Amitay Isaacs [Thu, 29 Jun 2017 13:56:02 +0000 (23:56 +1000)]
ctdb-protocol: Fix marshalling for ctdb_traverse_all
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 29 Jun 2017 13:48:01 +0000 (23:48 +1000)]
ctdb-protocol: Fix marshalling for ctdb_traverse_start
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 29 Jun 2017 13:41:08 +0000 (23:41 +1000)]
ctdb-protocol: Fix marshalling for ctdb_rec_buffer
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 3 Aug 2017 07:50:48 +0000 (17:50 +1000)]
ctdb-protocol: Use ctdb_rec_buffer_traverse to calaculate length of data
If the parser function is NULL, ctdb_rec_buffer_traverse will return the
amount of data used by ctdb_rec_data structures.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 29 Jun 2017 13:27:33 +0000 (23:27 +1000)]
ctdb-protocol: Fix marshalling for ctdb_rec_data
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 2 Aug 2017 07:35:33 +0000 (17:35 +1000)]
ctdb-protocol: Drop header argument to ctdb_rec_data_pull_data()
Since header is always set to NULL, there is no need to pass header as
an argument.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 29 Jun 2017 12:39:41 +0000 (22:39 +1000)]
ctdb-protocol: Fix marshalling for ctdb_ltdb_header
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 29 Jun 2017 09:55:15 +0000 (19:55 +1000)]
ctdb-protocol: Fix marshalling for ctdb_pulldb_ext
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 29 Jun 2017 09:50:21 +0000 (19:50 +1000)]
ctdb-protocol: Fix marshalling for ctdb_pulldb
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 29 Jun 2017 09:33:04 +0000 (19:33 +1000)]
ctdb-protocol: Fix marshalling for ctdb_dbid_map
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 6 Jul 2017 07:53:24 +0000 (17:53 +1000)]
ctdb-protocol: Add marshalling for ctdb_dbid
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 29 Jun 2017 09:04:56 +0000 (19:04 +1000)]
ctdb-protocol: Fix marshalling for ctdb_vnn_map
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 26 Jul 2017 02:50:12 +0000 (12:50 +1000)]
ctdb-protocol: Fix marshalling for ctdb_statistics
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 14 Aug 2017 06:28:16 +0000 (16:28 +1000)]
ctdb-tests: Add compatibility test for protocol data types
This patch prepares for testing old and new marshalling codes for
various data types to ensure backward compatibility.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 26 Jul 2017 02:49:51 +0000 (12:49 +1000)]
ctdb-protocol: Add marshalling for ctdb_latency_counter
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 29 Jun 2017 08:41:43 +0000 (18:41 +1000)]
ctdb-protocol: Add marshalling for tdb_data with size
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 30 Jun 2017 07:15:47 +0000 (17:15 +1000)]
ctdb-protocol: Fix marshalling for tdb_data
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 31 Jul 2017 06:48:58 +0000 (16:48 +1000)]
ctdb-protocol: Move tdb_data marshalling code
There is no change in the code.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 6 Jul 2017 07:52:25 +0000 (17:52 +1000)]
ctdb-protocol: Add padding data type to handle structure padding
This takes care of alignment sizes, so that it works on both 32-bit and
64-bit architectures.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 6 Jul 2017 04:48:38 +0000 (14:48 +1000)]
ctdb-protocol: Add marshalling for struct timeval
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 29 Jun 2017 12:18:27 +0000 (22:18 +1000)]
ctdb-protocol: Fix marshalling for pid_t
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 20 Apr 2017 02:45:24 +0000 (12:45 +1000)]
ctdb-protocol: Fix marshalling for a string with length
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 29 Jun 2017 08:48:51 +0000 (18:48 +1000)]
ctdb-protocol: Fix marshalling for a string
Always return NULL terminated strings.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 6 Jul 2017 08:05:04 +0000 (18:05 +1000)]
ctdb-protocol: Add marshalling for fixed size char array
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 29 Jun 2017 14:11:45 +0000 (00:11 +1000)]
ctdb-protocol: Add marshalling for bool
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 29 Jun 2017 12:16:56 +0000 (22:16 +1000)]
ctdb-protocol: Fix marshalling for double
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 29 Jun 2017 12:15:43 +0000 (22:15 +1000)]
ctdb-protocol: Fix marshalling for uint64_t
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 29 Jun 2017 12:14:23 +0000 (22:14 +1000)]
ctdb-protocol: Fix marshalling for uint32_t
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 29 Jun 2017 12:09:26 +0000 (22:09 +1000)]
ctdb-protocol: Fix marshalling for int32_t
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 12 Jul 2017 08:38:00 +0000 (18:38 +1000)]
ctdb-protocol: Add marshalling for uint16_t
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 29 Jun 2017 12:24:20 +0000 (22:24 +1000)]
ctdb-protocol: Add marshalling for uint8_t
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 27 Jul 2017 07:38:47 +0000 (17:38 +1000)]
ctdb-tests: Add test templates for various data types
These test templates will use new style of len/push/pull functions.
