Andrew Bartlett [Mon, 12 Jun 2017 02:12:53 +0000 (14:12 +1200)]
selftest: Add pygensec tests for GSS-SPNEGO and Win2000 emulated SPNEGO
This is to provide some unit testing coverage for these different modes of operation
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 6 Jun 2017 23:47:15 +0000 (11:47 +1200)]
selftest: Add a test for @ATTRIBUTES and @INDEXLIST generation
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 30 May 2017 22:44:34 +0000 (10:44 +1200)]
ldb: Rename module -> next_module for clarity
This helps make some future commits less confusing
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 31 May 2017 00:22:28 +0000 (12:22 +1200)]
dsdb: Correctly call ldb_module_done in dsdb_notification
If we just call ldb_request_done() then we never call the callback.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Stefan Metzmacher [Tue, 11 Apr 2017 15:21:20 +0000 (17:21 +0200)]
tdb: add run-fcntl-deadlock test
This verifies the F_RDLCK => F_WRLCK upgrade logic in the kernel
for conflicting locks.
This is a standalone test to check the traverse_read vs.
allrecord_lock/prepare_commit interaction.
This is based on the example from
https://lists.samba.org/archive/samba-technical/2017-April/119861.html
from Douglas Bagnall <douglas.bagnall@catalyst.net.nz> and Volker Lendecke <vl@samba.org>.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 9 Jun 2017 02:15:19 +0000 (14:15 +1200)]
ldb_tdb: Improve logging on unique index violation
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 9 Jun 2017 02:09:30 +0000 (14:09 +1200)]
ldb_tdb: Remove the idxptr DB before we re-index
We do not want the cache or any of the values in it, we want to read the real DB
@INDEX: records.
This matters if a re-index is tiggered in the same transaction
as the modify of the values in the index. Otherwise we won't see
the old index record (it will not show up in the tdb_traverse)
and so fail to remove it.
That in turn can cause a spurious unqiue index violation.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 9 Jun 2017 02:07:40 +0000 (14:07 +1200)]
ldb_tdb: Check for memory allocation failure in ltdb_index_transaction_start()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 9 Jun 2017 00:06:37 +0000 (12:06 +1200)]
dsdb: Provide proper errors when dsdb_schema_set_indices_and_attributes fails
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Stefan Metzmacher [Sat, 10 Jun 2017 10:29:47 +0000 (12:29 +0200)]
selftest: pass the workgroup name to Samba3::provision()
Not all environments should use the samba workgroup name.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jun 14 02:53:27 CEST 2017 on sn-devel-144
Stefan Metzmacher [Mon, 12 Jun 2017 14:02:32 +0000 (16:02 +0200)]
testprogs/blackbox: don't use hardcoded values in test_net_ads_dns.sh
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sun, 11 Jun 2017 21:40:34 +0000 (23:40 +0200)]
s3:script/tests: don't use hardcoded Domain Name in test_smbclient_s3.sh
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 9 Jun 2017 12:53:40 +0000 (14:53 +0200)]
selftest: don't use hardcoded domain names in Samba3::setup_admember()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 9 Jun 2017 13:45:25 +0000 (15:45 +0200)]
selftest: test pam_winbind with a local user on ad_member
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 9 Jun 2017 13:15:15 +0000 (15:15 +0200)]
selftest: use "$DC_USERNAME" and "$DC_PASSWORD" for the pam_winbind test
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 9 Jun 2017 12:52:59 +0000 (14:52 +0200)]
python/samba/tests: don't use hardcoded names in *pam_winbind* tests
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Lumir Balhar [Thu, 20 Apr 2017 13:11:58 +0000 (15:11 +0200)]
python: Port simple libpython module to Python 3 compatible form
Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 13 Jun 2017 09:59:30 +0000 (11:59 +0200)]
WHATSNEW: deprecated "profile acls"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 13 22:45:28 CEST 2017 on sn-devel-144
Stefan Metzmacher [Tue, 13 Jun 2017 09:59:30 +0000 (11:59 +0200)]
docs-xml/smbdotconf: deprecated "profile acls"
This doesn't work anymore with modern clients,
and there're better ways to support profiles on a share.
