kai/samba-autobuild/.git
5 years agolsa.idl: mark lsa_TrustDomainInfoInfoEx as public
Stefan Metzmacher [Sat, 24 Jan 2015 10:22:54 +0000 (11:22 +0100)]
lsa.idl: mark lsa_TrustDomainInfoInfoEx as public

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos4:selftest: run dbcheck against the ad_dc environment too
Stefan Metzmacher [Fri, 27 Mar 2015 09:45:58 +0000 (10:45 +0100)]
s4:selftest: run dbcheck against the ad_dc environment too

This is the environment that is configured like real world configurations.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos4:rpc_server/lsa: implement the policy security descriptor
Stefan Metzmacher [Wed, 25 Mar 2015 19:11:12 +0000 (19:11 +0000)]
s4:rpc_server/lsa: implement the policy security descriptor

We now check the requested access mask in OpenPolicy*()
and return NT_STATUS_ACCESS_DENIED if the request is not granted.

E.g. validating a domain trust via the Windows gui requires this
in order prompt the user for the credentials. Otherwise
we fail any other call with ACCESS_DENIED later and the
gui just displays a strange error message.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos4:rpc_server/lsa: normalize the access_mask for lsa account objects
Stefan Metzmacher [Thu, 26 Mar 2015 20:52:27 +0000 (21:52 +0100)]
s4:rpc_server/lsa: normalize the access_mask for lsa account objects

We still grant all access in the access_mask, but we don't check the
mask at all yet...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agolibcli/security: add security_descriptor_for_client() helper function
Stefan Metzmacher [Thu, 26 Mar 2015 13:39:35 +0000 (14:39 +0100)]
libcli/security: add security_descriptor_for_client() helper function

This prepares a possibly stripped security descriptor for a client.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agolibcli/security: support "IS" in SDDL for SID_NT_IUSR
Stefan Metzmacher [Wed, 25 Mar 2015 19:10:48 +0000 (19:10 +0000)]
libcli/security: support "IS" in SDDL for SID_NT_IUSR

TODO: we should import the whole lists from [MS-DTYP].

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos3:rpcclient: only require netlogon_creds for specified netlogon calls
Stefan Metzmacher [Thu, 26 Mar 2015 13:41:09 +0000 (14:41 +0100)]
s3:rpcclient: only require netlogon_creds for specified netlogon calls

A lot of calls on the netlogon pipe doesn't require netlogon credentials,
e.g. netr_LogonControl*() should work just with administrator credentials.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agoCheck for third party Python modules during configure.
Jelmer Vernooij [Sat, 28 Mar 2015 16:11:51 +0000 (16:11 +0000)]
Check for third party Python modules during configure.

Inform the user whether the module was found on the system, or if the
bundled copy is being used. If the module is not found, suggest what
they can do to make it available to Samba.

Change-Id: I89ec57a2acf87768ca3714add59575578d2ee399
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Mar 30 13:40:33 CEST 2015 on sn-devel-104

5 years agoMove configure part of third party to third_party/wscript.
Jelmer Vernooij [Sat, 28 Mar 2015 15:43:29 +0000 (15:43 +0000)]
Move configure part of third party to third_party/wscript.

Change-Id: I34875a8bde99df2e0a2659677e88640bb0ec1816
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
5 years agoPass --recursive to 'git clone' in autobuild.
Jelmer Vernooij [Sat, 28 Mar 2015 16:15:03 +0000 (16:15 +0000)]
Pass --recursive to 'git clone' in autobuild.

This makes it possible to use submodules in Samba.

Change-Id: Iccb1876b1daf82864b18486f2dca9036d7d3c75c
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
5 years agogroupdb: Fix a typo
Volker Lendecke [Sun, 29 Mar 2015 16:17:46 +0000 (18:17 +0200)]
groupdb: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
5 years agoheimdal: Fix a warning
Volker Lendecke [Sun, 29 Mar 2015 13:59:41 +0000 (15:59 +0200)]
heimdal: Fix a warning

99% this is what was meant....

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
5 years agoheimdal: Fix a warning
Volker Lendecke [Sun, 29 Mar 2015 13:59:41 +0000 (15:59 +0200)]
heimdal: Fix a warning

99% this is what was meant....

