kai/samba.git
6 years agos3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(). (bug #9426)
Günther Deschner [Fri, 23 Nov 2012 12:19:53 +0000 (13:19 +0100)]
s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(). (bug #9426)

The server name type (0x20) is much more likely to be available in the name cache, as
this type gets stored by winbind itself - the primary user of the ncacn_ip_tcp
code currently.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Nov 23 16:30:57 CET 2012 on sn-devel-104

6 years agoFix MD5 detection in the autoconf build
Matthieu Patou [Wed, 21 Nov 2012 20:07:42 +0000 (12:07 -0800)]
Fix MD5 detection in the autoconf build

This is a front port of patches made in 3.6.x branch for bugs:
* 9037
* 9086
* 9094
* 9418

It checks if there is a library for md5 related functions (libmd or
libmd5) and if so it checks for the presence of md5.h headers it also
respect the need for osX build to not use samba's md5 implementation as
it's already present in the system libs.

Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Nov 23 10:05:34 CET 2012 on sn-devel-104

6 years agoweb_server: Load SWAT if it is available.
Jelmer Vernooij [Thu, 22 Nov 2012 00:47:00 +0000 (00:47 +0000)]
web_server: Load SWAT if it is available.

Reviewed-by: Matthieu Patou <mat@matws.net>
Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Fri Nov 23 01:39:38 CET 2012 on sn-devel-104

6 years agoweb_server: the web server is not multi-process, indicate so in WSGI.
Jelmer Vernooij [Thu, 22 Nov 2012 00:46:59 +0000 (00:46 +0000)]
web_server: the web server is not multi-process, indicate so in WSGI.

This is a requirement for some of the paster middleware used by SWAT2.

Reviewed-by: Matthieu Patou <mat@matws.net>
6 years agoweb_server: Properly decrement reference counters for python objects in wsgi.
Jelmer Vernooij [Thu, 22 Nov 2012 00:46:58 +0000 (00:46 +0000)]
web_server: Properly decrement reference counters for python objects in wsgi.

Reviewed-by: Matthieu Patou <mat@matws.net>
6 years agoweb_server: Properly set SCRIPT_NAME and PATH_INFO.
Jelmer Vernooij [Thu, 22 Nov 2012 00:46:57 +0000 (00:46 +0000)]
web_server: Properly set SCRIPT_NAME and PATH_INFO.

Reviewed-by: Matthieu Patou <mat@matws.net>
6 years agoweb_server: Create a string object for SERVER_PORT variable.
Jelmer Vernooij [Thu, 22 Nov 2012 00:46:56 +0000 (00:46 +0000)]
web_server: Create a string object for SERVER_PORT variable.

This matches the behaviour of other wsgi server implementations.

Reviewed-by: Matthieu Patou <mat@matws.net>
6 years agoweb_server/wsgi: Don't segfault when wsgi app doesn't return iterable.
Jelmer Vernooij [Thu, 22 Nov 2012 00:46:55 +0000 (00:46 +0000)]
web_server/wsgi: Don't segfault when wsgi app doesn't return iterable.

There is a bug in the application if this happens, but invalid Python
code shouldn't cause segfaults.

Reviewed-by: Matthieu Patou <mat@matws.net>
6 years agobuild: Do not install testing binaries
Andrew Bartlett [Wed, 21 Nov 2012 09:20:46 +0000 (20:20 +1100)]
build: Do not install testing binaries

These binaries are for developer or selftest use, and are not
supported for installation onto the system.  The autoconf build does
not install these binaries, and so neither should the waf build.

Andrew Bartlett

Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 22 12:00:36 CET 2012 on sn-devel-104

6 years agopackaging: Remove long-gone --disable-merged-build from RHEL-CTDB packaging
Andrew Bartlett [Wed, 21 Nov 2012 08:52:50 +0000 (19:52 +1100)]
packaging: Remove long-gone --disable-merged-build from RHEL-CTDB packaging

Reviewed-by: Andreas Schneider <asn@samba.org>
6 years agobuild: Remove --enable-smbtorture, require bin/smbtorture (from waf) for make test
Andrew Bartlett [Wed, 21 Nov 2012 06:52:35 +0000 (17:52 +1100)]
build: Remove --enable-smbtorture, require bin/smbtorture (from waf) for make test

This simply moves this to being a side-effect of --enable-selftest.

The flag was renamed from --enable-smbtorture4 in a recent patch.

Make test now relies on smbtorture4, and so this code to make the dependency
optional for the tests is not required any more.

Andrew Bartlett

Reviewed-by: Andreas Schneider <asn@samba.org>
6 years agobuild: Be consistent with the name of smbtorture binaries
Andrew Bartlett [Wed, 21 Nov 2012 05:32:38 +0000 (16:32 +1100)]
build: Be consistent with the name of smbtorture binaries

This ensures that in both build systems, smbtorture3 is the source3 binary, and
smbtoture is our main smbtorture binary, built with waf.

Also included in this is the removal of bin/ndrdump4 as a special case.

This removes the last cases of binaries with different names in
each build system.

