samba.git
18 months agopython/samba: Fix incorrect encode of password
Noel Power [Mon, 14 May 2018 12:38:20 +0000 (13:38 +0100)]
python/samba: Fix incorrect encode of password

In python2 you can encode a 'str' type which doesn't really make sense
since it is already bytes (as such). In python3 this isn't possible you
can't encode bytes or decode strings. Also because you can call encode
on 'str' in python2 it tries to to what you wanted and it implicity
calls decode('ascii') before performing the encode. This is why we get
mention of ascii codec in the error. This patch should future proof for
python3 also.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13435
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agos4/setup/tests: Add test for non ascii password setting samba-tool
Noel Power [Mon, 14 May 2018 12:48:18 +0000 (13:48 +0100)]
s4/setup/tests: Add test for non ascii password setting samba-tool

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13435
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agowinbindd: Remove an unused function prototype
Volker Lendecke [Wed, 2 May 2018 19:19:08 +0000 (21:19 +0200)]
winbindd: Remove an unused function prototype

This has been moved to async in 2009

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu May 17 11:30:18 CEST 2018 on sn-devel-144

18 months agowinbindd: Make "request_error()" static to winbindd.c
Volker Lendecke [Wed, 2 May 2018 19:23:49 +0000 (21:23 +0200)]
winbindd: Make "request_error()" static to winbindd.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
18 months agowinbindd: Make "request_ok()" static to winbindd.c
Volker Lendecke [Wed, 2 May 2018 19:22:45 +0000 (21:22 +0200)]
winbindd: Make "request_ok()" static to winbindd.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
18 months agowinbindd: Remove the "old" non-bool dispatch table
Volker Lendecke [Wed, 2 May 2018 19:20:58 +0000 (21:20 +0200)]
winbindd: Remove the "old" non-bool dispatch table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
18 months agowinbindd: Make DOMAIN_INFO a proper async request
Volker Lendecke [Wed, 2 May 2018 18:47:49 +0000 (20:47 +0200)]
winbindd: Make DOMAIN_INFO a proper async request

This has an async code path hidden inside. Expose that properly.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
18 months agowinbindd: winbindd_list_trusted_domains() -> bool_dispatch_table
Volker Lendecke [Fri, 4 May 2018 19:19:06 +0000 (21:19 +0200)]
winbindd: winbindd_list_trusted_domains() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
18 months agowinbindd: winbindd_priv_pipe_dir() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 18:27:43 +0000 (20:27 +0200)]
winbindd: winbindd_priv_pipe_dir() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
18 months agowinbindd: winbindd_ccache_save() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 18:26:19 +0000 (20:26 +0200)]
winbindd: winbindd_ccache_save() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
18 months agowinbindd: winbindd_ccache_ntlm_auth() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 18:23:54 +0000 (20:23 +0200)]
winbindd: winbindd_ccache_ntlm_auth() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
18 months agowinbindd: winbindd_dc_info() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 16:27:23 +0000 (18:27 +0200)]
winbindd: winbindd_dc_info() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
18 months agowinbindd: winbindd_netbios_name() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 16:25:00 +0000 (18:25 +0200)]
winbindd: winbindd_netbios_name() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
18 months agowinbindd: winbindd_domain_name() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 14:39:20 +0000 (16:39 +0200)]
winbindd: winbindd_domain_name() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
18 months agowinbindd: winbindd_ping() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 14:38:14 +0000 (16:38 +0200)]
winbindd: winbindd_ping() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
18 months agowinbindd: winbindd_info() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 14:36:49 +0000 (16:36 +0200)]
winbindd: winbindd_info() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
18 months agowinbindd: winbindd_interface_version() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 13:26:55 +0000 (15:26 +0200)]
winbindd: winbindd_interface_version() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
18 months agowinbindd: Introduce "bool_dispatch_table"
Volker Lendecke [Wed, 2 May 2018 13:26:05 +0000 (15:26 +0200)]
winbindd: Introduce "bool_dispatch_table"

This is meant to replace the synchronous "dispatch_table".

