gd/samba-autobuild/.git
8 months agosysquotas_4B: enable for jfs/quota.h on AIX
Bjoern Jacke [Thu, 31 Jan 2019 00:33:55 +0000 (18:33 -0600)]
sysquotas_4B: enable for jfs/quota.h on AIX

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
8 months agosysquotas_4B: make quota block calculation adopt to platform quota block size
Bjoern Jacke [Tue, 5 Feb 2019 23:23:35 +0000 (17:23 -0600)]
sysquotas_4B: make quota block calculation adopt to platform quota block size

the correct QUOTABLOCK_SIZE for platform is taken from sysquotas.h

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
8 months agowaf: check for jfs/quota.h
Bjoern Jacke [Thu, 31 Jan 2019 00:27:12 +0000 (18:27 -0600)]
waf: check for jfs/quota.h

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
8 months agosysquotas.h: collect more platform quotablock sizes
Bjoern Jacke [Thu, 31 Jan 2019 18:01:36 +0000 (12:01 -0600)]
sysquotas.h: collect more platform quotablock sizes

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
8 months agotests/quota: tidy up includes of sysquotas 4B
Bjoern Jacke [Wed, 30 Jan 2019 23:55:06 +0000 (17:55 -0600)]
tests/quota: tidy up includes of sysquotas 4B

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
8 months agosysquotas_nfs: also honor reported inode/file limits
Björn Jacke [Sat, 9 Feb 2019 23:51:23 +0000 (00:51 +0100)]
sysquotas_nfs: also honor reported inode/file limits

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
8 months agosysquotas_xfs: fix inode limit setting, which is not depeding on blocksize
Björn Jacke [Thu, 7 Feb 2019 03:23:13 +0000 (04:23 +0100)]
sysquotas_xfs: fix inode limit setting, which is not depeding on blocksize

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
8 months agosysquotas_linux: fix inode limit setting, which is not depeding on blocksize
Björn Jacke [Thu, 7 Feb 2019 02:35:01 +0000 (03:35 +0100)]
sysquotas_linux: fix inode limit setting, which is not depeding on blocksize

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
8 months agontquotas: do not set inode limits when setting space quota
Björn Jacke [Thu, 14 Feb 2019 11:09:38 +0000 (12:09 +0100)]
ntquotas: do not set inode limits when setting space quota

we are supposed to set a space quota limit, we should not calculate an
additional artifical inode limit out of that.

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
8 months agoreplace: remove needless vxfs header file check
Björn Jacke [Wed, 6 Feb 2019 21:53:00 +0000 (22:53 +0100)]
replace: remove needless vxfs header file check

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
8 months agosambaundoguididx: use the right escaped oder unescaped sam ldb files
Björn Jacke [Wed, 23 Jan 2019 13:01:26 +0000 (14:01 +0100)]
sambaundoguididx: use the right escaped oder unescaped sam ldb files

the correct filename is taken from the partition database before, we should not
unescape that because this can result in a new unescaped ldb file being created
and the script not to work at all.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13759

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
8 months ago.gitignore: add ignore rules for a few dev tools
Joe Guo [Thu, 7 Feb 2019 22:25:44 +0000 (11:25 +1300)]
.gitignore: add ignore rules for a few dev tools

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 15 06:07:07 CET 2019 on sn-devel-144

8 months agoautobuild: Drop 'py2' flag
Tim Beale [Thu, 14 Feb 2019 23:20:10 +0000 (12:20 +1300)]
autobuild: Drop 'py2' flag

This isn't used any more. It was only being set, never referenced.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoautobuild: Replace samba-buildpy2-only with samba-nopython-py2
Tim Beale [Thu, 14 Feb 2019 23:17:49 +0000 (12:17 +1300)]
autobuild: Replace samba-buildpy2-only with samba-nopython-py2

For Samba 4.11, the minimum python2 functionality we will support (for
now, at least - we may change our minds) is for the --disable-python
target, i.e. if you're excluding all the python functionality from
samba, then WAF should still support being built with python2.

The use case here is old unix platforms that want to use smbd, but don't
have python3 support.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoautobuild: Remove ${EXTRA_PYTHON} variable
Tim Beale [Thu, 14 Feb 2019 22:58:51 +0000 (11:58 +1300)]
autobuild: Remove ${EXTRA_PYTHON} variable

We no longer build the python2 bindings, only python3. So we can get rid
of this variable now.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoautobuild: Tidy up unnecessary line-breaks in 'TESTS='
Tim Beale [Thu, 14 Feb 2019 22:45:53 +0000 (11:45 +1300)]
autobuild: Tidy up unnecessary line-breaks in 'TESTS='

Now that we've dropped the {PY3_ONLY} variable, there's no need for
line-breaks in some of the 'TESTS=' values. We can tidy this up a bit.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoautobuild: Remove the PY3_ONLY variable
Tim Beale [Thu, 14 Feb 2019 22:44:21 +0000 (11:44 +1300)]
autobuild: Remove the PY3_ONLY variable

This variable is no longer needed as all the tests run using python3
now.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoautobuild: Update variable name to make more sense
Tim Beale [Tue, 12 Feb 2019 23:41:34 +0000 (12:41 +1300)]
autobuild: Update variable name to make more sense

When we switched from python2 being the default to python3, we didn't
update this variable name. It's now handling the python2 case, but it's
a boolean flag named 'py3', which is rather confusing.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoautobuild: Drop py2 autobuild jobs
Tim Beale [Tue, 12 Feb 2019 23:12:18 +0000 (12:12 +1300)]
autobuild: Drop py2 autobuild jobs

Samba v4.11 will no longer support python2, so let's drop the autobuild
jobs. This will save some gitlab/sn-devel time and money, as it's less
work for CI to do.

