sfrench/samba-autobuild/.git
5 years agolib: Fix CID 1272913 Calling risky function
Volker Lendecke [Tue, 23 Jun 2015 08:02:17 +0000 (10:02 +0200)]
lib: Fix CID 1272913 Calling risky function

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agolib: Make genrand independent
Volker Lendecke [Tue, 23 Jun 2015 07:56:55 +0000 (09:56 +0200)]
lib: Make genrand independent

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agolib: Make time-basic a library
Volker Lendecke [Tue, 23 Jun 2015 08:40:33 +0000 (10:40 +0200)]
lib: Make time-basic a library

The next commit will make genrand depend on time-basic. Without this, we would
link in time-basic twice, from samba-debug and from genrand.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agolib: Fix deps for LIBCRYPTO
Volker Lendecke [Tue, 23 Jun 2015 07:53:15 +0000 (09:53 +0200)]
lib: Fix deps for LIBCRYPTO

LIBCRYPTO itself does not depend on talloc

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agolib: Simplify arcfour_crypt
Volker Lendecke [Tue, 23 Jun 2015 07:52:49 +0000 (09:52 +0200)]
lib: Simplify arcfour_crypt

We don't need a dependency on data_blob in crypto

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agolib: Streamline genrand.c includes
Volker Lendecke [Tue, 23 Jun 2015 07:28:28 +0000 (09:28 +0200)]
lib: Streamline genrand.c includes

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agolib: Fix whitespace
Volker Lendecke [Tue, 23 Jun 2015 07:05:56 +0000 (09:05 +0200)]
lib: Fix whitespace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agolib: Strip genrand.c a bit
Volker Lendecke [Tue, 23 Jun 2015 07:02:46 +0000 (09:02 +0200)]
lib: Strip genrand.c a bit

This moves for example password complexity checks out of the core random
number generator

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agos3:ntlm_auth: don't start gensec backend twice
Stefan Metzmacher [Sat, 20 Jun 2015 14:54:33 +0000 (16:54 +0200)]
s3:ntlm_auth: don't start gensec backend twice

ntlm_auth_start_ntlmssp_server() was used in two cases
and both call gensec_start_mech_by_oid() again.
So we remove gensec_start_mech_by_oid() and rename the function
to ntlm_auth_prepare_gensec_server.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agoauth/gensec: remove unused gensec_[un]wrap_packets() hooks
Stefan Metzmacher [Fri, 19 Jun 2015 10:47:10 +0000 (12:47 +0200)]
auth/gensec: remove unused gensec_[un]wrap_packets() hooks

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agos4:auth/gensec: remove unused gensec_socket_init()
Stefan Metzmacher [Fri, 19 Jun 2015 10:46:27 +0000 (12:46 +0200)]
s4:auth/gensec: remove unused gensec_socket_init()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agos4:auth/gensec: remove unused include of lib/socket/socket.h
Stefan Metzmacher [Fri, 19 Jun 2015 11:47:29 +0000 (13:47 +0200)]
s4:auth/gensec: remove unused include of lib/socket/socket.h

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agos4:auth/gensec: remove unused and untested cyrus_sasl module
Stefan Metzmacher [Fri, 19 Jun 2015 11:30:54 +0000 (13:30 +0200)]
s4:auth/gensec: remove unused and untested cyrus_sasl module

There's not a high chance that this module worked at all.

Requesting SASL_SSF in order to get the max input length
is completely broken.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agos4:libcli/ldap: conversion to tstream
Stefan Metzmacher [Fri, 19 Jun 2015 10:26:06 +0000 (12:26 +0200)]
s4:libcli/ldap: conversion to tstream

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agos4:lib/tls: ignore non-existing ca and crl files in tstream_tls_params_client()
Stefan Metzmacher [Fri, 19 Jun 2015 11:30:10 +0000 (13:30 +0200)]
s4:lib/tls: ignore non-existing ca and crl files in tstream_tls_params_client()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agos4:lib/tls: fix tstream_tls_connect_send() define
Stefan Metzmacher [Fri, 19 Jun 2015 10:26:55 +0000 (12:26 +0200)]
s4:lib/tls: fix tstream_tls_connect_send() define

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agos3:libads/sasl: use gensec_max_{input,wrapped}_size() in ads_sasl_spnego_ntlmssp_bind
Stefan Metzmacher [Thu, 18 Jun 2015 23:07:49 +0000 (01:07 +0200)]
s3:libads/sasl: use gensec_max_{input,wrapped}_size() in ads_sasl_spnego_ntlmssp_bind

gensec_sig_size() is for gensec_{sign,seal}_packet() instead of gensec_wrap().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agos4:gensec/gssapi: make calculation of gensec_gssapi_sig_size() for aes keys more...
Stefan Metzmacher [Thu, 18 Jun 2015 19:07:58 +0000 (21:07 +0200)]
s4:gensec/gssapi: make calculation of gensec_gssapi_sig_size() for aes keys more clear

