samba.git
3 years agos3: vfs: vfs_acl_tdb. Remove use of vfs_stat_smb_basename().
Jeremy Allison [Sat, 19 Mar 2016 05:15:12 +0000 (22:15 -0700)]
s3: vfs: vfs_acl_tdb. Remove use of vfs_stat_smb_basename().

We only need a basic STAT here.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
3 years agos3: vfs: recycle. Remove use of vfs_stat_smb_basename().
Jeremy Allison [Sat, 19 Mar 2016 05:10:34 +0000 (22:10 -0700)]
s3: vfs: recycle. Remove use of vfs_stat_smb_basename().

We only need a basic STAT here.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
3 years agos3: smbd: Remove many common uses of lp_posix_pathnames().
Jeremy Allison [Sat, 19 Mar 2016 04:58:20 +0000 (21:58 -0700)]
s3: smbd: Remove many common uses of lp_posix_pathnames().

Check the smb_filename->flags field, or req->posix_pathnames
instead, depending on what is available.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
3 years agos3: smbd: Remove unneeded lp_posix_pathnames() check in SMB2 create.
Jeremy Allison [Sat, 19 Mar 2016 04:55:05 +0000 (21:55 -0700)]
s3: smbd: Remove unneeded lp_posix_pathnames() check in SMB2 create.

Add a comment reminding me to re-add the check when SMB2
unix extensions are re-added.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
3 years agos3: posix_acls. Always use STAT, not LSTAT here.
Jeremy Allison [Sat, 19 Mar 2016 04:50:15 +0000 (21:50 -0700)]
s3: posix_acls. Always use STAT, not LSTAT here.

We have already refused acls on a symlink.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
3 years agos3: vfs: Remove use of lp_posix_pathnames() below the VFS.
Jeremy Allison [Sat, 19 Mar 2016 04:31:22 +0000 (21:31 -0700)]
s3: vfs: Remove use of lp_posix_pathnames() below the VFS.

We don't have access to a struct smb_filename here and
can't get one, so simply always set AT_SYMLINK_NOFOLLOW
and remove the optimization if we ended up fstatat()'ing
a symlink, as we don't know if the caller wanted a link
stat or not.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
3 years agos3: Filenames: Add uint32_t flags parameter to synthetic_smb_fname().
Jeremy Allison [Sat, 19 Mar 2016 04:19:38 +0000 (21:19 -0700)]
s3: Filenames: Add uint32_t flags parameter to synthetic_smb_fname().

Get it from parent/deriving smb_filename if present.
Use 0 (as usually this a Windows-style lookup) if
not.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
3 years agos3: smbd: Add uint32_t flags field to struct smb_filename.
Jeremy Allison [Thu, 17 Mar 2016 23:20:17 +0000 (16:20 -0700)]
s3: smbd: Add uint32_t flags field to struct smb_filename.

Only one defined flag for now, SMB_FILENAME_POSIX_PATH.
Define as the same as FSP_POSIX_FLAGS_PATHNAMES to keep
the value consistent.

Set this inside unix_convert() when a posix path parse
is selected.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
3 years agos3:smbd: Move lp_posix_pathnames() out of ea_list_has_invalid_name().
Jeremy Allison [Tue, 15 Mar 2016 18:43:32 +0000 (11:43 -0700)]
s3:smbd: Move lp_posix_pathnames() out of ea_list_has_invalid_name().

External uses will be replaced by checks on struct smb_filename flags.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
3 years agos3: vfs: vfs_afsacl. refuse_symlink() means we can always use STAT here.
Jeremy Allison [Tue, 15 Mar 2016 18:46:58 +0000 (11:46 -0700)]
s3: vfs: vfs_afsacl. refuse_symlink() means we can always use STAT here.

For a posix acl call on a symlink, we've already refused it.
For a Windows acl mapped call on a symlink, we want to follow
it.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
3 years agos3:smbd: Fix build for vfs_afsacl.c.
Jeremy Allison [Thu, 17 Mar 2016 23:44:50 +0000 (16:44 -0700)]
s3:smbd: Fix build for vfs_afsacl.c.

