1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

32607 Commits

Author SHA1 Message Date
Stefan Metzmacher
1a315bec27 s4:dsdb/test/notification: make test_invalid_filter more resilient against ordering races
We saw a lot of flapping tests with:

    [1793(11038)/1892 at 1h55m26s]
    samba4.ldap.notification.python(ad_dc_ntvfs)(ad_dc_ntvfs)
    UNEXPECTED(failure):
    samba4.ldap.notification.python(ad_dc_ntvfs).__main__.LDAPNotificationTest.test_max_search(ad_dc_ntvfs)
    REASON: Exception: Exception: Traceback (most recent call last):
      File
    "/memdisk/autobuild/fl/b1782183/samba/source4/dsdb/tests/python/notification.py",
    line 181, in test_max_search
        self.assertEquals(num, ERR_TIME_LIMIT_EXCEEDED)
    AssertionError: 11 != 3

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-11 22:58:18 +01:00
Herwin Weststrate
0b500d413c Added MSV1_0_ALLOW_MSVCHAPV2 flag to ntlm_auth
An implementation of https://lists.samba.org/archive/samba/2012-March/166497.html (which has been discussed in 2012, but was never implemented).

It has been tested on a Debian Jessie system with this patch added to the Debian package (which is currently 4.1.17). Even though this is Samba 4, the ntlm_auth installed is the one from Samba 3 (yes, it surprised me too). The backend was a machine with Windows 2012R2.

It was first tested with the local security policy 'Network Security: LAN Manager authentication level' setting changed to 'Send NTLMv2 Response Only' (allow ntlm v1). This way we are able to authenticate with and without the MSV1_0_ALLOW_MSVCHAPV2 flag (as expected).

After the basic step has been verified, the local security policy 'Network Security: LAN Manager authentication level' setting was changed to 'Send NTLMv2 Response Only. Refuse LM & NTLM' (only allow ntlm v2). The behaviour now changed according to the MSV1_0_ALLOW_MSVCHAPV2 flag (again: as expected).

  $ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain=
  Logon failure (0xc000006d)
  $ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain= --allow-mschapv2
  NT_KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

The changes in `wbclient.h` are intended for programs that use libwinbind directly instead of authenticating via `ntlm_auth`. I intend to use that within FreeRADIUS (see https://bugzilla.samba.org/show_bug.cgi?id=11149).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11694
Signed-off-by: Herwin Weststrate <herwin@quarantainenet.nl>
Reviewed-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-11 22:58:18 +01:00
Uri Simchoni
b27cf10c0c selftest: run net ads join test in a private client env
net ads join command changes machine password, thus affecting
the test environment beyond the thing we want to test.

This cange runs the test in a private client env, with its
own hostname, newly-generated machine SID, and a separate
secrets.tdb, thus not affecting the running AD member server,

