samba.git
7 weeks agotests/pam_winbind.py: turn pypamtest.PamTestError into a failure
Stefan Metzmacher [Wed, 18 Sep 2019 06:04:42 +0000 (08:04 +0200)]
tests/pam_winbind.py: turn pypamtest.PamTestError into a failure

A failure generated by the AssertionError() checks can be added
to selftest/knownfail.d/*.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agos3:winbindd: implement the "winbind use krb5 enterprise principals" logic
Stefan Metzmacher [Fri, 19 Jul 2019 15:10:09 +0000 (15:10 +0000)]
s3:winbindd: implement the "winbind use krb5 enterprise principals" logic

We can use enterprise principals (e.g. upnfromB@B.EXAMPLE.COM@PRIMARY.A.EXAMPLE.COM)
and delegate the routing decisions to the KDCs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agodocs-xml: add "winbind use krb5 enterprise principals" option
Stefan Metzmacher [Wed, 11 Sep 2019 14:44:43 +0000 (16:44 +0200)]
docs-xml: add "winbind use krb5 enterprise principals" option

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agokrb5_wrap: let smb_krb5_parse_name() accept enterprise principals
Stefan Metzmacher [Fri, 13 Sep 2019 13:52:25 +0000 (15:52 +0200)]
krb5_wrap: let smb_krb5_parse_name() accept enterprise principals

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agos3:libads: ads_krb5_chg_password() should always use the canonicalized principal
Stefan Metzmacher [Fri, 13 Sep 2019 14:04:30 +0000 (16:04 +0200)]
s3:libads: ads_krb5_chg_password() should always use the canonicalized principal

We should always use krb5_get_init_creds_opt_set_canonicalize()
and krb5_get_init_creds_opt_set_win2k() for heimdal
and expect the client principal to be changed.

There's no reason to have a different logic between MIT and Heimdal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agos4:auth: kinit_to_ccache() should always use the canonicalized principal
Stefan Metzmacher [Fri, 13 Sep 2019 14:04:30 +0000 (16:04 +0200)]
s4:auth: kinit_to_ccache() should always use the canonicalized principal

We should always use krb5_get_init_creds_opt_set_canonicalize()
and krb5_get_init_creds_opt_set_win2k() for heimdal
and expect the client principal to be changed.

There's no reason to have a different logic between MIT and Heimdal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agokrb5_wrap: smb_krb5_kinit_password_ccache() should always use the canonicalized principal
Stefan Metzmacher [Fri, 13 Sep 2019 14:04:30 +0000 (16:04 +0200)]
krb5_wrap: smb_krb5_kinit_password_ccache() should always use the canonicalized principal

We should always use krb5_get_init_creds_opt_set_canonicalize()
and krb5_get_init_creds_opt_set_win2k() for heimdal
and expect the client principal to be changed.

There's no reason to have a different logic between MIT and Heimdal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agos3:libads/kerberos: always use the canonicalized principal after kinit
Stefan Metzmacher [Fri, 13 Sep 2019 14:04:30 +0000 (16:04 +0200)]
s3:libads/kerberos: always use the canonicalized principal after kinit

We should always use krb5_get_init_creds_opt_set_canonicalize()
and krb5_get_init_creds_opt_set_win2k() for heimdal
and expect the client principal to be changed.

There's no reason to have a different logic between MIT and Heimdal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agos3:libsmb: let cli_session_creds_prepare_krb5() update the canonicalized principal...
Stefan Metzmacher [Tue, 17 Sep 2019 06:49:13 +0000 (08:49 +0200)]
s3:libsmb: let cli_session_creds_prepare_krb5() update the canonicalized principal to cli_credentials

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agos3:libsmb: avoid wrong debug message in cli_session_creds_prepare_krb5()
Stefan Metzmacher [Tue, 17 Sep 2019 08:08:10 +0000 (10:08 +0200)]
s3:libsmb: avoid wrong debug message in cli_session_creds_prepare_krb5()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agos3:libads: let kerberos_kinit_password_ext() return the canonicalized principal/realm
Stefan Metzmacher [Mon, 16 Sep 2019 15:14:11 +0000 (17:14 +0200)]
s3:libads: let kerberos_kinit_password_ext() return the canonicalized principal/realm