The current dispatch_table assumes that every synchronous function does
the request_ok or request_error itself. This mixes two concerns: Doing
the work and shipping the reply to the winbind client. This new dispatch
table will make it possible to centralize shipping the reply to the
client. At a later stage this will enable easier statistics on how long
request processing took precisely.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
18 months agoctdb: Drop configuration file ctdbd.conf
Martin Schwenke [Tue, 24 Apr 2018 05:55:11 +0000 (15:55 +1000)]
ctdb: Drop configuration file ctdbd.conf

Drop function loadconfig(), replacing uses with "load_system_config
ctdb".  Drop translation of old-style configuration to new
configuration file.  Drop export of debugging variables.  Drop
documentation and configuration examples.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu May 17 07:03:04 CEST 2018 on sn-devel-144

18 months agoctdb-tests: Switch local daemons to use new style configuration file
Martin Schwenke [Fri, 13 Apr 2018 09:25:56 +0000 (19:25 +1000)]
ctdb-tests: Switch local daemons to use new style configuration file

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-config: Add default ctdb.conf file
Martin Schwenke [Tue, 24 Apr 2018 09:58:23 +0000 (19:58 +1000)]
ctdb-config: Add default ctdb.conf file

Install it in RPM.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-docs: Add example configuration files
Martin Schwenke [Sun, 13 May 2018 05:42:31 +0000 (15:42 +1000)]
ctdb-docs: Add example configuration files

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-docs: Add ctdb.conf(5) cross references and documentation tweaks
Martin Schwenke [Sat, 21 Apr 2018 08:12:53 +0000 (18:12 +1000)]
ctdb-docs: Add ctdb.conf(5) cross references and documentation tweaks

Minor updates to other manual pages for compatibility.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-docs: Add ctdb.conf(5)
Martin Schwenke [Sun, 13 May 2018 05:41:38 +0000 (15:41 +1000)]
ctdb-docs: Add ctdb.conf(5)

This documents the new Samba-style configuration file.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-tests: Clean up tests to not expose script options
Martin Schwenke [Wed, 2 May 2018 08:38:41 +0000 (18:38 +1000)]
ctdb-tests: Clean up tests to not expose script options

The tests still use the script options but the event scripts no longer
see them exported from the test infrastructure.  Testing now depends
on the event scripts successfully fetching the options from the
configuration file.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-scripts: Fetch recovery lock option from config file in 01.reclock
Martin Schwenke [Fri, 20 Apr 2018 02:20:34 +0000 (12:20 +1000)]
ctdb-scripts: Fetch recovery lock option from config file in 01.reclock

Put it in a function so it is easy to move to common code just in case
it is needed somewhere else.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-scripts: Fetch database options from config file in scripts
Martin Schwenke [Fri, 20 Apr 2018 02:15:26 +0000 (12:15 +1000)]
ctdb-scripts: Fetch database options from config file in scripts

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-scripts: Add function ctdb_get_db_options()
Martin Schwenke [Fri, 20 Apr 2018 02:12:44 +0000 (12:12 +1000)]
ctdb-scripts: Add function ctdb_get_db_options()

This pulls database options from the configuration file, caches then
and makes the values available in scripts.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-tests: Add ctdb-config wrapper stub for event script tests
Martin Schwenke [Wed, 2 May 2018 08:06:05 +0000 (18:06 +1000)]
ctdb-tests: Add ctdb-config wrapper stub for event script tests

Create a shim helper around that simply invokes ctdb-config via its
real location.

This is needed because the event script tests set CTDB_HELPER_BINDIR
to the stubs directory because all other helpers used by event script
testing are currently stubs.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-tests: Add setup of ctdb.conf recovery lock setting
Martin Schwenke [Wed, 2 May 2018 08:05:28 +0000 (18:05 +1000)]
ctdb-tests: Add setup of ctdb.conf recovery lock setting

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-tests: Add setup of ctdb.conf database directory settings
Martin Schwenke [Wed, 2 May 2018 02:37:21 +0000 (12:37 +1000)]
ctdb-tests: Add setup of ctdb.conf database directory settings

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-tests: Add new variable CTDB_SCRIPTS_HELPER_BINDIR
Martin Schwenke [Wed, 2 May 2018 08:03:20 +0000 (18:03 +1000)]
ctdb-tests: Add new variable CTDB_SCRIPTS_HELPER_BINDIR

This will always find a binary helper, as opposed to a script helper,
which currently lives under tools/ in the source tree.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-daemon: Drop most ctdbd command-line options
Martin Schwenke [Mon, 16 Apr 2018 04:23:00 +0000 (14:23 +1000)]
ctdb-daemon: Drop most ctdbd command-line options