Note that this highlights some previous inconsistencies:
- samba-none-env-py2 was being built for gitlab but not sn-devel.
- samba-nt4-py2 was being built for sn-devel but not gitlab

I've left samba-buildpy2-only for now, which will be addressed in a
subsequent patch.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agogitlab-ci: Rename DOCKER to CONTAINER
Andreas Schneider [Thu, 14 Feb 2019 07:19:46 +0000 (08:19 +0100)]
gitlab-ci: Rename DOCKER to CONTAINER

This is just a runc container, not tied to docker. See podman.io

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Björn Jacke <bj@sernet.de>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Feb 14 17:32:38 CET 2019 on sn-devel-144

8 months agowaf: Do not install internal header
Andreas Schneider [Wed, 13 Feb 2019 09:44:45 +0000 (10:44 +0100)]
waf: Do not install internal header

We should not install header files without an public API:

- memory.h
- safe_strings.h
- talloc_stack.h

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 months agolib:util: Move discard_const(_p) to own header for libndr.h
Andreas Schneider [Wed, 6 Feb 2019 15:05:48 +0000 (16:05 +0100)]
lib:util: Move discard_const(_p) to own header for libndr.h

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 months agopidl: Use NDR_ZERO_STRUCT(P) macros
Andreas Schneider [Wed, 13 Feb 2019 09:41:19 +0000 (10:41 +0100)]
pidl: Use NDR_ZERO_STRUCT(P) macros

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 months agolibrpc:ndr: Add NDR_ZERO_STRUCT(P) macros
Andreas Schneider [Wed, 13 Feb 2019 09:38:02 +0000 (10:38 +0100)]
librpc:ndr: Add NDR_ZERO_STRUCT(P) macros

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 months agolibrpc:ndr: Implement ndr_zero_memory()
Andreas Schneider [Wed, 13 Feb 2019 09:35:13 +0000 (10:35 +0100)]
librpc:ndr: Implement ndr_zero_memory()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 months agolib:util: Add GPL header to tftw.c
Andreas Schneider [Wed, 6 Feb 2019 16:03:59 +0000 (17:03 +0100)]
lib:util: Add GPL header to tftw.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 months agolib:util: Add missing "replace.h" header in tftw
Andreas Schneider [Wed, 6 Feb 2019 16:03:28 +0000 (17:03 +0100)]
lib:util: Add missing "replace.h" header in tftw

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 months agos4 dsdb util: samdb_client_site_name clean up
Gary Lockyer [Wed, 13 Feb 2019 21:53:37 +0000 (10:53 +1300)]
s4 dsdb util: samdb_client_site_name clean up

* Initialise pointers to NULL
* replace talloc_free with TALLOC_FREE
* add goto exit to ensure memory deallocated correctly

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 14 06:53:14 CET 2019 on sn-devel-144

8 months agos4 dsdb util: remove samdb_search_count
Gary Lockyer [Wed, 13 Feb 2019 20:19:21 +0000 (09:19 +1300)]
s4 dsdb util: remove samdb_search_count

All the uses have been replaced with calls to dsdb_domain_count, so it
is no longer needed.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agos4 dsdb util: samdb_client_site_name use dsdb_domain_count
Gary Lockyer [Wed, 13 Feb 2019 20:18:20 +0000 (09:18 +1300)]
s4 dsdb util: samdb_client_site_name use dsdb_domain_count

Replace the call to samdb_search_count with dsdb_domain_count. As this
is the only remaining caller of samdb_search_count, replacing it will
allow the removal of samdb_search_count.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agos4 rpc_server_samr: DomGeneralInformation use dsdb_domain_count
Gary Lockyer [Wed, 13 Feb 2019 20:33:57 +0000 (09:33 +1300)]
s4 rpc_server_samr: DomGeneralInformation use dsdb_domain_count

Use dsdb_domain_count instead of samdb_search_count to determine the
number of users, groups and aliases.  This gives a performance gain of
around 10%, reduces the total memory allocated and fixes the incorrect
count returned for aliases.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agos4 dsdb util: add dsdb_domain_count
Gary Lockyer [Wed, 13 Feb 2019 01:36:33 +0000 (14:36 +1300)]
s4 dsdb util: add dsdb_domain_count

This counts the number of objects that are in the domain,
provided a domain SID was supplied (otherwise it just
counts all the objects).

This routine avoids allocating memory for the full
result set by using a callback.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agos2 decrpc samr: Add tests for QueryDomainInfo
Gary Lockyer [Wed, 13 Feb 2019 01:34:06 +0000 (14:34 +1300)]
s2 decrpc samr: Add tests for QueryDomainInfo

Add tests for the number of domain users, groups and aliases returned by
QueryDomainInfo.