Typically something like this seems to work:
[winprofiles]
comment = Users profiles New
path = /data/winprofiles/
browseable = No
read only = No
csc policy = disable
store dos attributes = yes
vfs objects = acl_xattr
With chmod 1777 on /data/winprofiles/
In order to work around some locking problems, see
https://bugzilla.samba.org/show_bug.cgi?id=12833
It's also useful to something like this in the global
section in order to detect disconnects reliable:
socket options = TCP_KEEPCNT=5 TCP_KEEPIDLE=30 TCP_KEEPINTVL=1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Gary Lockyer [Thu, 1 Jun 2017 01:26:38 +0000 (13:26 +1200)]
strerror_r: provide XSI-compliant strerror_r
Provide a XSI-compliant strerror_r on GNU based systems.
The default GNU strerror_r is not XSI-compliant, this patch wraps the
GNU-specific call in an XSI-compliant wrapper.
This reverts
18ed32ce0821d11c0c06d82c07ba1c27b0c2b886 which tried to
make Heimdal use roken, rather than libreplace for strerror_r.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Amitay Isaacs [Thu, 8 Jun 2017 08:22:17 +0000 (18:22 +1000)]
ctdb-recovery: Log messages at various debug levels
This avoids spamming the logs during recovery at NOTICE level.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Jun 13 13:22:09 CEST 2017 on sn-devel-144
Martin Schwenke [Fri, 9 Jun 2017 04:34:56 +0000 (14:34 +1000)]
ctdb-scripts: Compact server-end TCP connection killing output
When thousands of connections are being killed the logs are flooded
with information about connections that should be killed. When some
connections are not killed then the number not killed is printed.
This is the wrong way around! When debugging "fail-back" problems, it
is important to know details of connections that were *not* killed.
It is almost never important to know the full list of all connections
that were *supposed* to be killed.
Instead, print a summary showing how many connections of the total
were killed. If any were not killed then print a list of remaining
connections.
Update unit tests: infrastructure for fake TCP connections, existing,
test cases, add new test cases.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 1 Jun 2017 11:13:58 +0000 (21:13 +1000)]
ctdb-common: Log a count of dropped messages with non-blocking logging
The non-blocking logging variants can currently silently drop messages
when the socket queue fills.
In this case, count the number of dropped messages and attempt to log
a message about dropped log messages when the next message is logged.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 9 Jun 2017 00:57:28 +0000 (10:57 +1000)]
ctdb-tests: Add more NFS eventscript tests for call-out failures
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12837
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 8 Jun 2017 04:45:43 +0000 (14:45 +1000)]
ctdb-scripts: NFS call-out failures should cause event failure
Failures in startup/shutdown/releaseip/takeip are currently
incorrectly ignored.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12837
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Guillaume Xavier Taillon [Mon, 22 Feb 2016 19:46:24 +0000 (14:46 -0500)]
libbreplace: compatibility fix for AIX
Adds macros for preprocessor compares and replaces an incomptatible
compare with one of the new macros.
This fixes a comptability bug on AIX.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11621
Signed-off-by: Guillaume Xavier Taillon <gtaillon@ca.ibm.com>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Tue Jun 13 09:11:56 CEST 2017 on sn-devel-144
Volker Lendecke [Fri, 2 Jun 2017 11:34:39 +0000 (13:34 +0200)]
password_hash: Fix the build on FreeBSD
This ditches a particular aspect of thread safety, but I doubt that
ldb is really thread safe. So in practice, I think we should not
see harm from this.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jun 13 05:06:49 CEST 2017 on sn-devel-144
Andrew Bartlett [Fri, 17 Feb 2017 05:23:23 +0000 (18:23 +1300)]
join.py Add DNS records at domain join time
This avoids issues getting replication going after the DC first starts
as the rest of the domain does not have to wait for samba_dnsupdate to
run successfully
We do not just run samba_dnsupdate as we want to strictly
operate against the DC we just joined:
- We do not want to query another DNS server
- We do not want to obtain a Kerberos ticket for the new DC
(as the KDC we select may not be the DC we just joined,
and so may not be in sync with the password we just set)
- We do not wish to set the _ldap records until we have started
- We do not wish to use NTLM (the --use-samba-tool mode forces
NTLM)
The downside to using DCE/RPC rather than DNS is that these will
be regarded as static entries, and (against windows) have a the ACL
assigned for static entries. However this is still better than no
DNS at all.
