sfrench/samba-autobuild/.git
2 years agoctdb-tools: Always exit with positive return value
Amitay Isaacs [Tue, 7 Mar 2017 05:44:08 +0000 (16:44 +1100)]
ctdb-tools: Always exit with positive return value

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue May 30 08:05:56 CEST 2017 on sn-devel-144

2 years agoctdb-eventd: Avoid passing NULL pointer to printf( %s )
Amitay Isaacs [Mon, 29 May 2017 02:36:11 +0000 (12:36 +1000)]
ctdb-eventd: Avoid passing NULL pointer to printf( %s )

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-eventd: Use run_event abstraction
Amitay Isaacs [Mon, 27 Feb 2017 04:00:42 +0000 (15:00 +1100)]
ctdb-eventd: Use run_event abstraction

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-common: Add run_event abstraction
Amitay Isaacs [Thu, 23 Feb 2017 07:40:48 +0000 (18:40 +1100)]
ctdb-common: Add run_event abstraction

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-common: Update run_proc api to re-assign stdin
Amitay Isaacs [Fri, 5 May 2017 16:47:00 +0000 (02:47 +1000)]
ctdb-common: Update run_proc api to re-assign stdin

This allows to pass data to a child process via stdin.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agos4/torture: add a leases test with stat open
Ralph Boehme [Fri, 26 May 2017 13:42:46 +0000 (15:42 +0200)]
s4/torture: add a leases test with stat open

This test passes against Windows 2016 but currently fails against Samba
for some reason. The test does the following:

1. A stat open on a file, then
2. a second open with a RWH-lease request

Windows grants a RWH-lease in step 2, while Samba only grants a
R-lease. Go figure...

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun May 28 18:52:52 CEST 2017 on sn-devel-144

2 years agos4/torture: test for bug 12798
Ralph Boehme [Fri, 26 May 2017 13:35:54 +0000 (15:35 +0200)]
s4/torture: test for bug 12798

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12798

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/smbd: fix exclusive lease optimisation
Ralph Boehme [Fri, 26 May 2017 09:57:08 +0000 (11:57 +0200)]
s3/smbd: fix exclusive lease optimisation

We need to expect any amount of "stat" opens on the file without
triggering an assert.

This is the correct fix for bug #11844. I guess we haven't seens this
very often before bug #12766 got fixed, because most clients were using
LEASES instead of OPLOCKS.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12798

See also:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11844
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12766

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/locking: make find_share_mode_entry public
Ralph Boehme [Fri, 26 May 2017 09:35:52 +0000 (11:35 +0200)]
s3/locking: make find_share_mode_entry public

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12798

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3: VFS: Fruit. Move to using struct smb_filename instead of char * paths.
Jeremy Allison [Thu, 25 May 2017 18:38:26 +0000 (11:38 -0700)]
s3: VFS: Fruit. Move to using struct smb_filename instead of char * paths.

Cleans up and removes some code.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri May 26 20:53:02 CEST 2017 on sn-devel-144

2 years agos3: VFS: Catia: Ensure path name is also converted.
Jeremy Allison [Wed, 24 May 2017 18:45:35 +0000 (11:45 -0700)]
s3: VFS: Catia: Ensure path name is also converted.

https://bugzilla.samba.org/show_bug.cgi?id=12804

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agoRevert "param: Add 'mit kdc config' option to smb.conf"
Andreas Schneider [Tue, 9 May 2017 06:01:12 +0000 (08:01 +0200)]
Revert "param: Add 'mit kdc config' option to smb.conf"

This reverts commit eaaf5ce66e32d05b0a649619986d67ab6176a27a.

