Garming Sam [Tue, 12 Jul 2016 00:44:10 +0000 (12:44 +1200)]
renamedc: Make a more targeted dbcheck
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Fri Jul 15 13:40:40 CEST 2016 on sn-devel-144
Garming Sam [Thu, 14 Jul 2016 11:54:59 +0000 (13:54 +0200)]
flapping: Remove dbcheck from flapping
This reverts commit
019bdcd0bbac1e10be75ba37a22d4255bb31ebd6.
The dbcheck should no longer be flapping now that the stale links are
cleaned up by an earlier check.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Jul 2016 22:36:38 +0000 (10:36 +1200)]
dbcheck.sh: Remove all the plausible stale links
This ensures the subsequent dbcheck doesn't fail. The reason these stale
links occur is because they are effectively one-way links at this point
we have no efficient method of checking the opposite end of a one-way
link (without doing a full traversal).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Jul 2016 22:31:50 +0000 (10:31 +1200)]
dbcheck: Split out valid stale DN links and invalid ones
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Jul 2016 01:30:35 +0000 (13:30 +1200)]
dbcheck.sh: Fix the arguments supplied as $@
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 11 Jul 2016 21:54:14 +0000 (09:54 +1200)]
tests/dbcheck: One way links are expected to be stale
Run a targeted dbcheck to fix only the one way links.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 11 Jul 2016 03:14:47 +0000 (15:14 +1200)]
dbcheck: change argument to specify a partial --yes
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 23:19:54 +0000 (11:19 +1200)]
dbcheck linked attribute tests: save environment with bad links
We save a database snapshot that contains linked attributes that
should have been deleted, and make sure dbcheck fixes those links
without ruining anything else.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 23:22:11 +0000 (11:22 +1200)]
blackbox/dbcheck-oldrelease: more accurate temp filename
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 28 Jun 2016 01:58:41 +0000 (13:58 +1200)]
s4/selftest/provisions/dump.sh: dump to target dir if supplied
This is clearly what was meant to happen.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 04:17:37 +0000 (16:17 +1200)]
dbcheck: check for linked atributes that should not exist
In order to do this we need to use the reveal internals control, which
breaks the comparison against extended DNs. So we compare the
components instead.
Because this patch makes our code notice and fix stale one-way-links
(eg, after a rename) now, the renamedc test needs to be adjusted to
match.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Garming Sam [Thu, 14 Jul 2016 11:53:23 +0000 (13:53 +0200)]
flapping: Add dbcheck to flapping
This is required as the tests will pass or not depending on if it is run
solely or not. This will be removed in the later patches.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 04:15:35 +0000 (16:15 +1200)]
dbcheck: cache linkIDs and reverse attribute names
This avoids fetching the same same schema things again and again.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Jul 2016 01:29:19 +0000 (13:29 +1200)]
extended_dn_out: Force showing of one-way links if they exist
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 14 Jul 2016 04:56:50 +0000 (16:56 +1200)]
link_attrs: Add tests for one way links (and pseudo one-way)
Tested against Win2012R2. The deactivated link control has no effect on either
one way links or pseudo ones (only two-way ones presumably).
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Jul 2016 06:03:33 +0000 (18:03 +1200)]
drs tests: querying linked attribute over DRS
Without the deactivated links control, we assert certain conditions over DRS
instead.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 04:35:08 +0000 (16:35 +1200)]
dsdb tests: add linked attribute tests
Note that this test will not work properly across ldap as the
marked-deleted linked attributes will not appear.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 5 Jul 2016 23:54:25 +0000 (11:54 +1200)]
dsdb: add vanish links control
Normally linked attributes are deleted by marking them as with RMD flags,
but sometimes we want them to vanish without trace. At those times we
set the DSDB_CONTROL_REPLMD_VANISH_LINKS control.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 5 Jul 2016 23:53:19 +0000 (11:53 +1200)]
repl_meta_data: free context on error in replmd_modify_la_delete()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 03:43:33 +0000 (15:43 +1200)]
replmd_modify_delete: check talloc_new()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 1 Jun 2016 21:25:00 +0000 (09:25 +1200)]
s4/dsdb/repl_meta_data: use local bool version of flag
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 14 Jul 2016 00:27:32 +0000 (12:27 +1200)]
match_rules: Make cleanup faster and more efficient
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 14 Jul 2016 00:28:58 +0000 (12:28 +1200)]
match_rules: Fix a duplicated check
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Jul 2016 05:41:51 +0000 (17:41 +1200)]
dbcheck: Script swallows input when given a carriage return
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Michael Adam [Thu, 14 Jul 2016 08:01:15 +0000 (10:01 +0200)]
build: avoid -Wtautological-compare errors from gcc6+ by disabling it globally
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 15 04:31:27 CEST 2016 on sn-devel-144
Michael Adam [Thu, 14 Jul 2016 07:58:28 +0000 (09:58 +0200)]
Revert "lib:dlinklist: avoid -Wtautological-compare errors with gcc6"
This reverts commit
5d85fd85467eb1f8941641d5f71d75e7d5c7234c.
