Amitay Isaacs [Thu, 1 Jun 2017 06:03:43 +0000 (16:03 +1000)]
ctdb-client: Document ctdb client API
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Jun 7 20:19:06 CEST 2017 on sn-devel-144
Amitay Isaacs [Thu, 1 Jun 2017 04:22:03 +0000 (14:22 +1000)]
ctdb-client: Move eventd API to a separate header
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Sat, 6 May 2017 10:01:30 +0000 (20:01 +1000)]
ctdb-client: Move sync API to a separate header
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 19 Apr 2017 01:46:48 +0000 (11:46 +1000)]
ctdb-client: Move ctdb_ctrl_modflags() to ctdb tool
This function is only required by the tool.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 18 Apr 2017 06:44:29 +0000 (16:44 +1000)]
ctdb-client: Add async api for detaching a database
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 18 Apr 2017 06:22:12 +0000 (16:22 +1000)]
ctdb-client: Create sync wrappers for managing message handlers
This wraps the entire async computation for setting and removing message
handlers instead of calling multiple sync calls.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 4 Apr 2017 08:30:01 +0000 (18:30 +1000)]
ctdb-tools: Use traverse api to re-implement ctdb catdb command
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 4 Apr 2017 08:25:28 +0000 (18:25 +1000)]
ctdb-client: Refactor cluster-wide database traverse api
This implements the async version of the traverse code in the ctdb tool
for catdb command.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 1 Jun 2017 06:43:55 +0000 (16:43 +1000)]
ctdb-protocol: Allocate SRVID range for ctdb client
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 4 Apr 2017 07:31:11 +0000 (17:31 +1000)]
ctdb-client: Rename ctdb_db_travese to ctdb_db_traverse_local
This function only traverses the database on local node.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Richard Sharpe [Tue, 6 Jun 2017 20:34:51 +0000 (13:34 -0700)]
Log the actual error returned when creating a pipe for client logging in CTDB fails. Helps with debugging issues.
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 7 09:22:29 CEST 2017 on sn-devel-144
Andreas Schneider [Tue, 6 Jun 2017 15:54:18 +0000 (17:54 +0200)]
s3:tests: Add a test which checks that the smbclient session setup works
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 6 Jun 2017 15:29:16 +0000 (17:29 +0200)]
s3:libsmb: Fix printing the session setup information
This fixes a regression and prints the session setup on connect again:
Domain=[SAMBA-TEST] OS=[Windows 6.1] Server=[Samba 4.7.0pre1-DEVELOPERBUILD]
smb: \>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 6 Jun 2017 15:27:44 +0000 (17:27 +0200)]
libcli:smb: Fix pulling strings from the wire
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 6 Jun 2017 14:07:10 +0000 (16:07 +0200)]
libcli:util: Update werror table
This adds ERROR_PRINTER_DRIVER_DOWNLOAD_NEEDED for MS-PAR.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Garming Sam [Wed, 15 Mar 2017 03:40:16 +0000 (16:40 +1300)]
selftest/rodc: Do not run in single mode, this causes deadlocks
Attempting to 'ls' the file server against a single process AD will get
stuck. This also appears as the KDC being busy.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Jun 7 05:14:17 CEST 2017 on sn-devel-144
Noel Power [Fri, 2 Jun 2017 14:50:48 +0000 (15:50 +0100)]
s3/utils: Add warning to testparm for "client ipc signing" param values
We should warn about security sensitive settings where we can,
client ipc signing has 2 values that can allow connections to proceed
without SMB signing. This may be unavoidable (e.g. connecting to legacy
systems) but nevertheless it is worthwhile to warn.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 6 22:40:12 CEST 2017 on sn-devel-144
Andreas Schneider [Fri, 12 May 2017 12:13:42 +0000 (14:13 +0200)]
unittest: Add testsuite for smb_probe_module()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 15 May 2017 09:08:19 +0000 (11:08 +0200)]
lib:util: Make loading of modules more secure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 15 May 2017 09:05:59 +0000 (11:05 +0200)]
lib:util: Make probing of modules more secure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 15 May 2017 08:49:07 +0000 (10:49 +0200)]
lib:util: Rename smb_load_modules()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 15 May 2017 07:06:51 +0000 (09:06 +0200)]
lib:util: Add new function to load modules from absolute path
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 11 May 2017 09:29:25 +0000 (11:29 +0200)]
unittest: Add testsuite for is_known_pipename()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 11 May 2017 09:29:50 +0000 (11:29 +0200)]
wafsamba: Pass down the install argument for samba modules
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 29 May 2017 19:13:16 +0000 (21:13 +0200)]
