samba.git
2 years agos3: smbd: Change "strict sync" paramter from "no" to "yes" for 4.7.0.
Jeremy Allison [Thu, 23 Mar 2017 02:22:31 +0000 (19:22 -0700)]
s3: smbd: Change "strict sync" paramter from "no" to "yes" for 4.7.0.

Document change and modify in loadparm.c.
Safer default for new installs and vendors.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2 years agoRevert "selftest: temporary skip samba.blackbox.pdbtest.s4winbind"
Stefan Metzmacher [Thu, 23 Mar 2017 14:19:20 +0000 (15:19 +0100)]
Revert "selftest: temporary skip samba.blackbox.pdbtest.s4winbind"

This works again now...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 24 15:50:22 CET 2017 on sn-devel-144

2 years agos4:selftest: specify auth methods of pdbtests without 'samba4:' prefix
Stefan Metzmacher [Thu, 23 Mar 2017 14:13:54 +0000 (15:13 +0100)]
s4:selftest: specify auth methods of pdbtests without 'samba4:' prefix

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth4: implement the deprecated 'auth methods' in auth_methods_from_lp()
Stefan Metzmacher [Wed, 22 Mar 2017 08:50:13 +0000 (09:50 +0100)]
auth4: implement the deprecated 'auth methods' in auth_methods_from_lp()

This might be used to explicitly configure the old auth methods list
from Samba 4.6 and older, if required:
 "auth methods = anonymous sam_ignoredomain"

But this option will be removed again in future releases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth3: handle ROLE_ACTIVE_DIRECTORY_DC before lp_auth_methods() in make_auth_context_...
Stefan Metzmacher [Thu, 23 Mar 2017 11:54:40 +0000 (12:54 +0100)]
auth3: handle ROLE_ACTIVE_DIRECTORY_DC before lp_auth_methods() in make_auth_context_subsystem()

"auth methods" never works as AD DC at all, so there's not really a change.

This allows us to implement "auth methods" (temporary) for the auth4 stack.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoselftest: temporary skip samba.blackbox.pdbtest.s4winbind
Stefan Metzmacher [Thu, 23 Mar 2017 14:15:45 +0000 (15:15 +0100)]
selftest: temporary skip samba.blackbox.pdbtest.s4winbind

This will reenabled in a few commits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth4: reflect the reality and use "winbind_rodc" instead of "winbind" for the auth...
Stefan Metzmacher [Fri, 17 Mar 2017 13:54:16 +0000 (14:54 +0100)]
auth4: reflect the reality and use "winbind_rodc" instead of "winbind" for the auth methods as AD_DC

Currently we always map any incoming domain to our own domain
in map_user_info_cracknames(), so that the winbind module is never
used at all, e.g. we're DC of W4EDOM-L4.BASE with a forest trust to W2012R2-L4.BASE:

  [2017/03/22 10:09:54.268472,  3, pid=4724, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:271(auth_check_password_send)
    auth_check_password_send: Checking password for unmapped user [W2012R2-L4]\[administrator]@[UB1404-163]
  [2017/03/22 10:09:54.268496,  5, pid=4724, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth_util.c:57(map_user_info_cracknames)
    map_user_info_cracknames: Mapping user [W2012R2-L4]\[administrator] from workstation [UB1404-163]
    auth_check_password_send: mapped user is: [W4EDOM-L4]\[administrator]@[UB1404-163]

That means the only condition in which "sam_ignoredomain" returns
NT_STATUS_NOT_IMPLEMENTED is the RODC case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth4: add a "winbind_rodc" backend
Stefan Metzmacher [Thu, 23 Mar 2017 10:57:49 +0000 (11:57 +0100)]
auth4: add a "winbind_rodc" backend

This is only active on a RODC.

