samba.git
2 years agoerrors: generate python error codes for NTSTATUS
Günther Deschner [Tue, 27 Sep 2016 18:31:58 +0000 (20:31 +0200)]
errors: generate python error codes for NTSTATUS

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agorepl_meta_data: Remove the correct forward link for dn+binary attributes
Andrew Bartlett [Mon, 12 Oct 2015 02:51:37 +0000 (15:51 +1300)]
repl_meta_data: Remove the correct forward link for dn+binary attributes

The previous code assumed that only plain DNs could be linked attributes.

We need to look over the list of attribute values and find the value
that causes this particular backlink to exist, so we can remove it.

We do not know (until we search) of the binary portion, so we must
search over all the attribute values at this layer, using the
parsed_dn_find() routine used elsewhere in this code.

Found attempting to demote an RODC in a clone of a Windows 2012R2
domain, due to the msDS-RevealedUsers attribute.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11139
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Feb 14 06:14:35 CET 2017 on sn-devel-144

2 years agorepl_meta_data: Add comment with some future improvements
Andrew Bartlett [Mon, 13 Feb 2017 23:11:19 +0000 (12:11 +1300)]
repl_meta_data: Add comment with some future improvements

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agorepl_meta_data: Always sort the links when upgrading them
Andrew Bartlett [Mon, 13 Feb 2017 23:08:35 +0000 (12:08 +1300)]
repl_meta_data: Always sort the links when upgrading them

This allows us to know that the output of get_parsed_dns_trusted() is sorted, as an
upgraded attribute of FL2000 links would not otherwise be sorted in the DB

This allows us to delete linked objects that have a forward link from a
FL2000 style linked attribute once the DN+Binary patches land.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agorepl_meta_data: Bring replmd_check_upgrade_links() into get_parsed_dns_trusted()
Andrew Bartlett [Mon, 13 Feb 2017 22:59:13 +0000 (11:59 +1300)]
repl_meta_data: Bring replmd_check_upgrade_links() into get_parsed_dns_trusted()

This eliminates a lot of duplicate code and allows us to know that we will
have a set of FL2003 style links in the parsed DNs to operate on

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agopython/tests: Add test for generated and duplicate mAPIIDs
Bob Campbell [Tue, 7 Feb 2017 22:55:32 +0000 (11:55 +1300)]
python/tests: Add test for generated and duplicate mAPIIDs

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agosamldb: Allow automatic generation of mAPIIDs
Bob Campbell [Tue, 7 Feb 2017 22:40:32 +0000 (11:40 +1300)]
samldb: Allow automatic generation of mAPIIDs

This allows us to conform to MS-ADTS 3.1.1.2.3.2, where the OID
1.2.840.113556.1.2.49 can be specified as the mAPIID of a new attribute
in the schema in order to automatically assign it an unused mAPIID.

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agotorture/drs: Add a test for dn+binary linked attributes
Bob Campbell [Thu, 2 Feb 2017 21:34:14 +0000 (10:34 +1300)]
torture/drs: Add a test for dn+binary linked attributes

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11139

2 years agotorture/drs: run repl_schema in vampire_2000_dc environment as well
Bob Campbell [Thu, 2 Feb 2017 21:33:54 +0000 (10:33 +1300)]
torture/drs: run repl_schema in vampire_2000_dc environment as well

This will be necessary as linked attributes are handled differently in
Windows 2000.

We also only check msDS-IntId if we have a functional level of > Windows
2000, as this attribute is not present on lower domain function levels.

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11139

2 years agoselftest: add vampire_2000_dc environment
Bob Campbell [Tue, 7 Feb 2017 20:16:41 +0000 (09:16 +1300)]
selftest: add vampire_2000_dc environment

This is the equivalent of vampire_dc, but using a domain functional
level of DS_DOMAIN_FUNCTION_2000.

Using this functional level is useful for tests involving replication
and linked attributes, as they behave differently at it.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11139
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz>

2 years agopython/tests: add test for generated and duplicate linkIDs
Bob Campbell [Wed, 1 Feb 2017 20:46:26 +0000 (09:46 +1300)]
python/tests: add test for generated and duplicate linkIDs

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11139

2 years agotorture/drs: generate linkID for test rather than specifying
Bob Campbell [Tue, 7 Feb 2017 02:42:29 +0000 (15:42 +1300)]
torture/drs: generate linkID for test rather than specifying

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11139

2 years agosamldb: Allow automatic generation of linkIDs and prevent duplicates
Bob Campbell [Tue, 31 Jan 2017 22:54:40 +0000 (11:54 +1300)]
samldb: Allow automatic generation of linkIDs and prevent duplicates

As per MS-ADTS 3.1.1.2.3.1, this allows specifying the OID
1.2.840.113556.1.2.50 as the linkID of a new linked attribute in the
schema in order to automatically assign it an unused even linkID.

Specifying the attributeID or ldapDisplayName of an existing forward
link will now also add the new linked attribute as the backlink of that
existing link.

This also prevents adding duplicate linkIDs. Previously, we could run
into issues when trying to delete backlinks with duplicate linkIDs.

