samba.git
14 months agoaudit_logging: Fix CID 1435739 Dereference null return value
Volker Lendecke [Tue, 22 May 2018 11:20:17 +0000 (13:20 +0200)]
audit_logging: Fix CID 1435739 Dereference null return value

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agoctdb: Fix CID 1435740 Unchecked return value
Volker Lendecke [Tue, 22 May 2018 11:17:25 +0000 (13:17 +0200)]
ctdb: Fix CID 1435740 Unchecked return value

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agoautobuild: Include information of disk free in system-info.txt
Andrew Bartlett [Fri, 18 May 2018 03:57:39 +0000 (15:57 +1200)]
autobuild: Include information of disk free in system-info.txt

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 24 00:42:48 CEST 2018 on sn-devel-144

14 months agogitlab-ci: Do not hide a possible out-of-space condition by cleaning up the tree
Andrew Bartlett [Fri, 18 May 2018 03:53:33 +0000 (15:53 +1200)]
gitlab-ci: Do not hide a possible out-of-space condition by cleaning up the tree

These are VMs anyway and will soon vanish, so a cleanup is totally wasted in any case.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
14 months agogitlab-ci: Include system-info.txt to give info on possible failures
Andrew Bartlett [Fri, 18 May 2018 03:51:34 +0000 (15:51 +1200)]
gitlab-ci: Include system-info.txt to give info on possible failures

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
14 months agodsdb: Avoid calculating the PSO multiple times
Tim Beale [Tue, 15 May 2018 21:45:32 +0000 (09:45 +1200)]
dsdb: Avoid calculating the PSO multiple times

In a typical user login query, the code tries to work out the PSO 2-3
times - once for the msDS-ResultantPSO attribute, and then again for the
msDS-User-Account-Control-Computed & msDS-UserPasswordExpiryTimeComputed
constructed attributes.

The PSO calculation is reasonably expensive, mostly due to the nested
groups calculation. If we've already constructed the msDS-ResultantPSO
attribute, then we can save ourselves extra work by just re-fetching the
result directly, rather than expanding the nested groups again from
scratch.

The previous patch improves efficiency when there are no PSOs in the
system. This should improve the case where there are PSOs that apply to
the users. (Unfortunately, it won't help where there are some PSOs in
the system, but no PSO applies to the user being queried).

Also updated sam.c so the msDS-ResultantPSO gets calculated first,
before the other constructed attributes.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed May 23 10:09:11 CEST 2018 on sn-devel-144

14 months agodsdb: Avoid performance hit if PSOs aren't actually used
Tim Beale [Tue, 15 May 2018 02:02:32 +0000 (14:02 +1200)]
dsdb: Avoid performance hit if PSOs aren't actually used

The new PSO code adds some additional overhead in extra lookups. To
avoid penalizing existing setups, we can short-circuit the PSO
processing and return early if there are no actual PSO objects in the
DB. The one-level search should be very quick, and it avoids the need to
do more complicated PSO processing (i.e. expanding the nested groups).

The longer-term plan is to rework the tokenGroups lookup so that it only
gets done once, and the result can then be reused by the resultant-PSO
code (rather than computing the nested-groups again). However, in the
short-term, a slight decrease in performance is the price for any users
that want to deploy PSOs.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agotests: Add tests for domain pwdHistoryLength
Tim Beale [Thu, 10 May 2018 21:29:01 +0000 (09:29 +1200)]
tests: Add tests for domain pwdHistoryLength

This is not related to PSOs at all, but there's a minor discrepancy
between Windows and Samba password-history-length behaviour that I
noticed during PSO testing.

When the pwdHistoryLength changes from zero to non-zero, Windows
includes the user's current password as invalid immediately, whereas
Samba only includes it as invalid *after* it next changes. It's a
fairly obscure corner-case, and we might not care enough about it to
fix it. However, I've added a test case to highlight the difference and
marked it as a known-fail for now.

I also added a general pwdHistoryLength test case to show that the
basics work (this didn't seem to be tested anywhere else).

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agotests: Extend passwordsettings tests to cover PSO command options
Tim Beale [Thu, 10 May 2018 23:49:23 +0000 (11:49 +1200)]
tests: Extend passwordsettings tests to cover PSO command options

Add test cases for the new PSO samba-tool command options.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agonetcmd: Add samba-tool support for managing PSOs
Tim Beale [Sun, 22 Apr 2018 22:47:21 +0000 (10:47 +1200)]
netcmd: Add samba-tool support for managing PSOs

Add a new command 'samba-tool domain passwordsettings pso', with the
sub-command options: create, delete, set, list, show, show-user, apply,
unapply. The apply and unapply options apply the PSO to a user or group.
The show-user option shows the actual PSO (and its settings) that will
take effect for a given user.

The new commands are pretty self-contained in a new pso.py file. We
decided to add these new commands under the existing 'samba-tool domain
passwordsettings' command, as that's what users would be already
familiar with.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agodsdb: Use PSO maxPwdAge for operational msDS-PasswordExpiryTimeComputed
Tim Beale [Thu, 19 Apr 2018 01:51:36 +0000 (13:51 +1200)]
dsdb: Use PSO maxPwdAge for operational msDS-PasswordExpiryTimeComputed

When calculating the Password-Expiry-Time, we should use the PSO's
max-password-age setting, if one applies to the user.

