vlendec/samba-autobuild/.git
16 months agoctdb-common: Move ctdb_sys_send_arp() to ctdb_socket.[ch]
Martin Schwenke [Thu, 28 Jun 2018 10:57:08 +0000 (20:57 +1000)]
ctdb-common: Move ctdb_sys_send_arp() to ctdb_socket.[ch]

The system_<os>.c files contain a lot of duplication, making
maintenance difficult.  These functions are being merged into
system_socket.c and system.c.

Bring a copy of tcp_checksum6(), renamed to ip6_checksum().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
16 months agoctdb-common: Move ctdb_get_peer_pid() to system.[ch]
Martin Schwenke [Thu, 28 Jun 2018 10:35:56 +0000 (20:35 +1000)]
ctdb-common: Move ctdb_get_peer_pid() to system.[ch]

The system_<os>.c files contain a lot of duplication, making
maintenance difficult.  These functions are being merged into
system_socket.c and system.c.

This function doesn't need ctdb_sock_addr so put it with general
system utilities.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
16 months agoctdb-common: Move ctdb_system_check_iface_exists() to system.[ch]
Martin Schwenke [Thu, 28 Jun 2018 10:30:32 +0000 (20:30 +1000)]
ctdb-common: Move ctdb_system_check_iface_exists() to system.[ch]

The system_<os>.c files contain a lot of duplication, making
maintenance difficult.  These functions are being merged into
system_socket.[ch] and system.[ch].

This function doesn't need ctdb_sock_addr so put it with general
system utilities.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
16 months agoctdb-common: Move parse_ip_mask() to system_socket.[ch]
Martin Schwenke [Thu, 28 Jun 2018 10:24:10 +0000 (20:24 +1000)]
ctdb-common: Move parse_ip_mask() to system_socket.[ch]

This uses ctdb_sock_addr so belongs here.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
16 months agoctdb-common: Rename system utility files
Martin Schwenke [Thu, 28 Jun 2018 10:15:37 +0000 (20:15 +1000)]
ctdb-common: Rename system utility files

system_socket.[ch] will contain all the raw socket code and other
functions that use ctdb_sock_addr.  system.[ch] will contain other
platform dependent functions.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
16 months agoctdb-build: Add ipv6 headers check for packet details
Amitay Isaacs [Fri, 29 Jun 2018 04:54:17 +0000 (14:54 +1000)]
ctdb-build: Add ipv6 headers check for packet details

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
16 months agoctdb-build: Add checks for raw pkt handling support
Amitay Isaacs [Fri, 29 Jun 2018 03:17:01 +0000 (13:17 +1000)]
ctdb-build: Add checks for raw pkt handling support

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
16 months agoctdb-common: Use sin6_len only if the structure supports it
Amitay Isaacs [Wed, 27 Jun 2018 03:41:38 +0000 (13:41 +1000)]
ctdb-common: Use sin6_len only if the structure supports it

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
16 months agoreplace: Add test for sin6_len in sockaddr_in6 structure
Amitay Isaacs [Wed, 27 Jun 2018 03:41:10 +0000 (13:41 +1000)]
replace: Add test for sin6_len in sockaddr_in6 structure

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
16 months agoctdb-common: Correctly handle conf->reload()
Amitay Isaacs [Mon, 25 Jun 2018 02:56:45 +0000 (12:56 +1000)]
ctdb-common: Correctly handle conf->reload()

Configuration reload should reset the values of configuration options
missing from the config file to default.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Jun 29 15:12:37 CEST 2018 on sn-devel-144

16 months agoctdb: Improve robust mutex test
Carlos O'Donell [Fri, 15 Jun 2018 11:32:46 +0000 (13:32 +0200)]
ctdb: Improve robust mutex test

This avoids some of the undefined behaviour, like initializing the same mutex
twice which happens when the low and high priority processes start (both
do the initialization and that's dangerous.) Instead now we start an
"init" process to start the shared memory segment, and then everything
else just uses it without truncation or unlinking (same mutex).

Signed-off-by: Carlos O'Donell <codonell@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Jun 29 06:47:00 CEST 2018 on sn-devel-144

16 months agoREADME.Coding: Fix link to Python coding style guide (PEP 8)
Björn Baumbach [Wed, 27 Jun 2018 12:20:40 +0000 (14:20 +0200)]
README.Coding: Fix link to Python coding style guide (PEP 8)

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): Björn Baumbach <bbaumbach@samba.org>
Autobuild-Date(master): Thu Jun 28 15:04:44 CEST 2018 on sn-devel-144

16 months agotests/ntacls: fix pep8 warnings
Joe Guo [Fri, 1 Jun 2018 02:28:43 +0000 (14:28 +1200)]
tests/ntacls: fix pep8 warnings

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 28 12:14:59 CEST 2018 on sn-devel-144

