kai/samba-autobuild/.git
2 years agoauth/credentials: try to use kerberos with the machine account unless we're in an...
Stefan Metzmacher [Fri, 24 Feb 2017 15:02:50 +0000 (16:02 +0100)]
auth/credentials: try to use kerberos with the machine account unless we're in an AD domain

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agos3:winbindd: try a NETLOGON connection with noauth over NCACN_NP against trusted...
Stefan Metzmacher [Fri, 24 Feb 2017 10:37:32 +0000 (10:37 +0000)]
s3:winbindd: try a NETLOGON connection with noauth over NCACN_NP against trusted domains.

We're using only NCACN_NP here as we rely on the smb signing restrictions
of cm_prepare_connection().

This should fix SMB authentication with a user of a domain
behind a transitive trust.

With this change winbindd is able to call
dcerpc_netr_DsrEnumerateDomainTrusts against the
dc of a trusted domain again. This only works
for two-way trusts.

The main problem is the usage of is_trusted_domain()
which doesn't know about the domain, if winbindd can't
enumerate the domains in the other forest.

is_trusted_domain() is used in make_user_info_map(),
which is called in auth3_check_password() before
auth_check_ntlm_password().

That means we're mapping the user of such a domain
to our own local sam, before calling our auth modules.

A much better fix, which removes the usage of is_trusted_domain()
in planed for master, but this should do the job for current releases.

We should avoid talking to DCs of other domains and always
go via our primary domain. As we should code with one-way trusts
also, we need to avoid relying on a complete list of
domains in future.

For now "wbinfo -m" lists domains behind a two-way transitive
trust again, but that is likely to change in future again!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2 years agoRevert "s3-winbind: Fix schannel connections against trusted domain DCs"
Stefan Metzmacher [Fri, 24 Feb 2017 12:19:59 +0000 (13:19 +0100)]
Revert "s3-winbind: Fix schannel connections against trusted domain DCs"

This reverts commit d2379caa77fe02264323d69fee1bcad33f1bfeee.

This change doesn't solve the real problem, it just
causes useless network traffic and the following error:

rpccli_setup_netlogon_creds failed for W2012R2-L6, unable to setup NETLOGON
credentials: NT_STATUS_NO_TRUST_SAM_ACCOUNT

While the old logic caused NT_STATUS_CANT_ACCESS_DOMAIN_INFO (without
network traffic) instead of the NT_STATUS_NO_TRUST_SAM_ACCOUNT.

A better fix will follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2 years agoctdb-takeover: Don't release IPs from nodes where they are not known
Martin Schwenke [Tue, 7 Feb 2017 04:30:08 +0000 (15:30 +1100)]
ctdb-takeover: Don't release IPs from nodes where they are not known

This avoids confusing log messages like:

  ctdbd[21635]: releaseip called for an ip '10.1.1.1' that is not a public address

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Feb 24 11:50:36 CET 2017 on sn-devel-144

2 years agoctdb-ipalloc: Add per-IP known_on bitmap
Martin Schwenke [Tue, 7 Feb 2017 04:23:36 +0000 (15:23 +1100)]
ctdb-ipalloc: Add per-IP known_on bitmap

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-takeover: Fetch public IP addresses from all connected nodes
Martin Schwenke [Tue, 7 Feb 2017 04:00:25 +0000 (15:00 +1100)]
ctdb-takeover: Fetch public IP addresses from all connected nodes

Redundant releases will be sent to all connected nodes anyway, so this
is no worse.  This will facilitate an improvement to avoid sending
releases to nodes with no known IPs.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-takeover: Assign banning credits on failure to fetch public IPs
Martin Schwenke [Mon, 6 Feb 2017 01:14:10 +0000 (12:14 +1100)]
ctdb-takeover: Assign banning credits on failure to fetch public IPs

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-takeover: Use takeover_failed() when fetching public IPs fails
Martin Schwenke [Fri, 3 Feb 2017 05:41:42 +0000 (16:41 +1100)]
ctdb-takeover: Use takeover_failed() when fetching public IPs fails

