Stefan Metzmacher [Mon, 22 May 2017 10:18:33 +0000 (12:18 +0200)]
s3:secrets: make use of des_salt_key() in secrets_store_machine_pw_sync()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 21 Jun 2017 17:38:15 +0000 (19:38 +0200)]
s3:secrets: add some const to secrets_store_domain_guid()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 22 May 2017 10:10:45 +0000 (12:10 +0200)]
s3:secrets: split out a domain_guid_keystr() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 22 May 2017 09:38:12 +0000 (11:38 +0200)]
s3:secrets: rework des_salt_key() to take the realm as argument
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 19 May 2017 15:17:00 +0000 (17:17 +0200)]
s3:secrets: move kerberos_secrets_*salt related functions to machine_account_secrets.c
These don't use any krb5_context related functions and they just
work on secrets.tdb, so they really belong to machine_account_secrets.c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 19 May 2017 15:09:20 +0000 (17:09 +0200)]
s3:libads: remove unused kerberos_fetch_salt_princ_for_host_princ()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 19 May 2017 15:08:24 +0000 (17:08 +0200)]
s3:libads: make use of kerberos_secrets_fetch_salt_princ() in ads_keytab_add_entry()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 19 May 2017 15:04:36 +0000 (17:04 +0200)]
s3:libnet: make use of kerberos_secrets_fetch_salt_princ()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 19 May 2017 14:28:42 +0000 (16:28 +0200)]
s3:gse_krb5: simplify fill_keytab_from_password() by using kerberos_fetch_salt_princ()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 19 May 2017 14:15:34 +0000 (16:15 +0200)]
s3:libads: provide a simpler kerberos_fetch_salt_princ() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 19 May 2017 14:01:55 +0000 (16:01 +0200)]
s3:libads: remove kerberos_secrets_fetch_salting_principal() fallback
The handling for per encryption type salts was removed in
Samba 3.0.23a (Jul 21, 2006). It's very unlikely that someone
has such an installation that got constantly upgraded over 10 years
with an automatic password change nor rejoin. It also means
that the KDC only has salt-less arcfour-hmac-md5 key together
with the salted des keys. So there would only be a problem
if the client whould try to use a des key to contact the smb server.
Having this legacy code adds quite some complexity for no
good reason.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 May 2017 14:02:44 +0000 (16:02 +0200)]
s3:libnet_join: move kerberos_secrets_store_des_salt() to libnet_join_joindomain_store_secrets()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 May 2017 13:59:00 +0000 (15:59 +0200)]
s3:libnet_join: move libnet_join_joindomain_store_secrets() to libnet_join_post_processing()
We should not store the secrets before we did all remote changes
(except the optional dns updates).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 May 2017 13:52:59 +0000 (15:52 +0200)]
s3:libnet_join: call do_JoinConfig() after we did remote changes on the server
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 May 2017 13:50:49 +0000 (15:50 +0200)]
s3:libnet_join: split libnet_join_post_processing_ads() into modify/sync
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 May 2017 13:48:49 +0000 (15:48 +0200)]
s3:libnet_join: move kerberos_secrets_store_des_salt() out of libnet_join_derive_salting_principal()
We should separate the calculation and the storing steps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 May 2017 13:40:25 +0000 (15:40 +0200)]
s3:libnet_join: remember r->out.krb5_salt in libnet_join_derive_salting_principal()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 May 2017 13:38:26 +0000 (15:38 +0200)]
s3:libnet_join.idl: add krb5_salt to libnet_JoinCtx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 17 May 2017 13:45:22 +0000 (15:45 +0200)]
s3:libnet_join: remember the domain_guid for AD domains
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 17 May 2017 13:45:22 +0000 (15:45 +0200)]
s3:libnet_join.idl: return the domain_guid in libnet_JoinCtx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 17 May 2017 11:53:19 +0000 (13:53 +0200)]
