Ralph Boehme [Fri, 2 Dec 2016 10:44:53 +0000 (11:44 +0100)]
vfs_fruit: add fruit_stat_rsrc_xattr() implementation
This fixes fruit_stat_rsrc for the fruit:resource=xattr case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 10:30:06 +0000 (11:30 +0100)]
vfs_fruit: add fruit_stat_rsrc_stream() implementation
This fixes fruit_stat_rsrc for the fruit:resource=stream case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 10:26:22 +0000 (11:26 +0100)]
vfs_fruit: refactor fruit_stat_rsrc()
Use helper functions for the fruit:resource cases. No change in
behaveour.
The next patch will add the proper helper functions for
fruit:resource=xattr and fruit:resource=stream.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 09:46:55 +0000 (10:46 +0100)]
vfs_fruit: refactor fruit_open_rsrc()
This just splits up fruit_open_rsrc() to use helper functions for each
config->rsrc setting. No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 9 Dec 2016 17:24:40 +0000 (18:24 +0100)]
vfs_fruit: in fruit_rmdir() check ._ files before deleting them
This ensures we only delete valid AppleDouble files whose names begin
with "._", not just *any* file that matches "^._*".
Also use proper VFS functions instead of direclty calling the C library
functions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 9 Dec 2016 17:22:49 +0000 (18:22 +0100)]
vfs_fruit: fix fruit_rmdir() for the fruit:resource!=file case
The following code must only be executed for the fruit:resource=file
case. Otherwise no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 08:04:37 +0000 (09:04 +0100)]
vfs_fruit: fix fruit_chown() for the fruit:resource!=file case
The following code must only be executed for the fruit:resource=file
case.
While at it, remove an unnecessary lstat, use the stat info from
smb_fname.
Otherwise no change in behaviour for the fruit:resource=file case (the
default).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 08:02:27 +0000 (09:02 +0100)]
vfs_fruit: fix fruit_chmod() for the fruit:resource!=file case
The following code must only be executed for the fruit:resource=file
case.
While at it, remove an unnecessary lstat, use the stat info from
smb_fname.
Otherwise no change in behaviour for the fruit:resource=file case (the
default).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 08:00:31 +0000 (09:00 +0100)]
vfs_fruit: refactor fruit_unlink()
Refactor fruit_unlink() addin helper functions for all fruit:metadata
and fruit:resource settings.
No change in behaviour for fruit:metadata=netatalk and
fruit:resource=file (both the default), but fixes behaviour for the
other cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 07:47:36 +0000 (08:47 +0100)]
vfs_fruit: fix fruit_rename() for the fruit:resource!=file case
o fix the config check, we must only run following code for the
fruit:resource=file
o properly call SMB_VFS_NEXT_RENAME() instead diretly calling rename()
o bail out if we get an invalid stat
Otherwise, no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 9 Dec 2016 16:24:18 +0000 (17:24 +0100)]
vfs_fruit: correct readdir_attr_meta_finderi_stream() implementation
This gets correct behaviour in readdir_attr_meta_finderi for the
metadata=stream case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 1 Dec 2016 16:04:35 +0000 (17:04 +0100)]
vfs_fruit: refactor readdir_attr_meta()
Move the FinderInfo stuff to helper functions, no change in behaviour so
far.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 16:25:47 +0000 (17:25 +0100)]
vfs_fruit: update_btime() is only needed for metadata=netatalk
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 10:12:18 +0000 (11:12 +0100)]
vfs_fruit: correct fruit_stat_meta_stream() implementation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 2 Dec 2016 10:05:50 +0000 (11:05 +0100)]
vfs_fruit: refactor fruit_stat_meta()
Handle config->meta in helper functions. No change in behaviour. The next step
will add the correct implementation of fruit_stat_meta_stream().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 9 Dec 2016 16:01:37 +0000 (17:01 +0100)]
vfs_fruit: correct fruit_open_meta_stream() implementation
This needs to create and write a metadata blob when the stream is
created.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 29 Nov 2016 15:56:00 +0000 (16:56 +0100)]
vfs_fruit: refactor fruit_open_meta()
Just split out the fruit:metadata=stream case into a helper function, no
change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Wed, 16 Nov 2016 10:01:45 +0000 (11:01 +0100)]
vfs_fruit: replace unsafe ad_entry macro with a function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 15 Nov 2016 20:32:25 +0000 (21:32 +0100)]
vfs_fruit: fix fruit_pwrite() with metadata=stream
This makes the test "delete AFP_AfpInfo by writing all 0" pass with
fruit:metadata=stream.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Fri, 9 Dec 2016 15:25:38 +0000 (16:25 +0100)]
vfs_fruit: rename empty_finderinfo() and make it more robust
No change in behaviour, but ad_entry(ad, ADEID_FINDERI) can in theory
return NULL.
