nivanova/samba-autobuild/.git
2 years agosamba-gpupdate: Change machine option to target
David Mulder [Mon, 7 May 2018 15:48:32 +0000 (09:48 -0600)]
samba-gpupdate: Change machine option to target

On a Windows client, you designate machine/user
apply with a 'target' parameter. This change
makes gpupdate work more like that command.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul  4 13:23:09 CEST 2018 on sn-devel-144

2 years agosamba_gpoupdate: Rename the command to samba-gpupdate
David Mulder [Mon, 7 May 2018 15:45:32 +0000 (09:45 -0600)]
samba_gpoupdate: Rename the command to samba-gpupdate

On a Windows client, this command is called 'gpupdate'

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoMAN: Adding entry for net ads lookup
Amit Kumar [Mon, 25 Jun 2018 13:00:39 +0000 (18:30 +0530)]
MAN: Adding entry for net ads lookup

There is no man page description for net ads lookup.
This PR adds entry for the same.

Signed-off-by: Amit Kumar amitkuma@redhat.com
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul  4 07:38:04 CEST 2018 on sn-devel-144

2 years agosamba-tool drs showrepl: correctly report failing repsFrom
Andrew Bartlett [Tue, 3 Jul 2018 23:45:14 +0000 (11:45 +1200)]
samba-tool drs showrepl: correctly report failing repsFrom

Hopefully this fixes the flapping test.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul  4 04:43:39 CEST 2018 on sn-devel-144

2 years agos3: lib/ctdbd_conn: include .h, not .c
Ralph Boehme [Fri, 29 Jun 2018 06:00:10 +0000 (08:00 +0200)]
s3: lib/ctdbd_conn: include .h, not .c

Probably a copy/paste mistake. Detected by a failing autobuild on
sn-devel and a local make test:

Build failed: default/examples/libsmbclient/testbrowse2: Symbol
tevent_req_is_unix_error linked in multiple libraries
['samba-cluster-support', 'tevent-util']
UNEXPECTED(failure): wafsamba.duplicate_symbols.duplicate_symbols(none)

Wonder why this didn't fail before in autobuild.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jul  4 01:19:50 CEST 2018 on sn-devel-144

2 years agobuild: bundle and reduce huge number of EA function tests
Björn Jacke [Mon, 12 Mar 2018 17:44:38 +0000 (18:44 +0100)]
build: bundle and reduce huge number of EA function tests

It's sufficient to check for one basic function of an EA implementation and a
use a single ifdef for each group of EA functions. This makes more sense than
checking for each EA function on each platform.

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul  3 13:24:51 CEST 2018 on sn-devel-144

2 years agodrs_utils: Add infrastructure to support 'clone with rename'
Tim Beale [Tue, 5 Jun 2018 22:04:29 +0000 (10:04 +1200)]
drs_utils: Add infrastructure to support 'clone with rename'

Our end goal is to create a backup clone of a DB, but rename the
domain/realm so we can startup the backup DC without interferring with
the existing Samba network. The basic strategy to do this is to leverage
DRS replication - by renaming the first object in the partition, all
subsequent objects will automatically be renamed.

This patch adds the infrastructure to do this. I've used object
inheritance to handle the special case of renaming the partition
objects. This means the domain-rename special case doesn't really
pollute the existing DRS replication code. All it needs is a small
refactor to create a new 'process_chunk()' function that the new
sub-class can then override.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agotests: Add a sub-set of tests to show the restored DC is sound
Tim Beale [Thu, 21 Jun 2018 03:04:00 +0000 (15:04 +1200)]
tests: Add a sub-set of tests to show the restored DC is sound

+ Add a new ldapcmp_restoredc.sh test that asserts that the original DC
backed up (backupfromdc) matches the new restored DC.
+ Add a new join_ldapcmp.sh test that asserts we can join a given DC,
and that the resulting DB matches the joined DC
+ Add a new login_basics.py test that sanity-checks Kerberos and NTLM
user login works. (This reuses the password_lockout base code, without
taking as long as the password_lockout tests do). Basic LDAP and SAMR
connections are also tested as a side-effect.
+ run the netlogonsvc test against the restored DC to prove we can
establish a netlogon connection.
+ run the same subset of rpc.echo tests that we do for RODC
+ run dbcheck over the new testenvs at the end of the test run

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agoselftest: Add testenv for testing backup/restore
Tim Beale [Tue, 29 May 2018 04:05:02 +0000 (16:05 +1200)]
selftest: Add testenv for testing backup/restore

This adds a new testenv for testing that a DC created using the
samba-tool backup/restore can actually be started up. This actually
requires 2 new testenvs:

1. A 'backupfromdc' that solely exists to make a online backup of.
2. A 'restoredc' which takes the backup, and then uses the backup file
to do a restore, which we then start the DC based on.

The backupfromdc is just a plain vanilla AD DC. We use a separate test
env purely for this purpose, because the restoredc will use the same
domain (and so using an existing testenv would potentially interfere
with existing test cases).

