Garming Sam [Wed, 6 Jan 2016 01:12:35 +0000 (14:12 +1300)]
CVE-2016-0771: tests/dns: Modify dns tests to match new IDL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 7 Aug 2015 09:36:47 +0000 (11:36 +0200)]
CVE-2016-0771: dns.idl: make use of dnsp_hinfo
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 7 Aug 2015 09:36:47 +0000 (11:36 +0200)]
CVE-2016-0771: s4:dns_server: fix idl for dns_txt_record
From RFC 1035:
3.3.14. TXT RDATA format
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/ TXT-DATA /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
where:
TXT-DATA One or more <character-string>s.
TXT RRs are used to hold descriptive text. The semantics of the text
depends on the domain where it is found.
Each record contains an array of strings instead of just one string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 7 Aug 2015 09:36:47 +0000 (11:36 +0200)]
CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 7 Aug 2015 09:36:47 +0000 (11:36 +0200)]
CVE-2016-0771: librpc: add RPC_NDR_DNSSERVER to dcerpc-samba library
RPC_NDR_DNSSERVER is the client interface NDR_DNSP contains just
marshalling helpers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 7 Aug 2015 09:36:47 +0000 (11:36 +0200)]
CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp doesn't require client bindings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Thu, 7 Jan 2016 22:26:35 +0000 (14:26 -0800)]
CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Thu, 7 Jan 2016 20:58:34 +0000 (12:58 -0800)]
CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Thu, 7 Jan 2016 01:02:52 +0000 (17:02 -0800)]
CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX cli_posix_setacl() functions. Needed for tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Thu, 7 Jan 2016 01:17:24 +0000 (17:17 -0800)]
CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() functions to cli_posix_getacl() as they operate on pathnames.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Tue, 5 Jan 2016 19:33:48 +0000 (11:33 -0800)]
CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Tue, 5 Jan 2016 19:29:38 +0000 (11:29 -0800)]
CVE-2015-7560: s3: smbd: Silently return no EA's available on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Tue, 5 Jan 2016 19:05:48 +0000 (11:05 -0800)]
CVE-2015-7560: s3: smbd: Set return values early, allows removal of code duplication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Tue, 5 Jan 2016 19:24:36 +0000 (11:24 -0800)]
CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Tue, 5 Jan 2016 19:22:12 +0000 (11:22 -0800)]
CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Tue, 5 Jan 2016 18:52:50 +0000 (10:52 -0800)]
CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Tue, 5 Jan 2016 18:38:28 +0000 (10:38 -0800)]
CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Tue, 5 Jan 2016 19:18:12 +0000 (11:18 -0800)]
CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent operations on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Martin Schwenke [Wed, 9 Mar 2016 01:06:21 +0000 (12:06 +1100)]
ctdb-tunables: Mark tunable DeferredRebalanceOnNodeAdd obsolete
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Mar 10 06:51:46 CET 2016 on sn-devel-144
Martin Schwenke [Tue, 8 Mar 2016 05:36:04 +0000 (16:36 +1100)]
ctdb-recoverd: Drop use of DeferredRebalanceOnNodeAdd tunable
If set, this was used to setup an IP takeover run on a timer after
certain updates to the public IP address configuration (e.g. "ctdb
addip").
However, "ctdb reloadips" completely manages public IP reconfiguration
and avoids the anomalies that DeferredRebalanceOnNodeAdd was
introduced to work around.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 8 Mar 2016 05:29:56 +0000 (16:29 +1100)]
ctdb-tools: Drop "ctdb rebalancenode"
This was a workaround for trying to ensure public IP addresses are
properly rebalanced after running "ctdb addip" on multiple nodes.