Missed conversion of get_nt_acl_fn from const char *
to const struct smb_filename *.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
3 years agoFix an obvious error where we were converting a UNIX error to an NT STATUS but not...
Richard Sharpe [Thu, 24 Mar 2016 04:56:30 +0000 (21:56 -0700)]
Fix an obvious error where we were converting a UNIX error to an NT STATUS but not returning it.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agoselftest/Samba3: use the correct "SELFTEST_WINBINDD_SOCKET_DIR" for "net join"
Stefan Metzmacher [Tue, 22 Mar 2016 13:09:08 +0000 (14:09 +0100)]
selftest/Samba3: use the correct "SELFTEST_WINBINDD_SOCKET_DIR" for "net join"

This avoids picking up a gid from the DC's winbind when
creating BUILTIN\Administrators

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Mar 24 22:15:44 CET 2016 on sn-devel-144

3 years agothird_party/zlib/zlib.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
Douglas Bagnall [Wed, 23 Mar 2016 02:30:22 +0000 (15:30 +1300)]
third_party/zlib/zlib.h: use HAVE___ATTRIBUTE__ instead of __GNUC__

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Mar 24 18:43:34 CET 2016 on sn-devel-144

3 years agos4/lib/wmi_wrap: use HAVE___ATTRIBUTE__ instead of __GNUC__
Douglas Bagnall [Wed, 23 Mar 2016 02:29:50 +0000 (15:29 +1300)]
s4/lib/wmi_wrap: use HAVE___ATTRIBUTE__ instead of __GNUC__

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
3 years agomdssvc/sparql_parser.c: use HAVE___ATTRIBUTE__ instead of __GNUC__
Douglas Bagnall [Wed, 23 Mar 2016 02:28:45 +0000 (15:28 +1300)]
mdssvc/sparql_parser.c: use HAVE___ATTRIBUTE__ instead of __GNUC__

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
3 years agos3/modules/getdate: use HAVE___ATTRIBUTE__ instead of __GNUC__
Douglas Bagnall [Wed, 23 Mar 2016 02:27:45 +0000 (15:27 +1300)]
s3/modules/getdate: use HAVE___ATTRIBUTE__ instead of __GNUC__

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
3 years agotevent.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
Douglas Bagnall [Wed, 23 Mar 2016 02:26:49 +0000 (15:26 +1300)]
tevent.h: use HAVE___ATTRIBUTE__ instead of __GNUC__

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
3 years agolibreplace: use HAVE___ATTRIBUTE__ instead of __GNUC__
Douglas Bagnall [Wed, 23 Mar 2016 02:26:03 +0000 (15:26 +1300)]
libreplace: use HAVE___ATTRIBUTE__ instead of __GNUC__

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
3 years agoutil/attr.h: use HAVE___ATTRIBUTE__, not __GNUC__ comparisons
Douglas Bagnall [Tue, 22 Mar 2016 22:16:48 +0000 (11:16 +1300)]
util/attr.h: use HAVE___ATTRIBUTE__, not __GNUC__ comparisons

The comparisons that look like

    #if (__GNUC__ >= 3) && (__GNUC_MINOR__ >= 1 )

fail if __GNUC_MINOR__ is 0.  The intended comparison is something
more like

    #if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)

However, given that:

 * these checks are really trying to test the presence of
   __attribute__,

 * there are now credible compilers that are not GCC, which have
   __attribute__ but might not be good at emulating __GNUC__
   numbers, and

 * we really face little risk of running into GCC 2.95

 * we have a HAVE___ATTRIBUTE__ check in ./configure

let's not do the version comparisons.

(Untested on GCC 2.95, GCC 3.0 and GCC 3.1).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
3 years agos4-libnet: Link dckeytab.so correctly when is AD DC enabled
Andreas Schneider [Thu, 10 Mar 2016 13:30:38 +0000 (14:30 +0100)]
s4-libnet: Link dckeytab.so correctly when is AD DC enabled

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Mar 24 15:12:21 CET 2016 on sn-devel-144

3 years agos4:torture:smb2:rename.c: Fix file permissions.
Günther Deschner [Wed, 23 Mar 2016 13:41:23 +0000 (14:41 +0100)]
s4:torture:smb2:rename.c: Fix file permissions.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 24 06:33:03 CET 2016 on sn-devel-144

