sfrench/samba-autobuild/.git
22 months agotdb: version 1.3.14 tdb-1.3.14
Stefan Metzmacher [Tue, 11 Apr 2017 15:27:33 +0000 (17:27 +0200)]
tdb: version 1.3.14

* allow tdb_traverse_read before tdb_transaction[_prepare]_commit()
* Improve documentation for tdb_transaction_start()
* Add new function tdb_transaction_active()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agotdb: Add new function tdb_transaction_active()
Andrew Bartlett [Wed, 26 Apr 2017 20:34:56 +0000 (08:34 +1200)]
tdb: Add new function tdb_transaction_active()

This will allow callers to avoid their own reference counting of transactions.

Additionally, this will always line up with the acutal transaction state, even
in the error cases where tdb can cancel the transaction

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
22 months agotdb: Improve documentation for tdb_transaction_start()
Andrew Bartlett [Wed, 26 Apr 2017 20:51:08 +0000 (08:51 +1200)]
tdb: Improve documentation for tdb_transaction_start()

It now references the TDB_ALLOW_NESTING and TDB_DISALLOW_NESTING flags

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
22 months agotdb: Remove locking from tdb_traverse_read()
Andrew Bartlett [Fri, 31 Mar 2017 04:34:13 +0000 (17:34 +1300)]
tdb: Remove locking from tdb_traverse_read()

This restores the original intent of tdb_traverse_read() in
7dd31288a701d772e45b1960ac4ce4cc1be782ed

This is needed to avoid a deadlock with tdb_lockall() and the
transaction start, as ldb_tdb should take the allrecord lock during a
search (which calls tdb_traverse), and can otherwise deadlock against
a transaction starting in another process

We add a test to show that a transaction can now start while a read
traverse is in progress

This allows more operations to happen in parallel.  The blocking point
is moved to the prepare commit.

This in turn permits a roughly doubling of unindexed search
performance, because currently ldb_tdb omits to take the lock due to
an unrelated bug, but taking the allrecord lock triggers the
above-mentioned deadlock.

This behaviour was added in 251aaafe3a9213118ac3a92def9ab2104c40d12a for
Solaris 10 in 2005. But the run-fcntl-deadlock test works also on Solaris 10,
see https://lists.samba.org/archive/samba-technical/2017-April/119876.html.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
22 months agodrsuapi: Improve debugging in DsAddEntry()
Andrew Bartlett [Wed, 3 May 2017 04:34:01 +0000 (06:34 +0200)]
drsuapi: Improve debugging in DsAddEntry()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
22 months agowafsamba: add maxversion and version_blacklist to CHECK_BUNDLED_SYSTEM[_PKG]()
Stefan Metzmacher [Fri, 30 Jun 2017 04:21:32 +0000 (06:21 +0200)]
wafsamba: add maxversion and version_blacklist to CHECK_BUNDLED_SYSTEM[_PKG]()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12859

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos3: VFS: Change SMB_VFS_CONNECTPATH to take const struct smb_filename * instead of...
Jeremy Allison [Fri, 30 Jun 2017 20:37:03 +0000 (13:37 -0700)]
s3: VFS: Change SMB_VFS_CONNECTPATH to take const struct smb_filename * instead of const char *.

We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul  1 07:20:28 CEST 2017 on sn-devel-144

22 months agoS3: smbd: Finish plumbing struct smb_filename * through the check_name() stack.
Jeremy Allison [Fri, 30 Jun 2017 18:59:20 +0000 (11:59 -0700)]
S3: smbd: Finish plumbing struct smb_filename * through the check_name() stack.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
22 months agos3: smbd: Add missing out of memory check.
Jeremy Allison [Fri, 30 Jun 2017 18:34:13 +0000 (11:34 -0700)]
s3: smbd: Add missing out of memory check.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
22 months agos3: VFS: Change SMB_VFS_REALPATH to take and return struct smb_filename * instead...
Jeremy Allison [Fri, 30 Jun 2017 18:32:59 +0000 (11:32 -0700)]
s3: VFS: Change SMB_VFS_REALPATH to take and return struct smb_filename * instead of char *.