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agotests: Add tests for the domain backup online/restore commands
Aaron Haslett [Mon, 11 Jun 2018 07:13:35 +0000 (19:13 +1200)]
tests: Add tests for the domain backup online/restore commands

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agonetcmd: domain backup restore command
Aaron Haslett [Mon, 30 Apr 2018 23:11:01 +0000 (11:11 +1200)]
netcmd: domain backup restore command

Add a command option that restores a backup file. This is only intended
for recovering from a catastrophic failure of the domain. The old domain
DCs are removed from the DB and a new DC is added.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agonetcmd: domain backup online command
Aaron Haslett [Mon, 30 Apr 2018 23:10:11 +0000 (11:10 +1200)]
netcmd: domain backup online command

This adds a samba-tool command that can be run against a remote DC to
produce a backup-file for the current domain. The backup stores similar
info to what a new DC would get if it joined the network.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agojoin: Remove unnecessary clone_only flag
Tim Beale [Thu, 28 Jun 2018 22:40:58 +0000 (10:40 +1200)]
join: Remove unnecessary clone_only flag

For the clone-only case, we have been avoiding a block of code in the
DCJoinContext's __init__(). The main reason we do this is because the
netbios_name is None for clones, and this block of code tries to derive
a bunch of values based on the netbios_name (otherwise, a few lines into
this block, it tries to do NoneType.lower(), which Python doesn't like
very much).

This code is not particularly clone-specific - it is just never going to
work if the netbios_name is None. So we can change the conditional
check, which allows us to get rid of the clone_only flag.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Tue Jul  3 08:12:10 CEST 2018 on sn-devel-144

2 years agojoin: Refactor clone_only case to simplify code
Tim Beale [Mon, 11 Jun 2018 04:33:19 +0000 (16:33 +1200)]
join: Refactor clone_only case to simplify code

Currently for DC clones, we create a regular DCJoinContext, se a
'clone_only' flag, and then make lots of special checks for this flag
throughout the code. Instead, we can use inheritance to create a
DCCloneContext sub-class, and put the specialization there.

This means we can remove all the 'clone_only' checks from the code. The
only 2 methods that really differ are do_join() and join_finalize(), and
these don't share much code at all. (To avoid duplication, I split the
first part of do_join() into a new build_nc_lists() function, but this
is a pretty trivial code move).

We still pass the clone_only flag into the __init__() as there's still
one case where we want to avoid doing work in the case of the clone.
For clarity, I'll refactor this in a subsequent patch.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agojoin: Rename dc_join() so it looks like an object
Tim Beale [Mon, 25 Jun 2018 05:21:00 +0000 (17:21 +1200)]
join: Rename dc_join() so it looks like an object

dc_join() is creating an object, but it currently looks like it's
just a function call. Rename it to look more object-like.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agojoin: Pipe through dns_backend option for clones
Aaron Haslett [Mon, 30 Apr 2018 23:10:11 +0000 (11:10 +1200)]
join: Pipe through dns_backend option for clones

Allow join_clone() calls to specify a dns_backend parameter for the new
cloned DB.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agoprovision: Small refactor to host-IP logic
Tim Beale [Sun, 10 Jun 2018 21:14:06 +0000 (09:14 +1200)]
provision: Small refactor to host-IP logic

Split out the code that determines the host-IP of the new server into
separate functions. This will allow us to re-use the same logic in the
backup/restore case.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agodbchecker: Fixing up incorrect DNs wasn't working
Tim Beale [Fri, 25 May 2018 02:05:27 +0000 (14:05 +1200)]
dbchecker: Fixing up incorrect DNs wasn't working

dbcheck would fail to fix up attributes where the extended DN's GUID is
correct, but the DN itself is incorrect. The code failed attempting to
remove the old/incorrect DN, e.g.

 NOTE: old (due to rename or delete) DN string component for
 objectCategory in object CN=alice,CN=Users,DC=samba,DC=example,DC=com -
 <GUID=7bfdf9d8-62f9-420c-8a71-e3d3e931c91e>;
   CN=Person,CN=Schema,CN=Configuration,DC=samba,DC=bad,DC=com
 Change DN to <GUID=7bfdf9d8-62f9-420c-8a71-e3d3e931c91e>;
   CN=Person,CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com?
 [y/N/all/none] y
 Failed to fix old DN string on attribute objectCategory : (16,
 "attribute 'objectCategory': no matching attribute value while deleting
 attribute on 'CN=alice,CN=Users,DC=samba,DC=example,DC=com'")

The problem was the LDB message specified the value to delete with its
full DN, including the GUID. The LDB code then helpfully corrected this
value on the way through, so that the DN got updated to reflect the
correct DN (i.e. 'DC=example,DC=com') of the object matching that GUID,
rather than the incorrect DN (i.e. 'DC=bad,DC=com') that we were trying
to remove. Because the requested value and the existing DB value didn't
match, the operation failed.