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11139

2 years agowaf: Do not install the unit test binary for krb5samba
Andreas Schneider [Wed, 1 Feb 2017 14:53:44 +0000 (15:53 +0100)]
waf: Do not install the unit test binary for krb5samba

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12552

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Feb 13 14:17:39 CET 2017 on sn-devel-144

2 years agodbcheck-links: Test that dbcheck against one-way links does not error
Garming Sam [Wed, 8 Feb 2017 02:24:14 +0000 (15:24 +1300)]
dbcheck-links: Test that dbcheck against one-way links does not error

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12577
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb 13 07:33:08 CET 2017 on sn-devel-144

2 years agodbcheck: Do not regard old one-way-links as errors
Andrew Bartlett [Thu, 2 Feb 2017 03:27:35 +0000 (16:27 +1300)]
dbcheck: Do not regard old one-way-links as errors

Samba does not maintain one way links when the target is deleted or renamed
so do not fail dbcheck because of such links, but allow them to be updated.

This matters because administrators and make test expect that normal Samba
operation do NOT cause the database to become corrupt, and any error from
dbcheck tends to trigger alarms (or test failures).

If an object pointed at by a one way link is renamed or deleted in normal
operations (such as intersiteTopologyGenerator pointing at a demoted DC),
or make test, then this could trigger.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12577

2 years agolib/util: Remove ntstatus.h and string_wrappers.h include from samba_util.h
Andrew Bartlett [Wed, 1 Feb 2017 01:13:28 +0000 (14:13 +1300)]
lib/util: Remove ntstatus.h and string_wrappers.h include from samba_util.h

These are not low-level headers that we need everywhere.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Feb 11 11:40:45 CET 2017 on sn-devel-144

2 years agodebug: Do not depend on the whole of samba_util.h
Andrew Bartlett [Wed, 1 Feb 2017 00:58:46 +0000 (13:58 +1300)]
debug: Do not depend on the whole of samba_util.h

By depending only on util_strlist.h and blocking.h we avoid pulling in the
generated NTSTATUS list for this low-level subsystem

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agotorture/ntlm_auth: do not assume a line is less than 2047 bytes
Bob Campbell [Wed, 18 Jan 2017 02:55:49 +0000 (15:55 +1300)]
torture/ntlm_auth: do not assume a line is less than 2047 bytes

These tests would fail when ran in our cloud. This was due to lines that
were more than 2047 bytes in length, causing us to fail readLine with a
ReadChildError. This fix lets it read lines of any length, but in 2047
byte segments.

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agosamba-tool: Correct handling of default value for use_ntvfs and use_xattrs
Andrew Bartlett [Mon, 30 Jan 2017 02:34:09 +0000 (15:34 +1300)]
samba-tool: Correct handling of default value for use_ntvfs and use_xattrs

Because these options are optional based on build-time rules, we need to encode the
default value from the additonal Option() blocks in the run() declaration.

Then we can correctly check only for the expected options, and not inconsistently for
None (causing classicupgrade to fail).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12543
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agos3/util: mvxattr, a tool to rename extended attributes
Ralph Boehme [Fri, 3 Feb 2017 13:57:45 +0000 (14:57 +0100)]
s3/util: mvxattr, a tool to rename extended attributes

Usage: mvxattr -s STRING -d STRING PATH [PATH ...]
  -s, --from=STRING         xattr source name
  -d, --to=STRING           xattr destination name
  -l, --follow-symlinks     follow symlinks, the default is to ignore them
  -p, --print               print files where the xattr got renamed
  -v, --verbose             print files as they are checked
  -f, --force               force overwriting of destination xattr

Help options:
  -?, --help            Show this help message
  --usage               Display brief usage message

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12490

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 10 22:24:59 CET 2017 on sn-devel-144

2 years agolib/replace: validate xattr namespace prefix on FreeBSD
Ralph Boehme [Fri, 3 Feb 2017 17:08:12 +0000 (18:08 +0100)]
lib/replace: validate xattr namespace prefix on FreeBSD

We should validate the xattr name string ensuring it either begins with
"sytem." or "user.". If it doesn't, we should fail the request with
EINVAL.

The FreeBSD xattr API uses namespaces but doesn't put the namespace name
as a string prefix at the beginning of the xattr name. It gets passed as
an additional int arg instead.

On the other hand, our libreplace xattr API expects the caller to put a
namespace prefix into the xattr name.