Andrew Bartlett

Reviewed-by: Andreas Schneider <asn@samba.org>
6 years agotorture: remove source3 locktest and masktest
Andrew Bartlett [Wed, 21 Nov 2012 05:00:53 +0000 (16:00 +1100)]
torture: remove source3 locktest and masktest

We now just build these in waf, using the source4/torture code.

The source4 versions of these are tested in make test.

Andrew Bartlett

Reviewed-by: Andreas Schneider <asn@samba.org>
6 years agobuild: Use ntlm_auth from source3 as the only ntlm_auth installed on the system
Andrew Bartlett [Wed, 21 Nov 2012 04:34:43 +0000 (15:34 +1100)]
build: Use ntlm_auth from source3 as the only ntlm_auth installed on the system

The ntlm_auth4 binary is untested, and is missing major features compared with
the source3 binary.  The two are being slowly merged, but I have not finished
that.

Andrew Bartlett

Reviewed-by: Andreas Schneider <asn@samba.org>
6 years agolib/replace: Do not use STRERROR_R_PROTO_COMPATIBLE as only roken.h sets this
Andrew Bartlett [Mon, 19 Nov 2012 12:25:45 +0000 (23:25 +1100)]
lib/replace: Do not use STRERROR_R_PROTO_COMPATIBLE as only roken.h sets this

Currently, we put strerror_r into libreplace even on systems with strerror_r.

Andrew Bartlett

Reviewed-by: Andreas Schneider <asn@samba.org>
6 years agos4/web_server: Fix typo in URL.
Jelmer Vernooij [Wed, 21 Nov 2012 22:56:57 +0000 (22:56 +0000)]
s4/web_server: Fix typo in URL.

Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Thu Nov 22 01:37:02 CET 2012 on sn-devel-104

6 years agos3:smbd/aio do not mark file modified during reads
Christian Ambach [Tue, 20 Nov 2012 13:24:13 +0000 (14:24 +0100)]
s3:smbd/aio do not mark file modified during reads

this causes each file that is potentially just opened for reading to be
marked as modified and lots of file change notifications will be send

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Tue Nov 20 21:02:34 CET 2012 on sn-devel-104

6 years agos3: Fix some blank line endings
Volker Lendecke [Wed, 7 Nov 2012 15:22:07 +0000 (16:22 +0100)]
s3: Fix some blank line endings

Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Nov 20 19:18:33 CET 2012 on sn-devel-104

6 years agolibrpc/idl: teach ndrdump about dumping security.idl structures
Stefan Metzmacher [Tue, 13 Nov 2012 08:34:43 +0000 (09:34 +0100)]
librpc/idl: teach ndrdump about dumping security.idl structures

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
6 years agos3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug #9382)
Stefan Metzmacher [Mon, 12 Nov 2012 09:16:50 +0000 (10:16 +0100)]
s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug #9382)

Now the logic matches the one in dcerpc_read_ncacn_packet_done().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
6 years agos4:torture/rpc/handles: try to make the assoc_group test less flakey
Stefan Metzmacher [Wed, 14 Nov 2012 07:45:10 +0000 (08:45 +0100)]
s4:torture/rpc/handles: try to make the assoc_group test less flakey

Just incrementing the assoc_group_id makes it too likely to hit
a number that is already in use.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
6 years agos4:torture/rpc/handles: move a torture_comment()
Stefan Metzmacher [Tue, 20 Nov 2012 13:13:16 +0000 (14:13 +0100)]
s4:torture/rpc/handles: move a torture_comment()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
6 years agos3:param: set "map archive = no" in ROLE_ACTIVE_DIRECTORY_DC
Stefan Metzmacher [Tue, 20 Nov 2012 12:50:46 +0000 (13:50 +0100)]
s3:param: set "map archive = no" in ROLE_ACTIVE_DIRECTORY_DC

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
6 years agoexamples: fix build on AIX6
Christian Ambach [Tue, 20 Nov 2012 08:50:15 +0000 (09:50 +0100)]
examples: fix build on AIX6

Signed-off-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Nov 20 16:06:59 CET 2012 on sn-devel-104

6 years agobuild(waf): fix a typo
Christian Ambach [Tue, 20 Nov 2012 08:49:46 +0000 (09:49 +0100)]
build(waf): fix a typo

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Nov 20 11:54:51 CET 2012 on sn-devel-104

6 years agoMore for #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs...
Jeremy Allison [Wed, 14 Nov 2012 22:40:51 +0000 (14:40 -0800)]
More for #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend.

Change can_delete_directory() to can_delete_directory_fsp(), as
we only ever call this from an open directory file handle.

This allows us to use OpenDir_fsp() instead of OpenDir().
OpenDir() re-checks the ACL on the directory, which may
refuse DIR_LIST permissions. OpenDir_fsp() does not. As
this is a file-server internal check to see if the directory
actually contains any files before setting delete on close,
we can ignore the ACL here (Windows does).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Nov 20 01:46:28 CET 2012 on sn-devel-104

6 years agoAdd comments explaining exactly *why* we don't check FILE_READ_ATTRIBUTES when evalua...
Jeremy Allison [Wed, 14 Nov 2012 22:40:50 +0000 (14:40 -0800)]
Add comments explaining exactly *why* we don't check FILE_READ_ATTRIBUTES when evaluating file/directory ACE's.

