Stefan Metzmacher [Thu, 15 Nov 2018 12:37:58 +0000 (13:37 +0100)]
wafsamba: simplify SAMBA_PIDL_TABLES() rule
The builddir is not bin/default/ instead of just bin/,
so we don't need to strip 'default/' anymore.
And the '--output ${TGT}' part is not really implemented.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 13 Nov 2018 16:04:39 +0000 (17:04 +0100)]
wafsamba: remove unused Build.BuildContext.pre_build overload
This is not needed and also fixed the interaction between
vim and ':make'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 15 Nov 2018 10:41:07 +0000 (11:41 +0100)]
wafsamba: remove the need of BuildContext.bdir
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 15 Nov 2018 11:51:37 +0000 (12:51 +0100)]
wafsamba: remove hardcoded '..' and '/default/' from SAMBA_PIDL()
This makes it possible to remove some move waf 1.8 compat code.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 15 Nov 2018 18:35:27 +0000 (19:35 +0100)]
wafsamba: add a fix for broken python threading if just one job is forced
This fixes random failures during (at least) configure on AIX.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 13 Nov 2018 14:58:17 +0000 (15:58 +0100)]
wafsamba: fix CHECK_MAKEFLAGS() with waf 2.0.8
Changing Options.options.jobs in the build() hook
is too late in waf 2.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 15 Nov 2018 18:53:41 +0000 (19:53 +0100)]
s4:heimdal_build: make use of libreplace getprogname() replacement
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 14 Nov 2018 01:03:37 +0000 (14:03 +1300)]
dsdb group_audit tests: fix use of strncmp
Replace the uses of:
strncmp(expected, value, strlen(expected))
With:
strcmp(expected, value)
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Thu, 8 Nov 2018 04:34:26 +0000 (17:34 +1300)]
netcmd: Flush replUpToDateVector when restoring offline backup
The replUpToDateVector could be incorrect after an offline backup was
restored. This means replication propagation dampening doesn't work
properly. In the worst case, a singleton DC would have no
replUpToDateVector at all, and so *all* objects created on that DC get
replicated every time a new DRS connection is established between 2 DCs.
This becomes a real problem if you used that singleton DC to create 100K
objects...
This patch flushes the replUpToDateVector when an offline backup gets
restored. We need to do this before we add in the new DC and remove the
old DCs.
Note that this is only a problem for offline backups. The online/rename
backups are received over DRS, and as part of the replication they
receive the latest replUpToDateVector from the DC being backed up.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Thu, 8 Nov 2018 04:07:08 +0000 (17:07 +1300)]
netcmd: Small backup refactor to avoid compatiblity problems
It will be easy to forget that the backupType marker doesn't exist on
v4.9. However, this seems like a dumb reason not to support v4.9
backup-files. Add a wrapper function to avoid potential problems
cropping up in future.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Thu, 8 Nov 2018 03:41:52 +0000 (16:41 +1300)]
netcmd: Add backupType marker to backed-up DB
We are starting to hit restore cases that are only applicable to a
particular type of backup. We already had a marker to differentiate
renames, but differentiating offline backups would also be useful.
Note that this raises a slight compatibility issue for backups created
on v4.9, as the marker won't exist. However, it's only offline backups
we will use this marker for (at the moment), and this option doesn't
exist on v4.9, so there's no problem.
Removing the markers has been refactored out into a separate function to
handle the optional presence of the new marker.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Wed, 7 Nov 2018 23:20:30 +0000 (12:20 +1300)]
tests: Add assertion that replUpToDateVector is present after backup
We noticed that offline backups were missing a replUpToDateVector for
the original DC, if the backup was taken on a singleton DC. This patch
adds an assertion to the existing test-cases to highlight the problem.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Thu, 15 Nov 2018 00:14:48 +0000 (13:14 +1300)]
WHATSNEW: Added samba-tool 'backup offline' and 'groups stats'
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Christof Schmitt [Wed, 14 Nov 2018 22:13:03 +0000 (15:13 -0700)]
smbtorture: Close unused pipe fds in kernel_oplocks8
This fixes a hang of the testcase when hitting an error in the child (e.g.