This is code may be inefficient, as it may repeat the PSO-lookup work
several times (once for each constructed attribute that tries to use
it). For now, I've gone for the simplest code change, and efficiency can
be addressed in a subsequent patch (once we have a good test to measure
it).

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agodsdb: Update password_hash to use PSO settings for password changes
Tim Beale [Wed, 18 Apr 2018 22:46:48 +0000 (10:46 +1200)]
dsdb: Update password_hash to use PSO settings for password changes

Honour the settings in the PSO when changing the password, i.e.
msDS-PasswordComplexityEnabled, msDS-PasswordHistoryLength, etc.

The password_hash code populates dsdb_control_password_change_status's
domain_data with the password settings to use - these are currently
based on the settings for the domain.

Now, if the password_hash code has worked out that a PSO applies to the
user, we override the domain settings with the PSO's values.

This change means the password_settings tests now pass.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agodsdb: Move anonymous domain_data struct
Tim Beale [Wed, 18 Apr 2018 21:47:42 +0000 (09:47 +1200)]
dsdb: Move anonymous domain_data struct

Anonymous structs and 80 character line-lengths don't mix well. Allow
the struct to be referenced directly.

With the introduction of PSOs, the password-settings are now calculated
per-user rather than per-domain. I've tried to reflect this in the
struct name.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agodsdb: Lookup PSO's lockout settings for password_hash modifies
Tim Beale [Wed, 18 Apr 2018 02:21:46 +0000 (14:21 +1200)]
dsdb: Lookup PSO's lockout settings for password_hash modifies

When a user's password-hash is modified, we need the PSO settings for
that user, so that any lockout settings get applied correctly.

To do this, we query the msDS-ResultantPSO in the user search. Then, if
a PSO applies to the user, we add in a extra search to retrieve the
PSO's settings. Once the PSO search completes, we continue with the
modify operation.

In the event of error cases, I've tried to fallback to logging the
problem and continuing with the default domain settings. However,
unusual internal errors will still fail the operation.

We can pass the PSO result into dsdb_update_bad_pwd_count(), which means
the PSO's lockout-threshold and observation-window are now used. This is
enough to get the remaining lockout tests passing.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agorpc/samr: Fix PSO support in SAMR password_change RPC
Tim Beale [Tue, 8 May 2018 04:07:54 +0000 (16:07 +1200)]
rpc/samr: Fix PSO support in SAMR password_change RPC

To get the SAMR password_lockout test passing, we now just need to query
the msDS-ResultantPSO attribute for the user in the SAMR code. The
common code will then determine that a PSO applies to the user, and use
the PSO's lockout settings.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agodsdb/rpc: Update effective badPwdCount to use PSO settings
Tim Beale [Tue, 10 Apr 2018 22:33:21 +0000 (10:33 +1200)]
dsdb/rpc: Update effective badPwdCount to use PSO settings

The lockOutObservationWindow is used to calculate the badPwdCount. When
a PSO applies to a user, we want to use the PSO's lockout-observation
window rather the the default domain setting.

This is finally enough to get some of the PSO password_lockout tests
to pass.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agodsdb: PSO support for msDS-User-Account-Control-Computed
Tim Beale [Tue, 8 May 2018 03:11:30 +0000 (15:11 +1200)]
dsdb: PSO support for msDS-User-Account-Control-Computed

msDS-User-Account-Control-Computed uses the effective-lockoutDuration to
determine if a user is locked out or not. If a PSO applies to the user,
then the effective-lockoutDuration is the PSO's msDS-LockoutDuration
setting. Otherwise it is the domain default lockoutDuration value.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agodsdb/auth: Use PSO settings for lockOutThreshold/Duration
Tim Beale [Fri, 6 Apr 2018 04:42:50 +0000 (16:42 +1200)]
dsdb/auth: Use PSO settings for lockOutThreshold/Duration

If a PSO applies to a user, use its lockOutThreshold/Duration settings
instead of the domain setting. When we lookup a user, we now include the
msDS-ResultantPSO attribute. If the attribute is present for a user,
then we lookup the corresponding PSO object to get the lockOutThreshold/
Duration settings.

Note: This is not quite enough to make the PSO lockout tests pass, as
msDS-User-Account-Control-Computed is still constructed based on the
domain lockoutDuration setting rather than the PSO.

Updating the password_hash.c code properly will be done in a subsequent
commit.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agotests: Extend PSO tests to cover password-history/length/complexity
Tim Beale [Tue, 8 May 2018 02:45:17 +0000 (14:45 +1200)]
tests: Extend PSO tests to cover password-history/length/complexity

Unhobble the PSO test cases so that they not only check the
msDS-ResultantPSO constructed attribute, but also that the corresponding
PSO's password-history, minimum password length, and complexity settings
are actually used.

