sfrench/samba-autobuild/.git
2 years agovfs_fruit: fix a typo
Ralph Boehme [Sun, 9 Jul 2017 06:32:16 +0000 (08:32 +0200)]
vfs_fruit: fix a typo

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jul 10 16:48:24 CEST 2017 on sn-devel-144

2 years agodelete duplicate test
Herb Lewis [Fri, 7 Jul 2017 20:10:54 +0000 (13:10 -0700)]
delete duplicate test

Signed-off-by: Herb Lewis <herb@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Herb Lewis <herb@samba.org>
Autobuild-Date(master): Sat Jul  8 05:57:55 CEST 2017 on sn-devel-144

2 years agoselftest: add a test for accessing previous version of directories with snapdirsevery...
Ralph Boehme [Fri, 7 Jul 2017 11:12:19 +0000 (13:12 +0200)]
selftest: add a test for accessing previous version of directories with snapdirseverywhere

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12885

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jul  8 00:33:51 CEST 2017 on sn-devel-144

2 years agos3/smbd: let non_widelink_open() chdir() to directories directly
Ralph Boehme [Fri, 7 Jul 2017 10:57:57 +0000 (12:57 +0200)]
s3/smbd: let non_widelink_open() chdir() to directories directly

If the caller passes O_DIRECTORY we just try to chdir() to smb_fname
directly, not to the parent directory.

The security check in check_reduced_name() will continue to work, but
this fixes the case of an open() for a previous version of a
subdirectory that contains snapshopt.

Eg:

[share]
    path = /shares/test
    vfs objects = shadow_copy2
    shadow:snapdir = .snapshots
    shadow:snapdirseverywhere = yes

Directory tree with fake snapshots:

$ tree -a /shares/test/
/shares/test/
├── dir
│   ├── file
│   └── .snapshots
│       └── @GMT-2017.07.04-04.30.12
│           └── file
├── dir2
│   └── file
├── file
├── .snapshots
│   └── @GMT-2001.01.01-00.00.00
│       ├── dir2
│       │   └── file
│       └── file
└── testfsctl.dat

./bin/smbclient -U slow%x //localhost/share -c 'ls @GMT-2017.07.04-04.30.12/dir/*'
NT_STATUS_OBJECT_NAME_NOT_FOUND listing \@GMT-2017.07.04-04.30.12\dir\*

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12885

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoldb/tests: more thoroughly test empty ldb_msg elements
Douglas Bagnall [Thu, 6 Jul 2017 00:41:07 +0000 (12:41 +1200)]
ldb/tests: more thoroughly test empty ldb_msg elements

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul  7 20:10:37 CEST 2017 on sn-devel-144

2 years agoldb: avoid searching empty lists in ldb_msg_find_common_values
Douglas Bagnall [Wed, 5 Jul 2017 22:01:24 +0000 (10:01 +1200)]
ldb: avoid searching empty lists in ldb_msg_find_common_values

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoldb: Fix index out of bound in ldb_msg_find_common_values
Lukas Slebodnik [Tue, 4 Jul 2017 13:46:49 +0000 (15:46 +0200)]
ldb: Fix index out of bound in ldb_msg_find_common_values

cmocka unit test failed on i386
[==========] Running 2 test(s).
[ RUN      ] test_ldb_msg_find_duplicate_val
[       OK ] test_ldb_msg_find_duplicate_val
[ RUN      ] test_ldb_msg_find_common_values
[  FAILED  ] test_ldb_msg_find_common_values
[==========] 2 test(s) run.
[  ERROR   ] --- 0x14 != 0
[   LINE   ] --- ../tests/ldb_msg.c:266: error: Failure!
[  PASSED  ] 1 test(s).
[  FAILED  ] 1 test(s), listed below:
[  FAILED  ] test_ldb_msg_find_common_values
 1 FAILED TEST(S)

But we were just lucky on other platforms because there is
index out of bound according to valgrind error.

==3298== Invalid read of size 4
==3298==    at 0x486FCF6: ldb_val_cmp (ldb_msg.c:95)
==3298==    by 0x486FCF6: ldb_msg_find_common_values (ldb_msg.c:266)
==3298==    by 0x109A3D: test_ldb_msg_find_common_values (ldb_msg.c:265)
==3298==    by 0x48E7490: ??? (in /usr/lib/libcmocka.so.0.4.1)
==3298==    by 0x48E7EB0: _cmocka_run_group_tests (in /usr/lib/libcmocka.so.0.4.1)
==3298==    by 0x1089B7: main (ldb_msg.c:352)
==3298==  Address 0x4b07734 is 4 bytes after a block of size 48 alloc'd
==3298==    at 0x483223E: malloc (vg_replace_malloc.c:299)
==3298==    by 0x4907AA7: _talloc_array (in /usr/lib/libtalloc.so.2.1.9)
==3298==    by 0x486FBF8: ldb_msg_find_common_values (ldb_msg.c:245)
==3298==    by 0x109A3D: test_ldb_msg_find_common_values (ldb_msg.c:265)
==3298==    by 0x48E7490: ??? (in /usr/lib/libcmocka.so.0.4.1)
==3298==    by 0x48E7EB0: _cmocka_run_group_tests (in /usr/lib/libcmocka.so.0.4.1)
==3298==    by 0x1089B7: main (ldb_msg.c:352)

Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos3: tests: Add test for new smbclient "deltree" command.
Jeremy Allison [Thu, 6 Jul 2017 17:52:45 +0000 (10:52 -0700)]
s3: tests: Add test for new smbclient "deltree" command.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul  7 13:38:24 CEST 2017 on sn-devel-144

2 years agodocs: Document new smbclient deltree command.
Jeremy Allison [Thu, 6 Jul 2017 00:23:48 +0000 (17:23 -0700)]
docs: Document new smbclient deltree command.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos3: smbclient: Add new command deltree.
Jeremy Allison [Thu, 6 Jul 2017 00:21:18 +0000 (17:21 -0700)]
s3: smbclient: Add new command deltree.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos3: client: Move struct file_list code to using talloc from malloc.
Jeremy Allison [Wed, 5 Jul 2017 22:53:07 +0000 (15:53 -0700)]
s3: client: Move struct file_list code to using talloc from malloc.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agowaf: Do not install _ldb_text.py if we have system libldb
Andreas Schneider [Thu, 6 Jul 2017 05:44:28 +0000 (07:44 +0200)]
waf: Do not install _ldb_text.py if we have system libldb

_ldb_text.py is installed as part of the ldb package and also if you
compile Samba with the system ldb version. This way we have have the
file twice in the same location and run into file confilcts.

This has already been fixed some time ago:
    60dc26bfe1573265dcbd87b9dd3439f945e57d97

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12882

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2 years agomessaging: Remove messaging_handler_send
Volker Lendecke [Sat, 24 Jun 2017 07:01:46 +0000 (09:01 +0200)]
messaging: Remove messaging_handler_send

This did not really take off, notifyd was the only user

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul  7 05:11:48 CEST 2017 on sn-devel-144

2 years agonotifyd: Remove notifyd_handler_done
Volker Lendecke [Sat, 24 Jun 2017 06:57:18 +0000 (08:57 +0200)]
notifyd: Remove notifyd_handler_done

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agonotifyd: Use messaging_register for MSG_SMB_NOTIFY_DB
Volker Lendecke [Sat, 24 Jun 2017 06:56:35 +0000 (08:56 +0200)]
notifyd: Use messaging_register for MSG_SMB_NOTIFY_DB

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agonotifyd: Use messaging_register for MSG_SMB_NOTIFY_GET_DB
Volker Lendecke [Sat, 24 Jun 2017 06:48:45 +0000 (08:48 +0200)]
notifyd: Use messaging_register for MSG_SMB_NOTIFY_GET_DB

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agonotifyd: Use messaging_register for MSG_SMB_NOTIFY_TRIGGER
Volker Lendecke [Sat, 24 Jun 2017 06:45:17 +0000 (08:45 +0200)]
notifyd: Use messaging_register for MSG_SMB_NOTIFY_TRIGGER

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agonotifyd: Use messaging_register for MSG_SMB_NOTIFY_REC_CHANGE
Volker Lendecke [Sat, 24 Jun 2017 06:38:53 +0000 (08:38 +0200)]
notifyd: Use messaging_register for MSG_SMB_NOTIFY_REC_CHANGE

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agomessaging: make messaging_rec_create public
Volker Lendecke [Sat, 24 Jun 2017 06:38:19 +0000 (08:38 +0200)]
messaging: make messaging_rec_create public

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agonotifyd: Avoid an if-expression
Volker Lendecke [Wed, 5 Jul 2017 07:37:14 +0000 (09:37 +0200)]
notifyd: Avoid an if-expression

Best reviewed with "git show -b -U10"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agonotifyd: Consolidate two #ifdef CLUSTER into one
Volker Lendecke [Wed, 5 Jul 2017 07:34:51 +0000 (09:34 +0200)]
notifyd: Consolidate two #ifdef CLUSTER into one

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agonotifyd: Only ask for messaging_ctdb_conn when clustering
Volker Lendecke [Fri, 16 Jun 2017 13:20:22 +0000 (15:20 +0200)]
notifyd: Only ask for messaging_ctdb_conn when clustering

Without clustering, messaging_ctdb_conn will fail anyway.

Review with "git show -b".

