samba.git
2 years agotdb: Clarify the CLEAR_IF_FIRST locked logic
Volker Lendecke [Wed, 16 Aug 2017 13:21:14 +0000 (15:21 +0200)]
tdb: Clarify the CLEAR_IF_FIRST locked logic

This is another level of indentation, but it took me a while staring at the
if-condition to find that "locked" was assigned the result of "==0", not the
return value of tdb_nest_lock().

Best viewed with "git show -b".

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoutil: Add error handling to become_daemon()
Martin Schwenke [Tue, 15 Aug 2017 02:41:03 +0000 (12:41 +1000)]
util: Add error handling to become_daemon()

Log failure and exit if fork() or setsid() fails.

Leave the logic in the non-setsid() code as it is.  This is probably
meant to fall through on failure of either opening /dev/tty or
ioctl().  Documentation for the ioctl() failure case is far from
clear.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 17 11:48:32 CEST 2017 on sn-devel-144

2 years agoutil: Move become_daemon.c to samba-util-core
Martin Schwenke [Tue, 15 Aug 2017 01:43:12 +0000 (11:43 +1000)]
util: Move become_daemon.c to samba-util-core

So that CTDB can use it.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoutil: Modernise logging
Martin Schwenke [Tue, 15 Aug 2017 01:41:58 +0000 (11:41 +1000)]
util: Modernise logging

Switch to using DBG_ERR(), wrap logging/sd_notifyf() lines.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoutil: Make function definitions consistent with header file
Martin Schwenke [Tue, 15 Aug 2017 01:22:45 +0000 (11:22 +1000)]
util: Make function definitions consistent with header file

no_process_group -> no_session, name -> daemon, drop _PUBLIC_.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoutil: Add become_daemon.h
Martin Schwenke [Tue, 15 Aug 2017 01:12:35 +0000 (11:12 +1000)]
util: Add become_daemon.h

Rename argument no_process_group to no_session to describe what it
actually does.  Consistently use "daemon" for name of daemon argument.
Add documentation.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoutil: Avoid use of includes.h
Martin Schwenke [Tue, 15 Aug 2017 01:11:39 +0000 (11:11 +1000)]
util: Avoid use of includes.h

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agotests: replace traffic_summary test with python blackbox test
Gary Lockyer [Sun, 6 Aug 2017 22:08:28 +0000 (10:08 +1200)]
tests: replace traffic_summary test with python blackbox test

Replace the shell subunit test for script/traffic_summary.pl with a
python black box test.

This involves moving the test files to more standard locations.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Aug 17 07:59:38 CEST 2017 on sn-devel-144

2 years agoscripts: Scripts to replay and generate samba traffic
Gary Lockyer [Wed, 28 Jun 2017 23:08:37 +0000 (11:08 +1200)]
scripts: Scripts to replay and generate samba traffic

Scripts to generate representative network traffic and replay this to a
samba instance.  For load testing, performance profiling and capacity
planning.

traffic_learner  process a file generated by traffic_summary and
                 generate a model that can be used by traffic_replay to
                 generate samba network traffic.

traffic_replay   Replay a summary file generated by traffic_summary, or
                 use a model created by traffic_learner to generate
                 network traffic.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Tim Beale <timbeale@catalyst.net.nz>

2 years agoblackbox tests: method to check specific exit codes
Gary Lockyer [Wed, 16 Aug 2017 01:52:25 +0000 (13:52 +1200)]
blackbox tests: method to check specific exit codes

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agotraffic_summary: avoid uninitialised variable warning
Douglas Bagnall [Fri, 23 Jun 2017 02:16:53 +0000 (14:16 +1200)]
traffic_summary: avoid uninitialised variable warning

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agolib: talloc: Use the system <talloc.h> include.
Jeremy Allison [Mon, 14 Aug 2017 23:04:18 +0000 (16:04 -0700)]
lib: talloc: Use the system <talloc.h> include.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 17 00:53:48 CEST 2017 on sn-devel-144

2 years agolib: tevent: Use system <tevent.h>, not internal header path (except in self-test).
Jeremy Allison [Mon, 14 Aug 2017 22:54:39 +0000 (15:54 -0700)]
lib: tevent: Use system <tevent.h>, not internal header path (except in self-test).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos3: messaging: Add background job send failure message
Anoop C S [Mon, 14 Aug 2017 09:54:20 +0000 (15:24 +0530)]
s3: messaging: Add background job send failure message

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Aug 16 16:26:12 CEST 2017 on sn-devel-144