If we can access the path to this file, by
default we have FILE_READ_ATTRIBUTES from the
containing directory. See the section.
"Algorithm to Check Access to an Existing File"
in MS-FSA.pdf.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
6 years agos3:modules:nfs4_acls remove unused mem_ctx parameter to smbacl4_fill_ace4
Christian Ambach [Mon, 5 Nov 2012 17:49:54 +0000 (18:49 +0100)]
s3:modules:nfs4_acls remove unused mem_ctx parameter to smbacl4_fill_ace4

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Nov 17 01:11:07 CET 2012 on sn-devel-104

6 years agos3:modules:nfs4_acls fix memory hierarchy in smb_create_smb4acl
Christian Ambach [Mon, 5 Nov 2012 17:47:01 +0000 (18:47 +0100)]
s3:modules:nfs4_acls fix memory hierarchy in smb_create_smb4acl

the ACEs should be talloc children of the ACL itself and not be placed on talloc_tos()

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agos3:vfs_gpfs fix a memory leak in gpfsacl_get_posix_acl
Christian Ambach [Fri, 2 Nov 2012 07:41:40 +0000 (08:41 +0100)]
s3:vfs_gpfs fix a memory leak in gpfsacl_get_posix_acl

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agos3:vfs_gpfs fix memory corruption in gpfs2smb_acl
Christian Ambach [Fri, 2 Nov 2012 07:41:10 +0000 (08:41 +0100)]
s3:vfs_gpfs fix memory corruption in gpfs2smb_acl

sys_acl_init returns a SMB_ACL_T with zero entries in the acl array
reallocate the array to proper size before filling it, otherwise we overwrite memory

This one is a result of a improper fixing in 7a6182962966e5edb42728c8

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agos3:vfs_gpfs fix memory leak in gpfs_get_nfs4_acl
Christian Ambach [Fri, 2 Nov 2012 07:39:45 +0000 (08:39 +0100)]
s3:vfs_gpfs fix memory leak in gpfs_get_nfs4_acl

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agos3:vfs_gpfs fix memory leaks in gpfs_getacl_alloc
Christian Ambach [Fri, 2 Nov 2012 07:39:17 +0000 (08:39 +0100)]
s3:vfs_gpfs fix memory leaks in gpfs_getacl_alloc

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agosamba-tool dns: Don't use "localhost" to connect to local host
Kai Blin [Wed, 14 Nov 2012 10:32:06 +0000 (11:32 +0100)]
samba-tool dns: Don't use "localhost" to connect to local host

Calling "samba-tool dns <cmd> localhost" provokes a stacktrace.

This just makes 'samba-tool dns <cmd> localhost' work and doesn't fix
the underlying issue, but I don't see it causing any harm (unless you
don't have an ipv4 localhost, I guess).

Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Nov 16 13:18:14 CET 2012 on sn-devel-104

6 years agoutils: Remove unused samba-dig tool
Kai Blin [Fri, 16 Nov 2012 08:59:53 +0000 (09:59 +0100)]
utils: Remove unused samba-dig tool

Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
6 years agodsdb: Make secrets_tdb_sync cope with -H secrets.ldb
Andrew Bartlett [Wed, 12 Sep 2012 13:34:29 +0000 (15:34 +0200)]
dsdb: Make secrets_tdb_sync cope with -H secrets.ldb

The issue was, without a / in the path, we did not cope.

Andrew Bartlett
Reviewed-by: Michael Adam <obnox@samba.org>
6 years agos3:param: make init_locals() static.
Michael Adam [Fri, 16 Nov 2012 00:00:21 +0000 (01:00 +0100)]
s3:param: make init_locals() static.

it is only used in loadparm.c

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Nov 16 03:33:34 CET 2012 on sn-devel-104

6 years agos3-param: Handle setting default AD DC per-share settings in init_locals()
Andrew Bartlett [Thu, 15 Nov 2012 23:30:44 +0000 (10:30 +1100)]
s3-param: Handle setting default AD DC per-share settings in init_locals()

This function is helpfully called between when we finish processing
the globals and when we start processing the individual shares.  This
means that the "vfs objects" and other per-share settings we specify
here become the defaults for (eg) [netlogon] and [sysvol] but the
admin can override these on a per-share basis or (as we must in make
test) for the whole server.

This broke setting and fetching of group policy objects from Windows
clients, since this setting was moved from fileserver.conf in
8518dd6406c0132dfd8c44e084c2b39792974f2c, and wasn't found in 'make
test' because we have to override the vfs objects to insert the
xattr_tdb and fake_acl modules.