We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
22 months agos3: VFS: Change SMB_VFS_GETWD to return struct smb_filename * instead of char *.
Jeremy Allison [Thu, 29 Jun 2017 21:32:47 +0000 (14:32 -0700)]
s3: VFS: Change SMB_VFS_GETWD to return struct smb_filename * instead of char *.

We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
22 months agos3: VFS: Change SMB_VFS_CHDIR to use const struct smb_filename * instead of const...
Jeremy Allison [Thu, 29 Jun 2017 18:29:33 +0000 (11:29 -0700)]
s3: VFS: Change SMB_VFS_CHDIR to use const struct smb_filename * instead of const char *.

We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
22 months agoshow-deleted: Rename attr_filter to exclude_filter for clarity
Garming Sam [Fri, 23 Jun 2017 00:37:01 +0000 (12:37 +1200)]
show-deleted: Rename attr_filter to exclude_filter for clarity

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 30 06:23:39 CEST 2017 on sn-devel-144

22 months agoshow-deleted: Simplify the code to require as little logic as needed
Garming Sam [Fri, 23 Jun 2017 00:35:56 +0000 (12:35 +1200)]
show-deleted: Simplify the code to require as little logic as needed

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agoshow-deleted: Remove an unnecessary search during connect
Garming Sam [Fri, 23 Jun 2017 00:18:35 +0000 (12:18 +1200)]
show-deleted: Remove an unnecessary search during connect

This is only required if you supply SHOW_RECYCLED or SHOW_DELETED. Note
that any add does trigger this (through callbacks in the modules in acl,
objectclass etc.).

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agoshow-deleted: Do not indicate an error if an object is missing.
Garming Sam [Tue, 27 Jun 2017 01:02:49 +0000 (13:02 +1200)]
show-deleted: Do not indicate an error if an object is missing.

This happens during provision, however due to the fact that the first
search in the rootDSE init does not check return codes, this was done
implicitly (and coincidentally).

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agodsdb: Add a dummy module to replace show_deleted
Andrew Bartlett [Wed, 28 Jun 2017 00:22:05 +0000 (12:22 +1200)]
dsdb: Add a dummy module to replace show_deleted

This helps when we improve show_deleted in a way that the fake database in samba3sam can not cover

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotravis-ci: Also build samba-systemkrb5
Andrew Bartlett [Fri, 5 May 2017 20:33:47 +0000 (22:33 +0200)]
travis-ci: Also build samba-systemkrb5

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoautobuild: Use new selftest.pl feature to run only some environments
Andrew Bartlett [Thu, 29 Jun 2017 23:11:05 +0000 (11:11 +1200)]
autobuild: Use new selftest.pl feature to run only some environments

This is cleaner than test filtering with regular expressions

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoselftest: Allow selftest.pl to run just some environments
Andrew Bartlett [Mon, 27 Feb 2017 21:45:24 +0000 (10:45 +1300)]
selftest: Allow selftest.pl to run just some environments

This makes it easier to declare that some autobuild environments
only run some selftest environments.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agodebug: new debug class for kerberos
Andrew Bartlett [Mon, 15 May 2017 20:32:03 +0000 (08:32 +1200)]
debug: new debug class for kerberos

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoauth/spnego: do basic state_position checking in gensec_spnego_update_in()
Stefan Metzmacher [Wed, 14 Jun 2017 01:29:58 +0000 (03:29 +0200)]
auth/spnego: do basic state_position checking in gensec_spnego_update_in()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 29 20:15:05 CEST 2017 on sn-devel-144

22 months agoauth/spnego: move gensec_spnego_update() into gensec_spnego_update_send()
Stefan Metzmacher [Tue, 13 Jun 2017 21:41:01 +0000 (23:41 +0200)]
auth/spnego: move gensec_spnego_update() into gensec_spnego_update_send()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agoauth/spnego: split out gensec_spnego_update_{client,server}() functions
Stefan Metzmacher [Fri, 30 Dec 2016 05:56:47 +0000 (06:56 +0100)]
auth/spnego: split out gensec_spnego_update_{client,server}() functions

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agoauth/spnego: remove unused out_mem_ctx = spnego_state fallback in gensec_spnego_update()
Stefan Metzmacher [Tue, 27 Jun 2017 16:05:04 +0000 (18:05 +0200)]
auth/spnego: remove unused out_mem_ctx = spnego_state fallback in gensec_spnego_update()