We can avoid this problem by passing down just the DN (not the extended
DN) of the value we want to delete. Without the GUID portion of the DN,
the LDB code will no longer try to correct it on the way through, and
the dbcheck operation will succeed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13495

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>

2 years agodbcheck: Use symbolic control name for DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS
Andrew Bartlett [Fri, 29 Jun 2018 02:53:19 +0000 (14:53 +1200)]
dbcheck: Use symbolic control name for DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS

While we do not wish to encourage use of this control, manually typed OIDs are
even more trouble, so pass out via pydsdb.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agoctdb-tests: Teach strace packet parser about non-octal escapes
Martin Schwenke [Tue, 26 Jun 2018 09:51:00 +0000 (19:51 +1000)]
ctdb-tests: Teach strace packet parser about non-octal escapes

strace output also encodes characters 7 to 13 as \a, \b, \t, \n, \v,
\f, \r.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Jul  2 11:30:29 CEST 2018 on sn-devel-144

2 years agoctdb-daemon: Only consider client ID for local database attach
Martin Schwenke [Tue, 26 Jun 2018 10:12:23 +0000 (20:12 +1000)]
ctdb-daemon: Only consider client ID for local database attach

The comment immediately above this code says "don't allow local
clients to attach" and then looks up the client ID regardless of
whether the request is local or remote.

This means that an intentional remote attach from a client will not
work correctly.  No real client should ever do that since clients
attach so they an access databases locally.  Perhaps some sanity
checks should be added.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13500

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-docs: Fix the documentation for VNN map
Martin Schwenke [Thu, 14 Jun 2018 20:07:54 +0000 (06:07 +1000)]
ctdb-docs: Fix the documentation for VNN map

It is incorrectly says that nodes not in the VNN map can not be
DMASTER.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13499

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-server: Rename CTDB_BROADCAST_VNNMAP -> CTDB_BROADCAST_ACTIVE
Martin Schwenke [Thu, 14 Jun 2018 20:01:52 +0000 (06:01 +1000)]
ctdb-server: Rename CTDB_BROADCAST_VNNMAP -> CTDB_BROADCAST_ACTIVE

This broadcast is misnamed.  Both places where this type of broadcast
is used expect the broadcast to go to all active nodes.

Make the corresponding change to the semantics in the daemon by
sending to all active nodes.

There is a mismatch between the ideas of VNN map and active nodes.  A
node that is not in the VNN map but is active can still host database
records.  These were the same until the LMASTER capability was
introduced and then the logic was not updated.

The only place where the VNN map is relevant is when finding the
location master of a record in the migration code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13499

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Add a simple test for database traverses
Martin Schwenke [Thu, 14 Jun 2018 19:51:45 +0000 (05:51 +1000)]
ctdb-tests: Add a simple test for database traverses

This tests that volatile databases traverse correctly, including the
case where a record was updated on a non-lmaster node.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13499

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Add check for non-lmaster node status in integration tests
Martin Schwenke [Thu, 14 Jun 2018 19:51:17 +0000 (05:51 +1000)]
ctdb-tests: Add check for non-lmaster node status in integration tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13499

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-client: Fix typo where CTDB_BROADCAST_ALL is repeated
Martin Schwenke [Thu, 14 Jun 2018 06:17:09 +0000 (16:17 +1000)]
ctdb-client: Fix typo where CTDB_BROADCAST_ALL is repeated

Surely this is meant to be CTDB_BROADCAST_CONNECTED?

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13499

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-recoverd: Set the process name correctly
Martin Schwenke [Tue, 19 Jun 2018 06:50:41 +0000 (16:50 +1000)]
ctdb-recoverd: Set the process name correctly

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-scripts: Drop 99.timeout event script
Martin Schwenke [Mon, 11 Jun 2018 19:30:46 +0000 (05:30 +1000)]
ctdb-scripts: Drop 99.timeout event script

This is now implemented in local daemon testing.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Switch 90_debug_hung_script.sh to be a simple test
Martin Schwenke [Mon, 11 Jun 2018 18:44:54 +0000 (04:44 +1000)]
ctdb-tests: Switch 90_debug_hung_script.sh to be a simple test

This test only runs against local daemons.  Configuration is done via
script.options, which simplifies things quite a bit.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Enable event script debugging in local daemon tests
Martin Schwenke [Mon, 11 Jun 2018 18:48:45 +0000 (04:48 +1000)]
ctdb-tests: Enable event script debugging in local daemon tests

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Support CTDB_RUN_TIMEOUT_MONITOR=yes in simple tests
Martin Schwenke [Sun, 10 Jun 2018 03:42:33 +0000 (13:42 +1000)]
ctdb-tests: Support CTDB_RUN_TIMEOUT_MONITOR=yes in simple tests

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Clean up startup event in 00.test event script
Martin Schwenke [Mon, 11 Jun 2018 20:48:37 +0000 (06:48 +1000)]
ctdb-tests: Clean up startup event in 00.test event script

Rewrite interface initialisation to avoid an error when there are no
interfaces configured.  Re-indent case label.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Add generic logging of event details in 00.test event script
Martin Schwenke [Mon, 11 Jun 2018 20:12:25 +0000 (06:12 +1000)]
ctdb-tests: Add generic logging of event details in 00.test event script