Breaks compile for older (<= 4.4) gccs.
Needs to be done differently.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Michael Adam [Thu, 14 Jul 2016 07:58:15 +0000 (09:58 +0200)]
Revert "tevent: avoid -Wtautological-compare errors with gcc6"
This reverts commit
2991f7709973fdcc2c0b83bbe15dda3f1ceae9b3.
Breaks compile for older (<= 4.4) gccs.
Needs to be done differently.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Michael Adam [Thu, 14 Jul 2016 07:57:32 +0000 (09:57 +0200)]
Revert "ldb:dlinklist: avoid -Wtautological-compare errors with gcc6"
This reverts commit
7c9505e651287c5d4747b222af1fda970c562a00.
Breaks compile for older (<= 4.4) gccs.
Needs to be done differently.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 22 Jul 2015 09:19:08 +0000 (11:19 +0200)]
tdb: Don't malloc for every record in traverse
This gains a few percent in tdbbackup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jul 15 00:52:00 CEST 2016 on sn-devel-144
Volker Lendecke [Thu, 23 Jun 2016 11:24:02 +0000 (13:24 +0200)]
lib: Allow NULL blob for messaging_send()
... something I've wanted to do for ages :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 14 20:50:15 CEST 2016 on sn-devel-144
Volker Lendecke [Tue, 26 Apr 2016 14:24:33 +0000 (16:24 +0200)]
lib: Avoid a "procid_is_local" call
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Mon, 18 Apr 2016 14:40:22 +0000 (16:40 +0200)]
lib: Print own pid in messaging_init
This turned out to be some valuable debugging aid for me
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Ira Cooper [Wed, 13 Jul 2016 10:37:19 +0000 (12:37 +0200)]
ldb:dlinklist: avoid -Wtautological-compare errors with gcc6
We expect these macros to generate tautological compares
intentionally, so disabling the warning is just fine.
This lets --pick-developer work with gcc6 and newer.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 14 05:44:21 CEST 2016 on sn-devel-144
Michael Adam [Wed, 13 Jul 2016 10:36:21 +0000 (12:36 +0200)]
tevent: avoid -Wtautological-compare errors with gcc6
We expect these macros to generate tautological compares
intentionally, so disabling the warning is just fine.
This lets --picky-developer work with gcc6 and newer.
Pair-Programmed-With: Ira Cooper <ira@samba.org>
Signed-off-by: Ira Cooper <ira@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ira Cooper [Wed, 13 Jul 2016 10:35:13 +0000 (12:35 +0200)]
lib:dlinklist: avoid -Wtautological-compare errors with gcc6
We expect these macros to generate tautological compares
intentionally, so disabling the warning is just fine.
