Volker Lendecke [Tue, 6 Jan 2015 15:55:15 +0000 (15:55 +0000)]
vfs_fruit: fix base_fsp name conversion
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Richard Sharpe [Wed, 24 Dec 2014 01:33:34 +0000 (17:33 -0800)]
Add a script-only idmap module.
In this third version I have cleaned up some unused variable warnings that
only the Samba 3 build found and added a man page based on the idmap_tdb2
man page. I have also added support for ID_TYPE_BOTH mappings and replaced
calls to popen with something safer. Also, I removed some non-PC macros.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 8 04:30:32 CET 2015 on sn-devel-104
Noel Power [Thu, 2 Oct 2014 15:13:18 +0000 (16:13 +0100)]
allow net ads join accept new osServicePack parameter
osServicePack paramater allows the default behaviour ( which is to use
the samba version string as the operatingSystemServicePack attribute )
to be overridden
Additionally make sure if blank string is passed that it is treated
as attribute deletion. This is necessary as values for the os attributes
are eventually passed to ads_modlist_add if the value is "" then the
attempt to add this attribute fails in the underlying ldap
'ldap_modfiy_ext_s' function. In this case we need to pass NULL as the
value to force deletion of the ldap attribute
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 8 00:18:05 CET 2015 on sn-devel-104
Andreas Schneider [Wed, 7 Jan 2015 16:12:54 +0000 (17:12 +0100)]
s3-libads: Fix a possible segfault in kerberos_fetch_pac().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11037
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Günther Deschner [Wed, 17 Dec 2014 12:48:53 +0000 (13:48 +0100)]
vfs: Add glusterfs manpage.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10240
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jan 7 20:57:57 CET 2015 on sn-devel-104
Volker Lendecke [Mon, 5 Jan 2015 15:34:29 +0000 (16:34 +0100)]
passdb: Cache output from pdb_[ug]id_to_sid
A customer complained that after upgrading to Samba 4.0 fileserver
its LDAP server was flooded with uid2sid and gid2sid request for id
0. With 4.0 we do a lot more user-space ACL checking which involves
uid2sid/gid2sid. This caches the corresponding results.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 7 12:00:10 CET 2015 on sn-devel-104
Garming Sam [Tue, 6 Jan 2015 23:18:55 +0000 (12:18 +1300)]
selftest: fix dns_host_file in samba3 target
When setting up s3member twice in a row, the join ending up attempting kerberos
and using an old ticket in the st folder, failing with bad credentials.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 7 03:58:10 CET 2015 on sn-devel-104
Ralph Boehme [Tue, 6 Jan 2015 23:56:16 +0000 (15:56 -0800)]
fixup: check for NULL pointers
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 5 Jan 2015 15:01:16 +0000 (16:01 +0100)]
s4:rpc_server/lsa: remove msDS-TrustForestTrustInfo if FOREST_TRANSITIVE is cleared
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 6 22:50:23 CET 2015 on sn-devel-104
Stefan Metzmacher [Mon, 5 Jan 2015 14:59:31 +0000 (15:59 +0100)]
s4:rpc_server/lsa: allow LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE to be changed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Christof Schmitt [Fri, 19 Dec 2014 19:24:53 +0000 (12:24 -0700)]
winbind: Retry after SESSION_EXPIRED error in ping-dc
Trying to establish a netlogon connection when the service ticket
expires might fail with NT_STATUS_NETWORK_SESSION_EXPIRED. The
underlying client code already marks the session as invalid, so retry
the netlogon connect in this case.