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agoAdd support for passing the max_referral_level into the cli call to get a DFS referra...
Richard Sharpe [Mon, 26 Jun 2017 16:43:31 +0000 (09:43 -0700)]
Add support for passing the max_referral_level into the cli call to get a DFS referral. This is being done so I can write tests of the DFS referral code on the server side.

Signed-off-by: Richard Sharpe <richard.sharpe@primarydata.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agounittests: Do not install the test_dummy rpc module
Andreas Schneider [Wed, 5 Jul 2017 08:30:35 +0000 (10:30 +0200)]
unittests: Do not install the test_dummy rpc module

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12879

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul  5 22:21:06 CEST 2017 on sn-devel-144

2 years agounittests: Add missing stdint.h include
Andreas Schneider [Wed, 5 Jul 2017 06:59:23 +0000 (08:59 +0200)]
unittests: Add missing stdint.h include

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12878

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2 years agowaf: Only build unit tests with selftest enabled
Andreas Schneider [Wed, 5 Jul 2017 08:08:49 +0000 (10:08 +0200)]
waf: Only build unit tests with selftest enabled

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12877

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2 years agoAdd code to run the tests for 'samba-tool user edit'
Rowland Penny [Tue, 4 Jul 2017 14:07:53 +0000 (15:07 +0100)]
Add code to run the tests for 'samba-tool user edit'

Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Jul  5 17:53:24 CEST 2017 on sn-devel-144

2 years agoAdd test for 'samba-tool user edit'
Rowland Penny [Tue, 4 Jul 2017 14:04:36 +0000 (15:04 +0100)]
Add test for 'samba-tool user edit'

Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2 years agoEasily edit a users object in AD, as if using ldbedit.
Rowland Penny [Tue, 4 Jul 2017 14:00:58 +0000 (15:00 +0100)]
Easily edit a users object in AD, as if using ldbedit.

Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2 years agoauth/spnego: pass spnego_in to gensec_spnego_parse_negTokenInit()
Stefan Metzmacher [Fri, 30 Dec 2016 15:06:49 +0000 (16:06 +0100)]
auth/spnego: pass spnego_in to gensec_spnego_parse_negTokenInit()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul  5 06:43:17 CEST 2017 on sn-devel-144

2 years agoauth/spnego: remove useless indentation level for SPNEGO_SERVER_START
Stefan Metzmacher [Tue, 13 Jun 2017 21:56:47 +0000 (23:56 +0200)]
auth/spnego: remove useless indentation level for SPNEGO_SERVER_START

Check with git show -w

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: move SERVER gensec_spnego_create_negTokenInit() handling to the top
Stefan Metzmacher [Tue, 13 Jun 2017 21:55:00 +0000 (23:55 +0200)]
auth/spnego: move SERVER gensec_spnego_create_negTokenInit() handling to the top

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: set spnego_state->{state_position,expected_packet} gensec_spnego_create_...
Stefan Metzmacher [Thu, 29 Jun 2017 14:55:09 +0000 (16:55 +0200)]
auth/spnego: set spnego_state->{state_position,expected_packet} gensec_spnego_create_negTokenInit()

We should only do the state change in a defined place
and not with any error gensec_spnego_create_negTokenInit() might return.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: don't pass 'in' to gensec_spnego_create_negTokenInit()
Stefan Metzmacher [Wed, 14 Jun 2017 00:46:29 +0000 (02:46 +0200)]
auth/spnego: don't pass 'in' to gensec_spnego_create_negTokenInit()

It's always en empty blob.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: add a struct spnego_negTokenTarg *ta variable to make some lines shorter
Stefan Metzmacher [Wed, 14 Jun 2017 01:36:22 +0000 (03:36 +0200)]
auth/spnego: add a struct spnego_negTokenTarg *ta variable to make some lines shorter

This makes future modifications easier to review.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: use a helper variable for spnego.negTokenInit.targetPrincipal
Stefan Metzmacher [Wed, 14 Jun 2017 01:33:21 +0000 (03:33 +0200)]
auth/spnego: use a helper variable for spnego.negTokenInit.targetPrincipal

This makes the lines a bit shorter and the future diff easier to review.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoauth/spnego: rename gensec_spnego_server_negTokenTarg() into gensec_spnego_server_res...
Stefan Metzmacher [Fri, 30 Jun 2017 09:00:12 +0000 (11:00 +0200)]
auth/spnego: rename gensec_spnego_server_negTokenTarg() into gensec_spnego_server_response()

gensec_spnego_server_negTokenTarg() will reappear as function that
handles the whole negTokenTarg processing.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agopython: tests: Add test for tdb_copy function from tdb_util module.
Lumir Balhar [Tue, 4 Jul 2017 09:39:28 +0000 (11:39 +0200)]
python: tests: Add test for tdb_copy function from tdb_util module.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul  5 02:00:25 CEST 2017 on sn-devel-144