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 26 15:28:40 CEST 2017 on sn-devel-144

2 years agopython: Create the kdc.conf in the Samba private directory
Andreas Schneider [Wed, 3 May 2017 07:19:38 +0000 (09:19 +0200)]
python: Create the kdc.conf in the Samba private directory

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopython: Do not use the glue code directly
Andreas Schneider [Wed, 3 May 2017 07:04:45 +0000 (09:04 +0200)]
python: Do not use the glue code directly

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoctdb-tests: Add some extra tests for "ctdb nodestatus"
Martin Schwenke [Wed, 24 May 2017 10:21:55 +0000 (20:21 +1000)]
ctdb-tests: Add some extra tests for "ctdb nodestatus"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12802

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri May 26 05:24:34 CEST 2017 on sn-devel-144

2 years agoctdb-tools: "ctdb nodestatus" should only display header for "all"
Martin Schwenke [Wed, 24 May 2017 10:27:58 +0000 (20:27 +1000)]
ctdb-tools: "ctdb nodestatus" should only display header for "all"

The "Number of nodes:" header should only be displayed when "all" is
specified.  This is how the command behaved in Samba <= 4.4.

Printing the number of nodes is not helpful and is rather confusing in
the default case where only the status of the current node is printed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12802

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tools: Stop "ctdb nodestatus" from always showing all nodes
Martin Schwenke [Wed, 24 May 2017 10:24:54 +0000 (20:24 +1000)]
ctdb-tools: Stop "ctdb nodestatus" from always showing all nodes

Exit code should only reflect current or specified nodes too.

Drop an unwanted call to get_nodemap() that overwrites the previously
calculated node map.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12802

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agolibnet join: Fix error handling on provision_store_self_join failure
Gary Lockyer [Tue, 23 May 2017 02:11:35 +0000 (14:11 +1200)]
libnet join: Fix error handling on provision_store_self_join failure

This avoids leaving the error string NULL.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 25 06:28:02 CEST 2017 on sn-devel-144

2 years agosource4/provision: fix talloc_steal on unallocated memory
Gary Lockyer [Tue, 23 May 2017 02:13:14 +0000 (14:13 +1200)]
source4/provision: fix talloc_steal on unallocated memory

The caller will steal *error_string on failure, if it
is not NULL.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agotests net_join: use private secrets database.
Gary Lockyer [Tue, 23 May 2017 01:03:03 +0000 (13:03 +1200)]
tests net_join: use private secrets database.

Tests were leaving entries in the secrets database that caused
subsequent test cases to fail.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agosource4 rpc: binding.c enable DCERPC_SCHANNEL_AUTO for schannel connections
Gary Lockyer [Wed, 26 Apr 2017 19:12:34 +0000 (07:12 +1200)]
source4 rpc: binding.c enable DCERPC_SCHANNEL_AUTO for schannel connections

Enable the DCERPC_SCHANNEL_AUTO option in dceprc bindings. If not enabled
calls to netlogon.netlogon from python fail with NT_STATUS_DOWNGRADE_DETECTED
if schannel bindings are specified.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>

2 years agoauth pycredentials: incorrect PyArg_ParseTupleAndKeywords call
Gary Lockyer [Fri, 28 Apr 2017 01:14:16 +0000 (13:14 +1200)]
auth pycredentials: incorrect PyArg_ParseTupleAndKeywords call

The challenge parameter was being treated as a string rather than as a
data blob.  This was causing intermittent seg faults. Removed the
server_timestamp parameter as it's not currently used.

Unable to produce a test case to reliably replicate the failure.
However auth_log_samlogon does flap

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth pycredentials: correct docstring of get_ntlm_response method
Gary Lockyer [Fri, 28 Apr 2017 01:13:28 +0000 (13:13 +1200)]
auth pycredentials: correct docstring of get_ntlm_response method

Fix copy paste error was incorrectly named "get_ntlm_username_domain"

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth_log: Add test that execises the SamLogon python bindings
Gary Lockyer [Thu, 27 Apr 2017 22:16:39 +0000 (10:16 +1200)]
auth_log: Add test that execises the SamLogon python bindings

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agotests password_hash: Add ldap based tests for WDigest
Gary Lockyer [Sun, 21 May 2017 21:49:17 +0000 (09:49 +1200)]
tests password_hash: Add ldap based tests for WDigest

Add tests of the WDigest values using ldap.  This allows the tests to be
run against Windows, to validate the calculated values.