Unfortunately the conversion and stripping of the namespace string prefix
from the xattr name gives the following unexpected result on FreeBSD:

rep_setxattr("foo.bar", ...) => xattr with name "bar"

The code checks if the name begins with "system.", if it doesn't find
it, it defaults to the user namespace and then does a strchr(name, '.')
which skips *any* leading string before the first dot.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12490

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_fruit: cleanup metadata and resource xattr name defines
Ralph Boehme [Fri, 3 Feb 2017 15:43:26 +0000 (16:43 +0100)]
vfs_fruit: cleanup metadata and resource xattr name defines

Just some cleanup, no change in behaviour. This also removes the hokey
tag. :)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12490

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_fruit: correct Netatalk metadata xattr on FreeBSD
Ralph Boehme [Fri, 3 Feb 2017 15:33:00 +0000 (16:33 +0100)]
vfs_fruit: correct Netatalk metadata xattr on FreeBSD

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12490

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agomessaging_dgm: avoid GCC snprintf warnings in messaging_dgm_out_create
Andrew Bartlett [Thu, 9 Feb 2017 01:03:33 +0000 (14:03 +1300)]
messaging_dgm: avoid GCC snprintf warnings in messaging_dgm_out_create

We are trying to put something that (in theory) could be 109 bytes
long, into the sockaddr_un.sun_path field which has a fixed size of
108 bytes. The "in theory" part is that one of the components is a
pid, which although stored as 32 bits is in practice 16 bits, so the
maximum size is not actually hit.

This is all very annoying, because the length is checked anyway and
all this achieves is silencing a warning.

Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 10 09:05:31 CET 2017 on sn-devel-144

2 years agoshadow_copy_get_shadow_copy_data: fix GCC snprintf warning
Douglas Bagnall [Thu, 9 Feb 2017 00:02:52 +0000 (13:02 +1300)]
shadow_copy_get_shadow_copy_data: fix GCC snprintf warning

GCC 7 warns about snprintf truncating a dirent d_name (potentially 255 bytes) to 25 bytes,
even though we have checked that it is 25 long in shadow_copy_match_name().

Using strlcpy instead of snprintf lets us check it again, JUST TO BE SURE.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopython provision: fix indenting of doc string
Douglas Bagnall [Wed, 14 Dec 2016 20:34:28 +0000 (09:34 +1300)]
python provision: fix indenting of doc string

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agontlmssp: fix compilation with -O2 -fno-inline
Douglas Bagnall [Wed, 21 Dec 2016 00:24:46 +0000 (13:24 +1300)]
ntlmssp: fix compilation with -O2 -fno-inline

Without inlining the function, GCC doesn't know that
gensec_ntlmssp->ntlmssp_state->role always has a valid value.

With inlining, this is obviously redundant but GCC clearly knows
enough to detect this and elide the default case.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogetncchanges script: use library code, not copied functions.
Douglas Bagnall [Fri, 28 Oct 2016 02:05:28 +0000 (15:05 +1300)]
getncchanges script: use library code, not copied functions.

These functions were duplicates. To be exact, the diff -ub between what
getncchanges had, and what drs_uitls now has is this:

|@@ -1,4 +1,5 @@
|-def do_DsBind(drs):
|+def drs_DsBind(drs):
|     '''make a DsBind call, returning the binding handle'''
|     bind_info = drsuapi.DsBindInfoCtr()
|     bind_info.length = 28
|@@ -32,7 +33,8 @@
|     bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
|     bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
|     (info, handle) = drs.DsBind(misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID), bind_info)
|-    return handle
|+
|+    return (handle, info.info.supported_extensions)
|
|
| def drs_get_rodc_partial_attribute_set(samdb):
|@@ -43,7 +45,7 @@
|     attids = []
|
|     # the exact list of attids we send is quite critical. Note that
|-    # we do ask for the secret attributes, but set set SPECIAL_SECRET_PROCESSING
|+    # we do ask for the secret attributes, but set SPECIAL_SECRET_PROCESSING
|     # to zero them out
|     schema_dn = samdb.get_schema_basedn()
|     res = samdb.search(base=schema_dn, scope=ldb.SCOPE_SUBTREE,
|@@ -71,3 +73,4 @@
|     partial_attribute_set.attids         = attids
|     partial_attribute_set.num_attids = len(attids)
|     return partial_attribute_set

while the drs_utils code has changed in moving
drs_get_rodc_partial_attribute_set() out of the class.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agolib/replace tests: prevent GCC fretting over snprintf sizes
Douglas Bagnall [Tue, 1 Nov 2016 00:26:11 +0000 (13:26 +1300)]
lib/replace tests: prevent GCC fretting over snprintf sizes

These tests deliberately use snprintf for truncating strings, which is
fine for tests. This has the effect of leaving the warning in place
but preventing it from becoming a fatal error.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agofix blackbox_supported_features: mkdir -p its directory
Douglas Bagnall [Thu, 9 Feb 2017 23:30:59 +0000 (12:30 +1300)]
fix blackbox_supported_features: mkdir -p its directory

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agodocs/smbconf: update log level list in man page
Douglas Bagnall [Wed, 25 Jan 2017 22:39:13 +0000 (11:39 +1300)]
docs/smbconf: update log level list in man page

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoselftest: show multiple arguments for --help
Douglas Bagnall [Fri, 27 Jan 2017 02:10:29 +0000 (15:10 +1300)]
selftest: show multiple arguments for --help

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agowaf --test-list takes a filename argument
Douglas Bagnall [Thu, 2 Feb 2017 04:26:43 +0000 (17:26 +1300)]
waf --test-list takes a filename argument

