garming/samba-autobuild/.git
2 years agos4: torture: Pass the new talloc context into torture_init().
Jeremy Allison [Mon, 24 Apr 2017 21:27:36 +0000 (14:27 -0700)]
s4: torture: Pass the new talloc context into torture_init().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2 years agos4: torture: Add a TALLOC_CTX * to torture_parse_target().
Jeremy Allison [Mon, 24 Apr 2017 23:00:17 +0000 (16:00 -0700)]
s4: torture: Add a TALLOC_CTX * to torture_parse_target().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2 years agos4: torture: Create a top level talloc contxt.
Jeremy Allison [Mon, 24 Apr 2017 21:24:15 +0000 (14:24 -0700)]
s4: torture: Create a top level talloc contxt.

Use it to replace some talloc_autofree_contexts.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2 years agosamba-tool: Rename Samba4 to Samba AD
Andreas Schneider [Fri, 5 May 2017 09:21:03 +0000 (11:21 +0200)]
samba-tool: Rename Samba4 to Samba AD

We should stop talking about Samba4 and use the terms Samba AD and
Samba FS.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May  5 15:51:54 CEST 2017 on sn-devel-144

2 years agosmbtorture:spoolss: Add a 32bit test for copy_from_directory
Andreas Schneider [Fri, 5 May 2017 09:12:02 +0000 (11:12 +0200)]
smbtorture:spoolss: Add a 32bit test for copy_from_directory

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12761

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 years agosmbtorture:spoolss: Rename the copy_from_directory test for 64bit
Andreas Schneider [Fri, 5 May 2017 09:11:25 +0000 (11:11 +0200)]
smbtorture:spoolss: Rename the copy_from_directory test for 64bit

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12761

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 years agos3:printing: Change to GUID dir if we deal with COPY_FROM_DIRECTORY
Andreas Schneider [Thu, 4 May 2017 15:48:42 +0000 (17:48 +0200)]
s3:printing: Change to GUID dir if we deal with COPY_FROM_DIRECTORY

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12761

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2 years agovfs_fruit: Fix the 32-bit build
Volker Lendecke [Sat, 29 Apr 2017 10:01:41 +0000 (12:01 +0200)]
vfs_fruit: Fix the 32-bit build

On debian 32-bit, size_t is an 32 bit, but off_t is 64 bit.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May  5 11:50:55 CEST 2017 on sn-devel-144

2 years agopam_wrapper: Add PAM_STRERROR_CONST configure check
Volker Lendecke [Mon, 1 May 2017 15:56:50 +0000 (17:56 +0200)]
pam_wrapper: Add PAM_STRERROR_CONST configure check

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agosamba-tool: fix log message of 'samba-tool user syncpasswords'
Stefan Metzmacher [Tue, 25 Apr 2017 11:25:10 +0000 (13:25 +0200)]
samba-tool: fix log message of 'samba-tool user syncpasswords'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12768

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri May  5 01:37:45 CEST 2017 on sn-devel-144

2 years agosamba-tool: let 'samba-tool user syncpasswords' report deletions immediately
Stefan Metzmacher [Tue, 25 Apr 2017 11:25:57 +0000 (13:25 +0200)]
samba-tool: let 'samba-tool user syncpasswords' report deletions immediately

We need to use the show-recycled control in addition to the
notification control in order to get notifications about deletions.

There's no real problem as the next modification will report the deletion.
But it might be delayed a few minutes.

Note that show-recycled is a superset of show-deleted, so we only need one.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12767

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos3:smbcacls add prompt for password
Christian Ambach [Thu, 4 May 2017 10:21:45 +0000 (12:21 +0200)]
s3:smbcacls add prompt for password

if no password was given, ask for one

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12765
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Thu May  4 20:36:50 CEST 2017 on sn-devel-144

2 years agolib: Fix a comment
Volker Lendecke [Sun, 23 Apr 2017 16:47:25 +0000 (18:47 +0200)]
lib: Fix a comment

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May  3 20:00:25 CEST 2017 on sn-devel-144

2 years agolib: Fix whitespace
Volker Lendecke [Sun, 23 Apr 2017 16:47:05 +0000 (18:47 +0200)]
lib: Fix whitespace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4: torture: samr: Add test for dcesrc_lsa_valid_AccountRight change.
Jeremy Allison [Fri, 28 Apr 2017 03:31:40 +0000 (20:31 -0700)]
s4: torture: samr: Add test for dcesrc_lsa_valid_AccountRight change.