No need for a separate case for each event just to log details.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Drop unnecessary code in 00.test event script
Martin Schwenke [Mon, 11 Jun 2018 20:07:07 +0000 (06:07 +1000)]
ctdb-tests: Drop unnecessary code in 00.test event script

This script is only used with local daemons.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Clean up argument validation in 00.test event script
Martin Schwenke [Mon, 11 Jun 2018 19:54:07 +0000 (05:54 +1000)]
ctdb-tests: Clean up argument validation in 00.test event script

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Drop check for invalid event in 00.test event script
Martin Schwenke [Mon, 11 Jun 2018 20:15:40 +0000 (06:15 +1000)]
ctdb-tests: Drop check for invalid event in 00.test event script

This isn't necessary and complicates the code.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agotdb: Fix build on AIX
Amitay Isaacs [Fri, 29 Jun 2018 06:12:30 +0000 (16:12 +1000)]
tdb: Fix build on AIX

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493

Here is the build error on AIX 7.1.

../../lib/tdb/tools/tdbtool.c:39:12: error: 'disable_lock' redeclared as different kind of symbol
 static int disable_lock;
            ^~~~~~~~~~~~
In file included from /usr/include/sys/gfs.h:24:0,
                 from /usr/include/sys/vfs.h:27,
                 from ../../lib/replace/system/filesys.h:48,
                 from ../../lib/tdb/tools/tdbtool.c:26:
/usr/include/sys/lock_def.h:314:5: note: previous declaration of 'disable_lock' was here
 int disable_lock(int,simple_lock_t);
     ^~~~~~~~~~~~

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb: Fix build on AIX
Amitay Isaacs [Fri, 29 Jun 2018 05:55:49 +0000 (15:55 +1000)]
ctdb: Fix build on AIX

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-tests: Switch fake_ctdbd to use ctdb_get_peer_pid()
Martin Schwenke [Fri, 8 Jun 2018 12:31:48 +0000 (22:31 +1000)]
ctdb-tests: Switch fake_ctdbd to use ctdb_get_peer_pid()

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-common: Move capture_socket functions to ctdb_socket.[ch]
Martin Schwenke [Thu, 28 Jun 2018 11:12:04 +0000 (21:12 +1000)]
ctdb-common: Move capture_socket functions to ctdb_socket.[ch]

The system_<os>.c files contain a lot of duplication, making
maintenance difficult.  These functions are being merged into
system_socket.c and system.c.

Bring across ctdb_sys_open_capture_socket(),
ctdb_sys_close_capture_socket() and ctdb_sys_read_tcp_packet().

Remove empty system_<os>.c files.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-common: Move ctdb_sys_send_tcp() to ctdb_socket.[ch]
Martin Schwenke [Thu, 28 Jun 2018 11:06:58 +0000 (21:06 +1000)]
ctdb-common: Move ctdb_sys_send_tcp() to ctdb_socket.[ch]

The system_<os>.c files contain a lot of duplication, making
maintenance difficult.  These functions are being merged into
system_socket.c and system.c.

Bring across tcp_checksum(), renamed to ip_checksum().
uint16_checksum() becomes static.

Use the BSD struct tcphdr field names for portability.  See the
comment in the code for more details about how we get this to compile
on older glibc versions.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-common: Move ctdb_sys_send_arp() to ctdb_socket.[ch]
Martin Schwenke [Thu, 28 Jun 2018 10:57:08 +0000 (20:57 +1000)]
ctdb-common: Move ctdb_sys_send_arp() to ctdb_socket.[ch]

The system_<os>.c files contain a lot of duplication, making
maintenance difficult.  These functions are being merged into
system_socket.c and system.c.

Bring a copy of tcp_checksum6(), renamed to ip6_checksum().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-common: Move ctdb_get_peer_pid() to system.[ch]
Martin Schwenke [Thu, 28 Jun 2018 10:35:56 +0000 (20:35 +1000)]
ctdb-common: Move ctdb_get_peer_pid() to system.[ch]

The system_<os>.c files contain a lot of duplication, making
maintenance difficult.  These functions are being merged into
system_socket.c and system.c.

This function doesn't need ctdb_sock_addr so put it with general
system utilities.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-common: Move ctdb_system_check_iface_exists() to system.[ch]
Martin Schwenke [Thu, 28 Jun 2018 10:30:32 +0000 (20:30 +1000)]
ctdb-common: Move ctdb_system_check_iface_exists() to system.[ch]

The system_<os>.c files contain a lot of duplication, making
maintenance difficult.  These functions are being merged into
system_socket.[ch] and system.[ch].