Tests validated against Windows Server 2012 R2

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopynet: Add a hook to decrypt one attribute
Andrew Bartlett [Wed, 17 May 2017 05:05:13 +0000 (17:05 +1200)]
pynet: Add a hook to decrypt one attribute

This will help with testing GetNCChanges and supplementalCredentials against Windows in Python

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agotests password_hash: update array indexes for readabliity
Gary Lockyer [Thu, 18 May 2017 02:38:37 +0000 (14:38 +1200)]
tests password_hash: update array indexes for readabliity

Use an n-1 pattern in the indexes to the digest array to simplify checking
against the documentation and samba-tool user tests.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agosamba-tool add support for userPassword
Gary Lockyer [Mon, 15 May 2017 00:19:22 +0000 (12:19 +1200)]
samba-tool add support for userPassword

Changes to virtualCryptSHA256 and virtualCryptSHA512 attributes.
The values are now calculated as follows:
  1) If a value exists in 'Primary:userPassword' with
     the specified number of rounds it is returned.
  2) If 'Primary:CLEARTEXT, or 'Primary:SambaGPG' with
     '--decrypt-samba-gpg'. Calculate a hash with the specified number of rounds
  3) Return the first {CRYPT} value in 'Primary:userPassword' with a
     matching algorithm

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agosamba-tool tests: add tests for userPassword
Gary Lockyer [Mon, 15 May 2017 00:20:58 +0000 (12:20 +1200)]
samba-tool tests: add tests for userPassword

Tests to ensure that precomputed SHA256 and SHA512 hashes in
'supplementalCredentials Primary:userPassword' are used correctly in the
calculation of virtualCryptSHA256 and virtualCryptSHA512

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agopassword_hash: generate and store Primary:userPassword
Gary Lockyer [Tue, 4 Apr 2017 04:05:08 +0000 (16:05 +1200)]
password_hash: generate and store Primary:userPassword

Generate sha256 and sha512 password hashes and store them in
supplementalCredentials

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agotests password_hash: add tests for Primary:userPassword
Gary Lockyer [Tue, 11 Apr 2017 21:12:56 +0000 (09:12 +1200)]
tests password_hash: add tests for Primary:userPassword

    Add tests to verify the generation and storage of sha256 and sha512
    password hashes in suplementalCredentials Primary:userPassword

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agodocs: configuration options for extra password hashes
Gary Lockyer [Tue, 9 May 2017 02:38:06 +0000 (14:38 +1200)]
docs: configuration options for extra password hashes

Add the configuration options for the generation and storage of crypt()
based sha256 and sha512 password hashes in supplementalCredentials

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agotests password_hash: fix white space issues
Gary Lockyer [Tue, 11 Apr 2017 21:09:27 +0000 (09:09 +1200)]
tests password_hash: fix white space issues

Clean up white space issues in password_hash.py

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agotests password_hash: remove unused import
Gary Lockyer [Tue, 11 Apr 2017 21:08:24 +0000 (09:08 +1200)]
tests password_hash: remove unused import

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoidl drsblobs: add the blobs required for Primary:userPassword
Gary Lockyer [Tue, 4 Apr 2017 04:00:20 +0000 (16:00 +1200)]
idl drsblobs: add the blobs required for Primary:userPassword

Add the blobs required to allow the storing of an sha256 or sha512 hash of
the password in supplemental credentials

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agosamba-tool user: add rounds option to virtualCryptSHAxxx
Gary Lockyer [Mon, 8 May 2017 23:20:15 +0000 (11:20 +1200)]
samba-tool user: add rounds option to virtualCryptSHAxxx

Allow the number of rounds to be specified when calculating the
virtualCryptSHA256 and virtualCryptSHA512 attributes.

i.e. --attributes="virtualCryptSHA256;rounds=3000" will calculate the
hash using 3,000 rounds.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agosamba-tool tests: Tests for virtualCryptSHAxxx rounds
Gary Lockyer [Mon, 8 May 2017 23:15:19 +0000 (11:15 +1200)]
samba-tool tests: Tests for virtualCryptSHAxxx rounds

Add tests to for the new rounds option for the virtualCryptSHA256 and
virtualCryptSHA512 attributes.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agosamba-tool user: Support for virtualWDigest attributes
Gary Lockyer [Sun, 7 May 2017 22:00:58 +0000 (10:00 +1200)]
samba-tool user: Support for virtualWDigest attributes

Add new virtualWDigest attributes, these return the hashes stored in
supplementalCredentials Primary:WDigest, in a form suitable for
htdigest authentication

