Volker Lendecke [Fri, 9 Feb 2018 09:27:55 +0000 (10:27 +0100)]
winbind: Improve child selection
This improves the situation when a client request blocks a winbind
child. This might be a slow samlogon or lookupnames to a domain that's
far away. With random selection of the child for new request coming in
we could end up with a long queue when other, non-blocked children
could serve those new requests. Choose the shortest queue.
This is an immediate and simple fix. Step two will be to have a
per-domain and not a per-child queue. Right now we're pre-selecting
the check-out queue at Fry's randomly without looking at the queue
length. With this change we're picking the shortest queue. The better
change will be what Fry's really does: One central queue and red/green
lights on the busy/free checkout counters.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Feb 12 19:51:35 CET 2018 on sn-devel-144
Douglas Bagnall [Fri, 9 Feb 2018 10:09:41 +0000 (23:09 +1300)]
tests/samba-tool user wdigest: fix a flapping test
The output of something like
samba-tool user getpassword $USER --attributes virtualWDigest01
contains an LDIF section with long strings folded on the 77th column.
To unfold this LDIF we were using:
result = re.sub(r"\n\s*", '', out)
which worked fine EXCEPT when a space in the output happened to land
immediately after the fold and got eaten by the \s*.
Instead we remove just a single space after the line break, because
that is always what fold_string() in lib/ldb/common/ldb_ldif.c
inserts, and for this simple replacement we don't need the re module.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb 12 05:21:01 CET 2018 on sn-devel-144
Douglas Bagnall [Fri, 9 Feb 2018 01:29:43 +0000 (14:29 +1300)]
tests: SambaToolCmdTest.assertMatch() indicates what was asserted
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 22:13:12 +0000 (23:13 +0100)]
winbindd: WBFLAG_PAM_AUTH_PAC should call add_trusted_domain_from_auth() is the result is trusted
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Feb 10 13:08:50 CET 2018 on sn-devel-144
Stefan Metzmacher [Fri, 9 Feb 2018 07:38:18 +0000 (08:38 +0100)]
winbindd: rename winbindd_pam_auth_pac_send and let it return validation
Just a preperational step. The next commit will update the caller to
make use of the validation info.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 22:10:42 +0000 (23:10 +0100)]
winbindd: complete WBFLAG_PAM_AUTH_PAC handling in winbindd_pam_auth_crap_send()
winbindd_pam_auth_crap_recv() should not have any real logic.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 22:02:26 +0000 (23:02 +0100)]
winbindd: let winbindd_pam_auth_pac_send() compute info6 from PAC
This way we don't loose the DNS info and UPN. A subsequent commit will
let winbindd_pam_auth_pac_send() return the full validation info.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 21:00:35 +0000 (22:00 +0100)]
winbindd: call add_trusted_domain_from_auth() in winbindd_pam_auth_crap_done()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13262
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 20:34:46 +0000 (21:34 +0100)]
winbindd: get netr_SamInfo6 out of winbindd_dual_pam_auth_kerberos()
This way we don't loose dns_domain_name and user principal.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13261
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 20:32:53 +0000 (21:32 +0100)]
s3/rpc_client: add map_info6_to_validation()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13261
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 20:32:25 +0000 (21:32 +0100)]
s3/auth: add create_info6_from_pac()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13261
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 16:58:07 +0000 (17:58 +0100)]
s4/auth_winbind: ask for validation level 6
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13260
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 16:57:37 +0000 (17:57 +0100)]
winbindd: allow validation level 6 in winbind_SamLogon
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13260
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 16:53:49 +0000 (17:53 +0100)]
s3/rpc_client: add copy_netr_SamInfo6() and map_validation_to_info6()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13260
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 2 Feb 2018 14:24:00 +0000 (15:24 +0100)]
winbindd: introduce a cm_connect_netlogon_secure() which gives a valid netlogon_creds_ctx
At lot of callers require a valid schannel connection.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13259
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 16:39:15 +0000 (17:39 +0100)]
winbindd: handle interactive logons in _winbind_SamLogon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 16:37:54 +0000 (17:37 +0100)]
winbindd: pass 'bool interactive' to winbind_dual_SamLogon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 8 Feb 2018 16:23:49 +0000 (17:23 +0100)]
winbindd: add a comment to a parameter in _winbind_SamLogon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 15:36:45 +0000 (16:36 +0100)]
winbindd: separate plaintext given and interactive in winbind_samlogon_retry_loop()
We need to handle 4 cases:
plaintext_given=true interactive=true
plaintext_given=false interactive=true