This function doesn't need ctdb_sock_addr so put it with general
system utilities.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-common: Move parse_ip_mask() to system_socket.[ch]
Martin Schwenke [Thu, 28 Jun 2018 10:24:10 +0000 (20:24 +1000)]
ctdb-common: Move parse_ip_mask() to system_socket.[ch]

This uses ctdb_sock_addr so belongs here.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-common: Rename system utility files
Martin Schwenke [Thu, 28 Jun 2018 10:15:37 +0000 (20:15 +1000)]
ctdb-common: Rename system utility files

system_socket.[ch] will contain all the raw socket code and other
functions that use ctdb_sock_addr.  system.[ch] will contain other
platform dependent functions.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-build: Add ipv6 headers check for packet details
Amitay Isaacs [Fri, 29 Jun 2018 04:54:17 +0000 (14:54 +1000)]
ctdb-build: Add ipv6 headers check for packet details

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-build: Add checks for raw pkt handling support
Amitay Isaacs [Fri, 29 Jun 2018 03:17:01 +0000 (13:17 +1000)]
ctdb-build: Add checks for raw pkt handling support

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-common: Use sin6_len only if the structure supports it
Amitay Isaacs [Wed, 27 Jun 2018 03:41:38 +0000 (13:41 +1000)]
ctdb-common: Use sin6_len only if the structure supports it

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoreplace: Add test for sin6_len in sockaddr_in6 structure
Amitay Isaacs [Wed, 27 Jun 2018 03:41:10 +0000 (13:41 +1000)]
replace: Add test for sin6_len in sockaddr_in6 structure

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-common: Correctly handle conf->reload()
Amitay Isaacs [Mon, 25 Jun 2018 02:56:45 +0000 (12:56 +1000)]
ctdb-common: Correctly handle conf->reload()

Configuration reload should reset the values of configuration options
missing from the config file to default.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Jun 29 15:12:37 CEST 2018 on sn-devel-144

2 years agoctdb: Improve robust mutex test
Carlos O'Donell [Fri, 15 Jun 2018 11:32:46 +0000 (13:32 +0200)]
ctdb: Improve robust mutex test

This avoids some of the undefined behaviour, like initializing the same mutex
twice which happens when the low and high priority processes start (both
do the initialization and that's dangerous.) Instead now we start an
"init" process to start the shared memory segment, and then everything
else just uses it without truncation or unlinking (same mutex).

Signed-off-by: Carlos O'Donell <codonell@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Jun 29 06:47:00 CEST 2018 on sn-devel-144

2 years agoREADME.Coding: Fix link to Python coding style guide (PEP 8)
Björn Baumbach [Wed, 27 Jun 2018 12:20:40 +0000 (14:20 +0200)]
README.Coding: Fix link to Python coding style guide (PEP 8)

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): Björn Baumbach <bbaumbach@samba.org>
Autobuild-Date(master): Thu Jun 28 15:04:44 CEST 2018 on sn-devel-144

2 years agotests/ntacls: fix pep8 warnings
Joe Guo [Fri, 1 Jun 2018 02:28:43 +0000 (14:28 +1200)]
tests/ntacls: fix pep8 warnings

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 28 12:14:59 CEST 2018 on sn-devel-144

2 years agotests/ntacls: use global vars to make code DRY
Joe Guo [Fri, 1 Jun 2018 02:23:54 +0000 (14:23 +1200)]
tests/ntacls: use global vars to make code DRY

Move acl and dommain_sid to global vars so we don't repeat them in every
test.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agotests/ntacls_backup: register test
Joe Guo [Wed, 27 Jun 2018 22:47:42 +0000 (10:47 +1200)]
tests/ntacls_backup: register test

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agontacls: add extra test file for ntacls backup
Joe Guo [Wed, 27 Jun 2018 22:45:28 +0000 (10:45 +1200)]
ntacls: add extra test file for ntacls backup

The ntacls backup tests have to run in ad_dc:local env, which is
different from existing ntacls tests. Add a separate file for backup
tests.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agontacls: add functions to backup and restore ntacls
Joe Guo [Fri, 1 Jun 2018 01:50:05 +0000 (13:50 +1200)]
ntacls: add functions to backup and restore ntacls

1. backup a share online from a smb connection with ntacls using pysmb API.
2. backup a share offline from service path with ntacls using pysmbd API.
3. restore from tarfile with pysmdb API.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopysmbd: add py_smbd_create_file
Joe Guo [Fri, 1 Jun 2018 01:48:31 +0000 (13:48 +1200)]
pysmbd: add py_smbd_create_file

Add create_file function to smbd API.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopysmbd: extract init_files_struct function
Joe Guo [Fri, 1 Jun 2018 01:45:25 +0000 (13:45 +1200)]
pysmbd: extract init_files_struct function

Extract initialization code from set_nt_acl_conn for reuse.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopysmbd: add py_smbd_mkdir
Joe Guo [Fri, 1 Jun 2018 01:40:42 +0000 (13:40 +1200)]
pysmbd: add py_smbd_mkdir

Add mkdir for smbd API.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agopysmb: add py_smb_unlink and test
Joe Guo [Tue, 12 Jun 2018 22:39:57 +0000 (10:39 +1200)]
pysmb: add py_smb_unlink and test

Add unlink api to delete a file with a smb connection.
Test added.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agosamba-tool showrepl tests: test all-good with --pull-summary
Douglas Bagnall [Thu, 28 Jun 2018 04:19:31 +0000 (16:19 +1200)]
samba-tool showrepl tests: test all-good with --pull-summary

We test the all-good case with --pull-summary, which is the only one
we can be reasonably certain about.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Jun 28 09:23:10 CEST 2018 on sn-devel-144

2 years agosamba-tool drs showrepl: add --pull-summary and --notify-summary
Andrew Bartlett [Thu, 28 Jun 2018 02:10:53 +0000 (14:10 +1200)]
samba-tool drs showrepl: add --pull-summary and --notify-summary

These separate the two halves of --summary (which is still there),
allowing the repsto and repsfrom to be separately queried.

