What we don't want to happen is for a malicious/compromised RODC to use
this cache to circumvent privilege checks, and receive secrets that it's
normally not permitted to access (e.g. the administrator's password).

The specific scenario we're concerned about is:
- The RODC sends a regular GetNcChanges request for all objects (without
  secrets). (This causes the server to build its GUID array cache).
- The RODC then sends a follow-on request for the next chunk, but sets
  the REPL_SECRET exop this time.

The only thing inadvertently preventing Samba from leaking secrets in
this case is updating msDS-RevealedUsers for auditing. It's possible
that a future code change may alter the codepath and open up a
security-hole without realizing. This patch adds a test case so if that
ever did happen, the selftests would detect the problem.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12977

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoselftest: prevent interpretation of escape sequences in test_give_owner.sh
Ralph Boehme [Fri, 13 Oct 2017 12:32:58 +0000 (14:32 +0200)]
selftest: prevent interpretation of escape sequences in test_give_owner.sh

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Oct 14 06:02:50 CEST 2017 on sn-devel-144

2 years agos4/torture: vfs_fruit: test xattr unpacking
Ralph Boehme [Wed, 11 Oct 2017 14:04:58 +0000 (16:04 +0200)]
s4/torture: vfs_fruit: test xattr unpacking

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 13 21:44:02 CEST 2017 on sn-devel-144

2 years agos4/torture: vfs_fruit: replace AppleDouble data blob with xattr data
Ralph Boehme [Mon, 9 Oct 2017 14:18:18 +0000 (16:18 +0200)]
s4/torture: vfs_fruit: replace AppleDouble data blob with xattr data

The osx_adouble_w_xattr datablob is used to test conversion from sidecar
._ file metdata to Samba compatible ._ file.

The previous data blob didn't contain xattr data, the new one does.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_fruit: on-access conversion of AppleDouble xattr data
Ralph Boehme [Wed, 11 Oct 2017 10:58:59 +0000 (12:58 +0200)]
vfs_fruit: on-access conversion of AppleDouble xattr data

This finally adds on-access conversion of xattr data stored in sidecar
AppleDouble files.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_fruit: static string fruit_catia_maps
Ralph Boehme [Tue, 10 Oct 2017 17:13:36 +0000 (19:13 +0200)]
vfs_fruit: static string fruit_catia_maps

In a later commit these will be used somewhere else too.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_fruit: pass smb_fname to ad_convert
Ralph Boehme [Tue, 10 Oct 2017 14:15:49 +0000 (16:15 +0200)]
vfs_fruit: pass smb_fname to ad_convert

This will be needed in a later commit when converting xattrs in sidecar
AppleDouble files.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_fruit: unpack AppleDouble xattr header if present
Ralph Boehme [Tue, 10 Oct 2017 14:06:33 +0000 (16:06 +0200)]
vfs_fruit: unpack AppleDouble xattr header if present

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_fruit: allocate ad_data buffer up to AD_XATTR_MAX_HDR_SIZE bytes
Ralph Boehme [Tue, 10 Oct 2017 14:04:29 +0000 (16:04 +0200)]
vfs_fruit: allocate ad_data buffer up to AD_XATTR_MAX_HDR_SIZE bytes

This is in preperation of reading potential xattr header data from the
AppleDouble file, not just reading a fixed amount of bytes.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_fruit: add AppleDouble xattr structure definitions
Ralph Boehme [Tue, 10 Oct 2017 14:03:13 +0000 (16:03 +0200)]
vfs_fruit: add AppleDouble xattr structure definitions

Reference:
https://opensource.apple.com/source/xnu/xnu-4570.1.46/bsd/vfs/vfs_xattr.c

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_fruit: fix ftruncating resource fork
Ralph Boehme [Wed, 11 Oct 2017 16:11:12 +0000 (18:11 +0200)]
vfs_fruit: fix ftruncating resource fork

fruit_ftruncate_rsrc_adouble() is called to effectively ftruncate() the
._ AppleDouble file to the requested size.

The VFS function SMB_VFS_NEXT_FTRUNCATE() otoh would attempt to truncate
to fsp *stream* in any way the next VFS module seems fit. As we know
we're stacked with a streams module, the module will attempt to truncate
the stream. So we're not truncating the ._ file.

This went unnoticed as the AppleDouble file header contains the
authorative resource fork size that was updated correctly.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_catia: factor out mapping functions
Ralph Boehme [Wed, 11 Oct 2017 09:35:15 +0000 (11:35 +0200)]
vfs_catia: factor out mapping functions

This moves the core mapping functions to a seperate file and makes them
global.

string_replace_init_map() is called to parse a mapping in string and
produce a mapping object that can then be passed to
string_replace_allocate() to do the actual mapping of a string.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agoselftest: add some debugging to test_give_owner.sh
Ralph Boehme [Thu, 12 Oct 2017 15:07:15 +0000 (17:07 +0200)]
selftest: add some debugging to test_give_owner.sh

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 13 01:22:05 CEST 2017 on sn-devel-144

2 years agoUpdated error message text and reduced its debug level
Marc Muehlfeld [Wed, 11 Oct 2017 07:49:45 +0000 (09:49 +0200)]
Updated error message text and reduced its debug level

Previously, "net rpc share add|remove" commands failed if no
"add|delete share command" parameter was set in smb.conf. However,
the error was only logged at level 10 and not very clear.
This patch updates the error message text and sets the log level of this
error to 1 to make it more obvious what is missing.

