Michael Adam [Wed, 13 Jul 2016 00:30:20 +0000 (02:30 +0200)]
s3:smbtree: fix -Wtautological compare error in free_name_list()
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Wed, 13 Jul 2016 00:28:22 +0000 (02:28 +0200)]
nmbd: fix -Wtautological-compare error in run_dns_queue()
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Wed, 13 Jul 2016 00:27:13 +0000 (02:27 +0200)]
s4:client: fix -Wtautological-compare error in free_file_list()
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Wed, 13 Jul 2016 00:25:46 +0000 (02:25 +0200)]
lib: fix -Wtautological-compare error in dlinklist testsuite
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Wed, 13 Jul 2016 00:23:13 +0000 (02:23 +0200)]
s4:ldap_server: fix -Wtautological-compare error in ldapsrv_call_process_done
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Wed, 13 Jul 2016 00:17:06 +0000 (02:17 +0200)]
pampass: fix -Wtautological-compare error in free_pw_chat()
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Wed, 13 Jul 2016 00:13:57 +0000 (02:13 +0200)]
s3:dns_server: fix -Wtautological-compare errors
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Wed, 13 Jul 2016 00:09:58 +0000 (02:09 +0200)]
s3:lib: fix -Wtautological-compare error in gfree_interfaces()
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Tue, 12 Jul 2016 23:50:46 +0000 (01:50 +0200)]
smbXcli: fix -Wtautological-compare error
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Tue, 12 Jul 2016 21:41:20 +0000 (23:41 +0200)]
ldb: avoid tautological compare errors in DLIST_ADD_END
Michael Adam [Tue, 12 Jul 2016 21:40:29 +0000 (23:40 +0200)]
tevent: avoid tautological compare errors in DLIST_ADD_END
Michael Adam [Tue, 12 Jul 2016 21:37:22 +0000 (23:37 +0200)]
util:dlinklist: avoid tautological compare errors in DLIST_ADD_END
Michael Adam [Fri, 13 May 2016 22:50:47 +0000 (00:50 +0200)]
TMP: selftest: debug output in cleanup_child()
Michael Adam [Tue, 24 May 2016 08:40:41 +0000 (10:40 +0200)]
TMP: selftest: clusteredmember: add debug prints
Michael Adam [Fri, 16 May 2014 12:44:25 +0000 (14:44 +0200)]
autobuild: run clusteredmember tests in samba-ctdb target
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Thu, 22 May 2014 06:53:03 +0000 (08:53 +0200)]
selftest: run the usual samba3 member tests also in the clustermember env
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Tue, 12 Jul 2016 11:12:24 +0000 (13:12 +0200)]
selftest:Samba3: add a clusteredmember environment
This will allow running tests against a ctdb setup,
thereby covering the dbrwap_ctdb->ctdb stack in real
SMB tests. For a start, just add a 1-node "cluster",
just to excercise the code.
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Thu, 22 May 2014 09:45:12 +0000 (11:45 +0200)]
g_lock: avoid lock order violation with xattr_tdb
Bump g_lock lock order to 3 from 2 to move it out
of the way of xattr.tdb which also has lock-order 2.
This way, we can do ctdb transactions on xattr.tdb.
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Tue, 12 Jul 2016 08:23:24 +0000 (10:23 +0200)]
libads: improve debug messages in sitename_fetch()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jul 12 21:23:48 CEST 2016 on sn-devel-144
Michael Adam [Tue, 12 Jul 2016 11:16:27 +0000 (13:16 +0200)]
selftest: check for smbd on a 1-second basis.
Chance to reduce the overall time spent in checking for smbd
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Wed, 15 Jun 2016 23:00:13 +0000 (01:00 +0200)]
selftest: check for winbind on 1-second basis
There is a chance to reduce the overall time spent checking.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Tue, 12 Jul 2016 08:43:45 +0000 (10:43 +0200)]
libsmb:namequery: fix typo in comment in get_dc_list()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Nikolai Kondrashov [Wed, 29 Jun 2016 12:05:08 +0000 (15:05 +0300)]
tevent: Clarify apparently useless conditions
Comment on two similar conditions in tevent_standard.c, which,
otherwise, at a first glance, seem useless, i.e. always true.