"ctdb reloadips" is a better solution.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 8 Mar 2016 05:20:03 +0000 (16:20 +1100)]
ctdb-tools: Drop "ctdb rebalanceip"
This is undocumented and is not needed. It was a workaround for
trying to ensure public IP addresses are properly rebalanced after
running "ctdb addip" on multiple nodes. "ctdb reloadips" is a better
solution.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 8 Mar 2016 05:30:41 +0000 (16:30 +1100)]
ctdb-doc: Drop outdated NEWS file
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Amitay Isaacs [Tue, 8 Mar 2016 04:23:12 +0000 (15:23 +1100)]
ctdb-doc: Update ctdb man page
Update ctdb statistics and ctdb dbstatistics output.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 8 Mar 2016 04:17:24 +0000 (15:17 +1100)]
ctdb-doc: Update ctdb man page
Do not use obsolete tunables in examples.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 8 Mar 2016 04:12:42 +0000 (15:12 +1100)]
ctdb-tunables: Fix the implementation of LIST_TUNABLES control
Do not assume the first tunable is not obsolete.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 8 Mar 2016 03:51:59 +0000 (14:51 +1100)]
ctdb-recovery-helper: Get tunables first, so control timeout can be set
During the recovery process, the timeout value for sending all controls
is decided by RecoverTimeout tunable. So in the recovery process,
first get the tunables, so the control timeout gets set correctly.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 8 Mar 2016 03:37:41 +0000 (14:37 +1100)]
ctdb-doc: Add documentation for missing tunables
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 7 Mar 2016 08:26:43 +0000 (19:26 +1100)]
ctdb-doc: Update tunables documentation
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 7 Mar 2016 07:19:02 +0000 (18:19 +1100)]
ctdb-tunables: Mark tunable ReclockPingPeriod obsolete
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 7 Mar 2016 07:02:02 +0000 (18:02 +1100)]
ctdb-tunables: Mark tunable MaxRedirectCount obsolete
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 7 Mar 2016 06:10:43 +0000 (17:10 +1100)]
ctdb-tunables: Add missing flags in the initializer
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 7 Mar 2016 06:05:11 +0000 (17:05 +1100)]
ctdb-doc: Sort the tunable variables in alphabetical order
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Tue, 8 Mar 2016 02:37:42 +0000 (13:37 +1100)]
ctdb-tests: Add a new NFS tickle test for the releasing node
Current NFS and CIFS tickle tests do not test the killtcp
functionality on the releasing node. 2-way killing is done for NFS,
so this test explicitly looks for packets from the releasing node.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 7 Mar 2016 23:03:12 +0000 (10:03 +1100)]
ctdb-tests: Allow tcptickle_sniff_wait_show() to filter by MAC address
tcpdump does not support filtering on MAC address when reading from a
file. Therefore, this is implemented by conditionally using grep to
filter the output of tcpdump.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 8 Mar 2016 02:32:35 +0000 (13:32 +1100)]
ctdb-tests: Re-indent and re-format some functions
This makes the next commit much easier to read.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 7 Mar 2016 22:59:33 +0000 (09:59 +1100)]
ctdb-tests: Fix CIFS tickle test
There's a tiny chance that the connection information may not be
transferred to other nodes quickly enough, so add an explicit wait.
Also clean up the description and recognise that it is the takeover
node that does the tickling.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 7 Mar 2016 22:44:44 +0000 (09:44 +1100)]
ctdb-tests: Fix description of NFS tickle test
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Aurelien Aptel [Wed, 9 Mar 2016 10:35:24 +0000 (11:35 +0100)]
s4/heimdal/lib/krb5/pac.c: typo
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 10 03:33:46 CET 2016 on sn-devel-144
Aurelien Aptel [Wed, 9 Mar 2016 16:46:54 +0000 (17:46 +0100)]
s4/heimdal/lib/gssapi/mech/gss_compare_name.c: typo
make memcmp() compare the name1 and name2 value instead of comparing
name1 with itself.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Aurelien Aptel [Wed, 9 Mar 2016 10:37:44 +0000 (11:37 +0100)]
s4/client/cifsdd.c: typo
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Aurelien Aptel [Wed, 9 Mar 2016 10:43:16 +0000 (11:43 +0100)]
s4/auth/ntlm/auth_unix.c: add parens
operator | has lower precedence than ?:
so add parens to have the expected result.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Aurelien Aptel [Wed, 9 Mar 2016 14:25:26 +0000 (15:25 +0100)]
s3/utils/regedit.c: typo
loop should exit on any case of Q.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Wed, 9 Mar 2016 13:01:05 +0000 (14:01 +0100)]
docs: update vfs_fruit manpage
Add documentation that ea support = yes is required and explain why all
shares for OS X clients should use fruit if one uses it.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 9 Mar 2016 12:53:09 +0000 (13:53 +0100)]
testparm: vfs_fruit checks
