git.samba.org - samba.git/log

WHATSNEW: reference 'smbclient reparse point symlink parameters reversed' to 'UPGRADING'

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

WHATSNEW: move descriptions of removed features to "REMOVED FEATURES"

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s4:kdc: disable support for CROSS_ORGANIZATION domains

We don't support selective authentication yet,
so we shouldn't silently allow domain wide authentication
for such a trust.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13299

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 28 19:45:13 CET 2018 on sn-devel-144

(cherry picked from commit 31b5328c46c5f510ba234f75688886987276ee9e)

Autobuild-User(v4-8-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-8-test): Thu Mar 1 06:08:56 CET 2018 on sn-devel-144

s4:kdc: only support LSA_TRUST_TYPE_UPLEVEL domains in samba_kdc_trust_message2entry()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13299

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d0a813a173be630c2def93cc55e4514204d265a2)

s4:kdc: make use of dsdb_trust_parse_tdo_info() in samba_kdc_trust_message2entry()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13299

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 274209f5cd4eec2ffe4ffe12bfbb41eb8ed0c9df)

winbindd: disable support for CROSS_ORGANIZATION domains

We don't support selective authentication yet,
so we shouldn't silently allow domain wide authentication
for such a trust.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13299

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit afd97e72090aaf31b084646b5fcecaeb8cde653d)

vfs_fruit: use off_t, not size_t for TM size calculations

size_t is only a 32-bit integer on 32-bit platforms. We must use off_t
for file sizes.

https://bugzilla.samba.org/show_bug.cgi?id=13296

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f9e2cb1369fa9636ff613a4e9c7387151409eafc)

build: fix libceph-common detection

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13277

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Feb 22 19:30:12 CET 2018 on sn-devel-144

(cherry picked from commit 6a59619844e0def505a6bfa778c17721c062e0ee)

WHATSNEW: Explain implications of GUID index change

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

ldb: version 1.3.2

* Expose the SHOW_BINARY, ENABLE_TRACING and DONT_CREATE_DB flag constants
in the python api.
* Extend dn.is_child_of() test.
* Don't load LDB_MODULESDIR as a module file.
* Fix binary data in debug log (bug #13185).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 28 04:54:21 CET 2018 on sn-devel-144

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13306

(cherry picked from commit cb58e188008bf920df88dc0212b9f9bb23263179)

ldb_debug tests: Fix binary data in debug log

Tests to ensure:
    When duplicate objects are added, the GUID was printed in the debug log
    are passed through the escape function.
    And that duplicate DN's do not generate debug log entries.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13185

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb 26 07:29:49 CET 2018 on sn-devel-144

(cherry picked from commit 2a85bcb3f486ae6f473b934bbe920d1733b7f7a4)

ldb_debug: Fix binary data in debug log

When duplicate objects were added, the GUID was printed in the debug log
The GUID was not escaped and therefore displayed as binary content.

This patch splits out the duplicate DN creation error and the duplicate
GIUD error. Duplicate DN's are a normal event and don't require debug
logging.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13185

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from commit c5a14306c82f702f4788faea262c9ec6ade584cb)

ldb tests: fix null test on incorrect variable

Fix up tests that were performing a null check on the wrong variable
after a call to ldb_msg_new

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Feb 24 15:50:35 CET 2018 on sn-devel-144

(cherry picked from commit 1ed693423d7a30c3810ddc1b6f052d376c8cd4e7)

repl_md: avoid returning LDB_SUCCESS on failure

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit bc56913271e9d3a30143ef5a45d32430766d9dc3)

Autobuild-User(v4-8-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-8-test): Tue Feb 27 20:59:28 CET 2018 on sn-devel-144

repl_metadata: Avoid silent skipping an object during DRS (due to RODC rename collisions)

No error code was being set in this case, and so, we would commit the
HWM and UDV without actually having all the updates.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Feb 15 10:18:42 CET 2018 on sn-devel-144

(cherry picked from commit 9952eda7a1923971f77f3183cfa4c505386b30ee)

repl_metadata: Avoid silent skipping an object during DRS (due to RODC name collisions)

