sfrench/samba-autobuild/.git
2 years agoctdb-locking: There are no ALLDB locks any more
Amitay Isaacs [Wed, 7 Jun 2017 06:45:50 +0000 (16:45 +1000)]
ctdb-locking: There are no ALLDB locks any more

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-client: Add correct control names to log messages
Amitay Isaacs [Wed, 14 Jun 2017 06:35:50 +0000 (16:35 +1000)]
ctdb-client: Add correct control names to log messages

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-tests: Fix function names in protocol test
Amitay Isaacs [Thu, 6 Apr 2017 06:51:57 +0000 (16:51 +1000)]
ctdb-tests: Fix function names in protocol test

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agos3: VFS: Change SMB_VFS_SYMLINK to use const struct smb_filename * instead of const...
Jeremy Allison [Thu, 8 Jun 2017 23:25:58 +0000 (16:25 -0700)]
s3: VFS: Change SMB_VFS_SYMLINK to use const struct smb_filename * instead of const char *.

We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Jun 18 07:03:18 CEST 2017 on sn-devel-144

2 years agos3: VFS: Change SMB_VFS_READLINK to use const struct smb_filename * instead of const...
Jeremy Allison [Wed, 7 Jun 2017 22:03:37 +0000 (15:03 -0700)]
s3: VFS: Change SMB_VFS_READLINK to use const struct smb_filename * instead of const char *.

We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agos3: VFS: Change SMB_VFS_STATVFS to use const struct smb_filename * instead of const...
Jeremy Allison [Fri, 2 Jun 2017 22:26:06 +0000 (15:26 -0700)]
s3: VFS: Change SMB_VFS_STATVFS to use const struct smb_filename * instead of const char *.

We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agos3: VFS: Change SMB_VFS_LINK to use const struct smb_filename * instead of const...
Jeremy Allison [Fri, 2 Jun 2017 21:21:54 +0000 (14:21 -0700)]
s3: VFS: Change SMB_VFS_LINK to use const struct smb_filename * instead of const char *.

We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agos3: VFS: Change SMB_VFS_GET_QUOTA to use const struct smb_filename * instead of const...
Jeremy Allison [Thu, 1 Jun 2017 18:45:25 +0000 (11:45 -0700)]
s3: VFS: Change SMB_VFS_GET_QUOTA to use const struct smb_filename * instead of const char *.

We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agos3: VFS: Change SMB_VFS_DISK_FREE to use const struct smb_filename * instead of const...
Jeremy Allison [Tue, 23 May 2017 17:40:47 +0000 (10:40 -0700)]
s3: VFS: Change SMB_VFS_DISK_FREE to use const struct smb_filename * instead of const char *.

We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agos3: VFS: Change SMB_VFS_CHFLAGS to use const struct smb_filename * instead of const...
Jeremy Allison [Fri, 19 May 2017 23:15:55 +0000 (16:15 -0700)]
s3: VFS: Change SMB_VFS_CHFLAGS to use const struct smb_filename * instead of const char *.

We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agos3: VFS: Change SMB_VFS_MKNOD to use const struct smb_filename * instead of const...
Jeremy Allison [Fri, 19 May 2017 22:01:52 +0000 (15:01 -0700)]
s3: VFS: Change SMB_VFS_MKNOD to use const struct smb_filename * instead of const char *.

We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agos3: VFS: Remove old traces of smb_vfs_call_llistxattr().
Jeremy Allison [Thu, 1 Jun 2017 17:51:45 +0000 (10:51 -0700)]
s3: VFS: Remove old traces of smb_vfs_call_llistxattr().

