David Disseldorp [Tue, 14 May 2013 22:45:17 +0000 (00:45 +0200)]
selftest: run the FSRVP test suite against s3fs
With FSRVP server support now present along with suitable mock-up test
infrastructure, run the FSRVP test suite against s3fs.
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Tue, 14 May 2013 22:42:35 +0000 (00:42 +0200)]
selftest: add snapshot share configuration
Define a share that uses both vfs_shell_snap and fake_snap.pl to create,
delete and expose fake snapshots in response to FSRVP requests.
Additionally test snapshot enumeration and access via the shadow_copy2
module.
Allow for simple testing of FSRVP message sequence timeouts, by
specifying an artificially small interval.
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Mon, 7 Jul 2014 12:16:13 +0000 (14:16 +0200)]
doc: add vfs_shell_snap manpage
Document usage of the shell_snap VFS module, explaining when and how
each of the shell script commands are called.
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Wed, 30 Jan 2013 13:42:46 +0000 (14:42 +0100)]
vfs: add vfs_shell_snap module
The shell_snap VFS module plumbs into the snapshot (aka shadow-copy)
management paths used by Samba's File Server Remote VSS Protocol (FSRVP)
server.
The following shell callouts may be configured in smb.conf:
shell_snap: check path command
- Called when an FSRVP client wishes to check whether a given
share supports snapshot create/delete requests.
- The command is called with a single <share path> argument.
- The command must return 0 if <share path> is capable of being
snapshotted.
shell_snap: create command
- Called when an FSRVP client wishes to create a snapshot.
- The command is called with a single <share path> argument.
- The command must return 0 status if the snapshot was
successfully taken.
- The command must output the path of the newly created snapshot
to stdout.
shell_snap: delete command
- Called when an FSRVP client wishes to delete a snapshot.
- The command is called with <base share path> and
<snapshot share path> arguments.
- The command must return 0 status if the snapshot was
successfully removed.
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Fri, 14 Sep 2012 18:55:40 +0000 (20:55 +0200)]
doc: explain vfs_btrfs remote snapshot configuration
This extends the vfs_btrfs man page to also cover FSRVP remote snapshot
behaviour and configuration.
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Fri, 14 Feb 2014 00:18:41 +0000 (01:18 +0100)]
doc: explain vfs_snapper remote snapshot configuration
This extends the vfs_snapper man page to also cover FSRVP remote
snapshot behaviour and configuration.
The permissions section is also extended to describe specific Samba and
Snapper requirements for remote snapshot creation and deletion using
DiskShadow.exe.
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Wed, 26 Nov 2014 12:01:00 +0000 (13:01 +0100)]
doc: "prune stale" and "sequence timeout" fssd parameters
This change adds smb.conf documentation for the "fss: prune stale" and
"fss: sequence timeout" parameters accepted by Samba's FSRVP server.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Noel Power [Thu, 13 Nov 2014 11:13:35 +0000 (11:13 +0000)]
fsrvp: prune shadow copies if associated path doesn't exist
This patch implements some simple FSRVP server housekeeping. On startup
the server scans the cached entries, any entries where the underlying
system paths associated with shadow copies no longer exist are removed
from the cache and from the registry.
This behaviour is disabled by default, but can be enabled via the new
"fss: prune stale" smb.conf parameter.
Signed-off-by: Noel Power <noel.power@suse.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Tue, 10 Apr 2012 12:32:41 +0000 (14:32 +0200)]
fsrvp: add remote snapshot RPC server
The Samba fss_agent RPC server is an implementation of the File Server
Remote VSS (Volume Shadow Copy Service) Protocol, or FSRVP for short.
FSRVP is new with Windows Server 2012, and allows authenticated clients
to remotely request the creation, exposure and deletion of share
snapshots.
The fss_agent RPC server processes requests on the FssAgentRpc named
pipe, and dispatches relevant snapshot creation and deletion requests
through to the VFS.
The registry smb.conf back-end is used to expose snapshot shares, with
configuration parameters and share ACLs cloned from the base share.