plaintext_given=true interactive=false
plaintext_given=false interactive=false
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 9 Feb 2018 15:15:18 +0000 (16:15 +0100)]
s3/rpc_client: add rpccli_netlogon_interactive_logon()
This will be used in a subsequent commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 23 Jan 2018 22:19:32 +0000 (23:19 +0100)]
winbindd: add_trusted_domain_from_auth() should not use dns_name = ""
Check whether the DNS domain name in the info6 struct is actually more
then just an empty string. If it is we want to call add_trusted_domain()
with NULL as DNS domain name argument.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13257
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Sun, 4 Feb 2018 21:48:01 +0000 (22:48 +0100)]
wbinfo: avoid segfault in wbinfo_auth_crap() if winbindd is not available
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13256
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 31 Jan 2018 07:22:07 +0000 (08:22 +0100)]
winbindd: fix debug message in find_default_route_domain() on a DC
As we don't support multiple domains in a forest yet,
we don't need to print a warning a log level 0.
This also adds a missing \n.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13255
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 15:35:52 +0000 (16:35 +0100)]
s4/rpc_server: trigger trusts reload in winbindd after successfull trust info acquisition
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 15:35:13 +0000 (16:35 +0100)]
winbindd: rename MSG_WINBIND_NEW_TRUSTED_DOMAIN to MSG_WINBIND_RELOAD_TRUSTED_DOMAINS
This reflects the new implementation in winbindd.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 10:32:30 +0000 (11:32 +0100)]
s4/rpc_server: remove unused data argument from MSG_WINBIND_NEW_TRUSTED_DOMAIN
winbindd doesn't use that data anymore.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 10:30:53 +0000 (11:30 +0100)]
winbindd: use add_trusted_domains_dc in wb_imsg_new_trusted_domain
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 10:28:20 +0000 (11:28 +0100)]
winbindd: move loading of trusted domains on a DC to a seperate function
This allows using the split out function in a subsequent commit in the
MSG_WINBIND_NEW_TRUSTED_DOMAIN message handler.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13237
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 12:02:04 +0000 (13:02 +0100)]
winbindd: don't force using LSA_LOOKUP_NAMES_ALL for non workstation trusts.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13236
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:57:11 +0000 (12:57 +0100)]
s3:rpc_client: pass down lsa_LookupNamesLevel to dcerpc_lsa_lookup_sids_generic()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13236
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:06:50 +0000 (12:06 +0100)]
winbindd: prepare find_lookup_domain_from_{name,sid}() transitive trusts on a DC
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13235
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:06:50 +0000 (12:06 +0100)]
winbindd: prepare find_auth_domain() transitive trusts on a DC
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13235
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:03:11 +0000 (12:03 +0100)]
winbindd: remove const from set_routing_domain()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13235
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:02:05 +0000 (12:02 +0100)]
winbindd: use Netlogon{Interactive,Network}TransitiveInformation on transitive trusts
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13234
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 11:00:19 +0000 (12:00 +0100)]
s3:rpc_client: allow passing NetlogonNetwork[Transitive]Information to rpccli_netlogon_network_logon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13234
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 10:58:31 +0000 (11:58 +0100)]
s3:rpc_client: allow Netlogon{Network,Interactive}TransitiveInformation in rpccli_netlogon_password_logon()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13234
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Thu, 18 Jan 2018 07:38:59 +0000 (08:38 +0100)]
winbindd: add routing_domain as parameter to add_trusted_domain
This also fixes the following CIDs:
CID
1427622: Null pointer dereferences (REVERSE_INULL)
CID
1427619: Null pointer dereferences (REVERSE_INULL)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13233
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 13:30:48 +0000 (14:30 +0100)]
winbindd: add missing can_do_ncacn_ip_tcp initialisation
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13232
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 13:30:12 +0000 (14:30 +0100)]
winbindd: remove useless calls to get_trust_credentials() before cli_rpc_pipe_open_schannel_with_creds()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13231
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2018 13:24:47 +0000 (14:24 +0100)]
winbindd: fix LSA connections via DCERPC_AUTH_SCHANNEL
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13231
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Thu, 1 Feb 2018 03:08:34 +0000 (16:08 +1300)]
sambatool drs showrepl: prefer self over ctx in python classes
and the line length too.