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
5 years agovfs_gpfs: Remove warning after failure of get_gpfs_fset_id
Christof Schmitt [Fri, 27 Mar 2015 20:16:41 +0000 (13:16 -0700)]
vfs_gpfs: Remove warning after failure of get_gpfs_fset_id

get_gpfs_fset_id already emits more detailed warnings, there is no need
to print an additional warning in the calling function.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
5 years agoctdb-tests: Switch to tcp check in rpcinfo stub
Amitay Isaacs [Fri, 27 Mar 2015 01:00:56 +0000 (12:00 +1100)]
ctdb-tests: Switch to tcp check in rpcinfo stub

Use -T tcp instead of deprecated options -u and -t.  Also, check for
localhost.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Mar 27 09:16:50 CET 2015 on sn-devel-104

5 years agoctdb-scripts: Use tcp connection for checking RPC services
Amitay Isaacs [Fri, 27 Mar 2015 01:04:03 +0000 (12:04 +1100)]
ctdb-scripts: Use tcp connection for checking RPC services

It's possible for a RPC service to register only for UDP and not TCP.
Since we assume all the NFS operations are over TCP, always check RPC
services over TCP.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
5 years agoctdb-scripts: Respect $RPCMOUNTDOPTS when restarting rpc.mountd
Martin Schwenke [Tue, 24 Mar 2015 09:12:51 +0000 (20:12 +1100)]
ctdb-scripts: Respect $RPCMOUNTDOPTS when restarting rpc.mountd

$RPCMOUNTDOPTS is ignored when restarting rpc.statd due to the service
being unresponsive.  This variable can be used to increase the number
of rpc.mountd threads when there are a lot of clients reattaching so
ignoring it can mean that only a single rpc.mount thread is started.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
5 years agoctdb-daemon: Drop tunable that is no longer in use
Amitay Isaacs [Wed, 30 Jul 2014 04:31:54 +0000 (14:31 +1000)]
ctdb-daemon: Drop tunable that is no longer in use

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
5 years agoctdb-recoverd: Fix typo in comment
Amitay Isaacs [Wed, 30 Jul 2014 02:32:08 +0000 (12:32 +1000)]
ctdb-recoverd: Fix typo in comment

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
5 years agoselftest: Use 'logging' parameter instead of 'syslog'
Christof Schmitt [Mon, 23 Mar 2015 23:16:36 +0000 (16:16 -0700)]
selftest: Use 'logging' parameter instead of 'syslog'

'syslog' has been deprecated, so use the new 'logging' parameter
instead.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Mar 27 06:38:32 CET 2015 on sn-devel-104

5 years agos4-process_model: Panic if the standard init function fails
Andreas Schneider [Thu, 26 Mar 2015 09:58:18 +0000 (10:58 +0100)]
s4-process_model: Panic if the standard init function fails

Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4-process_model: Do not close random fds while forking.
Andreas Schneider [Thu, 26 Mar 2015 09:48:31 +0000 (10:48 +0100)]
s4-process_model: Do not close random fds while forking.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11180

The issue has been found with nss_wrapper debug output running:
    samba4.ntvfs.cifs.krb5.base.lock

In the case here, we fork a child and close the fd without resetting
the pipe fd variable. Then the fd was used to open the nss_wrapper
hosts file which got the same fd. We forked again in the process model
called close() on the re-used fd (of the pipe variable) again without
nss_wrapper noticing.  Now Samba opened the secrets tdb and got
the same fd as nss_wrapper was using for the hosts file and next
nss_wrapper tried to parse a TDB ...

Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4:kdc/db-glue: samba_kdc_trust_message2entry() should use the normalized principal...
Stefan Metzmacher [Thu, 26 Mar 2015 09:24:05 +0000 (09:24 +0000)]
s4:kdc/db-glue: samba_kdc_trust_message2entry() should use the normalized principal as salt

smbclient //w2012r2-183.w2012r2-l4.base/netlogon -c 'ls' -k yes -Uadministrator@S4XDOM.BASE%A1b2C3d4
worked while
smbclient //w2012r2-183.w2012r2-l4.base/netlogon -c 'ls' -k yes -Uadministrator@s4xdom.base
failed, if aes keys are used across the trust.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Mar 27 04:02:05 CET 2015 on sn-devel-104

