Stefan Metzmacher [Mon, 20 Nov 2017 10:49:53 +0000 (11:49 +0100)]
SQ repl_meta_data: Allow delete of an object with dangling backlinks
Andrew Bartlett [Tue, 31 Oct 2017 19:22:22 +0000 (08:22 +1300)]
repl_meta_data: Allow delete of an object with dangling backlinks
This should not happen, but stopping all replication because of it is a pain.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrej Gessel [Thu, 19 Oct 2017 15:16:37 +0000 (17:16 +0200)]
sq TODO: RECYCLED??? BUG? repl_meta_data: Fix removing of backlink on deleted objects
Andrej Gessel [Thu, 19 Oct 2017 15:16:37 +0000 (17:16 +0200)]
TODO: RECYCLED??? BUG? repl_meta_data: Fix removing of backlink on deleted objects
USER is memberOf GROUP and they both was deleted on W2K8R2 AD. Domain join ends
with error below.
Failed to apply records: ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:421
8: Failed to remove backlink of memberOf when deleting CN=USER\0ADEL:
a1f2a2cc-1
179-4734-b753-
c121ed02a34c,CN=Deleted Objects,DC=samdom,DC=intern: dsdb_module_
search_dn: did not find base dn CN=GROUP\0ADEL:
030d0be1-3ada-4b93-8371-
927f2092
3116,CN=Deleted Objects,DC=samdom,DC=intern (0 results): Operations error
Failed to commit objects: WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
TODO: SIGN OFF
Andrew Bartlett [Tue, 31 Oct 2017 20:02:01 +0000 (09:02 +1300)]
selftest: Add more corruption cases for runtime and dbcheck
These tests now confirm we can handle these issues at runtime
as well as at dbcheck
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 26 Oct 2017 12:42:23 +0000 (14:42 +0200)]
selftest: add dbcheck tests for the duplicate links
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 27 Oct 2017 08:21:26 +0000 (10:21 +0200)]
dbcheck: detect and fix duplicate links
Check with git show -w
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 27 Oct 2017 08:21:26 +0000 (10:21 +0200)]
dbcheck: only calculate linked attribute helper variables once in check_dn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 26 Oct 2017 14:30:28 +0000 (16:30 +0200)]
dbcheck: remove indentation level
Check with git show -w
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 26 Oct 2017 05:47:48 +0000 (07:47 +0200)]
dsdb:extended_dn_store: implement DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS control
This will be used by dbcheck to fix duplicate link values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 25 Oct 2017 14:48:44 +0000 (16:48 +0200)]
dsdb:repl_meta_data: implement DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS control
This will be used by dbcheck to fix duplicate link values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 25 Oct 2017 14:47:36 +0000 (16:47 +0200)]
s4:dsdb: allocate DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS oid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 25 Oct 2017 14:26:16 +0000 (16:26 +0200)]
s4:schema_samba4: mark DSDB_CONTROL_INVALID_NOT_IMPLEMENTED 1.3.6.1.4.1.7165.4.3.32 as allocated
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 30 Oct 2017 22:20:34 +0000 (11:20 +1300)]
selftest: Additional check for a backlink pointing at a deleted object
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 30 Oct 2017 19:23:39 +0000 (08:23 +1300)]
selftest: Split out creation of complex (often invalid) links
This will allow us to test other run-time behaviour with broken
databases.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 30 Oct 2017 19:21:15 +0000 (08:21 +1300)]
selftest: Split out dbcheck runs from dangling_multi_valued test
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 30 Oct 2017 02:29:36 +0000 (15:29 +1300)]
selftest: add more dbcheck tests
This validates some more combinations and ensures that the changes
in
962a1b32201fce0a49c6be55943d4fbb57ed781e are tested.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 29 Oct 2017 21:51:35 +0000 (10:51 +1300)]
dbcheck: Use the GUID as the DN to fix replPropertyMetaData
This allows this to still work after an object is renamed under the deleted objects container.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 29 Oct 2017 20:48:43 +0000 (09:48 +1300)]
dbcheck: Clarify error count bumping in deleted/gone DN handling
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Uri Simchoni [Mon, 20 Nov 2017 20:53:12 +0000 (20:53 +0000)]
build: ensure compiler flags are properly detected
While checking for compiler flag availability, treat warnings
as errors. Thus if the compiler only warns about unsupported flag,
it will fail the test and the flag shall be marked as unsupported.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 22 14:19:20 CET 2017 on sn-devel-144
Uri Simchoni [Tue, 21 Nov 2017 18:55:16 +0000 (20:55 +0200)]
build: specify -Wformat as a prerequisite of -Wformat-security
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Tue, 21 Nov 2017 18:53:30 +0000 (20:53 +0200)]
build: allow specifying prerequisite flags when checking flags
In gcc, "-Wformat-security" is ignored unless "-Wformat" is also
specified. This patch allow adding a "prerequisite flag" to a flag
we're testing during configuration.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 13:04:58 +0000 (13:04 +0000)]
pam_wrapper: #ifdef-out unused functions
When pam_vsyslog is not available, avoid building functions
that are being used to wrap it, in order to avoid picky
compiler warnings.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Mon, 20 Nov 2017 08:17:16 +0000 (10:17 +0200)]
build: disable format-zero-length warning
format-zero-length warns against printf-style calls with
zero-length format string. vfs_full_audit module has such
calls, and up until now there was no warning against it because
the do_log in vfs_full_audit is not recognized as printf-style
function. In a following commit the do_log will be converted to
a printf-style function, hence the need to disable this warning.
