Stefan Metzmacher [Tue, 20 Jun 2017 06:02:40 +0000 (08:02 +0200)]
s3:pylibsmb: use CLI_FULL_CONNECTION_FORCE_SMB1 in py_cli_state_init()
For now we only support SMB1, as most of the cli_*_send() function don't
support SMB2, it's only plugged into the sync wrapper functions currently.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 07:46:55 +0000 (09:46 +0200)]
s3:torture: use CLI_FULL_CONNECTION_FORCE_SMB1 in run_chain2()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 07:45:26 +0000 (09:45 +0200)]
s3:torture: use CLI_FULL_CONNECTION_FORCE_SMB1 in run_tcon_devtype_test()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 07:45:05 +0000 (09:45 +0200)]
s3:torture pass flags to torture_open_connection_share()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 06:49:05 +0000 (08:49 +0200)]
s3:client: smbclient -L can't do workgroup listing over SMB2/3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 06:17:27 +0000 (08:17 +0200)]
s3:torture: use CLI_FULL_CONNECTION_FORCE_SMB1 in torture_open_connection_share()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 06:16:57 +0000 (08:16 +0200)]
s3:libsmb: add CLI_FULL_CONNECTION_FORCE_SMB1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 19:53:49 +0000 (21:53 +0200)]
s3:torture: make use of smb_protocol_types_string() in run_smb2_negprot()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 19:52:54 +0000 (21:52 +0200)]
libcli/smb: add smb_protocol_types_string()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 20 Jun 2017 06:35:47 +0000 (08:35 +0200)]
s3:libsmb: add support for SMB2 to cli_nt_delete_on_close*()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 20 Jun 2017 06:35:13 +0000 (08:35 +0200)]
s3:libsmb: add cli_smb2_delete_on_close*()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 12:13:37 +0000 (14:13 +0200)]
s3:libsmb: normalize leading slashes in cli_resolve_path()
As we try to pass the path to an SMB2 server, we should have
just one leading backslash (which then gets ignored in
cli_smb2_create_fnum_send()).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 8 Dec 2016 13:06:39 +0000 (14:06 +0100)]
s3:libsmb: no longer pass remote_realm to cli_state_create()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 8 Dec 2016 13:06:16 +0000 (14:06 +0100)]
s3:libsmb: remove unused cli_state_remote_realm()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 13:46:54 +0000 (15:46 +0200)]
s3:rpc_server/spoolss: allow spoolss_connect_to_client() to use SMB2
It's just required that we can run DCERPC over the connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 20 Jun 2017 06:26:45 +0000 (08:26 +0200)]
python/tests: test SMB1 and SMB2/3 in auth_log.py
We should do this explicitly in order to make
the tests independent of 'client max protocol'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Garming Sam [Mon, 19 Jun 2017 03:01:56 +0000 (15:01 +1200)]
dnsserver/common: Use cached dnsHostName to reduce database reads
The code to clobber the host name appears to have caused DNS requests to use 3x as much resources
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 22 13:06:07 CEST 2017 on sn-devel-144
Garming Sam [Mon, 19 Jun 2017 02:49:55 +0000 (14:49 +1200)]
dsdb: Add a samdb_dns_host_name which avoids searching
This ideally should also be used in rootDSE.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 20 Jun 2017 20:10:30 +0000 (08:10 +1200)]
pycredentials: Add support for netr_crypt_password
Add code to encrypt a netr_CryptPassword structure with the current
session key. This allows the making of Netr_ServerPasswordSet2 calls
from python.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 20 Jun 2017 20:09:53 +0000 (08:09 +1200)]
s4/dcerpc_netlogon: Logging for dcesrv_netr_LogonGetDomainInfo
Log details of the remote machine when bad credentials received.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 15 Jun 2017 03:55:43 +0000 (15:55 +1200)]
pycredentials: add function to return the netr_Authenticator
Add method new_client_authenticator that returns data to allow a
netr_Authenticator to be constructed.