lib: Fix illegal use of 0-length arrays
Found and confirmed to work by albert chin (china@thewrittenword.com)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Anoop C S [Mon, 5 Jun 2017 16:40:44 +0000 (22:10 +0530)]
wscript: Fix some typos
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 6 05:26:37 CEST 2017 on sn-devel-144
Douglas Bagnall [Thu, 1 Jun 2017 03:26:48 +0000 (15:26 +1200)]
selftest: use an additional directory of knownfail/flapping files
This makes it easier to add a temporary knownfail to cover a patch
series.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jun 3 13:55:41 CEST 2017 on sn-devel-144
Christof Schmitt [Fri, 2 Jun 2017 23:16:16 +0000 (16:16 -0700)]
vfs_gpfs: Fix compile error in gpfsacl_sys_acl_set_fd
../source3/modules/vfs_gpfs.c: In function ‘gpfsacl_sys_acl_set_fd’:
../source3/modules/vfs_gpfs.c:1280:6: error: passing argument 2 of ‘gpfsacl_sys_acl_set_file’ from incompatible pointer type [-Werror]
SMB_ACL_TYPE_ACCESS, theacl);
^
../source3/modules/vfs_gpfs.c:1235:12: note: expected ‘const struct smb_filename *’ but argument is of type ‘char *’
static int gpfsacl_sys_acl_set_file(vfs_handle_struct *handle,
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 3 05:52:32 CEST 2017 on sn-devel-144
Andreas Schneider [Thu, 1 Jun 2017 12:28:08 +0000 (14:28 +0200)]
s4:torture: Fix comparison between pointer and zero character constant
Fixes building with GCC 7.1
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 1 23:42:58 CEST 2017 on sn-devel-144
Andreas Schneider [Thu, 1 Jun 2017 12:24:42 +0000 (14:24 +0200)]
waf: Do not trhow a format-truncation error for test/snprintf.c
This fixes building with GCC 7.1
Error:
../lib/replace/test/testsuite.c:355:6: error: ‘%d’ directive output
truncated writing 1 byte into a region of size 0
[-Werror=format-truncation=]
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 1 Jun 2017 12:16:56 +0000 (14:16 +0200)]
replace: Use the same size as d_name member of struct dirent
This fixes an error with GCC 7.1
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Gary Lockyer [Tue, 30 May 2017 22:35:25 +0000 (10:35 +1200)]
password_hash: conditional compilation for crypt_r
Add check for crypt_r, and if absent fall back to crypt
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Garming Sam [Thu, 1 Jun 2017 02:36:07 +0000 (14:36 +1200)]
dnsserver: Stop dns_name_equal doing OOB read
This has been the cause of a large number of flakey autobuilds. Every
now and again dns_name_equal would not be equal between two empty
strings, thus causing failures.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12813
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 1 19:34:38 CEST 2017 on sn-devel-144
Martin Schwenke [Thu, 1 Jun 2017 04:37:40 +0000 (14:37 +1000)]
ctdb-common: Fix crash in logging initialisation
Setting CTDB_LOGGING to syslog:nonblocking or syslog:udp will cause
ctdbd to crash at startup due to NULL pointer dereference.
Refactoring in commit
c9124a001f5abf7bb577a8f5341da4cc7411ed22
introduced this regression.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12814
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Jun 1 15:26:19 CEST 2017 on sn-devel-144
Andreas Schneider [Tue, 30 May 2017 11:58:43 +0000 (13:58 +0200)]
mit_samba: Fix the MIT KDC build with the latest changes
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Jun 1 07:12:47 CEST 2017 on sn-devel-144
Jeremy Allison [Thu, 25 May 2017 23:42:04 +0000 (16:42 -0700)]
s3: VFS: Change SMB_VFS_GETXATTR to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 1 02:58:53 CEST 2017 on sn-devel-144
Jeremy Allison [Thu, 25 May 2017 19:41:31 +0000 (12:41 -0700)]
s3: VFS: Change SMB_VFS_SETXATTR to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 24 May 2017 18:35:50 +0000 (11:35 -0700)]
s3: VFS: Change SMB_VFS_REMOVEXATTR to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 23 May 2017 20:12:29 +0000 (13:12 -0700)]
s3: VFS: Change SMB_VFS_LISTXATTR to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 24 May 2017 17:47:46 +0000 (10:47 -0700)]
s3: VFS: Change SMB_VFS_SYS_ACL_SET_FILE to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 24 May 2017 00:35:59 +0000 (17:35 -0700)]
s3: VFS: Change SMB_VFS_SYS_ACL_BLOB_GET_FILE to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 24 May 2017 00:11:18 +0000 (17:11 -0700)]
s3: VFS: Change SMB_VFS_SYS_ACL_GET_FILE to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Requires a few extra cleanups in calling code.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 23 May 2017 22:33:31 +0000 (15:33 -0700)]
s3: VFS: Change SMB_VFS_SYS_ACL_DELETE_DEF_FILE to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 30 May 2017 18:46:49 +0000 (11:46 -0700)]
s3: lib: Add new utility function cp_smb_filename_nostream().