This call doesn't exist anymore.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agos4:libcli/smb_composite: make the additional gensec_update steps async
Stefan Metzmacher [Wed, 14 Jun 2017 22:03:14 +0000 (00:03 +0200)]
s4:libcli/smb_composite: make the additional gensec_update steps async

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jun 17 20:54:59 CEST 2017 on sn-devel-144

2 years agos4:libcli/smb_composite: add early returns to sesssetup.c:request_handler()
Stefan Metzmacher [Wed, 14 Jun 2017 21:33:04 +0000 (23:33 +0200)]
s4:libcli/smb_composite: add early returns to sesssetup.c:request_handler()

This makes it much clearer under which condutions the following code
operates.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:libcli/smb_composite: make the first round to gensec async
Stefan Metzmacher [Wed, 14 Jun 2017 21:24:10 +0000 (23:24 +0200)]
s4:libcli/smb_composite: make the first round to gensec async

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:libcli/smb_composite: move gensec_update_ev() out of session_setup_spnego()
Stefan Metzmacher [Mon, 15 May 2017 22:25:45 +0000 (00:25 +0200)]
s4:libcli/smb_composite: move gensec_update_ev() out of session_setup_spnego()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:libcli/smb_composite: move session_setup_spnego_restart() to the callers of sessio...
Stefan Metzmacher [Mon, 15 May 2017 22:16:14 +0000 (00:16 +0200)]
s4:libcli/smb_composite: move session_setup_spnego_restart() to the callers of session_setup_spnego()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:libcli/smb_composite: split out session_setup_spnego_restart() from session_setup_...
Stefan Metzmacher [Mon, 15 May 2017 22:10:33 +0000 (00:10 +0200)]
s4:libcli/smb_composite: split out session_setup_spnego_restart() from session_setup_spnego()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:libcli/smb_composite: move chosen_oid to state->chosen_oid
Stefan Metzmacher [Wed, 14 Jun 2017 21:24:10 +0000 (23:24 +0200)]
s4:libcli/smb_composite: move chosen_oid to state->chosen_oid

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:libcli/smb_composite: simplify gensec_update_ev() handling in session_setup_spnego()
Stefan Metzmacher [Mon, 15 May 2017 22:01:07 +0000 (00:01 +0200)]
s4:libcli/smb_composite: simplify gensec_update_ev() handling in session_setup_spnego()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth/gensec: add GENSEC_UPDATE_IS_NTERROR() helper macro
Stefan Metzmacher [Wed, 14 Jun 2017 08:39:26 +0000 (10:39 +0200)]
auth/gensec: add GENSEC_UPDATE_IS_NTERROR() helper macro

This allows us to write clearer code that
checks for NT_STATUS_OK and NT_STATUS_MORE_PROCESSING_REQUIRED.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth/gensec: clear the update_busy_ptr in gensec_subcontext_start()
Stefan Metzmacher [Wed, 14 Jun 2017 14:21:56 +0000 (16:21 +0200)]
auth/gensec: clear the update_busy_ptr in gensec_subcontext_start()

This is required to support async subcontexts.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoctdb-recovery: Delete empty records during recovery
Amitay Isaacs [Thu, 9 Mar 2017 04:50:59 +0000 (15:50 +1100)]
ctdb-recovery: Delete empty records during recovery

Persistent databases are now always recovered by sequence number.  So
there is no need to keep the empty records in the database since they
will never be recovered record-by-record using RSN.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Jun 17 16:47:55 CEST 2017 on sn-devel-144

2 years agoctdb-daemon: Delete empty records from persistent database
Amitay Isaacs [Thu, 9 Mar 2017 04:53:21 +0000 (15:53 +1100)]
ctdb-daemon: Delete empty records from persistent database

Persistent databases are now always recovered by sequence number.  So
there is no need to keep the empty records in the database since they
will never be recovered record-by-record using RSN.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agos3:smb2_sesssetup: allow a compound request after a SessionSetup
Stefan Metzmacher [Thu, 15 Jun 2017 21:01:18 +0000 (23:01 +0200)]
s3:smb2_sesssetup: allow a compound request after a SessionSetup

This is not a full fix yet as we don't allow compound requests
after going async.