The only caller never passes NULL.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agoauth/spnego: add gensec_spnego_update_sub_abort() helper function
Stefan Metzmacher [Wed, 10 May 2017 12:44:48 +0000 (14:44 +0200)]
auth/spnego: add gensec_spnego_update_sub_abort() helper function

This helps to be consistent when destroying a unuseable sub context.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agoauth/spnego: remove useless spnego_state->sub_sec_ready check
Stefan Metzmacher [Fri, 30 Dec 2016 08:06:33 +0000 (09:06 +0100)]
auth/spnego: remove useless spnego_state->sub_sec_ready check

The lines above make sure it's always true.

Check with git show -U15

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agoauth/spnego: consitently set spnego_state->sub_sec_ready = true after gensec_update_ev()
Stefan Metzmacher [Fri, 30 Dec 2016 08:04:47 +0000 (09:04 +0100)]
auth/spnego: consitently set spnego_state->sub_sec_ready = true after gensec_update_ev()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agoauth/spnego: rename spnego_state->no_response_expected to ->sub_sec_ready
Stefan Metzmacher [Fri, 30 Dec 2016 08:03:08 +0000 (09:03 +0100)]
auth/spnego: rename spnego_state->no_response_expected to ->sub_sec_ready

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agoauth/spnego: move gensec_spnego_update_out() behind gensec_spnego_update_in()
Stefan Metzmacher [Tue, 13 Jun 2017 20:43:59 +0000 (22:43 +0200)]
auth/spnego: move gensec_spnego_update_out() behind gensec_spnego_update_in()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agoauth/spnego: move some more logic to gensec_spnego_update_in()
Stefan Metzmacher [Tue, 13 Jun 2017 20:41:14 +0000 (22:41 +0200)]
auth/spnego: move some more logic to gensec_spnego_update_in()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agoauth/spnego: move gensec_spnego_update_in() after gensec_spnego_update_send()
Stefan Metzmacher [Tue, 13 Jun 2017 14:59:02 +0000 (16:59 +0200)]
auth/spnego: move gensec_spnego_update_in() after gensec_spnego_update_send()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agoauth/spnego: set state_position = SPNEGO_DONE in gensec_spnego_update_cleanup()
Stefan Metzmacher [Wed, 14 Jun 2017 06:43:13 +0000 (08:43 +0200)]
auth/spnego: set state_position = SPNEGO_DONE in gensec_spnego_update_cleanup()

Every fatal error should mark the spnego_state to reject any further update()
calls.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agoauth/spnego: move gensec_spnego_update_wrapper() into gensec_spnego_update_send()
Stefan Metzmacher [Tue, 13 Jun 2017 14:53:06 +0000 (16:53 +0200)]
auth/spnego: move gensec_spnego_update_wrapper() into gensec_spnego_update_send()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agoauth/spnego: make use of data_blob_null instead of using data_blob(NULL, 0)
Stefan Metzmacher [Fri, 30 Dec 2016 15:36:23 +0000 (16:36 +0100)]
auth/spnego: make use of data_blob_null instead of using data_blob(NULL, 0)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agoctdb-tests: Add transaction/recovery test for replicated database
Amitay Isaacs [Tue, 21 Mar 2017 04:36:36 +0000 (15:36 +1100)]
ctdb-tests: Add transaction/recovery test for replicated database

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Jun 29 14:43:44 CEST 2017 on sn-devel-144

22 months agoctdb-tests: Generalize transaction_loop test
Amitay Isaacs [Thu, 2 Mar 2017 07:15:05 +0000 (18:15 +1100)]
ctdb-tests: Generalize transaction_loop test

Instead of hard-coding the database name, it's passed as an argument
along with database type.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-tests: Support replicated db in tool tests
Amitay Isaacs [Tue, 4 Apr 2017 07:02:38 +0000 (17:02 +1000)]
ctdb-tests: Support replicated db in tool tests

This updates and adds unit tests for database operations.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-tests: Add database type option for tests
Amitay Isaacs [Thu, 2 Mar 2017 07:14:44 +0000 (18:14 +1100)]
ctdb-tests: Add database type option for tests