No error code was being set in this case, and so, we would commit the
HWM and UDV without actually having all the updates.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 59fa9e7ecf84bd4c2469e9a6835855769c4f6287)

tests/replica_sync_rodc: Test conflict handling on an RODC

There are two cases we are interested in:

1) RODC receives two identical DNs which conflict
2) RODC receives a rename to a DN which already exists

Currently these issues are ignored, but the UDV and HWM are being
updated, leading to objects/updates being skipped.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 45d19167d52e42bd2f9369dbe37a233902cc81b0)

selftest: Add RODC variables to list of those exported

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit e694b8a1b993bf7213b191e1132c5d02e16ab85d)

tests/drs_base: Allow the net drs replicate to try with a single object

This eventually passes down the replicate single object exop.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ff9e63f976ef76f7f70221d4f6276e221ecd167f)

tests/replica_sync: Add some additional replication in setUp

This should avoid some failures due to stale objects.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13269

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 19fcd872ec76afffbc4952266fdfad9a352c4871)

winbind: don't try to do an authenticated SMB connection as AD DC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 23 17:58:23 CET 2018 on sn-devel-144

(cherry picked from commit 06601b3a9293db35feda1b033fa864dc1a764164)

winbind: set_dc_type_and_flags() is not needed on a DC

On a DC we load the trusts in the parent in add_trusted_domains_dc()
from our local configuration. There's no need to find out the trust details
via network calls.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 55c3af89f1b0baecf5e2d6c2646902edd0684aa8)

winbind: make sure we don't contact trusted domains via LDAP as AD DC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 18f27b5385240852e537cd5010cedb09f0bf233d)

winbind: make sure we don't contact trusted domains via SAMR as AD DC

This is not needed for the normal operation of an AD DC.

Administrators should just use other tools instead of
wbinfo to list and query users and groups.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 32a63e3ea985c967ca2aadbcd9e0c60ade2d0367)

winbind: let cm_connect_netlogon_transport() only work against direct trust as AD DC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 532a14dc684e7a6d8c584d5671a4ebbad00aa4fc)

winbind: force the usage of schannel in cm_connect_lsa() as AD DC

This makes sure we only talk to direct trusts.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 3e17a3b7cd4083299037ba9377931bea792b2d18)

s3:smb_macros.h: add IS_AD_DC as addition to IS_DC

In the long run we should remove this again (as well as IS_DC).

But for now this makes some code changes in winbindd easier to
follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13278

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c58f8c3cd84ab18d04bd39ad7d5f53676e092abb)

dsdb/encrypted_secrets: remove dependency to libnettle and use our own aes_gcm_128_*()

We already rely on gnutls in order to implement SSL/TLS, so using that
to speed up crypto like aes gcm 128 is fine, but as we already have
code for that algorithm, we should use that instead of adding a new
dependency to libnettle.

Some (I guess newer versions) of gnutls use nettle internally, so
we may end up using that code, but we should not have a direct dependency.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13276

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 07844a9a13506b4ca9181cfde05d9e4170208f88)

winbind: Use one queue for all domain children

If we have multiple domain children, it's important
that the first idle child takes over the next waiting request.

Before we had the problem that a request could get stuck in the
queue of a busy child, while later requests could get served fine by
other children.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13292

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 23 09:04:23 CET 2018 on sn-devel-144

(cherry picked from commit 7f2d45a6c2a88dd8833fc66d314ec21507dd52c3)

winbind: Maintain a binding handle per domain and always go via wb_domain_request_send()

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13292

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit b518cb0597d269002105644302c58ca8f9f0f717)

winbind: make choose_domain_child() static

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13292

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 5116aff286bdffe4abc9ddda09cf64ab999fd13e)

winbind: add locator_child_handle() and use it instead of child->binding_handle

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13292

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 44ebaaac8933f5fc16a043b8c15a9449746af47b)

winbind: add idmap_child_handle() and use it instead of child->binding_handle

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13292

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit c2d78a0a0a3f9b9ade61cf707f23e59a1a16c61b)

winbind: improve wb_domain_request_send() to use wb_dsgetdcname_send() for a foreign domain

Commit ed3bc614cccec6167c64ac58d78344b6426cd019 got the logic wrong while
trying to implement the logic we had in init_child_connection(),
which was removed by commit d61f3626b79e0523beadff355453145aa7b0195c.