Andrew Bartlett

Reviewed-by: Michael Adam <obnox@samba.org>
6 years agos4:samba-tool: Fix samba-tool fsmo --role=schema
Arvid Requate [Wed, 14 Nov 2012 14:51:19 +0000 (15:51 +0100)]
s4:samba-tool: Fix samba-tool fsmo --role=schema

Fix traceback:
samba-tool fsmo --role=schema --force
ERROR(<type 'exceptions.TypeError'>): uncaught exception - argument 2 must be string, not ldb.Dn
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 168, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py", line 160, in run
    self.seize_role(role, samdb, force)
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py", line 119, in seize_role
    m.dn = ldb.Dn(samdb, self.schema_dn)

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov 16 00:40:24 CET 2012 on sn-devel-104

6 years agosamba-tool: Add new samba-tool gpo aclcheck and test
Andrew Bartlett [Mon, 5 Nov 2012 08:36:28 +0000 (19:36 +1100)]
samba-tool: Add new samba-tool gpo aclcheck and test

Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
6 years agoAnother fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs.
Jeremy Allison [Tue, 13 Nov 2012 19:22:15 +0000 (11:22 -0800)]
Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs.

Not caught by make test as it's an extreme edge case for strange
incoming ACLs. I only found this as I'm making raw.acls and smb2.acls
pass against 3.6.x and 4.0.0 with acl_xattr mapped onto a POSIX backend.

An incoming inheritable ACE entry containing only one permission,
WRITE_DATA maps into a POSIX owner perm of "-w-", which violates
the principle that the owner of a file/directory can always read.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Nov 15 19:52:52 CET 2012 on sn-devel-104

6 years agopopt_common: Fix typos.
Karolin Seeger [Wed, 14 Nov 2012 10:40:27 +0000 (11:40 +0100)]
popt_common: Fix typos.

Karolin

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed by: Jelmer Vernooij <jelmer@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 15 01:31:50 CET 2012 on sn-devel-104

6 years agolib/replace: replace all *printf function if we replace snprintf (bug #9390)
Stefan Metzmacher [Tue, 13 Nov 2012 13:07:11 +0000 (14:07 +0100)]
lib/replace: replace all *printf function if we replace snprintf (bug #9390)

This fixes segfaults in log level = 10 on Solaris.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Jacke <bj@sernet.de>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Nov 14 19:41:14 CET 2012 on sn-devel-104

6 years agosubunit: Update to latest upstream version.
Jelmer Vernooij [Wed, 14 Nov 2012 08:47:16 +0000 (09:47 +0100)]
subunit: Update to latest upstream version.

Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Wed Nov 14 12:11:58 CET 2012 on sn-devel-104

6 years agotesttools: Update to latest version.
Jelmer Vernooij [Wed, 14 Nov 2012 08:46:53 +0000 (09:46 +0100)]
testtools: Update to latest version.

6 years agosmbd_open_one_socket does not use the messaging_context variable so why pass it in?
Richard Sharpe [Tue, 13 Nov 2012 21:53:35 +0000 (13:53 -0800)]
smbd_open_one_socket does not use the messaging_context variable so why pass it in?

Reviewed by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 14 02:19:46 CET 2012 on sn-devel-104

6 years agoA small error message fix in source3/smbd/server.c
Richard Sharpe [Tue, 13 Nov 2012 19:27:53 +0000 (11:27 -0800)]
A small error message fix in source3/smbd/server.c

Removes some incorrect info from an error message
(probably from its old place when it was copied).

Reviewed by: Jeremy Allison <jra@samba.org>

6 years agoscripting ntacls: Do not place a SACL in the GPO filesystem ACL
Andrew Bartlett [Tue, 13 Nov 2012 05:03:27 +0000 (16:03 +1100)]
scripting ntacls: Do not place a SACL in the GPO filesystem ACL

On a new GPO created on windows, the SACL is not used.

Andrew Bartlett

Reviewed by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 14 00:34:50 CET 2012 on sn-devel-104

6 years agontvfs: Fill in sd->type based on the new ACL being added
Andrew Bartlett [Tue, 13 Nov 2012 05:45:03 +0000 (16:45 +1100)]
ntvfs: Fill in sd->type based on the new ACL being added

Previously we would not change the type field, and just relied on what
was in the original ACL based on the default SD.

This is required to ensure the SEC_DESC_DACL_PROTECTED is set
which is in turn required for GPOs to be set correctly
to match what windows does.

Andrew Bartlett

Reviewed by: Jeremy Allison <jra@samba.org>

6 years agosmbd: Remove NT4 compatability handling in posix -> NT ACL conversion
Andrew Bartlett [Mon, 12 Nov 2012 06:11:34 +0000 (17:11 +1100)]
smbd: Remove NT4 compatability handling in posix -> NT ACL conversion

NT4 is long dead, and we should not change which ACL we return based
on what we think the client is.  The reason we should not do this, is
that if we are using vfs_acl_xattr then the hash will break if we do.
Additionally, it would require that the python VFS interface set the
global remote_arch to fake up being a modern client.

This instead seems cleaner and removes untested code (the tests are
updated to then handle the results of the modern codepath).

The supporting 'acl compatability' parameter is also removed.