(Now only python/samba/join.py uses ctx for self, but at least it does
it consistently. This was the only ctx function in the class).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 9 12:34:06 CET 2018 on sn-devel-144
Douglas Bagnall [Thu, 1 Feb 2018 02:28:28 +0000 (15:28 +1300)]
samba-tool rodc: consistently use self.outf, not stdout
This increases the output of some commands from the point of view of
tests which read the outf, so we also need to change those tests a
bit.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 8 Feb 2018 20:51:54 +0000 (09:51 +1300)]
subunit.run: report failure in process return code
The protocol requires that the TestResult object remembers when it has failed, but
in subclassing unittest.TestResult we forgot to ensure this is true.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 1 Feb 2018 21:35:25 +0000 (10:35 +1300)]
python samdb.newuser(): use user DN not samaccountname to set password
This is noticably faster in cases (e.g. tests) where the same user
is added and deleted many times.
The rreason is samaccountname is retained for deleted objects, so the
search finds multiple objects that need to be filtered out internally.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 31 Jan 2018 23:02:29 +0000 (12:02 +1300)]
tests/samba_tool user virtualCryptSHA: remove unused py3 incompatible import
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 31 Jan 2018 23:01:10 +0000 (12:01 +1300)]
tests/password_hash: avoid py3-incompatible md5 module
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 31 Jan 2018 22:56:06 +0000 (11:56 +1300)]
tests/samba-tool user_wdigest: avoid py3-incompatible md5 module
In Python3, the md5 and sha modules are gone, but the functions are
available via hashlib (which is also in python 2.5+).
The md5.hexdigest() does what binascii.hexlify(md5.digest()) does.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 9 Feb 2018 03:51:22 +0000 (16:51 +1300)]
lib/crypto/REQUIREMENTS: DRSUAPI replication replicated secrets was missing from the RC4 section
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Volker Lendecke [Sun, 3 Dec 2017 19:47:02 +0000 (20:47 +0100)]
lib: Make g_lock_locks use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Feb 8 14:50:49 CET 2018 on sn-devel-144
Volker Lendecke [Sun, 3 Dec 2017 19:47:02 +0000 (20:47 +0100)]
lib: Make g_lock_dump use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 3 Dec 2017 19:47:02 +0000 (20:47 +0100)]
lib: Make g_lock_do use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 3 Dec 2017 19:47:02 +0000 (20:47 +0100)]
lib: Make g_lock_write_data use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 3 Dec 2017 19:47:02 +0000 (20:47 +0100)]
lib: Make g_lock_unlock use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 3 Dec 2017 19:47:02 +0000 (20:47 +0100)]
lib: Make g_lock_lock use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 3 Dec 2017 19:47:02 +0000 (20:47 +0100)]
lib: Make g_lock_lock_send use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Garming Sam [Wed, 31 Jan 2018 03:13:14 +0000 (16:13 +1300)]
samba-tool/tests: Check that dns cleanup does not spuriously remove entries
This might happen in the multi-record case.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 8 10:00:13 CET 2018 on sn-devel-144
Garming Sam [Wed, 31 Jan 2018 03:12:05 +0000 (16:12 +1300)]
samba-tool/dns: Clarify the cleanup subcommand
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Garming Sam [Tue, 30 Jan 2018 22:53:40 +0000 (11:53 +1300)]
tests/samba-tool: dns cleanup should work with a missing name
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Garming Sam [Tue, 30 Jan 2018 22:52:34 +0000 (11:52 +1300)]
remove_dc: Allow remove_dns_references to ignore missing server names
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Fri, 12 Jan 2018 01:14:00 +0000 (14:14 +1300)]
samba-tool: add dns cleanup cmd
1. Add new command to cleanup dns records for a dns host name
2. Add test to verify the command is working
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Wed, 24 Jan 2018 16:00:35 +0000 (17:00 +0100)]
tests/samba-tool: add tests for samba-tool group move command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Wed, 24 Jan 2018 17:01:42 +0000 (18:01 +0100)]
docs-xml:samba-tool.8: document "group move" command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Mon, 27 Nov 2017 20:00:07 +0000 (21:00 +0100)]