Signed-off-by: Christof Schmit <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 6 02:58:57 CET 2015 on sn-devel-104
Volker Lendecke [Wed, 31 Dec 2014 13:27:03 +0000 (14:27 +0100)]
smbd: Properly handle EINTR in vfs_aio_fork
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 31 Dec 2014 13:26:43 +0000 (14:26 +0100)]
smbd: Use msghdr.[ch] in vfs_aio_fork
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 31 Dec 2014 13:19:13 +0000 (14:19 +0100)]
lib: Use msghdr_prep_recv_fds in unix_msg
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 31 Dec 2014 13:18:59 +0000 (14:18 +0100)]
lib: Add msghdr_prep_recv_fds
This will prepare a msghdr for receiving fd's. Same pattern as before: First
get the buffer size, then fill in msghdr.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 31 Dec 2014 12:33:48 +0000 (13:33 +0100)]
lib: Use msghdr_extract_fds in unix_msg
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 31 Dec 2014 12:14:41 +0000 (13:14 +0100)]
lib: Add msghdr_extract_fds
This is a copy of the extract_fd_array_from_msghdr routine in unix_msg.c, with
a similar use pattern: First call it without an output array to get the length
and then call it a second time to actually fill in the array.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 31 Dec 2014 12:03:24 +0000 (13:03 +0100)]
smbd: Use msghdr_prep_fds in vfs_aio_fork
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 30 Dec 2014 14:05:02 +0000 (14:05 +0000)]
lib: Use msghdr in unix_msg
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 30 Dec 2014 13:36:46 +0000 (13:36 +0000)]
lib: Add msghdr.[ch]
This is a little set of routines to deal with the ugly fd-passing macros.
This patch is the first step assisting the creation of msghrds for sending fds.
Receiving fd helpers will follow later.
The basic idea behind these routines is that they fill a variable-sized buffer.
They are supposed to be called twice per msghdr preparation. First with a
0-sized NULL output buffer to calculate the required bufsize, and then a second
time filling in the buffer as such.
This does not take care of the old msg_accrights way of passing file
descriptors. CMSG/SCM_RIGHTS is standardized for quite a while now, and I
believe this intreface can be made to also take care of msg_accrights if
needed.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 30 Dec 2014 11:26:16 +0000 (12:26 +0100)]
lib: unix_dgram_msg does not need "num_fds"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 31 Dec 2014 09:39:25 +0000 (10:39 +0100)]
torture3: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Dec 2014 09:43:19 +0000 (09:43 +0000)]
s3:winbindd: improve logic to use CLDAP for a given domain.
As an AC Domain Controller we should try CLDAP for active directory domains.
E.g. FreeIPA domains doesn't provide NBT at all...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jan 5 19:23:40 CET 2015 on sn-devel-104
Stefan Metzmacher [Tue, 23 Dec 2014 09:43:03 +0000 (09:43 +0000)]
s3:winbindd: mark our primary as active_directory if possible
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 23 Dec 2014 11:09:04 +0000 (11:09 +0000)]
libcli/netlogon: We need to handle a bug in FreeIPA (at least <= 4.1.2).
They include the ip address information without setting
NETLOGON_NT_VERSION_5EX_WITH_IP, while using
ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX instead of
ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 24 Dec 2014 12:58:12 +0000 (13:58 +0100)]
s3:passdb: fix logic in pdb_set_pw_history()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10940
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jan 5 16:51:30 CET 2015 on sn-devel-104
Stefan Metzmacher [Wed, 31 Dec 2014 23:23:35 +0000 (00:23 +0100)]
Happy New Year 2015!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jan 1 02:47:59 CET 2015 on sn-devel-104
Garming Sam [Mon, 29 Dec 2014 20:36:37 +0000 (09:36 +1300)]
torture: NULL out after talloc_free
This appeared as a segmentation fault in rpc.spoolss.printer.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 30 02:49:01 CET 2014 on sn-devel-104
Volker Lendecke [Sat, 27 Dec 2014 16:51:32 +0000 (16:51 +0000)]
lib: Fix a comment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 27 Dec 2014 16:48:55 +0000 (16:48 +0000)]
lib: Use iov_advance in write_data_iov
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 27 Dec 2014 16:39:08 +0000 (16:39 +0000)]
lib: Use iov_advance in writev_handler
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 27 Dec 2014 13:16:20 +0000 (13:16 +0000)]
lib: Add iov_advance
This chops off n bytes from an iovec array. Used for short writev's
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 27 Dec 2014 12:24:13 +0000 (12:24 +0000)]
lib: iov_buf does not need talloc.h anymore
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Dec 2014 08:52:42 +0000 (09:52 +0100)]
lib: Use talloc_memdup in messaging_rec_dup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Dec 28 04:20:48 CET 2014 on sn-devel-104
Volker Lendecke [Mon, 15 Dec 2014 11:09:11 +0000 (12:09 +0100)]
lib: Simplify check_log_size
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 26 Dec 2014 19:41:23 +0000 (19:41 +0000)]
lib: Use talloc_zero_array instead of memset
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Dec 27 01:27:08 CET 2014 on sn-devel-104
Richard Sharpe [Fri, 26 Dec 2014 14:42:40 +0000 (06:42 -0800)]
Fix a comment to indicate that TALLOC_FREE must be used to free an allocated array of strings.