There are three FSRVP client implementations that I'm aware of:
- Samba rpcclient includes fss_X commands.
- Windows Server 2012 includes diskshadow.exe.
- System Center 2012.
FSRVP operations are only processed for users with:
- Built-in Administrators group membership, or
- Built-in Backup Operators group membership, or
- Backup Operator privileges, or
- Security token matches the initial process UID
MS-FSRVP specifies that server state should be stored persistently
during operation and retrieved on startup. Use the existing fss_srv.tdb
FSRVP state storage back-end to satisfy this requirement.
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Sun, 14 Oct 2012 17:54:24 +0000 (19:54 +0200)]
vfs_snapper: create/delete snapshot support
Extend vfs_snapper to support the new remote snapshot creation and
deletion hooks added for FSRVP.
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Tue, 4 Sep 2012 13:29:58 +0000 (15:29 +0200)]
vfs_btrfs: add snapshot create/delete calls
The "btrfs: manipulate snapshots" smb.conf parameter is disabled by
default, to encourage use of, and pass requests through to, the
vfs_snapper module.
When enabled, issue BTRFS_IOC_SNAP_CREATE_V2 and BTRFS_IOC_SNAP_DESTROY
ioctls accordingly. The ioctls are issued as root, so rely on permission
checks in the calling FSRVP server process.
Base share paths must exist as btrfs subvolumes in order to
be supported for snapshot operations.
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Mon, 23 Mar 2015 18:37:05 +0000 (19:37 +0100)]
replace: check for dirname() and basename()
These functions are provided by libgen.h, and conform to POSIX.1-2001.
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Tue, 10 Apr 2012 01:16:57 +0000 (03:16 +0200)]
vfs: add snapshot create/delete hooks
This change adds three new VFS hooks covering snapshot manipulation:
- snap_check_path
Check whether a path supports snapshots.
- snap_create
Request the creation of a snapshot of the provided path.
- snap_delete
Request the deletion of a snapshot.
These VFS call-outs will be used in future by Samba's File Server Remote
VSS Protocol (FSRVP) server.
MS-FSVRP states:
At any given time, Windows servers allow only one shadow copy set to
be going through the creation process.
Therefore, only provide synchronous hooks for now, which can be
converted to asynchronous _send/_recv functions when the corresponding
DCE/RPC server infrastructure is in place.
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Tue, 11 Sep 2012 09:59:45 +0000 (11:59 +0200)]
torture: add local FSRVP server state tests
Test the storage and retrieval of FSRVP server state, with varying
shadow-copy set, shadow copy and share map hierarchies.
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Fri, 3 Jan 2014 15:21:22 +0000 (16:21 +0100)]
fsrvp: add server state storage back-end
MS-FSRVP specifies:
the server MUST persist all state information into an implementation-
specific configuration store.
This change adds a fss_srv TDB database to preserve FSRVP server state,
with the following keys used to track shadow copy state and hierarchy:
- sc_set/<shadow copy set GUID>
A shadow copy set tracks a collection of zero or more shadow copies,
as initiated by a StartShadowCopySet FSRVP client request.
- sc_set/<shadow copy set GUID>/sc/<shadow copy GUID>
A shadow copy defines information about a snapshot base volume, the
snapshot path, and a collection of share maps. It is initiated by an
AddToShadowCopySet client request.
- sc_set/<shadow copy set GUID>/sc/<shadow copy GUID>/smap/<smap GUID>
A share map tracks new shares that are created to expose shadow
copies.
All structures are marshalled into on-disk format using the previously
added fsrvp_state IDL library.
Signed-off-by: David Disseldorp <ddiss@samba.org>
David Disseldorp [Wed, 25 Mar 2015 11:35:27 +0000 (12:35 +0100)]
librpc: add FSRVP server state idl
FSRVP server state must be retained persistently. This change adds IDL
definitions for the share map, shadow-copy and shadow-copy set types,
which will be used for marshalling and unmarshalling state alongside
database storage or retrieval.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Jelmer Vernooij [Sat, 28 Mar 2015 16:11:51 +0000 (16:11 +0000)]
Check for third party Python modules during configure.