The differences in the new style of marshalling functions are:
1. len/push functions will be passed pointer to a value instead of the value
2. push/pull functions will additionally return the number of bytes consumed
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 26 Jul 2017 15:15:34 +0000 (01:15 +1000)]
ctdb-protocol: Fix marshalling for GET_DB_SEQNUM control
In the control request, database id which is a 32-bit integer is sent
on wire as a 64-bit integer rather than a 32-bit integer. If we
convert the database id to 64-bit integer before sending, the order of
32-bits with database id will vary depending on the endian-ness.
Instead send the database id as first 32-bits and zeros as next 32-bits.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 14 Jul 2017 07:09:57 +0000 (17:09 +1000)]
ctdb-tests: Reorganize protocol tests
This patch splits the protocol tests from:
protocol_types_test.c
protocol_client_test.c
and creates the following files:
protocol_common.[ch] - common code for data types
protocol_common_ctdb.[ch] - common code for ctdb protocol elements
protocol_common_event.[ch] - common code for eventd protocol elements
protocol_basic_test.c - basic data types
protocol_types_test.c - ctdb data types
protocol_ctdb_test.c - ctdb protocol
protocol_event_test.c - eventd protocol
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 13 Jul 2017 07:28:42 +0000 (17:28 +1000)]
ctdb-protocol: Separate marshalling for basic data types
This splits protocol_types.c and creates new protocol_basic.c.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Andrew Bartlett [Thu, 24 Aug 2017 05:01:14 +0000 (17:01 +1200)]
ldb: Add tests for indexed and unindexed search expressions
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 30 14:58:32 CEST 2017 on sn-devel-144
Andrew Bartlett [Thu, 24 Aug 2017 04:29:58 +0000 (16:29 +1200)]
ldb: Fix tests to call the parent tearDown(), not setUp in tearDown
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 21 Aug 2017 05:01:56 +0000 (17:01 +1200)]
password_hash: Make a common failure with "password hash gpg key ids" clearer
This drove me to strace before I understood what it really meant.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Wed, 9 Aug 2017 22:13:24 +0000 (10:13 +1200)]
dsdb: Add comment showing where the normal password rules are applied
This looks like a footnote, but is actually where the default password rules are applied.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Peter Somogyi [Tue, 29 Aug 2017 09:15:11 +0000 (11:15 +0200)]
s4/torture: make --unclist active with smb2 testcases
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12985
Signed-off-by: Peter Somogyi <psomogyi@hu.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug 30 00:16:51 CEST 2017 on sn-devel-144
Martin Schwenke [Wed, 23 Aug 2017 10:32:29 +0000 (20:32 +1000)]
ctdb-tests: Add sock daemon test for do_fork
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Aug 29 15:03:33 CEST 2017 on sn-devel-144
Martin Schwenke [Wed, 16 Aug 2017 09:15:32 +0000 (19:15 +1000)]
ctdb-tests: Add sock daemon test for create_session
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 16 Aug 2017 03:52:08 +0000 (13:52 +1000)]
ctdb-common: Allow sock_daemon to daemonise during startup
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 16 Aug 2017 03:31:04 +0000 (13:31 +1000)]
ctdb-tests: Add a sock_daemon test for PID file contention
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Amitay Isaacs [Mon, 28 Aug 2017 08:39:40 +0000 (18:39 +1000)]
ctdb-common: Move PID file creation to sock_daemon_run_send()
Only create PID file when actually starting the daemon, rather than
when setting up the context. This will facilitate future changes.