localdir does not exist)
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 16 21:52:13 CET 2018 on sn-devel-144
Volker Lendecke [Thu, 15 Nov 2018 09:40:50 +0000 (10:40 +0100)]
dsdb: Slightly simplify samdb_check_password
Avoid an "else" where we have the early return
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 14 Nov 2018 20:02:01 +0000 (21:02 +0100)]
lib: Fix CID
1441264 Error handling issues (CHECKED_RETURN)
This is not worth keeping a CID around :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 15 Nov 2018 14:21:36 +0000 (15:21 +0100)]
torture: Fix the 32-bit build
Unfortunately there's no off_t printf specifier as there's one for
size_t. So we have to use intmax_t.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 15 19:45:24 CET 2018 on sn-devel-144
Jeremy Allison [Fri, 9 Nov 2018 22:13:47 +0000 (14:13 -0800)]
s3: VFS: fake_acls: Fix Coverity CID
1435850 Uninitialized pointer read.
map_acl_perms_to_permset() can return an error, check it.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Martin Schwenke [Wed, 14 Nov 2018 03:09:42 +0000 (14:09 +1100)]
ctdb-tests: Make the debug hung script test cope with unreadable stacks
Ideally this would just involve using "test -r". However, operating
system security features may mean that kernel stacks are not readable
even though they appear to be.
Instead, try reading that stack of a process on the test node. If
that succeeds then so should reading the stack of the "stuck" sleep
process in the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13684
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Thu Nov 15 08:15:32 CET 2018 on sn-devel-144
Andreas Schneider [Wed, 2 May 2018 13:57:38 +0000 (15:57 +0200)]
third_party: Update socket_wrapper to version 1.2.1
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 15 04:50:31 CET 2018 on sn-devel-144
Andreas Schneider [Mon, 12 Nov 2018 10:51:17 +0000 (11:51 +0100)]
s4:torture: Use 65520 for maxopenfiles
The socket_wrapper limit is 65535 open sockets.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Fri, 9 Nov 2018 19:23:21 +0000 (11:23 -0800)]
s3: VFS: Remove logically dead code. Coverity CID:
1419117
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 14 21:35:45 CET 2018 on sn-devel-144
Andreas Schneider [Mon, 12 Nov 2018 17:27:44 +0000 (18:27 +0100)]
s3:passdb: Use discard_const_p() in py_passdb
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 14 11:46:06 CET 2018 on sn-devel-144
Andreas Schneider [Mon, 12 Nov 2018 17:20:49 +0000 (18:20 +0100)]
s4:dsdb: Use const char in py_dsdb_garbage_collect_tombstones()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Andreas Schneider [Mon, 12 Nov 2018 17:19:51 +0000 (18:19 +0100)]
s4:librpc: Use discard_const_p for ndr/py_misc
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Andreas Schneider [Mon, 12 Nov 2018 16:19:21 +0000 (17:19 +0100)]
libldb: Fix const char in pyldb
../lib/ldb/pyldb.c: In function ‘PyDict_AsMessage’:
../lib/ldb/pyldb.c:90:22: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
#define PyStr_AsUTF8 PyUnicode_AsUTF8
^~~~~~~~~~~~~~~~
../lib/ldb/pyldb.c:1359:19: note: in expansion of macro ‘PyStr_AsUTF8’
char *key_str = PyStr_AsUTF8(key);
^~~~~~~~~~~~
../lib/ldb/pyldb.c: In function ‘py_ldb_msg_getitem_helper’:
../lib/ldb/pyldb.c:3336:7: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
name = PyStr_AsUTF8(py_name);
^
../lib/ldb/pyldb.c: In function ‘py_ldb_msg_setitem’:
../lib/ldb/pyldb.c:3502:12: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
attr_name = PyStr_AsUTF8(name);
^
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Noel Power [Thu, 25 Oct 2018 16:54:38 +0000 (17:54 +0100)]
CI: Autobuild: Remove build_samba_ad_dc_2_py3 CI job
We now run a purepython3 ad-dc-2 test job, later when the whole
build is running under python3 we will resurrect build_samba_ad_dc_2_py3
but as (build_samba_ad_dc_py2) for python2
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 14 08:20:55 CET 2018 on sn-devel-144
Noel Power [Thu, 25 Oct 2018 16:53:35 +0000 (17:53 +0100)]
CI: Add new CI job for new purepy3-ad-dc-2 autobuild task
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Thu, 25 Oct 2018 16:50:18 +0000 (17:50 +0100)]
script: Add new (temporary) pure python3 ad-dc-2 test
Ideally we want all the tests to run under python3 by default (no
special task for this) and then convert the existing '-py3' tasks
to run the python tests with python3.
