metze/samba/wip.git
2 years agoctdb-scripts: Ignore shellcheck SC2181 warning (use of $?)
Martin Schwenke [Fri, 11 Aug 2017 02:49:32 +0000 (12:49 +1000)]
ctdb-scripts: Ignore shellcheck SC2181 warning (use of $?)

Given the size of the command substitutions it would be less clear to
embed the assignments and substitutions inside a conditional.  It is
clearer if the exit code is checked afterwards.

However, do fix some untidy uses of != instead of -ne when comparing
with $?.  Make the code easier to understand by reversing the logic
and using -eq and ||.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tools: Avoid shellcheck SC2181 warnings (use of $?) in onnode
Martin Schwenke [Thu, 13 Jul 2017 02:58:33 +0000 (12:58 +1000)]
ctdb-tools: Avoid shellcheck SC2181 warnings (use of $?) in onnode

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tools: Use a clear and readable if-statement
Martin Schwenke [Fri, 11 Aug 2017 04:06:30 +0000 (14:06 +1000)]
ctdb-tools: Use a clear and readable if-statement

This is consistent with the if-statement above.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tools: Reformat and explain complex code
Martin Schwenke [Wed, 9 Aug 2017 07:11:18 +0000 (17:11 +1000)]
ctdb-tools: Reformat and explain complex code

There are multiple command groups and redirects on very long lines.
Reformat the long lines to break them up and add a comment to explain
what is happening.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tools: Avoid shellcheck SC2188 warning (redirect without command)
Martin Schwenke [Thu, 13 Jul 2017 03:08:39 +0000 (13:08 +1000)]
ctdb-tools: Avoid shellcheck SC2188 warning (redirect without command)

Shellcheck found a bug!

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-scripts: Avoid shellcheck warning SC2188 (redirect without command)
Martin Schwenke [Thu, 13 Jul 2017 02:52:39 +0000 (12:52 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2188 (redirect without command)

This makes the code look deliberate instead like something has been
accidentally omitted.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Indentation fixups
Martin Schwenke [Thu, 3 Aug 2017 11:01:59 +0000 (21:01 +1000)]
ctdb-tests: Indentation fixups

The rest of the code in this file now matches the coding guidelines,
so clean up the rest.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Fix logic to handle PATH additions for tests
Martin Schwenke [Wed, 15 Mar 2017 04:50:46 +0000 (15:50 +1100)]
ctdb-tests: Fix logic to handle PATH additions for tests

When using non-standard test subdirectories, the current code can fail
to find the test bin directory and stupidly just adds /bin to PATH.

Switch to using CTDB_TESTS_ARE_INSTALLED along with some sanity checks
to determine the mode of operation.

With this change, test directories can now be created as
subdirectories of arbitrary component directories.  Tests can then be
run directly, either by specifying the subdirectory or individual test
cases.

Integration into the top-level tests/ directory is then done via a
symbolic link, which enables 2 things:

* Ability to run a directory of test cases from top level by simply
  specifying the link name.

* Ease of installation - the installation code just works with the
  symbolic link.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Move die() function to top of script
Martin Schwenke [Thu, 3 Aug 2017 10:57:47 +0000 (20:57 +1000)]
ctdb-tests: Move die() function to top of script

So it can be called within the script instead of just by scripts that
include it.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: run_tests.sh sets evironment variable CTDB_TEST_DIR
Martin Schwenke [Thu, 3 Aug 2017 10:36:57 +0000 (20:36 +1000)]
ctdb-tests: run_tests.sh sets evironment variable CTDB_TEST_DIR

Instead of just local variable test_dir.  The environment variable can
be accessed from other test infrastructure scripts.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoblackbox: Add test for 'net ads changetrustpw'
Andreas Schneider [Wed, 9 Aug 2017 10:14:34 +0000 (12:14 +0200)]
blackbox: Add test for 'net ads changetrustpw'

BUG: BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 11 22:09:27 CEST 2017 on sn-devel-144

2 years agos3:libads: Fix changing passwords with Kerberos
Andreas Schneider [Wed, 9 Aug 2017 16:14:23 +0000 (18:14 +0200)]
s3:libads: Fix changing passwords with Kerberos

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agos4:rpc_server:backupkey: Move variable into scope
Andreas Schneider [Tue, 18 Jul 2017 10:49:05 +0000 (12:49 +0200)]
s4:rpc_server:backupkey: Move variable into scope

CID: #1415510

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12959

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agoheimdal: Fix printing a short int into a string
Andreas Schneider [Wed, 9 Aug 2017 15:01:09 +0000 (17:01 +0200)]
heimdal: Fix printing a short int into a string

The size of portstr is too small to print an integer and we should print
a short anyway.

