Andreas Schneider [Mon, 29 Aug 2016 09:33:24 +0000 (11:33 +0200)]
krb5_wrap: Rename kerberos_kinit_keyblock_cc()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 09:29:34 +0000 (11:29 +0200)]
krb5_wrap: Add MIT implmentation of smb_krb5_keyblock_init_contents()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 09:22:29 +0000 (11:22 +0200)]
waf: Check for the correct function name
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 09:21:07 +0000 (11:21 +0200)]
krb5_wrap: Document smb_krb5_keyblock_init_contents()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 09:10:30 +0000 (11:10 +0200)]
krb5_wrap: Document smb_krb5_kt_get_name()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 09:07:48 +0000 (11:07 +0200)]
krb5_wrap: Rename smb_krb5_keytab_name()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 09:05:19 +0000 (11:05 +0200)]
krb5_wrap: Document smb_krb5_kt_open()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 09:03:51 +0000 (11:03 +0200)]
krb5_wrap: Rename smb_krb5_open_keytab()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 08:58:43 +0000 (10:58 +0200)]
krb5_wrap: Fix whitespace issues in smb_krb5_kt_open_relative()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 08:46:26 +0000 (10:46 +0200)]
krb5_wrap: Document smb_krb5_kt_open_relative()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 08:42:57 +0000 (10:42 +0200)]
krb5_wrap: Rename smb_krb5_open_keytab_relative()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 07:32:25 +0000 (09:32 +0200)]
krb5_wrap: Document smb_krb5_enctype_to_string()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 07:29:57 +0000 (09:29 +0200)]
krb5_wrap: Document smb_krb5_kt_free_entry()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 07:27:55 +0000 (09:27 +0200)]
krb5_wrap: Document smb_krb5_kt_get_enctype_from_entry()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 07:17:37 +0000 (09:17 +0200)]
krb5_wrap: Rename smb_get_enctype_from_kt_entry()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 07:13:51 +0000 (09:13 +0200)]
krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_free()
Call the Kerberos function directly.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 07:12:38 +0000 (09:12 +0200)]
krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_alloc()
Call the Kerberos function directly.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 07:11:17 +0000 (09:11 +0200)]
krb5_wrap: Remove unused handle_krberror_packet()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 07:09:18 +0000 (09:09 +0200)]
krb5_wrap: Remove unneded smb_krb5_free_error()
krb5_free_error() is availalbe in MIT and Heimdal. Both implementations
free the contents and the pointer. krb5_free_data_contents() is Heimdal
only. Which function you need to call depends.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 06:57:47 +0000 (08:57 +0200)]
krb5_wrap: Document smb_krb5_gen_netbios_krb5_address()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 06:53:56 +0000 (08:53 +0200)]
krb5_wrap: Document smb_krb5_free_addresses()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 06:50:28 +0000 (08:50 +0200)]
krb5_wrap: Document smb_krb5_renew_ticket()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 06:36:59 +0000 (08:36 +0200)]
krb5_wrap: Remove redundant comment
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 29 Aug 2016 06:35:54 +0000 (08:35 +0200)]
krb5_wrap: Move krb5_princ_component() to the top
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 26 Aug 2016 15:07:18 +0000 (17:07 +0200)]
krb5_wrap: Rename get_krb5_smb_session_key()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 26 Aug 2016 14:54:12 +0000 (16:54 +0200)]
krb5_wrap: Move krb5_free_unparsed_name() to the top
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 26 Aug 2016 14:51:38 +0000 (16:51 +0200)]
krb5_wrap: Cleanup some code in ads_krb5_cli_get_ticket()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 26 Aug 2016 14:50:59 +0000 (16:50 +0200)]
krb5_wrap: Fix ads_krb5_cli_get_ticket() return checks and debug messages
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 26 Aug 2016 14:38:53 +0000 (16:38 +0200)]
krb5_wrap: Rename cli_krb5_get_ticket()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 26 Aug 2016 14:33:39 +0000 (16:33 +0200)]
krb5_wrap: Improve return value checks and debug messsages