This way the result matches what gss_wrap_iov_length() would return.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agos4:gensec/gssapi: use gensec_gssapi_max_{input,wrapped}_size() for all backends
Stefan Metzmacher [Thu, 18 Jun 2015 21:18:58 +0000 (23:18 +0200)]
s4:gensec/gssapi: use gensec_gssapi_max_{input,wrapped}_size() for all backends

This avoids calls to gensec_gssapi_sig_size() as fallback in
gensec_max_input_size().

gensec_gssapi_sig_size() needs to report the sig size
gensec_{sign,seal}_packet(), which could be different to the
overhead produced by gensec_wrap().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agos4:selftest: also run rpc.winreg with kerberos and all possible auth options
Stefan Metzmacher [Tue, 23 Jun 2015 08:27:27 +0000 (10:27 +0200)]
s4:selftest: also run rpc.winreg with kerberos and all possible auth options

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jun 23 17:31:08 CEST 2015 on sn-devel-104

5 years agos4:selftest: run rpc.echo tests also with krb5 krb5,sign krb5,seal
Stefan Metzmacher [Thu, 18 Jun 2015 22:35:29 +0000 (00:35 +0200)]
s4:selftest: run rpc.echo tests also with krb5 krb5,sign krb5,seal

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:rpc_server: fix padding caclucation in dcesrv_auth_response()
Stefan Metzmacher [Sat, 20 Jun 2015 15:49:02 +0000 (17:49 +0200)]
s4:rpc_server: fix padding caclucation in dcesrv_auth_response()

This is simplified by using DCERPC_AUTH_PAD_LENGTH() and changes the behaviour
so that we will use no padding if the stub_length is already aligned
to DCERPC_AUTH_PAD_ALIGNMENT (16 bytes).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos4:rpc_server: let dcesrv_auth_response() handle sig_size == 0 with auth_info as...
Stefan Metzmacher [Sat, 20 Jun 2015 15:47:14 +0000 (17:47 +0200)]
s4:rpc_server: let dcesrv_auth_response() handle sig_size == 0 with auth_info as error

Don't send plaintext on the wire because of an internal error...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos4:rpc_server: let dcesrv_reply() use a sig_size for a padded payload
Stefan Metzmacher [Fri, 19 Jun 2015 20:35:44 +0000 (22:35 +0200)]
s4:rpc_server: let dcesrv_reply() use a sig_size for a padded payload

The sig_size could differ depending on the aligment/padding.
So should use the same alignment as we use for the payload.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos4:rpc_server: let dcesrv_reply() use DCERPC_AUTH_PAD_ALIGNMENT define
Stefan Metzmacher [Fri, 19 Jun 2015 20:35:44 +0000 (22:35 +0200)]
s4:rpc_server: let dcesrv_reply() use DCERPC_AUTH_PAD_ALIGNMENT define

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos4:librpc/rpc: fix padding caclucation in ncacn_push_request_sign()
Stefan Metzmacher [Sat, 20 Jun 2015 15:49:02 +0000 (17:49 +0200)]
s4:librpc/rpc: fix padding caclucation in ncacn_push_request_sign()

This is simplified by using DCERPC_AUTH_PAD_LENGTH() and changes the behaviour
so that we will use no padding if the stub_length is already aligned
to DCERPC_AUTH_PAD_ALIGNMENT (16 bytes).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos4:librpc/rpc: let ncacn_push_request_sign() handle sig_size == 0 with auth_info...
Stefan Metzmacher [Sat, 20 Jun 2015 15:47:14 +0000 (17:47 +0200)]
s4:librpc/rpc: let ncacn_push_request_sign() handle sig_size == 0 with auth_info as internal error

Don't send plaintext on the wire because of an internal error...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos4:librpc/rpc: let dcerpc_ship_next_request() use a sig_size for a padded payload
Stefan Metzmacher [Fri, 19 Jun 2015 20:35:44 +0000 (22:35 +0200)]
s4:librpc/rpc: let dcerpc_ship_next_request() use a sig_size for a padded payload

The sig_size could differ depending on the aligment/padding.
So should use the same alignment as we use for the payload.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos4:librpc/rpc: let dcerpc_ship_next_request() use DCERPC_AUTH_PAD_ALIGNMENT define
Stefan Metzmacher [Fri, 19 Jun 2015 20:35:44 +0000 (22:35 +0200)]
s4:librpc/rpc: let dcerpc_ship_next_request() use DCERPC_AUTH_PAD_ALIGNMENT define

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:include: remove used unused {CLIENT,SERVER}_NDR_PADDING_SIZE
Stefan Metzmacher [Fri, 19 Jun 2015 20:23:01 +0000 (22:23 +0200)]
s3:include: remove used unused {CLIENT,SERVER}_NDR_PADDING_SIZE

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpc_server: remove pad handling from api_pipe_alter_context()
Stefan Metzmacher [Fri, 19 Jun 2015 20:09:57 +0000 (22:09 +0200)]
s3:rpc_server: remove pad handling from api_pipe_alter_context()