The background for this is that we currently only ever
call the "winbind" module when we're an RODC,
otherwise everything is catched by "sam_ignoredomain" before.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM defines
Stefan Metzmacher [Tue, 21 Mar 2017 07:32:27 +0000 (08:32 +0100)]
auth: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM defines

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth4: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM handling
Stefan Metzmacher [Tue, 21 Mar 2017 07:32:27 +0000 (08:32 +0100)]
auth4: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM handling

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth3: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM handling
Stefan Metzmacher [Tue, 21 Mar 2017 07:32:27 +0000 (08:32 +0100)]
auth3: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM handling

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agowinbindd: no longer use USER_INFO_LOCAL_SAM_ONLY
Stefan Metzmacher [Tue, 21 Mar 2017 07:31:29 +0000 (08:31 +0100)]
winbindd: no longer use USER_INFO_LOCAL_SAM_ONLY

make_auth3_context_for_winbind() restricts the used auth backends now.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth3: only use "[samba4:]sam" in make_auth3_context_for_winbind()
Stefan Metzmacher [Fri, 17 Mar 2017 15:46:38 +0000 (16:46 +0100)]
auth3: only use "[samba4:]sam" in make_auth3_context_for_winbind()

This makes the USER_INFO_LOCAL_SAM_ONLY and AUTH_METHOD_LOCAL_SAM
interaction obsolete.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth4: debug if method->ops->check_password() gives NOT_IMPLEMENTED
Stefan Metzmacher [Thu, 16 Mar 2017 15:47:15 +0000 (16:47 +0100)]
auth4: debug if method->ops->check_password() gives NOT_IMPLEMENTED

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth: let auth4_context->check_ntlm_password() return pauthoritative
Stefan Metzmacher [Fri, 17 Mar 2017 10:52:51 +0000 (11:52 +0100)]
auth: let auth4_context->check_ntlm_password() return pauthoritative

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agontlm_auth3: let contact_winbind_auth_crap() return pauthoritative
Stefan Metzmacher [Fri, 17 Mar 2017 10:49:40 +0000 (11:49 +0100)]
ntlm_auth3: let contact_winbind_auth_crap() return pauthoritative

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth4: let auth_check_password* return pauthoritative
Stefan Metzmacher [Fri, 17 Mar 2017 10:16:36 +0000 (11:16 +0100)]
auth4: let auth_check_password* return pauthoritative

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth3: let auth_check_ntlm_password() return pauthoritative
Stefan Metzmacher [Fri, 17 Mar 2017 08:43:59 +0000 (09:43 +0100)]
auth3: let auth_check_ntlm_password() return pauthoritative

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agowinbindd: let winbindd_dual_auth_passdb() return pauthoritative
Stefan Metzmacher [Fri, 17 Mar 2017 08:42:38 +0000 (09:42 +0100)]
winbindd: let winbindd_dual_auth_passdb() return pauthoritative

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agowinbindd: NT_STATUS_CANT_ACCESS_DOMAIN_INFO means "Dunno"
Volker Lendecke [Thu, 2 Mar 2017 10:28:18 +0000 (11:28 +0100)]
winbindd: NT_STATUS_CANT_ACCESS_DOMAIN_INFO means "Dunno"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agonetlogon4: make use of auth_context_create_for_netlogon()
Stefan Metzmacher [Fri, 17 Mar 2017 11:15:13 +0000 (12:15 +0100)]
netlogon4: make use of auth_context_create_for_netlogon()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth4: add auth_context_create_for_netlogon()
Stefan Metzmacher [Fri, 17 Mar 2017 11:08:59 +0000 (12:08 +0100)]
auth4: add auth_context_create_for_netlogon()

For now it's the same as auth_context_create(), but this will
change the in the next commits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth4: make auth_check_password_wrapper() static
Stefan Metzmacher [Fri, 17 Mar 2017 10:41:04 +0000 (11:41 +0100)]
auth4: make auth_check_password_wrapper() static

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth3: make make_auth_context_subsystem() static
Stefan Metzmacher [Fri, 17 Mar 2017 11:31:01 +0000 (12:31 +0100)]
auth3: make make_auth_context_subsystem() static

