kai/samba.git
7 years agoexamples: Remove security=share and security=server from example smb.conf
Andrew Bartlett [Mon, 27 Aug 2012 05:22:45 +0000 (15:22 +1000)]
examples: Remove security=share and security=server from example smb.conf

7 years agos3-param: Avoid assert on use of talloc_tos() without stackframe
Andrew Bartlett [Mon, 27 Aug 2012 21:46:49 +0000 (07:46 +1000)]
s3-param: Avoid assert on use of talloc_tos() without stackframe

This is hit during samba-tool domain classicupgrade

Andrew Bartlett

7 years agos4-torture: Test for #9058
Volker Lendecke [Sun, 26 Aug 2012 19:22:02 +0000 (21:22 +0200)]
s4-torture: Test for #9058

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Aug 27 17:43:09 CEST 2012 on sn-devel-104

7 years agos4:winbind: let wb_update_rodc_dns_send/recv use netlogon_queue (bug #9097)
Stefan Metzmacher [Fri, 24 Aug 2012 15:42:18 +0000 (17:42 +0200)]
s4:winbind: let wb_update_rodc_dns_send/recv use netlogon_queue (bug #9097)

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Aug 25 05:06:18 CEST 2012 on sn-devel-104

7 years agos4:winbind: let wb_sam_logon_send/recv() use the netlogon_queue (bug #9097)
Stefan Metzmacher [Fri, 24 Aug 2012 11:40:13 +0000 (13:40 +0200)]
s4:winbind: let wb_sam_logon_send/recv() use the netlogon_queue (bug #9097)

metze

7 years agos4:winbind: add a netlogon_queue (tevent_queue)
Stefan Metzmacher [Fri, 24 Aug 2012 11:39:14 +0000 (13:39 +0200)]
s4:winbind: add a netlogon_queue (tevent_queue)

This will protect the netlogon_creds later.

metze

7 years agos4:winbind: convert wb_update_rodc_dns_send/recv to tevent_req
Stefan Metzmacher [Fri, 24 Aug 2012 15:39:58 +0000 (17:39 +0200)]
s4:winbind: convert wb_update_rodc_dns_send/recv to tevent_req

metze

7 years agos4:winbind: convert wb_sam_logon_send/recv to tevent_req
Stefan Metzmacher [Fri, 24 Aug 2012 11:15:42 +0000 (13:15 +0200)]
s4:winbind: convert wb_sam_logon_send/recv to tevent_req

metze

7 years agos4:winbind: convert wb_sid2domain to tevent_req internally
Stefan Metzmacher [Thu, 23 Aug 2012 11:14:17 +0000 (13:14 +0200)]
s4:winbind: convert wb_sid2domain to tevent_req internally

The public wrapper still uses composite_context, because I don't
have time to fix all the callers...

metze

7 years agos4:librpc/rpc: don't do async requests if gensec doesn't support async replies (bug...
Stefan Metzmacher [Fri, 24 Aug 2012 06:29:21 +0000 (08:29 +0200)]
s4:librpc/rpc: don't do async requests if gensec doesn't support async replies (bug #9097)

metze

7 years agos4:librpc/rpc: also call dcerpc_schedule_io_trigger() after bind and alter_context...
Stefan Metzmacher [Fri, 24 Aug 2012 06:27:47 +0000 (08:27 +0200)]
s4:librpc/rpc: also call dcerpc_schedule_io_trigger() after bind and alter_context responses

metze

7 years agos4:librpc/rpc: use dcerpc_req_dequeue() in dcerpc_request_recv_data()
Stefan Metzmacher [Fri, 24 Aug 2012 06:26:53 +0000 (08:26 +0200)]
s4:librpc/rpc: use dcerpc_req_dequeue() in dcerpc_request_recv_data()

metze

7 years agos4:librpc/rpc: use talloc_zero for 'struct rpc_request'
Stefan Metzmacher [Fri, 24 Aug 2012 11:17:23 +0000 (13:17 +0200)]
s4:librpc/rpc: use talloc_zero for 'struct rpc_request'

metze

7 years agolibcli/smb: split out a smb_transport private library
Stefan Metzmacher [Fri, 10 Aug 2012 10:34:59 +0000 (12:34 +0200)]
libcli/smb: split out a smb_transport private library

metze

7 years agolibcli/smb: wscript_build => wscript
Stefan Metzmacher [Fri, 10 Aug 2012 10:38:41 +0000 (12:38 +0200)]
libcli/smb: wscript_build => wscript

We'll need some configure checks in future.

metze

7 years agoRemove useless bool "upper_case_domain" parameter from ntv2_owf_gen().
Jeremy Allison [Thu, 23 Aug 2012 23:02:09 +0000 (16:02 -0700)]
Remove useless bool "upper_case_domain" parameter from ntv2_owf_gen().