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-takeover: Generalise error handling for GET_PUBLIC_IPS
Martin Schwenke [Fri, 3 Feb 2017 05:36:04 +0000 (16:36 +1100)]
ctdb-takeover: Generalise error handling for GET_PUBLIC_IPS

As with other controls, processes the errors by hand instead of using
ctdb_client_control_multi_error().  This will make it easier to add
banning credits for failures.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-takeover: Only fetch available IPs from nodes with known IPs
Martin Schwenke [Fri, 3 Feb 2017 04:31:00 +0000 (15:31 +1100)]
ctdb-takeover: Only fetch available IPs from nodes with known IPs

A simple optimisation to avoid unnecessary communication.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-takeover: Add debug message confirming fetching of public IPs
Martin Schwenke [Fri, 3 Feb 2017 04:26:39 +0000 (15:26 +1100)]
ctdb-takeover: Add debug message confirming fetching of public IPs

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Populate per-node known IPs inline
Martin Schwenke [Fri, 3 Feb 2017 03:41:57 +0000 (14:41 +1100)]
ctdb-tests: Populate per-node known IPs inline

At the moment this is done as a post-processing step for any nodes
that have no known IPs.  However, this doesn't allow testing of
scenarios where there no known IPs on one or more nodes.

Add relevant tests.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-ipalloc: Switch noiphost to struct bitmap
Martin Schwenke [Fri, 3 Feb 2017 01:28:44 +0000 (12:28 +1100)]
ctdb-ipalloc: Switch noiphost to struct bitmap

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-ipalloc: Switch available_on to struct bitmap
Martin Schwenke [Fri, 2 Dec 2016 03:21:59 +0000 (14:21 +1100)]
ctdb-ipalloc: Switch available_on to struct bitmap

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agolib/util: Put bitmap.c into samba-util-core so it is available to CTDB
Martin Schwenke [Fri, 2 Dec 2016 03:21:09 +0000 (14:21 +1100)]
lib/util: Put bitmap.c into samba-util-core so it is available to CTDB

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-takeover: Short circuit if fetching IPs from no nodes
Martin Schwenke [Fri, 27 Jan 2017 03:43:34 +0000 (14:43 +1100)]
ctdb-takeover: Short circuit if fetching IPs from no nodes

The current code will fetch IP from all connected and all active
nodes, so this can't happen.  However, catch it anyway in case the
calling code changes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-takeover: Allocate IP list unconditionally in send function
Martin Schwenke [Thu, 23 Feb 2017 05:10:33 +0000 (16:10 +1100)]
ctdb-takeover: Allocate IP list unconditionally in send function

This simplifies error handling and make failures less likely after
send.

This also means that num_nodes is not required in the state.

Also quietly remove unused ev and client from state.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Add synchronisation points in reload IPs tests
Martin Schwenke [Wed, 15 Feb 2017 08:33:02 +0000 (19:33 +1100)]
ctdb-tests: Add synchronisation points in reload IPs tests

"ctdb reloadips" use of ipreallocate() can result in a spurious
takeover runs.  This can cause a subsequent "ctdb reloadips" to fail
to disable takeover runs (due to there being one already in progress).

There are various possible improvements but a proper fix probably
requires a protocol change.  That would mean receiving an ACK for a
takeover run request to indicate that the request will be processes
and then a broadcast to indicate a completed takeover run.

There are various other partial fixes (e.g. de-duping queued takeover
run requests against those in the in-progess queue) and workarounds
(e.g. always do a double ipreallocate() in the tool, which should
absorb the spurious takeover run).

However, this is unlikely to be a real-world problem.  Real use cases
should not involve repeatedly reloading the IP configuration.