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agosamba-tool user: Tests for virtualWDigest attributes
Gary Lockyer [Sun, 7 May 2017 22:00:09 +0000 (10:00 +1200)]
samba-tool user: Tests for virtualWDigest attributes

Add tests for the new virtualWDigest attributes, these return the hashes
stored in supplementalCredentials Primary:WDigest in a form suitable for
use with htdigest authentication.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoctdb-daemon: Add AllowMixedVersions tunable
Amitay Isaacs [Fri, 21 Apr 2017 07:41:44 +0000 (17:41 +1000)]
ctdb-daemon: Add AllowMixedVersions tunable

This allows to mix CTDB major versions in a single cluster.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed May 24 21:06:28 CEST 2017 on sn-devel-144

2 years agoctdb-daemon: Do not allow mixed ctdb versions in a cluster
Amitay Isaacs [Fri, 21 Apr 2017 07:55:11 +0000 (17:55 +1000)]
ctdb-daemon: Do not allow mixed ctdb versions in a cluster

Extend CTDB_REQ_KEEPALIVE packet to include version and uptime.  If CTDB
versions do not match shutdown ctdb.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-keepalive: Move ctdb_send_keepalive() to ctdb_keepalive.c
Amitay Isaacs [Fri, 21 Apr 2017 07:18:49 +0000 (17:18 +1000)]
ctdb-keepalive: Move ctdb_send_keepalive() to ctdb_keepalive.c

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-packaging: Remove mkversion.sh script
Amitay Isaacs [Fri, 21 Apr 2017 07:57:10 +0000 (17:57 +1000)]
ctdb-packaging: Remove mkversion.sh script

It's not used any more as the version headers are generated from waf.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-build: Simplify generation of version header files
Amitay Isaacs [Fri, 21 Apr 2017 05:39:45 +0000 (15:39 +1000)]
ctdb-build: Simplify generation of version header files

Generate version headers from waf instead of separate shell script.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agowafsamba: Allow to specify VERSION file path
Amitay Isaacs [Fri, 21 Apr 2017 08:19:00 +0000 (18:19 +1000)]
wafsamba: Allow to specify VERSION file path

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-readonly: Avoid a tight loop waiting for revoke to complete
Amitay Isaacs [Thu, 18 May 2017 01:50:09 +0000 (11:50 +1000)]
ctdb-readonly: Avoid a tight loop waiting for revoke to complete

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12697

During revoking readonly delegations, if one of the nodes disappears,
then there is no point re-trying revoking readonly delegation immedately.
The database needs to be recovered before the revoke operation can
succeed.

However, if the revoke is successful, then all the write requests need
to be processed immediately before the read-only requests.  This avoids
starving write requests, in case there are read-only requests coming
from other nodes.

In deferred_call_destructor, the result of revoke is not available and
deferred calls cannot be correctly ordered.  To correctly order the
deferred calls, process them in revokechild_destructor where the result
of revoke is known.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoRevert "ctdb-readonly: Avoid a tight loop waiting for revoke to complete"
Amitay Isaacs [Thu, 18 May 2017 00:15:01 +0000 (10:15 +1000)]
Revert "ctdb-readonly: Avoid a tight loop waiting for revoke to complete"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12697

This reverts commit ad758cb869ac83534993caa212abc9fe9905ec68.

This is an incomplete fix and introduces a regression.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoCVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
Volker Lendecke [Mon, 8 May 2017 19:40:40 +0000 (21:40 +0200)]
CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Wed May 24 14:34:30 CEST 2017 on sn-devel-144

2 years agodsdb: Do not search the sam.ldb file when trying to search all partitions
Andrew Bartlett [Thu, 4 May 2017 08:12:46 +0000 (10:12 +0200)]
dsdb: Do not search the sam.ldb file when trying to search all partitions

The sam.ldb file does not contain the same kind of data as the partitions, we do not wish to
mix these results.  This also avoids taking out locks on the sam.ldb file.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 23 05:18:04 CEST 2017 on sn-devel-144

2 years agodsdb: Do not write the @INDEXLIST or @ATTRIBUTES records during schema refresh
Andrew Bartlett [Wed, 3 May 2017 20:53:14 +0000 (22:53 +0200)]
dsdb: Do not write the @INDEXLIST or @ATTRIBUTES records during schema refresh

