Andreas Schneider [Wed, 9 Aug 2017 07:58:35 +0000 (09:58 +0200)]
tdb: Do not allow to pass NULL as the buffer to transaction_write()
This fixes a GCC warning.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 10 02:26:09 CEST 2017 on sn-devel-144
Andreas Schneider [Wed, 9 Aug 2017 08:53:12 +0000 (10:53 +0200)]
tdb: Write zero data using 8k buffer in transaction_expand_file()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Wed, 9 Aug 2017 08:16:36 +0000 (10:16 +0200)]
tdb: Avoid NULL tdb_write
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Wed, 9 Aug 2017 08:15:27 +0000 (10:15 +0200)]
tdb: Consistency check for tdb_storev
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Wed, 24 May 2017 07:17:19 +0000 (09:17 +0200)]
vfs_fruit: factor out common code from ad_get() and ad_fget()
As a result of the previous changes ad_get() and ad_fget() do completey
the same, so factor out the common code to a new helper function. No
change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug 9 22:33:36 CEST 2017 on sn-devel-144
Ralph Boehme [Tue, 23 May 2017 15:44:16 +0000 (17:44 +0200)]
vfs_fruit: return fake pipe fd in fruit_open_meta_netatalk()
Do not open the basefile, that conflict with "kernel oplocks = yes". We
just return a fake file fd based on dup'ing a pipe fd and ensure all VFS
functions that go through vfs_fruit and work on the metadata stream can
deal with it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Tue, 23 May 2017 15:31:47 +0000 (17:31 +0200)]
vfs_fruit: don't open basefile in ad_open() and simplify API
We never need an fd on the basefile when operating on the metadata, as
we can always use path based syscalls. Opening the basefile conflicts
with "kernel oplocks" so just don't do it.
Additional changes:
- remove the adouble_type_t argument to ad_open(), the type is passed
and set when allocating a struct adouble with ad_alloc()
- additionally pass an optional fsp to ad_open() (so the caller can pass
NULL). With this change we can move the fd inheritance from fsp to ad
into ad_open() itself where it belongs and remove it from the caller
ad_fget()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Ralph Boehme [Tue, 23 May 2017 15:39:46 +0000 (17:39 +0200)]
vfs_fruit: use path based setxattr call in ad_fset()
This allows later commits to remove opening of the basefile which
conflict with "kernel oplocks = yes".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Thu, 18 May 2017 11:17:38 +0000 (13:17 +0200)]
s4/torture: additional tests for kernel-oplocks
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Ralph Boehme [Wed, 10 May 2017 09:38:06 +0000 (11:38 +0200)]
s4/torture: reproducer for kernel oplocks issue with streams
test_smb2_kernel_oplocks3() wouldn't have failed without the patches,
I'm just adding it to have at least one test that tests with 2
clients. All other tests use just one client.
test_smb2_kernel_oplocks4() is the reproducer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Ralph Boehme [Thu, 11 May 2017 16:08:56 +0000 (18:08 +0200)]
vfs_streams_xattr: return a fake fd in streams_xattr_open()
The final step in changing vfs_streams_xattr to not call open() on the
basefile anymore. Instead, we just return a fake file fd based on
dup'ing a pipe fd. Previous commits ensured all calls to VFS API
functions use pathname based versions to do their work.
This ensures we don't trigger kernel oplock breaks for client "open
stream" requests when needlessly opening the basefile.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Thu, 11 May 2017 16:05:18 +0000 (18:05 +0200)]
vfs_streams_xattr: implement all missing handle based VFS functions
Implement all missing handle based VFS function. If the call is on a
named stream, implement the appropriate action for the VFS function, in
most cases a no-op.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Thu, 11 May 2017 15:38:00 +0000 (17:38 +0200)]
vfs_streams_xattr: always pass NULL as fsp arg to get_ea_value()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Thu, 11 May 2017 15:36:15 +0000 (17:36 +0200)]
vfs_streams_xattr: remove fsp argument from get_xattr_size()
Still in the process of changing all handle based operations to use path
based operations.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Thu, 11 May 2017 13:05:23 +0000 (15:05 +0200)]
vfs_streams_xattr: remove all uses of fd, use name based functions
We don't really need an fd in this module, all calls to the VFS xattr
API can just use the name based versions.