- vfs_fruit requires "ea support = yes"
- OS X clients negotiate AAPL on the first tcon, so mixing shares with
and without fruit will globally disable AAPL if the first tcon is
without fruit
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 9 Mar 2016 09:15:25 +0000 (10:15 +0100)]
smbd: Avoid an "else"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Mar 9 21:51:52 CET 2016 on sn-devel-144
Volker Lendecke [Wed, 9 Mar 2016 07:51:34 +0000 (08:51 +0100)]
vfs_united_media: Fix CID
1355492 Uninitialized scalar variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Douglas Bagnall [Mon, 7 Mar 2016 21:23:09 +0000 (10:23 +1300)]
configure: set HAVE___ATTRIBUTE__ for heimdal
Without this, heimdal ends up defining __attribute__ away, causing
gcc-6 compile errors with -Werror=return-type because it can't tell
when functions have __attribute__((noreturn)).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 9 13:52:26 CET 2016 on sn-devel-144
Douglas Bagnall [Wed, 2 Mar 2016 04:15:50 +0000 (17:15 +1300)]
torture_ldap_sort: avoid segfault
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Tue, 8 Mar 2016 01:43:40 +0000 (14:43 +1300)]
ldb sort: allow sorting on attributes not returned in search
The attribute is added to the search request, then peeled off again
before the sort module passes the results on.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Tue, 8 Mar 2016 22:25:36 +0000 (11:25 +1300)]
Add python server sort tests
The tests are repeated twice: once properly with complex Unicode
strings, and again in a simplified ASCII subset. We only expect Samba
to pass the simplified version. The hard tests are aspirational and
show what Active Directory does.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Fri, 29 Jan 2016 04:47:45 +0000 (17:47 +1300)]
ldb_controls: add base64 option to VLV
The Samba control syntax limits the range of valid search terms for
VLV's gt_eq mode. To get around that, we allow base64 encoded strings
using the syntax 'base64>=Zm9vCg==' rather than '>=foo'.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Sun, 10 Jan 2016 22:36:07 +0000 (11:36 +1300)]
asn1: make readContextSimple() add a NUL byte
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Tue, 26 Jan 2016 00:33:15 +0000 (13:33 +1300)]
ldb controls: use uint8_t* for contextID binary blob
It is never a readable string.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Fri, 4 Mar 2016 01:46:46 +0000 (14:46 +1300)]
ldap VLV: correct ASN1 parsing of VLV requests
As with the encoding, the ASN1_CONTEXT tag isn't followed by an
ASN1_SEQUENCE, though you wouldn't think that from reading the
specification.
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 29 Dec 2015 23:07:35 +0000 (12:07 +1300)]
ASN1: use a talloc context in read_contextSimple
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Wed, 16 Dec 2015 21:33:54 +0000 (10:33 +1300)]
ldap: fix search control rule identifiers ASN.1 type
Wireshark and Windows both expect matching rule identifiers to be
given the ContextSimple type identifier instead of the Octet String.
As far as we can tell this is not formally specified anywhere.
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 23 Dec 2015 04:34:15 +0000 (17:34 +1300)]
vlv: better syntax for parsing greater than or equal strings
This makes the gt_eq case different from the indexed case in the eyes
of sscanf().
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Tue, 22 Dec 2015 04:10:14 +0000 (17:10 +1300)]
ldap VLV: memdup, not strdup VLV context_id
The context ID is not a text string, it is an opaque binary field.
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Tue, 22 Dec 2015 04:07:38 +0000 (17:07 +1300)]
ldap VLV: use correct ASN.1 encoding for requests
The search reference points (either an integer index or a string
for comparison) are supposed to use ASN1_CONTEXT or ASN1_CONTEXT_SIMPLE
(respectively) ASN.1 types. We were using these types, but we also put
extra ones in too, which nobody else likes.
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 22 Dec 2015 03:34:53 +0000 (16:34 +1300)]
ldb controls: better error string for VLV control
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Tue, 26 Jan 2016 00:07:48 +0000 (13:07 +1300)]
ldb controls: base64 encode VLV response context strings
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 26 Jan 2016 00:34:58 +0000 (13:34 +1300)]
ldb paged_results: quieten a warning.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 15 Jan 2016 01:52:12 +0000 (14:52 +1300)]
dsdb: Introduce LDB_SYNTAX_SAMBA_OCTET_STRING
The sort order for this function is more expected than the sort order for
ldb_comparsion_binary()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Fri, 19 Feb 2016 02:39:38 +0000 (15:39 +1300)]
util/tests: add test for BINARY_ARRAY_SEARCH_V macro
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Fri, 29 Jan 2016 04:53:20 +0000 (17:53 +1300)]
util/binsearch: macro for greater than or equal search
Sometimes you want to find the place where an item would be in a
sorted list, whether or not it is actually there.