The code in SMBNTLMv2encrypt_hash() should not be requesting case
changes on the domain name.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 24 21:39:42 CEST 2012 on sn-devel-104

7 years agoRemove useless bool "upper_case_domain" parameter.
Jeremy Allison [Thu, 23 Aug 2012 22:59:54 +0000 (15:59 -0700)]
Remove useless bool "upper_case_domain" parameter.

7 years agoMove uppercasing the domain out of smb_pwd_check_ntlmv2()
Jeremy Allison [Thu, 23 Aug 2012 22:46:16 +0000 (15:46 -0700)]
Move uppercasing the domain out of smb_pwd_check_ntlmv2()

Allows us to remove a silly bool parameter.

Based on work done by "Blohm, Guntram (I/FP-37, extern)" <extern.guntram.blohm@audi.de>.

7 years agos3:lib: make sure we don't try to send messages to server_id's marked as disconnected
Stefan Metzmacher [Tue, 21 Aug 2012 12:14:40 +0000 (14:14 +0200)]
s3:lib: make sure we don't try to send messages to server_id's marked as disconnected

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 24 15:54:48 CEST 2012 on sn-devel-104

7 years agos3:lib: remove unused processes_exist()
Stefan Metzmacher [Wed, 22 Aug 2012 11:30:22 +0000 (13:30 +0200)]
s3:lib: remove unused processes_exist()

metze

7 years agos3:lib: readd the CTDB_CONTROL_CHECK_SRVIDS optimization to serverids_exist()
Stefan Metzmacher [Fri, 24 Aug 2012 07:05:06 +0000 (09:05 +0200)]
s3:lib: readd the CTDB_CONTROL_CHECK_SRVIDS optimization to serverids_exist()

metze

7 years agos3:lib: only loop over the server_ids we need to verify in serverids_exist()
Stefan Metzmacher [Thu, 23 Aug 2012 07:03:36 +0000 (09:03 +0200)]
s3:lib: only loop over the server_ids we need to verify in serverids_exist()

metze

7 years agos3:lib: use server_id_is_disconnected() in serverids_exist()
Stefan Metzmacher [Wed, 22 Aug 2012 15:52:56 +0000 (17:52 +0200)]
s3:lib: use server_id_is_disconnected() in serverids_exist()

metze

7 years agos3:lib: inline processes_exist() into serverids_exist()
Stefan Metzmacher [Wed, 22 Aug 2012 11:28:49 +0000 (13:28 +0200)]
s3:lib: inline processes_exist() into serverids_exist()

metze

7 years agos3:lib: SERVERID_UNIQUE_ID_NOT_TO_VERIFY only means not to verify the 'unique_id...
Stefan Metzmacher [Tue, 21 Aug 2012 10:57:28 +0000 (12:57 +0200)]
s3:lib: SERVERID_UNIQUE_ID_NOT_TO_VERIFY only means not to verify the 'unique_id' part

It doesn't mean the the server_id is always valid.

metze

7 years agolib/util: don't SMB_ASSERT() in process_exists_by_pid()
Stefan Metzmacher [Wed, 22 Aug 2012 15:52:01 +0000 (17:52 +0200)]
lib/util: don't SMB_ASSERT() in process_exists_by_pid()

Just return false...

metze

7 years agos3:lib: implement process_exists() as wrapper of serverid_exists()
Stefan Metzmacher [Wed, 22 Aug 2012 10:36:22 +0000 (12:36 +0200)]
s3:lib: implement process_exists() as wrapper of serverid_exists()

The changes the behavior of process_exists() it checks the pid.unique_id
now, if it's not SERVERID_UNIQUE_ID_NOT_TO_VERIFY.