These tests revealed that the existing code was not checking the
returned elements to ensure they were part of the domain.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months ago.gitlab-ci.yml: Make docker image name more explicit
Tim Beale [Wed, 13 Feb 2019 23:26:26 +0000 (12:26 +1300)]
.gitlab-ci.yml: Make docker image name more explicit

The 'image' YAML tag implies a docker image, but for people who find
gitlab mysterious, let's make it blatantly obvious what we're doing
here.

+ added a comment
+ added 'DOCKER' to the variable names
+ removed 'BUILD', as we've now dropped this from all the job-names
+ tried to make the variable names consistent, both within the file and
WRT docker terminology

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 14 03:51:21 CET 2019 on sn-devel-144

8 months ago.gitlab-ci.yml: Include the actual command used by gitlab
Tim Beale [Wed, 13 Feb 2019 22:20:16 +0000 (11:20 +1300)]
.gitlab-ci.yml: Include the actual command used by gitlab

Someone who finds gitlab mysterious will have no idea what $CI_JOB_NAME
should be, if they wanted to reproduce the autobuild job manually. It
should be trivial to include the actual command being run in the logs.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months ago.gitlab-ci.yml: Re-indent comments on test times
Andrew Bartlett [Wed, 13 Feb 2019 20:55:45 +0000 (09:55 +1300)]
.gitlab-ci.yml: Re-indent comments on test times

(some of these need to be updated, but for now improve the formatting)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
8 months ago.gitlab-ci.yml: Use .extends to avoid duplication of autobuild command
Andrew Bartlett [Wed, 13 Feb 2019 03:43:51 +0000 (16:43 +1300)]
.gitlab-ci.yml: Use .extends to avoid duplication of autobuild command

This should make our .gitlab-ci.yml file much less overwealming.

The downside is that $CI_JOB_NAME is printed rather than the job name
in the log, but the upside is that the names must now strictly match.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
8 months ago.gitlab-ci.yml: Fix the registry as "registry.gitlab.com"
Andrew Bartlett [Wed, 13 Feb 2019 03:14:13 +0000 (16:14 +1300)]
.gitlab-ci.yml: Fix the registry as "registry.gitlab.com"

This is important as our team docker images are only in this registry, but
the .gitlab-ci.yml file is also run on other private GitLab hosts.

This partially undoes 8989916b5af6fed9c4c63035d4488583396b8c5a

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
8 months ago.gitlab-ci.yml: add retries on runner_system_failure/stuck_or_timeout_failure
Stefan Metzmacher [Mon, 11 Feb 2019 11:53:03 +0000 (12:53 +0100)]
.gitlab-ci.yml: add retries on runner_system_failure/stuck_or_timeout_failure

This hopefully avoids pipeline failures due too docker/runner
errors.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months ago.gitlab-ci*.yml: use 'extends: ' instead of YAML Anchors
Stefan Metzmacher [Mon, 11 Feb 2019 12:26:22 +0000 (13:26 +0100)]
.gitlab-ci*.yml: use 'extends: ' instead of YAML Anchors

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months ago.gitlab-ci*.yml: remove build_ prefixes
Stefan Metzmacher [Mon, 11 Feb 2019 11:47:29 +0000 (12:47 +0100)]
.gitlab-ci*.yml: remove build_ prefixes

It's useless to see 'builf_samba_ad...' 7 times in the gitlab pipeline summary.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months ago.gitlab-ci.yml: print out more information in the before_script section
Stefan Metzmacher [Mon, 11 Feb 2019 12:23:58 +0000 (13:23 +0100)]
.gitlab-ci.yml: print out more information in the before_script section

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoscript/autobuild.py: add 'lsb_release -a' and 'mount' to system-info.txt
Stefan Metzmacher [Mon, 11 Feb 2019 12:18:18 +0000 (13:18 +0100)]
script/autobuild.py: add 'lsb_release -a' and 'mount' to system-info.txt

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoselftest:Samba4: wait for DNS names being registered
Stefan Metzmacher [Tue, 29 Jan 2019 12:57:04 +0000 (13:57 +0100)]
selftest:Samba4: wait for DNS names being registered

We can't reliable start tests without registered dns names.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoselftest:Samba4: report when samba is started and ready
Stefan Metzmacher [Wed, 30 Jan 2019 12:44:04 +0000 (13:44 +0100)]
selftest:Samba4: report when samba is started and ready

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agosamba_dnsupdate: make rodc_dns_update() more robust against timing problems
Stefan Metzmacher [Thu, 7 Feb 2019 08:42:36 +0000 (09:42 +0100)]
samba_dnsupdate: make rodc_dns_update() more robust against timing problems

Without this we had an interesting race!

The messaging_dgm code caches connected datagram sockets based on the
destination pid for 1 second.

The fact that samba_dnsupdate constantly recreates its messaging
context (and the underlying datagram socket) means that we the winbindd
messaging context may get a stale connection. As a result sending any
message from winbindd back to samba_dnsupdate will result in
ECONNREFUSED.

That means the IRPC response from winbindd never reaches
samba_dnsupdate, which will then hit a timeout.