2 years agolibhttp: Remove an unneeded include
Volker Lendecke [Wed, 26 Jul 2017 13:18:16 +0000 (15:18 +0200)]
libhttp: Remove an unneeded include

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 16 04:11:47 CEST 2017 on sn-devel-144

2 years agodbwrap: Simplify dbwrap_unmarshall_fn
Volker Lendecke [Wed, 26 Jul 2017 13:14:51 +0000 (15:14 +0200)]
dbwrap: Simplify dbwrap_unmarshall_fn

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agodbwrap: Simplify dbwrap_trans_delete
Volker Lendecke [Wed, 26 Jul 2017 13:12:21 +0000 (15:12 +0200)]
dbwrap: Simplify dbwrap_trans_delete

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agodbwrap: Simplify dbwrap_trans_store
Volker Lendecke [Wed, 26 Jul 2017 13:10:55 +0000 (15:10 +0200)]
dbwrap: Simplify dbwrap_trans_store

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agodbwrap: Simplify dbwrap_store_uint32_bystring
Volker Lendecke [Wed, 26 Jul 2017 12:56:53 +0000 (14:56 +0200)]
dbwrap: Simplify dbwrap_store_uint32_bystring

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agodbwrap: Simplify dbwrap_store_int32_bystring
Volker Lendecke [Wed, 26 Jul 2017 12:56:53 +0000 (14:56 +0200)]
dbwrap: Simplify dbwrap_store_int32_bystring

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agodbwrap: Convert dbwrap_delete to dbwrap_do_locked
Volker Lendecke [Wed, 9 Nov 2016 15:37:49 +0000 (16:37 +0100)]
dbwrap: Convert dbwrap_delete to dbwrap_do_locked

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agodbwrap: Convert dbwrap_store to dbwrap_do_locked
Volker Lendecke [Wed, 9 Nov 2016 15:34:28 +0000 (16:34 +0100)]
dbwrap: Convert dbwrap_store to dbwrap_do_locked

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agopy-librpc: Strictly check the type of the incoming sid pointer
Andrew Bartlett [Wed, 9 Aug 2017 01:57:13 +0000 (13:57 +1200)]
py-librpc: Strictly check the type of the incoming sid pointer

This avoids casting another type of object to a void* and then to a SID

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Aug 15 12:00:58 CEST 2017 on sn-devel-144

2 years agos4/lib/tls: Use SHA256 to sign the TLS certificates
Andrew Bartlett [Wed, 9 Aug 2017 04:44:24 +0000 (16:44 +1200)]
s4/lib/tls: Use SHA256 to sign the TLS certificates

The use of SHA-1 has been on the "do not" list for a while now, so make our
self-signed certificates use SHA256 using the new
gnutls_x509_crt_sign2 provided since GNUTLS 1.2.0

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12953

2 years agosamba-tool dns query: Allow '*' in names
Gary Lockyer [Wed, 19 Jul 2017 21:13:43 +0000 (09:13 +1200)]
samba-tool dns query: Allow '*' in names

As DNS wild cards are now supported we need to allow '*' characters in
the domain names.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952

2 years agosamba-tool dns: Test support of DNS wild card in names
Gary Lockyer [Mon, 7 Aug 2017 01:42:02 +0000 (13:42 +1200)]
samba-tool dns: Test support of DNS wild card in names

As DNS wild cards are now supported we need to allow '*' characters in
the domain names.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952

2 years agodnsserver: Add support for dns wildcards
Gary Lockyer [Thu, 3 Aug 2017 03:12:02 +0000 (15:12 +1200)]
dnsserver: Add support for dns wildcards

Add support for dns wildcard records. i.e. if the following records
exist

  exact.samba.example.com 3600 A 1.1.1.1
  *.samba.example.com     3600 A 1.1.1.2

look up on exact.samba.example.com will return 1.1.1.1
look up on *.samba.example.com     will return 1.1.1.2
look up on other.samba.example.com will return 1.1.1.2

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952

2 years agodnsserver: Tighten DNS name checking
Gary Lockyer [Thu, 3 Aug 2017 03:12:51 +0000 (15:12 +1200)]
dnsserver: Tighten DNS name checking

Add checks for the maximum permitted length, maximum number of labels
and the maximum label length.  These extra checks will be used by the
DNS wild card handling.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952

2 years agodnsserver: Tests for dns wildcard entries
Gary Lockyer [Tue, 25 Jul 2017 02:14:53 +0000 (14:14 +1200)]
dnsserver: Tests for dns wildcard entries

