Ralph Boehme [Sun, 12 Jun 2016 17:03:11 +0000 (19:03 +0200)]
selftest: test idmap backend id allocation for unknown SIDS
If an SID is is not found becaues the RID doesn't exist in a domain and
the domain is configured to use a non-allocating idmap backend like
idmap_ad or idmap_rfc2307, winbindd must not return a mapping for the
SID.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 24 Jun 2016 16:33:01 +0000 (18:33 +0200)]
selftest: make autorid the default idmap backend in admember_rfc2307
This is needed for a new test in the next commit. Exisiting tests aren't
affected by this, at least a private autobuild passed with this
change.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 24 Jun 2016 13:16:42 +0000 (15:16 +0200)]
winbindd: in wb_lookupsids return domain name if we have it
When doing a SID to xid mapping for an unknown SID, the idmap child gets
passed a lsa_RefDomainList with an empty domain name (ie ""). This is
coming from LsaLookupSids() and causes the mapping request to end up in
the default idmap domain.
Example request with domain name "":
wbint_Sids2UnixIDs: struct wbint_Sids2UnixIDs
in: struct wbint_Sids2UnixIDs
domains : *
domains: struct lsa_RefDomainList
count : 0x00000001 (1)
domains : *
domains: ARRAY(1)
domains: struct lsa_DomainInfo
name: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0002 (2)
string : *
string : ''
sid : *
sid : S-1-5-21-
3152989960-
574718769-
2188965058
max_size : 0x00000020 (32)
ids : *
ids: struct wbint_TransIDArray
num_ids : 0x00000001 (1)
ids: ARRAY(1)
ids: struct wbint_TransID
type : ID_TYPE_NOT_SPECIFIED (0)
domain_index : 0x00000000 (0)
rid : 0x000029aa (66666)
xid: struct unixid
id : 0xffffffff (
4294967295)
type : ID_TYPE_NOT_SPECIFIED (0)
In _wbint_Sids2UnixIDs() we call idmap_find_domain_with_sid() with the
domain name "" and this triggers use of the default idmap domain which
in case of idmap_autorid will allocate an id from a idmap_autorid range.
If we know the domain, ensure we return it for SIDs were the SID was not
found but the domain of the SID was found. Callers like sids2xids depend
on the domain name and returning an empty string "" for valid domain can
trigger unwanted idmap range allocations.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 24 Jun 2016 16:31:45 +0000 (18:31 +0200)]
winbindd/idmap_rfc2307: fix a crash
map->map is NULL if lookupsid failed.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Shyamsunder Rathi [Sun, 26 Jun 2016 23:26:53 +0000 (16:26 -0700)]
s3:utils/net: Add new option 'unregister' in 'net ads dns' command.
This new option allows DNS names to be unregistered and removes all
IP entries for a given name in the specified AD server.
Signed-off-by: Shyamsunder Rathi <shyam.rathi@nutanic.com>
Reviewed-by: Richard SHarpe <rsharpe@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Mon Jun 27 20:43:26 CEST 2016 on sn-devel-144
Stefan Metzmacher [Fri, 27 May 2016 14:52:00 +0000 (16:52 +0200)]
s4:dsdb/tests: add pwdLastSet tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun 27 08:52:48 CEST 2016 on sn-devel-144
Stefan Metzmacher [Wed, 1 Jun 2016 09:13:47 +0000 (11:13 +0200)]
s4:dsdb/samldb: pwdLastSet = -1 requires Unexpire-Password right
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 27 May 2016 14:54:40 +0000 (16:54 +0200)]
s4:dsdb/samldb: fix comment "lockoutTime" reset as per MS-SAMR 3.1.1.8.10
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 13:21:58 +0000 (15:21 +0200)]
s4:dsdb/password_hash: only allow pwdLastSet as "0" or "-1"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 24 May 2016 06:51:45 +0000 (08:51 +0200)]
s4:rpc_server/samr: only set pwdLastSet to "0" or "-1"
The password_hash module will take care of translating "-1"
to the current time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 11 Feb 2016 19:07:18 +0000 (20:07 +0100)]
s4:dsdb/password_hash: allow pwdLastSet only changes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 13:21:58 +0000 (15:21 +0200)]
s4:dsdb/password_hash: make it possible to specify pwdLastSet together with a password change
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 13:21:58 +0000 (15:21 +0200)]
s4:dsdb/password_hash: handle the DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET control
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 30 May 2016 15:12:51 +0000 (17:12 +0200)]
s4:dsdb/password_hash: make the DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET code path more robust
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 09:44:43 +0000 (11:44 +0200)]
s4:dsdb/password_hash: only set pwdLastSet if required
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 08:53:57 +0000 (10:53 +0200)]
s4:dsdb/password_hash: create a shallow copy of the client message for the final update
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 08:39:23 +0000 (10:39 +0200)]
s4:dsdb/password_hash: move ldb_msg_add_empty() calls to update_final_msg()
We should only replace attributes when we're asked to do so.