2 years agoldb: Use libraries from build dir for testsuite
Lukas Slebodnik [Mon, 3 Jul 2017 22:32:31 +0000 (00:32 +0200)]
ldb: Use libraries from build dir for testsuite

There was a failure when tests were executed after after extracting
ldb tarball.

  sh$ make -j8 check
  WAF_MAKE=1 PATH=buildtools/bin:../../buildtools/bin:$PATH waf test
  ldbadd: error while loading shared libraries: libldb.so.1: cannot open shared object file: No such file or directory
  cat: write error: Broken pipe
  Traceback (most recent call last):
    File "tests/python/api.py", line 10, in <module>
      import ldb
  ImportError: libldb.so.1: cannot open shared object file: No such file or directory
  Traceback (most recent call last):
    File "tests/python/api.py", line 10, in <module>
      import ldb
  ImportError: libpyldb-util.so.1: cannot open shared object file: No such file or directory
  bin/ldb_tdb_mod_op_test: error while loading shared libraries: libldb.so.1: cannot open shared object file: No such file or directory
  testsuite returned 1

Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
2 years agotalloc: Fix execution of test_magic_differs from tarball
Lukas Slebodnik [Mon, 3 Jul 2017 14:17:44 +0000 (16:17 +0200)]
talloc: Fix execution of test_magic_differs from tarball

make check failed in case of tarball because test_magic_differs.sh
is in top level directory and not in sub-directory lib/talloc

  sh: ./lib/talloc/test_magic_differs.sh: No such file or directory
  magic differs test returned 127

Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agotalloc: Use libraries from build dir for testsuite
Lukas Slebodnik [Mon, 3 Jul 2017 14:09:34 +0000 (16:09 +0200)]
talloc: Use libraries from build dir for testsuite

There was a failure when tests were executed after after extracting
talloc tarball.

  sh$ make -j8 check
  WAF_MAKE=1 PATH=buildtools/bin:../../buildtools/bin:$PATH waf test
  bin/talloc_testsuite: error while loading shared libraries: libtalloc.so.2: cannot open shared object file: No such file or directory
  sh: ./lib/talloc/test_magic_differs.sh: No such file or directory
  Traceback (most recent call last):
    File "test_pytalloc.py", line 11, in <module>
      import talloc
  ImportError: libtalloc.so.2: cannot open shared object file: No such file or directory

Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoWHATSNEW: Start release notes for Samba 4.8.0pre1.
Karolin Seeger [Mon, 3 Jul 2017 10:09:53 +0000 (12:09 +0200)]
WHATSNEW: Start release notes for Samba 4.8.0pre1.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Jul  4 17:41:59 CEST 2017 on sn-devel-144

2 years agoVERSION: Bump version up to 4.8.0pre1...
Karolin Seeger [Mon, 3 Jul 2017 10:06:30 +0000 (12:06 +0200)]
VERSION: Bump version up to 4.8.0pre1...

and re-enable GIT_SNAPSHOTS.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agoVERSION: Disable GIT_SNAPSHOTS for the 4.7.0rc1 release samba-4.7.0rc1
Karolin Seeger [Mon, 3 Jul 2017 09:33:38 +0000 (11:33 +0200)]
VERSION: Disable GIT_SNAPSHOTS for the 4.7.0rc1 release

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agoVERSION: Bump version up to 4.7.0rc1
Karolin Seeger [Mon, 3 Jul 2017 09:30:27 +0000 (11:30 +0200)]
VERSION: Bump version up to 4.7.0rc1

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agoWHATSNEW: Prepare release notes for Samba 4.7.0rc1.
Karolin Seeger [Mon, 3 Jul 2017 09:26:36 +0000 (11:26 +0200)]
WHATSNEW: Prepare release notes for Samba 4.7.0rc1.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agoctdb-daemon: Increase priority of logs when recovery happens
Amitay Isaacs [Tue, 4 Jul 2017 05:50:12 +0000 (15:50 +1000)]
ctdb-daemon: Increase priority of logs when recovery happens

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-daemon: Increase priority of logs when shutting down
Amitay Isaacs [Tue, 4 Jul 2017 05:49:54 +0000 (15:49 +1000)]
ctdb-daemon: Increase priority of logs when shutting down

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-daemon: Increase priority of logs when ctdb starts up disabled/stopped
Amitay Isaacs [Tue, 4 Jul 2017 05:49:19 +0000 (15:49 +1000)]
ctdb-daemon: Increase priority of logs when ctdb starts up disabled/stopped

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-daemon: Increase priority of logs when node is stopped/continued
Amitay Isaacs [Tue, 4 Jul 2017 05:32:47 +0000 (15:32 +1000)]
ctdb-daemon: Increase priority of logs when node is stopped/continued