One motivation for this is testing: it is difficult to assert the
success of repsfrom (--notify-summary) in the test framework, because
we can't rely on the other end behaving properly and promptly.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agos4/torture/samba_tool_drs_showrepl: use assertRegexpMatches
Douglas Bagnall [Wed, 27 Jun 2018 01:55:16 +0000 (13:55 +1200)]
s4/torture/samba_tool_drs_showrepl: use assertRegexpMatches

rather than a local rewrite special to this file.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4/torture/drs/python: don't double-call enable/disable replication
Douglas Bagnall [Wed, 13 Jun 2018 04:28:55 +0000 (16:28 +1200)]
s4/torture/drs/python: don't double-call enable/disable replication

This is repeating work done in setup/teardown or doubling up in place (self._enable_all_repl includes self._enable_inbound_repl)

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agosamba-tool drs showrepl test: remove useless print
Douglas Bagnall [Wed, 13 Jun 2018 00:54:57 +0000 (12:54 +1200)]
samba-tool drs showrepl test: remove useless print

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agosamba-tool drs showrepl: Skip deleted DSAs when checking for success
Andrew Bartlett [Sun, 10 Jun 2018 19:03:47 +0000 (21:03 +0200)]
samba-tool drs showrepl: Skip deleted DSAs when checking for success

The deleted DSAs are ignored by the server replication code, so ignore past failures
here also.

The repsFrom and repsTo entries will eventually be removed by the KCC.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agosamba-tool drs show_repl: simplify the collection of DC lists
Douglas Bagnall [Thu, 7 Jun 2018 02:27:52 +0000 (14:27 +1200)]
samba-tool drs show_repl: simplify the collection of DC lists

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agosamba-tool drs showrepl --summary for a quick local check
Douglas Bagnall [Thu, 7 Jun 2018 02:15:10 +0000 (14:15 +1200)]
samba-tool drs showrepl --summary for a quick local check

The default output ("classic") gives you a lot of very uninteresting
detail when everything is fine. --summary shuts up about things that
are fine but shouts a little bit when things are broken. It doesn't
provide any new information, just tries to present it in a more useful
format.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agosamba-tool drs showrepl: add a --color flag
Douglas Bagnall [Thu, 7 Jun 2018 02:27:37 +0000 (14:27 +1200)]
samba-tool drs showrepl: add a --color flag

Nothing is using it yet, but the next commit will

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoprovision: set 'binddns dir' when making new smb.conf
Tim Beale [Mon, 25 Jun 2018 02:00:59 +0000 (14:00 +1200)]
provision: set 'binddns dir' when making new smb.conf

When creating a new smb.conf from scratch during a join/clone/etc, the
'binddns dir' setting still uses the source smb.conf/default setting,
instead of the targetdir sub-directory.

I noticed this problem when trying to create a new testenv - the
provision() was trying to create /usr/local/samba/bind-dns directory,
which would fail if samba hadn't already been installed on the host
machine.

Now that this is fixed, we also need to fix tests that were explicitly
asserting that no unexpected directories were left behind after the test
completes.

This change also breaks the upgradeprovision script. The upgrade-
provision calls newprovision() to create a reference provision in a
temporary directory. However, previously this temporary provision was
creating the bind-dns directory in the actual upgrade directory as a
side-effect, e.g. it did a provision() with
targetdir=alpha13_upgrade_full/private/referenceprovisionLBKBh2 and this
ended up creating alpha13_upgrade_full/bind-dns as a side-effect.
The provision() now creates bind-dns in the specified targetdir, but
this means check_for_DNS() fails (it tries to create bind-dns sub-
directories, but the upgrade's bind-dns doesn't exist). I've avoided
this problem by making sure bind-dns exists as part of the
check_for_DNS() processing.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 28 06:22:16 CEST 2018 on sn-devel-144

2 years agoselftest: Update MAX_WRAPPED_INTERFACES comment to match code
Tim Beale [Tue, 29 May 2018 03:22:07 +0000 (15:22 +1200)]
selftest: Update MAX_WRAPPED_INTERFACES comment to match code

Commit 19606e4dc657b0baf3ea84d updated the MAX_WRAPPED_INTERFACES define
in the C code from 40 to 64.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agotests: Add basic test for non-global LoadParm behaviour
Tim Beale [Tue, 26 Jun 2018 22:39:23 +0000 (10:39 +1200)]
tests: Add basic test for non-global LoadParm behaviour

Add a simple test to show that the new non-global LoadParm behaviour
works, i.e.
- by default all LoadParm objects are linked to the same underlying
  object
- using a non-global LoadParm creates a separate underlying object.
- using a non-global LoadParm with a bad filename fails.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoparam: Add non-global smb.cfg option (support 2 different smb.confs)
Aaron Haslett [Mon, 30 Apr 2018 23:10:36 +0000 (11:10 +1200)]
param: Add non-global smb.cfg option (support 2 different smb.confs)

The default behaviour is that there is only a single global underlying
LoadParm object. E.g. if you create 2 different LoadParm objects in
python, they both modify the same underlying object.

