Stefan Metzmacher [Thu, 18 May 2017 14:02:44 +0000 (16:02 +0200)]
s3:libnet_join: move kerberos_secrets_store_des_salt() to libnet_join_joindomain_store_secrets()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 May 2017 13:59:00 +0000 (15:59 +0200)]
s3:libnet_join: move libnet_join_joindomain_store_secrets() to libnet_join_post_processing()
We should not store the secrets before we did all remote changes
(except the optional dns updates).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 May 2017 13:52:59 +0000 (15:52 +0200)]
s3:libnet_join: call do_JoinConfig() after we did remote changes on the server
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 May 2017 13:50:49 +0000 (15:50 +0200)]
s3:libnet_join: split libnet_join_post_processing_ads() into modify/sync
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 May 2017 13:48:49 +0000 (15:48 +0200)]
s3:libnet_join: move kerberos_secrets_store_des_salt() out of libnet_join_derive_salting_principal()
We should separate the calculation and the storing steps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 May 2017 13:40:25 +0000 (15:40 +0200)]
s3:libnet_join: remember r->out.krb5_salt in libnet_join_derive_salting_principal()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 May 2017 13:38:26 +0000 (15:38 +0200)]
s3:libnet_join.idl: add krb5_salt to libnet_JoinCtx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 17 May 2017 13:45:22 +0000 (15:45 +0200)]
s3:libnet_join: remember the domain_guid for AD domains
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 17 May 2017 13:45:22 +0000 (15:45 +0200)]
s3:libnet_join.idl: return the domain_guid in libnet_JoinCtx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 17 May 2017 11:53:19 +0000 (13:53 +0200)]
s3:libnet_join: calculate r->out.account_name in libnet_join_pre_processing()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 17 May 2017 10:42:04 +0000 (12:42 +0200)]
s3:libnet_join: remove dead code from libnet_join_connect_ads()
username[strlen(username)] is *always* '\0'!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 May 2017 09:32:46 +0000 (11:32 +0200)]
krb5_wrap: add smb_krb5_salt_principal2data()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 17 May 2017 15:13:02 +0000 (17:13 +0200)]
krb5_wrap: add smb_krb5_salt_principal()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 17 May 2017 14:13:37 +0000 (16:13 +0200)]
s3:libads: remove unused kerberos_secrets_store_salting_principal()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 17 May 2017 13:05:51 +0000 (15:05 +0200)]
s3:librpc: let NDR_SECRETS depend on NDR_SECURITY
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 12 Jun 2017 15:58:46 +0000 (17:58 +0200)]
idl_types.h: add NDR_SECRET shortcut
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 12 Jun 2017 15:58:20 +0000 (17:58 +0200)]
librpc/ndr: add LIBNDR_FLAG_IS_SECRET handling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 12 Jun 2017 13:22:42 +0000 (15:22 +0200)]
librpc/ndr: align the definition of LIBNDR_STRING_FLAGS with currently defined flags
The range included the unused (1<<14) before.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 12 Jun 2017 16:58:49 +0000 (18:58 +0200)]
pidl:NDR/Parser: add missing {start,end}_flags() to ParseElementPrint()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 5 May 2017 16:49:37 +0000 (18:49 +0200)]
s3:smbd: unimplement FSCTL_VALIDATE_NEGOTIATE_INFO with "server max protocol = SMB2_02"
A client that supports SMB3 will do a signed FSCTL_VALIDATE_NEGOTIATE_INFO
after a tree connect. This FSCTL_VALIDATE_NEGOTIATE_INFO call contains
the client capabilities, client guid, security mode and the array of supported
dialects. But if SMB 2.02 is negotiated the doesn't send these values to the
server in the first connection attempt (when the client starts with a SMB1 Negotiate).
Windows servers that only support SMB2 just return NT_STATUS_FILE_CLOSED
as answer to FSCTL_VALIDATE_NEGOTIATE_INFO.
