git.samba.org - samba.git/log

s3-parm: clean up defaults when removing global parameters

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11693

When globals are re-initialized, they are cleared and globals' talloc
context is freed. However, parm_table still contains a reference to the
global value in the defaults. This confuses lpcfg_string_free() after
commit 795c543d858b2452f062a02846c2f908fe4cffe4 because it tries to
free already freed pointer which is passed by lp_save_defaults():

....
    case P_STRING:
    case P_USTRING:
                  lpcfg_string_set(Globals.ctx,
                                   &parm_table[i].def.svalue,
                                   *(char **)lp_parm_ptr(NULL, &parm_table[i]));
....

here &parm_table[i].def.svalue is passed to lpcfg_string_free() but it
is a pointer to a value allocated with previous Globals.ctx which
already was freed.

This specifically affects registry backend of smb.conf in lp_load_ex()
where init_globals() called explicitly to re-init globals after
lp_save_defaults() if we have registry backend defined.

Reviewed-by: Uri Simchoni <uri@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Mon Jan 25 23:58:42 CET 2016 on sn-devel-144

s3-client: Add a KRB5 wrapper for smbspool

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11690

We need a wrapper for smbspool to be able to authenticate with Kerberos.
This needs to replace the cups smb backend. The permission need to be
0700 and the owner root.

Note that Kerberos support is broken in CUPS 2.1.2 maybe earlier
versions. It works with 1.6.3.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 25 19:58:46 CET 2016 on sn-devel-144

WHATSNEW: Documentation CTDB changes for v4.4

Signed-off-by: Martin Schwenke <martin@meltin.net>
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Jan 25 16:47:54 CET 2016 on sn-devel-144

s3:utils/smbget make use of bool for flags

convert flags stored as int to bool

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 25 13:33:12 CET 2016 on sn-devel-144

s3:utils/smbget use C99 format identifiers

for ssize_t and off_t variables

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:utils/smbget code format

adopt the code to latest README.Coding standards
e.g. curly braces everywhere, blanks before braces,
obey 80 character limit (except for the popt definitions)

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:utils/smbget fix recursive download

get_auth_data is called multiple times (once for the directory listing and then
for every file to be downloaded). Save the obtained values across multiple calls
to make smbclient use the correct username for each download.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=6482
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

WHATSNEW: CTDB_NATGW_SLAVE_ONLY is no longer used

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Jan 25 10:23:49 CET 2016 on sn-devel-144

ctdb-tools: Drop support for setting and viewing NAT gateway capability

This is no longer used.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-scripts: No longer set the NAT gateway capability

Nothing checks it anymore.

This means that the NAT gateway capability in the daemon is now
unused.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb/tools: Update ctdb CLI tool to call ctdb_natgw

The "natgwlist" command is no longer marked "auto all" and is also
marked "without daemon".  That latter is not strictly true because
ctdb_natgw needs the daemon so a subsequent invocation of "ctdb
nodestatus" will work.  However, "without daemon" is used here because
the top-level "ctdb natgwlist" does not need to open a connection to
the daemon.  It just needs to invoke ctdb_natgw.

Update tests to suit.

It would make sense to make "ctdb natgw" generally call out to
ctdb_natgw, passing all argument.  However, that can be done later.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-tests: Drop some unnecessary NAT gateway tests

These tests deal only with timeouts that can occur retrieving
capabilities. The NAT gateway capability is going away so drop the
tests now to simplify future commits.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb: Call out to ctdb_natgw helper from 11.natgw

To keep this commit comprehensible, 11.natgw and the CTDB CLI tool are
temporarily inconsistent. The tool will be made consistent in a
subsequent commit.

ctdb_natgw_slave_only() is reimplemented to check for the option in
the appropriate line in $CTDB_NATGW_NODES.

Update unit tests and documentation.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-tests: NAT gateway slave-only changes

Handle the "slave-only" option in the unit test setup. Reindent
function while touching it.

Also drop a test that no longer makes sense. Specifying both "master"
and "slave-only' is now much more obvious, since they need to be on
the same line, and is now punishable by undefined behaviour.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-scripts: New function ctdb_natgw_slave_only()

This allows future changes to be more self-contained.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-tests: Test ctdb CLI tool via a stub

Some features, such NAT gateway and LVS support, can be implemented
without daemon and (internal) ctdb CLI tool support.  These are
non-core features that don't need incredible performance and they
don't need to be in the core code.  They can easily be reimplemented
in scripts, along with some configuration changes.

For continuity, the ctdb CLI tool code will call out to helper scripts
so that the current status information can still be provided.  Those
helper scripts may then reinvoke the ctdb CLI tool to gather
information.