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agos4:auth: use the correct client realm in gensec_gssapi_update_internal()
Stefan Metzmacher [Tue, 17 Sep 2019 06:05:09 +0000 (08:05 +0200)]
s4:auth: use the correct client realm in gensec_gssapi_update_internal()

The function gensec_gssapi_client_creds() may call kinit and gets
a TGT for the user. The principal provided by the user may not
be canonicalized. The user may use 'given.last@example.com'
but that may be mapped to glast@AD.EXAMPLE.PRIVATE in the background.

It means we should use client_realm = AD.EXAMPLE.PRIVATE
instead of client_realm = EXAMPLE.COM

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agonsswitch: add logging to wbc_auth_error_to_pam_error() for non auth errors
Stefan Metzmacher [Wed, 18 Sep 2019 11:58:46 +0000 (13:58 +0200)]
nsswitch: add logging to wbc_auth_error_to_pam_error() for non auth errors

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agowscript_build: string concatenation efficiency cleanup
Björn Jacke [Fri, 23 Aug 2019 00:19:20 +0000 (02:19 +0200)]
wscript_build: string concatenation efficiency cleanup

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Tue Sep 24 13:40:21 UTC 2019 on sn-devel-184

7 weeks agopfm_verif: string concatenation efficiency cleanup
Björn Jacke [Fri, 23 Aug 2019 00:21:17 +0000 (02:21 +0200)]
pfm_verif: string concatenation efficiency cleanup

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
7 weeks agoscripting: avoid inefficient string redefinition
Björn Jacke [Sun, 25 Aug 2019 21:10:19 +0000 (23:10 +0200)]
scripting: avoid inefficient string redefinition

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
7 weeks agowscript: avoid inefficient string concatenations
Björn Jacke [Sun, 25 Aug 2019 21:09:19 +0000 (23:09 +0200)]
wscript: avoid inefficient string concatenations

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
7 weeks agos3/wscript: avoid inefficient string concatenations
Björn Jacke [Sun, 25 Aug 2019 21:08:18 +0000 (23:08 +0200)]
s3/wscript: avoid inefficient string concatenations

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
7 weeks agoposixacl.py: avoid inefficient string concatenations
Björn Jacke [Sun, 25 Aug 2019 21:07:48 +0000 (23:07 +0200)]
posixacl.py: avoid inefficient string concatenations

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
7 weeks agoauth_log_winbind.py: avoid inefficient string concatenations
Björn Jacke [Sun, 25 Aug 2019 21:07:13 +0000 (23:07 +0200)]
auth_log_winbind.py: avoid inefficient string concatenations

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
7 weeks agoschema.py: avoid inefficient string concatenations
Björn Jacke [Sun, 25 Aug 2019 21:06:19 +0000 (23:06 +0200)]
schema.py: avoid inefficient string concatenations

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
7 weeks agouser.py: avoid inefficient string concatenations
Björn Jacke [Sun, 25 Aug 2019 21:06:00 +0000 (23:06 +0200)]
user.py: avoid inefficient string concatenations

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
7 weeks agogpo.py: avoid inefficient string concatenations
Björn Jacke [Sun, 25 Aug 2019 21:05:31 +0000 (23:05 +0200)]
gpo.py: avoid inefficient string concatenations

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
7 weeks agokcc_utils.py: avoid inefficient string concatenations
Björn Jacke [Sun, 25 Aug 2019 21:05:10 +0000 (23:05 +0200)]
kcc_utils.py: avoid inefficient string concatenations

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
7 weeks agotraffic.py: avoid inefficient string concatenations
Björn Jacke [Sun, 25 Aug 2019 21:04:25 +0000 (23:04 +0200)]
traffic.py: avoid inefficient string concatenations

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
7 weeks agoctdb-tests: Switch TEST_VAR_DIR to a local script variable
Martin Schwenke [Mon, 9 Sep 2019 07:59:15 +0000 (17:59 +1000)]
ctdb-tests: Switch TEST_VAR_DIR to a local script variable