Instead, write it once in the module init, if required, and after a
modify to the schema partition is detected

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agodsdb: Take out the transaction and prepare_commit locks in the same order
Andrew Bartlett [Wed, 3 May 2017 20:51:30 +0000 (22:51 +0200)]
dsdb: Take out the transaction and prepare_commit locks in the same order

We must, when starting the transaction and preparing to commit the transaction, take
out the locks in the same order across all the databases, otherwise we may deadlock.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoldb_tdb: Call talloc_free(options_dn) as soon as we are done with options_dn
Andrew Bartlett [Thu, 30 Mar 2017 00:11:15 +0000 (13:11 +1300)]
ldb_tdb: Call talloc_free(options_dn) as soon as we are done with options_dn

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoldb_tdb: Provide better debugging on end_trans failures
Andrew Bartlett [Thu, 30 Mar 2017 01:27:55 +0000 (14:27 +1300)]
ldb_tdb: Provide better debugging on end_trans failures

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agoldb_tdb: Provide better debugging on prepare_commit failures
Andrew Bartlett [Thu, 30 Mar 2017 01:26:23 +0000 (14:26 +1300)]
ldb_tdb: Provide better debugging on prepare_commit failures

ltdb_index_transaction_commit() does LDB operations, sets the ldb
error string and returns LDB errors so we should not check the tdb
error code.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agotdb: Improve debugging when the allrecord lock fails to upgrade
Andrew Bartlett [Thu, 30 Mar 2017 06:11:06 +0000 (19:11 +1300)]
tdb: Improve debugging when the allrecord lock fails to upgrade

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 years agos3: smbd: Correctly identify a snapshot path using UCF_GMT_PATHNAME.
Jeremy Allison [Thu, 18 May 2017 20:28:23 +0000 (13:28 -0700)]
s3: smbd: Correctly identify a snapshot path using UCF_GMT_PATHNAME.

All our client code already does this correctly for @GMT names.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May 22 22:49:17 CEST 2017 on sn-devel-144

2 years agos3: smbd: Add UCF_GMT_PATHNAME, which represents FLAGS2_REPARSE_PATH.
Jeremy Allison [Thu, 18 May 2017 20:24:26 +0000 (13:24 -0700)]
s3: smbd: Add UCF_GMT_PATHNAME, which represents FLAGS2_REPARSE_PATH.

This must be set by a client to use shadow copy (@GMT) paths.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos3: smbd: Fix up the ucf_flags correctly in smb_file_rename_information().
Jeremy Allison [Thu, 18 May 2017 20:22:36 +0000 (13:22 -0700)]
s3: smbd: Fix up the ucf_flags correctly in smb_file_rename_information().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos3: smbd: We can now remove the 'bool dfs_path' parameter from filename_convert().
Jeremy Allison [Thu, 18 May 2017 19:29:50 +0000 (12:29 -0700)]
s3: smbd: We can now remove the 'bool dfs_path' parameter from filename_convert().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos3: smbd: Add UCF_DFS_PATHNAME which tracks the flags2 FLAGS2_DFS_PATHNAMES bit.
Jeremy Allison [Thu, 18 May 2017 19:18:58 +0000 (12:18 -0700)]
s3: smbd: Add UCF_DFS_PATHNAME which tracks the flags2 FLAGS2_DFS_PATHNAMES bit.

Set inside ucf_flags_from_smb_request(). This will allow us to
remove the req->flags2 & FLAGS2_DFS_PATHNAMES parameter from
filename_convert().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos3: smbd: In ntrename OR in ucf_flags, don't overwrite.
Jeremy Allison [Thu, 18 May 2017 19:08:57 +0000 (12:08 -0700)]
s3: smbd: In ntrename OR in ucf_flags, don't overwrite.