All except -i/--interactive.  This remaining popt option is now neatly
wrapped to fit in 80 columns.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-scripts: Translate old style options into new configuration file
Martin Schwenke [Mon, 16 Apr 2018 03:20:36 +0000 (13:20 +1000)]
ctdb-scripts: Translate old style options into new configuration file

This allows the relevant command-line options to be removed from the
daemon while still leaving the old ctdbd.conf options file in place.
It is a temporary measure to enable testing in an old testing
environment.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-daemon: Integrate configuration file handling
Martin Schwenke [Fri, 13 Apr 2018 09:18:27 +0000 (19:18 +1000)]
ctdb-daemon: Integrate configuration file handling

Testing is now broken because command-line options are no longer
respected.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-daemon: Implement ctdb configuration file loading
Martin Schwenke [Wed, 18 Apr 2018 10:21:07 +0000 (20:21 +1000)]
ctdb-daemon: Implement ctdb configuration file loading

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-tools: Add legacy config options to config tool
Martin Schwenke [Fri, 11 May 2018 12:49:46 +0000 (22:49 +1000)]
ctdb-tools: Add legacy config options to config tool

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-daemon: Define ctdbd legacy configuration file options
Martin Schwenke [Wed, 11 Apr 2018 10:36:45 +0000 (20:36 +1000)]
ctdb-daemon: Define ctdbd legacy configuration file options

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-tools: Add database config options to config tool
Martin Schwenke [Fri, 11 May 2018 12:42:42 +0000 (22:42 +1000)]
ctdb-tools: Add database config options to config tool

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-database: Define database configuration file options
Martin Schwenke [Fri, 20 Apr 2018 07:10:51 +0000 (17:10 +1000)]
ctdb-database: Define database configuration file options

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-tools: Add cluster config options to config tool
Martin Schwenke [Fri, 11 May 2018 12:26:16 +0000 (22:26 +1000)]
ctdb-tools: Add cluster config options to config tool

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-cluster: Define cluster configuration file options
Martin Schwenke [Fri, 20 Apr 2018 07:11:59 +0000 (17:11 +1000)]
ctdb-cluster: Define cluster configuration file options

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-tools: Add event daemon config options to config tool
Amitay Isaacs [Tue, 17 Apr 2018 02:38:30 +0000 (12:38 +1000)]
ctdb-tools: Add event daemon config options to config tool

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
18 months agoctdb-event: Add event daemon config file options
Amitay Isaacs [Mon, 23 Apr 2018 04:02:43 +0000 (14:02 +1000)]
ctdb-event: Add event daemon config file options

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
18 months agoctdb-daemon: Drop ctdbd --max-persistent-check-errors option
Martin Schwenke [Tue, 15 May 2018 08:51:29 +0000 (18:51 +1000)]
ctdb-daemon: Drop ctdbd --max-persistent-check-errors option

Leave the code with an internal default of 0.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-scripts: Drop CTDB_MAX_PERSISTENT_CHECK_ERRORS option
Martin Schwenke [Tue, 15 May 2018 08:47:29 +0000 (18:47 +1000)]
ctdb-scripts: Drop CTDB_MAX_PERSISTENT_CHECK_ERRORS option

This must harken back to the days of yore when corrupt persistent
databases were an issue.  We haven't seen this used.  If CTDB fails to
start due to a corrupt persistent database then this database can be
removed by hand.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-daemon: Do not create database directories
Martin Schwenke [Tue, 15 May 2018 08:46:21 +0000 (18:46 +1000)]
ctdb-daemon: Do not create database directories

These should be created at installation or, if non-standard, by the
administrator.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-tests: Create database directories for local daemons
Martin Schwenke [Tue, 15 May 2018 08:45:10 +0000 (18:45 +1000)]
ctdb-tests: Create database directories for local daemons

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agoctdb-build: Create database directories during installation
Martin Schwenke [Mon, 14 May 2018 05:41:35 +0000 (15:41 +1000)]
ctdb-build: Create database directories during installation

Create and package.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
18 months agos4:torture: Do not leak file descriptor in smb2 oplock test
Andreas Schneider [Wed, 16 May 2018 09:46:22 +0000 (11:46 +0200)]
s4:torture: Do not leak file descriptor in smb2 oplock test

Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu May 17 04:03:21 CEST 2018 on sn-devel-144

18 months agos4:torture: Do not leak memory in libsmbclient test
Andreas Schneider [Wed, 16 May 2018 09:44:00 +0000 (11:44 +0200)]
s4:torture: Do not leak memory in libsmbclient test

Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
18 months agos3:libsmbclient: cleanup smbc_setWorkgroup() usage
David Disseldorp [Wed, 16 May 2018 14:50:55 +0000 (16:50 +0200)]
s3:libsmbclient: cleanup smbc_setWorkgroup() usage

It now takes a const char *. There's no need to use heap memory here.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
18 months agos3:libsmbclient: Use const for setting and getting strings
Andreas Schneider [Wed, 16 May 2018 12:49:55 +0000 (14:49 +0200)]
s3:libsmbclient: Use const for setting and getting strings

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
18 months agoctdb: Check return values of tevent_req_set_endtime()
Andreas Schneider [Wed, 16 May 2018 10:05:40 +0000 (12:05 +0200)]
ctdb: Check return values of tevent_req_set_endtime()

Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 17 01:09:46 CEST 2018 on sn-devel-144

18 months agos3:smbd: Fix converity warning with _smb_setlen_large()
Andreas Schneider [Wed, 16 May 2018 15:05:38 +0000 (17:05 +0200)]
s3:smbd: Fix converity warning with _smb_setlen_large()

result_independent_of_operands: "(outsize - 4 & 0xffffff) >> 16 >> 8" is
0 regardless of the values of its operands. This occurs as the bitwise
first operand of "&".

So we should just pass a variable to silence the warning. However for
this, we should calculate it correctly and use size_t for it.

Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agolibcli: Fix coverity warning in smb2cli_notify_send()
Andreas Schneider [Wed, 16 May 2018 14:54:47 +0000 (16:54 +0200)]
libcli: Fix coverity warning in smb2cli_notify_send()

result_independent_of_operands: "(uint16_t)(recursive ? 1 : 0) >> 8" is
0 regardless of the values of its operands. This occurs as the operand
of assignment.

Found by Coverity.

Pair-Programmed-With: Ralph Boehme <slow@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agos4:torture: Make sure variable is initialized in oplock test
Andreas Schneider [Wed, 16 May 2018 13:06:02 +0000 (15:06 +0200)]
s4:torture: Make sure variable is initialized in oplock test

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agos3:modules: Initialize pointers in vfs_virusfilter
Andreas Schneider [Wed, 16 May 2018 10:11:30 +0000 (12:11 +0200)]
s3:modules: Initialize pointers in vfs_virusfilter

Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agos3:winbind: Initialize validation_level in winbind_dual_SamLogon()
Andreas Schneider [Wed, 16 May 2018 10:10:29 +0000 (12:10 +0200)]
s3:winbind: Initialize validation_level in winbind_dual_SamLogon()

Found by Covertiy.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agos4:dsdb:tests: Add return code check
Andreas Schneider [Wed, 16 May 2018 09:53:05 +0000 (11:53 +0200)]
s4:dsdb:tests: Add return code check

Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agoConvert affected by previous commit lines from DEBUG(10,..) to DBG_DEBUG().
Timur I. Bakeyev [Sun, 13 May 2018 04:18:21 +0000 (12:18 +0800)]
Convert affected by previous commit lines from DEBUG(10,..) to DBG_DEBUG().

Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May 16 21:29:24 CEST 2018 on sn-devel-144

18 months agoRemove extra 0x prefix for the "%p" format specifiers, avoiding 0x0x0 strings in...
Timur I. Bakeyev [Thu, 10 May 2018 02:28:07 +0000 (10:28 +0800)]
Remove extra 0x prefix for the "%p" format specifiers, avoiding 0x0x0 strings in the output.

Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
18 months agoscript: Add 'random-seed' option to traffic_replay
Tim Beale [Wed, 16 May 2018 01:19:58 +0000 (13:19 +1200)]
script: Add 'random-seed' option to traffic_replay

When using a traffic-model file to generate traffic, there is some
randomness in the actual packets that get generated. This means it's
hard to use the tool to detect an increase/decrease in Samba
performance - we don't know whether a decrease in packets sent is due
to a regression in the Samba codebase, or just due to the tool sending
different types of packets (i.e. ones that take longer to process).