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4:heimdal_build: there's no need to define HAVE_KRB5_ADDRESSES twice
Stefan Metzmacher [Mon, 9 Oct 2017 10:39:52 +0000 (12:39 +0200)]
s4:heimdal_build: there's no need to define HAVE_KRB5_ADDRESSES twice

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 11 12:33:42 CEST 2017 on sn-devel-144

2 years agokrb5_wrap: ADDRTYPE_INET6 is available in all supported MIT versions
Stefan Metzmacher [Mon, 9 Oct 2017 10:50:35 +0000 (12:50 +0200)]
krb5_wrap: ADDRTYPE_INET6 is available in all supported MIT versions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13079

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2 years agokrb5_wrap: KRB5_ADDRESS_INET6 is not a define in Heimdal
Stefan Metzmacher [Mon, 9 Oct 2017 10:50:35 +0000 (12:50 +0200)]
krb5_wrap: KRB5_ADDRESS_INET6 is not a define in Heimdal

All supported versions of Heimal already have KRB5_ADDRESS_INET6,
so there's no need for an explicit check.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13079

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2 years agos3: spoolss: Extend publish_toggle test to check returned GUID string format
Samuel Cabrero [Thu, 5 Oct 2017 17:22:29 +0000 (19:22 +0200)]
s3: spoolss: Extend publish_toggle test to check returned GUID string format

Extend the rpc.spoolss.printer.addprinter.publish_toggle test to
check the format of the returned GUID string in GetPrinter info
level 7 structure.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12993

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 11 06:39:00 CEST 2017 on sn-devel-144

2 years agowinbindd: idmap_rid: error code for failing id-to-sid mapping request
Ralph Boehme [Mon, 9 Oct 2017 11:29:05 +0000 (13:29 +0200)]
winbindd: idmap_rid: error code for failing id-to-sid mapping request

NT_STATUS_NO_SUCH_DOMAIN triggers complete request failure in the parent
winbindd. By returning NT_STATUS_NONE_MAPPED winbindd lets the individual
mapping fail but keeps processing any remaining mapping requests.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 10 19:57:37 CEST 2017 on sn-devel-144

2 years agowinbindd: idmap_rid: don't rely on the static domain list
Ralph Boehme [Mon, 25 Sep 2017 13:42:08 +0000 (15:42 +0200)]
winbindd: idmap_rid: don't rely on the static domain list

The domain list in the idmap child is inherited from the parent winbindd
process and may not contain all domains in case enumerating trusted
domains didn't finish before the first winbind request that triggers the
idmap child fork comes along.

The previous commits added the domain SID as an additional argument to
the wbint_UnixIDs2Sids request, storing the domain SID in struct
idmap_domain.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agowinbindd: pass domain SID to wbint_UnixIDs2Sids
Ralph Boehme [Mon, 25 Sep 2017 13:39:39 +0000 (15:39 +0200)]
winbindd: pass domain SID to wbint_UnixIDs2Sids

This makes the domain SID available to the idmap child for
wbint_UnixIDs2Sids mapping request. It's not used yet anywhere, this
comes in the next commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agowinbindd: add domain SID to idmap mapping domains
Ralph Boehme [Mon, 25 Sep 2017 11:25:57 +0000 (13:25 +0200)]
winbindd: add domain SID to idmap mapping domains

Fetch the domain SID for every domain in the idmap-domain map. This is
in preperation of passing the domain SID as an additional argument to
xid2sid requests to the idmap child.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agoctdb-tests: Add interactive test for tunnels
Amitay Isaacs [Fri, 11 Aug 2017 05:53:28 +0000 (15:53 +1000)]
ctdb-tests: Add interactive test for tunnels

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Oct 10 15:50:04 CEST 2017 on sn-devel-144

2 years agoctdb-tests: Add test for tunnels
Amitay Isaacs [Mon, 26 Jun 2017 08:06:18 +0000 (18:06 +1000)]
ctdb-tests: Add test for tunnels

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-protocol: Add tunnel id prefix for testing
Amitay Isaacs [Fri, 29 Sep 2017 02:16:21 +0000 (12:16 +1000)]
ctdb-protocol: Add tunnel id prefix for testing

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-client: Add client api for using tunnels
Amitay Isaacs [Thu, 6 Apr 2017 09:33:47 +0000 (19:33 +1000)]
ctdb-client: Add client api for using tunnels

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-protocol: Add protocol marshalling for CTDB_REQ_TUNNEL
Amitay Isaacs [Wed, 5 Apr 2017 06:25:42 +0000 (16:25 +1000)]
ctdb-protocol: Add protocol marshalling for CTDB_REQ_TUNNEL

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-client: Add client code for tunnel controls
Amitay Isaacs [Thu, 6 Apr 2017 08:58:18 +0000 (18:58 +1000)]
ctdb-client: Add client code for tunnel controls

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-protocol: Add protocol marshalling for tunnel controls
Amitay Isaacs [Thu, 6 Apr 2017 08:58:01 +0000 (18:58 +1000)]
ctdb-protocol: Add protocol marshalling for tunnel controls

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>