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-03-10 11:27:29 +01:00
Stefan Metzmacher
645e777b0a s4:rpc_server: dcesrv_generic_session_key should only work on local transports
This matches modern Windows servers.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar 10 10:15:21 CET 2016 on sn-devel-144
2016-03-10 10:15:21 +01:00
Stefan Metzmacher
58b33896b6 s4:rpc_server/samr: hide a possible NO_USER_SESSION_KEY error
Windows servers doesn't return the raw NT_STATUS_NO_USER_SESSION_KEY
error, but return WRONG_PASSWORD or even hide the error by using a random
session key, that results in an invalid, unknown, random NTHASH.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:31 +01:00
Stefan Metzmacher
5a397216d4 s4:librpc/rpc: dcerpc_generic_session_key() should only be available on local transports
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:31 +01:00
Stefan Metzmacher
af8c4ebf9b s4:torture:samba3rpc: use an authenticated SMB connection and an anonymous DCERPC connection on top
This is the only way to get a reliable transport session key.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:31 +01:00
Stefan Metzmacher
f699eb3b1a s4:selftest: run rpc.samr over ncacn_np instead of ncacn_ip_tcp
It requires a transport session key, which is only reliable available
over SMB.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:31 +01:00
Stefan Metzmacher
c793b23ddb s4:torture: the backupkey tests need to use ncacn_np: for LSA calls
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:31 +01:00
Stefan Metzmacher
0400f301e3 s4:torture/rpc: do testjoin only via ncalrpc or ncacn_np
ncacn_ip_tcp doesn't have the required session key.
It used to be the wellknown "SystemLibraryDTC" constant,
but that's not available in modern systems anymore.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:31 +01:00
Stefan Metzmacher
0ebe929810 s4:ldap_server: make use of GENSEC_FEATURE_LDAP_STYLE
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-10 06:52:29 +01:00
Stefan Metzmacher
c431543fb9 s4:selftest: simplify the loops over samba4.ldb.ldap
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-10 06:52:29 +01:00
Stefan Metzmacher
5cf8546674 s4:selftest: we don't need to run ldap test with --option=socket:testnonblock=true
The LDAP client library uses tstream and that handles non blocking
sockets natively.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-10 06:52:29 +01:00
Stefan Metzmacher
d9d0d2d5a2 s4:libcli/ldap: fix retry authentication after a bad password
We need to start with an empty input buffer.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-10 06:52:29 +01:00
Stefan Metzmacher
d04663b8b0 s4:libcli/ldap: make use of GENSEC_FEATURE_LDAP_STYLE
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-10 06:52:29 +01:00
Stefan Metzmacher
ab54e0fd70 ntlmssp.idl: MsAvRestrictions is MsvAvSingleHost now
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-10 06:52:29 +01:00
Stefan Metzmacher
0f6713826d s4:pygensec: make sig_size() and sign/check_packet() available
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:27 +01:00
Stefan Metzmacher
960b0adfb3 s4:librpc/rpc: map alter context SEC_PKG_ERROR to NT_STATUS_LOGON_FAILURE
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:26 +01:00
Andreas Schneider
f7116f0ad0 s4-selftest: Make export keytab test heimdal specific
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-03-10 06:52:26 +01:00
Andreas Schneider
5c5d586d3e s4-libnet: Implement export_keytab without HDB
This is used by 'samba-tool domain exportkeytab'. This loads the HDB
Samba backend thus needs access to samdb. To avoid using heimdal
specific code here, we could talk to samdb directly and write a
keytab file.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-03-10 06:52:25 +01:00
Garming Sam
9f1ba00f1f CVE-2016-0771: tests/dns: change samba.tests.dns from being a unittest
This makes it easier to invoke, particularly against Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:25 +01:00
Garming Sam
286b7a5e3f CVE-2016-0771: tests/dns: RPC => DNS roundtrip test
Make sure that TXT entries stored via RPC come out the same in DNS.

This has one caveat in that adding over RPC in Windows eats slashes,
and so fails there.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:25 +01:00
Stefan Metzmacher
ee8d777bbf CVE-2016-0771: s4:dns_server: fix idl for dns_txt_record
From RFC 1035:

    3.3.14. TXT RDATA format

        +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
        /                   TXT-DATA                    /
        +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

    where:

    TXT-DATA        One or more <character-string>s.

    TXT RRs are used to hold descriptive text.  The semantics of the text
    depends on the domain where it is found.

Each record contains an array of strings instead of just one string.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:24 +01:00
Stefan Metzmacher
42524c20a8 CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp doesn't require client bindings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:23 +01:00
Aurelien Aptel
cb51e8d5cb s4/heimdal/lib/krb5/pac.c: typo
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 10 03:33:46 CET 2016 on sn-devel-144
2016-03-10 03:33:46 +01:00
Aurelien Aptel
511c747745 s4/heimdal/lib/gssapi/mech/gss_compare_name.c: typo
make memcmp() compare the name1 and name2 value instead of comparing
name1 with itself.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-10 00:08:11 +01:00
Aurelien Aptel
ad9c1aa867 s4/client/cifsdd.c: typo
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-10 00:08:11 +01:00
Aurelien Aptel
34ae5c5083 s4/auth/ntlm/auth_unix.c: add parens
operator | has lower precedence than ?:
so add parens to have the expected result.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-10 00:08:11 +01:00
Douglas Bagnall
c1b68fa0b8 torture_ldap_sort: avoid segfault
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-09 10:32:17 +01:00
Douglas Bagnall
5d6a67e9de ldb sort: allow sorting on attributes not returned in search
The attribute is added to the search request, then peeled off again
before the sort module passes the results on.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-09 10:32:17 +01:00
Douglas Bagnall
b797baaa60 Add python server sort tests
The tests are repeated twice: once properly with complex Unicode
strings, and again in a simplified ASCII subset. We only expect Samba
to pass the simplified version. The hard tests are aspirational and
show what Active Directory does.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-09 10:32:17 +01:00
Garming Sam
fe2bcf9d41 ldap VLV: correct ASN1 parsing of VLV requests
As with the encoding, the ASN1_CONTEXT tag isn't followed by an
ASN1_SEQUENCE, though you wouldn't think that from reading the
specification.

Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-09 10:32:16 +01:00
Garming Sam
8b650a5ab3 ldap: fix search control rule identifiers ASN.1 type
Wireshark and Windows both expect matching rule identifiers to be
given the ContextSimple type identifier instead of the Octet String.

As far as we can tell this is not formally specified anywhere.

Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-09 10:32:16 +01:00
Douglas Bagnall
d2c6f7624b ldap VLV: memdup, not strdup VLV context_id
The context ID is not a text string, it is an opaque binary field.

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-09 10:32:16 +01:00
Garming Sam
5421d7070a ldap VLV: use correct ASN.1 encoding for requests
The search reference points (either an integer index or a string
for comparison) are  supposed to use ASN1_CONTEXT or ASN1_CONTEXT_SIMPLE
(respectively) ASN.1 types. We were using these types, but we also put
extra ones in too, which nobody else likes.

Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-09 10:32:16 +01:00
Andrew Bartlett
4c38e74d7c dsdb: Introduce LDB_SYNTAX_SAMBA_OCTET_STRING
The sort order for this function is more expected than the sort order for
ldb_comparsion_binary()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-09 10:32:16 +01:00
Douglas Bagnall
5235f1facf util/binsearch: macro for greater than or equal search
Sometimes you want to find the place where an item would be in a
sorted list, whether or not it is actually there.

The BINARY_ARRAY_SEARCH_GTE macro takes an extra 'next' pointer
argument over the other binsearch macros. This will end up pointing to
the next element in the case where there is not an exact match, or
NULL when there is. That is, searching the list

     { 2, 3, 4, 4, 9}

with a standard integer compare should give the following results:

search term    *result    *next
         1      -          2
         3      3          -
         4      4 [1]      -
         7      -          9
         9      9          -
        10      -          - [2]

Notes
[1] There are two fours, but you will always get the first one.
[2] The both NULL case means the search term is beyond the last list
item.

You can safely use the same pointer for both 'result' and 'next', if
you don't care to distinguish between the 'greater-than' and 'equals'
cases.

There is a torture test for this.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-09 10:32:16 +01:00
Garming Sam
42fe66fa73 tests: Allow alternative error code for backupkey test
It appears that incorrect decryption triggers a different error code,
causing a test which fails every now and again, as sometimes the invalid
data will parse as a SID, and so pass one of the checks.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-09 10:32:16 +01:00
Andrew Bartlett
ca9bbc8cc5 selftest: Avoid sorting issues on Ubuntu 10.04 vs 14.04
The unimportant lines starting with # sorted differently between these
two platforms.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-09 10:32:15 +01:00
Andrew Bartlett
c79c1e405d dbcheck: Check for and remove duplicate values in attributes
This can happen with three DCs and custom schema, but we test
it by just forcing the values directly into the backing tdb.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:30 +01:00
Andrew Bartlett
8440dda3cb pysmb: Use pytalloc_BaseObject_PyType_Ready()
This changes pysmb to use talloc.BaseObject() just like the PIDL output

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:30 +01:00
Andrew Bartlett
c763253f05 pysmb: Do not use pytalloc_Object directly
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:30 +01:00
Andrew Bartlett
05b99bed8c pysmb: Rework py_smb_new() to use pytalloc_steal()
This avoids casting to pytalloc_Object directly

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:29 +01:00
Andrew Bartlett
9a34a1567b pysmb: Use pytalloc_get_mem_ctx()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:29 +01:00
Andrew Bartlett
a2013c3a5a pysmb: Use pytalloc_get_ptr()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:29 +01:00
Andrew Bartlett
6d348c443a pyregistry: Use pytalloc_BaseObject_PyType_Ready()
This changes pyregistry to use talloc.BaseObject() just like the PIDL output

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:29 +01:00
Andrew Bartlett
ffc7536330 pyauth: Use pytalloc_BaseObject_PyType_Ready()
This changes pyauth to use talloc.BaseObject() just like the PIDL output

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:29 +01:00
Andrew Bartlett
0f35167d76 pygensec: Use pytalloc_BaseObject_PyType_Ready()
This changes pygensec to use talloc.BaseObject() just like the PIDL output

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:29 +01:00
Andrew Bartlett
ec5d63f9ed pygensec: Use pytalloc_steal() in gensec_start_{client,server}()
This is better than casting to get to the pytalloc_Object structure directly

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:29 +01:00
Andrew Bartlett
43af1905d5 pyparam: Use pytalloc_BaseObject_PyType_Ready()
This changes pyparam to use talloc.BaseObject() just like the PIDL output

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:29 +01:00
Andrew Bartlett
d82b11b21c pyparam: Do not use pytalloc_Object directly
This type should not be used directly, it should have been made private
to pytalloc.  This then allows removal of the (PyCFunction) cast

