samba.git
9 months agoPY3: ensure StringIO usage is py2/py3 compatible
Noel Power [Mon, 6 Aug 2018 12:39:15 +0000 (13:39 +0100)]
PY3: ensure StringIO usage is py2/py3 compatible

9 months agoPY3: relative import fixes
Noel Power [Mon, 6 Aug 2018 14:02:18 +0000 (15:02 +0100)]
PY3: relative import fixes

9 months agos4/scripting/bin: PY3 Fix exception tuple assignments.
Noel Power [Fri, 28 Sep 2018 15:49:27 +0000 (16:49 +0100)]
s4/scripting/bin: PY3 Fix exception tuple assignments.

In Python3 to access the exception arguments you need to now use
Exception.args, in Python2 you could access these direcly with the
'except' declaration.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoPY3: port samba.tests.samba3sam
Noel Power [Sun, 5 Aug 2018 20:08:33 +0000 (21:08 +0100)]
PY3: port samba.tests.samba3sam

9 months agopython/samba: use PY3 version of ConfigParser
Noel Power [Wed, 5 Sep 2018 13:59:19 +0000 (14:59 +0100)]
python/samba: use PY3 version of ConfigParser

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agopython/samba/gp_parse: PY2/PY3 compat porting for gp_init.py
Noel Power [Mon, 15 Oct 2018 09:58:23 +0000 (10:58 +0100)]
python/samba/gp_parse: PY2/PY3 compat porting for gp_init.py

Fixes
1) use compat versions of ConfigParser and StringIO
2) open file needs to be opened in binary mode as write_pretty_xml
   routine uses BytesIO() object.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agopython/samba: add alias for ConfigParser for PY2/PY3 compatability
Noel Power [Fri, 24 Aug 2018 08:55:08 +0000 (09:55 +0100)]
python/samba: add alias for ConfigParser for PY2/PY3 compatability

ConfigParser module changed name to configParser in PY3, additionally
the behaviour regarding interpolation has changed. ConfigParser now
has a default interpolation param whose behaviour demands that '%' is
escaped. To maintain behaviour with the python2 version this default
param needs to be changed. Add some alias(s) and 'shim' Configparser
symbol in samba.compat to cater for this.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoPY3: convert samba.tests.strings to Py2/Py3
Noel Power [Sat, 4 Aug 2018 20:00:06 +0000 (21:00 +0100)]
PY3: convert samba.tests.strings to Py2/Py3

Previously the py2 api for strcasecmp_m/strstr_m required strings/unicode
 but couldn't actually handle unicode with anything other than the default
encoding (e.g. ascii). The c-api as been fixed and the encoding steps
(which were unnecessary and causing errors in PY3) have been removed

9 months agopython: py_strcasecmp_m & py_strstr_m don't handle unicode properly
Noel Power [Tue, 7 Aug 2018 15:21:35 +0000 (16:21 +0100)]
python: py_strcasecmp_m & py_strstr_m don't handle unicode properly

py_strcasecmp_m & py_strstr_m use PyArg_ParseTuple() with 's' which
in Py2 tries to decode string with the default (e.g. ascii) encoding

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agopython/samba/tests: PY2/PY3 port samba.tests.dcerpc.integer
Noel Power [Sat, 4 Aug 2018 16:01:24 +0000 (17:01 +0100)]
python/samba/tests: PY2/PY3 port samba.tests.dcerpc.integer

Python3 no longer has a long type so the 'L' postfix is no
longer valid. Additionally in python2 an int that exceeds will
be transparently converted into a long when necessary

9 months agopython/samba/netcmd: PY3 only possible to decode bytes
Noel Power [Thu, 27 Sep 2018 17:16:49 +0000 (18:16 +0100)]
python/samba/netcmd: PY3 only possible to decode bytes

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoPY3: Only decode when necessary
Noel Power [Sat, 4 Aug 2018 13:23:28 +0000 (14:23 +0100)]
PY3: Only decode when necessary

9 months agos4/setup/tests: PY3 samba-tool needs to be called with correct python ver.
Noel Power [Wed, 10 Oct 2018 10:14:59 +0000 (11:14 +0100)]
s4/setup/tests: PY3 samba-tool needs to be called with correct python ver.

Ensure samba-tool python version defined by $PYTHON

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agos4/scripting: PY3 Ensure python scripts are run with correct python ver.
Noel Power [Wed, 10 Oct 2018 09:15:31 +0000 (10:15 +0100)]
s4/scripting: PY3 Ensure python scripts are run with correct python ver.