Because some tests want a DNS record matching their own name
this fixes some tests and removes entires from knownfail
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jun 11 02:04:52 CEST 2017 on sn-devel-144
Andrew Bartlett [Thu, 8 Jun 2017 03:25:23 +0000 (15:25 +1200)]
selftest: Add test confirming join-created DNS entries can be modified as the DC
This ensures that samba_dnsupdate can run in the long term against the new DNS entries
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 1 Jun 2017 05:11:57 +0000 (17:11 +1200)]
selftest: Test join.py and confirm that the DNS record is created
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 6 Jun 2017 03:22:35 +0000 (15:22 +1200)]
provision: Allow removing an existing account when force=True is set
This allows a practical override for use in test scripts
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 6 Jun 2017 03:21:50 +0000 (15:21 +1200)]
provision: Move default handler for site=None down into dc_join object creation
This makes this code easier to call from a test script
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 1 Jun 2017 03:15:25 +0000 (15:15 +1200)]
selftest: Use TestCaseInTempDir as base class in dns tests
This will help when we add a new join test based on this code
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 1 Jun 2017 01:26:37 +0000 (13:26 +1200)]
selftest: Create new common base class for dns.py and dns_tkey.py
This will allow more DNS tests to be written in the future with less
code duplication.
Andrew Bartlett [Thu, 8 Jun 2017 22:00:09 +0000 (10:00 +1200)]
selftest: merge DNSTest boilerplate
This will help unifying dns.py and dns_tkey.py to use common subclasses
The code was originally copied, but has since divereged. This handles
that divergence.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 31 May 2017 01:57:25 +0000 (13:57 +1200)]
selftest: move make_txt_record() onto self in samba.tests.dns
This will help unifying dns.py and dns_tkey.py to use common subclasses
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 11 Apr 2017 02:23:49 +0000 (14:23 +1200)]
samba_dnsupdate: fix "samba-tool" fallback error handling
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 11 Apr 2017 02:14:15 +0000 (14:14 +1200)]
samba_dnsupdate: Extend possible server list to all NS servers for the zone
This should eventually be removed, but for now this unblocks samba_dnsupdate operation
in existing domains that have lost the original Samba DC
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 11 Apr 2017 00:43:22 +0000 (12:43 +1200)]
dns_server: clobber MNAME in the SOA
Otherwise, we always report the first server we created/provisioned the AD domain on
which does not match AD behaviour. AD is multi-master so all RW servers are a master.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 8 Jun 2017 04:20:42 +0000 (16:20 +1200)]
selftest: run dns tests in multiple envs
This will let us check the negative behaviour: that updates against RODCs fail
and un-authenticated updates fail.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 8 Jun 2017 03:54:22 +0000 (15:54 +1200)]
selftest: confirm we clobber the MNAME in the SOA query in the DNS server
All RW DCs should be their own master DNS server.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 10 Apr 2017 05:13:46 +0000 (17:13 +1200)]
samba_dnsupate: Try to get ticket to the SOA, not the NS servers
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 10 Apr 2017 05:10:27 +0000 (17:10 +1200)]
samba_dnsupdate: Make nsupdate use the server given by the SOA record
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 10 Apr 2017 04:10:00 +0000 (16:10 +1200)]
join.py: Do not expose the old machine password over NTLM if -k yes was set
This makes the test for a valid machine account stricter (as a kerberos error could
cause this to fail and so skip the validation), but we never wish to use NTLM
if the administrator disabled it on the command line
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 9 Jun 2017 04:05:31 +0000 (16:05 +1200)]
pydsdb_dns: Allow the partition DN to be specified into py_dsdb_dns_lookup
This allows lookups to be confined to one partition, which in turn avoids issues
when running this against MS Windows, which does not match Samba behaviour
for dns_common_zones()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 10 Apr 2017 04:06:13 +0000 (16:06 +1200)]
pydsdb_dns: Use TypeError not LdbError for mismatched types
This avoids the samba-tool command handling code blowing up when trying to parse an LdbError
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 28 Feb 2017 01:15:12 +0000 (14:15 +1300)]
python: Allow sd_utils to take a Dn object, not just a string DN
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 27 Feb 2017 04:09:56 +0000 (17:09 +1300)]
pydns: Also return the DN of the LDB object when finding a DNS record
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 27 Feb 2017 03:51:45 +0000 (16:51 +1300)]
pydns: Fix leak of talloc_stackframe() in python bindings
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 17 Feb 2017 05:24:27 +0000 (18:24 +1300)]
samba_dnsupdate: Ensure we only force "server" under resolv_wrapper
This ensures that nsupdate can use a namserver in /etc/resolv.conf that is a
cache or forwarder, rather than the AD DC directly.
