doc:man:vfs_glusterfs: improve and update description.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

doc:man:vfs_glusterfs: remove extra % signs.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

ctdb-recoverd: Abort when daemon can take recovery lock during recovery

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Feb 13 09:48:15 CET 2015 on sn-devel-104

ctdb-recoverd: Improve error messages on recovery lock coherence fail

When the daemon is able to take the recovery lock during recovery we
might as well guess that the cluster filesystem has a lock coherence
problem and print a more useful message.  This will be more helpful to
those trying out cluster filesystems that don't have lock coherence or
that are difficult to setup.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-recoverd: Don't release and re-take the recovery lock

Just continue to hold it, otherwise a broken node might win an
election and grab the lock.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-recoverd: Simplify ctdb_recovery_lock()

Have it just silently take or fail to take the lock, except on an
unexpected failure (where it should log an error).

This means that when it is called we need to keep the old behaviour
and explicitly release the lock.  In do_recovery() the lock is
released and a message is printed before attempting to take the lock.
In the daemon sanity check the lock must be released in the error path
if it is actually taken.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-recoverd: Remove check_recovery_lock()

This has not done anything useful since commit
b9d8bb23af8abefb2d967e9b4e9d6e60c4a3b520.  Instead, just check that
the lock is held.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-recoverd: Improve logging when recovery lock file is changed

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-recoverd: New function ctdb_recovery_unlock()

Unlock the recovery lock file.  This way knowledge of the file
descriptor isn't sprinkled throughout the code.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-recoverd: New function ctdb_recovery_have_lock()

True if this recovery daemon holds the lock.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-daemon: Log a warning when setting obsolete tunables

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-daemon: Mark tunable VerifyRecoveryLock as obsolete

It is pointless having a recovery lock but not sanity checking that it
is working.  Also, the logic that uses this tunable is confusing.  In
some places the recovery lock is released unnecessarily because the
tunable isn't set.

Simplify the logic by assuming that if a recovery lock is specified
then it should be verified.

Update documentation that references this tunable.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-doc: Improve documentation of the recovery lock

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

snprintf: Try to support %j

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 12 23:34:33 CET 2015 on sn-devel-104

torture/ioctl: add test_ioctl_sparse_copy_chunk test

This test copies unallocated and allocated ranges from a sparse file
into a sparse and non-sparse destination file using FSCTL_SRV_COPYCHUNK.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 12 03:19:32 CET 2015 on sn-devel-104

torture/ioctl: add sparse_compressed test

This test checks whether a file marked with sparse and compression
attributes is deallocated following FSCTL_SET_ZERO_DATA.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

torture/ioctl: extend sparse_hole_dealloc test

Check whether unwritten extents in a sparse file are allocated.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

torture/ioctl: add sparse_hole_dealloc test

This test finds the minimum length at which a zeroed range in a sparse
file is deallocated by the underlying filesystem.
It also checks whether zeroed neighbours are merged for deallocation.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

torture/ioctl: fix check_[zero/pattern]() for len=0

Subtraction currently triggers an underflow.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_prealloc: Remove call to gpfs_prealloc

Calling gpfs_prealloc changes the actual size of the file, and this
should not be done implicitly. Also this code does not compile due to
the missing dependency to the gpfs library. The best way solution here
is probably removing the call to gpfs_prealloc. The vfs_gpfs module
already implements the call to gpfs_prelloc when this can be done
safely.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 11 02:03:09 CET 2015 on sn-devel-104

lib: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3: smbclient: Allinfo leaves the file handle open.

https://bugzilla.samba.org/show_bug.cgi?id=11094

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Feb 10 23:28:46 CET 2015 on sn-devel-104

smbd: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Feb 10 20:27:32 CET 2015 on sn-devel-104

smbd: Fix a typo

http://www.oxfordlearnersdictionaries.com/definition/english/veto_2 says it's
vetoed, not vetod

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

smbd: Make "check_veto_path" static

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Update mailing list references to point at lists.samba.org

The mailing lists are on lists.samba.org, but there are many references that use the shorthand of samba.org

Some references to samba@ have been changed to samba-technical@ where this make more sense.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Feb 10 07:08:28 CET 2015 on sn-devel-104

Remove obsolete SGI packaging

This has not worked since before the source3 and source4 trees were imported many years ago

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

printing/cups: pack requested-attributes with IPP_TAG_KEYWORD

The CUPS IPP_GET_JOBS requested-attributes array indicates which job
attributes the caller would like in the cupsd response.