However at the moment the convertion process is not ready to do this,
for a while we need to run separate autobuild tasks for this.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Tue, 30 Oct 2018 13:29:13 +0000 (13:29 +0000)]
s4/scripting/bin: gensec_client.update needs bytes
PY3 test was failing as param passed to update was str rather than bytes
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Tue, 30 Oct 2018 13:22:11 +0000 (13:22 +0000)]
python/samba/tests: Ensure samba_dnsupdate called with correct python version
We need to examine the contents of PYTHON env variable which should defined the
python version to be used when running tests.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Tue, 30 Oct 2018 12:51:54 +0000 (12:51 +0000)]
s4/scripting/bin: PY3 convert servicePrincipalName attr to string
res[0]["servicePrincipalName"] is an instance of ldb.bytes in PY3
If we wish to get the string value we need to call the custom
str function which attempts to decode the bytes to 'utf8'
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed by: Noel Power <npower@samba.org>
Noel Power [Thu, 25 Oct 2018 18:10:30 +0000 (19:10 +0100)]
python/samba/tests: PY3 Fix str/bytes issue for json.loads
Python 3.4 seems to need a string
parsed = json.loads (out_jsobj)
File "/usr/lib/python3.4/json/__init__.py", line 312, in loads
s.__class__.__name__))
TypeError: the JSON object must be str, not 'bytes'
however Python 3.5 seems to be happy to consume bytes (or string)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Fri, 12 Oct 2018 16:15:39 +0000 (17:15 +0100)]
python/samba: PY3 fix can't compare string with int
Testing a string against an int value is illegal and
is not necessary in this case, this patch removes the
problematic test.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Thu, 11 Oct 2018 13:36:06 +0000 (14:36 +0100)]
s4/dsdb/tests: PY3 port of samba4.ldap.acl.python
convert various attribute results to str so assert function
as expected for tests.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Wed, 10 Oct 2018 20:48:38 +0000 (21:48 +0100)]
s4/dsdb/tests/python: PY3 port samba4.ldap.secdesc
User str/bytes as needed for various asserts
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Thu, 1 Nov 2018 14:20:20 +0000 (14:20 +0000)]
s4/dsdb/tests/python: PY3 port samba4.ldap_schema.python
+ Misc attributes needed to be converted to strings from bytes to
ensure various asserts work as expected.
+ Fix ndr_unpack call which needs bytes not str
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Wed, 10 Oct 2018 18:46:42 +0000 (19:46 +0100)]
python/samba/netcmd: PY3 port samba4.blackbox.ldapcmp_restore
Convert attribute from bytes to str
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Wed, 10 Oct 2018 18:19:24 +0000 (19:19 +0100)]
python/samba/netcmd: PY3 port samba.tests.samba_tool.edit
Need to write bytes to file
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Wed, 10 Oct 2018 17:45:32 +0000 (18:45 +0100)]
s3/torture: PY3 port samba.ntlm_auth
Use bytes in test rather than str
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Wed, 10 Oct 2018 16:35:53 +0000 (17:35 +0100)]
python/samba/tests: PY3 port samba.tests.blackbox.netads_json
convert output from check_output to text
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Tue, 30 Oct 2018 13:25:59 +0000 (13:25 +0000)]
python/samba/tests: Port samba.tests.blackbox.samba_dnsupdate for PY2/PY3
Make sure either the output of tests and/or the item we are searching match
in type. Output of cmd in python3 is bytes, depending on the was the test is
written it may be easier just to convert all output or just a single string
that is used in the test
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Wed, 10 Oct 2018 16:14:39 +0000 (17:14 +0100)]
testprogs/blackbox: PY3 bulk change for python scripts use correct python
Change all instance where python scripts are called so that the
correct python version as specified by $PYTHON is used
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Wed, 10 Oct 2018 15:34:52 +0000 (16:34 +0100)]
python/samba/provision: PY3 port samba4.dlz_bind9.version
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 12 Nov 2018 09:21:15 +0000 (10:21 +0100)]
ctdb: Fix an out of bound array access
Found by cppcheck.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13680
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 12 Nov 2018 09:17:37 +0000 (10:17 +0100)]
lib:util Always initialize start and space
