Volker Lendecke [Wed, 2 May 2018 13:26:55 +0000 (15:26 +0200)]
winbindd: winbindd_interface_version() -> bool_dispatch_table
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 2 May 2018 13:26:05 +0000 (15:26 +0200)]
winbindd: Introduce "bool_dispatch_table"
This is meant to replace the synchronous "dispatch_table".
The current dispatch_table assumes that every synchronous function does
the request_ok or request_error itself. This mixes two concerns: Doing
the work and shipping the reply to the winbind client. This new dispatch
table will make it possible to centralize shipping the reply to the
client. At a later stage this will enable easier statistics on how long
request processing took precisely.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Martin Schwenke [Tue, 24 Apr 2018 05:55:11 +0000 (15:55 +1000)]
ctdb: Drop configuration file ctdbd.conf
Drop function loadconfig(), replacing uses with "load_system_config
ctdb". Drop translation of old-style configuration to new
configuration file. Drop export of debugging variables. Drop
documentation and configuration examples.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu May 17 07:03:04 CEST 2018 on sn-devel-144
Martin Schwenke [Fri, 13 Apr 2018 09:25:56 +0000 (19:25 +1000)]
ctdb-tests: Switch local daemons to use new style configuration file
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 24 Apr 2018 09:58:23 +0000 (19:58 +1000)]
ctdb-config: Add default ctdb.conf file
Install it in RPM.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sun, 13 May 2018 05:42:31 +0000 (15:42 +1000)]
ctdb-docs: Add example configuration files
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sat, 21 Apr 2018 08:12:53 +0000 (18:12 +1000)]
ctdb-docs: Add ctdb.conf(5) cross references and documentation tweaks
Minor updates to other manual pages for compatibility.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sun, 13 May 2018 05:41:38 +0000 (15:41 +1000)]
ctdb-docs: Add ctdb.conf(5)
This documents the new Samba-style configuration file.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 2 May 2018 08:38:41 +0000 (18:38 +1000)]
ctdb-tests: Clean up tests to not expose script options
The tests still use the script options but the event scripts no longer
see them exported from the test infrastructure. Testing now depends
on the event scripts successfully fetching the options from the
configuration file.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 20 Apr 2018 02:20:34 +0000 (12:20 +1000)]
ctdb-scripts: Fetch recovery lock option from config file in 01.reclock
Put it in a function so it is easy to move to common code just in case
it is needed somewhere else.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 20 Apr 2018 02:15:26 +0000 (12:15 +1000)]
ctdb-scripts: Fetch database options from config file in scripts
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 20 Apr 2018 02:12:44 +0000 (12:12 +1000)]
ctdb-scripts: Add function ctdb_get_db_options()
This pulls database options from the configuration file, caches then
and makes the values available in scripts.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 2 May 2018 08:06:05 +0000 (18:06 +1000)]
ctdb-tests: Add ctdb-config wrapper stub for event script tests
Create a shim helper around that simply invokes ctdb-config via its
real location.
This is needed because the event script tests set CTDB_HELPER_BINDIR
to the stubs directory because all other helpers used by event script
testing are currently stubs.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 2 May 2018 08:05:28 +0000 (18:05 +1000)]
ctdb-tests: Add setup of ctdb.conf recovery lock setting
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 2 May 2018 02:37:21 +0000 (12:37 +1000)]
ctdb-tests: Add setup of ctdb.conf database directory settings
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 2 May 2018 08:03:20 +0000 (18:03 +1000)]
ctdb-tests: Add new variable CTDB_SCRIPTS_HELPER_BINDIR
This will always find a binary helper, as opposed to a script helper,
which currently lives under tools/ in the source tree.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 16 Apr 2018 04:23:00 +0000 (14:23 +1000)]
ctdb-daemon: Drop most ctdbd command-line options
All except -i/--interactive. This remaining popt option is now neatly
wrapped to fit in 80 columns.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 16 Apr 2018 03:20:36 +0000 (13:20 +1000)]
ctdb-scripts: Translate old style options into new configuration file
This allows the relevant command-line options to be removed from the
daemon while still leaving the old ctdbd.conf options file in place.