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agowinbindd: make use of make_auth3_context_for_winbind()
Stefan Metzmacher [Fri, 17 Mar 2017 08:18:41 +0000 (09:18 +0100)]
winbindd: make use of make_auth3_context_for_winbind()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agonetlogond3: make use of make_auth3_context_for_netlogon()
Stefan Metzmacher [Fri, 17 Mar 2017 08:18:25 +0000 (09:18 +0100)]
netlogond3: make use of make_auth3_context_for_netlogon()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopdbtest: make use of make_auth3_context_for_ntlm()
Stefan Metzmacher [Fri, 17 Mar 2017 11:29:26 +0000 (12:29 +0100)]
pdbtest: make use of make_auth3_context_for_ntlm()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth3: make use of make_auth3_context_for_ntlm()
Stefan Metzmacher [Fri, 17 Mar 2017 08:17:45 +0000 (09:17 +0100)]
auth3: make use of make_auth3_context_for_ntlm()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth3: add make_auth3_context_for_{ntlm,netlogon,winbind}
Stefan Metzmacher [Fri, 17 Mar 2017 08:13:02 +0000 (09:13 +0100)]
auth3: add make_auth3_context_for_{ntlm,netlogon,winbind}

For now they'll all do the same, but that will change in the following commits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth3: Remove unused make_auth_context_fixed
Volker Lendecke [Mon, 13 Mar 2017 07:22:27 +0000 (08:22 +0100)]
auth3: Remove unused make_auth_context_fixed

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopdbtest: Call make_auth_context_subsystem directly
Volker Lendecke [Mon, 13 Mar 2017 07:19:41 +0000 (08:19 +0100)]
pdbtest: Call make_auth_context_subsystem directly

Last caller of make_auth_context_fixed

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agonetlogond3: only call make_auth_context_subsystem() in one place
Stefan Metzmacher [Thu, 16 Mar 2017 14:54:18 +0000 (15:54 +0100)]
netlogond3: only call make_auth_context_subsystem() in one place

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agonetlogond3: Call make_auth_context_subsystem directly
Volker Lendecke [Mon, 13 Mar 2017 07:14:00 +0000 (08:14 +0100)]
netlogond3: Call make_auth_context_subsystem directly

Soon we'll call specific methods here

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agonetlogond3: "authorititative" is a uint8
Volker Lendecke [Thu, 9 Mar 2017 14:19:06 +0000 (15:19 +0100)]
netlogond3: "authorititative" is a uint8

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agowinbindd: Call make_auth_context_subsystem directly
Volker Lendecke [Mon, 13 Mar 2017 07:14:00 +0000 (08:14 +0100)]
winbindd: Call make_auth_context_subsystem directly

Soon we'll call specific methods here

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth3: Introduce auth3_context_set_challenge
Volker Lendecke [Mon, 13 Mar 2017 07:08:44 +0000 (08:08 +0100)]
auth3: Introduce auth3_context_set_challenge

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth3: Simplify the logic in auth_check_ntlm_password
Volker Lendecke [Sat, 11 Feb 2017 14:44:01 +0000 (15:44 +0100)]
auth3: Simplify the logic in auth_check_ntlm_password

Move everything but the strict loop logic outside. This makes the
loop exit condition clearer to me: Anything but NOT_IMPLEMENTED breaks
the loop.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth3: Don't try other auth modules on any error
Volker Lendecke [Sat, 11 Feb 2017 14:05:52 +0000 (15:05 +0100)]
auth3: Don't try other auth modules on any error

So far if any kind of error has happened, we just tried further auth
modules. An auth module should have the chance to definitely say "no,
this is a valid error, no further attempts anywhere else". The protocol
so far was for an auth module to return NT_STATUS_NOT_IMPLEMENTED if it
wanted to pass on to other modules, but any error led to the next auth
modules also being given a try.

This patch makes any auth module return code except NOT_IMPLEMENTED to
terminate the loop, such that every module has to explicitly request to
pass on to the next module via NOT_IMPLEMENTED.

All modules we reference in make_auth_context_subsystem() have code to
explicitly say "not for me please" with NOT_IMPLEMENTED.