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agodocs: Add missing spaces in man smb.conf.
Karolin Seeger [Thu, 9 Feb 2017 10:27:45 +0000 (11:27 +0100)]
docs: Add missing spaces in man smb.conf.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb  9 23:58:02 CET 2017 on sn-devel-144

2 years agos3-vfs: Only walk the directory once in open_and_sort_dir()
Andreas Schneider [Thu, 9 Feb 2017 14:05:01 +0000 (15:05 +0100)]
s3-vfs: Only walk the directory once in open_and_sort_dir()

On a slow filesystem or network filesystem this can make a huge
difference.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12571

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoMove pthreadpool to top of the tree.
Matthieu Patou [Fri, 3 Feb 2017 23:13:49 +0000 (15:13 -0800)]
Move pthreadpool to top of the tree.

Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowafsamba: Remove 2010 comments that seems not accurate anymore
Matthieu Patou [Wed, 8 Feb 2017 20:01:50 +0000 (12:01 -0800)]
wafsamba: Remove 2010 comments that seems not accurate anymore

In my tests default value is correctly used and if we provide explicitly
a --with it will comply with the store_true and if we provide --without
then it will comply with the store_false

Change-Id: I820a7f2f08c51ec23b694bce7009c3891d4ab8ef
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowafsamba: Move command line option function labelled as 'samba3' to the common set...
Matthieu Patou [Wed, 8 Feb 2017 06:58:40 +0000 (22:58 -0800)]
wafsamba: Move command line option function labelled as 'samba3' to the common set of functions

It allows to be used for things that are not 'samba3' only (or more
accurately things not in common and not related to the AD DC
implementation)

Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoSwitch on the sortedLinks Flag on new databases
Andrew Bartlett [Tue, 10 Jan 2017 20:24:06 +0000 (09:24 +1300)]
Switch on the sortedLinks Flag on new databases

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Feb  9 07:07:43 CET 2017 on sn-devel-144

2 years agoreplmd: check for the sortedLinks feature flag
Andrew Bartlett [Thu, 2 Feb 2017 22:25:37 +0000 (11:25 +1300)]
replmd: check for the sortedLinks feature flag

If it is there, we assume linked attributes are stored in a sorted
order.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agodsdb: Honour @SAMBA_FEATURES_SUPPORTED flag in @IDXATTR
Andrew Bartlett [Thu, 2 Feb 2017 22:47:41 +0000 (11:47 +1300)]
dsdb: Honour @SAMBA_FEATURES_SUPPORTED flag in @IDXATTR

This allows us to detect modification by a Samba version prior to
the introduction of the compatibleFeatures logic as this flag will
be stripped by the schema load code of older Samba versions.
Therefore if it is not present, then remove all
compatibleFeatures.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoschema: Set flag into @INDEXLIST to indicate we support feature flags
Andrew Bartlett [Fri, 3 Feb 2017 03:13:43 +0000 (16:13 +1300)]
schema: Set flag into @INDEXLIST to indicate we support feature flags

Because @INDEXLIST is rewritten by all Samba versions, we can detect
that we have opened the database with an older version that does not
support the feature flags by the absense of this in @INDEXLIST

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agosamba_dsdb: Use and maintain compatibleFeatures and requiredFeatures in @SAMBA_DSDB
Andrew Bartlett [Thu, 12 Jan 2017 03:51:45 +0000 (16:51 +1300)]
samba_dsdb: Use and maintain compatibleFeatures and requiredFeatures in @SAMBA_DSDB

This will allow us to introduce new database features that are
backward compatible from the point of view of older versions of Samba,
but which will be damaged by modifying the database with such a
version.

For example, if linked attributes are stored in sorted order in 4.7,
and this change, without any values in current_supportedFeatures is
itself included in 4.6, then our sortedLinks are backward compatible
to that release.

That is with 4.6 (including this patch) which doesn't care about
ordering -- but a downgraded 4.7 database used by 4.6 will be broken
when later used with 4.7.  If we add a 'sortedLinks' feature flag in
compatibleFeatures, we can detect that.

This will allow us to determine if the database still contains
unsorted links, as that information allows us to make the code
handling links much more efficient.

We won't add the actual flag until all the code is in place.

Andrew wrote the actual code and Douglas wrote the tests, and they
cross-reviewed.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Piar-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
selftest: check for database features flags

2 years agorepl_md: get links in sorted order in replmd_add_fix_la
Douglas Bagnall [Wed, 1 Feb 2017 04:34:51 +0000 (17:34 +1300)]
repl_md: get links in sorted order in replmd_add_fix_la

This is where forward links get added when they get added with an
object.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: treat a zero GUID as not present in get_parsed_dns
Douglas Bagnall [Thu, 2 Feb 2017 03:37:58 +0000 (16:37 +1300)]
replmd: treat a zero GUID as not present in get_parsed_dns

This roughly follows the pattern in the 2009 commit
0d5d7f58473c989bff4 by the Andrews Tridgell and Bartlett, which dealt
with zero GUIDs in replmd_add_fix_la(). That function is about to use
get_parsed_dns() [see next commit], and the other users of
get_parsed_dns don't really want to see zero guids, so it is simpler
to test here.