Until now, Samba has packed these attributes with a IPP_TAG_NAME
format tag. In recent versions of CUPS, this results in the IPP_GET_JOBS
response only including the job-id and job-printer-uri fields, even with
JobPrivateValues=none configured.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10808

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 10 01:38:58 CET 2015 on sn-devel-104

gencache: don't fail gencache_stabilize if there were records to delete.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

nfs4: Fix a confusing debug message

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Feb  9 12:25:06 CET 2015 on sn-devel-104

torture-krb5: Provide a generic handler to catch and print unexpected KRB_ERROR packets

This may aid debugging in the future.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Feb  8 10:37:23 CET 2015 on sn-devel-104

auth/kerberos: Use talloc_stackframe to avoid memory and FD leak of event context

The smb_krb5_send_and_recv_func_forced and smb_krb5_send_and_recv_func
functions could leak an event context including an epoll FD and some
memory.  This may explain a flapping test in krb5.kdc

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>

torture-krb5: Add test for TGS-REQ with type KRB5_NT_PRINCIPAL, KRB5_NT_SRV_INST, KRB5_NT_SRV_HST

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>

torture-krb5: Add test in for normal TGS-REQ

For example, host/server

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>

torture-krb5: Split out TEST_AS_REQ_SELF recv testing routine

This duplicates more code, but re-using the callbacks makes it much, much harder to debug

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>

torture-krb5: Add additional assertions for non-canon TGS-REP

This confirms that the KDC does not modify the returned principal in a TGS-REP unconditionally.

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

torture-krb5: Further test improvements to cover KRB5_GC_CANONICALIZE on krbtgt/

This covers more of the protocol, and confirms which tests actually send network
packets (and so actually run the assertions in the send_and_recv handlers.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

selftest: Run krb5.kdc with an account that has a UPN and an SPN

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>

torture-krb5: Add tests for AS-REQ to our own name

This allows us to probe the behaviour of AS-REQ requests against a principal other than krbtgt/

This alos allows verification of behaviour of principals of type KRB5_NT_ENTERPRISE_PRINCIPAL

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

torture-krb5: Improve the assertions in our KDC tests to be more explicit

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>

torture-krb5: Reformat and re-work test to be easier to follow

The behaviour is the same as in the previous commit, but it is much easier to follow
as the main test code now indicates to the send_and_recv callbacks what stage of the
test we are at, and resets the packet counter between stages.

This also re-orders the code so that the send and recv callbacks for each stage
are next to each other, and uses a case statement in the main send_and_recv driver
for clarity.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>

torture-krb5: Add tests for the canonicalise TGS-REQ case

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>

torture-krb5: add TGS-REQ testing to krb5.kdc.canon testsuite

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

kdc: make Samba KDC pass new TGS-REQ and AS-REQ (to self) testing

This also reverts 51b94ab3fd4d13ee38813eb7d20db11edaa667a8 as our
testing shows Windows 2012R2 does not have this behaviour.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

kdc: fixup KDC to use functions portable to MIT krb5

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

torture-krb5: Do not do post-recv checks if the packet recv failed

This may be the cause of the flapping tests in this code previously,
as the recv_buf would be 0 length.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>

ctdb-tests: Add new "ctdb setreclock" test

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Feb  4 05:40:55 CET 2015 on sn-devel-104

ctdb-daemon: Fix SET_RECLOCK_FILE regression

If the recovery lock file is unset then this dereferences a NULL
pointer.  The regression is due to commit
6f1ac7af0f87d85402d708231e45a69713bba026.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

samba-tool: Create NIS enabled users and unixHomeDirectory attribute

Allow to create NIS enabled user accounts via 'samba-tool user add'.

To create NIS enabled accounts, the parameters
--uid-number=, --login-shell=, --unix-home=, --gid-number=
are mandatory. Because we didn't had a parameter to set unixHomeDirectory
yet, this patch also adds this feature.