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Dec 26 22:54:51 CET 2014 on sn-devel-104
Christof Schmitt [Mon, 22 Dec 2014 23:19:47 +0000 (15:19 -0800)]
winbind: Retry LogonControl RPC in ping-dc after session expiration
When the underlying session expires, the LogonControl RPC call used in
ping-dc returns NT_STATUS_IO_DEVICE_ERROR. Retry once in this case,
instead of returning the error to the caller.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 23 02:46:34 CET 2014 on sn-devel-104
Garming Sam [Wed, 3 Dec 2014 22:53:12 +0000 (11:53 +1300)]
dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable
This includes additional tests based directly on the docs, rather than
simply testing our internal implementation in client and server contexts,
that create a user and groups.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11022
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming-Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Dec 22 17:17:02 CET 2014 on sn-devel-104
Andrew Bartlett [Fri, 19 Dec 2014 02:14:22 +0000 (15:14 +1300)]
dns.py: Always remove the test zone in tearDown()
Change-Id: Ic6d6c51579f8859b4e396179123974382c253bf7
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Dec 22 08:21:22 CET 2014 on sn-devel-104
Andrew Bartlett [Fri, 19 Dec 2014 01:42:08 +0000 (14:42 +1300)]
dsdb: Ignore errors from search in dns_notify module
This ensures the error messages are unchanged
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 19 Dec 2014 01:41:40 +0000 (14:41 +1300)]
dsdb: Use a fixed set of attributes in search in dns_notify module
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 19 Dec 2014 01:40:28 +0000 (14:40 +1300)]
dsdb: Use ldb_attr_cmp() for comparing objectclass names
This is the same as strcasecmp, but it is best to remain consistent.
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Tue, 16 Dec 2014 17:04:13 +0000 (18:04 +0100)]
dns.py: Test dns server reload zones from DSDB when are created or deleted
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Samuel Cabrero [Tue, 16 Dec 2014 09:58:50 +0000 (10:58 +0100)]
s4-dns: Reload DNS zones from dsdb when zones are modified through RPC or DRS
Setup a RPC management call on the internal DNS server triggered a new LDB
module which sniffs dnsZone object add, delete and modify operations. This
way the notification is triggered when zones are modified either from RPC or
replicated by inbound DRS.
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
(shadowed variable error corrected by abartlet)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 19 Dec 2014 01:58:01 +0000 (14:58 +1300)]
selftest: Run samba.tests.dns in :local environment so it can access credentials
This allows it to access the machine account, and use that to modify the DNS zones
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 19 Dec 2014 03:02:40 +0000 (16:02 +1300)]
lib/ldb-samba: Add comment dicouraging use of schemaUpgradeInProgress
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Dec 22 02:42:42 CET 2014 on sn-devel-104
Andrew Bartlett [Fri, 19 Dec 2014 02:46:30 +0000 (15:46 +1300)]
dsdb: Only parse SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL as a DN
This avoids trying to parse some other rule, like bitwise and, that may be applied to this attribute
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Mon, 10 Nov 2014 15:06:45 +0000 (16:06 +0100)]
s4:dsdb: Fix not freed temp memory context
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Mon, 27 Oct 2014 17:21:04 +0000 (18:21 +0100)]
ldb-samba-tests: Add tests for transitive matching rule
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Samuel Cabrero [Fri, 24 Oct 2014 15:52:47 +0000 (17:52 +0200)]
ldb-samba: Implement transitive extended matching
Documented in [MS-ADTS] section 3.1.1.3.4.4.3 LDAP_MATCHING_RULE_TRANSITIVE_EVAL
This allows a search filter such as:
member:1.2.840.113556.1.4.1941:=cn=user,cn=users,dc=samba,dc=example,dc=com
This searches not only the member attribute, but also any member
attributes that point at an object with this member in them. All the
various DN syntax types are supported, not just plain DNs.
