samba.git
17 months agotdb: Harden tdb_rec_read
Volker Lendecke [Sun, 4 Mar 2018 09:07:29 +0000 (10:07 +0100)]
tdb: Harden tdb_rec_read

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
17 months agotdbdump: Avoid an int cast
Volker Lendecke [Sun, 4 Mar 2018 09:07:09 +0000 (10:07 +0100)]
tdbdump: Avoid an int cast

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
17 months agos3: docs: Add documentation for "smb2" and "smb2_credits" debug classes.
Jeremy Allison [Wed, 21 Mar 2018 19:56:12 +0000 (12:56 -0700)]
s3: docs: Add documentation for "smb2" and "smb2_credits" debug classes.

https://bugzilla.samba.org/show_bug.cgi?id=13347

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
17 months agos3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues.
Jeremy Allison [Wed, 21 Mar 2018 19:52:49 +0000 (12:52 -0700)]
s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues.

https://bugzilla.samba.org/show_bug.cgi?id=13347

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
17 months agolib: debug: Add DBGC_XXX versions of the macros to allow class-specific messages.
Jeremy Allison [Wed, 21 Mar 2018 19:40:50 +0000 (12:40 -0700)]
lib: debug: Add DBGC_XXX versions of the macros to allow class-specific messages.

https://bugzilla.samba.org/show_bug.cgi?id=13347

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
17 months agos3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all smbd/smb2_*.c files...
Jeremy Allison [Wed, 21 Mar 2018 19:01:05 +0000 (12:01 -0700)]
s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all smbd/smb2_*.c files with it.

Will allow easier smb2-specific debugging.

https://bugzilla.samba.org/show_bug.cgi?id=13347

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
17 months agolib:param: Fix the size type in lp_do_parameter_parametric()
Andreas Schneider [Wed, 21 Mar 2018 10:26:55 +0000 (11:26 +0100)]
lib:param: Fix the size type in lp_do_parameter_parametric()

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 22 01:54:08 CET 2018 on sn-devel-144

17 months agos3:lib: Fix size types in tldap_find_first_star()
Andreas Schneider [Wed, 21 Mar 2018 10:24:45 +0000 (11:24 +0100)]
s3:lib: Fix size types in tldap_find_first_star()

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
17 months agos3:lib: Fix size types in ms_fnmatch()
Andreas Schneider [Wed, 21 Mar 2018 10:19:44 +0000 (11:19 +0100)]
s3:lib: Fix size types in ms_fnmatch()

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
17 months agos3:printing: Fix size check in get_file_version()
Andreas Schneider [Thu, 7 Dec 2017 17:01:45 +0000 (18:01 +0100)]
s3:printing: Fix size check in get_file_version()

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agotalloc: version 2.1.12 talloc-2.1.12
Stefan Metzmacher [Wed, 21 Mar 2018 07:24:06 +0000 (08:24 +0100)]
talloc: version 2.1.12

* Fix documentation typo
* Fix compilation with -Wstrict-overflow=2
* Use a library destructor instead of atexit() if available
  (bug #7587)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 21 18:39:33 CET 2018 on sn-devel-144

17 months agotalloc: use a library destructor instead of atexit() if available
Stefan Metzmacher [Tue, 20 Mar 2018 15:48:33 +0000 (16:48 +0100)]
talloc: use a library destructor instead of atexit() if available

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7587

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
17 months agotalloc: Fix size type and checks in _vasprintf_tc
Andreas Schneider [Wed, 21 Mar 2018 10:55:45 +0000 (11:55 +0100)]
talloc: Fix size type and checks in _vasprintf_tc

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
17 months agos3: smbd: Fruit. Make the use of dom_sid_compare_domain() much clearer.
Jeremy Allison [Mon, 19 Mar 2018 22:46:41 +0000 (15:46 -0700)]
s3: smbd: Fruit. Make the use of dom_sid_compare_domain() much clearer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
17 months agosamba-tool visualize: fix python2.6 incompatibility
Björn Baumbach [Tue, 20 Mar 2018 11:15:22 +0000 (12:15 +0100)]
samba-tool visualize: fix python2.6 incompatibility

