Stefan Metzmacher [Wed, 21 Mar 2018 07:24:06 +0000 (08:24 +0100)]
talloc: version 2.1.12
* Fix documentation typo
* Fix compilation with -Wstrict-overflow=2
* Use a library destructor instead of atexit() if available
(bug #7587)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 21 18:39:33 CET 2018 on sn-devel-144
Stefan Metzmacher [Tue, 20 Mar 2018 15:48:33 +0000 (16:48 +0100)]
talloc: use a library destructor instead of atexit() if available
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7587
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Wed, 21 Mar 2018 10:55:45 +0000 (11:55 +0100)]
talloc: Fix size type and checks in _vasprintf_tc
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 19 Mar 2018 22:46:41 +0000 (15:46 -0700)]
s3: smbd: Fruit. Make the use of dom_sid_compare_domain() much clearer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Baumbach [Tue, 20 Mar 2018 11:15:22 +0000 (12:15 +0100)]
samba-tool visualize: fix python2.6 incompatibility
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13337
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Mar 21 09:25:51 CET 2018 on sn-devel-144
Douglas Bagnall [Fri, 9 Mar 2018 03:13:01 +0000 (16:13 +1300)]
samba-tool ldapcmp: remove duplicate takes_optiongroups attribute
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 12 Mar 2018 01:45:48 +0000 (14:45 +1300)]
samba_dnsupdate: Introduce automatic site coverage
This uses the underlying function in kcc_utils.py which already has
tests.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Garming Sam [Mon, 19 Mar 2018 03:50:36 +0000 (16:50 +1300)]
tests/samba_dnsupdate: Add a trivial test of automatic site coverage
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Garming Sam [Wed, 14 Mar 2018 03:53:13 +0000 (16:53 +1300)]
tests/kcc_util: Add unit tests for automatic site coverage
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Garming Sam [Wed, 14 Mar 2018 03:52:58 +0000 (16:52 +1300)]
kcc_utils: Use lower name in automatic sites covered
This allows easier testing, as well as some consistency in the DNS
record creation.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Garming Sam [Tue, 13 Mar 2018 01:41:23 +0000 (14:41 +1300)]
kcc_utils: Prevent multiple sites attached to a sitelink covering a site
This avoids trivial duplicates in a similar manner as mentioned in:
https://blogs.technet.microsoft.com/askds/2011/04/29/sites-sites-everywhere/
It prefers the largest sites then the earliest alphabetically, so that
only a single site ever covers an uncovered site (within a site link).
Note that this isn't applicable over multiple site links (like Windows
presumably) and is only a simple mechanism to avoid excessive
registering. DCs within the site will also still register for each.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Garming Sam [Tue, 13 Mar 2018 01:11:14 +0000 (14:11 +1300)]
kcc_utils: Keep a count of the DCs in each site
This is useful for ranking which sites are preferable within the same
site link.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Garming Sam [Tue, 13 Mar 2018 00:04:12 +0000 (13:04 +1300)]
kcc_utils: Add a routine for automatic site coverage
This allows double-coverage if two links exist with the same cost.
Administrators should only connect an DC-less site via a single site
link.
This also allows unnecessary coverage by all sites in the adjoining site
link (to be resolved in the later patches).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Garming Sam [Mon, 12 Mar 2018 01:44:58 +0000 (14:44 +1300)]
join.py: Add missing NTSTATUSError import
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andreas Schneider [Thu, 7 Dec 2017 18:46:21 +0000 (19:46 +0100)]
s3:registry: Fix size types and length calculations
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 21 04:25:39 CET 2018 on sn-devel-144
Andreas Schneider [Thu, 7 Dec 2017 17:44:59 +0000 (18:44 +0100)]
s3:vfs_preopen: Change to a do-while loop and fix the check
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 17:24:18 +0000 (18:24 +0100)]
s3:locking: Fix integer overflow check in posix_lock_in_range()
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 14:24:59 +0000 (15:24 +0100)]
s3:nmbd: Fix possible integer overflow
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:32:36 +0000 (17:32 +0100)]
s4:dsdb: Fix integer operations
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 14:54:13 +0000 (15:54 +0100)]
lib:socket: Return early if we have only one interface
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 8 Dec 2017 09:03:00 +0000 (10:03 +0100)]
ldb: Fix size types in ldb_ldif functions
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 18:21:38 +0000 (19:21 +0100)]
s3:rpcclient: Fix size types
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 17:50:20 +0000 (18:50 +0100)]
s3:rpc_server: Fix size types in spoolss
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 17:48:45 +0000 (18:48 +0100)]
s3:passdb: Fix size types
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 19:07:08 +0000 (20:07 +0100)]
s3:modules: Fix size type in getdate
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 18:47:50 +0000 (19:47 +0100)]
s3:nmbd: Fix size type in nmbd_browsesync.c
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 18:47:04 +0000 (19:47 +0100)]
s3:utils: Fix size type in log2pcaphex
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 17:42:44 +0000 (18:42 +0100)]