metze

7 years agos3:g_lock: use serverid_exists() with SERVERID_UNIQUE_ID_NOT_TO_VERIFY
Stefan Metzmacher [Wed, 22 Aug 2012 10:35:29 +0000 (12:35 +0200)]
s3:g_lock: use serverid_exists() with SERVERID_UNIQUE_ID_NOT_TO_VERIFY

metze

7 years agos3:lib: implement serverid_exists() as wrapper of serverids_exist()
Stefan Metzmacher [Wed, 22 Aug 2012 10:07:02 +0000 (12:07 +0200)]
s3:lib: implement serverid_exists() as wrapper of serverids_exist()

metze

7 years agos3:lib: remove CTDB_CONTROL_CHECK_SRVIDS optimization in serverids_exist() for now
Stefan Metzmacher [Wed, 22 Aug 2012 10:02:43 +0000 (12:02 +0200)]
s3:lib: remove CTDB_CONTROL_CHECK_SRVIDS optimization in serverids_exist() for now

This will be readded...

metze

7 years agolib/param: fix usage of 'write list = +Group'
Stefan Metzmacher [Thu, 23 Aug 2012 13:32:05 +0000 (15:32 +0200)]
lib/param: fix usage of 'write list = +Group'

metze

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 24 11:28:17 CEST 2012 on sn-devel-104

7 years agos3: fix compile warning on openindiana
Björn Jacke [Thu, 23 Aug 2012 13:57:47 +0000 (15:57 +0200)]
s3: fix compile warning on openindiana

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Thu Aug 23 18:22:13 CEST 2012 on sn-devel-104

7 years agocrypto/aes_ccm_128: fix compile warning on openindiana
Björn Jacke [Thu, 23 Aug 2012 13:56:57 +0000 (15:56 +0200)]
crypto/aes_ccm_128: fix compile warning on openindiana

7 years agos3/registry: fix compile warning on openindiana
Björn Jacke [Thu, 23 Aug 2012 13:55:40 +0000 (15:55 +0200)]
s3/registry: fix compile warning on openindiana

7 years agos4-selftest: Always set vfs objects in selftest smb.conf
Andrew Bartlett [Thu, 23 Aug 2012 10:13:45 +0000 (20:13 +1000)]
s4-selftest: Always set vfs objects in selftest smb.conf

This sets it for all enviornments, as it is harmless if ntvfs is used
and critical if the provision script runs in s3fs mode.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 23 16:42:41 CEST 2012 on sn-devel-104

7 years agos4-selftest: Add test for samba-tool ntacl sysvolcheck
Andrew Bartlett [Thu, 23 Aug 2012 00:38:06 +0000 (10:38 +1000)]
s4-selftest: Add test for samba-tool ntacl sysvolcheck

7 years agos4-samba-tool: Add samba-tool ntacl sysvolcheck command
Andrew Bartlett [Thu, 23 Aug 2012 00:37:46 +0000 (10:37 +1000)]
s4-samba-tool: Add samba-tool ntacl sysvolcheck command

This command verifies that the current on-disk ACLs match the directory and
the defaults from provision.

Unlike sysvolreset, this does not change any of the permissions.

Andrew Bartlett

7 years agos3-smbd: Add security_info_wanted argument to get_nt_acl_no_snum
Andrew Bartlett [Wed, 22 Aug 2012 23:45:07 +0000 (09:45 +1000)]
s3-smbd: Add security_info_wanted argument to get_nt_acl_no_snum

I need to get at the owner, group, DACL and SACL when testing correct
ACL storage.

Andrew Bartlett

7 years agos3-pysmbd: Fix return type of smbd.get_nt_acl
Andrew Bartlett [Wed, 22 Aug 2012 23:39:32 +0000 (09:39 +1000)]
s3-pysmbd: Fix return type of smbd.get_nt_acl

The security_ prefix is stripped off in the python bindings.

Andrew Bartlett

7 years agos3-smbd: Add talloc_stackframe() to get_nt_acl_no_snum()
Andrew Bartlett [Wed, 22 Aug 2012 23:38:54 +0000 (09:38 +1000)]
s3-smbd: Add talloc_stackframe() to get_nt_acl_no_snum()

This is required because the functions it calls use talloc_tos().