The BINARY_ARRAY_SEARCH_GTE macro takes an extra 'next' pointer
argument over the other binsearch macros. This will end up pointing to
the next element in the case where there is not an exact match, or
NULL when there is. That is, searching the list
{ 2, 3, 4, 4, 9}
with a standard integer compare should give the following results:
search term *result *next
1 - 2
3 3 -
4 4 [1] -
7 - 9
9 9 -
10 - - [2]
Notes
[1] There are two fours, but you will always get the first one.
[2] The both NULL case means the search term is beyond the last list
item.
You can safely use the same pointer for both 'result' and 'next', if
you don't care to distinguish between the 'greater-than' and 'equals'
cases.
There is a torture test for this.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Mon, 22 Feb 2016 21:59:15 +0000 (10:59 +1300)]
tests: Allow alternative error code for backupkey test
It appears that incorrect decryption triggers a different error code,
causing a test which fails every now and again, as sometimes the invalid
data will parse as a SID, and so pass one of the checks.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 9 Mar 2016 01:08:41 +0000 (14:08 +1300)]
selftest: Avoid sorting issues on Ubuntu 10.04 vs 14.04
The unimportant lines starting with # sorted differently between these
two platforms.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 8 Mar 2016 00:46:16 +0000 (13:46 +1300)]
pytalloc: Correct description of pytalloc_Get{Base,}ObjectType behaviour
Thanks to Jelmer for spotting the static variable that causes this odd behaviour
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 8 05:14:15 CET 2016 on sn-devel-144
Andrew Bartlett [Tue, 23 Feb 2016 01:57:04 +0000 (14:57 +1300)]
dbcheck: Check for and remove duplicate values in attributes
This can happen with three DCs and custom schema, but we test
it by just forcing the values directly into the backing tdb.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 1 Mar 2016 19:54:42 +0000 (08:54 +1300)]
selftest: Allow 4 hours for the test to run (ouch!)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 1 Mar 2016 02:17:44 +0000 (15:17 +1300)]
pysmb: Use pytalloc_BaseObject_PyType_Ready()
This changes pysmb to use talloc.BaseObject() just like the PIDL output
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 1 Mar 2016 02:08:26 +0000 (15:08 +1300)]
pysmb: Do not use pytalloc_Object directly
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 1 Mar 2016 01:53:00 +0000 (14:53 +1300)]
pysmb: Rework py_smb_new() to use pytalloc_steal()
This avoids casting to pytalloc_Object directly
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 1 Mar 2016 02:05:28 +0000 (15:05 +1300)]
pysmb: Use pytalloc_get_mem_ctx()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 1 Mar 2016 01:55:59 +0000 (14:55 +1300)]
pysmb: Use pytalloc_get_ptr()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 29 Feb 2016 20:33:48 +0000 (09:33 +1300)]
pyregistry: Use pytalloc_BaseObject_PyType_Ready()
This changes pyregistry to use talloc.BaseObject() just like the PIDL output
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 29 Feb 2016 20:32:56 +0000 (09:32 +1300)]
pyauth: Use pytalloc_BaseObject_PyType_Ready()
This changes pyauth to use talloc.BaseObject() just like the PIDL output
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 29 Feb 2016 20:32:06 +0000 (09:32 +1300)]
pygensec: Use pytalloc_BaseObject_PyType_Ready()
This changes pygensec to use talloc.BaseObject() just like the PIDL output
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 1 Mar 2016 01:19:33 +0000 (14:19 +1300)]
pygensec: Use pytalloc_steal() in gensec_start_{client,server}()
This is better than casting to get to the pytalloc_Object structure directly
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 29 Feb 2016 20:31:00 +0000 (09:31 +1300)]
pyparam: Use pytalloc_BaseObject_PyType_Ready()
This changes pyparam to use talloc.BaseObject() just like the PIDL output
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 29 Feb 2016 20:30:03 +0000 (09:30 +1300)]
py_passdb: Use pytalloc_BaseObject_PyType_Ready()
This changes py_passdb to use talloc.BaseObject() just like the PIDL output
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 29 Feb 2016 20:27:11 +0000 (09:27 +1300)]
pycredentials: Use pytalloc_BaseObject_PyType_Ready()
This changes pycredentials to use talloc.BaseObject() just like the PIDL output
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 29 Feb 2016 20:26:29 +0000 (09:26 +1300)]
pytalloc: Add pytalloc_BaseObject_PyType_Ready() wrapper
This avoids the need for the caller to set tp_base and tp_basicsize and
so removes those as possible errors.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 29 Feb 2016 03:27:31 +0000 (16:27 +1300)]
pyparam: Do not use pytalloc_Object directly
This type should not be used directly, it should have been made private
to pytalloc. This then allows removal of the (PyCFunction) cast