The tests now fail once more, as actually using the PSO's settings isn't
implemented yet.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agodsdb: Add msDS-ResultantPSO constructed attribute support
Tim Beale [Tue, 20 Mar 2018 21:45:38 +0000 (10:45 +1300)]
dsdb: Add msDS-ResultantPSO constructed attribute support

Add support for the msDS-ResultantPSO constructed attribute, which
indicates the PSO (if any) that should apply to a given user. First we
consider any PSOs that apply directly to a user. If none apply directly,
we consider PSOs that apply to any groups the user is a member of. (PSO
lookups are done by finding any 'msDS-PSOAppliesTo' links that apply to
the user or group SIDs we're interested in.

Note: the PSO should be selected based on the RevMembGetAccountGroups
membership, which doesn't include builtin groups. Looking at the spec,
it appears that perhaps our tokenGroups implementation should also
exclude builtin groups. However, in the short-term, I've added a new
ACCOUNT_GROUPS option to the enum, which is only used internally for
PSOs.

The PSO test cases (which are currently only checking the constructed
attribute) now pass, showing that the correct msDS-ResultantPSO value is
being returned, even if the corresponding password-policy settings are
not yet being applied.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agoautobuild: build ldb --without-ldb-lmdb
Andrew Bartlett [Mon, 14 May 2018 02:34:25 +0000 (14:34 +1200)]
autobuild: build ldb --without-ldb-lmdb

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 23 05:11:13 CEST 2018 on sn-devel-144

14 months agoselftest: Run ad_dc and vampire_dc with --backend-store=mdb
Andrew Bartlett [Mon, 14 May 2018 00:14:06 +0000 (12:14 +1200)]
selftest: Run ad_dc and vampire_dc with --backend-store=mdb

This ensures the LMDB backend is tested in make test

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agoldb-samba: Handle generic mdb:// url scheme in ldb_relative_path()
Gary Lockyer [Tue, 6 Mar 2018 00:40:21 +0000 (13:40 +1300)]
ldb-samba: Handle generic mdb:// url scheme in ldb_relative_path()

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agoldb: Reject a possible future ldb_mdb with the index in a sub-database
Andrew Bartlett [Fri, 18 May 2018 19:10:15 +0000 (07:10 +1200)]
ldb: Reject a possible future ldb_mdb with the index in a sub-database

This ensures we do not corrupt such an index by making changes to the
main database without knowing that the index values are now in a
sub-database.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agoldb: Add MDB support to ldb://
Gary Lockyer [Tue, 6 Mar 2018 02:11:23 +0000 (15:11 +1300)]
ldb: Add MDB support to ldb://

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
14 months agoldb_mdb/tests: add tests for multiple opens across forks
Gary Lockyer [Tue, 13 Mar 2018 02:08:10 +0000 (15:08 +1300)]
ldb_mdb/tests: add tests for multiple opens across forks

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agoldb_mdb/tests: test large index key value
Gary Lockyer [Mon, 12 Mar 2018 19:14:09 +0000 (08:14 +1300)]
ldb_mdb/tests: test large index key value

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agoldb_mdb: Remove implicit read lock and remove transaction counter
Gary Lockyer [Thu, 22 Mar 2018 22:29:25 +0000 (11:29 +1300)]
ldb_mdb: Remove implicit read lock and remove transaction counter

The way to know if we are in a transaction is if there is a non-NULL
transaction handle.

This allows the ldb_mdb_kv_ops_test test to be run.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agoldb_mdb: Run the ldb_mdb_mod_op_test
Andrew Bartlett [Tue, 8 May 2018 23:40:36 +0000 (11:40 +1200)]
ldb_mdb: Run the ldb_mdb_mod_op_test

ldb_mdb is now able to pass the full ldb_mod_op_test when compiled against lmdb.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agoldb_mdb/tests: Tests for wrap open
Gary Lockyer [Thu, 8 Mar 2018 03:47:59 +0000 (16:47 +1300)]
ldb_mdb/tests: Tests for wrap open

Tests to ensure that the mdb_env wrapping code correctly handles
multiple ldb's point to the same physical database file.

The test_ldb_close_with_multiple_connections tests are in
ldb_mod_op_test due to the utility code it uses from
elsewhere in that test.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agoldb_mdb: Use mdb_env_get_fd() to get the FD for fstat() and FD_CLOEXEC
Andrew Bartlett [Thu, 17 May 2018 01:10:25 +0000 (13:10 +1200)]
ldb_mdb: Use mdb_env_get_fd() to get the FD for fstat() and FD_CLOEXEC

This ensures we leave the FD behind if we exec() in a child process.

