Volker Lendecke [Tue, 7 Aug 2012 22:32:35 +0000 (00:32 +0200)]
s3: Merge vfs_gpfs_hsm_notify into vfs_gpfs.c
It was separated out because formerly our async I/O was not properly
stackable. aio_fork could for example catch aio and not get aio_return
get through to vfs_gpfs
Signed-off-by: Christian Ambach <ambi@samba.org>
Andrew Bartlett [Fri, 17 Aug 2012 13:04:56 +0000 (23:04 +1000)]
s4-dsdb: Use tmp_ctx in kccsrv_check_deleted to avoid leaking memory onto part->dn
The confusing use of do_dn as a memory context while legitimate
created a bug when it was copied and modified to search on a DN from
long-term state.
By always using a temporary memory context it is clear what paramter
is the memory context.
This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky!
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 17 18:24:10 CEST 2012 on sn-devel-104
Andrew Bartlett [Fri, 17 Aug 2012 12:47:44 +0000 (22:47 +1000)]
s4-kcc: Avoid use-after-free of dn and add tmp_ctx
By using a tmp_ctx we are clearer about allocating temporary memory.
Andrew Bartlett
Stefan Metzmacher [Fri, 17 Aug 2012 06:50:21 +0000 (08:50 +0200)]
s3:selftest: add some tests against a share the requires encryption
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 17 16:34:26 CEST 2012 on sn-devel-104
Stefan Metzmacher [Wed, 8 Aug 2012 05:07:53 +0000 (07:07 +0200)]
s3:smb2_negprot: annouce/negotiate SMB3 encryption support
metze
Stefan Metzmacher [Wed, 8 Aug 2012 05:07:03 +0000 (07:07 +0200)]
s3:smb2_server: add SMB3 encryption support
metze
Stefan Metzmacher [Fri, 17 Aug 2012 07:42:27 +0000 (09:42 +0200)]
s3:smbd: don't disconnect the client when a share has "smb encrypt = required"
It's not the client fault, if he doesn't know that encryption is required.
We should just return ACCESS_DENIED and let the client work on other
shares and open files on the current SMB connection.
metze
Stefan Metzmacher [Fri, 17 Aug 2012 07:40:52 +0000 (09:40 +0200)]
s3:smbd: lp_smb_encrypt() returns SMB_SIGNING_* values
metze
Stefan Metzmacher [Fri, 17 Aug 2012 07:41:42 +0000 (09:41 +0200)]
s3:smbd: make use of ENCRYPTION_REQUIRED()
metze
Stefan Metzmacher [Fri, 17 Aug 2012 06:31:52 +0000 (08:31 +0200)]
libcli/smb: make sure the SMB2_TRANSFORM pdu is complete
metze
Stefan Metzmacher [Fri, 17 Aug 2012 06:25:08 +0000 (08:25 +0200)]
s4:libcli/smb2: reset trsnport->compound.related when a compound chain is finished
metze
Andrew Bartlett [Fri, 17 Aug 2012 10:43:07 +0000 (20:43 +1000)]
build: Ensure -Werror=format works with -Wformat=2 on NULL format strings
This should fix the build on some gcc versions, (noticed on FreeBSD by Volker).
We want the protection of -Werror=format without the errors extending
to the format string itself being NULL, because that is valid for
ldb_search().
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 17 14:50:16 CEST 2012 on sn-devel-104
Andrew Bartlett [Fri, 17 Aug 2012 02:42:15 +0000 (12:42 +1000)]
s4-dsdb: Ensure we always free tmp_ctx in schema refresh check
This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky!
