nivanova/samba-autobuild/.git
2 years agogpoupdate: Rewrite samba_gpoupdate
David Mulder [Thu, 25 May 2017 13:27:27 +0000 (07:27 -0600)]
gpoupdate: Rewrite samba_gpoupdate

Use new python bindings and remove obsoleted code

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogpo: Make the gpclass more easily extensible
David Mulder [Fri, 24 Feb 2017 21:19:48 +0000 (14:19 -0700)]
gpo: Make the gpclass more easily extensible

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agolibgpo: Add libgpo python bindings
David Mulder [Wed, 10 May 2017 19:30:17 +0000 (13:30 -0600)]
libgpo: Add libgpo python bindings

Create libgpo python bindings for GROUP_POLICY_OBJECT, ADS_STRUCT, gpo_get_unix_path, ads_connect, and ads_get_gpo_list.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogpo: fix the building of gpext to only once
Garming Sam [Wed, 5 Feb 2014 04:18:23 +0000 (17:18 +1300)]
gpo: fix the building of gpext to only once

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogpo: enable gpo update with addition to build system
Luke Morrison [Fri, 7 Feb 2014 02:57:14 +0000 (15:57 +1300)]
gpo: enable gpo update with addition to build system

Split from "Initial commit for GPO work done by Luke Morrison" by Garming Sam

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Luke Morrison <luke@hubtrek.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogpoupdate: Remove developer path from the comment
Andrew Bartlett [Tue, 24 Oct 2017 03:06:05 +0000 (16:06 +1300)]
gpoupdate: Remove developer path from the comment

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agogpoupdate: Correct comment about hard-coded 5 second runing of the script
Andrew Bartlett [Tue, 24 Oct 2017 03:04:25 +0000 (16:04 +1300)]
gpoupdate: Correct comment about hard-coded 5 second runing of the script

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agogpoupdate: Do not DEBUG(0) every scan interval
Andrew Bartlett [Tue, 24 Oct 2017 03:02:35 +0000 (16:02 +1300)]
gpoupdate: Do not DEBUG(0) every scan interval

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agogpo: Create the gpo update service
Garming Sam [Wed, 9 Aug 2017 02:17:09 +0000 (14:17 +1200)]
gpo: Create the gpo update service

Split from "Initial commit for GPO work done by Luke Morrison" by David Mulder

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Luke Morrison <luke@hubtrek.com>
Signed-off-by: David Mulder <dmulder@suse.com>
Then adapted to current master

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2 years agogpo: Make the gpoupdate script much more reliable
David Mulder [Sat, 11 Feb 2017 14:53:07 +0000 (07:53 -0700)]
gpo: Make the gpoupdate script much more reliable

Using a static file blanks the file when samba_gpoupdate crashes. Transformed
to a tdb file and added transactions. Add info logging to monitor gpo changes,
etc. Also handle parse errors and log an error message, then recover. Modified
the parsing code to use ConfigParser. Also, use the backslash in path names
when opening smb files, otherwise it fails against a windows server.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogpo: Initial commit for GPO work
Luke Morrison [Fri, 31 Jan 2014 00:27:05 +0000 (13:27 +1300)]
gpo: Initial commit for GPO work

Enclosed is my Summer of Code 2013 patch to have vital password GPO always applied to the Samba4 Domain Controller using a GPO update service.

To try it out "make -j" your samba with the patch, apply a security password GPO and see the difference in ~20 seconds. It also takes GPO hierarchy into account.

Split from "Initial commit for GPO work done by Luke Morrison" by David Mulder

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Luke Morrison <luke@hubtrek.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogpo: Add python libgpo bindings
Luke Morrison [Fri, 31 Jan 2014 00:27:05 +0000 (13:27 +1300)]
gpo: Add python libgpo bindings

Split from "Initial commit for GPO work done by Luke Morrison" by David Mulder

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Luke Morrison <luke@hubtrek.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoRevert "libgpo: remove unused libgpo wscript_build."
Garming Sam [Fri, 31 Jan 2014 00:15:41 +0000 (13:15 +1300)]
Revert "libgpo: remove unused libgpo wscript_build."