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13337

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Mar 21 09:25:51 CET 2018 on sn-devel-144

17 months agosamba-tool ldapcmp: remove duplicate takes_optiongroups attribute
Douglas Bagnall [Fri, 9 Mar 2018 03:13:01 +0000 (16:13 +1300)]
samba-tool ldapcmp: remove duplicate takes_optiongroups attribute

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agosamba_dnsupdate: Introduce automatic site coverage
Garming Sam [Mon, 12 Mar 2018 01:45:48 +0000 (14:45 +1300)]
samba_dnsupdate: Introduce automatic site coverage

This uses the underlying function in kcc_utils.py which already has
tests.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
17 months agotests/samba_dnsupdate: Add a trivial test of automatic site coverage
Garming Sam [Mon, 19 Mar 2018 03:50:36 +0000 (16:50 +1300)]
tests/samba_dnsupdate: Add a trivial test of automatic site coverage

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
17 months agotests/kcc_util: Add unit tests for automatic site coverage
Garming Sam [Wed, 14 Mar 2018 03:53:13 +0000 (16:53 +1300)]
tests/kcc_util: Add unit tests for automatic site coverage

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
17 months agokcc_utils: Use lower name in automatic sites covered
Garming Sam [Wed, 14 Mar 2018 03:52:58 +0000 (16:52 +1300)]
kcc_utils: Use lower name in automatic sites covered

This allows easier testing, as well as some consistency in the DNS
record creation.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
17 months agokcc_utils: Prevent multiple sites attached to a sitelink covering a site
Garming Sam [Tue, 13 Mar 2018 01:41:23 +0000 (14:41 +1300)]
kcc_utils: Prevent multiple sites attached to a sitelink covering a site

This avoids trivial duplicates in a similar manner as mentioned in:

https://blogs.technet.microsoft.com/askds/2011/04/29/sites-sites-everywhere/

It prefers the largest sites then the earliest alphabetically, so that
only a single site ever covers an uncovered site (within a site link).
Note that this isn't applicable over multiple site links (like Windows
presumably) and is only a simple mechanism to avoid excessive
registering.  DCs within the site will also still register for each.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
17 months agokcc_utils: Keep a count of the DCs in each site
Garming Sam [Tue, 13 Mar 2018 01:11:14 +0000 (14:11 +1300)]
kcc_utils: Keep a count of the DCs in each site

This is useful for ranking which sites are preferable within the same
site link.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
17 months agokcc_utils: Add a routine for automatic site coverage
Garming Sam [Tue, 13 Mar 2018 00:04:12 +0000 (13:04 +1300)]
kcc_utils: Add a routine for automatic site coverage

This allows double-coverage if two links exist with the same cost.
Administrators should only connect an DC-less site via a single site
link.

This also allows unnecessary coverage by all sites in the adjoining site
link (to be resolved in the later patches).

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
17 months agojoin.py: Add missing NTSTATUSError import
Garming Sam [Mon, 12 Mar 2018 01:44:58 +0000 (14:44 +1300)]
join.py: Add missing NTSTATUSError import

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
17 months agos3:registry: Fix size types and length calculations
Andreas Schneider [Thu, 7 Dec 2017 18:46:21 +0000 (19:46 +0100)]
s3:registry: Fix size types and length calculations

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 21 04:25:39 CET 2018 on sn-devel-144

17 months agos3:vfs_preopen: Change to a do-while loop and fix the check
Andreas Schneider [Thu, 7 Dec 2017 17:44:59 +0000 (18:44 +0100)]
s3:vfs_preopen: Change to a do-while loop and fix the check

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:locking: Fix integer overflow check in posix_lock_in_range()
Andreas Schneider [Thu, 7 Dec 2017 17:24:18 +0000 (18:24 +0100)]
s3:locking: Fix integer overflow check in posix_lock_in_range()

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:nmbd: Fix possible integer overflow
Andreas Schneider [Thu, 7 Dec 2017 14:24:59 +0000 (15:24 +0100)]
s3:nmbd: Fix possible integer overflow