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-tools: Allow attach for replicated databases
Amitay Isaacs [Thu, 2 Mar 2017 06:36:59 +0000 (17:36 +1100)]
ctdb-tools: Allow attach for replicated databases

... and update the output from various database query commands.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-client: Add db support for CTDB_DB_FLAGS_REPLICATED
Amitay Isaacs [Thu, 2 Mar 2017 06:34:55 +0000 (17:34 +1100)]
ctdb-client: Add db support for CTDB_DB_FLAGS_REPLICATED

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-client: Add sync api for DB_ATTACH_REPLICATED control
Amitay Isaacs [Mon, 26 Jun 2017 05:55:15 +0000 (15:55 +1000)]
ctdb-client: Add sync api for DB_ATTACH_REPLICATED control

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-protocol: Add marshalling for CTDB_CONTROL_DB_ATTACH_REPLICATED control
Amitay Isaacs [Thu, 2 Mar 2017 06:07:13 +0000 (17:07 +1100)]
ctdb-protocol: Add marshalling for CTDB_CONTROL_DB_ATTACH_REPLICATED control

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-daemon: Add implementation for CTDB_CONTROL_DB_ATTACH_REPLICATED control
Amitay Isaacs [Thu, 2 Mar 2017 05:38:58 +0000 (16:38 +1100)]
ctdb-daemon: Add implementation for CTDB_CONTROL_DB_ATTACH_REPLICATED control

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-protocol: Add new control CTDB_CONTROL_DB_ATTACH_REPLICATED
Amitay Isaacs [Tue, 28 Feb 2017 22:51:32 +0000 (09:51 +1100)]
ctdb-protocol: Add new control CTDB_CONTROL_DB_ATTACH_REPLICATED

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-daemon: Add accessors for CTDB_DB_FLAGS_REPLICATED flag
Amitay Isaacs [Thu, 2 Mar 2017 05:36:55 +0000 (16:36 +1100)]
ctdb-daemon: Add accessors for CTDB_DB_FLAGS_REPLICATED flag

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-daemon: Calculate tdb flags for replicated databases
Amitay Isaacs [Mon, 1 May 2017 14:59:46 +0000 (00:59 +1000)]
ctdb-daemon: Calculate tdb flags for replicated databases

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-protocol: Add CTDB_DB_FLAGS_REPLICATED for new type of database
Amitay Isaacs [Thu, 16 Feb 2017 07:44:38 +0000 (18:44 +1100)]
ctdb-protocol: Add CTDB_DB_FLAGS_REPLICATED for new type of database

persistent: replicated and permanent
volatile: distributed and temporary
replicated: replicated and temporary

This type of database will be used by CTDB for storing it's state.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-client: Store db_flags instead of a boolean persistent flag
Amitay Isaacs [Thu, 2 Mar 2017 06:29:04 +0000 (17:29 +1100)]
ctdb-client: Store db_flags instead of a boolean persistent flag

... and add accessors for CTDB_DB_FLAGS_PERSISTENT flag.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-recovery: Use db_flags instead of a boolean persistent flag
Amitay Isaacs [Thu, 2 Mar 2017 05:19:11 +0000 (16:19 +1100)]
ctdb-recovery: Use db_flags instead of a boolean persistent flag

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-daemon: Pass db_flags instead of passing persistent flag
Amitay Isaacs [Thu, 2 Mar 2017 05:07:32 +0000 (16:07 +1100)]
ctdb-daemon: Pass db_flags instead of passing persistent flag

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-daemon: Store db_flags instead of individual boolean flags
Amitay Isaacs [Thu, 2 Mar 2017 04:53:17 +0000 (15:53 +1100)]
ctdb-daemon: Store db_flags instead of individual boolean flags

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-daemon: Add accessors for CTDB_DB_FLAGS_STICKY flag
Amitay Isaacs [Thu, 2 Mar 2017 04:47:46 +0000 (15:47 +1100)]
ctdb-daemon: Add accessors for CTDB_DB_FLAGS_STICKY flag

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-daemon: Add accessors for CTDB_DB_FLAGS_READONLY flag
Amitay Isaacs [Thu, 2 Mar 2017 04:44:48 +0000 (15:44 +1100)]
ctdb-daemon: Add accessors for CTDB_DB_FLAGS_READONLY flag