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:29 +01:00
Andrew Bartlett
5fb98a3534 dbcheck: Fix incorrect/duplicate attrid in replPropertMetaData
If custom schema is used in a replicated DC environment, these are created as soon as
an attribute is modified on more than one DC.  We have to remove these.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11443
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:28 +01:00
Andrew Bartlett
ac83f729bc selftest: Update release-4-1-0rc3 with more test records
CN=ops_run_anything2,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp

This will be modified during the dbcheck to show that new
versions of Samba will reset the attid correctly

CN=ops_run_anything3,OU=SUDOers,DC=release-4-1-0rc3,DC=samba,DC=corp

This will not be modified, and shows how a 4.1 DC without
replication would record custom schema objects.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:28 +01:00
Andrew Bartlett
7397aa47fd rpc_server/drsuapi: Block replication of incorrect/duplicate attrid in replPropertMetaData
If custom schema is used in a replicated DC environment, these are created as soon as
an attribute is modified on more than one DC.  We have to prevent replication
as otherwise we will corrupt the client replica state.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11443
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:26 +01:00
Andrew Bartlett
ecf0dd49e0 repl_meta_data: Correctly use msDS-IntId for custom schema, not the prefixMap value
We must, when dealing with custom schema, respect the msDC-IntId value recorded
in the schema.  If we do not, then we will create multiple replPropertyMetaData
records for the one attribute.  This may cause confusion during replication.

This fixes the issue by always calling dsdb_attribute_get_attid() to obtain
the correct local (32 bit integer) attribute ID

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11443
2016-03-08 01:58:26 +01:00
Andrew Bartlett
9e07f3a13b pidl: Fix our python reference handling
The new talloc.BaseObject allow us to hold a talloc context per
python object (there may be many referring to the same C object)
and the talloc context that the actual object pointer is under.

Another advantage is that talloc.BaseObject(), has less of
an ABI surface.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:26 +01:00
Andrew Bartlett
627fdf0468 pyrpc: Clarify failure mode after pytalloc_reference_ex() improvements
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:26 +01:00
Andrew Bartlett
623bf4230c pyrpc: Add warning about abuse of py_return_ndr_struct()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:25 +01:00
Andrew Bartlett
b96b1e88f7 pydsdb: Fix returning of ldb.MessageElement.
This object is not based on pytalloc_Object and so this causes
a segfault (later a failure) when the struct definitions diverge.
We must also not reuse the incoming ldb_message_element as a talloc
context and overwrite the values, instead we should create a new
object and return that.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:25 +01:00
Aurelien Aptel
2285519043 s3,s4 torture/denytest: fix possible infinite loop
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: David Disseldorf <ddis@suse.de>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Fri Mar  4 21:23:45 CET 2016 on sn-devel-144
2016-03-04 21:23:45 +01:00
Aurelien Aptel
a6593cfb67 s4/torture/libnetapi/libnetapi_user.c: fix typo
fixed misplaced parenthesis and wrong sizeof().

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: David Disseldorf <ddis@suse.de>
2016-03-04 18:08:21 +01:00
Douglas Bagnall
116f415779 heimdal asn1: avoid fclose(NULL) caused by missing braces
Thanks to GCC6 -Wmisleading-indentation.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Mar  3 16:21:52 CET 2016 on sn-devel-144
2016-03-03 16:21:52 +01:00
Douglas Bagnall
c9836e8121 regtree: avoid GCC indentation warning
This was not actually a bug, but GCC6 (sort of reasonably) thought it could be.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-03-03 13:09:25 +01:00
Michael Adam
1b804d6f93 torture:smb2: add smb2.replay.replay-dhv2-lease3
create with a lease, and replay with lease
with a different lease key.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-03 13:09:24 +01:00
Michael Adam
1c772984c6 torture:smb2: add smb2.replay.replay-oplock-lease
create with an oplock, and replay with a lease.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-03 13:09:24 +01:00
Michael Adam
2036e1d27b torture:smb2: add smb2.replay.replay-dhv2-lease-oplock
Open with a lease and replay with an oplock.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-03 13:09:24 +01:00
Michael Adam
6eeabe43a2 torture:smb2: add smb2.replay.replay-dhv2-lease2
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-03 13:09:24 +01:00
Michael Adam
de678ebcdf torture:smb2: add smb2.replay.replay-dhv2-lease1
This is a variant of the replay-dhv2-oplock1 test for leases
instead of for oplocks.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-03 13:09:24 +01:00
Michael Adam
6eac2ae984 torture:smb2:replay: extend CHECK_CREATE_OUT() to know leases
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-03 13:09:24 +01:00
Michael Adam
9ac9d286b4 torture:smb2: split rename2 into multiple tests and extend these
- replay-regular
- replay-dhv2-oplock1
- replay-dhv2-oplock2
- replay-dhv2-oplock3

