Stefan Metzmacher [Thu, 7 Dec 2017 12:00:10 +0000 (13:00 +0100)]
s4:selftest: replace --option=usespnego= with --option=clientusespnego=
I guess that's what we try to test here, as 'use spnego' was only evaluated
on in the smb server part.
The basically tests the 'raw NTLMv2 auth' option, we set it to yes on
some environments, but keep a knownfail for the ad_member.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 7 Dec 2017 10:17:20 +0000 (11:17 +0100)]
WHATSNEW: document removal 'winbind trusted domains only' option
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 7 Dec 2017 10:10:42 +0000 (11:10 +0100)]
docs-xml: remove deprecated of 'winbind trusted domains only' option
This parameter is already deprecated in favor of the newer idmap_nss backend.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 7 Dec 2017 09:54:21 +0000 (10:54 +0100)]
winbindd: remove 'winbind trusted domains only' handling
This parameter is already deprecated in favor of the newer idmap_nss backend.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 20 Dec 2017 07:41:09 +0000 (08:41 +0100)]
s3:g_lock: keep old mylock on error and don't store new mylock on error
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Wed, 20 Dec 2017 16:42:45 +0000 (17:42 +0100)]
winbindd: use setproctitle
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Douglas Bagnall [Tue, 9 Jan 2018 11:08:01 +0000 (00:08 +1300)]
vfs_fruit: initialise bandsize to please a compiler
GCC on a Ubuntu 16.04 instance said:
[3174/4240] Compiling source3/modules/vfs_cap.c
In file included from ../source3/include/includes.h:301:0,
from ../source3/modules/vfs_fruit.c:20:
../source3/modules/vfs_fruit.c: In function
‘fruit_disk_free’:
../source3/../lib/util/debug.h:217:7: error: ‘bandsize’ may be used
uninitialized in this function [-Werror=maybe-uninitialized]
&& (dbgtext body) )
^
../source3/modules/vfs_fruit.c:6302:9: note: ‘bandsize’ was
declared here
size_t bandsize;
^
[3175/4240] Compiling source3/modules/vfs_expand_msdfs.c
[3176/4240] Compiling source3/modules/vfs_shadow_copy.c
[3177/4240] Compiling source3/modules/vfs_shadow_copy2.c
cc1: all warnings being treated as errors
Waf: Leaving directory
/home/ubuntu/autobuild/b17854/samba-o3/bin'
Build failed: -> task failed (err #1):
{task: cc vfs_fruit.c -> vfs_fruit_25.o}
make: *** [all] Error 1
As far as I can tell, it is wrong, and the bandsize variable never
gets passed uninititalised to DEBUG.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 9 Jan 2018 11:41:01 +0000 (12:41 +0100)]
python: Print the finddcs error message
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jan 9 22:41:28 CET 2018 on sn-devel-144
Volker Lendecke [Tue, 9 Jan 2018 09:23:35 +0000 (10:23 +0100)]
libnet: Add NULL checks to py_net_finddc
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Wed, 6 Dec 2017 21:09:52 +0000 (22:09 +0100)]
vfs_fruit: set delete-on-close for empty finderinfo
We previously removed the stream from the underlying filesystem stream
backing store when the client zeroes out FinderInfo in the AFP_AfpInfo
stream, but this causes certain operations to fail (eg stat) when trying
to access the stream over any file-handle open on that stream.
So instead of deleting, set delete-on-close on the stream. The previous
commit already implemented not to list list streams with delete-on-close
set which is necessary to implemenent correct macOS semantics for this
particular stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13181
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jan 9 17:09:12 CET 2018 on sn-devel-144
Ralph Boehme [Thu, 7 Dec 2017 16:32:35 +0000 (17:32 +0100)]
vfs_fruit: filter out AFP_AfpInfo streams with pending delete-on-close
This is in preperation of fixing the implementation of removing the
AFP_AfpInfo stream by zeroing the FinderInfo out.
We currently remove the stream blob from the underyling filesystem
backing store, but that results in certain operations to fail on any
still open file-handle.
