Stefan Metzmacher [Tue, 6 Mar 2012 19:19:46 +0000 (20:19 +0100)]
Revert "smb2.connect loop"
This reverts commit
53854afecdb44d2c09a756d0e06a21ade429fa6e.
Stefan Metzmacher [Sun, 29 Jan 2012 10:30:59 +0000 (11:30 +0100)]
smb2.connect loop
Stefan Metzmacher [Wed, 22 Feb 2012 10:19:52 +0000 (11:19 +0100)]
lib/crypto/hmac_sha256_kdf.c
Stefan Metzmacher [Tue, 20 Sep 2011 07:53:38 +0000 (09:53 +0200)]
TODO: skip cli_echo SMB2
Stefan Metzmacher [Wed, 23 May 2012 12:20:51 +0000 (14:20 +0200)]
Revert "largest valid SMB 2.02 smb2create"
This reverts commit
ae681fbad12d92494a5e43d3fe61f42bdbbdc122.
Stefan Metzmacher [Wed, 2 Nov 2011 13:53:53 +0000 (14:53 +0100)]
Revert "largest smb2.1 create"
This reverts commit
07eaeadddd30783882f964469f62a0c4d5267b44.
Stefan Metzmacher [Tue, 6 Sep 2011 08:55:03 +0000 (10:55 +0200)]
largest smb2.1 create
Stefan Metzmacher [Mon, 5 Sep 2011 16:49:45 +0000 (18:49 +0200)]
largest valid SMB 2.02 smb2create
Stefan Metzmacher [Tue, 6 Dec 2011 08:35:33 +0000 (09:35 +0100)]
Revert "DEBUG cancel"
This reverts commit
c213ffe0151a86a664bc140b5e59590c0b32e764.
Stefan Metzmacher [Thu, 17 Nov 2011 16:57:12 +0000 (17:57 +0100)]
DEBUG cancel
Stefan Metzmacher [Thu, 17 Nov 2011 16:56:52 +0000 (17:56 +0100)]
TODO cli_openx_cancel
Stefan Metzmacher [Wed, 21 Dec 2011 10:54:03 +0000 (11:54 +0100)]
TODO SMB2-MULTI-CHANNEL FSCTL_QUERY_NETWORK_INTERFACE_INFO
Stefan Metzmacher [Fri, 3 Feb 2012 12:07:36 +0000 (13:07 +0100)]
Revert "smb2.connect loop"
This reverts commit
32c418ff4334bb1aaa4f45da250f2246d6e5a8be.
Stefan Metzmacher [Sun, 29 Jan 2012 10:30:59 +0000 (11:30 +0100)]
smb2.connect loop
Stefan Metzmacher [Sun, 29 Jan 2012 10:28:41 +0000 (11:28 +0100)]
smb1 CAP_DYNAMIC_REAUTH
Stefan Metzmacher [Thu, 19 Jan 2012 13:37:07 +0000 (14:37 +0100)]
s3:selftest: add ktest-krb5.keytab and use as "dedicated keytab file"
With the same secrets of ktest-secrets.tdb.
metze
Stefan Metzmacher [Sat, 14 Jan 2012 12:37:05 +0000 (13:37 +0100)]
TODO backport? smb1 spnego smb1.sessions.done_sesssetup
Stefan Metzmacher [Fri, 2 Mar 2012 21:00:59 +0000 (22:00 +0100)]
TODO all s4:auth/gensec_gssapi: add NT_STATUS_NO_MEMORY checks
metze
Stefan Metzmacher [Mon, 23 Apr 2012 11:58:55 +0000 (13:58 +0200)]
Revert "TODO s3:gse: gensec_gssapi", "requested_life_time"
This reverts commit
c276841b8271a7e60b30b319394a6dc911132d55.