Inform the user whether the module was found on the system, or if the
bundled copy is being used. If the module is not found, suggest what
they can do to make it available to Samba.
Change-Id: I89ec57a2acf87768ca3714add59575578d2ee399
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Mar 30 13:40:33 CEST 2015 on sn-devel-104
Jelmer Vernooij [Sat, 28 Mar 2015 15:43:29 +0000 (15:43 +0000)]
Move configure part of third party to third_party/wscript.
Change-Id: I34875a8bde99df2e0a2659677e88640bb0ec1816
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Jelmer Vernooij [Sat, 28 Mar 2015 16:15:03 +0000 (16:15 +0000)]
Pass --recursive to 'git clone' in autobuild.
This makes it possible to use submodules in Samba.
Change-Id: Iccb1876b1daf82864b18486f2dca9036d7d3c75c
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Volker Lendecke [Sun, 29 Mar 2015 16:17:46 +0000 (18:17 +0200)]
groupdb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Volker Lendecke [Sun, 29 Mar 2015 13:59:41 +0000 (15:59 +0200)]
heimdal: Fix a warning
99% this is what was meant....
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Volker Lendecke [Sun, 29 Mar 2015 13:59:41 +0000 (15:59 +0200)]
heimdal: Fix a warning
99% this is what was meant....
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Christof Schmitt [Fri, 27 Mar 2015 20:16:41 +0000 (13:16 -0700)]
vfs_gpfs: Remove warning after failure of get_gpfs_fset_id
get_gpfs_fset_id already emits more detailed warnings, there is no need
to print an additional warning in the calling function.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Amitay Isaacs [Fri, 27 Mar 2015 01:00:56 +0000 (12:00 +1100)]
ctdb-tests: Switch to tcp check in rpcinfo stub
Use -T tcp instead of deprecated options -u and -t. Also, check for
localhost.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Mar 27 09:16:50 CET 2015 on sn-devel-104
Amitay Isaacs [Fri, 27 Mar 2015 01:04:03 +0000 (12:04 +1100)]
ctdb-scripts: Use tcp connection for checking RPC services
It's possible for a RPC service to register only for UDP and not TCP.
Since we assume all the NFS operations are over TCP, always check RPC
services over TCP.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Tue, 24 Mar 2015 09:12:51 +0000 (20:12 +1100)]
ctdb-scripts: Respect $RPCMOUNTDOPTS when restarting rpc.mountd
$RPCMOUNTDOPTS is ignored when restarting rpc.statd due to the service
being unresponsive. This variable can be used to increase the number
of rpc.mountd threads when there are a lot of clients reattaching so
ignoring it can mean that only a single rpc.mount thread is started.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Amitay Isaacs [Wed, 30 Jul 2014 04:31:54 +0000 (14:31 +1000)]
ctdb-daemon: Drop tunable that is no longer in use
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 30 Jul 2014 02:32:08 +0000 (12:32 +1000)]
ctdb-recoverd: Fix typo in comment
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Christof Schmitt [Mon, 23 Mar 2015 23:16:36 +0000 (16:16 -0700)]
selftest: Use 'logging' parameter instead of 'syslog'
'syslog' has been deprecated, so use the new 'logging' parameter
instead.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Mar 27 06:38:32 CET 2015 on sn-devel-104
Andreas Schneider [Thu, 26 Mar 2015 09:58:18 +0000 (10:58 +0100)]
s4-process_model: Panic if the standard init function fails
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 26 Mar 2015 09:48:31 +0000 (10:48 +0100)]
s4-process_model: Do not close random fds while forking.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11180
The issue has been found with nss_wrapper debug output running:
samba4.ntvfs.cifs.krb5.base.lock
In the case here, we fork a child and close the fd without resetting
the pipe fd variable. Then the fd was used to open the nss_wrapper
hosts file which got the same fd. We forked again in the process model
called close() on the re-used fd (of the pipe variable) again without
nss_wrapper noticing. Now Samba opened the secrets tdb and got
the same fd as nss_wrapper was using for the hosts file and next
nss_wrapper tried to parse a TDB ...