This makes hitting the GUID_all_zero branch of parsed_dn_find() even
more unlikely.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: keep links sorted in replmd_process_linked_attribute
Douglas Bagnall [Fri, 27 Jan 2017 04:46:22 +0000 (17:46 +1300)]
replmd: keep links sorted in replmd_process_linked_attribute

This is where linked attributes get added during a replication.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd linked_attributes: maintain sorted links in replace
Douglas Bagnall [Fri, 6 Jan 2017 03:38:03 +0000 (16:38 +1300)]
replmd linked_attributes: maintain sorted links in replace

We use a merge-like algorithm, which gives us a slight algorithmic
improvement (O(m + n) vs O(m log(n) + n log(m))) and keeps the results
sorted.

Here's an example. There are existing links to {A C D* F*} where D*
and F* represent deleted links, and we want to replace them with {B C
E F}.

existing:       A     C  D* E  F*
                      |     |  |
replacements:      B  C     E  F

result:         A* B  C  D* E  F

This is what happens to each link:

A  gets deleted to A*.
B  gets added.
C  is retained, with possible extended DN changes.
D* stays in the list as a deleted link
E  is retained like C
F  is undeleted.

Backlinks are created in the case of B and F
The backlink for A is deleted
The backlinks are not changed for C and E or D* (D* has none)

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd linked attributes: use really_parse_trusted_dn everywhere
Douglas Bagnall [Wed, 11 Jan 2017 04:49:24 +0000 (17:49 +1300)]
replmd linked attributes: use really_parse_trusted_dn everywhere

This function fills out the DN and GUID fields of an unparsed
parsed_dn struct, which was happening in a few other places already.

In some places the GUID was not being filled out, which would probably
cause problems if the sorted_links switch was turned on.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: simplify and optimise replmd_modify_la_delete
Douglas Bagnall [Thu, 5 Jan 2017 22:00:57 +0000 (11:00 +1300)]
replmd: simplify and optimise replmd_modify_la_delete

With the old binary search, we didn't get a pointer to the found
value, just a yes or no answer as to its existence. That meant we
ended up searching in both directions to find the links to be deleted.
As a consequence we needed to parse out the GUID of every existing
link, even if it wasn't being deleted.

Here we do it in one pass.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: rearrange nothing-to-delete logic
Douglas Bagnall [Thu, 5 Jan 2017 20:49:38 +0000 (09:49 +1300)]
replmd: rearrange nothing-to-delete logic

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agorepl_meta_data: linked attributes use DRS sort order
Andrew Bartlett [Wed, 4 Jan 2017 01:09:00 +0000 (14:09 +1300)]
repl_meta_data: linked attributes use DRS sort order

Links come over the wire as if sorted by memcmp() on the binary blobs,
not as sorted by GUID_compare(). Until a few patches ago, a newly
joined DC would have its linked attributes in the memcmp order. This
restores that behaviour.

This comparison could be made more efficient by storing the GUID in
the original state, but it does not seem to be a bottleneck.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agoreplmd: rework replmd_modify_la_add to merge efficiently
Douglas Bagnall [Thu, 29 Dec 2016 00:20:41 +0000 (13:20 +1300)]
replmd: rework replmd_modify_la_add to merge efficiently

Because both the list of added links and the list of existing links
are sorted, it is possible to interlace the two and obtain a merged
sorted list.

We avoid a great amount of talloc_realloc()ing by observing that the
merged list can't be longer than the sum of the two lists.

In the (common) case where there are many existing links but few being
added, we avoid parsing most of the existing link DNs and GUIDs if the
sorted_links feature flag is set.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd linked attrs: fully parse dn for upgrade check
Andrew Bartlett [Fri, 3 Feb 2017 02:35:02 +0000 (15:35 +1300)]
replmd linked attrs: fully parse dn for upgrade check

Elsewhere we use the dsdb_dn pointer as a flag indicating parsed-ness,
so we have to be consistent.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd linked attributes: lazy parsing for trusted DNs
Andrew Bartlett [Fri, 3 Feb 2017 02:34:17 +0000 (15:34 +1300)]
replmd linked attributes: lazy parsing for trusted DNs

If we know that links from the database are in sorted order (via the
replmd_private->sorted_links flag), we can avoid actually parsing them
until it is absolutely necessary.