s3:rpc_server: Fix size types in srvsvc
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 17:39:07 +0000 (18:39 +0100)]
s3:vfs_nettalk: Fix size types
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 17:27:41 +0000 (18:27 +0100)]
s3:winbindd: Fix size types in idmap_tdb_common
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:58:38 +0000 (17:58 +0100)]
s3:printing: Fix size type in printing_db
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:57:05 +0000 (17:57 +0100)]
s3:avahi: Fix size types
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 17:47:18 +0000 (18:47 +0100)]
s3:client: Fix size types
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:55:34 +0000 (17:55 +0100)]
s4:client: Fix size types
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:54:12 +0000 (17:54 +0100)]
s4:torture: Fix size types in nss tests
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:52:39 +0000 (17:52 +0100)]
s3:libsmb: Fix size types in nmblib
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:50:33 +0000 (17:50 +0100)]
s3:torture: Fix size types in spoolss test
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:49:00 +0000 (17:49 +0100)]
s4:torture: Fix size types in qfileinfo test
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:47:15 +0000 (17:47 +0100)]
s4:torture: Fix size types in qsinfo test
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:48:00 +0000 (17:48 +0100)]
s4:rpc_server: Fix size types
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:45:45 +0000 (17:45 +0100)]
s4:utils: Fix size types
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:03:37 +0000 (17:03 +0100)]
s3:param: Fix size types
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:01:39 +0000 (17:01 +0100)]
libcli:smb: Fix size types
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:43:58 +0000 (17:43 +0100)]
s4:cldap_server: Fix size types
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:43:08 +0000 (17:43 +0100)]
s4:ldap_server: Fix size types
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:42:02 +0000 (17:42 +0100)]
s4:rpc_server: Fix size types in dcerpc dnsserver
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:40:00 +0000 (17:40 +0100)]
s4:dns_server: Fix size types
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:38:21 +0000 (17:38 +0100)]
s3:libads: Fix size types in kerberos functions
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 16:35:11 +0000 (17:35 +0100)]
s4:ntvfs: Fix size type in pvfs functions
This fixes compilation with -Wstrict-overflow=2
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 7 Dec 2017 19:26:40 +0000 (20:26 +0100)]
heimdal: Fix size types
This fixes compilation with -Wstrict-overflow=2
Upstream pull request:
https://github.com/heimdal/heimdal/pull/354
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Swen Schillig [Tue, 6 Mar 2018 09:35:32 +0000 (10:35 +0100)]
s3: Fix possible mem leak
The call to full_path_tos() might allocate memory which needs to be free'd
once processign is done.
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Thu, 15 Mar 2018 16:46:39 +0000 (16:46 +0000)]
lib:replace: Fix linking when libtirpc-devel overwrites system headers
Some systems (like SUSE currently) install the new tirpc headers by
overwritting the existing system location used by gcc. This patch will
detect if the headers in the system location belong to tirpc or not.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13341
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Mar 20 16:07:05 CET 2018 on sn-devel-144
Stefan Metzmacher [Thu, 25 Jan 2018 10:23:12 +0000 (11:23 +0100)]
pdb_samba_dsdb: make use of dom_sid_is_valid_account_domain()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Mar 20 01:29:40 CET 2018 on sn-devel-144
Stefan Metzmacher [Thu, 25 Jan 2018 10:23:12 +0000 (11:23 +0100)]
s4:rpc_server/lsa: make use of dom_sid_is_valid_account_domain()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 25 Jan 2018 08:50:17 +0000 (09:50 +0100)]
libcli/security: add dom_sid_is_valid_account_domain()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 3 Feb 2011 01:23:21 +0000 (02:23 +0100)]
s3:libsmb/samlogon_cache: zero session keys before storing the info3 structure
The samlogon_cache is only used to get group memberships of the account
without asking the dc.
But for authentication we always ask the dc.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Feb 2018 17:40:58 +0000 (18:40 +0100)]
s4:kdc: make sure we expand group memberships of the local domain
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Feb 2018 17:40:58 +0000 (18:40 +0100)]
s4:kdc: pass krbtgt and server to samba_kdc_update_pac_blob()
This will be used for SID expanding and filtering.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Feb 2018 10:44:21 +0000 (11:44 +0100)]
s4:kdc: remember is_krbtgt, is_rodc and is_trust samba_kdc_entry
This can later be used for sid filtering and similar things.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 2 Feb 2018 11:37:51 +0000 (12:37 +0100)]
s4:auth_winbind: make sure we expand group memberships of the local domain
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 9 Jan 2018 08:23:26 +0000 (09:23 +0100)]
s4:auth_winbind: only call authsam_logon_success_accounting() for local users
There's no need to do a crack_name_to_nt4_name(), as the authentication
already provides the nt4 domain and account names.