16 months agotests/ntacls: use global vars to make code DRY
Joe Guo [Fri, 1 Jun 2018 02:23:54 +0000 (14:23 +1200)]
tests/ntacls: use global vars to make code DRY

Move acl and dommain_sid to global vars so we don't repeat them in every
test.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
16 months agotests/ntacls_backup: register test
Joe Guo [Wed, 27 Jun 2018 22:47:42 +0000 (10:47 +1200)]
tests/ntacls_backup: register test

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
16 months agontacls: add extra test file for ntacls backup
Joe Guo [Wed, 27 Jun 2018 22:45:28 +0000 (10:45 +1200)]
ntacls: add extra test file for ntacls backup

The ntacls backup tests have to run in ad_dc:local env, which is
different from existing ntacls tests. Add a separate file for backup
tests.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
16 months agontacls: add functions to backup and restore ntacls
Joe Guo [Fri, 1 Jun 2018 01:50:05 +0000 (13:50 +1200)]
ntacls: add functions to backup and restore ntacls

1. backup a share online from a smb connection with ntacls using pysmb API.
2. backup a share offline from service path with ntacls using pysmbd API.
3. restore from tarfile with pysmdb API.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
16 months agopysmbd: add py_smbd_create_file
Joe Guo [Fri, 1 Jun 2018 01:48:31 +0000 (13:48 +1200)]
pysmbd: add py_smbd_create_file

Add create_file function to smbd API.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
16 months agopysmbd: extract init_files_struct function
Joe Guo [Fri, 1 Jun 2018 01:45:25 +0000 (13:45 +1200)]
pysmbd: extract init_files_struct function

Extract initialization code from set_nt_acl_conn for reuse.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
16 months agopysmbd: add py_smbd_mkdir
Joe Guo [Fri, 1 Jun 2018 01:40:42 +0000 (13:40 +1200)]
pysmbd: add py_smbd_mkdir

Add mkdir for smbd API.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
16 months agopysmb: add py_smb_unlink and test
Joe Guo [Tue, 12 Jun 2018 22:39:57 +0000 (10:39 +1200)]
pysmb: add py_smb_unlink and test

Add unlink api to delete a file with a smb connection.
Test added.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
16 months agosamba-tool showrepl tests: test all-good with --pull-summary
Douglas Bagnall [Thu, 28 Jun 2018 04:19:31 +0000 (16:19 +1200)]
samba-tool showrepl tests: test all-good with --pull-summary

We test the all-good case with --pull-summary, which is the only one
we can be reasonably certain about.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Jun 28 09:23:10 CEST 2018 on sn-devel-144

16 months agosamba-tool drs showrepl: add --pull-summary and --notify-summary
Andrew Bartlett [Thu, 28 Jun 2018 02:10:53 +0000 (14:10 +1200)]
samba-tool drs showrepl: add --pull-summary and --notify-summary

These separate the two halves of --summary (which is still there),
allowing the repsto and repsfrom to be separately queried.

One motivation for this is testing: it is difficult to assert the
success of repsfrom (--notify-summary) in the test framework, because
we can't rely on the other end behaving properly and promptly.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
16 months agos4/torture/samba_tool_drs_showrepl: use assertRegexpMatches
Douglas Bagnall [Wed, 27 Jun 2018 01:55:16 +0000 (13:55 +1200)]
s4/torture/samba_tool_drs_showrepl: use assertRegexpMatches

rather than a local rewrite special to this file.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
16 months agos4/torture/drs/python: don't double-call enable/disable replication
Douglas Bagnall [Wed, 13 Jun 2018 04:28:55 +0000 (16:28 +1200)]
s4/torture/drs/python: don't double-call enable/disable replication

This is repeating work done in setup/teardown or doubling up in place (self._enable_all_repl includes self._enable_inbound_repl)

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
16 months agosamba-tool drs showrepl test: remove useless print
Douglas Bagnall [Wed, 13 Jun 2018 00:54:57 +0000 (12:54 +1200)]
samba-tool drs showrepl test: remove useless print

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
16 months agosamba-tool drs showrepl: Skip deleted DSAs when checking for success
Andrew Bartlett [Sun, 10 Jun 2018 19:03:47 +0000 (21:03 +0200)]
samba-tool drs showrepl: Skip deleted DSAs when checking for success

The deleted DSAs are ignored by the server replication code, so ignore past failures
here also.