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-daemon: Increase priority of logs for recmaster changes
Amitay Isaacs [Tue, 4 Jul 2017 05:31:51 +0000 (15:31 +1000)]
ctdb-daemon: Increase priority of logs for recmaster changes

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-daemon: Increase priority of logs for node connect/disconnect
Amitay Isaacs [Tue, 4 Jul 2017 05:18:39 +0000 (15:18 +1000)]
ctdb-daemon: Increase priority of logs for node connect/disconnect

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoWHATSNEW: Fix typo
Andrew Bartlett [Tue, 4 Jul 2017 03:16:57 +0000 (15:16 +1200)]
WHATSNEW: Fix typo

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agoWHATSNEW: Add docs for ntlm auth changes
Andrew Bartlett [Tue, 4 Jul 2017 03:16:05 +0000 (15:16 +1200)]
WHATSNEW: Add docs for ntlm auth changes

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agos3/tests: add a net cache samlogon test
Ralph Boehme [Mon, 3 Jul 2017 16:36:29 +0000 (18:36 +0200)]
s3/tests: add a net cache samlogon test

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12875

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agonet: fix net cache samlogon list output
Ralph Boehme [Tue, 4 Jul 2017 07:38:07 +0000 (09:38 +0200)]
net: fix net cache samlogon list output

Don't print the table header for every entry.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12875

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agosmbldap: expose bind callback via API and increase smbldap ABI version
Alexander Bokovoy [Mon, 3 Jul 2017 08:58:50 +0000 (11:58 +0300)]
smbldap: expose bind callback via API and increase smbldap ABI version

Until we fully migrate to use gensec in smbldap, we need to continue
exposing bind callback to allow FreeIPA to integrate with smbldap.

Since smbldap API is now lacking direct access to 'struct
smbldap_state' and new API functions were added to give access to
individual members of this structure, it makes sense to increase ABI
version too.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul  4 11:14:49 CEST 2017 on sn-devel-144

2 years agosamr: Disable NTLM-based password changes on the server if NTLM is disabled
Andrew Bartlett [Mon, 3 Jul 2017 02:39:09 +0000 (14:39 +1200)]
samr: Disable NTLM-based password changes on the server if NTLM is disabled

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoselftest: Disable NTLM authentication in ktest environment
Tim Beale [Tue, 4 Jul 2017 01:40:31 +0000 (13:40 +1200)]
selftest: Disable NTLM authentication in ktest environment

This allows us to prove that "ntlm auth = disabled" works

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923

2 years agoparam: Add new "disabled" value to "ntlm auth" to disable NTLM totally
Andrew Bartlett [Mon, 3 Jul 2017 02:16:50 +0000 (14:16 +1200)]
param: Add new "disabled" value to "ntlm auth" to disable NTLM totally

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoselftest: Add test to confirm NTLM authentication is enabled
Tim Beale [Tue, 4 Jul 2017 01:31:11 +0000 (13:31 +1200)]
selftest: Add test to confirm NTLM authentication is enabled

(or later, that it is disabled)

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923

2 years agoparam: Disable LanMan authentication unless NTLMv1 is also enabled
Andrew Bartlett [Mon, 3 Jul 2017 02:11:47 +0000 (14:11 +1200)]
param: Disable LanMan authentication unless NTLMv1 is also enabled

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923

2 years agoselftest: Use new ntlmv2-only and mschapv2-and-ntlmv2-only options
Andrew Bartlett [Mon, 3 Jul 2017 22:31:40 +0000 (10:31 +1200)]
selftest: Use new ntlmv2-only and mschapv2-and-ntlmv2-only options

This will allow the py_credentials test to tell if these are in use

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoauth: Allow NTLMv1 if MSV1_0_ALLOW_MSVCHAPV2 is given and re-factor 'ntlm auth ='
Andrew Bartlett [Mon, 3 Jul 2017 00:11:51 +0000 (12:11 +1200)]
auth: Allow NTLMv1 if MSV1_0_ALLOW_MSVCHAPV2 is given and re-factor 'ntlm auth ='

The ntlm auth parameter is expanded to more clearly describe the
role of each option, and to allow the new mode that permits MSCHAPv2
(as declared by the client over the NETLOGON protocol) while
still banning NTLMv1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12252
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Based on a patch by Mantas Mikulėnas <mantas@utenos-kolegija.lt>:

Commit 0b500d413c5b ("Added MSV1_0_ALLOW_MSVCHAPV2 flag to ntlm_auth")
added the --allow-mschapv2 option, but didn't implement checking for it
server-side. This implements such checking.