It is a temporary measure to enable testing in an old testing
environment.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 13 Apr 2018 09:18:27 +0000 (19:18 +1000)]
ctdb-daemon: Integrate configuration file handling
Testing is now broken because command-line options are no longer
respected.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 18 Apr 2018 10:21:07 +0000 (20:21 +1000)]
ctdb-daemon: Implement ctdb configuration file loading
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 11 May 2018 12:49:46 +0000 (22:49 +1000)]
ctdb-tools: Add legacy config options to config tool
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 11 Apr 2018 10:36:45 +0000 (20:36 +1000)]
ctdb-daemon: Define ctdbd legacy configuration file options
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 11 May 2018 12:42:42 +0000 (22:42 +1000)]
ctdb-tools: Add database config options to config tool
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 20 Apr 2018 07:10:51 +0000 (17:10 +1000)]
ctdb-database: Define database configuration file options
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 11 May 2018 12:26:16 +0000 (22:26 +1000)]
ctdb-tools: Add cluster config options to config tool
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 20 Apr 2018 07:11:59 +0000 (17:11 +1000)]
ctdb-cluster: Define cluster configuration file options
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Amitay Isaacs [Tue, 17 Apr 2018 02:38:30 +0000 (12:38 +1000)]
ctdb-tools: Add event daemon config options to config tool
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 23 Apr 2018 04:02:43 +0000 (14:02 +1000)]
ctdb-event: Add event daemon config file options
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Tue, 15 May 2018 08:51:29 +0000 (18:51 +1000)]
ctdb-daemon: Drop ctdbd --max-persistent-check-errors option
Leave the code with an internal default of 0.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 15 May 2018 08:47:29 +0000 (18:47 +1000)]
ctdb-scripts: Drop CTDB_MAX_PERSISTENT_CHECK_ERRORS option
This must harken back to the days of yore when corrupt persistent
databases were an issue. We haven't seen this used. If CTDB fails to
start due to a corrupt persistent database then this database can be
removed by hand.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 15 May 2018 08:46:21 +0000 (18:46 +1000)]
ctdb-daemon: Do not create database directories
These should be created at installation or, if non-standard, by the
administrator.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 15 May 2018 08:45:10 +0000 (18:45 +1000)]
ctdb-tests: Create database directories for local daemons
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 14 May 2018 05:41:35 +0000 (15:41 +1000)]
ctdb-build: Create database directories during installation
Create and package.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Andreas Schneider [Wed, 16 May 2018 09:46:22 +0000 (11:46 +0200)]
s4:torture: Do not leak file descriptor in smb2 oplock test
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu May 17 04:03:21 CEST 2018 on sn-devel-144
Andreas Schneider [Wed, 16 May 2018 09:44:00 +0000 (11:44 +0200)]
s4:torture: Do not leak memory in libsmbclient test
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Wed, 16 May 2018 14:50:55 +0000 (16:50 +0200)]
s3:libsmbclient: cleanup smbc_setWorkgroup() usage
It now takes a const char *. There's no need to use heap memory here.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 16 May 2018 12:49:55 +0000 (14:49 +0200)]
s3:libsmbclient: Use const for setting and getting strings
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Andreas Schneider [Wed, 16 May 2018 10:05:40 +0000 (12:05 +0200)]
ctdb: Check return values of tevent_req_set_endtime()
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 17 01:09:46 CEST 2018 on sn-devel-144
Andreas Schneider [Wed, 16 May 2018 15:05:38 +0000 (17:05 +0200)]
s3:smbd: Fix converity warning with _smb_setlen_large()
result_independent_of_operands: "(outsize - 4 & 0xffffff) >> 16 >> 8" is
0 regardless of the values of its operands. This occurs as the bitwise
first operand of "&".