Allows python to make netr_LogonSamLogonWithFlags,
netr_LogonGetDomainInfo and similar calls
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 29 May 2017 04:04:14 +0000 (16:04 +1200)]
lsa.String: add String constructor, str and repr
Add a String constructor, str and repr methods to the
samba.dcerpc.lsa.String python object
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 14 Jun 2017 19:57:23 +0000 (07:57 +1200)]
Tests lsa.String: add String constructor, str and repr
Tests for the String constructor, str and repr methods added to
the samba.dcerpc.lsa.String python object
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Tue, 20 Jun 2017 18:20:38 +0000 (11:20 -0700)]
s3: smbd: When deleting an fsp pointer ensure we don't keep any references to it around.
Based on a suggestion from <lev@zadarastorage.com>
https://bugzilla.samba.org/show_bug.cgi?id=12818
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 22 00:12:49 CEST 2017 on sn-devel-144
Volker Lendecke [Sat, 17 Jun 2017 06:48:16 +0000 (08:48 +0200)]
messaging: Deliver messages only once
This survived an autobuild, so no subsystem strictly needs this anymore. In
particular the notify subsystem has been rewritten.
Why this patch? It removes some complexity from core code, and it reduces the
potential memory overconsumption: Right now I'm working on a g_lock_ping_pong
test. This test does a lot of messaging_filtered_read_send calls in a tight
loop on a nested event context. With the current code we let the
messaging_filtered_read code consume the message that arrives, but it also
posts it for consumption by the main event context attached to the messaging
context with its "classic" callback. This test never comes back to the main
event context, so it accumulates more and more self-posted messages. That's
just unnecessary, given that due to the successful autobuild nothing but the
read1 test makes use of the "multicasting" of messages.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 21 07:30:39 CEST 2017 on sn-devel-144
Volker Lendecke [Fri, 26 May 2017 16:48:32 +0000 (18:48 +0200)]
dbwrap: Remove unused dbwrap_file
This has stopped working ages ago. The idea is clear, but if someone
wants to revive it, I think it needs a completely fresh start.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 26 May 2017 16:47:23 +0000 (18:47 +0200)]
dbwrap: Remove unused dbwrap_cache
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 8 Jun 2017 10:20:15 +0000 (12:20 +0200)]
lib: Fix typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 8 Jun 2017 09:44:36 +0000 (11:44 +0200)]
ctdb: Fix typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 17 Jun 2017 19:26:27 +0000 (21:26 +0200)]
tevent: Simplify create_immediate
Not much change, just 9 lines less of code.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 1 Jun 2017 17:25:48 +0000 (19:25 +0200)]
lib: Give messages_ctdbd.c its own header
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 17 Jun 2017 07:46:43 +0000 (09:46 +0200)]
messaging: Use size_t for array sizes
We use talloc_realloc, that takes size_t.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 15 Jun 2017 15:36:58 +0000 (17:36 +0200)]
selftest: Give tmux a bit of time to establish
I've seen a lot of failures with make testenv telling that stdin returns
EAGAIN. I haven't fully diagnosed it, but this seems to fix it. Now
make testenv is much more reliable.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jun 21 03:14:17 CEST 2017 on sn-devel-144
Andreas Schneider [Tue, 20 Jun 2017 08:27:07 +0000 (10:27 +0200)]
s3:winbind: Fix 'winbind normalize names' in wb_getpwsid()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12851
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Wed, 23 Nov 2016 15:51:25 +0000 (16:51 +0100)]
messaging: Fix queueing on FreeBSD
FreeBSD does not do the nice blocking send that Linux does. Instead,
it returns ENOBUFS if the dst socket is full. According to the
manpage you have to do polling. Try with exponential backoff, at
the end try once a second forever.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 20 23:03:11 CEST 2017 on sn-devel-144
Volker Lendecke [Tue, 20 Jun 2017 12:50:41 +0000 (14:50 +0200)]
ldb: Fix CID
1412926 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 20 Jun 2017 13:31:18 +0000 (15:31 +0200)]
pidl: Fix array range checks in python output
Without this, we generated code like
if (ndr_table_dnsserver.num_calls < 0) {
PyErr_SetString(PyExc_TypeError, "Internal Error, ndr_interface_call missing for py_DnssrvOperation_ndr_pack");
return NULL;
}
call = &ndr_table_dnsserver.calls[0];
This does not really make sense, and Coverity found comparing the unsigned
num_calls against <0 a bit pointless.