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos4:dsdb: Fix integer operations
Andreas Schneider [Thu, 7 Dec 2017 16:32:36 +0000 (17:32 +0100)]
s4:dsdb: Fix integer operations

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agolib:socket: Return early if we have only one interface
Andreas Schneider [Thu, 7 Dec 2017 14:54:13 +0000 (15:54 +0100)]
lib:socket: Return early if we have only one interface

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agoldb: Fix size types in ldb_ldif functions
Andreas Schneider [Fri, 8 Dec 2017 09:03:00 +0000 (10:03 +0100)]
ldb: Fix size types in ldb_ldif functions

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:rpcclient: Fix size types
Andreas Schneider [Thu, 7 Dec 2017 18:21:38 +0000 (19:21 +0100)]
s3:rpcclient: Fix size types

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:rpc_server: Fix size types in spoolss
Andreas Schneider [Thu, 7 Dec 2017 17:50:20 +0000 (18:50 +0100)]
s3:rpc_server: Fix size types in spoolss

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:passdb: Fix size types
Andreas Schneider [Thu, 7 Dec 2017 17:48:45 +0000 (18:48 +0100)]
s3:passdb: Fix size types

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:modules: Fix size type in getdate
Andreas Schneider [Thu, 7 Dec 2017 19:07:08 +0000 (20:07 +0100)]
s3:modules: Fix size type in getdate

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:nmbd: Fix size type in nmbd_browsesync.c
Andreas Schneider [Thu, 7 Dec 2017 18:47:50 +0000 (19:47 +0100)]
s3:nmbd: Fix size type in nmbd_browsesync.c

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:utils: Fix size type in log2pcaphex
Andreas Schneider [Thu, 7 Dec 2017 18:47:04 +0000 (19:47 +0100)]
s3:utils: Fix size type in log2pcaphex

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:rpc_server: Fix size types in srvsvc
Andreas Schneider [Thu, 7 Dec 2017 17:42:44 +0000 (18:42 +0100)]
s3:rpc_server: Fix size types in srvsvc

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:vfs_nettalk: Fix size types
Andreas Schneider [Thu, 7 Dec 2017 17:39:07 +0000 (18:39 +0100)]
s3:vfs_nettalk: Fix size types

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:winbindd: Fix size types in idmap_tdb_common
Andreas Schneider [Thu, 7 Dec 2017 17:27:41 +0000 (18:27 +0100)]
s3:winbindd: Fix size types in idmap_tdb_common

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:printing: Fix size type in printing_db
Andreas Schneider [Thu, 7 Dec 2017 16:58:38 +0000 (17:58 +0100)]
s3:printing: Fix size type in printing_db

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:avahi: Fix size types
Andreas Schneider [Thu, 7 Dec 2017 16:57:05 +0000 (17:57 +0100)]
s3:avahi: Fix size types

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:client: Fix size types
Andreas Schneider [Thu, 7 Dec 2017 17:47:18 +0000 (18:47 +0100)]
s3:client: Fix size types

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos4:client: Fix size types
Andreas Schneider [Thu, 7 Dec 2017 16:55:34 +0000 (17:55 +0100)]
s4:client: Fix size types

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos4:torture: Fix size types in nss tests
Andreas Schneider [Thu, 7 Dec 2017 16:54:12 +0000 (17:54 +0100)]
s4:torture: Fix size types in nss tests

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:libsmb: Fix size types in nmblib
Andreas Schneider [Thu, 7 Dec 2017 16:52:39 +0000 (17:52 +0100)]
s3:libsmb: Fix size types in nmblib

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:torture: Fix size types in spoolss test
Andreas Schneider [Thu, 7 Dec 2017 16:50:33 +0000 (17:50 +0100)]
s3:torture: Fix size types in spoolss test

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos4:torture: Fix size types in qfileinfo test
Andreas Schneider [Thu, 7 Dec 2017 16:49:00 +0000 (17:49 +0100)]
s4:torture: Fix size types in qfileinfo test