So we should just pass a variable to silence the warning. However for
this, we should calculate it correctly and use size_t for it.
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 16 May 2018 14:54:47 +0000 (16:54 +0200)]
libcli: Fix coverity warning in smb2cli_notify_send()
result_independent_of_operands: "(uint16_t)(recursive ? 1 : 0) >> 8" is
0 regardless of the values of its operands. This occurs as the operand
of assignment.
Found by Coverity.
Pair-Programmed-With: Ralph Boehme <slow@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 16 May 2018 13:06:02 +0000 (15:06 +0200)]
s4:torture: Make sure variable is initialized in oplock test
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 16 May 2018 10:11:30 +0000 (12:11 +0200)]
s3:modules: Initialize pointers in vfs_virusfilter
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 16 May 2018 10:10:29 +0000 (12:10 +0200)]
s3:winbind: Initialize validation_level in winbind_dual_SamLogon()
Found by Covertiy.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 16 May 2018 09:53:05 +0000 (11:53 +0200)]
s4:dsdb:tests: Add return code check
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Timur I. Bakeyev [Sun, 13 May 2018 04:18:21 +0000 (12:18 +0800)]
Convert affected by previous commit lines from DEBUG(10,..) to DBG_DEBUG().
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May 16 21:29:24 CEST 2018 on sn-devel-144
Timur I. Bakeyev [Thu, 10 May 2018 02:28:07 +0000 (10:28 +0800)]
Remove extra 0x prefix for the "%p" format specifiers, avoiding 0x0x0 strings in the output.
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Tim Beale [Wed, 16 May 2018 01:19:58 +0000 (13:19 +1200)]
script: Add 'random-seed' option to traffic_replay
When using a traffic-model file to generate traffic, there is some
randomness in the actual packets that get generated. This means it's
hard to use the tool to detect an increase/decrease in Samba
performance - we don't know whether a decrease in packets sent is due
to a regression in the Samba codebase, or just due to the tool sending
different types of packets (i.e. ones that take longer to process).
This patch adds an option to seed the python random number generator.
This means that exactly the same traffic can be generated across
multiple test runs.
(Previously we were using the '--traffic-summary' option to avoid this
problem - we can generate a summary-file based on the model, and then
use the same summary file across multiple runs. However, this proved
impractical when you want to run multiple combinations of scale/rate
parameters, e.g. 21 x 8 different permutations just fills up disk space
with summary-files.)
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: William Brown <william@blackhats.net.au>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 16 13:53:26 CEST 2018 on sn-devel-144
Volker Lendecke [Tue, 15 May 2018 11:28:19 +0000 (13:28 +0200)]
ctdb-common: Fix CID
1435600
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed May 16 09:51:07 CEST 2018 on sn-devel-144
Amitay Isaacs [Tue, 15 May 2018 09:23:04 +0000 (19:23 +1000)]
ctdb-common: Fix CID
1435599
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Gary Lockyer [Mon, 23 Apr 2018 00:24:34 +0000 (12:24 +1200)]
debug: Add group logging classes
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 16 07:02:20 CEST 2018 on sn-devel-144
Gary Lockyer [Sun, 22 Apr 2018 21:00:54 +0000 (09:00 +1200)]
smb.conf: Add dsdb group change notification parameter
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 22 Apr 2018 20:49:26 +0000 (08:49 +1200)]
messaging idl add group membersip events
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 15 Apr 2018 21:29:04 +0000 (09:29 +1200)]
auth_log: Rename the json variables
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 9 Apr 2018 23:57:41 +0000 (11:57 +1200)]
auth_log: tidy up code formatting
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 9 Apr 2018 23:45:32 +0000 (11:45 +1200)]
auth_log: Use common code from audit_logging
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 12 Apr 2018 01:19:16 +0000 (13:19 +1200)]
idl messaging: Add DSDB and Password events and message types
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 11 Apr 2018 22:19:16 +0000 (10:19 +1200)]
smb conf: Add DSDB event notification parameter
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 3 Apr 2018 23:56:30 +0000 (11:56 +1200)]
logging: add ldb audit classes
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 9 Apr 2018 18:45:47 +0000 (06:45 +1200)]
auth logging: Extract common audit logging code
Extract the common audit logging code into a library to allow it's
re-use in other logging modules.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 7 May 2018 12:50:27 +0000 (14:50 +0200)]
auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a server
This fixes "NTLMSSP NTLM2 packet check failed due to invalid signature!"
error messages, which were generated if the client only sends
NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL on an LDAP
connection.