Found by cppcheck.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13680
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 12 Nov 2018 09:16:06 +0000 (10:16 +0100)]
libgpo: Make sure status is intialized
Found by cppcheck.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13680
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 12 Nov 2018 09:13:51 +0000 (10:13 +0100)]
librpc:ndr: Initialize inblob
Found by cppcheck.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13680
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 12 Nov 2018 09:09:23 +0000 (10:09 +0100)]
s3:rpcclient: Initialize domain_name
This could be passed uninitialized to dcerpc_netr_DsRGetDCName()
Found by cppcheck.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13680
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Mon, 12 Nov 2018 19:37:31 +0000 (11:37 -0800)]
s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. CID:
1433607
Firstly, make the exit condition from the loop explicit (we must
never write into byte n, where n >= sizeof(name->name).
Secondly ensure exiting from the loop that n==MAX_NETBIOSNAME_LEN,
as this is the sign of a correct NetBIOS name encoding (RFC1002)
in order to properly read the NetBIOS name type (which is always
encoded in byte 16 == name->name[15]).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Nov 13 20:54:56 CET 2018 on sn-devel-144
Ralph Boehme [Wed, 7 Nov 2018 13:00:25 +0000 (14:00 +0100)]
libcli/smb: don't overwrite status code
The original commit
c5cd22b5bbce724dcd68fe94320382b3f772cabf from bug
9175 never worked, as the preceeding signing check overwrote the status
variable.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 13 17:28:45 CET 2018 on sn-devel-144
Ralph Boehme [Tue, 13 Nov 2018 11:08:10 +0000 (12:08 +0100)]
s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works
This adds a simple test that verifies that after having set
smbXcli_session_set_disconnect_expired() a session gets disconnected
when it expires.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 8 Nov 2018 16:31:41 +0000 (17:31 +0100)]
s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd
We talloc_move() session_info to session->global->auth_session_info
which sets session_info to NULL.
This means security_session_user_level(NULL, NULL) will always return
SECURITY_ANONYMOUS so we never sign the session setup response.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 13 14:22:46 CET 2018 on sn-devel-144
Ralph Boehme [Fri, 9 Nov 2018 11:39:41 +0000 (12:39 +0100)]
s4:torture/smb2/session: session reauth response must be signed
This test checks that a session setup reauth is signed even when neither
client nor server require signing.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 9 Nov 2018 11:19:16 +0000 (12:19 +0100)]
s4:torture/smb2/session: add force_signing to test_session_expire1i
Existing callers pass true, so no change in behaviour. The next commit
adds an additional test that passes force_signing=false.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 9 Nov 2018 14:34:24 +0000 (15:34 +0100)]
s4:torture/smb2/session: require a signed session setup reauth response
All existing tests using this function require signing, so currently
this passes. A subsequent commit adds a test where neither client nor
server require signing and that's where this trap will explode.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Thu, 8 Nov 2018 14:42:46 +0000 (15:42 +0100)]
s4:torture/smb2/session: invalidate credential cache
Invalidate credential cache before connecting to the server, otherwise
we will reuse the credentials from the credential cache populated by the
preceeding tests.
Also invalidate it at the end, otherwise subsequent tests might run into
problems if the credentials expire while authenticating.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Sat, 10 Nov 2018 21:00:04 +0000 (22:00 +0100)]
libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming()
This can be used by the upper layers to force checking a response is
signed. It will be used to implement verification of session setup
reauth responses in a torture test. That comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Sat, 10 Nov 2018 20:56:28 +0000 (21:56 +0100)]
libcli/smb: defer singing check a little bit
This allows adding an additional condition to the if check where the
condition state may be modified in the "if (opcode ==
SMB2_OP_SESSSETUP)" case directly above.
