bbaumbach/samba-autobuild/.git
6 months agovfs_full_audit: ntimes: log a-, m-, c- and creation-time master
Björn Baumbach [Thu, 27 Sep 2018 08:32:37 +0000 (10:32 +0200)]
vfs_full_audit: ntimes: log a-, m-, c- and creation-time

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
6 months agodns update: add missing newline in error debug message
Björn Baumbach [Fri, 31 Aug 2018 14:12:34 +0000 (16:12 +0200)]
dns update: add missing newline in error debug message

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
6 months agoselftest: test samba-tool ntacl get/set on AD member server
Björn Baumbach [Wed, 19 Sep 2018 14:36:45 +0000 (16:36 +0200)]
selftest: test samba-tool ntacl get/set on AD member server

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
6 months agosamba-tool ntacl: allow to run get/set-ntacl command in non-AD-DC role
Björn Baumbach [Tue, 4 Sep 2018 14:32:50 +0000 (16:32 +0200)]
samba-tool ntacl: allow to run get/set-ntacl command in non-AD-DC role

Can be used to get and apply NT-ACLs on Samba member servers.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
6 months agos3/py_passdb: add get_domain_sid() to get domain sid from secrets database
Björn Baumbach [Tue, 4 Sep 2018 14:30:53 +0000 (16:30 +0200)]
s3/py_passdb: add get_domain_sid() to get domain sid from secrets database

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
6 months agosamba-tool ntacl: pass system session to get/set-ntacl functions
Björn Baumbach [Tue, 4 Sep 2018 14:20:49 +0000 (16:20 +0200)]
samba-tool ntacl: pass system session to get/set-ntacl functions

The filled session is needed in different vfs modules.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
6 months agopysmbd: handle file not found error
Björn Baumbach [Wed, 19 Sep 2018 14:52:54 +0000 (16:52 +0200)]
pysmbd: handle file not found error

Avoid PANIC: internal error

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
6 months agopysmbd: add option to pass a session info to set_nt_acl() function
Björn Baumbach [Tue, 4 Sep 2018 13:29:58 +0000 (15:29 +0200)]
pysmbd: add option to pass a session info to set_nt_acl() function

A filled session info is needed by some vfs modules, e.g. full_audit.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
6 months agos4-auth: allow to pass original_user_name=NULL to auth_session_info_fill_unix()
Björn Baumbach [Tue, 25 Sep 2018 11:16:15 +0000 (13:16 +0200)]
s4-auth: allow to pass original_user_name=NULL to auth_session_info_fill_unix()

With this patch the auth_session_info_fill_unix() uses the "unix_name"
from the session_info->unix_info if no original_user_name was specified.

This is used to process a system session info where no original_user_name
is given.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
6 months agos4-auth: allow to create unix token from system session info
Björn Baumbach [Tue, 25 Sep 2018 11:11:09 +0000 (13:11 +0200)]
s4-auth: allow to create unix token from system session info

Without this patch security_token_to_unix_token() fails with
NT_STATUS_ACCESS_DENIED, because the system session does only
have one SID.
For a typical token are at least two or more SIDs expected.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
6 months agos4-auth: fetch possible out of memory error
Björn Baumbach [Tue, 4 Sep 2018 12:46:03 +0000 (14:46 +0200)]
s4-auth: fetch possible out of memory error

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
6 months agos4-auth: use TALLOC_FREE() shortcut
Björn Baumbach [Tue, 4 Sep 2018 12:45:05 +0000 (14:45 +0200)]
s4-auth: use TALLOC_FREE() shortcut

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
6 months agos4-auth: fix a typo in a comment
Björn Baumbach [Tue, 4 Sep 2018 12:43:33 +0000 (14:43 +0200)]
s4-auth: fix a typo in a comment

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
6 months agopython: Add samba.auth.copy_session_info()
Björn Baumbach [Tue, 4 Sep 2018 12:37:41 +0000 (14:37 +0200)]
python: Add samba.auth.copy_session_info()