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 26 Aug 2016 14:32:26 +0000 (16:32 +0200)]
krb5_wrap: Fix formatting issues in ads_krb5_mk_req()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 26 Aug 2016 14:21:56 +0000 (16:21 +0200)]
krb5_wrap: Use consistent naming for create_gss_checksum()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 26 Aug 2016 14:21:01 +0000 (16:21 +0200)]
krb5_wrap: Use consistent naming for setup_auth_context()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 26 Aug 2016 14:19:42 +0000 (16:19 +0200)]
krb5_wrap: Move all ads function to the end
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 26 Aug 2016 10:37:45 +0000 (12:37 +0200)]
krb5_wrap: Move krb5_auth_con_setuseruserkey() to the top
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 26 Aug 2016 09:57:30 +0000 (11:57 +0200)]
krb5_wrap: Rename krb5_copy_data_contents()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 26 Aug 2016 09:51:52 +0000 (11:51 +0200)]
krb5_wrap: Rename kerberos_free_data_contents()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 25 Aug 2016 15:02:59 +0000 (17:02 +0200)]
krb5_wrap: Rename get_kerberos_allowed_etypes()
Use consistent naming.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 25 Aug 2016 14:59:18 +0000 (16:59 +0200)]
krb5_wrap: Rename setup_kaddr()
Use a better and consistent name and switch the arguments to reflect the
name.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Fri, 26 Aug 2016 08:04:53 +0000 (10:04 +0200)]
vfs_acl_xattr|tdb: enforced settings when ignore system acls=yes
When "ignore system acls" is set to "yes, we need to ensure filesystem
permission always grant access so that when doing our own access checks
we don't run into situations where we grant access but the filesystem
doesn't.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12181
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 31 18:41:20 CEST 2016 on sn-devel-144
Ralph Boehme [Fri, 26 Aug 2016 08:22:37 +0000 (10:22 +0200)]
docs: document vfs_acl_xattr|tdb enforced settings
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12181
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Mon, 22 Aug 2016 23:38:26 +0000 (11:38 +1200)]
ldb: Avoid multiple tiny allocations during full DB scan
LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC allows us to consolidate some of these allocations
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Aug 31 10:53:09 CEST 2016 on sn-devel-144
Andrew Bartlett [Thu, 25 Aug 2016 21:58:38 +0000 (09:58 +1200)]
ldb: Avoid cost of talloc_free() for unmatched messages
Instead, we pay the cost of allocating a copy of the whole message once
and we pay the cost of allocating a "struct ldb_val" that will not be used
for each element in that message.
This differes from the approach of ldb_unpack_data_only_attr_list()
in that we need not allocate each value for a message that we do not
return, so is more efficient for large multi-valued attributes and
un-indexed or poorly indexed searches
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 16 Aug 2016 00:21:59 +0000 (12:21 +1200)]
docs: Explain that "reset on zero vc" is an SMB1 feature
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 26 Aug 2016 00:07:34 +0000 (12:07 +1200)]
autobuild: disable abi check on O3 build
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Thu, 4 Aug 2016 03:35:46 +0000 (15:35 +1200)]
selftest/wscript: format perftest as json
This makes it easier to use with common web-based graphing systems.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Wed, 31 Aug 2016 02:56:25 +0000 (14:56 +1200)]
selftest: add an option to specify the test list
This can be used to override the default test lists used by
`make test` and `make perftest`. This tests can either be
programmatically generated (as is done for the defaults -- see
selftest/tests.py for an example), or from a static list. For the
generated lists, append a pipe symbol:
make test TEST_LIST='/bin/sh /tmp/tests.sh|'
and omit the pipe for a static list:
make test TEST_LIST='/tmp/tests.txt'
There are likely other useful modes of operation -- see `perldoc open`
for the wondrous details.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Tue, 16 Aug 2016 22:56:50 +0000 (10:56 +1200)]
make perftest: for performance testing
This runs a selection of subunit tests and reduces the output to only
the time it takes to run each test.