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-daemon: Add accessors for CTDB_DB_FLAGS_PERSISTENT flag
Amitay Isaacs [Thu, 2 Mar 2017 04:39:29 +0000 (15:39 +1100)]
ctdb-daemon: Add accessors for CTDB_DB_FLAGS_PERSISTENT flag

This allows to differentiate between the two database models.

ctdb_db_persistent() - replicated and permanent
ctdb_db_volatile() - distributed and temporary

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-protocol: Add DB_OPEN_FLAGS control to debug
Amitay Isaacs [Wed, 28 Jun 2017 06:41:49 +0000 (16:41 +1000)]
ctdb-protocol: Add DB_OPEN_FLAGS control to debug

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-tests: Fix control reply data for DB_ATTACH_PERSISTENT control
Amitay Isaacs [Wed, 28 Jun 2017 06:39:13 +0000 (16:39 +1000)]
ctdb-tests: Fix control reply data for DB_ATTACH_PERSISTENT control

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agotests py_credentials: Fix encrypt_netr_crypt_password test
Gary Lockyer [Mon, 26 Jun 2017 22:33:56 +0000 (10:33 +1200)]
tests py_credentials: Fix encrypt_netr_crypt_password test

The test uses NetrServerPasswordSet2 to change a password, this tests
the end to end encryption.  The original call to NetrServerPasswordSet2
was not utf-16 encoding the new password.  However the call to
netr_DsrEnumerateDomainTrusts was using cached credentials and not
using the new password, so this was not detected.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Jun 29 06:50:32 CEST 2017 on sn-devel-144

22 months agonsswitch: Add ad_member tests for wbinfo --domain-info and --dc-info
Andreas Schneider [Fri, 23 Jun 2017 14:14:08 +0000 (16:14 +0200)]
nsswitch: Add ad_member tests for wbinfo --domain-info and --dc-info

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 29 02:33:48 CEST 2017 on sn-devel-144

22 months agos3:winbind: Move debug statement into the error handling
Andreas Schneider [Fri, 23 Jun 2017 14:25:27 +0000 (16:25 +0200)]
s3:winbind: Move debug statement into the error handling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
22 months agos3:tests: Do *NOT* flush the complete gencache!
Andreas Schneider [Wed, 28 Jun 2017 12:58:41 +0000 (14:58 +0200)]
s3:tests: Do *NOT* flush the complete gencache!

This removes important entries winbindd created during startup!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12868

Pair-Programmed-With: Ralph Boehme <slow@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
22 months agoselftest: Do *NOT* flush the complete gencache!
Andreas Schneider [Wed, 28 Jun 2017 12:49:45 +0000 (14:49 +0200)]
selftest: Do *NOT* flush the complete gencache!

This removes *IMPORTANT* entries from the gencache winbindd creates on
startup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12868

Pair-Programmed-With: Ralph Boehme <slow@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
22 months agos4:auth/ntlm: allow auth_operations to specify check_password_send/recv()
Stefan Metzmacher [Fri, 16 Jun 2017 22:05:22 +0000 (00:05 +0200)]
s4:auth/ntlm: allow auth_operations to specify check_password_send/recv()

This prepares real async handling in the backends.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jun 27 21:09:08 CEST 2017 on sn-devel-144

22 months agos4:auth/ntlm: introduce auth_check_password_next()
Stefan Metzmacher [Fri, 16 Jun 2017 22:05:22 +0000 (00:05 +0200)]
s4:auth/ntlm: introduce auth_check_password_next()

This prepares real async handling in the backends.

Check with git show -w.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
22 months agos4:auth/ntlm: move auth_check_password_wrapper() further down
Stefan Metzmacher [Fri, 16 Jun 2017 20:46:27 +0000 (22:46 +0200)]
s4:auth/ntlm: move auth_check_password_wrapper() further down

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
22 months agos4:auth_winbind: rename 's' to 'state' in winbind_check_password()
Stefan Metzmacher [Fri, 16 Jun 2017 22:29:25 +0000 (00:29 +0200)]
s4:auth_winbind: rename 's' to 'state' in winbind_check_password()