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
6 months agoauth: move copy_session_info() from source3 into the global auth context
Björn Baumbach [Thu, 30 Aug 2018 14:33:25 +0000 (16:33 +0200)]
auth: move copy_session_info() from source3 into the global auth context

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
6 months agovfs_fruit: move check in ad_convert() to ad_convert_*() subfunctions
Ralph Boehme [Tue, 9 Oct 2018 08:15:37 +0000 (10:15 +0200)]
vfs_fruit: move check in ad_convert() to ad_convert_*() subfunctions

Currently the whole conversion is skipped if the FinderInfo entry in the
AppleDouble file is of the default size (ie not containing xattrs).

That also means we never converted FinderInfo from the AppleDouble file
to stream format. This change finally fixes this.

Note that this keeps failing with streams_depot, much like the existing
known-fail of "samba3.vfs.fruit streams_depot.OS X AppleDouble file
conversion". Fixing the conversion to work with vfs_streams_depot is a
task for another day.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 11 01:30:13 CEST 2018 on sn-devel-144

6 months agovfs_fruit: make call to ad_convert_truncate() optional
Ralph Boehme [Mon, 8 Oct 2018 16:47:32 +0000 (18:47 +0200)]
vfs_fruit: make call to ad_convert_truncate() optional

Call ad_convert_truncate() based on whether the previous call
ad_convert_xattr() returned converted_xattr=true.

Upcoming fixes for a different Samba bug (#13642) will hook into calling
ad_convert_truncate() in other cases, this also prepares for that.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: add out arg "converted_xattr" to ad_convert_xattr
Ralph Boehme [Mon, 8 Oct 2018 16:43:51 +0000 (18:43 +0200)]
vfs_fruit: add out arg "converted_xattr" to ad_convert_xattr

Used to let the caller know if a conversion has been done. Currently not
used in the caller, that comes next.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: add check for OS X filler in FinderInfo conversion
Ralph Boehme [Mon, 8 Oct 2018 10:51:37 +0000 (12:51 +0200)]
vfs_fruit: add check for OS X filler in FinderInfo conversion

This ensures that the function only acts on AppleDouble files created by
macOS and not AppleDouble files created by us that are already in the
correct format (only using the Resource Fork).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: call ad_convert_move_reso() from ad_convert_xattr()
Ralph Boehme [Fri, 5 Oct 2018 20:05:43 +0000 (22:05 +0200)]
vfs_fruit: call ad_convert_move_reso() from ad_convert_xattr()

ad_convert_xattr() is the place that triggers the need to move the
resource fork, so it should also call ad_convert_move_reso().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: let the ad_convert_*() subfunction update the on-disk AppleDoube header...
Ralph Boehme [Fri, 5 Oct 2018 15:07:45 +0000 (17:07 +0200)]
vfs_fruit: let the ad_convert_*() subfunction update the on-disk AppleDoube header as needed

Another step in simplifying ad_convert() itself. It means that we may
write to disk twice, but is only ever done once per AppleDouble file.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: let the ad_convert_*() subfunctions mmap as needed
Ralph Boehme [Fri, 5 Oct 2018 14:59:18 +0000 (16:59 +0200)]
vfs_fruit: let the ad_convert_*() subfunctions mmap as needed

This may mean that we mmap twice when we convert an AppleDouble file,
but this is the only sane way to cleanly modularize ad_convert().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: fix error returns in ad_convert_xattr()
Ralph Boehme [Fri, 5 Oct 2018 14:52:32 +0000 (16:52 +0200)]
vfs_fruit: fix error returns in ad_convert_xattr()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: use ADEDOFF_RFORK_DOT_UND offset macro in ad_convert_move_reso()
Ralph Boehme [Fri, 5 Oct 2018 17:15:04 +0000 (19:15 +0200)]
vfs_fruit: use ADEDOFF_RFORK_DOT_UND offset macro in ad_convert_move_reso()