This should only happen on an RODC, that we use the winbind auth module
for local users. So we should make sure we only try to reset
the badPwdCount for users of our own domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Feb 2018 22:12:36 +0000 (23:12 +0100)]
s4:auth: add authsam_update_user_info_dc() that implements SID expanding for the local domain
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 2 Feb 2018 03:08:47 +0000 (04:08 +0100)]
s4:auth: split out a authsam_domain_group_filter() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 26 Feb 2018 16:46:55 +0000 (17:46 +0100)]
s4:selftest: run samba4.blackbox.trust_token against fl2003dc and fl2008r2dc
This fails currently as we don't expand groups on the trust boundary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 26 Feb 2018 16:46:55 +0000 (17:46 +0100)]
testprogs/blackbox: add test_trust_token.sh
This demonstrates, which SID we expect in a token of
an user of a trusted domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 26 Feb 2018 16:05:49 +0000 (17:05 +0100)]
selftest/Samba4: create add ${TRUST_DOMSID}-513 to a local group
This will allow testing expanding groups on the trust boundary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 26 Feb 2018 16:04:00 +0000 (17:04 +0100)]
samba-tool: allow sid strings for 'group {add,remove}members'
This makes it possible to add foreign SIDS as group members.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 26 Feb 2018 13:56:27 +0000 (14:56 +0100)]
selftest: generate a ramdon domain sid during provision and export as SAMSID/[TRUST_]DOMSID
This will be useful for future tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 26 Feb 2018 13:19:39 +0000 (14:19 +0100)]
selftest/Samba4: use DOMAIN/REALM from the dcvars instead of using hardcoded values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 28 Feb 2018 09:48:59 +0000 (10:48 +0100)]
dsdb:repl_meta_data: improve error message in get_parsed_dns()
We may have a dn in '<SID=...>' form and ldb_dn_get_linearized()
just gives in empty string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 31 Jan 2018 17:00:24 +0000 (18:00 +0100)]
dsdb:extended_dn_store: add support for FPO (foreignSecurityPrincipal) enabled attributes
This implements the handling for FPO-enabled attributes, see
[MS-ADTS] 3.1.1.5.2.3 Special Classes and Attributes:
FPO-enabled attributes: member, msDS-MembersForAzRole,
msDS-NeverRevealGroup, msDS-NonMembers, msDS-RevealOnDemandGroup,
msDS-ServiceAccount.
Note there's no msDS-ServiceAccount in any schema (only
msDS-HostServiceAccount and that's not an FPO-enabled attribute
at least not in W2008R2)
msDS-NonMembers always generates NOT_SUPPORTED against W2008R2.
See also [MS-SAMR] 3.1.1.8.9 member.
We now create foreignSeurityPrincipal objects on the fly (as needed).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sat, 24 Feb 2018 23:10:12 +0000 (00:10 +0100)]
tests/dsdb.py: test creation of foreignSecurityPrincipal via 'attr: <SID=...>'
[MS-ADTS] 3.1.1.5.2.3 Special Classes and Attributes claims:
FPO-enabled attributes:
member, msDS-MembersForAzRole, msDS-NeverRevealGroup,
msDS-NonMembers, msDS-RevealOnDemandGroup, msDS-ServiceAccount.
'msDS-NonMembers' always generates NOT_SUPPORTED.
'msDS-ServiceAccount' is not defined in any schema
(only msDS-HostServiceAccount).