Will be needed when we migrate lower-level VFS functions to
take an struct smb_filename *, especially the SYS_ACL and
XATTR modification modules, as these must ignore a passed-in
stream name.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Thu, 11 May 2017 23:55:45 +0000 (01:55 +0200)]
dsdb: Use ldb_handle_use_global_event_context for rootdse modifies
The modify operations on the rootDSE turn into IRPC messages, and these need
to be handled on the global event context, not the per-operation context
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 31 10:47:46 CEST 2017 on sn-devel-144
Andrew Bartlett [Thu, 30 Mar 2017 00:25:35 +0000 (13:25 +1300)]
schema: Use ldb_schema_set_override_indexlist for faster index selection
This allows Samba to provide a binary tree lookup for the existance of an index on the attribute
rather than the O(n) lookup that was being done for each attribute during a search or modify
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 30 Mar 2017 00:54:58 +0000 (13:54 +1300)]
ldb: Version 1.1.30
* let ldbdump parse the -i option
* don't allow the reveal_internals control for ldbedit
* only allow --show-binary for ldbsearch
* don't let ldbsearch create non-existing files
* fix ldb_tdb search inconsistencies
* add cmocka based tests
* provide an interface for improved indexing for callers
like Samba, which will allow much better performance.
* Makes ldb access to tdb:// databases use a private event context
rather than the global event context passed in by the caller.
This is because running other operations while locks are held
or a search is being conducted is not safe.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 30 May 2017 09:12:33 +0000 (21:12 +1200)]
ldb: Add Doxygen documentation for ldb_handle_use_global_event_context()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 30 May 2017 09:17:57 +0000 (21:17 +1200)]
ldb: Add Doxygen docs for ldb_set_require_private_event_context()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 4 May 2017 09:39:21 +0000 (11:39 +0200)]
ldb: Add Doxygen docs for ldb_handle_get_event_context()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 30 May 2017 09:04:02 +0000 (21:04 +1200)]
ldb: Add Doxygen docs for ldb_schema_set_override_indexlist()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 30 May 2017 09:00:34 +0000 (21:00 +1200)]
ldb: Add Doxygen docs for ldb_schema_attribute_set_override_handler
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 30 May 2017 08:57:23 +0000 (20:57 +1200)]
ldb: Add Doxygen comments for ldb_req_*trusted() functions
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 30 May 2017 02:59:16 +0000 (14:59 +1200)]
ldb: Add test for ldb_build_search_req()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 30 May 2017 02:39:49 +0000 (14:39 +1200)]
ldb: Add tests for new ldb handle and event context behaviour
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 5 May 2017 06:25:40 +0000 (08:25 +0200)]
ldb: Add ldb_handle_use_global_event_context()
This will allow the IRPC to be processed in the main event loop of the
server, not the private event context for this request
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 12 May 2017 00:30:01 +0000 (02:30 +0200)]
ldb: Use the private event context in ldb_tdb and ldb_wait()
This enables the previous commits, and ensures that ldb_tdb is safe from operations while locks
are held
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 12 May 2017 00:28:02 +0000 (02:28 +0200)]
ldb: Force use of a private event context in ldb_tdb
ldb_tdb holds locks while making callbacks, so force the use of a per-request event context
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 12 May 2017 00:26:04 +0000 (02:26 +0200)]
ldb: Create private event contexts in top level requests, chain to children
We must ensure that the ldb_request we call ldb_wait() will share an event context with all
the eventual request that the ldb backend creates events on
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 12 May 2017 00:21:28 +0000 (02:21 +0200)]
ldb: Add ldb_set_require_private_event_context()
This will allow us to force use of the global event context for use when Samba
must make an IRPC call from within the ldb stack, to another part of the same
process
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 4 May 2017 09:39:21 +0000 (11:39 +0200)]
ldb: Add ldb_handle_get_event_context()
This will allow us to obtain a private event context for use while we hold
locks in ldb_tdb, that is not shared with the global state of the application.
