Andrew Bartlett [Tue, 13 Feb 2018 22:29:54 +0000 (11:29 +1300)]
selftest: Avoid a build started around midnight failing (again)
This case most likely relates to Daylight Saving changes creating
a 23 hour day.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andreas Schneider [Fri, 5 Jan 2018 09:43:18 +0000 (10:43 +0100)]
smbspool: Initialize empty_str on declaration
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sun, 11 Feb 2018 22:06:25 +0000 (11:06 +1300)]
selftest: GnuTLS is already mandetory to build the AD DC
This change avoids the code behind 'if have_tls_support' becoming untested
if the configure logic changes. We already assert that we have GnuTLS
elsewhere in the AD DC build scripts.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Sun, 11 Feb 2018 22:03:25 +0000 (11:03 +1300)]
selftest: Require jansson support for selftest of the AD DC
This avoids this code becoming untested if a package is not installed or
the configure test is accidentially broken.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Thu, 8 Feb 2018 03:01:41 +0000 (16:01 +1300)]
test samba-tool drs showrepl: test --json output
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 8 Feb 2018 02:52:01 +0000 (15:52 +1300)]
samba-tool drs showrepl: add --json option for JSON output
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 2 Feb 2018 02:39:47 +0000 (15:39 +1300)]
samba-tool drs showrepl: restructure in preparation for --json
Basically we just separate data extraction from printing.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 8 Feb 2018 01:22:39 +0000 (14:22 +1300)]
test samba-tool drs showrepl: test expected output more strictly
We try to ensure the output has all the expected information in the
expected order.
Soon we're going to add a JSON output mode, and we are strengthening
the tests here to ensure we don't break anything.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 8 Feb 2018 01:47:55 +0000 (14:47 +1300)]
test samba-tool drs showrepl: fix formatting and unused imports
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 2 Feb 2018 02:59:38 +0000 (15:59 +1300)]
tests: move samba-tool drs showrepl into its own suite
This is a simple copy of the sowrepl test to the new file, making room
to expand the test and (soon) to test JSON output.
pep-8 intentionally ignored to show this is a copy.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 10 Feb 2018 22:59:40 +0000 (11:59 +1300)]
python.subunit: add assertRegexpMatches for Python 2.6
This is used in python/samba/tests/samba_tool/provision_password_check.py
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Lumir Balhar [Tue, 30 Jan 2018 17:55:12 +0000 (18:55 +0100)]
python: tests: Make tests of dsdb Python module Python 3 compatible
Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Lumir Balhar [Tue, 30 Jan 2018 17:53:38 +0000 (18:53 +0100)]
python: Port dsdb module to Python 3 compatible form.
Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Lumir Balhar [Tue, 30 Jan 2018 17:52:11 +0000 (18:52 +0100)]
python: Port samdb module to Python 3 compatible form
Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Lumir Balhar [Fri, 9 Feb 2018 19:49:36 +0000 (20:49 +0100)]
python: Add `text_type` Python 2/3 compatible function name.
This compatible function name represents `str` in Python 3
and `unicode` in Python 2.
Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Lumir Balhar [Tue, 30 Jan 2018 17:47:32 +0000 (18:47 +0100)]
python: Port dsdb_dns module to Python 3 compatible form.
Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 30 Jan 2018 17:09:00 +0000 (18:09 +0100)]
python: Convert base64 encoded password to utf-8
Pair-Programmed-With: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 30 Jan 2018 15:39:21 +0000 (16:39 +0100)]
python: Generate random test usernames
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 14 Feb 2018 11:05:16 +0000 (12:05 +0100)]
docs: Add a not that 'wbinfo --user-groups' may be incomplete
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb 14 20:32:18 CET 2018 on sn-devel-144
Volker Lendecke [Sun, 4 Feb 2018 15:13:43 +0000 (15:13 +0000)]
libsocket: Avoid an unnecessary else branch
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Feb 13 21:07:17 CET 2018 on sn-devel-144
Volker Lendecke [Sun, 4 Feb 2018 15:48:23 +0000 (15:48 +0000)]
net: Slightly simplify net_lookup_dsgetdcname()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 12 Jan 2018 21:16:39 +0000 (22:16 +0100)]
dsgetdcname: Add some const
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 30 Jan 2018 12:47:35 +0000 (13:47 +0100)]
libsmb: Fix an error path memleak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 07:55:03 +0000 (08:55 +0100)]
libsmb: Fix destructor setup in unexpected.c
The destructor does DLIST_REMOVE, so better make sure "client" is in fact
member of that list when the destructor fires
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 4 Feb 2018 16:41:04 +0000 (16:41 +0000)]
libcli: Fix a cut&paste typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 4 Feb 2018 15:45:57 +0000 (15:45 +0000)]
net: Add some {}
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 29 Jan 2018 09:17:11 +0000 (10:17 +0100)]
nbt_server: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 2 Feb 2018 12:13:31 +0000 (13:13 +0100)]
libnbt: Apply some const
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sat, 3 Feb 2018 12:48:35 +0000 (12:48 +0000)]
libnbt: Use TALLOC_FREE
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Mon, 12 Feb 2018 10:24:26 +0000 (11:24 +0100)]
docs: Fix smbpasswd manpage about password storage
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Feb 13 16:25:33 CET 2018 on sn-devel-144
Volker Lendecke [Wed, 7 Feb 2018 13:32:37 +0000 (14:32 +0100)]
smbd: remove "id" from share_mode_entry
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 13 05:01:38 CET 2018 on sn-devel-144
Volker Lendecke [Wed, 7 Feb 2018 11:28:13 +0000 (12:28 +0100)]
smbd: Pass "file_id" explicitly to send_break_to_none
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 11:24:35 +0000 (12:24 +0100)]
smbd: Pass "file_id" explicitly to send_break_message()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 11:16:10 +0000 (12:16 +0100)]
srvsvc: Avoid a dependency on share_mode_entry->id
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 11:11:10 +0000 (12:11 +0100)]
smbd: Avoid a dependency on share_mode_entry->id
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 10:40:58 +0000 (11:40 +0100)]
smbd: Avoid a dependency on share_mode_entry->id
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 10:39:32 +0000 (11:39 +0100)]
smbd: Pass "file_id" explicitly to message_to_share_mode_entry()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 10:36:51 +0000 (11:36 +0100)]
smbd: Pass "file_id" explicitly into share_mode_entry_to_message()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 10:14:31 +0000 (11:14 +0100)]
smbd: Remove a redundant check
The file ids in all share modes match the share_mode_data's one
We don't have a paranoia check for this, but the share mode is per inode.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 10:13:40 +0000 (11:13 +0100)]
smbd: Use "share_mode_data->id", not "share_mode_entry->id"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 10:10:14 +0000 (11:10 +0100)]
srvsvc: Use the passed-in file_id
The one in share_mode_entry will go
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 10:09:10 +0000 (11:09 +0100)]
smbd: Pass in "file_id" into validate_my_share_entries
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 10:05:33 +0000 (11:05 +0100)]
smbd: Pass in "file_id" into share_mode_str()
This used to directly access share_entry->id, which will go