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-03 13:09:23 +01:00
Michael Adam
9ebf079b00 torture:smb2: rename replay1 -> replay-commands
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-03 13:09:23 +01:00
Michael Adam
f24567e9fd torture:smb2: skip replay4 if server does not support multi-channel
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Mar  2 20:38:49 CET 2016 on sn-devel-144
2016-03-02 20:38:49 +01:00
Volker Lendecke
801b1ada51 ntvfs: Fix CID 1354522 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-01 18:35:20 +01:00
Martin Schwenke
e318babace lib/util: Add strv_util.[ch] containing new function strv_split()
strv_split() adds to a strv by splitting a string on separators.

Tests included.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-03-01 05:43:19 +01:00
Michael Adam
6d00855672 torture:smb2: fix skip message if share is not CA
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-29 23:10:15 +01:00
Michael Adam
cd3ee2a2aa torture:smb2: skip replay5 test if server does not support persistent handles
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-29 23:10:14 +01:00
Michael Adam
95835b9280 torture:smb2: skip replay3 if server does not support Multi-Channel
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-29 23:10:14 +01:00
Martin Schwenke
f3ea162488 lib/util: Add tests for strv
These are blackbox tests against most of the API.

It would be possible to write tests that check the internals of the
strv are as expected but that probably doesn't add much value.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-26 19:27:08 +01:00
Andrew Bartlett
eb5cdce247 samba-tool: Support preloading multiple users
Based on patches by Adrian Cochrane

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 25 07:58:55 CET 2016 on sn-devel-144
2016-02-25 07:58:55 +01:00
Volker Lendecke
737780384c lib: Move data_blob_list_item to source4
It's only used in dcesrv_call_state.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-02-23 22:03:16 +01:00
Volker Lendecke
8fc86f41e4 py_xattr: Fix a "ignoring return value" warning
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-02-23 22:03:16 +01:00
Michael Adam
fb0d624427 torture:smb2: improve torture_comments in connect test
Signed-off-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 23 04:50:53 CET 2016 on sn-devel-144
2016-02-23 04:50:53 +01:00
Michael Adam
78d7b23f2f torture:smb2: fix memory leak in connect test.
Signed-off-by: Michael Adam <obnox@samba.org>
2016-02-23 01:41:17 +01:00
Michael Adam
4d9484e7c4 torture:smb2: rewrite connect test to use torture_asserts for create errors
let torture_smb2_createfile propagate errors

Signed-off-by: Michael Adam <obnox@samba.org>
2016-02-23 01:41:17 +01:00
Michael Adam
358c09b899 torture:smb2: rewrite connect test to use torture_asserts
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-23 01:41:17 +01:00
Volker Lendecke
2b26522e34 libwbclient: Make source4/ use nsswitch/libwbclient
Right now there's no async user of this, so I think it's okay to use the
sync libwbclient. If we really get async libwbclient users, we need to
put it there instead of calling the struct protocol directly.

The code before this patch did not look at the _NO_WINBIND environment
variable. So ignore it here too.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-02-22 20:29:16 +01:00
Stefan Metzmacher
312cb9d841 s4:dsdb_notification: fix the --picky-developer build with gcc 4.4.3
The following warning/error is reported:

[1891/4034] Compiling source4/dsdb/samdb/ldb_modules/dsdb_notification.c
cc1: warnings being treated as errors
../source4/dsdb/samdb/ldb_modules/dsdb_notification.c: In function 'dsdb_notification_filter_search':
../source4/dsdb/samdb/ldb_modules/dsdb_notification.c:192: error: value computed is not used
Waf: Leaving directory `/memdisk/autobuild/fl/b300949/samba/bin'
Build failed:  -> task failed (err #1):
	{task: cc dsdb_notification.c -> dsdb_notification_84.o}

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-02-19 15:58:22 +01:00
Andreas Schneider
3f428caed4 s4-libcli: Add missing ldb header
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-02-19 15:58:22 +01:00
Andreas Schneider
23d2c7f670 s4-client: Fix cifsdd arg parsing for skip
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11730