This fixes a regession in the combination of commits
77adac8c3cd2f7419894d18db735782c9646a202 and
3a0b835408a6efa339e8b34333906bfe3aacd6e3.
We need to evaluate GENSEC_FEATURE_LDAP_STYLE at the end
of the authentication (as a server, while we already
do so at the beginning as a client).
As a reminder I introduced GENSEC_FEATURE_LDAP_STYLE
(as an internal flag) in order to let us work as a
Windows using NTLMSSP for LDAP. Even if only signing is
negotiated during the authentication the following PDUs
will still be encrypted if NTLMSSP is used. This is exactly the
same as if the client would have negotiated NTLMSSP_NEGOTIATE_SEAL.
I guess it's a bug in Windows, but we have to reimplement that
bug. Note this only applies to NTLMSSP and only to LDAP!
Signing only works fine for LDAP with Kerberos
or DCERPC and NTLMSSP.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 16 03:26:03 CEST 2018 on sn-devel-144
Stefan Metzmacher [Wed, 9 May 2018 11:33:05 +0000 (13:33 +0200)]
s4:selftest: run test_ldb_simple.sh with more auth options
This demonstrates the broken GENSEC_FEATURE_LDAP_STYLE
handling in our LDAP server.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 9 May 2018 11:30:13 +0000 (13:30 +0200)]
auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal option
This will be used to similate a Windows client only
using NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL
on an LDAP connection, which is indicated internally by
GENSEC_FEATURE_LDAP_STYLE.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 15 May 2018 00:26:03 +0000 (12:26 +1200)]
selftest: Make setexpiry test much more reliable
Rather than setting all the expiries and expecting that they will be done within 5 seconds,
measure and check the time individually for each record.
This should make this test much less prone to flapping.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 15 23:58:17 CEST 2018 on sn-devel-144
Andrew Bartlett [Sun, 13 May 2018 23:49:23 +0000 (11:49 +1200)]
samba-tool domain: Spit out common options between dcpromo and join
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Sun, 13 May 2018 23:30:17 +0000 (11:30 +1200)]
samba-tool domain: Create a common --use-ntvfs option for provision, join, dcpromo and classicupgrade
The NTVFS fileserver mode is still integral to the selftest system (often simply used to
make the rest of the command run and not fuss with POSIX ACLs and permissions).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Sun, 13 May 2018 23:23:24 +0000 (11:23 +1200)]
samba-tool domain: Extend --backend-store to join and dcpromo by moving to common options
This allows the choice of ldb backend for a domain join as well as a new provision.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Sun, 13 May 2018 23:22:23 +0000 (11:22 +1200)]
samba-tool domain: Extend --plaintext-secrets to dcpromo by moving to common options
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Sun, 13 May 2018 23:06:13 +0000 (11:06 +1200)]
samba-tool domain: Add --machinepass to common options
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Sun, 13 May 2018 23:04:28 +0000 (11:04 +1200)]
samba-tool domain: Add --quiet to common options
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Sun, 13 May 2018 23:02:46 +0000 (11:02 +1200)]
samba-tool domain: Create a common set of options for provision/join/dcpromo
These commands share much in common, the options should be in common as well.