This prepares the conversion to winbind_check_password_send/recv()
where the internal state is called 'winbind_check_password_state'
as 'state'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
22 months agos4:auth_winbind: remove a block nesting level and fix indentation
Ralph Boehme [Tue, 27 Jun 2017 10:09:41 +0000 (12:09 +0200)]
s4:auth_winbind: remove a block nesting level and fix indentation

The previous commit removed the condition from the block. No change in
behaviour, best viewed with git show -w.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
22 months agos4:auth_winbind: fix error checking in winbind_check_password()
Stefan Metzmacher [Fri, 16 Jun 2017 22:26:18 +0000 (00:26 +0200)]
s4:auth_winbind: fix error checking in winbind_check_password()

We need to handle every error instead of just NT_STATUS_NO_SUCH_USER,
the callers also doesn't require NT_STATUS_NOT_IMPLEMENTED anymore.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
22 months agoWHATSNEW: document "client max protocol" change to SMB3_11
Stefan Metzmacher [Mon, 26 Jun 2017 08:24:45 +0000 (10:24 +0200)]
WHATSNEW: document "client max protocol" change to SMB3_11

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agoparam: change the effective default for "client max protocol" to the latest supported...
Stefan Metzmacher [Mon, 26 Jun 2017 08:00:53 +0000 (10:00 +0200)]
param: change the effective default for "client max protocol" to the latest supported protocol

Currently it's SMB3_11.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos3:selftest: run samba3.blackbox.smbclient_large_file (NTLM) with NT1 and SMB3
Stefan Metzmacher [Mon, 26 Jun 2017 07:48:21 +0000 (09:48 +0200)]
s3:selftest: run samba3.blackbox.smbclient_large_file (NTLM) with NT1 and SMB3

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos3:test_smbclient_posix_large.sh: there's no posix test to rename to test_smbclient_l...
Stefan Metzmacher [Mon, 26 Jun 2017 07:55:34 +0000 (09:55 +0200)]
s3:test_smbclient_posix_large.sh: there's no posix test to rename to test_smbclient_large_file.sh

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos3:selftest: also run samba3.blackbox.smbclient_krb5 with the new ccache
Stefan Metzmacher [Mon, 26 Jun 2017 07:41:47 +0000 (09:41 +0200)]
s3:selftest: also run samba3.blackbox.smbclient_krb5 with the new ccache

There's no point in running it twice with the old ccache.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos3:selftest: run samba3.blackbox.smbclient_tar* tests with NT1 and SMB3
Stefan Metzmacher [Mon, 26 Jun 2017 07:40:08 +0000 (09:40 +0200)]
s3:selftest: run samba3.blackbox.smbclient_tar* tests with NT1 and SMB3

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos3:selftest: run samba3.blackbox.large_acl tests with NT1 and SMB3
Stefan Metzmacher [Mon, 26 Jun 2017 07:39:31 +0000 (09:39 +0200)]
s3:selftest: run samba3.blackbox.large_acl tests with NT1 and SMB3

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos3:selftest: run samba3.blackbox.inherit_owner tests with NT1 and SMB3
Stefan Metzmacher [Mon, 26 Jun 2017 07:25:17 +0000 (09:25 +0200)]
s3:selftest: run samba3.blackbox.inherit_owner tests with NT1 and SMB3

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos3:selftest: run samba3.blackbox.acl_xattr with NT1 and SMB3
Stefan Metzmacher [Mon, 26 Jun 2017 07:34:38 +0000 (09:34 +0200)]
s3:selftest: run samba3.blackbox.acl_xattr with NT1 and SMB3

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos3:test_acl_xattr.sh: add more assertion about the expected output.
Stefan Metzmacher [Mon, 26 Jun 2017 07:32:54 +0000 (09:32 +0200)]
s3:test_acl_xattr.sh: add more assertion about the expected output.

We should not treat 'test "" = ""' as success.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agoRevert "s3:test_acl_xattr.sh: use -mNT1 for the 'getfacl' commands"
Stefan Metzmacher [Sun, 25 Jun 2017 18:44:47 +0000 (20:44 +0200)]
Revert "s3:test_acl_xattr.sh: use -mNT1 for the 'getfacl' commands"

This reverts commit 4eb29ce3266a8c05047ecf33a98d1dbdbbbd63c6.