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2016-02-18 15:00:17 +01:00
Stefan Metzmacher
7eab9e5fbd s4:selftest: run samba4.ldap.notification.python
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Feb 17 06:54:48 CET 2016 on sn-devel-144
2016-02-17 06:54:48 +01:00
Stefan Metzmacher
df04a2eee2 s4:dsdb/tests: add notification.py with some basic tests
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-02-17 03:43:23 +01:00
Stefan Metzmacher
e7dd9808b1 s4:dsdb: let samba_dsdb make use of the dsdb_notification module
This means our LDAP server will support LDB_CONTROL_NOTIFICATION_OID now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-02-17 03:43:23 +01:00
Stefan Metzmacher
6e88639ed9 s4:ldap_server: add support for async notification requests
This is a simplified version that works with the current
dsdb_notification module that requires the caller to retry
periodically. We do that every 5 seconds or 100 microseconds
if we're forcing a retry.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-02-17 03:43:23 +01:00
Stefan Metzmacher
46243e4d80 s4:dsdb: add dsdb_notification module
This adds a simple implementation of LDB_CONTROL_NOTIFICATION_OID.
It requires caller (the ldap server task) to retry the request peridically,
using the same ldb_control structure in order to get some progress and
the never ending search behaviour an LDAP client expects.

For now we remember the known_usn in a cookie stored
in the otherwise unused ldb_control->data fielf
and we do a simple search using (uSNChanged>=${known_usn}+1).

In future we may do things based on the uSNChanged value.

for (i = old_highest + 1; i <= current_highest; i) {
	search for (uSNChanged=i)
}

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-02-17 03:43:23 +01:00
Stefan Metzmacher
3f0fbfa7b2 s4:dsdb/samldb: check for valid lDAPDisplayName vaues on add()
This still leaves modifies(), but that's a task for another day.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-02-17 03:43:23 +01:00
Stefan Metzmacher
ab16d11e32 s4:dsdb/tests: don't use spaces in lDAPDisplayName in urgent_replication.py
This should result in LDAP_UNWILLING_TO_PERFORM/WERR_DS_INVALID_LDAP_DISPLAY_NAME,
so better use a useful value without spaces.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-02-17 03:43:23 +01:00
Stefan Metzmacher
29e3fc1cff s4:ldap_server: make sure we only have one tstream_read_pdu_blob_send() on a connection
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-02-17 03:43:23 +01:00
Stefan Metzmacher
d104d6e04f s4:libcli/ldap: add support for LDB_CONTROL_DIRSYNC_EX_OID
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-02-17 03:43:23 +01:00
Stefan Metzmacher
cd77b0bba4 s4:libcli/ldap: send AbandonRequests for cancelled requests
This happens on a local timeout of an talloc_free() of the request.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-02-17 03:43:22 +01:00
Christian Ambach
8ca0f14b5c s4:torture/ntlmssp fix a compiler warning
about invalid array subscript

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-02-12 09:01:14 +01:00
Christian Ambach
fc8e507b48 s4:heimdal fix a compile warning
about a potentially uninitialized variable

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-02-12 09:01:14 +01:00
Günther Deschner
1a4b8cc707 s4-libgpo: fix gcc6 build warning.
source4/lib/policy/gp_ldap.c:48:35: warning: 'gpo_inheritance' defined but not
used [-Wunused-const-variable]

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-06 21:48:18 +01:00
Günther Deschner
3b230d21bc s4-torture: fix gcc6 build warnings.
source4/torture/nbt/winsreplication.c:523:30: warning: 'addresses_X_1_2' defined but not used [-Wunused-const-variable]
source4/torture/nbt/winsreplication.c:470:30: warning: 'addresses_B_2' defined but not used [-Wunused-const-variable]
source4/torture/nbt/winsreplication.c:445:30: warning: 'addresses_A_3_4_X_1_2' defined but not used [-Wunused-const-variable]

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-06 21:48:18 +01:00
Günther Deschner
1c80f10299 s4-torture: fix gcc6 build warning.
source4/torture/rpc/forest_trust.c:408:22: warning: 'my_blob' defined but not
used [-Wunused-const-variable]

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-06 21:48:18 +01:00
Günther Deschner
3536a2318f s4-torture: fix gcc6 build warning.
source4/torture/ndr/samr.c:277:22: warning:
'samr_changepassworduser3_w2k_out_data' defined but not used
[-Wunused-const-variable]

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-06 21:48:18 +01:00
Günther Deschner
a3f7b51688 s4-torture: fix gcc6 build warning.
source4/torture/ndr/drsuapi.c:272:22: warning: 'DsBind_req2_dat' defined but
not used [-Wunused-const-variable]

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-06 21:48:18 +01:00
Günther Deschner
5544756733 s4-torture: fix gcc6 build warning.
source4/torture/raw/eas.c:322:17: warning: comparison of constant '0' with
boolean expression is always false [-Wbool-compare]