This is not needed and windows doesn't use it.
The padding is for the payload in request and response.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:librpc/rpc: fix padding calculation in dcerpc_guess_sizes()
Stefan Metzmacher [Fri, 19 Jun 2015 13:52:11 +0000 (15:52 +0200)]
s3:librpc/rpc: fix padding calculation in dcerpc_guess_sizes()

The padding needs to be relative to the payload start not to the pdu start.
We also need align the padding to DCERPC_AUTH_PAD_ALIGNMENT (16 bytes).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:librpc/rpc: allow up to DCERPC_AUTH_PAD_ALIGNMENT padding bytes in dcerpc_add_auth...
Stefan Metzmacher [Fri, 19 Jun 2015 14:55:39 +0000 (16:55 +0200)]
s3:librpc/rpc: allow up to DCERPC_AUTH_PAD_ALIGNMENT padding bytes in dcerpc_add_auth_footer()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agolibrpc/rpc: add DCERPC_AUTH_PAD_LENGTH(stub_length) helper macro
Stefan Metzmacher [Sat, 20 Jun 2015 15:43:47 +0000 (17:43 +0200)]
librpc/rpc: add DCERPC_AUTH_PAD_LENGTH(stub_length) helper macro

This calculates the required padding DCERPC_AUTH_PAD_ALIGNMENT
and the stub_length.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agodcerpc.idl: add DCERPC_AUTH_PAD_ALIGNMENT (=16)
Stefan Metzmacher [Fri, 19 Jun 2015 14:48:48 +0000 (16:48 +0200)]
dcerpc.idl: add DCERPC_AUTH_PAD_ALIGNMENT (=16)

Windows pads the payload aligned to 16 bytes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agoauth/gensec: make sure gensec_start_mech_by_authtype() resets SIGN/SEAL before starting
Stefan Metzmacher [Sat, 20 Jun 2015 14:19:31 +0000 (16:19 +0200)]
auth/gensec: make sure gensec_start_mech_by_authtype() resets SIGN/SEAL before starting

We want to set GENSEC_FEATURE_SIGN and GENSEC_FEATURE_SEAL based on the given
auth_level and should not have GENSEC_FEATURE_SEAL if
DCERPC_AUTH_LEVEL_INTEGRITY is desired.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agoauth/gensec: gensec_[un]seal_packet() should only work with GENSEC_FEATURE_DCE_STYLE
Stefan Metzmacher [Fri, 19 Jun 2015 12:46:53 +0000 (14:46 +0200)]
auth/gensec: gensec_[un]seal_packet() should only work with GENSEC_FEATURE_DCE_STYLE

gensec_sig_size() also requires GENSEC_FEATURE_DCE_STYLE if
GENSEC_FEATURE_SEAL is negotiated.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agoauth/credentials: use HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X instead of SAMBA4_USES_HEIMDAL
Stefan Metzmacher [Mon, 22 Jun 2015 13:17:33 +0000 (15:17 +0200)]
auth/credentials: use HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X instead of SAMBA4_USES_HEIMDAL

Newer MIT versions also have this.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
5 years agos4:heimdal_build: define HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
Stefan Metzmacher [Mon, 22 Jun 2015 13:17:10 +0000 (15:17 +0200)]
s4:heimdal_build: define HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
5 years agos4:torture:vfs_fruit: copyfile
Ralph Boehme [Wed, 10 Jun 2015 13:30:04 +0000 (15:30 +0200)]
s4:torture:vfs_fruit: copyfile

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11317

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jun 23 14:37:05 CEST 2015 on sn-devel-104

5 years agovfs:fruit: implement copyfile style copy_chunk
Ralph Boehme [Wed, 22 Apr 2015 20:29:16 +0000 (22:29 +0200)]
vfs:fruit: implement copyfile style copy_chunk

Implement Apple's special copy_chunk ioctl that requests a copy of the
whole file along with all attached metadata.

These copy_chunk requests have a chunk count of 0 that we translate to a
copy_chunk_send VFS call overloading the parameters src_off = dest_off =
num = 0.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11317

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agosmb2:ioctl: support for OS X AAPL copyfile style copy_chunk
Ralph Boehme [Wed, 22 Apr 2015 20:29:16 +0000 (22:29 +0200)]
smb2:ioctl: support for OS X AAPL copyfile style copy_chunk

Apple's special copy_chunk ioctl that requests a copy of the whole file
along with all attached metadata.

These copy_chunk requests have a chunk count of 0 that we translate to a
copy_chunk_send VFS call overloading the parameters src_off = dest_off =
num = 0.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11317

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agos3:util: use pread/pwrite in transfer_file
Ralph Boehme [Mon, 27 Apr 2015 10:16:16 +0000 (12:16 +0200)]
s3:util: use pread/pwrite in transfer_file

read/write aren't overloaded in the streams VFS modules, using
pread/pwrite instead this makes it possible to use transfer_file() with
named streams.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11317