With SMB 3.11 requiring signed TreeConnect requests it's pointless
to try to compound requests after a SessionSetup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12845

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 17 10:55:25 CEST 2017 on sn-devel-144

2 years agos3:smb2_tcon: allow a compound request after a TreeConnect
Stefan Metzmacher [Thu, 15 Jun 2017 21:01:18 +0000 (23:01 +0200)]
s3:smb2_tcon: allow a compound request after a TreeConnect

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12844

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3: libsmb: Correctly save and restore connection tcon in smbclient, smbcacls and...
Jeremy Allison [Tue, 13 Jun 2017 23:56:48 +0000 (16:56 -0700)]
s3: libsmb: Correctly save and restore connection tcon in smbclient, smbcacls and smbtorture3.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agos3: libsmb: Correctly do lifecycle management on cli->smb1.tcon and cli->smb2.tcon.
Jeremy Allison [Tue, 13 Jun 2017 23:37:39 +0000 (16:37 -0700)]
s3: libsmb: Correctly do lifecycle management on cli->smb1.tcon and cli->smb2.tcon.

Treat them identically. Create them on demand after for a tcon call,
and delete them on a tdis call.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agos3: libsmb: Fix cli_state_has_tcon() to cope with SMB2 connections.
Jeremy Allison [Tue, 13 Jun 2017 23:36:54 +0000 (16:36 -0700)]
s3: libsmb: Fix cli_state_has_tcon() to cope with SMB2 connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agos3: libsmb: Widen cli_state_get_tid() / cli_state_set_tid() to 32-bits.
Jeremy Allison [Tue, 13 Jun 2017 23:26:00 +0000 (16:26 -0700)]
s3: libsmb: Widen cli_state_get_tid() / cli_state_set_tid() to 32-bits.

Copes with SMB2 connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agos3: smbtorture: Show correct use of cli_state_save_tcon() / cli_state_restore_tcon().
Jeremy Allison [Tue, 13 Jun 2017 23:25:25 +0000 (16:25 -0700)]
s3: smbtorture: Show correct use of cli_state_save_tcon() / cli_state_restore_tcon().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agos3: libsmb: Add cli_state_save_tcon() / cli_state_restore_tcon().
Jeremy Allison [Tue, 13 Jun 2017 23:15:00 +0000 (16:15 -0700)]
s3: libsmb: Add cli_state_save_tcon() / cli_state_restore_tcon().

Save and restore tcon pointers in smb1 or smb2 structs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agolibcli: smb: Add smb2cli_tcon_set_id().
Jeremy Allison [Tue, 13 Jun 2017 23:08:22 +0000 (16:08 -0700)]
libcli: smb: Add smb2cli_tcon_set_id().

Will be used in test and client code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agolibcli: smb: Add smbXcli_tcon_copy().
Jeremy Allison [Tue, 13 Jun 2017 23:06:22 +0000 (16:06 -0700)]
libcli: smb: Add smbXcli_tcon_copy().

Makes a deep copy of a struct smbXcli_tcon *, will
be used later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2 years agodsdb: Add comment explaining requirements on DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID
Andrew Bartlett [Sat, 10 Jun 2017 07:23:34 +0000 (19:23 +1200)]
dsdb: Add comment explaining requirements on DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 16 23:43:46 CEST 2017 on sn-devel-144

2 years agodsdb: Do not prevent searches for @ATTRIBUTES because the DB is not set up yet
Andrew Bartlett [Thu, 8 Jun 2017 11:17:20 +0000 (23:17 +1200)]
dsdb: Do not prevent searches for @ATTRIBUTES because the DB is not set up yet

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agodsdb: Do not run dsdb_replace() on the calculated difference between old and new...
Andrew Bartlett [Tue, 6 Jun 2017 22:44:50 +0000 (10:44 +1200)]
dsdb: Do not run dsdb_replace() on the calculated difference between old and new schema

We can set the database @INDEXLIST and @ATTRIBUTES to the full calculated
values, not the difference, and let the ldb layer work it out under the
transaction lock.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agoselftest: confirm that two attributes are also correctly set in the @ records
Andrew Bartlett [Fri, 16 Jun 2017 02:13:42 +0000 (14:13 +1200)]
selftest: confirm that two attributes are also correctly set in the @ records

This shows that the current behaviour in dsdb_schema_set_indices_and_attributes(), while
not ideal, is not actually buggy.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agoselftest: Fix failure message in dsdb_schema_info
Andrew Bartlett [Wed, 14 Jun 2017 01:11:56 +0000 (13:11 +1200)]
selftest: Fix failure message in dsdb_schema_info