The fix comes in the next commit which will convert to backing store
delete operation to a set delete-on-close on the stream.
This commit adds filtering on streams that have the delete-on-close
set. It is only needed for the fruit:metadata=stream case, as with
fruit:metadata=netatalk the filtering is already done in
fruit_streaminfo_meta_netatalk().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13181
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 7 Dec 2017 13:56:36 +0000 (14:56 +0100)]
vfs_fruit: factor out delete_invalid_meta_stream() from fruit_streaminfo_meta_stream()
No change in behaviour, just some refactoring before adding more code to
fruit_streaminfo_meta_stream() in the next commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13181
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 7 Dec 2017 12:43:02 +0000 (13:43 +0100)]
s4/torture/fruit: enhance zero AFP_AfpInfo stream test
This test more operations in the zeroed out FinderInfo test, ensuring
after zeroing out FinderInfo, operations on the filehandle still work
and that enumerating streams doesn't return the stream anymore.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13181
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 6 Dec 2017 21:05:23 +0000 (22:05 +0100)]
s4/torture/fruit: ensure AFP_AfpInfo blobs are 0-initialized
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13181
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jamie McClymont [Mon, 8 Jan 2018 06:18:34 +0000 (19:18 +1300)]
selftest: close connections after tests in samba4.ldap.rodc_rwdc.python
This test suite had a memory impact of around 2.5GB, from built-up LDAP
connection handlers under the standard process model.
Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jan 9 08:22:27 CET 2018 on sn-devel-144
Andreas Schneider [Mon, 27 Nov 2017 18:37:49 +0000 (19:37 +0100)]
pwrap: Build libpamtest as a subsystem to avoid issues
Making it a subsystem adds the correct include directory for
libpamtest.h.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 8 21:04:16 CET 2018 on sn-devel-144
Ralph Boehme [Sat, 6 Jan 2018 11:27:27 +0000 (12:27 +0100)]
selftest: use net rpc join when joining NT4-style domains
Otherwise net join when failing at the CLDAP ping stage will put a
negative entry for the DC in the conncache which can trigger *hard* to
debug problems later in winbindd.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jan 8 15:22:10 CET 2018 on sn-devel-144
Jamie McClymont [Mon, 8 Jan 2018 00:56:03 +0000 (13:56 +1300)]
selftest: close connections after tests in samba4.ldap.secdesc.python
This test suite had a memory impact of around 2.2GB, from LDAP connection
handlers under the standard process model.
Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jan 8 08:02:15 CET 2018 on sn-devel-144
Jamie McClymont [Mon, 8 Jan 2018 00:24:25 +0000 (13:24 +1300)]
selftest: close connections after tests in samba4.ldap.acl.python
Over the length of a run of this suite (which runs under the standard process
model), memory usage from LDAP connection handlers reaches 4GB. This patch
reduces it to a manageable amount.
Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Björn Jacke [Wed, 13 Dec 2017 00:38:25 +0000 (01:38 +0100)]
docs-xml: mention that the man pages are "part of" version x
writing that they are correct for version x is not always precise. But we're
working on that also :-)
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Bjoern Jacke [Fri, 8 Dec 2017 13:52:24 +0000 (14:52 +0100)]
doc: document wins server's smb.conf parameters
this is from the WINS server, which was released earlier as samba4wins.
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Björn Jacke [Wed, 20 Dec 2017 20:35:54 +0000 (21:35 +0100)]
tests:docs: remove explicit exceptions for parametric options
we don't need to list them all as special cases because we exclude parametric
options generally now from the default value test.
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Björn Jacke [Wed, 20 Dec 2017 20:23:24 +0000 (21:23 +0100)]
tests:docs: don't try to test parametric option defaults
we don't get the values of the parametric options.