As part of port samba4.blackbox.samba3dump to python2/3
make sure test_samba3dump.sh runs samba3dump with $PYTHON which should
define the correct python version.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agotestprogs/blackbox: Use PYTHON env variable for calling python scripts
Noel Power [Mon, 27 Aug 2018 16:06:37 +0000 (17:06 +0100)]
testprogs/blackbox: Use PYTHON env variable for calling python scripts

Ensure samba-tool is called with correct python that is
defined by $PYTHON

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agopython/samba/tests: make sure samba-tool is called with ${PYTHON}
Noel Power [Thu, 27 Sep 2018 15:08:34 +0000 (16:08 +0100)]
python/samba/tests: make sure samba-tool is called with ${PYTHON}

Ensure python scripts are called with the python version that
is defined by $PYTHON

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoselftest/target: Make sure samba-tool is called with ${PYTHON}
Noel Power [Thu, 27 Sep 2018 08:30:40 +0000 (09:30 +0100)]
selftest/target: Make sure samba-tool is called with ${PYTHON}

Ensure python scripts are called with the python version that
is defined by $PYTHON

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoPY3: In a pure PY3 build filter-subunit was getting called without 'python'
Noel Power [Sat, 4 Aug 2018 14:38:40 +0000 (15:38 +0100)]
PY3: In a pure PY3 build filter-subunit was getting called without 'python'

tests were getting called with "| ${src}/selftest/filter-subunit" which
resulted in filter-subunit getting execve'd without a calling python. This
resulted in /usr/bin/python (default python) getting called and subsequent
imports failing.

9 months agos4/scripting: PY3 need to convert cmp funct to key func for sort.
Noel Power [Mon, 15 Oct 2018 09:36:19 +0000 (10:36 +0100)]
s4/scripting: PY3 need to convert cmp funct to key func for sort.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agopython/samba/gp_parse: PY3 fdeploy_sids needs to use key method for sort
Noel Power [Mon, 15 Oct 2018 15:04:25 +0000 (16:04 +0100)]
python/samba/gp_parse: PY3 fdeploy_sids needs to use key method for sort

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agosamba-tool: PY3 dict view doesn't have sort method,
Noel Power [Mon, 15 Oct 2018 15:23:07 +0000 (16:23 +0100)]
samba-tool: PY3 dict view doesn't have sort method,

Can't sort a dict view, create a list from view then use list.sort
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agopython/samba/tests: PY3 iterable has no sort method
Noel Power [Wed, 26 Sep 2018 16:22:16 +0000 (17:22 +0100)]
python/samba/tests: PY3 iterable has no sort method

map in python3 returns an iterable, in python2 it returned
a list. Iterable has no sort method, use sort function instead or
construct a list from the iterable so you can use list.sort

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agos4/scripting/bin: PY3 Make sure print statements are enclosed by '()'
Noel Power [Thu, 27 Sep 2018 17:15:49 +0000 (18:15 +0100)]
s4/scripting/bin: PY3 Make sure print statements are enclosed by '()'

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoselftest: Add expected-value testing for userParameters
Andrew Bartlett [Tue, 23 Oct 2018 03:27:29 +0000 (16:27 +1300)]
selftest: Add expected-value testing for userParameters

This does not means that bugs like https://bugzilla.samba.org/show_bug.cgi?id=11881
are fixed, however we do not wish to cause further issues
without noticing it, eg during python3 fixes for dbcheck.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 months agoctdb-daemon: Fix valgrind hit in event code
Martin Schwenke [Wed, 17 Oct 2018 06:19:06 +0000 (17:19 +1100)]
ctdb-daemon: Fix valgrind hit in event code