Andrew Bartlett

Reviewed by: Jeremy Allison <jra@samba.org>

6 years agoChange get_nt_acl_no_snum() to return an NTSTATUS, not a struct security_descriptor *.
Andrew Bartlett [Tue, 13 Nov 2012 20:48:53 +0000 (12:48 -0800)]
Change get_nt_acl_no_snum() to return an NTSTATUS, not a struct security_descriptor *.

Internally change the implementation to use SMB_VFS_GET_NT_ACL()
instead of SMB_VFS_FGET_NT_ACL() with a faked-up file struct.

Andrew Bartlett

Reviewed by: Jeremy Allison <jra@samba.org>

6 years agosmbd: Correctly set fsp->is_directory before dealing with ACLs
Andrew Bartlett [Tue, 13 Nov 2012 20:34:35 +0000 (12:34 -0800)]
smbd: Correctly set fsp->is_directory before dealing with ACLs

Change set_nt_acl_no_snum() to correctly set up the fsp.
This does a stat on a real fsp in set_nt_acl_no_snum.

Reviewed by: Jeremy Allison <jra@samba.org>

6 years agoEnsure we Correctly set fsp->is_directory before dealing with ACLs.
Andrew Bartlett [Tue, 13 Nov 2012 20:21:45 +0000 (12:21 -0800)]
Ensure we Correctly set fsp->is_directory before dealing with ACLs.

Reviewed by: Jeremy Allison <jra@samba.org>

6 years agolib/ldb: add missing newline in the output of ldb_ldif_write_trace() save-diskspace-tags/ldb-1.1.14
Stefan Metzmacher [Mon, 12 Nov 2012 10:42:52 +0000 (11:42 +0100)]
lib/ldb: add missing newline in the output of ldb_ldif_write_trace()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 13 13:53:31 CET 2012 on sn-devel-104

6 years agos4:samba-tool/testparm: report a CommandError if loading of the config file fails
Stefan Metzmacher [Fri, 9 Nov 2012 08:01:29 +0000 (09:01 +0100)]
s4:samba-tool/testparm: report a CommandError if loading of the config file fails

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agolib/addns: remove compiler warnings
Stefan Metzmacher [Fri, 9 Nov 2012 08:08:51 +0000 (09:08 +0100)]
lib/addns: remove compiler warnings

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agolib/addns: don't depend on the order in resp->answers[]
Stefan Metzmacher [Fri, 9 Nov 2012 07:59:36 +0000 (08:59 +0100)]
lib/addns: don't depend on the order in resp->answers[]

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agolib/addns: remove pointless check for resp->num_additionals != 1
Stefan Metzmacher [Fri, 9 Nov 2012 07:55:40 +0000 (08:55 +0100)]
lib/addns: remove pointless check for resp->num_additionals != 1

We never use resp->additionals, so there's no reason to check.

This fixes dns updates against BIND9 (used in a Samba4 domain).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agoselftest: Add --tmpdir to 'samba-tool gpo create' test
Andrew Bartlett [Tue, 13 Nov 2012 02:31:53 +0000 (13:31 +1100)]
selftest: Add --tmpdir to 'samba-tool gpo create' test

This was the cause of the flakey test, and was only noticed when
multiple different users ran autobuild at the same time on the same
server.

We use shutil.rmtree to wipe the directory before the tests finishes
as required by the TestCaseInTempDir class.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Nov 13 10:50:56 CET 2012 on sn-devel-104

6 years agoRevert "selftest/skip: add samba.tests.samba_tool.gpo until it's stable"
Andrew Bartlett [Mon, 12 Nov 2012 10:49:36 +0000 (21:49 +1100)]
Revert "selftest/skip: add samba.tests.samba_tool.gpo until it's stable"

This reverts commit 47bbf9886f0cebf994435a32bafa07e36cce191b.

This test appears to be stable now, but the changes in the previous
commit should allow the real error to be found if it comes back.

As requested by metze.

Andrew Bartlett

Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 13 01:45:04 CET 2012 on sn-devel-104

6 years agoselftest: Avoid returning errors (rather than failures) in gpo test
Andrew Bartlett [Mon, 12 Nov 2012 10:48:46 +0000 (21:48 +1100)]
selftest: Avoid returning errors (rather than failures) in gpo test

This should help find the real cause of the flakey test, if it ever returns.

Andrew Bartlett

Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
6 years agos3:winbind: BUG 9386: Failover if netlogon pipe is not available.
Andreas Schneider [Fri, 9 Nov 2012 14:33:09 +0000 (15:33 +0100)]
s3:winbind: BUG 9386: Failover if netlogon pipe is not available.

Samba continues to query a broken DC while the DC did not finish to
rebuild Sysvol (after a Windows crash, for example). It causes end users
to received strange codes while trying to authenticate, even if there is
a secondary DC available.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Nov 12 18:57:18 CET 2012 on sn-devel-104

6 years agoUse work around for 'winbind use default domain' only if it is set
Sumit Bose [Mon, 29 Oct 2012 11:09:22 +0000 (12:09 +0100)]
Use work around for 'winbind use default domain' only if it is set

Currently in smb_getpwnam() the NetBIOS domain name and the winbind separator
character is always added to the user name returned by Get_Pwnam_alloc() if it
does not contain the winbind separator character. As comments in the code
indicates this is done as a work around if 'winbind use default domain' is set
to yes in the samba configuration.