In turn samba_dnsupdate on the RODC times out.

This was a workaround for the problem, by having just one global
IRPC handle and thus just one messaging_dgm context.
The actual problem is solved a few commits before
("messages_dgm: Properly handle receiver re-initialization").
But we keep this as an performance optimization, which hopefully
means that the overall samba_dnsupdate is less likely to
timeout after the hardcoded 20 seconds.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agosamba_dnsupdate: make it clear that opts.use_file is active and we're not using nsupdate
Stefan Metzmacher [Thu, 7 Feb 2019 08:40:19 +0000 (09:40 +0100)]
samba_dnsupdate: make it clear that opts.use_file is active and we're not using nsupdate

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agowinbindd_irpc: remove unused winbind_DsrUpdateReadOnlyServerDnsRecords from wb_irpc_f...
Stefan Metzmacher [Thu, 7 Feb 2019 09:07:18 +0000 (10:07 +0100)]
winbindd_irpc: remove unused winbind_DsrUpdateReadOnlyServerDnsRecords from wb_irpc_forward_state

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agos4:setup: register ${NTDSGUID}._msdcs.${DNSFOREST} first in dns_update_list
Stefan Metzmacher [Thu, 31 Jan 2019 07:49:53 +0000 (08:49 +0100)]
s4:setup: register ${NTDSGUID}._msdcs.${DNSFOREST} first in dns_update_list

After the A and AAAA records for the ${HOSTNAME} this is the most
important name.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agomessages_dgm: Properly handle receiver re-initialization
Volker Lendecke [Thu, 7 Feb 2019 15:15:46 +0000 (16:15 +0100)]
messages_dgm: Properly handle receiver re-initialization

This only properly covers the small-message nonblocking case. Covering
the large-message and the blocking case is a much larger effort assuming
we want to re-send the failed message if parts of the message has gone
through properly. Don't do that for now.

This was found by sanba_dnsupdate constantly recreating its irpc handle to
winbindd in the RODC case.

The messaging_dgm code cached connected datagram sockets based on the
destination pid for 1 second. Which means the IRPC responses from
winbindd are never delivered to samba_dnsupdate,
which will then hit a timeout.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13786

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agotorture3: Extend read3 for the "messaging target re-inits" failure
Volker Lendecke [Thu, 7 Feb 2019 16:48:34 +0000 (17:48 +0100)]
torture3: Extend read3 for the "messaging target re-inits" failure

Do ping_pong a hundred times, re-initializing the msg_ctx every time.

https://bugzilla.samba.org/show_bug.cgi?id=13786

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agomessages_dgm: Use saved errno value
Volker Lendecke [Thu, 7 Feb 2019 14:57:06 +0000 (15:57 +0100)]
messages_dgm: Use saved errno value

In this case this is just a cleanup, the value has just been set by
messaging_dgm_sendmsg. But as that already saves errno into a local
variable, use that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13786

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agowaf: Check for libnscd
Christof Schmitt [Tue, 12 Feb 2019 19:28:32 +0000 (12:28 -0700)]
waf: Check for libnscd

The check was in the old autoconf, but not in waf. As the code is still
in source3/lib/util_nscd.c, add the check for libnscd to allow building
and using the code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13787

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Feb 13 17:58:33 CET 2019 on sn-devel-144

8 months agoMake sure results from GetAttrString are decref'ed where needed
Noel Power [Mon, 28 Jan 2019 16:57:17 +0000 (16:57 +0000)]
Make sure results from GetAttrString are decref'ed where needed

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett abartlet@samba.org
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Feb 13 14:51:12 CET 2019 on sn-devel-144

8 months agoFix instances of PyDict_SetItem to decref the value
Noel Power [Mon, 28 Jan 2019 15:23:59 +0000 (15:23 +0000)]
Fix instances of PyDict_SetItem to decref the value

Although it would be better to use the BuildValue approach to
create the dictionares here, unfortunately the dictionaries created
here have key/values that are created dynamically (based on input params).

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett abartlet@samba.org
8 months agoFix mem leak with PyBytes_FromStringAndSize
Noel Power [Mon, 28 Jan 2019 15:23:48 +0000 (15:23 +0000)]
Fix mem leak with PyBytes_FromStringAndSize
Reviewed-by: Andrew Bartlett abartlet@samba.org
8 months agoselftest: Only set clockskew to 5 seconds for MIT Kerberos
Andrew Bartlett [Mon, 11 Feb 2019 20:34:54 +0000 (09:34 +1300)]
selftest: Only set clockskew to 5 seconds for MIT Kerberos

This was added in ac5427c6eba09134411f76a5e6f7e2643fa74eed as part of the MIT KDC
effort, but makes some tests much less reliable under high load.

As the Heimdal build does not need this, only specify for the MIT build.