(an alternative would be to disable only for vfs_full_audit, but that
would complicate things needlessly).
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 18:38:28 +0000 (18:38 +0000)]
s3-torture: fix an always-true comparison
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 18:37:49 +0000 (18:37 +0000)]
s3-torture: fix some truncation warnings
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 18:34:58 +0000 (18:34 +0000)]
smbspool_krb5_wrapper: fix some error messages
Make cups_smb_debug declaration printf-aware to
avoid picky warning about printf with variable
format string. This in turn revealed some formatting
errors.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 17:57:29 +0000 (17:57 +0000)]
s3-rpc-server: fix type of enum in lsa server
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 16:51:30 +0000 (16:51 +0000)]
s2-rpc-server: fix enum type in assignment
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 17:56:50 +0000 (17:56 +0000)]
s4-lib-policy: fix type of enum
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 17:55:14 +0000 (17:55 +0000)]
s4-torture: get rid of extra parentheses
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 17:13:26 +0000 (17:13 +0000)]
s4-torture: fix file time checks
NTTIME is an unsigned quantity. When comparing two
of them, first calculate a signed difference, then
take absolute value.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 16:49:46 +0000 (16:49 +0000)]
dns server: fix warning about enum mismatch
Fix picky developer clang warning about assignment
of an enum value to a variable of a different enum type.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 13:02:56 +0000 (13:02 +0000)]
ldb-samba: use ldap enum instead of ldb enum
This silences a picky compiler warning.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 11:34:01 +0000 (11:34 +0000)]
librpc-build: ignore unused functions in generated code
Some pidl-generated code includes static functions that are
to be optimized-away by the compiler if not used. When
running picky developer with clang that breaks the build. This
change ignores this warning for the pidl-generated python binding
files.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 11:33:03 +0000 (11:33 +0000)]
build: detect availability of -Wno-unused-function
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 11:32:16 +0000 (11:32 +0000)]
build: allow adding cflags to end of python module build command
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 11:30:56 +0000 (11:30 +0000)]
build: allow passing custom cflags to end of library build
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 07:19:03 +0000 (07:19 +0000)]
ldb: silence some clang warnings in picky developer mode
Avoid const in casting since it doesn't increase code
safety in this case and causes clang to generate const-qual
warning. Also initialize a pointer to NULL to silence clang
uninitialized variable warning.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 07:02:12 +0000 (07:02 +0000)]
lib/crypto: remove unused code
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 05:20:57 +0000 (05:20 +0000)]
torture: remove spurious semicolon
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 05:18:03 +0000 (05:18 +0000)]
nfs4acl: fix picky build in case rpc/xdr.h is not available
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Tue, 21 Nov 2017 19:41:47 +0000 (20:41 +0100)]
libgpo: Fix CID
1422263 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 22 02:03:17 CET 2017 on sn-devel-144
Volker Lendecke [Tue, 21 Nov 2017 19:30:08 +0000 (20:30 +0100)]
libgpo: Fix CID
1422262 Explicit null dereferenced
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Wed, 20 Sep 2017 18:04:50 +0000 (11:04 -0700)]
s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown.