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 26 Mar 2015 09:24:05 +0000 (09:24 +0000)]
s4:kdc/db-glue: samba_kdc_trust_message2entry() should use the normalized principal as salt
smbclient //w2012r2-183.w2012r2-l4.base/netlogon -c 'ls' -k yes -Uadministrator@S4XDOM.BASE%
A1b2C3d4
worked while
smbclient //w2012r2-183.w2012r2-l4.base/netlogon -c 'ls' -k yes -Uadministrator@s4xdom.base
failed, if aes keys are used across the trust.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Mar 27 04:02:05 CET 2015 on sn-devel-104
Stefan Metzmacher [Thu, 26 Mar 2015 10:00:10 +0000 (11:00 +0100)]
libcli/util: remove unused WERR_BAD_PASSWORD
The values are the same, but WERR_INVALID_PASSWORD matches the documentation.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 26 Mar 2015 10:00:10 +0000 (11:00 +0100)]
libcli/auth: use WERR_INVALID_PASSWORD instead of WERR_BAD_PASSWORD
The values are the same, but WERR_INVALID_PASSWORD matches the documentation.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 26 Mar 2015 10:00:10 +0000 (11:00 +0100)]
docs-xml/Samba3-HOWTO: add reference to WERR_INVALID_PASSWORD were we had only WERR_BAD_PASSWORD
The values are the same, but WERR_INVALID_PASSWORD matches the documentation
and the new win_errstr() output.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 24 Mar 2015 18:05:10 +0000 (19:05 +0100)]
selftest: use dns_lookup_* = true in krb5.conf
We only need to specify explicit entries for the local realm
in order to provision the server.
Everything else is handled by real dns or faked dns via resolv wrapper.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Tue, 10 Feb 2015 12:23:14 +0000 (13:23 +0100)]
s4-kdc/db_glue: avoid accessing private struct members when there are accessor funcs.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Tue, 10 Feb 2015 12:14:21 +0000 (13:14 +0100)]
s4-kdc/db_glue: use smb_krb5_principal_set_type().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Tue, 10 Feb 2015 12:38:41 +0000 (13:38 +0100)]
krb5_wrap: fix documentation for smb_krb5_principal_get_comp_string().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Tue, 10 Feb 2015 12:13:01 +0000 (13:13 +0100)]
krb5_wrap: add smb_krb5_principal_set_type().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Sat, 7 Feb 2015 14:12:45 +0000 (15:12 +0100)]
s4-auth: fix DEBUG statement.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Sat, 7 Feb 2015 09:48:30 +0000 (10:48 +0100)]
gensec: map KRB5KRB_AP_ERR_BAD_INTEGRITY to logon failure.
When requesting initiator credentials fails, we need to map the error code
KRB5KRB_AP_ERR_BAD_INTEGRITY to NT_STATUS_LOGON_FAILURE as well. This is what
current MIT kerberos returns.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 19 Dec 2014 15:35:48 +0000 (16:35 +0100)]
s4-kdc/db-glue: make sure to use smb_krb5_get_pw_salt and smb_krb5_create_key_from_string.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 26 Mar 2015 10:31:34 +0000 (11:31 +0100)]
lib/krb5_wrap: use krb5_const_principal in smb_krb5_get_pw_salt().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 26 Mar 2015 10:21:06 +0000 (11:21 +0100)]
lib/krb5_wrap: use krb5_const_principal in smb_krb5_create_key_from_string.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Tue, 29 Jul 2014 16:32:20 +0000 (18:32 +0200)]
s4-auth: avoid double free of krb5 kt_entries when compiling with MIT kerberos library.
Guenther
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Tue, 29 Jul 2014 10:33:49 +0000 (12:33 +0200)]
s4-gensec: Check if we have delegated credentials.