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos4:torture: Fix size types in qsinfo test
Andreas Schneider [Thu, 7 Dec 2017 16:47:15 +0000 (17:47 +0100)]
s4:torture: Fix size types in qsinfo test

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos4:rpc_server: Fix size types
Andreas Schneider [Thu, 7 Dec 2017 16:48:00 +0000 (17:48 +0100)]
s4:rpc_server: Fix size types

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos4:utils: Fix size types
Andreas Schneider [Thu, 7 Dec 2017 16:45:45 +0000 (17:45 +0100)]
s4:utils: Fix size types

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:param: Fix size types
Andreas Schneider [Thu, 7 Dec 2017 16:03:37 +0000 (17:03 +0100)]
s3:param: Fix size types

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agolibcli:smb: Fix size types
Andreas Schneider [Thu, 7 Dec 2017 16:01:39 +0000 (17:01 +0100)]
libcli:smb: Fix size types

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos4:cldap_server: Fix size types
Andreas Schneider [Thu, 7 Dec 2017 16:43:58 +0000 (17:43 +0100)]
s4:cldap_server: Fix size types

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos4:ldap_server: Fix size types
Andreas Schneider [Thu, 7 Dec 2017 16:43:08 +0000 (17:43 +0100)]
s4:ldap_server: Fix size types

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos4:rpc_server: Fix size types in dcerpc dnsserver
Andreas Schneider [Thu, 7 Dec 2017 16:42:02 +0000 (17:42 +0100)]
s4:rpc_server: Fix size types in dcerpc dnsserver

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos4:dns_server: Fix size types
Andreas Schneider [Thu, 7 Dec 2017 16:40:00 +0000 (17:40 +0100)]
s4:dns_server: Fix size types

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3:libads: Fix size types in kerberos functions
Andreas Schneider [Thu, 7 Dec 2017 16:38:21 +0000 (17:38 +0100)]
s3:libads: Fix size types in kerberos functions

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos4:ntvfs: Fix size type in pvfs functions
Andreas Schneider [Thu, 7 Dec 2017 16:35:11 +0000 (17:35 +0100)]
s4:ntvfs: Fix size type in pvfs functions

This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agoheimdal: Fix size types
Andreas Schneider [Thu, 7 Dec 2017 19:26:40 +0000 (20:26 +0100)]
heimdal: Fix size types

This fixes compilation with -Wstrict-overflow=2

Upstream pull request:
https://github.com/heimdal/heimdal/pull/354

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agos3: Fix possible mem leak
Swen Schillig [Tue, 6 Mar 2018 09:35:32 +0000 (10:35 +0100)]
s3: Fix possible mem leak

The call to full_path_tos() might allocate memory which needs to be free'd
once processign is done.

Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
17 months agolib:replace: Fix linking when libtirpc-devel overwrites system headers
Noel Power [Thu, 15 Mar 2018 16:46:39 +0000 (16:46 +0000)]
lib:replace: Fix linking when libtirpc-devel overwrites system headers

Some systems (like SUSE currently) install the new tirpc headers by
overwritting the existing system location used by gcc. This patch will
detect if the headers in the system location belong to tirpc or not.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13341

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Mar 20 16:07:05 CET 2018 on sn-devel-144

17 months agopdb_samba_dsdb: make use of dom_sid_is_valid_account_domain()
Stefan Metzmacher [Thu, 25 Jan 2018 10:23:12 +0000 (11:23 +0100)]
pdb_samba_dsdb: make use of dom_sid_is_valid_account_domain()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Mar 20 01:29:40 CET 2018 on sn-devel-144

17 months agos4:rpc_server/lsa: make use of dom_sid_is_valid_account_domain()
Stefan Metzmacher [Thu, 25 Jan 2018 10:23:12 +0000 (11:23 +0100)]
s4:rpc_server/lsa: make use of dom_sid_is_valid_account_domain()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agolibcli/security: add dom_sid_is_valid_account_domain()
Stefan Metzmacher [Thu, 25 Jan 2018 08:50:17 +0000 (09:50 +0100)]
libcli/security: add dom_sid_is_valid_account_domain()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agos3:libsmb/samlogon_cache: zero session keys before storing the info3 structure
Stefan Metzmacher [Thu, 3 Feb 2011 01:23:21 +0000 (02:23 +0100)]
s3:libsmb/samlogon_cache: zero session keys before storing the info3 structure

The samlogon_cache is only used to get group memberships of the account
without asking the dc.