This paves the way for removing the open of the basefile in
streams_xattr_open() in a later commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Thu, 11 May 2017 05:59:20 +0000 (07:59 +0200)]
vfs_streams_xattr: invalidate stat info if xattr was not found
We stat the basefile so we leave valid stat info from the base file
behind, even though the xattr for the stream was not there.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Wed, 9 Aug 2017 06:37:38 +0000 (08:37 +0200)]
s3:utils: Fix buffer size for snprintf and format string
GCC 7.1 produces an error:
‘snprintf’ output between 47 and 66 bytes into a destination of size 40
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 9 13:37:47 CEST 2017 on sn-devel-144
Andreas Schneider [Wed, 9 Aug 2017 06:23:29 +0000 (08:23 +0200)]
s3:torture: Fix spoolss test to build with -O3
Initialize variables so that we do not get a build warning that they
might be used uninitilized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Wed, 9 Aug 2017 05:45:04 +0000 (07:45 +0200)]
s4:samdb: Fix building Samba with -O3
gcc error: ‘result’ may be used uninitialized
This wont happen, because ldb will return and error, but the compiler
doesn't understand this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Thu, 8 Jun 2017 17:18:36 +0000 (19:18 +0200)]
vfs_gpfs: handle EACCES when fetching DOS attributes from xattr
When trying to fetch the DOS attributes via gpfswrap_get_winattrs_path()
if the filesystem doesn't grant READ_ATTR to the file the function fails
with EACCESS.
But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.
So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call gpfswrap_get_winattrs_path()
with DAC_OVERRIDE_CAPABILITY.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 9 01:21:14 CEST 2017 on sn-devel-144
Ralph Boehme [Thu, 8 Jun 2017 17:10:20 +0000 (19:10 +0200)]
s3/smbd: handle EACCES when fetching DOS attributes from xattr
When trying to fetch the DOS attributes xattr via SMB_VFS_GETXATTR() if
the filesystem doesn't grant read access to the file the xattr read
request fails with EACCESS.
But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.
So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call SMB_VFS_GETXATTR() as root,
ensuring we can read the DOS attributes xattr.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Ralph Boehme [Thu, 8 Jun 2017 17:05:48 +0000 (19:05 +0200)]
s3/smbd: handling of failed DOS attributes reading
Only fall back to using UNIX modes if we get NOT_IMPLEMENTED. This is
exactly what we already do when setting DOS attributes.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Andreas Schneider [Tue, 1 Aug 2017 14:07:58 +0000 (16:07 +0200)]
python:tests: Add test for warn_pwd_expire
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Aug 7 19:11:02 CEST 2017 on sn-devel-144
Andreas Schneider [Tue, 1 Aug 2017 14:05:57 +0000 (16:05 +0200)]
python:tests: Do not overwrite exit code
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Anoop C S [Mon, 31 Jul 2017 10:09:19 +0000 (15:39 +0530)]
source3/client: Fix typo in help message displayed by default
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12936
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Marc Muehlfeld [Sun, 6 Aug 2017 09:50:55 +0000 (11:50 +0200)]
python: Fix incorrect kdc.conf parameter name in kerberos.py
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 21 Jul 2017 10:29:31 +0000 (12:29 +0200)]
winbindd: give an IRPC error if wb_irpc_SamLogon() is called without useful routing information
The caller should have checked this already!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 21 Jul 2017 10:29:31 +0000 (12:29 +0200)]
winbindd: as DC we should try to get the target_domain from @SOMETHING part of the username in wb_irpc_SamLogon()
We still need a full routing table including all upn suffixes,
but this is a start to support NTLM authentication using user@REALM
against structed domains.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 21 Jul 2017 10:29:31 +0000 (12:29 +0200)]
winbindd: Print debug if we don't know how to route a wb_irpc_SamLogon() request
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 21 Jul 2017 10:29:31 +0000 (12:29 +0200)]
winbindd: allow all possible logon levels in wb_irpc_SamLogon()
We should just try to find the correct domain to forward the
request, all logic of not implementing serveral logon levels
belongs to the _winbind_SamLogon() implementation.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 16 Jun 2017 23:06:46 +0000 (01:06 +0200)]