The rename changes the CN, not the lDAPDisplayName

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agokrb5_wrap: handle KRB5_ERR_HOST_REALM_UNKNOWN in smb_krb5_get_realm_from_hostname()
Stefan Metzmacher [Sun, 11 Jun 2017 21:19:01 +0000 (23:19 +0200)]
krb5_wrap: handle KRB5_ERR_HOST_REALM_UNKNOWN in smb_krb5_get_realm_from_hostname()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:gensec_gssapi: fix CID 1409781: Possible Control flow issues (DEADCODE)
Stefan Metzmacher [Tue, 23 May 2017 13:05:25 +0000 (15:05 +0200)]
s4:gensec_gssapi: fix CID 1409781: Possible Control flow issues (DEADCODE)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoselftest: Also wait for winbindd to start
Andrew Bartlett [Thu, 15 Jun 2017 04:20:11 +0000 (16:20 +1200)]
selftest: Also wait for winbindd to start

This ensures that the posixacl.py test does not race against winbindd starting up and so
give wrong mappings

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12843

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agoselftest: Correctly print message when nbt is not up in 20 seconds
Andrew Bartlett [Thu, 15 Jun 2017 04:19:17 +0000 (16:19 +1200)]
selftest: Correctly print message when nbt is not up in 20 seconds

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12843

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agotevent_threads: Fix a rundown race introduced with 1828011317b
Volker Lendecke [Thu, 15 Jun 2017 09:48:24 +0000 (11:48 +0200)]
tevent_threads: Fix a rundown race introduced with 1828011317b

The race is easily reproduced by adding a poll(NULL,0,10) in between the two
pthread_mutex_unlock calls in _tevent_threaded_schedule_immediate.

Before 1828011317b, the main thread was signalled only after the helper
had already unlocked event_ctx_mutex.

Full explaination follows:
-----------------------------------------------------------------
Inside _tevent_threaded_schedule_immediate() we have:

476         ret = pthread_mutex_unlock(&ev->scheduled_mutex);
477         if (ret != 0) {
478                 abort();
479         }

HERE!!!!

481         ret = pthread_mutex_unlock(&tctx->event_ctx_mutex);
482         if (ret != 0) {
483                 abort();
484         }

At the HERE!!! point, what happens is tevent_common_threaded_activate_immediate(),
which is blocked on ev->scheduled_mutex, get released and does:

514         while (ev->scheduled_immediates != NULL) {
515                 struct tevent_immediate *im = ev->scheduled_immediates;
516                 DLIST_REMOVE(ev->scheduled_immediates, im);
517                 DLIST_ADD_END(ev->immediate_events, im);
518         }

- making an immediate event ready to be scheduled.

This then returns into epoll_event_loop_once(), which then calls:

910         if (ev->immediate_events &&
911             tevent_common_loop_immediate(ev)) {
912                 return 0;
913         }

which causes the immediate event to fire. This immediate
event is the pthread job terminate event, which was previously
set up in pthreadpool_tevent_job_signal() by:

198         if (state->tctx != NULL) {
199                 /* with HAVE_PTHREAD */
200                 tevent_threaded_schedule_immediate(state->tctx, state->im,
201                                                    pthreadpool_tevent_job_done,
202                                                    state);

So we now call pthreadpool_tevent_job_done() - which does:

225         TALLOC_FREE(state->tctx);

calling tevent_threaded_context_destructor():

384         ret = pthread_mutex_destroy(&tctx->event_ctx_mutex); <---------------- BOOM returns an error !
385         if (ret != 0) {
386                 abort();
387         }

as we haven't gotten to line 481 above (the line after
HERE!!!!) so the tctx->event_ctx_mutex is still
locked when we try to destroy it.