'unixUserPassword: ABCD!efgh12345$67890' is added by default, when you
enable NIS on an account in ADUC. The same we do in samba-tool.

See: https://bugzilla.samba.org/show_bug.cgi?id=10909

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Marc Muehlfeld <mmuehlfeld@samba.org>
Autobuild-Date(master): Tue Feb  3 17:18:32 CET 2015 on sn-devel-104

s4-samdb/tests: Assert on expected set of attributes for new User object

Change-Id: I225b64ff7492b41852fecb914f464a6c8d504a2c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Feb  3 07:30:17 CET 2015 on sn-devel-104

s4-dsdb/tests: Assert on expected set of attributes for restored objects

Change-Id: I788406d9c3839d108cea508cf2a59488d495f141
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4-dsdb: Refactor user objects defaults setter to use attribute/value map

Change-Id: Iaa32af4225219a4c5c42c663022e8be429b8a1d2
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

dsdb: Do not use _ prefix in tombstone_reanimate module

This should only be used by the C library.

Andrew Bartlett

Change-Id: I00da64de1443a7c6b21aafae79e126180eb1a3d4
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>

s4-dsdb: common helper to determine "primaryGroupID" attribute value

At the moment current implementation does not check if group RID
is existing group RID - this responsibility is left to the caller.

Change-Id: I8c58dd23a7185d63fa2117be0617884eb78d13c1
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb: Common helper for setting "sAMAccountType" on User objects

Change-Id: I4480e7d1ed0c754e960028e0be9a90ee56935e94
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb: Move User object default attribute values in separate helper

Change-Id: I1e291bcf0a5c9b2fca11323dc7f8be29f5145d42
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-tests: Add tombstone_reanimation test case to s4 test suite

DC, USERNAME and PASSWORD are passed as environment variables
prefixed with TEST_

Change-Id: I84ff628496bfa3e0538011400328585d080f21b8
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb/tests: Do not pre-create LoadParm - connect_samdb_env() will handle it

Change-Id: I3483c5aa50de2f7aca19e4d7cc4fa49bbe5f889d
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb-test: Use common base method for restoring Deleted objects

Change-Id: I266b58ced814cf7ea3616862506df5b55f4f1d8c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb/samldb: Don't allow rename requests on Deleted object

Windows behavior in case of renaming Deleted object is:
* return ERR_NO_SUCH_OBJECT in case client is not providing
  SHOW_DELETED control
* ERR_UNWILLING_TO_PERFORM otherwise

Renaming of Deleted objects is allowed only through special
Tombstone reanimation modify request

Change-Id: I1eb33fc294a5de44917f6037988ea6362e6e21fc
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb/test: Delete any leftover objects in the beginning of Cross-NC test

This way we ensure that samdb is clean before we make the test

Change-Id: I3c6fc94763807394e52b6df41548e9aba8b452c1
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb/samldb: Relax a bit restrictions in Config partition while restoring deleted object

Change-Id: Iead460d24058b160b46cf3ddedaf4d84b844da4d
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb/samdb: Don't relax contraint checking during rename for Deleted objects

Now we have a module to handle to handle Tombstone reanimation
and it is better we do all the check here as usual

Change-Id: Ia5d28d64e99f7a961cfe8b9aa7cc96e4ca56192e
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb-test/reanimate: Fix whitespaces according to PEP8

Change-Id: I7b46992c80178d40a0531b5afd71a7783068a9dd
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb-tests: Move base tests for Tombstone reanimation in tombstone_reanimation module

So we have them all in one place.