Against ad_dc we get NT_STATUS_OK, but against nt_dc we get NT_STATUS_NO_SUCH_PRIVILEGE,
so check for both. We can't use TARGET_IS_SAMBA3() here as this is set for talking to smbd
even when run under the ad_dc.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2 years agoWHATSNEW: Add Samba AD with MIT Kerberos
Andreas Schneider [Thu, 27 Apr 2017 09:19:12 +0000 (11:19 +0200)]
WHATSNEW: Add Samba AD with MIT Kerberos

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed May  3 15:57:44 CEST 2017 on sn-devel-144

2 years agoWHATSNEW: Give the 'strict sync' change a header line
Andreas Schneider [Thu, 27 Apr 2017 09:11:53 +0000 (11:11 +0200)]
WHATSNEW: Give the 'strict sync' change a header line

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2 years agos3:winbindd:idmap_autorid remove a stray comment
Christian Ambach [Wed, 22 Mar 2017 08:54:13 +0000 (09:54 +0100)]
s3:winbindd:idmap_autorid remove a stray comment

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed May  3 03:35:34 CEST 2017 on sn-devel-144

2 years agowaf: Improve log errors for MIT build
Christian Ambach [Tue, 2 May 2017 16:09:04 +0000 (18:09 +0200)]
waf: Improve log errors for MIT build

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agolib: FreeBSD needs sys/wait.h for WIFEXITED
Volker Lendecke [Mon, 1 May 2017 15:09:35 +0000 (17:09 +0200)]
lib: FreeBSD needs sys/wait.h for WIFEXITED

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue May  2 21:14:22 CEST 2017 on sn-devel-144

2 years agosmbd: Fix a 32-bit problem
Volker Lendecke [Mon, 1 May 2017 15:14:26 +0000 (17:14 +0200)]
smbd: Fix a 32-bit problem

On 32-bit freebsd11, size_t is 32 bit. %zu does not cover
64 bits.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agosystemd: fix detection of libsystemd
Alexander Bokovoy [Wed, 28 Sep 2016 21:09:12 +0000 (00:09 +0300)]
systemd: fix detection of libsystemd

On Fedora 25 detection of libsystemd actually fails due to wrong
assumptions in the configure test. conf.CHECK_LIB returns a list
so 'not conf.CHECK_LIB(...)' is always False and we never get to check
libsystemd.

Instead, remember result of checking pkg-config for separate
libsystemd-daemon and libsystemd-journal libraries. If they miss,
attempt to use libsystemd library instead.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May  2 13:05:43 CEST 2017 on sn-devel-144

2 years agotorture3: Make sure dbwrap_parse_record returns NOT_FOUND for invalid watchers data
Volker Lendecke [Fri, 28 Apr 2017 11:58:48 +0000 (13:58 +0200)]
torture3: Make sure dbwrap_parse_record returns NOT_FOUND for invalid watchers data

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon May  1 14:39:41 CEST 2017 on sn-devel-144

2 years agodbwrap_watch: Protect against corrupt records
Volker Lendecke [Wed, 15 Mar 2017 15:54:34 +0000 (16:54 +0100)]
dbwrap_watch: Protect against corrupt records

If locking.tdb contains invalid records, "get_file_infos" called from directory
enumeration crashes in Samba 4.4. The reason is that if "dbwrap_watched_parse"
returns -1 due to record corruption, dbwrap_watched_parse_record returns
NT_STATUS_OK without having called the parse function. Before 66cba9939b76f
this led to "lck->data" to be uninitialized data, so smbd 4.4 would crash in
this case.  After 66cba9939b76f we implicitly initialize "state.lck" to NULL,
so we don't have this particular problem anymore

Apply the fix in master too, returning NT_STATUS_OK from parse_record without
having called the parser could lead to bugs in other cases too.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoselftest: Make sure that LOCAL-DBWRAP-WATCH1 is run in make test
Volker Lendecke [Fri, 28 Apr 2017 11:41:30 +0000 (13:41 +0200)]
selftest: Make sure that LOCAL-DBWRAP-WATCH1 is run in make test

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agotorture3: In LOCAL-DBWRAP-WATCH1, open tdb with CLEAR_IF_FIRST
Volker Lendecke [Fri, 28 Apr 2017 11:45:47 +0000 (13:45 +0200)]
torture3: In LOCAL-DBWRAP-WATCH1, open tdb with CLEAR_IF_FIRST

Also ensure we delete the temp tdb file on success.

