Andrew Bartlett [Fri, 16 May 2014 06:10:23 +0000 (18:10 +1200)]
winbindd: Call set_dc_type_and_flags on the internal domain
This allows the AD DC to be picked up correctly and gives the correct DNS name.
To ensure no confusion, we also always init it with the full DNS name.
It also means that, aside from the BUILTIN domain the initialized
flag is set only in one place, which will help when we add more details
to the domain structure in the future.
This in turn allows kerberos authentication against winbindd on the AD DC.
Andrew Bartlett
Change-Id: Idc829cfe5f2e867c87107b49275b17f294821dcd Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 14 May 2014 08:12:03 +0000 (20:12 +1200)]
dsdb: Do not refresh the schema using the wrong event context
What we now do is have the refresh function and module be on a
seperate object to the schema, only referring to the data and
not excuting on the original ldb and event loop.
That is, we never use another ldb context when calling the
refresh function, by binding the refresh handler to the
ldb and not the schema.
Andrew Bartlett
Change-Id: I5c323dda743cf5858badd01147fda6227599bc16 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 23 May 2014 04:06:17 +0000 (16:06 +1200)]
dsdb: Do not store a struct ldb_dn in struct schema_data
The issue is that the DN contains a pointer to the ldb it belongs to,
and if this is not kept around long enough, we might reference memory
after it is de-allocated.
Andrew Bartlett
Change-Id: I040a6c37a3164b3309f370e32e598dd56b1a1bbb Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Tue, 13 May 2014 05:47:03 +0000 (17:47 +1200)]
passdb: Do not routinely clear the global memory returned by get_global_sam_sid()
This avoids use-after-free errors and tdb database churn.
Andrew Bartlett
Change-Id: If7ab2e24556d9dffc7ad22c0489d665dd75a0cab Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Volker Lendecke [Tue, 3 Jun 2014 13:03:56 +0000 (13:03 +0000)]
libcli: Add a NULL check in dom_sid_string
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 10 21:46:15 CEST 2014 on sn-devel-104
Jeremy Allison [Wed, 4 Jun 2014 21:53:01 +0000 (14:53 -0700)]
s3: libsmb: Change cli_disk_size() to use the trans2/SMB_FS_FULL_SIZE_INFORMATION call in preference to the old SMB1 call.
Fallback to the old CORE protocol SMBdskattr if
trans2/SMB_FS_FULL_SIZE_INFORMATION is not supported.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 7 05:41:44 CEST 2014 on sn-devel-104
Jeremy Allison [Tue, 3 Jun 2014 17:44:19 +0000 (10:44 -0700)]
lib: tevent: make TEVENT_SIG_INCREMENT atomic.
On arm platforms incrementing a variable is not
an atomic operation, so may be interrupted by
signal processing (if a signal interrupts another
signal handler).
Use compiler built-ins to make this atomic.
__sync_fetch_and_add() works on gcc, llvm,
IBM xlC on AIX, and Intel icc (10.1 and
above).
atomic_add_32() works on Oracle Solaris.
Based on an inital patch from kamei@osstech.co.jp.
Bug #10640 - smbd is not responding - tevent_common_signal_handler() increments non-atomic variables
https://bugzilla.samba.org/show_bug.cgi?id=10640
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Jeremy Allison [Thu, 5 Jun 2014 19:32:30 +0000 (12:32 -0700)]
s3/s4: smbd, rpc, ldap, cldap, kdc services.
Allow us to start if we bind to *either* :: or 0.0.0.0.
Allows us to cope with systems configured as only IPv4
or only IPv6.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-By: Amitay Isaacs <amitay@gmail.com> Reviewed-By: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 7 01:01:44 CEST 2014 on sn-devel-104
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jun 6 02:25:52 CEST 2014 on sn-devel-104
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
swrap: Call swrap_msghdr_socket_info in swrap_recvmsg_after().
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Thu, 5 Jun 2014 12:38:50 +0000 (12:38 +0000)]
librpc: Fix a "ignoring asprintf return" warning
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date(master): Thu Jun 5 22:28:16 CEST 2014 on sn-devel-104
Michael Adam [Thu, 5 Jun 2014 10:48:03 +0000 (12:48 +0200)]
ctdb:server: fix DEBUG message for wrong event script options.