Stefan Metzmacher [Fri, 20 Apr 2012 11:50:55 +0000 (13:50 +0200)]
TODO s3:gse: gensec_gssapi", "requested_life_time
Stefan Metzmacher [Tue, 20 Sep 2011 22:04:00 +0000 (00:04 +0200)]
smbd-adm
Stefan Metzmacher [Tue, 20 Sep 2011 21:03:19 +0000 (23:03 +0200)]
smbd-adm
Stefan Metzmacher [Tue, 20 Sep 2011 08:27:59 +0000 (10:27 +0200)]
source3/libsmb/smb2cli_ioctl.c
Stefan Metzmacher [Tue, 20 Sep 2011 09:23:05 +0000 (11:23 +0200)]
Revert "cli_list_smb2"
This reverts commit
16b0b2551737889543b3a978ebd689639945fe4f.
Stefan Metzmacher [Tue, 20 Sep 2011 07:53:16 +0000 (09:53 +0200)]
cli_list_smb2
Stefan Metzmacher [Sat, 18 Sep 2010 17:17:17 +0000 (19:17 +0200)]
HACK: pidl: always dump idl and ndr tree
Stefan Metzmacher [Mon, 19 Sep 2011 23:11:19 +0000 (01:11 +0200)]
Revert "TODO doesn't work for cli_trans s3:libsmb: if we have to abort a read_smb requests, we have to disconnect"
This reverts commit
95b385832e6e75b579e5d67aff2cc83d2f983d3c.
Stefan Metzmacher [Mon, 19 Sep 2011 23:11:04 +0000 (01:11 +0200)]
TODO doesn't work for cli_trans s3:libsmb: if we have to abort a read_smb requests, we have to disconnect
metze
Stefan Metzmacher [Tue, 5 Jul 2011 14:25:39 +0000 (16:25 +0200)]
HACK: add smbd-adm.txt
Stefan Metzmacher [Fri, 18 Nov 2011 11:31:50 +0000 (12:31 +0100)]
Revert "DEBUG cancel CHAIN1"
This reverts commit
84dc044596e81dd072a89461647b5e777570e73a.
Stefan Metzmacher [Fri, 18 Nov 2011 11:31:38 +0000 (12:31 +0100)]
DEBUG cancel CHAIN1
Stefan Metzmacher [Thu, 29 Sep 2011 17:45:52 +0000 (19:45 +0200)]
TESTING smb2.read.eof...
Jamie McClymont [Mon, 15 Jan 2018 02:25:10 +0000 (15:25 +1300)]
selftest: fix envvars for creation of default user in wait_for_start
Resolves failure of ad_member to start up under ad_dc (if
the user is determined to be needed).
Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13225
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Jan 16 07:12:01 CET 2018 on sn-devel-144
Volker Lendecke [Mon, 15 Jan 2018 10:42:29 +0000 (11:42 +0100)]
srcctl3: Improve debug messages
A customer's syslog was filled with
_svcctl_OpenServiceW: Failed to get a valid security descriptor
messages. This improves the messages to give info about which service failed
with which error code. Also, it makes OpenServiceW fail with the same error
message Windows fails with for unknown services.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 16 02:43:03 CET 2018 on sn-devel-144
Volker Lendecke [Mon, 15 Jan 2018 09:47:51 +0000 (10:47 +0100)]
rpc_server: Improve a debug message
A client sending us a bind with an unknown interface should not spam
syslog by default. Also, show what interface the client tried to connect
to.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 11 Jan 2018 08:06:31 +0000 (09:06 +0100)]
s3:rpc_client: Clenup copy_netr_SamInfo3() code
This gets rid of some strange macro and makes sure we clenaup at the
end.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13209
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 15 22:16:13 CET 2018 on sn-devel-144
Andreas Schneider [Thu, 11 Jan 2018 08:37:22 +0000 (09:37 +0100)]
s3:winbind: Use a stackframe and cleanup when leaving
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13209
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Thu, 11 Jan 2018 08:27:50 +0000 (09:27 +0100)]
s3:winbind: Use a goto for cleaning up at the end
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13209
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Thu, 11 Jan 2018 08:23:05 +0000 (09:23 +0100)]
s3:winbindd: Improve logic so it is easier to understand
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13209
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Karolin Seeger [Thu, 11 Jan 2018 10:11:56 +0000 (11:11 +0100)]
VERSION: Bump version up to 4.9.0pre1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Jan 15 02:51:51 CET 2018 on sn-devel-144
Karolin Seeger [Thu, 11 Jan 2018 10:01:57 +0000 (11:01 +0100)]
VERSION: Bump version up to 4.8.0rc1...