Just make sure we start with fresh data

Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
2 years agoRevert "lib/util: make use of tfork in samba_runcmd_send()"
Ralph Boehme [Fri, 28 Apr 2017 09:33:24 +0000 (11:33 +0200)]
Revert "lib/util: make use of tfork in samba_runcmd_send()"

This reverts commit 292e46ab12d8ec172c9d3b26330d8d6028a1d5a5.

Processes run by tfork will have a parent pid of 1, they won't be childs
of the caller anymore.

When the source4 samba process uses samba_runcmd_send() to launch smbd
and winbindd the resulting process hierarchy becomes:

 PPID   PID  PGID   SID TTY      TPGID STAT   UID   TIME COMMAND
    1   516   510   510 ?           -1 S      111   0:02 avahi-daemon: running [samba-ad.local]
    1 29209 29209 29209 ?           -1 Ss       0   0:00 ./bin/samba
29209 29210 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29211 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29213 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29215 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29216 29209 29209 ?           -1 R        0   0:00  \_ ./bin/samba
29209 29217 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29218 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29220 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29221 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29222 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29223 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29224 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29225 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
    1 29214 29209 29209 ?           -1 S        0   0:00 ./bin/samba
29214 29219 29219 29219 ?           -1 Ss       0   0:00  \_ /home/slow/git/samba/scratch/bin/smbd -D --option=server role check:inhibit=yes --foreground
29219 29236 29219 29219 ?           -1 S        0   0:00      \_ /home/slow/git/samba/scratch/bin/smbd -D --option=server role check:inhibit=yes --foreground
29219 29237 29219 29219 ?           -1 S        0   0:00      \_ /home/slow/git/samba/scratch/bin/smbd -D --option=server role check:inhibit=yes --foreground
29219 29238 29219 29219 ?           -1 S        0   0:00      \_ /home/slow/git/samba/scratch/bin/smbd -D --option=server role check:inhibit=yes --foreground
    1 29228 29209 29209 ?           -1 S        0   0:00 ./bin/samba
29228 29230 29230 29230 ?           -1 Ss       0   0:00  \_ /home/slow/git/samba/scratch/bin/winbindd -D --option=server role check:inhibit=yes --foreground
29230 29239 29230 29230 ?           -1 S        0   0:00      \_ /home/slow/git/samba/scratch/bin/winbindd -D --option=server role check:inhibit=yes --foreground

They will still be in the same process group and session, but just not
be a child or subchild. For childs of the source4 samba process this
might be non desirable.

killing all processes by sending a signal to the main samba process
still works, because a pipe is used between the samba process and the
smbd and winbindd childs. Both watch for EOF on the pipe.

In the output above smbd and winbindd are in their own process group ans
session because they call become_daemon().

See also the discussion in this mailthread:
<https://lists.samba.org/archive/samba-technical/2017-April/120257.html>

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Apr 30 17:21:05 CEST 2017 on sn-devel-144

2 years agomit_samba: Fix principal lookup for cross domain referral
Andreas Schneider [Fri, 27 Jan 2017 11:11:33 +0000 (12:11 +0100)]
mit_samba: Fix principal lookup for cross domain referral

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Sun Apr 30 03:29:35 CEST 2017 on sn-devel-144

2 years agomit-samba: Remove obsolete mit_samba_update_pac_data()
Andreas Schneider [Thu, 26 Jan 2017 16:07:14 +0000 (17:07 +0100)]
mit-samba: Remove obsolete mit_samba_update_pac_data()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-kdc: Use mit_samba_reget_pac() in ks_verify_pac()
Andreas Schneider [Fri, 30 Sep 2016 05:43:47 +0000 (07:43 +0200)]
s4-kdc: Use mit_samba_reget_pac() in ks_verify_pac()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-kdc: Implement mit_samba_reget_pac()
Andreas Schneider [Fri, 30 Sep 2016 05:43:31 +0000 (07:43 +0200)]
s4-kdc: Implement mit_samba_reget_pac()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-pac-glue: Do not add an empty PAC_TYPE_LOGON_NAME with MIT
Andreas Schneider [Thu, 29 Sep 2016 06:38:58 +0000 (08:38 +0200)]
s4-pac-glue: Do not add an empty PAC_TYPE_LOGON_NAME with MIT

MIT Kerberos will insert an empty PAC_TYPE_LOGON_NAME during
krb5_pac_sign().