The next commit will add the same function for a AfpInfo type, so rename
this function that works on struct adouble to ad_empty_finderinfo().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 15 Nov 2016 19:32:05 +0000 (20:32 +0100)]
vfs_fruit: fix fruit_ftruncate with metadata=stream
With this the test "setinfo eof AFP_AfpInfo" passed with
fruit:metadata=stream.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Wed, 16 Nov 2016 08:34:13 +0000 (09:34 +0100)]
vfs_fruit: fix fruit_pread with metadata=stream
This make the test "fix offset and len handling for AFP_AfpInfo stream"
pass with fruit:metadata=stream.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 16:18:51 +0000 (17:18 +0100)]
vfs_catia: add catia_(g|s)et_dos_attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 8 Dec 2016 14:44:56 +0000 (15:44 +0100)]
vfs_catia: add catia_readdir_attr
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 6 Dec 2016 14:00:58 +0000 (15:00 +0100)]
vfs_catia: run translation on all handle based VFS functions
Also run translation of fsp->fsp_name and optionally
fsp->base_fsp->fsp_name if set for all handle based VFS functions.
This is necessary because some modules might use the path for something
in the handle based VFS ops.
An existing example is vfs_fruit. A later commit will remove the
translation that was done there because catia didn't before this commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Wed, 8 Feb 2017 18:16:21 +0000 (19:16 +0100)]
vfs_streams_xattr: use SMB_VFS_NEXT_OPEN and CLOSE
Using the SMB_VFS_OPEN leads to a recursion in the VFS that is hard to
follow and debug. It's called twice for the same fsp with two different
smb_fname's which makes it at least hard to debug, it may even be an
invalid usage.
Changing this here to use the NEXT function instead should have no
change in behaviour otherwise.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12565
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Thu, 1 Dec 2016 10:17:48 +0000 (11:17 +0100)]
vfs_streams_xattr: call SMB_VFS_OPEN with smb_fname_base
In case an SMB_VFS_OPEN() on a stream basename fails with EISDIR, we
retry the open as O_RDONLY. The retry should be done with the
smb_fname_base as well.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Wed, 16 Nov 2016 10:24:59 +0000 (11:24 +0100)]
s3/includes: add FinderInfo offset define to MacExtensions.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Tue, 15 Nov 2016 12:07:12 +0000 (13:07 +0100)]
selftest: don't run vfs_fruit tests against ad_dc env
This is just redundant and didn't add test coverage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Volker Lendecke [Mon, 20 Feb 2017 18:06:14 +0000 (19:06 +0100)]
winbind: Fix a cut&paste debug typo
We're in cm_connect_netlogon_transport, not in cm_connect_sam
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 2 00:31:54 CET 2017 on sn-devel-144
Volker Lendecke [Mon, 20 Feb 2017 17:30:48 +0000 (18:30 +0100)]
waf: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 Feb 2017 17:46:06 +0000 (18:46 +0100)]
posix_acls: Use talloc_zero_array
This is a slight change in behaviour: We now also zero out
the space for num_profile_acls.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 9 Feb 2017 17:45:40 +0000 (18:45 +0100)]
posix_acls: Do a *bit* of reformatting
Makes the next commit a bit more obvious to me
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Gary Lockyer [Fri, 17 Feb 2017 01:55:10 +0000 (14:55 +1300)]
script: Add test script for traffic_summary.pl