Start with --targetdir.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Sun, 13 May 2018 22:19:58 +0000 (10:19 +1200)]
samba-tool domain provision: Move more OpenLDAP options behind TEST_LDAP
These options controlled the historical LDAP backend, they should not be left
to confuse other users.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Volker Lendecke [Tue, 15 May 2018 11:40:36 +0000 (13:40 +0200)]
winbind: Fix CID
1435598 Error handling issues (CHECKED_RETURN)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May 15 21:12:33 CEST 2018 on sn-devel-144
Aaron Haslett [Mon, 30 Apr 2018 23:10:50 +0000 (11:10 +1200)]
auth: keytab invalidation fix
chgtdcpass should add a new DC password and delete the old ones but the bug
exposed by this test causes the tool to remove only a single record from
the old entries, leaving the old passwords functional. Since the tool is
used by administrators who may have disclosed their domain join password and
want to invalidate it, this is a security concern.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13415
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May 15 15:45:08 CEST 2018 on sn-devel-144
Aaron Haslett [Mon, 30 Apr 2018 23:10:24 +0000 (11:10 +1200)]
auth: keytab invalidation test
chgtdcpass should add a new DC password and delete the old ones but the bug
exposed by this test causes the tool to remove only a single record from
the old entries, leaving the old passwords functional. Since the tool is
used by administrators who may have disclosed their domain join password and
want to invalidate it, this is a security concern.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13415
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jeremy Allison [Mon, 14 May 2018 18:09:53 +0000 (11:09 -0700)]
smbd: fileserver: Change defaults to work with EA support out of the box.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 15 12:40:48 CEST 2018 on sn-devel-144
Volker Lendecke [Mon, 7 May 2018 14:53:00 +0000 (16:53 +0200)]
lib: Hold at most 10 outstanding paged result cookies
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13362
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 15 09:37:21 CEST 2018 on sn-devel-144
Volker Lendecke [Mon, 7 May 2018 14:41:55 +0000 (16:41 +0200)]
lib: Put "results_store" into a doubly linked list
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13362
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Thu, 10 May 2018 02:00:54 +0000 (14:00 +1200)]
selftest: Require libarchive for --enable-selftest
This avoids one more case where tests can go missing by removing the conditional.
(Yes, this has happend for other tests in the past).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 15 06:31:03 CEST 2018 on sn-devel-144
Andrew Bartlett [Thu, 10 May 2018 01:05:56 +0000 (13:05 +1200)]
build: Make --with-gpgme the default
Those wishing to build without gpgme support need simply to build --without-gpgme
This In general, we prefer that optional libraries be required by default
so that they are not accidentially missed, particularly in packages.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Thu, 10 May 2018 01:04:35 +0000 (13:04 +1200)]
build: Make --with-libarchive the default
This means that those not wanting to link to libarchive will just need to
build --without-libarchive.
In general, we prefer that optional libraries be required by default
so that they are not accidentially missed, particularly in packages.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Thu, 10 May 2018 01:01:05 +0000 (13:01 +1200)]
build: Make --with-json-audit the default
Thanks to Rowland for a clear description of the behaviour for the smb.conf manpage.
This means that those not wanting to link to libarchive will just need to
build --without-json-audit.
In general, we prefer that optional libraries be required by default
so that they are not accidentially missed, particularly in packages.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Björn Jacke [Mon, 12 Mar 2018 18:13:04 +0000 (19:13 +0100)]
s3/wscript: remove test, that we do in lib/replace
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Björn Baumbach <bb@sernet.de>
Autobuild-User(master): Björn Baumbach <bbaumbach@samba.org>
Autobuild-Date(master): Mon May 14 21:15:21 CEST 2018 on sn-devel-144
Björn Baumbach [Tue, 8 May 2018 08:21:10 +0000 (10:21 +0200)]
docs-xml:samba-tool.8: fix wrong default computer container name
CN=Users --> CN=Computers
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Björn Baumbach [Mon, 7 May 2018 13:00:17 +0000 (15:00 +0200)]
samba-tool computer: fix wrong computer container in help message
CN=Users --> CN=Computers
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Joe Guo [Thu, 10 May 2018 05:23:02 +0000 (17:23 +1200)]
traffic: improve add_short_packet by avoiding dict.get
dict.get is slower than [].