Should fix 138 Coverity findings and make the code a bit more correct.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 19 Jun 2017 13:52:23 +0000 (15:52 +0200)]
s3:tests: Add test for smbclient -UDOMAIN+username
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12849
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 20 14:48:33 CEST 2017 on sn-devel-144
Andreas Schneider [Mon, 19 Jun 2017 12:50:33 +0000 (14:50 +0200)]
s3:popt_common: Reparse the username in popt_common_credentials_post()
When we parse the username in the options handling, the smb.conf file
has not been loaded yet. So we are not aware of a 'winbind separator'
set in the config file.
We need to read and set the username again in the post-processing of the
credentials.
https://bugzilla.samba.org/show_bug.cgi?id=12849
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 19 Jun 2017 12:34:02 +0000 (14:34 +0200)]
selftest: Use 'ad_dc' as the default for testenv
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Amitay Isaacs [Tue, 13 Jun 2017 05:32:36 +0000 (15:32 +1000)]
ctdb-locking: If a record could not be locked, log the key
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Jun 19 19:56:22 CEST 2017 on sn-devel-144
Amitay Isaacs [Wed, 7 Jun 2017 06:44:24 +0000 (16:44 +1000)]
ctdb-locking: Reduce logging in case of contention
Currently, every lock helper will log a message if it cannot get a lock.
This can spam the logs and overwhelm syslog if there are hundreds of
lock helpers waiting for contended record.
Instead keep track of the record for which we have already logged once
with specific timeout interval. If we get timeout interval larger than
the previously logged interval, then log again once. This will reduce
the amount of logs for contended records to a single log entry per 10
seconds per record.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 7 Jun 2017 06:45:50 +0000 (16:45 +1000)]
ctdb-locking: There are no ALLDB locks any more
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 14 Jun 2017 06:35:50 +0000 (16:35 +1000)]
ctdb-client: Add correct control names to log messages
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 6 Apr 2017 06:51:57 +0000 (16:51 +1000)]
ctdb-tests: Fix function names in protocol test
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Jeremy Allison [Thu, 8 Jun 2017 23:25:58 +0000 (16:25 -0700)]
s3: VFS: Change SMB_VFS_SYMLINK to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Jun 18 07:03:18 CEST 2017 on sn-devel-144
Jeremy Allison [Wed, 7 Jun 2017 22:03:37 +0000 (15:03 -0700)]
s3: VFS: Change SMB_VFS_READLINK to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Fri, 2 Jun 2017 22:26:06 +0000 (15:26 -0700)]
s3: VFS: Change SMB_VFS_STATVFS to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Fri, 2 Jun 2017 21:21:54 +0000 (14:21 -0700)]
s3: VFS: Change SMB_VFS_LINK to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Thu, 1 Jun 2017 18:45:25 +0000 (11:45 -0700)]
s3: VFS: Change SMB_VFS_GET_QUOTA to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Tue, 23 May 2017 17:40:47 +0000 (10:40 -0700)]
s3: VFS: Change SMB_VFS_DISK_FREE to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Fri, 19 May 2017 23:15:55 +0000 (16:15 -0700)]
s3: VFS: Change SMB_VFS_CHFLAGS to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Fri, 19 May 2017 22:01:52 +0000 (15:01 -0700)]
s3: VFS: Change SMB_VFS_MKNOD to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Thu, 1 Jun 2017 17:51:45 +0000 (10:51 -0700)]
s3: VFS: Remove old traces of smb_vfs_call_llistxattr().