The conditions checking glue->epoll_ops for being non-NULL, imply that
it *can* be NULL. A casual reader would not generally expect a "member"
function to modify its container's pointer in a container higher up, and
would assume that glue->epoll_ops could be NULL before the call,
resulting in a near-NULL pointer dereference.
However, in this case epoll_ops is indeed cleared in those "member"
functions, in the case of an epoll interface failure, to signify
fallback to poll interface.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Jul 12 13:56:41 CEST 2016 on sn-devel-144
Rowland Penny [Tue, 5 Jul 2016 06:49:00 +0000 (07:49 +0100)]
Fix typo in python/samba/provision/__init__.py
Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 12 06:58:47 CEST 2016 on sn-devel-144
Stefan Metzmacher [Wed, 6 Jul 2016 10:44:11 +0000 (12:44 +0200)]
libads: ensure the right ccache is used during spnego bind
When doing spnego sasl bind:
1. Try working without kinit only if a password is not
provided
2. When using kinit, ensure the KRB5CCNAME env var is set
to a private memory ccache, so that the bind is on behalf
of the requested user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12007
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 12 03:23:33 CEST 2016 on sn-devel-144
Stefan Metzmacher [Wed, 6 Jul 2016 10:48:11 +0000 (12:48 +0200)]
libads: ensure the right ccache is used during gssapi bind
When doing gssapi sasl bind:
1. Try working without kinit only if a password is not
provided
2. When using kinit, ensure the KRB5CCNAME env var is set
to a private memory ccache, so that the bind is on behalf
of the requested user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12007
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Sat, 9 Jul 2016 12:33:52 +0000 (14:33 +0200)]
s3-messaging: use messaging_ctdbd_reinit() in messaging_reinit()
This is the last step to fix a regression introduced by
3fe3226daa8488e0fa787c40359c3401b6f05fc0 and
3fe3226daa8488e0fa787c40359c3401b6f05fc0^
where we pass the ctdb-messaging object conn to db_open() and add a
reference to it to the private db_ctdb_ctx for later use. Unfortunately
reinit_after_fork() destroys conn, leaving us with an invalid reference.
The previous patches added new lower level functions
messaging_ctdbd_reinit() and ctdbd_reinit_connection(), finally use them
them from messaging_reinit(). They preserve the conn object and simply
reinitialize the IPC fd.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jul 11 23:45:20 CEST 2016 on sn-devel-144
Ralph Boehme [Sat, 9 Jul 2016 12:30:35 +0000 (14:30 +0200)]
s3-messaging/ctdb: add messaging_ctdbd_reinit()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Sat, 9 Jul 2016 11:20:01 +0000 (13:20 +0200)]
s3-messaging/ctdb: split messaging_ctdbd_init()
Split out and internal function from messaging_ctdbd_init() that does
the connection setup. Keep the conn object allocation in
messaging_ctdbd_init().
This is in preperation of adding messaging_ctdbd_reinit() which will use
the new internal function as well.
messaging_ctdbd_init_internal() has a new reinit flag,
messaging_ctdbd_init() calls with reinit=false resulting in unmodified
behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Sat, 9 Jul 2016 06:59:09 +0000 (08:59 +0200)]
ctdbd_conn: add ctdbd_reinit_connection()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Sat, 9 Jul 2016 06:48:49 +0000 (08:48 +0200)]
ctdbd_conn: split ctdbd_init_connection()
Split ctdbd_init_connection() into an internal function that does the
connection setup and only keep the conn object allocation in
ctdbd_init_connection().