This isn't worth a bug backport as right now the only flag that
could be overwritten is the UCF_POSIX_PATHNAMES flag, and for
a POSIX connection the client will use posix rename, not an
ntrename.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos3: smbd: Always use ucf_flags_from_smb_request() in place of checking by hand (in...
Jeremy Allison [Thu, 18 May 2017 19:08:00 +0000 (12:08 -0700)]
s3: smbd: Always use ucf_flags_from_smb_request() in place of checking by hand (in most cases).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos3: smbd: Split out ucf_flags_from_smb_request() from filename_create_ucf_flags().
Jeremy Allison [Thu, 18 May 2017 18:56:39 +0000 (11:56 -0700)]
s3: smbd: Split out ucf_flags_from_smb_request() from filename_create_ucf_flags().

We will use this elsewhere in later commits.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos3: smbd: Make it clear we only overwrite *ppath_contains_wcard if resolve_dfspath_wc...
Jeremy Allison [Thu, 18 May 2017 18:41:10 +0000 (11:41 -0700)]
s3: smbd: Make it clear we only overwrite *ppath_contains_wcard if resolve_dfspath_wcard() detected a wildcard.

The API for this function specifies that *ppath_contains_wcard
must already have been initialized on entry to filename_convert()
(not a great design, but that's the way it is currently).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos3: smbd: Remove ugly use of discard_const that previously was hidden in resolve_dfsp...
Jeremy Allison [Thu, 18 May 2017 18:36:56 +0000 (11:36 -0700)]
s3: smbd: Remove ugly use of discard_const that previously was hidden in resolve_dfspath_wcard().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos3: smbd: Remove bool dfs_pathnames paramter from resolve_dfspath_wcard().
Jeremy Allison [Thu, 18 May 2017 18:34:33 +0000 (11:34 -0700)]
s3: smbd: Remove bool dfs_pathnames paramter from resolve_dfspath_wcard().

Start cleaning up the pathname parsing to move flags2 checks into UCF_FLAGS
function.

NB. This now only sets *ppath_contains_wcard inside resolve_dfspath_wcard()
if dfs_redirect() sets path_contains_wcard to true, which is a change
from the previous code which could potentially set *ppath_contains_wcard
to an uninitialized value if dfs_redirect() returned without setting
path_contains_wcard.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agos4:libcli/ldap: just use gensec_update() in ldap_bind_sasl()
Stefan Metzmacher [Mon, 15 May 2017 21:53:38 +0000 (23:53 +0200)]
s4:libcli/ldap: just use gensec_update() in ldap_bind_sasl()

We're in a blocking/sync call, we should avoid using nested event loops for
this. As far as I can see ldap_bind_sasl() is only called from command line
tools, which are ok to block.

Resolving this requires also resolving the general case in LDB, as that is the
API this is used from.  We would need ldb_connect_send() and ldb_connect_recv()
at a start.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon May 22 01:12:23 CEST 2017 on sn-devel-144

2 years agos4:libcli/smb2: make smb2_session_setup_spnego_* completely async
Stefan Metzmacher [Mon, 15 May 2017 21:37:22 +0000 (23:37 +0200)]
s4:libcli/smb2: make smb2_session_setup_spnego_* completely async

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:librpc: simplify dcerpc_connect_timeout_handler() logic
Stefan Metzmacher [Mon, 15 May 2017 20:49:09 +0000 (22:49 +0200)]
s4:librpc: simplify dcerpc_connect_timeout_handler() logic

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:librpc: make use of gensec_update_send() in bind_auth_next_step()
Stefan Metzmacher [Mon, 15 May 2017 20:46:39 +0000 (22:46 +0200)]
s4:librpc: make use of gensec_update_send() in bind_auth_next_step()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:librpc: use gensec_update_send() in dcerpc_bind_auth_send()
Stefan Metzmacher [Mon, 15 May 2017 20:36:20 +0000 (22:36 +0200)]
s4:librpc: use gensec_update_send() in dcerpc_bind_auth_send()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: implement async AUTH3 using gensec_update_send/recv
Stefan Metzmacher [Mon, 15 May 2017 13:20:56 +0000 (15:20 +0200)]
s4:rpc_server: implement async AUTH3 using gensec_update_send/recv

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: implement async ALTER_CONTEXT using gensec_update_send/recv
Stefan Metzmacher [Mon, 15 May 2017 13:20:56 +0000 (15:20 +0200)]
s4:rpc_server: implement async ALTER_CONTEXT using gensec_update_send/recv