This is now local to run_tests.sh.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Sep 24 03:46:59 UTC 2019 on sn-devel-184

7 weeks agoctdb-tests: Use CTDB_TEST_TMP_DIR in integration.bash
Martin Schwenke [Mon, 9 Sep 2019 06:13:45 +0000 (16:13 +1000)]
ctdb-tests: Use CTDB_TEST_TMP_DIR in integration.bash

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
7 weeks agoctdb-tests: Switch simple tests to use CTDB_TEST_TMP_DIR
Martin Schwenke [Thu, 5 Sep 2019 03:57:35 +0000 (13:57 +1000)]
ctdb-tests: Switch simple tests to use CTDB_TEST_TMP_DIR

CTDB_TEST_TMP_DIR repaces SIMPLE_TESTS_VAR_DIR.  local.bash no longer
needs to ensure that TEST_VAR_DIR is set, since it longer uses this
variable.  Drop the comment because state has not been maintained
between tests for some time.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
7 weeks agoctdb-tests: Switch takeover helper unit tests to use CTDB_TEST_TMP_DIR
Martin Schwenke [Fri, 6 Sep 2019 11:35:39 +0000 (21:35 +1000)]
ctdb-tests: Switch takeover helper unit tests to use CTDB_TEST_TMP_DIR

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
7 weeks agoctdb-tests: Switch tool unit tests to use CTDB_TEST_TMP_DIR
Martin Schwenke [Fri, 6 Sep 2019 11:35:16 +0000 (21:35 +1000)]
ctdb-tests: Switch tool unit tests to use CTDB_TEST_TMP_DIR

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
7 weeks agoctdb-tests: Switch onnode unit tests to use CTDB_TEST_TMP_DIR
Martin Schwenke [Fri, 6 Sep 2019 09:58:46 +0000 (19:58 +1000)]
ctdb-tests: Switch onnode unit tests to use CTDB_TEST_TMP_DIR

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
7 weeks agoctdb-tests: Switch eventscript unit tests to use CTDB_TEST_TMP_DIR
Martin Schwenke [Fri, 6 Sep 2019 10:13:19 +0000 (20:13 +1000)]
ctdb-tests: Switch eventscript unit tests to use CTDB_TEST_TMP_DIR

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
7 weeks agoctdb-tests: Switch eventd unit tests to use CTDB_TEST_TMP_DIR
Martin Schwenke [Fri, 6 Sep 2019 11:35:54 +0000 (21:35 +1000)]
ctdb-tests: Switch eventd unit tests to use CTDB_TEST_TMP_DIR

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
7 weeks agoctdb-tests: Switch cunit unit tests to use CTDB_TEST_TMP_DIR
Martin Schwenke [Fri, 6 Sep 2019 11:47:52 +0000 (21:47 +1000)]
ctdb-tests: Switch cunit unit tests to use CTDB_TEST_TMP_DIR

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
7 weeks agoctdb-tests: Add new variable CTDB_TEST_TMP_DIR
Martin Schwenke [Thu, 5 Sep 2019 03:42:26 +0000 (13:42 +1000)]
ctdb-tests: Add new variable CTDB_TEST_TMP_DIR

This is a subdirectory of TEST_VAR_DIR that is unique to the current
test suite.  It is recreated for each individual test.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
7 weeks agoctdb-tests: Move setting of CTDB_TEST_SUITE_DIR to run_tests.sh
Martin Schwenke [Mon, 9 Sep 2019 06:19:52 +0000 (16:19 +1000)]
ctdb-tests: Move setting of CTDB_TEST_SUITE_DIR to run_tests.sh

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
7 weeks agoctdb-tests: Rename variable TEST_SUBDIR -> CTDB_TEST_SUITE_DIR
Martin Schwenke [Fri, 6 Sep 2019 10:54:37 +0000 (20:54 +1000)]
ctdb-tests: Rename variable TEST_SUBDIR -> CTDB_TEST_SUITE_DIR

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
7 weeks agoctdb-tests: Use local_daemons.sh onnode for local daemons tests
Martin Schwenke [Thu, 5 Sep 2019 05:47:13 +0000 (15:47 +1000)]
ctdb-tests: Use local_daemons.sh onnode for local daemons tests

With some upcoming changes, the setting of CTDB_BASE becomes
problematic because it will be included unconditionally whereas it is
currently being conveniently and almost accidentally not include in
some contexts.