Add the test script for traffic_summary.pl, test data in previous
commit.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Mar 1 09:01:07 CET 2017 on sn-devel-144
Gary Lockyer [Thu, 16 Feb 2017 21:51:43 +0000 (10:51 +1300)]
script: Add script to provide an anonymous summary from tshark
The tshark command needs to output a PDML XML stream, which this command will
read. The summary is intended not to expose private or customer data while
allowing a good view on the range and frequency of the network traffic.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 16 Feb 2017 21:49:16 +0000 (10:49 +1300)]
script: Add test data for traffic_summary.pl
This network capture summary tool will be added in the next commit
This sample is taken from make test under SOCKET_WRAPPER_PCAP_FILE
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Sun, 26 Feb 2017 12:06:05 +0000 (13:06 +0100)]
samdb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Feb 28 13:55:42 CET 2017 on sn-devel-144
Volker Lendecke [Thu, 23 Feb 2017 19:48:32 +0000 (20:48 +0100)]
auth4: Reduce indentation level by an early error return
Just cosmetics for easier readability, no code change
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Sun, 26 Feb 2017 10:25:20 +0000 (11:25 +0100)]
auth4: Only use CrackNames if we're a DC
DsCrackNameOneName on a member does not really have a big user database. We
should delegate as much responsibility as possible to our DC.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Sun, 26 Feb 2017 08:16:02 +0000 (09:16 +0100)]
auth4: Fix map_user_info_cracknames for domain==NULL
DsCrackNameOneName directly fails for DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
if the name passed in does not contain a \. The only caller of
map_user_info_cracknames (auth_check_password_send) passes in
lpcfg_workgroup(), which does not contain a \. Add in the \ also for
the default_domain case.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Mon, 13 Feb 2017 20:33:57 +0000 (21:33 +0100)]
auth3: Simplify get_system_info3
We have global_sid_System, so we don't need to dom_sid_parse("S-1-5-18");
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb 27 11:31:53 CET 2017 on sn-devel-144
Volker Lendecke [Mon, 13 Feb 2017 19:47:59 +0000 (20:47 +0100)]
auth3: Fix some whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Wed, 22 Feb 2017 02:46:18 +0000 (15:46 +1300)]
repl_meta_data: Remove handling of backlinks from replmd_prepare_commit()
This deferred handling was already removed, for performance, from
everything but the add case.
We now remove the normal local add case (an originating update), eg
LDAP add from the transaction commit and insted do it on the ADD
operation callback (replmd_op_callback()).
To keep things simple, we make up the extended DN with the GUID and
SID as the object does not actually exist in the DB at the time we
prepare backlink. This also allows us to avoid another search in the
(much more common) modify case.
We rely on transactions to clean up the add of the object if the
backlink fails, thankfully unlike in replication replmd_add() is
normally the only operation in a transaction, and we have alredy
confirmed the link target exists during get_parsed_dns().
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Feb 27 07:12:02 CET 2017 on sn-devel-144
Martin Schwenke [Sat, 25 Feb 2017 02:04:45 +0000 (13:04 +1100)]
ctdb-build: Fix RPM build
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12595
It doesn't look like recursion works for appending scripting commands.