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agomit-samba: Remove unused mit_samba_get_pac_data()
Andreas Schneider [Thu, 26 Jan 2017 16:04:19 +0000 (17:04 +0100)]
mit-samba: Remove unused mit_samba_get_pac_data()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-kdc: Use mit_samba_get_pac() in ks_get_pac()
Andreas Schneider [Thu, 29 Sep 2016 00:04:00 +0000 (02:04 +0200)]
s4-kdc: Use mit_samba_get_pac() in ks_get_pac()

This adds UPN_DNS_INFO to the PAC.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-kdc: Implement mit_samba_get_pac()
Andreas Schneider [Thu, 29 Sep 2016 00:03:35 +0000 (02:03 +0200)]
s4-kdc: Implement mit_samba_get_pac()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-kdc: Fix logging with the KDB driver
Andreas Schneider [Fri, 30 Sep 2016 05:41:09 +0000 (07:41 +0200)]
s4-kdc: Fix logging with the KDB driver

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-torture: Fix reauth tests with smaller clockskew grace time
Andreas Schneider [Tue, 27 Sep 2016 16:53:44 +0000 (18:53 +0200)]
s4-torture: Fix reauth tests with smaller clockskew grace time

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowaf: Move python build instructions to wscript
Andreas Schneider [Mon, 23 Nov 2015 14:08:54 +0000 (15:08 +0100)]
waf: Move python build instructions to wscript

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agopython: Add provisioning support for MIT KDC in samba-tool
Andreas Schneider [Fri, 9 Oct 2015 13:06:52 +0000 (15:06 +0200)]
python: Add provisioning support for MIT KDC in samba-tool

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agopython: Add py_is_heimdal_built() to pyglue
Andreas Schneider [Tue, 4 Apr 2017 06:10:52 +0000 (08:10 +0200)]
python: Add py_is_heimdal_built() to pyglue

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoselftest: Add a variable to indicate that selftest is running
Andreas Schneider [Mon, 12 Sep 2016 19:52:23 +0000 (21:52 +0200)]
selftest: Add a variable to indicate that selftest is running

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowaf: Create kerberos_implementation.py for provisioning
Andreas Schneider [Mon, 23 Nov 2015 10:44:26 +0000 (11:44 +0100)]
waf: Create kerberos_implementation.py for provisioning

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoselftest: Skip s4u2proxy tests, no support yet
Andreas Schneider [Mon, 13 Apr 2015 13:58:14 +0000 (15:58 +0200)]
selftest: Skip s4u2proxy tests, no support yet

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agotestprogs: Add MIT Kerberos specific kpasswd blackbox test
Andreas Schneider [Mon, 5 Sep 2016 16:01:57 +0000 (18:01 +0200)]
testprogs: Add MIT Kerberos specific kpasswd blackbox test

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-kdc: Start the kpasswd service with MIT KDC
Andreas Schneider [Thu, 8 Sep 2016 07:58:44 +0000 (09:58 +0200)]
s4-kdc: Start the kpasswd service with MIT KDC

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowaf: Search for MIT kadm-server library
Andreas Schneider [Wed, 7 Sep 2016 10:29:18 +0000 (12:29 +0200)]
waf: Search for MIT kadm-server library

This is needed for plugin registration in the KDC.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-kdc: Add MIT Kerberos specific kpasswd code
Andreas Schneider [Wed, 7 Sep 2016 10:32:50 +0000 (12:32 +0200)]
s4-kdc: Add MIT Kerberos specific kpasswd code

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-torture: Add AES and RC4 enctype checks
Andreas Schneider [Fri, 1 Jul 2016 10:33:45 +0000 (12:33 +0200)]
s4-torture: Add AES and RC4 enctype checks

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-torture: Add TORTURE_KRB5_TEST_CLOCK_SKEW test
Andreas Schneider [Tue, 5 Jul 2016 14:16:17 +0000 (16:16 +0200)]
s4-torture: Add TORTURE_KRB5_TEST_CLOCK_SKEW test