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-06 21:48:18 +01:00
Michael Adam
476672b647 dlist: remove unneeded type argument from DLIST_ADD_END()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-06 21:48:17 +01:00
Günther Deschner
e073f3c0b6 s4-torture: flesh out ntlmssp_AUTHENTICATE_MESSAGE_check().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-02-04 09:29:17 +01:00
Günther Deschner
68b9b18e6c s4-torture: add ndr pullpush validation for NTLMSSP CHALLENGE and AUTHENTICATE messages.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-02-04 09:29:17 +01:00
Günther Deschner
fe1be37c71 s4-torture: flesh out ntlmssp_CHALLENGE_MESSAGE_check().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-02-04 09:29:17 +01:00
Günther Deschner
4ac7a65721 s4-torture: activate testing of CHALLENGE and AUTHENTICATE ntlmssp messages.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-02-04 09:29:17 +01:00
Günther Deschner
68d043faa0 s4-torture: fill in ntlmssp_NEGOTIATE_MESSAGE_check().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-02-04 09:29:16 +01:00
Stefan Metzmacher
8841b1e641 s4:scripting/devel: make use of the generic arcfour_encrypt() and string_to_byte_array() functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-02-03 08:33:11 +01:00
Andreas Schneider
8a9493f927 s4-dsdb: Add debug message if we have a ldb error string
When trying to change the password with kpasswd, the KDC returns
"Unspecified password quality failure". Because we do not get the ldb
error which is e.g.: password is too young to change!

This way at least the admin can find out what is going on.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Feb  2 11:49:51 CET 2016 on sn-devel-144
2016-02-02 11:49:51 +01:00
Volker Lendecke
88c4687945 idl: Rename "principle" to "principal_name"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2016-02-02 08:42:09 +01:00
Stefan Metzmacher
5a0c439eb5 s4:ldap_server: use LDAP_AUTH_METHOD_NOT_SUPPORTED define
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-02-01 09:53:10 +01:00
Stefan Metzmacher
0b4d3db42d s4:dsdb/ldb_modules: make it possible to find a reason for LDB_ERR_NO_SUCH_OBJECT in util.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-02-01 09:53:10 +01:00
Stefan Metzmacher
67d550653f s4:dsdb/common: make it possible to find a reason for LDB_ERR_NO_SUCH_OBJECT
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-02-01 09:53:10 +01:00
Stefan Metzmacher
cff0978495 s4:dsdb/common: add dsdb_module_werror() helper function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-02-01 09:53:10 +01:00
Stefan Metzmacher
58aa29b844 s4:dsdb/common: add some const to dsdb_dn_is_upgraded_link_val()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-02-01 09:53:10 +01:00
Günther Deschner
32e545ecea s4-torture: let smb2.replay.replay4 test deal with scale out shares.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-26 21:01:18 +01:00
Günther Deschner
757ade67e6 s4-torture: let smb2.replay.replay3 test deal with scale out shares.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-26 21:01:18 +01:00
Günther Deschner
9c23f43f9e s4-torture: let smb2.replay.replay2 test deal with scale out shares.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-26 21:01:18 +01:00
Michael Adam
9fcf87419f s4:lib:socket: skip extra data in interpret_interface()
This is currently smbd-specific.
No need to duplicate the extended parsing
while these functions have not been merged yet.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-01-26 07:33:16 +01:00
Ralph Boehme
cd86f20e24 s4:torture: add SMB2 test for directory creation initial allocation size
Test that directory creation with an initial allocation size > 0
succeeds.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11684

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun Jan 24 01:20:52 CET 2016 on sn-devel-144
2016-01-24 01:20:52 +01:00
Uri Simchoni
3e084695da build: fix ldbsearch panic on FC22
add dependency that fixes ldbsearch panic due to conflict -
function read_data() is implemented both by libtspi.so.1, which
is a dependency of gnutls on FC22, and by an internal samba
shared lib.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Sat Jan 23 00:06:59 CET 2016 on sn-devel-144
2016-01-23 00:06:59 +01:00
Andreas Schneider
c3aaf6492f waf: Only build the backupkey rpc test with AD DC enabled
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2016-01-22 17:47:21 +01:00
Andreas Schneider
f69b6dd905 tests: Only execute heimdal tests if we build with heimdal
This is a preparation for MIT Kerberos support in the AD server.