Unroll the recursion instead.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Feb 27 03:09:27 CET 2017 on sn-devel-144
Martin Schwenke [Fri, 24 Feb 2017 18:51:00 +0000 (05:51 +1100)]
ctdb-build: Add WAFLOCK magic to manpages target
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12595
Without this a top-level "make dist" fails to build the CTDB manpages.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Stefan Metzmacher [Mon, 20 Feb 2017 17:02:09 +0000 (18:02 +0100)]
pidl:Python: use of pytalloc_GenericObject_reference*() for pyrpc_{ex,im}port_union() wrapping
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Feb 25 06:33:33 CET 2017 on sn-devel-144
Stefan Metzmacher [Wed, 22 Feb 2017 08:07:54 +0000 (09:07 +0100)]
pidl:Python: replace pytalloc_CObject_FromTallocPtr() with pytalloc_GenericObject_reference_ex()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Feb 2017 09:08:46 +0000 (10:08 +0100)]
pidl:Python: make sure print HASH references for STRUCT types
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Feb 2017 09:14:10 +0000 (10:14 +0100)]
py_net: make use of pytalloc_GenericObject_steal()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Feb 2017 07:00:10 +0000 (08:00 +0100)]
talloc: version 2.1.9
* fix some coverity defects
* fix TALLOC_VERSION_MINOR and talloc_version_minor()
* add new tests
* add pytalloc_get_type()
* add pytalloc_GenericObject_{steal,reference}[_ex]()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 20 Feb 2017 16:33:42 +0000 (17:33 +0100)]
pytalloc: add pytalloc_GenericObject_{steal,reference}[_ex]()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Aurelien Aptel [Thu, 23 Feb 2017 13:05:14 +0000 (14:05 +0100)]
s3/smbd: allow GET_DFS_REFERRAL fsctl on any smb2 connexion
This FSCTL should work on any non-IPC share.
According to [MS-SMB2]
> 3.2.4.20.3 Application Requests DFS Referral Information:
> The client MUST search for an existing Session and TreeConnect to any
> share on the server identified by ServerName for the user identified by
> UserCredentials. If no Session and TreeConnect are found, the client
> MUST establish a new Session and TreeConnect to IPC$ on the target
> server as described in section 3.2.4.2 using the supplied ServerName and
> UserCredentials.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 25 02:38:28 CET 2017 on sn-devel-144
Stefan Metzmacher [Wed, 22 Feb 2017 20:29:50 +0000 (21:29 +0100)]
s3:idmap_ad: make use of pdb_get_trust_credentials() to get the machine account creds
This is mostly a cosmetic change currently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 24 22:34:48 CET 2017 on sn-devel-144
Stefan Metzmacher [Wed, 22 Feb 2017 20:18:32 +0000 (21:18 +0100)]
s3:winbindd: allow a fallback to NTLMSSP for LDAP connections
This matches the behaviour of pdb_get_trust_credentials() for
our machine account and allows us to fallback to NTLMSSP
when contacting trusted domains.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 23 Feb 2017 10:54:21 +0000 (11:54 +0100)]
s3:libads: add more debugging to ads_sasl_spnego_bind()
Any fallbacks to other authentication methods should be logged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 22 Feb 2017 19:07:25 +0000 (20:07 +0100)]
s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()
The implementation of pdb_get_trust_credentials() should have all
the details to set the kerberos_state to a useful value.
This should enable the fallback to NTLMSSP again, when using our
machine account against trusted domains.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 23 Feb 2017 10:54:21 +0000 (11:54 +0100)]
s3:winbindd: add more debugging to cm_prepare_connection()
Any fallbacks to other authentication methods should be logged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 22 Feb 2017 19:07:25 +0000 (20:07 +0100)]
s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials()
Trust accounts can only use kerberos when contacting other AD domains,
using NTLMSSP will fail.
At the same time it doesn't make sense to try kerberos for NT4 domains,
still NTLMSSP will fail, but the callers has to deal with that
case and just fallback to an anonymous SMB connection.
In all cases we should be able to use NETLOGON SCHANNEL
over any anonymous smb or tcp transport.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 22 Feb 2017 18:18:04 +0000 (19:18 +0100)]
s3:winbindd: fix the valid usage anonymous smb authentication
If we are in a situation where we don't have credentials to contact the
remote domain or against an NT4 with the following settings:
workgroup = NT4DOM
security = domain
require strong key = no
client use spnego = no
client ipc signing = auto
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 24 Feb 2017 15:02:50 +0000 (16:02 +0100)]
auth/credentials: try to use kerberos with the machine account unless we're in an AD domain
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 24 Feb 2017 10:37:32 +0000 (10:37 +0000)]
s3:winbindd: try a NETLOGON connection with noauth over NCACN_NP against trusted domains.