Currently that's always the case, but that will change soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 08:09:58 +0000 (10:09 +0200)]
s4:dsdb/password_hash: remember if we need to update the passwords and/or pwdLastSet
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 3 Jun 2016 14:20:39 +0000 (16:20 +0200)]
s4:dsdb/password_hash: call ndr_pull_supplementalCredentialsBlob in setup_io()
We should setup io->o.* (the old password attributes) completely in setup_io().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 07:43:57 +0000 (09:43 +0200)]
s4:dsdb/password_hash: move the check for old passwords into setup_io()
We get everything else of the existing object there too.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 07:39:07 +0000 (09:39 +0200)]
s4:dsdb/password_hash: leave the current value of pwdLastSet as 0 an add
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 25 May 2016 11:43:29 +0000 (13:43 +0200)]
s4:dsdb/password_hash: make the variable names in setup_io() more clear
We get the message from the client and (optional) the existing object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 07:25:37 +0000 (09:25 +0200)]
s4:dsdb/password_hash: split out a update_final_msg() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 06:16:07 +0000 (08:16 +0200)]
s4:dsdb/password_hash: split out a password_hash_needed() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 12 Feb 2016 12:56:26 +0000 (13:56 +0100)]
s4:dsdb/password_hash: use full NTTIME resolution for pwdLastSet
Windows does the same...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 25 May 2016 14:00:29 +0000 (16:00 +0200)]
s4:dsdb/common: add some const to helper functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 27 May 2016 14:53:48 +0000 (16:53 +0200)]
s4:samldb: pass down DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID with changed userAccountControl details
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 27 May 2016 14:52:54 +0000 (16:52 +0200)]
s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 11 Feb 2016 07:31:46 +0000 (08:31 +0100)]
s4:dsdb/samldb: add DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID when defaulting pwdLastSet=0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 11 Feb 2016 07:31:46 +0000 (08:31 +0100)]
s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID
This will be used to let the "password_hash" module know that
the value of pwdLastSet was defaulted to 0 in the "samldb" module
on add.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 11 Feb 2016 07:59:09 +0000 (08:59 +0100)]
s3:pdb_samba_dsdb: fix calucating of dsdb_flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 22:18:05 +0000 (00:18 +0200)]
s4:dsdb/tests: use more useful userAccountControl/pwdLastSet values in the urgent_replication test
Using UF_SMARDCARD_REQUIRED has some side effects, so we better use
UF_DONT_EXPIRE_PASSWD which doesn't trigger additional actions.
Setting pwdLastSet to "1" is not allowed, only "-1" is able to change
an existing value of "0".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 4 Feb 2016 16:44:05 +0000 (17:44 +0100)]
s4:selftest: run samba4.ldap.password_lockout.python only against ad_dc_ntvfs
This test runs over 4-5 mins.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 25 May 2016 15:28:38 +0000 (17:28 +0200)]
s4:dsdb/repl_meta_data: pass now to replmd_add_fix_la
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 25 May 2016 14:05:14 +0000 (16:05 +0200)]
s4:dsdb/tests: improve error message in test_new_user_default_attributes()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Jun 2016 13:08:43 +0000 (15:08 +0200)]
s4:dsdb/tests: let the user_account_control.py test recover from a previous failure
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Jun 2016 13:08:43 +0000 (15:08 +0200)]
s4:dsdb/tests: use GENSEC_SEAL for ldap connections in sam.py
This allows the tests to pass against a fully patched Windows Server.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Jun 2016 13:08:43 +0000 (15:08 +0200)]
s4:dsdb/tests: use ncacn_ip_tcp:server[seal] for samr connections
This allows the tests to pass against a fully patched Windows Server.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 25 May 2016 15:30:05 +0000 (17:30 +0200)]
s4:dsdb/tests: make user_account_control.py executable
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 2 Jun 2016 13:15:52 +0000 (15:15 +0200)]
samba-tool: really deprecate 'samba-tool user add'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 6 Jan 2016 12:25:45 +0000 (13:25 +0100)]
librpc/ndr: add support for NDR_ALIGN* to ndr_push_short_relative_ptr2()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 6 Jan 2016 12:28:02 +0000 (13:28 +0100)]
librpc/tools: correctly validate relative pointers in ndrdump
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 22 Jan 2016 20:24:31 +0000 (21:24 +0100)]
selftest: add save.env.sh helper script.