==25741== Syscall param write(buf) points to uninitialised byte(s)
==25741==    at 0x4939291: write (write.c:27)
==25741==    by 0x4868285: sys_write (sys_rw.c:68)
==25741==    by 0x13915D: sock_queue_trigger (sock_io.c:316)
==25741==    by 0x4DE6478: tevent_common_invoke_immediate_handler (in /usr/lib/x86_64-linux-gnu/libtevent.so.0.9.37)
==25741==    by 0x4DE64A2: tevent_common_loop_immediate (in /usr/lib/x86_64-linux-gnu/libtevent.so.0.9.37)
==25741==    by 0x4DEBE5A: ??? (in /usr/lib/x86_64-linux-gnu/libtevent.so.0.9.37)
==25741==    by 0x4DEA2D6: ??? (in /usr/lib/x86_64-linux-gnu/libtevent.so.0.9.37)
==25741==    by 0x4DE57E3: _tevent_loop_once (in /usr/lib/x86_64-linux-gnu/libtevent.so.0.9.37)
==25741==    by 0x15D1BA: ctdb_event_script_args (eventscript.c:821)
==25741==    by 0x13B437: ctdb_start_daemon (ctdb_daemon.c:1315)
==25741==    by 0x110642: main (ctdbd.c:393)
==25741==  Address 0x57888a4 is 100 bytes inside a block of size 144 alloc'd
==25741==    at 0x48357BF: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==25741==    by 0x4B9B7C0: talloc_named_const (in /usr/lib/x86_64-linux-gnu/libtalloc.so.2.1.14)
==25741==    by 0x15CCC6: eventd_client_write (eventscript.c:430)
==25741==    by 0x15CCC6: eventd_client_run (eventscript.c:556)
==25741==    by 0x15CCC6: ctdb_event_script_run (eventscript.c:649)
==25741==    by 0x15D198: ctdb_event_script_args (eventscript.c:812)
==25741==    by 0x13B437: ctdb_start_daemon (ctdb_daemon.c:1315)
==25741==    by 0x110642: main (ctdbd.c:393)
==25741==

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13659

Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Oct 22 09:27:15 CEST 2018 on sn-devel-144

9 months agoctdb-event: Check the return status of sock_daemon_set_startup_fd
Amitay Isaacs [Wed, 10 Oct 2018 07:19:32 +0000 (18:19 +1100)]
ctdb-event: Check the return status of sock_daemon_set_startup_fd

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13659

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
9 months agoctdb-common: Set close-on-exec for startup fd
Amitay Isaacs [Wed, 10 Oct 2018 07:16:33 +0000 (18:16 +1100)]
ctdb-common: Set close-on-exec for startup fd

The startup_fd should not be propagated to the child processes created
from a daemon.  It should only be used in the daemon code to return the
status of the startup.  Another use of startup_fd is to notify the
parent if the daemon process has exited.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13659

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
9 months agoctdb-daemon: Exit if eventd goes away
Martin Schwenke [Thu, 11 Oct 2018 00:26:06 +0000 (11:26 +1100)]
ctdb-daemon: Exit if eventd goes away

ctdbd enters a broken state if eventd goes away.  A clean shutdown is
not possible because that involves running events.  Restarting eventd
is possible but this might mask a serious problem and it is possible
that eventd might keep on disappearing.  Just exit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13659

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
9 months agoctdb-daemon: Return early when refusing to run an event script
Martin Schwenke [Wed, 10 Oct 2018 02:35:00 +0000 (13:35 +1100)]
ctdb-daemon: Return early when refusing to run an event script

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13659

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
9 months agos3:smbcontrol: Simplify the return code check
Andreas Schneider [Wed, 26 Sep 2018 12:47:20 +0000 (14:47 +0200)]
s3:smbcontrol: Simplify the return code check

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 20 02:17:56 CEST 2018 on sn-devel-144

9 months agos4:torture: Fix the scope of the req variable in drsuapi test
Andreas Schneider [Wed, 26 Sep 2018 12:34:07 +0000 (14:34 +0200)]
s4:torture: Fix the scope of the req variable in drsuapi test

Found by covscan.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
9 months agondr: Init variables of GUID_from_data_blob()
Andreas Schneider [Wed, 26 Sep 2018 12:30:32 +0000 (14:30 +0200)]
ndr: Init variables of GUID_from_data_blob()

Found by covscan.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
9 months agos3:registry: Avoid a double-free in reg_perfcount
Andreas Schneider [Wed, 26 Sep 2018 12:29:50 +0000 (14:29 +0200)]
s3:registry: Avoid a double-free in reg_perfcount

Found by covscan.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
9 months agotalloc: deprecate talloc_set_memlimit()
David Disseldorp [Tue, 16 Oct 2018 17:06:48 +0000 (19:06 +0200)]
talloc: deprecate talloc_set_memlimit()

The memlimit functionality was never utilized by Samba. It adds unneeded
complexity, so flag it as deprecated.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
9 months agolib: Remove gencache.h from proto.h
Volker Lendecke [Thu, 18 Oct 2018 19:53:36 +0000 (21:53 +0200)]
lib: Remove gencache.h from proto.h

It's a pain to recompile the world if gencache.h changes

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 19 18:52:50 CEST 2018 on sn-devel-144

9 months agos3:secrets: clean up sid before storing
Philipp Gesang [Thu, 4 Oct 2018 07:25:14 +0000 (09:25 +0200)]
s3:secrets: clean up sid before storing

SIDs may contain non-zero memory beyond SubAuthorityCount:

    {
    key(15) = "SECRETS/SID/FOO"
    data(68) = "\01\04\00\00\00\00\00\05\15\00\00\00}u@\8C\08\A3\06nx\95\16\FE\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00`F\92\B7\03\00\00\00\18e\92\B7\03\00\00\00@H\92\B7\00\00\00\00"
    }

These parts are lost when converting to ``string format syntax``
so a roundtrip conversion does not result in the same binary
representation.