s3:libnet_join: calculate r->out.account_name in libnet_join_pre_processing()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 17 May 2017 10:42:04 +0000 (12:42 +0200)]
s3:libnet_join: remove dead code from libnet_join_connect_ads()
username[strlen(username)] is *always* '\0'!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 May 2017 09:32:46 +0000 (11:32 +0200)]
krb5_wrap: add smb_krb5_salt_principal2data()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 17 May 2017 15:13:02 +0000 (17:13 +0200)]
krb5_wrap: add smb_krb5_salt_principal()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 17 May 2017 14:13:37 +0000 (16:13 +0200)]
s3:libads: remove unused kerberos_secrets_store_salting_principal()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 17 May 2017 13:05:51 +0000 (15:05 +0200)]
s3:librpc: let NDR_SECRETS depend on NDR_SECURITY
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 12 Jun 2017 15:58:46 +0000 (17:58 +0200)]
idl_types.h: add NDR_SECRET shortcut
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 12 Jun 2017 15:58:20 +0000 (17:58 +0200)]
librpc/ndr: add LIBNDR_FLAG_IS_SECRET handling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 12 Jun 2017 13:22:42 +0000 (15:22 +0200)]
librpc/ndr: align the definition of LIBNDR_STRING_FLAGS with currently defined flags
The range included the unused (1<<14) before.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 12 Jun 2017 16:58:49 +0000 (18:58 +0200)]
pidl:NDR/Parser: add missing {start,end}_flags() to ParseElementPrint()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 5 May 2017 16:49:37 +0000 (18:49 +0200)]
s3:smbd: unimplement FSCTL_VALIDATE_NEGOTIATE_INFO with "server max protocol = SMB2_02"
A client that supports SMB3 will do a signed FSCTL_VALIDATE_NEGOTIATE_INFO
after a tree connect. This FSCTL_VALIDATE_NEGOTIATE_INFO call contains
the client capabilities, client guid, security mode and the array of supported
dialects. But if SMB 2.02 is negotiated the doesn't send these values to the
server in the first connection attempt (when the client starts with a SMB1 Negotiate).
Windows servers that only support SMB2 just return NT_STATUS_FILE_CLOSED
as answer to FSCTL_VALIDATE_NEGOTIATE_INFO.
We should do the same if we just pretend to support SMB 2.02,
as SMB 2.10 always include an SMB2 Negotiate request we can leave it as is.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 26 Jun 2017 10:10:40 +0000 (12:10 +0200)]
selftest: run nt4_dc_schannel with 'server max protocol = SMB2_02'
This reproduces the problem with trying to implement
FSCTL_VALIDATE_NEGOTIATE_INFO as SMB2_02 server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 26 Jun 2017 08:52:04 +0000 (10:52 +0200)]
s3:selftest: run test_smbclient_basic.sh against nt4_dc_schannel with various protocols
This prepared a reproducer for bug #12772
'Clients with SMB3 support can't connect with "server max protocol = SMB2_02"'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 26 Jun 2017 09:56:40 +0000 (11:56 +0200)]
s3:test_smbclient_basic.sh: make use of $incdir/common_test_fns.inc
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 26 Jun 2017 08:40:50 +0000 (10:40 +0200)]
s3:test_smbclient_basic.sh: make use of $ADDARGS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Michael Saxl [Sat, 24 Jun 2017 11:41:48 +0000 (13:41 +0200)]
s3:gse_krb5: fix a possible crash in fill_mem_keytab_from_system_keytab()
If the keytab file isn't readable, we may call
krb5_kt_end_seq_get() with an invalid kt_cursor.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10490
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Saxl <mike@mwsys.mine.bz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Mon, 26 Jun 2017 07:25:05 +0000 (19:25 +1200)]
s4-netlogon: Escape user-supplied computer name in Bad credentials log line
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 26 Jun 2017 07:24:40 +0000 (19:24 +1200)]
s4-netlogon: Provide logs for machine account success and failures
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 26 Jun 2017 04:40:45 +0000 (16:40 +1200)]
smbtorture: Add more tests around NETLOGON challenge reuse
The existing tests did not actually demonstrate what they
thought they did until the credential values were refreshed.