While moving, I have:
* inherited from the base class for Tombstone reanimations
* replace self.ldb with self.samdb

Change-Id: Id3e4f02cc2e0877d736da812c14c91e2311203d2
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb-test: Fix duplicated key in a dictionary in sam.py

Change-Id: Ie33d92bd308262d9bfda553d6d5e2cfd98f6d7b3
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb/objectclass: remove duplicated declaration for objectclass_do_add

Change-Id: Ib88a45cea64fb661a41ca3b4a3df9dabf509fc6c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb-test: remove trailing ';' in ldap.py

Change-Id: I5edc6e017b576791c1575f71a625c49ccc88fe8f
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb/reanimate: Group objects reanimation implementation

Change-Id: Iea92924ff6b33fa3723b104d5dfff1ce5a7a09b0
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb/reanimate: Swap rename->modify operations to modify->rename sequence

This way it is more visible that we work on 'deleted object' during modify
and also will help us to handle 'stop rename for deletec objects'
propertly in future

[MS-ADTS]: 3.1.1.5.3.7.3 Undelete Processing Specifics

Change-Id: I9bb644e099a4a2afcb261ad22515c9c4ce4875bb
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb/reanimate: Use 'show deleted' control in modify operations too

Before committing changes, object is still deleted - isDeleted = true

Change-Id: Ie1ab53dc594d1bfaf5b9e06316e7a1fc0dd4b8cb
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb/samldb: Skip 'sAMAccountType' and 'primaryGroupID' during Tombstone reanimate

tombstone_reanimate.c module is going to restore those attributes
and it needs a way to propagate them to DB

Change-Id: I36f30b33fa204fd28329eab01044a125f7a3f08e
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb/samldb: Fix type "omputer" -> "computer"

Change-Id: Ic56c6945528b7f60becc4f0b318429f4c22c3d2e
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb/reanimate: Implement attribute_restore function

At the moment it works for objects with objectClass user + a common
case of removing isRecycled attribute

Change-Id: I70b0ef0ef65c13d3def82ca53ace52a85a078a37
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb-util: Mark attributes with ADD flag in samdb_find_or_add_attribute()

At the moment no flags are set and it works fine, since this function
is solely used in samldb during ADD requests handling.
Pre-setting a flag make it usefull for other modules and request
handlers too

Change-Id: I7e43dcbe2a8f34e3b0ec16ae2db80ef436df8bfe
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb-test: Fix Undelete tests after subunit upgrade work

Change-Id: I4712a2a2163a57fde037511afcc1cb7bee05f12e
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb-test: Use case insensitive comparison for DNs in undelete test

Change-Id: I4a009bb7ed58ab857ac74a235bb5f580911f0d92
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb-test: Initial implementation for Tombstone restore test suite

Change-Id: Ib35ff930b6e7cee14317328b6fe25b59eec5262c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb-test: Implement samdb_connect_env() to rely solely on environment

this is to help me port Python tests to be more Unit test alike
and remove all global handling
Starting from a new test suite - tombstone_reanimation.py

Andrew Bartlett rose his concerns that passing parameters
through environment may make tests hard to trace for
failures. However, passing parameters on command line
is not Unit test alike either. After discussing this with him
offline, we agreed to continue this approach, but prefix
environment variables with "TEST_". So that an env var
should not be used by coincidence.

Change-Id: I29445c42cdcafede3897c8dd1f1529222a74afc9
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb: Some minor fixes in tombstone_reanimate, to make it work with acl

Change-Id: Idad221c7ecf778fd24f6017bb4c6eacac541086a
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb: Implementation of access checks on a undelete operation

Special Reanimate-Tombstone access right is required, as well as most of
the checks on a standard rename.

Change-Id: Idae5101a5df4cd0d54fe4ab2f7e5ad7fc1c23648
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb: Tests for security checks on undelete operation

Implemented according to MS-ADTS 3.1.1.5.3.7.1. Unfortunately it appears
LC is also necessary, and it is not granted by default to anyone but
System and Administrator, so tests had to be done negatively

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Change-Id: Ic03b8fc4e222e7842ec8a9645a1bb33e7df9c438

s4-dsdb: Mark request during Tombstone reanimation with custom LDAP control

We are going to need this so that underlying modules (acl.c)
can treat those requests properly

Change-Id: I6c12069aa6e7e01197dddda6c610d930d3fd9cb0
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb: Implement rename/modify requests as local for the module

The aim is for us to be able to fine tune the implementation
and also add custom LDAP controls to mark all requests as
being part of Reanimation procedure

Change-Id: I9f1c04cd21bf032146eb2626d6495711fcadf10c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb: Add documentation link for Tombstone Reanimation

Change-Id: Ib779c8b0839889371f25ad5751c9cda1a510eb54
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-tests: Print out what the error is in delete_force()

Change-Id: Iaa631179dc79fa756416be8eaf8c55e3b0c1a29f
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb: Define internal dsdb control to mark Tombstone reanimation requests

Tombstone reanimation requries some special handling which is going
to affect several modules. Most notably:
 - a bit different access checks in acl.c
 - restore certain attributes during modify requests in samldb.c

Control added also to schema_samba4.ldif by Andrew Bartlett
hence the "pair programmed with" tag.