Tweak test to confirm that PID file is no longer created during setup.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 28 Aug 2017 06:00:53 +0000 (16:00 +1000)]
ctdb-tests: Add improved PID file check to test2
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 16 Aug 2017 07:37:16 +0000 (17:37 +1000)]
ctdb-tests: Add comments describing sock daemon tests
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 15 Aug 2017 02:53:02 +0000 (12:53 +1000)]
ctdb-daemon: Use become_daemon() instead of custom code
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 15 Aug 2017 02:51:59 +0000 (12:51 +1000)]
ctdb-daemon: Narrow a #include
Only time.h is needed here, not all of samba_util.h.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Andrew Bartlett [Wed, 16 Aug 2017 00:51:09 +0000 (12:51 +1200)]
ldb_tdb: Rework ltdb_modify_internal() to use ltdb_search_dn1() internally
This avoids duplicate code and allows us to use the allocation-avoiding
LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC flag.
We can not use LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC as el2->values
is talloc_realloc()ed in the routine.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 29 11:13:50 CEST 2017 on sn-devel-144
Andrew Bartlett [Thu, 10 Aug 2017 23:31:05 +0000 (11:31 +1200)]
ldb: Add LDB_UNPACK_DATA_FLAG_NO_ATTRS
This will allow us to avoid a full unpack in situations where we just want to confirm
if the DN exists
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Thu, 17 Aug 2017 00:30:30 +0000 (12:30 +1200)]
selftest: Use a unique(ish) OU for every run of getnc_unpriv
An intermittent problem I noticed with tests in the past is that the
setup can fail to create the base OU because it already exists.
I believe this is because the previous testenv DC has replicated out the
test object, but not its deletion at the point that the next testenv DC
starts running the test.
This only seemed to happen very occassionally (I haven't seen it
happen with getnc_unpriv yet, but I also haven't run it through the
autobuild yet).
Using same randomness in the test OU should help avoid this sort of
problem, and it matches what some other replication tests do.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Wed, 16 Aug 2017 23:36:24 +0000 (11:36 +1200)]
s4-drsuapi/selftest: Add extra tests for invalid DNs
Add some test cases to check for requests for invalid/non-existent DNs.
This exercises the first return case added in commit:
s4-drsuapi: Refuse to replicate an NC is that not actually an NC
I've also updated the error code returned here to match Windows.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Wed, 16 Aug 2017 03:00:31 +0000 (15:00 +1200)]
selftest: Update getnc_unpriv tests to pass against Samba
In general Windows seems to return BAD_DN rather than ACCESS_DENIED for
an unprivileged user. In the the long-term, it's unrealistic to think
that Samba and Windows will agree exactly on every error code returned.
So for the tests to be maintainable and pass against Windows and Samba,
they need to handle differences in expected errors. To get around this
problem, I've changed the expected_error to be a set, so that multiple
error codes (one for Microsoft, one for Samba) can be specified for each
test case. This approach also highlights the cases where Microsoft and
Samba currently differ.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Wed, 16 Aug 2017 04:20:37 +0000 (16:20 +1200)]
s4-drsuapi: Set getnc_state *after* we've checked request is valid
We were creating the getnc_state (and storing it on the connection)
before we had done some basic checks that the request was valid. If the
request was not valid and we returned early with an error, then the
partially-initialized getnc_state was left hanging on the connection.
The next request that got sent on the connection would try to use this,
rather than creating a new getnc_state from scratch.
The main side-effect of this was if you sent an invalid GetNCChanges
request twice, then it could be rejected the first time and accepted the
second time.
Note that although an invalid request was accepted, it would typically
not return any objects, so it would not actually leak any secure
information.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Mon, 14 Aug 2017 03:31:08 +0000 (15:31 +1200)]
selftest: GetNCChanges can 'accept' a repeated bad request
In theory, if we send the exact same rejected request again, we should
get the same response back from the DC. However, we don't - the request
is accepted if we send it a second time.
This patch updates the repl_rodc test to demonstrate the problem (which
now causes the test to fail).
