metze/samba/wip.git
21 months agos4:kdc: only map SDB_ERR_NOT_FOUND_HERE to HDB_ERR_NOT_FOUND_HERE
Stefan Metzmacher [Thu, 21 Sep 2017 10:02:25 +0000 (12:02 +0200)]
s4:kdc: only map SDB_ERR_NOT_FOUND_HERE to HDB_ERR_NOT_FOUND_HERE

HDB_ERR_NOT_FOUND_HERE indicated a very specific error on an RODC.

We should not map any error to HDB_ERR_NOT_FOUND_HERE,
we should just pass errors along unmapped.

Otherwise we'll hit the logic bug in:

    if (ret == KDC_PROXY_REQUEST) {
        uint16_t port;

        if (!sock->kdc_socket->kdc->am_rodc) {
            DEBUG(0,("kdc_udp_call_loop: proxying requested when not RODC"));
                    talloc_free(call);
            goto done;
        }

And just don't send an error message to the client.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13132

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Dec  6 23:16:54 CET 2017 on sn-devel-144

21 months agoHEIMDAL:kdc: fix dh->q allocation check in get_dh_param()
Stefan Metzmacher [Tue, 29 Aug 2017 05:24:35 +0000 (07:24 +0200)]
HEIMDAL:kdc: fix dh->q allocation check in get_dh_param()

Thanks to Doug Nazar <nazard@nazar.ca> for spotting this!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from heimdal commit a79b59ba27070a015479e8d981b7e685dbe34310)
Reviewed-by: Andreas Schneider <asn@samba.org>
21 months agothird_party: Update socket_wrapper to version 1.1.9
Andreas Schneider [Tue, 7 Nov 2017 11:29:51 +0000 (12:29 +0100)]
third_party: Update socket_wrapper to version 1.1.9

* Fixed thread - signal deadlock issue
* Added support for openat()
* Added support for open64() and fopen64()
* Always turn on logging
* Increased maximum of wrapped interfaces to 64
* Improved fd duplication code
* Fixed strict-aliasing issues
* Fixed some use after free issues
* Fixed issues on ppc64le

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
21 months agothird_party: Fix a typo in the option name
Andreas Schneider [Mon, 4 Dec 2017 10:00:10 +0000 (11:00 +0100)]
third_party: Fix a typo in the option name

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13174

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
21 months agothird_party: Link th aesni-intel library with -z noexecstack
Björn Baumbach [Mon, 4 Dec 2017 09:49:19 +0000 (10:49 +0100)]
third_party: Link th aesni-intel library with -z noexecstack

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13174

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
21 months agos3: libsmb: Plumb in the new SMB2 get reparse point calls into the cli_readlink_XXXX...
Jeremy Allison [Wed, 29 Nov 2017 20:38:08 +0000 (12:38 -0800)]
s3: libsmb: Plumb in the new SMB2 get reparse point calls into the cli_readlink_XXXX() calls.

Reparse point symlinks can now be queried over SMB1 and SMB2 from smbclient.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13159

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Dec  6 19:05:34 CET 2017 on sn-devel-144

21 months agos3: libsmb: Add SMB2 calls cli_smb2_get_reparse_point_fnum_send()/cli_smb2_get_repars...
Jeremy Allison [Wed, 29 Nov 2017 20:37:36 +0000 (12:37 -0800)]
s3: libsmb: Add SMB2 calls cli_smb2_get_reparse_point_fnum_send()/cli_smb2_get_reparse_point_fnum_recv().

Allow reparse points to be queried over SMB2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13159

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
21 months agos3: libsmb: Do a naive response to SMB2 "stopped on symlink". Assume the last compone...
Jeremy Allison [Tue, 28 Nov 2017 23:46:40 +0000 (15:46 -0800)]
s3: libsmb: Do a naive response to SMB2 "stopped on symlink". Assume the last component was the reparse point.

Attempt re-open with FILE_OPEN_REPARSE_POINT. This matches the SMB1
behavior for smbclient.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13159

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
21 months agos3: libsmb: Plumb in the new SMB2 reparse point calls into the cli_symlink_create_XXX...
Jeremy Allison [Tue, 28 Nov 2017 22:10:26 +0000 (14:10 -0800)]
s3: libsmb: Plumb in the new SMB2 reparse point calls into the cli_symlink_create_XXX() calls.

Reparse point symlinks can now be created over SMB1 and SMB2 from
smbclient.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13159

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
21 months agos3: libsmb: Add SMB2 calls cli_smb2_set_reparse_point_fnum_send()/cli_smb2_set_repars...
Jeremy Allison [Tue, 28 Nov 2017 22:09:39 +0000 (14:09 -0800)]
s3: libsmb: Add SMB2 calls cli_smb2_set_reparse_point_fnum_send()/cli_smb2_set_reparse_point_fnum_recv().