The repsFrom and repsTo entries will eventually be removed by the KCC.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
16 months agosamba-tool drs show_repl: simplify the collection of DC lists
Douglas Bagnall [Thu, 7 Jun 2018 02:27:52 +0000 (14:27 +1200)]
samba-tool drs show_repl: simplify the collection of DC lists

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
16 months agosamba-tool drs showrepl --summary for a quick local check
Douglas Bagnall [Thu, 7 Jun 2018 02:15:10 +0000 (14:15 +1200)]
samba-tool drs showrepl --summary for a quick local check

The default output ("classic") gives you a lot of very uninteresting
detail when everything is fine. --summary shuts up about things that
are fine but shouts a little bit when things are broken. It doesn't
provide any new information, just tries to present it in a more useful
format.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
16 months agosamba-tool drs showrepl: add a --color flag
Douglas Bagnall [Thu, 7 Jun 2018 02:27:37 +0000 (14:27 +1200)]
samba-tool drs showrepl: add a --color flag

Nothing is using it yet, but the next commit will

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
16 months agoprovision: set 'binddns dir' when making new smb.conf
Tim Beale [Mon, 25 Jun 2018 02:00:59 +0000 (14:00 +1200)]
provision: set 'binddns dir' when making new smb.conf

When creating a new smb.conf from scratch during a join/clone/etc, the
'binddns dir' setting still uses the source smb.conf/default setting,
instead of the targetdir sub-directory.

I noticed this problem when trying to create a new testenv - the
provision() was trying to create /usr/local/samba/bind-dns directory,
which would fail if samba hadn't already been installed on the host
machine.

Now that this is fixed, we also need to fix tests that were explicitly
asserting that no unexpected directories were left behind after the test
completes.

This change also breaks the upgradeprovision script. The upgrade-
provision calls newprovision() to create a reference provision in a
temporary directory. However, previously this temporary provision was
creating the bind-dns directory in the actual upgrade directory as a
side-effect, e.g. it did a provision() with
targetdir=alpha13_upgrade_full/private/referenceprovisionLBKBh2 and this
ended up creating alpha13_upgrade_full/bind-dns as a side-effect.
The provision() now creates bind-dns in the specified targetdir, but
this means check_for_DNS() fails (it tries to create bind-dns sub-
directories, but the upgrade's bind-dns doesn't exist). I've avoided
this problem by making sure bind-dns exists as part of the
check_for_DNS() processing.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 28 06:22:16 CEST 2018 on sn-devel-144

16 months agoselftest: Update MAX_WRAPPED_INTERFACES comment to match code
Tim Beale [Tue, 29 May 2018 03:22:07 +0000 (15:22 +1200)]
selftest: Update MAX_WRAPPED_INTERFACES comment to match code

Commit 19606e4dc657b0baf3ea84d updated the MAX_WRAPPED_INTERFACES define
in the C code from 40 to 64.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
16 months agotests: Add basic test for non-global LoadParm behaviour
Tim Beale [Tue, 26 Jun 2018 22:39:23 +0000 (10:39 +1200)]
tests: Add basic test for non-global LoadParm behaviour

Add a simple test to show that the new non-global LoadParm behaviour
works, i.e.
- by default all LoadParm objects are linked to the same underlying
  object
- using a non-global LoadParm creates a separate underlying object.
- using a non-global LoadParm with a bad filename fails.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
16 months agoparam: Add non-global smb.cfg option (support 2 different smb.confs)
Aaron Haslett [Mon, 30 Apr 2018 23:10:36 +0000 (11:10 +1200)]
param: Add non-global smb.cfg option (support 2 different smb.confs)

The default behaviour is that there is only a single global underlying
LoadParm object. E.g. if you create 2 different LoadParm objects in
python, they both modify the same underlying object.

This patch adds a mechanism to override this and create a separate
non-global LoadParm object. The use-case is the backup tool, where we
want to manipulate 2 different smb.conf files (the one used to create
the backup, and the smb.conf in the backup itself).

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
16 months agosamba: read backup date field on init and fail if present
Aaron Haslett [Tue, 1 May 2018 03:48:38 +0000 (15:48 +1200)]
samba: read backup date field on init and fail if present

This prevents a backup tar file, created with the new official
backup tools, from being extracted and replicated.

This is done here to ensure that samba-tool and ldbsearch can
still operate on the backup (eg for forensics) but starting
Samba as an AD DC will fail.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
16 months agotests: Add test that Samba cannot be started with a backup DB
Tim Beale [Wed, 27 Jun 2018 02:06:54 +0000 (14:06 +1200)]
tests: Add test that Samba cannot be started with a backup DB

We don't want users to take a backup file, and then simply untar it and
run Samba (Several modifications to the DB need to be made as part of
the restore process, so users should always run the 'backup restore'
command).