This patch adds a mechanism to override this and create a separate
non-global LoadParm object. The use-case is the backup tool, where we
want to manipulate 2 different smb.conf files (the one used to create
the backup, and the smb.conf in the backup itself).

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agosamba: read backup date field on init and fail if present
Aaron Haslett [Tue, 1 May 2018 03:48:38 +0000 (15:48 +1200)]
samba: read backup date field on init and fail if present

This prevents a backup tar file, created with the new official
backup tools, from being extracted and replicated.

This is done here to ensure that samba-tool and ldbsearch can
still operate on the backup (eg for forensics) but starting
Samba as an AD DC will fail.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agotests: Add test that Samba cannot be started with a backup DB
Tim Beale [Wed, 27 Jun 2018 02:06:54 +0000 (14:06 +1200)]
tests: Add test that Samba cannot be started with a backup DB

We don't want users to take a backup file, and then simply untar it and
run Samba (Several modifications to the DB need to be made as part of
the restore process, so users should always run the 'backup restore'
command).

To enforce this, prime_ldb_databases() now refuses to start Samba if the
backupDate marker is present in the DB. This patch adds a test-case that
proves this basic behaviour works.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agodocs: Add manpage for winbind_krb5_localauth.8
Andreas Schneider [Wed, 27 Jun 2018 13:06:07 +0000 (15:06 +0200)]
docs: Add manpage for winbind_krb5_localauth.8

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 27 18:45:56 CEST 2018 on sn-devel-144

2 years agodocs: Move winbind_krb5_locator manpage to volume 8
Andreas Schneider [Wed, 27 Jun 2018 13:14:15 +0000 (15:14 +0200)]
docs: Move winbind_krb5_locator manpage to volume 8

The vfs and idmap manpages are in volume 8 too.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2 years agokrb5_plugin: Move krb5 locator plugin to krb5_plugin subdir
Andreas Schneider [Wed, 27 Jun 2018 12:08:56 +0000 (14:08 +0200)]
krb5_plugin: Move krb5 locator plugin to krb5_plugin subdir

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2 years agokrb5_plugin: Install plugins to krb5 modules dir
Andreas Schneider [Wed, 27 Jun 2018 12:06:39 +0000 (14:06 +0200)]
krb5_plugin: Install plugins to krb5 modules dir

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2 years agoUpdate .travis.yml to match package list used in docker container and Catalyst Cloud...
Andrew Bartlett [Wed, 27 Jun 2018 00:44:25 +0000 (12:44 +1200)]
Update .travis.yml to match package list used in docker container and Catalyst Cloud builds

The package list has some "strange" things in them, but more important is
using the same list everywhere.  We can hopefully harmonise the package lists
to a single file in Samba git soom, merging the docker and packer image creation.

Additionally, Travis CI will probably need to move to Docker once we change
beyond Ubuntu 14.04, so it will simple reference the gitlab.com image then.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed Jun 27 07:51:14 CEST 2018 on sn-devel-144

2 years agoremove_dc: Fix removal of an old Windows DC
Tim Beale [Thu, 14 Jun 2018 23:54:37 +0000 (11:54 +1200)]
remove_dc: Fix removal of an old Windows DC

Windows has 'CN=DNS Settings' child object underneath the Server object.
This was causing the removal of the server object in remove_dc() to
fail.

Noticed this problem while testing the backup/restore tool manually
against a Windows VM.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13484

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Tue Jun 26 23:32:51 CEST 2018 on sn-devel-144

2 years agos3:tests: Add test for smbclient --quiet
Justin Stephenson [Mon, 25 Jun 2018 14:29:28 +0000 (10:29 -0400)]
s3:tests: Add test for smbclient --quiet

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13485

Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Björn Baumbach <bb@sernet.de>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 26 20:29:19 CEST 2018 on sn-devel-144

2 years agos3:client: Add --quiet option to smbclient
Justin Stephenson [Mon, 25 Jun 2018 13:58:56 +0000 (09:58 -0400)]
s3:client: Add --quiet option to smbclient

Add quiet command-line argument to allow suppressing the help log
message printed automatically after establishing a smbclient connection

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13485

Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Björn Baumbach <bb@sernet.de>
2 years agodsdb audit: Fix timestamp tests
Gary Lockyer [Mon, 25 Jun 2018 21:39:56 +0000 (09:39 +1200)]
dsdb audit: Fix timestamp tests