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 09:52:23 +0000 (10:52 +0100)]
srvsvc: Use the passed-in file id, not the one from share_mode_entry
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 09:43:11 +0000 (10:43 +0100)]
smbd: Pass "file_id" through share_entry_forall
It's also in the share_entry, but that is redundant and will go
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Feb 2018 09:05:57 +0000 (10:05 +0100)]
smbd: Fix a signed/unsigned hickup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 9 Feb 2018 15:19:53 +0000 (16:19 +0100)]
winbindd: Initialize the domain groups member
==9405== 4 errors in context 1 of 493:
==9405== Conditional jump or move depends on uninitialised value(s)
==9405== at 0x7507F71: vfprintf (in /lib64/libc-2.12.so)
==9405== by 0x75C515B: __vasprintf_chk (in /lib64/libc-2.12.so)
==9405== by 0x2A8728: dbgtext (stdio2.h:199)
==9405== by 0x22DCBB: winbindd_list_groups_done (winbindd_list_groups.c:127)
==9405== by 0x6C7F568: _tevent_req_error (tevent_req.c:167)
==9405== by 0x6C7F568: _tevent_req_error (tevent_req.c:167)
==9405== by 0x6C7F568: _tevent_req_error (tevent_req.c:167)
==9405== by 0x3CDAE8: dcerpc_binding_handle_call_done (binding_handle.c:445)
==9405== by 0x6C7F568: _tevent_req_error (tevent_req.c:167)
==9405== by 0x6C7F568: _tevent_req_error (tevent_req.c:167)
==9405== by 0x202701: wbint_bh_raw_call_done (winbindd_dual_ndr.c:139)
==9405== by 0x6C82C60: tevent_common_loop_timer_delay (tevent_timed.c:341)
==9405== by 0x6C83CA1: epoll_event_loop_once (tevent_epoll.c:911)
==9405== by 0x6C822D5: std_event_loop_once (tevent_standard.c:114)
==9405== by 0x6C7DC3C: _tevent_loop_once (tevent.c:533)
==9405== by 0x1D8A03: main (winbindd.c:1490)
==9405== Uninitialised value was created by a heap allocation
==9405== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==9405== by 0x6A71DCA: _talloc_array (in /usr/lib64/libtalloc.so.2.1.5)
==9405== by 0x22D959: winbindd_list_groups_send (winbindd_list_groups.c:69)
==9405== by 0x1D76BC: winbind_client_request_read (winbindd.c:647)
==9405== by 0x23AF2A: wb_req_read_done (wb_reqtrans.c:126)
==9405== by 0x6C83EA5: epoll_event_loop_once (tevent_epoll.c:728)
==9405== by 0x6C822D5: std_event_loop_once (tevent_standard.c:114)
==9405== by 0x6C7DC3C: _tevent_loop_once (tevent.c:533)
==9405== by 0x1D8A03: main (winbindd.c:1490)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Feb 13 00:25:27 CET 2018 on sn-devel-144
Andreas Schneider [Fri, 9 Feb 2018 14:33:39 +0000 (15:33 +0100)]
winbindd: Free is_parent before we terminate
This makes valgrind happy.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Fri, 9 Feb 2018 14:27:42 +0000 (15:27 +0100)]
winbindd: Free memory before we exit the connect child
This will make valgrind happy.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Fri, 9 Feb 2018 09:27:55 +0000 (10:27 +0100)]
winbind: Improve child selection
This improves the situation when a client request blocks a winbind
child. This might be a slow samlogon or lookupnames to a domain that's
far away. With random selection of the child for new request coming in
we could end up with a long queue when other, non-blocked children
could serve those new requests. Choose the shortest queue.
This is an immediate and simple fix. Step two will be to have a
per-domain and not a per-child queue. Right now we're pre-selecting
the check-out queue at Fry's randomly without looking at the queue
length. With this change we're picking the shortest queue. The better
change will be what Fry's really does: One central queue and red/green
lights on the busy/free checkout counters.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Feb 12 19:51:35 CET 2018 on sn-devel-144
Douglas Bagnall [Fri, 9 Feb 2018 10:09:41 +0000 (23:09 +1300)]
tests/samba-tool user wdigest: fix a flapping test
The output of something like
samba-tool user getpassword $USER --attributes virtualWDigest01
contains an LDIF section with long strings folded on the 77th column.
To unfold this LDIF we were using:
result = re.sub(r"\n\s*", '', out)
which worked fine EXCEPT when a space in the output happened to land
immediately after the fold and got eaten by the \s*.