This reverts commit feffac806800c1740521133e88a7ac777ce8f368.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogpo: move mkdir_p to lib/util
David Mulder [Wed, 8 Mar 2017 15:33:56 +0000 (08:33 -0700)]
gpo: move mkdir_p to lib/util

Move the mkdir_p function to lib/util so it can be used elsewhere

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agowaf: Move script list to one-per-line
Andrew Bartlett [Tue, 24 Oct 2017 02:46:02 +0000 (15:46 +1300)]
waf: Move script list to one-per-line

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agosource3: remove sock_exec
Gary Lockyer [Fri, 3 Nov 2017 00:35:41 +0000 (13:35 +1300)]
source3: remove sock_exec

Remove the sock_exec code which is no longer needed and additionally has been
used by exploit code.

This was originally test support code, the tests relying on the sock_exec
code have been removed.

Past exploits have used sock_exec as a proxy for system() matching a talloc
destructor prototype.

See for example:
Exploit for Samba vulnerabilty (CVE-2015-0240) at
    https://gist.github.com/worawit/051e881fc94fe4a49295
    and the Red Hat post at
    https://access.redhat.com/blogs/766093/posts/1976553

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 20 07:20:13 CET 2017 on sn-devel-144

2 years agowinbindd: tdb_exists returns 1 if a record is found
Ralph Boehme [Sat, 18 Nov 2017 14:14:15 +0000 (15:14 +0100)]
winbindd: tdb_exists returns 1 if a record is found

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Nov 19 15:14:13 CET 2017 on sn-devel-144

2 years agowinbind: Remove winbind_messaging_context
Volker Lendecke [Fri, 17 Nov 2017 10:47:37 +0000 (11:47 +0100)]
winbind: Remove winbind_messaging_context

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 18 04:07:24 CET 2017 on sn-devel-144

2 years agowinbind: winbind_messaging_context -> server_messaging_context
Volker Lendecke [Fri, 17 Nov 2017 10:42:34 +0000 (11:42 +0100)]
winbind: winbind_messaging_context -> server_messaging_context

Don't use winbind_messaging_context anymore.

This fixes a bug analysed by Peter Somogyi <PSOMOGYI@hu.ibm.com>: If a
parent winbind forks, it only called reinit_after_fork on
winbind_messaging_context. On the other hand, deep in dbwrap_open we use
server_messaging_context(). This is not reinitialized by
winbind_reinit_after fork, so the parent and child share a ctdb
connection. This is invalid, because replies from ctdb end up in the
wrong process.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowinbind: Remove winbind_event_context
Volker Lendecke [Fri, 17 Nov 2017 10:37:30 +0000 (11:37 +0100)]
winbind: Remove winbind_event_context

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowinbind: Replace winbind_event_context with server_event_context
Volker Lendecke [Fri, 17 Nov 2017 10:35:19 +0000 (11:35 +0100)]
winbind: Replace winbind_event_context with server_event_context

There's no point in having two global event contexts

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolibnet_join: fix "net rpc oldjoin"
Stefan Metzmacher [Thu, 16 Nov 2017 21:09:20 +0000 (21:09 +0000)]
libnet_join: fix "net rpc oldjoin"

We need to open the ncacn_np (smb) transport connection with
anonymous credentials.

In order to do netr_ServerPasswordSet*() we need to
establish a 2nd netlogon connection using dcerpc schannel
authentication.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13149

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3:selftest: add samba3.blackbox.net_rpc_oldjoin test
Stefan Metzmacher [Fri, 17 Nov 2017 14:51:36 +0000 (15:51 +0100)]
s3:selftest: add samba3.blackbox.net_rpc_oldjoin test

This demonstrates that "net rpc oldjoin" is currently broken.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13149

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agonsswitch: Slightly simplify winbindd_request_response
Volker Lendecke [Sat, 15 Jul 2017 09:54:14 +0000 (11:54 +0200)]
nsswitch: Slightly simplify winbindd_request_response

We don't need a separate variable, C passes a copy on the stack

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agontlm_auth: Use libwbclient in get_winbind_netbios_name()
Volker Lendecke [Sat, 15 Jul 2017 08:56:47 +0000 (10:56 +0200)]
ntlm_auth: Use libwbclient in get_winbind_netbios_name()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agontlm_auth: Use libwbclient in get_require_membership_sid()
Volker Lendecke [Sat, 15 Jul 2017 09:06:38 +0000 (11:06 +0200)]
ntlm_auth: Use libwbclient in get_require_membership_sid()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agontlm_auth: Use libwbclient in get_winbind_domain()
Volker Lendecke [Sat, 15 Jul 2017 08:55:09 +0000 (10:55 +0200)]
ntlm_auth: Use libwbclient in get_winbind_domain()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agontlm_auth: Use libwbclient in winbind_separator()
Volker Lendecke [Sat, 15 Jul 2017 08:52:17 +0000 (10:52 +0200)]
ntlm_auth: Use libwbclient in winbind_separator()