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-torture: Add TORTURE_KRB5_TEST_BREAK_PW test
Andreas Schneider [Mon, 4 Jul 2016 14:37:08 +0000 (16:37 +0200)]
s4-torture: Add TORTURE_KRB5_TEST_BREAK_PW test

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-torture: Add TORTURE_KRB5_TEST_PAC_REQUEST test
Andreas Schneider [Mon, 4 Jul 2016 09:35:19 +0000 (11:35 +0200)]
s4-torture: Add TORTURE_KRB5_TEST_PAC_REQUEST test

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-torture: Add KDC test harness and first test
Andreas Schneider [Fri, 13 May 2016 07:36:34 +0000 (09:36 +0200)]
s4-torture: Add KDC test harness and first test

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowaf: Only build KRB5 KDC tests when AD_DC build is enabled
Andreas Schneider [Tue, 25 Apr 2017 06:32:01 +0000 (08:32 +0200)]
waf: Only build KRB5 KDC tests when AD_DC build is enabled

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agotestprogs: Add test with exported keytab from samba-tool
Andreas Schneider [Thu, 10 Mar 2016 13:35:23 +0000 (14:35 +0100)]
testprogs: Add test with exported keytab from samba-tool

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agotestprogs: Add a kinit trust test for MIT KDC
Andreas Schneider [Mon, 15 Feb 2016 07:22:58 +0000 (08:22 +0100)]
testprogs: Add a kinit trust test for MIT KDC

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agotestprogs: Add test_kinit_mit.sh test
Andreas Schneider [Thu, 14 Jan 2016 15:41:36 +0000 (16:41 +0100)]
testprogs: Add test_kinit_mit.sh test

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-torture: Fix kinit of samba4.blackbox.locktest
Andreas Schneider [Wed, 22 Apr 2015 10:00:21 +0000 (12:00 +0200)]
s4-torture: Fix kinit of samba4.blackbox.locktest

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agotestprogs: Fix usage printout of bogus blackbox test
Andreas Schneider [Wed, 22 Apr 2015 13:39:45 +0000 (15:39 +0200)]
testprogs: Fix usage printout of bogus blackbox test

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agotestprogs: Fix test_chgdcpass blackbox test with MIT
Andreas Schneider [Wed, 22 Apr 2015 13:19:10 +0000 (15:19 +0200)]
testprogs: Fix test_chgdcpass blackbox test with MIT

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-torture: disable s4u2self/proxy remote pac tests for MIT build for now.
Günther Deschner [Sat, 7 Feb 2015 11:48:54 +0000 (12:48 +0100)]
s4-torture: disable s4u2self/proxy remote pac tests for MIT build for now.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoselftest: Set clockskew grace time to 5 seconds
Andreas Schneider [Mon, 26 Sep 2016 16:51:33 +0000 (18:51 +0200)]
selftest: Set clockskew grace time to 5 seconds

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoselftest: Setup configs for MIT KDC
Andreas Schneider [Wed, 30 Apr 2014 07:32:49 +0000 (09:32 +0200)]
selftest: Setup configs for MIT KDC

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoselftest: Disable RODC tests with MIT KDC
Andreas Schneider [Tue, 20 Sep 2016 10:43:38 +0000 (12:43 +0200)]
selftest: Disable RODC tests with MIT KDC

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoselftest: Start MIT KDC if Kerberos is from MIT
Andreas Schneider [Mon, 5 May 2014 11:27:58 +0000 (13:27 +0200)]
selftest: Start MIT KDC if Kerberos is from MIT

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowaf: Do not disable the ntvfs fileserver when we have MIT DC build
Andreas Schneider [Fri, 4 Dec 2015 07:12:03 +0000 (08:12 +0100)]
waf: Do not disable the ntvfs fileserver when we have MIT DC build

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoparam: Add 'mit kdc config' option to smb.conf
Andreas Schneider [Wed, 7 Oct 2015 12:36:57 +0000 (14:36 +0200)]
param: Add 'mit kdc config' option to smb.conf

This points to the kdc config file created by Samba by default.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-kdc: Register the MIT irpc PAC validation service
Andreas Schneider [Thu, 8 Sep 2016 07:56:37 +0000 (09:56 +0200)]
s4-kdc: Register the MIT irpc PAC validation service

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-kdc: Add MIT KRB5 based irpc service for PAC validation
Andreas Schneider [Thu, 8 Sep 2016 07:55:41 +0000 (09:55 +0200)]
s4-kdc: Add MIT KRB5 based irpc service for PAC validation