So, instead of trying to coerce onnode into behaving as desired, have
the local daemons tests use local_daemons.sh onnode directly.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
7 weeks agoctdb-tests: Use local $ctdb_base instead of $CTDB_BASE
Martin Schwenke [Mon, 23 Sep 2019 06:57:36 +0000 (16:57 +1000)]
ctdb-tests: Use local $ctdb_base instead of $CTDB_BASE

The latter might not be defined in a test.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
7 weeks agoctdb-tests: Generalise pattern for matching valgrind memcheck executable
Martin Schwenke [Mon, 23 Sep 2019 06:13:05 +0000 (16:13 +1000)]
ctdb-tests: Generalise pattern for matching valgrind memcheck executable

On my laptop this is "memcheck-amd64-linux instead of just "memcheck".

Alternatively, this part of the test could simply be skipped if
$VALGRIND is set.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
7 weeks agosmbd: Add an error return END_PROFILE call
Volker Lendecke [Fri, 20 Sep 2019 15:37:28 +0000 (08:37 -0700)]
smbd: Add an error return END_PROFILE call

All other return; statements in reply_tcon_and_X have this

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Sep 23 17:06:25 UTC 2019 on sn-devel-184

7 weeks agoclassicupgrade: fix a a bytes-like object is required, not 'str' error
Björn Jacke [Sat, 21 Sep 2019 11:24:59 +0000 (13:24 +0200)]
classicupgrade: fix a a bytes-like object is required, not 'str' error

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14136

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Björn Baumbach <bb@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Mon Sep 23 12:58:20 UTC 2019 on sn-devel-184

7 weeks agofault.c: improve fault_report message text pointing to our wiki
Björn Jacke [Mon, 23 Sep 2019 06:57:33 +0000 (08:57 +0200)]
fault.c: improve fault_report message text pointing to our wiki

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14139

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
7 weeks agosamba_version.py: avoid inefficient string concatenations
Björn Jacke [Sun, 25 Aug 2019 21:03:54 +0000 (23:03 +0200)]
samba_version.py: avoid inefficient string concatenations

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Sep 21 20:50:17 UTC 2019 on sn-devel-184

7 weeks agosamba_deps.py avoid inefficient string concatenations
Björn Jacke [Sun, 25 Aug 2019 21:02:37 +0000 (23:02 +0200)]
samba_deps.py avoid inefficient string concatenations

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
7 weeks agosamba_bundled.py avoid inefficient string concatenations
Björn Jacke [Sun, 25 Aug 2019 21:02:00 +0000 (23:02 +0200)]
samba_bundled.py avoid inefficient string concatenations

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
7 weeks agosamba_autoconf.py: avoid inefficient string concatenations
Björn Jacke [Sun, 25 Aug 2019 21:01:22 +0000 (23:01 +0200)]
samba_autoconf.py: avoid inefficient string concatenations

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
7 weeks agosamba_abi.py: avoid inefficient string concatenations
Björn Jacke [Sun, 25 Aug 2019 20:53:59 +0000 (22:53 +0200)]
samba_abi.py: avoid inefficient string concatenations

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
7 weeks agouser.py: import tempfile module only where needed
Björn Jacke [Sun, 25 Aug 2019 22:50:29 +0000 (00:50 +0200)]
user.py: import tempfile module only where needed

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
7 weeks agospoolss: Add PRINTER_DRIVER_CATEGORY_3D driver define
Günther Deschner [Sat, 28 Oct 2017 08:44:11 +0000 (10:44 +0200)]
spoolss: Add PRINTER_DRIVER_CATEGORY_3D driver define

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Sep 20 12:58:49 UTC 2019 on sn-devel-184