We're using only NCACN_NP here as we rely on the smb signing restrictions
of cm_prepare_connection().
This should fix SMB authentication with a user of a domain
behind a transitive trust.
With this change winbindd is able to call
dcerpc_netr_DsrEnumerateDomainTrusts against the
dc of a trusted domain again. This only works
for two-way trusts.
The main problem is the usage of is_trusted_domain()
which doesn't know about the domain, if winbindd can't
enumerate the domains in the other forest.
is_trusted_domain() is used in make_user_info_map(),
which is called in auth3_check_password() before
auth_check_ntlm_password().
That means we're mapping the user of such a domain
to our own local sam, before calling our auth modules.
A much better fix, which removes the usage of is_trusted_domain()
in planed for master, but this should do the job for current releases.
We should avoid talking to DCs of other domains and always
go via our primary domain. As we should code with one-way trusts
also, we need to avoid relying on a complete list of
domains in future.
For now "wbinfo -m" lists domains behind a two-way transitive
trust again, but that is likely to change in future again!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 24 Feb 2017 12:19:59 +0000 (13:19 +0100)]
Revert "s3-winbind: Fix schannel connections against trusted domain DCs"
This reverts commit
d2379caa77fe02264323d69fee1bcad33f1bfeee.
This change doesn't solve the real problem, it just
causes useless network traffic and the following error:
rpccli_setup_netlogon_creds failed for W2012R2-L6, unable to setup NETLOGON
credentials: NT_STATUS_NO_TRUST_SAM_ACCOUNT
While the old logic caused NT_STATUS_CANT_ACCESS_DOMAIN_INFO (without
network traffic) instead of the NT_STATUS_NO_TRUST_SAM_ACCOUNT.
A better fix will follow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Martin Schwenke [Tue, 7 Feb 2017 04:30:08 +0000 (15:30 +1100)]
ctdb-takeover: Don't release IPs from nodes where they are not known
This avoids confusing log messages like:
ctdbd[21635]: releaseip called for an ip '10.1.1.1' that is not a public address
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Feb 24 11:50:36 CET 2017 on sn-devel-144
Martin Schwenke [Tue, 7 Feb 2017 04:23:36 +0000 (15:23 +1100)]
ctdb-ipalloc: Add per-IP known_on bitmap
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 7 Feb 2017 04:00:25 +0000 (15:00 +1100)]
ctdb-takeover: Fetch public IP addresses from all connected nodes
Redundant releases will be sent to all connected nodes anyway, so this
is no worse. This will facilitate an improvement to avoid sending
releases to nodes with no known IPs.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 6 Feb 2017 01:14:10 +0000 (12:14 +1100)]
ctdb-takeover: Assign banning credits on failure to fetch public IPs
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 3 Feb 2017 05:41:42 +0000 (16:41 +1100)]
ctdb-takeover: Use takeover_failed() when fetching public IPs fails
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 3 Feb 2017 05:36:04 +0000 (16:36 +1100)]
ctdb-takeover: Generalise error handling for GET_PUBLIC_IPS
As with other controls, processes the errors by hand instead of using
ctdb_client_control_multi_error(). This will make it easier to add
banning credits for failures.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 3 Feb 2017 04:31:00 +0000 (15:31 +1100)]
ctdb-takeover: Only fetch available IPs from nodes with known IPs
A simple optimisation to avoid unnecessary communication.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 3 Feb 2017 04:26:39 +0000 (15:26 +1100)]
ctdb-takeover: Add debug message confirming fetching of public IPs
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 3 Feb 2017 03:41:57 +0000 (14:41 +1100)]
ctdb-tests: Populate per-node known IPs inline
At the moment this is done as a post-processing step for any nodes
that have no known IPs. However, this doesn't allow testing of
scenarios where there no known IPs on one or more nodes.