So, redo the tool testing using a "ctdb" stub command.  This will
swallow standard input and feed it to the test program each time the
"ctdb" stub is called.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-tools: Add standalone ctdb_natgw tool script

This is intended to replace the use of "ctdb natgwlist" in 11.natgw
and provide different views of the NAT gateway status.

It replaces the use of CTDB_NATGW_SLAVE_ONLY=yes with a "slave-only"
keyword in the NAT gateway nodes file. This means the nodes file must
be consistent on all nodes in a NAT gateway group.

Note that this script is not yet integrated, so there are no behaviour
or documentation changes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-scripts: Tests for monitoring of CTDB_NATGW_PUBLIC_IFACE

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-scripts: Move monitoring of CTDB_NATGW_PUBLIC_IFACE to 11.natgw

The NAT gateway code should be self-contained.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-scripts: CTDB_PARTIALLY_ONLINE_INTERFACES incompatible with NAT gateway

This has always been the case. Now it is documented and enforced.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-scripts: Rename variable: fail -> down_interfaces_found

Now its name describes its usage and the code reads better.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-scripts: Drop functions mark_up() and mark_down()

Each is now used in only one place and the logic is more obvious
without them.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-scripts: Move interface monitoring code to functions file

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-scripts: Rename get_real_iface() -> interface_get_real()

Now suitably named for move to functions file.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-scripts: Refactor function interface_monitor() to monitor one interface

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

s4:torture: add SMB2 test for directory creation initial allocation size

Test that directory creation with an initial allocation size > 0
succeeds.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11684

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun Jan 24 01:20:52 CET 2016 on sn-devel-144

s3:smbd: Ignore initial allocation size for directory creation

We reject directory creation with an initial allocation size > 0 with
NT_STATUS_ACCESS_DENIED. Windows servers ignore the initial allocation
size on directories.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11684

Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:smb2_sesssetup: implement SMB3 session bind (disabled)

This is disabled for now. It will be possible to enabled it
via a config switch once the underpinnings are complete.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sat Jan 23 03:22:18 CET 2016 on sn-devel-144

s3:smb2_sesssetup: treat BINDING in smbd_smb2_session_setup_auth_return

This adds smbd_smb2_bind_auth_return(), a
variant of auth_return for session binding.

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>

s3:smb2_negprot: announce multi channel support (disabled)

This disabled for now. Will be enabled by config setting
once underpinnings are ready.

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

smbXsrv: introduce bool smbXsrv_client->server_multi_channel_enabled

defaulting to false.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

build: fix ldbsearch panic on FC22

add dependency that fixes ldbsearch panic due to conflict -
function read_data() is implemented both by libtspi.so.1, which
is a dependency of gnutls on FC22, and by an internal samba
shared lib.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Sat Jan 23 00:06:59 CET 2016 on sn-devel-144

smbspool: Add string representation of nt_status

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jan 22 20:59:36 CET 2016 on sn-devel-144

waf: Only build the backupkey rpc test with AD DC enabled

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

tests: Only execute heimdal tests if we build with heimdal

This is a preparation for MIT Kerberos support in the AD server.

Pair-Programmed-With: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jan 22 14:13:42 CET 2016 on sn-devel-144

tests: Rename heimdal blackbox tests

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

smbstatus: add support for SMB1 signing and CIFS UNIX extensions encryption

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jan 22 11:06:05 CET 2016 on sn-devel-144

libcli/smb: add define SMB_ENCRYPTION_GSSAPI for CIFS encryption type

Add a define for the CIFS UNIX extensions encryption type. We store this
in smbXsrv_channel and use it in smbstatus for showing the
CIFS/SMB2/SMB3 encryption cipher used.

The SMB3 encryption cipher constants start at 1, carefully choosing the
highest available bit for the CIFS UNIX extensions encryption cipher
should avoid collisions and leaves room for many SMB3 ciphers in the
future.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbstatus: show signing state of sessions and tcons

Show the signing state of sesssions tcons in smbstatus. This is SMB2/3
only. SMB1 support will be added in a later commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:lib/conn_tdb: store the connection dialect

This will be used in a subsequent commit that will print the signing
cipher in smbstatus. We need the connection dialect for that.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:smb2_server: add signing state tracking flags

Add flags that track the signing state of all incoming and outgoing SMB2
packets and a helper function that can be used to determine whether a
session of tcon can be considered "signed".