5 years agolibcli/util: remove unused WERR_BAD_PASSWORD
Stefan Metzmacher [Thu, 26 Mar 2015 10:00:10 +0000 (11:00 +0100)]
libcli/util: remove unused WERR_BAD_PASSWORD

The values are the same, but WERR_INVALID_PASSWORD matches the documentation.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agolibcli/auth: use WERR_INVALID_PASSWORD instead of WERR_BAD_PASSWORD
Stefan Metzmacher [Thu, 26 Mar 2015 10:00:10 +0000 (11:00 +0100)]
libcli/auth: use WERR_INVALID_PASSWORD instead of WERR_BAD_PASSWORD

The values are the same, but WERR_INVALID_PASSWORD matches the documentation.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agodocs-xml/Samba3-HOWTO: add reference to WERR_INVALID_PASSWORD were we had only WERR_B...
Stefan Metzmacher [Thu, 26 Mar 2015 10:00:10 +0000 (11:00 +0100)]
docs-xml/Samba3-HOWTO: add reference to WERR_INVALID_PASSWORD were we had only WERR_BAD_PASSWORD

The values are the same, but WERR_INVALID_PASSWORD matches the documentation
and the new win_errstr() output.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agoselftest: use dns_lookup_* = true in krb5.conf
Stefan Metzmacher [Tue, 24 Mar 2015 18:05:10 +0000 (19:05 +0100)]
selftest: use dns_lookup_* = true in krb5.conf

We only need to specify explicit entries for the local realm
in order to provision the server.

Everything else is handled by real dns or faked dns via resolv wrapper.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos4-kdc/db_glue: avoid accessing private struct members when there are accessor funcs.
Günther Deschner [Tue, 10 Feb 2015 12:23:14 +0000 (13:23 +0100)]
s4-kdc/db_glue: avoid accessing private struct members when there are accessor funcs.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4-kdc/db_glue: use smb_krb5_principal_set_type().
Günther Deschner [Tue, 10 Feb 2015 12:14:21 +0000 (13:14 +0100)]
s4-kdc/db_glue: use smb_krb5_principal_set_type().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agokrb5_wrap: fix documentation for smb_krb5_principal_get_comp_string().
Günther Deschner [Tue, 10 Feb 2015 12:38:41 +0000 (13:38 +0100)]
krb5_wrap: fix documentation for smb_krb5_principal_get_comp_string().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agokrb5_wrap: add smb_krb5_principal_set_type().
Günther Deschner [Tue, 10 Feb 2015 12:13:01 +0000 (13:13 +0100)]
krb5_wrap: add smb_krb5_principal_set_type().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4-auth: fix DEBUG statement.
Günther Deschner [Sat, 7 Feb 2015 14:12:45 +0000 (15:12 +0100)]
s4-auth: fix DEBUG statement.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agogensec: map KRB5KRB_AP_ERR_BAD_INTEGRITY to logon failure.
Günther Deschner [Sat, 7 Feb 2015 09:48:30 +0000 (10:48 +0100)]
gensec: map KRB5KRB_AP_ERR_BAD_INTEGRITY to logon failure.

When requesting initiator credentials fails, we need to map the error code
KRB5KRB_AP_ERR_BAD_INTEGRITY to NT_STATUS_LOGON_FAILURE as well. This is what
current MIT kerberos returns.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4-kdc/db-glue: make sure to use smb_krb5_get_pw_salt and smb_krb5_create_key_from_st...
Günther Deschner [Fri, 19 Dec 2014 15:35:48 +0000 (16:35 +0100)]
s4-kdc/db-glue: make sure to use smb_krb5_get_pw_salt and smb_krb5_create_key_from_string.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agolib/krb5_wrap: use krb5_const_principal in smb_krb5_get_pw_salt().
Günther Deschner [Thu, 26 Mar 2015 10:31:34 +0000 (11:31 +0100)]
lib/krb5_wrap: use krb5_const_principal in smb_krb5_get_pw_salt().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agolib/krb5_wrap: use krb5_const_principal in smb_krb5_create_key_from_string.
Günther Deschner [Thu, 26 Mar 2015 10:21:06 +0000 (11:21 +0100)]
lib/krb5_wrap: use krb5_const_principal in smb_krb5_create_key_from_string.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4-auth: avoid double free of krb5 kt_entries when compiling with MIT kerberos library.
Günther Deschner [Tue, 29 Jul 2014 16:32:20 +0000 (18:32 +0200)]
s4-auth: avoid double free of krb5 kt_entries when compiling with MIT kerberos library.