Instead we remove just a single space after the line break, because
that is always what fold_string() in lib/ldb/common/ldb_ldif.c
inserts, and for this simple replacement we don't need the re module.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb 12 05:21:01 CET 2018 on sn-devel-144
Douglas Bagnall [Fri, 9 Feb 2018 01:29:43 +0000 (14:29 +1300)]
tests: SambaToolCmdTest.assertMatch() indicates what was asserted
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 22:13:12 +0000 (23:13 +0100)]
winbindd: WBFLAG_PAM_AUTH_PAC should call add_trusted_domain_from_auth() is the result is trusted
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Feb 10 13:08:50 CET 2018 on sn-devel-144
Stefan Metzmacher [Fri, 9 Feb 2018 07:38:18 +0000 (08:38 +0100)]
winbindd: rename winbindd_pam_auth_pac_send and let it return validation
Just a preperational step. The next commit will update the caller to
make use of the validation info.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 22:10:42 +0000 (23:10 +0100)]
winbindd: complete WBFLAG_PAM_AUTH_PAC handling in winbindd_pam_auth_crap_send()
winbindd_pam_auth_crap_recv() should not have any real logic.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 22:02:26 +0000 (23:02 +0100)]
winbindd: let winbindd_pam_auth_pac_send() compute info6 from PAC
This way we don't loose the DNS info and UPN. A subsequent commit will
let winbindd_pam_auth_pac_send() return the full validation info.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 21:00:35 +0000 (22:00 +0100)]
winbindd: call add_trusted_domain_from_auth() in winbindd_pam_auth_crap_done()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 20:34:46 +0000 (21:34 +0100)]
winbindd: get netr_SamInfo6 out of winbindd_dual_pam_auth_kerberos()
This way we don't loose dns_domain_name and user principal.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13261
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 20:32:53 +0000 (21:32 +0100)]
s3/rpc_client: add map_info6_to_validation()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13261
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 20:32:25 +0000 (21:32 +0100)]
s3/auth: add create_info6_from_pac()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13261
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 16:58:07 +0000 (17:58 +0100)]
s4/auth_winbind: ask for validation level 6
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13260
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 16:57:37 +0000 (17:57 +0100)]
winbindd: allow validation level 6 in winbind_SamLogon
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13260
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 16:53:49 +0000 (17:53 +0100)]
s3/rpc_client: add copy_netr_SamInfo6() and map_validation_to_info6()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13260
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 2 Feb 2018 14:24:00 +0000 (15:24 +0100)]
winbindd: introduce a cm_connect_netlogon_secure() which gives a valid netlogon_creds_ctx
At lot of callers require a valid schannel connection.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13259
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 16:39:15 +0000 (17:39 +0100)]
winbindd: handle interactive logons in _winbind_SamLogon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 16:37:54 +0000 (17:37 +0100)]
winbindd: pass 'bool interactive' to winbind_dual_SamLogon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 8 Feb 2018 16:23:49 +0000 (17:23 +0100)]
winbindd: add a comment to a parameter in _winbind_SamLogon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 15:36:45 +0000 (16:36 +0100)]
winbindd: separate plaintext given and interactive in winbind_samlogon_retry_loop()
We need to handle 4 cases:
plaintext_given=true interactive=true
plaintext_given=false interactive=true
plaintext_given=true interactive=false
plaintext_given=false interactive=false
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 9 Feb 2018 15:15:18 +0000 (16:15 +0100)]
s3/rpc_client: add rpccli_netlogon_interactive_logon()
This will be used in a subsequent commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 22:19:32 +0000 (23:19 +0100)]
winbindd: add_trusted_domain_from_auth() should not use dns_name = ""
Check whether the DNS domain name in the info6 struct is actually more
then just an empty string. If it is we want to call add_trusted_domain()
with NULL as DNS domain name argument.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13257
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Sun, 4 Feb 2018 21:48:01 +0000 (22:48 +0100)]
wbinfo: avoid segfault in wbinfo_auth_crap() if winbindd is not available
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13256
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 31 Jan 2018 07:22:07 +0000 (08:22 +0100)]
winbindd: fix debug message in find_default_route_domain() on a DC
As we don't support multiple domains in a forest yet,
we don't need to print a warning a log level 0.