This avoids a regression from forcing the nameservers to the
/etc/resolv.conf nameservers in
e85ef1dbfef4b16c35cac80c0efc563d8cd1ba3e
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 23 May 2017 03:56:55 +0000 (15:56 +1200)]
dsdb: Improve error messages when dsdb_set_schema_from_ldif() fails
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Volker Lendecke [Fri, 9 Jun 2017 06:41:49 +0000 (08:41 +0200)]
ctdbd_conn: Fix ctdbd_connection_destructor
clang had complained with
../source3/lib/ctdbd_conn.c:1784:34: warning: variable 'send_state' used in loop condition
not modified in loop body [-Wfor-loop-analysis]
for (send_state = c->send_list; send_state != NULL;) {
^~~~~~~~~~
../source3/lib/ctdbd_conn.c:1791:34: warning: variable 'recv_state' used in loop condition
not modified in loop body [-Wfor-loop-analysis]
for (recv_state = c->recv_list; recv_state != NULL;) {
^~~~~~~~~~
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Jun 10 03:33:13 CEST 2017 on sn-devel-144
Volker Lendecke [Fri, 9 Jun 2017 06:41:16 +0000 (08:41 +0200)]
ctdbd_conn: Fix a copy&paste error
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Rowland Penny [Wed, 7 Jun 2017 14:57:53 +0000 (15:57 +0100)]
samba-tool: You cannot add members to a group if the member exists as a sAMAccountName and a CN.
Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Fri Jun 9 23:24:47 CEST 2017 on sn-devel-144
Stefan Metzmacher [Thu, 8 Jun 2017 16:01:59 +0000 (18:01 +0200)]
s4:rpc_server: Do some checks of LogonSamLogon flags
This matches a Windows Server, at least if it is itself a
DC of the forest root and the requested domain is the local domain of the DC.
Both constraints are true on a Samba AD DC, as we don't really support
trusts yet.
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 9 17:06:04 CEST 2017 on sn-devel-144
Stefan Metzmacher [Thu, 8 Jun 2017 15:10:12 +0000 (17:10 +0200)]
s3:winbindd: Send flags=0 in netr_LogonSamLogon{WithFlags,Ex}()
These extra flags are an [in,out] argument, so we have to initialize
them to 0. If we pass NETLOGON_SAMLOGON_FLAG_PASS_TO_FOREST_ROOT
or NETLOGON_SAMLOGON_FLAG_PASS_CROSS_FOREST_HOP, a Windows Server
will just return NT_STATUS_NO_SUCH_USER with authoritative=1
(at least if it is itself a DC of the forest root and the requested
domain is the local domain of the DC).
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 8 Jun 2017 15:20:50 +0000 (17:20 +0200)]
netlogon.idl: Add netr_LogonSamLogon_flags bitmap
See [MS-NRPC] 3.5.4.5.1 NetrLogonSamLogonEx (Opnum 39).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 15 Mar 2017 17:04:44 +0000 (17:04 +0000)]
s3:libsmb: add cli_state_update_after_sesssetup() helper function
This function updates cli->server_{os,type,domain} to valid values
after a session setup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12779
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Thu, 8 Jun 2017 14:08:15 +0000 (16:08 +0200)]
libcli:smb: Add unit test for smb_bytes_pull_str()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 15 Mar 2017 17:04:30 +0000 (17:04 +0000)]
libcli/smb: Fix alignment problems of smb_bytes_pull_str()
This function needs to get the whole smb buffer in order to get
the alignment for unicode correct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Thu, 8 Jun 2017 13:02:16 +0000 (15:02 +0200)]
Revert "libcli:smb: Fix pulling strings from the wire"
This reverts commit
a4efe647c51700cee93b7574e5955e264aa96893.
A different fix will follow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 8 Jun 2017 14:08:54 +0000 (16:08 +0200)]
Revert "s3:libsmb: Fix printing the session setup information"
This reverts commit
b6f87af427a1fa2bd397668d9f14cb0cf8ec5015.
A different fix will follow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Gary Lockyer [Wed, 7 Jun 2017 19:21:05 +0000 (07:21 +1200)]
samba tool - tests: Fix shell metacharacters in generated password
Restrict the random password to [A-Za-z0-9] to ensure there are no shell
metacharacters in the generated password.