Guenther

Pair-Programmed-With: Andreas Schneider <asn@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4-gensec: Check if we have delegated credentials.
Andreas Schneider [Tue, 29 Jul 2014 10:33:49 +0000 (12:33 +0200)]
s4-gensec: Check if we have delegated credentials.

With MIT Kerberos it is possible that the GSS_C_DELEG_FLAG is set, but
the delegated_cred_handle is NULL which results in a NULL-pointer
dereference. This way we fix it.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4-kdc/db-glue: use smb_krb5_principal_get_comp_string in dbglue.
Günther Deschner [Fri, 16 May 2014 09:44:49 +0000 (11:44 +0200)]
s4-kdc/db-glue: use smb_krb5_principal_get_comp_string in dbglue.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4-kdc/db-glue: use principal_comp_str{case}cmp.
Günther Deschner [Fri, 16 May 2014 09:44:02 +0000 (11:44 +0200)]
s4-kdc/db-glue: use principal_comp_str{case}cmp.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4-kdc/db-glue: add principal_comp_str{case}cmp
Günther Deschner [Thu, 15 May 2014 13:57:06 +0000 (15:57 +0200)]
s4-kdc/db-glue: add principal_comp_str{case}cmp

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4-kdc: pass down only a samba_kdc_entry to samba_krbtgt_is_in_db().
Günther Deschner [Fri, 9 May 2014 22:49:44 +0000 (00:49 +0200)]
s4-kdc: pass down only a samba_kdc_entry to samba_krbtgt_is_in_db().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4-kdc: pass down only a samba_kdc_entry to samba_kdc_get_pac_blob().
Günther Deschner [Fri, 9 May 2014 22:26:21 +0000 (00:26 +0200)]
s4-kdc: pass down only a samba_kdc_entry to samba_kdc_get_pac_blob().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4-kdc: pass down only a samba_kdc_entry to samba_princ_needs_pac().
Günther Deschner [Fri, 9 May 2014 21:26:42 +0000 (23:26 +0200)]
s4-kdc: pass down only a samba_kdc_entry to samba_princ_needs_pac().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2proxy().
Günther Deschner [Fri, 9 May 2014 12:58:08 +0000 (14:58 +0200)]
s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2proxy().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_pkinit_ms_upn_mat...
Günther Deschner [Fri, 9 May 2014 12:56:22 +0000 (14:56 +0200)]
s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_pkinit_ms_upn_match().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2self().
Günther Deschner [Fri, 9 May 2014 12:54:23 +0000 (14:54 +0200)]
s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2self().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4-kdc: build some kdc components only for Heimdal KDCs.
Günther Deschner [Thu, 8 May 2014 13:15:40 +0000 (15:15 +0200)]
s4-kdc: build some kdc components only for Heimdal KDCs.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agolib/krb5_wrap: provide KRB5KDC_ERR_KEY_EXPIRED error code matching MIT.
Günther Deschner [Thu, 8 May 2014 12:47:05 +0000 (14:47 +0200)]
lib/krb5_wrap: provide KRB5KDC_ERR_KEY_EXPIRED error code matching MIT.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos4-kdc/db_glue: workaround different CLIENT_NAME_MISMATCH error codes.
Günther Deschner [Thu, 8 May 2014 12:42:20 +0000 (14:42 +0200)]
s4-kdc/db_glue: workaround different CLIENT_NAME_MISMATCH error codes.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agolibrpc/ndr_nbt: we need to keep a trailing '.' in the last component of an nbt_string
Stefan Metzmacher [Wed, 25 Mar 2015 15:04:06 +0000 (15:04 +0000)]
librpc/ndr_nbt: we need to keep a trailing '.' in the last component of an nbt_string