3 years agoseltest: add test for "ignore system acls" in vfs_acl_xattr.
Uri Simchoni [Mon, 21 Mar 2016 21:13:25 +0000 (23:13 +0200)]
seltest: add test for "ignore system acls" in vfs_acl_xattr.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11806

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agovfs_acl_common: avoid setting POSIX ACLs if "ignore system acls" is set
Uri Simchoni [Mon, 21 Mar 2016 21:04:24 +0000 (23:04 +0200)]
vfs_acl_common: avoid setting POSIX ACLs if "ignore system acls" is set

When "ignore system acls" is set, do not mess at all with POSIX ACLS,
do not even calculate the would-be POSIX-ACL-based security descriptor
(for performance reasons).
Instead, just store a V3 blob with zero hash. This means that if we
later read the ACL without ignoring system ACLs, the NT ACL shall be
reset to the info derivable from the POSIX ACL.

File ownership is still modified as it has bearing on disk quotas.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11806

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agos4-libnet: only build python-dckeytab module for Heimdal in AD DC mode
Alexander Bokovoy [Wed, 23 Mar 2016 06:15:34 +0000 (08:15 +0200)]
s4-libnet: only build python-dckeytab module for Heimdal in AD DC mode

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Mar 23 23:43:51 CET 2016 on sn-devel-144

3 years agoRevert "autobuild: Return the last 50 log lines"
Stefan Metzmacher [Wed, 23 Mar 2016 10:07:08 +0000 (11:07 +0100)]
Revert "autobuild: Return the last 50 log lines"

This reverts commit aab2f39bb7ff330fbb01da4021c096e69a429d2e.

This breaks if log_base is an https url...

Traceback (most recent call last):
  File "script/autobuild.py", line 744, in <module>
    elapsed_time, log_base=options.log_base)
  File "script/autobuild.py", line 608, in email_failure
    f = open("%s/%s.stdout" % (log_base, failed_tag), 'r')
IOError: [Errno 2] No such file or directory:
'https://git.samba.org/uri/samba-autobuild/ctdb.stdout'

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Mar 23 18:59:17 CET 2016 on sn-devel-144

3 years agotorture: Fix the O3 developer build
Volker Lendecke [Tue, 22 Mar 2016 15:03:58 +0000 (16:03 +0100)]
torture: Fix the O3 developer build

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 22 22:48:52 CET 2016 on sn-devel-144

3 years agos3:ntlm_auth: pass manage_squid_request() needs a valid struct ntlm_auth_state from...
Stefan Metzmacher [Mon, 21 Mar 2016 18:41:53 +0000 (19:41 +0100)]
s3:ntlm_auth: pass manage_squid_request() needs a valid struct ntlm_auth_state from within get_password()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Mar 22 19:20:38 CET 2016 on sn-devel-144

3 years agos3:rpc_server/samr: correctly handle session_extract_session_key() failures
Stefan Metzmacher [Sun, 28 Feb 2016 22:32:50 +0000 (23:32 +0100)]
s3:rpc_server/samr: correctly handle session_extract_session_key() failures

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agowinbind: Fix CID 1357100 Unchecked return value
Volker Lendecke [Tue, 22 Mar 2016 10:24:23 +0000 (11:24 +0100)]
winbind: Fix CID 1357100 Unchecked return value

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 22 15:49:14 CET 2016 on sn-devel-144

3 years agoautobuild: Return the last 50 log lines
Garming Sam [Mon, 14 Mar 2016 01:18:54 +0000 (14:18 +1300)]
autobuild: Return the last 50 log lines

This means that you don't have to deal with tars for quickly determining
the cause of a failure.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 22 11:39:38 CET 2016 on sn-devel-144

3 years agoldb_controls: avoid unnecessary unchecked talloc_asprintf()s
Douglas Bagnall [Tue, 22 Mar 2016 00:42:12 +0000 (13:42 +1300)]
ldb_controls: avoid unnecessary unchecked talloc_asprintf()s

The error paths when a control doesn't parse involved a lot of
talloc_asprintf()s and talloc_asprintf_append()s but almost no actual
printf formatting. The return values were not checked. This replaces
them with constant strings.