This can be used to store the environment from within
make testenv.
It can be restored with:
. bin/restore.env.source
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sun, 26 Jun 2016 19:15:02 +0000 (07:15 +1200)]
Revert "source4/scripting: add an option to samba_dnsupdate to add ns records."
This reverts a totally unnecessary change to samba_dnsupdate. The self test
environment does the correct things with NS records now.
This reverts commit
af08cb2eee9dc9fabad6ca62ca11728209297222.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun 27 04:13:04 CEST 2016 on sn-devel-144
Andrew Bartlett [Fri, 17 Jun 2016 03:04:21 +0000 (15:04 +1200)]
dsdb: Make less talloc() for parsed_dn.guid
This is always allocated, so do not make it a pointer.
This now also uses the talloc-less GUID_buf_string() when printing
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 16 Jun 2016 02:04:44 +0000 (14:04 +1200)]
dsdb: Avoid talloc() calls in dsdb_get_extended_dn_*()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 15 Jun 2016 21:31:21 +0000 (09:31 +1200)]
dsdb: Apply linked attribute backlinks as we apply the forward links
Otherwise, we spend a lot of time checking if the link is in the list, which is pointless
and very costly in large domains
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 17 Jun 2016 01:28:59 +0000 (13:28 +1200)]
ldb: Do not allocate the extended DN name
The name must be a hard-coded value from struct ldb_dn_extended_syntax
so just point to that constant pointer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 15 Jun 2016 04:11:28 +0000 (16:11 +1200)]
ldb: Allow repl_meta_data to override the O(^2) loop checking for duplciates
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 15 Jun 2016 03:54:06 +0000 (15:54 +1200)]
librpc: Avoid talloc in GUID_from_data_blob()
This is often found in inner loops in the dsdb code, because LDB DNs often contain a GUID string
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 15 Jun 2016 03:43:55 +0000 (15:43 +1200)]
dsdb: Only fetch changed attributes in replmd_update_rpmd
This avoids fetching every attribute, including in particular links that may
require additional work to resolve, when we will not look at them anyway
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 14 Jun 2016 22:36:16 +0000 (10:36 +1200)]
dsdb: Fix use-after-free of parent_dn in operational module
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 14 Jun 2016 21:59:57 +0000 (09:59 +1200)]
dsdb: Provide shortcuut for repl_meta_data avoiding search of link targets
This makes processing of large numbers of linked attributes much faster, as we never care about the
names during that processing
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 14 Jun 2016 08:25:21 +0000 (20:25 +1200)]
selftest: Do not run winbind tests against ad_dc_ntvfs
This runs the same winbindd as ad_dc, there is no need to duplicate the runs
Andrew Bartlett [Tue, 14 Jun 2016 08:02:03 +0000 (20:02 +1200)]
selftest: Avoid running local.nss test against ad_dc_ntvfs
This environment uses the same winbindd as ad_dc
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andreas Schneider [Wed, 22 Jun 2016 09:13:15 +0000 (11:13 +0200)]
libutil: Support systemd 230
systemd 230 version finally deprecated
libsystemd-daemon/libsystemd-journal split and put everything in
libsystemd library.
Make sure HAVE_LIBSYSTEMD define is supported in the code (we already
have it defined by the waf).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11936
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Mon Jun 27 00:01:55 CEST 2016 on sn-devel-144
Jose A. Rivera [Sat, 25 Jun 2016 15:47:52 +0000 (10:47 -0500)]
krb5_wrap: Fix build error when not using heimdal.
Just a small typo fix where type and variable were flipped.
Signed-off-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jun 25 22:43:27 CEST 2016 on sn-devel-144
Ralph Boehme [Thu, 23 Jun 2016 17:13:05 +0000 (19:13 +0200)]
s4/torture: add a test for dosmode and hidden files
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Jun 2016 10:24:33 +0000 (12:24 +0200)]
s3/smbd: only use stored dos attributes for open_match_attributes() check
This changes the way we check for old vs new DOS attributes on open with
overwrite: only check against the DOS attributes actually set by a
client and stored in the DOS attributes xattr.
With this change "hide dot files" and "hide files" continue to work with
"store dos attributes = yes".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Jun 2016 15:14:55 +0000 (17:14 +0200)]
s3/smbd: move check for "hide files" to dos_mode_from_name()
Consolidate the "hide dot files" and "hide files" handling stuff in one
function. No change in overall behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Jun 2016 14:40:15 +0000 (16:40 +0200)]
s3/smbd: call dos_mode_from_name after SMB_VFS_GET_DOS_ATTRIBUTES()
This doesn't change overall behaviour in any way, it just prepares for
the next step where the IS_HIDDEN_PATH() stuff will be moved to the
function dos_mode_from_name().