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Aurelien Aptel [Thu, 14 Dec 2017 15:47:49 +0000 (16:47 +0100)]
packaging: add configure option to preprocess and install systemd files
Turn the systemd service files under packaging into template (.in) files
with @VAR@ substitutions and add configure options to install and tweak
them.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andreas Schneider [Wed, 3 Jan 2018 10:23:51 +0000 (11:23 +0100)]
crypto: Update the REQUIREMENTS
Update after call with the GnuTLS maintainer to see what is supported in
GnuTLS, what is working in FIPS mode or not, and what features we require
to move to GnuTLS in future. The benefit will be FIPS certification and
more hardware accelerated crypto.
Bugs have been opened against GnuTLS to implment the missing features or
add functions to declare use of old crypto functions as non-crypto use.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Dr. Thomas Orgis [Thu, 27 Jul 2017 10:54:28 +0000 (12:54 +0200)]
Add substitutions %t, %j, and %J as path-safe variants of %T, %i, and %I.
Rationale: Using the existing substitutions in construction of paths
(dynamic shares, created on client connect) results in directory names with
colons and dots in them. Those can be hard to use when accessed from a
different share, as Windows does not allow : in paths and has some ideas about
dots.
Signed-off-by: Dr. Thomas Orgis <thomas.orgis@uni-hamburg.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
kkplein [Tue, 19 Dec 2017 09:49:10 +0000 (10:49 +0100)]
define DBGC_AUTH class
Signed-off-by: Mourik Jan C Heupink <heupink@merit.unu.edu>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
kkplein [Mon, 18 Dec 2017 19:14:31 +0000 (20:14 +0100)]
Update util.c to include DBGC_AUTH class
Signed-off-by: Mourik Jan C Heupink <heupink@merit.unu.edu>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sun, 7 Jan 2018 21:31:50 +0000 (10:31 +1300)]
travis-ci: Update package list to match the wiki
This in turn is based on what we use at Catalyst minus some helpful packages like editors
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Sat, 6 Jan 2018 15:13:52 +0000 (16:13 +0100)]
vfs_fileid: fix a use after free
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jan 8 03:16:30 CET 2018 on sn-devel-144
Ralph Boehme [Thu, 4 Jan 2018 16:22:16 +0000 (17:22 +0100)]
vfs_fileid: add fileid:algorithm = fsname_norootdir
Based-on-a-patch-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jan 6 04:41:24 CET 2018 on sn-devel-144
Ralph Boehme [Thu, 4 Jan 2018 16:09:21 +0000 (17:09 +0100)]
vfs_fileid: add fileid:nolockinode parameter
Based-on-a-patch-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 4 Jan 2018 16:02:53 +0000 (17:02 +0100)]
vfs_fileid: add fileid:algorithm = fsname_nodirs
Enabling fileid:algorithm = fsname_nodirs uses the hostname algorithm
for directories and thus breaks cluster lock coherence for directories.
Based-on-a-patch-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 4 Jan 2018 15:59:54 +0000 (16:59 +0100)]
vfs_fileid: add fileid:algorithm = hostname
Using fileid:algorithm = hostname makes fileid generate
fileids based on the hostname. This breaks cluster lock coherence.
Based-on-a-patch-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 4 Jan 2018 15:35:38 +0000 (16:35 +0100)]
vfs_fileid: convert dev argument of the device_mapping_fn to SMB_STRUCT_STAT
This is in preperation of adding an additional mapping function that
acts differently depending of the file type. No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Wuerthner [Tue, 12 Jan 2016 15:00:24 +0000 (16:00 +0100)]
vfs_fileid: add "fstype/mntdir deny/allow list" option
When using the fsname or fsid algorithm a stat() and statfs() call is
required for all mounted file systems to generate the file_id. If e.g.
an NFS file system is unresponsive such a call might block and the smbd
process will become unresponsive. Add "fileid:fstype deny",
"fileid:fstype allow", "fileid:mntdir deny", and "fileid:mntdir allow"
options to ignore potentially unresponsive file systems.
See also https://lists.samba.org/archive/samba-technical/2016-January/111553.html
for a discussion about why this is useful.