and disable GIT_SNAPSHOT for the release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Karolin Seeger [Thu, 11 Jan 2018 09:02:33 +0000 (10:02 +0100)]
WHATSNEW: Add release notes for Samba 4.8.0rc1.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Fri, 12 Jan 2018 12:45:33 +0000 (13:45 +0100)]
s4:torture: Improve error message in whoami test
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Sun Jan 14 22:09:24 CET 2018 on sn-devel-144
Andreas Schneider [Thu, 11 Jan 2018 10:00:43 +0000 (11:00 +0100)]
s3:test: Always validate the join after changing the secret
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Pair-Programmed-With: Ralph Boehme <slow@samba.org>
Mathieu Parent [Thu, 11 Jan 2018 20:18:46 +0000 (21:18 +0100)]
waf: Remove build system info (uname -a)
Preventing reproducible builds while adding minor benefit.
More information at <https://reproducible-builds.org/>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Mathieu Parent [Thu, 12 May 2016 20:16:24 +0000 (22:16 +0200)]
systemd: Fix kill path
Bug-Debian: https://bugs.debian.org/828730
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12402
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Mathieu Parent [Thu, 12 May 2016 20:16:24 +0000 (22:16 +0200)]
systemd: Add documentation to Unit files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12402
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Mathieu Parent [Thu, 11 Jan 2018 09:07:17 +0000 (10:07 +0100)]
systemd: syslog.target is obsolete
After=syslog.target is unnecessary by now because syslog is
socket-activated and will therefore be started when needed.
Ref: https://lintian.debian.org/tags/systemd-service-file-refers-to-obsolete-target.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12402
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Volker Lendecke [Thu, 11 Jan 2018 10:55:39 +0000 (11:55 +0100)]
torture: Add test for channel sequence number handling
We run into an assert when the csn wraps
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Jan 14 14:47:15 CET 2018 on sn-devel-144
Volker Lendecke [Thu, 11 Jan 2018 10:25:49 +0000 (11:25 +0100)]
smbXcli: Add "force_channel_sequence"
This enables use of the channel sequence number even for
non-multi-channel servers. This makes our client invalid, but we need to
protect against broken clients with tests.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Thu, 11 Jan 2018 14:34:45 +0000 (15:34 +0100)]
smbd: Fix channel sequence number checks for long-running requests
When the client's supplied csn overflows and hits a pending, long-running
request's csn, we panic. Fix this by counting the overflows in
smbXsrv_open_global0->channel_generation
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13215
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 10 Jan 2018 13:59:08 +0000 (14:59 +0100)]
smbd: Remove a "!" from an if-condition for easier readability
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 10 Jan 2018 14:51:56 +0000 (15:51 +0100)]
torture4: Fix typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 10 Jan 2018 13:29:01 +0000 (14:29 +0100)]
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Sun, 14 Jan 2018 08:58:13 +0000 (09:58 +0100)]
winbindd: set routing_domain when enumerating trusts
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Garming Sam [Tue, 9 Jan 2018 03:28:36 +0000 (16:28 +1300)]
docs: Remove reference to environment variables for now
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Jan 14 03:08:01 CET 2018 on sn-devel-144
David Mulder [Tue, 21 Nov 2017 10:44:12 +0000 (03:44 -0700)]
gpo: Add the winbind call to gpupdate
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Wed, 6 Dec 2017 19:51:22 +0000 (12:51 -0700)]
Revert "gpo: Create the gpo update service"
This reverts commit