Windows uses a username of 'domain.example.com.' as username and we need to
return it that way in the NETLOGON_SAM_LOGON_RESPONSE_EX reply.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agolsa.idl: add LSA_POLICY_NOTIFICATION to LSA_POLICY_ALL_ACCESS
Stefan Metzmacher [Wed, 25 Mar 2015 19:15:42 +0000 (20:15 +0100)]
lsa.idl: add LSA_POLICY_NOTIFICATION to LSA_POLICY_ALL_ACCESS

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos4:selftest: run rpc.netlogon.admin against also ad_dc
Stefan Metzmacher [Mon, 23 Mar 2015 19:37:23 +0000 (20:37 +0100)]
s4:selftest: run rpc.netlogon.admin against also ad_dc

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agotorture: Run lsa.trusted.domains auth tests against samba4
Andrew Bartlett [Tue, 10 Mar 2015 03:23:40 +0000 (16:23 +1300)]
torture: Run lsa.trusted.domains auth tests against samba4

We only need to skip th CreateTrustedDomainEx, which the docs strongly suggested not to use
in any case.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agotorture-lsa: Allow rpc.lsa.trusted.domains to run successfully
Andrew Bartlett [Tue, 10 Mar 2015 03:04:30 +0000 (16:04 +1300)]
torture-lsa: Allow rpc.lsa.trusted.domains to run successfully

We need to create a new binding, as the old binding has the wrong pipe in it (lsa, not netlogon).

Otherwise, we try to bind using the LSA UUID on the netlogon pipe, and Samba rejects that

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos4:torture/rpc: use torture_skip() if torture:Forest_Trust_Dom2_Binding isn't specifi...
Stefan Metzmacher [Tue, 10 Mar 2015 09:14:29 +0000 (10:14 +0100)]
s4:torture/rpc: use torture_skip() if torture:Forest_Trust_Dom2_Binding isn't specified for rpc.lsa.forest.trust

We should exit 0 in this case, as it's not really an error.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos4:torture/rpc: test the old password in test_validate_trust() for rpc.lsa.forest...
Stefan Metzmacher [Tue, 10 Mar 2015 09:14:29 +0000 (10:14 +0100)]
s4:torture/rpc: test the old password in test_validate_trust() for rpc.lsa.forest.trust

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos4:torture/rpc: really use LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE in rpc.lsa.forest...
Stefan Metzmacher [Tue, 10 Mar 2015 09:14:29 +0000 (10:14 +0100)]
s4:torture/rpc: really use LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE in rpc.lsa.forest.trust

We really want to test forest trust and not external trusts here!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos4:torture/rpc: use torture_assert*() macros for rpc.lsa.forest.trust
Stefan Metzmacher [Tue, 10 Mar 2015 09:14:29 +0000 (10:14 +0100)]
s4:torture/rpc: use torture_assert*() macros for rpc.lsa.forest.trust

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos4:torture/rpc: fix test_EnumTrustDomEx() with existing domains
Stefan Metzmacher [Mon, 23 Mar 2015 23:16:29 +0000 (00:16 +0100)]
s4:torture/rpc: fix test_EnumTrustDomEx() with existing domains

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos4:rpc_server/lsa: correctly set *r->out.resume_handle with NT_STATUS_OK in lsa_EnumT...
Stefan Metzmacher [Tue, 24 Mar 2015 01:13:10 +0000 (02:13 +0100)]
s4:rpc_server/lsa: correctly set *r->out.resume_handle with NT_STATUS_OK in lsa_EnumTrustedDomainsEx()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos4:torture/rpc: use unique sids and names for trusted domains
Stefan Metzmacher [Mon, 23 Mar 2015 22:15:45 +0000 (23:15 +0100)]
s4:torture/rpc: use unique sids and names for trusted domains

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos4:torture/rpc: sync test_LogonControl2Ex with test_LogonControl2
Stefan Metzmacher [Mon, 23 Mar 2015 12:30:11 +0000 (13:30 +0100)]
s4:torture/rpc: sync test_LogonControl2Ex with test_LogonControl2

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos4:torture/rpc: let rpc.netlogon.admin pass against windows 2012r2
Stefan Metzmacher [Mon, 23 Mar 2015 15:01:31 +0000 (16:01 +0100)]
s4:torture/rpc: let rpc.netlogon.admin pass against windows 2012r2