s4:auth/ntlmssp: add support for using "winbind" as DC
This adds support for trusted domains to the auth stack on AD DCs.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 22 Mar 2017 10:16:47 +0000 (11:16 +0100)]
s4:auth: use "sam winbind" for the netlogon server
This adds authentication support for trusted domains to the
netlogon server.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 16 Jun 2017 21:07:04 +0000 (23:07 +0200)]
s4:auth/ntlm: provide auth_check_password_wrapper_send/recv to auth4_context
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 16 Jun 2017 15:18:17 +0000 (17:18 +0200)]
auth/common: add support for auth4_ctx->check_ntlm_password_send/recv()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 16 Jun 2017 15:14:35 +0000 (17:14 +0200)]
auth/ntlmssp: merge ntlmssp_server_check_password() into ntlmssp_server_auth_send()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 16 Jun 2017 14:16:15 +0000 (16:16 +0200)]
auth/ntlmssp: introduce ntlmssp_server_auth_send/recv
We still use the sync ntlmssp_server_check_password().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 14 Jun 2017 22:34:26 +0000 (00:34 +0200)]
auth/ntlmssp: prepare update_send/recv for real async processing
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 16 Jun 2017 22:56:09 +0000 (00:56 +0200)]
s4:auth_winbind: implement async authentication via IRPC
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 17 Mar 2017 18:36:08 +0000 (19:36 +0100)]
s4:rpc_server/netlogon: make use of auth_check_password_send/recv()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 21 Jul 2017 06:10:02 +0000 (08:10 +0200)]
s4:rpc_server/netlogon: make use of async kdc_check_generic_kerberos_send/recv()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 17 Mar 2017 18:27:38 +0000 (19:27 +0100)]
s4:rpc_server/netlogon: prepare dcesrv_netr_LogonSamLogon_base for async processing
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 21 Jul 2017 05:39:11 +0000 (07:39 +0200)]
s4:rpc_server/netlogon: check auth_level for validation level 6 already in dcesrv_netr_LogonSamLogon_check()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 11:06:58 +0000 (13:06 +0200)]
s4:librpc/rpc: add support for HttpAuthOption=negotiate
Note that rpcproxy.dll on Windows doesn't support kerberos,
it allways downgrades the connection to NTLMSSP.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 14:11:48 +0000 (16:11 +0200)]
s4:lib/http: pass down the target service/hostname to gensec
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 11:03:40 +0000 (13:03 +0200)]
s4:lib/http: add HTTP_AUTH_NEGOTIATE which maps to the "http_negotiate" gensec backend
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 11:03:03 +0000 (13:03 +0200)]
s4:http/gensec: implement "http_negotiate" using GENSEC_OID_SPNEGO
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 11:00:27 +0000 (13:00 +0200)]
s4:http/gensec: make the "NTLM" base64 wrapping more generic
We only need to know the prefix "NTLM" and the submech oid GENSEC_OID_NTLMSSP
everything else can be generic.
This should allow us to implement "Negotiate" with GENSEC_OID_SPNEGO
trivial.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 10:07:18 +0000 (12:07 +0200)]
s4:http/gensec: rename ntlm.c to generic.c
Check with git show -C
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 11:05:39 +0000 (13:05 +0200)]
s4:librpc/rpc: pass down HTTP_AUTH_* values directly to dcerpc_pipe_open_roh_send()
They get passed to http_send_auth_request_send() unmodified.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 21:05:53 +0000 (23:05 +0200)]
s4:librpc/rpc: remember the target_hostname on ncacn_http connections
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 13:48:35 +0000 (15:48 +0200)]
s4:lib/http: pass a generic prefix blob to http_parse_auth_response()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 13:46:38 +0000 (15:46 +0200)]
s4:lib/http: use strcasecmp(h->key, "WWW-Authenticate") instead of strncasecmp()
The key is already normalized and should match completely.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 12:44:51 +0000 (14:44 +0200)]
s4:lib/http: remove indentation level from http_parse_auth_response()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 16:12:27 +0000 (18:12 +0200)]
s4:lib/http: let http_read_response_send/recv() also consume the body if it fits into a max value
We need to consume full HTTP responses from the socket during the
authentication exchanges, otherwise our HTTP parser gets out of sync for
the next requests.