5662e49b49f6557c80f216f510f224bbf800f40a.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Mon, 8 Jan 2018 16:19:13 +0000 (09:19 -0700)]
gpo: Continue parsing GPOs even if one fails
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Mon, 8 Jan 2018 16:16:11 +0000 (09:16 -0700)]
gpo: Fix crashes in gpo unapply
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrej Gessel [Mon, 13 Nov 2017 10:07:43 +0000 (11:07 +0100)]
samba_kcc: do not commit new nTDSConnection, if we are rodc
Traceback (most recent call last):
/usr/local/samba/sbin/samba_kcc: File "/usr/local/samba/sbin/samba_kcc", line 337, in <module>
/usr/local/samba/sbin/samba_kcc: attempt_live_connections=opts.attempt_live_connections)
/usr/local/samba/sbin/samba_kcc: File "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/__init__.py", line 2644, in run
/usr/local/samba/sbin/samba_kcc: all_connected = self.intersite(ping)
/usr/local/samba/sbin/samba_kcc: File "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/__init__.py", line 1883, in intersite
/usr/local/samba/sbin/samba_kcc: all_connected = self.create_intersite_connections()
/usr/local/samba/sbin/samba_kcc: File "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/__init__.py", line 1817, in create_intersite_connections
/usr/local/samba/sbin/samba_kcc: part, True)
/usr/local/samba/sbin/samba_kcc: File "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/__init__.py", line 1769, in create_connections
/usr/local/samba/sbin/samba_kcc: partial_ok, detect_failed)
/usr/local/samba/sbin/samba_kcc: File "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/__init__.py", line 1594, in create_connection
/usr/local/samba/sbin/samba_kcc: lbh.commit_connections(self.samdb)
/usr/local/samba/sbin/samba_kcc: File "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/kcc_utils.py", line 827, in commit_connections
/usr/local/samba/sbin/samba_kcc: connect.commit_added(samdb, ro)
/usr/local/samba/sbin/samba_kcc: File "/usr/local/samba/lib/python2.7/site-packages/samba/kcc/kcc_utils.py", line 1123, in commit_added
/usr/local/samba/sbin/samba_kcc: (self.dnstr, estr))
/usr/local/samba/sbin/samba_kcc: samba.kcc.kcc_utils.KCCError: Could not add nTDSConnection for (CN=
862f0429-c72c-4a81-ae9a-
96820bb2f96d,CN=NTDS Settings,
CN=BUILDHOST,CN=Servers,CN=Testsite,CN=Sites,CN=Configuration,DC=samdom,DC=com) - (Invalid LDB reply type 1)
../source4/dsdb/kcc/kcc_periodic.c:693: Failed samba_kcc - NT_STATUS_ACCESS_DENIED
Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Sat Jan 13 22:01:49 CET 2018 on sn-devel-144
Douglas Bagnall [Fri, 15 Dec 2017 02:58:46 +0000 (15:58 +1300)]
samba_kcc: simplify NCReplica.set_instantiated_flags()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 Dec 2017 04:50:56 +0000 (17:50 +1300)]
samba_kcc: simplify NCReplica constructor
There is nothing to be gained from setting the dn and guid separately
except subtle bugs.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 Dec 2017 04:35:29 +0000 (17:35 +1300)]
samba_kcc: clarify readonly logging, removing now unused function
The unused function was somewhat misnamed.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 Dec 2017 03:04:19 +0000 (16:04 +1300)]
samba_kcc: remove unused functions
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 29 Nov 2017 20:24:05 +0000 (09:24 +1300)]
samba_kcc: fix dot_file_dir documentation
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 16 Nov 2017 03:47:32 +0000 (16:47 +1300)]
samba_kcc: remove an unused function
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 9 Aug 2017 23:57:24 +0000 (11:57 +1200)]
samba-tool visualize for understanding AD DC behaviour
To work out what is happening in a replication graph, it is sometimes
helpful to use visualisations. We introduce a samba-tool subcommand to
write Graphviz dot output and generate text-based heatmaps of the
distance in hops between DCs.
