1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

32884 Commits

Author SHA1 Message Date
Andreas Schneider
7bac35e7fd librpc: Check for negative return value of socket_get_fd()
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-22 19:25:20 +02:00
Richard Sharpe
af08cb2eee source4/scripting: add an option to samba_dnsupdate to add ns records.
Add a --add-ns option to samba_dnsupdate and use that, but only when --use-file has been specified, to add an NS record to the file produced.

This allows us to make progress in the self tests and is an interim fix.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Rowland Penny <repenny241155@gmail.com>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 21 00:51:02 CEST 2016 on sn-devel-144
2016-06-21 00:51:01 +02:00
Martin Schwenke
92cfd1e9b8 torture: Add tests for trim_string()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-06-20 00:47:30 +02:00
Andreas Schneider
3de3f643a8 s4-kdc: Move KDC packet handling functions to kdc-server.c
Create an Kerberos implmentation independent KDC-SERVER subsystem so we
can use it to implement a kpasswd server with MIT Kerberos in future.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Jun 19 03:31:32 CEST 2016 on sn-devel-144
2016-06-19 03:31:32 +02:00
Andreas Schneider
3da8932e4c s4-kdc: Create a kdc-proxy.h header file
This makes the it Kerberos implmentation independent.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-18 23:32:27 +02:00
Andreas Schneider
379ed08754 s4-kdc: Rename proxy-heimdal.c to kdc-proxy.c
The plan is to have a KDC-SERVER subsystem later.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-18 23:32:26 +02:00
Andreas Schneider
dc350a349a s4-kdc: Move KDC socket structs to krb5-server.h
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-18 23:32:26 +02:00
Andreas Schneider
f110662310 s4-kdc: Move kdc_process_fn_t declaration to kdc-server.h
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-18 23:32:26 +02:00
Andreas Schneider
13661b6fb0 s4-kdc: Move definitions to kdc-server.h
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-18 23:32:26 +02:00
Andreas Schneider
cafd2d365a s4-kdc: Use better and simpler names for the kdc_process_ret enum
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-18 23:32:26 +02:00
Andreas Schneider
0314796113 s4-kdc: Put the heimdal kdc config into a private data pointer
This allows us to make the struct general useable.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-18 23:32:26 +02:00
Andreas Schneider
5ddfe5ecd3 s4-kdc: Use smb_krb5_mk_error() in kpasswd implementation
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-18 23:32:26 +02:00
Andreas Schneider
c5a02e81ea s4-kdc: Use smb_krb5_mk_error() in kdc implemenation
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-18 23:32:26 +02:00
Andreas Schneider
de88bfc770 s4-kdc: Rename heimdal KDC files
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-18 23:32:26 +02:00
Jeremy Allison
747de99fcd s4: torture: Added raw readX test to ensure 'reserved' fields are zero.
Passes against Win2k12+, and smbd with the previous patch.

https://bugzilla.samba.org/show_bug.cgi?id=11845

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Sat Jun 18 19:32:22 CEST 2016 on sn-devel-144
2016-06-18 19:32:22 +02:00
Jeremy Allison
e639cf1040 s4: libcli: Internal SMB1 pid is already stored as and uses 32-bits. Correct getpid() cast.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-06-18 15:32:17 +02:00
Andrew Bartlett
a896a92444 repl: Avoid excessive stack use and instead sort the links in the heap
The two large stack-based arrays would overflow the stack, this avoids
a duplicate of the struct drsuapi_DsReplicaLinkedAttribute array

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-17 14:13:19 +02:00
Garming Sam
8dc3110a5f getncchanges: Match Windows on linked attribute sort
The order of linked attributes depends on comparison of the NDR packed
GUIDs (not its struct GUID form).