So doing an additional:

        ret = pthread_mutex_lock(&tctx->event_ctx_mutex);
        ret = pthread_mutex_unlock(&tctx->event_ctx_mutex);

(error checking elided) forces tevent_threaded_context_destructor()
to wait until tctx->event_ctx_mutex is unlocked before it locks/unlocks
and then is guaranteed safe to destroy.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agodsdb: Remember the last ACL we read during a search and what it expanded to
Andrew Bartlett [Tue, 13 Jun 2017 03:23:14 +0000 (15:23 +1200)]
dsdb: Remember the last ACL we read during a search and what it expanded to

It may well be the same as the next one we need to check, so we can
avoid parsing it again.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 16 07:39:24 CEST 2017 on sn-devel-144

2 years agodsdb: Cache the result of checking the parent ACL
Andrew Bartlett [Tue, 13 Jun 2017 02:26:49 +0000 (14:26 +1200)]
dsdb: Cache the result of checking the parent ACL

This should help a lot for large one-level searches and for subtree searches that are of
flat tree structures

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agoWHATSNEW: change the default for "map untrusted to domain" to "auto"
Stefan Metzmacher [Fri, 7 Apr 2017 09:22:25 +0000 (11:22 +0200)]
WHATSNEW: change the default for "map untrusted to domain" to "auto"

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agodocs-xml: change the default for "map untrusted to domain" to "auto"
Stefan Metzmacher [Wed, 22 Mar 2017 11:11:26 +0000 (12:11 +0100)]
docs-xml: change the default for "map untrusted to domain" to "auto"

This makes the behaviour much more robust, particularly with forest child
domains over one-way forest trusts.

Sadly we don't support this kind of setup with our current ADDC, so
there's no way to have automated tests for this behaviour, but
at least we know it doesn't break any existing tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agodocs-xml: document "map untrusted to domain = auto"
Stefan Metzmacher [Wed, 22 Mar 2017 11:11:26 +0000 (12:11 +0100)]
docs-xml: document "map untrusted to domain = auto"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agodocs-xml: improve documentation of "map untrusted to domain"
Stefan Metzmacher [Sat, 10 Jun 2017 11:30:44 +0000 (13:30 +0200)]
docs-xml: improve documentation of "map untrusted to domain"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth3: prepare the logic for "map untrusted to domain = auto"
Stefan Metzmacher [Wed, 22 Mar 2017 11:08:20 +0000 (12:08 +0100)]
auth3: prepare the logic for "map untrusted to domain = auto"

This implements the same behavior as Windows,
we should pass the domain and account names given
by the client directly to the auth backends,
they can decide if they are able to process the
authentication pass it to the next backend.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth3: call is_trusted_domain() as the last condition make_user_info_map()
Stefan Metzmacher [Thu, 16 Mar 2017 14:09:26 +0000 (15:09 +0100)]
auth3: call is_trusted_domain() as the last condition make_user_info_map()

We should avoid contacting winbind if we already know the domain is our
local sam or our primary domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agogitignore: ignore .gpg-* generated files (for ubuntu 16.04)
Douglas Bagnall [Wed, 14 Jun 2017 22:53:03 +0000 (10:53 +1200)]
gitignore: ignore .gpg-* generated files (for ubuntu 16.04)

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 15 21:40:08 CEST 2017 on sn-devel-144

2 years agorepl_meta_data: single valued error codes depend on change type
Douglas Bagnall [Wed, 7 Jun 2017 05:45:15 +0000 (17:45 +1200)]
repl_meta_data: single valued error codes depend on change type

A replace leads to CONSTRAINT_VIOLATION while an add causes
ATTRIBUTE_OR_VALUE_EXISTS. For this we need to check the mod type
before the replmd_modify_la_* calls because they change everything
into a replace.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: special-case member return value in replmd_add_fix_la()
Douglas Bagnall [Wed, 31 May 2017 05:40:05 +0000 (17:40 +1200)]
replmd: special-case member return value in replmd_add_fix_la()

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: check duplicate linked attributes
Douglas Bagnall [Wed, 31 May 2017 03:22:45 +0000 (15:22 +1200)]
replmd: check duplicate linked attributes