We really want the fixed size offset here, not a calculated one. Note
that "ad_getentryoff(ad, ADEID_FINDERI) + ADEDLEN_FINDERI" is equal to
ADEDOFF_RFORK_DOT_UND.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: split out moving of the resource fork
Ralph Boehme [Fri, 5 Oct 2018 14:44:53 +0000 (16:44 +0200)]
vfs_fruit: split out moving of the resource fork

No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: use ADEDOFF_RFORK_DOT_UND offset macro in ad_convert_truncate()
Ralph Boehme [Fri, 5 Oct 2018 17:15:04 +0000 (19:15 +0200)]
vfs_fruit: use ADEDOFF_RFORK_DOT_UND offset macro in ad_convert_truncate()

We really want the fixed size offset here, not a calculated one. Note
that "ad_getentryoff(ad, ADEID_RFORK)" is equal to ADEDOFF_RFORK_DOT_UND
in this case.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: split out truncating from ad_convert()
Ralph Boehme [Fri, 5 Oct 2018 17:13:16 +0000 (19:13 +0200)]
vfs_fruit: split out truncating from ad_convert()

This may look a little ill-advised as this increases line count, but
the goal here is modularizing ad_convert() itself and making it as slick
as possible helps achieving that goal.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: move FinderInfo lenght check to ad_convert()
Ralph Boehme [Fri, 5 Oct 2018 14:26:46 +0000 (16:26 +0200)]
vfs_fruit: move FinderInfo lenght check to ad_convert()

The final step in consolidating all conversion related work in
ad_convert(). No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: move FinderInfo conversion to helper function and call it from ad_convert()
Ralph Boehme [Fri, 5 Oct 2018 14:25:27 +0000 (16:25 +0200)]
vfs_fruit: move FinderInfo conversion to helper function and call it from ad_convert()

No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: move storing of modified struct adouble to ad_convert()
Ralph Boehme [Fri, 5 Oct 2018 14:14:40 +0000 (16:14 +0200)]
vfs_fruit: move storing of modified struct adouble to ad_convert()

ad_convert() modified it, so let ad_convert() also save it to disk. No
change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: remove unneeded fd argument from ad_convert()
Ralph Boehme [Thu, 4 Oct 2018 06:51:28 +0000 (08:51 +0200)]
vfs_fruit: remove unneeded fd argument from ad_convert()

Use the struct adouble member ad_fd instead of passing it as an
argument. Who did that in the first place? :)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: do direct return from error checks in ad_convert()
Ralph Boehme [Thu, 4 Oct 2018 06:23:59 +0000 (08:23 +0200)]
vfs_fruit: do direct return from error checks in ad_convert()

Subsequent commits will move the mmap() into the subfunctions. This
change just prepares for that.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: move setting ADEID_FINDERI length to ad_convert_xattr()
Ralph Boehme [Tue, 2 Oct 2018 12:51:05 +0000 (14:51 +0200)]
vfs_fruit: move setting ADEID_FINDERI length to ad_convert_xattr()

ad_convert_xattr() does the conversion of the xattr data in the
AppleDouble file, so we should update it's size there and should not
defer it to the caller.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: store filler bytes from AppleDouble file header in struct adouble
Ralph Boehme [Fri, 5 Oct 2018 13:12:44 +0000 (15:12 +0200)]
vfs_fruit: store filler bytes from AppleDouble file header in struct adouble

This can later be used to distinguish between macOS created AppleDouble
files and AppleDouble files created by Samba or Netatalk.

macOS:    "Mac OS X        "
Samba:    "Netatalk        "
Netatalk: "Netatalk        "

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agovfs_fruit: fix two comments
Ralph Boehme [Tue, 11 Sep 2018 12:05:43 +0000 (14:05 +0200)]
vfs_fruit: fix two comments