Andrew Bartlett

7 years agos4-selftest: Add testing of samba-tool ntacl sysvolreset
Andrew Bartlett [Wed, 22 Aug 2012 11:19:41 +0000 (21:19 +1000)]
s4-selftest: Add testing of samba-tool ntacl sysvolreset

7 years agoparam: Add startup checks for valid server role/binary combinations
Andrew Bartlett [Wed, 22 Aug 2012 11:01:16 +0000 (21:01 +1000)]
param: Add startup checks for valid server role/binary combinations

This should eliminate confusion from our users about what they can
expect to successfully run.

Andrew Bartlett

7 years agos3-pysmbd: Fix error message
Andrew Bartlett [Wed, 22 Aug 2012 11:00:17 +0000 (21:00 +1000)]
s3-pysmbd: Fix error message

7 years agos4-provision: Fix internal documentation
Andrew Bartlett [Wed, 22 Aug 2012 08:35:52 +0000 (18:35 +1000)]
s4-provision: Fix internal documentation

7 years agos3-pysmbd: Allow a mode to be specified for the simple ACL
Andrew Bartlett [Wed, 22 Aug 2012 08:35:01 +0000 (18:35 +1000)]
s3-pysmbd: Allow a mode to be specified for the simple ACL

The additional group for the ACL is now optional.

Andrew Bartlett

7 years agos4-samba-tool: Add 'samba-tool ntacl sysvolreset' tool
Andrew Bartlett [Wed, 22 Aug 2012 08:32:18 +0000 (18:32 +1000)]
s4-samba-tool: Add 'samba-tool ntacl sysvolreset' tool

This will reset the NT ACL on the sysvol share to the default from
provision, with GPO objects matching the LDAP ACL (as required).

Andrew Bartlett

7 years agoselftest: Add a test of the NT ACL -> posix ACL mapping layer to selftest
Andrew Bartlett [Thu, 23 Aug 2012 05:52:04 +0000 (15:52 +1000)]
selftest: Add a test of the NT ACL -> posix ACL mapping layer to selftest

7 years agoselftest: Cope with the multiple possible representations of -1 in posixacl.py
Andrew Bartlett [Thu, 23 Aug 2012 05:50:20 +0000 (15:50 +1000)]
selftest: Cope with the multiple possible representations of -1 in posixacl.py

7 years agoselftest: Extend posixacl test to check the actual ACL
Andrew Bartlett [Tue, 21 Aug 2012 13:21:58 +0000 (23:21 +1000)]
selftest: Extend posixacl test to check the actual ACL

Needing to be able to write this test is the primary reason I have
been reworking the VFS and posix ACL layer over the past few weeks.
By exposing the POSIX ACL as a IDL object we can eaisly manipulate it
in python, and then verify that the ACL was handled correctly.

This ensures the when we write an ACL in provision, that it will
indeed allow that access at the FS layer.

We need to extend this beyond just the critical two ACLs set during
provision, to also include some special (hard) cases involving the
merging of ACE entries, as this is the most delicate part of the ACL
transfomation.

A similar test should also be written to read the posix ACL and the
mapped NT ACL on a file that has never had an NT ACL set.

Andrew Bartlett

7 years agoselftest: Add a test of the NT ACL -> posix ACL mapping layer
Andrew Bartlett [Tue, 21 Aug 2012 12:42:54 +0000 (22:42 +1000)]
selftest: Add a test of the NT ACL -> posix ACL mapping layer

This is the start of what will be a series of tests confirming exactly how
some NT ACLs are mapped to posix ACLs.

Andrew Bartlett

7 years agos4-scripting: Redefine getntacl() as accessing via the smbd VFS or directly
Andrew Bartlett [Tue, 7 Aug 2012 06:54:28 +0000 (16:54 +1000)]
s4-scripting: Redefine getntacl() as accessing via the smbd VFS or directly

This allows us to write tests that compare the smbd vfs with what is
in the DB or xattr.

Andrew Bartlett

7 years agos4-provision: set POSIX ACLs to for use with the smbd file server (s3fs)
Andrew Bartlett [Thu, 2 Aug 2012 06:15:27 +0000 (16:15 +1000)]
s4-provision: set POSIX ACLs to for use with the smbd file server (s3fs)

This handles the fact that smbd will rarely override the POSIX ACL enforced by
the kernel.  This has caused issues with the creation of group policies by
other members of the Domain Admins group.