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
2016-06-17 14:13:18 +02:00
Garming Sam
570237f0f3 getncchanges: sort with precalculated target guid array
This avoids reparsing the linked attribute and schema refetching.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
2016-06-17 14:13:18 +02:00
Garming Sam
2ce9f249bb getncchanges: remove some whitespace
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
2016-06-17 14:13:18 +02:00
Garming Sam
2bb8e183fd tests/drs: change sort order in tests to match Windows
Although we attempted to sort by GUID based on DRSR, it is actually
sorted by the ndr packed GUID.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
2016-06-17 14:13:18 +02:00
Garming Sam
4de5e7da9c tests/drs: assert sorted identifier GUIDs across getncchanges
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
2016-06-17 14:13:18 +02:00
Garming Sam
3f0be46b91 tests/drs: make cleanup more robust
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
2016-06-17 14:13:18 +02:00
Garming Sam
ed6a423232 tests/drs: extend getnc_exop test to check linked attributes
Assert that linked attributes propagate across DRS and come in a
particular sorted order.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
2016-06-17 14:13:18 +02:00
Jeremy Allison
c3dfeb3aa6 s4: dns: Correctly check for talloc failure.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jun 16 16:55:15 CEST 2016 on sn-devel-144
2016-06-16 16:55:15 +02:00
Andrew Bartlett
7f651d344b selftest: Remove print attribute from getnc_exop test
This otherwise fills the logs with every object

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:14 +02:00
Garming Sam
9394e14626 dns_server: Fix typo in dns_authoritative_for_zone() name.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-16 04:40:14 +02:00
Andrew Bartlett
f67a3c2eb9 selftest: confirm samba_dnsupdate works in both nsupdate and samba_tool mode
This can be extended, but already checks the basic functionality

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:14 +02:00
Andrew Bartlett
ba22d29144 selftest: Always set up a resolv.conf and use it in samba_dnsupdate
This allows samba_dnsupdate to be tested without resolv_wrapper.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:14 +02:00
Andrew Bartlett
26b475fb32 samba_dnsupdate: Give the administrator more detail when DNS lookups fail
This avoids treating server errors identically to name-not-present status values

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:14 +02:00
Andrew Bartlett
8f1659e540 samba_dnsupdate: Implement RPC <ZONE> prefix in dns_update_list
This allows us to update the stub records as well as the zone itself.

Based on a proposed syntax by metze.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:14 +02:00
Andrew Bartlett
b1ab37ec5b samba_dnsupdate: Simplify logic and add more verbose debugging
By reducing the intendation this code is a little clearer

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:13 +02:00
Andrew Bartlett
72d5fa79a0 samba_dnsupdate: Allow admin to force a particular IP into samba_dnsupdate
This should help in deployements beyind NAT.

It will also help in testing.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:13 +02:00
Andrew Bartlett
e3822497c8 dns_update_list: Add in NS records
This is as suggested by metze in 4383ec5b83

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:13 +02:00
Andrew Bartlett
c9aefa93c1 samba_dnsupdate: Add a mode that calls samba-tool dns, rather than nsupdate
This mode is more likely to work when we change hostname or IP

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:13 +02:00
Andreas Schneider
789ec34007 samba_dnsupdate: Work around a bug in nsupdate
The doio_send() function of bind fails on a short write with sendmsg().

See https://bugzilla.redhat.com/show_bug.cgi?id=1250921

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-16 04:40:13 +02:00
Garming Sam
de2e955e3e samba_dnsupdate: Fix typo in -no-substitutions name
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-06-16 04:40:13 +02:00
Garming Sam
4b16cbda46 tests/drs: cleanup some whitespace
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
2016-06-16 04:40:13 +02:00
Andrew Bartlett
7748f68047 selftest: Check a user with only primaryGroupID is correct in samr.GetUserGroups() reply
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:13 +02:00
Andrew Bartlett
57e6b80d35 selftest: Test that primaryGroupID is first in samr.GetUserGroups() reply
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:13 +02:00
Andrew Bartlett
f2f6db869d selftest: Add alias membership to the tokengroups test
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:13 +02:00
Andrew Bartlett
1a5f0c7a7f s4-samr: Rework GetGroupsForUser to use memberOf
By reading the SID values from the memberOf links, we avoid an un-indexed search on
the member attribute.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:13 +02:00
Andrew Bartlett
d660e66a4a s4-libcli/raw: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:13 +02:00
Andrew Bartlett
8d70553b72 s4-kcc: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:13 +02:00
Andrew Bartlett
afcb2b8d31 selftest: Expand tokenGroups test to also compare with samr.GetGroupsForUser
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:12 +02:00
Andrew Bartlett
533ded5ac6 selftest: Expand tokenGroups test to also build nested groups
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:12 +02:00
Andrew Bartlett
20eb605fee s4-samr: Fix samr.QueryUserInfo level 1 primary group
Because of this typo, the primary group ID was returned as 0