Avoid direct winbindd_request_response()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolibwbclient: Fix two signed/unsigned hickups
Volker Lendecke [Thu, 13 Jul 2017 13:52:15 +0000 (15:52 +0200)]
libwbclient: Fix two signed/unsigned hickups

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolib: Save a few bytes of .text
Volker Lendecke [Wed, 15 Nov 2017 12:12:05 +0000 (13:12 +0100)]
lib: Save a few bytes of .text

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolib: Fix a false/NULL hickup
Volker Lendecke [Mon, 13 Nov 2017 15:21:31 +0000 (16:21 +0100)]
lib: Fix a false/NULL hickup

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolib: Simplify is_ipaddress_v6
Volker Lendecke [Mon, 13 Nov 2017 15:54:09 +0000 (16:54 +0100)]
lib: Simplify is_ipaddress_v6

Do an early return, avoid an "else", avoid an indentation level

Review with git show -b

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolib: Avoid a pointless static variable
Volker Lendecke [Mon, 13 Nov 2017 15:15:42 +0000 (16:15 +0100)]
lib: Avoid a pointless static variable

Saves a few bytes of .text

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agowinbindd: Fix some signed/unsigned warnings
Volker Lendecke [Sun, 6 Aug 2017 16:04:12 +0000 (18:04 +0200)]
winbindd: Fix some signed/unsigned warnings

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agonsswitch: Fix a typo
Volker Lendecke [Mon, 17 Jul 2017 13:40:11 +0000 (15:40 +0200)]
nsswitch: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agotevent: Fix typos
Volker Lendecke [Mon, 30 Oct 2017 12:51:25 +0000 (13:51 +0100)]
tevent: Fix typos

While there, fix comment formatting

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolibsmb: Fix a typo
Volker Lendecke [Tue, 7 Nov 2017 12:04:21 +0000 (13:04 +0100)]
libsmb: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolib: tevent: Minor cleanup. wakeup_fd can always be gotten from the event context.
Jeremy Allison [Sat, 11 Nov 2017 03:26:55 +0000 (19:26 -0800)]
lib: tevent: Minor cleanup. wakeup_fd can always be gotten from the event context.

We don't need to store it. I prefer this as it shows that we must always
get wakeup_fd from the event context at time of use, rather than possibly
storing an out-of-date variable.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Nov 17 12:43:01 CET 2017 on sn-devel-144

2 years agopthreadpool: create a tevent_threaded_context per registered event context
Ralph Boehme [Sat, 11 Nov 2017 12:05:03 +0000 (13:05 +0100)]
pthreadpool: create a tevent_threaded_context per registered event context

We just need one tevent_threaded_context per unique combintation of
tevent event contexts and pthreadpool_tevent pools, not multiple copies
for identical combinations of a tevent contexts and a pthreadpool_tevent
pools.

With this commit we register tevent contexts in a list in the
pthreadpool_tevent structure and will only have one
tevent_threaded_context object per tevent context per pool.

With many pthreadpool_tevent_job_send reqs this pays off, I've seen a
small decrease in cpu-ticks with valgrind callgrind and a modified
local.messaging.ping-speed torture test. The test modification ensured
messages we never directly send, but always submitted via
pthreadpool_tevent_job_send.

Pair-Programmed-With: Jeremy Allison <jra@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Nov 17 02:35:52 CET 2017 on sn-devel-144

2 years agos4: torture: Ensure kernel oplock test can't hang in pause().
Jeremy Allison [Wed, 15 Nov 2017 18:12:06 +0000 (10:12 -0800)]
s4: torture: Ensure kernel oplock test can't hang in pause().