Add tests for dns wildcards.
Tests validated against Windows Server 2012 R2

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952

2 years agos4: com: Replace erroneous inclusion of internal talloc.h header with external.
Jeremy Allison [Mon, 14 Aug 2017 20:02:30 +0000 (13:02 -0700)]
s4: com: Replace erroneous inclusion of internal talloc.h header with external.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 15 08:06:40 CEST 2017 on sn-devel-144

2 years agoctdb-daemon: Drop the implementation of CHECK_SRVIDS control
Amitay Isaacs [Thu, 10 Aug 2017 04:50:02 +0000 (14:50 +1000)]
ctdb-daemon: Drop the implementation of CHECK_SRVIDS control

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Aug 14 13:00:16 CEST 2017 on sn-devel-144

2 years agoctdb-protocol: Drop unused protocol data structures
Amitay Isaacs [Fri, 4 Aug 2017 04:30:41 +0000 (14:30 +1000)]
ctdb-protocol: Drop unused protocol data structures

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-protocol: Drop marshalling code for CHECK_SRVIDS control
Amitay Isaacs [Fri, 4 Aug 2017 04:27:26 +0000 (14:27 +1000)]
ctdb-protocol: Drop marshalling code for CHECK_SRVIDS control

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-client: Drop client code to send CHECK_SRVIDS control
Amitay Isaacs [Fri, 4 Aug 2017 04:25:04 +0000 (14:25 +1000)]
ctdb-client: Drop client code to send CHECK_SRVIDS control

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-tools: Drop check_srvids command from ctdb tool
Amitay Isaacs [Fri, 4 Aug 2017 04:24:33 +0000 (14:24 +1000)]
ctdb-tools: Drop check_srvids command from ctdb tool

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-protocol: Mark CTDB_CONTROL_CHECK_SRVIDS obsolete
Amitay Isaacs [Fri, 4 Aug 2017 04:06:25 +0000 (14:06 +1000)]
ctdb-protocol: Mark CTDB_CONTROL_CHECK_SRVIDS obsolete

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-client: Server id exists should check if the pid still exists
Amitay Isaacs [Fri, 4 Aug 2017 04:22:31 +0000 (14:22 +1000)]
ctdb-client: Server id exists should check if the pid still exists

This matches what the older client code and samba does.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-tools: Remove duplicate code
Martin Schwenke [Thu, 10 Aug 2017 10:23:09 +0000 (20:23 +1000)]
ctdb-tools: Remove duplicate code

These lines are duplicates of those above.  It has always been this
way...

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Aug 14 09:00:45 CEST 2017 on sn-devel-144

2 years agoctdb-scripts: Ignore shellcheck SC2181 warning (use of $?)
Martin Schwenke [Fri, 11 Aug 2017 02:49:32 +0000 (12:49 +1000)]
ctdb-scripts: Ignore shellcheck SC2181 warning (use of $?)

Given the size of the command substitutions it would be less clear to
embed the assignments and substitutions inside a conditional.  It is
clearer if the exit code is checked afterwards.

However, do fix some untidy uses of != instead of -ne when comparing
with $?.  Make the code easier to understand by reversing the logic
and using -eq and ||.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tools: Avoid shellcheck SC2181 warnings (use of $?) in onnode
Martin Schwenke [Thu, 13 Jul 2017 02:58:33 +0000 (12:58 +1000)]
ctdb-tools: Avoid shellcheck SC2181 warnings (use of $?) in onnode

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tools: Use a clear and readable if-statement
Martin Schwenke [Fri, 11 Aug 2017 04:06:30 +0000 (14:06 +1000)]
ctdb-tools: Use a clear and readable if-statement

This is consistent with the if-statement above.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tools: Reformat and explain complex code
Martin Schwenke [Wed, 9 Aug 2017 07:11:18 +0000 (17:11 +1000)]
ctdb-tools: Reformat and explain complex code

There are multiple command groups and redirects on very long lines.
Reformat the long lines to break them up and add a comment to explain
what is happening.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tools: Avoid shellcheck SC2188 warning (redirect without command)
Martin Schwenke [Thu, 13 Jul 2017 03:08:39 +0000 (13:08 +1000)]
ctdb-tools: Avoid shellcheck SC2188 warning (redirect without command)

Shellcheck found a bug!