Instead, work around the problem of flaky tests by manually adding
"ctdb sync" commands to cause extra no-op takeover runs.  These should
not add spurious takeover runs and will create synchronisation points
to help avoid the issue.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-doc: Update instructions in example NFS Ganesha call-out
Martin Schwenke [Wed, 22 Feb 2017 09:37:14 +0000 (20:37 +1100)]
ctdb-doc: Update instructions in example NFS Ganesha call-out

In particular, make them reflect the recent advice in ctdbd.conf(5)
about setting CTDB_NFS_CHECKS_DIR.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-doc: Fix monitoring bug in example NFS Ganesha call-out
Martin Schwenke [Wed, 22 Feb 2017 07:55:56 +0000 (18:55 +1100)]
ctdb-doc: Fix monitoring bug in example NFS Ganesha call-out

There is no "check" method.  This was an error in the original
example.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-doc: Fix shellcheck warning in example NFS ganesha call-out
Martin Schwenke [Wed, 22 Feb 2017 03:44:09 +0000 (14:44 +1100)]
ctdb-doc: Fix shellcheck warning in example NFS ganesha call-out

In ctdb/doc/examples/nfs-ganesha-callout line 216:
for node in `ls ${GANSTATEDIR}`; do
            ^-- SC2045: Iterating over ls output is fragile. Use globs.
            ^-- SC2006: Use $(..) instead of legacy `..`.
                ^-- SC2086: Double quote to prevent globbing and word splitting.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-doc: Make example NFS Ganesha call-out almost pass shellcheck
Martin Schwenke [Wed, 22 Feb 2017 03:38:45 +0000 (14:38 +1100)]
ctdb-doc: Make example NFS Ganesha call-out almost pass shellcheck

This call-out is referred to in the wiki as an example, so make it as
clean as possible.

All the changes here are trivial.  There is still one failure, which
is slightly non-trivial, so it can be fixed in a separate commit.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-doc: Whitespace fixes in example NFS ganesha callout
Martin Schwenke [Wed, 22 Feb 2017 03:25:55 +0000 (14:25 +1100)]
ctdb-doc: Whitespace fixes in example NFS ganesha callout

Fix some whitespace errors, reindent the whole script and wrap lines
where needed.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-utils: CID 1343331 Unchecked return value from library (CHECKED_RETURN)
Martin Schwenke [Thu, 23 Feb 2017 02:14:27 +0000 (13:14 +1100)]
ctdb-utils: CID 1343331 Unchecked return value from library (CHECKED_RETURN)

Explicitly ignore keyboard input in ping_pong.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-logging: CID 1396883 Dereference null return value (NULL_RETURNS)
Martin Schwenke [Thu, 23 Feb 2017 00:31:32 +0000 (11:31 +1100)]
ctdb-logging: CID 1396883 Dereference null return value (NULL_RETURNS)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

The fix in 08e03fa7f5fdc7f988fbbb26929e8c5727f36c2e is incomplete.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoldb/tools: only use LDB_FLG_SHOW_BINARY for 'ldbsearch'
Stefan Metzmacher [Thu, 19 Jan 2017 03:29:13 +0000 (04:29 +0100)]
ldb/tools: only use LDB_FLG_SHOW_BINARY for 'ldbsearch'

--show-binary is only useful for ldbseach in all other cases
it will destroy data.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 24 03:59:01 CET 2017 on sn-devel-144

2 years agos3:wscript_build: remove unused bld.RECURSE('lib/pthreadpool')
Stefan Metzmacher [Wed, 22 Feb 2017 06:26:33 +0000 (07:26 +0100)]
s3:wscript_build: remove unused bld.RECURSE('lib/pthreadpool')

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agodbchecker: Stop ignoring linked cases where both objects are alive
Garming Sam [Wed, 22 Feb 2017 02:42:46 +0000 (15:42 +1300)]
dbchecker: Stop ignoring linked cases where both objects are alive

Previously, this did nothing and the code was both untested and unused.

