Uri Simchoni [Thu, 2 Mar 2017 06:46:44 +0000 (08:46 +0200)]
smbd: refuse_symlink() - do not fail if the file does not exist
If the file does not exist, it is not a symlink. Current callers
use this function to see if extended attributes can be set / fetched.
Allow them to try and leave the error code at the discretion of the
VFS.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 2 Mar 2017 07:13:57 +0000 (08:13 +0100)]
s3:winbindd: fix endless forest trust scan
Commit
0392ebcd1d48e9f472f2148b85316a77d9cc953b effectively
disabled the enumeration of trusts in other forests.
The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691
changed the way we fill domain->domain_flags for domains
in other forests.
Commit
fffefe72fcc62d9688b45f53a5327667dc0b2fe6 readded the
ability to enumerate trusts of other forests again, in order to
fix https://bugzilla.samba.org/show_bug.cgi?id=11830
Now we have the problem that multiple domains
(even outside of our forest) are considert to be
our forest root, as they have the following flags:
NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Mar 2 17:53:14 CET 2017 on sn-devel-144
Andreas Schneider [Mon, 27 Feb 2017 16:18:15 +0000 (17:18 +0100)]
s3:librpc: Handle gss_min in gse_get_client_auth_token() correctly
This will make sure we correctly fall back to NTLMSSP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12557
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Mar 2 12:41:40 CET 2017 on sn-devel-144
Stefan Metzmacher [Fri, 20 Jan 2017 16:15:49 +0000 (17:15 +0100)]
gensec:spnego: Add debug message for the failed principal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12557
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Thu, 23 Feb 2017 22:58:33 +0000 (11:58 +1300)]
ndr: Use resizing array instead of linked lists (breaking ABI)
The ndr token code keeps a temporary store of tokens which are
referred to a small number of times (often once) before being
discarded. The access patterns are somewhat stack-like, with recently
placed tokens being accessed most often.
The old code kept these tokens in a linked list, which we replace with
a self-resizing array.
This keeps everything roughly the same in big-O terms, but makes it
all faster in practice by vastly reducing the amount of tallocing and
pointer-chasing.
The peak memory use is strictly reduced. On a 64 bit machine each core
token struct fits in 16 bytes (after padding) while the two pointers
used by the DLIST add another 16 bytes, so the overall list allocation
is the same as the peak 2n array allocation -- except in the list case
it is dwarfed by the talloc and malloc metadata overhead.
Before settling on the resized arrays, we tried red-black trees, which
are bound to be better for large ndr structures. As it happens, we
don't deal with large structures (the size of replication clumps is
limited to 400 objects) and the asymptotic benefits of the trees are
not realised in practice.
With luck you should find graphs comparing the performance of these
various techniques at:
https://www.samba.org/~dbagnall/perf-tests/ndr-token/
This necessarily breaks the ABI because the linked list implementation
was publicly exposed.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 2 08:38:22 CET 2017 on sn-devel-144
Douglas Bagnall [Thu, 23 Feb 2017 22:59:24 +0000 (11:59 +1300)]
ndr: fix whitespace in libndr.h, ndr.c
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 24 Feb 2017 01:42:32 +0000 (14:42 +1300)]
selftest: add search performance tests
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 16 Feb 2017 03:41:00 +0000 (16:41 +1300)]
selftest: ndr_pack/unpack performance test
This just does a lot of packing and unpacking of various structures.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 25 Feb 2017 00:38:17 +0000 (13:38 +1300)]
ndr tests: silence a harmless warning
gcc 7.