This call doesn't exist anymore.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Stefan Metzmacher [Wed, 14 Jun 2017 22:03:14 +0000 (00:03 +0200)]
s4:libcli/smb_composite: make the additional gensec_update steps async
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jun 17 20:54:59 CEST 2017 on sn-devel-144
Stefan Metzmacher [Wed, 14 Jun 2017 21:33:04 +0000 (23:33 +0200)]
s4:libcli/smb_composite: add early returns to sesssetup.c:request_handler()
This makes it much clearer under which condutions the following code
operates.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 14 Jun 2017 21:24:10 +0000 (23:24 +0200)]
s4:libcli/smb_composite: make the first round to gensec async
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 15 May 2017 22:25:45 +0000 (00:25 +0200)]
s4:libcli/smb_composite: move gensec_update_ev() out of session_setup_spnego()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 15 May 2017 22:16:14 +0000 (00:16 +0200)]
s4:libcli/smb_composite: move session_setup_spnego_restart() to the callers of session_setup_spnego()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 15 May 2017 22:10:33 +0000 (00:10 +0200)]
s4:libcli/smb_composite: split out session_setup_spnego_restart() from session_setup_spnego()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 14 Jun 2017 21:24:10 +0000 (23:24 +0200)]
s4:libcli/smb_composite: move chosen_oid to state->chosen_oid
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 15 May 2017 22:01:07 +0000 (00:01 +0200)]
s4:libcli/smb_composite: simplify gensec_update_ev() handling in session_setup_spnego()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 14 Jun 2017 08:39:26 +0000 (10:39 +0200)]
auth/gensec: add GENSEC_UPDATE_IS_NTERROR() helper macro
This allows us to write clearer code that
checks for NT_STATUS_OK and NT_STATUS_MORE_PROCESSING_REQUIRED.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 14 Jun 2017 14:21:56 +0000 (16:21 +0200)]
auth/gensec: clear the update_busy_ptr in gensec_subcontext_start()
This is required to support async subcontexts.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Amitay Isaacs [Thu, 9 Mar 2017 04:50:59 +0000 (15:50 +1100)]
ctdb-recovery: Delete empty records during recovery
Persistent databases are now always recovered by sequence number. So
there is no need to keep the empty records in the database since they
will never be recovered record-by-record using RSN.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Jun 17 16:47:55 CEST 2017 on sn-devel-144
Amitay Isaacs [Thu, 9 Mar 2017 04:53:21 +0000 (15:53 +1100)]
ctdb-daemon: Delete empty records from persistent database
Persistent databases are now always recovered by sequence number. So
there is no need to keep the empty records in the database since they
will never be recovered record-by-record using RSN.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Thu, 15 Jun 2017 21:01:18 +0000 (23:01 +0200)]
s3:smb2_sesssetup: allow a compound request after a SessionSetup
This is not a full fix yet as we don't allow compound requests
after going async.
With SMB 3.11 requiring signed TreeConnect requests it's pointless
to try to compound requests after a SessionSetup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12845
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 17 10:55:25 CEST 2017 on sn-devel-144
Stefan Metzmacher [Thu, 15 Jun 2017 21:01:18 +0000 (23:01 +0200)]
s3:smb2_tcon: allow a compound request after a TreeConnect
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12844
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 13 Jun 2017 23:56:48 +0000 (16:56 -0700)]
s3: libsmb: Correctly save and restore connection tcon in smbclient, smbcacls and smbtorture3.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Tue, 13 Jun 2017 23:37:39 +0000 (16:37 -0700)]
s3: libsmb: Correctly do lifecycle management on cli->smb1.tcon and cli->smb2.tcon.
Treat them identically. Create them on demand after for a tcon call,
and delete them on a tdis call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Tue, 13 Jun 2017 23:36:54 +0000 (16:36 -0700)]
s3: libsmb: Fix cli_state_has_tcon() to cope with SMB2 connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Tue, 13 Jun 2017 23:26:00 +0000 (16:26 -0700)]
s3: libsmb: Widen cli_state_get_tid() / cli_state_set_tid() to 32-bits.
Copes with SMB2 connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Tue, 13 Jun 2017 23:25:25 +0000 (16:25 -0700)]
s3: smbtorture: Show correct use of cli_state_save_tcon() / cli_state_restore_tcon().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Tue, 13 Jun 2017 23:15:00 +0000 (16:15 -0700)]
s3: libsmb: Add cli_state_save_tcon() / cli_state_restore_tcon().