Tested with an MIT AD DC build with:
 make test TESTS="samba3.raw.session samba3.smb2.session"

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb 13 05:49:43 CET 2019 on sn-devel-144

8 months agowafsamba/samba_utils.py: override symlink to allow force link
Joe Guo [Tue, 12 Feb 2019 06:16:06 +0000 (19:16 +1300)]
wafsamba/samba_utils.py: override symlink to allow force link

if bin is not empty and I have been sharing the samba tree into
a Vagrant environment and we run make, we get annoying linking error like this:

     File "~/samba/lib/tevent/wscript", line 130, in build
        installdir='python')
      File "./buildtools/wafsamba/wafsamba.py", line 745, in SAMBA_SCRIPT
        os.symlink(link_src, link_dst)
    FileExistsError: [Errno 17] File exists: '~/samba/lib/tevent/tevent.py' -> '~/samba/bin/default/../python/tevent.py'
    Makefile:7: recipe for target 'all' failed

Override the symlink method to allow force linking.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoselftest: Change backup/restore testenvs to use 1 prefork child
Tim Beale [Mon, 4 Feb 2019 23:23:43 +0000 (12:23 +1300)]
selftest: Change backup/restore testenvs to use 1 prefork child

Recently the gitlab CI jobs were hitting memory resource limits and
using swap, which then caused test failures. The process model used in
the testenvs seemed to be contributing to this problem.

We can reduce the memory overhead of the restore/backup testenvs by
using 1 prefork child process instead of the default of 4 (kudos to
Garming for the idea). The tests run against these testenvs are basic
sanity-checks, rather than heavy-duty stress tests, so the number of
prefork workers shouldn't matter.

This is a bit of a tradeoff between testing the defaults that will
actually be used in production vs using limited resources efficiently on
shared CI runner machines.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoselftest: Use default 'prefork children' smb.conf setting
Tim Beale [Mon, 4 Feb 2019 23:18:38 +0000 (12:18 +1300)]
selftest: Use default 'prefork children' smb.conf setting

The default setting should be 4, so there should be no need to specify
this in the testenv smb.conf.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoldb_dn: don't free a known NULL pointer
Douglas Bagnall [Fri, 8 Feb 2019 02:49:56 +0000 (15:49 +1300)]
ldb_dn: don't free a known NULL pointer

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoldb_dn: remove unreachable code in dn_explode
Douglas Bagnall [Thu, 7 Feb 2019 00:39:09 +0000 (13:39 +1300)]
ldb_dn: remove unreachable code in dn_explode

Every time I look at this file, I spend a few minutes wondering how
these bits of code are ever run. Never again.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoreplmd: move a if (ret) closer to ret source
Douglas Bagnall [Wed, 16 Jan 2019 04:35:48 +0000 (17:35 +1300)]
replmd: move a if (ret) closer to ret source

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agodsdb: check NULL guid strings in la_fix_links
Douglas Bagnall [Wed, 9 Jan 2019 23:55:19 +0000 (12:55 +1300)]
dsdb: check NULL guid strings in la_fix_links

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agodsdb: linked attrs: check a talloc_new()
Douglas Bagnall [Wed, 9 Jan 2019 04:55:38 +0000 (17:55 +1300)]
dsdb: linked attrs: check a talloc_new()

Also we can defer it past a thing that doesn't need or check for it.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agodsdb: make get_parsed_dns_trusted() a common helper function
Douglas Bagnall [Wed, 9 Jan 2019 02:12:43 +0000 (15:12 +1300)]
dsdb: make get_parsed_dns_trusted() a common helper function

We are already using it in two places, and are about to add a third.

The version in repl_meta_data.c did more work in the case that the
parsed_dns can't really be trusted to conform to the expected format;
this is now a wrapper called get_parsed_dns_trusted_fallback().

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agospelling of associated
Douglas Bagnall [Tue, 15 Jan 2019 22:24:34 +0000 (11:24 +1300)]
spelling of associated

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agos3:utils: Add missing NULL check in rpc_fetch_domain_aliases()
Andreas Schneider [Mon, 4 Feb 2019 16:23:05 +0000 (17:23 +0100)]
s3:utils: Add missing NULL check in rpc_fetch_domain_aliases()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 13 00:52:25 CET 2019 on sn-devel-144

8 months agos3:locking: Add missing NULL check
Andreas Schneider [Mon, 4 Feb 2019 16:19:55 +0000 (17:19 +0100)]
s3:locking: Add missing NULL check

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
9 months agoCI: split out "samba-ad-dc-ntvfs[-py2]" test targets
Ralph Boehme [Wed, 23 Jan 2019 08:43:33 +0000 (09:43 +0100)]
CI: split out "samba-ad-dc-ntvfs[-py2]" test targets

Many AD tests currently use the "samba" target. Split out a new target
"samba-ad-dc-ntvfs" and have all tests that use the "ad_dc_ntvfs" env
use the new target. This should greatly speed up the runtime for the "samba"
target and avoid swapping.

This reduces the total CI time by ~ 55%, I got an autobuild and a gitlab
pipeline finished in just ~ 100 mins!