Allow reparse points to be created over SMB2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13159

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
21 months agos3: libsmb: Make cli_close_send()/cli_close_recv() work for SMB1 and SMB2.
Jeremy Allison [Mon, 27 Nov 2017 22:38:49 +0000 (14:38 -0800)]
s3: libsmb: Make cli_close_send()/cli_close_recv() work for SMB1 and SMB2.

Remove the escape into synchronous smb2 code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13159

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
21 months agos3: libsmb: Rename cli_close_create() -> cli_smb1_close_create().
Jeremy Allison [Wed, 22 Nov 2017 00:47:48 +0000 (00:47 +0000)]
s3: libsmb: Rename cli_close_create() -> cli_smb1_close_create().

Move cli_smb1_close_done() next to its caller. This is SMB1 specific.
Prepare to wrap cli_close_send/cli_close_recv to handle SMB2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13159

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
21 months agovfs: drop casts for VFS_ADD_FSP_EXTENSION() callers
David Disseldorp [Tue, 5 Dec 2017 12:21:04 +0000 (13:21 +0100)]
vfs: drop casts for VFS_ADD_FSP_EXTENSION() callers

VFS_ADD_FSP_EXTENSION() now returns a properly typed pointer.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Dec  6 03:43:48 CET 2017 on sn-devel-144

21 months agovfs: return type via VFS_ADD_FSP_EXTENSION
David Disseldorp [Tue, 5 Dec 2017 12:16:31 +0000 (13:16 +0100)]
vfs: return type via VFS_ADD_FSP_EXTENSION

The type is passed in as a parameter, so should be used to properly type
the returned pointer, instead of using a void *.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
21 months agoWHATSNEW: Mention removed net serverid subcommands
Volker Lendecke [Tue, 5 Dec 2017 10:24:55 +0000 (11:24 +0100)]
WHATSNEW: Mention removed net serverid subcommands

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Dec  5 17:54:18 CET 2017 on sn-devel-144

21 months agos3: test_smbclient_s3: Correctly set and unset TZ variable for test.
Jeremy Allison [Tue, 5 Dec 2017 01:13:43 +0000 (17:13 -0800)]
s3: test_smbclient_s3: Correctly set and unset TZ variable for test.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec  5 08:55:44 CET 2017 on sn-devel-144

21 months agolib: Remove unused serverid.tdb
Volker Lendecke [Sun, 5 Nov 2017 11:58:09 +0000 (12:58 +0100)]
lib: Remove unused serverid.tdb

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec  5 04:58:26 CET 2017 on sn-devel-144

21 months agolib: Use messaging_send_all instead of message_send_all
Volker Lendecke [Sun, 5 Nov 2017 11:54:10 +0000 (12:54 +0100)]
lib: Use messaging_send_all instead of message_send_all

Just a global search&replace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agolib: Add messaging_send_all
Volker Lendecke [Sun, 5 Nov 2017 11:44:01 +0000 (12:44 +0100)]
lib: Add messaging_send_all

This will replace message_send_all. With messaging_dgm_forall we have
a local broadcast mechanism, and ctdb can also broadcast
everywhere. So there's no need for a separate traverse/send mechanism.

There's no good error reporting mechanism for broadcasting, so make
this function void.

This drops the message_type filtering. I believe that this does not matter in
practice, since messaging is a lot cheaper with dgm instead of the old tdb
based messaging. If someone presents a use case where this matters, nowadays
I'd much rather extend the messaging_dgm lock file format (where the unique id
lives right now) with the filter bits.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agomessaging: Always register CTDB_SRVID_SAMBA_PROCESS
Volker Lendecke [Tue, 25 Jul 2017 15:10:27 +0000 (17:10 +0200)]
messaging: Always register CTDB_SRVID_SAMBA_PROCESS

This will be used to broadcast to all processes, avoiding the costly
traverse of serverid.tdb.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agomessaging: Remove an unused #define
Volker Lendecke [Tue, 25 Jul 2017 14:24:04 +0000 (16:24 +0200)]
messaging: Remove an unused #define

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agonet: Remove "net serverid list"
Volker Lendecke [Sun, 5 Nov 2017 11:09:08 +0000 (12:09 +0100)]
net: Remove "net serverid list"

Traversing a clustered tdb is a pretty expensive operation. If someone
really needs this command-line interface, we can re-add it for the local
node using messaging_dgm_forall. If someone needs that globally, there's
the "onnode all" script that could be used. Alternatively, we could
implement an enhanced ping broadcast message also returning a processes
unique id.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agonet: Remove "net serverid wipe"
Volker Lendecke [Sun, 5 Nov 2017 11:02:26 +0000 (12:02 +0100)]
net: Remove "net serverid wipe"