This also adds a missing \n.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13255
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 15:35:52 +0000 (16:35 +0100)]
s4/rpc_server: trigger trusts reload in winbindd after successfull trust info acquisition
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 15:35:13 +0000 (16:35 +0100)]
winbindd: rename MSG_WINBIND_NEW_TRUSTED_DOMAIN to MSG_WINBIND_RELOAD_TRUSTED_DOMAINS
This reflects the new implementation in winbindd.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 10:32:30 +0000 (11:32 +0100)]
s4/rpc_server: remove unused data argument from MSG_WINBIND_NEW_TRUSTED_DOMAIN
winbindd doesn't use that data anymore.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 10:30:53 +0000 (11:30 +0100)]
winbindd: use add_trusted_domains_dc in wb_imsg_new_trusted_domain
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 10:28:20 +0000 (11:28 +0100)]
winbindd: move loading of trusted domains on a DC to a seperate function
This allows using the split out function in a subsequent commit in the
MSG_WINBIND_NEW_TRUSTED_DOMAIN message handler.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 12:02:04 +0000 (13:02 +0100)]
winbindd: don't force using LSA_LOOKUP_NAMES_ALL for non workstation trusts.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13236
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:57:11 +0000 (12:57 +0100)]
s3:rpc_client: pass down lsa_LookupNamesLevel to dcerpc_lsa_lookup_sids_generic()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13236
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:06:50 +0000 (12:06 +0100)]
winbindd: prepare find_lookup_domain_from_{name,sid}() transitive trusts on a DC
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13235
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:06:50 +0000 (12:06 +0100)]
winbindd: prepare find_auth_domain() transitive trusts on a DC
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13235
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:03:11 +0000 (12:03 +0100)]
winbindd: remove const from set_routing_domain()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13235
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:02:05 +0000 (12:02 +0100)]
winbindd: use Netlogon{Interactive,Network}TransitiveInformation on transitive trusts
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13234
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:00:19 +0000 (12:00 +0100)]
s3:rpc_client: allow passing NetlogonNetwork[Transitive]Information to rpccli_netlogon_network_logon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13234
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 10:58:31 +0000 (11:58 +0100)]
s3:rpc_client: allow Netlogon{Network,Interactive}TransitiveInformation in rpccli_netlogon_password_logon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13234
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 07:38:59 +0000 (08:38 +0100)]
winbindd: add routing_domain as parameter to add_trusted_domain
This also fixes the following CIDs:
CID
1427622: Null pointer dereferences (REVERSE_INULL)
CID
1427619: Null pointer dereferences (REVERSE_INULL)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13233
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 13:30:48 +0000 (14:30 +0100)]
winbindd: add missing can_do_ncacn_ip_tcp initialisation
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13232
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 13:30:12 +0000 (14:30 +0100)]
winbindd: remove useless calls to get_trust_credentials() before cli_rpc_pipe_open_schannel_with_creds()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13231
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 13:24:47 +0000 (14:24 +0100)]
winbindd: fix LSA connections via DCERPC_AUTH_SCHANNEL
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13231
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Thu, 1 Feb 2018 03:08:34 +0000 (16:08 +1300)]
sambatool drs showrepl: prefer self over ctx in python classes
and the line length too.
(Now only python/samba/join.py uses ctx for self, but at least it does
it consistently. This was the only ctx function in the class).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 9 12:34:06 CET 2018 on sn-devel-144
Douglas Bagnall [Thu, 1 Feb 2018 02:28:28 +0000 (15:28 +1300)]
samba-tool rodc: consistently use self.outf, not stdout
This increases the output of some commands from the point of view of
tests which read the outf, so we also need to change those tests a
bit.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 8 Feb 2018 20:51:54 +0000 (09:51 +1300)]
subunit.run: report failure in process return code
The protocol requires that the TestResult object remembers when it has failed, but
in subclassing unittest.TestResult we forgot to ensure this is true.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 1 Feb 2018 21:35:25 +0000 (10:35 +1300)]
python samdb.newuser(): use user DN not samaccountname to set password
This is noticably faster in cases (e.g. tests) where the same user
is added and deleted many times.
The rreason is samaccountname is retained for deleted objects, so the
search finds multiple objects that need to be filtered out internally.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 31 Jan 2018 23:02:29 +0000 (12:02 +1300)]
tests/samba_tool user virtualCryptSHA: remove unused py3 incompatible import
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 31 Jan 2018 23:01:10 +0000 (12:01 +1300)]
tests/password_hash: avoid py3-incompatible md5 module
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 31 Jan 2018 22:56:06 +0000 (11:56 +1300)]
tests/samba-tool user_wdigest: avoid py3-incompatible md5 module
In Python3, the md5 and sha modules are gone, but the functions are
available via hashlib (which is also in python 2.5+).
The md5.hexdigest() does what binascii.hexlify(md5.digest()) does.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 9 Feb 2018 03:51:22 +0000 (16:51 +1300)]
lib/crypto/REQUIREMENTS: DRSUAPI replication replicated secrets was missing from the RC4 section
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Volker Lendecke [Sun, 3 Dec 2017 19:47:02 +0000 (20:47 +0100)]
lib: Make g_lock_locks use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Feb 8 14:50:49 CET 2018 on sn-devel-144
Volker Lendecke [Sun, 3 Dec 2017 19:47:02 +0000 (20:47 +0100)]
lib: Make g_lock_dump use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 3 Dec 2017 19:47:02 +0000 (20:47 +0100)]
lib: Make g_lock_do use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>