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:12 +02:00
Andrew Bartlett
215c20b94b samba-tool domain join: Refuse to re-join a DC with a still-valid password
While the DC will eventually get back to the same state, it can take a
while, so try harder not to overwrite our already-working account

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:12 +02:00
Andrew Bartlett
2d79b61731 samba-tool: Improve fsmo handling
This makes a clear seperation between data and display variables
and improves the tests.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:12 +02:00
Andrew Bartlett
9173f2027c selftest: Rebase DrsBaseTestCase on SambaToolCmdTest
This then makes SambaToolCmdTest based on BlackboxTestCase.

This allows us to use better command output testing in the fsmo tests

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:12 +02:00
Ralph Boehme
721b21bb80 selftest: add test for DNS updates with TKEY/TSIG
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Jun 16 04:07:41 CEST 2016 on sn-devel-144
2016-06-16 04:07:41 +02:00
Ralph Boehme
88700e7d89 s4/dns_server: enable sending of TSIG error records
This final patch enables sending TSIG error records by adding
DNS_RCODE_NOTAUTH to the set of error conditions that are allowed to
trigger sending a full generated response.

See RFC 2845 "4.5.1. KEY check and error handling" and "4.5.3. MAC check
and error handling".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 00:06:28 +02:00
Ralph Boehme
ba683d459e s4/dns_server: prepare sending correct error responses for dns_verify_tsig() errors
Call dns_verify_tsig() after updating state.flags and assign and use
out_packet for dns_verify_tsig().

We will need the updated flags when sending TSIG error responses when
TSIG request MAC verification fails and dns_verify_tsig() uses the
passed in packet as response, so we have to make sure we copy in_packet
to out_packet before calling out and pass out_packet.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 00:06:28 +02:00
Ralph Boehme
8f46bf2102 s4/dns_server: don't compute TSIG MAC in TSIG error records
See RFC 2845 "4.3. TSIG on TSIG Error returns".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 00:06:28 +02:00
Ralph Boehme
8b4a2dcf38 s4/dns_server: error codes for failing MAC verification in TSIG requests
According to RFC 2845 "4.5.3. MAC check and error handling" we must
return NOTAUTH and DNS_RCODE_BADSIG when MAC verification fails.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 00:06:27 +02:00
Ralph Boehme
77c5bfdce4 s4/dns_server: ensure we store the key name in error code paths
We need the TKEY name when adding TSIG records to error responses.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 00:06:27 +02:00
Ralph Boehme
c1fca8fa39 s4/dns_server: not finding the key here is a fatal error
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 00:06:27 +02:00
Ralph Boehme
830316ce84 s4/dns_server: split out function that does the MAC computation
Split out function that does the MAC computation from the TSIG record
creating function. This will later simplify the code when creating error
responsed to TSIG requests with bad MACs where we have to add the TSIG
record with an empty MAC.

No functional behaviour change besides hard coding "gss-tsig" algorithm
name: later when sending a TSIG error response for a TKEY request with a
bad keyname, we won't have a tkey to fetch the algorithm name from.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 00:06:27 +02:00
Ralph Boehme
8ed125e8bb s4/dns_server: include request MAC in TSIG response MAC calculation
According to RFC 2845 "4.2 TSIG on Answers", when the request is signed,
the request MAC must be included in the response MAC calculation.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 00:06:27 +02:00
Ralph Boehme
bea4aec521 librpc/dns: remove original_id from dns_fake_tsig_rec
Cf RFC2845, 3.4.2. "TSIG Variables", the request id (original_id) is not
used in the MAC calculation. This also explains the mysterious 2 bytes
padding.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 00:06:27 +02:00
Volker Lendecke
f5e95af59b rpc_server: Fix CID 1362565 Improper use of negative value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-06-07 14:34:11 +02:00
Andrew Bartlett
1a87c9b599 repl: Avoid use-after-free when working with the working_schema
The original schema must live as long as the working_schema
as the working_schema starts as a shallow-copy of schema.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11953