This deliberatly the same as TDB, as we want the same behaviour as
we have come to expect with that backend.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agoldb_mdb: prevent MDB_env reuse across forks
Gary Lockyer [Tue, 13 Mar 2018 02:08:10 +0000 (15:08 +1300)]
ldb_mdb: prevent MDB_env reuse across forks

MDB_env's may not be reused accross forks.  Check the pid that the lmdb
structure was created by, and return an error if it is being used by a
different process.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agoldb_mdb: handle EBADE from mdb_env_open
Gary Lockyer [Tue, 20 Mar 2018 22:38:22 +0000 (11:38 +1300)]
ldb_mdb: handle EBADE from mdb_env_open

Under some circumstances mdb_env_open returns EBADE, we treat this as
indicating the file is not a valid lmdb format file.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agoldb_mdb: Wrap mdb_env_open
Gary Lockyer [Tue, 6 Mar 2018 23:05:34 +0000 (12:05 +1300)]
ldb_mdb: Wrap mdb_env_open

Wrap mdb_env_open to ensure that we only have one MDB_env opened per
database in each process

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agoldb_mdb: Apply LMDB key length restrictions at key-value layer
Gary Lockyer [Tue, 6 Mar 2018 02:27:51 +0000 (15:27 +1300)]
ldb_mdb: Apply LMDB key length restrictions at key-value layer

We need to enforce the GUID index mode so end-users do not get a
supprise in mid-operation and we enforce a max key length of 511 so
that the index key trunctation is done correctly.

Otherwise the DB will appear to work until a very long key (DN or
index) is used, after which it will be sad.

Because the previous ldb_lmdb_test confirmed the key length by
creating a large DN, those tests are re-worked to use the GUID index
mode.  In turn, new tests are written that create a special DN around
the maximum key length.

Finally a test is included that demonstrates that adding entries to
the LMDB DB without GUID index mode fails.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agoldb_mdb/tests: Run api and index test also on lmdb
Gary Lockyer [Mon, 5 Mar 2018 20:13:31 +0000 (09:13 +1300)]
ldb_mdb/tests: Run api and index test also on lmdb

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agoldb_mdb/tests: Add tests to check for max key length and DB size
Gary Lockyer [Fri, 2 Feb 2018 02:30:53 +0000 (15:30 +1300)]
ldb_mdb/tests: Add tests to check for max key length and DB size

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agoldb_mdb: Don't allow modify operations on a read only db
Gary Lockyer [Tue, 6 Mar 2018 23:05:34 +0000 (12:05 +1300)]
ldb_mdb: Don't allow modify operations on a read only db

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
14 months agoldb_mdb: Store pid to change destructor on fork
Garming Sam [Mon, 5 Mar 2018 03:04:03 +0000 (16:04 +1300)]
ldb_mdb: Store pid to change destructor on fork

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agoldb_mdb: Enable LDB_FLG_NOSYNC in ldb_mdb
Garming Sam [Thu, 1 Mar 2018 03:53:07 +0000 (16:53 +1300)]
ldb_mdb: Enable LDB_FLG_NOSYNC in ldb_mdb

This is used in selftest with 'ldb:nosync = true'.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agoldb_mdb: Implement the lmdb backend for ldb
Garming Sam [Wed, 11 Jan 2017 04:10:19 +0000 (17:10 +1300)]
ldb_mdb: Implement the lmdb backend for ldb

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agoselftest: Clean up ldb on tearDown from each packet in TrafficEmulatorPacketTests
Andrew Bartlett [Sun, 20 May 2018 22:40:00 +0000 (10:40 +1200)]
selftest: Clean up ldb on tearDown from each packet in TrafficEmulatorPacketTests

Otherwise the LDB (and so the server resources) are in use until the end of the whole test
due to the way the objects are maintained in python for reporting.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 23 00:53:25 CEST 2018 on sn-devel-144

14 months agosocket_wrapper: Add missing dependency on tirpc
Amitay Isaacs [Mon, 14 May 2018 06:52:58 +0000 (16:52 +1000)]
socket_wrapper: Add missing dependency on tirpc

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue May 22 13:57:07 CEST 2018 on sn-devel-144

14 months agoauth: Use DBGC_AUTH as DBGC_CLASS for AD DC auth session code.
Andrew Bartlett [Mon, 21 May 2018 01:58:12 +0000 (13:58 +1200)]
auth: Use DBGC_AUTH as DBGC_CLASS for AD DC auth session code.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 22 02:42:32 CEST 2018 on sn-devel-144

14 months agos4-drsuapi: Call security_token_debug() with DBGC_DRS_REPL and a proper log level
Andrew Bartlett [Mon, 21 May 2018 01:53:01 +0000 (13:53 +1200)]
s4-drsuapi: Call security_token_debug() with DBGC_DRS_REPL and a proper log level

Selftest logs are full of calls to security_token_debug() with no context
and this is never a log level 0 event, so tidy it up.

The RODC would trigger this each time there is an attempted preload
of a user in the Denied RODC replication group.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agoauth: Use DBGC_AUTH as DBGC_CLASS for AD DC NTLM auth code.
Andrew Bartlett [Mon, 21 May 2018 01:51:16 +0000 (13:51 +1200)]
auth: Use DBGC_AUTH as DBGC_CLASS for AD DC NTLM auth code.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
15 months agovfs_zfsacl: return synthesized ACL when ZFS return ENOTSUP
Ralph Boehme [Tue, 5 Dec 2017 07:28:28 +0000 (08:28 +0100)]
vfs_zfsacl: return synthesized ACL when ZFS return ENOTSUP

This allows accessing the ZFS .snapshots directory where ZFS returns
ENOTSUP when calling acl(".snapshots").