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agosmbd/smb2_ioctl: fix error handling
Ralph Boehme [Tue, 9 Jun 2015 15:47:31 +0000 (17:47 +0200)]
smbd/smb2_ioctl: fix error handling

tevent_req_nterror must be called directly as the last step before
returning with tevent_req_post.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agovfs_fruit: simplify lp_parm_bool check
Ralph Boehme [Mon, 15 Jun 2015 16:31:23 +0000 (18:31 +0200)]
vfs_fruit: simplify lp_parm_bool check

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agoreplace: Replace BSD strtoll by wrapping strtoll instead of strtoq
Felix Janda [Sun, 21 Jun 2015 10:03:56 +0000 (12:03 +0200)]
replace: Replace BSD strtoll by wrapping strtoll instead of strtoq

When it is detected that strtoll returns EINVAL not only in the case
that the base is not supported, HAVE_BSD_STRTOLL is declared and
strtoll is replaced. The current replacement code wraps strtoq in
order to replace strtoll and errors out when strtoq is missing.

In order to remove this possible error path, we can use strtoll instead
of strtoq since the code is only used when it is known that strtoll exists.

The fixes a compilation problem on linux systems using musl libc, which
has a BSD-like strtoll but no strtoq.

Signed-off-by: Felix Janda <felix.janda@posteo.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jun 22 12:49:10 CEST 2015 on sn-devel-104

5 years agolib/sysquota_linux: Handle the quota flags properly
Anoop C S [Fri, 19 Jun 2015 06:23:23 +0000 (11:53 +0530)]
lib/sysquota_linux: Handle the quota flags properly

sys_set_vfs_quota() expects the quota flags i.e, qflags
to be updated in the dp structure for which the routines
sys_get_linux_gen_quota(), sys_get_linux_v2_quota() and
sys_get_linux_v1_quota() failed to do so in their
respective definitions. Th error was uncovered by
compiler warnings [-Wunused-but-set-variable] displayed
for qflags variables in the above mentioned functions
and this patch fixes the same.

Signed-off-by: Anoop C S <achiraya@redhat.com>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sat Jun 20 03:11:19 CEST 2015 on sn-devel-104

5 years agorpc: Simplify dcerpc_binding_handle_raw_call()
Volker Lendecke [Sat, 14 Feb 2015 15:30:33 +0000 (16:30 +0100)]
rpc: Simplify dcerpc_binding_handle_raw_call()

Align it with dcerpc_binding_handle_call()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Autobuild-User(master): José A. Rivera <jarrpa@samba.org>
Autobuild-Date(master): Fri Jun 19 20:17:24 CEST 2015 on sn-devel-104

5 years agowafsamba: Also build libraries with RELRO protection
Andreas Schneider [Fri, 19 Jun 2015 07:28:32 +0000 (09:28 +0200)]
wafsamba: Also build libraries with RELRO protection

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11346

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 19 12:51:48 CEST 2015 on sn-devel-104

5 years agoFix a typo
Volker Lendecke [Fri, 12 Jun 2015 09:03:21 +0000 (09:03 +0000)]
Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jun 19 01:05:17 CEST 2015 on sn-devel-104

5 years agos3: smbd: Codenomicon crash in do_smb_load_module().
Jeremy Allison [Thu, 18 Jun 2015 17:21:07 +0000 (10:21 -0700)]
s3: smbd: Codenomicon crash in do_smb_load_module().

Inside api_pipe_bind_req() we look for a pipe module name using

dcerpc_default_transport_endpoint(pkt,
                                NCACN_NP, table)

which returns NULL when given invalid pkt data from the Codenomicon fuzzer.

This gets passed directly to smb_probe_module(), which then calls
do_smb_load_module() which tries to deref the (NULL) module name.

https://bugzilla.samba.org/show_bug.cgi?id=11342

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 18 22:14:01 CEST 2015 on sn-devel-104

5 years agodcerpc: NULL pointer deref crash in handling rpc request.
Jeremy Allison [Thu, 18 Jun 2015 16:57:42 +0000 (09:57 -0700)]
dcerpc: NULL pointer deref crash in handling rpc request.

source4/rpc_server/dcerpc_server.c:dcesrv_request() calls gensec_have_feature().

Codenomicon found a code path that allows the client to send a
request that calls into this function without ever having set
up security. So call->conn->auth_state.gensec_security exists
(gensec has been initialized when the RPC pipe is set up)
but call->conn->auth_state.gensec_security->ops has not been
initialized. We dereference the NULL pointer and crash.

An alternate way to fix this would be to create a new
public bool gensec_initialized(() function and call that
inside dcesrv_request() instead of doing a null
check on call->conn->auth_state.gensec_security,
but that's a more invasive fix we can add later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11341

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
5 years agoselftest: Add blackbox test for srvsvc calls from rpcclient
Christof Schmitt [Fri, 12 Jun 2015 20:52:37 +0000 (13:52 -0700)]
selftest: Add blackbox test for srvsvc calls from rpcclient

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jun 18 19:18:31 CEST 2015 on sn-devel-104

5 years agoselftest: Add callout scripts for RPC SRVSVC share modifications
Christof Schmitt [Fri, 12 Jun 2015 15:37:30 +0000 (08:37 -0700)]
selftest: Add callout scripts for RPC SRVSVC share modifications