Use an alarm to break out of waiting for a signal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13121

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 16 22:27:06 CET 2017 on sn-devel-144

2 years agos3: smbclient: tests: Test "volume" command over SMB1 and SMB2+.
Jeremy Allison [Tue, 14 Nov 2017 23:54:19 +0000 (15:54 -0800)]
s3: smbclient: tests: Test "volume" command over SMB1 and SMB2+.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13140

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 15 19:50:54 CET 2017 on sn-devel-144

2 years agos3: smbclient: Implement "volume" command over SMB2.
Jeremy Allison [Tue, 14 Nov 2017 23:42:14 +0000 (15:42 -0800)]
s3: smbclient: Implement "volume" command over SMB2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13140

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos3: libsmb: smbc_statvfs is missing the supporting SMB2 calls.
Jeremy Allison [Tue, 14 Nov 2017 21:52:03 +0000 (13:52 -0800)]
s3: libsmb: smbc_statvfs is missing the supporting SMB2 calls.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13138

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agopam_winbind: initial Turkish translation
ulkuderner [Tue, 1 Aug 2017 09:01:22 +0000 (12:01 +0300)]
pam_winbind: initial Turkish translation

Reviewed-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Nov 15 13:52:05 CET 2017 on sn-devel-144

2 years agosmbtorture: Remove an unused variable
Volker Lendecke [Sun, 12 Nov 2017 15:09:35 +0000 (16:09 +0100)]
smbtorture: Remove an unused variable

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 14 03:55:37 CET 2017 on sn-devel-144

2 years agodreplsrv: Use is_null_sid
Volker Lendecke [Sun, 12 Nov 2017 15:07:48 +0000 (16:07 +0100)]
dreplsrv: Use is_null_sid

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolib: Save a few bytes of .text
Volker Lendecke [Sun, 12 Nov 2017 13:55:40 +0000 (14:55 +0100)]
lib: Save a few bytes of .text

Looks surprising, but this does save bytes if you look at the object with
"size".

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agorpcclient: Avoid a ZERO_STRUCT, save a few bytes .text
Volker Lendecke [Sun, 12 Nov 2017 13:48:24 +0000 (14:48 +0100)]
rpcclient: Avoid a ZERO_STRUCT, save a few bytes .text

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolib: Avoid a ZERO_STRUCT, save a few bytes .text
Volker Lendecke [Sun, 12 Nov 2017 13:48:24 +0000 (14:48 +0100)]
lib: Avoid a ZERO_STRUCT, save a few bytes .text

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agosmbd: Avoid an "else"
Volker Lendecke [Fri, 4 Aug 2017 08:44:59 +0000 (10:44 +0200)]
smbd: Avoid an "else"

We always return in the if-branch before. The else is redundant

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoutil_tdb: Make a few functions static
Volker Lendecke [Thu, 3 Aug 2017 15:08:48 +0000 (17:08 +0200)]
util_tdb: Make a few functions static

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agopassdb: Fix a typo
Volker Lendecke [Fri, 4 Aug 2017 12:47:17 +0000 (14:47 +0200)]
passdb: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolibcli: Fix a signed/unsigned hickup
Volker Lendecke [Mon, 13 Nov 2017 07:53:04 +0000 (08:53 +0100)]
libcli: Fix a signed/unsigned hickup

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agonetsamlogon_cache: Use ndr_pull_struct_blob_all
Volker Lendecke [Thu, 3 Aug 2017 15:03:26 +0000 (17:03 +0200)]
netsamlogon_cache: Use ndr_pull_struct_blob_all

Be a bit more strict for error checking

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agotevent: version 0.9.34 tevent-0.9.34
Stefan Metzmacher [Mon, 13 Nov 2017 10:05:04 +0000 (11:05 +0100)]
tevent: version 0.9.34

* Remove unused select backend
* Fix a race condition in tevent_threaded_schedule_immediate()
  (bug #13130)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Nov 13 18:02:46 CET 2017 on sn-devel-144

2 years agos3:passdb: Fix a memory leak in secrets_fetch_or_upgrade_domain_info()
Andreas Schneider [Thu, 2 Nov 2017 20:49:43 +0000 (21:49 +0100)]
s3:passdb: Fix a memory leak in secrets_fetch_or_upgrade_domain_info()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Nov 13 14:05:46 CET 2017 on sn-devel-144

2 years agovfs_fruit: Unlink memory on error
Andreas Schneider [Thu, 2 Nov 2017 20:48:21 +0000 (21:48 +0100)]
vfs_fruit: Unlink memory on error

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agos4: torture: kernel oplocks. Add smb2.kernel-oplocks.kernel_oplocks8
Jeremy Allison [Thu, 9 Nov 2017 17:59:23 +0000 (09:59 -0800)]
s4: torture: kernel oplocks. Add smb2.kernel-oplocks.kernel_oplocks8

Test if the server blocks whilst waiting on a kernel lease held by
a non-smbd process.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13121

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Nov 11 20:12:26 CET 2017 on sn-devel-144

2 years agos3: smbd: kernel oplocks. Replace retry_open() with setup_kernel_oplock_poll_open().
Jeremy Allison [Thu, 9 Nov 2017 20:48:15 +0000 (12:48 -0800)]
s3: smbd: kernel oplocks. Replace retry_open() with setup_kernel_oplock_poll_open().