This lets --picky-developer work with gcc6 and newer.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Wed, 13 Jul 2016 20:09:48 +0000 (13:09 -0700)]
selftest: Add tunable for smb2.maxfid limit
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Michael Adam [Wed, 13 Jul 2016 11:22:54 +0000 (13:22 +0200)]
rpc_server: add mssing '#pragma GCC diagnostic push'
for completeness for later pop.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 14 02:02:33 CEST 2016 on sn-devel-144
Stefan Metzmacher [Mon, 11 Jul 2016 13:25:31 +0000 (15:25 +0200)]
python/remove_dc: handle dnsNode objects without dnsRecord attribute
If we have dnsNode objects without dnsRecord attribute values we trigger
the following error triggered by 'samba-tool domain demote --remove-other-dead-server=server2'
ERROR(<type 'exceptions.TypeError'>): uncaught exception - __ndr_unpack__()
argument 1 must be string or read-only buffer, not dnsp.DnssrvRpcRecord
File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175,
in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 720, in
run
remove_dc.remove_dc(samdb, logger, remove_other_dead_server)
File "/usr/lib64/python2.6/site-packages/samba/remove_dc.py", line 423, in
remove_dc
remove_dns_account=True)
File "/usr/lib64/python2.6/site-packages/samba/remove_dc.py", line 351, in
offline_remove_ntds_dc
remove_dns_account=remove_dns_account)
File "/usr/lib64/python2.6/site-packages/samba/remove_dc.py", line 266, in
offline_remove_server
remove_dns_references(samdb, logger, dnsHostName)
File "/usr/lib64/python2.6/site-packages/samba/remove_dc.py", line 186, in
remove_dns_references
for v in values if not to_remove(v) ]
File "/usr/lib64/python2.6/site-packages/samba/remove_dc.py", line 160, in
to_remove
dnsRecord = ndr_unpack(dnsp.DnssrvRpcRecord, value)
File "/usr/lib64/python2.6/site-packages/samba/ndr.py", line 45, in ndr_unpack
object.__ndr_unpack__(data, allow_remaining=allow_remaining)
A transaction is still active in ldb context [0xe1f320] on
tdb:///var/lib/samba/private/sam.ldb
"next" is used in perl not in python!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12018
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 13 10:10:30 CEST 2016 on sn-devel-144
Volker Lendecke [Tue, 12 Jul 2016 16:28:23 +0000 (18:28 +0200)]
dsdb: Fix CID
1363810: Null pointer dereferences
The if-condition explicitly tests for new_schema==NULL, so this seems to be a
valid error case. The DEBUG statement would segfault in this case.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 13 06:34:33 CEST 2016 on sn-devel-144
Christof Schmitt [Mon, 11 Jul 2016 18:32:19 +0000 (11:32 -0700)]
smbtorture: Add smb2.maxfid
This is the same as base.maxfid, but for the SMB2 protocol: Keep opening
file handles until an error is returned, print the number of file
handles opened and finally close the file handles again.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 11 Jul 2016 17:49:34 +0000 (10:49 -0700)]
selftest: Disable full audit logging in selftest
Commit
6eba42f activated the full_audit and time_audit modules for the
simpleserver config to trigger the check that all VFS functions are
implemented in these two modules. This resulted in all operations being
logged to syslog during a test run.
Change the full_audit configuration to keep loading the modules, but not
log anything from full_audit to not slow down the test or spam the logs.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Fri, 3 Jun 2016 02:39:21 +0000 (14:39 +1200)]
Remove unused stf directory
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 11 Jul 2016 04:05:49 +0000 (16:05 +1200)]
dsdb: Improve debugging during SD recursion failure
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Jul 13 02:59:25 CEST 2016 on sn-devel-144
Andrew Bartlett [Fri, 8 Jul 2016 19:47:15 +0000 (07:47 +1200)]
dsdb: Avoid search on * in replmd_replicated_apply_next()
A search on * can be quite expensive if we have to post-process any of the results
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Sat, 9 Jul 2016 04:38:14 +0000 (16:38 +1200)]
samba-tool drs replicate: Allow replication call to take as long as required
This matches the behaviour in the drsuapi server for DsReplicaSync
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Sat, 9 Jul 2016 04:36:52 +0000 (16:36 +1200)]
pyrpc: Allow control of RPC timeout for IRPC
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Tue, 12 Jul 2016 05:10:15 +0000 (17:10 +1200)]
tests: Allow alternative error code for backupkey test
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Michael Adam [Tue, 12 Jul 2016 08:23:24 +0000 (10:23 +0200)]
libads: improve debug messages in sitename_fetch()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jul 12 21:23:48 CEST 2016 on sn-devel-144
Michael Adam [Tue, 12 Jul 2016 11:16:27 +0000 (13:16 +0200)]
selftest: check for smbd on a 1-second basis.
Chance to reduce the overall time spent in checking for smbd
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Wed, 15 Jun 2016 23:00:13 +0000 (01:00 +0200)]
selftest: check for winbind on 1-second basis
There is a chance to reduce the overall time spent checking.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Tue, 12 Jul 2016 08:43:45 +0000 (10:43 +0200)]
libsmb:namequery: fix typo in comment in get_dc_list()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Nikolai Kondrashov [Wed, 29 Jun 2016 12:05:08 +0000 (15:05 +0300)]
tevent: Clarify apparently useless conditions
Comment on two similar conditions in tevent_standard.c, which,
otherwise, at a first glance, seem useless, i.e. always true.