We should do the same if we just pretend to support SMB 2.02,
as SMB 2.10 always include an SMB2 Negotiate request we can leave it as is.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 26 Jun 2017 10:10:40 +0000 (12:10 +0200)]
selftest: run nt4_dc_schannel with 'server max protocol = SMB2_02'
This reproduces the problem with trying to implement
FSCTL_VALIDATE_NEGOTIATE_INFO as SMB2_02 server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 26 Jun 2017 08:52:04 +0000 (10:52 +0200)]
s3:selftest: run test_smbclient_basic.sh against nt4_dc_schannel with various protocols
This prepared a reproducer for bug #12772
'Clients with SMB3 support can't connect with "server max protocol = SMB2_02"'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 26 Jun 2017 09:56:40 +0000 (11:56 +0200)]
s3:test_smbclient_basic.sh: make use of $incdir/common_test_fns.inc
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 26 Jun 2017 08:40:50 +0000 (10:40 +0200)]
s3:test_smbclient_basic.sh: make use of $ADDARGS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Michael Saxl [Sat, 24 Jun 2017 11:41:48 +0000 (13:41 +0200)]
s3:gse_krb5: fix a possible crash in fill_mem_keytab_from_system_keytab()
If the keytab file isn't readable, we may call
krb5_kt_end_seq_get() with an invalid kt_cursor.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10490
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Saxl <mike@mwsys.mine.bz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Mon, 26 Jun 2017 07:25:05 +0000 (19:25 +1200)]
s4-netlogon: Escape user-supplied computer name in Bad credentials log line
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 26 Jun 2017 07:24:40 +0000 (19:24 +1200)]
s4-netlogon: Provide logs for machine account success and failures
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 26 Jun 2017 04:40:45 +0000 (16:40 +1200)]
smbtorture: Add more tests around NETLOGON challenge reuse
The existing tests did not actually demonstrate what they
thought they did until the credential values were refreshed.
The new test showed this, because Samba fails it (windows passes)
due to the way we keep the last challenge on the connection.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 22 Jun 2017 12:17:07 +0000 (14:17 +0200)]
s3:tests: Add blackbox test for 'net usershare'
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Thu, 22 Jun 2017 14:13:12 +0000 (16:13 +0200)]
s3:param: Allow to add usershare if uid_wrapper is loaded
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 26 Jun 2017 21:18:30 +0000 (23:18 +0200)]
s3:tests: Do not delete the contets of LOCAL_PATH with tarmode test
The test_smbclient_tarmode.pl test operates on $LOCAL_PATH by default
and removes everything. So it deletes all precreated files and
directories which the setup_fileserver() function initially set up.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12867
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bernhard M. Wiedemann via samba-technical [Mon, 26 Jun 2017 07:46:18 +0000 (09:46 +0200)]
docs-xml: Sort input file list
because filesystems return entries in undeterministic order
and that ends up in index.xml and influences index.html
preventing reproducible builds of samba packages (e.g. for openSUSE)
See https://reproducible-builds.org/ for why this matters
Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Jun 27 16:56:06 CEST 2017 on sn-devel-144
Karolin Seeger [Mon, 26 Jun 2017 11:18:50 +0000 (13:18 +0200)]
WHATSNEW: Fix typo...
and add some new/changed parameters.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 27 03:19:19 CEST 2017 on sn-devel-144
Stefan Metzmacher [Sat, 24 Jun 2017 11:16:03 +0000 (13:16 +0200)]
auth/ntlmssp: enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2 client case
Some servers may not announce the NTLMSSP_NEGOTIATE_NTLM2
(a.k.a. NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) bit.
But if we're acting as a client using NTLMv2 we need to
enforce this flag, because it's not really a negotiationable
in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12862
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Daniel Kobras [Fri, 23 Jun 2017 13:39:21 +0000 (15:39 +0200)]
s3: smbd: fix regression with non-wide symlinks to directories over SMB3.
The errno returned by open() is ambiguous when called with flags O_NOFOLLOW and
O_DIRECTORY on a symlink. With ELOOP, we know for certain that we've tried to
open a symlink. With ENOTDIR, we might have hit a symlink, and need to perform
further checks to be sure. Adjust non_widelink_open() accordingly. This fixes
a regression where symlinks to directories within the same share were no
longer followed for some call paths on systems returning ENOTDIR in the above
case.
Also remove the knownfail added in previous commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860
Signed-off-by: Daniel Kobras <d.kobras@science-computing.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 23 Jun 2017 18:12:22 +0000 (11:12 -0700)]
s3: smbd: Add regression test for non-wide symlinks to directories fail over SMB3.