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: implement async BIND using gensec_update_send/recv
Stefan Metzmacher [Mon, 15 May 2017 13:20:56 +0000 (15:20 +0200)]
s4:rpc_server: implement async BIND using gensec_update_send/recv

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: remove unused dcesrv_auth_{bind_ack,auth3,alter_ack}()
Stefan Metzmacher [Mon, 15 May 2017 12:03:54 +0000 (14:03 +0200)]
s4:rpc_server: remove unused dcesrv_auth_{bind_ack,auth3,alter_ack}()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: make use of dcesrv_auth_prepare_auth3() in dcesrv_auth3()
Stefan Metzmacher [Mon, 15 May 2017 12:02:07 +0000 (14:02 +0200)]
s4:rpc_server: make use of dcesrv_auth_prepare_auth3() in dcesrv_auth3()

It means we also need to call gensec_update_ev() and dcesrv_auth_complete()
directly in dcesrv_auth3(). Doing that will make it easier to make dcesrv_auth3()
async in the next commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: make use of dcesrv_auth_prepare_alter_ack() in dcesrv_alter()
Stefan Metzmacher [Mon, 15 May 2017 12:02:07 +0000 (14:02 +0200)]
s4:rpc_server: make use of dcesrv_auth_prepare_alter_ack() in dcesrv_alter()

It means we also need to call gensec_update_ev() and dcesrv_auth_complete()
directly in dcesrv_alter(). Doing that will make it easier to make dcesrv_alter()
async in the next commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: make use of dcesrv_auth_prepare_bind_ack() in dcesrv_bind()
Stefan Metzmacher [Mon, 15 May 2017 12:02:07 +0000 (14:02 +0200)]
s4:rpc_server: make use of dcesrv_auth_prepare_bind_ack() in dcesrv_bind()

It means we also need to call gensec_update_ev() and dcesrv_auth_complete()
directly in dcesrv_bind(). Doing that will make it easier to make dcesrv_bind()
async in the next commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: make use of dcesrv_auth_reply() in dcesrv_alter()
Stefan Metzmacher [Mon, 15 May 2017 15:37:05 +0000 (17:37 +0200)]
s4:rpc_server: make use of dcesrv_auth_reply() in dcesrv_alter()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: split out dcesrv_auth_reply() from dcesrv_bind()
Stefan Metzmacher [Mon, 15 May 2017 15:19:31 +0000 (17:19 +0200)]
s4:rpc_server: split out dcesrv_auth_reply() from dcesrv_bind()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: remove useless TALLOC_FREE(call->context) from dcesrv_bind()
Stefan Metzmacher [Mon, 15 May 2017 15:36:17 +0000 (17:36 +0200)]
s4:rpc_server: remove useless TALLOC_FREE(call->context) from dcesrv_bind()

This is not needed if we're terminating the connection anyway.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: split out dcesrv_auth_prepare_alter_ack()
Stefan Metzmacher [Mon, 15 May 2017 10:16:35 +0000 (12:16 +0200)]
s4:rpc_server: split out dcesrv_auth_prepare_alter_ack()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: split out dcesrv_auth_prepare_auth3()
Stefan Metzmacher [Mon, 15 May 2017 10:16:35 +0000 (12:16 +0200)]
s4:rpc_server: split out dcesrv_auth_prepare_auth3()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: split out dcesrv_auth_prepare_bind_ack()
Stefan Metzmacher [Mon, 15 May 2017 10:16:35 +0000 (12:16 +0200)]
s4:rpc_server: split out dcesrv_auth_prepare_bind_ack()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: make use of dcesrv_auth_complete() in dcesrv_auth_auth3()
Stefan Metzmacher [Mon, 15 May 2017 07:13:08 +0000 (09:13 +0200)]
s4:rpc_server: make use of dcesrv_auth_complete() in dcesrv_auth_auth3()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: prepare dcesrv_auth_complete() for AUTH3
Stefan Metzmacher [Mon, 15 May 2017 07:13:08 +0000 (09:13 +0200)]
s4:rpc_server: prepare dcesrv_auth_complete() for AUTH3