This will be passed by the caller in a following commit.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos3:test_acl_xattr.sh: allow passing additional arguments for smbclient and smbcacls
Stefan Metzmacher [Sun, 25 Jun 2017 17:59:46 +0000 (19:59 +0200)]
s3:test_acl_xattr.sh: allow passing additional arguments for smbclient and smbcacls

This will make it possible to test with -mNT1 as well as -mSMB3
in a following patch.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos3:selftest: also run test_smbclient_s3.sh with PROTO=SMB3
Stefan Metzmacher [Tue, 20 Jun 2017 07:07:44 +0000 (09:07 +0200)]
s3:selftest: also run test_smbclient_s3.sh with PROTO=SMB3

This makes sure only the "creating a bad symlink and deleting it"
is failing with -mSMB3.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agoWHATSNEW: document the new smbclient banner
Stefan Metzmacher [Fri, 23 Jun 2017 15:11:51 +0000 (17:11 +0200)]
WHATSNEW: document the new smbclient banner

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos3:libsmb: remove unused 'bool show_hdr' from cli_cm_open()
Stefan Metzmacher [Fri, 23 Jun 2017 15:03:05 +0000 (17:03 +0200)]
s3:libsmb: remove unused 'bool show_hdr' from cli_cm_open()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos3:libsmb: remove unused 'bool show_hdr' from cli_cm_connect()
Stefan Metzmacher [Fri, 23 Jun 2017 15:03:05 +0000 (17:03 +0200)]
s3:libsmb: remove unused 'bool show_hdr' from cli_cm_connect()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos3:libsmb: remove unused show_sessetup handling from do_connect()
Stefan Metzmacher [Fri, 23 Jun 2017 15:03:05 +0000 (17:03 +0200)]
s3:libsmb: remove unused show_sessetup handling from do_connect()

All caller pass in 'false'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos3:smbclient: remove unreliable Domain=[...] OS=[Windows 6.1] Server=[...] banner
Stefan Metzmacher [Fri, 23 Jun 2017 14:58:42 +0000 (16:58 +0200)]
s3:smbclient: remove unreliable Domain=[...] OS=[Windows 6.1] Server=[...] banner

On interactive sessions we print the following instead now:

Try "help" do get a list of possible commands.
smb: >

The reason for this is that we don't get these information via SMB2
and the we only get the domain name via some layering violations
from the NTLMSSP state.

It's better to remove this consitently for all SMB and auth
protocol combinations.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos3:test_smbclient_s3.sh: improve the error handling
Stefan Metzmacher [Fri, 23 Jun 2017 14:33:04 +0000 (16:33 +0200)]
s3:test_smbclient_s3.sh: improve the error handling

We should directly return if he hit an error.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos3:smb2_create: remove unused timer pointer from smbd_smb2_create_state
Stefan Metzmacher [Fri, 9 Jun 2017 16:22:19 +0000 (18:22 +0200)]
s3:smb2_create: remove unused timer pointer from smbd_smb2_create_state

This finishes commits 4e4376164bafbd3a883b6ce8033dcd714f971d51
and 8da5a0f1e33a85281610700b58b534bc985894f0.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
22 months agos3:smb2_create: avoid reusing the 'tevent_req' within smbd_smb2_create_send()
Stefan Metzmacher [Fri, 9 Jun 2017 10:30:33 +0000 (12:30 +0200)]
s3:smb2_create: avoid reusing the 'tevent_req' within smbd_smb2_create_send()

As the caller ("smbd_smb2_request_process_create()") already sets the callback,
the first time, it's not safe to reuse the tevent_req structure.

The typical 'tevent_req_nterror(); return tevent_req_post()' will
crash as the tevent_req_nterror() already triggered the former callback,
which calls smbd_smb2_create_recv(), were tevent_req_received() invalidates
the tevent_req structure, so that tevent_req_post() will crash.

We just remember the required values from the old state
and move them to the new state.