This fixes building with GCC 7.1

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 11 18:08:04 CEST 2017 on sn-devel-144

2 years agoexamples: add cache effectiveness stats to gencache.stp
Ralph Boehme [Wed, 26 Jul 2017 12:29:33 +0000 (14:29 +0200)]
examples: add cache effectiveness stats to gencache.stp

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Aug 11 14:19:24 CEST 2017 on sn-devel-144

2 years agoREADME.Coding: add "Error and out logic"
Ralph Boehme [Wed, 9 Aug 2017 13:24:41 +0000 (15:24 +0200)]
README.Coding: add "Error and out logic"

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Simo <simo@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Aug 10 14:36:01 CEST 2017 on sn-devel-144

2 years agoctdb-tests: Add a big no-op LCP2 IP takeover test
Martin Schwenke [Thu, 13 Jul 2017 05:52:54 +0000 (15:52 +1000)]
ctdb-tests: Add a big no-op LCP2 IP takeover test

Although this tests correctness it is most useful for testing that
changes to IP takeover algorithm do not cause obvious performance
regressions.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Aug 10 10:30:58 CEST 2017 on sn-devel-144

2 years agoctdb-takeover: Do not call ctdb_announce_vnn_iface() for updateip
Martin Schwenke [Thu, 27 Jul 2017 05:04:30 +0000 (15:04 +1000)]
ctdb-takeover: Do not call ctdb_announce_vnn_iface() for updateip

This causes any tracked connections for the IP address to be lost.

When doing a takeip, the server sends a tickle ACK to the client, the
client responds with a valid ACK and the server's TCP stack responds
with a reset because the connection does not exist.  However, in the
updateip, case the connection *does* exist, so the tickle *does not*
cause the connection to be reset.

ctdb_announce_vnn_iface() clears the list of tracked TCP connections
while sending the tickle ACKs.  So, if there are no reconnects as in
the takeip case, then the list of connections is simply lost.

The "updateip" event in the 10.interface event script already sends
gratuitous ARPs and tickles connections in both directions.  This
ensures that traffic continues after packets may have been dropped
when the script temporarily blocks traffic to the IP address.

All of this means that the call to ctdb_announce_vnn_iface() can just
be deleted.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agobuild: Do not recurse on symlinks to directories when building tarballs
Martin Schwenke [Tue, 8 Aug 2017 10:50:25 +0000 (20:50 +1000)]
build: Do not recurse on symlinks to directories when building tarballs

DIST_FILES() causes all files in any specified directory to be
recursively added to the tarball.  However, a symbolic link to a
directory is detected as a regular directory so is also subject to
recursion.  This means that a symbolic link to a directory is
dereferenced and the directory of files beyond it are added to the
tarball under a directory corresponding to the link.  This is almost
certainly not what is intended because it will usually result in
duplicate files.  This is because the contents of a symbolic link's
target directory will already be present in the tarball.

Instead, do not treat symbolic links to directories as directories,
but add them to the tarball like normal files.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agobuild: Do not ignore symlinks to directories when building tarballs
Martin Schwenke [Sun, 6 Aug 2017 04:56:17 +0000 (14:56 +1000)]
build: Do not ignore symlinks to directories when building tarballs

Tarballs currently do not contain symbolic links to directories even
if they are committed in git.  This means that CTDB tests fail when
run in-tree from a tarball, due to a couple of missing links needed by
unit tests:

  ERROR: Directory .../ctdb/tests/var/unit_eventscripts/etc-ctdb/events.d does not exist.

Subdirectories of directories specified via DIST_DIRS() are ignored,
since all the files within them are separately added to the tarball.
Symbolic links to directories are detected as directories, so they are
also ignored, causing them to be missing from the tarball.

Instead, do not treat symbolic links to directories as directories,
but add them to the tarball like normal files.