"duplicate ‘const’ declaration specifier [-Wduplicate-decl-specifier]"
Signed-off-by: Douglas Bagnall <douglas@halo.gen.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Tue, 28 Feb 2017 08:39:37 +0000 (09:39 +0100)]
vfs_fruit: enabling AAPL extensions must be a global switch
Apple's SMB2 AAPL extension is enabled once per SMB2
connection. Unfortunately the (per se correct) fix for bug #12541
results in vfs_fruit checking a per tcon config state variable to
determine whether AAPL has been negotiated. This variable will be false
for all but the first tcon. We must make it a global variable.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12604
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Mar 2 04:34:10 CET 2017 on sn-devel-144
Ralph Boehme [Thu, 19 Jan 2017 08:30:45 +0000 (09:30 +0100)]
vfs_fruit: only veto AppleDouble files with fruit:resource=file
vfs_fruit only creates AppleDouble files itself when "fruit:resource" is
set to "file" (the default). It is only then the these AppleDouble files
should be treated as an internal representation and should be
inaccessible from clients.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12526>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 17 Feb 2017 15:35:44 +0000 (16:35 +0100)]
s4/torture: vfs_fruit: add stream with illegal ntfs characters to copyile test
This ensures a stream with illegal NTFS characters mapped to the Unicode
private range like
:foo\xef\x80\xa2bar:$DATA
that is stored as an xattr name
user.DosStream.foo:bar:$DATA
if "fruit:encoding = native" is set, is copied by the special fruit
copy_chunk request.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 7 Feb 2017 14:01:53 +0000 (15:01 +0100)]
vfs_fruit: use stat info from base_fsp
This is also supposed to be valid in the VFS stack, so there's no need
to re-stat here.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Sun, 11 Dec 2016 18:11:09 +0000 (19:11 +0100)]
s4/torture: vfs_fruit: test invalid AFPINFO_STREAM_NAME
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Sun, 11 Dec 2016 18:10:05 +0000 (19:10 +0100)]
vfs_fruit: ignore or delete invalid AFP_AfpInfo streams
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Sun, 11 Dec 2016 18:06:46 +0000 (19:06 +0100)]
selftest: add shares without vfs_fruit for the vfs_fruit tests
Not used for now, but the next commit will add a test that makes use of
this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Sun, 11 Dec 2016 18:02:37 +0000 (19:02 +0100)]
s4/torture: change shares in used torture_suite_add_2ns_smb2_test()
torture_suite_add_2ns_smb2_test wan't used, change it to use the default
share as share 1 and a second share taken from torture option
"torture:share2".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 16:47:36 +0000 (17:47 +0100)]
docs/vfs_fruit: document known limitations with fruit:encoding=native
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 14:45:12 +0000 (15:45 +0100)]
s4/torture: add test for AAPL find with name with illegal NTFS characters
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 14:44:37 +0000 (15:44 +0100)]
lib/torture: add torture_assert_mem_equal_goto
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 6 Dec 2016 09:25:46 +0000 (10:25 +0100)]
s4/torture: add a vfs_fruit renaming test with open rsrc fork
Verify IO on the resource fork works after a rename of the basefile.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Mon, 5 Dec 2016 10:21:15 +0000 (11:21 +0100)]
s4/torture: vfs_fruit: test deleting a file with resource fork
All the other tests ignore the return value of smb2_util_unlink().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 29 Nov 2016 15:21:08 +0000 (16:21 +0100)]
s4/torture: vfs_fruit: add test_null_afpinfo test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 16:41:14 +0000 (17:41 +0100)]
selftest: add description to vfs_fruit testsuites
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 06:42:07 +0000 (07:42 +0100)]
selftest: also run vfs_fruit tests with streams_depot
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 15 Nov 2016 14:25:14 +0000 (15:25 +0100)]
selftest: run vfs_fruit tests against share with fruit:metadata=stream
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 15 Nov 2016 21:31:20 +0000 (22:31 +0100)]
selftest: move vfs_fruit tests that require "fruit:metadata=netatalk" to vfs.fruit_netatalk
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 19:43:21 +0000 (20:43 +0100)]
selftest: reenable vfs_fruit tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 19:42:54 +0000 (20:42 +0100)]
vfs_fruit: refactor fruit_ftruncate and use new adouble API
Use struct fio to denote a fsp handle is for a stream we care about.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 19:41:55 +0000 (20:41 +0100)]
vfs_fruit: use fio in fruit_fallocate
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 19:39:38 +0000 (20:39 +0100)]
vfs_fruit: refactor fruit_fstat and use new adouble API
Use struct fio to denote a fsp handle is for a stream we care about.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 19:38:17 +0000 (20:38 +0100)]
vfs_fruit: refactor fruit_pread and fruit_pwrite and use new adouble API
Use struct fio to denote a fsp handle is for a stream we care about.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 19:34:55 +0000 (20:34 +0100)]
vfs_fruit: refactor fruit_open and use new adouble API
Use struct fio to denote a fsp handle is for a stream we care about.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 18:12:32 +0000 (19:12 +0100)]
vfs_fruit: rework struct adouble API
o factor out ad_open(), opens an fd to be used with IO on the metadata
streams
o rename ad_write() to ad_set() as this aligns nicely with the existing
ad_get. This is the pathname based version used to solely set metadata
on a file, there's also a handle based version:
o add ad_fset(), a handle based version that can be used to set metadata
and to update the AppleDouble header in a ._ AppleDouble file
o remove fruit_fsp_recheck(), looking at it more closely, it is not
needed
This commit *compiles*, but all callers in the VFS ops must now be
updated to use the new semantics, this comes next...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 21:54:46 +0000 (22:54 +0100)]
selftest: disable vfs_fruit tests
The next commits will completely change handle based VFS ops. This
couldn't be done in a piecemeal fashion, I had to wipe the slate clean.