The tests are listed in selftest/perf_tests.py.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Tue, 16 Aug 2016 22:56:39 +0000 (10:56 +1200)]
Add AD DC performance tests
These test a variety of simple AD DC operations.
These tests are NOT independent of each other and must be run in the
right order (alphabetically, which is guaranteed by Python's unittest
module) -- the running of each test is part of the set-up for later
modules. This means we have to subvert unittest a bit, but it saves
hours of repeated set-up.
These tests are not intended to push edge cases, but to hammer common
operations that should work on all versions of Samba. The tests have
been tested back to Samba 4.0.26.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Mon, 1 Aug 2016 23:00:27 +0000 (11:00 +1200)]
filter-subunit: default to empty affixes, saving verbose checks
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Mon, 1 Aug 2016 22:27:05 +0000 (10:27 +1200)]
subunithelper: use set for efficient inclusion test
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Thu, 28 Jul 2016 22:57:52 +0000 (10:57 +1200)]
selftest: allow tests.py scripts to run independently
These generate lists of test commands. Usually they are run in special
environments, but they should work from the command line. This
restores the intended behaviour.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Wed, 3 Aug 2016 04:03:57 +0000 (16:03 +1200)]
blackbox tests: add timestamps for subunit tests
There is the icky thing with sed because some kinds of `date` don't
have sub-second resolution, which we really want.
Another way to do it would be:
python -c "import datetime; print datetime.datetime.utcnow().strftime('time: %Y-%m-%d %H:%M:%S.%fZ')"
which should be universal, but is a little slower.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Wed, 27 Jul 2016 02:28:04 +0000 (14:28 +1200)]
autobuild --restrict-tests to test a restricted set
This allows autobuild to be used as a test framework for running
particular Samba tests in a cloud environment.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Wed, 27 Jul 2016 02:09:08 +0000 (14:09 +1200)]
autobuild: remove unused argument
The "tasklist" parameter is the same as the global "tasks" variable,
but only the latter is used.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Jeremy Allison [Tue, 30 Aug 2016 19:01:00 +0000 (12:01 -0700)]
s3: modules: vfs_acl_common - Add Ralph's copyright.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 31 01:06:43 CEST 2016 on sn-devel-144
Ralph Boehme [Sat, 27 Aug 2016 08:11:14 +0000 (10:11 +0200)]
vfs_acl_common: use DBG_LEVEL and remove function prefixes in DEBUG statements
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 25 Aug 2016 14:30:24 +0000 (16:30 +0200)]
s4/torture: tests for vfs_acl_xattr default ACL styles
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 25 Aug 2016 05:45:34 +0000 (07:45 +0200)]
vfs_acl_common: Windows style default ACL
Reintroduce Windows style default ACL, but this time as an optional
feature, not changing default behaviour.
Original bugreport that got reverted because it changed the default
behaviour: https://bugzilla.samba.org/show_bug.cgi?id=12028
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 24 Aug 2016 18:31:00 +0000 (20:31 +0200)]
vfs_acl_xattr|tdb: add option to control default ACL style
Existing behaviour is "posix" style. Next commit will (re)add the
"windows" style. This commit doesn't change behaviour in any way.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 24 Aug 2016 08:43:47 +0000 (10:43 +0200)]
vfs_acl_common: check for ignore_system_acls before fetching filesystem ACL
If ignore_system_acls is set and we're synthesizing a default ACL, we
were fetching the filesystem ACL just to free it again. This change
avoids this.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 24 Aug 2016 08:30:15 +0000 (10:30 +0200)]
vfs_acl_common: move stat stuff to a helper function
Will be reused in the next commit when moving the
make_default_filesystem_acl() stuff to a different place.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 24 Aug 2016 08:01:17 +0000 (10:01 +0200)]
vfs_acl_tdb|xattr: use a config handle
Better for performance and a subsequent commit will add one more option
where this will pay off.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 23 Aug 2016 20:32:57 +0000 (22:32 +0200)]
vfs_acl_common: move the ACL blob validation to a helper function
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 23 Aug 2016 15:07:20 +0000 (17:07 +0200)]
vfs_acl_common: simplify ACL logic, cleanup and talloc hierarchy
No change in behaviour (hopefully! :-). This paves the way for moving
the ACL blob validation to a helper function in the next commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 23 Aug 2016 11:14:50 +0000 (13:14 +0200)]
vfs_acl_common: remove redundant NULL assignment
The variables are already set to NULL by TALLOC_FREE.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 23 Aug 2016 11:11:24 +0000 (13:11 +0200)]
vfs_acl_common: rename pdesc_next to psd_fs
In most realistic cases the "next" VFS op will return the permissions
from the filesystem. This rename makes it explicit where the SD is
originating from. No change in behaviour.