Andrew Bartlett

7 years agofile_server: Move default VFS module settings to loadparm.c
Andrew Bartlett [Wed, 22 Aug 2012 13:34:24 +0000 (23:34 +1000)]
file_server: Move default VFS module settings to loadparm.c

This means that any utility that calls into the VFS layer will get the
right modules.

Because we use the fake_acls backend we need to override this whole
list in Samba4.pm however.

Andrew Bartlett

7 years agos4-dsdb: Remove unused variables
Andrew Bartlett [Wed, 22 Aug 2012 12:13:25 +0000 (22:13 +1000)]
s4-dsdb: Remove unused variables

7 years agos4-dsdb: Do not use a possibly-old loadparm context in schema reload
Andrew Bartlett [Wed, 22 Aug 2012 12:08:36 +0000 (22:08 +1000)]
s4-dsdb: Do not use a possibly-old loadparm context in schema reload

The loadparm context on the schema DB might have gone away already.
Pre-cache the schema refresh interval at load time to avoid worrying
about this.

Andrew Bartlett

7 years agos4-upgradeprovision: Use ntvfs in reference provision
Andrew Bartlett [Thu, 23 Aug 2012 07:27:50 +0000 (17:27 +1000)]
s4-upgradeprovision: Use ntvfs in reference provision

We do not need filesystem ACLs set when creating the reference provision, so it is
easier to use the NTVFS backend as it does not cause trouble with make test.

Andrew Bartlett

7 years agoselftest: Set --use-ntvfs for rodc, vampire_dc, promoted_vampire_dc and subdom_dc
Andrew Bartlett [Thu, 23 Aug 2012 10:17:57 +0000 (20:17 +1000)]
selftest: Set --use-ntvfs for rodc, vampire_dc, promoted_vampire_dc and subdom_dc

7 years agoselftest: Specify --use-ntvfs when testing the group code
Andrew Bartlett [Thu, 23 Aug 2012 11:09:39 +0000 (21:09 +1000)]
selftest: Specify --use-ntvfs when testing the group code

We do not need to set filesystem ACLs in this case.

Andrew Bartlett

7 years agoselftest: Specify --use-ntvfs when testing the newuser code
Andrew Bartlett [Thu, 23 Aug 2012 09:35:41 +0000 (19:35 +1000)]
selftest: Specify --use-ntvfs when testing the newuser code

We do not need to set filesystem ACLs in this case.

Andrew Bartlett

7 years agoselftest: Specify --use-ntvfs when testing the LDAP backend init code
Andrew Bartlett [Thu, 23 Aug 2012 08:03:45 +0000 (18:03 +1000)]
selftest: Specify --use-ntvfs when testing the LDAP backend init code

We do not need to set filesystem ACLs in this case.

Andrew Bartlett

7 years agoselftest: Specify --use-ntvfs for the chdcpass environment
Andrew Bartlett [Thu, 23 Aug 2012 03:27:35 +0000 (13:27 +1000)]
selftest: Specify --use-ntvfs for the chdcpass environment

7 years agos3:smb2_break: encrypt OPLOCK BREAK notifications
Stefan Metzmacher [Wed, 22 Aug 2012 08:33:07 +0000 (10:33 +0200)]
s3:smb2_break: encrypt OPLOCK BREAK notifications

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug 23 10:01:14 CEST 2012 on sn-devel-104

7 years agos3:smb2_server: use smbXsrv_session->nonce_*
Stefan Metzmacher [Wed, 22 Aug 2012 08:30:52 +0000 (10:30 +0200)]
s3:smb2_server: use smbXsrv_session->nonce_*

metze

7 years agosmbXsrv.idl: add nonce_* to smbsrv_session
Stefan Metzmacher [Wed, 22 Aug 2012 08:29:21 +0000 (10:29 +0200)]
smbXsrv.idl: add nonce_* to smbsrv_session

metze

7 years agos3:smb2_server: remove dump_data() from smbd_smb2_request_pending_timer()
Stefan Metzmacher [Wed, 22 Aug 2012 08:32:09 +0000 (10:32 +0200)]
s3:smb2_server: remove dump_data() from smbd_smb2_request_pending_timer()

This was just for debugging...