In that log, over 2.5 days this particular allocation was repeated:
1715099 talloc_new: ../source4/dsdb/samdb/ldb_modules/schema_load.c:120 contains 0 bytes in 1 blocks
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 17 06:21:18 CEST 2012 on sn-devel-104
S Hargagan [Thu, 16 Aug 2012 23:27:10 +0000 (16:27 -0700)]
Fix bug #9085 - NMB registration for a duplicate workstation fails with registration refuse
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 17 04:15:21 CEST 2012 on sn-devel-104
Andrew Bartlett [Thu, 16 Aug 2012 06:50:47 +0000 (16:50 +1000)]
s3-torture: Allow vfstest to set ACLs on a directory
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 17 02:35:49 CEST 2012 on sn-devel-104
Volker Lendecke [Thu, 16 Aug 2012 09:38:26 +0000 (11:38 +0200)]
s4: Fix returns in py_check_dcerpc_type
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 16 Aug 2012 13:14:51 +0000 (15:14 +0200)]
s3:smb2_server: try to sign an error response if we have a signing key
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 17 00:54:01 CEST 2012 on sn-devel-104
Stefan Metzmacher [Thu, 16 Aug 2012 13:08:40 +0000 (15:08 +0200)]
s3:smb2_server: verify the signature before the session_status
metze
Stefan Metzmacher [Thu, 16 Aug 2012 10:00:57 +0000 (12:00 +0200)]
s3:smb2_server: add some const to print_req_vectors()
metze
Stefan Metzmacher [Thu, 16 Aug 2012 11:32:14 +0000 (13:32 +0200)]
s4:cldap_server: only return DS_SERVER_*TIMESERV if "ntp_signd" is used
metze
Stefan Metzmacher [Thu, 16 Aug 2012 11:31:33 +0000 (13:31 +0200)]
s4:cldap_server: set DS_SERVER_SELECT_SECRET_DOMAIN_6 if we're a RODC
metze
Volker Lendecke [Wed, 15 Aug 2012 12:08:45 +0000 (14:08 +0200)]
s3-libsmb: Add a simple test for python bindings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug 16 22:49:06 CEST 2012 on sn-devel-104
Volker Lendecke [Thu, 2 Aug 2012 21:21:27 +0000 (23:21 +0200)]
s3-libsmb: Add a python wrapper
Please note that this is not finished and only for internal use.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 16 Aug 2012 19:06:45 +0000 (21:06 +0200)]
tevent: change version to 0.9.17 after adding the "poll_mt" backend
metze
Volker Lendecke [Mon, 30 Jul 2012 07:09:46 +0000 (09:09 +0200)]
tevent: Add threaded poll_mt testcase
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Mon, 13 Aug 2012 14:06:01 +0000 (16:06 +0200)]
lib/tevent: Add a thread-safe tevent backend
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Sun, 29 Jul 2012 11:05:36 +0000 (13:05 +0200)]
tevent_poll: Decouple poll_ev->fds handling from adding/removing fds
Step 1 in a python backend for multiple threads
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Fri, 10 Aug 2012 15:00:38 +0000 (17:00 +0200)]
s3-g_lock: Make g_lock_lock more robust
If for some reason the cleanup of dbwrap_watch_send does not work
properly, we might starve indefinitely. Make the lock routine more
robust by retrying every 5-10 seconds. g_lock_trylock will clean up
orphaned entries.
Signed-off-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Thu Aug 16 19:44:00 CEST 2012 on sn-devel-104
Volker Lendecke [Fri, 10 Aug 2012 13:24:23 +0000 (15:24 +0200)]
s3-msg: For msg_channel, correct the talloc hierarchy
talloc_free() of a channel must free all immediate requests that have
piled up
Signed-off-by: Christian Ambach <ambi@samba.org>
Volker Lendecke [Fri, 10 Aug 2012 12:54:37 +0000 (14:54 +0200)]
s3-msg: Rename msg_channel_init_destructor
Signed-off-by: Christian Ambach <ambi@samba.org>
Volker Lendecke [Fri, 10 Aug 2012 12:29:44 +0000 (14:29 +0200)]
s3-autoconf: Fix deps for dbwrap_torture
Signed-off-by: Christian Ambach <ambi@samba.org>
Volker Lendecke [Fri, 10 Aug 2012 11:42:51 +0000 (13:42 +0200)]
s3-g_lock: Properly free "rec" on retry to avoid deadlock
Signed-off-by: Christian Ambach <ambi@samba.org>
Christian Ambach [Wed, 8 Aug 2012 15:46:59 +0000 (17:46 +0200)]
s3:brlock: give traverse_fn a proper name
Christian Ambach [Tue, 7 Aug 2012 16:42:39 +0000 (18:42 +0200)]
s3:vfs_gpfs: make sure parameters are set correctly for leases
gpfs:leases requires kernel oplocks = yes and level2 oplocks = no
to work properly
make sure those are set correctly for a share
Christof Schmitt [Mon, 24 Oct 2011 23:52:50 +0000 (16:52 -0700)]
s3:vfs_gpfs: Fix compile error in gpfs module
Fix this compile error by adding fcntl.h as a include that defines F_RDLCK
and F_WRLCK:
modules/gpfs.c: In function ‘set_gpfs_lease’:
modules/gpfs.c:102: error: ‘F_RDLCK’ undeclared (first use in this function)
modules/gpfs.c:102: error: (Each undeclared identifier is reported only once
modules/gpfs.c:102: error: for each function it appears in.)