This is in preperation of adding ctdbd_reinit_connection() which will
use the new internal function as well.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Tue, 21 Jun 2016 07:50:53 +0000 (09:50 +0200)]
ctdb: fix autotest with socket-wrapper installed in the system
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Jul 11 15:53:30 CEST 2016 on sn-devel-144
Amitay Isaacs [Fri, 8 Jul 2016 13:37:18 +0000 (23:37 +1000)]
swrap: Build socket_wrapper path relative to blddir
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Michael Adam [Mon, 11 Jul 2016 09:08:22 +0000 (11:08 +0200)]
autobuild: Don't compare socket wrapper so_path for xc check
This uses the build-directory which, hence is not the same.
Achieve this by adding the path itself and the whole
defines dictionary to the exclude list.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Garming Sam [Mon, 11 Jul 2016 05:20:40 +0000 (17:20 +1200)]
tests/dns_update: Add error message for diagnosis
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Jul 11 10:58:16 CEST 2016 on sn-devel-144
Ralph Boehme [Tue, 5 Jul 2016 13:38:31 +0000 (15:38 +0200)]
s3-rpc_server/mdssd: use smbd_reinit_after_fork()
Using smbd_reinit_after_fork() rather then reinit_after_fork() ensures
am_parent is reset to NULL. Otherwise, when exiting for some reason, the
inherited atexit handler killkids() calls kill(0,SIGTERM) terminating
our whole process group including the main smbd.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12016
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jul 11 02:02:33 CEST 2016 on sn-devel-144
Ralph Boehme [Tue, 5 Jul 2016 13:37:53 +0000 (15:37 +0200)]
smbd/notifyd: use smbd_reinit_after_fork()
Using smbd_reinit_after_fork() rather then reinit_after_fork() ensures
am_parent is reset to NULL. Otherwise, when exiting for some reason, the
inherited atexit handler killkids() calls kill(0,SIGTERM) terminating
our whole process group including the main smbd.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12016
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Tue, 5 Jul 2016 13:20:53 +0000 (15:20 +0200)]
smbd/cleanupd: use smbd_reinit_after_fork()
Using smbd_reinit_after_fork() rather then reinit_after_fork() ensures
am_parent is reset to NULL. Otherwise, when exiting for some reason, the
inherited atexit handler killkids() calls kill(0,SIGTERM) terminating
our whole process group including the main smbd.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12016
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andrew Bartlett [Mon, 21 Mar 2016 04:06:00 +0000 (17:06 +1300)]
Revert selftest: Add knownfail entry required to disable tombstone_reanimation
This reverts
e0fa42201b5ff1b2d67f1c3cdb0d3dbcce9b6e40
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jul 9 18:41:40 CEST 2016 on sn-devel-144
Andrew Bartlett [Mon, 21 Mar 2016 04:05:19 +0000 (17:05 +1300)]
Revert "dsdb: Disable tombstone_reanimation module until we isolate what causes flaky tests"
This reverts commit
252b62c54ed5a4aabbdccf315f1a0ae3d958d11c.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 07:30:04 +0000 (09:30 +0200)]
s4:dsdb/tests: add RestoreUserPwdObjectTestCase test
This is the same as RestoreUserObjectTestCase, but we
set the password on add and reanimate.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 13:26:18 +0000 (15:26 +0200)]
s4:dsdb/tests: improve the RestoreUserObjectTestCase test
We verify attributes, values and their replication metadata after
each step (add, delete, reanimate).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 13:24:21 +0000 (15:24 +0200)]
s4:dsdb/tests: improve tombstone_reanimation varifications
We should do case sensitive checks.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 13:21:03 +0000 (15:21 +0200)]
s4:dsdb/tests: make tombstone_reanimation.py executable
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 04:23:53 +0000 (06:23 +0200)]
s4:dsdb/tests: make use assertAttributesEqual() in RestoreUserObjectTestCase()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 12:37:54 +0000 (14:37 +0200)]
s4:dsdb/tombstone_reanimate: restructure the module logic
Now we keep all state in struct tr_context and split
the preparation and exectution of sub requests into
helper functions.