If a O_NONBLOCK open fails with EWOULDBLOCK, this code changes smbd to
do a retry open every second, until either the timeout or we get a successful
open. If we're opening a file that has a kernel lease set by a non-smbd
process, this is the best we can do.

Prior to this, smbd would block on the second open on such a leased file
(not using O_NONBLOCK) which freezes active clients.

Regression test to follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13121

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agolibsmbclient: Allow server (NetApp) to return STATUS_INVALID_PARAMETER from an echo.
Jeremy Allison [Fri, 8 Sep 2017 23:20:34 +0000 (16:20 -0700)]
libsmbclient: Allow server (NetApp) to return STATUS_INVALID_PARAMETER from an echo.

It does this if we send a session ID of zero. The server still replied.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13007

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 11 08:44:37 CET 2017 on sn-devel-144

2 years agovfs: remove SMB_VFS_INIT_SEARCH_OP
Uri Simchoni [Fri, 10 Nov 2017 19:53:58 +0000 (21:53 +0200)]
vfs: remove SMB_VFS_INIT_SEARCH_OP

This VFS is no longer being called, hence removed.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_unityed_media: remove handling of init_search_op
Uri Simchoni [Fri, 10 Nov 2017 19:50:17 +0000 (21:50 +0200)]
vfs_unityed_media: remove handling of init_search_op

init_search_op is about to be removed from the VFS in
a following commit. In the meantime, removing it poses
no issue because he underlying impementation is a no-op.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_media_harmony: remove handling of init_search_op
Uri Simchoni [Fri, 10 Nov 2017 19:48:26 +0000 (21:48 +0200)]
vfs_media_harmony: remove handling of init_search_op

This VFS function is about to be removed in a following commit.
In the meantime, not handling it by vfs_media_harmony poses no
issue because the underlying implenentation is a no-op.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_time_audit: remove init_search_op implementation
Uri Simchoni [Fri, 10 Nov 2017 19:47:29 +0000 (21:47 +0200)]
vfs_time_audit: remove init_search_op implementation

This VFS call is about to be removed in a following commit.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_glusterfs: remove init_search_op handling
Uri Simchoni [Fri, 10 Nov 2017 19:39:54 +0000 (21:39 +0200)]
vfs_glusterfs: remove init_search_op handling

This VFS function is about to be removed. It can be
removed by a separate commit because both the glusterfs
and the default implementations are no-ops.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoVFS examples: remove init_search_ops
Uri Simchoni [Fri, 10 Nov 2017 19:20:47 +0000 (21:20 +0200)]
VFS examples: remove init_search_ops

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agosmbd: remove dptr_init_search_op()
Uri Simchoni [Fri, 10 Nov 2017 19:38:41 +0000 (21:38 +0200)]
smbd: remove dptr_init_search_op()

This function is now not being used.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agosmbd: remove calls to dptr_init_search_op() from TRANS2 search code
Uri Simchoni [Fri, 10 Nov 2017 19:35:54 +0000 (21:35 +0200)]
smbd: remove calls to dptr_init_search_op() from TRANS2 search code

dptr_init_search_op() invokes VFS operations which are no-op in all
in-tree VFS modules. Furthermore, it's not being called by the SMB2
search code, so probably it's not being used by any out-of-tree VFS
module either.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agosmbd: remove calls to dptr_init_search_op()
Uri Simchoni [Fri, 10 Nov 2017 19:32:49 +0000 (21:32 +0200)]
smbd: remove calls to dptr_init_search_op()

dptr_init_search_op() invokes a VFS operation which is
a no-op in all in-tree VFS modules. Furthermore,
dptr_init_search_op() is not being called from SMB2 search
code, which hints that no out-of-tree VFS module needs it.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs: Remove aio_linux
Volker Lendecke [Fri, 10 Nov 2017 11:09:36 +0000 (12:09 +0100)]
vfs: Remove aio_linux

Triggered by https://bugzilla.samba.org/show_bug.cgi?id=13128 I think
this module should go. Once Linux aio will do what Samba needs, this
might be worth another look.