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Jan 2018 09:23:30 +0000 (10:23 +0100)]
vfs_fileid: preserve errno in an error code path
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 4 Jan 2018 16:25:07 +0000 (17:25 +0100)]
vfs_fileid: add a DEBUG message to log dev and inode
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 5 Jan 2018 09:45:41 +0000 (10:45 +0100)]
tests: The pthreadpooltests do not need a full environment
Makes "make test TESTS=pthreadpool" faster
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Thu, 4 Jan 2018 20:26:58 +0000 (21:26 +0100)]
dnscli: Make a few functions static
We might want to use the tcp flavor in the future in the forwarder for a
single, persistent TCP connection. Then we can easily re-publish it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Thu, 4 Jan 2018 20:06:02 +0000 (21:06 +0100)]
samba: Only use async signal-safe functions in signal handler
Otherwise shutdown can hang
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Tue, 2 Jan 2018 18:09:04 +0000 (19:09 +0100)]
s4/torture: test vfs_fruit "fruit:time machine max size" option
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 3 Nov 2017 09:56:29 +0000 (10:56 +0100)]
vfs_fruit: add "time machine max size" option
This can be used to configure a per client filesystem size limit on
TimeMachine shares.
It's a nasty hack but it was reportedly working well in Netatalk where
it's taken from.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Björn Jacke [Thu, 4 Jan 2018 15:35:12 +0000 (16:35 +0100)]
docs-xml: add basic Makefile dependencies for targets that use xsltproc
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Jan 5 19:55:29 CET 2018 on sn-devel-144
Björn Jacke [Thu, 4 Jan 2018 15:19:13 +0000 (16:19 +0100)]
docs-xml: set a reasonable XML_CATALOG_FILES in Makefile
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Björn Jacke [Thu, 4 Jan 2018 15:12:28 +0000 (16:12 +0100)]
docs-xml: generate build/catalog.xml via Makefile target
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Jamie McClymont [Tue, 19 Dec 2017 00:14:41 +0000 (13:14 +1300)]
autobuild: fix quoting of --restrict-tests
Currently, passing multiple tests causes those other than the first to be
passed to make, causing failures.
Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Jan 5 02:51:09 CET 2018 on sn-devel-144
Jamie McClymont [Wed, 3 Jan 2018 03:59:24 +0000 (03:59 +0000)]
source4/tests: typo in env name
Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Björn Jacke [Thu, 4 Jan 2018 11:55:26 +0000 (12:55 +0100)]
docs-xml: plain file URIs need three slashes
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Thu Jan 4 20:32:21 CET 2018 on sn-devel-144
Björn Jacke [Thu, 4 Jan 2018 09:38:05 +0000 (10:38 +0100)]
docs-xml: figure out samba version for the docs automatically
Signed-off-by: Bjoern Jacke <bjoern@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Wed, 3 Jan 2018 17:52:33 +0000 (09:52 -0800)]
s3: smbd: Use identical logic to test for kernel oplocks on a share.
Due to inconsistent use of lp_kernel_oplocks() we could miss kernel
oplocks being on/off in some of our oplock handling code, and thus
use the wrong logic.