7 weeks agos4-torture: add netr_LogonGetDomainInfo NDR(64) tests
Günther Deschner [Wed, 18 Sep 2019 17:41:50 +0000 (19:41 +0200)]
s4-torture: add netr_LogonGetDomainInfo NDR(64) tests

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Sep 20 02:32:44 UTC 2019 on sn-devel-184

7 weeks agos4-torture: reformat test table in ndr test
Günther Deschner [Wed, 18 Sep 2019 23:55:09 +0000 (01:55 +0200)]
s4-torture: reformat test table in ndr test

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
7 weeks agotorture: add torture_suite_add_ndr_pull_io_test_flags()
Günther Deschner [Wed, 18 Sep 2019 17:48:40 +0000 (19:48 +0200)]
torture: add torture_suite_add_ndr_pull_io_test_flags()

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
7 weeks agos3-rpcclient: add logongetdomaininfo command
Günther Deschner [Wed, 18 Sep 2019 02:11:33 +0000 (04:11 +0200)]
s3-rpcclient: add logongetdomaininfo command

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
7 weeks agolibcli/auth: add netlogon_creds_cli_LogonGetDomainInfo()
Stefan Metzmacher [Mon, 20 Jul 2015 12:00:05 +0000 (14:00 +0200)]
libcli/auth: add netlogon_creds_cli_LogonGetDomainInfo()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agonetlogon.idl: fix the marshalling of netr_trust_extension_container for NDR64
Stefan Metzmacher [Thu, 15 Aug 2019 11:22:43 +0000 (13:22 +0200)]
netlogon.idl: fix the marshalling of netr_trust_extension_container for NDR64

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agonetlogon.idl: fix the marshalling of netr_OsVersion for NDR64
Stefan Metzmacher [Thu, 15 Aug 2019 11:22:43 +0000 (13:22 +0200)]
netlogon.idl: fix the marshalling of netr_OsVersion for NDR64

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agosecurity.idl: add SE_GROUP_INTEGRITY[_ENABLED] to security_GroupAttrs
Stefan Metzmacher [Tue, 20 Mar 2018 11:40:25 +0000 (12:40 +0100)]
security.idl: add SE_GROUP_INTEGRITY[_ENABLED] to security_GroupAttrs

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agolibrpc/idl: change from samr_GroupAttrs in samr.idl to security_GroupAttrs in securit...
Stefan Metzmacher [Tue, 20 Mar 2018 11:39:02 +0000 (12:39 +0100)]
librpc/idl: change from samr_GroupAttrs in samr.idl to security_GroupAttrs in security.idl

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agosecurity.idl: add GUID_DRS_ALLOWED_TO_AUTHENTICATE
Stefan Metzmacher [Thu, 1 Feb 2018 22:44:33 +0000 (23:44 +0100)]
security.idl: add GUID_DRS_ALLOWED_TO_AUTHENTICATE

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
7 weeks agomisc: fix AD trust attributes in adssearch
Günther Deschner [Thu, 12 Sep 2019 21:27:13 +0000 (23:27 +0200)]
misc: fix AD trust attributes in adssearch

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
7 weeks agolsa: document new LSA trust attributes
Günther Deschner [Thu, 12 Sep 2019 14:36:20 +0000 (16:36 +0200)]
lsa: document new LSA trust attributes

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
7 weeks agos3-winbindd: fix forest trusts with additional trust attributes.
Günther Deschner [Thu, 12 Sep 2019 14:39:10 +0000 (16:39 +0200)]
s3-winbindd: fix forest trusts with additional trust attributes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14130

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
7 weeks agos3-libads: adapt to coding standards, no code changes
Günther Deschner [Mon, 16 Sep 2019 23:50:33 +0000 (01:50 +0200)]
s3-libads: adapt to coding standards, no code changes

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 19 20:48:45 UTC 2019 on sn-devel-184

7 weeks agos3/vfs_shadow_copy2.c: Fix typo in comment.
Karolin Seeger [Thu, 19 Sep 2019 07:19:40 +0000 (09:19 +0200)]
s3/vfs_shadow_copy2.c: Fix typo in comment.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Thu Sep 19 14:09:44 UTC 2019 on sn-devel-184