modules/gpfs.c:105: error: ‘F_WRLCK’ undeclared (first use in this function)
Stefan Metzmacher [Thu, 16 Aug 2012 04:55:36 +0000 (06:55 +0200)]
libcli/smb: support broken OS/2 error responses bug #9096
OS/2 skips the DATA Block in SMB1 responses.
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug 16 13:16:49 CEST 2012 on sn-devel-104
Andrew Bartlett [Thu, 16 Aug 2012 03:46:02 +0000 (13:46 +1000)]
s3-selftest: Add a seperate test for ACL tests using vfstest
This does not check for consistency or correctness yet, that will be
done with python unit tests. The purpose of this test is to ensure
that the vfstest wrapper doesn't crash.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 16 09:32:25 CEST 2012 on sn-devel-104
Andrew Bartlett [Thu, 16 Aug 2012 03:44:48 +0000 (13:44 +1000)]
s3-torture: Add ACL commands to vfstest
This will allow easier investigation of our ACL layer.
Andrew Bartlett
Andrew Bartlett [Thu, 16 Aug 2012 05:16:01 +0000 (15:16 +1000)]
s3-torture: Use talloc more in vfstest
This matches the rest of Samba, which allocates many of these structures with talloc.
Andrew Bartlett
Andrew Bartlett [Thu, 16 Aug 2012 04:37:42 +0000 (14:37 +1000)]
s3-torture: Initialise fsp fully in vfstest open
Andrew Bartlett [Thu, 16 Aug 2012 03:44:01 +0000 (13:44 +1000)]
s3-smbd: Do not check no_acl_syscall_error(errno) after sys_acl_init()
This is no longer a VFS call, so will no longer fail in this way.
Andrew Bartlett
Andrew Bartlett [Thu, 16 Aug 2012 00:03:35 +0000 (10:03 +1000)]
selftest: Extend xattr-tdb-1 vfstest to call stat
Andrew Bartlett [Thu, 16 Aug 2012 00:02:44 +0000 (10:02 +1000)]
s3-vfs: Continue to make vfs_xattr_tdb non-recursive
We now always use _NEXT_ VFS calls, even to build the file id.
Andrew Bartlett
Andrew Bartlett [Wed, 15 Aug 2012 10:34:41 +0000 (20:34 +1000)]
s3-vfs: Add new VFS module to fake setting an ACL
The purpose of this module is to remove the relience on the system having ACL support
to test NT ACLs.
Andrew Bartlett
Andrew Bartlett [Thu, 16 Aug 2012 04:13:00 +0000 (14:13 +1000)]
librpc/idl: Fix acl array definition in smb_acl_t
Andrew Bartlett [Wed, 15 Aug 2012 22:55:43 +0000 (08:55 +1000)]
s3-selftest: convert xattr-tdb-1 vfstest driver into a subunit test
We don't use the simple smb.conf because we need to override all the
paths for this to work as non-root without a panic, so we use the s3dc
environment, which already loads this module.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 16 02:55:19 CEST 2012 on sn-devel-104
Andrew Bartlett [Wed, 15 Aug 2012 22:37:54 +0000 (08:37 +1000)]
s3-selftest: convert stream_depot vfstest driver into a subunit test
This gives us our first automated coverage of the vfstest binary.
We don't use the simple smb.conf because we need to override all the
paths for this to work as non-root without a panic, so we use the s3dc
environment, which already loads this module.