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-scripts: Avoid shellcheck warning SC2188 (redirect without command)
Martin Schwenke [Thu, 13 Jul 2017 02:52:39 +0000 (12:52 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2188 (redirect without command)

This makes the code look deliberate instead like something has been
accidentally omitted.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Indentation fixups
Martin Schwenke [Thu, 3 Aug 2017 11:01:59 +0000 (21:01 +1000)]
ctdb-tests: Indentation fixups

The rest of the code in this file now matches the coding guidelines,
so clean up the rest.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Fix logic to handle PATH additions for tests
Martin Schwenke [Wed, 15 Mar 2017 04:50:46 +0000 (15:50 +1100)]
ctdb-tests: Fix logic to handle PATH additions for tests

When using non-standard test subdirectories, the current code can fail
to find the test bin directory and stupidly just adds /bin to PATH.

Switch to using CTDB_TESTS_ARE_INSTALLED along with some sanity checks
to determine the mode of operation.

With this change, test directories can now be created as
subdirectories of arbitrary component directories.  Tests can then be
run directly, either by specifying the subdirectory or individual test
cases.

Integration into the top-level tests/ directory is then done via a
symbolic link, which enables 2 things:

* Ability to run a directory of test cases from top level by simply
  specifying the link name.

* Ease of installation - the installation code just works with the
  symbolic link.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Move die() function to top of script
Martin Schwenke [Thu, 3 Aug 2017 10:57:47 +0000 (20:57 +1000)]
ctdb-tests: Move die() function to top of script

So it can be called within the script instead of just by scripts that
include it.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: run_tests.sh sets evironment variable CTDB_TEST_DIR
Martin Schwenke [Thu, 3 Aug 2017 10:36:57 +0000 (20:36 +1000)]
ctdb-tests: run_tests.sh sets evironment variable CTDB_TEST_DIR

Instead of just local variable test_dir.  The environment variable can
be accessed from other test infrastructure scripts.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoblackbox: Add test for 'net ads changetrustpw'
Andreas Schneider [Wed, 9 Aug 2017 10:14:34 +0000 (12:14 +0200)]
blackbox: Add test for 'net ads changetrustpw'

BUG: BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 11 22:09:27 CEST 2017 on sn-devel-144

2 years agos3:libads: Fix changing passwords with Kerberos
Andreas Schneider [Wed, 9 Aug 2017 16:14:23 +0000 (18:14 +0200)]
s3:libads: Fix changing passwords with Kerberos

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agos4:rpc_server:backupkey: Move variable into scope
Andreas Schneider [Tue, 18 Jul 2017 10:49:05 +0000 (12:49 +0200)]
s4:rpc_server:backupkey: Move variable into scope

CID: #1415510

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12959

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agoheimdal: Fix printing a short int into a string
Andreas Schneider [Wed, 9 Aug 2017 15:01:09 +0000 (17:01 +0200)]
heimdal: Fix printing a short int into a string

The size of portstr is too small to print an integer and we should print
a short anyway.

This fixes building with GCC 7.1

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 11 18:08:04 CEST 2017 on sn-devel-144

2 years agoexamples: add cache effectiveness stats to gencache.stp
Ralph Boehme [Wed, 26 Jul 2017 12:29:33 +0000 (14:29 +0200)]
examples: add cache effectiveness stats to gencache.stp

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Aug 11 14:19:24 CEST 2017 on sn-devel-144

2 years agoREADME.Coding: add "Error and out logic"
Ralph Boehme [Wed, 9 Aug 2017 13:24:41 +0000 (15:24 +0200)]
README.Coding: add "Error and out logic"

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Simo <simo@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Aug 10 14:36:01 CEST 2017 on sn-devel-144

2 years agoctdb-tests: Add a big no-op LCP2 IP takeover test
Martin Schwenke [Thu, 13 Jul 2017 05:52:54 +0000 (15:52 +1000)]
ctdb-tests: Add a big no-op LCP2 IP takeover test

Although this tests correctness it is most useful for testing that
changes to IP takeover algorithm do not cause obvious performance
regressions.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Aug 10 10:30:58 CEST 2017 on sn-devel-144

2 years agoctdb-takeover: Do not call ctdb_announce_vnn_iface() for updateip
Martin Schwenke [Thu, 27 Jul 2017 05:04:30 +0000 (15:04 +1000)]
ctdb-takeover: Do not call ctdb_announce_vnn_iface() for updateip

This causes any tracked connections for the IP address to be lost.