Additionally, Samba now disables NTLMv1 authentication by default for
security reasons. To avoid having to re-enable it globally, 'ntlm auth'
becomes an enum and a new setting is added to allow only MSCHAPv2.

Signed-off-by: Mantas Mikulėnas <mantas@utenos-kolegija.lt>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoselftest: Add test for support for MSCHAPv2 and NTLMv1 on a server
Andrew Bartlett [Mon, 3 Jul 2017 05:28:05 +0000 (17:28 +1200)]
selftest: Add test for support for MSCHAPv2 and NTLMv1 on a server

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agos3-rpc_server: Disable the NETLOGON server by default
Andrew Bartlett [Sun, 2 Jul 2017 23:28:06 +0000 (11:28 +1200)]
s3-rpc_server: Disable the NETLOGON server by default

The NETLOGON server is only needed when the classic/NT4 DC is enabled
and has been the source of security issues in the past.  Therefore
reduce the attack surface.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agotests: Add simple check whether netlogon server is running
Tim Beale [Mon, 3 Jul 2017 21:31:54 +0000 (09:31 +1200)]
tests: Add simple check whether netlogon server is running

Netlogon only needs to run in DC environment. This is a simple test to
check whether the netlogon service is running. This will allow us to
disable the netlogon service on setups that don't require it.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth: Disable SChannel authentication if we are not a DC
Andrew Bartlett [Mon, 3 Jul 2017 01:10:35 +0000 (13:10 +1200)]
auth: Disable SChannel authentication if we are not a DC

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agodns_server: Only install common library if AD DC is enabled.
Andrew Bartlett [Tue, 4 Jul 2017 04:11:12 +0000 (16:11 +1200)]
dns_server: Only install common library if AD DC is enabled.

The library is used in selftest, so must still be built

This reverts commit d32b66b40c931fe8214faa2e1d40b34b86667d4c and
replaces the behaviour.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agonet: add net cache samlogon list|show|ndrdump|delete
Ralph Boehme [Wed, 28 Jun 2017 05:14:36 +0000 (07:14 +0200)]
net: add net cache samlogon list|show|ndrdump|delete

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jul  4 00:12:46 CEST 2017 on sn-devel-144

2 years agosamlogon_cache: add netsamlog_cache_for_all()
Ralph Boehme [Tue, 27 Jun 2017 15:34:34 +0000 (17:34 +0200)]
samlogon_cache: add netsamlog_cache_for_all()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agonetlogon.idl: mark session keys with NDR_SECRET
Ralph Boehme [Mon, 3 Jul 2017 10:38:22 +0000 (12:38 +0200)]
netlogon.idl: mark session keys with NDR_SECRET

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agos4/torture: test fetching a resume key twice
Ralph Boehme [Mon, 3 Jul 2017 13:16:13 +0000 (15:16 +0200)]
s4/torture: test fetching a resume key twice

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agos3/smbd: remove unneeded flags argument from SMB_VFS_OFFLOAD_WRITE_SEND
Ralph Boehme [Sat, 10 Jun 2017 07:05:55 +0000 (09:05 +0200)]
s3/smbd: remove unneeded flags argument from SMB_VFS_OFFLOAD_WRITE_SEND

...and instead use the fsctl to infer required behaviour in the VFS
backends.

Note that this removes the check from vfs_default because there we only
handle FSCTL_SRV_COPYCHUNK(_WRITE) and must always perform the lock
checks.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agos3/smbd: get rid of files_struct.aapl_copyfile_supported
Ralph Boehme [Fri, 9 Jun 2017 15:27:17 +0000 (17:27 +0200)]
s3/smbd: get rid of files_struct.aapl_copyfile_supported

A previous commit removed the special hook from the SMB layer, so we
don't need this anymore.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agos4/torture: more tests for copy-chunk across shares
Ralph Boehme [Tue, 6 Jun 2017 12:36:38 +0000 (14:36 +0200)]
s4/torture: more tests for copy-chunk across shares

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agos3/vfs: make SMB_VFS_OFFLOAD_WRITE_SEND offload token based
Ralph Boehme [Fri, 9 Jun 2017 11:02:49 +0000 (13:02 +0200)]
s3/vfs: make SMB_VFS_OFFLOAD_WRITE_SEND offload token based

Remove the source fsp argument and instead pass the offload token
generated with SMB_VFS_OFFLOAD_READ_SEND/RECV.