It allows an optimisation by not checking "hide to files" patch if
FILE_ATTRIBUTE_HIDDEN was already set in the DOS xattr.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Jun 2016 10:23:33 +0000 (12:23 +0200)]
s3/smbd: add helper func dos_mode_from_name()
This just moves the computation of "hide dot files" files to a helper
functions without changing overall behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11992
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Amitay Isaacs [Fri, 24 Jun 2016 09:22:02 +0000 (19:22 +1000)]
s3-ctdb: Return an error when unexpected reply is received
CTDB can send CTDB_REPLY_ERROR in case it encounters an error condition.
This is treated as successful migration as "ret" is not set.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jun 24 22:39:23 CEST 2016 on sn-devel-144
Stefan Metzmacher [Thu, 23 Jun 2016 10:06:40 +0000 (12:06 +0200)]
python/tests: add auth_pad test for the dcerpc raw_protocol test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 24 18:08:44 CEST 2016 on sn-devel-144
Stefan Metzmacher [Thu, 23 Jun 2016 11:50:39 +0000 (13:50 +0200)]
s4:rpc_server: generate the correct error when we got an invalid auth_pad_length on BIND,ALTER,AUTH3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 20 Jun 2016 14:26:56 +0000 (16:26 +0200)]
librpc/rpc: ignore invalid auth_pad_length values in BIND, ALTER and AUTH3 pdus
This is a workarround for a bug in old Samba releases.
For BIND_ACK <= 3.5.x and for ALTER_RESP <= 4.2.x (see bug #11061).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 20 Jun 2016 14:25:12 +0000 (16:25 +0200)]
librpc/rpc: let dcerpc_pull_auth_trailer() check that auth_pad_length fits within the whole pdu.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 20 Jun 2016 14:17:45 +0000 (16:17 +0200)]
librpc/rpc: let dcerpc_pull_auth_trailer() only accept auth_length!=NULL or auth_data_only=true
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 20 Jun 2016 14:16:23 +0000 (16:16 +0200)]
s4:librpc/rpc: don't ask for auth_length if we ask for auth data only
dcerpc_pull_auth_trailer() handles auth_length=NULL just fine.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 20 Jun 2016 14:11:37 +0000 (16:11 +0200)]
s4:rpc_server: parse auth data only for BIND,ALTER_REQ,AUTH3
We should tell dcerpc_pull_auth_trailer() that we only want
auth data.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Sat, 26 Sep 2015 00:43:30 +0000 (02:43 +0200)]
s3:rpc_client: remove unused rpc_pipe_client->max_recv_frag
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 15 Jul 2015 10:02:32 +0000 (12:02 +0200)]
s4:rpc_server: remove unused dcesrv_connection_context->assoc_group
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 15 Jul 2015 10:01:35 +0000 (12:01 +0200)]
s4:rpc_server: remove unused '_unused_auth_state'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 15 Jul 2015 08:15:31 +0000 (10:15 +0200)]
s4:rpc_server: context_id fields of presentation contexts are just 16bit
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 29 Jun 2015 10:28:03 +0000 (12:28 +0200)]
s4:server_named_pipe: make sure we use lower case pipe name
This matches what tstream_npa_connect() expects.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 22 Jun 2016 18:38:01 +0000 (20:38 +0200)]
dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 24 Jun 2016 05:27:43 +0000 (07:27 +0200)]
smbd: Fix a valgrind error
"child" has been free'd via "tmp"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 24 14:07:56 CEST 2016 on sn-devel-144
Amitay Isaacs [Thu, 23 Jun 2016 11:07:37 +0000 (21:07 +1000)]
ctdb-recovery: Terminate if recovery fails without any banning credits
In case of database recovery failure, if there are no banning credits
assigned, then the async computation is never terminated. The else
condition is missing in (max_credits >= NUM_RETRIES) check.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Jun 24 09:56:23 CEST 2016 on sn-devel-144
Amitay Isaacs [Wed, 8 Jun 2016 07:25:42 +0000 (17:25 +1000)]
ctdb-recovery-helper: Fix a comment
The sequence of events are incorrectly documented.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Andreas Schneider [Thu, 23 Jun 2016 12:18:35 +0000 (14:18 +0200)]
s3-libnet: Add a comment to make cleaŕ we want to fall through
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 24 05:58:35 CEST 2016 on sn-devel-144
Andreas Schneider [Wed, 22 Jun 2016 06:53:51 +0000 (08:53 +0200)]
nsswitch: Fix memory leak in test_wbc_trusts()
Found by cppcheck.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Andreas Schneider [Wed, 22 Jun 2016 06:48:12 +0000 (08:48 +0200)]