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
5 years agosamba-tool: make 'samba-tool fsmo *' aware of all 7 fsmo roles
Rowland Penny [Fri, 5 Jun 2015 18:31:38 +0000 (19:31 +0100)]
samba-tool: make 'samba-tool fsmo *' aware of all 7 fsmo roles

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10734

Signed-off-by: Rowland Penny <repenny241155@gmail.com>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Autobuild-User(master): José A. Rivera <jarrpa@samba.org>
Autobuild-Date(master): Thu Jun 18 10:24:48 CEST 2015 on sn-devel-104

5 years agos3: smbd - Fix SMB3.11 protocol encryption selection.
Jeremy Allison [Wed, 17 Jun 2015 22:50:31 +0000 (15:50 -0700)]
s3: smbd - Fix SMB3.11 protocol encryption selection.

Selecting encryption in 3.11 depends on the negprot contexts being present.
Setting SMB2_CAP_ENCRYPTION from the 3.11 client is optional. The absence
of it should not remove the negprot context.

Found by the Microsoft testsuites at the Redmond plugfest.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Steve French <sfrench@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 18 04:09:04 CEST 2015 on sn-devel-104

5 years agoselftest: Change chgdcpass environment to use winbindd
Andrew Bartlett [Tue, 16 Jun 2015 23:59:49 +0000 (11:59 +1200)]
selftest: Change chgdcpass environment to use winbindd

This allows us to test that winbindd starts up without secrets.tdb, as happens after
a classicupgrade.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 18 00:59:54 CEST 2015 on sn-devel-104

5 years agowinbindd: Sync secrets.ldb into secrets.tdb on startup
Andrew Bartlett [Thu, 11 Jun 2015 23:57:07 +0000 (11:57 +1200)]
winbindd: Sync secrets.ldb into secrets.tdb on startup

This ensures that the domain SID and machine account password are written into
secrets.tdb if the secrets.tdb file was either never written or was deleted.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10991

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agowinbindd: Use pdb_get_domain_info() to get exactly the local domain info when we...
Andrew Bartlett [Thu, 11 Jun 2015 23:54:21 +0000 (11:54 +1200)]
winbindd: Use pdb_get_domain_info() to get exactly the local domain info when we are an AD DC

This also triggers pdb_samba_dsdb_init_secrets(), to force the
correct SID into secrets.tdb.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10991

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agoselftest: Run winbind tests in chgdcpass environment
Andrew Bartlett [Tue, 16 Jun 2015 23:10:15 +0000 (11:10 +1200)]
selftest: Run winbind tests in chgdcpass environment

This ensures that winbind both starts and operates without a secrets.tdb

(chgdcpass deliberatly removes the secrets.tdb file after provision, like has happend with classicupgrade).

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agosmbd: Fix clients connecting unencrypted with PROTOCOL_SMB2_24 or higher.
Jeremy Allison [Tue, 16 Jun 2015 22:50:30 +0000 (15:50 -0700)]
smbd: Fix clients connecting unencrypted with PROTOCOL_SMB2_24 or higher.

Nonce code was terminating connections where xconn->smb2.server.cipher == 0.

If no negotiated cipher (smb2.server.cipher is zero) set nonce_high_max to zero.
smb2_get_new_nonce() returns NT_STATUS_ENCRYPTION_FAILED if it is ever called with
session->nonce_high_max == 0.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11300

Signed-off-by: Jeremy Allison <jra@samba.org>
5 years agos3:smb2_setinfo: fix memory leak in the defer_rename case
Stefan Metzmacher [Mon, 15 Jun 2015 06:34:12 +0000 (08:34 +0200)]
s3:smb2_setinfo: fix memory leak in the defer_rename case

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11329

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
5 years agodocs-xml: Update sharesec manpage to reflect current output
Christof Schmitt [Tue, 9 Jun 2015 17:29:21 +0000 (10:29 -0700)]
docs-xml: Update sharesec manpage to reflect current output

Update the sharesec man page to reflect the output currently used, and
also add a note that the OWNER and GROUP fields are not used for share
ACLs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11324

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jun 17 13:36:23 CEST 2015 on sn-devel-104

5 years agoselftest: Add test for sharesec command
Christof Schmitt [Tue, 9 Jun 2015 17:28:17 +0000 (10:28 -0700)]
selftest: Add test for sharesec command

Add a test for the sharesec command to ensure that it works, and to also
verify that the output does not change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11324

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
5 years agosharesec: Use non-numerical output for sharesec
Christof Schmitt [Tue, 9 Jun 2015 16:50:18 +0000 (09:50 -0700)]
sharesec: Use non-numerical output for sharesec

This is an easy change to get the sharesec output back to the format
used before. It is also easier to understand than the output of the
flags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11324

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
5 years agoheimdal: fix endless loop for specific KDC error code
Uri Simchoni [Mon, 15 Jun 2015 19:33:28 +0000 (22:33 +0300)]
heimdal: fix endless loop for specific KDC error code

When sending a Kerberos request, if at least one of the available
KDCs repeatedly replies with an error response of
KRB5KDC_ERR_SVC_UNAVAILABLE, and all other KDCs, if there are any,
do not reply at all or cannot be contacted, then the code repeatedly
retries to send the request in an endless loop.