Ensure that these never reach the tdb by using an initialized
copy. This allows bitwise comparisons of secrets.tdb after
dumping SIDs as text and reading them back.

Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 19 13:59:04 CEST 2018 on sn-devel-144

9 months agodsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path
Gary Lockyer [Mon, 15 Oct 2018 03:02:40 +0000 (16:02 +1300)]
dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path

Correctly handle "ldb://" and "mdb://" schemes in the file path when
determining the path for the encrypted secrets key file.

When creating a new user and specifying the local file path of the
sam.ldb DB, it was possible to create an account that you could not
login with. The path for the key file was incorrectly calculated
for the "ldb://" and "mdb://" schemes, the scheme was not stripped from
the path and the subsequent open of the key file failed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13653

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 19 09:34:46 CEST 2018 on sn-devel-144

9 months agodsdb encrypted_secrets tests: Allow "ldb://" in file path
Gary Lockyer [Mon, 15 Oct 2018 03:01:47 +0000 (16:01 +1300)]
dsdb encrypted_secrets tests: Allow "ldb://" in file path

When creating a new user and specifying the local file path of the
sam.ldb DB, it's possible to create an account that you can't actually
login with.

This commit contains tests to verify the bug.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13653

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agopython tests Blackbox: add random_password
Gary Lockyer [Tue, 16 Oct 2018 20:10:10 +0000 (09:10 +1300)]
python tests Blackbox: add random_password

Add the random_password method to the BlackboxTestCase class and remove
duplicated copies from other test cases. Also use SystemRandom so that
the generated passwords are more cryptographically sound.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoldb_ldif: avoid strlen(NULL)
Douglas Bagnall [Thu, 18 Oct 2018 21:21:21 +0000 (10:21 +1300)]
ldb_ldif: avoid strlen(NULL)

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Oct 19 03:43:58 CEST 2018 on sn-devel-144

10 months agoldb_ldif: be less horribly efficient in debugging
Douglas Bagnall [Wed, 17 Oct 2018 03:28:25 +0000 (16:28 +1300)]
ldb_ldif: be less horribly efficient in debugging

perf said all the time was in strlen.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Oct 18 13:17:30 CEST 2018 on sn-devel-144

10 months agopy3_tests/kcc : test_verify can hit KCCError as well as GraphError
Douglas Bagnall [Wed, 17 Oct 2018 04:21:09 +0000 (17:21 +1300)]
py3_tests/kcc : test_verify can hit KCCError as well as GraphError

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
10 months agopy3/tests/kcc: turn error into failure for flapping.d/kcc
Douglas Bagnall [Tue, 16 Oct 2018 20:50:41 +0000 (09:50 +1300)]
py3/tests/kcc: turn error into failure for flapping.d/kcc

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
10 months agoselftest: add tests for samba-tool drs uptodateness
Joe Guo [Thu, 4 Oct 2018 02:37:49 +0000 (15:37 +1300)]
selftest: add tests for samba-tool drs uptodateness

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 18 10:02:19 CEST 2018 on sn-devel-144

10 months agonetcmd/drs: add cmd_drs_uptodateness with json support
Joe Guo [Wed, 3 Oct 2018 22:28:44 +0000 (11:28 +1300)]
netcmd/drs: add cmd_drs_uptodateness with json support

Add cmd to print uptodateness summary with json support.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658

10 months agouptodateness: add get_utdv_summary function
Joe Guo [Wed, 3 Oct 2018 22:24:33 +0000 (11:24 +1300)]
uptodateness: add get_utdv_summary function

Get utdv summary from distances matrix and support attr filters.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658

10 months agouptodateness: migrate get_kcc_and_dsas as a function
Joe Guo [Wed, 3 Oct 2018 11:42:08 +0000 (00:42 +1300)]
uptodateness: migrate get_kcc_and_dsas as a function

We need to reuse it in drs cmd.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658

10 months agouptodateness: extract get_utdv_max_distance
Joe Guo [Wed, 3 Oct 2018 10:45:12 +0000 (23:45 +1300)]
uptodateness: extract get_utdv_max_distance