Mark as knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Amitay Isaacs [Tue, 21 Mar 2017 04:02:56 +0000 (15:02 +1100)]
ctdb-protocol: Do not pass tdb open flags to DB attach controls
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Jun 26 20:10:38 CEST 2017 on sn-devel-144
Amitay Isaacs [Tue, 21 Mar 2017 04:03:24 +0000 (15:03 +1100)]
ctdb-client: Do not pass tdb open flags to db attach api
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 23 Jun 2017 06:29:39 +0000 (16:29 +1000)]
ctdb-client: Remove calaculation of tdb flags
... and there is no need to find out if mutexes are enabled.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 23 Jun 2017 06:27:20 +0000 (16:27 +1000)]
ctdb-client: Ask daemon for db open flags
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 23 Jun 2017 06:15:57 +0000 (16:15 +1000)]
ctdb-client: Ask daemon for db open flags
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 23 Jun 2017 06:11:53 +0000 (16:11 +1000)]
ctdb-client: Add a function to get db open flags
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 14 Jun 2017 06:37:34 +0000 (16:37 +1000)]
ctdb-client: Add sync api for control DB_OPEN_FLAGS
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 14 Jun 2017 06:24:02 +0000 (16:24 +1000)]
ctdb-protocol: Add protocol marshalling for control DB_OPEN_FLAGS
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 14 Jun 2017 06:30:39 +0000 (16:30 +1000)]
ctdb-daemon: Implement DB_OPEN_FLAGS control
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 14 Jun 2017 06:22:52 +0000 (16:22 +1000)]
ctdb-protocol: Add new control to get database open flags
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 03:47:20 +0000 (14:47 +1100)]
ctdb-daemon: Drop extra boolean arguments to ctdb_local_attach()
There is no need for with_jenkinshash and with_mutexes flags, since the
tdb_flags are now calculated based on database type.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 23 Jun 2017 05:59:16 +0000 (15:59 +1000)]
ctdb-client: Drop tdb_flags argument to ctdb_attach()
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 23 Jun 2017 05:58:38 +0000 (15:58 +1000)]
ctdb-client: Stop sending tdb_flags with DB_ATTACH controls
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 28 Mar 2017 06:14:51 +0000 (17:14 +1100)]
ctdb-daemon: Ignore tdb open flags passed to DB attach controls
The tdb open flags should be calculated based on the database type and
ctdb tunables.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 21 Mar 2017 02:50:07 +0000 (13:50 +1100)]
ctdb-daemon: Refactor calculation of tdb open flags based on database type
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 04:37:19 +0000 (15:37 +1100)]
ctdb-locking: Get tdb open flags from tdb instead of re-calculating
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 03:52:00 +0000 (14:52 +1100)]
ctdb-daemon: Store tdb flags just after tdb is opened in ctdb_local_attach()
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 00:15:26 +0000 (11:15 +1100)]
ctdb-daemon: Once database is attached, do not modify tdb flags
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Fri, 16 Jun 2017 15:11:17 +0000 (17:11 +0200)]
auth/ntlmssp: make ntlmssp_server_check_password() shorter
We move as must as possible into ntlmssp_server_{pre,post}auth().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jun 26 13:07:30 CEST 2017 on sn-devel-144
Stefan Metzmacher [Fri, 16 Jun 2017 16:03:11 +0000 (18:03 +0200)]
auth/ntlmssp: remove useless talloc_steal calls in ntlmssp_server_check_password()
We only create a temporary auth_usersupplied_info structure and pass it
down as const, lets keep the values on ntlmssp_state otherwise we may derefence
stale pointers.
We finally free the memory at the end of ntlmssp_server_postauth() now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 06:39:19 +0000 (08:39 +0200)]
s4:dsdb/samdb: pass an existing 'struct ldb_context' to crack_auto_name_to_nt4_name()
There's no point in creating a temporary ldb_context as
the only callers already have a valid struct ldb_context for
the local sam.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 06:39:19 +0000 (08:39 +0200)]
s4:dsdb/samdb: pass an existing 'struct ldb_context' to crack_name_to_nt4_name()
There's no point in creating a temporary ldb_context as
all direct callers already have a valid struct ldb_context for
the local sam.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 06:26:26 +0000 (08:26 +0200)]
s4:auth/unix_token: remove unused tevent_context from auth_session_info_fill_unix()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 06:26:26 +0000 (08:26 +0200)]
s4:auth/unix_token: remove unused tevent_context from security_token_to_unix_token()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sun, 18 Jun 2017 10:53:05 +0000 (12:53 +0200)]
s3:smbd: call auth_check_password_session_info() only in one central place
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sun, 18 Jun 2017 10:48:11 +0000 (12:48 +0200)]
s3:smbd: introduce a reply_sesssetup_and_X_state
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sun, 18 Jun 2017 10:08:58 +0000 (12:08 +0200)]
s3:smbd: inline check_guest_password() into reply_sesssetup_and_X()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sun, 18 Jun 2017 10:06:10 +0000 (12:06 +0200)]
s3:smbd: only set user_info->auth_description on success
Otherwise we'll derefence a NULL pointer.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 13 Jun 2017 07:57:33 +0000 (09:57 +0200)]
pidl:NDR/Parser: initialize [skip] values in ndr_pull_*
It's too dangerous to leave values uninitialzed!