When doing a takeip, the server sends a tickle ACK to the client, the
client responds with a valid ACK and the server's TCP stack responds
with a reset because the connection does not exist.  However, in the
updateip, case the connection *does* exist, so the tickle *does not*
cause the connection to be reset.

ctdb_announce_vnn_iface() clears the list of tracked TCP connections
while sending the tickle ACKs.  So, if there are no reconnects as in
the takeip case, then the list of connections is simply lost.

The "updateip" event in the 10.interface event script already sends
gratuitous ARPs and tickles connections in both directions.  This
ensures that traffic continues after packets may have been dropped
when the script temporarily blocks traffic to the IP address.

All of this means that the call to ctdb_announce_vnn_iface() can just
be deleted.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agobuild: Do not recurse on symlinks to directories when building tarballs
Martin Schwenke [Tue, 8 Aug 2017 10:50:25 +0000 (20:50 +1000)]
build: Do not recurse on symlinks to directories when building tarballs

DIST_FILES() causes all files in any specified directory to be
recursively added to the tarball.  However, a symbolic link to a
directory is detected as a regular directory so is also subject to
recursion.  This means that a symbolic link to a directory is
dereferenced and the directory of files beyond it are added to the
tarball under a directory corresponding to the link.  This is almost
certainly not what is intended because it will usually result in
duplicate files.  This is because the contents of a symbolic link's
target directory will already be present in the tarball.

Instead, do not treat symbolic links to directories as directories,
but add them to the tarball like normal files.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agobuild: Do not ignore symlinks to directories when building tarballs
Martin Schwenke [Sun, 6 Aug 2017 04:56:17 +0000 (14:56 +1000)]
build: Do not ignore symlinks to directories when building tarballs

Tarballs currently do not contain symbolic links to directories even
if they are committed in git.  This means that CTDB tests fail when
run in-tree from a tarball, due to a couple of missing links needed by
unit tests:

  ERROR: Directory .../ctdb/tests/var/unit_eventscripts/etc-ctdb/events.d does not exist.

Subdirectories of directories specified via DIST_DIRS() are ignored,
since all the files within them are separately added to the tarball.
Symbolic links to directories are detected as directories, so they are
also ignored, causing them to be missing from the tarball.

Instead, do not treat symbolic links to directories as directories,
but add them to the tarball like normal files.

It is easy to confirm that this change causes no difference to current
tarballs other than causing the missing CTDB test links to be added:

  $ diff -u samba-4.8.0pre1-GIT-eb691cd0242.tar.gz.contents samba-4.8.0pre1-GIT-dfb16de0149.tar.gz.contents
  --- samba-4.8.0pre1-GIT-eb691cd0242.tar.gz.contents 2017-08-08 20:21:40.022993091 +1000
  +++ samba-4.8.0pre1-GIT-dfb16de0149.tar.gz.contents 2017-08-08 20:35:11.001580747 +1000
  @@ -578,7 +578,9 @@
   ctdb/tests/eventscripts/91.lvs.startup.001.sh
   ctdb/tests/eventscripts/91.lvs.startup.002.sh
   ctdb/tests/eventscripts/README
  +ctdb/tests/eventscripts/etc-ctdb/events.d
   ctdb/tests/eventscripts/etc-ctdb/functions
  +ctdb/tests/eventscripts/etc-ctdb/nfs-checks.d
   ctdb/tests/eventscripts/etc-ctdb/nfs-linux-kernel-callout
   ctdb/tests/eventscripts/etc-ctdb/public_addresses
   ctdb/tests/eventscripts/etc-ctdb/rc.local

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agotdb: Do not allow to pass NULL as the buffer to transaction_write()
Andreas Schneider [Wed, 9 Aug 2017 07:58:35 +0000 (09:58 +0200)]
tdb: Do not allow to pass NULL as the buffer to transaction_write()

This fixes a GCC warning.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 10 02:26:09 CEST 2017 on sn-devel-144

2 years agotdb: Write zero data using 8k buffer in transaction_expand_file()
Andreas Schneider [Wed, 9 Aug 2017 08:53:12 +0000 (10:53 +0200)]
tdb: Write zero data using 8k buffer in transaction_expand_file()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agotdb: Avoid NULL tdb_write
Volker Lendecke [Wed, 9 Aug 2017 08:16:36 +0000 (10:16 +0200)]
tdb: Avoid NULL tdb_write

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agotdb: Consistency check for tdb_storev
Volker Lendecke [Wed, 9 Aug 2017 08:15:27 +0000 (10:15 +0200)]
tdb: Consistency check for tdb_storev