This *might* break existing setups which fail in for example "guest" or
"winbind" due to other reasons. I prefer it this way though, because
adding another parameter like "This is a real authoritative failure,
don't go looking somewhere else" will only add to the mess.
But it's more a theoretical than a practical change with the
default auth backends.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth3: Introduce make_auth_context_specific
Volker Lendecke [Mon, 13 Mar 2017 07:58:43 +0000 (08:58 +0100)]
auth3: Introduce make_auth_context_specific

Take a string instead of a string list. Simplifies
make_auth_context_subsystem and later similar callers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth3: Slightly simplify make_auth_context_subsystem() step2
Volker Lendecke [Mon, 13 Mar 2017 07:43:06 +0000 (08:43 +0100)]
auth3: Slightly simplify make_auth_context_subsystem() step2

Use "git show -b" to see the simple diff.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth3: Slightly simplify make_auth_context_subsystem() step1
Volker Lendecke [Mon, 13 Mar 2017 07:43:06 +0000 (08:43 +0100)]
auth3: Slightly simplify make_auth_context_subsystem() step1

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agowbinfo: Add "authoritative" to wbinfo -a output
Volker Lendecke [Mon, 6 Mar 2017 13:32:18 +0000 (14:32 +0100)]
wbinfo: Add "authoritative" to wbinfo -a output

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth4: add TODO comment on the auth_sam_trigger_repl_secret msDS-NeverRevealGroup...
Stefan Metzmacher [Thu, 23 Mar 2017 08:37:22 +0000 (09:37 +0100)]
auth4: add TODO comment on the auth_sam_trigger_repl_secret msDS-NeverRevealGroup interaction

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoCVE-2017-2619: s3: smbd: Use the new non_widelink_open() function.
Jeremy Allison [Thu, 15 Dec 2016 21:06:31 +0000 (13:06 -0800)]
CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Mar 23 22:55:04 CET 2017 on sn-devel-144

2 years agoCVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races.
Jeremy Allison [Thu, 15 Dec 2016 21:04:46 +0000 (13:04 -0800)]
CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility...
Jeremy Allison [Thu, 15 Dec 2016 20:56:08 +0000 (12:56 -0800)]
CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing.
Jeremy Allison [Thu, 15 Dec 2016 20:52:13 +0000 (12:52 -0800)]
CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not suppo...
Jeremy Allison [Mon, 19 Dec 2016 20:35:32 +0000 (12:35 -0800)]
CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just...
Jeremy Allison [Mon, 19 Dec 2016 20:32:07 +0000 (12:32 -0800)]
CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error.
Jeremy Allison [Mon, 19 Dec 2016 20:15:59 +0000 (12:15 -0800)]
CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns.
Jeremy Allison [Mon, 19 Dec 2016 20:13:20 +0000 (12:13 -0800)]
CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir().
Jeremy Allison [Tue, 20 Dec 2016 00:35:00 +0000 (16:35 -0800)]
CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir().

Hardens OpenDir against TOC/TOU races.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed.
Jeremy Allison [Tue, 20 Dec 2016 00:25:26 +0000 (16:25 -0800)]
CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for makin...
Jeremy Allison [Mon, 19 Dec 2016 19:55:56 +0000 (11:55 -0800)]
CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for making robust.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag
Ralph Boehme [Sun, 19 Mar 2017 17:52:10 +0000 (18:52 +0100)]
CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir()
Ralph Boehme [Sun, 19 Mar 2017 14:58:17 +0000 (15:58 +0100)]
CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir()

dptr_CloseDir() will close and invalidate the fsp's file descriptor, we
have to reopen it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agolibwbclient: add WBC_SID_NAME_LABEL
Stefan Metzmacher [Mon, 20 Mar 2017 12:56:03 +0000 (13:56 +0100)]
libwbclient: add WBC_SID_NAME_LABEL

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar 23 12:55:26 CET 2017 on sn-devel-144

2 years agolibcli/security: add SID_NAME_LABEL to sid_type_lookup()
Stefan Metzmacher [Mon, 20 Mar 2017 12:50:59 +0000 (13:50 +0100)]
libcli/security: add SID_NAME_LABEL to sid_type_lookup()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolsa.idl: add SID_NAME_LABEL
Stefan Metzmacher [Mon, 20 Mar 2017 12:50:36 +0000 (13:50 +0100)]
lsa.idl: add SID_NAME_LABEL