Andrew Bartlett
Andrew Bartlett [Wed, 15 Aug 2012 21:47:57 +0000 (07:47 +1000)]
fix printf warning in net connections
Gregor Beck [Fri, 13 Jul 2012 13:31:16 +0000 (15:31 +0200)]
s3:utils: remove standalone cclean tool
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Gregor Beck [Mon, 16 Jul 2012 13:10:46 +0000 (15:10 +0200)]
s3:doc manpage for "net connections cleanup"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Gregor Beck [Mon, 16 Jul 2012 07:34:15 +0000 (09:34 +0200)]
s3:net add command "connections cleanup"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 15 Aug 2012 12:22:26 +0000 (22:22 +1000)]
s3-vfs: Set errno in xattr emulation
The caller may check this errno.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 15 18:05:33 CEST 2012 on sn-devel-104
Andrew Bartlett [Wed, 15 Aug 2012 12:21:48 +0000 (22:21 +1000)]
s3-vfs: Avoid loops in VFS modules: call _NEXT functions in xattr emulation
We need to call the next module in the stack otherwise we will loop if
the stat call is in turn implemented in terms of extended attribute
lookup.
Andrew Bartlett
Andrew Bartlett [Wed, 15 Aug 2012 11:22:18 +0000 (21:22 +1000)]
s3-vfs: ensure we strictly free the talloc_stackframe
We must do this when leaving the function or else in development, we
will panic.
Andrew Bartlett
Andrew Bartlett [Wed, 15 Aug 2012 10:33:46 +0000 (20:33 +1000)]
s4-selftest: Fix test name for samba.tests.dcerpc.bare
Andrew Bartlett [Wed, 15 Aug 2012 10:33:27 +0000 (20:33 +1000)]
librpc/idl: Make smb_acl_t public so we can pull/push it as a blob
Stefan Metzmacher [Tue, 14 Aug 2012 07:35:59 +0000 (09:35 +0200)]
libcli/smb: verify decrypted SMB2 pdus correctly
We need to make sure we got a encrypted response if we asked
for it.
If we don't get a encrypted response, we use a similar logic
as with signing to propagated wellknown errors to the higher
layer and set state->smb2.signing_skipped = true.
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Aug 15 16:26:26 CEST 2012 on sn-devel-104
Stefan Metzmacher [Tue, 14 Aug 2012 07:33:01 +0000 (09:33 +0200)]
libcli/smb: fix parsing of compounded messages within a SMB2_TRANSFORM pdu
One SMB2_TRANSFORM pdu wraps multiple SMB2 pdus.
We inject the SMB2_TRANSFORM header to each response which was wrapped
inside. This allows the next layer to verify if the SMB2 pdu was encrypted.
metze
Stefan Metzmacher [Tue, 14 Aug 2012 07:30:43 +0000 (09:30 +0200)]
libcli/smb: fix smb2cli_req_compound_submit for multiple encrypted messages
There should be only one SMB2_TRANSFORM header for all compound requests.
metze
Stefan Metzmacher [Wed, 15 Aug 2012 12:43:40 +0000 (14:43 +0200)]
s3:smb2_server: do calculations based on SMBD_SMB2_NUM_IOV_PER_REQ in smbd_smb2_request_validate()
metze
Stefan Metzmacher [Wed, 15 Aug 2012 12:17:25 +0000 (14:17 +0200)]
libcli/smb: all flags except SMB2_HDR_FLAG_ASYNC should be cleared in a cancel request.
metze
Andrew Bartlett [Mon, 13 Aug 2012 10:54:24 +0000 (20:54 +1000)]
s3-sysacls: Remove sys_acl_free_qualifier() as it is a no-op
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 15 05:23:18 CEST 2012 on sn-devel-104
Andrew Bartlett [Mon, 13 Aug 2012 10:51:41 +0000 (20:51 +1000)]
s3-sysacls: Remove sys_acl_free_acl() and replace with TALLOC_FREE()
Andrew Bartlett [Mon, 13 Aug 2012 10:03:48 +0000 (20:03 +1000)]
s3-smbd: Remove sys_acl_*() VFS wrapper functions
We no longer do struct smb_acl_t manipuations via the VFS layer,
which is now reduced to handling the get/set functions.
The only backend that implemented these functions (aside from audit)
was the vfs_default module calling the sys_acl code. The various ACL
implementation modules either worked on the fully initilaised
smb_acl_t object or on NT ACLs.
This not only makes the operation of the posix ACL code more efficient
(as allocation and free is not put via the VFS), it makes it easier to
test and removes the fantasy that a module could safely redefine this
structure or the behaviour here.
The smb_acls.idl now defines the structure, and it is now allocated
with talloc.