This will be important for gensec mechs which use an even number
for authentication packets.
I guess this should be done just based on the Content-Length value and
not based on the response code.
So far I saw bodies with 200 and 401 codes.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 20 Jul 2017 16:13:28 +0000 (18:13 +0200)]
s4:lib/http: lower HTTP_MAX_HEADER_SIZE from UINT_MAX to 0x1FFFF
We don't need very large headers, the largest ones are
"Authorization" or "WWW-Authenticate", but 128k should be
more than enough for all headers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Tue, 1 Aug 2017 14:40:01 +0000 (16:40 +0200)]
winbindd: Simplify an if-condition
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Aug 7 09:32:09 CEST 2017 on sn-devel-144
Volker Lendecke [Tue, 1 Aug 2017 14:36:27 +0000 (16:36 +0200)]
winbindd: Add debug for ndr cache hit
When looking through winbind debug logs, it's highly confusing if you don't
find a call in the child that's supposed to handle it. Add a debug if the call
was handled from the cache without calling into the child.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Volker Lendecke [Tue, 1 Aug 2017 13:11:09 +0000 (15:11 +0200)]
winbindd: Make wcache_query_user static
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Gary Lockyer [Thu, 3 Aug 2017 18:45:37 +0000 (06:45 +1200)]
tests samba_tool: fix flapping user-virtualCryptSHA test
Fix flapping test, occasionally a password would be generated that failed
the password criteria, which resulted in the test user not being
created. The tests relying on this user being present then failed.
This patch ensures that the generated password contains at least one digit,
at least one upper case letter and at least one lower case letter.
The generated passwords do not contain special characters to avoid shell
escaping issues.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Aug 7 05:34:24 CEST 2017 on sn-devel-144
Ralph Wuerthner [Tue, 1 Aug 2017 14:40:30 +0000 (16:40 +0200)]
idmap: remove unused function idmap_is_online()
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Aug 4 14:08:37 CEST 2017 on sn-devel-144
Andreas Schneider [Thu, 3 Aug 2017 08:52:59 +0000 (10:52 +0200)]
lib: Fix integer overflowed argument issue with strtoul()
This fixes CID
1415704
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Aug 3 15:06:34 CEST 2017 on sn-devel-144
Martin Schwenke [Mon, 31 Jul 2017 05:26:36 +0000 (15:26 +1000)]
ctdb-common: Reimplement pidfile_context_create() using pidfile_path_create()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Aug 2 07:28:44 CEST 2017 on sn-devel-144
Martin Schwenke [Mon, 31 Jul 2017 05:20:19 +0000 (15:20 +1000)]
util: Reimplement pidfile_create() using pidfile_path_create()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Martin Schwenke [Mon, 31 Jul 2017 05:11:33 +0000 (15:11 +1000)]
util: New functions pidfile_path_create(), pidfile_fd_close()
Uses the core of CTDB's create_pidfile_context() for
pidfile_path_create(). pidfile_fd_close() is a subset of CTDB's
pidfile_context_destructor().
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Martin Schwenke [Mon, 31 Jul 2017 05:16:45 +0000 (15:16 +1000)]
ctdb-common: Rename pidfile_create() -> pidfile_context_create()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Martin Schwenke [Mon, 31 Jul 2017 04:48:47 +0000 (14:48 +1000)]
util: Add pidfile.* to samba-util-core
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Martin Schwenke [Mon, 31 Jul 2017 04:47:01 +0000 (14:47 +1000)]
util: Clean up includes
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Martin Schwenke [Mon, 31 Jul 2017 01:37:21 +0000 (11:37 +1000)]
util: pidfile_pid() should not unlink PID file
This causes a race. If 2 callers to pidfile_create() both a find a
stale PID file using pidfile_pid(). The 1st may then return to
pidfile_create() and create a new PID file, which can then be unlinked
by the 2nd caller.
Consequently, PID file creation can not depend on creating the file,
so drop O_EXCL from the call to open().