To enforce this, prime_ldb_databases() now refuses to start Samba if the
backupDate marker is present in the DB. This patch adds a test-case that
proves this basic behaviour works.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
16 months agodocs: Add manpage for winbind_krb5_localauth.8
Andreas Schneider [Wed, 27 Jun 2018 13:06:07 +0000 (15:06 +0200)]
docs: Add manpage for winbind_krb5_localauth.8

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 27 18:45:56 CEST 2018 on sn-devel-144

16 months agodocs: Move winbind_krb5_locator manpage to volume 8
Andreas Schneider [Wed, 27 Jun 2018 13:14:15 +0000 (15:14 +0200)]
docs: Move winbind_krb5_locator manpage to volume 8

The vfs and idmap manpages are in volume 8 too.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
16 months agokrb5_plugin: Move krb5 locator plugin to krb5_plugin subdir
Andreas Schneider [Wed, 27 Jun 2018 12:08:56 +0000 (14:08 +0200)]
krb5_plugin: Move krb5 locator plugin to krb5_plugin subdir

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
16 months agokrb5_plugin: Install plugins to krb5 modules dir
Andreas Schneider [Wed, 27 Jun 2018 12:06:39 +0000 (14:06 +0200)]
krb5_plugin: Install plugins to krb5 modules dir

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
16 months agoUpdate .travis.yml to match package list used in docker container and Catalyst Cloud...
Andrew Bartlett [Wed, 27 Jun 2018 00:44:25 +0000 (12:44 +1200)]
Update .travis.yml to match package list used in docker container and Catalyst Cloud builds

The package list has some "strange" things in them, but more important is
using the same list everywhere.  We can hopefully harmonise the package lists
to a single file in Samba git soom, merging the docker and packer image creation.

Additionally, Travis CI will probably need to move to Docker once we change
beyond Ubuntu 14.04, so it will simple reference the gitlab.com image then.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed Jun 27 07:51:14 CEST 2018 on sn-devel-144

16 months agoremove_dc: Fix removal of an old Windows DC
Tim Beale [Thu, 14 Jun 2018 23:54:37 +0000 (11:54 +1200)]
remove_dc: Fix removal of an old Windows DC

Windows has 'CN=DNS Settings' child object underneath the Server object.
This was causing the removal of the server object in remove_dc() to
fail.

Noticed this problem while testing the backup/restore tool manually
against a Windows VM.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13484

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Tue Jun 26 23:32:51 CEST 2018 on sn-devel-144

16 months agos3:tests: Add test for smbclient --quiet
Justin Stephenson [Mon, 25 Jun 2018 14:29:28 +0000 (10:29 -0400)]
s3:tests: Add test for smbclient --quiet

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13485

Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Björn Baumbach <bb@sernet.de>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 26 20:29:19 CEST 2018 on sn-devel-144

16 months agos3:client: Add --quiet option to smbclient
Justin Stephenson [Mon, 25 Jun 2018 13:58:56 +0000 (09:58 -0400)]
s3:client: Add --quiet option to smbclient

Add quiet command-line argument to allow suppressing the help log
message printed automatically after establishing a smbclient connection

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13485

Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Björn Baumbach <bb@sernet.de>
16 months agodsdb audit: Fix timestamp tests
Gary Lockyer [Mon, 25 Jun 2018 21:39:56 +0000 (09:39 +1200)]
dsdb audit: Fix timestamp tests

Fix flapping test:
  [242(3560)/242 at 25m3s] samba4.dsdb.samdb.ldb_modules.audit_log
UNEXPECTED(failure):
  samba4.dsdb.samdb.ldb_modules.audit_log.test_operation_json_empty(none)
REASON: Exception: Exception: difftime(after, actual) >= 0
../source4/dsdb/samdb/ldb_modules/tests/test_audit_log.c:74: error:

The tests truncate the microsecond portion of the time, so the
difference could be less than 0.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun 26 06:09:46 CEST 2018 on sn-devel-144

16 months agodsdb-audit: Remove flapping part of the tests
Andrew Bartlett [Mon, 25 Jun 2018 20:29:46 +0000 (08:29 +1200)]
dsdb-audit: Remove flapping part of the tests

Because we have tests for this in the auth audit code, we do not need to have
the complexity of checking that we got DCE/RPC over SMB as an authorization
message here.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
16 months agodsdb: Use GUID_zero() rather than memset in dsdb audit code
Andrew Bartlett [Mon, 25 Jun 2018 04:46:29 +0000 (16:46 +1200)]
dsdb: Use GUID_zero() rather than memset in dsdb audit code

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
16 months agodsdb: Use customary variable names for the audit private context
Andrew Bartlett [Mon, 25 Jun 2018 04:43:38 +0000 (16:43 +1200)]
dsdb: Use customary variable names for the audit private context

The variable name "ac" typically implies the async context, and the long-life
private context is normally denoted private, not context.  This aligns better
with other modules.

talloc_get_type_abort() is now also used.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
16 months agodsdb: Use customary variable names for audit event contexts
Andrew Bartlett [Mon, 25 Jun 2018 04:23:00 +0000 (16:23 +1200)]
dsdb: Use customary variable names for audit event contexts