This patch adds an option to seed the python random number generator.
This means that exactly the same traffic can be generated across
multiple test runs.

(Previously we were using the '--traffic-summary' option to avoid this
problem - we can generate a summary-file based on the model, and then
use the same summary file across multiple runs. However, this proved
impractical when you want to run multiple combinations of scale/rate
parameters, e.g. 21 x 8 different permutations just fills up disk space
with summary-files.)

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: William Brown <william@blackhats.net.au>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 16 13:53:26 CEST 2018 on sn-devel-144

18 months agoctdb-common: Fix CID 1435600
Volker Lendecke [Tue, 15 May 2018 11:28:19 +0000 (13:28 +0200)]
ctdb-common: Fix CID 1435600

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed May 16 09:51:07 CEST 2018 on sn-devel-144

18 months agoctdb-common: Fix CID 1435599
Amitay Isaacs [Tue, 15 May 2018 09:23:04 +0000 (19:23 +1000)]
ctdb-common: Fix CID 1435599

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
18 months agodebug: Add group logging classes
Gary Lockyer [Mon, 23 Apr 2018 00:24:34 +0000 (12:24 +1200)]
debug: Add group logging classes

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 16 07:02:20 CEST 2018 on sn-devel-144

18 months agosmb.conf: Add dsdb group change notification parameter
Gary Lockyer [Sun, 22 Apr 2018 21:00:54 +0000 (09:00 +1200)]
smb.conf: Add dsdb group change notification parameter

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agomessaging idl add group membersip events
Gary Lockyer [Sun, 22 Apr 2018 20:49:26 +0000 (08:49 +1200)]
messaging idl add group membersip events

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agoauth_log: Rename the json variables
Gary Lockyer [Sun, 15 Apr 2018 21:29:04 +0000 (09:29 +1200)]
auth_log: Rename the json variables

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agoauth_log: tidy up code formatting
Gary Lockyer [Mon, 9 Apr 2018 23:57:41 +0000 (11:57 +1200)]
auth_log: tidy up code formatting

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agoauth_log: Use common code from audit_logging
Gary Lockyer [Mon, 9 Apr 2018 23:45:32 +0000 (11:45 +1200)]
auth_log: Use common code from audit_logging

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agoidl messaging: Add DSDB and Password events and message types
Gary Lockyer [Thu, 12 Apr 2018 01:19:16 +0000 (13:19 +1200)]
idl messaging: Add DSDB and Password events and message types

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agosmb conf: Add DSDB event notification parameter
Gary Lockyer [Wed, 11 Apr 2018 22:19:16 +0000 (10:19 +1200)]
smb conf: Add DSDB event notification parameter

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agologging: add ldb audit classes
Gary Lockyer [Tue, 3 Apr 2018 23:56:30 +0000 (11:56 +1200)]
logging: add ldb audit classes

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agoauth logging: Extract common audit logging code
Gary Lockyer [Mon, 9 Apr 2018 18:45:47 +0000 (06:45 +1200)]
auth logging: Extract common audit logging code

Extract the common audit logging code into a library to allow it's
re-use in other logging modules.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agoauth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a server
Stefan Metzmacher [Mon, 7 May 2018 12:50:27 +0000 (14:50 +0200)]
auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a server

This fixes "NTLMSSP NTLM2 packet check failed due to invalid signature!"
error messages, which were generated if the client only sends
NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL on an LDAP
connection.

This fixes a regession in the combination of commits
77adac8c3cd2f7419894d18db735782c9646a202 and
3a0b835408a6efa339e8b34333906bfe3aacd6e3.

We need to evaluate GENSEC_FEATURE_LDAP_STYLE at the end
of the authentication (as a server, while we already
do so at the beginning as a client).