There are two subcommands, two graphical modes, and (roughly) two modes of
operation with respect to the location of authority.
`samba-tool visualize ntdsconn` looks at NTDS Connections.
`samba-tool visualize reps` looks at repsTo and repsFrom objects.
In '--distance' mode (default), the distances between DCs are shown in
a matrix in the terminal. With '--color=yes', this is depicted as a
heatmap. With '--utf8' it is a lttle prettier.
In '--dot' mode, Graphviz dot output is generated. When viewed using
dot or xdot, this shows the network as a graph with DCs as vertices
and connections edges. Certain types of degenerate edges are shown in
different colours or line-styles.
Normally samba-tool talks to one database; with the '-r' (a.k.a.
'--talk-to-remote') option attempts are made to contact all the DCs
known to the first database. This is necessary to get sensible results
from `samba-tool visualize reps` because the repsFrom/To objects are
not replicated, and it can reveal replication issues in other modes.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 10 Aug 2017 03:29:43 +0000 (15:29 +1200)]
samba_kcc: use new graph module for writing dot files
We avoid changing the (annoying) signature of write_dot_file().
Using samba_kcc to write dot files may be deprecated.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 10 Jan 2018 02:25:22 +0000 (15:25 +1300)]
python/graph: module for generating ASCII and graphviz visualisations
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 11 Jan 2018 08:56:40 +0000 (21:56 +1300)]
samba_kcc: respect kcc.read_only flag on RODC
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Jan 2018 20:20:09 +0000 (09:20 +1300)]
samba_kcc: kcc.debug module defers to samba.colour
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 7 Jan 2018 10:17:38 +0000 (23:17 +1300)]
python: module containing ANSI colour sequences
This is going to be used by `samba-tool visualize` and samba_kcc.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 5 Jan 2018 03:45:37 +0000 (16:45 +1300)]
python tests: assert string equality, with diff
In the success case this works just like self.assertEqual(),
but when things fail you get a better representation of where it went
wrong (a unified diff).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 11 Jan 2018 18:32:59 +0000 (07:32 +1300)]
samba_kcc: documentation fix
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 12 Jan 2018 13:52:45 +0000 (14:52 +0100)]
s4:torture/samba_tool_drs: demote the test dc at the end of test_samba_tool_replicate_local()
Otherwise this taints other tests which might follow.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 11 Jan 2018 11:46:24 +0000 (12:46 +0100)]
WHATSNEW: document some more new options
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Sat Jan 13 17:12:38 CET 2018 on sn-devel-144
Stefan Metzmacher [Wed, 29 Nov 2017 15:02:28 +0000 (16:02 +0100)]
winbindd: add "winbind scan trusted domains = no" to avoid trust enumeration
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Wed, 13 Dec 2017 07:53:16 +0000 (08:53 +0100)]
winbindd: add more trust types to get_trust_type_string
Add support for the following trust types: "Local", "Workstation",
"RWDC", "RODC"´and "Routed (via ...)".
Where we previously returned "None" this now returns "Routed (via ...)",
otherwise (hopefully) no change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Wed, 13 Dec 2017 15:01:50 +0000 (16:01 +0100)]
libwbclient: add more trust types
Prepare libwbclient for additional trust types and trust routing.
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Wed, 13 Dec 2017 15:02:22 +0000 (16:02 +0100)]
wbinfo: support for local, workstation and routed trust types
Prepare wbinfo for additional trust types and trust routing.
This also modifies the output line for a "None" trust type by skipping
the transitivity and direction -- that just doesn't make sense without a
trust.
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Tue, 19 Dec 2017 16:26:46 +0000 (17:26 +0100)]
libwbclient: add trust routing and more trust-types
This adds the struct member and the defines, the implementation comes
later.