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
16 months agodsdb: Use correct memory context for imessaging_client_init() in audit logging
Andrew Bartlett [Mon, 25 Jun 2018 03:42:42 +0000 (15:42 +1200)]
dsdb: Use correct memory context for imessaging_client_init() in audit logging

This is only used for selftest, to send out the log messages for checking.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
16 months agoaudit_logging: Remove duplciate error printing
Andrew Bartlett [Mon, 25 Jun 2018 02:52:59 +0000 (14:52 +1200)]
audit_logging: Remove duplciate error printing

These errors are already logged at DBG_NOTICE in get_event_server()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
16 months agoaudit_logging: Initialise event_server
Andrew Bartlett [Mon, 25 Jun 2018 02:52:19 +0000 (14:52 +1200)]
audit_logging: Initialise event_server

It is better if this is a known zero value to start, even if we check the errors
correctly.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
16 months agoaudit_logging: Remove incorrect check for NT_STATUS_OBJECT_NAME_NOT_FOUND
Andrew Bartlett [Mon, 25 Jun 2018 02:51:35 +0000 (14:51 +1200)]
audit_logging: Remove incorrect check for NT_STATUS_OBJECT_NAME_NOT_FOUND

NT_STATUS_OBJECT_NAME_NOT_FOUND is not a case we can ignore, it would mean that event_server
is not initialised.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
16 months agoaudit_logging: Clarify debug messages
Andrew Bartlett [Mon, 25 Jun 2018 02:48:27 +0000 (14:48 +1200)]
audit_logging: Clarify debug messages

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
16 months agoautobuild: Build samba-fileserver --without-json-audit
Andrew Bartlett [Thu, 21 Jun 2018 17:32:29 +0000 (05:32 +1200)]
autobuild: Build samba-fileserver --without-json-audit

This build target is already --without-ad-dc and is the one we need to ensure is
compatible with a host without the Jansson JSON library.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jun 26 02:03:30 CEST 2018 on sn-devel-144

16 months agodsdb: Ensure a build --without-json-audit --without-ad-dc compiles
Andrew Bartlett [Thu, 21 Jun 2018 17:18:52 +0000 (05:18 +1200)]
dsdb: Ensure a build --without-json-audit --without-ad-dc compiles

We still build some of the ldb_modules even when we are not a DC, so we must
split up the DSDB_MODULE_HELPERS.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
16 months agolib/audit_logging: Only build audit_logging_test for --enable-selftest on the AD DC
Andrew Bartlett [Thu, 21 Jun 2018 17:39:08 +0000 (05:39 +1200)]
lib/audit_logging: Only build audit_logging_test for --enable-selftest on the AD DC

This allows a --without-ad-dc --enable-selftest build to compile, still testing some
fileserver-only features.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
16 months agolib/audit_logging: Require jansson JSON library for building the AD DC
Andrew Bartlett [Thu, 21 Jun 2018 16:50:09 +0000 (04:50 +1200)]
lib/audit_logging: Require jansson JSON library for building the AD DC

This combination is untested and it is reasonable to require this
broadly available library for the AD DC build.

Doing so keeps the combinational complexity down and ensures we test
what we ship.  (It was failing to compile).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
16 months agobuild: Move --without-json-audit and json lib detection to lib/audit_logging
Andrew Bartlett [Thu, 21 Jun 2018 16:47:10 +0000 (04:47 +1200)]
build: Move --without-json-audit and json lib detection to lib/audit_logging

This is the common location of the audit logging code now

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
16 months agodsdb: Log the transaction duraton.
Gary Lockyer [Wed, 6 Jun 2018 13:30:44 +0000 (15:30 +0200)]
dsdb: Log the transaction duraton.

This is not a general purpose profiling solution, but these JSON
logs are already being generated and stored, so this is worth adding.

This will allow administrators to identify long running
transactions, and identify potential performance bottlenecks.

This complements a similar patch set to log authentication duration.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun 25 11:16:18 CEST 2018 on sn-devel-144

16 months agoauth: For NTLM and KDC authentication, log the authentication duration
Andrew Bartlett [Sun, 10 Jun 2018 11:00:34 +0000 (13:00 +0200)]
auth: For NTLM and KDC authentication, log the authentication duration

This is not a general purpose profiling solution, but these JSON logs are already being
generated and stored, so this is worth adding.

Some administrators are very keen to know how long authentication
takes, particularly due to long replication transactions in other
processes.