The one case that did use formatting looked like this:

 "invalid %s control syntax\n",  LDB_CONTROL_DIRSYNC_EX_NAME

and that has been replaced with

  "invalid dirsync_ex control syntax\n"

in line with the way it is done elsewhere.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agoldb controls: allow paged_search to use a cookie
Douglas Bagnall [Tue, 15 Mar 2016 23:56:09 +0000 (12:56 +1300)]
ldb controls: allow paged_search to use a cookie

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agoldb client controls: don't ignore failed memdup
Douglas Bagnall [Tue, 22 Mar 2016 00:32:12 +0000 (13:32 +1300)]
ldb client controls: don't ignore failed memdup

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agodsdb python tests: fix several usage strings
Douglas Bagnall [Fri, 11 Mar 2016 02:17:43 +0000 (15:17 +1300)]
dsdb python tests: fix several usage strings

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agodsdb sort test: avoid exception with fewer elements
Douglas Bagnall [Mon, 21 Mar 2016 21:25:27 +0000 (10:25 +1300)]
dsdb sort test: avoid exception with fewer elements

The FIENDISH_TESTS list has 33 members, and when the number of
elements being tested is less than that (because you run the script
with, say, --elements=20) some will have a zero count. A recent fix
for Python 2.6 didn't take these possible zeros into account.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agoldb sort tests: point out a known fails against Windows
Douglas Bagnall [Mon, 14 Mar 2016 23:51:18 +0000 (12:51 +1300)]
ldb sort tests: point out a known fails against Windows

It seems that Windows 2012R2 has issues ordering attributes with the
"generalized time" syntax (2.5.5.11), and that these show up in our
tests when the number of elements exceeds 27. As far as I can tell
there is no logic to the results after that point.

To avoid failures, use the --elements option, like this:

python source4/dsdb/tests/python/sort.py --elements=25

Against Samba this makes no difference because we don't fail.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agoldb controls: don't ignore memory allocation failure
Douglas Bagnall [Thu, 10 Mar 2016 21:26:10 +0000 (10:26 +1300)]
ldb controls: don't ignore memory allocation failure

Thanks to Jeremy Allison for noticing this.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agoImplement Virtual List View (VLV)
Douglas Bagnall [Tue, 8 Mar 2016 01:28:33 +0000 (14:28 +1300)]
Implement Virtual List View (VLV)

VLV is a more sophisticated version of a paged searches that allows
you to ask for arbitrary windows in a previously performed sorted
search. If clients use VLV correctly the original search will not be
repeated.

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agosort: enable custom behaviour on critical control
Garming Sam [Thu, 10 Mar 2016 02:25:44 +0000 (15:25 +1300)]
sort: enable custom behaviour on critical control

The sort module should simply return unsorted results when a sort is
unsupported but not critical. A similar custom behaviour should be
expected with VLV pagination when it is enabled.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agondrdump: add quiet flag
Douglas Bagnall [Tue, 1 Mar 2016 01:13:18 +0000 (14:13 +1300)]
ndrdump: add quiet flag

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agondr: inline search for ndr_token_peek()
Douglas Bagnall [Fri, 26 Feb 2016 03:58:09 +0000 (16:58 +1300)]
ndr: inline search for ndr_token_peek()

This is often a hot path, particularly with complex structures like
nt-acls.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agondr: Use ndr_steal to avoid long lists
Douglas Bagnall [Tue, 1 Mar 2016 01:18:52 +0000 (14:18 +1300)]
ndr: Use ndr_steal to avoid long lists

When pulling complex structures like nt-acls, a long list of tokens may
be produced. By removing tokens along the way with ndr_token_steal,
future calls to retrieve from the token list are not as expensive.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agolibrpc ndr: add ndr_pull_steal_switch_value()
Douglas Bagnall [Mon, 29 Feb 2016 23:26:33 +0000 (12:26 +1300)]
librpc ndr: add ndr_pull_steal_switch_value()

Switch values currently only have a peek variant, instead of a retrieve
variant for getting their values. This can create performance issues
with complex structures as the token list simply grows longer.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agondr: avoid unnecessary searches of token list
Douglas Bagnall [Fri, 26 Feb 2016 04:01:37 +0000 (17:01 +1300)]
ndr: avoid unnecessary searches of token list