This just paves the way for a later change that will simplify the whole
logic and talloc hierarchy.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 23 Aug 2016 11:08:12 +0000 (13:08 +0200)]
vfs_acl_common: rename psd to psd_blob in get_nt_acl_internal()
This makes it explicit where the SD is originating from. No change in
behaviour.
This just paves the way for a later change that will simplify the whole
logic and talloc hierarchy, therefor this also strictly renames the
occurences after the out label.
Logically, behind the out label, we're dealing with a variable that
points to what we're going to return, so the name psd_blob is
misleading, but I'm desperately trying to avoid logic changes in this
commit and therefor I'm just strictly renaming.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 24 Aug 2016 08:04:24 +0000 (10:04 +0200)]
Revert "vfs_acl_xattr: objects without NT ACL xattr"
This reverts commit
961c4b591bb102751079d9cc92d7aa1c37f1958c.
Subsequent commits will add the same functionality as an optional
feature.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 11 Aug 2016 13:18:14 +0000 (15:18 +0200)]
gensec_krb5: Use get_krb5_smb_session_key() in gensec_krb5_session_key()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 30 15:24:02 CEST 2016 on sn-devel-144
Andreas Schneider [Thu, 11 Aug 2016 13:04:42 +0000 (15:04 +0200)]
gensec_krb5: Use implementation idependent krb5_mk_req_extended()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 11 Aug 2016 13:10:33 +0000 (15:10 +0200)]
gensec_krb5: Use kerberos_free_data_contents() to free krb5 data
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 11 Aug 2016 09:22:41 +0000 (11:22 +0200)]
gensec_krb5: Only set the event context with Heimdal
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 11 Aug 2016 09:20:42 +0000 (11:20 +0200)]
gensec_krb5: Use krb5_wrap setup_kaddr() to convert address
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 12 Aug 2016 12:41:05 +0000 (14:41 +0200)]
gensec_krb5: Rename smb_rd_req_return_stuff()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 12 Aug 2016 12:37:51 +0000 (14:37 +0200)]
gensec_krb5: Rename gensec_krb5_util to gensec_krb5_heimdal
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 10 Aug 2016 13:57:05 +0000 (15:57 +0200)]
s4-kdc: pac-glue: Add support for MIT pkinit
This only makes sure the code compiles again. I'm not able to test this
yet.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 9 Jun 2016 14:02:23 +0000 (16:02 +0200)]
mit_samba: Add missing copyright
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 30 Jun 2016 14:25:41 +0000 (16:25 +0200)]
mit_samba: Add missing argument passed to authsam_make_user_info_dc()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rowland Penny [Sun, 28 Aug 2016 08:29:33 +0000 (09:29 +0100)]
tests/samba-tool/user.py: replace deprecated 'add' subcommand with 'create'
Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 30 09:21:09 CEST 2016 on sn-devel-144
Ralph Boehme [Sat, 27 Aug 2016 15:56:56 +0000 (17:56 +0200)]
s3/rpc_server: shared rpc modules directory may not exist
A shared rpc modules directory may not exist if all RPC modules are built
static.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12184
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 29 Aug 2016 09:35:39 +0000 (11:35 +0200)]
pthreadpool: Signal job completion without the pool mutex
This essentially reverts
1c4284c7395f23. We now call an alien function from
within pthreadpool, and we should not hold a mutex during that call. The alien
function could (and pthreadpool_tevent_job_signal actually does) lock a mutex.