It is easy to confirm that this change causes no difference to current
tarballs other than causing the missing CTDB test links to be added:

  $ diff -u samba-4.8.0pre1-GIT-eb691cd0242.tar.gz.contents samba-4.8.0pre1-GIT-dfb16de0149.tar.gz.contents
  --- samba-4.8.0pre1-GIT-eb691cd0242.tar.gz.contents 2017-08-08 20:21:40.022993091 +1000
  +++ samba-4.8.0pre1-GIT-dfb16de0149.tar.gz.contents 2017-08-08 20:35:11.001580747 +1000
  @@ -578,7 +578,9 @@
   ctdb/tests/eventscripts/91.lvs.startup.001.sh
   ctdb/tests/eventscripts/91.lvs.startup.002.sh
   ctdb/tests/eventscripts/README
  +ctdb/tests/eventscripts/etc-ctdb/events.d
   ctdb/tests/eventscripts/etc-ctdb/functions
  +ctdb/tests/eventscripts/etc-ctdb/nfs-checks.d
   ctdb/tests/eventscripts/etc-ctdb/nfs-linux-kernel-callout
   ctdb/tests/eventscripts/etc-ctdb/public_addresses
   ctdb/tests/eventscripts/etc-ctdb/rc.local

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agotdb: Do not allow to pass NULL as the buffer to transaction_write()
Andreas Schneider [Wed, 9 Aug 2017 07:58:35 +0000 (09:58 +0200)]
tdb: Do not allow to pass NULL as the buffer to transaction_write()

This fixes a GCC warning.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 10 02:26:09 CEST 2017 on sn-devel-144

2 years agotdb: Write zero data using 8k buffer in transaction_expand_file()
Andreas Schneider [Wed, 9 Aug 2017 08:53:12 +0000 (10:53 +0200)]
tdb: Write zero data using 8k buffer in transaction_expand_file()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agotdb: Avoid NULL tdb_write
Volker Lendecke [Wed, 9 Aug 2017 08:16:36 +0000 (10:16 +0200)]
tdb: Avoid NULL tdb_write

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agotdb: Consistency check for tdb_storev
Volker Lendecke [Wed, 9 Aug 2017 08:15:27 +0000 (10:15 +0200)]
tdb: Consistency check for tdb_storev

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agovfs_fruit: factor out common code from ad_get() and ad_fget()
Ralph Boehme [Wed, 24 May 2017 07:17:19 +0000 (09:17 +0200)]
vfs_fruit: factor out common code from ad_get() and ad_fget()

As a result of the previous changes ad_get() and ad_fget() do completey
the same, so factor out the common code to a new helper function. No
change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug  9 22:33:36 CEST 2017 on sn-devel-144

2 years agovfs_fruit: return fake pipe fd in fruit_open_meta_netatalk()
Ralph Boehme [Tue, 23 May 2017 15:44:16 +0000 (17:44 +0200)]
vfs_fruit: return fake pipe fd in fruit_open_meta_netatalk()

Do not open the basefile, that conflict with "kernel oplocks = yes". We
just return a fake file fd based on dup'ing a pipe fd and ensure all VFS
functions that go through vfs_fruit and work on the metadata stream can
deal with it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_fruit: don't open basefile in ad_open() and simplify API
Ralph Boehme [Tue, 23 May 2017 15:31:47 +0000 (17:31 +0200)]
vfs_fruit: don't open basefile in ad_open() and simplify API

We never need an fd on the basefile when operating on the metadata, as
we can always use path based syscalls. Opening the basefile conflicts
with "kernel oplocks" so just don't do it.

Additional changes:

- remove the adouble_type_t argument to ad_open(), the type is passed
  and set when allocating a struct adouble with ad_alloc()

- additionally pass an optional fsp to ad_open() (so the caller can pass
  NULL). With this change we can move the fd inheritance from fsp to ad
  into ad_open() itself where it belongs and remove it from the caller
  ad_fget()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agovfs_fruit: use path based setxattr call in ad_fset()
Ralph Boehme [Tue, 23 May 2017 15:39:46 +0000 (17:39 +0200)]
vfs_fruit: use path based setxattr call in ad_fset()

This allows later commits to remove opening of the basefile which
conflict with "kernel oplocks = yes".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agos4/torture: additional tests for kernel-oplocks
Ralph Boehme [Thu, 18 May 2017 11:17:38 +0000 (13:17 +0200)]
s4/torture: additional tests for kernel-oplocks

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agos4/torture: reproducer for kernel oplocks issue with streams
Ralph Boehme [Wed, 10 May 2017 09:38:06 +0000 (11:38 +0200)]
s4/torture: reproducer for kernel oplocks issue with streams

test_smb2_kernel_oplocks3() wouldn't have failed without the patches,
I'm just adding it to have at least one test that tests with 2
clients. All other tests use just one client.

test_smb2_kernel_oplocks4() is the reproducer.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agovfs_streams_xattr: return a fake fd in streams_xattr_open()
Ralph Boehme [Thu, 11 May 2017 16:08:56 +0000 (18:08 +0200)]
vfs_streams_xattr: return a fake fd in streams_xattr_open()

The final step in changing vfs_streams_xattr to not call open() on the
basefile anymore. Instead, we just return a fake file fd based on
dup'ing a pipe fd. Previous commits ensured all calls to VFS API
functions use pathname based versions to do their work.