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agonetlogon.idl: make netr_LogonInfoClass public
Stefan Metzmacher [Fri, 17 Mar 2017 18:28:16 +0000 (19:28 +0100)]
netlogon.idl: make netr_LogonInfoClass public

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agonet: Don't crash if lsa_LookupPrivDisplayName returns NULL
Volker Lendecke [Wed, 22 Mar 2017 14:41:47 +0000 (15:41 +0100)]
net: Don't crash if lsa_LookupPrivDisplayName returns NULL

lsa_LookupPrivDisplayName on Windows 2012R2 can return success and still return
a NULL name:

rpc_api_pipe: got frag len of 36 at offset 0: NT_STATUS_OK
rpc_api_pipe: host 172.18.103.80 returned 12 bytes.
     lsa_LookupPrivDisplayName: struct lsa_LookupPrivDisplayName
        out: struct lsa_LookupPrivDisplayName
            disp_name                : *
                disp_name                : NULL
            returned_language_id     : *
                returned_language_id     : 0x0000 (0)
            result                   : NT_STATUS_OK

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 23 07:43:57 CET 2017 on sn-devel-144

2 years agonsswtich: Add negative tests for authentication with wbinfo
Andreas Schneider [Mon, 20 Mar 2017 11:22:44 +0000 (12:22 +0100)]
nsswtich: Add negative tests for authentication with wbinfo

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12708

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Mar 22 10:58:58 CET 2017 on sn-devel-144

2 years agos3:libads: Remove obsolete smb_krb5_get_ntstatus_from_init_creds()
Andreas Schneider [Tue, 21 Mar 2017 08:57:30 +0000 (09:57 +0100)]
s3:libads: Remove obsolete smb_krb5_get_ntstatus_from_init_creds()

There is no way we can get a better error code out of this. The original
function called was krb5_get_init_creds_opt_get_error() which has been
deprecated in 2008.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12708

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoidmap_rfc2307: Clarify the documentation a bit
Volker Lendecke [Tue, 21 Mar 2017 15:00:27 +0000 (16:00 +0100)]
idmap_rfc2307: Clarify the documentation a bit

"bind_path" is a variable name internally used inside Samba. If you
look at "man ldapsearch" from OpenLDAP for example, the more common
term for this parameter is "search base". Adapt the documentation
accordingly.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoidmap_rfc2307: Slightly simplify idmap_rfc2307_initialize()
Volker Lendecke [Tue, 21 Mar 2017 14:52:37 +0000 (15:52 +0100)]
idmap_rfc2307: Slightly simplify idmap_rfc2307_initialize()

Replace an "else" branch with an early "goto err"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoidmap_tdb: Avoid a few casts
Volker Lendecke [Sun, 8 Jan 2017 13:00:39 +0000 (13:00 +0000)]
idmap_tdb: Avoid a few casts

The times of attempting to be C++ compatible are gone since C compilers
can do very good warnings too.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos3:libsmb: Only print error message if kerberos use is forced
Andreas Schneider [Mon, 20 Mar 2017 15:08:20 +0000 (16:08 +0100)]
s3:libsmb: Only print error message if kerberos use is forced

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12704

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Mar 21 14:25:54 CET 2017 on sn-devel-144

2 years agoautobuild: Stop waf uninstall from removing test_tmpdir
Martin Schwenke [Mon, 20 Mar 2017 03:49:34 +0000 (14:49 +1100)]
autobuild: Stop waf uninstall from removing test_tmpdir

Most of the autobuild tasks run "make distcheck", which does a
recursive "waf configure make install uninstall".  "waf uninstall"
(via BuildContext.install() in Build.py) removes empty directories all
the way up the directory tree.  This means that it removes
test_tmpdir, if it is empty, and any empty directories above it.