samba-tool group: implement the group move command
This new command allows to move a a group into an ou or container.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Mon, 18 Dec 2017 15:12:13 +0000 (16:12 +0100)]
tests/samba-tool: add tests for user move command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Wed, 24 Jan 2018 16:59:29 +0000 (17:59 +0100)]
docs-xml:samba-tool.8: document "user move" command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Mon, 27 Nov 2017 19:40:49 +0000 (20:40 +0100)]
samba-tool user: implement the user move command
This new command allows to move an user into an ou or container.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Fri, 8 Dec 2017 11:08:18 +0000 (12:08 +0100)]
samba-tool user: fix some typos
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Wed, 29 Nov 2017 14:22:20 +0000 (15:22 +0100)]
tests/samba-tool: add test for samba-tool user show command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Thu, 25 Jan 2018 09:49:33 +0000 (10:49 +0100)]
docs-xml:samba-tool.8: document "user show" command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Thu, 25 Jan 2018 09:49:17 +0000 (10:49 +0100)]
samba-tool: implement user show command to display a user AD object
This command displays a user account and it's attributes in the
Active Directory domain.
The username specified on the command is the sAMAccountName.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Wed, 24 Jan 2018 17:58:11 +0000 (18:58 +0100)]
docs-xml:samba-tool.8: document ou management commands
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Wed, 29 Nov 2017 15:51:21 +0000 (16:51 +0100)]
tests/samba-tool: add tests for new ou management commands
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Thu, 16 Nov 2017 11:31:11 +0000 (12:31 +0100)]
samba-tool: implement ou management commands
Available subcommands:
create - Create an organizational unit.
delete - Delete an organizational unit.
list - List all organizational units
listobjects - List all objects in an organizational unit.
move - Move an organizational unit.
rename - Rename an organizational unit.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 8 Feb 2018 03:46:42 +0000 (16:46 +1300)]
selftest: Add tests for samdb.normalize_dn_in_domain()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 8 Feb 2018 03:46:29 +0000 (16:46 +1300)]
python/samdb: Improve function comment on normalize_dn_in_domain()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 8 Feb 2018 03:27:17 +0000 (16:27 +1300)]
python/samdb: Allow samdb.normalize_dn_in_domain() to take an ldb.Dn()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Wed, 24 Jan 2018 16:06:50 +0000 (17:06 +0100)]
python/samdb: add method normalize_dn_in_domain(): get full dn of an relative dn
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Wed, 20 Dec 2017 14:55:50 +0000 (15:55 +0100)]
pyldb: extend dn.is_child_of() test: dn is child of itself
Add this test so ensure that this (unclear) behaviour does
not change silently.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Martin Schwenke [Mon, 5 Feb 2018 04:45:09 +0000 (15:45 +1100)]
ctdb-tests: Set test timeout to an hour
The current 10 minute timeout is causing autobuild failures in some
environments.
This timeout is simply meant to stop a test run from hanging
indefinitely due to a broken test. A 1 hour timeout is better than no
timeout.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 8 04:42:56 CET 2018 on sn-devel-144
Gary Lockyer [Mon, 8 Jan 2018 18:43:18 +0000 (07:43 +1300)]
python SamDB: init default flags to FLG_DONT_CREATE_DB
The current defaults for SamDB are to create the database file if it does not
exist. Most of the uses of SamDB assume the database already exists, and so
auto-creation is not the desired behaviour.
TDB will overwrite an existing non TDB file with a newly created TDB file.
This becomes an issue when using alternate database file formats i.e. lmdb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 8 Jan 2018 18:41:32 +0000 (07:41 +1300)]
pyldb: Expose extra flags
Expose the SHOW_BINARY, ENABLE_TRACING and DONT_CREATE_DB flag constants
in the python api.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 7 Feb 2018 01:59:21 +0000 (14:59 +1300)]
samdb: Add tests for samdb tdb file creation.