To avoid returning 2 values from get_utdv_distances.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658

10 months agouptodateness: extract function get_utdv_distances
Joe Guo [Wed, 3 Oct 2018 10:21:11 +0000 (23:21 +1300)]
uptodateness: extract function get_utdv_distances

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658

10 months agouptodateness: extract function get_utdv_edges
Joe Guo [Wed, 3 Oct 2018 10:09:56 +0000 (23:09 +1300)]
uptodateness: extract function get_utdv_edges

Extract function to reuse later.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658

10 months agonetcmd/visualize: rm unused code line
Joe Guo [Wed, 3 Oct 2018 09:49:46 +0000 (22:49 +1300)]
netcmd/visualize: rm unused code line

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658

10 months agouptodateness: migrate more methods from visualize
Joe Guo [Wed, 3 Oct 2018 09:39:04 +0000 (22:39 +1300)]
uptodateness: migrate more methods from visualize

Move methods from cmd_uptodateness to new module.
Will reuse in drs cmd later.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658

10 months agouptodateness: add new module and migrate functions from visualize
Joe Guo [Wed, 3 Oct 2018 09:21:54 +0000 (22:21 +1300)]
uptodateness: add new module and migrate functions from visualize

Both visualize and drs cmd will have uptodateness functions.
Create a new module to reuse code.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658

10 months agojoin: Sanity-check LDB connection before failed join cleanup
Tim Beale [Thu, 18 Oct 2018 00:07:20 +0000 (13:07 +1300)]
join: Sanity-check LDB connection before failed join cleanup

Joining a large DB can take so long that the LDAP connection times out.
The previous patch fixed the 'happy case' where the join succeeds.
However, if the commit or replication fails (throwing an exception),
then the cleanup code can also fail when it tries to delete objects from
the remote DC. This then gives you an error pointing to
cleanup_old_accounts() rather than what actually went wrong.

This patch adds a sanity-check that if the join fails, that the LDB
connection to the remote DC is still alive, before we start deleting
objects.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13612

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
10 months agojoin: Avoid searching for more than strictly required during sanity check
Andrew Bartlett [Thu, 18 Oct 2018 03:50:19 +0000 (16:50 +1300)]
join: Avoid searching for more than strictly required during sanity check

We check for the default base DN as this does require authentication, but
we do not need to search for more than just that (so use SCOPE_BASE) and
we need no attributes, so ask for none

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
10 months agojoin: LDAP connection to remote DC can timeout in large join
Tim Beale [Wed, 17 Oct 2018 01:41:12 +0000 (14:41 +1300)]
join: LDAP connection to remote DC can timeout in large join

When joining a very large domain (e.g. 100K users), the replication can
take so long that the LDAP connection to the remote DC times out.

This patch avoids the problem by adding in a sanity-check after the
replication finishes that the LDB connection is still alive. If not,
then we reconnect.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13612

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
10 months agogencache: Remove a redundant check
Volker Lendecke [Tue, 9 Oct 2018 19:41:52 +0000 (21:41 +0200)]
gencache: Remove a redundant check

tdb_storev itself is robust against overflow due to multiple buffers

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 17 22:22:51 CEST 2018 on sn-devel-144

10 months agogencache: Remove a redundant check
Volker Lendecke [Tue, 9 Oct 2018 12:04:50 +0000 (14:04 +0200)]
gencache: Remove a redundant check

gencache_pull_timeout checks for NULL ptr already

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
10 months agogencache: Make gencache_pull_timeout return a payload DATA_BLOB
Volker Lendecke [Tue, 9 Oct 2018 11:58:43 +0000 (13:58 +0200)]
gencache: Make gencache_pull_timeout return a payload DATA_BLOB

Both relevant callers created one anyway.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
10 months agogencache: Make gencache_pull_timeout a bit more robust
Volker Lendecke [Tue, 9 Oct 2018 11:51:46 +0000 (13:51 +0200)]
gencache: Make gencache_pull_timeout a bit more robust

The previous version assumed a well-formed "val", we just handed it to
strtol without properly checking that it contains the delimiter. So
strtol could well run off the end of "val" in case of data corruption.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
10 months agogencache: Call string_term_tdb_data() only once
Volker Lendecke [Tue, 9 Oct 2018 11:17:53 +0000 (13:17 +0200)]
gencache: Call string_term_tdb_data() only once

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
10 months agogencache: Swap tests: Do cheapest first
Volker Lendecke [Tue, 9 Oct 2018 11:15:22 +0000 (13:15 +0200)]
gencache: Swap tests: Do cheapest first