But for authentication we always ask the dc.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agos4:kdc: make sure we expand group memberships of the local domain
Stefan Metzmacher [Thu, 1 Feb 2018 17:40:58 +0000 (18:40 +0100)]
s4:kdc: make sure we expand group memberships of the local domain

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agos4:kdc: pass krbtgt and server to samba_kdc_update_pac_blob()
Stefan Metzmacher [Thu, 1 Feb 2018 17:40:58 +0000 (18:40 +0100)]
s4:kdc: pass krbtgt and server to samba_kdc_update_pac_blob()

This will be used for SID expanding and filtering.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agos4:kdc: remember is_krbtgt, is_rodc and is_trust samba_kdc_entry
Stefan Metzmacher [Thu, 1 Feb 2018 10:44:21 +0000 (11:44 +0100)]
s4:kdc: remember is_krbtgt, is_rodc and is_trust samba_kdc_entry

This can later be used for sid filtering and similar things.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agos4:auth_winbind: make sure we expand group memberships of the local domain
Stefan Metzmacher [Fri, 2 Feb 2018 11:37:51 +0000 (12:37 +0100)]
s4:auth_winbind: make sure we expand group memberships of the local domain

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agos4:auth_winbind: only call authsam_logon_success_accounting() for local users
Stefan Metzmacher [Tue, 9 Jan 2018 08:23:26 +0000 (09:23 +0100)]
s4:auth_winbind: only call authsam_logon_success_accounting() for local users

There's no need to do a crack_name_to_nt4_name(), as the authentication
already provides the nt4 domain and account names.

This should only happen on an RODC, that we use the winbind auth module
for local users. So we should make sure we only try to reset
the badPwdCount for users of our own domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agos4:auth: add authsam_update_user_info_dc() that implements SID expanding for the...
Stefan Metzmacher [Thu, 1 Feb 2018 22:12:36 +0000 (23:12 +0100)]
s4:auth: add authsam_update_user_info_dc() that implements SID expanding for the local domain

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agos4:auth: split out a authsam_domain_group_filter() function
Stefan Metzmacher [Fri, 2 Feb 2018 03:08:47 +0000 (04:08 +0100)]
s4:auth: split out a authsam_domain_group_filter() function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agos4:selftest: run samba4.blackbox.trust_token against fl2003dc and fl2008r2dc
Stefan Metzmacher [Mon, 26 Feb 2018 16:46:55 +0000 (17:46 +0100)]
s4:selftest: run samba4.blackbox.trust_token against fl2003dc and fl2008r2dc

This fails currently as we don't expand groups on the trust boundary.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agotestprogs/blackbox: add test_trust_token.sh
Stefan Metzmacher [Mon, 26 Feb 2018 16:46:55 +0000 (17:46 +0100)]
testprogs/blackbox: add test_trust_token.sh

This demonstrates, which SID we expect in a token of
an user of a trusted domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agoselftest/Samba4: create add ${TRUST_DOMSID}-513 to a local group
Stefan Metzmacher [Mon, 26 Feb 2018 16:05:49 +0000 (17:05 +0100)]
selftest/Samba4: create add ${TRUST_DOMSID}-513 to a local group

This will allow testing expanding groups on the trust boundary.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agosamba-tool: allow sid strings for 'group {add,remove}members'
Stefan Metzmacher [Mon, 26 Feb 2018 16:04:00 +0000 (17:04 +0100)]
samba-tool: allow sid strings for 'group {add,remove}members'

This makes it possible to add foreign SIDS as group members.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agoselftest: generate a ramdon domain sid during provision and export as SAMSID/[TRUST_...
Stefan Metzmacher [Mon, 26 Feb 2018 13:56:27 +0000 (14:56 +0100)]
selftest: generate a ramdon domain sid during provision and export as SAMSID/[TRUST_]DOMSID