Thanks to the recent addition of ad_convert_xattr() we now correctly
handle this case.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agos4:torture: FinderInfo conversion test with AppleDouble without xattr data
Ralph Boehme [Sun, 7 Oct 2018 16:26:47 +0000 (18:26 +0200)]
s4:torture: FinderInfo conversion test with AppleDouble without xattr data

This testcase demonstrates that the AppleDouble conversion in vfs_fruit
doesn't correctly convert the FinderInfo data from the AppleDouble file
to a stream.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agotests/python/ldap: use int instead of long for time_t
Douglas Bagnall [Thu, 4 Oct 2018 02:30:21 +0000 (15:30 +1300)]
tests/python/ldap: use int instead of long for time_t

Python int is at least a C long; Python long disappears in Py3.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <nopower@suse.com>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Oct 10 09:28:20 CEST 2018 on sn-devel-144

6 months agopython/upgradehelpers: use int not long for PY3
Douglas Bagnall [Thu, 4 Oct 2018 02:29:02 +0000 (15:29 +1300)]
python/upgradehelpers: use int not long for PY3

int works OK for py2 also.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <nopower@suse.com>
6 months agopyauth: Remove imessaging_ctx parameter to new
Gary Lockyer [Sun, 30 Sep 2018 23:20:44 +0000 (12:20 +1300)]
pyauth: Remove imessaging_ctx parameter to new

The pyauth code assumes the messaging context code is a py_talloc
object.  But the code in pymessaging returns a wrapped talloc object.
Removing the parameter as it's not currently used by any code.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Noel Power <nopower@suse.com>
6 months agopopt_common_creds: actually use the ignore_missing_conf flag
Douglas Bagnall [Tue, 2 Oct 2018 22:42:22 +0000 (11:42 +1300)]
popt_common_creds: actually use the ignore_missing_conf flag

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Olly Betts <olly@survex.com>
Reviewed-by: Noel Power <nopower@suse.com>
6 months agonetcmd: apply the new get_logger to cmds
Joe Guo [Tue, 21 Aug 2018 00:45:15 +0000 (12:45 +1200)]
netcmd: apply the new get_logger to cmds

This is an example of how to use the new logger.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 months agonetcmd: modify Command.get_logger to use get_samba_logger
Joe Guo [Tue, 21 Aug 2018 00:08:59 +0000 (12:08 +1200)]
netcmd: modify Command.get_logger to use get_samba_logger

By doing this, we don't need to repeat the log level convert code any more.
Also, logs have colors now.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 months agoscript/traffic_replay: apply new logger to replace print
Joe Guo [Mon, 20 Aug 2018 02:13:33 +0000 (14:13 +1200)]
script/traffic_replay: apply new logger to replace print

Use logger to replace print

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 months agoscript/traffic_replay: get debug level via api
Joe Guo [Mon, 20 Aug 2018 04:18:45 +0000 (16:18 +1200)]
script/traffic_replay: get debug level via api

The -d option will set samba global debug level automatically.
We should not parse and use the passed in value.

Use samba.get_debug_level instead.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 months agoscript/traffic_replay: print packets data to stderr
Joe Guo [Mon, 20 Aug 2018 04:31:32 +0000 (16:31 +1200)]
script/traffic_replay: print packets data to stderr

This is debug info, should print to stderr.
Otherwise it will flood stdout.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 months agoemulate/traffic: apply new logger to replace print
Joe Guo [Wed, 22 Aug 2018 04:42:12 +0000 (16:42 +1200)]
emulate/traffic: apply new logger to replace print

These print are actually progress infomation, should use logger to
print to stderr, other than stdout.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 months agosamba/logger: add logger module for python
Joe Guo [Mon, 20 Aug 2018 22:48:04 +0000 (10:48 +1200)]
samba/logger: add logger module for python

We need a consitent way for logging in Samba Python code.