When pulling complex structures like nt-acls, a long list of tokens
may be produced. This change means the token list won't be walked in the
buffers case if the switch value is not needed.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agonsswitch: winbind_nss_solaris.c: Remove unused macro containing strcpy.
Jeremy Allison [Wed, 16 Mar 2016 21:19:57 +0000 (14:19 -0700)]
nsswitch: winbind_nss_solaris.c: Remove unused macro containing strcpy.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Mar 22 07:59:35 CET 2016 on sn-devel-144

3 years agonsswitch: winbind_nss_aix: Remove all uses of strcpy.
Jeremy Allison [Wed, 16 Mar 2016 21:04:34 +0000 (14:04 -0700)]
nsswitch: winbind_nss_aix: Remove all uses of strcpy.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agolib:tdb: Remove use of strcpy in tdb test.
Jeremy Allison [Wed, 16 Mar 2016 20:55:31 +0000 (13:55 -0700)]
lib:tdb: Remove use of strcpy in tdb test.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoexamples: Remove all uses of strcpy in examples (except for validchr.c).
Jeremy Allison [Wed, 16 Mar 2016 22:09:12 +0000 (15:09 -0700)]
examples: Remove all uses of strcpy in examples (except for validchr.c).

I can't figure out how to make git handle the CR/LF differences
in this file.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agonsswitch: linux: Remove use of strcpy().
Jeremy Allison [Wed, 16 Mar 2016 16:37:42 +0000 (09:37 -0700)]
nsswitch: linux: Remove use of strcpy().

The previous use was safe, but having *any* use of strcpy inside
our code sets off security flags. Replace with an explicit length
calculation and memcpy.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agotorture:smb2: add durable-v2-open.reopen1a-lease
Michael Adam [Tue, 15 Mar 2016 08:06:56 +0000 (09:06 +0100)]
torture:smb2: add durable-v2-open.reopen1a-lease

Lease variant of the reopen1a test which tests the
relevance of the client guid.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 22 03:47:02 CET 2016 on sn-devel-144

3 years agotorture:smb2: for oplocks, durable reconnect works with different client-guid
Michael Adam [Tue, 15 Mar 2016 08:02:28 +0000 (09:02 +0100)]
torture:smb2: for oplocks, durable reconnect works with different client-guid

for durable-v2-open.reopen1a

Try both different and original client guid.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agotorture:smb2: get rid of supefluous io2 var in durable-v2-open.reopen1a
Michael Adam [Thu, 17 Mar 2016 01:35:35 +0000 (02:35 +0100)]
torture:smb2: get rid of supefluous io2 var in durable-v2-open.reopen1a

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agotorture:smb2: fix crashes in smb2.durable-v2-open.reopen1a test
Michael Adam [Tue, 15 Mar 2016 08:44:06 +0000 (09:44 +0100)]
torture:smb2: fix crashes in smb2.durable-v2-open.reopen1a test

If the test failed too early, we dereferenced tree2 which
was still NULL.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agotorture:smb2: use assert, not warning in error case in durable-v2-open.reopen1a
Michael Adam [Tue, 15 Mar 2016 08:39:43 +0000 (09:39 +0100)]
torture:smb2: use assert, not warning in error case in durable-v2-open.reopen1a

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agotorture:smb2: add durable-open.reopen1a-lease
Michael Adam [Tue, 15 Mar 2016 09:02:14 +0000 (10:02 +0100)]
torture:smb2: add durable-open.reopen1a-lease

Lease variant of the reopen1a test which tests the
relevance of the client guid.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agotorture:smb2: for oplocks, durable reconnect works with different client guid
Michael Adam [Tue, 15 Mar 2016 07:59:53 +0000 (08:59 +0100)]
torture:smb2: for oplocks, durable reconnect works with different client guid

in durabble-open.reopen1a test

Try both original and a different client guid.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agotorture:smb2: durable-open.reopen1a only needs one io struct
Michael Adam [Thu, 17 Mar 2016 01:45:16 +0000 (02:45 +0100)]
torture:smb2: durable-open.reopen1a only needs one io struct