Save and restore tcon pointers in smb1 or smb2 structs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Tue, 13 Jun 2017 23:08:22 +0000 (16:08 -0700)]
libcli: smb: Add smb2cli_tcon_set_id().
Will be used in test and client code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Tue, 13 Jun 2017 23:06:22 +0000 (16:06 -0700)]
libcli: smb: Add smbXcli_tcon_copy().
Makes a deep copy of a struct smbXcli_tcon *, will
be used later.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Andrew Bartlett [Sat, 10 Jun 2017 07:23:34 +0000 (19:23 +1200)]
dsdb: Add comment explaining requirements on DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 16 23:43:46 CEST 2017 on sn-devel-144
Andrew Bartlett [Thu, 8 Jun 2017 11:17:20 +0000 (23:17 +1200)]
dsdb: Do not prevent searches for @ATTRIBUTES because the DB is not set up yet
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 6 Jun 2017 22:44:50 +0000 (10:44 +1200)]
dsdb: Do not run dsdb_replace() on the calculated difference between old and new schema
We can set the database @INDEXLIST and @ATTRIBUTES to the full calculated
values, not the difference, and let the ldb layer work it out under the
transaction lock.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 16 Jun 2017 02:13:42 +0000 (14:13 +1200)]
selftest: confirm that two attributes are also correctly set in the @ records
This shows that the current behaviour in dsdb_schema_set_indices_and_attributes(), while
not ideal, is not actually buggy.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 14 Jun 2017 01:11:56 +0000 (13:11 +1200)]
selftest: Fix failure message in dsdb_schema_info
The rename changes the CN, not the lDAPDisplayName
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Sun, 11 Jun 2017 21:19:01 +0000 (23:19 +0200)]
krb5_wrap: handle KRB5_ERR_HOST_REALM_UNKNOWN in smb_krb5_get_realm_from_hostname()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 23 May 2017 13:05:25 +0000 (15:05 +0200)]
s4:gensec_gssapi: fix CID
1409781: Possible Control flow issues (DEADCODE)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Thu, 15 Jun 2017 04:20:11 +0000 (16:20 +1200)]
selftest: Also wait for winbindd to start
This ensures that the posixacl.py test does not race against winbindd starting up and so
give wrong mappings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12843
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 15 Jun 2017 04:19:17 +0000 (16:19 +1200)]
selftest: Correctly print message when nbt is not up in 20 seconds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12843
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Thu, 15 Jun 2017 09:48:24 +0000 (11:48 +0200)]
tevent_threads: Fix a rundown race introduced with
1828011317b
The race is easily reproduced by adding a poll(NULL,0,10) in between the two
pthread_mutex_unlock calls in _tevent_threaded_schedule_immediate.
Before
1828011317b, the main thread was signalled only after the helper
had already unlocked event_ctx_mutex.
Full explaination follows:
-----------------------------------------------------------------
Inside _tevent_threaded_schedule_immediate() we have:
476 ret = pthread_mutex_unlock(&ev->scheduled_mutex);
477 if (ret != 0) {
478 abort();
479 }
HERE!!!!
481 ret = pthread_mutex_unlock(&tctx->event_ctx_mutex);
482 if (ret != 0) {
483 abort();
484 }
At the HERE!!! point, what happens is tevent_common_threaded_activate_immediate(),
which is blocked on ev->scheduled_mutex, get released and does:
514 while (ev->scheduled_immediates != NULL) {
515 struct tevent_immediate *im = ev->scheduled_immediates;
516 DLIST_REMOVE(ev->scheduled_immediates, im);
517 DLIST_ADD_END(ev->immediate_events, im);
518 }
- making an immediate event ready to be scheduled.
This then returns into epoll_event_loop_once(), which then calls:
910 if (ev->immediate_events &&
911 tevent_common_loop_immediate(ev)) {
912 return 0;
913 }
which causes the immediate event to fire. This immediate
event is the pthread job terminate event, which was previously
set up in pthreadpool_tevent_job_signal() by:
198 if (state->tctx != NULL) {
199 /* with HAVE_PTHREAD */
200 tevent_threaded_schedule_immediate(state->tctx, state->im,
201 pthreadpool_tevent_job_done,
202 state);
So we now call pthreadpool_tevent_job_done() - which does:
225 TALLOC_FREE(state->tctx);
calling tevent_threaded_context_destructor():
384 ret = pthread_mutex_destroy(&tctx->event_ctx_mutex); <---------------- BOOM returns an error !