Ensure all logic around koplocks and lp_kernel_oplocks() is consistent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13193
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan 4 16:03:38 CET 2018 on sn-devel-144
Volker Lendecke [Sun, 31 Dec 2017 10:02:45 +0000 (11:02 +0100)]
dns_server: Remove "max_payload" from dns_server
This would have to be retrieved from the interface type we have I guess.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 4 05:08:02 CET 2018 on sn-devel-144
Volker Lendecke [Sun, 31 Dec 2017 10:00:01 +0000 (11:00 +0100)]
dns_server: Remove unused "dns_generate_options"
This was part of the previous bugfix for 9632, which has been replaced
by TCP fallback code. We can dig this up from git if needed.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 31 Dec 2017 09:59:40 +0000 (10:59 +0100)]
dns_server: Remove unused "dns" parameter from ask_forwarder_send
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 29 Dec 2017 12:09:15 +0000 (13:09 +0100)]
ndr_dns: fix pushing unknown resource records
When pulling for example an RRSIG record, we end up with length!=0 *and*
unexpected.length != 0, but with an unknown rrec. We should be able to
marshall what we retrieved from the wire.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 29 Dec 2017 10:11:59 +0000 (11:11 +0100)]
dns_server: Use dns_cli_request instead of direct udp
This skips adding the DNS option for a larger UDP packet size than
512. This is a different fix for bug 9632.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 29 Dec 2017 10:01:29 +0000 (11:01 +0100)]
libdns: Add dns_cli_request
First UDP, then TCP if truncation happened
Signed-off-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Thu, 28 Dec 2017 21:35:46 +0000 (22:35 +0100)]
libdns: dns/tcp client
Same signature as the UDP client in the same file. This opens and closes
the socket per request. In the future, we might want to create a
persistent TCP connection for our internal DNS server's forwarder. That
will require proper handling of in-flight requests. Something for
another day.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 27 Dec 2017 11:50:07 +0000 (12:50 +0100)]
dsdb: Fix the build on 32-bit FreeBSD
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 29 Dec 2017 08:36:31 +0000 (09:36 +0100)]
libdns: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 28 Dec 2017 20:41:33 +0000 (21:41 +0100)]
tsocket: Fix typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 13 Dec 2016 10:38:13 +0000 (11:38 +0100)]
credentials: Simplify cli_credentials_get_server_gss_creds()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 3 14:37:12 CET 2018 on sn-devel-144
Bjoern Jacke [Thu, 7 Dec 2017 15:06:38 +0000 (16:06 +0100)]
smbldap: don't try start tls on ldaps:// connections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6079
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Tue Jan 2 18:01:17 CET 2018 on sn-devel-144
Björn Jacke [Wed, 13 Dec 2017 12:39:10 +0000 (13:39 +0100)]
doc-xml: fix dependency as the xml targets depend on Makefile.settings
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Sun, 31 Dec 2017 23:14:13 +0000 (00:14 +0100)]
Happy New Year 2018!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jan 1 19:19:22 CET 2018 on sn-devel-144
Douglas Bagnall [Wed, 27 Dec 2017 22:45:49 +0000 (11:45 +1300)]
selftest: allow more time for tests
Maybe make test *should* run in under 4 hours, but it currently
doesn't.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Dec 29 02:48:59 CET 2017 on sn-devel-144
Volker Lendecke [Wed, 27 Dec 2017 12:19:06 +0000 (13:19 +0100)]
torture: Fix CID
1426987 Incorrect expression (UNUSED_VALUE)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Dec 28 02:22:04 CET 2017 on sn-devel-144
Douglas Bagnall [Mon, 18 Dec 2017 04:06:07 +0000 (17:06 +1300)]
samba-tool test: ensure `samba-tool help` works
We make sure the output is identical to `samba-tool --help` for the same
subcommands.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 22 07:50:21 CET 2017 on sn-devel-144
Douglas Bagnall [Fri, 11 Aug 2017 04:39:33 +0000 (16:39 +1200)]
samba-tool: treat 'samba-tool help foo' as 'samba-tool foo --help'
Vaguely keeping up with the modern style.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 20 Dec 2017 22:30:24 +0000 (11:30 +1300)]
samba-tool: give cache_loader pseudo-dict a .get() method
This makes it more dict-like, and makes the next patch (adding
samba-tool help) simpler.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Mon, 18 Dec 2017 03:54:07 +0000 (16:54 +1300)]
samba-tool: --help test, ensuring help tree coverage
`samba-tool [COMMAND] --help` will list sub-commands of COMMAND
(or top-level commands if COMMAND is omitted). This ensures that
`samba-tool COMMAND SUBCOMMAND --help` works for all the commands
found in the help tree.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Thu, 21 Dec 2017 17:49:39 +0000 (19:49 +0200)]
selftest: pass location of perl executable from waf to test-envs
Many perl scripts in the codebase are executables with a
"/usr/bin/perl" shebang. Running them as executables is not
portable as some OS's have a different location for the perl
interpreter.