These operations were originally added to the VFS in commit
3bb219161a270f12c27c3bc7e1220829c6e9f284.
Andrew Bartlett
Andrew Bartlett [Mon, 13 Aug 2012 10:00:59 +0000 (20:00 +1000)]
s3-smbd: Remove unused conn argument from convert_permset_to_mode_t()
Andrew Bartlett [Mon, 13 Aug 2012 10:00:21 +0000 (20:00 +1000)]
s3-smbd: Call sys_acl_set_permset() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
Andrew Bartlett [Mon, 13 Aug 2012 09:59:54 +0000 (19:59 +1000)]
s3-smbd: Call sys_acl_set_qualifier() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
Andrew Bartlett [Mon, 13 Aug 2012 09:59:33 +0000 (19:59 +1000)]
s3-smbd: Call sys_acl_set_tag_type() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
Andrew Bartlett [Mon, 13 Aug 2012 09:59:03 +0000 (19:59 +1000)]
s3-smbd: Call sys_acl_create_entry() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
Andrew Bartlett [Mon, 13 Aug 2012 09:58:17 +0000 (19:58 +1000)]
s3-smbd: Call sys_acl_add_perm() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
Andrew Bartlett [Mon, 13 Aug 2012 09:57:34 +0000 (19:57 +1000)]
s3-smbd: Call sys_acl_clear_perms() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
Andrew Bartlett [Mon, 13 Aug 2012 09:56:31 +0000 (19:56 +1000)]
s3-smbd: Call sys_acl_init() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
Andrew Bartlett [Mon, 13 Aug 2012 09:55:25 +0000 (19:55 +1000)]
s3-smbd: Call sys_acl_free_acl() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
Andrew Bartlett [Mon, 13 Aug 2012 09:53:41 +0000 (19:53 +1000)]
s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
Andrew Bartlett [Mon, 13 Aug 2012 09:52:23 +0000 (19:52 +1000)]
s3-smbd: Call sys_acl_get_entry() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
Andrew Bartlett [Mon, 13 Aug 2012 09:47:16 +0000 (19:47 +1000)]
s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
Andrew Bartlett [Mon, 13 Aug 2012 09:43:23 +0000 (19:43 +1000)]
s3-smbd: Call sys_acl_get_qualifier() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
Andrew Bartlett [Mon, 13 Aug 2012 09:40:52 +0000 (19:40 +1000)]
s3-smbd: Call sys_acl_get_tagtype() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
Andrew Bartlett [Mon, 13 Aug 2012 09:38:09 +0000 (19:38 +1000)]
s3-smbd: Call sys_acl_get_permset() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
Andrew Bartlett [Mon, 13 Aug 2012 09:34:36 +0000 (19:34 +1000)]
s3-smbd: Call sys_acl_get_perm() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
Andrew Bartlett [Sun, 12 Aug 2012 12:02:23 +0000 (22:02 +1000)]
s3-smbd: Move smb_acl_t declaration to smb_acl.idl
This will allow us to marshall this into and from an NDR blob on disk, which will
allow us to fake up ACL support during make test, and to test the NT ACL emulation
using python bindings via the VFS.
Andrew Bartlett
Andrew Bartlett [Sun, 12 Aug 2012 12:00:42 +0000 (22:00 +1000)]
pidl: Add mode_t as an alias so we can marshall posix ACL structures
Andrew Bartlett [Sun, 12 Aug 2012 10:41:35 +0000 (20:41 +1000)]
s3-smbd: Change allocation of smb_acl_t to talloc()
The acl element is changed to be a talloc child, and is no longer one element
longer than requested by virtue of the acl[1] base pointer.
This also avoids one of the few remaining cases of over-allocation of a structure.
Andrew Bartlett
Christof Schmitt [Tue, 14 Aug 2012 20:50:23 +0000 (13:50 -0700)]
libwbclient: Add test for wbcPingDc2
The internal domain used in 'make test' does not report a DC name, so
just add tests similar to the old wbcPingDc call.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Christof Schmitt [Fri, 10 Aug 2012 15:41:41 +0000 (08:41 -0700)]
wbinfo: Improve output of wbinfo --ping-dc
Use wbcPingDc2 to get the DC name and print it.