The new test showed this, because Samba fails it (windows passes)
due to the way we keep the last challenge on the connection.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 22 Jun 2017 12:17:07 +0000 (14:17 +0200)]
s3:tests: Add blackbox test for 'net usershare'
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Thu, 22 Jun 2017 14:13:12 +0000 (16:13 +0200)]
s3:param: Allow to add usershare if uid_wrapper is loaded
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 26 Jun 2017 21:18:30 +0000 (23:18 +0200)]
s3:tests: Do not delete the contets of LOCAL_PATH with tarmode test
The test_smbclient_tarmode.pl test operates on $LOCAL_PATH by default
and removes everything. So it deletes all precreated files and
directories which the setup_fileserver() function initially set up.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12867
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bernhard M. Wiedemann via samba-technical [Mon, 26 Jun 2017 07:46:18 +0000 (09:46 +0200)]
docs-xml: Sort input file list
because filesystems return entries in undeterministic order
and that ends up in index.xml and influences index.html
preventing reproducible builds of samba packages (e.g. for openSUSE)
See https://reproducible-builds.org/ for why this matters
Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Jun 27 16:56:06 CEST 2017 on sn-devel-144
Karolin Seeger [Mon, 26 Jun 2017 11:18:50 +0000 (13:18 +0200)]
WHATSNEW: Fix typo...
and add some new/changed parameters.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 27 03:19:19 CEST 2017 on sn-devel-144
Stefan Metzmacher [Sat, 24 Jun 2017 11:16:03 +0000 (13:16 +0200)]
auth/ntlmssp: enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2 client case
Some servers may not announce the NTLMSSP_NEGOTIATE_NTLM2
(a.k.a. NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) bit.
But if we're acting as a client using NTLMv2 we need to
enforce this flag, because it's not really a negotiationable
in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12862
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Daniel Kobras [Fri, 23 Jun 2017 13:39:21 +0000 (15:39 +0200)]
s3: smbd: fix regression with non-wide symlinks to directories over SMB3.
The errno returned by open() is ambiguous when called with flags O_NOFOLLOW and
O_DIRECTORY on a symlink. With ELOOP, we know for certain that we've tried to
open a symlink. With ENOTDIR, we might have hit a symlink, and need to perform
further checks to be sure. Adjust non_widelink_open() accordingly. This fixes
a regression where symlinks to directories within the same share were no
longer followed for some call paths on systems returning ENOTDIR in the above
case.
Also remove the knownfail added in previous commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860
Signed-off-by: Daniel Kobras <d.kobras@science-computing.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 23 Jun 2017 18:12:22 +0000 (11:12 -0700)]
s3: smbd: Add regression test for non-wide symlinks to directories fail over SMB3.
Mark as knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Amitay Isaacs [Tue, 21 Mar 2017 04:02:56 +0000 (15:02 +1100)]
ctdb-protocol: Do not pass tdb open flags to DB attach controls
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Jun 26 20:10:38 CEST 2017 on sn-devel-144
Amitay Isaacs [Tue, 21 Mar 2017 04:03:24 +0000 (15:03 +1100)]
ctdb-client: Do not pass tdb open flags to db attach api
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 23 Jun 2017 06:29:39 +0000 (16:29 +1000)]
ctdb-client: Remove calaculation of tdb flags
... and there is no need to find out if mutexes are enabled.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 23 Jun 2017 06:27:20 +0000 (16:27 +1000)]
ctdb-client: Ask daemon for db open flags
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 23 Jun 2017 06:15:57 +0000 (16:15 +1000)]
ctdb-client: Ask daemon for db open flags
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 23 Jun 2017 06:11:53 +0000 (16:11 +1000)]
ctdb-client: Add a function to get db open flags
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 14 Jun 2017 06:37:34 +0000 (16:37 +1000)]
ctdb-client: Add sync api for control DB_OPEN_FLAGS
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 14 Jun 2017 06:24:02 +0000 (16:24 +1000)]