Note that although the bad GetNCChanges request is not rejected outright,
the response that gets sent back is empty - it has no objects in it, so
it's not an actual security hole. It is annoying problem for writing
self-tests though.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Wed, 16 Aug 2017 03:09:55 +0000 (15:09 +1200)]
s4-drsuapi: Change REPL_SECRET error code to match Windows
The existing SOURCE_DISABLED error code doesn't seem to make a lot of
sense. Window sends back an ACCESS_DENIED error in the same situation,
which seems more appropriate.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Wed, 16 Aug 2017 04:57:15 +0000 (16:57 +1200)]
selftest: Extend further getnc_unpriv tests to pass against windows 2012R2
An important change in this patch is changing the ACE type from
A (Allow)
to
AO (Object Allow)
as that will then respect the supplied GUID, which we also make use
the constant from the security.idl.
This reworks the tests to check replication with users with the
following rights:
- only GET_CHANGES
- only GET_ALL_CHANGES
- both GET_CHANGES and GET_ALL_CHANGES
- no rights
We basically want to test various different GetNCChanges requests
against each type of user rights, and the only difference is the
error/success value we get back. I've structured the tests this way, so
that we have 4 test_repl_xyz_userpriv() functions (to cover each of the
above user rights cases), and each test sends the same series of
GetNCChanges requests of varying validity.
Currently all these tests fail against Samba because Samba sends
different error codes to Windows.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 8 Aug 2017 04:52:04 +0000 (16:52 +1200)]
selftest: Confirm privileged replication of an OU is not permitted
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 8 Aug 2017 04:50:11 +0000 (16:50 +1200)]
selftest: Move get_partial_attribute_set() to DrsBaseTestCase
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 8 Aug 2017 04:49:24 +0000 (16:49 +1200)]
selftest: encrypt the LDAP connection in drs_base.py
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 8 Aug 2017 02:34:14 +0000 (14:34 +1200)]
s4-drsuapi: Refuse to replicate an NC is that not actually an NC
This prevents replication of an OU, you must replicate a whole NC per Windows 2012R2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 9 Aug 2017 01:56:07 +0000 (13:56 +1200)]
selftest: Make dirsync test use symobolic name and OA not A
A is for Allow, OA is for Object Allow, which means check the GUID.
The previous ACE allowed all access, which was not the intention.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 4 Aug 2017 03:21:31 +0000 (15:21 +1200)]
dsdb: Use samba.generate_random_password() in dirsync test
We do not like fixed passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12946
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Sun, 13 Aug 2017 23:02:05 +0000 (11:02 +1200)]
s4-drsuapi: Use sam_ctx consistently in dcesrv_drsuapi_DsGetNCChanges()
Trying to use bstate->sam_ctx_system by mistake can cause crashes if
non-admin users replicate. To avoid this problem we use the sam_ctx
variable, however it wasn't used consistently everywhere. Replace the
remaining references to b_state->sam_ctx to avoid potential confusion.
This change was made based on review feedback from Metze.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 3 Aug 2017 23:44:19 +0000 (11:44 +1200)]
s4-drsuapi: Avoid segfault when replicating as a non-admin with GUID_DRS_GET_CHANGES
Users who are not administrator do not get b_state->sam_ctx_system filled in.
We should probably use the 'sam_ctx' variable in all cases (instead of
b_state->sam_ctx*), but I'll make this change in a separate patch, so
that the bug fix remains independent from other tidy-ups.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12946
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
David Disseldorp via samba-technical [Sat, 26 Aug 2017 21:40:37 +0000 (23:40 +0200)]
tests/fake_snap: sanitize paths
Ensure fake_snap.pl can be run in taint mode (-T), by sanitizing paths
and the PATH env. This fixes the following samba3.rpc.fsrvp selftest
failures:
Insecure dependency in mkdir while running setgid at (eval 2) line 4.