With MIT Kerberos it is possible that the GSS_C_DELEG_FLAG is set, but
the delegated_cred_handle is NULL which results in a NULL-pointer
dereference. This way we fix it.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 16 May 2014 09:44:49 +0000 (11:44 +0200)]
s4-kdc/db-glue: use smb_krb5_principal_get_comp_string in dbglue.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 16 May 2014 09:44:02 +0000 (11:44 +0200)]
s4-kdc/db-glue: use principal_comp_str{case}cmp.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 15 May 2014 13:57:06 +0000 (15:57 +0200)]
s4-kdc/db-glue: add principal_comp_str{case}cmp
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 9 May 2014 22:49:44 +0000 (00:49 +0200)]
s4-kdc: pass down only a samba_kdc_entry to samba_krbtgt_is_in_db().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 9 May 2014 22:26:21 +0000 (00:26 +0200)]
s4-kdc: pass down only a samba_kdc_entry to samba_kdc_get_pac_blob().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 9 May 2014 21:26:42 +0000 (23:26 +0200)]
s4-kdc: pass down only a samba_kdc_entry to samba_princ_needs_pac().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 9 May 2014 12:58:08 +0000 (14:58 +0200)]
s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2proxy().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 9 May 2014 12:56:22 +0000 (14:56 +0200)]
s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_pkinit_ms_upn_match().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 9 May 2014 12:54:23 +0000 (14:54 +0200)]
s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2self().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 8 May 2014 13:15:40 +0000 (15:15 +0200)]
s4-kdc: build some kdc components only for Heimdal KDCs.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 8 May 2014 12:47:05 +0000 (14:47 +0200)]
lib/krb5_wrap: provide KRB5KDC_ERR_KEY_EXPIRED error code matching MIT.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 8 May 2014 12:42:20 +0000 (14:42 +0200)]
s4-kdc/db_glue: workaround different CLIENT_NAME_MISMATCH error codes.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 25 Mar 2015 15:04:06 +0000 (15:04 +0000)]
librpc/ndr_nbt: we need to keep a trailing '.' in the last component of an nbt_string
Windows uses a username of 'domain.example.com.' as username and we need to
return it that way in the NETLOGON_SAM_LOGON_RESPONSE_EX reply.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 25 Mar 2015 19:15:42 +0000 (20:15 +0100)]
lsa.idl: add LSA_POLICY_NOTIFICATION to LSA_POLICY_ALL_ACCESS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 23 Mar 2015 19:37:23 +0000 (20:37 +0100)]
s4:selftest: run rpc.netlogon.admin against also ad_dc
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andrew Bartlett [Tue, 10 Mar 2015 03:23:40 +0000 (16:23 +1300)]
torture: Run lsa.trusted.domains auth tests against samba4
We only need to skip th CreateTrustedDomainEx, which the docs strongly suggested not to use
in any case.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andrew Bartlett [Tue, 10 Mar 2015 03:04:30 +0000 (16:04 +1300)]
torture-lsa: Allow rpc.lsa.trusted.domains to run successfully
We need to create a new binding, as the old binding has the wrong pipe in it (lsa, not netlogon).