ctdb-protocol: Add protocol marshalling for control DB_OPEN_FLAGS
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 14 Jun 2017 06:30:39 +0000 (16:30 +1000)]
ctdb-daemon: Implement DB_OPEN_FLAGS control
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 14 Jun 2017 06:22:52 +0000 (16:22 +1000)]
ctdb-protocol: Add new control to get database open flags
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 03:47:20 +0000 (14:47 +1100)]
ctdb-daemon: Drop extra boolean arguments to ctdb_local_attach()
There is no need for with_jenkinshash and with_mutexes flags, since the
tdb_flags are now calculated based on database type.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 23 Jun 2017 05:59:16 +0000 (15:59 +1000)]
ctdb-client: Drop tdb_flags argument to ctdb_attach()
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 23 Jun 2017 05:58:38 +0000 (15:58 +1000)]
ctdb-client: Stop sending tdb_flags with DB_ATTACH controls
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 28 Mar 2017 06:14:51 +0000 (17:14 +1100)]
ctdb-daemon: Ignore tdb open flags passed to DB attach controls
The tdb open flags should be calculated based on the database type and
ctdb tunables.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 21 Mar 2017 02:50:07 +0000 (13:50 +1100)]
ctdb-daemon: Refactor calculation of tdb open flags based on database type
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 04:37:19 +0000 (15:37 +1100)]
ctdb-locking: Get tdb open flags from tdb instead of re-calculating
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 03:52:00 +0000 (14:52 +1100)]
ctdb-daemon: Store tdb flags just after tdb is opened in ctdb_local_attach()
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 00:15:26 +0000 (11:15 +1100)]
ctdb-daemon: Once database is attached, do not modify tdb flags
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Fri, 16 Jun 2017 15:11:17 +0000 (17:11 +0200)]
auth/ntlmssp: make ntlmssp_server_check_password() shorter
We move as must as possible into ntlmssp_server_{pre,post}auth().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jun 26 13:07:30 CEST 2017 on sn-devel-144
Stefan Metzmacher [Fri, 16 Jun 2017 16:03:11 +0000 (18:03 +0200)]
auth/ntlmssp: remove useless talloc_steal calls in ntlmssp_server_check_password()
We only create a temporary auth_usersupplied_info structure and pass it
down as const, lets keep the values on ntlmssp_state otherwise we may derefence
stale pointers.
We finally free the memory at the end of ntlmssp_server_postauth() now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 06:39:19 +0000 (08:39 +0200)]
s4:dsdb/samdb: pass an existing 'struct ldb_context' to crack_auto_name_to_nt4_name()
There's no point in creating a temporary ldb_context as
the only callers already have a valid struct ldb_context for
the local sam.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 06:39:19 +0000 (08:39 +0200)]
s4:dsdb/samdb: pass an existing 'struct ldb_context' to crack_name_to_nt4_name()
There's no point in creating a temporary ldb_context as
all direct callers already have a valid struct ldb_context for
the local sam.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 06:26:26 +0000 (08:26 +0200)]
s4:auth/unix_token: remove unused tevent_context from auth_session_info_fill_unix()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 06:26:26 +0000 (08:26 +0200)]
s4:auth/unix_token: remove unused tevent_context from security_token_to_unix_token()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sun, 18 Jun 2017 10:53:05 +0000 (12:53 +0200)]
s3:smbd: call auth_check_password_session_info() only in one central place
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sun, 18 Jun 2017 10:48:11 +0000 (12:48 +0200)]
s3:smbd: introduce a reply_sesssetup_and_X_state
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sun, 18 Jun 2017 10:08:58 +0000 (12:08 +0200)]
s3:smbd: inline check_guest_password() into reply_sesssetup_and_X()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sun, 18 Jun 2017 10:06:10 +0000 (12:06 +0200)]
s3:smbd: only set user_info->auth_description on success
Otherwise we'll derefence a NULL pointer.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 13 Jun 2017 07:57:33 +0000 (09:57 +0200)]
pidl:NDR/Parser: initialize [skip] values in ndr_pull_*
It's too dangerous to leave values uninitialzed!