Instead of doing a WINBINDD_GETDCNAME request (which would caused an error
because the implementation was removed in commit
958fdaf5c3ba17969a5110e6b2b08babb9096d7e), we sent the callers request
and interpreted the result as WINBINDD_GETDCNAME response, which
led to an empty dcname variable. As result the domain child
opened a connection to the primary domain in order to lookup
a dc.

If we want to connect the primary domain from the parent via
a domain child of the primary domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13295

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 1f41193e005df37401a28004f0a95d4d73b98ccd)

winbind: use state->{ev,request} in wb_domain_request_send()

This will reduce the diff for the following changes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13295

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 4d804f5f3e65df0e2f646d4f88793cab8e2f32d1)

winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection

domain->dcname was converted from fstring to char * by commit
14bae61ba36814ea5eca7c51cf1cc039e9e6803f.

Luckily this was only ever called with an empty string in
state->request->data.init_conn.dcname.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13294

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit d73e3d451976e692c6c346f98547d7123f7b9006)

winbind: cleanup winbindd_cli_state->pwent_state if winbindd_getpwent_recv() returns an error

A client may skip the explicit endpwent() if getgrent() fails.

This allows client_is_idle() return true in more cases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13293

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit b158d4e4c1c3fee0a8884bc5e8f0c5a5ce49687f)

winbind: cleanup winbindd_cli_state->grent_state if winbindd_getgrent_recv() returns an error

A client may skip the explicit endgrent() if getgrent() fails.

This allows client_is_idle() return true in more cases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13293

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit b7789da8468c3f070727011639d5f74aca76cb59)

winbind: call lp_winbind_enum_{users,groups}() already in set{pw,gr}ent()

This way we don't keep winbindd_cli_state->{pw,gr}ent_state arround forever,
if the client forgets an explicit end{pw,gr}ent().

This allows client_is_idle() return true in more cases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13293

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 6548b82b5c1ed30ce14e17e4ba9d4bc24ab49c42)

winbind: protect a pending wb_child_request against a talloc_free()

If the (winbind) client gave up we call TALLOC_FREE(state->mem_ctx)
in remove_client(). This triggers a recursive talloc_free() for all
in flight requests.

In order to maintain the winbindd parent-child protocol, we need
to keep the orphaned wb_simple_trans request until the parent
got the response from the child.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13290

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 43af57d8728883c5ddbe169e1483181246fb68a8)

winbind: use tevent_queue_wait_send/recv in wb_child_request_*()

We need a way to keep the child->queue blocked without relying on
the current 'req' (wb_child_request_state).

The next commit will make use of this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13290

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit d29dda141e08af42c535e8718226f95c45aadab8)

winbind: Improve child selection

This improves the situation when a client request blocks a winbind
child. This might be a slow samlogon or lookupnames to a domain that's
far away. With random selection of the child for new request coming in
we could end up with a long queue when other, non-blocked children
could serve those new requests. Choose the shortest queue.

This is an immediate and simple fix. Step two will be to have a
per-domain and not a per-child queue. Right now we're pre-selecting
the check-out queue at Fry's randomly without looking at the queue
length. With this change we're picking the shortest queue. The better
change will be what Fry's really does: One central queue and red/green
lights on the busy/free checkout counters.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13290

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Feb 12 19:51:35 CET 2018 on sn-devel-144

(cherry picked from commit b4384b7f0ecf3b47dd60acaf77636b679e3adc05)

tevent: version 0.9.36

* improve documentation of tevent_queue_add_optimize_empty()
* add tevent_queue_entry_untrigger()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13291

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit f00c7cf9f5f325de0b754b127fcc0f07bea2d825)

tevent: add tevent_queue_entry_untrigger()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13291

Pair-Programmed-With: Volker Lendecke <vl@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 5c6f31697a8edb03d36eece5c79581b952743b5b)

tevent: improve documentation of tevent_queue_add_optimize_empty()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13291