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 9 Nov 2018 14:26:44 +0000 (15:26 +0100)]
libcli/smb: maintain require_signed_response in smbXcli_req_state
Not used for now, that comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 9 Nov 2018 14:17:19 +0000 (15:17 +0100)]
libcli/smb: add smb2cli_session_require_signed_response()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Fri, 9 Nov 2018 11:33:29 +0000 (12:33 +0100)]
s3:selftest: also run smb2.session torture testsuite against ad_member
The next commit adds a subtest to the smb2.session testsuite that
requires Kerberos (ad_dc would work), but where neither SMB2 server or
client must require signing (ad_dc, being an AD DC, requires signing).
The ad_member environment supports Kerberos with the SMB2 server not
mandating signing, that'll do.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Thu, 8 Nov 2018 15:24:45 +0000 (16:24 +0100)]
s3:selftest: split "raw.session" and "smb2.session"
The next commit is going to add a testsuite to "smb2.session".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Martin Schwenke [Mon, 12 Nov 2018 23:05:21 +0000 (10:05 +1100)]
replace: Add check for variable program_invocation_short_name
It appears that wafsamba's configure() defines _GNU_SOURCE
unconditionally, so checking _GNU_SOURCE isn't enough to know if this
variable is available.
For example, it isn't available on AIX with the xlc compiler:
[ 6/10] Compiling lib/replace/replace.c
...
"../../lib/replace/replace.c", line 991.16: 1506-045 (S) Undeclared identifier program_invocation_short_name.
Instead, add a configure check for program_invocation_short_name and
use it.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Nov 13 11:11:11 CET 2018 on sn-devel-144
Andreas Schneider [Mon, 12 Nov 2018 14:47:46 +0000 (15:47 +0100)]
nsswitch: Handle possible NULL return value of getprogname()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Mon, 12 Nov 2018 14:31:09 +0000 (15:31 +0100)]
lib:replace: Do not leak the file pointer in rep_getprogname()
And return NULL on error.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 9 Nov 2018 06:55:40 +0000 (07:55 +0100)]
smbd: Use wire_perms_to_unix in unix_perms_from_wire
Same code, less lines
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 13 04:10:54 CET 2018 on sn-devel-144
Volker Lendecke [Mon, 12 Nov 2018 15:21:55 +0000 (16:21 +0100)]
winbindd: Fix crash when taking profiles
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13629
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Nov 12 20:20:52 CET 2018 on sn-devel-144
Andreas Schneider [Fri, 2 Nov 2018 17:58:25 +0000 (18:58 +0100)]
pam_winbind: Set the request type as client name
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Nov 12 13:44:09 CET 2018 on sn-devel-144
Andreas Schneider [Mon, 5 Nov 2018 07:16:23 +0000 (08:16 +0100)]
nss_wins: Set client process name
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 5 Nov 2018 07:14:48 +0000 (08:14 +0100)]
nss_winbind: Set the client process name
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 5 Nov 2018 07:11:27 +0000 (08:11 +0100)]
krb5_plugin: Set the wbclient process name
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 2 Nov 2018 17:57:05 +0000 (18:57 +0100)]
wbclient: Add wbcSetClientProcessName()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 5 Nov 2018 10:56:21 +0000 (11:56 +0100)]
s3:winbind: Log client process name for PAM auth
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 5 Nov 2018 10:55:46 +0000 (11:55 +0100)]
s3:winbind: Log client process name in winbind_misc
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 2 Nov 2018 17:56:29 +0000 (18:56 +0100)]
s3:winbind: Log client process name
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 2 Nov 2018 17:45:26 +0000 (18:45 +0100)]
s3:winbindd: Also log the process name in winbindd
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 2 Nov 2018 17:39:26 +0000 (18:39 +0100)]
wbclient: Send the client process name talking to winbind
This is for better debugging messages.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 2 Nov 2018 17:04:28 +0000 (18:04 +0100)]
lib:replace: Add getprogname()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Justin Stephenson [Thu, 8 Nov 2018 15:57:48 +0000 (10:57 -0500)]
s4-auth-tests: Fix test_kerberos with MIT krb
When a keytab of type MEMORY is used, the MIT kerberos krb5_kt_add_entry()
library function adds a keytab entry to the beginning of the keytab table,
instead of the end.