The conditions checking glue->epoll_ops for being non-NULL, imply that
it *can* be NULL. A casual reader would not generally expect a "member"
function to modify its container's pointer in a container higher up, and
would assume that glue->epoll_ops could be NULL before the call,
resulting in a near-NULL pointer dereference.
However, in this case epoll_ops is indeed cleared in those "member"
functions, in the case of an epoll interface failure, to signify
fallback to poll interface.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Jul 12 13:56:41 CEST 2016 on sn-devel-144
Rowland Penny [Tue, 5 Jul 2016 06:49:00 +0000 (07:49 +0100)]
Fix typo in python/samba/provision/__init__.py
Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 12 06:58:47 CEST 2016 on sn-devel-144
Stefan Metzmacher [Wed, 6 Jul 2016 10:44:11 +0000 (12:44 +0200)]
libads: ensure the right ccache is used during spnego bind
When doing spnego sasl bind:
1. Try working without kinit only if a password is not
provided
2. When using kinit, ensure the KRB5CCNAME env var is set
to a private memory ccache, so that the bind is on behalf
of the requested user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12007
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 12 03:23:33 CEST 2016 on sn-devel-144
Stefan Metzmacher [Wed, 6 Jul 2016 10:48:11 +0000 (12:48 +0200)]
libads: ensure the right ccache is used during gssapi bind
When doing gssapi sasl bind:
1. Try working without kinit only if a password is not
provided
2. When using kinit, ensure the KRB5CCNAME env var is set
to a private memory ccache, so that the bind is on behalf
of the requested user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12007
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Sat, 9 Jul 2016 12:33:52 +0000 (14:33 +0200)]
s3-messaging: use messaging_ctdbd_reinit() in messaging_reinit()
This is the last step to fix a regression introduced by
3fe3226daa8488e0fa787c40359c3401b6f05fc0 and
3fe3226daa8488e0fa787c40359c3401b6f05fc0^
where we pass the ctdb-messaging object conn to db_open() and add a
reference to it to the private db_ctdb_ctx for later use. Unfortunately
reinit_after_fork() destroys conn, leaving us with an invalid reference.
The previous patches added new lower level functions
messaging_ctdbd_reinit() and ctdbd_reinit_connection(), finally use them
them from messaging_reinit(). They preserve the conn object and simply
reinitialize the IPC fd.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jul 11 23:45:20 CEST 2016 on sn-devel-144
Ralph Boehme [Sat, 9 Jul 2016 12:30:35 +0000 (14:30 +0200)]
s3-messaging/ctdb: add messaging_ctdbd_reinit()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Sat, 9 Jul 2016 11:20:01 +0000 (13:20 +0200)]
s3-messaging/ctdb: split messaging_ctdbd_init()
Split out and internal function from messaging_ctdbd_init() that does
the connection setup. Keep the conn object allocation in
messaging_ctdbd_init().
This is in preperation of adding messaging_ctdbd_reinit() which will use
the new internal function as well.
messaging_ctdbd_init_internal() has a new reinit flag,
messaging_ctdbd_init() calls with reinit=false resulting in unmodified
behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Sat, 9 Jul 2016 06:59:09 +0000 (08:59 +0200)]
ctdbd_conn: add ctdbd_reinit_connection()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Sat, 9 Jul 2016 06:48:49 +0000 (08:48 +0200)]
ctdbd_conn: split ctdbd_init_connection()
Split ctdbd_init_connection() into an internal function that does the
connection setup and only keep the conn object allocation in
ctdbd_init_connection().
This is in preperation of adding ctdbd_reinit_connection() which will
use the new internal function as well.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Tue, 21 Jun 2016 07:50:53 +0000 (09:50 +0200)]
ctdb: fix autotest with socket-wrapper installed in the system
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Jul 11 15:53:30 CEST 2016 on sn-devel-144
Amitay Isaacs [Fri, 8 Jul 2016 13:37:18 +0000 (23:37 +1000)]
swrap: Build socket_wrapper path relative to blddir
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Michael Adam [Mon, 11 Jul 2016 09:08:22 +0000 (11:08 +0200)]
autobuild: Don't compare socket wrapper so_path for xc check
This uses the build-directory which, hence is not the same.