Disabling tests in order to not break git bisects.
Tests will be reenabled after a few commits that apply the larger change
in a somewhat digestible fashion.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 10:08:53 +0000 (11:08 +0100)]
vfs_fruit: fix fruit_check_access()
Applying fcntl read locks requires an fd opened for reading. This means
we have to check the open flags of an fd and if the fd is not opened for
reading, we can't use it to set shared fctnl locks.
Iow we won't be applying interop locks with Netatalk for files openend
write-only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 6 Dec 2016 14:07:20 +0000 (15:07 +0100)]
vfs_fruit: remove base_fsp name translation
This is now nicely done by vfs_catia for us.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Wed, 8 Feb 2017 18:15:38 +0000 (19:15 +0100)]
vfs_fruit: use SMB_VFS_NEXT_OPEN in two places
Using the SMB_VFS_OPEN leads to a logic recursion that is hard to follow
and debug. It may be called twice for the same fsp with two different
smb_fname's.
Changing this here to use the NEXT function instead should have no
change in behaviour otherwise, but it allows adding sane caching to
vfs_catia to handle based VFS ops.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 16:00:03 +0000 (17:00 +0100)]
vfs_fruit: refactor readdir_attr_macmeta() resource fork size
Move resource fork size calculation to helper functions.
Adds correct handling for the fruit:resource=stream case in
readdir_attr_rfork_size_stream(), this wasn't done previously.
Otherwise no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 15:20:46 +0000 (16:20 +0100)]
vfs_fruit: refactor fruit_ftruncate() and fix stream case
The fruit:metadata=stream case wasn't handled previosly, this is now
done in fruit_ftruncate_rsrc_stream(). The rest is just refactoring and
no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 14:57:22 +0000 (15:57 +0100)]
vfs_fruit: fix fruit_ntimes() for the fruit:metadata!=netatalk case
The following code must only be executed for the fruit:metadata=netatalk
case. Otherwise no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 14:49:03 +0000 (15:49 +0100)]
vfs_fruit: refactor fruit_streaminfo()
Handle all settings of fruit:metadata and fruit:resource in helper
functions.
Resource fork streams of 0 bytes must be filtered out, this wasn't done
previously for the fruit:resource=stream and xattr case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 10:44:53 +0000 (11:44 +0100)]
vfs_fruit: add fruit_stat_rsrc_xattr() implementation
This fixes fruit_stat_rsrc for the fruit:resource=xattr case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 10:30:06 +0000 (11:30 +0100)]
vfs_fruit: add fruit_stat_rsrc_stream() implementation
This fixes fruit_stat_rsrc for the fruit:resource=stream case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 10:26:22 +0000 (11:26 +0100)]
vfs_fruit: refactor fruit_stat_rsrc()
Use helper functions for the fruit:resource cases. No change in
behaveour.
The next patch will add the proper helper functions for
fruit:resource=xattr and fruit:resource=stream.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 09:46:55 +0000 (10:46 +0100)]
vfs_fruit: refactor fruit_open_rsrc()
This just splits up fruit_open_rsrc() to use helper functions for each
config->rsrc setting. No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 9 Dec 2016 17:24:40 +0000 (18:24 +0100)]
vfs_fruit: in fruit_rmdir() check ._ files before deleting them
This ensures we only delete valid AppleDouble files whose names begin
with "._", not just *any* file that matches "^._*".
Also use proper VFS functions instead of direclty calling the C library
functions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 9 Dec 2016 17:22:49 +0000 (18:22 +0100)]
vfs_fruit: fix fruit_rmdir() for the fruit:resource!=file case
The following code must only be executed for the fruit:resource=file
case. Otherwise no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 08:04:37 +0000 (09:04 +0100)]
vfs_fruit: fix fruit_chown() for the fruit:resource!=file case
The following code must only be executed for the fruit:resource=file
case.
While at it, remove an unnecessary lstat, use the stat info from
smb_fname.
Otherwise no change in behaviour for the fruit:resource=file case (the
default).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 08:02:27 +0000 (09:02 +0100)]
vfs_fruit: fix fruit_chmod() for the fruit:resource!=file case
The following code must only be executed for the fruit:resource=file
case.