As a reminder I introduced GENSEC_FEATURE_LDAP_STYLE
(as an internal flag) in order to let us work as a
Windows using NTLMSSP for LDAP. Even if only signing is
negotiated during the authentication the following PDUs
will still be encrypted if NTLMSSP is used. This is exactly the
same as if the client would have negotiated NTLMSSP_NEGOTIATE_SEAL.
I guess it's a bug in Windows, but we have to reimplement that
bug. Note this only applies to NTLMSSP and only to LDAP!
Signing only works fine for LDAP with Kerberos
or DCERPC and NTLMSSP.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 16 03:26:03 CEST 2018 on sn-devel-144

18 months agos4:selftest: run test_ldb_simple.sh with more auth options
Stefan Metzmacher [Wed, 9 May 2018 11:33:05 +0000 (13:33 +0200)]
s4:selftest: run test_ldb_simple.sh with more auth options

This demonstrates the broken GENSEC_FEATURE_LDAP_STYLE
handling in our LDAP server.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agoauth/ntlmssp: add ntlmssp_client:ldap_style_send_seal option
Stefan Metzmacher [Wed, 9 May 2018 11:30:13 +0000 (13:30 +0200)]
auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal option

This will be used to similate a Windows client only
using NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL
on an LDAP connection, which is indicated internally by
GENSEC_FEATURE_LDAP_STYLE.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
18 months agoselftest: Make setexpiry test much more reliable
Andrew Bartlett [Tue, 15 May 2018 00:26:03 +0000 (12:26 +1200)]
selftest: Make setexpiry test much more reliable

Rather than setting all the expiries and expecting that they will be done within 5 seconds,
measure and check the time individually for each record.

This should make this test much less prone to flapping.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 15 23:58:17 CEST 2018 on sn-devel-144

18 months agosamba-tool domain: Spit out common options between dcpromo and join
Andrew Bartlett [Sun, 13 May 2018 23:49:23 +0000 (11:49 +1200)]
samba-tool domain: Spit out common options between dcpromo and join

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
18 months agosamba-tool domain: Create a common --use-ntvfs option for provision, join, dcpromo...
Andrew Bartlett [Sun, 13 May 2018 23:30:17 +0000 (11:30 +1200)]
samba-tool domain: Create a common --use-ntvfs option for provision, join, dcpromo and classicupgrade

The NTVFS fileserver mode is still integral to the selftest system (often simply used to
make the rest of the command run and not fuss with POSIX ACLs and permissions).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
18 months agosamba-tool domain: Extend --backend-store to join and dcpromo by moving to common...
Andrew Bartlett [Sun, 13 May 2018 23:23:24 +0000 (11:23 +1200)]
samba-tool domain: Extend --backend-store to join and dcpromo by moving to common options

This allows the choice of ldb backend for a domain join as well as a new provision.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
18 months agosamba-tool domain: Extend --plaintext-secrets to dcpromo by moving to common options
Andrew Bartlett [Sun, 13 May 2018 23:22:23 +0000 (11:22 +1200)]
samba-tool domain: Extend --plaintext-secrets to dcpromo by moving to common options

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
18 months agosamba-tool domain: Add --machinepass to common options
Andrew Bartlett [Sun, 13 May 2018 23:06:13 +0000 (11:06 +1200)]
samba-tool domain: Add --machinepass to common options

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
18 months agosamba-tool domain: Add --quiet to common options
Andrew Bartlett [Sun, 13 May 2018 23:04:28 +0000 (11:04 +1200)]
samba-tool domain: Add --quiet to common options

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
18 months agosamba-tool domain: Create a common set of options for provision/join/dcpromo
Andrew Bartlett [Sun, 13 May 2018 23:02:46 +0000 (11:02 +1200)]
samba-tool domain: Create a common set of options for provision/join/dcpromo

These commands share much in common, the options should be in common as well.

Start with --targetdir.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
18 months agosamba-tool domain provision: Move more OpenLDAP options behind TEST_LDAP
Andrew Bartlett [Sun, 13 May 2018 22:19:58 +0000 (10:19 +1200)]
samba-tool domain provision: Move more OpenLDAP options behind TEST_LDAP

These options controlled the historical LDAP backend, they should not be left
to confuse other users.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
18 months agowinbind: Fix CID 1435598 Error handling issues (CHECKED_RETURN)
Volker Lendecke [Tue, 15 May 2018 11:40:36 +0000 (13:40 +0200)]
winbind: Fix CID 1435598 Error handling issues (CHECKED_RETURN)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May 15 21:12:33 CEST 2018 on sn-devel-144