We can't guarantee proper lock ordering here, so in theory we could deadlock. I
haven't seen it in the wild yet, but I could imagine that both _parent pieces
in pthreadpool and tevent could trigger such a deadlock.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 30 04:06:20 CEST 2016 on sn-devel-144
Volker Lendecke [Mon, 29 Aug 2016 09:35:20 +0000 (11:35 +0200)]
pthreadpool: We always want asserts to abort()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 26 Aug 2016 09:34:02 +0000 (11:34 +0200)]
pthreadpool: Fix formatting
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 12 Aug 2016 18:57:26 +0000 (20:57 +0200)]
lib: Use tdb_storev in gencache
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Aug 29 22:51:34 CEST 2016 on sn-devel-144
Volker Lendecke [Wed, 10 Aug 2016 19:12:06 +0000 (21:12 +0200)]
dbwrap: Use tdb_storev in dbwrap_ctdb
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 10 Aug 2016 18:57:42 +0000 (20:57 +0200)]
tdb: Use tdb_storev in tdb_append
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 10 Aug 2016 18:46:07 +0000 (20:46 +0200)]
tdb: Add tdb_storev
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 10 Aug 2016 18:45:10 +0000 (20:45 +0200)]
tdb: Add tdb_trace_1plusn_rec_flag_ret
Needed for tdb_storev
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 10 Aug 2016 12:11:03 +0000 (14:11 +0200)]
tdb: Vectorize _tdb_store
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 10 Aug 2016 11:47:49 +0000 (13:47 +0200)]
tdb: Vectorize tdb_update_hash
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 10 Aug 2016 10:37:13 +0000 (12:37 +0200)]
tdb: Allow _v variant in tdb_update_hash_cmp
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 10 Aug 2016 09:31:44 +0000 (11:31 +0200)]
tdb: Remove unnecessary checks
This has already been done in tdb_find()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 10 Aug 2016 08:49:04 +0000 (10:49 +0200)]
tdb: Do an overflow check
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 10 Aug 2016 08:16:05 +0000 (10:16 +0200)]
tdb: Fix a signed/unsigned hickup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 25 Jul 2016 10:59:46 +0000 (12:59 +0200)]
dbwrap_watch: Add dsize to DEBUG, avoid casts
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Fri, 26 Aug 2016 03:53:19 +0000 (15:53 +1200)]
dbcheck: Abandon dbcheck if we get an error during a transaction
Otherwise, anything that the transaction has already done to the DB will be left in the DB
even despite the failure. For example, if a fix wrote to the DB, but then failed a post-write
check, then the fix will not be unrolled.
This is because we do not have nested transactions in TDB.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12178
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Aug 29 12:46:21 CEST 2016 on sn-devel-144
Andrew Bartlett [Fri, 26 Aug 2016 03:54:35 +0000 (15:54 +1200)]
dsdb: Allow missing a mandatory attribute from a dbcheck fix
dbcheck of the rid pool (CN=RID Set) for another server will otherwise fail because
rIDNextRid is not replicated, and so it not present
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12178
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Garming Sam [Tue, 26 Jul 2016 09:13:56 +0000 (11:13 +0200)]
samba_upgradedns: Check for both accounts in BIND_DLZ upgrade
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10882
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Aug 29 08:53:14 CEST 2016 on sn-devel-144
Marc Muehlfeld [Fri, 26 Aug 2016 11:42:15 +0000 (13:42 +0200)]
Removed upgrading-samba4.txt
This file was about updating early Samba AD alpha versions.
We describe all important things related to the update process in the Wiki:
https://wiki.samba.org/index.php/Updating_Samba
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Aug 29 03:28:11 CEST 2016 on sn-devel-144