While at it, remove an unnecessary lstat, use the stat info from
smb_fname.
Otherwise no change in behaviour for the fruit:resource=file case (the
default).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 08:00:31 +0000 (09:00 +0100)]
vfs_fruit: refactor fruit_unlink()
Refactor fruit_unlink() addin helper functions for all fruit:metadata
and fruit:resource settings.
No change in behaviour for fruit:metadata=netatalk and
fruit:resource=file (both the default), but fixes behaviour for the
other cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 07:47:36 +0000 (08:47 +0100)]
vfs_fruit: fix fruit_rename() for the fruit:resource!=file case
o fix the config check, we must only run following code for the
fruit:resource=file
o properly call SMB_VFS_NEXT_RENAME() instead diretly calling rename()
o bail out if we get an invalid stat
Otherwise, no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 9 Dec 2016 16:24:18 +0000 (17:24 +0100)]
vfs_fruit: correct readdir_attr_meta_finderi_stream() implementation
This gets correct behaviour in readdir_attr_meta_finderi for the
metadata=stream case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 1 Dec 2016 16:04:35 +0000 (17:04 +0100)]
vfs_fruit: refactor readdir_attr_meta()
Move the FinderInfo stuff to helper functions, no change in behaviour so
far.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 16:25:47 +0000 (17:25 +0100)]
vfs_fruit: update_btime() is only needed for metadata=netatalk
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 10:12:18 +0000 (11:12 +0100)]
vfs_fruit: correct fruit_stat_meta_stream() implementation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 10:05:50 +0000 (11:05 +0100)]
vfs_fruit: refactor fruit_stat_meta()
Handle config->meta in helper functions. No change in behaviour. The next step
will add the correct implementation of fruit_stat_meta_stream().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 9 Dec 2016 16:01:37 +0000 (17:01 +0100)]
vfs_fruit: correct fruit_open_meta_stream() implementation
This needs to create and write a metadata blob when the stream is
created.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 29 Nov 2016 15:56:00 +0000 (16:56 +0100)]
vfs_fruit: refactor fruit_open_meta()
Just split out the fruit:metadata=stream case into a helper function, no
change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Wed, 16 Nov 2016 10:01:45 +0000 (11:01 +0100)]
vfs_fruit: replace unsafe ad_entry macro with a function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 15 Nov 2016 20:32:25 +0000 (21:32 +0100)]
vfs_fruit: fix fruit_pwrite() with metadata=stream
This makes the test "delete AFP_AfpInfo by writing all 0" pass with
fruit:metadata=stream.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 9 Dec 2016 15:25:38 +0000 (16:25 +0100)]
vfs_fruit: rename empty_finderinfo() and make it more robust
No change in behaviour, but ad_entry(ad, ADEID_FINDERI) can in theory
return NULL.
The next commit will add the same function for a AfpInfo type, so rename
this function that works on struct adouble to ad_empty_finderinfo().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 15 Nov 2016 19:32:05 +0000 (20:32 +0100)]
vfs_fruit: fix fruit_ftruncate with metadata=stream
With this the test "setinfo eof AFP_AfpInfo" passed with
fruit:metadata=stream.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Wed, 16 Nov 2016 08:34:13 +0000 (09:34 +0100)]
vfs_fruit: fix fruit_pread with metadata=stream
This make the test "fix offset and len handling for AFP_AfpInfo stream"
pass with fruit:metadata=stream.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 16:18:51 +0000 (17:18 +0100)]
vfs_catia: add catia_(g|s)et_dos_attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 14:44:56 +0000 (15:44 +0100)]
vfs_catia: add catia_readdir_attr
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 6 Dec 2016 14:00:58 +0000 (15:00 +0100)]
vfs_catia: run translation on all handle based VFS functions
Also run translation of fsp->fsp_name and optionally
fsp->base_fsp->fsp_name if set for all handle based VFS functions.
This is necessary because some modules might use the path for something
in the handle based VFS ops.
An existing example is vfs_fruit. A later commit will remove the
translation that was done there because catia didn't before this commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Wed, 8 Feb 2017 18:16:21 +0000 (19:16 +0100)]
vfs_streams_xattr: use SMB_VFS_NEXT_OPEN and CLOSE
Using the SMB_VFS_OPEN leads to a recursion in the VFS that is hard to
follow and debug. It's called twice for the same fsp with two different
smb_fname's which makes it at least hard to debug, it may even be an
invalid usage.