Ensure we zero out unused grown area.
CVE-2017-15275
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13077
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Nov 21 19:42:22 CET 2017 on sn-devel-144
Jeremy Allison [Tue, 19 Sep 2017 23:11:33 +0000 (16:11 -0700)]
s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746
When setting up the chain, always use 'next->' variables
not the 'req->' one.
Bug discovered by 连一汉 <lianyihan@360.cn>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13041
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 20 Nov 2017 16:18:44 +0000 (17:18 +0100)]
docs: Fix the "aio r/w size" smb.conf entries
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Nov 21 15:45:20 CET 2017 on sn-devel-144
Amitay Isaacs [Fri, 17 Nov 2017 01:38:47 +0000 (12:38 +1100)]
ctdb-common: Add async version of shutdown in sock_daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Nov 21 08:58:45 CET 2017 on sn-devel-144
Amitay Isaacs [Fri, 17 Nov 2017 01:38:18 +0000 (12:38 +1100)]
ctdb-common: Add async version of reconfigure in sock_daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 17 Nov 2017 01:36:29 +0000 (12:36 +1100)]
ctdb-common: Add async version of startup in sock_daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 17 Nov 2017 02:11:12 +0000 (13:11 +1100)]
ctdb-tests: Create sock_daemon_funcs per test
This avoids defining sock_daemon functions that are not needed in the test.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 17 Nov 2017 01:31:16 +0000 (12:31 +1100)]
ctdb-common: Handle errors on unexpected socket close in sock_daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 10 Nov 2017 01:15:45 +0000 (12:15 +1100)]
ctdb-common: Start listening to sockets only on successful startup
Fix tests to use wait_send() instead of startup() as a synchronization
point to ensure that the socket is listening.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 16 Nov 2017 23:52:57 +0000 (10:52 +1100)]
ctdb-common: Start wait computation only after successful startup
This orders the startup events in sock_daemon code.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 10 Nov 2017 01:10:05 +0000 (12:10 +1100)]
ctdb-common: Return status from sock_daemon startup()/reconfigure()
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 20 Nov 2017 00:52:55 +0000 (11:52 +1100)]
ctdb-common: Do not use sock->req outside sock_socket functions
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 10 Nov 2017 01:18:01 +0000 (12:18 +1100)]
ctdb-common: Call missing tevent_wakeup_recv() in sock_daemon
https://bugzilla.samba.org/show_bug.cgi?id=13153
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 19 Oct 2017 03:58:18 +0000 (14:58 +1100)]
ctdb-daemon: Allocate deferred calls off calling context
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13152
This makes sure that if a client disconnects, all the deferred calls
from the client are correctly freed.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Jeremy Allison [Tue, 21 Nov 2017 00:09:39 +0000 (00:09 +0000)]
s3: utils: net. Fix return paths that don't free talloc stackframe.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13151
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Garming Sam [Sun, 19 Nov 2017 21:28:33 +0000 (10:28 +1300)]
Fix formating of sources to be less than 80 lines
Signed-off-by: David Mulder <dmulder@suse.com>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Nov 21 01:51:59 CET 2017 on sn-devel-144
Andrew Bartlett [Tue, 24 Oct 2017 03:48:13 +0000 (16:48 +1300)]
python: Convert gop.GROUP_POLICY_OBJECT to pytalloc
This avoids PyCapsule calls not available in Python 2.6
We remove the __init__ function as it is useless, the
object is created by py_ads_get_gpo_list() which now
returns a python list rather than an iterator.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 24 Oct 2017 04:24:38 +0000 (17:24 +1300)]
python: Remove talloc_stackframe() held in an object
talloc_stackframe() must not be held after the return from a function.