Using two is confusing.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agotorture:smb2: fix crashes in smb2.durable-open.reopen1a test
Michael Adam [Fri, 4 Mar 2016 21:55:40 +0000 (22:55 +0100)]
torture:smb2: fix crashes in smb2.durable-open.reopen1a test

If the test failed too early, we dereferenced tree2 which
was still NULL.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agotorture:smb2: use assert, not warning in error case in durable-open.reopen1a
Michael Adam [Tue, 15 Mar 2016 08:35:03 +0000 (09:35 +0100)]
torture:smb2: use assert, not warning in error case in durable-open.reopen1a

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agotorture:smb2: Add test replay6 to verify Error Codes for DurableHandleReqV2 replay
Anubhav Rakshit [Thu, 30 Oct 2014 07:50:57 +0000 (13:20 +0530)]
torture:smb2: Add test replay6 to verify Error Codes for DurableHandleReqV2 replay

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agolib/torture: add torture_assert_u64_not_equal_goto macro
Günther Deschner [Wed, 24 Feb 2016 18:23:21 +0000 (19:23 +0100)]
lib/torture: add torture_assert_u64_not_equal_goto macro

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agotorture:smb2: add test for checking sequence number wrap around.
Günther Deschner [Thu, 25 Feb 2016 10:15:06 +0000 (11:15 +0100)]
torture:smb2: add test for checking sequence number wrap around.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agolibcli:smb:smbXcli_base: add smb2cli_session_current_channel_sequence() call.
Günther Deschner [Tue, 1 Mar 2016 14:15:10 +0000 (15:15 +0100)]
libcli:smb:smbXcli_base: add smb2cli_session_current_channel_sequence() call.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agosmbd:smb2: add some asserts before decrementing the counters
Michael Adam [Sat, 27 Feb 2016 13:02:02 +0000 (14:02 +0100)]
smbd:smb2: add some asserts before decrementing the counters

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agosmbd:smb2: update outstanding request counters before sending a reply
Michael Adam [Tue, 23 Feb 2016 19:54:34 +0000 (20:54 +0100)]
smbd:smb2: update outstanding request counters before sending a reply

This is part of the channel sequence number treatment of multi-channel.

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agosmbd:smb2: implement channel sequence checks and request counters in dispatch
Michael Adam [Wed, 24 Feb 2016 14:54:41 +0000 (15:54 +0100)]
smbd:smb2: implement channel sequence checks and request counters in dispatch

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agosmbd:smb2: add request_counters_updated to the smbd_smb2_request struct
Michael Adam [Tue, 15 Mar 2016 11:36:59 +0000 (12:36 +0100)]
smbd:smb2: add request_counters_updated to the smbd_smb2_request struct

This will be used to keep track of whether the outstanding request
counters have been updated in the dispatch, so that the reply
code can act accordingly.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agosmbd:smb2: add a modify flag to dispatch table
Michael Adam [Wed, 24 Feb 2016 14:51:14 +0000 (15:51 +0100)]
smbd:smb2: add a modify flag to dispatch table

This indicates that an operation is a modifying operation.
Some parts of the upcoming channel sequence number logic
only applies to modify operations.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agos3:smbXsrv.idl: add 8 byte channel_sequence number and request counters to IDL.
Günther Deschner [Wed, 27 Jan 2016 15:18:25 +0000 (16:18 +0100)]
s3:smbXsrv.idl: add 8 byte channel_sequence number and request counters to IDL.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agolib: Update nss_wrapper to version 1.1.3
Andreas Schneider [Fri, 18 Mar 2016 11:03:28 +0000 (12:03 +0100)]
lib: Update nss_wrapper to version 1.1.3

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agolib: Update uid_wrapper to version 1.2.1
Andreas Schneider [Wed, 16 Mar 2016 14:12:41 +0000 (15:12 +0100)]
lib: Update uid_wrapper to version 1.2.1

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agolib: Update socket_wrapper to version 1.1.6
Andreas Schneider [Tue, 15 Mar 2016 14:47:08 +0000 (15:47 +0100)]
lib: Update socket_wrapper to version 1.1.6

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agoctdb-daemon: Replace an unsafe strcpy(3) call
Martin Schwenke [Fri, 18 Mar 2016 00:49:49 +0000 (11:49 +1100)]
ctdb-daemon: Replace an unsafe strcpy(3) call