Add relevant tests.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 3 Feb 2017 01:28:44 +0000 (12:28 +1100)]
ctdb-ipalloc: Switch noiphost to struct bitmap
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 2 Dec 2016 03:21:59 +0000 (14:21 +1100)]
ctdb-ipalloc: Switch available_on to struct bitmap
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 2 Dec 2016 03:21:09 +0000 (14:21 +1100)]
lib/util: Put bitmap.c into samba-util-core so it is available to CTDB
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 27 Jan 2017 03:43:34 +0000 (14:43 +1100)]
ctdb-takeover: Short circuit if fetching IPs from no nodes
The current code will fetch IP from all connected and all active
nodes, so this can't happen. However, catch it anyway in case the
calling code changes.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 23 Feb 2017 05:10:33 +0000 (16:10 +1100)]
ctdb-takeover: Allocate IP list unconditionally in send function
This simplifies error handling and make failures less likely after
send.
This also means that num_nodes is not required in the state.
Also quietly remove unused ev and client from state.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 15 Feb 2017 08:33:02 +0000 (19:33 +1100)]
ctdb-tests: Add synchronisation points in reload IPs tests
"ctdb reloadips" use of ipreallocate() can result in a spurious
takeover runs. This can cause a subsequent "ctdb reloadips" to fail
to disable takeover runs (due to there being one already in progress).
There are various possible improvements but a proper fix probably
requires a protocol change. That would mean receiving an ACK for a
takeover run request to indicate that the request will be processes
and then a broadcast to indicate a completed takeover run.
There are various other partial fixes (e.g. de-duping queued takeover
run requests against those in the in-progess queue) and workarounds
(e.g. always do a double ipreallocate() in the tool, which should
absorb the spurious takeover run).
However, this is unlikely to be a real-world problem. Real use cases
should not involve repeatedly reloading the IP configuration.
Instead, work around the problem of flaky tests by manually adding
"ctdb sync" commands to cause extra no-op takeover runs. These should
not add spurious takeover runs and will create synchronisation points
to help avoid the issue.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 22 Feb 2017 09:37:14 +0000 (20:37 +1100)]
ctdb-doc: Update instructions in example NFS Ganesha call-out
In particular, make them reflect the recent advice in ctdbd.conf(5)
about setting CTDB_NFS_CHECKS_DIR.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 22 Feb 2017 07:55:56 +0000 (18:55 +1100)]
ctdb-doc: Fix monitoring bug in example NFS Ganesha call-out
There is no "check" method. This was an error in the original
example.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 22 Feb 2017 03:44:09 +0000 (14:44 +1100)]
ctdb-doc: Fix shellcheck warning in example NFS ganesha call-out
In ctdb/doc/examples/nfs-ganesha-callout line 216:
for node in `ls ${GANSTATEDIR}`; do
^-- SC2045: Iterating over ls output is fragile. Use globs.
^-- SC2006: Use $(..) instead of legacy `..`.
^-- SC2086: Double quote to prevent globbing and word splitting.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 22 Feb 2017 03:38:45 +0000 (14:38 +1100)]
ctdb-doc: Make example NFS Ganesha call-out almost pass shellcheck
This call-out is referred to in the wiki as an example, so make it as
clean as possible.