This used to be a hygiene command for clustered node startup. In
clustered mode, CLEAR_IF_FIRST does not work, records can stay alive
by means of recovery. serverid.tdb will soon die, so remove this
command.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agosmbcontrol: Use messaging_dgm_forall
Volker Lendecke [Thu, 26 Oct 2017 15:18:36 +0000 (17:18 +0200)]
smbcontrol: Use messaging_dgm_forall

Doing stacktraces can be done locally only anyway

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agomessaging_dgm: Use messaging_dgm_forall in dgm_wipe
Volker Lendecke [Mon, 16 Oct 2017 19:52:35 +0000 (21:52 +0200)]
messaging_dgm: Use messaging_dgm_forall in dgm_wipe

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agomessaging: Add messaging_dgm_forall
Volker Lendecke [Fri, 21 Jul 2017 17:03:26 +0000 (19:03 +0200)]
messaging: Add messaging_dgm_forall

This factors out the traversal function from _wipe. It will be used to
replace message_send_all soon.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agomessaging: Remove the "n_sent" arg from message_send_all
Volker Lendecke [Fri, 21 Jul 2017 17:08:43 +0000 (19:08 +0200)]
messaging: Remove the "n_sent" arg from message_send_all

The only user of this is an informative message in smbcontrol. I don't think
that's worth the effort.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agomessaging_dgm: Protect against fork without reinit
Volker Lendecke [Sat, 25 Nov 2017 15:47:24 +0000 (16:47 +0100)]
messaging_dgm: Protect against fork without reinit

In the wake of bug 13150 we've discussed that this could happen even
without clustering. This adds code to make sure that whenever messaging
is used the pid and the files used match.

It's pretty heavy-weight, thus I made it DEVELOPER only. My gut feeling
is that the getsockname is cheap, but the stat call might be a bit too
expensive.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agoRevert "selftest: mark samba3.smb2.kernel-oplocks as flapping"
Jeremy Allison [Thu, 30 Nov 2017 20:28:03 +0000 (12:28 -0800)]
Revert "selftest: mark samba3.smb2.kernel-oplocks as flapping"

The correct fix is in the previous commit, to block the
RT_SIGNAL_LEASE until we're ready to receive it.

This reverts commit 27bb8814a526adbd22452ce58754d18e1b00d426.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Dec  2 03:50:39 CET 2017 on sn-devel-144

21 months agos4: torture: Fix race condition in test_smb2_kernel_oplocks8.
Jeremy Allison [Thu, 30 Nov 2017 20:25:02 +0000 (12:25 -0800)]
s4: torture: Fix race condition in test_smb2_kernel_oplocks8.

The child process gets the kernel lease and then notifies
the parent process to continue by writing a byte up a pipe.
It then sets the alarm and calls pause() to wait for the
parent process to contact the smbd and get it to trigger
the break request using an open call.

It is possible for the parent to run and trigger the break
request after the child has written to the pipe, but *before*
the child calls pause(). We then miss the signal notifying
the child to break the lease.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13121

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
21 months agoWHATSNEW: Add new smb.conf parameter
Karolin Seeger [Wed, 29 Nov 2017 10:45:42 +0000 (11:45 +0100)]
WHATSNEW: Add new smb.conf parameter

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agoWHATSNEW: Remove old entry about accelerated AES
Karolin Seeger [Wed, 29 Nov 2017 09:04:19 +0000 (10:04 +0100)]
WHATSNEW: Remove old entry about accelerated AES

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agoWHATSNEW: Explain reversal of smbclient symlink parameters against Windows server.
Jeremy Allison [Wed, 29 Nov 2017 21:22:25 +0000 (13:22 -0800)]
WHATSNEW: Explain reversal of smbclient symlink parameters against Windows server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13172

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Nov 30 19:32:21 CET 2017 on sn-devel-144

21 months agos3: libsmb: Fix reversing of oldname/newname paths when creating a reparse point...
Jeremy Allison [Wed, 29 Nov 2017 21:16:43 +0000 (13:16 -0800)]
s3: libsmb: Fix reversing of oldname/newname paths when creating a reparse point symlink on Windows from smbclient.

This happened as smbd doesn't support reparse points so we couldn't test.
This was the reverse of the (tested) symlink parameters in the unix extensions
symlink command.

Rename parameters to link_target instead of oldname so this is clearer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13172

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
21 months agos3: client: Rename <oldname> to <link_target> in cmd_symlink() and cli_posix_symlink().
Jeremy Allison [Wed, 29 Nov 2017 21:10:25 +0000 (13:10 -0800)]
s3: client: Rename <oldname> to <link_target> in cmd_symlink() and cli_posix_symlink().