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Fri, 14 Jul 2017 11:18:59 +0000 (13:18 +0200)]
winbindd: Simplify two debug msgs
With DBG_DEBUG we get the function name automatically, DEBUGADD is also
not necessary here
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Aug 1 11:45:34 CEST 2017 on sn-devel-144
Volker Lendecke [Thu, 13 Jul 2017 13:52:35 +0000 (15:52 +0200)]
winbindd: Simplify wcache_cached_creds_exist
No need to fetch, use tdb_exists
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Volker Lendecke [Wed, 12 Jul 2017 12:56:32 +0000 (14:56 +0200)]
winbindd: Make wcache_lookup_usergroups static
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Volker Lendecke [Wed, 12 Jul 2017 12:32:02 +0000 (14:32 +0200)]
winbindd: Fix indentation
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Volker Lendecke [Wed, 12 Jul 2017 11:32:33 +0000 (13:32 +0200)]
winbindd: Make init_wcache static
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Volker Lendecke [Wed, 12 Jul 2017 11:14:44 +0000 (13:14 +0200)]
winbindd: Make wcache_lookup_useraliases static
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Volker Lendecke [Wed, 12 Jul 2017 11:12:45 +0000 (13:12 +0200)]
winbindd: Make wcache_name_to_sid static
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Volker Lendecke [Wed, 12 Jul 2017 10:40:29 +0000 (12:40 +0200)]
winbindd: Make wcache_lookup_groupmem static
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Volker Lendecke [Wed, 12 Jul 2017 10:40:29 +0000 (12:40 +0200)]
winbindd: Make wcache_flush_cache static
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Volker Lendecke [Wed, 12 Jul 2017 11:30:02 +0000 (13:30 +0200)]
winbindd: Fix a few signed/unsigned hickups
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Andrew Bartlett [Tue, 1 Aug 2017 01:18:33 +0000 (13:18 +1200)]
dsdb: Fix dsdb_next_callback to correctly use ldb_module_done() etc
If we do not call ldb_module_done() then we do not know that up_req->callback()
has been called, and ldb_next_request() will call the callback again.
If called twice, the new ldb_lock_backend_callback() in ldb 1.2.0 will segfault.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12904
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 1 07:52:38 CEST 2017 on sn-devel-144
Ian Stakenvicius [Tue, 25 Jul 2017 20:31:14 +0000 (16:31 -0400)]
waf: disable-python - fix talloc wscript if bundling disabled
The pytalloc-util dependency logic in lib/talloc/wscript on a
standalone build checks for pytalloc-util in a manner that will
fail if bundling is disabled, this causes issues on
--disable-python builds of ldb, tevent, and samba.
This patch restructures the logic to skip checks if python
is disabled, instead just setting the temporary state variable
'using_system_pytalloc_util' to False
Successfully tested patch on ldb-1.1.31 and above, tevent-0.9.33,
and samba-4.7_rc3
Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 31 Jul 2017 22:26:34 +0000 (10:26 +1200)]
dsdb: Do not force a re-index of sam.ldb on upgrade to 4.7
This means that no compatibleFeatures or incompatibleFeatures will be honoured
until a re-index, but that can be triggered when these features are set.
New databases will still get this support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12855
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Volker Lendecke [Wed, 26 Jul 2017 15:24:51 +0000 (17:24 +0200)]
lib: Fix an error path memleak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 31 13:49:02 CEST 2017 on sn-devel-144
Volker Lendecke [Wed, 26 Jul 2017 15:22:42 +0000 (17:22 +0200)]
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Thu, 27 Jul 2017 12:09:20 +0000 (14:09 +0200)]
lib: Fix
1415704 CID Integer overflowed argument
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Ralph Boehme [Sat, 29 Jul 2017 06:27:39 +0000 (08:27 +0200)]
docs/vfs_fruit: remove period outside of the <para> tag
Period that is outside of the <para> tag causes unneccessary vertical
space in the htmlman output. (Paragraph including only one period will
be created.)
From matsuand <michio_matsuyama@yahoo.co.jp>.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jul 29 15:09:37 CEST 2017 on sn-devel-144
Richard Sharpe [Thu, 27 Jul 2017 21:07:47 +0000 (14:07 -0700)]
Add a test for unsetting Delete-on-Close before the close by DoC opener.