Removes the knownfail entry for dbcheck.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600

2 years agotests/dbcheck: Add a test for two live objects, with a dangling forward link
Garming Sam [Wed, 22 Feb 2017 04:43:21 +0000 (17:43 +1300)]
tests/dbcheck: Add a test for two live objects, with a dangling forward link

Handling backlinks appears to be rather non-deterministic, so the
forward link hangs off of the RODC replication group (which has no other
valid forward links). In other situations, it either won't delete the
memberOf, or the expected output order will vary.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600

2 years agotests/dbcheck: Add a test for two live objects, with a dangling backlink
Garming Sam [Wed, 22 Feb 2017 02:43:34 +0000 (15:43 +1300)]
tests/dbcheck: Add a test for two live objects, with a dangling backlink

Adds dbcheck 4.5.0pre1 to the knownfail, to be removed later.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600

2 years agos3:winbind: work around coverity false positive.
Jeremy Allison [Thu, 23 Feb 2017 17:41:03 +0000 (09:41 -0800)]
s3:winbind: work around coverity false positive.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 23 23:54:48 CET 2017 on sn-devel-144

2 years agoctdb: Fix posible NULL deref in logging_init()
Andreas Schneider [Thu, 16 Feb 2017 16:38:41 +0000 (17:38 +0100)]
ctdb: Fix posible NULL deref in logging_init()

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agobuild: Fix generation of CTDB manpages while creating tarball
Amitay Isaacs [Tue, 21 Feb 2017 11:33:48 +0000 (22:33 +1100)]
build: Fix generation of CTDB manpages while creating tarball

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12595

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Feb 23 19:25:11 CET 2017 on sn-devel-144

2 years agoctdb-build: Add make target for generating manpages
Amitay Isaacs [Tue, 21 Feb 2017 11:44:10 +0000 (22:44 +1100)]
ctdb-build: Add make target for generating manpages

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12595

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-build: Split dist() target to generate manpages separately
Amitay Isaacs [Tue, 21 Feb 2017 11:30:30 +0000 (22:30 +1100)]
ctdb-build: Split dist() target to generate manpages separately

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12595

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agorepl_meta_data: Clarify that replmd_private->la_list is only for DRS for replication
Andrew Bartlett [Wed, 22 Feb 2017 22:02:07 +0000 (11:02 +1300)]
repl_meta_data: Clarify that replmd_private->la_list is only for DRS for replication

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 23 15:30:35 CET 2017 on sn-devel-144

2 years agosamba-tool drs replicate: Add --single-object
Andrew Bartlett [Thu, 23 Feb 2017 00:00:19 +0000 (13:00 +1300)]
samba-tool drs replicate: Add --single-object

This may help when an object has been incorrectly locally removed from the NC
or there is an urgent need to replicate a specific object (say when full
replication is inoperable).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agopython: Move partial replication logic into drs_utils.py
Andrew Bartlett [Fri, 17 Feb 2017 05:22:19 +0000 (18:22 +1300)]
python: Move partial replication logic into drs_utils.py

This allows us to use this easily from join.py soon

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agopython: Move dnsserver helper functions into samba.dnsserver
Andrew Bartlett [Fri, 17 Feb 2017 05:21:33 +0000 (18:21 +1300)]
python: Move dnsserver helper functions into samba.dnsserver

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agocoverity: Add modeling file for Coverity scan
Andreas Schneider [Thu, 16 Feb 2017 16:31:20 +0000 (17:31 +0100)]
coverity: Add modeling file for Coverity scan

The modeling file has currently all macros for cmocka that Coverity
doesn't detect false positives. We could add torture assert macros if
needed too.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 23 07:11:18 CET 2017 on sn-devel-144

2 years agos3:librpc: Fix OM_uint32 comparsion in if-clause
Andreas Schneider [Fri, 17 Feb 2017 08:49:39 +0000 (09:49 +0100)]
s3:librpc: Fix OM_uint32 comparsion in if-clause

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3:librpc: Make sure kt_curser and kt_entry are initialized
Andreas Schneider [Thu, 16 Feb 2017 16:42:53 +0000 (17:42 +0100)]
s3:librpc: Make sure kt_curser and kt_entry are initialized