Stops us from mixing up the old and new names. Only behavior change
is correcting the names printed in the error messages.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13172

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
21 months agoctdb-daemon: Send STARTUP control after startup event
Amitay Isaacs [Mon, 20 Nov 2017 04:27:52 +0000 (15:27 +1100)]
ctdb-daemon: Send STARTUP control after startup event

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13154

STARTUP control is primarily used to synchronise tcp tickles from running
nodes to a node which has just started up.  Earlier STARTUP control was
sent (using BROADCAST_ALL) after setup event.  Once the other nodes in
the cluster connected to this node, the queued up messages would be sent
and the tcp tickles would get synchronised.

Recent fix to drop messages to disconnected or not-yet-connected nodes,
the STARTUP control was never sent to the remote nodes and the tcp
tickles did not get synchronised.

To fix this problem send the STARTUP control (using BROADCAST_CONNECTED)
after startup event.  By this time all the running nodes in the cluster
are connected.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Nov 30 15:29:48 CET 2017 on sn-devel-144

21 months agoctdb-takeover: Send tcp tickles immediately on STARTUP control
Amitay Isaacs [Mon, 20 Nov 2017 04:37:39 +0000 (15:37 +1100)]
ctdb-takeover: Send tcp tickles immediately on STARTUP control

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13154

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
21 months agoctdb-takeover: Refactor code to send tickle lists for all public IPs
Amitay Isaacs [Mon, 20 Nov 2017 04:17:15 +0000 (15:17 +1100)]
ctdb-takeover: Refactor code to send tickle lists for all public IPs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13154

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
21 months agoselftest: mark samba3.smb2.kernel-oplocks as flapping
Andrew Bartlett [Wed, 29 Nov 2017 20:38:13 +0000 (09:38 +1300)]
selftest: mark samba3.smb2.kernel-oplocks as flapping

This flaps on sn-devel occaionally, and more often elsewhere

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov 30 09:47:22 CET 2017 on sn-devel-144

21 months agotorture: Use torture_assert{,_int_equal}_goto() in smb2.kernel-oplocks
Andrew Bartlett [Wed, 29 Nov 2017 20:35:20 +0000 (09:35 +1300)]
torture: Use torture_assert{,_int_equal}_goto() in smb2.kernel-oplocks

This allows this test to be added as flapping.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
21 months agos3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv().
Jeremy Allison [Wed, 29 Nov 2017 17:21:30 +0000 (09:21 -0800)]
s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv().

cli_smb2_close_fnum_recv() uses tevent_req_simple_recv_ntstatus(req), which
frees req, then uses the state pointer which was owned by req.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13171

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 30 05:47:12 CET 2017 on sn-devel-144

21 months agotestprogs: Fix a typo in the net ads test
Noel Power [Wed, 29 Nov 2017 12:52:32 +0000 (13:52 +0100)]
testprogs: Fix a typo in the net ads test

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 30 01:47:24 CET 2017 on sn-devel-144

21 months agotestprogs: Test net ads keytab list
Noel Power [Fri, 24 Nov 2017 07:06:27 +0000 (07:06 +0000)]
testprogs: Test net ads keytab list

Test that correct keytab is picked up.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13166

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
21 months agos3:libads: net ads keytab list fails with "Key table name malformed"
Noel Power [Thu, 23 Nov 2017 15:55:21 +0000 (15:55 +0000)]
s3:libads: net ads keytab list fails with "Key table name malformed"

When keytab_name is NULL don't call smb_krb5_kt_open use ads_keytab_open
instead, this function will determine the correct keytab to use.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13166

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
21 months agowinbindd: Name<->SID cache is not sequence number based anymore
Volker Lendecke [Tue, 8 Aug 2017 12:24:27 +0000 (14:24 +0200)]
winbindd: Name<->SID cache is not sequence number based anymore

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov 29 20:57:25 CET 2017 on sn-devel-144

21 months agowinbindd: Move name<->sid cache to gencache
Volker Lendecke [Sun, 6 Aug 2017 16:13:10 +0000 (18:13 +0200)]
winbindd: Move name<->sid cache to gencache

The mapping from name to sid and vice versa has nothing to
do with a specific domain. It is publically available. Thus put
it into gencache without referring to the domain this was
retrieved from

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
21 months agowinbindd: Factor out winbindd_domain_init_backend from get_cache()
Volker Lendecke [Sun, 6 Aug 2017 16:11:02 +0000 (18:11 +0200)]
winbindd: Factor out winbindd_domain_init_backend from get_cache()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
21 months agotorture3: Test namemap_cache
Volker Lendecke [Thu, 3 Aug 2017 14:26:25 +0000 (16:26 +0200)]
torture3: Test namemap_cache

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
21 months agonet: Parse namemap_cache in "net cache list"
Volker Lendecke [Thu, 3 Aug 2017 14:26:04 +0000 (16:26 +0200)]
net: Parse namemap_cache in "net cache list"

namemap_cache.c saves these as strv lists: An array of 0-terminated strings.
"net cache list" only printfs the values, so they would be cut off.