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-kdc: Add a MIT Kerberos KDC service
Andreas Schneider [Thu, 8 Sep 2016 07:46:52 +0000 (09:46 +0200)]
s4-kdc: Add a MIT Kerberos KDC service

This starts the krb5kdc binary shipped with MIT Kerberos.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoparam: Add 'mit kdc command' to change the default.
Andreas Schneider [Mon, 28 Apr 2014 13:22:34 +0000 (15:22 +0200)]
param: Add 'mit kdc command' to change the default.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowaf: Check for MIT KDC binary
Andreas Schneider [Thu, 23 Jul 2015 11:49:09 +0000 (13:49 +0200)]
waf: Check for MIT KDC binary

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agomit-kdb: Update KDB vtable for DAL version 6
Andreas Schneider [Thu, 26 Jan 2017 15:52:15 +0000 (16:52 +0100)]
mit-kdb: Update KDB vtable for DAL version 6

This changed between 1.14 and 1.15. Also the 1.15 change removed the
ability that the KDB module can free memory. This caused issues of
serveral projects. It got fixed with 1.15.1.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowaf: Require MIT Kerberos 1.15.1 for Samba AD
Andreas Schneider [Fri, 20 Jan 2017 08:14:03 +0000 (09:14 +0100)]
waf: Require MIT Kerberos 1.15.1 for Samba AD

Are build without AD DC still only requried MIT Kerberos 1.9.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agomit-kdb: Zero the db principal when we allocate it
Andreas Schneider [Thu, 26 Jan 2017 15:54:30 +0000 (16:54 +0100)]
mit-kdb: Zero the db principal when we allocate it

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agosamba_dnsupdate: Do not rewrite krb5.conf in selftest
Andreas Schneider [Thu, 30 Jul 2015 15:38:34 +0000 (17:38 +0200)]
samba_dnsupdate: Do not rewrite krb5.conf in selftest

The samba_dnsupdate script is responsible to provision the DNS entries.
The private krb5.conf uses dns lookups to find the KDC to acquire a
Kerberos ticket.  Obviously this will fail because currently we are are
in the process of adding the DNS entries for the KDC.

If we are inside of selftest we need to use the krb5.conf created by
selftest itself.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3-tests: Use common functions in test_smbclient_netbios_aliases.sh
Andreas Schneider [Tue, 13 Sep 2016 06:24:41 +0000 (08:24 +0200)]
s3-tests: Use common functions in test_smbclient_netbios_aliases.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agotestprogs: Add common kinit function
Andreas Schneider [Tue, 13 Sep 2016 06:24:06 +0000 (08:24 +0200)]
testprogs: Add common kinit function

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4:torture: Fix the remote_pac test
Andreas Schneider [Wed, 21 Dec 2016 18:08:58 +0000 (19:08 +0100)]
s4:torture: Fix the remote_pac test

All the Kerberos implementation do not expect an order of the pac
buffer. The buffers are not processed in the oder they are sent but when
required just located.

I confirmed this with MS at the IO Lab.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4:selftest: Only run auth_log tests with Heimdal
Andreas Schneider [Fri, 28 Apr 2017 07:50:11 +0000 (09:50 +0200)]
s4:selftest: Only run auth_log tests with Heimdal

They have only been created against Samba AD with Heimdal Kerberos.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolsa4_srv: Factor out dcesrc_lsa_valid_AccountRight()
Volker Lendecke [Thu, 27 Apr 2017 11:37:42 +0000 (13:37 +0200)]
lsa4_srv: Factor out dcesrc_lsa_valid_AccountRight()

The previous code in dcesrv_lsa_AddRemoveAccountRights had the following snippet:

if (sec_privilege_id(rights->names[i].string) == SEC_PRIV_INVALID) {
        if (sec_right_bit(rights->names[i].string) == 0) {
                talloc_free(msg);
                return NT_STATUS_NO_SUCH_PRIVILEGE;
        }
        talloc_free(msg);
        return NT_STATUS_NO_SUCH_PRIVILEGE;
}

If I'm not mistaken, the inner if-statement is essentially dead code,
as regardless of the outcome of the if-condition we execute the same
code. The effect of this is that you can't "net rpc rights grant" a right,
for example SeInteractiveLogonRight. A quick test against a W2k12 server
shows that W2k12 allows this call.