This module provides a factory method `get_samba_logger` to create logger,
with a reasonable default format and optional color.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 months agoemulate/traffic: allow traffic_replay to run users and groups generate multiple times
Joe Guo [Thu, 9 Aug 2018 03:49:17 +0000 (15:49 +1200)]
emulate/traffic: allow traffic_replay to run users and groups generate multiple times

When we run `traffic_replay --generate-users-only`, if we cancel it or
it breaks in middle, it won't do anything when we try to run it again.

This is because the code will check the first user/group to create. If
it's already there, then it thought task already done, and break the loop.

This commit change the behavior:
We search existing users/groups first, skip existing ones, and
create non-existing ones. So we can run it multi-times to make sure the
expected users and groups are actually created.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 months agolib: Remove lib/crypto/crc32.[ch]
Volker Lendecke [Tue, 9 Oct 2018 09:41:49 +0000 (11:41 +0200)]
lib: Remove lib/crypto/crc32.[ch]

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 10 01:41:52 CEST 2018 on sn-devel-144

6 months agodrsuapi: Use the zlib version of crc32
Volker Lendecke [Tue, 9 Oct 2018 09:40:17 +0000 (11:40 +0200)]
drsuapi: Use the zlib version of crc32

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agoauth: Use the zlib version of crc32
Volker Lendecke [Tue, 9 Oct 2018 09:39:39 +0000 (11:39 +0200)]
auth: Use the zlib version of crc32

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agobuild: Multi-line deps
Volker Lendecke [Tue, 9 Oct 2018 09:04:43 +0000 (11:04 +0200)]
build: Multi-line deps

We'll add one in the next commit

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agopdb: Reduce code duplication in make_user_info()
Volker Lendecke [Fri, 5 Oct 2018 12:49:17 +0000 (14:49 +0200)]
pdb: Reduce code duplication in make_user_info()

10 lines less and a few hundred (-O0) bytes .text less

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct  9 01:22:53 CEST 2018 on sn-devel-144

6 months agopdb: Fix some "(ret == true)" to just "(ret)"
Volker Lendecke [Fri, 5 Oct 2018 09:34:41 +0000 (11:34 +0200)]
pdb: Fix some "(ret == true)" to just "(ret)"

"ret" is a boolean, so this should not change semantics

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agopdb: Use "sid_compose" where appropriate
Volker Lendecke [Fri, 5 Oct 2018 10:12:39 +0000 (12:12 +0200)]
pdb: Use "sid_compose" where appropriate

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agolib: Avoid the use of open_memstream in tevent_req_profile_string
Volker Lendecke [Sun, 7 Oct 2018 12:47:26 +0000 (14:47 +0200)]
lib: Avoid the use of open_memstream in tevent_req_profile_string

Solaris does not have it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13629
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agotdb: Basic test for circular freelist fix
Volker Lendecke [Thu, 4 Oct 2018 15:42:09 +0000 (17:42 +0200)]
tdb: Basic test for circular freelist fix

Try to store a record for which the (circular) freelist does not have
any entry.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agotdb: Basic test for circular hash chain fix
Volker Lendecke [Thu, 4 Oct 2018 19:41:27 +0000 (21:41 +0200)]
tdb: Basic test for circular hash chain fix

This just walks tdb_find by searching for a nonexistent record

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agotdb: Make the freelist walk circular-safe
Volker Lendecke [Thu, 4 Oct 2018 15:12:42 +0000 (17:12 +0200)]
tdb: Make the freelist walk circular-safe

We can't really do the full check while the freelist is modified on the
fly. As long as we don't merge any freelist entries, we should be good
to apply this check.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agotdb: Align integer types
Volker Lendecke [Thu, 4 Oct 2018 15:12:25 +0000 (17:12 +0200)]
tdb: Align integer types

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agotdb: Make get_hash_length circular-safe
Volker Lendecke [Thu, 4 Oct 2018 14:42:45 +0000 (16:42 +0200)]
tdb: Make get_hash_length circular-safe