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun  7 14:33:39 CEST 2016 on sn-devel-144
2016-06-07 14:33:38 +02:00
Andrew Bartlett
c4afb1d3bd selftest: Add a reverse variation to ReplicateMoveObject3
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Samba <garming@catalyst.net.nz>
2016-06-07 10:28:11 +02:00
Andrew Bartlett
889f33d47f selftest: Assert replPropertyMetaData values before and after replication
This covers renames, addition of attributes, and the delete.

We also confirm the results via DRS.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-07 10:28:11 +02:00
Andrew Bartlett
374a01119d dsdb: Fix rename and RDN handling for replPropertyMetaData
This matches Windows 2012R2, which both has the RDN not sorted last and has it updated with the local
invocation_id and a local version.

The RDN attribute, unlike name, is not replicated over DRS, so the impact for interopability extends only to
the incorrect RDN values that we were finding with dbcheck (values that did not match the name values).

Finally, we always force the RDN to match the name attribute, which avoids issues
in dbcheck where these diverge.  As such, we can finally remove dbcheck as a
flapping test, last re-added in e4bab3a828

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-07 10:28:10 +02:00
Andrew Bartlett
a8430d15a5 dsdb: Fix incorrect sorting of replPropertyMetaData with RDN last
Per tests against Windows 2012R2 the RDN is not sorted last and is
instead sorted normally with all the other elements.

The RDN attribute, unlike name, is not replicated over DRS, so this
has no interopability impact.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
2016-06-07 10:28:10 +02:00
Andrew Bartlett
225cef9851 dsdb: Show initial replicated modify as well as resolved modify in repl_meta_data
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
2016-06-07 10:28:10 +02:00
Andrew Bartlett
9dcc62eb78 selftest: Add more tests to cover attribute changes vs DN renames
This covers a bug where unrelated attribute changes would reverse a rename

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
2016-06-07 10:28:10 +02:00
Andrew Bartlett
5fee4aa907 dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_apply_search_callback()
This is the primary handler for renames

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
2016-06-07 10:28:10 +02:00
Andrew Bartlett
f0aa1d8b80 dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_apply_merge()
This is the main handler for attribute conflicts

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
2016-06-07 10:28:10 +02:00
Andrew Bartlett
b28d8d4278 dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_handle_rename()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-07 10:28:10 +02:00
Andrew Bartlett
dae543e04e dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_op_possible_conflict_callback()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-07 10:28:10 +02:00
Andrew Bartlett
f709261c73 dsdb: Add new helper function replmd_replPropertyMetaData1_new_should_be_taken()
This will allow the test for "name" and the actual DN to be consistent,
and so avoids dbcheck errors when CN and name do not match the DN

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
2016-06-07 10:28:10 +02:00
Andrew Bartlett
8f1557a2c4 selftest: Run the krb5.kdc test on a more selective basis
The previous tests would take 20mins, the new set of tests take around 7 mins and still cover
the important combinations, given that it is the same KDC code in each environment

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-07 10:28:10 +02:00
Andrew Bartlett
ae3d0fecd6 selftest: Add tests to show that we can not create duplicate schema entries
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun  6 20:32:54 CEST 2016 on sn-devel-144
2016-06-06 20:32:54 +02:00
Andrew Bartlett
8f93bfc75c samldb: Make checks for schema attributes much more strict
This avoids corrupting Samba when invalid schema is imported

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2016-06-06 16:36:23 +02:00
Andrew Bartlett
cccd20ff55 Remove the try/catch from urgent_replication.py
This meant that for ages, the duplicate OID was unnoticed, and when the syntax
was corrected recently, this caused the test to run, and so cause trouble