This will be useful for future tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agoselftest/Samba4: use DOMAIN/REALM from the dcvars instead of using hardcoded values
Stefan Metzmacher [Mon, 26 Feb 2018 13:19:39 +0000 (14:19 +0100)]
selftest/Samba4: use DOMAIN/REALM from the dcvars instead of using hardcoded values

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agodsdb:repl_meta_data: improve error message in get_parsed_dns()
Stefan Metzmacher [Wed, 28 Feb 2018 09:48:59 +0000 (10:48 +0100)]
dsdb:repl_meta_data: improve error message in get_parsed_dns()

We may have a dn in '<SID=...>' form and ldb_dn_get_linearized()
just gives in empty string.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agodsdb:extended_dn_store: add support for FPO (foreignSecurityPrincipal) enabled attributes
Stefan Metzmacher [Wed, 31 Jan 2018 17:00:24 +0000 (18:00 +0100)]
dsdb:extended_dn_store: add support for FPO (foreignSecurityPrincipal) enabled attributes

This implements the handling for FPO-enabled attributes, see
[MS-ADTS] 3.1.1.5.2.3 Special Classes and Attributes:

  FPO-enabled attributes: member, msDS-MembersForAzRole,
    msDS-NeverRevealGroup, msDS-NonMembers, msDS-RevealOnDemandGroup,
    msDS-ServiceAccount.

Note there's no msDS-ServiceAccount in any schema (only
msDS-HostServiceAccount and that's not an FPO-enabled attribute
at least not in W2008R2)

msDS-NonMembers always generates NOT_SUPPORTED against W2008R2.

See also [MS-SAMR] 3.1.1.8.9 member.

We now create foreignSeurityPrincipal objects on the fly (as needed).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agotests/dsdb.py: test creation of foreignSecurityPrincipal via 'attr: <SID=...>'
Stefan Metzmacher [Sat, 24 Feb 2018 23:10:12 +0000 (00:10 +0100)]
tests/dsdb.py: test creation of foreignSecurityPrincipal via 'attr: <SID=...>'

[MS-ADTS] 3.1.1.5.2.3 Special Classes and Attributes claims:

  FPO-enabled attributes:
   member, msDS-MembersForAzRole, msDS-NeverRevealGroup,
   msDS-NonMembers, msDS-RevealOnDemandGroup, msDS-ServiceAccount.

'msDS-NonMembers' always generates NOT_SUPPORTED.

'msDS-ServiceAccount' is not defined in any schema
(only msDS-HostServiceAccount).

'msDS-HostServiceAccount' is not an FPO-enabled attribute
and behaves as the 'manager' attribute.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agodsdb:samldb: require as_system or provision control to create foreignSecurityPrincipa...
Stefan Metzmacher [Thu, 22 Feb 2018 21:51:46 +0000 (22:51 +0100)]
dsdb:samldb: require as_system or provision control to create foreignSecurityPrincipal objects

Windows rejects creating foreignSecurityPrincipal objects directly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agotests/dsdb.py: verify that foreignSecurityPrincipal objects require the provision...
Stefan Metzmacher [Thu, 22 Feb 2018 21:51:19 +0000 (22:51 +0100)]
tests/dsdb.py: verify that foreignSecurityPrincipal objects require the provision control

Windows rejects creating foreignSecurityPrincipal objects directly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agoprovision: use the provision control when adding foreignSecurityPrincipals
Stefan Metzmacher [Fri, 23 Feb 2018 15:04:57 +0000 (16:04 +0100)]
provision: use the provision control when adding foreignSecurityPrincipals

The next commits will require this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agodsdb:extended_dn_store: make sure reject storing references to deleted objects in...
Stefan Metzmacher [Sun, 25 Feb 2018 20:45:06 +0000 (21:45 +0100)]
dsdb:extended_dn_store: make sure reject storing references to deleted objects in linked attributes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agotests/dsdb.py: prove the difference between linked and non-linked DN references
Stefan Metzmacher [Sat, 24 Feb 2018 23:10:12 +0000 (00:10 +0100)]
tests/dsdb.py: prove the difference between linked and non-linked DN references