The current defaults for SamDB are to create the database file if it
does not exist. Most of the uses of SamDB assume the database already
exists, and so auto-creation is not the desired behaviour.
Also TDB will overwrite an existing non TDB file with a newly created
TDB file. This becomes an issue when using alternate database file
formats i.e. lmdb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 7 Feb 2018 21:49:33 +0000 (10:49 +1300)]
lib/crypto: Update REQUIREMENTS for recent Samba changes
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Karolin Seeger [Wed, 7 Feb 2018 09:08:53 +0000 (10:08 +0100)]
WHATSNEW: Start release notes for Samba 4.9.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 7 17:57:39 CET 2018 on sn-devel-144
Karolin Seeger [Mon, 5 Feb 2018 08:37:48 +0000 (09:37 +0100)]
docs-xml: Add 'samba-tool visualize' to man samba-tool.8.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13226
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 30 Jan 2018 09:40:36 +0000 (10:40 +0100)]
selftest: run "samba.tests.common"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sat, 3 Feb 2018 06:07:55 +0000 (07:07 +0100)]
libgpo: Fix the build --without-ads
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Feb 6 15:36:01 CET 2018 on sn-devel-144
Volker Lendecke [Sat, 3 Feb 2018 06:07:24 +0000 (07:07 +0100)]
libads: Fix the build --without-ads
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Feb 6 02:47:44 CET 2018 on sn-devel-144
Stefan Metzmacher [Wed, 31 Jan 2018 08:50:47 +0000 (09:50 +0100)]
dbcheck: skip find_missing_forward_links_from_backlinks() if the db has the sortedLinks feature
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Feb 5 18:32:51 CET 2018 on sn-devel-144
Ralph Boehme [Thu, 25 Jan 2018 13:48:55 +0000 (14:48 +0100)]
dbcheck: add support for restoring missing forward links
This recovers broken databases with duplicate and missing
forward links.
See commit
a25c99c9f1fd1814c56c21848c748cd0e038eed7 for
the fix that prevents to problem from happening.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 25 Jan 2018 13:48:55 +0000 (14:48 +0100)]
dbcheck: add find_missing_forward_links_from_backlinks()
find_missing_forward_links_from_backlinks() finds and returns missing forward-links by
searching all for all objects that link to the object in the backlink attribute.
This will be used in the next commit to restore forward links in a corrupted
forward link attribute by passing the missing backling objects to
err_recover_forward_links().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 30 Jan 2018 11:19:31 +0000 (12:19 +0100)]
dbcheck: make sure we ask for replPropertyMetaData if we need to process any forward link attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 30 Jan 2018 11:19:31 +0000 (12:19 +0100)]
dbcheck: make sure we always ask for the objectGUID attribute explicitly
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Wed, 24 Jan 2018 21:24:15 +0000 (22:24 +0100)]
dbcheck: add a helper function that checks is a value has duplicate links
Will be used in a subsequent commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 25 Jan 2018 09:34:29 +0000 (10:34 +0100)]
dbcheck: add a dict where we remember attributes with duplicate links
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Wed, 24 Jan 2018 19:01:27 +0000 (20:01 +0100)]
dbcheck: split out check_duplicate_links from check_dn
Refactoring, no change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 30 Jan 2018 08:55:21 +0000 (09:55 +0100)]
dbcheck: store fixed forward link attributes with the correct sorting
The corruption we're trying to fix messed up the sorting,
so there's no point in keeping the current order.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 30 Jan 2018 08:39:40 +0000 (09:39 +0100)]
dbcheck: remove ldb.FLAG_MOD_REPLACE when replacing search results for forward links
Search results don't have an ldb.FLAG_MOD_* flags set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Thu, 25 Jan 2018 13:36:52 +0000 (14:36 +0100)]
dbcheck: rename err_duplicate_links() to err_recover_forward_links() and adjust the output message
It's really a fatal error to have duplicate values as it's very likely that
some forward links got lost.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 25 Jan 2018 13:41:58 +0000 (14:41 +0100)]
dbcheck: add link direction to error message for duplicate links
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>