This is fixed in upstream (post 1.5 branch) heimdal but the code
there is vastly refactored, so this is an independent fix to the issue.

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 17 02:34:31 CEST 2015 on sn-devel-104

5 years agolib: Fix CID 1306765 Unchecked return value from library
Volker Lendecke [Tue, 16 Jun 2015 06:20:56 +0000 (06:20 +0000)]
lib: Fix CID 1306765 Unchecked return value from library

This one might be a bit controversial. I don't see from man fcntl how this
could fail. But if it does, we definitely do want to know about it. And here we
don't have any good way to tell our caller, so abort.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jun 16 19:22:52 CEST 2015 on sn-devel-104

5 years agolib: Fix CID 1306764 Unchecked return value
Volker Lendecke [Tue, 16 Jun 2015 06:12:47 +0000 (06:12 +0000)]
lib: Fix CID 1306764 Unchecked return value

tevent_req_oom exists right for this case :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
5 years agoGroup creation: Add msSFU30Name only when --nis-domain was given
Marc Muehlfeld [Thu, 11 Jun 2015 19:20:55 +0000 (21:20 +0200)]
Group creation: Add msSFU30Name only when --nis-domain was given

This fixes a bug, that all new created groups automatically get an
msSFU30Name attribute added. This should only be the case, when
we also have a nis-domain (samba-tool --nis-domain=...).

Bugreport: https://bugzilla.samba.org/show_bug.cgi?id=11315

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Tue Jun 16 11:58:02 CEST 2015 on sn-devel-104

5 years agolib: ldap: Properly check talloc error returns.
Jeremy Allison [Mon, 15 Jun 2015 22:49:07 +0000 (15:49 -0700)]
lib: ldap: Properly check talloc error returns.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 16 04:16:13 CEST 2015 on sn-devel-104

5 years agolibads: further split resolve_and_ping into dns and netbios implementations
Uri Simchoni [Thu, 11 Jun 2015 11:24:36 +0000 (14:24 +0300)]
libads: further split resolve_and_ping into dns and netbios implementations

split the resolve_and_ping function, which does name lookup followed by
cldap ping, into two variants:
- resolve_and_ping_dns() which uses AD name resolution
- resolve_and_ping_netbios() which uses pre-AD name resolution

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
5 years agolibads: Fix fallback logic when finding a domain controller
Uri Simchoni [Tue, 9 Jun 2015 11:30:14 +0000 (14:30 +0300)]
libads: Fix fallback logic when finding a domain controller

This is a patch to fix bug 11321.

When finding a domain controller, the method is to resolve
the IP address of candidate servers, and then do an ldap ping until a
suitable server answers.

In case of failure, there's fallback from DNS lookup to netbios lookup
(if netbios is enabled) and then back to site-less DNS lookup. The two
problems here are:
1. It makes more sense to try site-less DNS before NetBIOS because the
fallback to NetBIOS is not likely to give better results.
2. The NetBIOS fallback screws the site-less fallback (I suppose the
"goto considered harmful fellows are sometimes right after all...).

This fix extracts the core code that does name resolving+ldap ping
into a separate function and then activates this function in up to
three modes - site-aware, site-less, and netbios, in that order.

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
5 years agonamequery: remove dead code
Uri Simchoni [Mon, 8 Jun 2015 05:42:58 +0000 (08:42 +0300)]
namequery: remove dead code

When composing the list of servers out of the server affinity cache
and "password server" parameter, there's fallback to DNS-SRV-record-
based search if the "password server" + session affinity yield an empty
list. However:
1. The way the code is written, it never gets executed because the empty list
   is not an empty string (it contains a comma)
2. This fallback is doe in any case just a few lines down the function

Therefore this patch simply removes this fallback code.

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
5 years agolibads: Keep 'good' server at the head of custom KDC list
Uri Simchoni [Mon, 18 May 2015 10:36:46 +0000 (13:36 +0300)]
libads: Keep 'good' server at the head of custom KDC list

When creating a custom krb.conf file for a domain, make sure
that the DC which already answered the ldap ping is not queried
again, and is always first in the custom KDC list. This has two
advantages:
1. Avoid re-sending an ldap ping to this server
2. The generated list is made up of the servers that answered
   first. Since the DC which already answered an LDAP ping
   is typically the "last good server", this change keeps it
   out of the contest and guarantees that we keep using last
   good server as long as it works.

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
5 years agonamequery: correctly merge kdc ip address list
Uri Simchoni [Thu, 21 May 2015 07:38:42 +0000 (10:38 +0300)]
namequery: correctly merge kdc ip address list

When finding DCs, there are three sources of addresses:
1. "Last good server"
2. Configured password server
3. SRV DNS queries

Since those different sources may return the same addresses, the
IP list is checked for duplicates, e.g. in order to save on
the LDAP ping that usually follows. Both IP address and port are
compared.