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agodsdb:extended_dn_store: split out a extended_replace_dn() function
Stefan Metzmacher [Wed, 28 Feb 2018 09:31:21 +0000 (10:31 +0100)]
dsdb:extended_dn_store: split out a extended_replace_dn() function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agodsdb:extended_dn_store: rename extended_replace_dn to extended_replace_callback
Stefan Metzmacher [Wed, 28 Feb 2018 09:31:21 +0000 (10:31 +0100)]
dsdb:extended_dn_store: rename extended_replace_dn to extended_replace_callback

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agodsdb:extended_dn_store: We need to ignore self references on add operation
Stefan Metzmacher [Wed, 28 Feb 2018 07:03:24 +0000 (08:03 +0100)]
dsdb:extended_dn_store: We need to ignore self references on add operation

We have several schema related tests, which already prove
that for the defaultObjectCategory attribute.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agodsdb:extended_dn_store: pass the full 'struct dsdb_attribute' to extended_store_replace()
Stefan Metzmacher [Mon, 26 Feb 2018 12:21:54 +0000 (13:21 +0100)]
dsdb:extended_dn_store: pass the full 'struct dsdb_attribute' to extended_store_replace()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agodsdb:extended_dn_store: we need to pass down our altered request down on NO_SUCH_OBJECT
Stefan Metzmacher [Wed, 28 Feb 2018 09:31:21 +0000 (10:31 +0100)]
dsdb:extended_dn_store: we need to pass down our altered request down on NO_SUCH_OBJECT

It's quite likely that there're more than one attribute and we may
already altered values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agodsdb:extended_dn_store: ignore DRSUAPI_ATTID_distinguishedName attributes
Stefan Metzmacher [Wed, 28 Feb 2018 07:04:58 +0000 (08:04 +0100)]
dsdb:extended_dn_store: ignore DRSUAPI_ATTID_distinguishedName attributes

We have several tests which already test that, we can avoid doing
searches at all in that case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agodrsuapi.idl: add DN/fpo-enabled attributes as DRSUAPI_ATTID_* values
Stefan Metzmacher [Wed, 28 Feb 2018 07:04:38 +0000 (08:04 +0100)]
drsuapi.idl: add DN/fpo-enabled attributes as DRSUAPI_ATTID_* values

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agos3:auth: support AUTH_SESSION_INFO_NTLM in finalize_local_nt_token()
Stefan Metzmacher [Tue, 6 Mar 2018 22:42:54 +0000 (23:42 +0100)]
s3:auth: support AUTH_SESSION_INFO_NTLM in finalize_local_nt_token()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agos3:auth: make use of create_builtin_guests() in finalize_local_nt_token()
Stefan Metzmacher [Tue, 6 Mar 2018 22:26:28 +0000 (23:26 +0100)]
s3:auth: make use of create_builtin_guests() in finalize_local_nt_token()

This makes the Builtin_Guests handling more dynamic,
by having a persistent storage for the memberships.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agos3:libnet_join: make use of create_builtin_guests()
Stefan Metzmacher [Wed, 7 Mar 2018 00:37:21 +0000 (01:37 +0100)]
s3:libnet_join: make use of create_builtin_guests()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agos3:passdb: add create_builtin_guests()
Stefan Metzmacher [Tue, 6 Mar 2018 21:47:42 +0000 (22:47 +0100)]
s3:passdb: add create_builtin_guests()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agos3:auth: rename "guest" methods to "anonymous"
Stefan Metzmacher [Thu, 1 Mar 2018 14:04:17 +0000 (15:04 +0100)]
s3:auth: rename "guest" methods to "anonymous"

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agoRemove dead code
Simo Sorce [Sun, 18 Mar 2018 18:15:30 +0000 (14:15 -0400)]
Remove dead code

Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Mon Mar 19 20:29:28 CET 2018 on sn-devel-144