This will ensure we do not perform other operations while we hold the lock
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 4 May 2017 20:27:24 +0000 (22:27 +0200)]
ldb: Add ldb_build_req_common() helper function
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 30 May 2017 01:53:01 +0000 (13:53 +1200)]
ldb: Add tests for the schema and index override hooks
Because this uses ldb_private.h we no longer build the
test binary if we are building against a system ldb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 30 May 2017 00:47:58 +0000 (12:47 +1200)]
ldb: Move test_ldb_attrs_case_insensitive closer to setup/teardown functions
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 30 Mar 2017 00:10:22 +0000 (13:10 +1300)]
ldb_tdb: Avoid reading the index list from the DB if we are already set to override it
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 30 Mar 2017 00:23:44 +0000 (13:23 +1300)]
ldb: Allow a caller (in particular Samba) to handle the list of attributes with an index
By doing that, Samba will use a binary search to locate the attributes
rather than an O(n) search, during every search or modify of the database.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 30 Mar 2017 00:21:34 +0000 (13:21 +1300)]
ldb_tdb: consistently use ltdb->cache->attribute_indexes to determine if we have indexes
This is instead of checking the number of elements via ltdb->cache->indexlist->num_elements
In turn, this allows us to avoid fetching ltdb->cache->indexlist in the future
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 30 Mar 2017 00:07:16 +0000 (13:07 +1300)]
ldb_tdb: change the arguments to ldb_is_indexed() to provide the ltdb_private
By doing this, we can be more efficient in locating if we have an index in
the future.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 30 Mar 2017 00:10:08 +0000 (13:10 +1300)]
ldb_tdb: Split index load out into a sub-funciton: ltdb_index_load
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andreas Schneider [Tue, 21 Mar 2017 14:45:34 +0000 (15:45 +0100)]
s3:smbd: Set up local and remote address for fake connection
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12687
Pair-Programmed-With: Ralph Boehme <slow@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 31 06:33:00 CEST 2017 on sn-devel-144
Andreas Schneider [Tue, 21 Mar 2017 14:32:37 +0000 (15:32 +0100)]
s3:smbd: Pass down remote and local address to get_referred_path()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12687
Pair-Programmed-With: Ralph Boehme <slow@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 29 May 2017 14:15:50 +0000 (16:15 +0200)]
lib: Remove use of MSG_NOSIGNAL
According to susv4 sendmsg, NOSIGAL is effective for stream-oriented sockets.
Datagram sockets won't send SIGPIPE anyway. Looking at Linux kernel sources,
this is only looked at in stream functions. I guess this is a left-over from my
tmsgd attempts, which was based on stream sockets. messaging_dgm still only
uses datagram sockets, so MSG_NOSIGNAL is not needed here.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12502
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue May 30 16:39:12 CEST 2017 on sn-devel-144
Stefan Metzmacher [Wed, 26 Apr 2017 13:25:43 +0000 (15:25 +0200)]
s4:lib/com: remove unused pycom binding
This is completely untested and from reading the code it doesn't really
do anything beside always returning None from the get_class_object() method.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 30 12:16:57 CEST 2017 on sn-devel-144
Stefan Metzmacher [Mon, 29 May 2017 07:37:09 +0000 (09:37 +0200)]
s4:librpc: restore inhibit_timeout_processing = true during gensec_update_send/recv()
As not all gensec backends are fully async yet, we need the
inhibit_timeout_processing workarround in order to protect
against nested event loops.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 29 May 2017 07:32:12 +0000 (09:32 +0200)]
Revert "s4:librpc: simplify dcerpc_connect_timeout_handler() logic"
This reverts commit
2c3e99d1697b83f7dd498596a274fe2e8e96116d.
As the source4 backends for kerberos still use nested event loops,
we need to restore this for now.
We should reapply this once all backends are fully async.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 24 May 2017 04:11:17 +0000 (06:11 +0200)]
s4:auth: use talloc_reparent() in samba_server_gensec_krb5_start()
This matches logic of samba_server_gensec_start() and avoids warnings like this:
WARNING: talloc_steal with references at ../source4/auth/samba_server_gensec.c:150
reference at ../auth/gensec/gensec_start.c:586
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 22 May 2017 03:08:27 +0000 (15:08 +1200)]
tests/rodc: Check that new passwords trigger wiping on RODC
This appears to have been working correctly, but we just haven't had a test for it.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 22 May 2017 01:59:22 +0000 (13:59 +1200)]
getncchanges: Do not filter EXOPs using highwatermark
Prior to this patch, any REPL_SECRETS could be filtered accidentally.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 20 Apr 2017 23:29:48 +0000 (11:29 +1200)]
rpc_server: Move SID helpers into common
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 19 Apr 2017 00:50:55 +0000 (12:50 +1200)]
netlogon: Add necessary security checks for SendToSam
We eliminate a small race between GUID -> DN and ensure RODC can only
reset bad password count on accounts it is allowed to cache locally.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 26 Apr 2017 04:32:51 +0000 (16:32 +1200)]
tests/rodc: Check SID restriction for SendToSam
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Fri, 21 Apr 2017 03:21:58 +0000 (15:21 +1200)]
tests/rodc: Add password lockout tests with RODC-auth, RWDC-check
This occurs when the password is preloaded, and the bad logins and
successes must be forwarded the the RWDC.