If this causes warnings (talloc_tos() use without a stackframe), this
must be fixed in each function.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
David Mulder [Tue, 7 Nov 2017 17:41:05 +0000 (10:41 -0700)]
libgpo: Setup the stack frame in ads_connect
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 26 Oct 2017 03:06:27 +0000 (16:06 +1300)]
Use talloc_stackframe() not talloc_tos() in namequery.c
The pygpo code calls these functions but there was not stackframe set up so
tallos_tos() fails.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 24 Oct 2017 03:46:19 +0000 (16:46 +1300)]
python: Remove Python 2.4 compat macro
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 24 Oct 2017 03:40:02 +0000 (16:40 +1300)]
python: Use py_check_dcerpc_type() to safely check for credentials
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 24 Oct 2017 03:09:17 +0000 (16:09 +1300)]
gpoupdate: Move closer to 80 columns
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 24 Oct 2017 02:59:37 +0000 (15:59 +1300)]
python: This function converts days to a relative (ie negative) NTTIME
It is not nttime2unix as it claimed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 24 Oct 2017 02:58:45 +0000 (15:58 +1300)]
pygpo: Check for errors in gpo.gpo_get_sysvol_gpt_version()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
David Mulder [Mon, 10 Jul 2017 19:57:21 +0000 (13:57 -0600)]
doc: Add samba_gpoupdate man page, update WHATSNEW
Signed-off-by: David Mulder <dmulder@suse.com>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
David Mulder [Wed, 9 Aug 2017 17:30:00 +0000 (11:30 -0600)]
gpo: Apply kerberos settings
Add kdc kerberos settings to gpo.tdb, then retrieve those settings in
lpcfg_default_kdc_policy.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Mon, 12 Jun 2017 22:00:38 +0000 (16:00 -0600)]
gpo: Always enforce policy, even if unchanged
Policies should always be enforced, even if the gpo hasn't changed.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Thu, 8 Jun 2017 17:47:57 +0000 (11:47 -0600)]
gpo: Add GPO unapply
Keep a log of applied settings, and add an option to samba_gpoupdate to allow unapply. An unapply will revert settings to a state prior to any policy application.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Fri, 3 Mar 2017 19:54:30 +0000 (12:54 -0700)]
gpo: Add gpo tests
Lays down a sysvol gpttmpl.inf with password policies, then runs the samba_gpoupdate command. Verifies policies are applied to the samdb.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Fri, 10 Feb 2017 17:33:29 +0000 (10:33 -0700)]
gpo: Install the samba_gpoupdate script
The samba_gpoupdate script was not being installed by waf.
Added samba_gpoupdate to the wscripts so it gets installed as part of a make install.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Thu, 25 May 2017 13:27:27 +0000 (07:27 -0600)]
gpoupdate: Rewrite samba_gpoupdate
Use new python bindings and remove obsoleted code
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Fri, 24 Feb 2017 21:19:48 +0000 (14:19 -0700)]
gpo: Make the gpclass more easily extensible
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Wed, 10 May 2017 19:30:17 +0000 (13:30 -0600)]
libgpo: Add libgpo python bindings
Create libgpo python bindings for GROUP_POLICY_OBJECT, ADS_STRUCT, gpo_get_unix_path, ads_connect, and ads_get_gpo_list.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 5 Feb 2014 04:18:23 +0000 (17:18 +1300)]
gpo: fix the building of gpext to only once
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Luke Morrison [Fri, 7 Feb 2014 02:57:14 +0000 (15:57 +1300)]
gpo: enable gpo update with addition to build system
Split from "Initial commit for GPO work done by Luke Morrison" by Garming Sam
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Luke Morrison <luke@hubtrek.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 24 Oct 2017 03:06:05 +0000 (16:06 +1300)]
gpoupdate: Remove developer path from the comment
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 24 Oct 2017 03:04:25 +0000 (16:04 +1300)]
gpoupdate: Correct comment about hard-coded 5 second runing of the script
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 24 Oct 2017 03:02:35 +0000 (16:02 +1300)]
gpoupdate: Do not DEBUG(0) every scan interval
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Wed, 9 Aug 2017 02:17:09 +0000 (14:17 +1200)]
gpo: Create the gpo update service
Split from "Initial commit for GPO work done by Luke Morrison" by David Mulder
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Luke Morrison <luke@hubtrek.com>
Signed-off-by: David Mulder <dmulder@suse.com>
Then adapted to current master
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Sat, 11 Feb 2017 14:53:07 +0000 (07:53 -0700)]
gpo: Make the gpoupdate script much more reliable
Using a static file blanks the file when samba_gpoupdate crashes. Transformed
to a tdb file and added transactions. Add info logging to monitor gpo changes,
etc. Also handle parse errors and log an error message, then recover. Modified
the parsing code to use ConfigParser. Also, use the backslash in path names
when opening smb files, otherwise it fails against a windows server.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Luke Morrison [Fri, 31 Jan 2014 00:27:05 +0000 (13:27 +1300)]
gpo: Initial commit for GPO work
Enclosed is my Summer of Code 2013 patch to have vital password GPO always applied to the Samba4 Domain Controller using a GPO update service.