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Jun 5 19:51:36 CEST 2014 on sn-devel-104
This is a config file for a VIM code completion engine:
http://valloric.github.io/YouCompleteMe/
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 5 13:18:56 CEST 2014 on sn-devel-104
Christian Ambach [Sat, 24 May 2014 22:35:09 +0000 (00:35 +0200)]
s3:vfs_afsacl fix compiler warnings
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Wed Jun 4 22:34:51 CEST 2014 on sn-devel-104
Christian Ambach [Wed, 14 May 2014 13:39:44 +0000 (15:39 +0200)]
vfs_afsacl: remove unused includes
* auth.h might cause collisions with the Heimdal headers
* we should not include afs/afs.h directly, see
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1319336
http://rt.central.org/rt/Ticket/Display.html?id=131737
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Christian Ambach [Tue, 15 Apr 2014 22:36:25 +0000 (00:36 +0200)]
waf: add --with-fake-kaserver option
This option was not added during the transition from autoconf
to waf.
Bring it back so that the code can be used again.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9916 Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Christian Ambach [Mon, 14 Apr 2014 20:11:12 +0000 (22:11 +0200)]
s3:lib/afs move afs.c to common lib dir
some of the code in afs.c is needed by wbinfo that lives in the toplevel
nsswitch directory, so move the afs.c file to a new top-level lib/afs
directory. Use the name afs_funcs to avoid collisions with the afs.h
header from OpenAFS
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The full_name from Windows can be longer than 255 chars which results in
a warning on log level 0 that we have a string overflow. This will avoid
the warning. However we should fix this sooner or later on the protocol
level to have no limit.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 4 16:49:11 CEST 2014 on sn-devel-104
Andrew Bartlett [Tue, 3 Jun 2014 08:10:47 +0000 (20:10 +1200)]
docs: Update Roadmap
Change-Id: I336f0c23759ea48fdb2bc3349d8fe19849645fb5 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Jun 4 13:33:05 CEST 2014 on sn-devel-104
Andrew Bartlett [Thu, 8 May 2014 00:16:24 +0000 (12:16 +1200)]
s3-rpc_server: Use C99 types in rpc_pipes.h
Change-Id: Ic282f02f421870ff8a8623005979f8a034902d88 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 4 05:48:29 CEST 2014 on sn-devel-104
Andrew Bartlett [Tue, 6 May 2014 01:38:44 +0000 (13:38 +1200)]
s4-messaging: Make header guard less generic
Change-Id: I659bbb317e69aee6632db8bce3c4bdb5f9ad3d8d Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Change-Id: Ie94d207fed91e9dfd85ee3c3339c376b25ac5fa4 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 9 Apr 2014 03:54:07 +0000 (15:54 +1200)]
make winbindd work in "samba4" member server modes
These modes are useful for testing aspects of the code like the rpc proxy.
Andrew Bartlett
Change-Id: I87b3ac0df299dd176599f824f8815880470c6401 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 16 May 2014 08:04:21 +0000 (20:04 +1200)]
s3-param: Add lp_dnsdomain() for use by winbindd
Change-Id: I987aa533ebe11c93b9e836fafc7b19c81bf600a5 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Mon, 28 Apr 2014 09:07:59 +0000 (21:07 +1200)]
winbindd: Use rpc_pipe_open_interface() so that winbindd uses the correct rpc servers
This means that in the AD DC, we use the AD DC servers, while in the classic DC or file server we continue
to use the built-in SAMR and LSA servers.
Andrew Bartlett
Change-Id: I63b1443f5665016f7fcbed35907ec29d4424ab18 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Mon, 28 Apr 2014 21:08:25 +0000 (09:08 +1200)]
s3-rpc_server: Give log messages on failure
Change-Id: I240d58fdf71bbab42d1ffb63bb52b9650fd4bd85 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Mon, 28 Apr 2014 09:03:40 +0000 (21:03 +1200)]
winbindd: Remove pointless if statement
Change-Id: I7d2646078f6e7ba596b92da7d37c285d10ad38c0 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Sun, 18 May 2014 23:08:00 +0000 (11:08 +1200)]
winbindd: explain that this check protects the AD DC machine account password (for now at least)
Change-Id: I2e2eb2e7fc4a12f27025f42e4cc41560311ce6c8 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 23 May 2014 04:41:33 +0000 (16:41 +1200)]
dsdb: Do not give an error is metadata.tdb does not yet exist
Change-Id: I88ee188c776364fd66da388ce01fc9288aa2ded0 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Mon, 19 May 2014 21:23:33 +0000 (09:23 +1200)]
selftest: Add knownfail entries for wbinfo --user-info tests only on the failing environments
This is better than skipping on every environment in the test
Andrew Bartlett
Change-Id: Ib4b114059d8f8bb05a9bdc2eca0f71310fc5a3bc Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Mon, 19 May 2014 05:32:56 +0000 (17:32 +1200)]
selftest: move all winbind test rules to one place
We now run wbinfo_simple additionally against plugin_s4_dc and dc
This also extends many of the tests to run against more environments,
hence the additional knownfail entries.