This change fixes the address duplicate removal for the case of KDC
search, where the "last good server" or configured password server
also appears in the DNS SRV query response.

An (undocumented?) assumption is that the "password server" parameter
is applicable to KDCs as well, but if a port is specified (e.g.
dc1.example.com:390), then this is the ldap port.

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
5 years agokerberos: Move DEFAULT_KRB5_PORT to a header file
Uri Simchoni [Thu, 4 Jun 2015 19:10:55 +0000 (22:10 +0300)]
kerberos: Move DEFAULT_KRB5_PORT to a header file

Move the kerberos port number definition to a header file, so that
it can be used by DNS code.

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
5 years agonamequery: fix get_kdc_list() to look for _kerberos records
Uri Simchoni [Wed, 3 Jun 2015 10:50:25 +0000 (13:50 +0300)]
namequery: fix get_kdc_list() to look for _kerberos records

get_kdc_list() should look for _kerberos.xxx SRV records rather
than _ldap.xxx records. This has significance in two cases:
- Non-default DNS configurations
- When building a custom krb5.conf file for a domain, an attempt is
  made to get site-specific as well as site-less records, but the
  search for _ldap records yields a cached site-specific result even
  for the site-less query.

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
5 years agolibads: fix indentation in generated krb5.conf
Uri Simchoni [Thu, 21 May 2015 05:40:24 +0000 (08:40 +0300)]
libads: fix indentation in generated krb5.conf

In case of multiple KDCs, the automatically-generated
domain-specific kerberos configuration file lists all the
KDCs it can find, but the indentation of additional KDCs
is not aligned with that of the first KDC.

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
5 years agonet: Fix messaging_init for clustering
Volker Lendecke [Mon, 15 Jun 2015 12:14:43 +0000 (12:14 +0000)]
net: Fix messaging_init for clustering

A full loadparm with include=registry implicitly initializes a
messaging_context. We need to use that.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Jun 15 22:44:57 CEST 2015 on sn-devel-104

5 years agoctdbd_conn: Fix a leak on talloc_tos()
Volker Lendecke [Mon, 15 Jun 2015 14:47:50 +0000 (14:47 +0000)]
ctdbd_conn: Fix a leak on talloc_tos()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agosource/libsmb: Fix CID 1272955 Logically dead code
Anoop C S [Mon, 15 Jun 2015 09:33:19 +0000 (15:03 +0530)]
source/libsmb: Fix CID 1272955 Logically dead code

Signed-off-by: Anoop C S <achiraya@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agosource3/registry: Fix CID 1273100 Stray semicolon
Anoop C S [Mon, 15 Jun 2015 09:28:46 +0000 (14:58 +0530)]
source3/registry: Fix CID 1273100 Stray semicolon

Signed-off-by: Anoop C S <achiraya@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agosource3/registry: Fix CID 1273421 Useless call
Anoop C S [Mon, 15 Jun 2015 09:10:00 +0000 (14:40 +0530)]
source3/registry: Fix CID 1273421 Useless call

Signed-off-by: Anoop C S <achiraya@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agotdb: version 1.3.6 tdb-1.3.6
Stefan Metzmacher [Fri, 12 Jun 2015 07:10:39 +0000 (09:10 +0200)]
tdb: version 1.3.6

* Fix runtime detection for robust mutexes in the standalone build.
  bug #11326
* Possible fix for the build with robust mutexes on solaris 11
  bug #11319

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 12 19:55:34 CEST 2015 on sn-devel-104

5 years agolib/replace: remove unused HAVE_DECL_PTHREAD_{MUTEXATTR_SETROBUST,MUTEX_CONSISTENT...
Stefan Metzmacher [Fri, 12 Jun 2015 09:01:21 +0000 (11:01 +0200)]
lib/replace: remove unused HAVE_DECL_PTHREAD_{MUTEXATTR_SETROBUST,MUTEX_CONSISTENT}_NP checks

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11319

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agolib/replace: fix PTHREAD_MUTEX_ROBUST fallback to PTHREAD_MUTEX_ROBUST_NP on solaris 11
Stefan Metzmacher [Fri, 12 Jun 2015 09:01:21 +0000 (11:01 +0200)]
lib/replace: fix PTHREAD_MUTEX_ROBUST fallback to PTHREAD_MUTEX_ROBUST_NP on solaris 11

Without this we got the following defines in config.h:

   #define HAVE_DECL_PTHREAD_MUTEXATTR_SETROBUST_NP 1
   #define HAVE_DECL_PTHREAD_MUTEX_CONSISTENT_NP 1
   #define HAVE_PTHREAD_MUTEXATTR_SETROBUST 1
   #define HAVE_PTHREAD_MUTEX_CONSISTENT 1
   #define HAVE_ROBUST_MUTEXES 1
   #define USE_TDB_MUTEX_LOCKING 1

And the build failed with PTHREAD_MUTEX_ROBUST being unknown.