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 88d6703b89f9a7f847b6ec47d97569432927dcff)

s4:auth_sam: allow logons with an empty domain name

It turns out that an empty domain name maps to the local SAM.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 23 04:08:26 CET 2018 on sn-devel-144

(cherry picked from commit 57762229da971e837b923f09ca01bad6151f9419)

tests/bind.py: Add a bind test with NTLMSSP with no domain

Confirmed to pass against Windows 2012 R2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 2e49a97777ebf5bffbeadca03517b4a21bca24c0)

tests/py_creds: Add a SamLogonEx test with an empty string domain

This test passes against 4.6, but failed against 4.7.5 and master.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 5c625eae3f54e8de434de26e9f6a0f2fde557c18)

s3:cliconnect.c: remove useless ';'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit e039e9b0d2a16b21ace019b028e5c8244486b8a3)

s3:libsmb: allow -U"\\administrator" to work

cli_credentials_get_principal() returns NULL in that case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 0786a65cabb92a812cf1c692d0d26914f74a6f87)

s4:rpc_server: fix call_id truncation in dcesrv_find_fragmented_call()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13289

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Feb 21 19:02:56 CET 2018 on sn-devel-144

(cherry picked from commit 5d113f80944f2e1d2a7e80f73aea7a4cfdfbd140)

tests:dcerpc/raw_protocol: reproduce call_id truncation bug

We need to make sure the server handles call_id values > UINT16_MAX.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13289

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 65e8edb382fbc7450919aad8b42cfcae9e779d11)

s4:rpc_server/lsa: implement forwarding lsa_Lookup{Sids,Names}() requests to winbindd

This might not be perfect yet, but it's enough to allow names from trusted
forests/domain to be resolved, which is very important for samba based
domain members.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e9d5b8b6b41155a8a043275ae497bdb87044d476)

winbindd: implement wb_irpc_lsa_{LookupNames4,LookupSids3}()

This will be used by the LSA Server on an AD DC to request remote views
from trusts.

In future we should implement wb_lookupnames_send/recv similar to
wb_lookupsids_send/recv, but for now using wb_lookupname_send/recv in a loop
works as a first step.

We also need to make use of req->in.level and req->in.client_revision
once we want to support more than one domain within our own forest.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 3ffebee3de4aa313027779bc98cb6326fa17be85)

s4:rpc_server/lsa: rewrite lookup sids/names code to honor the given lookup level

[MS-LSAT] 2.2.16 LSAP_LOOKUP_LEVEL defines the which views each level should
consult.

Up to now we support some wellknown sids, the builtin domain and our
account domain, but all levels query all views.

This commit implements 3 views (predefined, builtin, account domain)
+ a dummy winbind view (which will later be used to implement the
gc, forest and trust views)..

Depending on the level we select the required views.

This might not be perfect in all details, but it's enough
to pass all existing tests, which already revealed bugs
during the development of this patch.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 3801c417db5891ee4a45b09e8841d8f1ff4500f9)

test_trust_ntlm.sh: add lookup name tests

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 475a761637bbcc93edbe8d83fc13037e1087941a)

libcli/security: add dom_sid_lookup_predefined_{sid,name}()

This basically implements [MS-LSAT] 3.1.1.1.1 Predefined Translation Database
and Corresponding View.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d7780c66866144eba59408c03af50256825165ba)

s4:dsdb: add dsdb_trust_domain_by_{sid,name}()

This gets the lsa_ForestTrustDomainInfo for the searched
domain as well as the lsa_TrustDomainInfoInfoEx for the
direct trust (which might be the same for external trust or
the forest root domain).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e9ace1852ff88ebb7778e8db9a49bc5c61512d16)

s4:rpc_server/lsa: prepare dcesrv_lsa_LookupNames* for async processing

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 9b6a0b1a63f2ebfbd578047401dfbe38606c8c44)

s4:rpc_server/lsa: prepare dcesrv_lsa_LookupSids* for async processing

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ab7988aa2fd1a43f576a4b73a6893c61c7ef1957)