snap create failed: NT_STATUS_UNSUCCESSFUL
snap create failed for shadow copy of /home/ddiss/isms/samba/st/nt4_dc/share
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12988
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 29 04:54:51 CEST 2017 on sn-devel-144
Ralph Boehme [Sun, 27 Aug 2017 17:22:38 +0000 (19:22 +0200)]
s3/mdssvc: missing assignment in sl_pack_float
Spotted by -Werror=maybe-uninitialized:
../source3/rpc_server/mdssvc/marshalling.c: In function ‘sl_pack_float’:
../source3/rpc_server/mdssvc/marshalling.c:171:11: error:
‘ieee_fp_union.w’ may be used uninitialized in this function
[-Werror=maybe-uninitialized]
offset = sl_push_uint64_val(buf, offset, bufsize, ieee_fp_union.w);
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12991
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Love Hornquist Astrand [Mon, 29 Apr 2013 18:42:46 +0000 (11:42 -0700)]
HEIMDAL: don't bother seeing q if not sent
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from heimdal commit
19f9fdbcea11013cf13ac72c416f161ee55dee2b)
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Aug 28 15:10:54 CEST 2017 on sn-devel-144
Love Hornquist Astrand [Mon, 29 Apr 2013 18:37:39 +0000 (11:37 -0700)]
HEIMDAL: allow optional q in DH DomainParameters
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from heimdal commit
e8317b955f5a390c4f296871ba6987ad05478c95)
Ralph Boehme [Thu, 13 Jul 2017 14:05:49 +0000 (16:05 +0200)]
s4/torture: add a test for rename change notification with inotify enabled
This is already fixed in master by
5eccc2fd0072409f166c63e6876266f926411423~10..
5eccc2fd0072409f166c63e6876266f926411423.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 26 05:05:08 CEST 2017 on sn-devel-144
Ralph Boehme [Thu, 13 Jul 2017 14:04:50 +0000 (16:04 +0200)]
selftest: run smb2.notify-inotify testsuite against fileserver
Next commit adds the suite and a test.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 13 Jul 2017 14:01:53 +0000 (16:01 +0200)]
selftest: enable kernel change notifications in the fileserver environment
This environment is currently not used for any test in the smb2
testsuite, so this change doesn't affect any existing test.
A subsequent commit will add a test for change notifications with kernel
change notify enabled. It verifies a bug (this one) that only crops up
in such a setup and causes rename events to get lost.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 25 Aug 2017 12:45:29 +0000 (14:45 +0200)]
s3:vfs: Do not overrun array ad->ad_eid
The array is defined as:
struct ad_entry ad_eid[ADEID_MAX]
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 25 20:05:32 CEST 2017 on sn-devel-144
Andreas Schneider [Fri, 25 Aug 2017 12:24:59 +0000 (14:24 +0200)]
s4:torture: Do not overrun arrays in test_displayshares()
If we do not 'break', we overrun the array access size.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Fri, 25 Aug 2017 12:17:54 +0000 (14:17 +0200)]
s4:torture: Fix talloc_array in test_EnumValue()
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Fri, 25 Aug 2017 12:11:02 +0000 (14:11 +0200)]
s3:modules: Avoid setting the sign bit to 1.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Amitay Isaacs [Fri, 18 Aug 2017 04:00:47 +0000 (14:00 +1000)]
ctdb-client: Fix ctdb_attach() to use database flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Aug 25 13:32:58 CEST 2017 on sn-devel-144
Amitay Isaacs [Wed, 23 Aug 2017 02:09:22 +0000 (12:09 +1000)]
ctdb-client: Optionally return database id from ctdb_ctrl_createdb()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 18 Aug 2017 03:50:39 +0000 (13:50 +1000)]
ctdb-client: Fix ctdb_ctrl_createdb() to use database flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 18 Aug 2017 04:27:10 +0000 (14:27 +1000)]
ctdb-tests: Add a test to check databases are attached with correct flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 18 Aug 2017 04:45:30 +0000 (14:45 +1000)]
ctdb-tests: Add functions to start/stop/restart a single local daemon
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 22 Aug 2017 02:53:43 +0000 (12:53 +1000)]
ctdb-tests: Add functions to start/stop/restart ctdb on single node
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Volker Lendecke [Thu, 24 Aug 2017 15:03:30 +0000 (17:03 +0200)]
schannel.idl: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 25 04:10:25 CEST 2017 on sn-devel-144
Volker Lendecke [Wed, 23 Aug 2017 16:11:32 +0000 (18:11 +0200)]
ctdb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 24 Aug 2017 11:29:17 +0000 (13:29 +0200)]
tdb: version 1.3.15
* Add protection against EINTR.