This is simple enough because we already have the sorted list.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoreplmd: check single values in replmd_add_fix_la
Garming Sam [Fri, 26 May 2017 03:17:21 +0000 (15:17 +1200)]
replmd: check single values in replmd_add_fix_la

repl_meta_data knows whether linked attributes are appropriately
[un-]duplicated, and this is how it tells ldb_tdb that.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoldb: 1.1.31 ldb-1.1.31
Douglas Bagnall [Wed, 14 Jun 2017 23:34:20 +0000 (11:34 +1200)]
ldb: 1.1.31

* Add efficient function to find duplicate values in ldb messages
  (this makes large multi-valued attributes in ldb_tdb more efficient)

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agoldb: relatively efficient functions for finding duplicate values
Douglas Bagnall [Wed, 14 Jun 2017 23:30:33 +0000 (11:30 +1200)]
ldb: relatively efficient functions for finding duplicate values

ldb backends need to make sure they are not adding duplicate values to
multi-valued attributes in ADD and MODIFY operations. Until now they
have done this inefficiently using nested loops. Here we add common
functions that deal with large numbers of values in O(n log n) time,
but continue to use the simple methods for small numbers of values.

These functions take a struct ldb_context pointer and an options flag
arguments, although the ldb is not used, and only one bit of the
options has meaning. This is to allow further patches to switch on
schema-aware comparisons.

This entails an ABI jump to add the two new functions.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agodsdb/tests/ldap: test single valued linked attributes
Douglas Bagnall [Thu, 1 Jun 2017 00:20:15 +0000 (12:20 +1200)]
dsdb/tests/ldap: test single valued linked attributes

This fails, so we add it to selftest/knownfail.d/

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4/linked_attribute tests: test duplicate values
Douglas Bagnall [Wed, 31 May 2017 05:42:01 +0000 (17:42 +1200)]
s4/linked_attribute tests: test duplicate values

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agodsdb/tests/ldap: multivalued attributes
Douglas Bagnall [Fri, 26 May 2017 03:41:34 +0000 (15:41 +1200)]
dsdb/tests/ldap: multivalued attributes

Various return codes tested against Windows 2012r2.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopython/test: delete_force() passes on command line args
Douglas Bagnall [Wed, 7 Jun 2017 05:44:25 +0000 (17:44 +1200)]
python/test: delete_force() passes on command line args

This allows you to use e.g.:

     delete_force(self.ldb, ou, controls=['tree_delete:1'])

Only in tests of course.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoldb.h whitespace
Douglas Bagnall [Tue, 6 Jun 2017 23:29:23 +0000 (11:29 +1200)]
ldb.h whitespace

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoldb tests/ldb_mod_op_test: don't double include cmocka.h
Douglas Bagnall [Fri, 19 May 2017 00:03:37 +0000 (12:03 +1200)]
ldb tests/ldb_mod_op_test: don't double include cmocka.h

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoldb: fix a typo
Douglas Bagnall [Fri, 19 May 2017 04:09:20 +0000 (16:09 +1200)]
ldb: fix a typo

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoldb: fix whitespace in ldb_msg.c
Douglas Bagnall [Wed, 17 May 2017 00:00:55 +0000 (12:00 +1200)]
ldb: fix whitespace in ldb_msg.c

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agolibcli:smb2: Gracefully handle not supported for FSCTL_VALIDATE_NEGOTIATE_INFO
Andreas Schneider [Tue, 30 May 2017 14:30:33 +0000 (16:30 +0200)]
libcli:smb2: Gracefully handle not supported for FSCTL_VALIDATE_NEGOTIATE_INFO

If FSCTL_VALIDATE_NEGOTIATE_INFO is not implemented, e.g. in a SMB2 only
server then gracefully handle NT_STATUS_NOT_SUPPORTED too.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12808

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jun 15 17:32:45 CEST 2017 on sn-devel-144

2 years agog_lock: open with LOCK_ORDER_3
Volker Lendecke [Wed, 14 Jun 2017 11:57:56 +0000 (13:57 +0200)]
g_lock: open with LOCK_ORDER_3

xattr_tdb needs g_lock in a clustered environment. Nobody else
uses LOCK_ORDER_3 at this moment, so this looks safe.