For winbind.wbclient, the fl2003dc environment has been selected not
to run with password history so as to allow the winindd.wbinfo test to
complete (once switched to running winbindd).
Andrew Bartlett
Change-Id: I475fd9937e515796b5e47c042a8bfa85f76441ca Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Mon, 19 May 2014 23:16:07 +0000 (11:16 +1200)]
selftest: enable winbind enum users/groups in s4 environments
Change-Id: I5a9218294580670048636645315a9cf217618e58 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Mon, 12 May 2014 05:10:14 +0000 (17:10 +1200)]
selftest: Make test_wbinfo.sh work with s3-winbindd
Change-Id: I41ed850b6424eac3fb8b6603d5b87c66bb77dd51 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Mon, 12 May 2014 02:29:27 +0000 (14:29 +1200)]
libwbclient-tests: No longer hardcoded password and test domain
The password is made more complex, and the test domain is made to
use the command line options.
Andrew Bartlett
Change-Id: Ia1ec24a9fc393e7f7b210f845bcf32dbc933d48f Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 9 Apr 2014 03:37:33 +0000 (15:37 +1200)]
selftest: Run samba4.blackbox.wbinfo against plugin_s4_dc
Change-Id: I5580de814d5fe000d352f3c78743837d26f9422d Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Mon, 31 Mar 2014 07:47:18 +0000 (20:47 +1300)]
selftest: Set winbind separator = /
This avoids a pile of shell-script escape pain, and fixes some tests.
Andrew Bartlett
Change-Id: Ie1d0e32ab484a5b0ddbc4073831fe6de27e38e92 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Sat, 24 May 2014 10:47:30 +0000 (22:47 +1200)]
selftest: consitently use the name s4member
This avoids a conflict with the Samba3.pm defined member environment, and so spurious
failures in make test for the member environment dependent on test ordering.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Tue, 3 Jun 2014 08:20:08 +0000 (20:20 +1200)]
docs: Remove out of date Kerberos and security chapter
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 3 21:24:45 CEST 2014 on sn-devel-104
Michael Adam [Sat, 31 May 2014 10:16:08 +0000 (12:16 +0200)]
s3:messaging: protect use of msg_control with HAVE_STRUCT_MSGHDR_MSG_CONTROL
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Jun 3 01:14:17 CEST 2014 on sn-devel-104
This avoids recursion into smbd_smb2_io_handler(),
which avoids confusion when analysing out put of
performance analysing tools, e.g. callgrind.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 31 04:25:36 CEST 2014 on sn-devel-104
Volker Lendecke [Tue, 18 Feb 2014 19:51:23 +0000 (20:51 +0100)]
messaging3: Enforce just one messaging context
The current messaging implementation is based on a tdb indexed by server_id. If
we have more than one messaging context in a process, messages might not arrive
at the right context and be dropped, depending on which signal handler is
triggered first.
This is the same patch as bd55fdb lifted to messaging.c
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Wed, 28 May 2014 15:57:31 +0000 (17:57 +0200)]
Fix several talloc stack frames not freed
Signed-off-by: Samuel Cabrero <scabrero@zentyal.com> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date(master): Fri May 30 15:29:29 CEST 2014 on sn-devel-104
Michael Adam [Tue, 13 May 2014 10:42:32 +0000 (12:42 +0200)]
s3:messaging: change unix_dgram_recv_handler() to use recvmsg, not recv
This is in preparation of adding fd-passing to messaging.
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 30 02:28:15 CEST 2014 on sn-devel-104
Martin Schwenke [Fri, 23 May 2014 11:58:55 +0000 (21:58 +1000)]
ctdb-tools-ctdb: Make natgwlist and lvsmaster more resilient
Recent changes have caused these commands to attempt to get
capabilities from all nodes before doing further filtering. This
means that capabilities are unnecessarily fetched from nodes that are
unlikely to be the master. If such a node does not answer the control
then many nodes can fail to calculate the master node. In the case of
natgwlist this will cause "monitor" events to fail resulting in
unhealthy nodes.
Restore the behaviour where capabilities are only fetched for a node
that will be the master if it has the desired flags.
Although this masks a problem where a connected node is not replying,
it can help to avoid an outage in some cases.
Add supporting tests and infrastructure. Infrastructure just lets a
timeout be faked - just for ctdb_ctrl_getcapabilities_stub() so far.
First test checks that this infrastructure works if the first node
times out in natgwlist. Second test checks the case worked around by
the above fix - that is, no failure when a node with PNN beyond the
NATGW master can time out.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu May 29 05:59:37 CEST 2014 on sn-devel-104