metze

7 years agoExtending space for fqdn in wbinfo --trusted-domains in verbose mode
Daniel Liberman [Tue, 24 Jul 2012 12:29:35 +0000 (09:29 -0300)]
Extending space for fqdn in wbinfo --trusted-domains in verbose mode

Microsoft documentation states that maximum fqdn length is 64 characters, so extending DNS Domain column to 65 characters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 23 03:49:00 CEST 2012 on sn-devel-104

7 years agoRemove align_string(). No longer used.
Jeremy Allison [Tue, 21 Aug 2012 22:48:38 +0000 (15:48 -0700)]
Remove align_string(). No longer used.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 22 20:38:50 CEST 2012 on sn-devel-104

7 years agoFix bug in SMB_FIND_INFO_STANDARD parsing found by Volker.
Jeremy Allison [Tue, 21 Aug 2012 22:46:54 +0000 (15:46 -0700)]
Fix bug in SMB_FIND_INFO_STANDARD parsing found by Volker.

The function align_string() is now broken as base_ptr no longer
points at the start of the SMB data packet, but
at the start of the returned TRANS2 data area.

Replace it with a check for FLAGS2_UNICODE_STRINGS and
a call to ucs2_align().

7 years agos4-python: Complete python bindings for idmap.idl
Andrew Bartlett [Tue, 21 Aug 2012 13:21:41 +0000 (23:21 +1000)]
s4-python: Complete python bindings for idmap.idl

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 22 03:08:51 CEST 2012 on sn-devel-104

7 years agos3-pysmbd: Correct the python type for smb_acl_t
Andrew Bartlett [Tue, 21 Aug 2012 12:41:13 +0000 (22:41 +1000)]
s3-pysmbd: Correct the python type for smb_acl_t

The t is weird, but the python bindings trim the traditional IDL name
prefix of each element, as it is usually rudundent.

Andrew Bartlett

7 years agos4-python: complete python bindigns for smb_acls.idl
Andrew Bartlett [Tue, 21 Aug 2012 12:40:12 +0000 (22:40 +1000)]
s4-python: complete python bindigns for smb_acls.idl

7 years agos3-vfs: Remove extra calls to SMB_VFS_HANDLE_GET_DATA
Andrew Bartlett [Tue, 21 Aug 2012 11:22:31 +0000 (21:22 +1000)]
s3-vfs: Remove extra calls to SMB_VFS_HANDLE_GET_DATA

Found by the talloc_stackframe() out of order checker!

Andrew Bartlett

7 years agoselftest: Pass --use-ntvfs to provison in renamedc test
Andrew Bartlett [Tue, 21 Aug 2012 21:25:59 +0000 (07:25 +1000)]
selftest: Pass --use-ntvfs to provison in renamedc test

Also fix test prefix to match the test

Andrew Bartlett

7 years agoselftest: Specify --use-ntvfs to provision in test scripts
Andrew Bartlett [Tue, 21 Aug 2012 10:04:16 +0000 (20:04 +1000)]
selftest: Specify --use-ntvfs to provision in test scripts

Because these run as non-root, we need to avoid doing things that will
fail during the provision.  The main test of the s3fs provision is the
plugin_s4_dc environment with a smb.conf that specifies vfs_fake_acls.

Andrew Bartlett

7 years agos4-classicupgrade: Add --use-ntvfs option
Andrew Bartlett [Tue, 21 Aug 2012 20:58:19 +0000 (06:58 +1000)]
s4-classicupgrade: Add --use-ntvfs option

This is an odd option, but is needed because I wish to add assertions about
ACL setting that will not work in make test without the vfs_fake_acls module
loaded.

Andrew Bartlett

7 years agos4-provision: pass use_ntvfs from C wrappers and set to true in tests/vampire
Andrew Bartlett [Tue, 21 Aug 2012 09:58:18 +0000 (19:58 +1000)]
s4-provision: pass use_ntvfs from C wrappers and set to true in tests/vampire

None of these cases need the complexity of the s3fs backend.