Change-Id: Ief4f7dabbbdc2570924fae48c30ac9c531a701f4
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb: Make use dsdb_make_object_category() for objectCategory

Change-Id: If65c54a653ad7078ca7a535b5c247db2746b5be7
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb: Make most specific objectCategory for an object

This is lightweight implementation and should be used on objects
with already verified objectClass attribute value - eg. valid classes,
sorted properly, etc.
Checkout objectclass.c module for heavy weight implementation.

Change-Id: Ifa7880d26246f67e2f982496fcc6c77e6648d56f
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb: Initialize module context only we are to handle Tombstone request

Change-Id: I73bd2043e96907e3d1a669bdbd943ddee1df8c0a
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb: Return error codes as windows does for Tombstone reanimation

Tested against Windows Server 2008 R2
In case we try to restore to already existing object, windows
returns: LDB_ERR_ENTRY_ALREADY_EXISTS
Otherwise it is: LDB_ERR_OPERATIONS_ERROR

Change-Id: I6b5fea1e327416ccf5069d97a4a378a527a25f80
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb-tests: Fix whitespace in deletetest.py

Change-Id: Ic2924b0aa9cffd29fe0c857317ccb65ba53a1c21
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb-tests: Make unique object names to test with in deletetest

This way we can re-run the test again and again

Change-Id: I29bd878b77073d94a279c38bd0afc2f0befa6f9d
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb-tests: Remove unused method get_ldap_connection()

Change-Id: Ie50f77dbba724dbd3c2822de5c2cfff41016fac6
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb-tests: Remove trailing ';' in deletetest.py

Change-Id: Ic1ad6bbda55be56cbf7ae78a8ad988b8e479a40c
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb: Insert tombstone_reanimate module in ldb modules chain after objectclass

Change-Id: Id9748f36f0aefe40b1894ecd2e5071e3b9c8a6d6
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb: Initial implementation for Tombstone reanimation module

At the moment it works for basic scenario:
 - add user
 - delete user
 - restore deleted user

TODO:
 - security checks
 - flags verification
 - cross-NC checks
 - asynchronous implementation (may not be needed, but anyway)

Change-Id: If396a6dfc766c224acfeb7e93ca75703e08c26e6
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

s4-dsdb-tests: Some tests for deleted objects undelete operation

Based on MS-ADTS 3.1.1.5.3.7.2

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Change-Id: I650b315601fce574f9302435f812d1dd4b177e68

selftest: fix check for RODC and RID Set allocation

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Feb  2 01:10:18 CET 2015 on sn-devel-104

python/samba/tests: don't lower case path names in connect_samdb()

We should not lower case file names, because we may get a path to sam.ldb.
Now we only lower case ldap urls.

For a long time I got failing private autobuild like this:

[1623(9233)/1718 at 1h28m9s] samba4.urgent_replication.python(dc)(dc:local)
Failed to connect to ldap URL
'ldap:///memdisk/metze/w/b12985/samba/bin/ab/dc/private/sam.ldb' - LDAP client
internal error: NT_STATUS_NO_MEMORY
Failed to connect to
'ldap:///memdisk/metze/w/b12985/samba/bin/ab/dc/private/sam.ldb' with backend
'ldap': (null)
UNEXPECTED(error):
samba4.urgent_replication.python(dc).__main__.UrgentReplicationTests.test_attributeSchema_object(dc:local)
REASON: _StringException: _StringException: Content-Type:
text/x-traceback;charset=utf8,language=python
traceback
322

The problem is that /memdisk/metze/W/ is my test directory instead
of /memdisk/metze/w/.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>