s4:rpc_server/lsa: base dcesrv_lsa_LookupNames2() on dcesrv_lsa_LookupNames_common()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e6c9984bd563525dc312b67fe69ea7e4be04ee4e)

s4:rpc_server/lsa: base dcesrv_lsa_LookupNames() on dcesrv_lsa_LookupNames_common()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 37cb34d16406d27831be74e952ee744e58b79fb4)

s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupNames2()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ec55c18ceda5c430eaec97c5d7e594941e3a31fc)

s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupSids2()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c78c17dc2fbaf523d1957bb748aa75ecd81e793b)

s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupSids_common()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c0f6103ddea9a825f0f0dcf169e70a5f6a55c2e2)

s4:rpc_server/lsa: simplify [ref] pointer handling in dcesrv_lsa_LookupNames()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 7c1c9bf53ffc24a25038326767e33f008c7a5552)

s4:rpc_server/lsa: simplify [ref] pointer handling in dcesrv_lsa_LookupSids()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 5d868fd875803e361653ccca4e61c5c25dc114aa)

s4:rpc_server/lsa: remove unused 'status' variable in dcesrv_lsa_LookupSids_common()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e8a0223633fd2e6ebb3d864570b76932bc3e293a)

s4:rpc_server/lsa: make sure dcesrv_lsa_LookupNames2() gets prepared [ref] pointers

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit fe43dd8678e4f598e0ae802e3d93ad9b28988783)

s4:rpc_server/lsa: expect prepared [ref] pointers in dcesrv_lsa_LookupNames_common()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 3339a1c57266181570d5ca5e389719951f26b41d)

s4:rpc_server/lsa: make sure dcesrv_lsa_LookupSids_common() gets prepared [ref] pointers

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f6e60d2c2e1f0a4eb6426c7da683abaa11babd05)

s4:rpc_server/lsa: use LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES/LSA_CLIENT_REVISION_1 in compat code

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 3909f8fcfe6b82575ad8974acacde3270ce849fe)

rpcclient: add lookupsids_level command

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 76868818e8b98a0cd4881d319e0735de5091b8b1)

rpcclient: fix variable initialisation and add parenthesis to if clauses

Just a few README.Coding fixes.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 9ccc6eef145c1f67e24cbb1c21402714f612c607)

provision: fix the 'dnsdomain' for the local sam of a domain member

A member has a local AD database, which should not use the 'dnsdomain'
as the one on domain controllers.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13285

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b02de5ad3e04babe1565868c69422cfc778458d9)

traffic_packets.py: let Lookup{Sids,Names}() work against a sane server

In order to resolve predefined sids or names we need to use
level = LSA_LOOKUP_NAMES_ALL (1).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13284

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 1a258b6b0f667ec077639a7cfe826e5e25f46768)

nsswitch: fix double free errors in nsstest.c

We need to zero out static pointers on free.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13283

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit da784305e7b306664b79d30a734d45582f5bf4dd)

s4:torture: zero initialize variables in test_LookupSidsReply()

This avoids crashes if the server returns unexpected results. The test
should just report the failure in that case.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13282

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 7b86b94c71268cdab434ced74caedcdd5eb20e12)

winbindd: make use of talloc_zero_array() in wb_lookupsids*()

It just feels better for such a complex function.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13281

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c376ab29d1d9f4b06fbb3a713029d79ecac80b59)

s3:cli_lsarpc: use talloc_zero_array() in dcerpc_lsa_lookup_names_generic()

It just feels better for such a complex function.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13281

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 569c910b950df24b22777c545fe9f6427a19b035)

s3:cli_lsarpc: use talloc_zero_array() in dcerpc_lsa_lookup_sids_generic()

It just feels better for such a complex function.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13281

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5cae7da1de302b38ee0059590b1e93a3d60ee42c)

winbindd: initialize type = SID_NAME_UNKNOWN in wb_lookupsids_single_done()

We check for !NT_STATUS_LOOKUP_ERR(), but wb_lookupsid_recv()
only initializes the results together with NT_STATUS_OK.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13280

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b5ffa0e21f74fa0c452df38cf50e542eb278562d)

winbindd: don't split the rid for SID_NAME_DOMAIN sids in wb_lookupsids

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13279

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 17c48f26dea5701feed1c24769348f332695391c)

vfs_fileid: Fix the 32-bit build

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13305

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c6999a248ad78f75cbfcc0f461298021b20905b4)

mit-kdb: support MIT Kerberos 1.16 KDB API changes

MIT Kerberos 1.16 adds ability to audit local and remote addresses
during AS_REQ processing. As result, audit_as_req callback signature
was changed to include the addresses and KDB API version was increased.