In many cases we are adding a single link to a long list. The location
of the single link is found via a binary search, so we end up parsing
log(N) DNs instead of N.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: Add placeholder sorted_links to struct replmd_private
Andrew Bartlett [Fri, 3 Feb 2017 02:31:55 +0000 (15:31 +1300)]
replmd: Add placeholder sorted_links to struct replmd_private

This will be initialised to false (zero) by default and will later come
from the compatibleFeatures in @SAMBA_DSDB

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agoreplmd: replmd_check_upgrade_links() needs to first parses DNs
Douglas Bagnall [Thu, 29 Dec 2016 02:09:15 +0000 (15:09 +1300)]
replmd: replmd_check_upgrade_links() needs to first parses DNs

Because we now load the dns with get_parsed_dns_trusted we have
to manually explode them in the upgrade tests.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: parsed_dn_find() finds insertion point as well as exact hit
Douglas Bagnall [Wed, 28 Dec 2016 23:12:23 +0000 (12:12 +1300)]
replmd: parsed_dn_find() finds insertion point as well as exact hit

This will allow us to maintain the list of links in sorted order.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agobinsearch: make BINARY_ARRAY_SEARCH_GTE compare against a pointer
Douglas Bagnall [Thu, 22 Dec 2016 03:09:22 +0000 (16:09 +1300)]
binsearch: make BINARY_ARRAY_SEARCH_GTE compare against a pointer

This is in preparation for improvements in our handling of linked
attributes where we make changes to the pointer in the process of
comparing it (for caching purposes).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agobinsearch: clarify variable name in greater-than-or-equal search
Douglas Bagnall [Thu, 15 Dec 2016 01:39:33 +0000 (14:39 +1300)]
binsearch: clarify variable name in greater-than-or-equal search

The exact match variable was called "result" following the other
macros, which confused me for a moment.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: fix variable names in replmd_check_upgrade_links
Douglas Bagnall [Wed, 11 Jan 2017 03:15:42 +0000 (16:15 +1300)]
replmd: fix variable names in replmd_check_upgrade_links

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: replmd_check_upgrade_links() only checks the first DN
Douglas Bagnall [Thu, 29 Dec 2016 02:08:00 +0000 (15:08 +1300)]
replmd: replmd_check_upgrade_links() only checks the first DN

This assumes the links (on an object in the database) are either all in
the old format or all in the new.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: pass replmd_private down to replmd_add_backlink()
Andrew Bartlett [Fri, 3 Feb 2017 01:39:00 +0000 (14:39 +1300)]
replmd: pass replmd_private down to  replmd_add_backlink()

This is not much saving, but we are soon going to need replmd_private
in the intermediate layers (e.g. replmd_modify_la_add).

Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agoreplmd: Fix some whitespace in repl_meta_data.c
Douglas Bagnall [Fri, 23 Dec 2016 01:18:13 +0000 (14:18 +1300)]
replmd: Fix some whitespace in repl_meta_data.c

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: check whether list is already sorted in get_parsed_dns()
Douglas Bagnall [Sat, 17 Dec 2016 09:04:59 +0000 (22:04 +1300)]
replmd: check whether list is already sorted in get_parsed_dns()

If they are we can avoid the sort.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoselftest: Do not test for link ordering in tombstones_expunge test
Andrew Bartlett [Wed, 4 Jan 2017 08:27:58 +0000 (21:27 +1300)]
selftest: Do not test for link ordering in tombstones_expunge test

By testing only for the DNs that are returned we do not change the strictness of
the test, because it is a test of the match rule which applies to the whole
object, not the returned values.

However, when this code asserted the returned order of the links, it prevents
us from changing this order.  This order was not deterministic across DCs
but as this test ran against an offline DB, it was able to assume a
particular order.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agos4/linked_attribute tests: remove helper function unused parameter
Douglas Bagnall [Wed, 1 Feb 2017 01:21:22 +0000 (14:21 +1300)]
s4/linked_attribute tests: remove helper function unused parameter

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4/linked_attribute tests: try adding linked attributes directly
Douglas Bagnall [Thu, 2 Feb 2017 00:57:16 +0000 (13:57 +1300)]
s4/linked_attribute tests: try adding linked attributes directly

Previously we have only added linked attributes using a modify.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4/linked_attribute tests: test with the relax control
Douglas Bagnall [Wed, 1 Feb 2017 01:19:36 +0000 (14:19 +1300)]
s4/linked_attribute tests: test with the relax control

We had a theory this caused problems. It didn't, but the tests are
still worthwhile.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4/linked_attribute tests: compare link lists in sorted order
Douglas Bagnall [Wed, 11 Jan 2017 22:57:17 +0000 (11:57 +1300)]
s4/linked_attribute tests: compare link lists in sorted order

This isn't functionally different[1] from the previous use of set(),
but it makes the error output easier to read.

[1] OK, it will also show duplicates, which we really don't expect and
would definitely want to see.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4/linked_attribute tests: remove unused code
Douglas Bagnall [Wed, 11 Jan 2017 22:53:15 +0000 (11:53 +1300)]
s4/linked_attribute tests: remove unused code

We don't test for sort order because we don't depend on it. So this
test was never used.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4/linked_attribute tests: add multiple links and replace tests
Douglas Bagnall [Tue, 10 Jan 2017 23:26:13 +0000 (12:26 +1300)]
s4/linked_attribute tests: add multiple links and replace tests

Also a "delete all" test.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4/linked_attributes test: pep8 tidy-up, remove unused imports
Douglas Bagnall [Tue, 10 Jan 2017 23:19:21 +0000 (12:19 +1300)]
s4/linked_attributes test: pep8 tidy-up, remove unused imports