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agovfs_fruit: factor out common code from ad_get() and ad_fget()
Ralph Boehme [Wed, 24 May 2017 07:17:19 +0000 (09:17 +0200)]
vfs_fruit: factor out common code from ad_get() and ad_fget()

As a result of the previous changes ad_get() and ad_fget() do completey
the same, so factor out the common code to a new helper function. No
change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug  9 22:33:36 CEST 2017 on sn-devel-144

2 years agovfs_fruit: return fake pipe fd in fruit_open_meta_netatalk()
Ralph Boehme [Tue, 23 May 2017 15:44:16 +0000 (17:44 +0200)]
vfs_fruit: return fake pipe fd in fruit_open_meta_netatalk()

Do not open the basefile, that conflict with "kernel oplocks = yes". We
just return a fake file fd based on dup'ing a pipe fd and ensure all VFS
functions that go through vfs_fruit and work on the metadata stream can
deal with it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_fruit: don't open basefile in ad_open() and simplify API
Ralph Boehme [Tue, 23 May 2017 15:31:47 +0000 (17:31 +0200)]
vfs_fruit: don't open basefile in ad_open() and simplify API

We never need an fd on the basefile when operating on the metadata, as
we can always use path based syscalls. Opening the basefile conflicts
with "kernel oplocks" so just don't do it.

Additional changes:

- remove the adouble_type_t argument to ad_open(), the type is passed
  and set when allocating a struct adouble with ad_alloc()

- additionally pass an optional fsp to ad_open() (so the caller can pass
  NULL). With this change we can move the fd inheritance from fsp to ad
  into ad_open() itself where it belongs and remove it from the caller
  ad_fget()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agovfs_fruit: use path based setxattr call in ad_fset()
Ralph Boehme [Tue, 23 May 2017 15:39:46 +0000 (17:39 +0200)]
vfs_fruit: use path based setxattr call in ad_fset()

This allows later commits to remove opening of the basefile which
conflict with "kernel oplocks = yes".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agos4/torture: additional tests for kernel-oplocks
Ralph Boehme [Thu, 18 May 2017 11:17:38 +0000 (13:17 +0200)]
s4/torture: additional tests for kernel-oplocks

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agos4/torture: reproducer for kernel oplocks issue with streams
Ralph Boehme [Wed, 10 May 2017 09:38:06 +0000 (11:38 +0200)]
s4/torture: reproducer for kernel oplocks issue with streams

test_smb2_kernel_oplocks3() wouldn't have failed without the patches,
I'm just adding it to have at least one test that tests with 2
clients. All other tests use just one client.

test_smb2_kernel_oplocks4() is the reproducer.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agovfs_streams_xattr: return a fake fd in streams_xattr_open()
Ralph Boehme [Thu, 11 May 2017 16:08:56 +0000 (18:08 +0200)]
vfs_streams_xattr: return a fake fd in streams_xattr_open()

The final step in changing vfs_streams_xattr to not call open() on the
basefile anymore. Instead, we just return a fake file fd based on
dup'ing a pipe fd. Previous commits ensured all calls to VFS API
functions use pathname based versions to do their work.

This ensures we don't trigger kernel oplock breaks for client "open
stream" requests when needlessly opening the basefile.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_streams_xattr: implement all missing handle based VFS functions
Ralph Boehme [Thu, 11 May 2017 16:05:18 +0000 (18:05 +0200)]
vfs_streams_xattr: implement all missing handle based VFS functions

Implement all missing handle based VFS function. If the call is on a
named stream, implement the appropriate action for the VFS function, in
most cases a no-op.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_streams_xattr: always pass NULL as fsp arg to get_ea_value()
Ralph Boehme [Thu, 11 May 2017 15:38:00 +0000 (17:38 +0200)]
vfs_streams_xattr: always pass NULL as fsp arg to get_ea_value()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_streams_xattr: remove fsp argument from get_xattr_size()
Ralph Boehme [Thu, 11 May 2017 15:36:15 +0000 (17:36 +0200)]
vfs_streams_xattr: remove fsp argument from get_xattr_size()

Still in the process of changing all handle based operations to use path
based operations.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_streams_xattr: remove all uses of fd, use name based functions
Ralph Boehme [Thu, 11 May 2017 13:05:23 +0000 (15:05 +0200)]
vfs_streams_xattr: remove all uses of fd, use name based functions

We don't really need an fd in this module, all calls to the VFS xattr
API can just use the name based versions.