This make sense if the option is set because otherwise the domain information is
lost from the user name. But it causes errors if other services than winbind are
used for user lookup, e.g. sssd. sssd can handle different kind of fully
qualified user names as input, e.g. user@domain.name or DOM\user, but returns a
canonical name, by default user@domain.name.

While it would be possible to get around this issue with a special configuration
either on the sssd or samba side I think the cleaner solution is to use the work
around only if 'winbind use default domain' is set to yes which is what this
patch does.

Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Nov 12 15:54:15 CET 2012 on sn-devel-104

6 years agontp_signd: Only allow group access to the ntp signd directory.
Andrew Bartlett [Sun, 11 Nov 2012 10:32:22 +0000 (21:32 +1100)]
ntp_signd: Only allow group access to the ntp signd directory.

Existing installations running ntp as group 'ntp' will need to change
the permissions on the ntp_signd socket directory (eg
PREFIX/lib/ntp_signd or /var/lib/samba/ntp_signd)

The reason is that allowing other users on the host access to this
directory would allow them to potentially spoof time on the network,
or attack the password database with a chosen plaintext attack.

Permissions should be changed to:

ownership root:ntp (if ntp runs as gid ntp)
mode 0750 (this is what it will be created as)

If the permissions are not changed, Samba will refuse to start the
ntp_signd server, and NTP operations will not be signed.  As the error
is declared fatal, in the future, Samba may totally refused to start.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Nov 12 12:36:30 CET 2012 on sn-devel-104

6 years agontp_signd: move socket directory to var/lib not var/run for permissions change
Andrew Bartlett [Sun, 11 Nov 2012 21:44:02 +0000 (08:44 +1100)]
ntp_signd: move socket directory to var/lib not var/run for permissions change

With the next patch, this becomes a socket directory on which we must
maintain administrator-specified permissions we will need to move it
away from directories that wipe at boot.

This means the ntp.conf will need to change from (eg)

ntpsigndsocket /usr/local/samba/var/run/ntp_signd/

to

ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
6 years agos4:dsdb/acl_read: make sure confidential attributes require CONTROL_ACCESS (bug ...
Stefan Metzmacher [Fri, 9 Nov 2012 16:23:53 +0000 (17:23 +0100)]
s4:dsdb/acl_read: make sure confidential attributes require CONTROL_ACCESS (bug #8620)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 12 01:25:21 CET 2012 on sn-devel-104

6 years agos4:dsdb/acl_read: fix whitespace formatting errors
Stefan Metzmacher [Fri, 9 Nov 2012 16:22:44 +0000 (17:22 +0100)]
s4:dsdb/acl_read: fix whitespace formatting errors

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agos4:dsdb/acl: only give administrators access to attributes marked as confidential...
Stefan Metzmacher [Fri, 9 Nov 2012 16:05:44 +0000 (17:05 +0100)]
s4:dsdb/acl: only give administrators access to attributes marked as confidential (bug #8620)

The full fix will to implement and use the code of the read_acl module,
but this is better than nothing for now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agos4:dsdb/acl: reorganize the logic flow in the password filtering checks
Stefan Metzmacher [Fri, 9 Nov 2012 10:23:47 +0000 (11:23 +0100)]
s4:dsdb/acl: reorganize the logic flow in the password filtering checks

This avoids some nesting levels and does early returns.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agos4:dsdb/acl: fix search filter cleanup for password attributes
Stefan Metzmacher [Fri, 9 Nov 2012 10:25:21 +0000 (11:25 +0100)]
s4:dsdb/acl: fix search filter cleanup for password attributes

We need to this when we're *not* system.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agoselftest: Avoid test cross-contamination in samba.tests.posixacl
Andrew Bartlett [Sun, 11 Nov 2012 20:53:40 +0000 (07:53 +1100)]
selftest: Avoid test cross-contamination in samba.tests.posixacl

This creates a new xattr.tdb per unit test, which avoids once and for all
the issue of dev/inode reuse.

For test_setposixacl_dir_getntacl_smbd the file ownership also set specifically.

Andrew Bartlett

Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
6 years agoselftest: Add tests for expected behaviour on directories as well as files
Andrew Bartlett [Sun, 11 Nov 2012 10:33:41 +0000 (21:33 +1100)]
selftest: Add tests for expected behaviour on directories as well as files

This is important because it covers the codepath which had the talloc
error fixed by commit 60cf4cb5a630506747431ecbf00d890509baf2f3
(vfs_acl_common: In add_directory_inheritable_components allocate on
psd as parent)

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Nov 11 15:48:10 CET 2012 on sn-devel-104