This ensures we don't trigger kernel oplock breaks for client "open
stream" requests when needlessly opening the basefile.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_streams_xattr: implement all missing handle based VFS functions
Ralph Boehme [Thu, 11 May 2017 16:05:18 +0000 (18:05 +0200)]
vfs_streams_xattr: implement all missing handle based VFS functions

Implement all missing handle based VFS function. If the call is on a
named stream, implement the appropriate action for the VFS function, in
most cases a no-op.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_streams_xattr: always pass NULL as fsp arg to get_ea_value()
Ralph Boehme [Thu, 11 May 2017 15:38:00 +0000 (17:38 +0200)]
vfs_streams_xattr: always pass NULL as fsp arg to get_ea_value()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_streams_xattr: remove fsp argument from get_xattr_size()
Ralph Boehme [Thu, 11 May 2017 15:36:15 +0000 (17:36 +0200)]
vfs_streams_xattr: remove fsp argument from get_xattr_size()

Still in the process of changing all handle based operations to use path
based operations.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_streams_xattr: remove all uses of fd, use name based functions
Ralph Boehme [Thu, 11 May 2017 13:05:23 +0000 (15:05 +0200)]
vfs_streams_xattr: remove all uses of fd, use name based functions

We don't really need an fd in this module, all calls to the VFS xattr
API can just use the name based versions.

This paves the way for removing the open of the basefile in
streams_xattr_open() in a later commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_streams_xattr: invalidate stat info if xattr was not found
Ralph Boehme [Thu, 11 May 2017 05:59:20 +0000 (07:59 +0200)]
vfs_streams_xattr: invalidate stat info if xattr was not found

We stat the basefile so we leave valid stat info from the base file
behind, even though the xattr for the stream was not there.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agos3:utils: Fix buffer size for snprintf and format string
Andreas Schneider [Wed, 9 Aug 2017 06:37:38 +0000 (08:37 +0200)]
s3:utils: Fix buffer size for snprintf and format string

GCC 7.1 produces an error:
‘snprintf’ output between 47 and 66 bytes into a destination of size 40

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug  9 13:37:47 CEST 2017 on sn-devel-144

2 years agos3:torture: Fix spoolss test to build with -O3
Andreas Schneider [Wed, 9 Aug 2017 06:23:29 +0000 (08:23 +0200)]
s3:torture: Fix spoolss test to build with -O3

Initialize variables so that we do not get a build warning that they
might be used uninitilized.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agos4:samdb: Fix building Samba with -O3
Andreas Schneider [Wed, 9 Aug 2017 05:45:04 +0000 (07:45 +0200)]
s4:samdb: Fix building Samba with -O3

gcc error: ‘result’ may be used uninitialized

This wont happen, because ldb will return and error, but the compiler
doesn't understand this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agovfs_gpfs: handle EACCES when fetching DOS attributes from xattr
Ralph Boehme [Thu, 8 Jun 2017 17:18:36 +0000 (19:18 +0200)]
vfs_gpfs: handle EACCES when fetching DOS attributes from xattr

When trying to fetch the DOS attributes via gpfswrap_get_winattrs_path()
if the filesystem doesn't grant READ_ATTR to the file the function fails
with EACCESS.

But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.

So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call gpfswrap_get_winattrs_path()
with DAC_OVERRIDE_CAPABILITY.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug  9 01:21:14 CEST 2017 on sn-devel-144

2 years agos3/smbd: handle EACCES when fetching DOS attributes from xattr
Ralph Boehme [Thu, 8 Jun 2017 17:10:20 +0000 (19:10 +0200)]
s3/smbd: handle EACCES when fetching DOS attributes from xattr

When trying to fetch the DOS attributes xattr via SMB_VFS_GETXATTR() if
the filesystem doesn't grant read access to the file the xattr read
request fails with EACCESS.

But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.