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:smb2_server: convert signing_required bool to flags bitmap

Use a flags bitmap for storing the signing state. This is in preparation
of a subsequent patch that adds more flags to the bitmap.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbstatus: show encrpytion state of tree connects

Show the encrpytion state of tcons in smbstatus. This is SMB3 only. CIFS
UNIX extensions encryption will be added in a later commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbstatus: align tree connect header and output

Align output and use timestring() instead of time_to_asc(). The latter calls
asctime() which forces a \n into the time string.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbstatus: show encrpytion state of sessions

Show the encrpytion state of sessions in smbstatus. This is SMB3
only. CIFS UNIX extensions encryption will be added in a later commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbstatus: align session list header and ouput

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbstatus: pass talloc context to traverse_connections

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbstatus: pass talloc context to traverse_sessionid

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbstatus: rework connection dialect printing

In a later change I want to print the signing cipher which depends upon
the connection dialect. So let's store the connection dialect in the
sessionid struct and move the code that maps dialect integers to strings
to smbstatus.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:smb2_server: add encryption state tracking flags

Add two encryption state tracking flags that can be used to tell whether
a session or tcon is "encrypted" and add a helper function to calculate
the encryption state from those flags.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:smb2_server: store encryption cipher in the channel

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:smb2_server: convert encryption desired and required bools to flags

This adds a bitmap smbXsrv_encrpytion_flags with flags to the
smbXsrv_session_global.tdb and smbXsrv_tcon_global.tdb that we use
instead of bools for desired and required.

We need this info in the smbXsrv tdbs for smbstatus. Subsequent commits
for smbstatus will use it.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbstatus: remove obsolete verbose message

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

substitute: Fix talloc_sub_basic for %G in the case of a local user.

This fixes a regression introduced by the fix for bug 10286.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10286

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 22 05:03:25 CET 2016 on sn-devel-144

passdb: change ABI version to 0.25.0 due to removed symbol.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:passdb: move my_sam_name() from passdb to util_name.c

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4-torture: let smb2.replay.replay5 test deal with scale out shares.

Scale out shares don't hand out batch or exclusive oplocks.
Hence no durable handles either.
The important point here is that the behaviour tested
does largely not rely on the fact that we had a durable
handle but that we were using a durable handle create
context to specify a CreateGUID.

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd:smb2_close: remove an irritating blank line

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

docs:smbdotconf: fix tabs/space mixup in logon parameter metadata

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_shadow_copy2: check crossmountpoints against snapdirseverywhere

If crossmountpoints is enabled, verify that snapdirseverywhere is
enabled too, since crossmountpoints has no meaning otherwise.

This obviates the check of crossmountpoints against other config
variables.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jan 22 01:54:06 CET 2016 on sn-devel-144

smbcacls: fix uninitialized variable

An uninitialized variable causes "numeric" mode to be
used without the -n option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11682

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jan 20 12:12:12 CET 2016 on sn-devel-144

ctdb-client: Use ctdb_rec_buffer_init() to initialize ctdb_rec_buffer

... instead of talloc_zero(). This sets the db_id correctly.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Jan 20 07:28:42 CET 2016 on sn-devel-144

ctdb-client: Add missing initialization for h->ev in transaction_start

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-client: Do not delete reqid explicitly

The reqid will be deleted when the client control state is freed.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-client: Add a disconnect callback for ctdb client

This allows the client code to optionally clean up and/or re-connect to
CTDB daemon when it the daemon goes away. If no disconnect callback is
registered and CTDB daemon goes away, then the client will terminate.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-client: Close ctdb socket connection when client context goes away

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-client: Use ctdb_ltdb_header_extract()

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-protocol: Fix marshaling of seqnum

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

docs: Bump version up to 4.4.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jan 19 21:34:14 CET 2016 on sn-devel-144

ctdb-build: Fix -O3 developer build

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jan 18 14:32:05 CET 2016 on sn-devel-144

ldb-samba: Expand testing of recursive search

Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jan 18 07:49:43 CET 2016 on sn-devel-144

ldb-samba: Correct error reporting to match Windows

In some cases instead of replying with an error Windows instead returns
0 results.

Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

ldb-samba: Reenable recursive search

In order for the recursive search module to work, we first
must stop asserting that any extended match rule is a DN (to be modified
per the extended DN munging), as this is not the case for this particular rule.

This reverts commit 8cacd5b8113fa30fb4ccaaf3193839660feb285f.

Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

ldb-samba: critical bugfix on original recursive search implementation

In the original patch (listed previously), when the search recurses it
will inevitably reallocate the visited list to a new array in memory.
When this happens the original patch didn't update it's reference to the
array.

This patch adds an extra level of indirection on the visited list in
order to fix this bug.

Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

ldb-samba: Implement transitive extended matching

Documented in [MS-ADTS] section 3.1.1.3.4.4.3 LDAP_MATCHING_RULE_TRANSITIVE_EVAL

This allows a search filter such as:

member:1.2.840.113556.1.4.1941:=cn=user,cn=users,dc=samba,dc=example,dc=com

This searches not only the member attribute, but also any member
attributes that point at an object with this member in them. All the
various DN syntax types are supported, not just plain DNs.

Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
(abartlet: Fixed compile error: return makes integer from pointer without a cast)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(returned to Samba by revert of
dc2d5ccd56ff8c59f3686a652ec3082069914bb4, returning the original
commit 2a22ba34cd6f28950246b54c6577c922c61f4fdb)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

pidl: Change PyGetSetDef in generated python bindings to use C99 initialisers

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s3: smbd: Remove one more use of lp_posix_pathnames().

Slowly removing them...

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun Jan 17 02:07:23 CET 2016 on sn-devel-144

s3-util: skip S-1-18 sids in token generaion in sid_array_from_info3().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jan 16 01:24:04 CET 2016 on sn-devel-144

s3-util: add helper functions to deal with the S-1-18 domain.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

security: Add Asserted Identity sids (S-1-18)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677

definitions taken from [MS-DTYP]: Windows Data Types,
2.4.2.4 Well-Known SID Structures.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

ldb: Fix CID 1348110 Uninitialized scalar variable

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 15 07:12:06 CET 2016 on sn-devel-144

s3-libads: Use the configured LDAP page size.

We already allow the user to configure LDAP page size, and use it in pdb_ldap.
But then we hard-code the initial LDAP page size value to 1000 in ads_init, so
it doesn't take effect there. So let's use the configured LDAP page size value
in ads_init also, which defaults to 1000.

Signed-off-by: Justin Maggard <jmaggard@netgear.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jan 15 03:59:16 CET 2016 on sn-devel-144

Change default LDAP page size to 1000.

This matches Windows' Active Directory maximum page size.

Signed-off-by: Justin Maggard <jmaggard@netgear.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-scripts: further untangle logic for success of interface monitoring

Reduces intentation by using early returns.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Jan 14 22:41:29 CET 2016 on sn-devel-144

ctdb: Fix the O3 developer build

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

s4:acl LDB module - fix error message

Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 14 04:54:26 CET 2016 on sn-devel-144

ctdb-ipalloc: Document the steps involved in a takeover run

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Jan 13 23:27:01 CET 2016 on sn-devel-144

ctdb-ipalloc: Split IP allocation into its own build subsystem

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

s4-rpc_server: Add missing include for ROLE_ACTIVE_DIRECTORY_DC

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jan 13 20:17:20 CET 2016 on sn-devel-144

vfs_shadow_copy2: add a blackbox test suite

Add a blackbox test suite for vfs_shadow_copy2, testing
parameters mountpoint, basedir, snapdir, snapdirseverywhere,
and testing correct wide-link processing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11580

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Jan 13 17:11:38 CET 2016 on sn-devel-144

vfs_shadow_copy2: fix case where snapshots are outside the share

Adjust the connect path to the root of the share in the snapshot,
or to the root of the snapshot if the snapshot is "inside" the
share.

This way snapshot symlink regarded as "wide links" if and only if
they point outside the snapshot or they were wide links when
the snapshot was taken.

This allows mounting the snapshots outside the share's root.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11580

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

vfs_shadow_copy2: add shadow_copy2_do_convert()

Add a new routine shadow_copy2_do_convert() which is
like shadow_copy2_convert(), but beside calculating the
path of the snapshot file, it also returns the minimum length
of the subpath which is both inside the share and inside the
same snapshot as the file in question, i.e. (at least in the
classical case) the subdirectory of the the snapshot file's
snapshot directory that corresponds to the file's share root.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11580

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

s3:smbd_smb2_reauth_generic_return: make use of smb2req->xconn

More specifically move from smb2req->sconn to smb2req->xconn->client->sconn
to avouid using smb2req->sconn directly.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 13 14:02:21 CET 2016 on sn-devel-144

pam_winbind: check != PAM_SUCCESS and != NULL explicitly

...instead of using "if (ret)" or similar.
This is just a code cleanup, no changes in behaviour.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

vfs:shadow_copy2: fix a debug message

The debug message for the mountpoint option was the
wrong way around. This fixes it, also converting
the message to use DBG_WARNING() while we're touching it.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Jan 13 10:56:42 CET 2016 on sn-devel-144

docs: fix copy'n'paste error in vfs_shadow_copy2 manpage

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

asn1: Make asn1_peek_tag_needed_size static

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

asn1: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

winbind: Properly error check init_lsa_ref_domain_list

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

idmap: Fix whitespace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>