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 18 22:03:21 CEST 2018 on sn-devel-144

15 months agos3:smbd: make psbuf arg to make_default_acl_posix() const
Ralph Boehme [Fri, 18 May 2018 11:14:57 +0000 (13:14 +0200)]
s3:smbd: make psbuf arg to make_default_acl_posix() const

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
15 months agopython/samba/netcmd: Py2/Py3 misc replace range with enumerate
Noel Power [Fri, 4 May 2018 11:20:36 +0000 (12:20 +0100)]
python/samba/netcmd: Py2/Py3 misc replace range with enumerate

Replace various instances of xrange with enumerate.

Signed-off-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Fri May 18 05:24:42 CEST 2018 on sn-devel-144

15 months agos3: smbtorture: Add new SMB2-DIR-FSYNC test to show behavior of FSYNC on directories.
Jeremy Allison [Thu, 10 May 2018 18:30:24 +0000 (11:30 -0700)]
s3: smbtorture: Add new SMB2-DIR-FSYNC test to show behavior of FSYNC on directories.

Tests against a directory handle on the root of a share,
and a directory handle on a sub-directory in a share.

Check SEC_DIR_ADD_FILE and SEC_DIR_ADD_SUBDIR separately,
either allows flush to succeed.

Passes against Windows.

Regression test for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13428

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 18 02:38:50 CEST 2018 on sn-devel-144

15 months agos3: smbd: Fix SMB2-FLUSH against directories.
Jeremy Allison [Thu, 10 May 2018 17:26:52 +0000 (10:26 -0700)]
s3: smbd: Fix SMB2-FLUSH against directories.

Directories opened with either FILE_ADD_FILE or
FILE_ADD_SUBDIRECTORY can be flushed even if
they're not writable in the conventional sense.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13428

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agos3: profile: Cleanup - we no longer use read/write/fsync syscalls.
Jeremy Allison [Thu, 17 May 2018 19:35:06 +0000 (12:35 -0700)]
s3: profile: Cleanup - we no longer use read/write/fsync syscalls.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agolib: Fix array size in audit_logging
Andreas Schneider [Wed, 16 May 2018 11:59:55 +0000 (13:59 +0200)]
lib: Fix array size in audit_logging

../lib/audit_logging/audit_logging.c: In function ‘json_add_timestamp’:
../lib/audit_logging/audit_logging.c:603:12: error: ‘%s’ directive
       output may be truncated writing up to 9 bytes into a region of size
       between 0 and 43 [-Werror=format-truncation=]
   "%s.%06ld%s",
            ^~
../lib/audit_logging/audit_logging.c:606:3:
   tz);
   ~~
../lib/audit_logging/audit_logging.c:600:2: note: ‘snprintf’ output
       between 8 and 70 bytes into a destination of size 50
  snprintf(
  ^~~~~~~~~
   timestamp,
   ~~~~~~~~~~
   sizeof(timestamp),
   ~~~~~~~~~~~~~~~~~~
   "%s.%06ld%s",
   ~~~~~~~~~~~~~
   buffer,
   ~~~~~~~
   tv.tv_usec,
   ~~~~~~~~~~~
   tz);
   ~~~

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu May 17 20:17:35 CEST 2018 on sn-devel-144

15 months agos4:ntvfs: Fix string copy of share_name
Andreas Schneider [Tue, 15 May 2018 15:55:22 +0000 (17:55 +0200)]
s4:ntvfs: Fix string copy of share_name

../source4/ntvfs/ipc/rap_server.c:70:3: error: ‘strncpy’ specified bound 13 equals destination size [-Werror=stringop-truncation]
   strncpy((char *)r->out.info[j].info1.share_name,
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    snames[i],
    ~~~~~~~~~~
    sizeof(r->out.info[0].info1.share_name));
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
15 months agolib:util: Fix size types in debug.c
Andreas Schneider [Tue, 8 May 2018 07:31:51 +0000 (09:31 +0200)]
lib:util: Fix size types in debug.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
15 months agolib:util: Fix parameter aliasing in tfork test
Andreas Schneider [Wed, 9 May 2018 15:52:19 +0000 (17:52 +0200)]
lib:util: Fix parameter aliasing in tfork test

../lib/util/tests/tfork.c:483:24: error: passing argument 1 to
    restrict-qualified parameter aliases with argument 4 [-Werror=restrict]
   ret = pthread_create(&threads[i],
                        ^~~~~~~~~~~
../lib/util/tests/tfork.c:486:10:
          (void *)&threads[i]);
          ~~~~~~~~~~~~~~~~~~~

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
15 months agos3:winbind: Fix uninitialzed variable warning
Andreas Schneider [Wed, 9 May 2018 16:07:47 +0000 (18:07 +0200)]
s3:winbind: Fix uninitialzed variable warning

Raised by GCC8.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
15 months agos3:passdb: Fix size of ascii_p16
Andreas Schneider [Wed, 9 May 2018 16:05:01 +0000 (18:05 +0200)]
s3:passdb: Fix size of ascii_p16