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
10 months agogencache: Avoid counting characters manually
Volker Lendecke [Mon, 8 Oct 2018 07:07:59 +0000 (09:07 +0200)]
gencache: Avoid counting characters manually

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
10 months agoauth3: Avoid an explicit ZERO_STRUCT
Volker Lendecke [Sat, 13 Oct 2018 08:41:22 +0000 (10:41 +0200)]
auth3: Avoid an explicit ZERO_STRUCT

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
10 months agonetsamlogon_cache: Improve a DBG message
Volker Lendecke [Sat, 13 Oct 2018 08:58:32 +0000 (10:58 +0200)]
netsamlogon_cache: Improve a DBG message

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
10 months agonetsamlogon_cache: Add some error checks
Volker Lendecke [Sat, 13 Oct 2018 08:57:13 +0000 (10:57 +0200)]
netsamlogon_cache: Add some error checks

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
10 months agonetsamlogon_cache: Use "goto fail", save some lines
Volker Lendecke [Sat, 13 Oct 2018 08:55:00 +0000 (10:55 +0200)]
netsamlogon_cache: Use "goto fail", save some lines

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
10 months agonetsamlogon_cache: Fix talloc_stackframe error return leaks
Volker Lendecke [Sat, 13 Oct 2018 08:10:52 +0000 (10:10 +0200)]
netsamlogon_cache: Fix talloc_stackframe error return leaks

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
10 months agodrs_util: Improve memory usage when joining large DB
Tim Beale [Fri, 12 Oct 2018 00:54:34 +0000 (13:54 +1300)]
drs_util: Improve memory usage when joining large DB

drs_Replicate.replicate() could consume a large amount of memory when
replicating a large DB. This is not a leak - the memory gets freed when
the function returns (i.e. once the partition is fully replicated).
However, while the partition is in the process of being replicated, it
accumulates memory for each replication chunk it receives. This can have
considerable overhead with 1000s of objects/links in the partition.

This was exhausting memory when joining a VM with 1Gb RAM to a DC with
25K users (average ~15 group memberships per user).

It seems that by storing a reference to something that's on the ctr's
talloc tree, it doesn't free up the memory for each ctr message (until
the function actually returns and req is destroyed).

With 10K users (and average 15 group memberships per user), .replicate()
consumed 211Mb of memory, according to talloc.report_full(). With this
patch, it goes down to just the current ctr message (1-2Mb).

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 17 08:56:42 CEST 2018 on sn-devel-144

10 months agolibnet/drs: Update replication debug to report link progress
Tim Beale [Fri, 12 Oct 2018 00:29:32 +0000 (13:29 +1300)]
libnet/drs: Update replication debug to report link progress

Update the replication debug (for joins/backups) so that it's easier to
see how far through syncing the links we are. E.g. with 150,000 links,
you just get screeds of debug like this, with no real idea how far
through the replication is.

Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[1500/150024]
Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[1500/150024]
Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[1500/150024]

This patch now applies to links the same debug logic we use for objects,
and changes it to look like:

Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[57024/150024]
Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[58524/150024]
Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[60024/150024]

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
10 months agodns: dlz_bind9 reference count logging
Aaron Haslett [Mon, 15 Oct 2018 03:52:40 +0000 (16:52 +1300)]
dns: dlz_bind9 reference count logging

dlz_bind9 has to count the number of times the plugin is 'created' by bind's
plugin manager so it doesn't repeat setup.  Logging doesn't reflect this
reference counting logic properly and so messages like "samba_dlz: shutdown"
can, confusingly, come up when the database connection has not actually been
severed.  This patch adds the necessary logging.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13655
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
10 months agolib: Move the "expired" for gencache_parse calculation into gencache.c
Volker Lendecke [Sat, 13 Oct 2018 11:41:59 +0000 (13:41 +0200)]
lib: Move the "expired" for gencache_parse calculation into gencache.c

Make it more robust

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 16 21:20:19 CEST 2018 on sn-devel-144

10 months agonamemap_cache: Absorb the expired calculation into namemap_cache.c
Volker Lendecke [Sat, 13 Oct 2018 10:01:41 +0000 (12:01 +0200)]
namemap_cache: Absorb the expired calculation into namemap_cache.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
10 months agowinbindd_cache: Fix timeout calculation for sid<->name cache
Volker Lendecke [Sat, 13 Oct 2018 09:39:03 +0000 (11:39 +0200)]
winbindd_cache: Fix timeout calculation for sid<->name cache

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
10 months agos3:lib:popt: Use memset_s() to burn password string
Andreas Schneider [Wed, 10 Oct 2018 14:09:32 +0000 (16:09 +0200)]
s3:lib:popt: Use memset_s() to burn password string