An actual offload fsctl is not implemented yet, neither in the VFS nor
at the SMB ioctl layer, and returns NT_STATUS_NOT_IMPLEMENTED

With these changes we now pass the copy-chunk-across-shares test.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agos4/torture: add a test for copy-chunk across shares
Ralph Boehme [Mon, 5 Jun 2017 06:31:19 +0000 (08:31 +0200)]
s4/torture: add a test for copy-chunk across shares

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agos3/smbd: redesign macOS copyfile copy-chunk
Ralph Boehme [Fri, 9 Jun 2017 14:50:05 +0000 (16:50 +0200)]
s3/smbd: redesign macOS copyfile copy-chunk

The copy-chunk request chunk_count can be 0 and Windows server just
returns success saying number of copied chunks is 0.

macOS client overload this after negotiating AAPL via their SMB2
extensions, meaning it's a so called copyfile request (copy whole file
and all streams).

We previously checked this at the SMB layer, with this patch we just
send this down the VFS, if vfs_fruit is loaded it implements the macOS
copyile semantics, otherwise we get Windows behavour..

No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agos3/smbd: remove copy-chunk chunk merging optimisation
Ralph Boehme [Fri, 9 Jun 2017 14:35:39 +0000 (16:35 +0200)]
s3/smbd: remove copy-chunk chunk merging optimisation

As we won't have the source fsp around with the coming token based
offload read/write based code, we can't merge chunks as that requires
checking against the source file size.

We could still merge chunks without checking, but getting the error
handling correct would require comlicated logic for the SMB2 ioctl
copy-chunk error reporting.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agos3/smbd: remove unused arg smb1req from copychunk_check_handles()
Ralph Boehme [Fri, 9 Jun 2017 11:08:43 +0000 (13:08 +0200)]
s3/smbd: remove unused arg smb1req from copychunk_check_handles()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agos3/smbd: remove flags2 FLAGS2_READ_PERMIT_EXECUTE hack in the SMB2 code
Ralph Boehme [Fri, 9 Jun 2017 11:02:49 +0000 (13:02 +0200)]
s3/smbd: remove flags2 FLAGS2_READ_PERMIT_EXECUTE hack in the SMB2 code

By adding a SMB2 specific CHECK_READ_SMB2 macro called that always
grants read access if execute was granted, we can get rid of the flags2
hack.

All callers in the SMB2 code are converted to use the CHECK_READ_SMB2
macro.

Amongs other things, this later allows moving the handle checks in
copychunk_check_handles() down into the VFS layer where we don't have
access to the smbreq.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agos3/smbd: remove ununsed req arg from CHECK_READ_IOCTL macro
Ralph Boehme [Fri, 9 Jun 2017 10:57:03 +0000 (12:57 +0200)]
s3/smbd: remove ununsed req arg from CHECK_READ_IOCTL macro

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agos3/vfs: rename SMB_VFS_COPY_CHUNK_SEND/RECV to SMB_VFS_OFFLOAD_WRITE_SEND/RECV
Ralph Boehme [Sun, 4 Jun 2017 11:50:33 +0000 (13:50 +0200)]
s3/vfs: rename SMB_VFS_COPY_CHUNK_SEND/RECV to SMB_VFS_OFFLOAD_WRITE_SEND/RECV

No change in behaviour, just a rename in preperation of more changes to
SMB_VFS_OFFLOAD_WRITE_SEND. It helps keeping the diff of the actual
changes smaller.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agos3/smbd: use SMB_VFS_OFFLOAD_READ_SEND/RECV
Ralph Boehme [Tue, 6 Jun 2017 10:23:27 +0000 (12:23 +0200)]
s3/smbd: use SMB_VFS_OFFLOAD_READ_SEND/RECV

No change in behaviour, this just uses the new SMB_VFS_OFFLOAD_READ_SEND
in the duplicate extents and the resume key ioctls.

In the copy-chunk/resume-key case this means using
SMB_VFS_OFFLOAD_READ_SEND to create the resume-key token that is
returned to the client.

In the duplicate-extents case this ensures we can later call
offload-write, which requires a previous call to offload-read that
associates a token with a file-handle.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agos3/vfs: add SMB_VFS_OFFLOAD_READ_SEND/RECV
Ralph Boehme [Sat, 3 Jun 2017 10:57:59 +0000 (12:57 +0200)]
s3/vfs: add SMB_VFS_OFFLOAD_READ_SEND/RECV

Add SMB_VFS_OFFLOAD_READ_SEND an SMB_VFS_OFFLOAD_READ_RECV.

This paves the way for supporting server-side copy-chunk with source and
destination file-handles on different shares. It can be used to
implement copy offload fsctl in the future, but for now this will be
used as a mere copy-chunk replacement.

SMB_VFS_OFFLOAD_READ generates a token that associates an fsp with the
token and stores the fsp in a in-memory db.