Note that PTHREAD_MUTEX_ROBUST and PTHREAD_MUTEX_ROBUST_NP are enum values
while they're defines on solaris 11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11319

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agowafsamba: let CHECK_DECLS() find enum values
Stefan Metzmacher [Fri, 12 Jun 2015 10:13:23 +0000 (12:13 +0200)]
wafsamba: let CHECK_DECLS() find enum values

In the current state this still generates the same config.h
at least on ubuntu 14.04 amd64.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agowafsamba: remove unused allow_warnings=True from SAMBA_PYTHON()
Stefan Metzmacher [Thu, 11 Jun 2015 08:01:15 +0000 (10:01 +0200)]
wafsamba: remove unused allow_warnings=True from SAMBA_PYTHON()

This is not needed anymore all python bindings build without wawrnings now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agos3:pysmbd: #include <Python.h> must be the first include in order to avoid compiler...
Stefan Metzmacher [Fri, 12 Jun 2015 09:45:39 +0000 (11:45 +0200)]
s3:pysmbd: #include <Python.h> must be the first include in order to avoid compiler warnings

This is the only exception, normally "replace.h" or "includes.h" need to be the
first include.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agopidl:NDR/Parser: check [ref] pointers before pushing anything else
Stefan Metzmacher [Thu, 11 Jun 2015 07:01:24 +0000 (09:01 +0200)]
pidl:NDR/Parser: check [ref] pointers before pushing anything else

This was reported by Coverity as
CID 1288527:  Null pointer dereferences  (REVERSE_INULL)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agopidl:NDR/Parser: protect for loops against $length being an expression instead of...
Stefan Metzmacher [Thu, 11 Jun 2015 06:54:11 +0000 (08:54 +0200)]
pidl:NDR/Parser: protect for loops against $length being an expression instead of a scalar variable

This changes

for (value_cntr_1 = 0; value_cntr_1 < r->out.length?*r->out.length:0; value_cntr_1++) {

into:

for (value_cntr_1 = 0; value_cntr_1 < (r->out.length?*r->out.length:0); value_cntr_1++) {

it fixes a possible endless loop resulting in a crash.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agopidl:Python: protect for loops against $length being an expression instead of a scala...
Stefan Metzmacher [Thu, 11 Jun 2015 06:54:11 +0000 (08:54 +0200)]
pidl:Python: protect for loops against $length being an expression instead of a scalar variable

This changes

for (value_cntr_1 = 0; value_cntr_1 < r->out.length?*r->out.length:0; value_cntr_1++) {

into:

for (value_cntr_1 = 0; value_cntr_1 < (r->out.length?*r->out.length:0); value_cntr_1++) {

it fixes a possible endless loop resulting in a crash.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agopidl:Python: use discard_const() to pass a possible const pointer to talloc_unlink()
Stefan Metzmacher [Thu, 11 Jun 2015 07:58:13 +0000 (09:58 +0200)]
pidl:Python: use discard_const() to pass a possible const pointer to talloc_unlink()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agos4:ntvfs/pyposix_eadb: fix initposix_eadb() prototype
Stefan Metzmacher [Thu, 11 Jun 2015 07:57:23 +0000 (09:57 +0200)]
s4:ntvfs/pyposix_eadb: fix initposix_eadb() prototype

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agotevent: version 0.9.25 tevent-0.9.25
Stefan Metzmacher [Fri, 12 Jun 2015 06:58:26 +0000 (08:58 +0200)]
tevent: version 0.9.25

* Fix compile error in Solaris ports backend.
* Fix access after free in tevent_common_check_signal(). bug #11308
* Improve pytevent bindings.
* Testsuite fixes.
* Improve the documentation of the tevent_add_fd()
  assumtions. It must be talloc_free'ed before closing the fd!
  See bug #11141 and bug #11316.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agopytevent: add a TeventTimer_Object_ref helper structure to make the code clearer
Stefan Metzmacher [Thu, 11 Jun 2015 07:51:19 +0000 (09:51 +0200)]
pytevent: add a TeventTimer_Object_ref helper structure to make the code clearer

This gives talloc_set_destructor to verify the type,
which removes a compiler warning.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agopytevent: remove const warnings using discard_const_p()
Stefan Metzmacher [Thu, 11 Jun 2015 07:50:35 +0000 (09:50 +0200)]
pytevent: remove const warnings using discard_const_p()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agopytevent: remove dead code TEVENT_DEPRECATED is never defined
Stefan Metzmacher [Thu, 11 Jun 2015 07:49:18 +0000 (09:49 +0200)]
pytevent: remove dead code TEVENT_DEPRECATED is never defined

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
5 years agotalloc:guide: fix documented signature of talloc_unlink().
Michael Adam [Fri, 12 Jun 2015 08:23:41 +0000 (10:23 +0200)]
talloc:guide: fix documented signature of talloc_unlink().

The second argument is void *, not const void *.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
5 years agotalloc:manpage: fix documented signature of talloc_unlink().
Michael Adam [Fri, 12 Jun 2015 08:16:40 +0000 (10:16 +0200)]
talloc:manpage: fix documented signature of talloc_unlink().

The second argument is void *, not const void *.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>