Achieve this by adding the path itself and the whole
defines dictionary to the exclude list.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Garming Sam [Mon, 11 Jul 2016 05:20:40 +0000 (17:20 +1200)]
tests/dns_update: Add error message for diagnosis
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Jul 11 10:58:16 CEST 2016 on sn-devel-144
Ralph Boehme [Tue, 5 Jul 2016 13:38:31 +0000 (15:38 +0200)]
s3-rpc_server/mdssd: use smbd_reinit_after_fork()
Using smbd_reinit_after_fork() rather then reinit_after_fork() ensures
am_parent is reset to NULL. Otherwise, when exiting for some reason, the
inherited atexit handler killkids() calls kill(0,SIGTERM) terminating
our whole process group including the main smbd.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12016
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jul 11 02:02:33 CEST 2016 on sn-devel-144
Ralph Boehme [Tue, 5 Jul 2016 13:37:53 +0000 (15:37 +0200)]
smbd/notifyd: use smbd_reinit_after_fork()
Using smbd_reinit_after_fork() rather then reinit_after_fork() ensures
am_parent is reset to NULL. Otherwise, when exiting for some reason, the
inherited atexit handler killkids() calls kill(0,SIGTERM) terminating
our whole process group including the main smbd.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12016
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Tue, 5 Jul 2016 13:20:53 +0000 (15:20 +0200)]
smbd/cleanupd: use smbd_reinit_after_fork()
Using smbd_reinit_after_fork() rather then reinit_after_fork() ensures
am_parent is reset to NULL. Otherwise, when exiting for some reason, the
inherited atexit handler killkids() calls kill(0,SIGTERM) terminating
our whole process group including the main smbd.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12016
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andrew Bartlett [Mon, 21 Mar 2016 04:06:00 +0000 (17:06 +1300)]
Revert selftest: Add knownfail entry required to disable tombstone_reanimation
This reverts
e0fa42201b5ff1b2d67f1c3cdb0d3dbcce9b6e40
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jul 9 18:41:40 CEST 2016 on sn-devel-144
Andrew Bartlett [Mon, 21 Mar 2016 04:05:19 +0000 (17:05 +1300)]
Revert "dsdb: Disable tombstone_reanimation module until we isolate what causes flaky tests"
This reverts commit
252b62c54ed5a4aabbdccf315f1a0ae3d958d11c.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 07:30:04 +0000 (09:30 +0200)]
s4:dsdb/tests: add RestoreUserPwdObjectTestCase test
This is the same as RestoreUserObjectTestCase, but we
set the password on add and reanimate.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 13:26:18 +0000 (15:26 +0200)]
s4:dsdb/tests: improve the RestoreUserObjectTestCase test
We verify attributes, values and their replication metadata after
each step (add, delete, reanimate).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 13:24:21 +0000 (15:24 +0200)]
s4:dsdb/tests: improve tombstone_reanimation varifications
We should do case sensitive checks.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 13:21:03 +0000 (15:21 +0200)]
s4:dsdb/tests: make tombstone_reanimation.py executable
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 04:23:53 +0000 (06:23 +0200)]
s4:dsdb/tests: make use assertAttributesEqual() in RestoreUserObjectTestCase()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 12:37:54 +0000 (14:37 +0200)]
s4:dsdb/tombstone_reanimate: restructure the module logic
Now we keep all state in struct tr_context and split
the preparation and exectution of sub requests into
helper functions.