Changing this here to use the NEXT function instead should have no
change in behaviour otherwise.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12565
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 1 Dec 2016 10:17:48 +0000 (11:17 +0100)]
vfs_streams_xattr: call SMB_VFS_OPEN with smb_fname_base
In case an SMB_VFS_OPEN() on a stream basename fails with EISDIR, we
retry the open as O_RDONLY. The retry should be done with the
smb_fname_base as well.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Wed, 16 Nov 2016 10:24:59 +0000 (11:24 +0100)]
s3/includes: add FinderInfo offset define to MacExtensions.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 15 Nov 2016 12:07:12 +0000 (13:07 +0100)]
selftest: don't run vfs_fruit tests against ad_dc env
This is just redundant and didn't add test coverage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Volker Lendecke [Mon, 20 Feb 2017 18:06:14 +0000 (19:06 +0100)]
winbind: Fix a cut&paste debug typo
We're in cm_connect_netlogon_transport, not in cm_connect_sam
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 2 00:31:54 CET 2017 on sn-devel-144
Volker Lendecke [Mon, 20 Feb 2017 17:30:48 +0000 (18:30 +0100)]
waf: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 Feb 2017 17:46:06 +0000 (18:46 +0100)]
posix_acls: Use talloc_zero_array
This is a slight change in behaviour: We now also zero out
the space for num_profile_acls.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 Feb 2017 17:45:40 +0000 (18:45 +0100)]
posix_acls: Do a *bit* of reformatting
Makes the next commit a bit more obvious to me
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Gary Lockyer [Fri, 17 Feb 2017 01:55:10 +0000 (14:55 +1300)]
script: Add test script for traffic_summary.pl
Add the test script for traffic_summary.pl, test data in previous
commit.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Mar 1 09:01:07 CET 2017 on sn-devel-144
Gary Lockyer [Thu, 16 Feb 2017 21:51:43 +0000 (10:51 +1300)]
script: Add script to provide an anonymous summary from tshark
The tshark command needs to output a PDML XML stream, which this command will
read. The summary is intended not to expose private or customer data while
allowing a good view on the range and frequency of the network traffic.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 16 Feb 2017 21:49:16 +0000 (10:49 +1300)]
script: Add test data for traffic_summary.pl
This network capture summary tool will be added in the next commit
This sample is taken from make test under SOCKET_WRAPPER_PCAP_FILE
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Sun, 26 Feb 2017 12:06:05 +0000 (13:06 +0100)]
samdb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Feb 28 13:55:42 CET 2017 on sn-devel-144
Volker Lendecke [Thu, 23 Feb 2017 19:48:32 +0000 (20:48 +0100)]
auth4: Reduce indentation level by an early error return
Just cosmetics for easier readability, no code change
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Sun, 26 Feb 2017 10:25:20 +0000 (11:25 +0100)]
auth4: Only use CrackNames if we're a DC
DsCrackNameOneName on a member does not really have a big user database. We
should delegate as much responsibility as possible to our DC.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Sun, 26 Feb 2017 08:16:02 +0000 (09:16 +0100)]
auth4: Fix map_user_info_cracknames for domain==NULL
DsCrackNameOneName directly fails for DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
if the name passed in does not contain a \. The only caller of
map_user_info_cracknames (auth_check_password_send) passes in
lpcfg_workgroup(), which does not contain a \. Add in the \ also for
the default_domain case.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Mon, 13 Feb 2017 20:33:57 +0000 (21:33 +0100)]
auth3: Simplify get_system_info3
We have global_sid_System, so we don't need to dom_sid_parse("S-1-5-18");
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb 27 11:31:53 CET 2017 on sn-devel-144
Volker Lendecke [Mon, 13 Feb 2017 19:47:59 +0000 (20:47 +0100)]
auth3: Fix some whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Wed, 22 Feb 2017 02:46:18 +0000 (15:46 +1300)]
repl_meta_data: Remove handling of backlinks from replmd_prepare_commit()
This deferred handling was already removed, for performance, from
everything but the add case.
We now remove the normal local add case (an originating update), eg
LDAP add from the transaction commit and insted do it on the ADD
operation callback (replmd_op_callback()).
To keep things simple, we make up the extended DN with the GUID and
SID as the object does not actually exist in the DB at the time we
prepare backlink. This also allows us to avoid another search in the
(much more common) modify case.
We rely on transactions to clean up the add of the object if the
backlink fails, thankfully unlike in replication replmd_add() is
normally the only operation in a transaction, and we have alredy
confirmed the link target exists during get_parsed_dns().