This patch changes the semantics of dcesrv_lsa_AddRemoveAccountRights
to also allow "rights" to be granted and revoked. At the same
time, it centralizes the check for validity of user input from
dcesrv_lsa_EnumAccountsWithUserRight into dcesrc_lsa_valid_AccountRight
too.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 29 09:20:02 CEST 2017 on sn-devel-144

2 years agosource3 smdb: fix null pointer dereference
Gary Lockyer [Thu, 27 Apr 2017 00:39:34 +0000 (12:39 +1200)]
source3 smdb: fix null pointer dereference

Fix the null pointer dereference in smbd, introduced in the auth logging
changes.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 28 07:18:54 CEST 2017 on sn-devel-144

2 years agosource3 smbd: tests for null pointer dereference
Gary Lockyer [Thu, 27 Apr 2017 00:02:29 +0000 (12:02 +1200)]
source3 smbd: tests for null pointer dereference

Test case to replicate null pointer dereference in smbd, introduced in
the auth logging changes.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3: smbd: inotify_map_mask_to_filter incorrectly indexes an array.
Doug Nazar [Thu, 27 Apr 2017 22:41:24 +0000 (15:41 -0700)]
s3: smbd: inotify_map_mask_to_filter incorrectly indexes an array.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12760

Signed-off-by: Doug Nazar <nazard@nazar.ca>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2 years agotdb: version 1.3.13 tdb-1.3.13
Stefan Metzmacher [Tue, 11 Apr 2017 15:27:33 +0000 (17:27 +0200)]
tdb: version 1.3.13

* documentation for the tdbbackup -n option
* correctly upgrade F_RDLCK to F_WRLCK locks
* tdbtool: Add "storehex" command
* fix robust mutex detection in threaded applications
  (bug #12593)
* improve debugging of transaction lock failures

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 27 18:50:10 CEST 2017 on sn-devel-144

2 years agotdb: Improve debugging in _tdb_transaction_start
Andrew Bartlett [Fri, 31 Mar 2017 04:35:06 +0000 (17:35 +1300)]
tdb: Improve debugging in _tdb_transaction_start

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agotdb: Improve debugging when the allrecord lock fails to upgrade
Andrew Bartlett [Thu, 30 Mar 2017 06:11:06 +0000 (19:11 +1300)]
tdb: Improve debugging when the allrecord lock fails to upgrade

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agotdb: runtime check for robust mutexes may hang in threaded programs
Ralph Boehme [Tue, 14 Mar 2017 13:24:18 +0000 (14:24 +0100)]
tdb: runtime check for robust mutexes may hang in threaded programs

The current runtime check for robust mutexes in
tdb_runtime_check_for_robust_mutexes() is not thread-safe.

When called in a multi-threaded program where any another thread doesn't
have SIGCHLD blocked, we may end up hung in sigsuspend() waiting for a
SIGCHLD of a child procecss and the signal was delivered to another
thread.

Revert to the previous behaviour of waiting for the child instead of
waiting for the SIGCHLD signal.

Ensure the pid we wait for is not reset to -1 in a toctou race with the
signal handler.

Check whether waitpid() returns ECHILD which can happen if the signal
handler is run by more then one thread in parallel (yes, this can
happen) or if tdb_robust_mutex_wait_for_child() and the signal handler
are racing.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12593

Pair-programmed-with: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agonotify: Fix ordering of events in notifyd
Shilpa Krishnareddy [Tue, 25 Apr 2017 14:59:45 +0000 (16:59 +0200)]
notify: Fix ordering of events in notifyd

In notifyd_trigger_parser() while initializing notify_event_msg values from
notify_trigger_msg, 'when' value is ignored. So the smbd process does not get
correct 'when' value and this is causing issues during qsort in
notify_marshall_changes(). Because of this issue, smb2.notify.dir test was
failing.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12756
Signed-off-by: Shilpa Krishnareddy <skrishnareddy@panzura.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Apr 26 17:02:58 CEST 2017 on sn-devel-144

2 years agos4-messaging: Add helpful comments
Andrew Bartlett [Tue, 28 Mar 2017 08:55:47 +0000 (21:55 +1300)]
s4-messaging: Add helpful comments

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 26 03:09:19 CEST 2017 on sn-devel-144