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 29 Feb 2016 03:27:12 +0000 (16:27 +1300)]
pypassdb: Do not use pytalloc_Object directly
This type should not be used directly, it should have been made private
to pytalloc. This then allows removal of the (PyCFunction) cast
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 29 Feb 2016 03:26:08 +0000 (16:26 +1300)]
pycredentials: Remove PyCredentialCacheContainerObject
We can call pytalloc_reference() and avoid having this in the header file
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 22 Feb 2016 01:10:23 +0000 (14:10 +1300)]
pycredentials: Do not use pytalloc_Object directly
This type should not be used directly, it should have been made private
to pytalloc
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 22 Dec 2015 06:49:54 +0000 (19:49 +1300)]
selftest: dbcheck should not be marked flapping
The primary cause of the flapping was due to the objectclass
sort routine being non-deterministic.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 23 Dec 2015 20:43:36 +0000 (09:43 +1300)]
dbcheck: Avoid spurious warnings in dbcheck due to objectclass sorting
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11433
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 22 Dec 2015 06:48:38 +0000 (19:48 +1300)]
dbcheck: Fix incorrect/duplicate attrid in replPropertMetaData
If custom schema is used in a replicated DC environment, these are created as soon as
an attribute is modified on more than one DC. We have to remove these.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11443
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 23 Dec 2015 00:16:57 +0000 (13:16 +1300)]
selftest: Update release-4-1-0rc3 with more test records
CN=ops_run_anything2,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
This will be modified during the dbcheck to show that new
versions of Samba will reset the attid correctly
CN=ops_run_anything3,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp
This will not be modified, and shows how a 4.1 DC without
replication would record custom schema objects.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 22 Dec 2015 06:39:31 +0000 (19:39 +1300)]
rpc_server/drsuapi: Block replication of incorrect/duplicate attrid in replPropertMetaData
If custom schema is used in a replicated DC environment, these are created as soon as
an attribute is modified on more than one DC. We have to prevent replication
as otherwise we will corrupt the client replica state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11443
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 22 Dec 2015 06:33:39 +0000 (19:33 +1300)]
repl_meta_data: Correctly use msDS-IntId for custom schema, not the prefixMap value
We must, when dealing with custom schema, respect the msDC-IntId value recorded
in the schema. If we do not, then we will create multiple replPropertyMetaData
records for the one attribute. This may cause confusion during replication.
This fixes the issue by always calling dsdb_attribute_get_attid() to obtain
the correct local (32 bit integer) attribute ID
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11443
Andrew Bartlett [Thu, 25 Feb 2016 00:57:37 +0000 (13:57 +1300)]
pidl: Use a tmp_ctx helper variable
This is so we free the ndr_push_struct_blob() return value after
we make it into a string
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 25 Feb 2016 00:57:00 +0000 (13:57 +1300)]
pidl: Use the $mem_ctx helper variable
This is already set to pytalloc_get_mem_ctx(py_obj)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 16 Feb 2016 01:06:28 +0000 (14:06 +1300)]
pidl: Fix our python reference handling
The new talloc.BaseObject allow us to hold a talloc context per
python object (there may be many referring to the same C object)
and the talloc context that the actual object pointer is under.
Another advantage is that talloc.BaseObject(), has less of
an ABI surface.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 7 Mar 2016 22:18:56 +0000 (11:18 +1300)]
pyrpc: Clarify failure mode after pytalloc_reference_ex() improvements
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 16 Feb 2016 03:15:53 +0000 (16:15 +1300)]
talloc: Bump version number
The removal of the macros and replacement with proper functions
is a API, but not ABI break. Only code that incorrectly
used the structure either in function signatures or
to access the members directly will need to be modified
before being built against this version of talloc.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 22 Feb 2016 01:02:28 +0000 (14:02 +1300)]
pytalloc: Add new BaseObject
This new object not only avoids the ABI issues of talloc.Object
it stores one more pointer, being the start of the array, and
so can be used to fix the PIDL bindings/talloc refcount issue.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
git.samba.org / sfrench / samba-autobuild / .git / log