Windows semantics says that any unset of Delete-on-Close before the client
that opened for Delete-on-Close closes the file is silently ignored and the file
is still deleted on the last close. This test tests that in a single open case.
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jul 28 11:47:06 CEST 2017 on sn-devel-144
Richard Sharpe [Thu, 27 Jul 2017 20:46:27 +0000 (13:46 -0700)]
Fix incorrect error messages:unsetting not setting.
The error messages are wrong and could give testers the wrong idea.
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andrew Bartlett [Wed, 26 Jul 2017 23:10:43 +0000 (11:10 +1200)]
s4-rpc_server: Improve debug of new endpoints
This helps us know what process model is required and what one is in use.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12939
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 28 04:12:08 CEST 2017 on sn-devel-144
Andrew Bartlett [Wed, 26 Jul 2017 23:44:12 +0000 (11:44 +1200)]
s4-rpc_server: ensure we get a new endpoint for netlogon
If we share the single process RPC servers with the multi-process RPC servers
on the same endpoint, they will default to running in an single process
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12939
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 25 Jul 2017 02:26:45 +0000 (14:26 +1200)]
s4-cldap/netlogon: Match Windows 2012R2 and return NETLOGON_NT_VERSION_5 when version unspecified
The previous patch set this incorrectly to NETLOGON_NT_VERSION_1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Arvid Requate [Thu, 22 Jun 2017 11:37:13 +0000 (13:37 +0200)]
s4-dsdb/netlogon: allow missing ntver in cldap ping
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Arvid Requate [Tue, 20 Jun 2017 18:05:17 +0000 (20:05 +0200)]
s4:torture/ldap: Test netlogon without NtVer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Tue, 20 Jun 2017 01:14:43 +0000 (13:14 +1200)]
repl: Remove old TODO
This TODO was added in 2007 before we supported linked attributes.
It's no longer relevant.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Sun, 11 Jun 2017 23:20:54 +0000 (11:20 +1200)]
getncchanges.c: Remove unused null_scope variable
This was added in
4cc6b5a69b1f94d96a73ac1 but the very next commit
(
f1c6bab60e52624f5f3) removed where it was set, which meant the variable
was always false and seemingly pointless.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Tue, 6 Jun 2017 23:13:52 +0000 (11:13 +1200)]
getnc_exop.py: Fix typo in function name
This drove me crazy when I tried to search for it.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Sun, 18 Jun 2017 22:26:48 +0000 (10:26 +1200)]
libnet: Initialize req_level in become_dc tests
The net.api.become.dc tests would always pass the request into
libnet_vampire_cb_store_chunk() with req_level=0, which meant that
storing the chunk didn't use the correct replica_flags/exop.
I noticed this problem when working on client-side support for GET_TGT.
My changes relied on the critical-only request flag being passed down
into replmd, but because the request flags weren't passed correctly, my
changes caused the become_dc tests to fail.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Wed, 7 Jun 2017 04:56:18 +0000 (16:56 +1200)]
drs_utils: HWM in 'samba-tool drs replicate --local' always zero
The code to check for the 'repsFrom' highwatermark didn't have any
effect because the hwm variable was overwritten (initialized to all
zeroes) further down.
Using a zero HWM probably wouldn't have impacted functionality because
we were still correctly using the uptodatenessvector, which should
avoid a full replication.
This was introduced in commit
e2ba17d26af42974e5d, presumably by
accident.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Mon, 29 May 2017 05:06:55 +0000 (17:06 +1200)]
drs: support sync-forced for 'samba-tool drs replicate --local'
The sync-forced option wasn't being passed into the replication request
when the --local option was used. This meant if outbound replication
were disabled on the target DC, then the replicate --local command would
fail.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 6 Jul 2017 04:31:15 +0000 (16:31 +1200)]
selftest: Use get_creds_ccache_name() in fsmo.py
This avoids a new kinit for every role transfer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 6 Jul 2017 04:29:14 +0000 (16:29 +1200)]
selftest: Add and use new helper function get_creds_ccache_name()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>