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
2016-06-06 16:36:23 +02:00
Andrew Bartlett
f7eb865cd9 selftest: Assert that name, the RDN attribute and actual RDN are in sync
This allows us to catch such errors here, rather than just on dbcheck later

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
2016-06-06 16:36:23 +02:00
Andrew Bartlett
39ac5ad90f selftest: Add another test case to replica_sync test
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
2016-06-06 16:36:23 +02:00
Andrew Bartlett
4271692d86 repl: Do not report all replication failures at level 0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 16:36:23 +02:00
Andrew Bartlett
ca37c7146c selftest/drs: Show we return the correct 3 objects for DRSUAPI_EXOP_FSMO_RID_ALLOC
This does not depend on DRSUAPI_DRS_GET_ANC.

This test is not new, but it was not previously being run.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 16:36:23 +02:00
Andrew Bartlett
c5ed894006 selftest: initial version of new repl_move test
This tests complex rename and modify combinations in a way that
demonstrated a number of replication failures, due to incorrect
handling in Samba when the parent of the record changes.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
2016-06-06 16:36:23 +02:00
Andrew Bartlett
9aa2d44462 dsdb: Give the objectGUID ahead of LDIF dump of replicated changes
This can help isolate which object this is when the object is involved
in a rename.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 16:36:23 +02:00
Andrew Bartlett
90581b2613 dsdb: Simplify replmd_op_possible_conflict_callback behaviour
The previous behaviour of this code was to overwrite the req->callback of the original, failed request.

This is a problem for many reasons - including that ldb_module_done() may already have been
called on that pointer.

The correct pattern is to create a new request, and to call ldb_module_done() on the parent
request (the one in ar->req) not in this one, in the error case.

We use the passed in new callback either as the callback to call on success, or
as the callback to the ADD request.  We overwrite it with replmd_op_name_modify_callback
in the rename remote case, as before, but no longer modify req->callback as
this will not be used again.

This is less tricky and a little simpler to follow, as we also remove the
now unused handling for RENAME, which is in a separate routine now

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 16:36:23 +02:00
Andrew Bartlett
8938f384b7 dsdb: Split rename case out of replmd_op_possible_conflict_callback
This avoids running this code path, originally written for the add case, in
a semi-async manner in the rename case, which caused both bugs and complexity.

This does create a deal of duplicated code, but it is easier to follow because
there are no longer special cases for ADD and RENAME in the "common" code and
the behaviour of ldb_module_done() and the callbacks is well defined and expected

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
2016-06-06 16:36:23 +02:00
Andrew Bartlett
e1dcd45d9e repl_meta_data: Give more information on replication rename behaviour
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 16:36:22 +02:00
Andrew Bartlett
7773116f90 repl_meta_data: Fail to replicate over local objects not NC_HEAD with a all-zero parentGUID
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 16:36:22 +02:00
Andrew Bartlett
fb9f5264ef dsdb: Give more errors in operational module when building the parentGUID
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 16:36:22 +02:00
Andrew Bartlett
1e21a5ad61 dsdb: Clearly fail to replicate objects not NC_HEAD with a all-zero parentGUID
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 16:36:22 +02:00
Andrew Bartlett
449271defc repl: Enforce that we have parent objects for all replicated objects
The creating of replicated objects without their parent object allows database corruption as they can end up under
the wrong object.  We need to re-try the replication with the DRSUAPI_DRS_GET_ANC flag
set to get the objects in tree order.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 16:36:22 +02:00
Andrew Bartlett
2d67128814 dsdb: Move operational below repl_meta_data so we can query parentGUID
This avoids re-adding the same code in repl_meta_data or making a shared subroutine

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
2016-06-06 16:36:22 +02:00
Andrew Bartlett
4d26210806 dsdb: Cache our local invocation_id at the start of each request
This avoids fetching it over and over again

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun  6 12:25:14 CEST 2016 on sn-devel-144
2016-06-06 12:25:14 +02:00
Andrew Bartlett
ee80da56b9 repl: Retry replication of the schema on WERR_DS_DRA_SCHEMA_MISMATCH
This makes us replicate the schema, and then go back to what we asked to replicate
originally, when the schema changes.  This should make the replication much more
robust after schema changes

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 08:50:09 +02:00
Andrew Bartlett
db15993401 dbcheck: Find and fix a missing Deleted Objects container
Older Samba versions could delete this.  This patch tries very hard
to put back the original object, with the original GUID, so that
if another replica has the correct container, that we just merge
rather than conflict.