We tried to write reproducers for this, but sadly weren't able to trigger
the backtrace we had from a create a customer (using recent code)
with commit 6beba782f1bf951236813e0b46115b8102212c03
included. And this patch fixed the situation for the
customer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12832

Pair-Programmed-With: Volker Lendecke <vl@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
22 months agoauth/credentials: remove unused smb_krb5_create_salt_principal()
Stefan Metzmacher [Thu, 18 May 2017 08:54:06 +0000 (10:54 +0200)]
auth/credentials: remove unused smb_krb5_create_salt_principal()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agoauth/credentials: make use of smb_krb5_salt_principal() in cli_credentials_get_keytab()
Stefan Metzmacher [Thu, 18 May 2017 08:50:34 +0000 (10:50 +0200)]
auth/credentials: make use of smb_krb5_salt_principal() in cli_credentials_get_keytab()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agos4:password_hash: make use of smb_krb5_salt_principal() and smb_krb5_salt_principal2d...
Stefan Metzmacher [Thu, 18 May 2017 09:37:25 +0000 (11:37 +0200)]
s4:password_hash: make use of smb_krb5_salt_principal() and smb_krb5_salt_principal2data()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agoselftest:Samba3: call "net primarytrust dumpinfo" setup_nt4_member() after the join
Stefan Metzmacher [Thu, 22 Jun 2017 13:30:56 +0000 (15:30 +0200)]
selftest:Samba3: call "net primarytrust dumpinfo" setup_nt4_member() after the join

Here we check that we get 'REDACTED SECRET VALUES' printed, in order
to avoid regression on the non '-f' behavior.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agos3:secrets: remove unused secrets_store_[prev_]machine_password()
Stefan Metzmacher [Tue, 23 May 2017 15:42:09 +0000 (17:42 +0200)]
s3:secrets: remove unused secrets_store_[prev_]machine_password()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agos3:libads: make use of secrets_*_password_change() in ads_change_trust_account_password()
Stefan Metzmacher [Tue, 23 May 2017 15:41:34 +0000 (17:41 +0200)]
s3:libads: make use of secrets_*_password_change() in ads_change_trust_account_password()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agonet: make use of secrets_*_password_change() for "net changesecretpw"
Stefan Metzmacher [Tue, 23 May 2017 15:29:31 +0000 (17:29 +0200)]
net: make use of secrets_*_password_change() for "net changesecretpw"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agos3:trusts_util: make use the workstation password change more robust
Stefan Metzmacher [Mon, 22 May 2017 18:47:17 +0000 (20:47 +0200)]
s3:trusts_util: make use the workstation password change more robust

We use secrets_{prepare,failed,defer,finish}_password_change() to make
the process more robust.

Even if we just just verified the current password with the DC
it can still happen that the remote password change will fail.

If a server has the RefusePasswordChange=1 under
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters,
it will reject NetrServerPasswordSet2() with NT_STATUS_WRONG_PASSWORD.

This results in a successful local change, but a failing remote change,
which means the domain membership is broken (as we don't fallback to
the previous password for ntlmssp nor kerberos yet).

An (at least Samba) RODC will also reject a password change,
see https://bugzilla.samba.org/show_bug.cgi?id=12773.

Even with this change we still have open problems, e.g. if the password was
changed, but we didn't get the servers response. In order to fix that we need
to use only netlogon and lsa over unprotected transports, just using schannel
authentication (which supports the fallback to the old password).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agos3:libnet: make use of secrets_store_JoinCtx()
Stefan Metzmacher [Wed, 17 May 2017 08:29:59 +0000 (10:29 +0200)]
s3:libnet: make use of secrets_store_JoinCtx()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agonet: add "net primarytrust dumpinfo" command that dumps the details of the workstatio...
Stefan Metzmacher [Wed, 24 May 2017 16:05:40 +0000 (18:05 +0200)]
net: add "net primarytrust dumpinfo" command that dumps the details of the workstation trust

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
22 months agos3:secrets: add infrastructure to use secrets_domain_infoB to store credentials
Stefan Metzmacher [Fri, 19 May 2017 14:28:17 +0000 (16:28 +0200)]
s3:secrets: add infrastructure to use secrets_domain_infoB to store credentials

We now store various hashed keys at change time and maintain a lot of details
that will help debugging failed password changes.

We keep storing the legacy values:
 SECRETS/SID/
 SECRETS/DOMGUID/
 SECRETS/MACHINE_LAST_CHANGE_TIME/
 SECRETS/MACHINE_PASSWORD/
 SECRETS/MACHINE_PASSWORD.PREV/
 SECRETS/SALTING_PRINCIPAL/DES/

This allows downgrades to older Samba versions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>