nsswitch: Fix memory leak in test_wbc_groups()
Found by cppcheck.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Andreas Schneider [Wed, 22 Jun 2016 06:25:54 +0000 (08:25 +0200)]
nsswitch: Fix memory leak in test_wbc_users()
Found by cppcheck.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Andreas Schneider [Wed, 22 Jun 2016 06:16:11 +0000 (08:16 +0200)]
nsswitch: Fix memory leak in test_wbc_domain_info()
Found by cppcheck.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Andreas Schneider [Wed, 22 Jun 2016 06:04:53 +0000 (08:04 +0200)]
nsswitch: Fix memory leak in test_wbc_pingdc2()
Found by cppcheck.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Andreas Schneider [Wed, 22 Jun 2016 06:01:05 +0000 (08:01 +0200)]
nsswitch: Fix memory leak in test_wbc_get_sidaliases()
Found by cppcheck.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Andreas Schneider [Wed, 22 Jun 2016 05:56:20 +0000 (07:56 +0200)]
nsswitch: Fix memory leak in test_wbc_pingdc()
Found by cppcheck.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Andreas Schneider [Wed, 22 Jun 2016 05:51:45 +0000 (07:51 +0200)]
nsswitch: Fix wbclient torture_assert_wbc_ok_goto_fail macro
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Andreas Schneider [Tue, 21 Jun 2016 13:56:23 +0000 (15:56 +0200)]
smbget: Fix a memory leak
Found by cppcheck.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Amitay Isaacs [Thu, 23 Jun 2016 06:17:51 +0000 (16:17 +1000)]
s3-ctdb: Fail CTDB connection only on INACTIVE state
If the node has flag NODE_FLAGS_PERMANENTLY_DISABLED, then it is
still working. Only avoid connections if node has any of the flags
in NODE_FLAGS_INACTIVE.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jun 23 23:38:44 CEST 2016 on sn-devel-144
Stefan Metzmacher [Wed, 22 Jun 2016 15:18:28 +0000 (17:18 +0200)]
s4:rpc_server: use a variable for the max total reassembled request payload
We still use the same limit of 4 MByte (DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE)
by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 23 04:51:16 CEST 2016 on sn-devel-144
Stefan Metzmacher [Wed, 22 Jun 2016 15:18:28 +0000 (17:18 +0200)]
s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes
This will replace DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte),
The limit of DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte) was too
strict for some workloads, e.g. DRSUAPI replication with large objects.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Jun 2016 14:58:03 +0000 (16:58 +0200)]
dcerpc.idl: add DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE
This will replace DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte),
this limit is too strict for some workloads, e.g. DRSUAPI replication
with large objects.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 22 Jun 2016 13:53:59 +0000 (15:53 +0200)]
s4-ntlm: Fix a NULL pointer dereference in error path
Found by clang compiler.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 22 23:21:33 CEST 2016 on sn-devel-144
Andreas Schneider [Wed, 22 Jun 2016 13:48:10 +0000 (15:48 +0200)]
s4-dsdb: Fix a possible NULL pointer dereference
Detected by clang compiler.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 22 Jun 2016 13:15:05 +0000 (15:15 +0200)]
s3-torture: Do some code hygiene in the ldb test
Coverity is confused if in a expresion we use = and not ==.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 22 Jun 2016 07:25:16 +0000 (09:25 +0200)]
librpc: Check for negative return value of socket_get_fd()
Found by Coverity.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 22 Jun 2016 07:17:07 +0000 (09:17 +0200)]
util: Fix a possible null pointer dereference
Found by cppcheck.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 21 Jun 2016 22:49:27 +0000 (15:49 -0700)]
s3: libsmb: Correctly trim a trailing \\ character in cli_smb2_create_fnum_send() when passing a pathname to SMB2 create.
We already trim any leading \\ characters in this function, so this is the simplest place
to clean the pathname.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11986
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Jun 22 10:33:29 CEST 2016 on sn-devel-144
Michael Adam [Wed, 15 Jun 2016 21:03:32 +0000 (23:03 +0200)]
libnet: ignore realm setting for domain security joins to AD domains if 'winbind rpc only = true'
Inspired by initial patch from Matt Rogers @ RedHat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Jun 22 05:05:47 CEST 2016 on sn-devel-144
git.samba.org / kai / samba-autobuild / .git / log