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Feb 27 07:12:02 CET 2017 on sn-devel-144
Martin Schwenke [Sat, 25 Feb 2017 02:04:45 +0000 (13:04 +1100)]
ctdb-build: Fix RPM build
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12595
It doesn't look like recursion works for appending scripting commands.
Unroll the recursion instead.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Feb 27 03:09:27 CET 2017 on sn-devel-144
Martin Schwenke [Fri, 24 Feb 2017 18:51:00 +0000 (05:51 +1100)]
ctdb-build: Add WAFLOCK magic to manpages target
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12595
Without this a top-level "make dist" fails to build the CTDB manpages.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Stefan Metzmacher [Mon, 20 Feb 2017 17:02:09 +0000 (18:02 +0100)]
pidl:Python: use of pytalloc_GenericObject_reference*() for pyrpc_{ex,im}port_union() wrapping
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Feb 25 06:33:33 CET 2017 on sn-devel-144
Stefan Metzmacher [Wed, 22 Feb 2017 08:07:54 +0000 (09:07 +0100)]
pidl:Python: replace pytalloc_CObject_FromTallocPtr() with pytalloc_GenericObject_reference_ex()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Feb 2017 09:08:46 +0000 (10:08 +0100)]
pidl:Python: make sure print HASH references for STRUCT types
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Feb 2017 09:14:10 +0000 (10:14 +0100)]
py_net: make use of pytalloc_GenericObject_steal()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Feb 2017 07:00:10 +0000 (08:00 +0100)]
talloc: version 2.1.9
* fix some coverity defects
* fix TALLOC_VERSION_MINOR and talloc_version_minor()
* add new tests
* add pytalloc_get_type()
* add pytalloc_GenericObject_{steal,reference}[_ex]()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 20 Feb 2017 16:33:42 +0000 (17:33 +0100)]
pytalloc: add pytalloc_GenericObject_{steal,reference}[_ex]()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Aurelien Aptel [Thu, 23 Feb 2017 13:05:14 +0000 (14:05 +0100)]
s3/smbd: allow GET_DFS_REFERRAL fsctl on any smb2 connexion
This FSCTL should work on any non-IPC share.
According to [MS-SMB2]
> 3.2.4.20.3 Application Requests DFS Referral Information:
> The client MUST search for an existing Session and TreeConnect to any
> share on the server identified by ServerName for the user identified by
> UserCredentials. If no Session and TreeConnect are found, the client
> MUST establish a new Session and TreeConnect to IPC$ on the target
> server as described in section 3.2.4.2 using the supplied ServerName and
> UserCredentials.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 25 02:38:28 CET 2017 on sn-devel-144
Stefan Metzmacher [Wed, 22 Feb 2017 20:29:50 +0000 (21:29 +0100)]
s3:idmap_ad: make use of pdb_get_trust_credentials() to get the machine account creds
This is mostly a cosmetic change currently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 24 22:34:48 CET 2017 on sn-devel-144
Stefan Metzmacher [Wed, 22 Feb 2017 20:18:32 +0000 (21:18 +0100)]
s3:winbindd: allow a fallback to NTLMSSP for LDAP connections
This matches the behaviour of pdb_get_trust_credentials() for
our machine account and allows us to fallback to NTLMSSP
when contacting trusted domains.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 23 Feb 2017 10:54:21 +0000 (11:54 +0100)]
s3:libads: add more debugging to ads_sasl_spnego_bind()
Any fallbacks to other authentication methods should be logged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 22 Feb 2017 19:07:25 +0000 (20:07 +0100)]
s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()
The implementation of pdb_get_trust_credentials() should have all
the details to set the kerberos_state to a useful value.
This should enable the fallback to NTLMSSP again, when using our
machine account against trusted domains.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 23 Feb 2017 10:54:21 +0000 (11:54 +0100)]
s3:winbindd: add more debugging to cm_prepare_connection()
Any fallbacks to other authentication methods should be logged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 22 Feb 2017 19:07:25 +0000 (20:07 +0100)]
s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials()
Trust accounts can only use kerberos when contacting other AD domains,
using NTLMSSP will fail.
At the same time it doesn't make sense to try kerberos for NT4 domains,
still NTLMSSP will fail, but the callers has to deal with that
case and just fallback to an anonymous SMB connection.
In all cases we should be able to use NETLOGON SCHANNEL
over any anonymous smb or tcp transport.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>