../source3/passdb/pdb_smbpasswd.c: In function ‘mod_smbfilepwd_entry’:
../source3/passdb/pdb_smbpasswd.c:1015:7: error: ‘:LCT-’ directive
    output may be truncated writing 5 bytes into a region of size between 0
    and 255 [-Werror=format-truncat ion=]
    "%s:LCT-%08X:",
       ^~~~~
../source3/passdb/pdb_smbpasswd.c:1015:4: note: using the range [0,
    4294967295] for directive argument
    "%s:LCT-%08X:",
    ^~~~~~~~~~~~~~
In file included from ../source3/include/includes.h:23,
                 from ../source3/passdb/pdb_smbpasswd.c:23:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output
    between 15 and 270 bytes into a destination of size 255
 #define slprintf snprintf
../source3/passdb/pdb_smbpasswd.c:1013:3: note: in expansion of macro ‘slprintf’
   slprintf(&ascii_p16[strlen(ascii_p16)],
   ^~~~~~~~

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
15 months agos3:lib: Use memcpy() in escape_ldap_string()
Andreas Schneider [Wed, 9 May 2018 15:29:39 +0000 (17:29 +0200)]
s3:lib: Use memcpy() in escape_ldap_string()

../source3/lib/ldap_escape.c: In function ‘escape_ldap_string’:
../source3/lib/ldap_escape.c:79:4: error: ‘strncpy’ output truncated
    before terminating nul copying 3 bytes from a string of the same length
[-Werror=stringop-truncation]
    strncpy (p, sub, 3);
    ^~~~~~~~~~~~~~~~~~~

We concatenat and do not care about NUL-termination till the loop has
finished.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
15 months agos4:torture: Use strlcpy() in gen_name()
Andreas Schneider [Wed, 9 May 2018 15:35:45 +0000 (17:35 +0200)]
s4:torture: Use strlcpy() in gen_name()

../source4/torture/basic/mangle_test.c: In function ‘gen_name’:
../source4/torture/basic/mangle_test.c:148:3: error: ‘strncpy’ output
    truncated before terminating nul copying 5 bytes from a string of the
    same length [-Werror=stringop-truncation]
   strncpy(p, "ABCDE", 5);
   ^~~~~~~~~~~~~~~~~~~~~~

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
15 months agolib:util: Fix string check in mkdir_p()
Andreas Schneider [Tue, 8 May 2018 07:22:00 +0000 (09:22 +0200)]
lib:util: Fix string check in mkdir_p()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
15 months agos3-utils: fix format-truncation in smbpasswd
Günther Deschner [Tue, 8 May 2018 12:13:56 +0000 (14:13 +0200)]
s3-utils: fix format-truncation in smbpasswd

../source3/utils/smbpasswd.c: In function ‘process_root’:
../source3/utils/smbpasswd.c:414:37: error: ‘$’ directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
   slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
                                     ^
In file included from ../source3/include/includes.h:23,
                 from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between 2 and 257 bytes into a destination of size 255
 #define slprintf snprintf
../source3/utils/smbpasswd.c:414:3: note: in expansion of macro ‘slprintf’
   slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
   ^~~~~~~~
../source3/utils/smbpasswd.c:397:35: error: ‘$’ directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
   slprintf(buf, sizeof(buf)-1, "%s$", user_name);
                                   ^
In file included from ../source3/include/includes.h:23,
                 from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between 2 and 257 bytes into a destination of size 255
 #define slprintf snprintf
../source3/utils/smbpasswd.c:397:3: note: in expansion of macro ‘slprintf’
   slprintf(buf, sizeof(buf)-1, "%s$", user_name);
   ^~~~~~~~
cc1: some warnings being treated as errors

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Pair-Programmed-With: Andreas Schneider <asn@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
15 months agos4-torture: fix format-truncation warning in smb2 session tests.
Günther Deschner [Tue, 8 May 2018 11:54:53 +0000 (13:54 +0200)]
s4-torture: fix format-truncation warning in smb2 session tests.

../source4/torture/smb2/session.c: In function ‘test_session_reauth5’:
../source4/torture/smb2/session.c:645:36: error: ‘\file.dat’ directive output may be truncated writing 9 bytes into a region of size between 1 and 256 [-Werror=format-truncation=]
  snprintf(fname, sizeof(fname), "%s\\file.dat", dname);
                                    ^~~~~~~~~~
../source4/torture/smb2/session.c:645:2: note: ‘snprintf’ output between 10 and 265 bytes into a destination of size 256
  snprintf(fname, sizeof(fname), "%s\\file.dat", dname);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../source4/torture/smb2/session.c:696:38: error: ‘\file2.dat’ directive output may be truncated writing 10 bytes into a region of size between 1 and 256 [-Werror=format-truncation=]
  snprintf(fname2, sizeof(fname2), "%s\\file2.dat", dname);
                                      ^~~~~~~~~~~
../source4/torture/smb2/session.c:696:2: note: ‘snprintf’ output between 11 and 266 bytes into a destination of size 256
  snprintf(fname2, sizeof(fname2), "%s\\file2.dat", dname);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
15 months agos3-printing: fix format-truncation in print_queue_update()
Günther Deschner [Tue, 8 May 2018 11:46:11 +0000 (13:46 +0200)]
s3-printing: fix format-truncation in print_queue_update()