The most important change is that we now
pass mod_req to dsdb_user_obj_set_defaults(),
so that it can add controls to it.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 08:43:19 +0000 (10:43 +0200)]
s4:dsdb/common: prepare dsdb_user_obj_set_defaults() for tombstone reanimation
accountExpires gets a different value, logonHours is not updated,
operatorCount and adminCount are added.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 08:47:41 +0000 (10:47 +0200)]
s4:dsdb/repl_meta_data: remove secret attributes on delete
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 08:15:29 +0000 (10:15 +0200)]
s4:dsdb/repl_meta_data: sort preserved_attrs and add "msDS-PortLDAP"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 12:52:50 +0000 (14:52 +0200)]
s4:password_hash: correctly update pwdLastSet on deleted objects.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 12:38:06 +0000 (14:38 +0200)]
s4:dsdb/samdb: add const to dsdb_make_object_category()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Jul 2016 06:46:43 +0000 (08:46 +0200)]
drsuapi.idl: add DRSUAPI_ATTID_operatorCount and DRSUAPI_ATTID_adminCount
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 8 Jul 2016 00:54:40 +0000 (12:54 +1200)]
selftest: Add more tests for samba-tool drs replicate
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 8 13:39:01 CEST 2016 on sn-devel-144
Andrew Bartlett [Fri, 8 Jul 2016 00:54:22 +0000 (12:54 +1200)]
samba-tool: Add --local-online mode to samba-tool drs replicate
This mode avoids an issue with using -P on an RODC, instead using an IRPC message
to trigger online replication right away
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 8 Jul 2016 00:53:09 +0000 (12:53 +1200)]
samba-tool: Add success message to samba-tool drs replicate --local
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Garming Sam [Fri, 8 Jul 2016 02:53:22 +0000 (14:53 +1200)]
schema: raise debug level
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 6 Jul 2016 04:57:26 +0000 (16:57 +1200)]
schema: Remove unnecessary schema reload code
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 7 Jul 2016 14:04:14 +0000 (16:04 +0200)]
s4:torture/drs: verify the whole metadata array to be the same in the repl_move tests
We've removed the difference compared to Windows and store metadata stamps for
some empty attributes.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 7 Jul 2016 15:56:37 +0000 (17:56 +0200)]
Revert "selftest/flapping: mark samba4.drs.repl_move.python as temporary flapping"
We pass this tests again...
This reverts commit HEAD~2.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 1 Jun 2016 21:25:22 +0000 (23:25 +0200)]
s4:dsdb/password_hash: force replication meta data for empty password attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 7 Jul 2016 13:44:47 +0000 (15:44 +0200)]
s4:dsdb/common: add a replication metadata stamp for an empty logonHours attribute
When a user object is created it gets a metadata stamp for logonHours,
while the logonHours attribute has no value.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 7 Jul 2016 14:14:05 +0000 (16:14 +0200)]
selftest/flapping: mark samba4.drs.repl_move.python as temporary flapping
We'll change the behaviour step by step to match Windows.
At the end we'll pass the test again and revert this patch.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 1 Jun 2016 22:30:01 +0000 (00:30 +0200)]
tests:samba3sam: make use of the dsdb_flags_ignore module
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 1 Jun 2016 22:08:54 +0000 (00:08 +0200)]
s4:samba_dsdb: add "dsdb_flags_ignore" module
This module removes internal flags from ldb_message_elements.