[skip_noinit] can be used if required.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Wed, 21 Jun 2017 13:11:28 +0000 (15:11 +0200)]
ntprinting.idl: make use of [skip_noinit] for string_flags
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Wed, 21 Jun 2017 13:05:35 +0000 (15:05 +0200)]
pidl:NDR/Parser: add "skip_noinit" element
In future "skip" will be changed to initialize the element
with ZERO_STRUCT() on ndr_pull_*.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 10:15:21 +0000 (12:15 +0200)]
pidl:NDR/Parser: fix "skip" for pointers
We should handle the "skip" at the element level before
we traverse trough the element levels.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Amitay Isaacs [Thu, 22 Jun 2017 04:34:36 +0000 (14:34 +1000)]
ctdb-scripts: Don't send empty argument string to logger
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12856
This stops logger reading from stdin.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Jun 24 14:37:48 CEST 2017 on sn-devel-144
Amitay Isaacs [Thu, 22 Jun 2017 06:15:47 +0000 (16:15 +1000)]
ctdb-recovery: Do not run local ip verification when in recovery
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857
If we drop public IPs because CTDB is in recovery for too long, then
avoid spamming logs "Trigger takeoverrun" every second.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 22 Jun 2017 07:45:20 +0000 (17:45 +1000)]
ctdb-recovery: Get recmode unconditionally in the main_loop
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857
This can be used later in the main_loop to avoid the local ip check.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 22 Jun 2017 04:09:32 +0000 (14:09 +1000)]
ctdb-recovery: Finish processing for recovery mode ACTIVE first
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857
This simplifies the code and avoids complicated conditions.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 22 Jun 2017 04:52:32 +0000 (14:52 +1000)]
ctdb-recovery: Simplify logging of recovery mode setting
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 22 Jun 2017 04:49:02 +0000 (14:49 +1000)]
ctdb-recovery: Setting up of recmode should be idempotent
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857
If the recovery mode is already set to the expected value, there is
nothing to do.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 22 Jun 2017 04:00:13 +0000 (14:00 +1000)]
ctdb-recovery: Assign banning credits if database fails to freeze
https://bugzilla.samba.org/show_bug.cgi?id=12857
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Volker Lendecke [Fri, 9 Jun 2017 06:48:21 +0000 (08:48 +0200)]
lib: Use ctdb_protocol instead of ctdb_private
ctdb_private is much broader. Right now we implement the protocol
ourselves. In the future, we might switch to the native ctdb
client implementation defined in ctdb_client.h, but that's a
different project :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 24 05:33:41 CEST 2017 on sn-devel-144
Volker Lendecke [Thu, 22 Jun 2017 14:10:52 +0000 (16:10 +0200)]
lib: Give util_paths.c its own header
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 8 Jun 2017 10:51:19 +0000 (12:51 +0200)]
net: Dump data for net_g_lock dump
4d404f2 added user-data for a g_lock. Print it in net g_lock dump.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Björn Baumbach [Tue, 20 Jun 2017 14:47:57 +0000 (16:47 +0200)]
build: fix build of vfs_posix_eadb module
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jun 24 01:20:16 CEST 2017 on sn-devel-144
Björn Baumbach [Thu, 22 Jun 2017 14:07:27 +0000 (16:07 +0200)]
waf:lib/replace: Fix building with older GCC versions
Using gcc 4.3.2:
cc1: error: unrecognized command line option "-Wno-format-truncation"
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Thu, 22 Jun 2017 08:25:09 +0000 (10:25 +0200)]
s4:torture: Do not segfault in torture_rpc_spoolss_printer_teardown_common()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 23 21:00:19 CEST 2017 on sn-devel-144
Garming Sam [Fri, 16 Jun 2017 01:05:37 +0000 (13:05 +1200)]
samba_kcc: debugging: say intrasite when we mean intrasite
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Jun 23 06:45:47 CEST 2017 on sn-devel-144
Douglas Bagnall [Thu, 15 Jun 2017 21:16:16 +0000 (09:16 +1200)]