Tweak another strncpy(3) call.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agoctdb-daemon: Validate length of new interface names
Martin Schwenke [Fri, 18 Mar 2016 09:41:45 +0000 (20:41 +1100)]
ctdb-daemon: Validate length of new interface names

Interface names that are too long will be truncated by strncpy(3)
later on.  It is better to validate the length of each new interface
name to ensure it will be usable.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agoldb client controls: avoid talloc_memdup(x, y, (size_t)-1);
Douglas Bagnall [Tue, 15 Mar 2016 23:46:12 +0000 (12:46 +1300)]
ldb client controls: avoid talloc_memdup(x, y, (size_t)-1);

ldb_base64_decode() returns -1 if a string can't be parsed as base64,
and this is not the kind of value you want to use in talloc_memdup().

In these cases it can happen innocently if the strings are truncated
to fit in their buffers.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 19 00:56:42 CET 2016 on sn-devel-144

3 years agos3/vfs:stream_depots: Parse substitutions in streams-depot-directory path
Shyamsunder Rathi [Thu, 10 Mar 2016 20:37:49 +0000 (12:37 -0800)]
s3/vfs:stream_depots: Parse substitutions in streams-depot-directory path

At present, substitutions in the streams directory path are ignored. Fix it
by modifying 'stream_dir' function to call 'lp_parm_talloc_string' which
internally calls 'lp_string' on the path.

Signed-off-by: Shyamsunder Rathi <shyam.rathi@nutanix.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agos4:selftest: run rpc.netlogon.admin also over ncalrpc and ncacn_ip_tcp
Stefan Metzmacher [Fri, 18 Dec 2015 14:30:00 +0000 (15:30 +0100)]
s4:selftest: run rpc.netlogon.admin also over ncalrpc and ncacn_ip_tcp

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 18 12:39:51 CET 2016 on sn-devel-144

3 years agos3:mdssvc: older glib2 versions require g_type_init()
Ralph Boehme [Thu, 17 Mar 2016 13:05:58 +0000 (14:05 +0100)]
s3:mdssvc: older glib2 versions require g_type_init()

Older glib2 versions will crash if g_type_init is not called:

(process:6712): GLib-GObject-CRITICAL **: ... ./gobject/gtype.c:2722:
You forgot to call g_type_init()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11801

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 18 03:52:55 CET 2016 on sn-devel-144

3 years agolibsmb: Fix CID 1356312 Explicit null dereferenced
Volker Lendecke [Tue, 15 Mar 2016 20:00:30 +0000 (21:00 +0100)]
libsmb: Fix CID 1356312 Explicit null dereferenced

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agoctdb: Fix CID 1356313 Explicit null dereferenced
Volker Lendecke [Tue, 15 Mar 2016 19:55:37 +0000 (20:55 +0100)]
ctdb: Fix CID 1356313 Explicit null dereferenced

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agolib: Fix CID 1356315 Dereference before null check
Volker Lendecke [Tue, 15 Mar 2016 19:48:19 +0000 (20:48 +0100)]
lib: Fix CID 1356315 Dereference before null check

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agocrypto: Fix CID 1356314 Resource leak
Volker Lendecke [Tue, 15 Mar 2016 19:38:02 +0000 (20:38 +0100)]
crypto: Fix CID 1356314 Resource leak

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agolibads: Fix CID 1356316 Uninitialized pointer read
Volker Lendecke [Tue, 15 Mar 2016 19:34:27 +0000 (20:34 +0100)]
libads: Fix CID 1356316 Uninitialized pointer read

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agos3-auth: check for return code of cli_credentials_set_machine_account().
Günther Deschner [Sat, 26 Sep 2015 00:20:50 +0000 (02:20 +0200)]
s3-auth: check for return code of cli_credentials_set_machine_account().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar 17 20:43:19 CET 2016 on sn-devel-144

3 years agos4-smb_server: check for return code of cli_credentials_set_machine_account().
Günther Deschner [Sat, 26 Sep 2015 00:18:44 +0000 (02:18 +0200)]
s4-smb_server: check for return code of cli_credentials_set_machine_account().