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Tue, 28 Nov 2017 16:46:03 +0000 (17:46 +0100)]
winbindd: fix trust_is_oubound()
A trust is only inbound if NETR_TRUST_FLAG_OUTBOUND is set. Trust flags = 0x0
does not imply an outbound trust, nor does NETR_TRUST_FLAG_IN_FOREST.
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Tue, 28 Nov 2017 16:44:41 +0000 (17:44 +0100)]
winbindd: fix trust_is_inbound()
A trust is only inbound if NETR_TRUST_FLAG_INBOUND is set. Trust flags = 0x0
does not imply an inbound trust, nor does NETR_TRUST_FLAG_IN_FOREST.
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Tue, 28 Nov 2017 16:32:59 +0000 (17:32 +0100)]
winbindd: transitive trust logic in trust_is_transitive()
trust_is_transitive() currently defaults to transitive=true, unless
LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE, LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN or
LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL trust attribute is set.
This is not correct, for the trust to be transative,
LSA_TRUST_ATTRIBUTE_WITHIN_FOREST or LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE must
be set.
Logic taken from dsdb_trust_routing_by_name().
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Wed, 29 Nov 2017 09:55:25 +0000 (10:55 +0100)]
winbindd: use add_trusted_domain_from_auth
After a successfully authentication, ensure we have the users domain in our
domain list and the TDC.
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Wed, 29 Nov 2017 09:10:38 +0000 (10:10 +0100)]
winbindd: add add_trusted_domain_from_auth
Function to add a new trusted domain to the domain list and TDC after an
successfull authentication. On Member servers only, not on DCs though.
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Wed, 13 Dec 2017 16:11:25 +0000 (17:11 +0100)]
winbindd: add set_routing_domain()
Ralph Boehme [Wed, 13 Dec 2017 16:08:10 +0000 (17:08 +0100)]
winbindd: add find_default_route_domain()
On a member server this is just our primary domain. The logic for DCs is
not yet implemented, on a DC of a child-domain in a forrest this would
be the parent domain.
Signed-off-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 29 Nov 2017 15:02:28 +0000 (16:02 +0100)]
winbindd: avoid automatic enumerating trusts on DCs
We have a static list of trust based on our configuration.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 29 Nov 2017 14:55:12 +0000 (15:55 +0100)]
winbindd: load the trusted domains on a DC already in init_domain_list()
We should do that in the parent as early as possible.
Similar to our primary domain, which is also a direct trust.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Tue, 19 Dec 2017 22:44:00 +0000 (23:44 +0100)]
pdb_samba_dsdb: set PDB_CAP_TRUSTED_DOMAINS_EX
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Mon, 11 Dec 2017 06:57:27 +0000 (07:57 +0100)]
pdb_samba_dsdb: implement pdb_samba_dsdb_del_trusted_domain
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Sun, 10 Dec 2017 19:03:37 +0000 (20:03 +0100)]
pdb_samba_dsdb: implement pdb_samba_dsdb_set_trusted_domain
Signed-off-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 1 Dec 2017 07:41:29 +0000 (08:41 +0100)]
pdb_samba_dsdb: implement PDB_CAP_TRUSTED_DOMAINS_EX related functions
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 1 Dec 2017 06:59:59 +0000 (07:59 +0100)]
pdb_samba_dsdb: implement pdb_samba_dsdb_enum_trusteddoms()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 1 Dec 2017 07:33:51 +0000 (08:33 +0100)]
s4:dsdb: add dsdb_trust_search_tdo_by_sid() helper function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Mon, 11 Dec 2017 06:56:40 +0000 (07:56 +0100)]
s3/torture/pdbtest: delete trusted domain at test end
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Mon, 11 Dec 2017 06:56:02 +0000 (07:56 +0100)]
s3/torture/pdbtest: creating a trusted domain requires a valid SID
Signed-off-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 30 Nov 2017 12:04:56 +0000 (13:04 +0100)]
winbindd: use find_trust_from_name_noinit when we require a direct trust
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>