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agotdb: Make tdb_find_dead circular-safe
Volker Lendecke [Thu, 4 Oct 2018 13:25:59 +0000 (15:25 +0200)]
tdb: Make tdb_find_dead circular-safe

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agotdb: Make tdb_dump_chain circular-list safe
Volker Lendecke [Thu, 4 Oct 2018 13:00:15 +0000 (15:00 +0200)]
tdb: Make tdb_dump_chain circular-list safe

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agotdb: Make tdb_find circular-safe
Volker Lendecke [Thu, 4 Oct 2018 13:21:01 +0000 (15:21 +0200)]
tdb: Make tdb_find circular-safe

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agotdb: Add tdb_chainwalk_check
Volker Lendecke [Thu, 4 Oct 2018 13:20:10 +0000 (15:20 +0200)]
tdb: Add tdb_chainwalk_check

This captures the tdb_rescue protection against circular hash chains
with a slow pointer updated only on every other record traverse

If a hash chain has a loop, eventually the next_ptr
will cycle around and be identical to the 'slow' pointer.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agoregistry: Don't use an uninitialized value
Volker Lendecke [Thu, 4 Oct 2018 09:59:43 +0000 (11:59 +0200)]
registry: Don't use an uninitialized value

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agoregistry: Print failure of regdb_unpack_values
Volker Lendecke [Tue, 2 Oct 2018 10:10:01 +0000 (12:10 +0200)]
registry: Print failure of regdb_unpack_values

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agoregistry: Add error checks to regdb_unpack_values
Volker Lendecke [Tue, 2 Oct 2018 11:16:23 +0000 (13:16 +0200)]
registry: Add error checks to regdb_unpack_values

This makes "regdb_unpack_values" take a size_t as buflen. The only
caller calls it with TDB_DATA.dsize, which *is* size_t. Convert the
internal "len" variable to the unsigned size_t as well and add overflow
checks. This depends on tdb_unpack to either return -1 or a positive
value less than or equal to the passed-in "size_t" buflen;

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agoregistry: Add error checks to regdb_fetch_keys_internal
Volker Lendecke [Tue, 2 Oct 2018 11:16:04 +0000 (13:16 +0200)]
registry: Add error checks to regdb_fetch_keys_internal

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agoregistry: Fix a typo
Volker Lendecke [Tue, 2 Oct 2018 10:00:30 +0000 (12:00 +0200)]
registry: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agotdb_unpack: Protect against overflow
Volker Lendecke [Thu, 4 Oct 2018 09:07:21 +0000 (11:07 +0200)]
tdb_unpack: Protect against overflow

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agotdb_unpack: Correct "len" arg for "B" format
Volker Lendecke [Thu, 4 Oct 2018 09:05:46 +0000 (11:05 +0200)]
tdb_unpack: Correct "len" arg for "B" format

All but one of the users of the "B" format specifier passed in a pointer
to uint32_t instead of what tdb_unpack expected, an "int". Because this
is a purely internal API, change the tdb_unpack function and adjust that
one caller.

To reviewers: Please check carefully, thanks :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agotdb_unpack: Convert to size_t for internal calculations
Volker Lendecke [Thu, 4 Oct 2018 08:57:47 +0000 (10:57 +0200)]
tdb_unpack: Convert to size_t for internal calculations

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
6 months agogpo: Test process_group_policy in gp_sec_ext
David Mulder [Thu, 30 Aug 2018 21:22:08 +0000 (15:22 -0600)]
gpo: Test process_group_policy in gp_sec_ext

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Autobuild-User(master): Aurélien Aptel <aaptel@samba.org>
Autobuild-Date(master): Mon Oct  8 21:25:59 CEST 2018 on sn-devel-144