../source3/printing/printing.c: In function ‘print_queue_update’:
../source3/printing/printing.c:1809:42: error: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size 244 [-Werror=format-truncation=]
  snprintf(key, sizeof(key), "MSG_PENDING/%s", sharename);
                                          ^~   ~~~~~~~~~
../source3/printing/printing.c:1809:2: note: ‘snprintf’ output between 13 and 268 bytes into a destination of size 256
  snprintf(key, sizeof(key), "MSG_PENDING/%s", sharename);

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
15 months agos3-winbindd: remove unused fill_domain_username()
Günther Deschner [Tue, 8 May 2018 09:19:42 +0000 (11:19 +0200)]
s3-winbindd: remove unused fill_domain_username()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
15 months agos3-winbindd: use fill_domain_username_talloc() in winbind.
Günther Deschner [Tue, 8 May 2018 09:18:56 +0000 (11:18 +0200)]
s3-winbindd: use fill_domain_username_talloc() in winbind.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
15 months agos3:winbind: Check if we have an open file descriptor
Andreas Schneider [Wed, 16 May 2018 12:06:36 +0000 (14:06 +0200)]
s3:winbind: Check if we have an open file descriptor

Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
15 months agos3:winbind: Add sanity check when closing fd
Andreas Schneider [Wed, 16 May 2018 09:59:09 +0000 (11:59 +0200)]
s3:winbind: Add sanity check when closing fd

Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
15 months agos3:utils: Do not segfault on error in DoDNSUpdate()
Andreas Schneider [Thu, 17 May 2018 09:53:18 +0000 (11:53 +0200)]
s3:utils: Do not segfault on error in DoDNSUpdate()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13440

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu May 17 17:28:28 CEST 2018 on sn-devel-144

15 months agoFIXUP: Improve memory handling on py_net_change_password
Andrew Bartlett [Wed, 16 May 2018 18:37:28 +0000 (06:37 +1200)]
FIXUP: Improve memory handling on py_net_change_password

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu May 17 14:28:19 CEST 2018 on sn-devel-144

15 months agopython/samba/netcmd: net.change_password should be passed string
Noel Power [Wed, 16 May 2018 15:51:34 +0000 (16:51 +0100)]
python/samba/netcmd:  net.change_password should be passed string

password param which in python2 (is str) is incorrectly encoded
before passing to net.change_password.

python2 - password is either unicode or str, if str we should
          decode to get unicode (and then pass to net.change_password).
python3 - password is either str or bytes, if bytes then decode
          (and pass as 'str' to net.change_password).
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agos4/libnet: Allow passwords containing non ascii characters to be passed
Noel Power [Wed, 16 May 2018 15:46:41 +0000 (16:46 +0100)]
s4/libnet: Allow passwords containing non ascii characters to be passed

Although we can pass unicode to py_net_change_password unfortunately in
Python2 unicode strings are encoded with the default encoding (e.g. ascii)
 when extracting the unicode string to buffer.
In Python3 the default encoding for "s" format is utf8. Use the "es"
format instead of "s" so we can specify the encoding so behaviour is
correct in py2/py3.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agotestprogs/blackbox: Add test to set and use password with non-ascii
Noel Power [Tue, 15 May 2018 17:27:23 +0000 (18:27 +0100)]
testprogs/blackbox: Add test to set and use password with non-ascii

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agopython/samba: Fix incorrect encode of password
Noel Power [Mon, 14 May 2018 12:38:20 +0000 (13:38 +0100)]
python/samba: Fix incorrect encode of password

In python2 you can encode a 'str' type which doesn't really make sense
since it is already bytes (as such). In python3 this isn't possible you
can't encode bytes or decode strings. Also because you can call encode
on 'str' in python2 it tries to to what you wanted and it implicity
calls decode('ascii') before performing the encode. This is why we get
mention of ascii codec in the error. This patch should future proof for
python3 also.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13435
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agos4/setup/tests: Add test for non ascii password setting samba-tool
Noel Power [Mon, 14 May 2018 12:48:18 +0000 (13:48 +0100)]
s4/setup/tests: Add test for non ascii password setting samba-tool

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13435
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agowinbindd: Remove an unused function prototype
Volker Lendecke [Wed, 2 May 2018 19:19:08 +0000 (21:19 +0200)]
winbindd: Remove an unused function prototype

This has been moved to async in 2009

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu May 17 11:30:18 CEST 2018 on sn-devel-144

15 months agowinbindd: Make "request_error()" static to winbindd.c
Volker Lendecke [Wed, 2 May 2018 19:23:49 +0000 (21:23 +0200)]
winbindd: Make "request_error()" static to winbindd.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agowinbindd: Make "request_ok()" static to winbindd.c
Volker Lendecke [Wed, 2 May 2018 19:22:45 +0000 (21:22 +0200)]
winbindd: Make "request_ok()" static to winbindd.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agowinbindd: Remove the "old" non-bool dispatch table
Volker Lendecke [Wed, 2 May 2018 19:20:58 +0000 (21:20 +0200)]
winbindd: Remove the "old" non-bool dispatch table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agowinbindd: Make DOMAIN_INFO a proper async request
Volker Lendecke [Wed, 2 May 2018 18:47:49 +0000 (20:47 +0200)]
winbindd: Make DOMAIN_INFO a proper async request