7 weeks agodocs: Fix typo in vfs_ceph_snapshots man page.
Karolin Seeger [Thu, 19 Sep 2019 07:18:44 +0000 (09:18 +0200)]
docs: Fix typo in vfs_ceph_snapshots man page.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
7 weeks agoreplace: Remove crypt() reimplementation
Andrew Bartlett [Fri, 16 Aug 2019 08:54:03 +0000 (20:54 +1200)]
replace: Remove crypt() reimplementation

Use of Samba with plaintext authenticaiton is incredibly rare, even more
rare is plaintext authentication on systems without a crypt() call and
where DES based crypt() would be the right thing to do.

Remove this additional cryptographic code per our current efforts
to rely entirely on external libraries instead.

Similar to the arguments in this thread about zlib discussed on
samba-technical here:

https://lists.samba.org/archive/samba-technical/2019-May/133476.html

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Sep 19 09:28:21 UTC 2019 on sn-devel-184

7 weeks agomessaging: Do POOL_USAGE via a socket
Volker Lendecke [Fri, 30 Aug 2019 13:08:40 +0000 (15:08 +0200)]
messaging: Do POOL_USAGE via a socket

This makes debugging run-away processes much more efficient and even
possible at all: If the pool-usage output is more than 256MB, the
previous code could not realloc it and threw it away. Also, it is not
helpful for an already huge process to allocate even more.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 18 21:27:30 UTC 2019 on sn-devel-184

7 weeks agolib: Add talloc_full_report_printf()
Volker Lendecke [Fri, 30 Aug 2019 15:09:20 +0000 (17:09 +0200)]
lib: Add talloc_full_report_printf()

Print the talloc full report into a FILE*. talloc itself provides a
very similar function, talloc_report_full(). However, that has a
slightly different output, in particular it does not print the
contents of strings, which is very handy for debugging.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agolib: Align integer types
Volker Lendecke [Mon, 2 Sep 2019 09:41:05 +0000 (11:41 +0200)]
lib: Align integer types

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agomessaging4: Pass fds to messaging handlers
Volker Lendecke [Wed, 18 Sep 2019 16:19:37 +0000 (09:19 -0700)]
messaging4: Pass fds to messaging handlers

Boiler-plate replacement moving the (num_fds!=0) check down

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agoArgument to control number of operations -o no longer valid
Sam Zaydel [Thu, 7 Feb 2019 20:07:57 +0000 (20:07 +0000)]
Argument to control number of operations -o no longer valid

(This patch, only removing manpage text, submitted by gitlab.com user
Sam Zaydel @szaydel in MR 243 but without a Signed-off-by, so I
(Andrew Bartlett) am adding mine to say I'm happy to say this is a
legitimate and deliberate contribtion.)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 18 19:51:11 UTC 2019 on sn-devel-184

7 weeks agopod2man is no longer needed
Mathieu Parent [Wed, 18 Sep 2019 03:15:47 +0000 (03:15 +0000)]
pod2man is no longer needed

Since e24e344d0da58013fd5fa404529fe1d25ef403bf.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14131

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
7 weeks agos3:client:Use DEVICE_URI, instead of argv[0],for Device URI
Bryan Mason [Mon, 16 Sep 2019 19:35:06 +0000 (12:35 -0700)]
s3:client:Use DEVICE_URI, instead of argv[0],for Device URI

CUPS sanitizes argv[0] by removing username/password, so use
DEVICE_URI environment variable first.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14128

Signed-off-by: Bryan Mason <bmason@redhat.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Sep 18 12:31:11 UTC 2019 on sn-devel-184

7 weeks agos3: VFS: Remove vfs_netatalk. Old, unused and unmaintained.
Jeremy Allison [Tue, 17 Sep 2019 23:08:17 +0000 (16:08 -0700)]
s3: VFS: Remove vfs_netatalk. Old, unused and unmaintained.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 18 01:26:06 UTC 2019 on sn-devel-184