'msDS-HostServiceAccount' is not an FPO-enabled attribute
and behaves as the 'manager' attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 22 Feb 2018 21:51:46 +0000 (22:51 +0100)]
dsdb:samldb: require as_system or provision control to create foreignSecurityPrincipal objects
Windows rejects creating foreignSecurityPrincipal objects directly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 22 Feb 2018 21:51:19 +0000 (22:51 +0100)]
tests/dsdb.py: verify that foreignSecurityPrincipal objects require the provision control
Windows rejects creating foreignSecurityPrincipal objects directly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 23 Feb 2018 15:04:57 +0000 (16:04 +0100)]
provision: use the provision control when adding foreignSecurityPrincipals
The next commits will require this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sun, 25 Feb 2018 20:45:06 +0000 (21:45 +0100)]
dsdb:extended_dn_store: make sure reject storing references to deleted objects in linked attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sat, 24 Feb 2018 23:10:12 +0000 (00:10 +0100)]
tests/dsdb.py: prove the difference between linked and non-linked DN references
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 28 Feb 2018 09:31:21 +0000 (10:31 +0100)]
dsdb:extended_dn_store: split out a extended_replace_dn() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 28 Feb 2018 09:31:21 +0000 (10:31 +0100)]
dsdb:extended_dn_store: rename extended_replace_dn to extended_replace_callback
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 28 Feb 2018 07:03:24 +0000 (08:03 +0100)]
dsdb:extended_dn_store: We need to ignore self references on add operation
We have several schema related tests, which already prove
that for the defaultObjectCategory attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 26 Feb 2018 12:21:54 +0000 (13:21 +0100)]
dsdb:extended_dn_store: pass the full 'struct dsdb_attribute' to extended_store_replace()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 28 Feb 2018 09:31:21 +0000 (10:31 +0100)]
dsdb:extended_dn_store: we need to pass down our altered request down on NO_SUCH_OBJECT
It's quite likely that there're more than one attribute and we may
already altered values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 28 Feb 2018 07:04:58 +0000 (08:04 +0100)]
dsdb:extended_dn_store: ignore DRSUAPI_ATTID_distinguishedName attributes
We have several tests which already test that, we can avoid doing
searches at all in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 28 Feb 2018 07:04:38 +0000 (08:04 +0100)]
drsuapi.idl: add DN/fpo-enabled attributes as DRSUAPI_ATTID_* values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13307
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 6 Mar 2018 22:42:54 +0000 (23:42 +0100)]
s3:auth: support AUTH_SESSION_INFO_NTLM in finalize_local_nt_token()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 6 Mar 2018 22:26:28 +0000 (23:26 +0100)]
s3:auth: make use of create_builtin_guests() in finalize_local_nt_token()
This makes the Builtin_Guests handling more dynamic,
by having a persistent storage for the memberships.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 7 Mar 2018 00:37:21 +0000 (01:37 +0100)]
s3:libnet_join: make use of create_builtin_guests()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 6 Mar 2018 21:47:42 +0000 (22:47 +0100)]
s3:passdb: add create_builtin_guests()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 1 Mar 2018 14:04:17 +0000 (15:04 +0100)]
s3:auth: rename "guest" methods to "anonymous"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Simo Sorce [Sun, 18 Mar 2018 18:15:30 +0000 (14:15 -0400)]
Remove dead code
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Mon Mar 19 20:29:28 CET 2018 on sn-devel-144
Simo Sorce [Sat, 17 Mar 2018 18:50:49 +0000 (14:50 -0400)]
Revert "Use "localhost" to be ipv6 only friendly"
This reverts commit
54548f6dde3cf74f0e90ef577a55fd720dca6d93.
Simo Sorce [Sat, 17 Mar 2018 18:07:37 +0000 (14:07 -0400)]
Use "localhost" to be ipv6 only friendly
Signed-off-by: Simo Sorce <idra@samba.org>
Jonathan Hunter [Mon, 19 Feb 2018 07:38:37 +0000 (07:38 +0000)]
Update help text for dbcheck
Update the help text for dbcheck, to make its behaviour clear (in
particular with reference to the difference between specifying "--yes"
on the command line, and answering "yes"/"all" to each individual
question)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 19 12:39:12 CET 2018 on sn-devel-144
Matt Selsky [Wed, 28 Feb 2018 06:00:04 +0000 (01:00 -0500)]
auth/kerberos: Fix typo in error message regarding fetching PAC using Heimdal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13311
Signed-off-by: Matt Selsky <matthew.selsky@twosigma.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrej Gessel [Wed, 12 Apr 2017 13:12:49 +0000 (15:12 +0200)]
bugfix memory leak. partition_dn is only used to search and compare and is not freed at the function end.
Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Martin Schwenke [Thu, 15 Mar 2018 04:42:57 +0000 (15:42 +1100)]
ctdb-scripts: Drop CTDBD_CONF internal test variable
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Mar 19 07:32:22 CET 2018 on sn-devel-144
Martin Schwenke [Tue, 13 Mar 2018 05:43:44 +0000 (16:43 +1100)]
ctdb-tests: Drop unused functions
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 13 Mar 2018 05:56:44 +0000 (16:56 +1100)]
ctdb-tests: Construct values for CTDB_BASES by hand
setup_ctdb_base() and node_dir() duplicate the construction of
CTDB_BASE. Drop the use of node_dir() and construct the values for
CTDB_BASES by hand.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 6 Mar 2018 01:32:30 +0000 (12:32 +1100)]
ctdb-tests: Use CTDB_BASE instead of node_dir
Simple test configuration is all relative to CTDB_BASE and node_dir is
redundant. Make this explicit by dropping most uses of node_dir.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 6 Mar 2018 01:29:52 +0000 (12:29 +1100)]
ctdb-tests: Use onnode to start/stop local daemons
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>