This paves the way for removing the open of the basefile in
streams_xattr_open() in a later commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agovfs_streams_xattr: invalidate stat info if xattr was not found
Ralph Boehme [Thu, 11 May 2017 05:59:20 +0000 (07:59 +0200)]
vfs_streams_xattr: invalidate stat info if xattr was not found

We stat the basefile so we leave valid stat info from the base file
behind, even though the xattr for the stream was not there.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agos3:utils: Fix buffer size for snprintf and format string
Andreas Schneider [Wed, 9 Aug 2017 06:37:38 +0000 (08:37 +0200)]
s3:utils: Fix buffer size for snprintf and format string

GCC 7.1 produces an error:
‘snprintf’ output between 47 and 66 bytes into a destination of size 40

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug  9 13:37:47 CEST 2017 on sn-devel-144

2 years agos3:torture: Fix spoolss test to build with -O3
Andreas Schneider [Wed, 9 Aug 2017 06:23:29 +0000 (08:23 +0200)]
s3:torture: Fix spoolss test to build with -O3

Initialize variables so that we do not get a build warning that they
might be used uninitilized.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agos4:samdb: Fix building Samba with -O3
Andreas Schneider [Wed, 9 Aug 2017 05:45:04 +0000 (07:45 +0200)]
s4:samdb: Fix building Samba with -O3

gcc error: ‘result’ may be used uninitialized

This wont happen, because ldb will return and error, but the compiler
doesn't understand this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agovfs_gpfs: handle EACCES when fetching DOS attributes from xattr
Ralph Boehme [Thu, 8 Jun 2017 17:18:36 +0000 (19:18 +0200)]
vfs_gpfs: handle EACCES when fetching DOS attributes from xattr

When trying to fetch the DOS attributes via gpfswrap_get_winattrs_path()
if the filesystem doesn't grant READ_ATTR to the file the function fails
with EACCESS.

But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.

So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call gpfswrap_get_winattrs_path()
with DAC_OVERRIDE_CAPABILITY.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug  9 01:21:14 CEST 2017 on sn-devel-144

2 years agos3/smbd: handle EACCES when fetching DOS attributes from xattr
Ralph Boehme [Thu, 8 Jun 2017 17:10:20 +0000 (19:10 +0200)]
s3/smbd: handle EACCES when fetching DOS attributes from xattr

When trying to fetch the DOS attributes xattr via SMB_VFS_GETXATTR() if
the filesystem doesn't grant read access to the file the xattr read
request fails with EACCESS.

But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.

So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call SMB_VFS_GETXATTR() as root,
ensuring we can read the DOS attributes xattr.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2 years agos3/smbd: handling of failed DOS attributes reading
Ralph Boehme [Thu, 8 Jun 2017 17:05:48 +0000 (19:05 +0200)]
s3/smbd: handling of failed DOS attributes reading

Only fall back to using UNIX modes if we get NOT_IMPLEMENTED. This is
exactly what we already do when setting DOS attributes.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2 years agopython:tests: Add test for warn_pwd_expire
Andreas Schneider [Tue, 1 Aug 2017 14:07:58 +0000 (16:07 +0200)]
python:tests: Add test for warn_pwd_expire

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Aug  7 19:11:02 CEST 2017 on sn-devel-144

2 years agopython:tests: Do not overwrite exit code
Andreas Schneider [Tue, 1 Aug 2017 14:05:57 +0000 (16:05 +0200)]
python:tests: Do not overwrite exit code

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agosource3/client: Fix typo in help message displayed by default
Anoop C S [Mon, 31 Jul 2017 10:09:19 +0000 (15:39 +0530)]
source3/client: Fix typo in help message displayed by default

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12936

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agopython: Fix incorrect kdc.conf parameter name in kerberos.py
Marc Muehlfeld [Sun, 6 Aug 2017 09:50:55 +0000 (11:50 +0200)]
python: Fix incorrect kdc.conf parameter name in kerberos.py

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agowinbindd: give an IRPC error if wb_irpc_SamLogon() is called without useful routing...
Stefan Metzmacher [Fri, 21 Jul 2017 10:29:31 +0000 (12:29 +0200)]
winbindd: give an IRPC error if wb_irpc_SamLogon() is called without useful routing information