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Feb 11 14:10:12 CET 2019 on sn-devel-144

9 months agodsdb/tests/vlv: use only one toplevel dn that is correctly cleaned up
Stefan Metzmacher [Fri, 8 Feb 2019 09:57:13 +0000 (10:57 +0100)]
dsdb/tests/vlv: use only one toplevel dn that is correctly cleaned up

Before "OU=vlvtestou2,%s" % (self.base_dn) was left behind after the
test.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoblackbox/dbcheck.sh: fix dbcheck_fix_one_way_links cleanup
Stefan Metzmacher [Thu, 7 Feb 2019 23:19:56 +0000 (00:19 +0100)]
blackbox/dbcheck.sh: fix dbcheck_fix_one_way_links cleanup

Commit 35bfc62a31c9ad73449594ddd48f76f50e0abade changed
dbcheck to not regard old one-way-links as errors.

At that time the relavant trigger changed from
fix_all_string_dn_component_mismatch to
fix_all_old_dn_string_component_mismatch.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoselftest: improve debugging in dns_hub.py
Stefan Metzmacher [Wed, 23 Jan 2019 08:34:40 +0000 (09:34 +0100)]
selftest: improve debugging in dns_hub.py

We only print debug messages when the response is delayed by more than 2
seconds.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoselftest: Make dns_hub socket timeout match DNS_REQUEST_TIMEOUT
Tim Beale [Sun, 3 Feb 2019 20:28:07 +0000 (09:28 +1300)]
selftest: Make dns_hub socket timeout match DNS_REQUEST_TIMEOUT

I was hitting the recv_packet = s.recv(2048, 0) exception because
the socket timeout was reached. We've seen it before, but it seemed more
common after changing the default process-model to prefork. This patch
makes the socket timeout used by the python code consistent with the C
code.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agodocs-xml/smbdotconf: document export of SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME...
Stefan Metzmacher [Mon, 4 Feb 2019 14:40:16 +0000 (15:40 +0100)]
docs-xml/smbdotconf: document export of SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb 11 11:03:58 CET 2019 on sn-devel-144

9 months agos3:srv_samr_chgpasswd: export SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check...
Stefan Metzmacher [Sat, 2 Feb 2019 12:19:31 +0000 (13:19 +0100)]
s3:srv_samr_chgpasswd: export SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script

This is keep compatibility with the AD DC usage.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoselftest: require SAMBA_CPS_ACCOUNT_NAME in checkpassword_arg1.sh
Stefan Metzmacher [Tue, 5 Feb 2019 15:15:15 +0000 (16:15 +0100)]
selftest: require SAMBA_CPS_ACCOUNT_NAME in checkpassword_arg1.sh

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agos4:dsdb:util: export SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password...
Stefan Metzmacher [Tue, 22 Jan 2019 10:33:23 +0000 (11:33 +0100)]
s4:dsdb:util: export SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script

This allows the check password script to reject the username and other
things.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agotests/user_check_password_script: add a test do disallow the username as password
Stefan Metzmacher [Tue, 22 Jan 2019 09:31:52 +0000 (10:31 +0100)]
tests/user_check_password_script: add a test do disallow the username as password

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoselftest: make check password script more portable
Stefan Metzmacher [Tue, 5 Feb 2019 14:30:36 +0000 (15:30 +0100)]
selftest: make check password script more portable

We should not rely on Linux specific sed options.

grep -q also works on FreeBSD (tested on FreeBSD 12).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agos3:modules: Fix compilation of nfs41acl_xdr.c when building outside src
Aliaksei Karaliou [Mon, 28 Jan 2019 08:17:07 +0000 (03:17 -0500)]
s3:modules: Fix compilation of nfs41acl_xdr.c when building outside src

If the Samba build directory is outside its source directory, generation
of nfs41acl_xdr.c by rpcgen leads to improper include paths to nfs41acl.h.

This happens because rpcgen is designed to produce its generated file in the
same directory as the input template. If the build directory is not located
under the source directory, this relative path will be invalid and the header
will not be found.

Example:
 src dir is ~/samba-src
 bld dir is ~/samba-bld

rpcgen will use path ../../samba-src/source3/modules/nfs41acl.x
running from ~/samba-bld/default and nfs41acl_xdr.c will contain:
 #include "../../samba-src/source3/modules/nfs41acl.h"

This behaviour is fixed through an intermediate copy of the input file to
the build directory so that rpcgen receives the path as if located in src.

Also now we avoid generation of nfs41acl_xdr.c when HAVE_RPC_XDR_H is
not defined because it will not be used as part of the vfs_nfs4acl_xattr
module.

Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agos3:util: Move static file_pload() function to lib/util
Aliaksei Karaliou [Thu, 27 Dec 2018 09:25:47 +0000 (04:25 -0500)]
s3:util: Move static file_pload() function to lib/util

file_pload() is static private function in Samba3 library, however it
does not have any special dependencies and might be widely used as
common function, so moving it into common samba-util library.

Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agos3:util: Move popen wrappers to lib/util
Aliaksei Karaliou [Thu, 27 Dec 2018 09:18:28 +0000 (04:18 -0500)]
s3:util: Move popen wrappers to lib/util

When linked into Samba3 libraries, sys_popen()/sys_pclose()
cannot be used in lower level libraries because of circular
dependencies.

This patch moves them into common samba-util library.

Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agobuild: Don't generate kerberos_implementation.py if building without python
Aliaksei Karaliou [Wed, 23 Jan 2019 09:55:58 +0000 (04:55 -0500)]
build: Don't generate kerberos_implementation.py if building without python

It is unnecessary to generate kerberos_implementation.py when python is
disabled.

Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agobuild: Fixed usage of non-default path to WAFLOCK
Aliaksei Karaliou [Thu, 27 Dec 2018 09:51:41 +0000 (04:51 -0500)]
build: Fixed usage of non-default path to WAFLOCK

If WAFLOCK environment variable is set, use it to override path
to WAF lock file in Samba build scripts.

Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agodnsserver: Return access denied to the caller if the user was not a DNS admin
Garming Sam [Fri, 1 Feb 2019 01:11:18 +0000 (14:11 +1300)]
dnsserver: Return access denied to the caller if the user was not a DNS admin

This is not a proper fix to match Windows, but at the very least, it
should be more obvious to users (using samba-tool for instance), that
the user needs to be given more access or that they should use the
administrator.

Windows seems to deny access altogether by returning a fault after they
have bound to the pipe and actually sent an operation.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13771

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agobuildtools/wafsamba: Avoid decode when using python2
Noel Power [Wed, 6 Feb 2019 15:27:41 +0000 (15:27 +0000)]
buildtools/wafsamba: Avoid decode when using python2

To avoid problematic type checking for 'str' types which fail
when result from str.decode is used.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13777

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agolibsmb,s3/smbd: dump SMB3+ session keys if debug parm is set
Aurelien Aptel [Fri, 8 Feb 2019 11:13:25 +0000 (12:13 +0100)]
libsmb,s3/smbd: dump SMB3+ session keys if debug parm is set

Use of previously added smb.conf global param.

Sample usage:

$ smbclient //localhost/scratch --option='debugencryption=yes' \
                                 -e -mSMB3 -U aaptel%aaptel -c quit
debug encryption: dumping generated session keys
Session Id    [0000] 26 48 BF FD 00 00 00 00                             &H......
Session Key   [0000] 63 D6 CA BC 08 C8 4A D2   45 F6 AE 35 AB 4A B3 3B   c.....J. E..5.J.;
Signing Key   [0000] 4E FE 35 92 AC 13 14 FC   C9 17 62 B1 82 20 A4 12   N.5..... ..b.. ..
App Key       [0000] A5 0F F4 8B 2F FB 0D FF   F2 BF EE 39 E6 6D F5 0A   ..../... ...9.m..
ServerIn Key  [0000] 2A 02 7E E1 D3 58 D8 12   4C 63 76 AE 59 17 5A E4   *.~..X.. Lcv.Y.Z.
ServerOut Key [0000] 59 F2 5B 7F 66 8F 31 A0   A5 E4 A8 D8 2F BA 00 38   Y.[.f.1. ..../..8

We can now simply pass -ouat:smb2_seskey_list:<sesid>,<seskey> to
wireshark or tshark:

$ tshark -ouat:smb2_seskey_list:2648BFFD00000000,63D6CABC08C84AD245F6AE35AB4AB33B \
          -Y smb2 -r capture.pcap -Tfields -e _ws.col.Info
Negotiate Protocol Response
Negotiate Protocol Request
Negotiate Protocol Response
Session Setup Request, NTLMSSP_NEGOTIATE
Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
Session Setup Request, NTLMSSP_AUTH, User: WORKGROUP\aaptel
Session Setup Response
Tree Connect Request Tree: \\localhost\IPC$
Tree Connect Response
Decrypted SMB3;Ioctl Request FSCTL_DFS_GET_REFERRALS, File: \localhost\scratch
Decrypted SMB3;Ioctl Response, Error: STATUS_NOT_FOUND
Decrypted SMB3;Tree Disconnect Request
Decrypted SMB3;Tree Disconnect Response
Decrypted SMB3;Tree Connect Request Tree: \\localhost\scratch
Decrypted SMB3;Tree Connect Response
Decrypted SMB3;Tree Disconnect Request
Decrypted SMB3;Tree Disconnect Response

For more info on Wireshark decryption support see
https://wiki.samba.org/index.php/Wireshark_Decryption

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Sat Feb  9 21:43:25 CET 2019 on sn-devel-144

9 months agodocs-xml: add "debug encryption" global parm
Aurelien Aptel [Fri, 8 Feb 2019 11:04:42 +0000 (12:04 +0100)]
docs-xml: add "debug encryption" global parm

Add debug option to dump in the log the session id & keys in smbd and
libsmb-based code for offline decryption.

Wireshark can make use of this to decrypt encrypted traffic.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
9 months agolibcli: add getters for smb2 {signing,encryption,decryption} keys
Aurelien Aptel [Wed, 6 Feb 2019 18:23:35 +0000 (19:23 +0100)]
libcli: add getters for smb2 {signing,encryption,decryption} keys

Adds:
- smb2cli_session_signing_key()
- smb2cli_session_encryption_key()
- smb2cli_session_decryption_key()

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
9 months agos3:vfs: Correctly check if OFD locks should be enabled or not
Andreas Schneider [Wed, 30 Jan 2019 17:45:34 +0000 (18:45 +0100)]
s3:vfs: Correctly check if OFD locks should be enabled or not

Also the smb.conf options should only be checked once and a reload of
the config should not switch to a different locking mode.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb  9 03:43:50 CET 2019 on sn-devel-144

9 months agos3:vfs: Initialize pid to 0 in test_netatalk_lock()
Andreas Schneider [Wed, 30 Jan 2019 17:09:52 +0000 (18:09 +0100)]
s3:vfs: Initialize pid to 0 in test_netatalk_lock()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
9 months agos4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit...
Jeremy Allison [Thu, 7 Feb 2019 02:01:52 +0000 (18:01 -0800)]
s4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit working server code.