While this is arguably a waf bug, the simplest solution is to make
test_tmpdir non-empty so it don't get removed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12703

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Mar 21 10:37:08 CET 2017 on sn-devel-144

2 years agoidmap_autorid: Use idmap_config_int
Volker Lendecke [Sat, 18 Mar 2017 18:06:49 +0000 (19:06 +0100)]
idmap_autorid: Use idmap_config_int

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 20 23:28:38 CET 2017 on sn-devel-144

2 years agoidmap_rid: Use idmap_config_int
Volker Lendecke [Sat, 18 Mar 2017 18:05:10 +0000 (19:05 +0100)]
idmap_rid: Use idmap_config_int

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agowinbind: Add idmap_config_int
Volker Lendecke [Sun, 8 Jan 2017 11:52:56 +0000 (11:52 +0000)]
winbind: Add idmap_config_int

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agoidmap_autorid: Use idmap_config_bool
Volker Lendecke [Sat, 18 Mar 2017 18:01:01 +0000 (19:01 +0100)]
idmap_autorid: Use idmap_config_bool

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agoidmap_ad: Use idmap_config_bool
Volker Lendecke [Sat, 18 Mar 2017 17:59:06 +0000 (18:59 +0100)]
idmap_ad: Use idmap_config_bool

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agoidmap_rfc2307: Use idmap_config_bool
Volker Lendecke [Sat, 18 Mar 2017 17:57:03 +0000 (18:57 +0100)]
idmap_rfc2307: Use idmap_config_bool

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agoidmap: Use idmap_config_bool in idmap_init_domain
Volker Lendecke [Sat, 18 Mar 2017 17:53:58 +0000 (18:53 +0100)]
idmap: Use idmap_config_bool in idmap_init_domain

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agowinbind: Add idmap_config_bool()
Volker Lendecke [Sat, 7 Jan 2017 15:10:05 +0000 (15:10 +0000)]
winbind: Add idmap_config_bool()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agoidmap_ad: Use idmap_config_const_string
Volker Lendecke [Sat, 18 Mar 2017 17:50:38 +0000 (18:50 +0100)]
idmap_ad: Use idmap_config_const_string

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agoidmap_rfc2307: Use idmap_config_const_string
Volker Lendecke [Sat, 18 Mar 2017 17:48:46 +0000 (18:48 +0100)]
idmap_rfc2307: Use idmap_config_const_string

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agoidmap_ldap: Use idmap_config_const_string
Volker Lendecke [Sat, 18 Mar 2017 17:40:28 +0000 (18:40 +0100)]
idmap_ldap: Use idmap_config_const_string

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agoidmap_ldap: Use idmap_config_const_string
Volker Lendecke [Sat, 18 Mar 2017 17:38:10 +0000 (18:38 +0100)]
idmap_ldap: Use idmap_config_const_string

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agowinbind: Use idmap_config_const_string in idmap_init_domain
Volker Lendecke [Sat, 18 Mar 2017 17:34:07 +0000 (18:34 +0100)]
winbind: Use idmap_config_const_string in idmap_init_domain

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agowinbind: Use idmap_config_const_string in idmap_script_db_init
Volker Lendecke [Sat, 7 Jan 2017 14:55:41 +0000 (14:55 +0000)]
winbind: Use idmap_config_const_string in idmap_script_db_init

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agowinbind: Use idmap_config_const_string in idmap_tdb2_db_init
Volker Lendecke [Sat, 7 Jan 2017 14:55:41 +0000 (14:55 +0000)]
winbind: Use idmap_config_const_string in idmap_tdb2_db_init

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agowinbind: Use idmap_config_const_string in wb_xids2sids_add_dom
Volker Lendecke [Sat, 7 Jan 2017 14:55:41 +0000 (14:55 +0000)]
winbind: Use idmap_config_const_string in wb_xids2sids_add_dom

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agowinbind: Use idmap_config_const_string in idmap_init_named_domain
Volker Lendecke [Sat, 7 Jan 2017 14:55:41 +0000 (14:55 +0000)]
winbind: Use idmap_config_const_string in idmap_init_named_domain

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agowinbind: Use idmap_config_const_string in domain_has_idmap_config
Volker Lendecke [Sat, 7 Jan 2017 14:55:41 +0000 (14:55 +0000)]
winbind: Use idmap_config_const_string in domain_has_idmap_config

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agowinbind: Add idmap_config_const_string
Volker Lendecke [Sat, 7 Jan 2017 14:53:09 +0000 (14:53 +0000)]
winbind: Add idmap_config_const_string