This adds a MIT kerberos conditional to reverse iterate through
the keytable entries to address this.
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Sat Nov 10 12:48:02 CET 2018 on sn-devel-144
Volker Lendecke [Fri, 2 Nov 2018 19:48:07 +0000 (20:48 +0100)]
lib: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 10 02:19:29 CET 2018 on sn-devel-144
Volker Lendecke [Fri, 2 Nov 2018 20:28:59 +0000 (21:28 +0100)]
libgpo: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 27 Oct 2018 19:50:34 +0000 (21:50 +0200)]
idmap: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 2 Nov 2018 19:54:37 +0000 (20:54 +0100)]
idmap: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 26 Oct 2018 13:43:30 +0000 (15:43 +0200)]
idmap: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 2 Nov 2018 19:58:59 +0000 (20:58 +0100)]
passdb: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 2 Nov 2018 19:58:59 +0000 (20:58 +0100)]
passdb: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 26 Oct 2018 13:43:30 +0000 (15:43 +0200)]
passdb: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 26 Oct 2018 13:43:30 +0000 (15:43 +0200)]
passdb: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 26 Oct 2018 12:15:43 +0000 (14:15 +0200)]
libcli: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 27 Oct 2018 20:01:03 +0000 (22:01 +0200)]
winbind: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 26 Oct 2018 06:25:14 +0000 (08:25 +0200)]
winbind: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 26 Oct 2018 06:25:14 +0000 (08:25 +0200)]
winbind: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 6 Nov 2018 12:24:14 +0000 (13:24 +0100)]
vfs_fruit: validation of writes on AFP_AfpInfo stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 6 Nov 2018 11:34:17 +0000 (12:34 +0100)]
vfs_fruit: move a comment to the right place
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 6 Nov 2018 11:24:54 +0000 (12:24 +0100)]
s4:torture/vfs/fruit: torture writing AFP_AfpInfo stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Wuerthner [Fri, 9 Nov 2018 08:01:29 +0000 (09:01 +0100)]
nsswitch: Fix CID
1441070 Error handling issues (CHECKED_RETURN)
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Wuerthner [Fri, 9 Nov 2018 07:58:31 +0000 (08:58 +0100)]
nsswitch: Fix CID
1441072 Error handling issues (CHECKED_RETURN)
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Tim Beale [Thu, 8 Nov 2018 23:17:40 +0000 (12:17 +1300)]
mdb_util: Better error message if lmdb-utils not installed
mdb_copy() was dutifully checking the PATH for the mdb_copy executable,
then, if it didn't find it, blindly proceeding anyway and trying to run
a non-existent executable. This resulted in a cryptic error:
ERROR(<type 'exceptions.OSError'>): uncaught exception - [Errno 2] No
such file or directory
Add in an extra check that we actually find the executable and raise a
better human-readable exception if we don't.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov 9 21:07:47 CET 2018 on sn-devel-144
Tim Beale [Thu, 8 Nov 2018 22:49:12 +0000 (11:49 +1300)]
selftest: Fix backup testenv creation on certain host machines
When we created the backup-file for the restoredc/renamedc/labdc
testenvs we weren't explicitly a --configfile on the samba-tool command.
This meant the command tried to use the smb.conf form the default
install location, i.e. /usr/local/samba/etc/smb.conf. On the gitlab CI
runner, there's no samba installed, so it ends up using the default
settings, which is fine. However, if the host machine had an invalid
smb.conf installed there, creating the testenv would fail with an error
like:
ERROR(runtime): uncaught exception - Unable to load default file
File "bin/python/samba/netcmd/__init__.py", line 184, in _run
return self.run(*args, **kwargs)
File "bin/python/samba/netcmd/domain_backup.py", line 222, in run
lp = sambaopts.get_loadparm()
File "bin/python/samba/getopt.py", line 94, in get_loadparm
self._lp.load_default()
We can avoid this by always explictly specifying the backupfromdc's
smb.conf when creating the backup file.
Likewise, labdc/customdc also need the config specified when the admin
password is reset.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>