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agopam_winbind: Return if we do not have a domain
Andreas Schneider [Fri, 17 Feb 2017 10:53:52 +0000 (11:53 +0100)]
pam_winbind: Return if we do not have a domain

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3:lib: Do not segfault if username is NULL
Andreas Schneider [Fri, 17 Feb 2017 09:08:17 +0000 (10:08 +0100)]
s3:lib: Do not segfault if username is NULL

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3:torture: Fix uint64_t comparsion in if-clause
Andreas Schneider [Fri, 17 Feb 2017 08:45:33 +0000 (09:45 +0100)]
s3:torture: Fix uint64_t comparsion in if-clause

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4:torture: Make sure handles are initialized
Andreas Schneider [Thu, 16 Feb 2017 16:52:41 +0000 (17:52 +0100)]
s4:torture: Make sure handles are initialized

The CHECK_STATUS macro might goto done which checks the values of the
handle so they should be initialized in this case.

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agondrdump: Fix a possible NULL pointer dereference
Andreas Schneider [Thu, 16 Feb 2017 16:34:07 +0000 (17:34 +0100)]
ndrdump: Fix a possible NULL pointer dereference

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3-vfs: Do not deref a NULL pointer in shadow_copy2_snapshot_to_gmt()
Andreas Schneider [Thu, 16 Feb 2017 16:15:38 +0000 (17:15 +0100)]
s3-vfs: Do not deref a NULL pointer in shadow_copy2_snapshot_to_gmt()

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-kcc: Do not dereference a NULL pointer
Andreas Schneider [Thu, 16 Feb 2017 16:08:50 +0000 (17:08 +0100)]
s4-kcc: Do not dereference a NULL pointer

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4-torture: Use the correct variable type in torture_smb2_maxfid()
Andreas Schneider [Thu, 16 Feb 2017 16:07:54 +0000 (17:07 +0100)]
s4-torture: Use the correct variable type in torture_smb2_maxfid()

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowinbind: Use EnumDomainUsers in rpc_query_user_list
Volker Lendecke [Sat, 11 Feb 2017 08:34:17 +0000 (09:34 +0100)]
winbind: Use EnumDomainUsers in rpc_query_user_list

We changed the parent->child enumusers call so that we only return the
users' RIDs. QueryDisplayInfo tends to return a lot more info which we
throw away. This also aligns the code with the other rpc enumerating
functions.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Feb 23 03:17:41 CET 2017 on sn-devel-144

2 years agofix spelling of 'unchangeable'
Edward Betts [Thu, 26 Jan 2017 21:41:12 +0000 (21:41 +0000)]
fix spelling of 'unchangeable'

Signed-off-by: Edward Betts <edward@4angle.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Feb 22 12:21:51 CET 2017 on sn-devel-144