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos3:rpc_server/netlogon: improve the netr_LogonControl*() error returns
Stefan Metzmacher [Tue, 24 Mar 2015 12:29:14 +0000 (13:29 +0100)]
s3:rpc_server/netlogon: improve the netr_LogonControl*() error returns

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos4:torture/rpc: let test_LogonControl() also accept WERR_NOT_SUPPORTED for NETLOGON_C...
Stefan Metzmacher [Mon, 23 Mar 2015 14:32:59 +0000 (15:32 +0100)]
s4:torture/rpc: let test_LogonControl() also accept WERR_NOT_SUPPORTED for NETLOGON_CONTROL_TRUNCATE_LOG

There's no reason to have this implemented in samba.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos4:torture/rpc: don't use the same names for 3 different tests
Stefan Metzmacher [Mon, 23 Mar 2015 15:02:19 +0000 (16:02 +0100)]
s4:torture/rpc: don't use the same names for 3 different tests

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agolibcli/util: let WERR_UNKNOWN_LEVEL be an alias to WERR_INVALID_LEVEL
Stefan Metzmacher [Mon, 23 Mar 2015 10:32:55 +0000 (11:32 +0100)]
libcli/util: let WERR_UNKNOWN_LEVEL be an alias to WERR_INVALID_LEVEL

WERR_INVALID_LEVEL is the documented name that should be printed
in logs.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agonsswitch: improve error messages in wbinfo calls
Stefan Metzmacher [Sat, 21 Mar 2015 16:31:30 +0000 (17:31 +0100)]
nsswitch: improve error messages in wbinfo calls

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agos4:heimdal_build: remove allow_warnings=True from HEIMDAL_ASN1()
Stefan Metzmacher [Sat, 21 Mar 2015 09:00:22 +0000 (10:00 +0100)]
s4:heimdal_build: remove allow_warnings=True from HEIMDAL_ASN1()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agoRename SMB2_OP_FIND to SMB2_OP_QUERY_DIRECTORY so that it conforms with the MS docume...
Richard Sharpe [Tue, 24 Mar 2015 14:16:26 +0000 (07:16 -0700)]
Rename SMB2_OP_FIND to SMB2_OP_QUERY_DIRECTORY so that it conforms with the MS document MS-SMB2.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 27 01:24:47 CET 2015 on sn-devel-104

5 years agoMove update-external.sh to third_party/
Jelmer Vernooij [Wed, 25 Mar 2015 11:13:42 +0000 (11:13 +0000)]
Move update-external.sh to third_party/

Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agoMerge update-waf.sh into update-external.sh
Jelmer Vernooij [Wed, 25 Mar 2015 11:13:41 +0000 (11:13 +0000)]
Merge update-waf.sh into update-external.sh

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agoMove waf into third_party/.
Jelmer Vernooij [Wed, 25 Mar 2015 11:13:40 +0000 (11:13 +0000)]
Move waf into third_party/.

Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agos3: libsmbclient: Add missing talloc stackframe.
Jeremy Allison [Thu, 26 Mar 2015 17:09:46 +0000 (10:09 -0700)]
s3: libsmbclient: Add missing talloc stackframe.

Bug 11177 - no talloc stackframe at ../source3/libsmb/clifsinfo.c:444, leaking memory

https://bugzilla.samba.org/show_bug.cgi?id=11177

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Mar 26 22:21:30 CET 2015 on sn-devel-104

5 years agodocs: fix duplicate word in explanation of parameter 'logging'.
Michael Adam [Thu, 26 Mar 2015 12:45:50 +0000 (13:45 +0100)]
docs: fix duplicate word in explanation of parameter 'logging'.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
5 years agolibnetapi: Fix 241166 Fixing logically dead code
Anoop C S [Thu, 26 Mar 2015 08:35:19 +0000 (14:05 +0530)]
libnetapi: Fix 241166 Fixing logically dead code

Signed-off-by: Anoop C S <achiraya@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Mar 26 17:30:27 CET 2015 on sn-devel-104

5 years agoregistry: Fix 1273042 Identical code for if/else branch
Anoop C S [Thu, 26 Mar 2015 12:36:44 +0000 (18:06 +0530)]
registry: Fix 1273042 Identical code for if/else branch