6 months agogpo: test the get_deleted_gpos_list() function
David Mulder [Thu, 30 Aug 2018 16:25:45 +0000 (10:25 -0600)]
gpo: test the get_deleted_gpos_list() function

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo: Test the new get_applied functions
David Mulder [Wed, 29 Aug 2018 23:28:58 +0000 (17:28 -0600)]
gpo: Test the new get_applied functions

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo PEP8: balance whitespace around equals
Douglas Bagnall [Wed, 29 Aug 2018 01:30:59 +0000 (13:30 +1200)]
gpo PEP8: balance whitespace around equals

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpupdate: test the new --force option
David Mulder [Mon, 23 Jul 2018 19:27:31 +0000 (13:27 -0600)]
gpupdate: test the new --force option

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpupdate: Add the --force option
David Mulder [Wed, 16 May 2018 15:54:38 +0000 (09:54 -0600)]
gpupdate: Add the --force option

This option forces the reapplication of policy,
and works the same as MS 'gpupdate /force'

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo: Remove unused apply_log_pop() and list() funcs
David Mulder [Thu, 17 May 2018 22:49:39 +0000 (16:49 -0600)]
gpo: Remove unused apply_log_pop() and list() funcs

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo: add unapply to the gp_sec_ext
David Mulder [Thu, 19 Jul 2018 20:10:33 +0000 (14:10 -0600)]
gpo: add unapply to the gp_sec_ext

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo: Calculate deleted gpos and unapply them
David Mulder [Tue, 15 May 2018 20:00:07 +0000 (14:00 -0600)]
gpo: Calculate deleted gpos and unapply them

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo: Use the new process_group_policy() for unapply
David Mulder [Thu, 17 May 2018 22:48:47 +0000 (16:48 -0600)]
gpo: Use the new process_group_policy() for unapply

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo: avoid quadratic behaviour in guid retrieval
Douglas Bagnall [Wed, 29 Aug 2018 04:39:51 +0000 (16:39 +1200)]
gpo: avoid quadratic behaviour in guid retrieval

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo: Create a function for returning applied settings
David Mulder [Thu, 17 May 2018 21:56:15 +0000 (15:56 -0600)]
gpo: Create a function for returning applied settings

This returns a list of guids for gpos applied
plus settings applied and their previous values.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo: apply_map should not be required for gp_ext
David Mulder [Thu, 19 Jul 2018 18:55:00 +0000 (12:55 -0600)]
gpo: apply_map should not be required for gp_ext

The apply_map function should not be a requirement
to implement the gp_ext class, since only the
gp_sec_ext uses it now.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo: remove unreached non-DC branch in gp_sec_ext.apply_map()
David Mulder [Wed, 29 Aug 2018 03:44:35 +0000 (15:44 +1200)]
gpo: remove unreached non-DC branch in gp_sec_ext.apply_map()

We don't get this far if we are not a DC, and if somehow we do the
errors will be no more informative due to this special case.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo: Move policy application to the gp_ext
David Mulder [Thu, 17 May 2018 22:23:51 +0000 (16:23 -0600)]
gpo: Move policy application to the gp_ext

Policy specific setting application should be
handled by the group policy extension, not the
read/parse handler.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo: Remove unused gp_ext.list() function
David Mulder [Thu, 19 Jul 2018 16:56:29 +0000 (10:56 -0600)]
gpo: Remove unused gp_ext.list() function

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo: Implement process_group_policy() gp_ext func
David Mulder [Wed, 9 May 2018 19:16:38 +0000 (13:16 -0600)]
gpo: Implement process_group_policy() gp_ext func

MS spec describes the policy callback as a
function called ProcessGroupPolicy which accepts
a pDeletedGPOList and a pChangedGPOList param.
The Group Policy Client Side Extension then
iterates over the deleted, then the changed gpo
lists and applies/unapplies policy. We should do
this also.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo: Remove unused methods from gp_sec_ext
David Mulder [Wed, 16 May 2018 17:08:13 +0000 (11:08 -0600)]
gpo: Remove unused methods from gp_sec_ext