Otherwise, we try to bind using the LSA UUID on the netlogon pipe, and Samba rejects that
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 10 Mar 2015 09:14:29 +0000 (10:14 +0100)]
s4:torture/rpc: use torture_skip() if torture:Forest_Trust_Dom2_Binding isn't specified for rpc.lsa.forest.trust
We should exit 0 in this case, as it's not really an error.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 10 Mar 2015 09:14:29 +0000 (10:14 +0100)]
s4:torture/rpc: test the old password in test_validate_trust() for rpc.lsa.forest.trust
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 10 Mar 2015 09:14:29 +0000 (10:14 +0100)]
s4:torture/rpc: really use LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE in rpc.lsa.forest.trust
We really want to test forest trust and not external trusts here!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 10 Mar 2015 09:14:29 +0000 (10:14 +0100)]
s4:torture/rpc: use torture_assert*() macros for rpc.lsa.forest.trust
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 23 Mar 2015 23:16:29 +0000 (00:16 +0100)]
s4:torture/rpc: fix test_EnumTrustDomEx() with existing domains
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 24 Mar 2015 01:13:10 +0000 (02:13 +0100)]
s4:rpc_server/lsa: correctly set *r->out.resume_handle with NT_STATUS_OK in lsa_EnumTrustedDomainsEx()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 23 Mar 2015 22:15:45 +0000 (23:15 +0100)]
s4:torture/rpc: use unique sids and names for trusted domains
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 23 Mar 2015 12:30:11 +0000 (13:30 +0100)]
s4:torture/rpc: sync test_LogonControl2Ex with test_LogonControl2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 23 Mar 2015 15:01:31 +0000 (16:01 +0100)]
s4:torture/rpc: let rpc.netlogon.admin pass against windows 2012r2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 24 Mar 2015 12:29:14 +0000 (13:29 +0100)]
s3:rpc_server/netlogon: improve the netr_LogonControl*() error returns
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 23 Mar 2015 14:32:59 +0000 (15:32 +0100)]
s4:torture/rpc: let test_LogonControl() also accept WERR_NOT_SUPPORTED for NETLOGON_CONTROL_TRUNCATE_LOG
There's no reason to have this implemented in samba.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 23 Mar 2015 15:02:19 +0000 (16:02 +0100)]
s4:torture/rpc: don't use the same names for 3 different tests
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 23 Mar 2015 10:32:55 +0000 (11:32 +0100)]
libcli/util: let WERR_UNKNOWN_LEVEL be an alias to WERR_INVALID_LEVEL
WERR_INVALID_LEVEL is the documented name that should be printed
in logs.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Sat, 21 Mar 2015 16:31:30 +0000 (17:31 +0100)]
nsswitch: improve error messages in wbinfo calls
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Sat, 21 Mar 2015 09:00:22 +0000 (10:00 +0100)]
s4:heimdal_build: remove allow_warnings=True from HEIMDAL_ASN1()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Richard Sharpe [Tue, 24 Mar 2015 14:16:26 +0000 (07:16 -0700)]
Rename SMB2_OP_FIND to SMB2_OP_QUERY_DIRECTORY so that it conforms with the MS document MS-SMB2.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 27 01:24:47 CET 2015 on sn-devel-104
Jelmer Vernooij [Wed, 25 Mar 2015 11:13:42 +0000 (11:13 +0000)]
Move update-external.sh to third_party/
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jelmer Vernooij [Wed, 25 Mar 2015 11:13:41 +0000 (11:13 +0000)]
Merge update-waf.sh into update-external.sh
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jelmer Vernooij [Wed, 25 Mar 2015 11:13:40 +0000 (11:13 +0000)]
Move waf into third_party/.
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 26 Mar 2015 17:09:46 +0000 (10:09 -0700)]
s3: libsmbclient: Add missing talloc stackframe.
Bug 11177 - no talloc stackframe at ../source3/libsmb/clifsinfo.c:444, leaking memory
https://bugzilla.samba.org/show_bug.cgi?id=11177
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Mar 26 22:21:30 CET 2015 on sn-devel-104
Michael Adam [Thu, 26 Mar 2015 12:45:50 +0000 (13:45 +0100)]
docs: fix duplicate word in explanation of parameter 'logging'.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Anoop C S [Thu, 26 Mar 2015 08:35:19 +0000 (14:05 +0530)]
libnetapi: Fix 241166 Fixing logically dead code
Signed-off-by: Anoop C S <achiraya@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Mar 26 17:30:27 CET 2015 on sn-devel-104
Anoop C S [Thu, 26 Mar 2015 12:36:44 +0000 (18:06 +0530)]
registry: Fix
1273042 Identical code for if/else branch
Signed-off-by: Anoop C S <achiraya@redhat.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Volker Lendecke [Thu, 26 Mar 2015 12:11:14 +0000 (13:11 +0100)]
ctdb: Fix CID
1125615 Copy into fixed size buffer
Might be a "can't happen", but strcpy always looks fishy
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Thu, 26 Mar 2015 12:06:26 +0000 (13:06 +0100)]
ctdb: Fix CID
1125634 Out-of-bounds write
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Thu, 26 Mar 2015 09:21:20 +0000 (10:21 +0100)]
lib: Fix CID
1273009 Dereference after null check
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Thu, 26 Mar 2015 09:14:22 +0000 (10:14 +0100)]
loadparm: Fix CID
1273054 Improper use of negative value
Probably a "can't happen", but formally lpcfg_map_parameter can return -1
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
David Disseldorp [Thu, 26 Mar 2015 11:21:44 +0000 (12:21 +0100)]
replace: clean-up strlcpy and add note on return value
The existing implementation uses single line ifs, making the code hard
to visually parse.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Ralph Boehme [Mon, 2 Mar 2015 17:15:06 +0000 (18:15 +0100)]
vfs_fruit: enhance handling of malformed AppleDouble files
Trying for fixup a broken AppleDouble file with a resourcefork entry
offset + length > filesystem resulted in a crashing memmove() in
ad_convert().