samba_kcc: drop all connections from non-existent DSAs
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Thu, 15 Jun 2017 21:15:17 +0000 (09:15 +1200)]
samba_kcc: comment typo
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Thu, 9 Mar 2017 02:08:19 +0000 (15:08 +1300)]
third_party/dnspython: fix variable name in dnssec
This appears to have been fixed upstream (along with significant other
changes)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Wed, 5 Apr 2017 23:56:25 +0000 (11:56 +1200)]
samba_kcc: avoid crash on odd networks with --dot-file-dir
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Thu, 9 Mar 2017 01:56:24 +0000 (14:56 +1300)]
waf/wafadmin/3rdparty: fix paranoid.py variable names
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Wed, 12 Apr 2017 00:34:49 +0000 (12:34 +1200)]
python/getopt: -d/--debuglevel saves value in options for scripts
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Wed, 8 Mar 2017 02:25:53 +0000 (15:25 +1300)]
add provision performance tests
Because making provision faster makes autobuild faster.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Tue, 21 Mar 2017 21:25:06 +0000 (10:25 +1300)]
perftest: add a new medley test
This is something of a rewrite of ad_dc_performance.py with more
search tests and a rebalancing of others. For example, the users are
added in three lots of 2000 using varying methods rather than 5 of
1000 using ldap, reducing duplication thus clarifying the results.
Links are added in more realistic patterns with groups of varying
size.
To save time, the database is not cleaned up. Usually perftests are
run with TESTS= restriction to a single suite, but in case this is not
done, this suite is run last.
The ad_dc_performance suite is not replaced so that comparisons with
old test sequences are still possible.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Richard Sharpe [Tue, 20 Jun 2017 19:40:39 +0000 (12:40 -0700)]
Bug 15852. There are valid paths where conn->lsa_pipe_tcp->transport is NULL. Protect against this.
Based on a suggestion from Metze.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12852
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 22 23:16:46 CEST 2017 on sn-devel-144
Stefan Metzmacher [Tue, 20 Jun 2017 10:17:32 +0000 (12:17 +0200)]
tevent: version 0.9.32
* Fix mutex locking in tevent_threaded_context_destructor().
* Fix a memleak on FreeBSD.
* Re-init threading in tevent_re_initialise().
* Include the finish location in tevent_req_default_print().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jun 22 17:17:33 CEST 2017 on sn-devel-144
Stefan Metzmacher [Wed, 14 Jun 2017 14:59:10 +0000 (16:59 +0200)]
tevent: include the finish location in tevent_req_default_print()
It's verify useful when debugging code without a debugger to
be able to use tevent_req_print() in DEBUG statements.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andrew Bartlett [Thu, 8 Jun 2017 11:05:26 +0000 (23:05 +1200)]
dsdb: Rework schema_init module to always use valid memory
The schema can go away unless the second argument (the memory context) is supplied
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 20 Jun 2017 07:03:02 +0000 (09:03 +0200)]
s3:test_smbclient_s3.sh: pass the protocol (NT1) to the script
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 20 Jun 2017 07:03:02 +0000 (09:03 +0200)]
s3:test_smbclient_s3.sh: make it explizit where we want to force SMB1 or SMB3
We need to use -mNT1 or -mSMB3 at the end of the command line in order
to overwrite possible '-m' arguments in $ADDARGS.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 13:44:27 +0000 (15:44 +0200)]
s3:test_acl_xattr.sh: use -mNT1 for the 'getfacl' commands
The getfacl command is SMB1 only and will most likely never
be part the SMB3 unix extensions.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 08:00:32 +0000 (10:00 +0200)]
s3:torture: use CLI_FULL_CONNECTION_DISABLE_SMB1 in run_oplock_cancel()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 08:00:15 +0000 (10:00 +0200)]
s3:torture: add torture_open_connection_flags()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 07:57:28 +0000 (09:57 +0200)]
s3:libsmb: add CLI_FULL_CONNECTION_DISABLE_SMB1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>