These functions were added by Luke, but have
never actually done anything. If/when we
read from these *.pol files, we won't need these
separate functions to do it.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo: Initialize gp_ext variables in constructor
David Mulder [Wed, 16 May 2018 16:58:29 +0000 (10:58 -0600)]
gpo: Initialize gp_ext variables in constructor

Initialize variables for the gp_ext in the
constructor instead of passing them via the parse
function.
This is a dependency of the "gpo: Implement
process_group_policy() gp_ext func" patch, since
the parse() function is now called by the ext,
instead of by gpupdate within apply_gp(). The
parse() function should only take the path
variable, to simplify writing Client Side
Extensions.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpupdate: Remove the unnecessary url parameter
David Mulder [Wed, 16 May 2018 14:04:20 +0000 (08:04 -0600)]
gpupdate: Remove the unnecessary url parameter

The samdb object isn't initialized here anymore,
but in the gp_sec_ext, so this parameter to
gpupdate does nothing.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo: gp_sec_ext should check whether to apply
David Mulder [Fri, 4 May 2018 20:09:30 +0000 (14:09 -0600)]
gpo: gp_sec_ext should check whether to apply

Whether an extension should apply should be
determined by the extension, not by the
calling script.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo: Initialize SamDB in the gp_sec_ext
David Mulder [Fri, 13 Jul 2018 20:45:06 +0000 (14:45 -0600)]
gpo: Initialize SamDB in the gp_sec_ext

The SamDB is only used by the gp_sec_ext, and
isn't needed elsewhere, so initialize it where
we need it and avoid passing it around
everywhere.
It makes the most sense to put this in the setter
class that uses it, so pass our creds down so we
have access to it, then initialize it there.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agogpo: abstract methods are defined in the parent class
David Mulder [Thu, 19 Jul 2018 15:48:11 +0000 (09:48 -0600)]
gpo: abstract methods are defined in the parent class

These methods don't need redefined in the child
class.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
6 months agoctdb-tests: Improve counting of database records
Martin Schwenke [Fri, 5 Oct 2018 00:34:29 +0000 (10:34 +1000)]
ctdb-tests: Improve counting of database records

Record counts are sometimes incomplete for large databases when
relevant tests are run on a real cluster.

This probably has something to do with ssh, pipes and buffering, so
move the filtering and counting to the remote end.  This means that
only the count comes across the pipe, instead of all the record data.

Instead of explicitly excluding the key for persistent database
sequence numbers, just exclude any key starting with '_'.  Such keys
are not used in tests.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Oct  8 05:36:11 CEST 2018 on sn-devel-144

6 months agoctdb-tests: Add extra debug to large database recovery test
Martin Schwenke [Thu, 4 Oct 2018 06:30:47 +0000 (16:30 +1000)]
ctdb-tests: Add extra debug to large database recovery test

This test sometimes fails, probably because the test is flakey.
Either the records aren't being added correctly or the counting of
records loses records.  Try to debug both possibilities.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
6 months agoctdb-tests: Shut down transaction_loop clients more cleanly
Martin Schwenke [Wed, 3 Oct 2018 06:39:16 +0000 (16:39 +1000)]
ctdb-tests: Shut down transaction_loop clients more cleanly

A transaction_loop client can exit with a transaction active when its
time limit expires.  This causes a recovery and causes problems with
the test cleanup, which detects unwanted recoveries and fails.

Set a flag when the time limit expires and exit cleanly before the
next transaction is started.

Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
6 months agoctdb-tools: Have onnode pass -n option even when regular ssh not in use
Martin Schwenke [Wed, 3 Oct 2018 09:13:57 +0000 (19:13 +1000)]
ctdb-tools: Have onnode pass -n option even when regular ssh not in use

ONNODE_SSH is really a test hook, so it doesn't need to support
completely random values.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>