2 years agoCorrect "Openened" typos.
Chris Lamb [Fri, 17 Feb 2017 20:02:23 +0000 (09:02 +1300)]
Correct "Openened" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "allready" typos.
Chris Lamb [Fri, 17 Feb 2017 20:02:09 +0000 (09:02 +1300)]
Correct "allready" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "heirarchy" typos.
Chris Lamb [Fri, 17 Feb 2017 20:01:58 +0000 (09:01 +1300)]
Correct "heirarchy" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "incluing" typos.
Chris Lamb [Fri, 17 Feb 2017 20:01:50 +0000 (09:01 +1300)]
Correct "incluing" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "initialze" typos.
Chris Lamb [Fri, 17 Feb 2017 20:01:22 +0000 (09:01 +1300)]
Correct "initialze" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "succeded" typos.
Chris Lamb [Fri, 17 Feb 2017 20:01:10 +0000 (09:01 +1300)]
Correct "succeded" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "hexidecimal" typos.
Chris Lamb [Fri, 17 Feb 2017 20:00:52 +0000 (09:00 +1300)]
Correct "hexidecimal" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "updateing" typos.
Chris Lamb [Fri, 17 Feb 2017 20:00:39 +0000 (09:00 +1300)]
Correct "updateing" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "unavaible" typos.
Chris Lamb [Fri, 17 Feb 2017 20:00:31 +0000 (09:00 +1300)]
Correct "unavaible" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "allignment" typos.
Chris Lamb [Fri, 17 Feb 2017 20:00:26 +0000 (09:00 +1300)]
Correct "allignment" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "paramaters" typos.
Chris Lamb [Fri, 17 Feb 2017 20:00:21 +0000 (09:00 +1300)]
Correct "paramaters" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "explicity" typos.
Chris Lamb [Fri, 17 Feb 2017 20:00:16 +0000 (09:00 +1300)]
Correct "explicity" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "encyption" typos.
Chris Lamb [Fri, 17 Feb 2017 20:00:10 +0000 (09:00 +1300)]
Correct "encyption" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "relase" typos.
Chris Lamb [Fri, 17 Feb 2017 20:00:05 +0000 (09:00 +1300)]
Correct "relase" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "intialise" typos.
Chris Lamb [Fri, 17 Feb 2017 19:59:59 +0000 (08:59 +1300)]
Correct "intialise" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "cleint" typos.
Chris Lamb [Fri, 17 Feb 2017 19:59:54 +0000 (08:59 +1300)]
Correct "cleint" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "somthing" typos.
Chris Lamb [Fri, 17 Feb 2017 19:59:42 +0000 (08:59 +1300)]
Correct "somthing" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "defered" typos.
Chris Lamb [Fri, 17 Feb 2017 19:59:36 +0000 (08:59 +1300)]
Correct "defered" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "specifiy" typos.
Chris Lamb [Fri, 17 Feb 2017 19:59:19 +0000 (08:59 +1300)]
Correct "specifiy" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "notifiying" typos.
Chris Lamb [Fri, 17 Feb 2017 19:59:08 +0000 (08:59 +1300)]
Correct "notifiying" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "seperate" typos.
Chris Lamb [Fri, 17 Feb 2017 19:57:55 +0000 (08:57 +1300)]
Correct "seperate" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "follwing" typos.
Chris Lamb [Fri, 17 Feb 2017 19:56:47 +0000 (08:56 +1300)]
Correct "follwing" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "existence" typos.
Chris Lamb [Fri, 17 Feb 2017 19:56:18 +0000 (08:56 +1300)]
Correct "existence" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "formated" typos.
Chris Lamb [Fri, 17 Feb 2017 19:54:58 +0000 (08:54 +1300)]
Correct "formated" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "descriptior" typos.
Chris Lamb [Fri, 17 Feb 2017 19:54:26 +0000 (08:54 +1300)]
Correct "descriptior" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "perfom" typos.
Chris Lamb [Fri, 17 Feb 2017 19:53:39 +0000 (08:53 +1300)]
Correct "perfom" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "coult" typo.
Chris Lamb [Fri, 17 Feb 2017 19:52:38 +0000 (08:52 +1300)]
Correct "coult" typo.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "errror" typos.
Chris Lamb [Fri, 17 Feb 2017 19:52:09 +0000 (08:52 +1300)]
Correct "errror" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "successfuly" typos.
Chris Lamb [Fri, 17 Feb 2017 19:51:29 +0000 (08:51 +1300)]
Correct "successfuly" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "enought" typo.
Chris Lamb [Fri, 17 Feb 2017 19:50:45 +0000 (08:50 +1300)]
Correct "enought" typo.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "extention" typos.
Chris Lamb [Fri, 17 Feb 2017 19:50:20 +0000 (08:50 +1300)]
Correct "extention" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "Controler" typos.
Chris Lamb [Fri, 17 Feb 2017 19:49:06 +0000 (08:49 +1300)]
Correct "Controler" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "acheive" typos.
Chris Lamb [Fri, 17 Feb 2017 19:48:31 +0000 (08:48 +1300)]
Correct "acheive" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "paramter" typos.
Chris Lamb [Fri, 17 Feb 2017 19:47:55 +0000 (08:47 +1300)]
Correct "paramter" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "overriden" typos.
Chris Lamb [Fri, 17 Feb 2017 19:47:12 +0000 (08:47 +1300)]
Correct "overriden" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "occured" typos.
Chris Lamb [Fri, 17 Feb 2017 19:46:28 +0000 (08:46 +1300)]
Correct "occured" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "supressed" typo.
Chris Lamb [Fri, 17 Feb 2017 09:51:52 +0000 (22:51 +1300)]
Correct "supressed" typo.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "recived" typo.
Chris Lamb [Fri, 17 Feb 2017 09:50:54 +0000 (22:50 +1300)]
Correct "recived" typo.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "progess" typo.
Chris Lamb [Fri, 17 Feb 2017 09:50:24 +0000 (22:50 +1300)]
Correct "progess" typo.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "emty" typo.
Chris Lamb [Fri, 17 Feb 2017 09:49:57 +0000 (22:49 +1300)]
Correct "emty" typo.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoCorrect "doesnt" typos.
Chris Lamb [Fri, 17 Feb 2017 09:49:29 +0000 (22:49 +1300)]
Correct "doesnt" typos.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agovfs_streams_xattr: use fsp, not base_fsp
Ralph Boehme [Fri, 17 Feb 2017 07:10:53 +0000 (08:10 +0100)]
vfs_streams_xattr: use fsp, not base_fsp