So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call SMB_VFS_GETXATTR() as root,
ensuring we can read the DOS attributes xattr.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2 years agos3/smbd: handling of failed DOS attributes reading
Ralph Boehme [Thu, 8 Jun 2017 17:05:48 +0000 (19:05 +0200)]
s3/smbd: handling of failed DOS attributes reading

Only fall back to using UNIX modes if we get NOT_IMPLEMENTED. This is
exactly what we already do when setting DOS attributes.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2 years agopython:tests: Add test for warn_pwd_expire
Andreas Schneider [Tue, 1 Aug 2017 14:07:58 +0000 (16:07 +0200)]
python:tests: Add test for warn_pwd_expire

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Aug  7 19:11:02 CEST 2017 on sn-devel-144

2 years agopython:tests: Do not overwrite exit code
Andreas Schneider [Tue, 1 Aug 2017 14:05:57 +0000 (16:05 +0200)]
python:tests: Do not overwrite exit code

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agosource3/client: Fix typo in help message displayed by default
Anoop C S [Mon, 31 Jul 2017 10:09:19 +0000 (15:39 +0530)]
source3/client: Fix typo in help message displayed by default

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12936

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agopython: Fix incorrect kdc.conf parameter name in kerberos.py
Marc Muehlfeld [Sun, 6 Aug 2017 09:50:55 +0000 (11:50 +0200)]
python: Fix incorrect kdc.conf parameter name in kerberos.py

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agowinbindd: give an IRPC error if wb_irpc_SamLogon() is called without useful routing...
Stefan Metzmacher [Fri, 21 Jul 2017 10:29:31 +0000 (12:29 +0200)]
winbindd: give an IRPC error if wb_irpc_SamLogon() is called without useful routing information

The caller should have checked this already!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agowinbindd: as DC we should try to get the target_domain from @SOMETHING part of the...
Stefan Metzmacher [Fri, 21 Jul 2017 10:29:31 +0000 (12:29 +0200)]
winbindd: as DC we should try to get the target_domain from @SOMETHING part of the username in wb_irpc_SamLogon()

We still need a full routing table including all upn suffixes,
but this is a start to support NTLM authentication using user@REALM
against structed domains.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agowinbindd: Print debug if we don't know how to route a wb_irpc_SamLogon() request
Stefan Metzmacher [Fri, 21 Jul 2017 10:29:31 +0000 (12:29 +0200)]
winbindd: Print debug if we don't know how to route a wb_irpc_SamLogon() request

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agowinbindd: allow all possible logon levels in wb_irpc_SamLogon()
Stefan Metzmacher [Fri, 21 Jul 2017 10:29:31 +0000 (12:29 +0200)]
winbindd: allow all possible logon levels in wb_irpc_SamLogon()

We should just try to find the correct domain to forward the
request, all logic of not implementing serveral logon levels
belongs to the _winbind_SamLogon() implementation.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:auth/ntlmssp: add support for using "winbind" as DC
Stefan Metzmacher [Fri, 16 Jun 2017 23:06:46 +0000 (01:06 +0200)]
s4:auth/ntlmssp: add support for using "winbind" as DC

This adds support for trusted domains to the auth stack on AD DCs.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:auth: use "sam winbind" for the netlogon server
Stefan Metzmacher [Wed, 22 Mar 2017 10:16:47 +0000 (11:16 +0100)]
s4:auth: use "sam winbind" for the netlogon server

This adds authentication support for trusted domains to the
netlogon server.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:auth/ntlm: provide auth_check_password_wrapper_send/recv to auth4_context
Stefan Metzmacher [Fri, 16 Jun 2017 21:07:04 +0000 (23:07 +0200)]
s4:auth/ntlm: provide auth_check_password_wrapper_send/recv to auth4_context

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/common: add support for auth4_ctx->check_ntlm_password_send/recv()
Stefan Metzmacher [Fri, 16 Jun 2017 15:18:17 +0000 (17:18 +0200)]
auth/common: add support for auth4_ctx->check_ntlm_password_send/recv()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/ntlmssp: merge ntlmssp_server_check_password() into ntlmssp_server_auth_send()
Stefan Metzmacher [Fri, 16 Jun 2017 15:14:35 +0000 (17:14 +0200)]
auth/ntlmssp: merge ntlmssp_server_check_password() into ntlmssp_server_auth_send()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/ntlmssp: introduce ntlmssp_server_auth_send/recv
Stefan Metzmacher [Fri, 16 Jun 2017 14:16:15 +0000 (16:16 +0200)]
auth/ntlmssp: introduce ntlmssp_server_auth_send/recv

We still use the sync ntlmssp_server_check_password().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/ntlmssp: prepare update_send/recv for real async processing
Stefan Metzmacher [Wed, 14 Jun 2017 22:34:26 +0000 (00:34 +0200)]
auth/ntlmssp: prepare update_send/recv for real async processing

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:auth_winbind: implement async authentication via IRPC
Stefan Metzmacher [Fri, 16 Jun 2017 22:56:09 +0000 (00:56 +0200)]
s4:auth_winbind: implement async authentication via IRPC