Typically the repl_meta_data module handles DSDB_FLAG_INTERNAL_FORCE_META_DATA,
but there're some cases where we don't use that module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 1 Jun 2016 21:13:21 +0000 (23:13 +0200)]
s4:dsdb/samdb: add DSDB_FLAG_INTERNAL_FORCE_META_DATA
With this it's possible to add a replPropertyMetaData entry for an empty
attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 28 Apr 2016 00:24:52 +0000 (02:24 +0200)]
CVE-2016-2019: s3:selftest: add regression tests for guest logins and mandatory signing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Jul 7 14:52:20 CEST 2016 on sn-devel-144
Stefan Metzmacher [Thu, 28 Apr 2016 00:36:35 +0000 (02:36 +0200)]
CVE-2016-2019: s3:libsmb: add comment regarding smbXcli_session_is_guest() with mandatory signing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 20 Apr 2016 09:26:57 +0000 (11:26 +0200)]
CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing
Note real anonymous sessions (with "" as username) don't hit this
as we don't even call smb2cli_session_set_session_key() in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 6 Jul 2016 12:24:25 +0000 (14:24 +0200)]
testprogs: Do not use the deprecated samba-tool user add
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 7 02:15:16 CEST 2016 on sn-devel-144
Stefan Metzmacher [Thu, 12 May 2016 15:31:47 +0000 (17:31 +0200)]
s3:libsmb/clirap: remove unused cli_get_server_*() functions
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 6 22:41:41 CEST 2016 on sn-devel-144
Stefan Metzmacher [Mon, 9 May 2016 14:14:04 +0000 (16:14 +0200)]
libcli/auth: remove unused variable in msrpc_parse()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 5 Jul 2016 09:40:15 +0000 (11:40 +0200)]
security.idl: add SID_NT_NFS S-1-5-88* sids
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Tue, 5 Jul 2016 08:53:08 +0000 (10:53 +0200)]
selftest: Do not use the deprecated samba-tool user add
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Tue, 5 Jul 2016 08:56:24 +0000 (10:56 +0200)]
s4-dsdb: Add missing header file for write() and close()
This fixes compilation with gcc 4.8.5.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Mon, 4 Jul 2016 11:18:03 +0000 (13:18 +0200)]
s4-torture: Add AES and RC4 enctype checks
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 6 19:06:19 CEST 2016 on sn-devel-144
Andreas Schneider [Mon, 4 Jul 2016 07:47:10 +0000 (09:47 +0200)]
s4-torture: Add torture_check_krb5_error() function
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Andrew Bartlett [Mon, 4 Jul 2016 02:06:10 +0000 (14:06 +1200)]
schema: Reorder dsdb_set_schema() to unlink the old schema last
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 4 May 2016 05:01:15 +0000 (17:01 +1200)]
dsdb: Remove 120 second delay and USN from schema refresh check
We now refresh it once the schema changes, so that replication can
proceed right away. We use the sequence number in the metadata.tdb.
The previous commit added a cache for this value, protected by
tdb_seqnum().
metadata.tdb is now opened at startup to provide this support.
Note that while still supported, schemaUpdateNow is essentially rudundent:
instead, to ensure we increment the sequence number correctly, we unify that check
into repl_meta_data at the transaction close.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 5 Jul 2016 23:38:28 +0000 (11:38 +1200)]
dsdb: Remove use of schema USN in samldb_add_handle_msDS_IntId
This is not a frequent enough operation to warrent a cache, and the USN will be removed
from the schema code shortly
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 4 Jul 2016 02:05:46 +0000 (14:05 +1200)]
schema: Make the fetch of the schema version fast
Use the tdb_seqnum() to avoid needing locks to check if the schema has not changed
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Tue, 5 Jul 2016 04:01:38 +0000 (16:01 +1200)]
ldb: Avoid use-after-free when one error message is printed into another
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Bob Campbell [Thu, 30 Jun 2016 03:03:39 +0000 (15:03 +1200)]
provision: Ignore duplicate attid and governsID check
During the provision this causes a huge performance hit as these two
attributes are unindexed.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Bob Campbell [Wed, 29 Jun 2016 22:40:51 +0000 (10:40 +1200)]
provision_fill: move GPO into transaction