We might want to do this with other gencache values too in the future.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
21 months agolib: Add namemap_cache
Volker Lendecke [Wed, 2 Aug 2017 16:11:49 +0000 (18:11 +0200)]
lib: Add namemap_cache

A few functions to maintain lookupname and lookupsid cache in gencache.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
21 months agolib: Pass blob instead of &blob to gencache_set_data_blob
Volker Lendecke [Wed, 2 Aug 2017 15:52:40 +0000 (17:52 +0200)]
lib: Pass blob instead of &blob to gencache_set_data_blob

Passing a whole DATA_BLOB is cheap enough to simplify the callers: A caller
does not have to create a separate variable.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
21 months agolib: Allow parsing a strv from a non-talloc const buf
Volker Lendecke [Wed, 2 Aug 2017 15:34:25 +0000 (17:34 +0200)]
lib: Allow parsing a strv from a non-talloc const buf

This will allow parsing a tdb record without having to talloc_memdup it

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
21 months agolib: Only call strlen if necessary in strv
Volker Lendecke [Wed, 2 Aug 2017 15:32:50 +0000 (17:32 +0200)]
lib: Only call strlen if necessary in strv

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
21 months agolib: Pass in "strv_len" to strv_valid_entry
Volker Lendecke [Wed, 2 Aug 2017 15:22:34 +0000 (17:22 +0200)]
lib: Pass in "strv_len" to strv_valid_entry

Preparation for a later commit

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
21 months agodbwrap_watch: Remove the "prec" parameter from watch_recv
Volker Lendecke [Sat, 1 Jul 2017 06:27:57 +0000 (08:27 +0200)]
dbwrap_watch: Remove the "prec" parameter from watch_recv

The initial idea was to have some "atomicity" in this API. Every
caller interested in a record would have to do something with
it once it changes. However, only one caller really used this
feature, and that is easily changed to not use it. So
remove the complexity.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
21 months agosmbd: Avoid using dbwrap_watched_watch_recv's prec argument
Volker Lendecke [Sat, 1 Jul 2017 06:20:23 +0000 (08:20 +0200)]
smbd: Avoid using dbwrap_watched_watch_recv's prec argument

This is the only user of the "prec" argument of
dbwrap_watched_watch_recv. The next patch will remove this
functionality, as it's easily replaced here.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
21 months agowinbindd: let normalize_name_map() call find_domain_from_name_noinit()
Ralph Boehme [Mon, 27 Nov 2017 11:42:44 +0000 (12:42 +0100)]
winbindd: let normalize_name_map() call find_domain_from_name_noinit()

Let normalize_name_map fetch the domain itself with
find_domain_from_name_noinit().

This removes two calls to find_domain_from_name_noinit() in the default
configuration of "winbind normalize names = no". The domain is only need
in normalize_name_map if "winbind normalize names" is enabled.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
21 months agos3/cli_netlogon: remove SEC_CHAN_NULL fallback from rpccli_connect_netlogon()
Ralph Boehme [Sun, 26 Nov 2017 18:04:19 +0000 (19:04 +0100)]
s3/cli_netlogon: remove SEC_CHAN_NULL fallback from rpccli_connect_netlogon()

The caller should handle secure-channel-type SEC_CHAN_NULL. The previous
commit already added handling of SEC_CHAN_NULL to
cm_connect_netlogon_transport.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13167

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
21 months agowinbindd: restore SEC_CHAN_NULL fallback in cm_connect_netlogon_transport
Ralph Boehme [Mon, 27 Nov 2017 14:28:38 +0000 (15:28 +0100)]
winbindd: restore SEC_CHAN_NULL fallback in cm_connect_netlogon_transport

This partially reverts commit d7e31d9f4d9ce7395e458ac341dd83ac06255a20
"winbindd: Use rpccli_connect_netlogon" and restores handling of SEC_CHAN_NULL.

Without this we fail to enumerate domains in trusted forests so users
from any child-domain (or tree-root) in the trusted forest can't login
via eg SMB.

This is a temporary hack that will go away once we get rid of the trusted domain
list.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13167

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
21 months agoReplace tabs with spaces to comply with PEP8, reorder list of manpages in the alphanu...
Timur I. Bakeyev [Wed, 29 Nov 2017 05:40:10 +0000 (06:40 +0100)]
Replace tabs with spaces to comply with PEP8, reorder list of manpages in the alphanumeric sort order.

Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Nov 29 16:58:32 CET 2017 on sn-devel-144

21 months agoAdd vfs_zfsacl manpage to the list of manpages if we have this module enabled.
Timur I. Bakeyev [Wed, 29 Nov 2017 05:35:37 +0000 (06:35 +0100)]
Add vfs_zfsacl manpage to the list of manpages if we have this module enabled.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12934

Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
21 months agoFix typo in the "wide links" description for the getwd cache.
Timur I. Bakeyev [Wed, 29 Nov 2017 04:48:52 +0000 (05:48 +0100)]
Fix typo in the "wide links" description for the getwd cache.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12934

Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
21 months agopam_winbind: avoid non-literal-format warning
Uri Simchoni [Sun, 19 Nov 2017 13:14:14 +0000 (13:14 +0000)]
pam_winbind: avoid non-literal-format warning

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 29 12:50:49 CET 2017 on sn-devel-144

21 months agovfs_fruit: proper VFS-stackable conversion of FinderInfo
Ralph Boehme [Wed, 15 Nov 2017 15:52:48 +0000 (16:52 +0100)]
vfs_fruit: proper VFS-stackable conversion of FinderInfo

This fixes the problem that conversion failed with
fruit:metadata=stream. Before we were calling ad_set() which stores the
metadata in the Netatalk compatible format.

Rewrite to fully go through the VFS by calling SMB_VFS_CREATE_FILE() and
SMB_VFS_PWRITE().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 29 08:38:06 CET 2017 on sn-devel-144

21 months agovfs_fruit: add AfpInfo prototypes
Ralph Boehme [Wed, 15 Nov 2017 15:52:16 +0000 (16:52 +0100)]
vfs_fruit: add AfpInfo prototypes

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agos4/torture: fruit: in test_adouble_conversion() also check stream list and AFPINFO_STREAM
Ralph Boehme [Fri, 17 Nov 2017 11:57:14 +0000 (12:57 +0100)]
s4/torture: fruit: in test_adouble_conversion() also check stream list and AFPINFO_STREAM

This reveals that the conversion doesn't work properly with
fruit:metadata=stream.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agos4/torture: fruit: remove use of localdir from test_adouble_conversion test
Ralph Boehme [Fri, 17 Nov 2017 11:53:42 +0000 (12:53 +0100)]
s4/torture: fruit: remove use of localdir from test_adouble_conversion test

The previous use of localdir and torture_setup_local_file() was
motivated by the fact that by default vfs_fruit rejects access to files
with a "._" prefix.

Since a previous commit allowed SMB access to ._ files, rewrite the
test_adouble_conversion() test to create the ._ AppleDouble file over
SMB.

This also renders torture_setup_local_file() obsolete.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agoselftest: add "fruit:veto_appledouble = no" to fruit shares
Ralph Boehme [Fri, 17 Nov 2017 12:52:25 +0000 (13:52 +0100)]
selftest: add "fruit:veto_appledouble = no" to fruit shares

This is needed for a subsequent commit that modifies an existing test to
write a ._ file over SMB instead of using the ugly local creation hack.

SMB acces of ._ files requires "fruit:veto_appledouble = no", so let's
set it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agos4/torture: let write_stream() deal with stream=NULL
Ralph Boehme [Fri, 17 Nov 2017 07:13:10 +0000 (08:13 +0100)]
s4/torture: let write_stream() deal with stream=NULL

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agoselftest: run AppleDouble sidecar-file conversion test runs against all fruit shares
Ralph Boehme [Wed, 15 Nov 2017 17:39:53 +0000 (18:39 +0100)]
selftest: run AppleDouble sidecar-file conversion test runs against all fruit shares

This needs for work in all possible fruit configs, so test it.

This currently fails with stream_depot, as we don't propely copy over
the resourcefork data from the ._ file to the stream.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agos4/torture: use torture_assert_goto in a vfs.fruit test
Ralph Boehme [Fri, 17 Nov 2017 11:41:49 +0000 (12:41 +0100)]
s4/torture: use torture_assert_goto in a vfs.fruit test

No change in behavior.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agos4/torture: rework stream names tests usage of local xattr call
Ralph Boehme [Thu, 16 Nov 2017 06:58:34 +0000 (07:58 +0100)]
s4/torture: rework stream names tests usage of local xattr call

Previously this test, that tests for correct conversion of ':' in stream
names, only worked with streams_xattr with "fruit:metadata" set to
"netatalk".