This has an async code path hidden inside. Expose that properly.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agowinbindd: winbindd_list_trusted_domains() -> bool_dispatch_table
Volker Lendecke [Fri, 4 May 2018 19:19:06 +0000 (21:19 +0200)]
winbindd: winbindd_list_trusted_domains() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agowinbindd: winbindd_priv_pipe_dir() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 18:27:43 +0000 (20:27 +0200)]
winbindd: winbindd_priv_pipe_dir() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agowinbindd: winbindd_ccache_save() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 18:26:19 +0000 (20:26 +0200)]
winbindd: winbindd_ccache_save() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agowinbindd: winbindd_ccache_ntlm_auth() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 18:23:54 +0000 (20:23 +0200)]
winbindd: winbindd_ccache_ntlm_auth() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agowinbindd: winbindd_dc_info() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 16:27:23 +0000 (18:27 +0200)]
winbindd: winbindd_dc_info() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agowinbindd: winbindd_netbios_name() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 16:25:00 +0000 (18:25 +0200)]
winbindd: winbindd_netbios_name() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agowinbindd: winbindd_domain_name() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 14:39:20 +0000 (16:39 +0200)]
winbindd: winbindd_domain_name() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agowinbindd: winbindd_ping() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 14:38:14 +0000 (16:38 +0200)]
winbindd: winbindd_ping() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agowinbindd: winbindd_info() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 14:36:49 +0000 (16:36 +0200)]
winbindd: winbindd_info() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agowinbindd: winbindd_interface_version() -> bool_dispatch_table
Volker Lendecke [Wed, 2 May 2018 13:26:55 +0000 (15:26 +0200)]
winbindd: winbindd_interface_version() -> bool_dispatch_table

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agowinbindd: Introduce "bool_dispatch_table"
Volker Lendecke [Wed, 2 May 2018 13:26:05 +0000 (15:26 +0200)]
winbindd: Introduce "bool_dispatch_table"

This is meant to replace the synchronous "dispatch_table".

The current dispatch_table assumes that every synchronous function does
the request_ok or request_error itself. This mixes two concerns: Doing
the work and shipping the reply to the winbind client. This new dispatch
table will make it possible to centralize shipping the reply to the
client. At a later stage this will enable easier statistics on how long
request processing took precisely.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agoctdb: Drop configuration file ctdbd.conf
Martin Schwenke [Tue, 24 Apr 2018 05:55:11 +0000 (15:55 +1000)]
ctdb: Drop configuration file ctdbd.conf

Drop function loadconfig(), replacing uses with "load_system_config
ctdb".  Drop translation of old-style configuration to new
configuration file.  Drop export of debugging variables.  Drop
documentation and configuration examples.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu May 17 07:03:04 CEST 2018 on sn-devel-144

15 months agoctdb-tests: Switch local daemons to use new style configuration file
Martin Schwenke [Fri, 13 Apr 2018 09:25:56 +0000 (19:25 +1000)]
ctdb-tests: Switch local daemons to use new style configuration file

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-config: Add default ctdb.conf file
Martin Schwenke [Tue, 24 Apr 2018 09:58:23 +0000 (19:58 +1000)]
ctdb-config: Add default ctdb.conf file

Install it in RPM.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-docs: Add example configuration files
Martin Schwenke [Sun, 13 May 2018 05:42:31 +0000 (15:42 +1000)]
ctdb-docs: Add example configuration files

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-docs: Add ctdb.conf(5) cross references and documentation tweaks
Martin Schwenke [Sat, 21 Apr 2018 08:12:53 +0000 (18:12 +1000)]
ctdb-docs: Add ctdb.conf(5) cross references and documentation tweaks

Minor updates to other manual pages for compatibility.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-docs: Add ctdb.conf(5)
Martin Schwenke [Sun, 13 May 2018 05:41:38 +0000 (15:41 +1000)]
ctdb-docs: Add ctdb.conf(5)

This documents the new Samba-style configuration file.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-tests: Clean up tests to not expose script options
Martin Schwenke [Wed, 2 May 2018 08:38:41 +0000 (18:38 +1000)]
ctdb-tests: Clean up tests to not expose script options

The tests still use the script options but the event scripts no longer
see them exported from the test infrastructure.  Testing now depends
on the event scripts successfully fetching the options from the
configuration file.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-scripts: Fetch recovery lock option from config file in 01.reclock
Martin Schwenke [Fri, 20 Apr 2018 02:20:34 +0000 (12:20 +1000)]
ctdb-scripts: Fetch recovery lock option from config file in 01.reclock

Put it in a function so it is easy to move to common code just in case
it is needed somewhere else.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-scripts: Fetch database options from config file in scripts
Martin Schwenke [Fri, 20 Apr 2018 02:15:26 +0000 (12:15 +1000)]
ctdb-scripts: Fetch database options from config file in scripts

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>