Signed-off-by: Anoop C S <achiraya@redhat.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
5 years agoctdb: Fix CID 1125615 Copy into fixed size buffer
Volker Lendecke [Thu, 26 Mar 2015 12:11:14 +0000 (13:11 +0100)]
ctdb: Fix CID 1125615 Copy into fixed size buffer

Might be a "can't happen", but strcpy always looks fishy

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agoctdb: Fix CID 1125634 Out-of-bounds write
Volker Lendecke [Thu, 26 Mar 2015 12:06:26 +0000 (13:06 +0100)]
ctdb: Fix CID 1125634 Out-of-bounds write

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agolib: Fix CID 1273009 Dereference after null check
Volker Lendecke [Thu, 26 Mar 2015 09:21:20 +0000 (10:21 +0100)]
lib: Fix CID 1273009 Dereference after null check

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agoloadparm: Fix CID 1273054 Improper use of negative value
Volker Lendecke [Thu, 26 Mar 2015 09:14:22 +0000 (10:14 +0100)]
loadparm: Fix CID 1273054 Improper use of negative value

Probably a "can't happen", but formally lpcfg_map_parameter can return -1

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agoreplace: clean-up strlcpy and add note on return value
David Disseldorp [Thu, 26 Mar 2015 11:21:44 +0000 (12:21 +0100)]
replace: clean-up strlcpy and add note on return value

The existing implementation uses single line ifs, making the code hard
to visually parse.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agovfs_fruit: enhance handling of malformed AppleDouble files
Ralph Boehme [Mon, 2 Mar 2015 17:15:06 +0000 (18:15 +0100)]
vfs_fruit: enhance handling of malformed AppleDouble files

Trying for fixup a broken AppleDouble file with a resourcefork entry
offset + length > filesystem resulted in a crashing memmove() in
ad_convert().

Add a specific safety check that stats the ._ file and limits the
resource fork length to the filesize.

While we're at it, now that we know the filesize in ad_unpack(), add
additional checks that verify this.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11125

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Mar 26 12:39:01 CET 2015 on sn-devel-104

5 years agolib: tdb: Use sigaction when testing for robust mutexes.
Jeremy Allison [Fri, 20 Mar 2015 17:59:08 +0000 (10:59 -0700)]
lib: tdb: Use sigaction when testing for robust mutexes.

Working fix that copes with oldact.sa_handler == NULL
if no handler initially set.

Fixes bug #11175 - Lots of winbindd zombie processes on Solaris platform.

https://bugzilla.samba.org/show_bug.cgi?id=11175

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Mar 26 04:29:42 CET 2015 on sn-devel-104

5 years agos3: client - "client use spnego principal = yes" code checks wrong name.
Jeremy Allison [Thu, 19 Mar 2015 20:10:33 +0000 (13:10 -0700)]
s3: client - "client use spnego principal = yes" code checks wrong name.

Bug 10888 - smbclient doesn't ignore "not_defined_in_RFC4178@please_ignore"

https://bugzilla.samba.org/show_bug.cgi?id=10888

Code patch from <martin.wilck@ts.fujitsu.com>

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan (metze) Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 26 00:56:25 CET 2015 on sn-devel-104

5 years agodocs: Mark 'client use spnego principal' as deprecated and also a bad idea.
Jeremy Allison [Thu, 19 Mar 2015 20:09:21 +0000 (13:09 -0700)]
docs: Mark 'client use spnego principal' as deprecated and also a bad idea.

Bug 10888 - smbclient doesn't ignore "not_defined_in_RFC4178@please_ignore"

https://bugzilla.samba.org/show_bug.cgi?id=10888

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan (metze) Metzmacher <metze@samba.org>
5 years agoAdd multiplex state to dcerpc flags and control over multiplex PFC flag in bind_ack...
Julien Kerihuel [Wed, 25 Mar 2015 04:06:03 +0000 (21:06 -0700)]
Add multiplex state to dcerpc flags and control over multiplex PFC flag in bind_ack and and dcesrv_alter replies

Signed-off-by: Julien Kerihuel <j.kerihuel@openchange.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
5 years agopidl/python: add prototypes into header section of generated c-files.
Günther Deschner [Wed, 25 Mar 2015 16:38:12 +0000 (17:38 +0100)]
pidl/python: add prototypes into header section of generated c-files.