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:rpc_server/netlogon: make use of auth_check_password_send/recv()
Stefan Metzmacher [Fri, 17 Mar 2017 18:36:08 +0000 (19:36 +0100)]
s4:rpc_server/netlogon: make use of auth_check_password_send/recv()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:rpc_server/netlogon: make use of async kdc_check_generic_kerberos_send/recv()
Stefan Metzmacher [Fri, 21 Jul 2017 06:10:02 +0000 (08:10 +0200)]
s4:rpc_server/netlogon: make use of async kdc_check_generic_kerberos_send/recv()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:rpc_server/netlogon: prepare dcesrv_netr_LogonSamLogon_base for async processing
Stefan Metzmacher [Fri, 17 Mar 2017 18:27:38 +0000 (19:27 +0100)]
s4:rpc_server/netlogon: prepare dcesrv_netr_LogonSamLogon_base for async processing

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:rpc_server/netlogon: check auth_level for validation level 6 already in dcesrv_net...
Stefan Metzmacher [Fri, 21 Jul 2017 05:39:11 +0000 (07:39 +0200)]
s4:rpc_server/netlogon: check auth_level for validation level 6 already in dcesrv_netr_LogonSamLogon_check()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:librpc/rpc: add support for HttpAuthOption=negotiate
Stefan Metzmacher [Thu, 20 Jul 2017 11:06:58 +0000 (13:06 +0200)]
s4:librpc/rpc: add support for HttpAuthOption=negotiate

Note that rpcproxy.dll on Windows doesn't support kerberos,
it allways downgrades the connection to NTLMSSP.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:lib/http: pass down the target service/hostname to gensec
Stefan Metzmacher [Thu, 20 Jul 2017 14:11:48 +0000 (16:11 +0200)]
s4:lib/http: pass down the target service/hostname to gensec

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:lib/http: add HTTP_AUTH_NEGOTIATE which maps to the "http_negotiate" gensec backend
Stefan Metzmacher [Thu, 20 Jul 2017 11:03:40 +0000 (13:03 +0200)]
s4:lib/http: add HTTP_AUTH_NEGOTIATE which maps to the "http_negotiate" gensec backend

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:http/gensec: implement "http_negotiate" using GENSEC_OID_SPNEGO
Stefan Metzmacher [Thu, 20 Jul 2017 11:03:03 +0000 (13:03 +0200)]
s4:http/gensec: implement "http_negotiate" using GENSEC_OID_SPNEGO

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:http/gensec: make the "NTLM" base64 wrapping more generic
Stefan Metzmacher [Thu, 20 Jul 2017 11:00:27 +0000 (13:00 +0200)]
s4:http/gensec: make the "NTLM" base64 wrapping more generic

We only need to know the prefix "NTLM" and the submech oid GENSEC_OID_NTLMSSP
everything else can be generic.

This should allow us to implement "Negotiate" with GENSEC_OID_SPNEGO
trivial.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:http/gensec: rename ntlm.c to generic.c
Stefan Metzmacher [Thu, 20 Jul 2017 10:07:18 +0000 (12:07 +0200)]
s4:http/gensec: rename ntlm.c to generic.c

Check with git show -C

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:librpc/rpc: pass down HTTP_AUTH_* values directly to dcerpc_pipe_open_roh_send()
Stefan Metzmacher [Thu, 20 Jul 2017 11:05:39 +0000 (13:05 +0200)]
s4:librpc/rpc: pass down HTTP_AUTH_* values directly to dcerpc_pipe_open_roh_send()

They get passed to http_send_auth_request_send() unmodified.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:librpc/rpc: remember the target_hostname on ncacn_http connections
Stefan Metzmacher [Thu, 20 Jul 2017 21:05:53 +0000 (23:05 +0200)]
s4:librpc/rpc: remember the target_hostname on ncacn_http connections

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:lib/http: pass a generic prefix blob to http_parse_auth_response()
Stefan Metzmacher [Thu, 20 Jul 2017 13:48:35 +0000 (15:48 +0200)]
s4:lib/http: pass a generic prefix blob to http_parse_auth_response()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:lib/http: use strcasecmp(h->key, "WWW-Authenticate") instead of strncasecmp()
Stefan Metzmacher [Thu, 20 Jul 2017 13:46:38 +0000 (15:46 +0200)]
s4:lib/http: use strcasecmp(h->key, "WWW-Authenticate") instead of strncasecmp()

The key is already normalized and should match completely.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:lib/http: remove indentation level from http_parse_auth_response()
Stefan Metzmacher [Thu, 20 Jul 2017 12:44:51 +0000 (14:44 +0200)]
s4:lib/http: remove indentation level from http_parse_auth_response()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:lib/http: let http_read_response_send/recv() also consume the body if it fits...
Stefan Metzmacher [Thu, 20 Jul 2017 16:12:27 +0000 (18:12 +0200)]
s4:lib/http: let http_read_response_send/recv() also consume the body if it fits into a max value

We need to consume full HTTP responses from the socket during the
authentication exchanges, otherwise our HTTP parser gets out of sync for
the next requests.