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agotorture/drs: expand test for DRSUAPI_DRS_GET_ANC
Bob Campbell [Mon, 12 Dec 2016 03:00:35 +0000 (16:00 +1300)]
torture/drs: expand test for DRSUAPI_DRS_GET_ANC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb  9 03:16:09 CET 2017 on sn-devel-144

2 years agogetncchanges: implement DRSUAPI_DRS_GET_ANC more correctly
Stefan Metzmacher [Tue, 29 Nov 2016 10:12:22 +0000 (11:12 +0100)]
getncchanges: implement DRSUAPI_DRS_GET_ANC more correctly

The most important case is the combination of
DRSUAPI_DRS_CRITICAL_ONLY and DRSUAPI_DRS_GET_ANC.

With DRSUAPI_DRS_GET_ANC we need to make sure all ancestors
included even if they're not marked with
isCriticalSystemObject=TRUE.

I guess we still don't behave exactly as Windows, but it's much
better than before and fixes the initial replication if
someone moved the administrator account to an OU.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398

Pair-Programmed-With: Bob Campbell <bobcampbell@catalyst.net.nz>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogetncchanges: calculate getnc_state->min_usn calculation based on the uptodateness...
Stefan Metzmacher [Tue, 7 Feb 2017 11:37:16 +0000 (12:37 +0100)]
getncchanges: calculate getnc_state->min_usn calculation based on the uptodateness vector

This should improve initial replication of a fresh destination dsa with
a zero highwatermark.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogetncchanges: improve get_nc_changes_add_links() by checking uSNChanged
Stefan Metzmacher [Tue, 7 Feb 2017 11:28:33 +0000 (12:28 +0100)]
getncchanges: improve get_nc_changes_add_links() by checking uSNChanged

This will make a difference once we handle DRSUAPI_DRS_GET_ANC correctly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogetncchanges: improve get_nc_changes_build_object() by checking uSNChanged
Stefan Metzmacher [Tue, 7 Feb 2017 11:28:33 +0000 (12:28 +0100)]
getncchanges: improve get_nc_changes_build_object() by checking uSNChanged

This will make a difference once we handle DRSUAPI_DRS_GET_ANC correctly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogetncchanges: fix highest_usn off by one calculation in get_nc_changes_add_links()
Stefan Metzmacher [Tue, 7 Feb 2017 11:34:45 +0000 (12:34 +0100)]
getncchanges: fix highest_usn off by one calculation in get_nc_changes_add_links()

highest_usn is the the highest usn the destination dsa already knows about.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogetncchanges: remove unused c++ comments/code in getncchanges_collect_objects()
Stefan Metzmacher [Wed, 8 Feb 2017 09:24:56 +0000 (10:24 +0100)]
getncchanges: remove unused c++ comments/code in getncchanges_collect_objects()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogetncchanges: do not replicate links for non critical objects if DRSUAPI_DRS_CRITICAL...
Garming Sam [Wed, 14 Dec 2016 03:04:32 +0000 (16:04 +1300)]
getncchanges: do not replicate links for non critical objects if DRSUAPI_DRS_CRITICAL_ONLY is set

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398

Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz>

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogetncchanges: don't process DRSUAPI_DRS_CRITICAL_ONLY for EXOPs
Stefan Metzmacher [Wed, 30 Nov 2016 08:11:31 +0000 (09:11 +0100)]
getncchanges: don't process DRSUAPI_DRS_CRITICAL_ONLY for EXOPs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogetncchanges: remember the ncRoot_guid on the getncchanges state
Stefan Metzmacher [Tue, 29 Nov 2016 10:09:46 +0000 (11:09 +0100)]
getncchanges: remember the ncRoot_guid on the getncchanges state

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogetncchanges: pass struct ldb_message as const
Stefan Metzmacher [Thu, 1 Dec 2016 10:50:34 +0000 (11:50 +0100)]
getncchanges: pass struct ldb_message as const

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogetncchanges: only set nc_{object,linked_attributes}_count with DRSUAPI_DRS_GET_NC_SIZE
Stefan Metzmacher [Tue, 29 Nov 2016 12:23:23 +0000 (13:23 +0100)]
getncchanges: only set nc_{object,linked_attributes}_count with DRSUAPI_DRS_GET_NC_SIZE

The main change is that we return 0 values if DRSUAPI_DRS_GET_NC_SIZE is not
present in order to get the same result as a Windows server in that case.

If DRSUAPI_DRS_GET_NC_SIZE is return the number of links we found so far
during the cycle in addition the number of objects returned in this cycle.
Both values doesn't match what Windows returns, but doing that
correctly and efficient is a task for another day.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agotorture/drs: remove pointless nc_object_count replication checks in test_link_utdv_hwm()
Stefan Metzmacher [Tue, 7 Feb 2017 16:06:47 +0000 (17:06 +0100)]
torture/drs: remove pointless nc_object_count replication checks in test_link_utdv_hwm()

nc_object_count and nc_linked_attributes_count are only filled if
DRSUAPI_DRS_GET_NC_SIZE is requested. And they should contain
the total number. This is only useful for the initial replication.