18 months agoauth: keytab invalidation fix
Aaron Haslett [Mon, 30 Apr 2018 23:10:50 +0000 (11:10 +1200)]
auth: keytab invalidation fix

chgtdcpass should add a new DC password and delete the old ones but the bug
exposed by this test causes the tool to remove only a single record from
the old entries, leaving the old passwords functional.  Since the tool is
used by administrators who may have disclosed their domain join password and
want to invalidate it, this is a security concern.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13415

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May 15 15:45:08 CEST 2018 on sn-devel-144

18 months agoauth: keytab invalidation test
Aaron Haslett [Mon, 30 Apr 2018 23:10:24 +0000 (11:10 +1200)]
auth: keytab invalidation test

chgtdcpass should add a new DC password and delete the old ones but the bug
exposed by this test causes the tool to remove only a single record from
the old entries, leaving the old passwords functional.  Since the tool is
used by administrators who may have disclosed their domain join password and
want to invalidate it, this is a security concern.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13415

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
18 months agosmbd: fileserver: Change defaults to work with EA support out of the box.
Jeremy Allison [Mon, 14 May 2018 18:09:53 +0000 (11:09 -0700)]
smbd: fileserver: Change defaults to work with EA support out of the box.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 15 12:40:48 CEST 2018 on sn-devel-144

18 months agolib: Hold at most 10 outstanding paged result cookies
Volker Lendecke [Mon, 7 May 2018 14:53:00 +0000 (16:53 +0200)]
lib: Hold at most 10 outstanding paged result cookies

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13362
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 15 09:37:21 CEST 2018 on sn-devel-144

18 months agolib: Put "results_store" into a doubly linked list
Volker Lendecke [Mon, 7 May 2018 14:41:55 +0000 (16:41 +0200)]
lib: Put "results_store" into a doubly linked list

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13362
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
18 months agoselftest: Require libarchive for --enable-selftest
Andrew Bartlett [Thu, 10 May 2018 02:00:54 +0000 (14:00 +1200)]
selftest: Require libarchive for --enable-selftest

This avoids one more case where tests can go missing by removing the conditional.

(Yes, this has happend for other tests in the past).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 15 06:31:03 CEST 2018 on sn-devel-144

18 months agobuild: Make --with-gpgme the default
Andrew Bartlett [Thu, 10 May 2018 01:05:56 +0000 (13:05 +1200)]
build: Make --with-gpgme the default

Those wishing to build without gpgme support need simply to build --without-gpgme

This In general, we prefer that optional libraries be required by default
so that they are not accidentially missed, particularly in packages.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
18 months agobuild: Make --with-libarchive the default
Andrew Bartlett [Thu, 10 May 2018 01:04:35 +0000 (13:04 +1200)]
build: Make --with-libarchive the default

This means that those not wanting to link to libarchive will just need to
build --without-libarchive.

In general, we prefer that optional libraries be required by default
so that they are not accidentially missed, particularly in packages.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
18 months agobuild: Make --with-json-audit the default
Andrew Bartlett [Thu, 10 May 2018 01:01:05 +0000 (13:01 +1200)]
build: Make --with-json-audit the default

Thanks to Rowland for a clear description of the behaviour for the smb.conf manpage.

This means that those not wanting to link to libarchive will just need to
build --without-json-audit.

In general, we prefer that optional libraries be required by default
so that they are not accidentially missed, particularly in packages.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
18 months agos3/wscript: remove test, that we do in lib/replace
Björn Jacke [Mon, 12 Mar 2018 18:13:04 +0000 (19:13 +0100)]
s3/wscript: remove test, that we do in lib/replace

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Björn Baumbach <bb@sernet.de>
Autobuild-User(master): Björn Baumbach <bbaumbach@samba.org>
Autobuild-Date(master): Mon May 14 21:15:21 CEST 2018 on sn-devel-144

18 months agodocs-xml:samba-tool.8: fix wrong default computer container name
Björn Baumbach [Tue, 8 May 2018 08:21:10 +0000 (10:21 +0200)]
docs-xml:samba-tool.8: fix wrong default computer container name

CN=Users --> CN=Computers

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Björn Jacke <bjacke@samba.org>
18 months agosamba-tool computer: fix wrong computer container in help message
Björn Baumbach [Mon, 7 May 2018 13:00:17 +0000 (15:00 +0200)]
samba-tool computer: fix wrong computer container in help message

CN=Users --> CN=Computers

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Björn Jacke <bjacke@samba.org>