Originally added for BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584
to demonstrate a lock order violation, this test
exposed problems in the mapping of SMB1/2 share modes
and open modes to NetATalk modes once we moved to OFD locks.

Change the test slightly (and add comments)
so it demonstrates working NetATalk share modes
on an open file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb  8 23:26:46 CET 2019 on sn-devel-144

9 months agos3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code.
Jeremy Allison [Thu, 7 Feb 2019 01:49:16 +0000 (17:49 -0800)]
s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code.

This exhibited itself as a problem with OFD locks reported
as:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770

However, due to underlying bugs in the vfs_fruit
code the file locks were not being properly applied.

There are two problems in fruit_check_access().

Problem #1:

Inside fruit_check_access() we have:

flags = fcntl(fsp->fh->fd, F_GETFL);
..
if (flags & (O_RDONLY|O_RDWR)) {

We shouldn't be calling fcntl(fsp->fh->fd, ..) directly.
fsp->fh->fd may be a made up number from an underlying
VFS module that has no meaning to a system call.

Secondly, in all POSIX systems - O_RDONLY is defined as
*zero*. O_RDWR = 2.

Which means flags & (O_RDONLY|O_RDWR) becomes (flags & 2),
not what we actually thought.

Problem #2:

deny_mode is *not* a bitmask, it's a set of discrete values.

Inside fruit_check_access() we have:

if (deny_mode & DENY_READ) and also (deny_mode & DENY_WRITE)

However, deny modes are defined as:

/* deny modes */
define DENY_DOS 0
define DENY_ALL 1
define DENY_WRITE 2
define DENY_READ 3
define DENY_NONE 4
define DENY_FCB 7

so if deny_mode = DENY_WRITE, or if deny_mode = DENY_READ
then it's going to trigger both the if (deny_mode & DENY_READ)
*and* the (deny_mode & DENY_WRITE) conditions.

These problems allowed the original test test_netatalk_lock code to
pass (which was added for BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584
to demonstrate the lock order violation).

This patch refactors the fruit_check_access()
code to be much simpler (IMHO) to understand.

Firstly, pass in the SMB1/2 share mode, not old
DOS deny modes.

Secondly, read all the possible NetAtalk locks
into local variables:

netatalk_already_open_for_reading
netatalk_already_open_with_deny_read
netatalk_already_open_for_writing
netatalk_already_open_with_deny_write

Then do the share mode/access mode checks
with the requested values against any stored
netatalk modes/access modes.

Finally add in NetATalk compatible locks
that represent our share modes/access modes
into the file, with an early return if we don't
have FILE_READ_DATA (in which case we can't
write locks anyway).

The patch is easier to understand by looking
at the completed patched fruit_check_access()
function, rather than trying to look at the
diff.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
9 months agos4/registry/py: use unsigned ParseTuple format for unsigned value
Douglas Bagnall [Thu, 7 Feb 2019 04:36:02 +0000 (17:36 +1300)]
s4/registry/py: use unsigned ParseTuple format for unsigned value

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Feb  8 17:09:51 CET 2019 on sn-devel-144

9 months agos4/messaging/py: use better format strings for variable types
Douglas Bagnall [Thu, 7 Feb 2019 04:34:52 +0000 (17:34 +1300)]
s4/messaging/py: use better format strings for variable types

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
9 months agos4/librpc/py_misc: ParseTuple format should match actual types
Douglas Bagnall [Thu, 7 Feb 2019 04:11:41 +0000 (17:11 +1300)]
s4/librpc/py_misc: ParseTuple format should match actual types

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
9 months agos3/libsmb/py: match input argument types with C types
Douglas Bagnall [Thu, 7 Feb 2019 04:04:43 +0000 (17:04 +1300)]
s3/libsmb/py: match input argument types with C types

If PyArg_ParseTupleAndKeywords() is given, say, an "H" format (meaning
unsigned short int) but the referenced variable is a plain unsigned
int, the top 16 bits of the variable will be left undefined. In that
case we should use an "I" format (and/or initialize the variable).

In many cases the change is fairly innocuous, such as when "i" and "I"
are mixed (for signed and unsigned ints respectively), but the
resulting write is the same size and probably gives the same result in
practice.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
9 months agopy_tevent: add_timer takes float argument
Douglas Bagnall [Thu, 7 Feb 2019 04:00:28 +0000 (17:00 +1300)]
py_tevent: add_timer takes float argument

We were already using it that way.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
9 months agowinbindd: Enhance xids2sids debugging
Volker Lendecke [Wed, 6 Feb 2019 16:06:28 +0000 (17:06 +0100)]
winbindd: Enhance xids2sids debugging

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Feb  8 13:30:32 CET 2019 on sn-devel-144