The existing "wrong dn" check can then put any deleted objects
under this container correctly.

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 08:50:09 +02:00
Andrew Bartlett
0f28c96d88 repl: Remove duplicated delete of sAMAccountType
This causes the version number in replPropertyMetaData to be
incorrectly bumped twice, because it is implied by not being in the
list of attributes to be preserved.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 08:50:09 +02:00
Andrew Bartlett
de8fb1f1ed dsdb: Allow "cn" to be missing on schema import
This avoids a segfault when we remove the duplication of this value from dsdb_convert_object_ex()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 08:50:09 +02:00
Andrew Bartlett
c6ed444ac7 selftest: Make replica_sync test pass against Windows 2012R2
The tests that invoke --local will not pass, naturally, but otherwise it works

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 08:50:09 +02:00
Andrew Bartlett
ca2e038aa5 samba-tool domain join: Set drsuapi.DRSUAPI_DRS_GET_ANC during initial repl
This is needed so that we get parents before children.

We need this to ensure that we always know the correct parent for a
new child object, rather than just trusting the DN string

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 08:50:09 +02:00
Andrew Bartlett
d103aabcf5 dsdb: Only search the provided partition for the object GUID
We know which NC this is in, so save searching all the backends.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 08:50:09 +02:00
Andrew Bartlett
65a35acbf3 repl: Pass in the full partition DN to dsdb_replicated_objects_convert()
When we were processing an EXOP, we would pass in a DN specific to that
operation, but this stopped repl_meta_data from finding the parent object

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 08:50:09 +02:00
Andrew Bartlett
5967852aa0 repl: Allow GetNCChanges DRSUAPI_EXOP_REPL_OBJ to succeed against a deleted object
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-06 08:50:09 +02:00
Andrew Bartlett
21b4f67acd dsdb: Remove incorrect RDN attid check in replmd_replPropertyMetaDataCtr1_verify
On windows, the RDN is not sorted last.  Additionally, the check should have been
against dsdb_attribute_get_attid(), not just ->attributeID_id

By including this in earlier versions of Samba, we allow a backport of Samba
databases from Samba 4.5, where this will be sorted in the same way
as Windows 2012R2.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11842
2016-06-06 08:50:08 +02:00
Andrew Bartlett
5c6a97769c selftest: Use random OIDs from under the Samba OID arc
The urgent_replication.py test used the OID of uid, and this caused
other tests to fail

The other random OIDs should have been from under our arc, not under
iso.member-body.us

We split up the range a little to avoid some of the birthday paradox,
in the tests that create multiple OIDs.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
2016-06-06 08:50:08 +02:00
Bob Campbell
82a10942d4 samba_spnupdate: do not interpret failure count as unix error code
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Jun  3 11:02:26 CEST 2016 on sn-devel-144
2016-06-03 11:02:26 +02:00
Bob Campbell
5c008e0216 samba_dnsupdate: do not interpret failure count as unix error code
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-06-03 07:27:22 +02:00
Andrew Bartlett
0b4c741b9c build: Build less of Samba when building --without-ntvfs-fileserver
We would build, but not use, many components of the NTVFS file server
even when we asked not to.  They would then consume disk, but not be
of any use

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-02 16:36:15 +02:00
Andrew Bartlett
90665713ab repl: Do not consider userPassword differences to matter in rpc.dssync
userPassword is also not shown over LDAP