385 if (ret != 0) {
386 abort();
387 }
as we haven't gotten to line 481 above (the line after
HERE!!!!) so the tctx->event_ctx_mutex is still
locked when we try to destroy it.
So doing an additional:
ret = pthread_mutex_lock(&tctx->event_ctx_mutex);
ret = pthread_mutex_unlock(&tctx->event_ctx_mutex);
(error checking elided) forces tevent_threaded_context_destructor()
to wait until tctx->event_ctx_mutex is unlocked before it locks/unlocks
and then is guaranteed safe to destroy.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 13 Jun 2017 03:23:14 +0000 (15:23 +1200)]
dsdb: Remember the last ACL we read during a search and what it expanded to
It may well be the same as the next one we need to check, so we can
avoid parsing it again.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 16 07:39:24 CEST 2017 on sn-devel-144
Andrew Bartlett [Tue, 13 Jun 2017 02:26:49 +0000 (14:26 +1200)]
dsdb: Cache the result of checking the parent ACL
This should help a lot for large one-level searches and for subtree searches that are of
flat tree structures
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Stefan Metzmacher [Fri, 7 Apr 2017 09:22:25 +0000 (11:22 +0200)]
WHATSNEW: change the default for "map untrusted to domain" to "auto"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Mar 2017 11:11:26 +0000 (12:11 +0100)]
docs-xml: change the default for "map untrusted to domain" to "auto"
This makes the behaviour much more robust, particularly with forest child
domains over one-way forest trusts.
Sadly we don't support this kind of setup with our current ADDC, so
there's no way to have automated tests for this behaviour, but
at least we know it doesn't break any existing tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Mar 2017 11:11:26 +0000 (12:11 +0100)]
docs-xml: document "map untrusted to domain = auto"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 10 Jun 2017 11:30:44 +0000 (13:30 +0200)]
docs-xml: improve documentation of "map untrusted to domain"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Mar 2017 11:08:20 +0000 (12:08 +0100)]
auth3: prepare the logic for "map untrusted to domain = auto"
This implements the same behavior as Windows,
we should pass the domain and account names given
by the client directly to the auth backends,
they can decide if they are able to process the
authentication pass it to the next backend.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 16 Mar 2017 14:09:26 +0000 (15:09 +0100)]
auth3: call is_trusted_domain() as the last condition make_user_info_map()
We should avoid contacting winbind if we already know the domain is our
local sam or our primary domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 14 Jun 2017 22:53:03 +0000 (10:53 +1200)]
gitignore: ignore .gpg-* generated files (for ubuntu 16.04)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 15 21:40:08 CEST 2017 on sn-devel-144
Douglas Bagnall [Wed, 7 Jun 2017 05:45:15 +0000 (17:45 +1200)]
repl_meta_data: single valued error codes depend on change type
A replace leads to CONSTRAINT_VIOLATION while an add causes
ATTRIBUTE_OR_VALUE_EXISTS. For this we need to check the mod type
before the replmd_modify_la_* calls because they change everything
into a replace.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 31 May 2017 05:40:05 +0000 (17:40 +1200)]
replmd: special-case member return value in replmd_add_fix_la()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 31 May 2017 03:22:45 +0000 (15:22 +1200)]
replmd: check duplicate linked attributes
This is simple enough because we already have the sorted list.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Fri, 26 May 2017 03:17:21 +0000 (15:17 +1200)]
replmd: check single values in replmd_add_fix_la
repl_meta_data knows whether linked attributes are appropriately
[un-]duplicated, and this is how it tells ldb_tdb that.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 14 Jun 2017 23:34:20 +0000 (11:34 +1200)]
ldb: 1.1.31
* Add efficient function to find duplicate values in ldb messages
(this makes large multi-valued attributes in ldb_tdb more efficient)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>