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
(abartlet: Fixed compile error: return makes integer from pointer without a cast)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Samuel Cabrero [Thu, 23 Oct 2014 14:47:07 +0000 (16:47 +0200)]
dsdb: Define syntax access point oid string as a macro
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 19 Dec 2014 02:25:03 +0000 (15:25 +1300)]
ldb: bump to version 1.1.19
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Samuel Cabrero [Wed, 5 Nov 2014 10:02:25 +0000 (11:02 +0100)]
ldb: Allow to register extended match rules
This allows to extend LDB by registering extended match rules from outside
the library itself. This is necessary when the implementation requires
knowledge about syntaxes implemented in samba extensions, like the
LDAP_MATCHING_RULE_TRANSITIVE_EVAL match.
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
Singed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 19 Dec 2014 02:39:59 +0000 (15:39 +1300)]
dsdb: Improve code clarity for ldb_extended_dn_in_openldap mode
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Tue, 28 Oct 2014 10:53:01 +0000 (11:53 +0100)]
s4:dsdb/extended_dn_in: Fix DNs and filter expressions in extended match ops
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Disseldorp [Wed, 3 Dec 2014 17:44:37 +0000 (18:44 +0100)]
torture/spoolss: issue GetJob after StartDocPrinter
This reflects Windows XP spoolss client behaviour. This fails if the job
is not yet instantiated on the server, and prior to the bso#10984 fix
resulted in an unsable DCERPC pipe.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Dec 19 18:03:20 CET 2014 on sn-devel-104
David Disseldorp [Wed, 17 Dec 2014 15:54:42 +0000 (16:54 +0100)]
spoolss: clear PrinterInfo on GetPrinter error
If an error is returned without zeroing a pre-allocated @info pointer,
then marshalling of the response will fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Disseldorp [Wed, 17 Dec 2014 15:47:50 +0000 (16:47 +0100)]
spoolss: clear info on GetPrinterDriverDirectory error
If an error is returned without zeroing a pre-allocated @info pointer,
then marshalling of the response will fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Disseldorp [Wed, 17 Dec 2014 14:54:22 +0000 (15:54 +0100)]
spoolss: clear info on GetPrintProcessorDirectory error
If an error is returned without zeroing a pre-allocated @info pointer,
then marshalling of the response will fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Disseldorp [Wed, 17 Dec 2014 14:29:52 +0000 (15:29 +0100)]
spoolss: clear FormInfo on GetForm error
In handling a spoolss GetForm request, the handler may return an
immediate error if one of the input parameters is invalid. If this is
done without zeroing the pre-allocated @info pointer, then marshalling
of the response will fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Disseldorp [Wed, 17 Dec 2014 14:21:33 +0000 (15:21 +0100)]
spoolss: clear DriverInfo on GetPrinterDriver2 error
In handling a spoolss GetPrinterDriver2 request, the handler may
return an immediate error if one of the input parameters is invalid.
If this is done without zeroing the pre-allocated @info pointer, then
marshalling of the response will fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Disseldorp [Thu, 4 Dec 2014 19:03:39 +0000 (20:03 +0100)]
spoolss: clear JobInfo on GetJob error
In handling a spoolss GetJob request, the _spoolss_GetJob() handler may
return an immediate error if one of the input parameters is invalid. If
this is done without zeroing the pre-allocated @info pointer, then
api_spoolss_GetJob() will attempt to marshall @info, which in the case
of an @offered value of zero results in a marshalling error:
ndr_push_error(7): Bad subcontext (PUSH) content_size 64 is larger
than size_is(0)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 15 Dec 2014 15:48:27 +0000 (16:48 +0100)]
s4:kdc: add aes key support for trusted domains
We have a look at "msDS-SupportedEncryptionTypes" and >= DS_DOMAIN_FUNCTION_2008
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Dec 19 15:39:40 CET 2014 on sn-devel-104
Stefan Metzmacher [Mon, 15 Dec 2014 15:47:50 +0000 (16:47 +0100)]
s4:rpc_server/lsa: fix segfault in check_ft_info()
This is triggered by lsa_lsaRSetForestTrustInformation()
with ForestTrustInfo elements using FOREST_TRUST_TOP_LEVEL_NAME.
The nb_name variable was uninitialized and dereferenced without checking.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 15 Dec 2014 15:37:17 +0000 (16:37 +0100)]
s4:rpc_server/lsa: remove unused allow_warnings=True
We compile without warnings now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 15 Dec 2014 15:33:38 +0000 (16:33 +0100)]
s4:rpc_server/lsa: remove trustAuthIncoming/trustAuthOutgoing when the related flag is removed.