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Bob Campbell [Wed, 29 Jun 2016 04:54:06 +0000 (16:54 +1200)]
provision_fill: move most db accesses into transactions
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Martin Schwenke [Wed, 29 Jun 2016 08:11:44 +0000 (18:11 +1000)]
ctdb-scripts: Quote some variable expansions
This avoids relevant shellcheck warnings. This is most of the
shellcheck low hanging fruit in the non-test code. Many of the other
warnings produced by shellcheck are either false positives, are
non-trivial to fix or a fix may result in worse code.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Jul 6 08:15:49 CEST 2016 on sn-devel-144
Martin Schwenke [Wed, 29 Jun 2016 10:43:18 +0000 (20:43 +1000)]
ctdb-scripts: Fix incorrect variable reference
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 29 Jun 2016 07:54:00 +0000 (17:54 +1000)]
ctdb-scripts: Use globs instead of ls to list files
shellcheck reports that using ls is fragile.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 29 Jun 2016 07:49:13 +0000 (17:49 +1000)]
ctdb-scripts: Fix incorrect variable reference
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 29 Jun 2016 07:47:12 +0000 (17:47 +1000)]
ctdb-scripts: Fix incorrect variable reference
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 29 Jun 2016 07:36:05 +0000 (17:36 +1000)]
ctdb-scripts: Update script boilerplate to avoid shellcheck warnings
* Assign the output of dirname to temporary variable to avoid word
splitting when directory name contains whitespace
* Drop export of CTDB_BASE to avoid masking broken return value -
functions file does the export anyway
* Quote path when including functions file
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 29 Jun 2016 07:33:43 +0000 (17:33 +1000)]
ctdb-scripts: Export CTDB_BASE in functions file
This avoids having to export it in every file that includes the
functions file.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 29 Jun 2016 07:05:17 +0000 (17:05 +1000)]
ctdb-scripts: Drop optional argument to nfs_check_services()
Added so that nfs_check_services() could be run against an arbirary
directory. However, with the function moved to the event script, this
isn't useful. CTDB_NFS_CHECKS_DIR can be used for testing instead.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Christof Schmitt [Fri, 1 Jul 2016 18:52:15 +0000 (11:52 -0700)]
gensec: Change log level for message when obtaining PAC from gss_get_name_attribute failed
This is the second part for the issue from commit
8bb4fccd. A KDC that
does not return a PAC first triggers this message, then the "resorting
to local user lookup" one. Change the log level for the "obtaining PAC
via GSSAPI gss_get_name_attribute" message as well to avoid spamming the
logs during normal usage. While changing this message, also remove the
discard_const since it is no longer required.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 6 04:27:03 CEST 2016 on sn-devel-144
Uri Simchoni [Sun, 3 Jul 2016 19:50:22 +0000 (22:50 +0300)]
auth: fix a memory leak in gssapi_get_session_key()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12006
Signed-off-by: Uri Simchoni <uri@samba.org>
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Wed Jul 6 00:40:15 CEST 2016 on sn-devel-144
Uri Simchoni [Sun, 3 Jul 2016 19:51:56 +0000 (22:51 +0300)]
s3-libads: fix a memory leak in ads_sasl_spnego_bind()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12006
Signed-off-by: Uri Simchoni <uri@samba.org>
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Amitay Isaacs [Mon, 27 Jun 2016 08:26:34 +0000 (18:26 +1000)]
ctdb-build: Exit if requested feature cannot be built
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Jul 5 14:38:30 CEST 2016 on sn-devel-144
Amitay Isaacs [Mon, 27 Jun 2016 08:17:38 +0000 (18:17 +1000)]
ctdb-daemon: Log ctdb socket in the main daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 27 Jun 2016 08:37:27 +0000 (18:37 +1000)]
ctdb-pmda: CTDB client code does not require ctdb->methods
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 27 Jun 2016 08:00:49 +0000 (18:00 +1000)]
ctdb-daemon: Check if method is initialized before calling
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 27 Jun 2016 07:28:59 +0000 (17:28 +1000)]
ctdb-ib: Include system/wait.h for signal
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>