Change mit-kdb code to properly expose audit_as_req signature KDC
expects in 1.16 version. Also update #ifdefs to account for the new
KDB API version.

This commit does not add actual audit of the local and remote IP
addresses, it only makes it possible to compile against MIT Kerberos
1.16.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13304

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jan 19 01:36:22 CET 2018 on sn-devel-144

(cherry picked from commit 7c1c8c68174ed484fe86a0d9e429daad3a47a57d)

vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13297

Pair-Programmed-With: Anoop C S <anoopcs@redhat.com>
Signed-off-by: Poornima G <pgurusid@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Feb 26 20:17:50 CET 2018 on sn-devel-144

(cherry picked from commit 46e6626f73f42c84f254507c3ec2b591e2e732ba)

vfs_glusterfs: Add fallocate support for vfs_glusterfs

Adds fallocate support to the vfs glusterfs plugin.

v2: Add check for glusterfs-api version.
RHBZ: 1478875

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13303

Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 17 06:09:29 CET 2018 on sn-devel-144

(cherry picked from commit 0edce86e97a49f4bd79f4431015ac2b788105e46)

subnet: Avoid a segfault when renaming subnet objects

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13031

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-8-test): Tue Feb 20 17:54:43 CET 2018 on sn-devel-144

ctdb-tests: Set test timeout to an hour

The current 10 minute timeout is causing autobuild failures in some
environments.

This timeout is simply meant to stop a test run from hanging
indefinitely due to a broken test. A 1 hour timeout is better than no
timeout.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 8 04:42:56 CET 2018 on sn-devel-144

(cherry picked from commit a3485c41b826e307b31a1113abcea9843ca78540)

The last 6 patches address https://bugzilla.samba.org/show_bug.cgi?id=13265

Autobuild-User(v4-8-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-8-test): Mon Feb 12 15:54:28 CET 2018 on sn-devel-144

ctdb-tests: Fix a typo

This typo causes the script to be run with the default shell.  If this
is not bash then the shell will fail to parse integration.bash.

This is a regression caused by commit
c607989d91b64d837253aae794b1a3d6013eb3e0.  Clearly nobody has run this
test on Debian for a long time.  :-(

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Jan 24 10:28:52 CET 2018 on sn-devel-144

(cherry picked from commit 8b82d10856160d3b3f172bf7d45ac561002dbcac)

ctdb-tests: Add a UNIT pseudo-test-suite

This runs all of the unit tests.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 50150d75814de6a1e2cb28fb7af72caa31d73e3c)

ctdb-tests: Only use socket-wrapper for simple, local daemon tests

The run_tests.sh -S option now takes the path to the socker-wrapper
shared library.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit e17d02d4039001563d189b33200c30e3906ce845)

ctdb-tests: Add timeout for individual tests, default is 10 minutes

This will cause a hung test to time out and fail rather than letting a
test run hang indefinitely. Some tests can take 5 minutes to run, so
10 minutes should be plenty.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit da3aaf972ab5b339b51ba1e802329b69885ccfe4)

ctdb-tests: Avoid race condition in sock_daemon test 5

This test fails when it takes more than 10s to run. This can occur
when the system is loaded and socket-wrapper is used.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 33c0f5599d93a34619c8f37945f79a6e399a1b5e)

selftest: fix envvars for creation of default user in wait_for_start

Resolves failure of ad_member to start up under ad_dc (if
the user is determined to be needed).

Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13225

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Jan 16 07:12:01 CET 2018 on sn-devel-144

(cherry picked from commit 7a3f97f2662c6197913aeb50e5e3c0c09ff8307f)