In order to have test coverage for fruit shares with other configs,
split the test into two:

one test creates the stream over SMB and run against all shares, the
other one is the unmodified existing test and is only run against the
share with streams_xattr and fruit:metadata=netatalk.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agoselftest: add localdir option to fruit subtests
Ralph Boehme [Wed, 15 Nov 2017 17:38:41 +0000 (18:38 +0100)]
selftest: add localdir option to fruit subtests

A subsequent commits modifies an existing tests that needs $localdir to
also run against "vfs_fruit_metadata_stream" and
"vfs_fruit_stream_depot". This reveals test failures, those will be
fixed in a subsequent commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agoselftest: reorder arguments for fruit tests
Ralph Boehme [Wed, 15 Nov 2017 17:36:54 +0000 (18:36 +0100)]
selftest: reorder arguments for fruit tests

This just puts the auth option first matching the first test with the
"vfs_fruit" share directly above the modified lines.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agosystemd: Start processes in forground and without a process group
Andreas Schneider [Fri, 10 Nov 2017 08:32:27 +0000 (09:32 +0100)]
systemd: Start processes in forground and without a process group

We should not double fork in notify mode or systemd think something
during startup will be wrong and send SIGTERM to the process. So
sometimes the daemon will not start up correctly.

systemd will also handle the process group.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 28 15:31:27 CET 2017 on sn-devel-144

21 months agos4:samba: Allow samba daemon to run in foreground
Andreas Schneider [Fri, 10 Nov 2017 08:18:18 +0000 (09:18 +0100)]
s4:samba: Allow samba daemon to run in foreground

We are passing the no_process_group to become_daemon() that setsid() is
not called. In case we are double forking, we run in SysV daemon mode,
setsid() should be called!

See:
https://www.freedesktop.org/software/systemd/man/daemon.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
21 months agos4:samba: Do not segfault if we run into issues
Andreas Schneider [Wed, 15 Nov 2017 09:00:52 +0000 (10:00 +0100)]
s4:samba: Do not segfault if we run into issues

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
21 months agos3/loadparm: don't mark IPC$ as autoloaded
Ralph Boehme [Tue, 21 Nov 2017 13:34:28 +0000 (14:34 +0100)]
s3/loadparm: don't mark IPC$ as autoloaded

A related problem that affects configuration for the hidden IPC$
share. This share is marked a "autoloaded" and such shares are not
reloaded when requested. That resulted in the tcon to IPC$ still using
encrpytion after running the following sequence of changes:

1. stop Samba
2. set [global] smb encrypt = required
3. start Samba
4. remove [global] smb encrypt = required
5. smbcontrol smbd reload-config
6a bin/smbclient -U slow%x //localhost/raw -c quit, or
6b bin/smbclient -U slow%x -mNT1 //localhost/raw -c ls

In 6a the client simply encrypted packets on the IPC$ tcon. In 6b the
client got a tcon failure with NT_STATUS_ACCESS_DENIED, but silently
ignore the error.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 28 02:02:37 CET 2017 on sn-devel-144

21 months agos3/loadparm: ensure default service options are not changed
Ralph Boehme [Tue, 21 Nov 2017 13:28:48 +0000 (14:28 +0100)]
s3/loadparm: ensure default service options are not changed

Rename sDefault to _sDefault and make it const. sDefault is make a copy
of _sDefault in in the initialisation function lp_load_ex().

As we may end up in setup_lp_context() without going through
lp_load_ex(), sDefault may still be uninitialized at that point, so I'm
initializing lp_ctx->sDefault from _sDefault.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agos3/loadparm: allocate a fresh sDefault object per lp_ctx
Ralph Boehme [Wed, 22 Nov 2017 10:49:57 +0000 (11:49 +0100)]
s3/loadparm: allocate a fresh sDefault object per lp_ctx

This is in preperation of preventing direct access to sDefault in all
places that currently modify it.

As currently s3/loadparm is afaict not accessing lp_ctx->sDefault, but
changes sDefault indirectly through lp_parm_ptr() this change is just a
safety measure to prevent future breakage.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agosmbstatus: correctly denote not fully authenticated sessions
Ralph Boehme [Tue, 4 Jul 2017 10:22:00 +0000 (12:22 +0200)]
smbstatus: correctly denote not fully authenticated sessions

Currently for sessions where authentication is still in progress we
print uid and gid as -1.

With this change we nicely list them like this:

PID  Username   Group    Machine                          Protocol Version ....
6604 (auth in progress)  127.0.0.1 (ipv4:127.0.0.1:47930) SMB3_11 ....

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agos3/smbstatus: add a NULL check
Ralph Boehme [Wed, 22 Nov 2017 09:43:19 +0000 (10:43 +0100)]
s3/smbstatus: add a NULL check

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
21 months agolib: Fix a typo
Volker Lendecke [Fri, 24 Nov 2017 16:00:05 +0000 (17:00 +0100)]
lib: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Nov 27 04:51:59 CET 2017 on sn-devel-144

21 months agopython:tests: Create a test user for the dsdb test
Andreas Schneider [Fri, 24 Nov 2017 12:13:55 +0000 (13:13 +0100)]
python:tests: Create a test user for the dsdb test

We should never taint the Administrator account as we don't shut down
target envionments!