We keep anonymous server_credentials structure in order to let
the rpc.spoolss.notify start it's test server.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
3 years agos4:rpc_server: require access to the machine account credentials
Stefan Metzmacher [Fri, 26 Jun 2015 06:10:46 +0000 (08:10 +0200)]
s4:rpc_server: require access to the machine account credentials

Even a standalone server should be selfjoined.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agoauth/gensec: split out a gensec_verify_dcerpc_auth_level() function
Stefan Metzmacher [Tue, 15 Dec 2015 14:08:43 +0000 (15:08 +0100)]
auth/gensec: split out a gensec_verify_dcerpc_auth_level() function

We only need this logic once.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agoauth/gensec: make sure gensec_security_by_auth_type() returns NULL for AUTH_TYPE_NONE
Stefan Metzmacher [Fri, 10 Jul 2015 11:01:47 +0000 (13:01 +0200)]
auth/gensec: make sure gensec_security_by_auth_type() returns NULL for AUTH_TYPE_NONE

ops->auth_type == 0, means the backend doesn't support DCERPC.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:torture/rpc/schannel: don't use validation level 6 without privacy
Stefan Metzmacher [Fri, 11 Mar 2016 01:55:30 +0000 (02:55 +0100)]
s4:torture/rpc/schannel: don't use validation level 6 without privacy

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:torture/rpc: correctly use torture_skip() for test_ManyGetDCName() without NCACN_NP
Stefan Metzmacher [Fri, 11 Mar 2016 17:09:26 +0000 (18:09 +0100)]
s4:torture/rpc: correctly use torture_skip() for test_ManyGetDCName() without NCACN_NP

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:torture/rpc/samlogon: use DCERPC_SEAL for netr_LogonSamLogonEx and validation...
Stefan Metzmacher [Mon, 14 Mar 2016 00:56:07 +0000 (01:56 +0100)]
s4:torture/rpc/samlogon: use DCERPC_SEAL for netr_LogonSamLogonEx and validation level 6

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:torture/rpc/samr: use DCERPC_SEAL in setup_schannel_netlogon_pipe()
Stefan Metzmacher [Thu, 10 Mar 2016 16:24:03 +0000 (17:24 +0100)]
s4:torture/rpc/samr: use DCERPC_SEAL in setup_schannel_netlogon_pipe()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:torture/netlogon: add/use test_SetupCredentialsPipe() helper function
Stefan Metzmacher [Tue, 22 Dec 2015 11:10:12 +0000 (12:10 +0100)]
s4:torture/netlogon: add/use test_SetupCredentialsPipe() helper function

This create a schannel connection to netlogon, this makes the tests
more realistic.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:test_rpcclient_samlogon.sh: test samlogon with schannel
Stefan Metzmacher [Tue, 22 Dec 2015 08:13:46 +0000 (09:13 +0100)]
s3:test_rpcclient_samlogon.sh: test samlogon with schannel

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:selftest: rpc.samr.passwords.validate should run with [seal] in order to be realistic
Stefan Metzmacher [Fri, 18 Dec 2015 06:10:06 +0000 (07:10 +0100)]
s3:selftest: rpc.samr.passwords.validate should run with [seal] in order to be realistic

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agoselftest: setup information of new samba.example.com CA in the client environment
Stefan Metzmacher [Sat, 9 Jan 2016 20:21:25 +0000 (21:21 +0100)]
selftest: setup information of new samba.example.com CA in the client environment

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agoselftest: set tls crlfile if it exist
Stefan Metzmacher [Sat, 9 Jan 2016 20:21:25 +0000 (21:21 +0100)]
selftest: set tls crlfile if it exist

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agoselftest: use Samba::prepare_keyblobs() and use the certs from the new CA
Stefan Metzmacher [Sat, 9 Jan 2016 20:21:25 +0000 (21:21 +0100)]
selftest: use Samba::prepare_keyblobs() and use the certs from the new CA

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agoselftest: add Samba::prepare_keyblobs() helper function
Stefan Metzmacher [Sat, 9 Jan 2016 20:21:25 +0000 (21:21 +0100)]
selftest: add Samba::prepare_keyblobs() helper function

This copies the certificates from the samba.example.com CA if they
exist.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>