This will be important for gensec mechs which use an even number
for authentication packets.

I guess this should be done just based on the Content-Length value and
not based on the response code.

So far I saw bodies with 200 and 401 codes.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:lib/http: lower HTTP_MAX_HEADER_SIZE from UINT_MAX to 0x1FFFF
Stefan Metzmacher [Thu, 20 Jul 2017 16:13:28 +0000 (18:13 +0200)]
s4:lib/http: lower HTTP_MAX_HEADER_SIZE from UINT_MAX to 0x1FFFF

We don't need very large headers, the largest ones are
"Authorization" or "WWW-Authenticate", but 128k should be
more than enough for all headers.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agowinbindd: Simplify an if-condition
Volker Lendecke [Tue, 1 Aug 2017 14:40:01 +0000 (16:40 +0200)]
winbindd: Simplify an if-condition

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Aug  7 09:32:09 CEST 2017 on sn-devel-144

2 years agowinbindd: Add debug for ndr cache hit
Volker Lendecke [Tue, 1 Aug 2017 14:36:27 +0000 (16:36 +0200)]
winbindd: Add debug for ndr cache hit

When looking through winbind debug logs, it's highly confusing if you don't
find a call in the child that's supposed to handle it. Add a debug if the call
was handled from the cache without calling into the child.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agowinbindd: Make wcache_query_user static
Volker Lendecke [Tue, 1 Aug 2017 13:11:09 +0000 (15:11 +0200)]
winbindd: Make wcache_query_user static

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agotests samba_tool: fix flapping user-virtualCryptSHA test
Gary Lockyer [Thu, 3 Aug 2017 18:45:37 +0000 (06:45 +1200)]
tests samba_tool: fix flapping user-virtualCryptSHA test

Fix flapping test, occasionally a password would be generated that failed
the password criteria, which resulted in the test user not being
created.  The tests relying on this user being present then failed.

This patch ensures that the generated password contains at least one digit,
at least one upper case letter and at least one lower case letter.
The generated passwords do not contain special characters to avoid shell
escaping issues.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Aug  7 05:34:24 CEST 2017 on sn-devel-144

2 years agoidmap: remove unused function idmap_is_online()
Ralph Wuerthner [Tue, 1 Aug 2017 14:40:30 +0000 (16:40 +0200)]
idmap: remove unused function idmap_is_online()

Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Aug  4 14:08:37 CEST 2017 on sn-devel-144

2 years agolib: Fix integer overflowed argument issue with strtoul()
Andreas Schneider [Thu, 3 Aug 2017 08:52:59 +0000 (10:52 +0200)]
lib: Fix integer overflowed argument issue with strtoul()

This fixes CID 1415704

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Aug  3 15:06:34 CEST 2017 on sn-devel-144

2 years agoctdb-common: Reimplement pidfile_context_create() using pidfile_path_create()
Martin Schwenke [Mon, 31 Jul 2017 05:26:36 +0000 (15:26 +1000)]
ctdb-common: Reimplement pidfile_context_create() using pidfile_path_create()

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Aug  2 07:28:44 CEST 2017 on sn-devel-144

2 years agoutil: Reimplement pidfile_create() using pidfile_path_create()
Martin Schwenke [Mon, 31 Jul 2017 05:20:19 +0000 (15:20 +1000)]
util: Reimplement pidfile_create() using pidfile_path_create()

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agoutil: New functions pidfile_path_create(), pidfile_fd_close()
Martin Schwenke [Mon, 31 Jul 2017 05:11:33 +0000 (15:11 +1000)]
util: New functions pidfile_path_create(), pidfile_fd_close()

Uses the core of CTDB's create_pidfile_context() for
pidfile_path_create(). pidfile_fd_close() is a subset of CTDB's
pidfile_context_destructor().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agoctdb-common: Rename pidfile_create() -> pidfile_context_create()
Martin Schwenke [Mon, 31 Jul 2017 05:16:45 +0000 (15:16 +1000)]
ctdb-common: Rename pidfile_create() -> pidfile_context_create()