When LSA_TRUST_DIRECTION_INBOUND or LSA_TRUST_DIRECTION_OUTBOUND flags is cleared
we should also remove the related credentials.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 15 Dec 2014 15:03:49 +0000 (16:03 +0100)]
s4:rpc_server/lsa: pass the correct variable to setInfoTrustedDomain_base()
This requires 'struct lsa_policy_state', we now pass this directly
instead of a instead of an opaque 'struct dcesrv_handle'.
dcesrv_lsa_SetInformationTrustedDomain() passes in a 'struct dcesrv_handle'
with 'struct lsa_trusted_domain_state' before, which results in segfaults.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 15:57:49 +0000 (15:57 +0000)]
s3:pdb_samba_dsdb: use SEC_CHAN_DNS_DOMAIN in pdb_samba_dsdb_get_trusteddom_creds()
If both ends have a dns domain, we can use SEC_CHAN_DNS_DOMAIN in order to match
a Windows DC.
For kerberos we still need to use MY_NETBIOS_DOMAIN$@REMOTE_REALM.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 15:06:56 +0000 (15:06 +0000)]
s3:pdb_samba_dsdb: add pdb_samba_dsdb_get_trusteddom_creds
We have the password as raw UTF16 blob, which might not be
valid utf16, so we need to use cli_credentials_set_utf16_password().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 17 Dec 2014 13:05:45 +0000 (13:05 +0000)]
s3:winbindd: make use of cli_rpc_pipe_open_schannel_with_creds()
This way we pass down enough information for SEC_CHAN_DNS_DOMAIN to work.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 17 Dec 2014 08:48:38 +0000 (08:48 +0000)]
s3:winbindd: make use of rpccli_{create,setup}_netlogon_creds_with_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 23:17:52 +0000 (23:17 +0000)]
s3:winbindd: we only need a an netlogon connection to a rwdc if we're a rodc ourself
If we're a member or RWDC there's no need to require talking to a rwdc,
an rodc will forward the request if required.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 23:17:52 +0000 (23:17 +0000)]
s3:winbindd: make sure we try to use NCACN_IP_TCP in cm_connect_netlogon
We need to call init_dc_connection_rpc() before we can decide if we want to try
NCACN_IP_TCP.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 17 Dec 2014 09:19:49 +0000 (09:19 +0000)]
s3:rpc_client: add cli_rpc_pipe_open_schannel_with_creds() helper function
This will simplify the callers and add potential support for SEC_CHAN_DNS_DOMAIN
as cli_credentials_get_realm() will return the correct value compared to
cli_credentials_get_domain().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 17 Dec 2014 08:40:49 +0000 (08:40 +0000)]
s3:cli_netlogon: add rpccli_{create,setup}_netlogon_creds_with_creds() helper functions
This simplifies the callers, then can just pass in a cli_credentials structure.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 13:58:11 +0000 (13:58 +0000)]
auth/credentials: add cli_credentials_set_utf16_password()
We need a way to initialize the cli_credentials from the raw utf16 blob,
which might not be completely valid utf16, which means the conversion
from CH_UTF16MUNGED to CH_UTF8 might loose information.
This would result in an invalid nt_hash, when we convert back
from CH_UTF8 to CH_UTF16LE.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 21:49:05 +0000 (21:49 +0000)]
auth/gensec: add support for SEC_CHAN_DNS_DOMAIN to schannel_update()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 17 Dec 2014 18:42:55 +0000 (18:42 +0000)]
auth/gensec: make sure we keep a DCERPC_AUTH_TYPE_SCHANNEL backend if required
Even with CRED_MUST_USE_KERBEROS we should keep the DCERPC_AUTH_TYPE_SCHANNEL
backend arround, this can only be specified explicitely by the caller
and cli_credentials_get_netlogon_creds() != NULL is the strong indication
that the caller is using DCERPC_AUTH_TYPE_SCHANNEL *now*.