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: make use of dcesrv_auth_complete() in dcesrv_auth_alter_ack()
Stefan Metzmacher [Mon, 15 May 2017 07:14:21 +0000 (09:14 +0200)]
s4:rpc_server: make use of dcesrv_auth_complete() in dcesrv_auth_alter_ack()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: split out dcesrv_auth_complete() from dcesrv_auth_bind_ack()
Stefan Metzmacher [Mon, 15 May 2017 07:00:45 +0000 (09:00 +0200)]
s4:rpc_server: split out dcesrv_auth_complete() from dcesrv_auth_bind_ack()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: add wait_send/recv infrastructure
Stefan Metzmacher [Mon, 15 May 2017 06:11:29 +0000 (08:11 +0200)]
s4:rpc_server: add wait_send/recv infrastructure

This will be used to implement async BIND/ALTER_CONTEXT/AUTH3
using gensec_update_send/recv.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:rpc_server: introduce call->ack_pkt and avoid pkt variable for the response on...
Stefan Metzmacher [Mon, 15 May 2017 12:15:41 +0000 (14:15 +0200)]
s4:rpc_server: introduce call->ack_pkt and avoid pkt variable for the response on the stack

This will be needed when we use async authentication using gensec_update_send/recv.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:kdc: make use of gensec_update() in kpasswd_process()
Stefan Metzmacher [Mon, 15 May 2017 05:50:31 +0000 (07:50 +0200)]
s4:kdc: make use of gensec_update() in kpasswd_process()

This avoids using gensec_update_ev() with a nested event loop.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:dlz_bind9: assert SPNEGO/KRB5 and use gensec_update()
Stefan Metzmacher [Mon, 15 May 2017 05:45:47 +0000 (07:45 +0200)]
s4:dlz_bind9: assert SPNEGO/KRB5 and use gensec_update()

This avoids using gensec_update_ev() with a nested event loop.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:dns_server: use samba_server_gensec_krb5_start() and gensec_update() in dns_query.c
Stefan Metzmacher [Mon, 15 May 2017 05:30:14 +0000 (07:30 +0200)]
s4:dns_server: use samba_server_gensec_krb5_start() and gensec_update() in dns_query.c

This avoids using gensec_update_ev() with a nested event loop.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:auth: add samba_server_gensec_krb5_start()
Stefan Metzmacher [Mon, 15 May 2017 05:17:30 +0000 (07:17 +0200)]
s4:auth: add samba_server_gensec_krb5_start()

This will be used by the dns services to only allow
spnego/krb5. This makes sure the accepting backend
doesn't require any RPC or IPC communication for now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agos4:auth: split out a samba_server_gensec_start_settings() helper function
Stefan Metzmacher [Mon, 15 May 2017 05:17:00 +0000 (07:17 +0200)]
s4:auth: split out a samba_server_gensec_start_settings() helper function

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth/gensec: make sure there's only one pending gensec_update_send() per context
Stefan Metzmacher [Thu, 11 May 2017 11:28:10 +0000 (13:28 +0200)]
auth/gensec: make sure there's only one pending gensec_update_send() per context

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth/gensec: improve NT_STATUS_MORE_PROCESSING_REQUIRED logic in gensec_update_*()
Stefan Metzmacher [Thu, 11 May 2017 11:23:07 +0000 (13:23 +0200)]
auth/gensec: improve NT_STATUS_MORE_PROCESSING_REQUIRED logic in gensec_update_*()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth/gensec: avoid using a state->subreq pointer
Stefan Metzmacher [Thu, 11 May 2017 11:25:26 +0000 (13:25 +0200)]
auth/gensec: avoid using a state->subreq pointer

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth/gensec: remove the sync update() hook from gensec_security_ops
Stefan Metzmacher [Thu, 11 May 2017 10:48:41 +0000 (12:48 +0200)]
auth/gensec: remove the sync update() hook from gensec_security_ops

Some backends still do some nested event context magic,
but that mapping between async and sync is done in these backends
and not in the core gensec code anymore.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoauth/spnego: add simple gensec_spnego_update_send/recv() wrapper functions
Stefan Metzmacher [Thu, 11 May 2017 07:04:02 +0000 (09:04 +0200)]
auth/spnego: add simple gensec_spnego_update_send/recv() wrapper functions

TODO: we still need to do the internals async.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>