This complements a similar patch set to log the transaction duration.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
16 months agotalloc_stack: Call talloc destructors while frame is still around
Volker Lendecke [Fri, 22 Jun 2018 14:25:10 +0000 (16:25 +0200)]
talloc_stack: Call talloc destructors while frame is still around

This fixes "samba-tool ntacl set -d10"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 23 04:56:44 CEST 2018 on sn-devel-144

16 months agocheck return value before using key_values
Andrej Gessel [Tue, 19 Jun 2018 08:07:51 +0000 (10:07 +0200)]
check return value before using key_values

there are also mem leaks in this function

Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
16 months agoldb: check return values
Andrej Gessel [Fri, 15 Jun 2018 09:02:15 +0000 (11:02 +0200)]
ldb: check return values

Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
16 months agokrb5_wrap: fix keep_old_entries logic for older kerberos libraries
Christof Schmitt [Tue, 19 Jun 2018 22:09:41 +0000 (15:09 -0700)]
krb5_wrap: fix keep_old_entries logic for older kerberos libraries

MIT kerberos 1.13 and older only stores 8 bits of the KVNO. The change
from commit 35b2fb4ff32 resulted in breakage for these kerberos
versions: 'net ads keytab create' reads a large KVNO from AD, and only
the lower 8 bits are stored. The next check then removed the entry again
as the 8 bit value did not match the currently valid KVNO.

Fix this by limiting the check to only 8 bits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13478

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Sat Jun 23 00:57:47 CEST 2018 on sn-devel-144

16 months agoctdb-common: replace talloc / memcpy by talloc_memdup
Swen Schillig [Wed, 7 Mar 2018 13:40:33 +0000 (14:40 +0100)]
ctdb-common: replace talloc / memcpy by talloc_memdup

Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Jun 22 11:57:19 CEST 2018 on sn-devel-144

16 months agokrb5_plugin: Add winbind localauth plugin for MIT Kerberos
Andreas Schneider [Fri, 15 Jun 2018 12:59:00 +0000 (14:59 +0200)]
krb5_plugin: Add winbind localauth plugin for MIT Kerberos

Applications (like OpenSSH) don't know about users and and
their relationship to Kerberos principals. This plugin allows that
Kerberos principals can be validated against local user accounts.

Administrator@WURST.WORLD -> WURST\Administrator

https://web.mit.edu/kerberos/krb5-latest/doc/plugindev/localauth.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13480

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 21 15:52:02 CEST 2018 on sn-devel-144

16 months agos3: smbd: Don't use getcwd() directly. We must always go through the VFS.
Jeremy Allison [Wed, 20 Jun 2018 21:49:33 +0000 (14:49 -0700)]
s3: smbd: Don't use getcwd() directly. We must always go through the VFS.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
16 months agos3:winbind: Fix regression introduced with bso #12851
Andreas Schneider [Wed, 20 Jun 2018 09:38:28 +0000 (11:38 +0200)]
s3:winbind: Fix regression introduced with bso #12851

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12851

Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 21 01:03:52 CEST 2018 on sn-devel-144

16 months agos3:smbget: Fix buffer truncation issues with gcc8
Andreas Schneider [Mon, 18 Jun 2018 08:43:53 +0000 (10:43 +0200)]
s3:smbget: Fix buffer truncation issues with gcc8

../source3/utils/smbget.c: In function ‘smb_download_file’:
../source3/utils/smbget.c:97:27: error: ‘b’ directive output may be truncated writing 1 byte into a region of size between 0 and 19 [-Werror=format-truncation=]
   snprintf(buffer, l, "%jdb", (intmax_t)s);
                           ^

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
16 months agos3:registry: Fix buffer truncation issues issues with gcc8
Andreas Schneider [Mon, 18 Jun 2018 08:34:27 +0000 (10:34 +0200)]
s3:registry: Fix buffer truncation issues issues with gcc8

../source3/registry/reg_perfcount.c: In function ‘reg_perfcount_get_hkpd’:
../source3/registry/reg_perfcount.c:337:29: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation=]
   snprintf(buf, buflen,"%d%s", key_part1, key_part2);

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
16 months agosamdb: Fix build error with gcc8
Andreas Schneider [Mon, 18 Jun 2018 08:24:06 +0000 (10:24 +0200)]
samdb: Fix build error with gcc8

../source4/dsdb/samdb/ldb_modules/samldb.c: In function ‘samldb_add’:
../source4/dsdb/samdb/ldb_modules/samldb.c:424:6: error: ‘found’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
   if (found) {
      ^
../source4/dsdb/samdb/ldb_modules/samldb.c:348:11: note: ‘found’ was declared here
  bool ok, found;
           ^~~~~

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
16 months agoPossible memory leak in map_info3_to_validation
Swen Schillig [Fri, 25 May 2018 08:40:54 +0000 (10:40 +0200)]
Possible memory leak in map_info3_to_validation

In case of a failing call to copy_netr_SamInfo3, the allocated memory
for "validation" needs to be free'd before returning.

Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 20 21:05:40 CEST 2018 on sn-devel-144

16 months agoheimdal: remove include/includedir directives for krb5.conf
Björn Baumbach [Tue, 19 Jun 2018 14:32:10 +0000 (16:32 +0200)]
heimdal: remove include/includedir directives for krb5.conf

The original heimdal code introduces a segmentation fault, due to an
uninitialized pointer. This code does not seem to be tested very well.

Revert "heimdal: Add include/includedir directives for krb5.conf"

This reverts commit 0a6e9b6c0e15fa6fe46acdd357d76b8df447317f.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Björn Baumbach <bbaumbach@samba.org>
Autobuild-Date(master): Wed Jun 20 17:48:16 CEST 2018 on sn-devel-144

17 months agopython/samba/netcmd: Fix NameError exception
Noel Power [Wed, 13 Jun 2018 11:51:50 +0000 (12:51 +0100)]
python/samba/netcmd: Fix NameError exception

Running make test TEST=samba4.drs.samba_tool_drs.python results in

BlackboxProcessError: Command '/tmp/samba-testbase/b12/samba/bin/samba-tool drs clone-dc-database samba.example.com --server=localdc -USAMBADOMAIN/Administrator%locDCpass1 --targetdir=/tmp/samba-testbase/b12/samba/bin/ab/tmp/tmpWPo8r3'; exit status 255; stdout: ''; stderr: 'ERROR(<type 'exceptions.NameError'>): uncaught exception - global name 'logging' is not defined
  File "bin/python/samba/netcmd/__init__.py", line 177, in _run
    return self.run(*args, **kwargs)
  File "bin/python/samba/netcmd/drs.py", line 697, in run
    logger.setLevel(logging.INFO)
'

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 20 04:08:53 CEST 2018 on sn-devel-144

17 months agopython/samba: enclose map.values with list (py2/py3)
Noel Power [Thu, 14 Jun 2018 14:32:03 +0000 (15:32 +0100)]
python/samba: enclose map.values with list (py2/py3)

Fix errors in samba.tests.samba_tool.visualize_drs that with python 3
will generate exception with messages something like
'can't iterate dict_values'

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agopython/samba: Another object.next() to next(object) py2/py3 converstion
Noel Power [Thu, 14 Jun 2018 14:48:36 +0000 (15:48 +0100)]
python/samba: Another object.next() to next(object) py2/py3 converstion

fix samba.tests.samba_tool.visualize_drs

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agopython/samba/emulate: py2/py3 .next usage, replace with next() fn
Noel Power [Mon, 28 May 2018 16:01:57 +0000 (17:01 +0100)]
python/samba/emulate: py2/py3 .next usage, replace with next() fn

17 months agopython/samba/tests: py2/py3 port has_keys usage
Noel Power [Fri, 11 May 2018 15:37:44 +0000 (16:37 +0100)]
python/samba/tests: py2/py3 port has_keys usage

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agopython/samab: py2/py3 string.upper(astring) -> astring.upper
Noel Power [Mon, 28 May 2018 15:56:00 +0000 (16:56 +0100)]
python/samab: py2/py3 string.upper(astring) -> astring.upper

17 months agopython/samba: Py2|Py3 compat, fix more missed exception tuple issues
Noel Power [Mon, 28 May 2018 15:22:25 +0000 (16:22 +0100)]
python/samba: Py2|Py3 compat, fix more missed exception tuple issues

17 months agotests: Increase PSO test timeouts to minimise failures
Tim Beale [Sun, 17 Jun 2018 21:52:57 +0000 (09:52 +1200)]
tests: Increase PSO test timeouts to minimise failures

When PSOs exist in the DB, there is some extra overhead involved in user
logins (an extra expand-nested-groups operation for every user login).

Currently password_lockout tests are quite query-intensive - each call
to _check_account() does ~6 RPC operations/LDB searches (plus sleeps for
20 millisecs). Plus the actual user login attempt being tested. It looks
like the current test needs to do 3 login attempts/_check_account()
calls within a 2-second window. While the PSO test cases usually work
OK, sometimes they fail (presumably they take slightly longer and fall
outside this 2-second window). Presumably this is due to the cloud
instance's CPU being slightly more loaded when the test is run.

Long-term the plan is to refactor the user login so that the extra
expand-nested-groups operation is unnecessary for PSOs. In the
short-term, increase the window the test uses from 2 seconds to 3
seconds.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agotests: Increase minPwdAge used for PSO tests
Tim Beale [Sun, 17 Jun 2018 21:03:40 +0000 (09:03 +1200)]
tests: Increase minPwdAge used for PSO tests

The PSO minPwdAge test was using a 1 second timeout. While this seemed
to work fine most of the time, we did see a rackspace failure that was
presumably due to the test taking longer than 1-second to execute
(which resulted in the password not being correctly rejected).