Fix flapping test:
  [242(3560)/242 at 25m3s] samba4.dsdb.samdb.ldb_modules.audit_log
UNEXPECTED(failure):
  samba4.dsdb.samdb.ldb_modules.audit_log.test_operation_json_empty(none)
REASON: Exception: Exception: difftime(after, actual) >= 0
../source4/dsdb/samdb/ldb_modules/tests/test_audit_log.c:74: error:

The tests truncate the microsecond portion of the time, so the
difference could be less than 0.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun 26 06:09:46 CEST 2018 on sn-devel-144

2 years agodsdb-audit: Remove flapping part of the tests
Andrew Bartlett [Mon, 25 Jun 2018 20:29:46 +0000 (08:29 +1200)]
dsdb-audit: Remove flapping part of the tests

Because we have tests for this in the auth audit code, we do not need to have
the complexity of checking that we got DCE/RPC over SMB as an authorization
message here.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agodsdb: Use GUID_zero() rather than memset in dsdb audit code
Andrew Bartlett [Mon, 25 Jun 2018 04:46:29 +0000 (16:46 +1200)]
dsdb: Use GUID_zero() rather than memset in dsdb audit code

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agodsdb: Use customary variable names for the audit private context
Andrew Bartlett [Mon, 25 Jun 2018 04:43:38 +0000 (16:43 +1200)]
dsdb: Use customary variable names for the audit private context

The variable name "ac" typically implies the async context, and the long-life
private context is normally denoted private, not context.  This aligns better
with other modules.

talloc_get_type_abort() is now also used.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agodsdb: Use customary variable names for audit event contexts
Andrew Bartlett [Mon, 25 Jun 2018 04:23:00 +0000 (16:23 +1200)]
dsdb: Use customary variable names for audit event contexts

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agodsdb: Use correct memory context for imessaging_client_init() in audit logging
Andrew Bartlett [Mon, 25 Jun 2018 03:42:42 +0000 (15:42 +1200)]
dsdb: Use correct memory context for imessaging_client_init() in audit logging

This is only used for selftest, to send out the log messages for checking.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agoaudit_logging: Remove duplciate error printing
Andrew Bartlett [Mon, 25 Jun 2018 02:52:59 +0000 (14:52 +1200)]
audit_logging: Remove duplciate error printing

These errors are already logged at DBG_NOTICE in get_event_server()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agoaudit_logging: Initialise event_server
Andrew Bartlett [Mon, 25 Jun 2018 02:52:19 +0000 (14:52 +1200)]
audit_logging: Initialise event_server

It is better if this is a known zero value to start, even if we check the errors
correctly.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agoaudit_logging: Remove incorrect check for NT_STATUS_OBJECT_NAME_NOT_FOUND
Andrew Bartlett [Mon, 25 Jun 2018 02:51:35 +0000 (14:51 +1200)]
audit_logging: Remove incorrect check for NT_STATUS_OBJECT_NAME_NOT_FOUND

NT_STATUS_OBJECT_NAME_NOT_FOUND is not a case we can ignore, it would mean that event_server
is not initialised.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agoaudit_logging: Clarify debug messages
Andrew Bartlett [Mon, 25 Jun 2018 02:48:27 +0000 (14:48 +1200)]
audit_logging: Clarify debug messages

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agoautobuild: Build samba-fileserver --without-json-audit
Andrew Bartlett [Thu, 21 Jun 2018 17:32:29 +0000 (05:32 +1200)]
autobuild: Build samba-fileserver --without-json-audit

This build target is already --without-ad-dc and is the one we need to ensure is
compatible with a host without the Jansson JSON library.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jun 26 02:03:30 CEST 2018 on sn-devel-144

2 years agodsdb: Ensure a build --without-json-audit --without-ad-dc compiles
Andrew Bartlett [Thu, 21 Jun 2018 17:18:52 +0000 (05:18 +1200)]
dsdb: Ensure a build --without-json-audit --without-ad-dc compiles

We still build some of the ldb_modules even when we are not a DC, so we must
split up the DSDB_MODULE_HELPERS.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agolib/audit_logging: Only build audit_logging_test for --enable-selftest on the AD DC
Andrew Bartlett [Thu, 21 Jun 2018 17:39:08 +0000 (05:39 +1200)]
lib/audit_logging: Only build audit_logging_test for --enable-selftest on the AD DC

This allows a --without-ad-dc --enable-selftest build to compile, still testing some
fileserver-only features.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agolib/audit_logging: Require jansson JSON library for building the AD DC
Andrew Bartlett [Thu, 21 Jun 2018 16:50:09 +0000 (04:50 +1200)]
lib/audit_logging: Require jansson JSON library for building the AD DC

This combination is untested and it is reasonable to require this
broadly available library for the AD DC build.

Doing so keeps the combinational complexity down and ensures we test
what we ship.  (It was failing to compile).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agobuild: Move --without-json-audit and json lib detection to lib/audit_logging
Andrew Bartlett [Thu, 21 Jun 2018 16:47:10 +0000 (04:47 +1200)]
build: Move --without-json-audit and json lib detection to lib/audit_logging

This is the common location of the audit logging code now

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>