The password server MUST be localdc.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 26 Apr 2017 04:11:28 +0000 (16:11 +1200)]
selftest: Ensure rodc environment uses localdc as winbind partner
This is required for password lockout testing.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Tue, 11 Apr 2017 03:51:50 +0000 (15:51 +1200)]
netlogon: Implement SendToSam along with its winbind forwarding
This allows you to forward bad password count resets to 0. Currently,
there is a missing access check for the RODC to ensure it only applies
to cached users (msDS-Allowed-Password-Replication-Group).
(further patches still need to address forcing a RWDC contact)
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 20 Apr 2017 04:55:58 +0000 (16:55 +1200)]
netlogon_creds_cli: Do not corrupt authenticator state on application level errors
If the NETLOGON response was an error e.g. NT_STATUS_NOT_IMPLEMENTED, any subsequent
calls failed with NT_STATUS_ACCESS_DENIED. This is likely to be the cause of RODC DNS
updates falling off and never continuing.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 3 Apr 2017 23:57:01 +0000 (11:57 +1200)]
kdc: Send bad password via NETLOGON in RODC
This means that a RWDC will be collecting the badPwdCount to ensure
domain wide lockout.
TODO The parameters should be better constructed.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 3 Apr 2017 04:11:35 +0000 (16:11 +1200)]
hdb: Dupe a copy of repl secrets into the KDC
When you have an RODC, this will force the fetch of secrets if not found here
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 3 Apr 2017 03:49:45 +0000 (15:49 +1200)]
auth_sam: Make auth_sam_trigger_repl_secret more generic
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 3 Apr 2017 03:22:08 +0000 (15:22 +1200)]
rodc: Set non-authoritative for RODC bad passwords
This requires as a pre-requisite that the auth stack is not run twice.
We remove the knownfail introduced in the earlier patch.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 26 Apr 2017 01:41:03 +0000 (13:41 +1200)]
tests/rodc: Test for NTLM wrong password forwarding
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 3 Apr 2017 03:26:12 +0000 (15:26 +1200)]
auth_winbind: Allow badPwdCount to be set to 0 with this auth method
We rely on the other SAM modules to increment the badPwdCount locally,
but we must reset to 0 if the remote sends a success (to override our
failure).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 12 Apr 2017 02:12:32 +0000 (14:12 +1200)]
winbindd: Do not run SAM auth stack in winbind SamLogon
pdbtest.s4winbind no longer is applicable without a live NETLOGON
connection.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 3 Apr 2017 03:21:29 +0000 (15:21 +1200)]
auth4: Add authoritative flag to check_password
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Tue, 4 Apr 2017 00:42:17 +0000 (12:42 +1200)]
libads: Decide to have no fallback option
Before this change, it would always possibly choose another server at
random despite later using the original principal when it got back to
the connection initialization in the the winbind connection manager.
This caused bizarre authentication failures.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 20 Mar 2017 23:24:30 +0000 (12:24 +1300)]
winbindd_cm: Pass cm_open_connection the need_rw_dc flag
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 20 Mar 2017 22:56:39 +0000 (11:56 +1300)]
winbindd_cm: Call dcip_check_name even when fetching from cache
This is so that we can ensure that the DC is RWDC if required.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 20 Mar 2017 22:15:13 +0000 (11:15 +1300)]
winbindd_cm: Rename dcip_to_name to the more accurate dcip_check_name
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 20 Mar 2017 04:04:12 +0000 (17:04 +1300)]
winbindd_cm: Add new parameter to getdc and find_new_dc calls
This is to enforce the requirements on the remote DC.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 20 Mar 2017 02:56:37 +0000 (15:56 +1300)]
winbindd_cm: Add new parameter for dcip_to_name
This is used to check the appropriateness of the DC given.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 20 Mar 2017 02:37:12 +0000 (15:37 +1300)]
libads: Check cldap flags in libads/ldap
Pass down request flags and check they are respected with the response
flags. Otherwise, error out and pretend the connection never happened.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>