Avoid get to improve performance.
(For
3989418 calls, total time decease from 9.395 to 8.573)
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon May 14 05:38:06 CEST 2018 on sn-devel-144
Joe Guo [Thu, 10 May 2018 02:53:55 +0000 (14:53 +1200)]
traffic: optimize packet init for better performance
When we run traffic_replay, we are creating millions of Packet objects.
So small change in Packet.__init__ will make big difference.
By initializing packet with converted values without parsing string, the time
cost for
3961148 calls of Packet.__init__ dcrease from 17s to 4s, according
to cProfile.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Joe Guo [Wed, 2 May 2018 22:22:52 +0000 (22:22 +0000)]
traffic: fix userAccountControl for machine account
change userAccountControl from
UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD
to
UF_TRUSTED_FOR_DELEGATION | UF_SERVER_TRUST_ACCOUNT
This will fix NetrServerPasswordSet2 failure in packet_rpc_netlogon_30
while testing against windows.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Joe Guo [Wed, 2 May 2018 22:12:51 +0000 (22:12 +0000)]
traffic: change machine creds secure channel type
SEC_CHAN_WKSTA --> SEC_CHAN_BDC
This will fix netlogon failure against windows.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Volker Lendecke [Mon, 26 Mar 2018 09:36:25 +0000 (04:36 -0500)]
smbd: Fix "reset on zero vc"
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13340
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun May 13 23:43:56 CEST 2018 on sn-devel-144
Stefan Metzmacher [Fri, 11 May 2018 04:43:14 +0000 (06:43 +0200)]
s4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base_map() calls
This completes the regression fix of commit
7e091e505156381e385235ab4518b4d133a98497.
There might be strings allocated on state, which are part of the
result.
The reason for the TALLOC_FREE(state) was to cleanup the possible
irpc_handle before leaving the function. Now we call
TALLOC_FREE(state->wb.irpc_handle) explicitly in
dcesrv_lsa_Lookup{Names,Sids}_base_done() instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13420
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun May 13 10:27:28 CEST 2018 on sn-devel-144
Noel Power [Fri, 4 May 2018 14:30:22 +0000 (15:30 +0100)]
auth/credentials/test: py2/py3 compat always decode result of b64encode
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun May 13 00:24:35 CEST 2018 on sn-devel-144
Noel Power [Fri, 4 May 2018 14:29:59 +0000 (15:29 +0100)]
python/samba: py2/py3 compatability always decode result of b64encode
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Fri, 4 May 2018 14:27:12 +0000 (15:27 +0100)]
s4/dsdb/tests: py2/py3 compatability always decode result of b64encode
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Fri, 4 May 2018 14:26:39 +0000 (15:26 +0100)]
s4/scripting/devel: py2/py3 compatability always decode result of b64encode
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Fri, 4 May 2018 14:25:22 +0000 (15:25 +0100)]
s4/scripting/bin: py2/py3 compatability always decode result of b64encode
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Fri, 4 May 2018 12:33:03 +0000 (13:33 +0100)]
Bulk: enclose .keys() method with list where list (from python2) expected
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Fri, 4 May 2018 11:19:57 +0000 (12:19 +0100)]
samba_tool: replace xrange -> range
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Fri, 4 May 2018 11:18:59 +0000 (12:18 +0100)]
s4/dsdb/tests: py2/py3 compatability replace xrange with range
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Fri, 4 May 2018 11:16:38 +0000 (12:16 +0100)]
python/samba/tests: py2/py3 compatability replace xrange with range
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Fri, 4 May 2018 11:05:27 +0000 (12:05 +0100)]
python/samba: Ensure md5 always provided with bytes
To allow code run in both python3 and python2 we have to ensure
that md5 always receives bytes
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
git.samba.org / gd / samba-autobuild / .git / log