7 weeks agosmbd: Don't always walk the share mode array in open_mode_check()
Volker Lendecke [Mon, 16 Sep 2019 23:16:40 +0000 (16:16 -0700)]
smbd: Don't always walk the share mode array in open_mode_check()

share_mode_data->flags contains the "most restrictive" share mode of
the whole array. This is maintained lazily: Whenever set_share_mode()
is called, d->flags is updated if the new share mode got more
restrictive. It is not updated when a file is closed, as this would
mean we would have to walk the whole array, making sure that the
closed handle was indeed the only most restrictive one. Instead, we
walk the share mode array only when a conflict happens: Then we need
to know "the truth" and recalculate it by walking the share mode
array.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 18 00:07:13 UTC 2019 on sn-devel-184

7 weeks agosmbd: Add share mode flags
Volker Lendecke [Fri, 9 Aug 2019 14:27:48 +0000 (16:27 +0200)]
smbd: Add share mode flags

This will contain a summary of the "most restrictive" share mode and
lease, i.e. intersection of all share_access entries and the union of
all access_mask and leases in the share mode array. This way
open_mode_check in the non-conflicting case will only have to look at
the summary and not walk the share mode array.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Make "share_mode_flags" 16-bit wide
Volker Lendecke [Fri, 9 Aug 2019 14:16:21 +0000 (16:16 +0200)]
smbd: Make "share_mode_flags" 16-bit wide

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Introduce share_entries.tdb - ADD COMMENT FIXME !!
Volker Lendecke [Mon, 16 Sep 2019 17:01:36 +0000 (10:01 -0700)]
smbd: Introduce share_entries.tdb - ADD COMMENT FIXME !!

This moves share_modes[] from "struct share_mode_data" into a separate
share_entries.tdb with a sorted array of fixed-length (132 byte)
"struct share_mode_entry" entries.

I know it's one huge commit, but I did not see a way to keep both data
structures and associated code working together without a lot of code
duplication after having centralized all the code accessing the
share_modes[] array into a few routines.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agolib: Enable watching and storing dbwrap_watch records.
Volker Lendecke [Tue, 13 Aug 2019 12:18:05 +0000 (14:18 +0200)]
lib: Enable watching and storing dbwrap_watch records.

Samba so far on a dbwrap_watch record either watches or stores a
record, but never both from the same db_record instance acquired from
a dbwrap_fetch_locked(). In one of the next commits this will change,
we will watch a record and at the same time store data into it. This
patch enables a watch_send() followed by a storev() by properly
keeping the watchers around.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Allow another database between brlock.tdb and leases.tdb
Volker Lendecke [Sun, 15 Sep 2019 09:58:43 +0000 (11:58 +0200)]
smbd: Allow another database between brlock.tdb and leases.tdb

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agolib: Allow a 4th lock order
Volker Lendecke [Sun, 15 Sep 2019 09:56:25 +0000 (11:56 +0200)]
lib: Allow a 4th lock order

We will have another tdb soon

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agotorture3: Remove cleanup3
Volker Lendecke [Tue, 3 Sep 2019 12:37:26 +0000 (14:37 +0200)]
torture3: Remove cleanup3

This goes directly into the database, for which the format changes

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Remove stale share mode entries while walking the array
Volker Lendecke [Mon, 2 Sep 2019 14:25:28 +0000 (16:25 +0200)]
smbd: Remove stale share mode entries while walking the array

Previously, we did this only when writing out the locking.tdb
record. That was because we had places where the index of a particular
share mode entry mattered while operating on the array. This is no
longer the case, so we can remove stale entries early.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Make remove_stale_share_mode_entries() static in share_mode_lock.c
Volker Lendecke [Mon, 26 Aug 2019 16:59:44 +0000 (18:59 +0200)]
smbd: Make remove_stale_share_mode_entries() static in share_mode_lock.c

... to the place where the record is stored in the database

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Avoid calling remove_stale_share_mode_entries() in open.c
Volker Lendecke [Mon, 26 Aug 2019 16:56:24 +0000 (18:56 +0200)]
smbd: Avoid calling remove_stale_share_mode_entries() in open.c