Initially only a copy-chunk resume key fsctl is supported. In the future
this can be enhanced to support real offload fsctl.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agos4/torture: pass destination tree to test_setup_copy_chunk
Ralph Boehme [Tue, 6 Jun 2017 12:50:15 +0000 (14:50 +0200)]
s4/torture: pass destination tree to test_setup_copy_chunk

No change in behaviour, will be used in subsequent commits.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agolibrpc/idl: make use storage_offload_token
Ralph Boehme [Fri, 2 Jun 2017 11:09:41 +0000 (13:09 +0200)]
librpc/idl: make use storage_offload_token

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agolibrpc/idl: fix STORAGE_OFFLOAD_TOKEN_TYPE_ZERO_DATA definition
Ralph Boehme [Fri, 2 Jun 2017 11:06:31 +0000 (13:06 +0200)]
librpc/idl: fix STORAGE_OFFLOAD_TOKEN_TYPE_ZERO_DATA definition

STORAGE_OFFLOAD_TOKEN_TYPE_ZERO_DATA is defined as 0xffff0001 in MS-FSCC
2.3.79.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agolibrpc/idl: convert offload flags to a bitmap
Ralph Boehme [Fri, 2 Jun 2017 11:05:22 +0000 (13:05 +0200)]
librpc/idl: convert offload flags to a bitmap

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agolib/util: add more tfork tests
Ralph Boehme [Fri, 26 May 2017 16:10:07 +0000 (18:10 +0200)]
lib/util: add more tfork tests

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agolib/util: adjust loglevel in tfork test with samba_runcmd_send()
Ralph Boehme [Thu, 18 May 2017 10:02:22 +0000 (12:02 +0200)]
lib/util: adjust loglevel in tfork test with samba_runcmd_send()

No change in behaviour, this just ensures stdout and stderror are
logged with log level 0.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agolib/util: make use of tfork in samba_runcmd_send()
Ralph Boehme [Tue, 16 May 2017 16:36:03 +0000 (18:36 +0200)]
lib/util: make use of tfork in samba_runcmd_send()

This makes it possible to use samba_runcmd_send() in processes like smbd
that install a SIGCHLD handler that reaps all terminated children.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agolib/util: enhanced tfork()
Ralph Boehme [Tue, 25 Apr 2017 22:48:39 +0000 (00:48 +0200)]
lib/util: enhanced tfork()

This function is a solution to the problem of fork() requiring special
preperations in the caller to handle SIGCHLD signals and to reap the
child by wait()ing for it.

Instead, tfork provides a pollable file descriptor. The caller gets the
file descriptor by calling tfork_event_fd() on the handle returned from
tfork_create() and the caller can then get the status of the child
with a call to tfork_status().

tfork avoids raising SIGCHLD signals in the caller by installing a
temporary SIGCHLD handler from inside tfork_create() and tfork_status().

The termination signal of other child processes not created with tfork()
is forwarded to the existing signal handler if any.

There's one thing this thing can't protect us against and that is if a
process installs a SIGCHLD handler from one thread while another thread
is running inside tfork_create() or tfork_status() and the signal
handler doesn't forward signals for exitted childs it didn't fork, ie
our childs.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2 years agos3:rpc_server: wrap make_auth4_context() into {become,unbecome}_root()
Stefan Metzmacher [Fri, 30 Jun 2017 11:26:17 +0000 (13:26 +0200)]
s3:rpc_server: wrap make_auth4_context() into {become,unbecome}_root()

This need to create a temporary messaging context in order to do
the auth logging. This can only be done as root.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12850

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Jul  3 08:15:29 CEST 2017 on sn-devel-144

2 years agoWHATSNEW: Improved AD performance (particularly linked attributes)
Garming Sam [Mon, 3 Jul 2017 01:15:50 +0000 (13:15 +1200)]
WHATSNEW: Improved AD performance (particularly linked attributes)

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoWHATSNEW: DNS at domain join improvements
Garming Sam [Mon, 3 Jul 2017 01:09:26 +0000 (13:09 +1200)]
WHATSNEW: DNS at domain join improvements

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoWHATSNEW: Additional hashes introduced with WDigest
Garming Sam [Mon, 3 Jul 2017 00:46:09 +0000 (12:46 +1200)]
WHATSNEW: Additional hashes introduced with WDigest

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoWHATSNEW: Improved RODC support
Garming Sam [Sun, 2 Jul 2017 23:51:10 +0000 (11:51 +1200)]
WHATSNEW: Improved RODC support

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoselftest: Prime the netlogon cache during test_idmap_rfc2307
Andrew Bartlett [Sat, 1 Jul 2017 10:20:17 +0000 (22:20 +1200)]
selftest: Prime the netlogon cache during test_idmap_rfc2307

This ensures that the group memberships just created are reflected in the test
comparison.  Otherwise we are trusting that no caches are primed, which is
simply not safe in a test.

(The login will put a list of groups, as obtained by the login over NETLOGON or
via the PAC, into the samlogon cache).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Jul  2 21:59:18 CEST 2017 on sn-devel-144