Samba ignores DRSUAPI_DRS_GET_NC_SIZE currently but that will change in
the following commits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopython/join: use DRSUAPI_DRS_GET_NC_SIZE for the initial replication
Stefan Metzmacher [Tue, 29 Nov 2016 13:29:59 +0000 (14:29 +0100)]
python/join: use DRSUAPI_DRS_GET_NC_SIZE for the initial replication

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopython/join: set common replica_flags in dc_join.__init__()
Stefan Metzmacher [Tue, 29 Nov 2016 13:27:57 +0000 (14:27 +0100)]
python/join: set common replica_flags in dc_join.__init__()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agodrsuapi.idl: make drsuapi_DsGetNCChangesRequest10 [public]
Stefan Metzmacher [Tue, 7 Feb 2017 15:22:41 +0000 (16:22 +0100)]
drsuapi.idl: make drsuapi_DsGetNCChangesRequest10 [public]

This allows ndr_print to work.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agodrsuapi.idl: add drsuapi_DrsMoreOptions with DRSUAPI_DRS_GET_TGT
Stefan Metzmacher [Tue, 29 Nov 2016 08:22:44 +0000 (09:22 +0100)]
drsuapi.idl: add drsuapi_DrsMoreOptions with DRSUAPI_DRS_GET_TGT

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:libnet: s/highestCommitedUSN/highestCommittedUSN
Stefan Metzmacher [Thu, 1 Dec 2016 10:49:25 +0000 (11:49 +0100)]
s4:libnet: s/highestCommitedUSN/highestCommittedUSN

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:dsdb/repl: s/highestCommitedUsn/highestCommittedUSN
Stefan Metzmacher [Thu, 1 Dec 2016 10:49:07 +0000 (11:49 +0100)]
s4:dsdb/repl: s/highestCommitedUsn/highestCommittedUSN

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoctdb-build: Install CTDB tests correctly from toplevel
Amitay Isaacs [Wed, 1 Feb 2017 04:53:47 +0000 (15:53 +1100)]
ctdb-build: Install CTDB tests correctly from toplevel

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12547

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Feb  2 08:25:57 CET 2017 on sn-devel-144

2 years agos3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store the same path as stream...
Jeremy Allison [Wed, 1 Feb 2017 19:36:25 +0000 (11:36 -0800)]
s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store the same path as streams_xattr_recheck().

If the open is changing directories, fsp->fsp_name->base_name
will be the full path from the share root, whilst
smb_fname will be relative to the $cwd.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12546

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb  2 01:55:42 CET 2017 on sn-devel-144

2 years agosmbd: Fix "map acl inherit" = yes
Volker Lendecke [Wed, 1 Feb 2017 14:41:43 +0000 (14:41 +0000)]
smbd: Fix "map acl inherit" = yes

Brown-Paper-Bag bug in f85c2a6852a. The assignment contains a self-reference
in get_pai_flags which I missed.

Fix an uninitialized read.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12551
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Feb  1 22:06:50 CET 2017 on sn-devel-144

2 years agotalloc/wscript: avoid passing pointless enabled=True to SAMBA_PYTHON()
Stefan Metzmacher [Sun, 29 Jan 2017 14:52:30 +0000 (15:52 +0100)]
talloc/wscript: avoid passing pointless enabled=True to SAMBA_PYTHON()

This is the default and should not be passed explicitly.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb  1 18:16:58 CET 2017 on sn-devel-144

2 years agoctdb-common: ioctl(.. FIONREAD ..) returns an int value
Amitay Isaacs [Wed, 1 Feb 2017 04:52:48 +0000 (15:52 +1100)]
ctdb-common: ioctl(.. FIONREAD ..) returns an int value

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12549

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Feb  1 14:29:14 CET 2017 on sn-devel-144

2 years agoutil:charset: Return EILSEQ in smb_iconv() if newer libc is detected
Andreas Schneider [Mon, 30 Jan 2017 16:17:38 +0000 (17:17 +0100)]
util:charset: Return EILSEQ in smb_iconv() if newer libc is detected

This is the behaviour of glibc 2.24 and newer.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb  1 05:16:46 CET 2017 on sn-devel-144

2 years agoauth: fix mem leak & use appropriate free function
Aurelien Aptel [Tue, 17 Jan 2017 13:39:02 +0000 (14:39 +0100)]
auth: fix mem leak & use appropriate free function

coverity fix.

cli_credentials_set_principal does a strdup, we want to free 'name'
regardless of the result in 'ok'.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoctdb-tests: Use replace headers instead of system headers
Amitay Isaacs [Tue, 31 Jan 2017 05:49:14 +0000 (16:49 +1100)]
ctdb-tests: Use replace headers instead of system headers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12469

This ensures that PTHREAD_MUTEX_ROBUST, pthread_mutexattr_setrobust()
and pthread_mutex_consistent() are always defined.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 31 11:57:01 CET 2017 on sn-devel-144