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-02 16:36:15 +02:00
Andrew Bartlett
b816ca3e0f torture: Only walk over objects actually converted in drs.dssync
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-02 16:36:15 +02:00
Andrew Bartlett
2679bdc45b dsdb: Improve syntax clarity
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-02 16:36:15 +02:00
Andrew Bartlett
5fe59f3e63 dsdb: Use DRSUAPI_ATTID_isDeleted constant in repl_meta_data
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-02 16:36:15 +02:00
Andreas Schneider
4aab5ba2ce mit_samba: Allow to use SPNs for AS-REQ
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Jun  2 16:35:35 CEST 2016 on sn-devel-144
2016-06-02 16:35:35 +02:00
Andreas Schneider
8267b2e186 mit_samba: Fix flags that we get a referral tickets
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-06-02 12:48:13 +02:00
Andreas Schneider
7019103bab mit_samba: Return 0 in case of a wrong realm
The MIT KDC will deal with this correctly for us.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-06-02 12:48:13 +02:00
Andreas Schneider
7a1fd661b0 sdb: Do not create kmod information if we return early
In case of a wrong realm in a cross forest trust we return early with
just the realm corrected. We need to parse a kdb entry but do not have
all information available. So skip creating the kmod.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-06-02 12:48:13 +02:00
Andreas Schneider
00267c9565 sdb: Fix NULL pointer deference if we return early
If we return because of a wrong realm in a cross forest trust case, we
do not have a skdc_entry allocated.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-06-02 12:48:13 +02:00
Andreas Schneider
3d6e18f210 kdb: Do not allocate memory with size 0
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-06-02 12:48:13 +02:00
Andreas Schneider
84c4b91fc6 sdb: Do not set disallow if we do not have ticket info in the DB
These things are applied by the incoming ticket by the KDC.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-06-02 12:48:13 +02:00
Andreas Schneider
db23c0fa97 torture: Add a dummy test for MIT Kerberos case
This is a preperatory test to add tests for the MIT KDC.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-06-02 12:48:13 +02:00
Andreas Schneider
38faafef23 torture: Fix trailing whitespaces in krb5 tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-06-02 12:48:13 +02:00
Andrew Bartlett
01043fc5f5 repl_meta_data: Do rename before deleted object cleanup
Following from the lesson of subtree_rename, do the rename first,
as this is more likely to fail for some reason

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun  1 14:01:36 CEST 2016 on sn-devel-144
2016-06-01 14:01:36 +02:00
Andrew Bartlett
cb32e25fbe dsdb/subtree_rename: Rename the base before we rename children
Otherwise, we might rename children to be under a different, conflicting, DN.

This would normally be picked up in the transaction rollback, but in replication
the transaction is not aborted for this situation

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-01 10:27:19 +02:00
Andrew Bartlett
2d9383e1d4 getncchanges: Fill in ctr6.linked_attributes with a pointer to a zero-length array
Our newly run repl_exop tests expect this, matching Windows 2012R2

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-01 10:27:19 +02:00
Andrew Bartlett
b8f32528c7 getncchanges: Use the talloc_stackframe() for tempory memory
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-01 10:27:19 +02:00
Andrew Bartlett
59d6c7c674 getncchanges: Give the correct error when RID_ALLOC fails on an invalid destination_dsa_guid
This is found by our new tests.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-01 10:27:19 +02:00
Andrew Bartlett
dfda45802c rpc_server/drsuapi: Return the correct 3 objects for DRSUAPI_EXOP_FSMO_RID_ALLOC
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-01 10:27:19 +02:00
Volker Lendecke
b83a742fed dsdb: Simplify acl_validate_spn_value
Avoid pointless "else" and fix indentation

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-01 00:57:32 +02:00
Rowland Penny
7583377473 samba-too: Allow 'samba-tool fsmo' to cope with empty or missing fsmo roles
samba-too: Allow 'samba-tool fsmo' to cope with empty or missing fsmo roles

Signed-off-by: Rowland Penny <rpenny@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2016-06-01 00:57:32 +02:00
Dirk Godau
1fd7c28d5f Extend DsBind and DsGetDomainControllerInfo to work with w2k8.
W2K8 Clients ask for DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2 on DsBind. W2K8
expect this to be set (with server fl 2k8) or else they do not call
DsGetDomainControllerInfo.

If DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2 is set, DsGetDomainControllerInfo
must be able to return DCInfo Level 3.

If Samba4 AD ist set to work as 2k8, with >2k8 clients the following
will not work as expected:

  * Group Policy Editor Infrastructure Discovery
  * nltest /dclist:<domain>
  * w32tm /monitor

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9971
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9976

Signed-off-by: Dirk Godau <voidswitch@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu May 26 06:21:10 CEST 2016 on sn-devel-144
2016-05-26 06:21:10 +02:00
Dirk Godau
6ded4f5230 drsuapi tests for DsBind with w2k8
These are marked as known_fail pending the next patch ("Extend DsBind
and DsGetDomainControllerInfo to work with w2k8").

Signed-off-by: Dirk Godau <voidswitch@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-05-26 02:44:31 +02:00
Volker Lendecke
5af28c93dc drsuapi: Improve debug in DsWriteAccountSpn
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed May 25 11:34:13 CEST 2016 on sn-devel-144
2016-05-25 11:34:13 +02:00
Volker Lendecke
e7f54a2842 samdb: Improve debugging in acl_validate_spn_value()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-05-25 07:56:19 +02:00
Uri Simchoni
b2b951d14f heimdal make kvno unisgned internally
The folks at heimdal didn't like the patch in
commit 6379737b7d and insisted
that kvno should remain unsigned internally, even though it is
encoded as signed in packets. This patch reverts some of the
unsigned->signed changes in that commit, and resolves conversion
issues - in order to be aligned with upstream Heimdal.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 24 03:00:39 CEST 2016 on sn-devel-144
2016-05-24 03:00:39 +02:00
Christian Ambach
8b3ae1bb9c s4:repl_meta_data: squelch compile warning with -O3
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri May 13 03:50:10 CEST 2016 on sn-devel-144
2016-05-13 03:50:08 +02:00
Michael Adam
33d20f93dc s4:client: fix O3 error unused result of of chdir and system
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:16 +02:00
Michael Adam
a7fc5e0f4d s4:torture:nbench: fix O3 error unused result of asprintf
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:16 +02:00
Michael Adam
ea668a28e0 s4:torture:rpc:samlogon: fix O3 error unused result of asprintf
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:16 +02:00
Michael Adam
080946ce91 s4:torture:basic:delete: fix O3 error unused result of asprintf
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:16 +02:00
Michael Adam
ef63ebdcb7 s4:torture:basic:dir: fix O3 error unused result of asprintf
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:16 +02:00
Michael Adam
f7256914d0 s4:torture:basic: fix O3 error unused result of write
in test_utable

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:16 +02:00
Michael Adam
99182346a3 s4:torture:basic:misc: fix O3 error unused result of asprintf
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:16 +02:00
Michael Adam
ebfbf6bc27 s4:torture:basic: fix O3 error unused result of asprintf
in run_opentest()

While fixing this, also convert to using talloc_asprintf instead.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:16 +02:00
Michael Adam
a6db0527cb s4:regshell: fix O3 error unused result of asprintf in reg_complete_key()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:16 +02:00
Michael Adam
2a2d990e3a s4:ntvfs: fix O3 error unused result of write error in nbench_log()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Michael Adam
93b1dac1ca s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_file_utime()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Michael Adam
fa80f1a937 s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_list_unix
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Michael Adam
8f4759d562 s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_map_fileinfo
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Michael Adam
b64a24eb05 s4:ntvfs: fix O3 error unused result of asprintf in svfs_file_utime
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Michael Adam
8e521379d5 s4:ntvfs: fix O3 error unused result of asprintf
in svfs_map_fileinfo

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Michael Adam
2d8a3125f2 s4:registry:patchfile: fix O3 error unused result of write
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Michael Adam
c150234495 s4:libcli:resolve: fix O3 error unused result of write
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00