What we should instead do soon is support Linux preadv2 and the
RWF_NOWAIT flag to avoid the thread context switch whenever possible.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agotevent: Fix a race condition
Volker Lendecke [Fri, 10 Nov 2017 20:22:26 +0000 (21:22 +0100)]
tevent: Fix a race condition

We can't rely on tctx to exist after we unlocked the mutex. It took a
while, but this does lead to data corruption. If *tctx is replaced with
something where tctx->wakeup_fd points to a real, existing file
descriptor, we're screwed. And by screwed, this means file corruption
on disk.

Again. I am not tall enough for this business.

http://bholley.net/blog/2015/must-be-this-tall-to-write-multi-threaded-code.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13130

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 11 03:20:09 CET 2017 on sn-devel-144

2 years agolibcli: Fix a typo
Volker Lendecke [Mon, 30 Oct 2017 12:46:04 +0000 (13:46 +0100)]
libcli: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <sharpe@samba.org>
2 years agos4: torture: kernel_oplocks. Create a regression test case for bug #13058.
Jeremy Allison [Fri, 3 Nov 2017 19:02:17 +0000 (12:02 -0700)]
s4: torture: kernel_oplocks. Create a regression test case for bug #13058.

It implements the following test case:

1. client of smbd-1 opens the file and sets the oplock.
2. client of smbd-2 tries to open the file. open() fails(EAGAIN) and open is deferred.
3. client of smbd-1 sends oplock break request to the client.
4. client of smbd-1 closes the file.
5. client of smbd-1 opens the file and sets the oplock.
6. client of smbd-2 calls defer_open_done(), sees that the file lease was not changed
and does not reschedule open.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13058

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2 years agoRevert "s3/smbd: fix deferred open with streams and kernel oplocks"
Jeremy Allison [Fri, 3 Nov 2017 21:47:01 +0000 (21:47 +0000)]
Revert "s3/smbd: fix deferred open with streams and kernel oplocks"

This reverts commit b35a296a27a0807c780f2a9e7af2f2e93feefaa8.

This was the cause of

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13058

1. client of smbd-1 opens the file and sets the oplock.
2. client of smbd-2 tries to open the file. open() fails(EAGAIN) and open is deferred.
3. client of smbd-1 sends oplock break request to the client.
4. client of smbd-1 closes the file.
5. client of smbd-1 opens the file and sets the oplock.
6. client of smbd-2 calls defer_open_done(), sees that the file lease was not changed
and does not reschedule open.

and is no longer needed now vfs_streams_xattr.c no longer opens
the base file internally.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2 years agovfs_glusterfs: include glusterfs/api/glfs.h without relying on -I options
Niels de Vos [Tue, 31 Oct 2017 14:52:49 +0000 (15:52 +0100)]
vfs_glusterfs: include glusterfs/api/glfs.h without relying on -I options

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13125

The glfs.h header file has always resided under glusterfs/api/ in the
standard include directory. The glusterfs-api.pc file adds the unneeded
-I${includedir}/glusterfs compiler option. This option will be removed
from future versions of the pkg-config file.

This change can safely be backported to older versions if there is a
need to have them build against glusterfs-3.13 or newer.

URL: https://review.gluster.org/18576
CC: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Nov  9 22:37:30 CET 2017 on sn-devel-144

2 years agosmbc_opendir should not return EEXIST with invalid login credentials
David Mulder [Thu, 2 Nov 2017 14:25:11 +0000 (08:25 -0600)]
smbc_opendir should not return EEXIST with invalid login credentials

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Autobuild-User(master): Jim McDonough <jmcd@samba.org>
Autobuild-Date(master): Thu Nov  9 01:49:06 CET 2017 on sn-devel-144

2 years agopython: tests: Add tests for samba.posix_eadb module
Lumir Balhar [Tue, 24 Oct 2017 07:01:16 +0000 (09:01 +0200)]
python: tests: Add tests for samba.posix_eadb module

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov  8 21:54:59 CET 2017 on sn-devel-144