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agoutil: Add pidfile.* to samba-util-core
Martin Schwenke [Mon, 31 Jul 2017 04:48:47 +0000 (14:48 +1000)]
util: Add pidfile.* to samba-util-core

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agoutil: Clean up includes
Martin Schwenke [Mon, 31 Jul 2017 04:47:01 +0000 (14:47 +1000)]
util: Clean up includes

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agoutil: pidfile_pid() should not unlink PID file
Martin Schwenke [Mon, 31 Jul 2017 01:37:21 +0000 (11:37 +1000)]
util: pidfile_pid() should not unlink PID file

This causes a race.  If 2 callers to pidfile_create() both a find a
stale PID file using pidfile_pid().  The 1st may then return to
pidfile_create() and create a new PID file, which can then be unlinked
by the 2nd caller.

Consequently, PID file creation can not depend on creating the file,
so drop O_EXCL from the call to open().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agowinbindd: Simplify two debug msgs
Volker Lendecke [Fri, 14 Jul 2017 11:18:59 +0000 (13:18 +0200)]
winbindd: Simplify two debug msgs

With DBG_DEBUG we get the function name automatically, DEBUGADD is also
not necessary here

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Aug  1 11:45:34 CEST 2017 on sn-devel-144

2 years agowinbindd: Simplify wcache_cached_creds_exist
Volker Lendecke [Thu, 13 Jul 2017 13:52:35 +0000 (15:52 +0200)]
winbindd: Simplify wcache_cached_creds_exist

No need to fetch, use tdb_exists

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agowinbindd: Make wcache_lookup_usergroups static
Volker Lendecke [Wed, 12 Jul 2017 12:56:32 +0000 (14:56 +0200)]
winbindd: Make wcache_lookup_usergroups static

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agowinbindd: Fix indentation
Volker Lendecke [Wed, 12 Jul 2017 12:32:02 +0000 (14:32 +0200)]
winbindd: Fix indentation

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agowinbindd: Make init_wcache static
Volker Lendecke [Wed, 12 Jul 2017 11:32:33 +0000 (13:32 +0200)]
winbindd: Make init_wcache static

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agowinbindd: Make wcache_lookup_useraliases static
Volker Lendecke [Wed, 12 Jul 2017 11:14:44 +0000 (13:14 +0200)]
winbindd: Make wcache_lookup_useraliases static

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agowinbindd: Make wcache_name_to_sid static
Volker Lendecke [Wed, 12 Jul 2017 11:12:45 +0000 (13:12 +0200)]
winbindd: Make wcache_name_to_sid static

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agowinbindd: Make wcache_lookup_groupmem static
Volker Lendecke [Wed, 12 Jul 2017 10:40:29 +0000 (12:40 +0200)]
winbindd: Make wcache_lookup_groupmem static

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agowinbindd: Make wcache_flush_cache static
Volker Lendecke [Wed, 12 Jul 2017 10:40:29 +0000 (12:40 +0200)]
winbindd: Make wcache_flush_cache static

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agowinbindd: Fix a few signed/unsigned hickups
Volker Lendecke [Wed, 12 Jul 2017 11:30:02 +0000 (13:30 +0200)]
winbindd: Fix a few signed/unsigned hickups

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agodsdb: Fix dsdb_next_callback to correctly use ldb_module_done() etc
Andrew Bartlett [Tue, 1 Aug 2017 01:18:33 +0000 (13:18 +1200)]
dsdb: Fix dsdb_next_callback to correctly use ldb_module_done() etc

If we do not call ldb_module_done() then we do not know that up_req->callback()
has been called, and ldb_next_request() will call the callback again.

If called twice, the new ldb_lock_backend_callback() in ldb 1.2.0 will segfault.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12904

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug  1 07:52:38 CEST 2017 on sn-devel-144

2 years agowaf: disable-python - fix talloc wscript if bundling disabled
Ian Stakenvicius [Tue, 25 Jul 2017 20:31:14 +0000 (16:31 -0400)]
waf: disable-python - fix talloc wscript if bundling disabled

The pytalloc-util dependency logic in lib/talloc/wscript on a
standalone build checks for pytalloc-util in a manner that will
fail if bundling is disabled, this causes issues on
--disable-python builds of ldb, tevent, and samba.

This patch restructures the logic to skip checks if python
is disabled, instead just setting the temporary state variable
'using_system_pytalloc_util' to False

Successfully tested patch on ldb-1.1.31 and above, tevent-0.9.33,
and samba-4.7_rc3

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>