With trusts against AD domain we can reliable use kerberos and netlogon
secure channel for authentication.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 10 Dec 2014 14:03:55 +0000 (14:03 +0000)]
nsswitch/wbinfo: allow 'wbinfo --ping-dc --domain=SOMEDOMAIN'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 10 Dec 2014 14:02:18 +0000 (14:02 +0000)]
nsswitch: allow passing the domain name to wbcPingDC[2]()
winbindd already supports this.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 11:27:21 +0000 (11:27 +0000)]
s3:winbindd: use find_domain_from_name_noinit() in winbindd_ping_dc_send()
We should not try to connect to the given domain from within the winbindd parent.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 10 Dec 2014 12:25:55 +0000 (12:25 +0000)]
s3:winbindd: report our own name for PING_DC and internal domains
This means "wbinfo --ping-dc" works fine on a DC.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Thu, 18 Dec 2014 05:37:28 +0000 (06:37 +0100)]
wafsamba: check for rpath compiler/linker flags
Older SunOS linker only support -Wl,-R,/path instead of -Wl,-rpath,/path.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10112
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 18 Dec 2014 14:05:12 +0000 (15:05 +0100)]
wafsamba: fill PRIVATE_NAME() logic again
We append bld.env.PRIVATE_EXTENSION to the name of private libraries
again, but only unless they have a abi_directory, vnum or soname defined.
This avoids naming conflicts with system libraries, e.g. libidmap.so
on Solaris
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10112
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 18 Dec 2014 09:33:34 +0000 (10:33 +0100)]
nsswitch: fix soname of linux nss_*.so.2 modules
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 Dec 2014 19:13:44 +0000 (20:13 +0100)]
selftest: use shared/libnss_wrapper_winbind.so.2
This library is always available in make test.
nss-wrapper strictly requires the linux nss api.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 18 Dec 2014 09:21:30 +0000 (10:21 +0100)]
wafsamba: add optional keep_underscore=True to SAMBA_LIBRARY()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Amitay Isaacs [Thu, 11 Dec 2014 02:16:47 +0000 (13:16 +1100)]
ctdb-daemon: Use correct tdb flags when enabling robust mutex support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11000
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Dec 2014 11:28:47 +0000 (12:28 +0100)]
tdb: version 1.3.4
Transactions are supported with TDB_MUTEX_LOCKING.
This fixes https://bugzilla.samba.org/show_bug.cgi?id=11004
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Dec 19 11:41:26 CET 2014 on sn-devel-104
Stefan Metzmacher [Fri, 12 Dec 2014 11:53:37 +0000 (12:53 +0100)]
tdb/toos: allow transactions with TDB_MUTEX_LOCKING
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Stefan Metzmacher [Fri, 12 Dec 2014 11:24:50 +0000 (12:24 +0100)]
tdb/test: add tdb1-run-mutex-transaction1 test
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Stefan Metzmacher [Fri, 12 Dec 2014 10:22:47 +0000 (11:22 +0100)]
tdb: allow transactions on on tdb's with TDB_MUTEX_LOCKING
There's no real reason to disallow transactions as the
allrecord lock is also available with mutexes enabled.
E.g. ctdbd requires transactions also on non-persistent databases
opened with TDB_CLEAR_IF_FIRST and TDB_MUTEX_LOCKING.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Volker Lendecke [Tue, 16 Dec 2014 08:38:54 +0000 (09:38 +0100)]
vfs_fruit: Avoid double ()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Dec 18 19:19:04 CET 2014 on sn-devel-104
Volker Lendecke [Tue, 16 Dec 2014 08:38:21 +0000 (09:38 +0100)]
vfs_fruit: Avoid double initialization
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 10 Dec 2014 12:23:04 +0000 (12:23 +0000)]
lib/texpect: prefer bsd/libutil.h if available
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Dec 18 16:31:48 CET 2014 on sn-devel-104
Stefan Metzmacher [Thu, 18 Dec 2014 02:05:28 +0000 (02:05 +0000)]
s4:heimdal_build: remove unused openpty check
commit
638a8edd7ce708cf550c054ac16dade795b6448b removed
HEIMDAL_BINARY('rkpty', 'lib/roken/rkpty.c',...)
(the only heimdal user of openpty().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Thu, 20 Nov 2014 10:37:35 +0000 (11:37 +0100)]
libcli-dns: Remove obsolete dns_host_file subsystem.
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Dec 18 09:09:38 CET 2014 on sn-devel-104
Andreas Schneider [Thu, 20 Nov 2014 10:37:13 +0000 (11:37 +0100)]
s3-libsmb: Remove obsolete support for dns_host_file.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 20 Nov 2014 10:35:48 +0000 (11:35 +0100)]
s4-libcli: Remove obsolete support for file resolving.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>