Andrew Bartlett

7 years agos4:samldb LDB module - remove unused "member" attribute from search filter
Matthias Dieter Wallnöfer [Fri, 11 May 2012 09:53:46 +0000 (11:53 +0200)]
s4:samldb LDB module - remove unused "member" attribute from search filter

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
7 years agoLDB:ldb_tdb.c - deny multi-valued attributes manipulation with doublets
Matthias Dieter Wallnöfer [Thu, 10 May 2012 14:18:37 +0000 (16:18 +0200)]
LDB:ldb_tdb.c - deny multi-valued attributes manipulation with doublets

This refers to LDB add operations as well, we have only to be careful on
"@ATTRIBUTES" entries.

E.g.

dn: cn=testperson,cn=users,dc=...,dc=...
objectClass: person
url: www.example.com
url: www.example.com

should not work.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
7 years agoLDB:ldbsearch - add search filter tests
Matthias Dieter Wallnöfer [Thu, 10 May 2012 08:11:51 +0000 (10:11 +0200)]
LDB:ldbsearch - add search filter tests

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
7 years agoLDB:ldbsearch - search filters do not only contain "="
Matthias Dieter Wallnöfer [Fri, 4 May 2012 09:59:22 +0000 (11:59 +0200)]
LDB:ldbsearch - search filters do not only contain "="

Also "<=", ">=", "~"... are allowed as well. Enumeration taken from
ldb_parse_filtertype().
This was the cause of not identifying the search filter as described in bug
https://bugzilla.samba.org/show_bug.cgi?id=8647.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
7 years agos4:dsdb - always fail if a search filter could not be parsed
Matthias Dieter Wallnöfer [Fri, 4 May 2012 09:42:14 +0000 (11:42 +0200)]
s4:dsdb - always fail if a search filter could not be parsed

A NULL string/expression returns the generic "(objectClass=*)" filter

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
7 years agoLDB:ldif_handlers.c - LDB_OP_GREATER/LDB_OP_LESS are thought as ">=" or "<="
Matthias Dieter Wallnöfer [Fri, 4 May 2012 09:41:03 +0000 (11:41 +0200)]
LDB:ldif_handlers.c - LDB_OP_GREATER/LDB_OP_LESS are thought as ">=" or "<="

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
7 years agos4:dsdb_sort_objectClass_attr - simplify memory context handling
Matthias Dieter Wallnöfer [Fri, 4 May 2012 06:51:41 +0000 (08:51 +0200)]
s4:dsdb_sort_objectClass_attr - simplify memory context handling

Do only require the out memory context and build the temporary one in
the body of the function. This greatly simplifies the callers.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
7 years agos4:dsdb_sort_objectClass_attr - use "data_blob_string_const" for setting values
Matthias Dieter Wallnöfer [Fri, 4 May 2012 06:46:29 +0000 (08:46 +0200)]
s4:dsdb_sort_objectClass_attr - use "data_blob_string_const" for setting values

As shown in commit c8e6d8b487 this looks easier and in any case we can
treat schema context data like global data.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
7 years agolibcli: fix value of NT_STATUS_FILE_NOT_AVAILABLE
Björn Jacke [Tue, 21 Aug 2012 16:29:51 +0000 (18:29 +0200)]
libcli: fix value of NT_STATUS_FILE_NOT_AVAILABLE

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Aug 22 01:30:06 CEST 2012 on sn-devel-104

7 years agoFix bug #9098 - winbind does not refresh kerberos tickets.
Jeremy Allison [Tue, 21 Aug 2012 18:24:58 +0000 (11:24 -0700)]
Fix bug #9098 - winbind does not refresh kerberos tickets.

Based on work from Ian Gordon <ian.gordon@strath.ac.uk>.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 21 22:01:15 CEST 2012 on sn-devel-104

7 years agoselftest: Add tests for vfs_aio_fork
Andrew Bartlett [Tue, 21 Aug 2012 09:22:54 +0000 (19:22 +1000)]
selftest: Add tests for vfs_aio_fork

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 21 13:12:33 CEST 2012 on sn-devel-104

7 years agos3-vfs: Make vfs_aio_fork erratic timing behaviour a run-time option
Andrew Bartlett [Tue, 21 Aug 2012 09:22:37 +0000 (19:22 +1000)]
s3-vfs: Make vfs_aio_fork erratic timing behaviour a run-time option

This will allow this to be tested as part of a normal selftest.