All the changes here are trivial. There is still one failure, which
is slightly non-trivial, so it can be fixed in a separate commit.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 22 Feb 2017 03:25:55 +0000 (14:25 +1100)]
ctdb-doc: Whitespace fixes in example NFS ganesha callout
Fix some whitespace errors, reindent the whole script and wrap lines
where needed.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 23 Feb 2017 02:14:27 +0000 (13:14 +1100)]
ctdb-utils: CID
1343331 Unchecked return value from library (CHECKED_RETURN)
Explicitly ignore keyboard input in ping_pong.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 23 Feb 2017 00:31:32 +0000 (11:31 +1100)]
ctdb-logging: CID
1396883 Dereference null return value (NULL_RETURNS)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
The fix in
08e03fa7f5fdc7f988fbbb26929e8c5727f36c2e is incomplete.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Stefan Metzmacher [Thu, 19 Jan 2017 03:29:13 +0000 (04:29 +0100)]
ldb/tools: only use LDB_FLG_SHOW_BINARY for 'ldbsearch'
--show-binary is only useful for ldbseach in all other cases
it will destroy data.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 24 03:59:01 CET 2017 on sn-devel-144
Stefan Metzmacher [Wed, 22 Feb 2017 06:26:33 +0000 (07:26 +0100)]
s3:wscript_build: remove unused bld.RECURSE('lib/pthreadpool')
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 22 Feb 2017 02:42:46 +0000 (15:42 +1300)]
dbchecker: Stop ignoring linked cases where both objects are alive
Previously, this did nothing and the code was both untested and unused.
Removes the knownfail entry for dbcheck.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600
Garming Sam [Wed, 22 Feb 2017 04:43:21 +0000 (17:43 +1300)]
tests/dbcheck: Add a test for two live objects, with a dangling forward link
Handling backlinks appears to be rather non-deterministic, so the
forward link hangs off of the RODC replication group (which has no other
valid forward links). In other situations, it either won't delete the
memberOf, or the expected output order will vary.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600
Garming Sam [Wed, 22 Feb 2017 02:43:34 +0000 (15:43 +1300)]
tests/dbcheck: Add a test for two live objects, with a dangling backlink
Adds dbcheck 4.5.0pre1 to the knownfail, to be removed later.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600
Jeremy Allison [Thu, 23 Feb 2017 17:41:03 +0000 (09:41 -0800)]
s3:winbind: work around coverity false positive.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 23 23:54:48 CET 2017 on sn-devel-144
Andreas Schneider [Thu, 16 Feb 2017 16:38:41 +0000 (17:38 +0100)]
ctdb: Fix posible NULL deref in logging_init()
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Amitay Isaacs [Tue, 21 Feb 2017 11:33:48 +0000 (22:33 +1100)]
build: Fix generation of CTDB manpages while creating tarball
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12595
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Feb 23 19:25:11 CET 2017 on sn-devel-144
Amitay Isaacs [Tue, 21 Feb 2017 11:44:10 +0000 (22:44 +1100)]
ctdb-build: Add make target for generating manpages
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12595
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 21 Feb 2017 11:30:30 +0000 (22:30 +1100)]
ctdb-build: Split dist() target to generate manpages separately
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12595
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Andrew Bartlett [Wed, 22 Feb 2017 22:02:07 +0000 (11:02 +1300)]
repl_meta_data: Clarify that replmd_private->la_list is only for DRS for replication
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 23 15:30:35 CET 2017 on sn-devel-144
Andrew Bartlett [Thu, 23 Feb 2017 00:00:19 +0000 (13:00 +1300)]
samba-tool drs replicate: Add --single-object
This may help when an object has been incorrectly locally removed from the NC
or there is an urgent need to replicate a specific object (say when full
replication is inoperable).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 17 Feb 2017 05:22:19 +0000 (18:22 +1300)]
python: Move partial replication logic into drs_utils.py
This allows us to use this easily from join.py soon
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 17 Feb 2017 05:21:33 +0000 (18:21 +1300)]
python: Move dnsserver helper functions into samba.dnsserver
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andreas Schneider [Thu, 16 Feb 2017 16:31:20 +0000 (17:31 +0100)]
coverity: Add modeling file for Coverity scan
The modeling file has currently all macros for cmocka that Coverity
doesn't detect false positives. We could add torture assert macros if
needed too.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 23 07:11:18 CET 2017 on sn-devel-144
Andreas Schneider [Fri, 17 Feb 2017 08:49:39 +0000 (09:49 +0100)]
s3:librpc: Fix OM_uint32 comparsion in if-clause
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>