2 years agopython: Port ntvfs posix bindings to Python 3 compatible form
Lumir Balhar [Tue, 24 Oct 2017 07:00:11 +0000 (09:00 +0200)]
python: Port ntvfs posix bindings to Python 3 compatible form

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoctdb-tests: Fix some harmless CIDs
Martin Schwenke [Tue, 7 Nov 2017 22:22:29 +0000 (09:22 +1100)]
ctdb-tests: Fix some harmless CIDs

CID 1420632: Resource leaks (RESOURCE LEAK)
CID 1420631: Security best practices violations (TOCTOU)
CID 1417432: Resource leaks (RESOURCE LEAK)
CID 1417429: Security best practices violations (TOCTOU)
CID 1417427: Resource leaks (RESOURCE LEAK)

These are all in test code and constrained to the test environment, so
can't result in privilege escape.  No backport necessary.  However, we
might as well get them off the list.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Nov  8 11:28:40 CET 2017 on sn-devel-144

2 years agomanpages: add vfs_nfs4acl_xattr.8
Ralph Boehme [Mon, 23 Oct 2017 16:56:37 +0000 (18:56 +0200)]
manpages: add vfs_nfs4acl_xattr.8

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov  8 04:27:28 CET 2017 on sn-devel-144

2 years agoselftest: run raw.acls test with XDR NFS41 ACLs
Ralph Boehme [Thu, 19 Oct 2017 12:24:03 +0000 (14:24 +0200)]
selftest: run raw.acls test with XDR NFS41 ACLs

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoselftest: run raw.acls tests against a share with XDR NFS4 ACLs
Ralph Boehme [Thu, 7 Sep 2017 15:29:03 +0000 (17:29 +0200)]
selftest: run raw.acls tests against a share with XDR NFS4 ACLs

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_nfs4acl_xattr: add XDR backend
Ralph Boehme [Wed, 18 Oct 2017 18:48:37 +0000 (20:48 +0200)]
vfs_nfs4acl_xattr: add XDR backend

Add a NFS4 ACL backend that stores the ACL blob in an XDR encoded xattr,
by default in "security.nfs4acl_xdr".

This backend is enabled by setting "nfs4acl_xattr:encoding = xdr" in a
share definition.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_nfs4acl_xattr: implement take-ownership as in vfs_acl_common
Ralph Boehme [Mon, 23 Oct 2017 10:46:07 +0000 (12:46 +0200)]
vfs_nfs4acl_xattr: implement take-ownership as in vfs_acl_common

This allows take-ownership to work if the user has SEC_STD_WRITE_OWNER.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_nfs4acl_xattr: add POSIX mode check and reset
Ralph Boehme [Wed, 18 Oct 2017 18:45:05 +0000 (20:45 +0200)]
vfs_nfs4acl_xattr: add POSIX mode check and reset

The vfs_nfs4acl_xattr VFS module is supposed to work the same as
vfs_acl_xattr|tdb with "ignore system acls" set to true. That is,
filesystem permissions should never restrict access and the actual
access checks are done by smbd in userspace.

To better cope with POSIX mode changes via other protocols (eg NFS) or
local filesystem access, add the following tweaks:

o validate ACL blob: if POSIX mode is not 0777/0666 discard the ACL blob
  from the xattr and synthesize a default ACL based on the POSIX mode

o when setting an ACL, check and reset POSIX mode to 0777/0666

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_nfs4acl_xattr: do xattr ops as root
Ralph Boehme [Mon, 23 Oct 2017 12:15:12 +0000 (14:15 +0200)]
vfs_nfs4acl_xattr: do xattr ops as root

This ensures we can always fetch the ACL xattr blob when we wanted,
unrestricted of filesystem permissions or Linux xattr security namespace
restrictions.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoselftest: test vfs_nfs4acl_xattr with NFS 4.1 ACLs
Ralph Boehme [Mon, 23 Oct 2017 12:05:19 +0000 (14:05 +0200)]
selftest: test vfs_nfs4acl_xattr with NFS 4.1 ACLs

Only tests with "nfs4:mode = simple" as mode special is supposed to be
broken anyway and simple is recommended.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agonfs4acls: update default NFS4 ACL version to 4.1
Ralph Boehme [Thu, 2 Nov 2017 11:45:48 +0000 (12:45 +0100)]
nfs4acls: update default NFS4 ACL version to 4.1

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoselftest: add explicit default NFS4 acl version
Ralph Boehme [Mon, 23 Oct 2017 11:35:49 +0000 (13:35 +0200)]
selftest: add explicit default NFS4 acl version