Add a specific safety check that stats the ._ file and limits the
resource fork length to the filesize.
While we're at it, now that we know the filesize in ad_unpack(), add
additional checks that verify this.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11125
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Mar 26 12:39:01 CET 2015 on sn-devel-104
Jeremy Allison [Fri, 20 Mar 2015 17:59:08 +0000 (10:59 -0700)]
lib: tdb: Use sigaction when testing for robust mutexes.
Working fix that copes with oldact.sa_handler == NULL
if no handler initially set.
Fixes bug #11175 - Lots of winbindd zombie processes on Solaris platform.
https://bugzilla.samba.org/show_bug.cgi?id=11175
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Mar 26 04:29:42 CET 2015 on sn-devel-104
Jeremy Allison [Thu, 19 Mar 2015 20:10:33 +0000 (13:10 -0700)]
s3: client - "client use spnego principal = yes" code checks wrong name.
Bug 10888 - smbclient doesn't ignore "not_defined_in_RFC4178@please_ignore"
https://bugzilla.samba.org/show_bug.cgi?id=10888
Code patch from <martin.wilck@ts.fujitsu.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan (metze) Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 26 00:56:25 CET 2015 on sn-devel-104
Jeremy Allison [Thu, 19 Mar 2015 20:09:21 +0000 (13:09 -0700)]
docs: Mark 'client use spnego principal' as deprecated and also a bad idea.
Bug 10888 - smbclient doesn't ignore "not_defined_in_RFC4178@please_ignore"
https://bugzilla.samba.org/show_bug.cgi?id=10888
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan (metze) Metzmacher <metze@samba.org>
Julien Kerihuel [Wed, 25 Mar 2015 04:06:03 +0000 (21:06 -0700)]
Add multiplex state to dcerpc flags and control over multiplex PFC flag in bind_ack and and dcesrv_alter replies
Signed-off-by: Julien Kerihuel <j.kerihuel@openchange.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Günther Deschner [Wed, 25 Mar 2015 16:38:12 +0000 (17:38 +0100)]
pidl/python: add prototypes into header section of generated c-files.
This stops emmiting hundreds of warnings when compiling with
-Wmissing-prototypes.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Mar 25 20:45:01 CET 2015 on sn-devel-104
Andreas Schneider [Wed, 25 Mar 2015 10:39:54 +0000 (11:39 +0100)]
Revert "lib: tdb: Use sigaction when testing for robust mutexes."
This fails on Linux platforms with robust mutex support with the
following error:
tdb(/home/asn/workspace/projects/samba/git/st/nt4_dc/lockdir/gencache_notrans.tdb):
tdb_mutex_open_ok[/home/asn/workspace/projects/samba/git/st/nt4_dc/lockdir/gencache_notrans.tdb]:
Can use mutexes only with MUTEX_LOCKING or NOLOCK
We also see winbind is not able to start with this error message trying
to open the serverid.tdb.
This reverts commit
d1914367289b58f26544ee6e116490d662d9c41c.
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar 25 14:58:38 CET 2015 on sn-devel-104
Stefan Metzmacher [Wed, 25 Mar 2015 10:56:57 +0000 (10:56 +0000)]
lib/util: fix the default code path for debug_set_settings()
logging_param is typically "" instead of NULL!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>