The last one to use this was dbwrap_watch.tdb, and that's gone. The only
other one was notify_index.tdb, and that's gone too.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agosmbd: Claim version in g_lock
Volker Lendecke [Mon, 22 May 2017 14:00:08 +0000 (16:00 +0200)]
smbd: Claim version in g_lock

Protect smbd against version incompatibilities in a cluster.

At first startup smbd locks "samba_version_string" and writes its version
string. It then downgrades the lock to a read lock. Subsequent smbds check
against the version string and also keep the read lock around. If the version
does not match, we try to write our own version. But as there's a read lock,
the lock upgrade to write lock will fail due the read lock being around. So as
long as there's one smbd with this read lock, no other version of smbd will be
able to start.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agotorture3: Test heuristic cleanup
Volker Lendecke [Thu, 25 May 2017 08:48:15 +0000 (10:48 +0200)]
torture3: Test heuristic cleanup

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agog_lock: Heuristically check for server existence
Volker Lendecke [Mon, 22 May 2017 15:05:57 +0000 (17:05 +0200)]
g_lock: Heuristically check for server existence

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agotorture3: Test lock conflict and cleanup
Volker Lendecke [Sun, 21 May 2017 06:56:01 +0000 (08:56 +0200)]
torture3: Test lock conflict and cleanup

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agotorture3: Test lock upgrade/downgrade
Volker Lendecke [Fri, 19 May 2017 15:02:08 +0000 (17:02 +0200)]
torture3: Test lock upgrade/downgrade

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agog_lock: Allow lock upgrade/downgrade
Volker Lendecke [Fri, 19 May 2017 14:57:00 +0000 (16:57 +0200)]
g_lock: Allow lock upgrade/downgrade

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agotorture3: Test g_lock_write_data
Volker Lendecke [Fri, 19 May 2017 14:59:06 +0000 (16:59 +0200)]
torture3: Test g_lock_write_data

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agog_lock: Make g_lock_dump return a complete list of locks
Volker Lendecke [Thu, 18 May 2017 13:27:46 +0000 (15:27 +0200)]
g_lock: Make g_lock_dump return a complete list of locks

To be honest, it did not really make sense to just pass in
lock holders individually. You could argue that it made sense
with in reality only G_LOCK_WRITE around, but soon we will have
G_LOCK_READ and thus multiple lock holders on a single lock.

Now that we also have userdata, change the g_lock_dump API

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agog_lock: Add g_lock_write_data
Volker Lendecke [Tue, 23 May 2017 10:32:24 +0000 (12:32 +0200)]
g_lock: Add g_lock_write_data

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agog_lock: Make g_lock_record_store also store userdata
Volker Lendecke [Thu, 18 May 2017 14:22:15 +0000 (16:22 +0200)]
g_lock: Make g_lock_record_store also store userdata

Sequel to the previous commit changing the get/put routines for
the on-disk format

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agog_lock: Reformat to allow userdata
Volker Lendecke [Thu, 18 May 2017 11:59:20 +0000 (13:59 +0200)]
g_lock: Reformat to allow userdata

The next patches will make g_locks carry data. This
prepares the on-disk format.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agog_lock: Move parsing routines together
Volker Lendecke [Thu, 18 May 2017 08:37:30 +0000 (10:37 +0200)]
g_lock: Move parsing routines together

No code change, just shuffling around:

Before this patchset, g_lock_parse was somewhere in the middle. This carries no
real logic, put it on top.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agog_lock: unparse->put
Volker Lendecke [Wed, 17 May 2017 14:53:14 +0000 (16:53 +0200)]
g_lock: unparse->put

Make it more in line with server_id_get/put

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agog_lock: parse->get
Volker Lendecke [Wed, 17 May 2017 14:53:14 +0000 (16:53 +0200)]
g_lock: parse->get

Make it more in line with server_id_get/put

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agog_lock: Remove a pointless "else"
Volker Lendecke [Wed, 17 May 2017 14:43:01 +0000 (16:43 +0200)]
g_lock: Remove a pointless "else"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agog_lock: Remove unused g_lock_get
Volker Lendecke [Wed, 17 May 2017 14:40:45 +0000 (16:40 +0200)]
g_lock: Remove unused g_lock_get