All places that matter explicitly check for staleness. This cleanup
action should only happen before writing the database

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Use share_mode_forall_entries() in remove_lease_if_stale()
Volker Lendecke [Mon, 26 Aug 2019 15:09:57 +0000 (17:09 +0200)]
smbd: Use share_mode_forall_entries() in remove_lease_if_stale()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Pass share_mode_lock to remove_lease_if_stale()
Volker Lendecke [Mon, 26 Aug 2019 14:51:56 +0000 (16:51 +0200)]
smbd: Pass share_mode_lock to remove_lease_if_stale()

We'll want to use share_mode_forall_entries next

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Pass share_mode_lock to remove_share_mode_lease()
Volker Lendecke [Mon, 26 Aug 2019 14:47:44 +0000 (16:47 +0200)]
smbd: Pass share_mode_lock to remove_share_mode_lease()

Later we'll need "lck" further down

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Avoid duplicate assignments
Volker Lendecke [Mon, 26 Aug 2019 14:45:14 +0000 (16:45 +0200)]
smbd: Avoid duplicate assignments

remove_share_mode_lease() already does this

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Remove unused share_mode_stale_pid()
Volker Lendecke [Fri, 23 Aug 2019 15:44:25 +0000 (17:44 +0200)]
smbd: Remove unused share_mode_stale_pid()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Use share_mode_forall_entries() in share_entry_forall()
Volker Lendecke [Thu, 12 Sep 2019 11:03:53 +0000 (13:03 +0200)]
smbd: Use share_mode_forall_entries() in share_entry_forall()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Use share_mode_forall_leases() in share_mode_cleanup_disconnected()
Volker Lendecke [Thu, 12 Sep 2019 10:41:14 +0000 (12:41 +0200)]
smbd: Use share_mode_forall_leases() in share_mode_cleanup_disconnected()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Use share_mode_forall_leases() in lease_match()
Volker Lendecke [Mon, 19 Aug 2019 11:16:53 +0000 (13:16 +0200)]
smbd: Use share_mode_forall_leases() in lease_match()

We have to break leases referenced from multiple share modes only
once.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Use share_mode_forall_leases() in delay_rename_for_lease_break()
Volker Lendecke [Thu, 12 Sep 2019 09:35:34 +0000 (11:35 +0200)]
smbd: Use share_mode_forall_leases() in delay_rename_for_lease_break()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Use share_mode_forall_entries() in vfs_default_durable_reconnect()
Volker Lendecke [Fri, 23 Aug 2019 12:30:07 +0000 (14:30 +0200)]
smbd: Use share_mode_forall_entries() in vfs_default_durable_reconnect()

The durable reconnect mainly has to check that there is one and only one
entry, and it has to reset it with the new values.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Add reset_share_mode_entry
Volker Lendecke [Fri, 23 Aug 2019 12:13:41 +0000 (14:13 +0200)]
smbd: Add reset_share_mode_entry

Mostly for durable reconnect at this point

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Pass pid/share_file_id to find_share_mode_entry()
Volker Lendecke [Wed, 11 Sep 2019 14:50:24 +0000 (16:50 +0200)]
smbd: Pass pid/share_file_id to find_share_mode_entry()

Avoid the full fsp, this makes the indexing of the share mode array
clearer, and it makes the next commit easier

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Use share_mode_forall_entries() in share_mode_forall_leases()
Volker Lendecke [Mon, 26 Aug 2019 20:05:14 +0000 (22:05 +0200)]
smbd: Use share_mode_forall_entries() in share_mode_forall_leases()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
7 weeks agosmbd: Stop passing "share_mode_lock" via share_mode_forall_leases()
Volker Lendecke [Tue, 10 Sep 2019 19:21:01 +0000 (21:21 +0200)]
smbd: Stop passing "share_mode_lock" via share_mode_forall_leases()

Why? Next commit will make share_mode_forall_leases() use
share_mode_forall_entries(), and that does not necessarily have to
depend on "share_mode_lock". And as we can pass the required
information via "private_data", don't embed the "share_mode_lock"
reference into this lowlevel library routine.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>