The caller should have checked this already!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agowinbindd: as DC we should try to get the target_domain from @SOMETHING part of the...
Stefan Metzmacher [Fri, 21 Jul 2017 10:29:31 +0000 (12:29 +0200)]
winbindd: as DC we should try to get the target_domain from @SOMETHING part of the username in wb_irpc_SamLogon()

We still need a full routing table including all upn suffixes,
but this is a start to support NTLM authentication using user@REALM
against structed domains.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agowinbindd: Print debug if we don't know how to route a wb_irpc_SamLogon() request
Stefan Metzmacher [Fri, 21 Jul 2017 10:29:31 +0000 (12:29 +0200)]
winbindd: Print debug if we don't know how to route a wb_irpc_SamLogon() request

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agowinbindd: allow all possible logon levels in wb_irpc_SamLogon()
Stefan Metzmacher [Fri, 21 Jul 2017 10:29:31 +0000 (12:29 +0200)]
winbindd: allow all possible logon levels in wb_irpc_SamLogon()

We should just try to find the correct domain to forward the
request, all logic of not implementing serveral logon levels
belongs to the _winbind_SamLogon() implementation.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:auth/ntlmssp: add support for using "winbind" as DC
Stefan Metzmacher [Fri, 16 Jun 2017 23:06:46 +0000 (01:06 +0200)]
s4:auth/ntlmssp: add support for using "winbind" as DC

This adds support for trusted domains to the auth stack on AD DCs.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:auth: use "sam winbind" for the netlogon server
Stefan Metzmacher [Wed, 22 Mar 2017 10:16:47 +0000 (11:16 +0100)]
s4:auth: use "sam winbind" for the netlogon server

This adds authentication support for trusted domains to the
netlogon server.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:auth/ntlm: provide auth_check_password_wrapper_send/recv to auth4_context
Stefan Metzmacher [Fri, 16 Jun 2017 21:07:04 +0000 (23:07 +0200)]
s4:auth/ntlm: provide auth_check_password_wrapper_send/recv to auth4_context

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/common: add support for auth4_ctx->check_ntlm_password_send/recv()
Stefan Metzmacher [Fri, 16 Jun 2017 15:18:17 +0000 (17:18 +0200)]
auth/common: add support for auth4_ctx->check_ntlm_password_send/recv()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/ntlmssp: merge ntlmssp_server_check_password() into ntlmssp_server_auth_send()
Stefan Metzmacher [Fri, 16 Jun 2017 15:14:35 +0000 (17:14 +0200)]
auth/ntlmssp: merge ntlmssp_server_check_password() into ntlmssp_server_auth_send()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/ntlmssp: introduce ntlmssp_server_auth_send/recv
Stefan Metzmacher [Fri, 16 Jun 2017 14:16:15 +0000 (16:16 +0200)]
auth/ntlmssp: introduce ntlmssp_server_auth_send/recv

We still use the sync ntlmssp_server_check_password().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/ntlmssp: prepare update_send/recv for real async processing
Stefan Metzmacher [Wed, 14 Jun 2017 22:34:26 +0000 (00:34 +0200)]
auth/ntlmssp: prepare update_send/recv for real async processing

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:auth_winbind: implement async authentication via IRPC
Stefan Metzmacher [Fri, 16 Jun 2017 22:56:09 +0000 (00:56 +0200)]
s4:auth_winbind: implement async authentication via IRPC

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:rpc_server/netlogon: make use of auth_check_password_send/recv()
Stefan Metzmacher [Fri, 17 Mar 2017 18:36:08 +0000 (19:36 +0100)]
s4:rpc_server/netlogon: make use of auth_check_password_send/recv()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:rpc_server/netlogon: make use of async kdc_check_generic_kerberos_send/recv()
Stefan Metzmacher [Fri, 21 Jul 2017 06:10:02 +0000 (08:10 +0200)]
s4:rpc_server/netlogon: make use of async kdc_check_generic_kerberos_send/recv()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:rpc_server/netlogon: prepare dcesrv_netr_LogonSamLogon_base for async processing
Stefan Metzmacher [Fri, 17 Mar 2017 18:27:38 +0000 (19:27 +0100)]
s4:rpc_server/netlogon: prepare dcesrv_netr_LogonSamLogon_base for async processing

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4:rpc_server/netlogon: check auth_level for validation level 6 already in dcesrv_net...
Stefan Metzmacher [Fri, 21 Jul 2017 05:39:11 +0000 (07:39 +0200)]
s4:rpc_server/netlogon: check auth_level for validation level 6 already in dcesrv_netr_LogonSamLogon_check()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>