The base_fsp's fd is always -1 as it's closed after being openend in
create_file_unixpath().

Additionally in streams_xattr_open force using of SMB_VFS_FSETXATTR() by
sticking the just created fd into the fsp (and removing it afterwards).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12591

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 22 08:25:46 CET 2017 on sn-devel-144

2 years agoldbedit: Prevent the use of the reveal internals control
Garming Sam [Sun, 29 Jan 2017 22:08:07 +0000 (11:08 +1300)]
ldbedit: Prevent the use of the reveal internals control

This is almost certainly not what you want to do. Providing the output of reveal as the input of modify
will necessarily revivify all dead linked attributes (regardless of --extended-dn or not).

This is extremely unexpected behaviour, so we prevent this from happening.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12596

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Feb 22 04:23:05 CET 2017 on sn-devel-144

2 years agotalloc: fix TALLOC_VERSION_* mismatch detection
Stefan Metzmacher [Tue, 14 Feb 2017 11:33:32 +0000 (12:33 +0100)]
talloc: fix TALLOC_VERSION_* mismatch detection

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 22 00:14:34 CET 2017 on sn-devel-144

2 years agoscript/autobuild.py: ignore missing test_tmpdir
Stefan Metzmacher [Tue, 21 Feb 2017 16:05:08 +0000 (17:05 +0100)]
script/autobuild.py: ignore missing test_tmpdir

It is still unknown what removes it...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agokrb5_wrap: use our own code to calculate the ENCTYPE_ARCFOUR_HMAC key
Stefan Metzmacher [Tue, 21 Feb 2017 11:15:07 +0000 (12:15 +0100)]
krb5_wrap: use our own code to calculate the ENCTYPE_ARCFOUR_HMAC key

Our own convert_string_talloc() function handles a wider range
of unicode code points than the MIT krb5 or heimdal code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Feb 21 20:08:16 CET 2017 on sn-devel-144

2 years agos4:scripting: use generate_random_machine_password() for machine passwords
Stefan Metzmacher [Mon, 13 Feb 2017 18:37:09 +0000 (19:37 +0100)]
s4:scripting: use generate_random_machine_password() for machine passwords

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agosamba-tool:provision: use generate_random_machine_password() for machine passwords
Stefan Metzmacher [Tue, 23 Aug 2016 10:40:24 +0000 (12:40 +0200)]
samba-tool:provision: use generate_random_machine_password() for machine passwords

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>