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agog_lock: Make it endian-neutral
Volker Lendecke [Wed, 17 May 2017 03:52:56 +0000 (05:52 +0200)]
g_lock: Make it endian-neutral

Add explicit parsing

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agog_lock: More correct error msg
Volker Lendecke [Wed, 17 May 2017 03:54:36 +0000 (05:54 +0200)]
g_lock: More correct error msg

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agotorture3: Initial test g_lock
Volker Lendecke [Tue, 16 May 2017 13:05:49 +0000 (15:05 +0200)]
torture3: Initial test g_lock

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agog_lock: Fix two typos
Volker Lendecke [Wed, 24 May 2017 11:27:18 +0000 (13:27 +0200)]
g_lock: Fix two typos

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos4:ldap_server: implement async BindSASL
Stefan Metzmacher [Fri, 12 May 2017 11:15:27 +0000 (13:15 +0200)]
s4:ldap_server: implement async BindSASL

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 15 13:18:47 CEST 2017 on sn-devel-144

2 years agos4:ldap_server: set result = LDAP_SUCCESS at the end, when we're really done
Stefan Metzmacher [Fri, 12 May 2017 10:41:13 +0000 (12:41 +0200)]
s4:ldap_server: set result = LDAP_SUCCESS at the end, when we're really done

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:ldap_server: avoid using talloc_reference()
Stefan Metzmacher [Fri, 12 May 2017 10:38:59 +0000 (12:38 +0200)]
s4:ldap_server: avoid using talloc_reference()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:ldap_server: remove useless NT_STATUS_IS_OK(status) check
Stefan Metzmacher [Fri, 12 May 2017 10:31:25 +0000 (12:31 +0200)]
s4:ldap_server: remove useless NT_STATUS_IS_OK(status) check

We checked a few lines above already, check with:
git show -U10

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:ldap_server: remove useless indentation level arround ldapsrv_backend_Init()
Stefan Metzmacher [Fri, 12 May 2017 10:27:26 +0000 (12:27 +0200)]
s4:ldap_server: remove useless indentation level arround ldapsrv_backend_Init()

Check with git show -w

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:ldap_server: remove useless indentation level arround gensec_session_info()
Stefan Metzmacher [Fri, 12 May 2017 10:27:26 +0000 (12:27 +0200)]
s4:ldap_server: remove useless indentation level arround gensec_session_info()

Check with git show -w

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:ldap_server: make the gensec_create_tstream() error checking more clear
Stefan Metzmacher [Fri, 12 May 2017 10:26:12 +0000 (12:26 +0200)]
s4:ldap_server: make the gensec_create_tstream() error checking more clear

Check with 'git show -w'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:ldap_server: only touch conn->session_info on success in ldapsrv_BindSASL()
Stefan Metzmacher [Tue, 13 Jun 2017 13:28:53 +0000 (15:28 +0200)]
s4:ldap_server: only touch conn->session_info on success in ldapsrv_BindSASL()

The old conn->session_info (as well as conn->ldb) should only be changed
after a successful Bind().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:ldap_server: terminate the connection if talloc_reference fails
Stefan Metzmacher [Fri, 12 May 2017 10:09:38 +0000 (12:09 +0200)]
s4:ldap_server: terminate the connection if talloc_reference fails

talloc_reference will be removed completely in the next commits...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:ldap_server: remove pointless (result != LDAP_SUCCESS) check
Stefan Metzmacher [Fri, 12 May 2017 10:07:31 +0000 (12:07 +0200)]
s4:ldap_server: remove pointless (result != LDAP_SUCCESS) check

We set result = LDAP_SUCCESS above and have goto do_reply;
in all cases where we overwrite 'result'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:ldap_server: do the transport validation before calling gensec_create_tstream()
Stefan Metzmacher [Fri, 12 May 2017 10:04:59 +0000 (12:04 +0200)]
s4:ldap_server: do the transport validation before calling gensec_create_tstream()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>