During the configuration process, waf finds the location of the perl
interpreter. Some or all invocations of perl scripts from within
test environment setup code are actually "$PERL <script>",
but since PERL env var is typically not set, this amounts to the
unportable "<script>", which invokes /usr/bin/perl.
This patch exports the location of perl as found by the configuration
process to the test environment, causing "$PERL <script>" to be
"<correct place of perl interpreter> <script>".
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 20 Dec 2017 13:05:54 +0000 (14:05 +0100)]
s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions
Windows client at least doesn't have code to replay
a SMB2 Close after getting NETWORK_SESSION_EXPIRED,
which locks out a the client and generates an endless
loop around NT_STATUS_SHARING_VIOLATION.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13197
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Dec 21 23:28:42 CET 2017 on sn-devel-144
Stefan Metzmacher [Thu, 21 Dec 2017 13:47:06 +0000 (14:47 +0100)]
s3:smbd: return the correct error for cancelled SMB2 notifies on expired sessions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13197
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 21 Dec 2017 11:53:02 +0000 (12:53 +0100)]
s4:torture: add smb2.session.expire2 test
This demonstrates the interaction of NT_STATUS_NETWORK_SESSION_EXPIRED
and various SMB2 opcodes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13197
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 21 Dec 2017 10:01:18 +0000 (11:01 +0100)]
torture: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Uri Simchoni [Tue, 5 Dec 2017 18:56:49 +0000 (20:56 +0200)]
sysacls: change datatypes to 32 bits
The SMB_ACL_PERMSET_T and SMB_ACL_PERM_T were defined as
mode_t, which is 16-bits on some (non-Linux) systems. However,
pidl *always* encodes mode_t as uint32_t. That created a bug on
big-endian systems as sys_acl_get_permset() returns a SMB_ACL_PERMSET_T
pointer to an internal a_perm structure member defined in IDL as a mode_t,
which pidl turns into a uin32_t in the emitted header file.
Changing to 32 bits fixes that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13176
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Uri Simchoni [Tue, 5 Dec 2017 18:49:03 +0000 (20:49 +0200)]
pysmbd: fix use of sysacl API
Fix pysmbd to use the sysacl (POSIX ACL support) as intended, and
not assume too much about the inner structure and implementation
of the permissions in the sysacl API.
This will allow the inner structure to change in a following commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13176
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Wed, 20 Dec 2017 23:07:46 +0000 (12:07 +1300)]
samba-tool domain schemaupgrade: Avoid reindex after every hunk
This takes advantage of the fact that a single LDB operation is atomic
even inside our transaction and so we can retry it after updating the
schema.
This makes the smaba-tool domain schemaupgrade take 1m30s compared with 4m4s.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Dec 21 08:28:51 CET 2017 on sn-devel-144
Garming Sam [Sun, 17 Dec 2017 23:45:02 +0000 (12:45 +1300)]
ldapcmp: Improve the difference checker of ldapcmp for 2012 R2
There are a number of new attributes which may be considered DNs.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Dec 21 03:41:19 CET 2017 on sn-devel-144
Garming Sam [Sun, 17 Dec 2017 23:30:44 +0000 (12:30 +1300)]
upgradeprovision: Mark tests as passing again (using functional prep)
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Sun, 17 Dec 2017 23:30:15 +0000 (12:30 +1300)]
functionalprep.sh: Add a test to show that functional prep works on old databases
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Fri, 15 Dec 2017 02:43:32 +0000 (15:43 +1300)]
functionalprep.sh: New test for ensuring that the prep works correctly
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Fri, 15 Dec 2017 01:33:45 +0000 (14:33 +1300)]
release-4-8-0-pre1: New database dump for checking that functional prep works
Next will be a test which compares the current run of the script against
this reference provision.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 6 Dec 2017 01:12:30 +0000 (14:12 +1300)]
domain.py: Command for prepping the domain for higher functional levels
Currently we support the 2012 and 2012 R2 prep levels.
Forest prep requires use of the schema master role.