Cleanup error messages: Remove "Could not ping our DC", there is always
a more specific message. Avoid printing "failed to call wbcPingDc" in
case the ping has been attempted and it returns an error, the error is
already printed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Christof Schmitt [Fri, 10 Aug 2012 15:25:14 +0000 (08:25 -0700)]
libwbclient: Add wbcPingDc2
Add wbcPingDc2 that optionally returns the DC that was attempted to
ping. wbcPing is implemented as a wrapper around wbcPingDc2.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Christof Schmitt [Fri, 10 Aug 2012 15:10:42 +0000 (08:10 -0700)]
s3-winbind: Return the DC name from DC_PING
The DC that was attempted to ping is useful for troubleshooting. Return
the DC name in the response to the wbclient.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Christof Schmitt [Thu, 9 Aug 2012 22:07:16 +0000 (15:07 -0700)]
s3-winbind: Pass ping-dc result to client
The client checks for an error code in response.data.auth.nt_status,
make sure the result is stored there.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 15 Aug 2012 01:43:45 +0000 (11:43 +1000)]
selftest: Add knownfail for samba3.winbind.wbclient.wbcPingDc2
The soon-to-be-added command also fails against the s4 winbind.
Andrew Bartlett
Stefan Metzmacher [Tue, 14 Aug 2012 12:36:41 +0000 (14:36 +0200)]
s4:dsdb/repl: fix the usage of 'GC/' prefixed principal names
The "serverReference" attribute is available on the "server" object
not on the "nTDSA" object.
This allows connections to RODCs, as they don't have a
E3514235-4B06-11D1-AB04-
00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN}
principal.
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 14 18:57:41 CEST 2012 on sn-devel-104
Stefan Metzmacher [Tue, 14 Aug 2012 12:35:13 +0000 (14:35 +0200)]
s4:samba-tool/drs: print the dns name of the server belonging to a connection
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
metze
Arvid Requate [Tue, 14 Aug 2012 12:16:54 +0000 (14:16 +0200)]
s4:ntp_signd: fix SEGV if SID cannot be found
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 14 17:16:54 CEST 2012 on sn-devel-104
Andrew Bartlett [Tue, 14 Aug 2012 12:58:19 +0000 (22:58 +1000)]
s3-passdb: Silence scary DEBUG(0) message on first use of secrets.tdb databases
When pdb_samba4 first opens this databse, this message is printed.
Andrew Bartlett
Andrew Bartlett [Tue, 14 Aug 2012 09:48:32 +0000 (19:48 +1000)]
s4-dsdb: Use samdb_dn_is_our_ntdsa()
This uses a GUID based comparison, and avoids re-fetching the
samdb_ntds_settings_dn each time.
Andrew Bartlett
Andrew Bartlett [Tue, 14 Aug 2012 09:44:18 +0000 (19:44 +1000)]
s4-dsdb: Add samdb_dn_is_our_ntdsa()
This is like samdb_reference_dn_is_our_ntdsa but without the attribute de-reference.
Andrew Bartlett
Andrew Bartlett [Tue, 14 Aug 2012 08:48:24 +0000 (18:48 +1000)]
s4-dsdb: Use samdb_reference_dn_is_our_ntdsa()
Andrew Bartlett [Tue, 14 Aug 2012 08:47:54 +0000 (18:47 +1000)]
s4-repl: Use samdb_reference_dn_is_our_ntdsa()
Andrew Bartlett [Tue, 14 Aug 2012 08:46:47 +0000 (18:46 +1000)]
s4-dsdb: Add helper function samdb_reference_dn_is_our_ntdsa()
We often want to know if we own an FSMO role (for example). This tries to be more
efficient by comparing the GUID, rather than the string DN, as this does not need
to be re-fetched each time.
Andrew Bartlett
Andrew Bartlett [Tue, 14 Aug 2012 07:49:12 +0000 (17:49 +1000)]
s4-dsdb: Use ldb_dn_copy() rather than talloc_reference()
As the normal case (outside provision) uses a copy, this avoids a case
where a caller might modify a global variable accidentily.
As suggested by metze.
Andrew Bartlett
Andrew Bartlett [Tue, 14 Aug 2012 12:54:26 +0000 (22:54 +1000)]
s4-libnet: Prepare libnet_BecomeDC for samdb_reference_dn() returning an extended DN
Remote LDAP servers will not accept an extended DN with other components.
Andrew Bartlett