To try it out "make -j" your samba with the patch, apply a security password GPO and see the difference in ~20 seconds. It also takes GPO hierarchy into account.
Split from "Initial commit for GPO work done by Luke Morrison" by David Mulder
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Luke Morrison <luke@hubtrek.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Luke Morrison [Fri, 31 Jan 2014 00:27:05 +0000 (13:27 +1300)]
gpo: Add python libgpo bindings
Split from "Initial commit for GPO work done by Luke Morrison" by David Mulder
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Luke Morrison <luke@hubtrek.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Fri, 31 Jan 2014 00:15:41 +0000 (13:15 +1300)]
Revert "libgpo: remove unused libgpo wscript_build."
This reverts commit
feffac806800c1740521133e88a7ac777ce8f368.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Wed, 8 Mar 2017 15:33:56 +0000 (08:33 -0700)]
gpo: move mkdir_p to lib/util
Move the mkdir_p function to lib/util so it can be used elsewhere
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 24 Oct 2017 02:46:02 +0000 (15:46 +1300)]
waf: Move script list to one-per-line
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Fri, 3 Nov 2017 00:35:41 +0000 (13:35 +1300)]
source3: remove sock_exec
Remove the sock_exec code which is no longer needed and additionally has been
used by exploit code.
This was originally test support code, the tests relying on the sock_exec
code have been removed.
Past exploits have used sock_exec as a proxy for system() matching a talloc
destructor prototype.
See for example:
Exploit for Samba vulnerabilty (CVE-2015-0240) at
https://gist.github.com/worawit/
051e881fc94fe4a49295
and the Red Hat post at
https://access.redhat.com/blogs/766093/posts/
1976553
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 20 07:20:13 CET 2017 on sn-devel-144
Ralph Boehme [Sat, 18 Nov 2017 14:14:15 +0000 (15:14 +0100)]
winbindd: tdb_exists returns 1 if a record is found
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Nov 19 15:14:13 CET 2017 on sn-devel-144
Volker Lendecke [Fri, 17 Nov 2017 10:47:37 +0000 (11:47 +0100)]
winbind: Remove winbind_messaging_context
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 18 04:07:24 CET 2017 on sn-devel-144
Volker Lendecke [Fri, 17 Nov 2017 10:42:34 +0000 (11:42 +0100)]
winbind: winbind_messaging_context -> server_messaging_context
Don't use winbind_messaging_context anymore.
This fixes a bug analysed by Peter Somogyi <PSOMOGYI@hu.ibm.com>: If a
parent winbind forks, it only called reinit_after_fork on
winbind_messaging_context. On the other hand, deep in dbwrap_open we use
server_messaging_context(). This is not reinitialized by
winbind_reinit_after fork, so the parent and child share a ctdb
connection. This is invalid, because replies from ctdb end up in the
wrong process.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 17 Nov 2017 10:37:30 +0000 (11:37 +0100)]
winbind: Remove winbind_event_context
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 17 Nov 2017 10:35:19 +0000 (11:35 +0100)]
winbind: Replace winbind_event_context with server_event_context
There's no point in having two global event contexts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 16 Nov 2017 21:09:20 +0000 (21:09 +0000)]
libnet_join: fix "net rpc oldjoin"
We need to open the ncacn_np (smb) transport connection with
anonymous credentials.
In order to do netr_ServerPasswordSet*() we need to
establish a 2nd netlogon connection using dcerpc schannel
authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13149
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 17 Nov 2017 14:51:36 +0000 (15:51 +0100)]
s3:selftest: add samba3.blackbox.net_rpc_oldjoin test
This demonstrates that "net rpc oldjoin" is currently broken.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13149
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 15 Jul 2017 09:54:14 +0000 (11:54 +0200)]
nsswitch: Slightly simplify winbindd_request_response
We don't need a separate variable, C passes a copy on the stack
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 15 Jul 2017 08:56:47 +0000 (10:56 +0200)]
ntlm_auth: Use libwbclient in get_winbind_netbios_name()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
git.samba.org / metze / samba / wip.git / log