The tests use "samba-tool user create" to create the test user.
Occasionally the generated password contained shell metachatacters and
the command failed.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 9 09:50:28 CEST 2017 on sn-devel-144
Amitay Isaacs [Thu, 8 Jun 2017 12:59:56 +0000 (22:59 +1000)]
provision: Update root DNS servers list
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Wed, 24 May 2017 14:22:34 +0000 (16:22 +0200)]
tevent: Fix a race condition in tevent context rundown
We protect setting tctx->event_ctx=NULL with tctx->event_ctx_mutex.
But in _tevent_threaded_schedule_immediate we have the classic
TOCTOU race: After we checked "ev==NULL", looking at
tevent_common_context_destructor the event context can go after
_tevent_threaded_schedule_immediate checked. We need to serialize
things a bit by keeping tctx->event_ctx_mutex locked while we
reference "ev", in particular in the
DLIST_ADD_END(ev->scheduled_immediates,im);
I think the locking hierarchy is still maintained, tevent_atfork_prepare()
first locks all the tctx locks, and then the scheduled_mutex. Also,
I don't think this will impact parallelism too badly: event_ctx_mutex
is only used to protect setting tctx->ev.
Found by staring at code while fixing the FreeBSD memleak due to
not destroying scheduled_mutex.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 9 00:45:26 CEST 2017 on sn-devel-144
Volker Lendecke [Wed, 24 May 2017 14:21:40 +0000 (16:21 +0200)]
tevent: Fix a memleak on FreeBSD
FreeBSD has malloc'ed memory attached to mutexes. We need to clean this up.
valgrind really helped here
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 5 Jun 2017 05:29:11 +0000 (07:29 +0200)]
tevent: Add tevent_re_initialise to threaded test
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 5 Jun 2017 05:16:17 +0000 (07:16 +0200)]
tevent: Re-init threading in tevent_re_initialise
Without this threading is not usable after that call
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 5 Jun 2017 04:58:37 +0000 (06:58 +0200)]
tevent: Factor out context initialization
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 5 Jun 2017 05:23:27 +0000 (07:23 +0200)]
tevent: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder via samba-technical [Wed, 7 Jun 2017 12:43:07 +0000 (06:43 -0600)]
messaging: fix net command failure due to unhandled return code
messaging_init_internal() blanket returned NT_STATUS_INTERNAL_ERROR
instead of correctly changing the return code to an NTSTATUS code. Also
return more appropriate mem error.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12828
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Jun 8 08:04:05 CEST 2017 on sn-devel-144
Andreas Schneider [Wed, 7 Jun 2017 14:18:11 +0000 (16:18 +0200)]
WHATSNEW: Add Dynamic RPC port range
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 8 00:27:24 CEST 2017 on sn-devel-144
Amitay Isaacs [Thu, 1 Jun 2017 06:03:43 +0000 (16:03 +1000)]
ctdb-client: Document ctdb client API
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Jun 7 20:19:06 CEST 2017 on sn-devel-144
Amitay Isaacs [Thu, 1 Jun 2017 04:22:03 +0000 (14:22 +1000)]
ctdb-client: Move eventd API to a separate header
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Sat, 6 May 2017 10:01:30 +0000 (20:01 +1000)]
ctdb-client: Move sync API to a separate header
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 19 Apr 2017 01:46:48 +0000 (11:46 +1000)]
ctdb-client: Move ctdb_ctrl_modflags() to ctdb tool
This function is only required by the tool.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 18 Apr 2017 06:44:29 +0000 (16:44 +1000)]
ctdb-client: Add async api for detaching a database
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 18 Apr 2017 06:22:12 +0000 (16:22 +1000)]
ctdb-client: Create sync wrappers for managing message handlers
This wraps the entire async computation for setting and removing message
handlers instead of calling multiple sync calls.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 4 Apr 2017 08:30:01 +0000 (18:30 +1000)]
ctdb-tools: Use traverse api to re-implement ctdb catdb command
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 4 Apr 2017 08:25:28 +0000 (18:25 +1000)]
ctdb-client: Refactor cluster-wide database traverse api
This implements the async version of the traverse code in the ctdb tool
for catdb command.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 1 Jun 2017 06:43:55 +0000 (16:43 +1000)]
ctdb-protocol: Allocate SRVID range for ctdb client
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 4 Apr 2017 07:31:11 +0000 (17:31 +1000)]
ctdb-client: Rename ctdb_db_travese to ctdb_db_traverse_local
This function only traverses the database on local node.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Richard Sharpe [Tue, 6 Jun 2017 20:34:51 +0000 (13:34 -0700)]
Log the actual error returned when creating a pipe for client logging in CTDB fails. Helps with debugging issues.