6 years agopysmbd: Add SMB_ACL_EXECUTE to the mask set by make_simple_acl()
Andrew Bartlett [Sun, 11 Nov 2012 11:07:49 +0000 (22:07 +1100)]
pysmbd: Add SMB_ACL_EXECUTE to the mask set by make_simple_acl()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agoselftest: Make samba.tests.ntacl also use TestCaseInTempDir
Andrew Bartlett [Sun, 11 Nov 2012 03:01:44 +0000 (14:01 +1100)]
selftest: Make samba.tests.ntacl also use TestCaseInTempDir

This follows on from the successful conversion of samba.tests.posixacl.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
6 years agosamba-tool: Rework ldap attribute fetch in classicupgrade for missing attributes
Andrew Bartlett [Sun, 11 Nov 2012 00:35:02 +0000 (11:35 +1100)]
samba-tool: Rework ldap attribute fetch in classicupgrade for missing attributes

Is is not required that these additional attributes be filled in, so
catch KeyError in both the nsswitch and ldap backend case.

We rework get_posix_attr_from_ldap_backend() so it raises KeyError
rather than trying to return None, and does not ignore other errors.

Andrew Bartlett

Tested-by: Chirana Gheorghita Eugeniu Theodor <office@adaptcom.ro>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
6 years agos3:smbd: Fix typo in got_duplicate_group check
Arvid Requate [Sat, 10 Nov 2012 09:40:32 +0000 (10:40 +0100)]
s3:smbd: Fix typo in got_duplicate_group check

Reviewed by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 10 20:25:48 CET 2012 on sn-devel-104

6 years agobuild: add DMAPI configure option and checks
Christian Ambach [Wed, 7 Nov 2012 17:40:07 +0000 (18:40 +0100)]
build: add DMAPI configure option and checks

the waf build was missing the --with-dmapi option
and configure checks that are necessary to build the
source3 parts that need DMAPI (e.g. vfs_tsmsm)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=9178

Signed-off-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Fri Nov  9 20:57:31 CET 2012 on sn-devel-104

6 years agobuild(waf): support AIX 6.1
Christian Ambach [Sat, 10 Nov 2012 00:58:43 +0000 (18:58 -0600)]
build(waf): support AIX 6.1

on AIX6.1, we need to define _ALL_SOURCE as well, otherwise
system headers with BSD types like u_int cannot be used

6 years agodoc: list arguments for rpcclient FSRVP commands
David Disseldorp [Wed, 7 Nov 2012 12:06:54 +0000 (13:06 +0100)]
doc: list arguments for rpcclient FSRVP commands

Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov  9 18:21:39 CET 2012 on sn-devel-104

6 years agodoc: describe samlogon cache caveat for winbindd -n
David Disseldorp [Tue, 6 Nov 2012 11:49:42 +0000 (12:49 +0100)]
doc: describe samlogon cache caveat for winbindd -n

The samlogon cache is never bypassed, even when winbindd is run with the
-n argument.
See https://bugzilla.samba.org/show_bug.cgi?id=9125

Reviewed-by: Andreas Schneider <asn@samba.org>
6 years agoRevert "s3-winbindd: make sure we obey the -n switch also for samlogon cache access."
David Disseldorp [Tue, 6 Nov 2012 11:29:24 +0000 (12:29 +0100)]
Revert "s3-winbindd: make sure we obey the -n switch also for samlogon cache access."

This reverts commit ae6a779bf9f816680e724ede37324b7f5355996b.

Bug 9125 analysis from Volker:

The problem is that there are no network calls possible at all that
would do what the samlogon cache does for us. There is just no way to
retrieve the group membership in a complex trusted environment. If you
have just a single domain with Samba as domain controller it might be
possible, but even within a single domain it is not possible to
correctly retrieve all group memberships using LDAP calls due to ACLs on
directory objects. The call to get that is called NetSamLogon on the
NETLOGON pipe. But this call requires user credentials and might trigger
updating counts on the server. So to correctly implement wbinfo -r after
a user has logged in, you have two alternatives: Save the info3 struct
or the PAC in the netsamlogon cache. If you insist on doing network
calls, you need to cache the user credentials somewhere to re-do the
NetSamLogon call every time the wbinfo -r is requested.

Reviewed-by: Andreas Schneider <asn@samba.org>
6 years agoMakefile: Allow specifying PYTHON environment variable.
Jelmer Vernooij [Tue, 6 Nov 2012 21:29:07 +0000 (22:29 +0100)]
Makefile: Allow specifying PYTHON environment variable.

This is required for Minix, where python is named "python2.X".

Reviewed-by: Simo Sorce <idra@samba.org>
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Fri Nov  9 16:39:09 CET 2012 on sn-devel-104

6 years agoconfigure: Support specifying PYTHON environment variable to run waf.
Jelmer Vernooij [Tue, 6 Nov 2012 21:24:07 +0000 (22:24 +0100)]
configure: Support specifying PYTHON environment variable to run waf.

This is necessary to run configure on Minix, where python is named
"python2.X".

Reviewed-by: Simo Sorce <idra@samba.org>
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
6 years agotorture: Fix smb2.create.blob test.
Andreas Schneider [Wed, 7 Nov 2012 12:59:48 +0000 (13:59 +0100)]
torture: Fix smb2.create.blob test.

Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Nov  9 14:53:27 CET 2012 on sn-devel-104

6 years agosamba-tool: Fix typo in --help output.
Karolin Seeger [Fri, 9 Nov 2012 08:07:38 +0000 (09:07 +0100)]
samba-tool: Fix typo in --help output.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Nov  9 11:04:50 CET 2012 on sn-devel-104

6 years agos4-drs: Remove unused var
Matthieu Patou [Fri, 5 Oct 2012 09:09:47 +0000 (02:09 -0700)]
s4-drs: Remove unused var

Signed-off-by: Matthieu Patou <mat@matws.net>
6 years agos3fs-client: Burn commandline password of client utils.
Andreas Schneider [Tue, 6 Nov 2012 08:27:43 +0000 (09:27 +0100)]
s3fs-client: Burn commandline password of client utils.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov  8 21:24:21 CET 2012 on sn-devel-104

6 years agos3fs-popt: Add function to burn the commandline password.
Andreas Schneider [Tue, 6 Nov 2012 08:27:42 +0000 (09:27 +0100)]
s3fs-popt: Add function to burn the commandline password.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed by: Jeremy Allison <jra@samba.org>

6 years agoRemove two unused variables
Volker Lendecke [Wed, 7 Nov 2012 14:33:10 +0000 (15:33 +0100)]
Remove two unused variables

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Nov  7 17:18:06 CET 2012 on sn-devel-104

6 years agolib/util: Simplify bitmap.c a bit
Volker Lendecke [Tue, 30 Oct 2012 22:15:09 +0000 (23:15 +0100)]
lib/util: Simplify bitmap.c a bit

This avoids the double-talloc for bitmaps

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
6 years agolib/util: Make "struct bitmap" abstract
Volker Lendecke [Tue, 30 Oct 2012 21:43:21 +0000 (22:43 +0100)]
lib/util: Make "struct bitmap" abstract

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
6 years agoheimdal_build: Fix finding of system heimdal.
Jelmer Vernooij [Mon, 5 Nov 2012 22:38:23 +0000 (23:38 +0100)]
heimdal_build: Fix finding of system heimdal.

When checking for Heimdal headers, make sure HAVE_CONFIG_H is not
defined, as config.h will not be available.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Tue Nov  6 16:27:03 CET 2012 on sn-devel-104

6 years agoheimdal_build: HEIMDAL_LIBRARY(): Remove unused cflags argument.
Jelmer Vernooij [Mon, 5 Nov 2012 22:33:21 +0000 (23:33 +0100)]
heimdal_build: HEIMDAL_LIBRARY(): Remove unused cflags argument.

6 years agoselftest/skip: add samba.tests.samba_tool.gpo until it's stable
Stefan Metzmacher [Tue, 6 Nov 2012 11:16:37 +0000 (12:16 +0100)]
selftest/skip: add samba.tests.samba_tool.gpo until it's stable

See:

https://git.samba.org/autobuild.flakey/2012-11-06-0314/samba.stdout
https://git.samba.org/autobuild.flakey/2012-11-06-0514/samba.stdout
https://git.samba.org/autobuild.flakey/2012-11-06-0713/samba.stdout

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Nov  6 14:24:08 CET 2012 on sn-devel-104

6 years agoldb_secrets_tdb_sync: Add dependency on gssapi.
Jelmer Vernooij [Tue, 6 Nov 2012 00:25:00 +0000 (01:25 +0100)]
ldb_secrets_tdb_sync: Add dependency on gssapi.

This is required when building with the system heimdal, as
gssapi/gssapi_spnego.h is included.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov  6 05:12:28 CET 2012 on sn-devel-104

6 years agodsdb: Rename _res argument to _result.
Jelmer Vernooij [Tue, 6 Nov 2012 00:24:59 +0000 (01:24 +0100)]
dsdb: Rename _res argument to _result.

Newer versions of heimdal include a macro that is unfortunately named
'_res'. This change prevents the clash.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
6 years agoprovision: Make dsacl2fsacl() take a security.dom_sid, not str
Andrew Bartlett [Mon, 5 Nov 2012 09:44:14 +0000 (20:44 +1100)]
provision: Make dsacl2fsacl() take a security.dom_sid, not str

Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov  6 00:12:43 CET 2012 on sn-devel-104

6 years agoprovision: Also walk directories checking ACLs
Andrew Bartlett [Mon, 5 Nov 2012 04:22:02 +0000 (15:22 +1100)]
provision: Also walk directories checking ACLs

The directory walk was missed due to a cut-and-paste error.

Andrew Bartlett

Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
6 years agowintest: Try harder to recover from apparent failure to dcpromo
Andrew Bartlett [Mon, 5 Nov 2012 08:35:51 +0000 (19:35 +1100)]
wintest: Try harder to recover from apparent failure to dcpromo

Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
6 years agoselftest: check that samba-tool gpo works for basic operations
Andrew Bartlett [Mon, 5 Nov 2012 01:57:17 +0000 (12:57 +1100)]
selftest: check that samba-tool gpo works for basic operations

Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>