2 years agoprocess_standard: clean up messaging for children after exit()
Andrew Bartlett [Tue, 28 Mar 2017 08:04:23 +0000 (21:04 +1300)]
process_standard: clean up messaging for children after exit()

This makes sure we remove any messaging sockets if a child dies or calls exit()
without running the talloc destructor for messaging

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agolib: Fix CID 1405493 Error handling issues (CHECKED_RETURN)
Volker Lendecke [Tue, 25 Apr 2017 15:32:43 +0000 (17:32 +0200)]
lib: Fix CID 1405493 Error handling issues (CHECKED_RETURN)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 25 23:07:25 CEST 2017 on sn-devel-144

2 years agolib/util: fix a Coverity finding in tfork
Ralph Boehme [Tue, 25 Apr 2017 15:47:57 +0000 (17:47 +0200)]
lib/util: fix a Coverity finding in tfork

If dup2() fails, fd is -1 and is later used in sys_write().

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3-libgpo: Fix the build of the group policy CSEs
Günther Deschner [Mon, 24 Apr 2017 11:25:41 +0000 (13:25 +0200)]
s3-libgpo: Fix the build of the group policy CSEs

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Apr 24 23:19:44 CEST 2017 on sn-devel-144

2 years agotdbtool: Add "storehex" command
Volker Lendecke [Fri, 21 Apr 2017 12:10:33 +0000 (14:10 +0200)]
tdbtool: Add "storehex" command

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 22 09:16:16 CEST 2017 on sn-devel-144

2 years agosecrets: Protect against a non-0-terminated ldap password
Volker Lendecke [Fri, 21 Apr 2017 11:05:12 +0000 (13:05 +0200)]
secrets: Protect against a non-0-terminated ldap password

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2 years agovfs_fruit: lp_case_sensitive() does not return a bool
Ralph Boehme [Wed, 19 Apr 2017 11:12:55 +0000 (13:12 +0200)]
vfs_fruit: lp_case_sensitive() does not return a bool

lp_case_sensitive() returns an int, not a bool, so with the default
setting of "Auto" by default we set the AAPL flag
SMB2_CRTCTX_AAPL_CASE_SENSITIVE.

This caused the client to believe the volume is case sensitive where it
wasn't, leading to an error when trying to rename files changing only
the case of the name.

Also fix the existing torture test that verifies AAPL context
negotiation and actually expected the server to return "case sensitive",
while the Samba default is really "case insensitive".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12749

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoselftest: Do not enable inbound replication during replica_sync
Andrew Bartlett [Thu, 20 Apr 2017 02:08:20 +0000 (14:08 +1200)]
selftest: Do not enable inbound replication during replica_sync

Instead we should use the forced=True to only do a very specific
replication, and so avoid noise from any other DC also live
on the network.  This extra replication in turn causes (and this
patch fixes) flapping replica_sync tests.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12753

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Apr 22 05:19:11 CEST 2017 on sn-devel-144

2 years agolib: modules: Change XXX_init interface from XXX_init(void) to XXX_init(TALLOC_CTX *)
Jeremy Allison [Thu, 20 Apr 2017 19:24:43 +0000 (12:24 -0700)]
lib: modules: Change XXX_init interface from XXX_init(void) to XXX_init(TALLOC_CTX *)

Not currently used - no logic changes inside.

This will make it possible to pass down a long-lived talloc
context from the loading function for modules to use instead
of having them internally all use talloc_autofree_context()
which is a hidden global.

Updated all known module interface numbers, and added a
WHATSNEW.

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144

2 years agopyrpc: Fix segfault in ClientConnection
Gary Lockyer [Wed, 19 Apr 2017 04:13:20 +0000 (16:13 +1200)]
pyrpc: Fix segfault in ClientConnection

Fix segfault when connecting over TCP, the endpoints list in dummy_table
was not initialised this caused a segfault when attempting to connect
over TCP.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 21 16:10:12 CEST 2017 on sn-devel-144

2 years agovfs_acl_xattr|tdb: ensure create mask is at least 0666 if ignore_system_acls is set
Ralph Boehme [Mon, 6 Feb 2017 11:47:41 +0000 (12:47 +0100)]
vfs_acl_xattr|tdb: ensure create mask is at least 0666 if ignore_system_acls is set

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12562

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Apr 20 20:50:10 CEST 2017 on sn-devel-144