The most important change is that we now
pass mod_req to dsdb_user_obj_set_defaults(),
so that it can add controls to it.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 08:43:19 +0000 (10:43 +0200)]
s4:dsdb/common: prepare dsdb_user_obj_set_defaults() for tombstone reanimation
accountExpires gets a different value, logonHours is not updated,
operatorCount and adminCount are added.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 08:47:41 +0000 (10:47 +0200)]
s4:dsdb/repl_meta_data: remove secret attributes on delete
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 08:15:29 +0000 (10:15 +0200)]
s4:dsdb/repl_meta_data: sort preserved_attrs and add "msDS-PortLDAP"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 12:52:50 +0000 (14:52 +0200)]
s4:password_hash: correctly update pwdLastSet on deleted objects.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 12:38:06 +0000 (14:38 +0200)]
s4:dsdb/samdb: add const to dsdb_make_object_category()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 06:46:43 +0000 (08:46 +0200)]
drsuapi.idl: add DRSUAPI_ATTID_operatorCount and DRSUAPI_ATTID_adminCount
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 8 Jul 2016 00:54:40 +0000 (12:54 +1200)]
selftest: Add more tests for samba-tool drs replicate
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 8 13:39:01 CEST 2016 on sn-devel-144
Andrew Bartlett [Fri, 8 Jul 2016 00:54:22 +0000 (12:54 +1200)]
samba-tool: Add --local-online mode to samba-tool drs replicate
This mode avoids an issue with using -P on an RODC, instead using an IRPC message
to trigger online replication right away
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 8 Jul 2016 00:53:09 +0000 (12:53 +1200)]
samba-tool: Add success message to samba-tool drs replicate --local
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Garming Sam [Fri, 8 Jul 2016 02:53:22 +0000 (14:53 +1200)]
schema: raise debug level
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 6 Jul 2016 04:57:26 +0000 (16:57 +1200)]
schema: Remove unnecessary schema reload code
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 7 Jul 2016 14:04:14 +0000 (16:04 +0200)]
s4:torture/drs: verify the whole metadata array to be the same in the repl_move tests
We've removed the difference compared to Windows and store metadata stamps for
some empty attributes.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 7 Jul 2016 15:56:37 +0000 (17:56 +0200)]
Revert "selftest/flapping: mark samba4.drs.repl_move.python as temporary flapping"
We pass this tests again...
This reverts commit HEAD~2.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 1 Jun 2016 21:25:22 +0000 (23:25 +0200)]
s4:dsdb/password_hash: force replication meta data for empty password attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 7 Jul 2016 13:44:47 +0000 (15:44 +0200)]
s4:dsdb/common: add a replication metadata stamp for an empty logonHours attribute
When a user object is created it gets a metadata stamp for logonHours,
while the logonHours attribute has no value.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 7 Jul 2016 14:14:05 +0000 (16:14 +0200)]
selftest/flapping: mark samba4.drs.repl_move.python as temporary flapping
We'll change the behaviour step by step to match Windows.
At the end we'll pass the test again and revert this patch.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 1 Jun 2016 22:30:01 +0000 (00:30 +0200)]
tests:samba3sam: make use of the dsdb_flags_ignore module
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 1 Jun 2016 22:08:54 +0000 (00:08 +0200)]
s4:samba_dsdb: add "dsdb_flags_ignore" module
This module removes internal flags from ldb_message_elements.
Typically the repl_meta_data module handles DSDB_FLAG_INTERNAL_FORCE_META_DATA,
but there're some cases where we don't use that module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 1 Jun 2016 21:13:21 +0000 (23:13 +0200)]
s4:dsdb/samdb: add DSDB_FLAG_INTERNAL_FORCE_META_DATA
With this it's possible to add a replPropertyMetaData entry for an empty
attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 28 Apr 2016 00:24:52 +0000 (02:24 +0200)]
CVE-2016-2019: s3:selftest: add regression tests for guest logins and mandatory signing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Jul 7 14:52:20 CEST 2016 on sn-devel-144
Stefan Metzmacher [Thu, 28 Apr 2016 00:36:35 +0000 (02:36 +0200)]
CVE-2016-2019: s3:libsmb: add comment regarding smbXcli_session_is_guest() with mandatory signing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 20 Apr 2016 09:26:57 +0000 (11:26 +0200)]
CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing
Note real anonymous sessions (with "" as username) don't hit this
as we don't even call smb2cli_session_set_session_key() in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 6 Jul 2016 12:24:25 +0000 (14:24 +0200)]
testprogs: Do not use the deprecated samba-tool user add
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 7 02:15:16 CEST 2016 on sn-devel-144
Stefan Metzmacher [Thu, 12 May 2016 15:31:47 +0000 (17:31 +0200)]
s3:libsmb/clirap: remove unused cli_get_server_*() functions
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 6 22:41:41 CEST 2016 on sn-devel-144
Stefan Metzmacher [Mon, 9 May 2016 14:14:04 +0000 (16:14 +0200)]
libcli/auth: remove unused variable in msrpc_parse()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>