Andrew Bartlett

7 years agobuild: Create bin/ when doing 'waf dist' from a fresh checkout
Andrew Bartlett [Tue, 21 Aug 2012 05:22:25 +0000 (15:22 +1000)]
build: Create bin/ when doing 'waf dist' from a fresh checkout

As suggested by Amitay.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 21 09:03:02 CEST 2012 on sn-devel-104

7 years agos3-pysmbd: Add get/set functions for the posix ACL layer
Andrew Bartlett [Tue, 21 Aug 2012 05:11:30 +0000 (15:11 +1000)]
s3-pysmbd: Add get/set functions for the posix ACL layer

These will be used to verify that an ACL set as an NT ACL creates
the correct posix ACL.

Andrew Bartlett

7 years agos3-pysmbd: Correct comments in python VFS bindings
Andrew Bartlett [Tue, 21 Aug 2012 05:10:43 +0000 (15:10 +1000)]
s3-pysmbd: Correct comments in python VFS bindings

7 years agos3-passdb: Allow pdb_sid_to_id to work on any SID
Andrew Bartlett [Tue, 21 Aug 2012 04:56:45 +0000 (14:56 +1000)]
s3-passdb: Allow pdb_sid_to_id to work on any SID

This is needed so that pdb_samba4 can map any SID during a provision.

At runtime, winbindd will be asked first, but this shortcut direct to the
ldb file makes it possible to set the permissions on the sysvol share at
provision time.

Andrew Bartlett

7 years agos3-pysmbd: Add hook for a VFS chown()
Andrew Bartlett [Tue, 21 Aug 2012 04:23:35 +0000 (14:23 +1000)]
s3-pysmbd: Add hook for a VFS chown()

7 years agobuild: Remove special case for the build farm
Andrew Bartlett [Mon, 20 Aug 2012 22:16:24 +0000 (08:16 +1000)]
build: Remove special case for the build farm

Except in the formatting of the selftest output, this removes the special case
of the build farm, so that an autobuild, a manual make test and the build farm
are more similar.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 21 06:39:04 CEST 2012 on sn-devel-104

7 years agobuild: Remove accidentily added line in samba_version.py
Andrew Bartlett [Mon, 20 Aug 2012 21:57:14 +0000 (07:57 +1000)]
build: Remove accidentily added line in samba_version.py

This was incorrectly added in 0e441636afd5923a92f7eb29d66dfa52e2f0a5c3.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 21 03:11:16 CEST 2012 on sn-devel-104

7 years agoFix bug #9104 - winbindd can mis-identify idle clients - can cause crashes and NDR...
Herb Lewis [Mon, 20 Aug 2012 21:51:28 +0000 (14:51 -0700)]
Fix bug #9104 - winbindd can mis-identify idle clients - can cause crashes and NDR parsing errors.

A connection is idle when both struct winbindd_cli_state->request AND
struct winbindd_cli_state->response are NULL. Otherwise we can flag
as idle a connection in the state of having sent the request to
the winbindd child (request != NULL) but not yet received a reply
(response == NULL).

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 21 01:31:46 CEST 2012 on sn-devel-104

7 years agos4-torture: Use torture_fail() in the unix.unix_info2 test
Andrew Bartlett [Mon, 20 Aug 2012 11:29:26 +0000 (21:29 +1000)]
s4-torture: Use torture_fail() in the unix.unix_info2 test

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Aug 20 15:36:48 CEST 2012 on sn-devel-104

7 years agoselftest: Use new fake_acls module
Andrew Bartlett [Wed, 15 Aug 2012 10:35:05 +0000 (20:35 +1000)]
selftest: Use new fake_acls module

This isolates us from the OS ACL library, and allows chown to 'work'
when we are non-root.  In turn, this ensures that we can test the SMB
-> POSIX layer even when the OS would refuse the set due to non-root
or simply not having acls enabled on this particular file system.

This should make a number of build farm tests much more reliable, and
allows a number more tests to pass.

Andrew Bartlett

7 years agos4-torture: Show that we cannot list extended attributes on streams
Andrew Bartlett [Sun, 19 Aug 2012 12:46:21 +0000 (22:46 +1000)]
s4-torture: Show that we cannot list extended attributes on streams

7 years agos4-torture: Show that we cannot have extended attributes on streams
Andrew Bartlett [Sun, 19 Aug 2012 11:55:13 +0000 (21:55 +1000)]
s4-torture: Show that we cannot have extended attributes on streams