This patch increases the minPwdAge used, to try to avoid this problem
happening.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
17 months agowinbind: Fix a typo
Volker Lendecke [Thu, 3 May 2018 09:47:44 +0000 (11:47 +0200)]
winbind: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 19 11:43:16 CEST 2018 on sn-devel-144

17 months agolib: Align integer types
Volker Lendecke [Wed, 25 Apr 2018 10:05:37 +0000 (12:05 +0200)]
lib: Align integer types

Loop-variable and bound should be the same type

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agoidmap_hash: Align integer types
Volker Lendecke [Fri, 4 May 2018 19:02:41 +0000 (21:02 +0200)]
idmap_hash: Align integer types

Loop-variable and bound should be the same type

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
17 months agotestparm: Remove warning from the last century
Andreas Schneider [Mon, 18 Jun 2018 13:22:18 +0000 (15:22 +0200)]
testparm: Remove warning from the last century

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
17 months agolibrpc/crypto: Fix a misleading comment
Volker Lendecke [Mon, 18 Jun 2018 11:46:32 +0000 (13:46 +0200)]
librpc/crypto: Fix a misleading comment

Probably cut&paste error

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jun 18 18:34:51 CEST 2018 on sn-devel-144

17 months agoheimdal: Add include/includedir directives for krb5.conf
Nicolas Williams [Fri, 15 Jun 2018 12:45:38 +0000 (14:45 +0200)]
heimdal: Add include/includedir directives for krb5.conf

Cherry-pick of Heimdal commit fe43be85587f834266623adb0ecf2793d212a7ca

Removed tests and documentation from original commit by
Björn Baumbach <bb@sernet.de>, since we do not ship them.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11573

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Björn Baumbach <bbaumbach@samba.org>
Autobuild-Date(master): Mon Jun 18 15:52:26 CEST 2018 on sn-devel-144

17 months agoheimdal: small code adaption to cherry-pick heimdal commit
Björn Baumbach [Fri, 15 Jun 2018 12:33:40 +0000 (14:33 +0200)]
heimdal: small code adaption to cherry-pick heimdal commit

Check asprintf() return value.
Make use of krb5_enomem().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11573

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
17 months agoheimdal: lib/krb5: do not fail set_config_files due to parse error
Jeffrey Altman [Thu, 16 Jun 2016 20:25:41 +0000 (16:25 -0400)]
heimdal: lib/krb5: do not fail set_config_files due to parse error

Follow Apple's lead and do not fail krb5_set_config_files() simply
because one of the files in the profile list fails to parse correctly.
Doing so can lead to hard to find failures and could lead to an end
user shooting themselves in the foot and no longer be able to login
to their system to fix it.

Parse as many of the files as we can.  Only fail krb5_set_config_files()
if init_context_from_config_file() fails.

Change-Id: I122664c6d707a5f926643808ba414bf4f681f8b8

Cherry-pick of Heimdal commit b7cf5e7caf9b270f4d4151d2690177b11a7a1bdf

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11573

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
17 months agosmbd: remove unused smbd_server_connection->ev_ctx
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: remove unused smbd_server_connection->ev_ctx

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jun 18 11:46:36 CEST 2018 on sn-devel-144

17 months agosmbd: add an effective {smb,smbd_smb2}_request->ev_ctx that holds the event context...
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: add an effective {smb,smbd_smb2}_request->ev_ctx that holds the event context used for the request processing

In future this will an impersonation wrapper tevent_context based on the
user session.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
17 months agosmbd: add an effective connection_struct->user_ev_ctx that holds the event context...
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: add an effective connection_struct->user_ev_ctx that holds the event context used for the current user

This will be filled with an impersonation wrapper in the next commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
17 months agosmbd: use sconn->root_ev_ctx for smbd_sig_{term,hup}_handler()
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: use sconn->root_ev_ctx for smbd_sig_{term,hup}_handler()

They already call change_to_root_user(), which can be removed
later.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
17 months agosmbd: use sconn->root_ev_ctx for brl_timeout_fn()
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: use sconn->root_ev_ctx for brl_timeout_fn()

This already calls change_to_root_user(), which can be removed
later.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
17 months agosmbd: add smbd_server_connection->{root,guest}_ev_ctx pointer
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: add smbd_server_connection->{root,guest}_ev_ctx pointer

For now these are just the same as smbd_server_connection->ev_ctx,
but this will change in future and we'll use impersonation wrappers.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
17 months agosmbd: use raw_ev_ctx to clear the MSG_SMB_CONF_UPDATED registration
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: use raw_ev_ctx to clear the MSG_SMB_CONF_UPDATED registration

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
17 months agosmbd: explain that/why we use the raw tevent_context for linux_oplock_signal_handler()
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: explain that/why we use the raw tevent_context for linux_oplock_signal_handler()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
17 months agosmbd: explain that/why we use the raw tevent_context for do_break_to_none()
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: explain that/why we use the raw tevent_context for do_break_to_none()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>