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct 16 11:38:40 CEST 2018 on sn-devel-144

10 months agoreplace: Add memset_s() if not available
Andreas Schneider [Wed, 10 Oct 2018 14:05:46 +0000 (16:05 +0200)]
replace: Add memset_s() if not available

See https://en.cppreference.com/w/c/string/byte/memset

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
10 months agosamba-tool drs showrepl: do not crash if no dnsHostName found
Douglas Bagnall [Wed, 10 Oct 2018 22:59:52 +0000 (11:59 +1300)]
samba-tool drs showrepl: do not crash if no dnsHostName found

This should not happen, but it does sometimes in an autobuild
environment. Rather than reporting this by crashing, we report it by
showing there is no DNS name.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Oct 12 15:27:07 CEST 2018 on sn-devel-144

10 months agodsdb: Add dsdb_request_has_control() helper function
Tim Beale [Thu, 11 Oct 2018 04:50:52 +0000 (17:50 +1300)]
dsdb: Add dsdb_request_has_control() helper function

Most of the DSDB modules only want to check the existence of a control,
rather than access the control itself. Adding a helper function allows
the code to ask more natural-sounding yes/no questions, and tidies up
an ugly-looking long-line in extended_dn_out.c.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Oct 12 07:23:26 CEST 2018 on sn-devel-144

10 months agonetcmd: Change Py3 incompatible long() for tombstone expunge
Tim Beale [Thu, 4 Oct 2018 01:37:44 +0000 (14:37 +1300)]
netcmd: Change Py3 incompatible long() for tombstone expunge

The code to expunge tombstones uses long(), which is not Python3
compatible. Python3 uses int() instead, and works out how big it needs
to be.

As long as we don't run the samba-tool command on a 32-bit machine
after the year 2038, then we should avoid any integer overflow on
Python 2.x.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
10 months agodsdb: Remove redundant variable/check
Tim Beale [Fri, 28 Sep 2018 02:55:14 +0000 (14:55 +1200)]
dsdb: Remove redundant variable/check

Previously, this code used to live inside the loop, so the
checked_reveal_control was needed to save ourselves unnecessary work.

However, now that the code has been moved outside the loop, the
checked_reveal_control variable is just unnecessary complication.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
10 months agodsdb: Ensure that a DN (now) pointing at a deleted object counts for objectclass...
Andrew Bartlett [Wed, 12 Sep 2018 19:48:04 +0000 (14:48 -0500)]
dsdb: Ensure that a DN (now) pointing at a deleted object counts for objectclass-based MUST

Add the 'reveal_internals' controls when performing objectclass-based
checks of mandatory attributes. This prevents the extended_dn DSDB
module from suppressing attributes that point to deleted (i.e.
non-existent/expunged) objects.

This ensures that, when modifying an object (and often not even
touching the mandatory attribute) that the fact that an attribute is a
DN, and the DN target is deleted, that the schema check will still pass.

Otherwise a fromServer pointing at a dead server can cause failures,
i.e. you can't modify the affected object at all, because the DSDB
thinks a mandatory attribute is missing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13621

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
10 months agotests: Add corner-case test: fromServer points to dead server
Tim Beale [Fri, 28 Sep 2018 00:35:35 +0000 (12:35 +1200)]
tests: Add corner-case test: fromServer points to dead server

The fromServer attribute is slightly unique, in that it's a DN (similar
to a one-way link), but it is also a mandatory attribute.

Currently, if fromServer gets a bad value (i.e. a dead server that has
been expunged), the DSDB rejects any attempts to modify the associated
nTDSConnection object (regardless of whether or not you're actually
changing the fromServer attribute).

This patch adds a test-case that demonstrates how the DB can get into
such a state.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13621

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
10 months agos4/script/samba_upgradeprovision: set global dnNotToRecalculateFound var
Douglas Bagnall [Wed, 10 Oct 2018 04:51:54 +0000 (17:51 +1300)]
s4/script/samba_upgradeprovision: set global dnNotToRecalculateFound var

as probably intended. Without this the local variable shadows the
global one and is never used while the global one is never changed.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
10 months agos4/script/samba_upgradeprovision: remove unused variable
Douglas Bagnall [Wed, 10 Oct 2018 04:50:24 +0000 (17:50 +1300)]
s4/script/samba_upgradeprovision: remove unused variable