[skip_noinit] can be used if required.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Wed, 21 Jun 2017 13:11:28 +0000 (15:11 +0200)]
ntprinting.idl: make use of [skip_noinit] for string_flags
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Wed, 21 Jun 2017 13:05:35 +0000 (15:05 +0200)]
pidl:NDR/Parser: add "skip_noinit" element
In future "skip" will be changed to initialize the element
with ZERO_STRUCT() on ndr_pull_*.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Mon, 19 Jun 2017 10:15:21 +0000 (12:15 +0200)]
pidl:NDR/Parser: fix "skip" for pointers
We should handle the "skip" at the element level before
we traverse trough the element levels.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Amitay Isaacs [Thu, 22 Jun 2017 04:34:36 +0000 (14:34 +1000)]
ctdb-scripts: Don't send empty argument string to logger
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12856
This stops logger reading from stdin.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Jun 24 14:37:48 CEST 2017 on sn-devel-144
Amitay Isaacs [Thu, 22 Jun 2017 06:15:47 +0000 (16:15 +1000)]
ctdb-recovery: Do not run local ip verification when in recovery
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857
If we drop public IPs because CTDB is in recovery for too long, then
avoid spamming logs "Trigger takeoverrun" every second.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 22 Jun 2017 07:45:20 +0000 (17:45 +1000)]
ctdb-recovery: Get recmode unconditionally in the main_loop
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857
This can be used later in the main_loop to avoid the local ip check.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 22 Jun 2017 04:09:32 +0000 (14:09 +1000)]
ctdb-recovery: Finish processing for recovery mode ACTIVE first
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857
This simplifies the code and avoids complicated conditions.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 22 Jun 2017 04:52:32 +0000 (14:52 +1000)]
ctdb-recovery: Simplify logging of recovery mode setting
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 22 Jun 2017 04:49:02 +0000 (14:49 +1000)]
ctdb-recovery: Setting up of recmode should be idempotent
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857
If the recovery mode is already set to the expected value, there is
nothing to do.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 22 Jun 2017 04:00:13 +0000 (14:00 +1000)]
ctdb-recovery: Assign banning credits if database fails to freeze
https://bugzilla.samba.org/show_bug.cgi?id=12857
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Volker Lendecke [Fri, 9 Jun 2017 06:48:21 +0000 (08:48 +0200)]
lib: Use ctdb_protocol instead of ctdb_private
ctdb_private is much broader. Right now we implement the protocol
ourselves. In the future, we might switch to the native ctdb
client implementation defined in ctdb_client.h, but that's a
different project :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 24 05:33:41 CEST 2017 on sn-devel-144
Volker Lendecke [Thu, 22 Jun 2017 14:10:52 +0000 (16:10 +0200)]
lib: Give util_paths.c its own header
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 8 Jun 2017 10:51:19 +0000 (12:51 +0200)]
net: Dump data for net_g_lock dump
4d404f2 added user-data for a g_lock. Print it in net g_lock dump.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Björn Baumbach [Tue, 20 Jun 2017 14:47:57 +0000 (16:47 +0200)]
build: fix build of vfs_posix_eadb module
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jun 24 01:20:16 CEST 2017 on sn-devel-144
Björn Baumbach [Thu, 22 Jun 2017 14:07:27 +0000 (16:07 +0200)]
waf:lib/replace: Fix building with older GCC versions
Using gcc 4.3.2:
cc1: error: unrecognized command line option "-Wno-format-truncation"
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Thu, 22 Jun 2017 08:25:09 +0000 (10:25 +0200)]
s4:torture: Do not segfault in torture_rpc_spoolss_printer_teardown_common()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 23 21:00:19 CEST 2017 on sn-devel-144
Garming Sam [Fri, 16 Jun 2017 01:05:37 +0000 (13:05 +1200)]
samba_kcc: debugging: say intrasite when we mean intrasite
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Jun 23 06:45:47 CEST 2017 on sn-devel-144
Douglas Bagnall [Thu, 15 Jun 2017 21:16:16 +0000 (09:16 +1200)]
samba_kcc: drop all connections from non-existent DSAs
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Thu, 15 Jun 2017 21:15:17 +0000 (09:15 +1200)]
samba_kcc: comment typo
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Thu, 9 Mar 2017 02:08:19 +0000 (15:08 +1300)]
third_party/dnspython: fix variable name in dnssec
This appears to have been fixed upstream (along with significant other
changes)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Wed, 5 Apr 2017 23:56:25 +0000 (11:56 +1200)]
samba_kcc: avoid crash on odd networks with --dot-file-dir
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Thu, 9 Mar 2017 01:56:24 +0000 (14:56 +1300)]
waf/wafadmin/3rdparty: fix paranoid.py variable names
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Wed, 12 Apr 2017 00:34:49 +0000 (12:34 +1200)]
python/getopt: -d/--debuglevel saves value in options for scripts
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Wed, 8 Mar 2017 02:25:53 +0000 (15:25 +1300)]
add provision performance tests
Because making provision faster makes autobuild faster.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>