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2 years agolib: Simplify smb_nanosleep
Volker Lendecke [Sun, 8 Jan 2017 17:54:06 +0000 (17:54 +0000)]
lib: Simplify smb_nanosleep

We have the recalculation logic also in sys_poll_intr, don't duplicate it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Mar 20 16:11:16 CET 2017 on sn-devel-144

2 years agolib: Make sys_poll_intr available to ctdb
Volker Lendecke [Sun, 19 Mar 2017 19:10:29 +0000 (20:10 +0100)]
lib: Make sys_poll_intr available to ctdb

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agolib: Avoid an includes.h
Volker Lendecke [Sun, 8 Jan 2017 19:52:47 +0000 (19:52 +0000)]
lib: Avoid an includes.h

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoctdb-tests: Catch cases where mktemp fails due to missing TMPDIR
Martin Schwenke [Sat, 18 Mar 2017 09:38:32 +0000 (20:38 +1100)]
ctdb-tests: Catch cases where mktemp fails due to missing TMPDIR

TMPDIR sometimes goes missing during autobuild.  When that happens the
error messages produced by CTDB tests are not very helpful.  This
should make it clear.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Mar 20 08:53:02 CET 2017 on sn-devel-144

2 years agos3:winbind: Use the correct talloc context for user information
Volker Lendecke [Fri, 17 Mar 2017 12:52:57 +0000 (13:52 +0100)]
s3:winbind: Use the correct talloc context for user information

This fixes the substitution for 'template homedir'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12699

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Mar 18 19:47:40 CET 2017 on sn-devel-144

2 years agos3:winbind: Remove unused struct getpwent_user
Andreas Schneider [Fri, 17 Mar 2017 12:35:39 +0000 (13:35 +0100)]
s3:winbind: Remove unused struct getpwent_user

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 18 08:59:01 CET 2017 on sn-devel-144

2 years agos3:winbind: Use correct struct member for size calculation
Andreas Schneider [Fri, 17 Mar 2017 12:24:13 +0000 (13:24 +0100)]
s3:winbind: Use correct struct member for size calculation

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agotldap: Allow dropping messages in tldap_search()
Volker Lendecke [Fri, 27 Jan 2017 15:03:03 +0000 (16:03 +0100)]
tldap: Allow dropping messages in tldap_search()

For probing whether a connection is a live a rootdse search might be
interesting where we don't really care for the result, only success or
failure of the operation.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoctdb-readonly: Avoid a tight loop waiting for revoke to complete
Amitay Isaacs [Tue, 14 Mar 2017 05:12:55 +0000 (16:12 +1100)]
ctdb-readonly: Avoid a tight loop waiting for revoke to complete

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12697

During revoking readonly delegations, if one of the nodes disappears, then
there is no point re-trying revoking readonly delegation.  The database
needs to be recovered before the revoke operation can succeed.  So retry
only after a grace period.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Mar 17 14:05:57 CET 2017 on sn-devel-144

2 years agowinbindd: remove trailing spaces in get_cache()
Ralph Boehme [Thu, 16 Mar 2017 16:52:50 +0000 (17:52 +0100)]
winbindd: remove trailing spaces in get_cache()

Trailing spaces are annoyingly highlighted red in my emacs setup so I'd
like to get rid of them. :)

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 17 00:20:17 CET 2017 on sn-devel-144

2 years agowinbindd: README.Coding fixes for get_cache()
Ralph Boehme [Thu, 16 Mar 2017 16:51:29 +0000 (17:51 +0100)]
winbindd: README.Coding fixes for get_cache()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowinbindd: fix long lines in get_cache()
Ralph Boehme [Thu, 16 Mar 2017 16:45:36 +0000 (17:45 +0100)]
winbindd: fix long lines in get_cache()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowinbindd: untangle reconnect_methods vs reconnect_ads_methods
Ralph Boehme [Thu, 16 Mar 2017 09:36:14 +0000 (10:36 +0100)]
winbindd: untangle reconnect_methods vs reconnect_ads_methods

No change in behaviour. The previous logic just seemed a bit clumsy
because of the ifdefs.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>