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 7 09:22:29 CEST 2017 on sn-devel-144
Andreas Schneider [Tue, 6 Jun 2017 15:54:18 +0000 (17:54 +0200)]
s3:tests: Add a test which checks that the smbclient session setup works
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 6 Jun 2017 15:29:16 +0000 (17:29 +0200)]
s3:libsmb: Fix printing the session setup information
This fixes a regression and prints the session setup on connect again:
Domain=[SAMBA-TEST] OS=[Windows 6.1] Server=[Samba 4.7.0pre1-DEVELOPERBUILD]
smb: \>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 6 Jun 2017 15:27:44 +0000 (17:27 +0200)]
libcli:smb: Fix pulling strings from the wire
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 6 Jun 2017 14:07:10 +0000 (16:07 +0200)]
libcli:util: Update werror table
This adds ERROR_PRINTER_DRIVER_DOWNLOAD_NEEDED for MS-PAR.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Garming Sam [Wed, 15 Mar 2017 03:40:16 +0000 (16:40 +1300)]
selftest/rodc: Do not run in single mode, this causes deadlocks
Attempting to 'ls' the file server against a single process AD will get
stuck. This also appears as the KDC being busy.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Jun 7 05:14:17 CEST 2017 on sn-devel-144
Noel Power [Fri, 2 Jun 2017 14:50:48 +0000 (15:50 +0100)]
s3/utils: Add warning to testparm for "client ipc signing" param values
We should warn about security sensitive settings where we can,
client ipc signing has 2 values that can allow connections to proceed
without SMB signing. This may be unavoidable (e.g. connecting to legacy
systems) but nevertheless it is worthwhile to warn.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 6 22:40:12 CEST 2017 on sn-devel-144
Andreas Schneider [Fri, 12 May 2017 12:13:42 +0000 (14:13 +0200)]
unittest: Add testsuite for smb_probe_module()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 15 May 2017 09:08:19 +0000 (11:08 +0200)]
lib:util: Make loading of modules more secure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 15 May 2017 09:05:59 +0000 (11:05 +0200)]
lib:util: Make probing of modules more secure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 15 May 2017 08:49:07 +0000 (10:49 +0200)]
lib:util: Rename smb_load_modules()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 15 May 2017 07:06:51 +0000 (09:06 +0200)]
lib:util: Add new function to load modules from absolute path
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 11 May 2017 09:29:25 +0000 (11:29 +0200)]
unittest: Add testsuite for is_known_pipename()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 11 May 2017 09:29:50 +0000 (11:29 +0200)]
wafsamba: Pass down the install argument for samba modules
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 29 May 2017 19:13:16 +0000 (21:13 +0200)]
lib: Fix illegal use of 0-length arrays
Found and confirmed to work by albert chin (china@thewrittenword.com)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anoop C S [Mon, 5 Jun 2017 16:40:44 +0000 (22:10 +0530)]
wscript: Fix some typos
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 6 05:26:37 CEST 2017 on sn-devel-144
Douglas Bagnall [Thu, 1 Jun 2017 03:26:48 +0000 (15:26 +1200)]
selftest: use an additional directory of knownfail/flapping files
This makes it easier to add a temporary knownfail to cover a patch
series.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jun 3 13:55:41 CEST 2017 on sn-devel-144
Christof Schmitt [Fri, 2 Jun 2017 23:16:16 +0000 (16:16 -0700)]
vfs_gpfs: Fix compile error in gpfsacl_sys_acl_set_fd
../source3/modules/vfs_gpfs.c: In function ‘gpfsacl_sys_acl_set_fd’:
../source3/modules/vfs_gpfs.c:1280:6: error: passing argument 2 of ‘gpfsacl_sys_acl_set_file’ from incompatible pointer type [-Werror]
SMB_ACL_TYPE_ACCESS, theacl);
^
../source3/modules/vfs_gpfs.c:1235:12: note: expected ‘const struct smb_filename *’ but argument is of type ‘char *’
static int gpfsacl_sys_acl_set_file(vfs_handle_struct *handle,
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 3 05:52:32 CEST 2017 on sn-devel-144