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Sat Nov 25 14:13:24 CET 2017 on sn-devel-144

21 months agobuild: Move pam_wrapper to third_party
Andreas Schneider [Fri, 24 Nov 2017 12:34:25 +0000 (13:34 +0100)]
build: Move pam_wrapper to third_party

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
21 months agobuild: Move uid_wrapper to third_party
Andreas Schneider [Tue, 7 Nov 2017 11:02:19 +0000 (12:02 +0100)]
build: Move uid_wrapper to third_party

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
21 months agobuild: Move resolv_wrapper to third_party
Andreas Schneider [Tue, 7 Nov 2017 10:55:04 +0000 (11:55 +0100)]
build: Move resolv_wrapper to third_party

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
21 months agobuild: Move nss_wrapper to third_party
Andreas Schneider [Tue, 7 Nov 2017 10:40:11 +0000 (11:40 +0100)]
build: Move nss_wrapper to third_party

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
21 months agobuild: Move socket_wrapper to third_party
Andreas Schneider [Tue, 7 Nov 2017 09:51:11 +0000 (10:51 +0100)]
build: Move socket_wrapper to third_party

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
21 months agorepl_meta_data: Allow delete of an object with dangling backlinks
Andrew Bartlett [Tue, 31 Oct 2017 19:22:22 +0000 (08:22 +1300)]
repl_meta_data: Allow delete of an object with dangling backlinks

This should not happen, but stopping all replication because of it is a pain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Nov 24 19:53:50 CET 2017 on sn-devel-144

21 months agorepl_meta_data: Fix removing of backlink on deleted objects
Andrej Gessel [Thu, 19 Oct 2017 15:16:37 +0000 (17:16 +0200)]
repl_meta_data: Fix removing of backlink on deleted objects

USER is memberOf GROUP and they both were deleted on W2K8R2 AD. Domain join ends
with error below.

Failed to apply records: ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:421
8: Failed to remove backlink of memberOf when deleting CN=USER\0ADEL:a1f2a2cc-1
179-4734-b753-c121ed02a34c,CN=Deleted Objects,DC=samdom,DC=intern: dsdb_module_
search_dn: did not find base dn CN=GROUP\0ADEL:030d0be1-3ada-4b93-8371-927f2092
3116,CN=Deleted Objects,DC=samdom,DC=intern (0 results): Operations error
Failed to commit objects: WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13120

Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
21 months agoselftest: Add more corruption cases for runtime and dbcheck
Andrew Bartlett [Tue, 31 Oct 2017 20:02:01 +0000 (09:02 +1300)]
selftest: Add more corruption cases for runtime and dbcheck

These tests now confirm we can handle these issues at runtime
as well as at dbcheck

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
21 months agoselftest: add dbcheck tests for duplicate links
Stefan Metzmacher [Thu, 26 Oct 2017 12:42:23 +0000 (14:42 +0200)]
selftest: add dbcheck tests for duplicate links

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
21 months agodbcheck: detect and fix duplicate links
Stefan Metzmacher [Fri, 27 Oct 2017 08:21:26 +0000 (10:21 +0200)]
dbcheck: detect and fix duplicate links

Check with git show -w

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
21 months agodbcheck: only calculate linked attribute helper variables once in check_dn()
Stefan Metzmacher [Fri, 27 Oct 2017 08:21:26 +0000 (10:21 +0200)]
dbcheck: only calculate linked attribute helper variables once in check_dn()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
21 months agodbcheck: remove indentation level
Stefan Metzmacher [Thu, 26 Oct 2017 14:30:28 +0000 (16:30 +0200)]
dbcheck: remove indentation level

Check with git show -w

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
21 months agodsdb:extended_dn_store: implement DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS control
Stefan Metzmacher [Thu, 26 Oct 2017 05:47:48 +0000 (07:47 +0200)]
dsdb:extended_dn_store: implement DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS control

This will be used by dbcheck to fix duplicate link values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
21 months agodsdb:repl_meta_data: implement DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS control
Stefan Metzmacher [Wed, 25 Oct 2017 14:48:44 +0000 (16:48 +0200)]
dsdb:repl_meta_data: implement DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS control

This will be used by dbcheck to fix duplicate link values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
21 months agos4:dsdb: allocate DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS oid
Stefan Metzmacher [Wed, 25 Oct 2017 14:47:36 +0000 (16:47 +0200)]
s4:dsdb: allocate DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS oid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
21 months agos4:schema_samba4: mark DSDB_CONTROL_INVALID_NOT_IMPLEMENTED 1.3.6.1.4.1.7165.4.3...
Stefan Metzmacher [Wed, 25 Oct 2017 14:26:16 +0000 (16:26 +0200)]
s4:schema_samba4: mark DSDB_CONTROL_INVALID_NOT_IMPLEMENTED 1.3.6.1.4.1.7165.4.3.32 as allocated

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>