This is the current default, just make it explicit. A subsequent commit
will bump the default to 4.1.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_nfs4acl_xattr: add support for NFS 4.1 ACL flags in the NDR backend
Ralph Boehme [Thu, 19 Oct 2017 13:40:52 +0000 (15:40 +0200)]
vfs_nfs4acl_xattr: add support for NFS 4.1 ACL flags in the NDR backend

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolibrpc/idl: add NFS 4.1 ACL flags
Ralph Boehme [Thu, 19 Oct 2017 20:44:38 +0000 (22:44 +0200)]
librpc/idl: add NFS 4.1 ACL flags

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_nfs4acl_xattr: move the meat of the implementation to a seperate file
Ralph Boehme [Tue, 17 Oct 2017 10:02:53 +0000 (12:02 +0200)]
vfs_nfs4acl_xattr: move the meat of the implementation to a seperate file

This is in preperation of modularizing the storage backend. Currently we
store the NFS4 ACL as an IDL/NDR encoded blob in a xattr.

Later commits will add a different backend storing the NFS4 ACL as an
XDR encoded blob in a xattr.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_nfs4acl_xattr: fsp->fh->fd can legally be -1
Ralph Boehme [Mon, 23 Oct 2017 14:38:51 +0000 (16:38 +0200)]
vfs_nfs4acl_xattr: fsp->fh->fd can legally be -1

We only open the underlying file if the open access mode contains

FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_nfs4acl_xattr: refactoring
Ralph Boehme [Mon, 23 Oct 2017 14:35:52 +0000 (16:35 +0200)]
vfs_nfs4acl_xattr: refactoring

Refactor the code in preperation of factoring out ACL blob to smb4acl
and vice versa mapping functions.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_nfs4acl_xattr: code polish
Ralph Boehme [Thu, 19 Oct 2017 19:53:40 +0000 (21:53 +0200)]
vfs_nfs4acl_xattr: code polish

README.Coding adjustments, DEBUG macro modernisation, variable name
sanitizing. No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_nfs4acl_xattr: modernize ACL inheritance
Ralph Boehme [Mon, 16 Oct 2017 16:05:51 +0000 (18:05 +0200)]
vfs_nfs4acl_xattr: modernize ACL inheritance

This changes the way ACL inheritance is achieved in this
module.

Previously the module recursed to the next parent directory until the
share root was reached or a directory with an ACL xattr. If the share
root didn't contain an ACL xattr either a default ACL would be used.

This commit removed this recursive scanning and replaces it with the
same mechanism used by vfs_acl_xattr: by setting "inherit acls = yes"
just let smbd do the heavy lefting and inheritance.

For any file without ACL xattr we still synthesize a default ACL,
leveraging the existing default ACL function used by vfs_acl_xattr.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agovfs_nfs4acl_xattr: add a runtime configuration object
Ralph Boehme [Thu, 19 Oct 2017 14:34:44 +0000 (16:34 +0200)]
vfs_nfs4acl_xattr: add a runtime configuration object

No change in behaviour, all option defaults are set to the original
behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolibrpc/idl: add versions consts to nfs4acl.idl
Ralph Boehme [Thu, 19 Oct 2017 12:22:00 +0000 (14:22 +0200)]
librpc/idl: add versions consts to nfs4acl.idl

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolibrpc/idl: rename NFS4 ACL xattr name
Ralph Boehme [Thu, 2 Nov 2017 11:17:48 +0000 (12:17 +0100)]
librpc/idl: rename NFS4 ACL xattr name

The "system" xattr namespace is reserved for the kernel. Any attempt to
use xattrs in that namesspace will fail with EOPNOTSUPP, regardless of
priveleges. In autobuild we're using the xattr_tdb VFS module, so it
works there.

Using the "security" namespace instead makes this module generally
usable with Linux filesystem xattrs as storage backend.

Additionally prefix the xattr name with "_ndr". This is in preperation
of later commits that add a ACL blob marshalling format based on XDR. To
avoid xattr name collision, both format will use distinct xattr names by
default.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolibrpc/idl: rename NFS4 ACL xattr name define
Ralph Boehme [Thu, 19 Oct 2017 10:29:47 +0000 (12:29 +0200)]
librpc/idl: rename NFS4 ACL xattr name define

No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>