A similarly named variable is always set two lines down, so we don't need this

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
10 months agos4/script/samba_upgradeprovision: remove duplicate (contradictory) dict key
Douglas Bagnall [Wed, 10 Oct 2018 04:40:25 +0000 (17:40 +1300)]
s4/script/samba_upgradeprovision: remove duplicate (contradictory) dict key

The second, winning, entry says '"defaultSecurityDescriptor": replace + add'

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
10 months agos4/script/samba_upgradeprovision: use int not long for Python 3
Douglas Bagnall [Wed, 10 Oct 2018 04:36:50 +0000 (17:36 +1300)]
s4/script/samba_upgradeprovision: use int not long for Python 3

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
10 months agovfs_full_audit: ntimes: log a-, m-, c- and creation-time
Björn Baumbach [Thu, 27 Sep 2018 08:32:37 +0000 (10:32 +0200)]
vfs_full_audit: ntimes: log a-, m-, c- and creation-time

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Thu Oct 11 13:40:27 CEST 2018 on sn-devel-144

10 months agodns update: add missing newline in error debug message
Björn Baumbach [Fri, 31 Aug 2018 14:12:34 +0000 (16:12 +0200)]
dns update: add missing newline in error debug message

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
10 months agoselftest: test samba-tool ntacl get/set on AD member server
Björn Baumbach [Wed, 19 Sep 2018 14:36:45 +0000 (16:36 +0200)]
selftest: test samba-tool ntacl get/set on AD member server

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
10 months agosamba-tool ntacl: allow to run get/set-ntacl command in non-AD-DC role
Björn Baumbach [Tue, 4 Sep 2018 14:32:50 +0000 (16:32 +0200)]
samba-tool ntacl: allow to run get/set-ntacl command in non-AD-DC role

Can be used to get and apply NT-ACLs on Samba member servers.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
10 months agos3/py_passdb: add get_domain_sid() to get domain sid from secrets database
Björn Baumbach [Tue, 4 Sep 2018 14:30:53 +0000 (16:30 +0200)]
s3/py_passdb: add get_domain_sid() to get domain sid from secrets database

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
10 months agosamba-tool ntacl: pass system session to get/set-ntacl functions
Björn Baumbach [Tue, 4 Sep 2018 14:20:49 +0000 (16:20 +0200)]
samba-tool ntacl: pass system session to get/set-ntacl functions

The filled session is needed in different vfs modules.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
10 months agopysmbd: handle file not found error
Björn Baumbach [Wed, 19 Sep 2018 14:52:54 +0000 (16:52 +0200)]
pysmbd: handle file not found error

Avoid PANIC: internal error

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
10 months agopysmbd: add option to pass a session info to set_nt_acl() function
Björn Baumbach [Tue, 4 Sep 2018 13:29:58 +0000 (15:29 +0200)]
pysmbd: add option to pass a session info to set_nt_acl() function

A filled session info is needed by some vfs modules, e.g. full_audit.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
10 months agos4-auth: allow to pass original_user_name=NULL to auth_session_info_fill_unix()
Björn Baumbach [Tue, 25 Sep 2018 11:16:15 +0000 (13:16 +0200)]
s4-auth: allow to pass original_user_name=NULL to auth_session_info_fill_unix()

With this patch the auth_session_info_fill_unix() uses the "unix_name"
from the session_info->unix_info if no original_user_name was specified.

This is used to process a system session info where no original_user_name
is given.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
10 months agos4-auth: allow to create unix token from system session info
Björn Baumbach [Tue, 25 Sep 2018 11:11:09 +0000 (13:11 +0200)]
s4-auth: allow to create unix token from system session info

Without this patch security_token_to_unix_token() fails with
NT_STATUS_ACCESS_DENIED, because the system session does only
have one SID.
For a typical token are at least two or more SIDs expected.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
10 months agos4-auth: fetch possible out of memory error
Björn Baumbach [Tue, 4 Sep 2018 12:46:03 +0000 (14:46 +0200)]
s4-auth: fetch possible out of memory error

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
10 months agos4-auth: use TALLOC_FREE() shortcut
Björn Baumbach [Tue, 4 Sep 2018 12:45:05 +0000 (14:45 +0200)]
s4-auth: use TALLOC_FREE() shortcut

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
10 months agos4-auth: fix a typo in a comment
Björn Baumbach [Tue, 4 Sep 2018 12:43:33 +0000 (14:43 +0200)]
s4-auth: fix a typo in a comment

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
10 months agopython: Add samba.auth.copy_session_info()
Björn Baumbach [Tue, 4 Sep 2018 12:37:41 +0000 (14:37 +0200)]
python: Add samba.auth.copy_session_info()

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>