Domain prep requires use of the infrastructure master role.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Dec 2017 02:27:20 +0000 (15:27 +1300)]
domain.py: Force schema upgrade to be used only on the schema master
While this may be enforced at lower levels, it would be better to warn
earlier rather than later.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Tue, 12 Dec 2017 23:09:02 +0000 (12:09 +1300)]
forest_update: Allow the script to add the missing forest containers
Before we set the prep level higher in default provisions, we should add
these objects to the initial ldif (so that our initial ldif represents a
full 2008R2 domain which we build consistently on).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 6 Dec 2017 01:23:04 +0000 (14:23 +1300)]
forest_update: Create a module to apply forest prep updates
This module uses information sourced from the Forest-Wide-Updates.md
file from one of Microsoft's Github repos to generate the operation
information.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Dec 2017 00:37:08 +0000 (13:37 +1300)]
domain_update: Add a new docstring for the main entry point
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Dec 2017 00:35:14 +0000 (13:35 +1300)]
domain_update: Add an additional error with revision
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Dec 2017 00:17:32 +0000 (13:17 +1300)]
domain_update: Allow the revision version to be set
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Dec 2017 00:12:01 +0000 (13:12 +1300)]
domain_update: Respect the fix=False flag
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Tue, 12 Dec 2017 02:53:09 +0000 (15:53 +1300)]
domain_update: Create a module to apply domain prep updates
These updates are referenced in documentation much like our
Forest-Wide-Updates.md file under the same MIT and CC attribution
licenses.
https://github.com/MicrosoftDocs/windowsserverdocs/blob/master/WindowsServerDocs/identity/ad-ds/deploy/Domain-Wide-Updates.md
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Fri, 24 Nov 2017 03:26:52 +0000 (16:26 +1300)]
ms_forest_updates_markdown: Write a parser for the forest updates .md
Unlike the schema markdown which appears generally as ldif, these
descriptions are textual.
We are only handling the add cases, with the rest being manually encoded.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 14 Dec 2017 22:30:27 +0000 (11:30 +1300)]
WindowsServerDocs: Update README for clarity
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Fri, 24 Nov 2017 03:26:52 +0000 (16:26 +1300)]
Forest-Wide-Updates.md: Include the description of forest wide updates
This is sourced from the WindowsServerDocs repository on Github under an
MIT/CC 4.0 attribution license. A huge thanks is required for these
being provided and the work done in the process, as they mean a lot less
work for us to repeat.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 14 Dec 2017 03:43:04 +0000 (16:43 +1300)]
WindowsServerDocs: Update README to get rid of the references to ./gen/
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 24 Aug 2017 02:10:04 +0000 (14:10 +1200)]
2008R2: Missing operation (77) for ActiveDirectoryUpdate version 5 (FL)
Operation 77: {
82112ba0-7e4c-4a44-89d9-
d46c9612bf91}
- Create the CN=PSPs,CN=System object
Referenced in the page 'Windows Server 2008R2: Domain-Wide Updates':
https://technet.microsoft.com/en-us/library/
dd378973(v=ws.10).aspx
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 24 Aug 2017 01:59:22 +0000 (13:59 +1200)]
2008R2: Missing operation (75, 76) for ActiveDirectoryUpdate version 5 (FL)
Operation 75 {
5e1574f6-55df-493e-a6-71-aa-ef-fc-a6-a1-00}
- Create the CN=Managed Service Accounts object
Operation 76 {
d262aae8-41f7-48ed-9f-35-56-bb-b6-77-57-3d}
- Add otherWellKnownObject link for CN=Managed Service Accounts
Referenced in the page 'Windows Server 2008R2: Domain-Wide Updates':
https://technet.microsoft.com/en-us/library/
dd378973(v=ws.10).aspx
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Sun, 17 Dec 2017 23:39:52 +0000 (12:39 +1300)]
ldapcmp: Add otherWellKnownObjects to ignore when using --two
wellKnownObjects already exists in this list.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
git.samba.org / samba.git / log