This stops emmiting hundreds of warnings when compiling with
-Wmissing-prototypes.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Mar 25 20:45:01 CET 2015 on sn-devel-104

5 years agoRevert "lib: tdb: Use sigaction when testing for robust mutexes."
Andreas Schneider [Wed, 25 Mar 2015 10:39:54 +0000 (11:39 +0100)]
Revert "lib: tdb: Use sigaction when testing for robust mutexes."

This fails on Linux platforms with robust mutex support with the
following error:

tdb(/home/asn/workspace/projects/samba/git/st/nt4_dc/lockdir/gencache_notrans.tdb):
    tdb_mutex_open_ok[/home/asn/workspace/projects/samba/git/st/nt4_dc/lockdir/gencache_notrans.tdb]:
    Can use mutexes only with MUTEX_LOCKING or NOLOCK

We also see winbind is not able to start with this error message trying
to open the serverid.tdb.

This reverts commit d1914367289b58f26544ee6e116490d662d9c41c.

Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar 25 14:58:38 CET 2015 on sn-devel-104

5 years agolib/util: fix the default code path for debug_set_settings()
Stefan Metzmacher [Wed, 25 Mar 2015 10:56:57 +0000 (10:56 +0000)]
lib/util: fix the default code path for debug_set_settings()

logging_param is typically "" instead of NULL!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agoutil_tdb: mark tdb_pack() and friends as deprecated
David Disseldorp [Tue, 24 Mar 2015 15:11:05 +0000 (16:11 +0100)]
util_tdb: mark tdb_pack() and friends as deprecated

Following a discussion[1] with Volker, add a note to the tdb_unpack()
and tdb_pack[_append]() prototypes describing them as deprecated.

1. https://lists.samba.org/archive/samba-technical/2015-March/106548.html

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Mar 25 11:05:02 CET 2015 on sn-devel-104

5 years agolib: tdb: Use sigaction when testing for robust mutexes.
Jeremy Allison [Fri, 20 Mar 2015 17:59:08 +0000 (10:59 -0700)]
lib: tdb: Use sigaction when testing for robust mutexes.

Fixes bug #11175 - Lots of winbindd zombie processes on Solaris platform.

https://bugzilla.samba.org/show_bug.cgi?id=11175

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar 24 14:43:22 CET 2015 on sn-devel-104

5 years agoExplicitly include util/debug.h from server stubs generated by pidl.
Jelmer Vernooij [Sat, 21 Mar 2015 23:20:59 +0000 (00:20 +0100)]
Explicitly include util/debug.h from server stubs generated by pidl.

This is necessary since Server.pm generates calls to DEBUG().

Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 24 02:40:00 CET 2015 on sn-devel-104

5 years agolib: Remove unused [un]map_file
Volker Lendecke [Sun, 22 Mar 2015 08:50:25 +0000 (09:50 +0100)]
lib: Remove unused [un]map_file

Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
5 years agocodepages/*.dat are gone
Volker Lendecke [Sat, 21 Mar 2015 19:50:45 +0000 (20:50 +0100)]
codepages/*.dat are gone

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agosmbd: Convert valid.dat to C code
Volker Lendecke [Sat, 21 Mar 2015 19:46:11 +0000 (20:46 +0100)]
smbd: Convert valid.dat to C code

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agolib: load_case_tables() -> smb_init_locale()
Volker Lendecke [Sat, 21 Mar 2015 19:00:06 +0000 (20:00 +0100)]
lib: load_case_tables() -> smb_init_locale()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agolib: Remove load_case_tables_library()
Volker Lendecke [Sat, 21 Mar 2015 18:49:17 +0000 (19:49 +0100)]
lib: Remove load_case_tables_library()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agolib: Convert [up|low]case.dat to C
Volker Lendecke [Sat, 21 Mar 2015 12:22:34 +0000 (13:22 +0100)]
lib: Convert [up|low]case.dat to C

This creates a bit more source code, but it removes the requirement to
explicitly mmap the files

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>