* Truncate the file after expand failure, ENOSPC
* Use posix_fallocate() to expand the file
* Fix GCC compiler warnings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug 24 21:17:48 CEST 2017 on sn-devel-144
Andreas Schneider [Thu, 24 Aug 2017 10:51:35 +0000 (12:51 +0200)]
s3:libsmb: Print the kinit failed message with DBGLVL_NOTICE
The default debug level of smbclient is set to 'log level = 1'. So we
need to use at least NOTICE to not get the message when we do not force
kerberos.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12704
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 24 17:22:18 CEST 2017 on sn-devel-144
Andreas Schneider [Tue, 8 Aug 2017 10:05:24 +0000 (12:05 +0200)]
s4:torture: The teardown function should just return
The teardown functions should not return on error but finish cleaning
up!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12984
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 24 13:23:22 CEST 2017 on sn-devel-144
Andreas Schneider [Tue, 8 Aug 2017 08:40:19 +0000 (10:40 +0200)]
s4:torture: Delete printer before we remove the driver
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12984
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Tue, 8 Aug 2017 09:25:48 +0000 (11:25 +0200)]
s4:torture: Use a different driver name for add_driver tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12984
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Tue, 8 Aug 2017 06:40:34 +0000 (08:40 +0200)]
s3:script: Untaint user supplied data in modprinter.pl
spoolss_SetPrinter fails because of the error produced by modprinter.pl.
Perl error:
Insecure dependency in open while running setgid at modprinter.pl line 76.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12950
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Fri, 18 Nov 2016 14:06:22 +0000 (15:06 +0100)]
s3:spoolss: Set timeout values to the one which Windows uses by default
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Thu, 10 Aug 2017 09:42:46 +0000 (11:42 +0200)]
dynconfig: Use INSTALL_DIR to create directories
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 24 09:29:05 CEST 2017 on sn-devel-144
Andreas Schneider [Thu, 10 Aug 2017 09:40:06 +0000 (11:40 +0200)]
wafsamba: Call INSTALL_DIR in INSTALL_DIRS
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 10 Aug 2017 09:36:52 +0000 (11:36 +0200)]
wafsamba: Add INSTALL_DIR function
The install_dir function in waf has been deprecated and it doesn't
support setting directory permissions. So we need to implement our own
function anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Wed, 23 Aug 2017 11:02:57 +0000 (13:02 +0200)]
tdb: Use posix_fallocate
This should be significantly faster than pwriting.
openbsd doesn't have posix_fallocate, so we do need the fallback. Also, it
might have weird failure modes, so we keep the old code in place except for
posix_fallocate returning success or ENOSPC.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 24 05:38:49 CEST 2017 on sn-devel-144
Volker Lendecke [Wed, 23 Aug 2017 10:59:19 +0000 (12:59 +0200)]
tdb: Add an intermediate variable
More README.Coding, but I need "ret" in the next commit as well :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Wed, 23 Aug 2017 10:48:03 +0000 (12:48 +0200)]
tdb: Truncate the file after expand failure
Without this it's very easy to create virtually huge files: ftruncate expands a
file, the pwrites fail with ENOSPC, thus the write fails. The next writer runs
into the same situation, and ftruncate-expands the file even further. tdb_check
will then spend ages reading the 4GB of zeros byte by byte.
Here we hold the freelist lock or are inside a transaction, so it is safe to
cut the file again. Nobody can have used the space that we have tried to
allocate, so we can't have any stray pointers corrupting the database.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Wed, 23 Aug 2017 10:00:00 +0000 (12:00 +0200)]
tdb: Protect against EINTR
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Tue, 22 Aug 2017 15:09:01 +0000 (17:09 +0200)]
configure: Centralize check for posix_fallocate
This checks for posix_fallocate unless we are sitting on an ancient glibc.
With this we don't need HAVE_BROKEN_POSIX_FALLOCATE anymore,
HAVE_POSIX_FALLOCATE will only be defined if we have a valid [g]libc.
./configure tested on Debian, FreeBSD (which does have posix_fallocate) and
OpenBSD (which does not have posix_fallocate). Also tested with changing the
not have an old-enough glibc around. All did the right thing.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>