Pair-Programmed-With: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jan 22 14:13:42 CET 2016 on sn-devel-144
2016-01-22 14:13:42 +01:00
Andreas Schneider
30419f2966 tests: Rename heimdal blackbox tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-01-22 11:07:31 +01:00
Michael Adam
a929913cb1 s4-torture: let smb2.replay.replay5 test deal with scale out shares.
Scale out shares don't hand out batch or exclusive oplocks.
Hence no durable handles either.
The important point here is that the behaviour tested
does largely not rely on the fact that we had a durable
handle but that we were using a durable handle create
context to specify a CreateGUID.

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 01:55:09 +01:00
Adrian Cochrane
1d05f3bae7 ldb-samba: Reenable recursive search
In order for the recursive search module to work, we first
must stop asserting that any extended match rule is a DN (to be modified
per the extended DN munging), as this is not the case for this particular rule.

This reverts commit 8cacd5b811.

Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-01-18 04:42:21 +01:00
Matthias Dieter Wallnöfer
0f57acc531 s4:acl LDB module - fix error message
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 14 04:54:26 CET 2016 on sn-devel-144
2016-01-14 04:54:26 +01:00
Andreas Schneider
19d3fd190e s4-rpc_server: Add missing include for ROLE_ACTIVE_DIRECTORY_DC
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jan 13 20:17:20 CET 2016 on sn-devel-144
2016-01-13 20:17:20 +01:00
Volker Lendecke
9039f1f29e libcli: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-01-13 07:48:30 +01:00
Jelmer Vernooij
da8674c72a Rename 'errors' to 'samba-errors' and make it public.
This is necessary because it has public headers.

Signed-off-by: Jelmer Vernooij <jelmer@jelmer.uk>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Wed Jan 13 07:47:04 CET 2016 on sn-devel-144
2016-01-13 07:47:04 +01:00
Jelmer Vernooij
512d15de56 Make libcli-smb-raw private, for now.
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Stefan Metzmacher <metze@samba.org>
2016-01-13 04:43:23 +01:00
Jelmer Vernooij
773cfba9af Avoid including libds/common/roles.h in public loadparm.h header.
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Stefan Metzmacher <metze@samba.org>
2016-01-13 04:43:23 +01:00
Jelmer Vernooij
620d5cbe17 Remove public library dcerpc-atsvc.
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Stefan Metzmacher <metze@samba.org>
2016-01-13 04:43:23 +01:00
Jelmer Vernooij
232726a4b4 Make libregistry private, for now.
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Stefan Metzmacher <metze@samba.org>
2016-01-13 04:43:23 +01:00
Jelmer Vernooij
fddca39f19 samdb: Add explicit dependency on ldb.
This is needed to pull in the right -I flags.

Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
2016-01-13 04:43:22 +01:00
Jelmer Vernooij
4ab7a00ac4 Use full path to dlinklist.h in includes.
Signed-off-by: Jelmer Vernooij <jelmer@jelmer.uk>
2016-01-13 04:43:22 +01:00
Michael Adam
fcb1ca8654 torture: fix check_pw_with_krb5 in the rpc:lsa test
Don't use AI_NUMERICHOST for getaddrinfo.
This is so that a host*NAME* handed in will get properly resolved.
Bug uncovered by the new nss_wrapper code (1.1.2)  which fixed
the handling of the AI_NUMERICHOST flag in getaddrinfo.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-01-11 12:25:26 +01:00
Michael Adam
688590f07f torture: fix check_dom_trust_pw in the rpc:lsa test
This makes sure a host*NAME* handed in will get properly resolved.
Bug uncovered by the new nss_wrapper code (1.1.2) which fixed
the handling of the AI_NUMERICHOST flag in getaddrinfo.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-01-11 12:25:26 +01:00
Michael Adam
38c2305fe5 torture: fix the ldap.netlogon-udp test
This makes sure a host*NAME* handed in will get properly resolved.
Bug uncovered by the new nss_wrapper code (1.1.2) which fixed
the handling of the AI_NUMERICHOST flag in getaddrinfo.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-01-11 12:25:26 +01:00
Michael Adam
9b443d2f4b torture: fix the ldap.cldap test
This makes sure a host*NAME* handed in will get properly resolved.
Bug uncovered by the new nss_wrapper code (1.1.2) which fixed
the handling of the AI_NUMERICHOST flag in getaddrinfo.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-01-11 12:25:26 +01:00
Volker Lendecke
fc4c2dcd52 bind_dlz: Fix CID 1347318 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-08 02:37:18 +01:00
Volker Lendecke
4a3ad425b9 samdb: Fix CID 1347320 Dereference null return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-08 02:37:18 +01:00
Andrew Bartlett
0e58705a5b python: Remove Python 2.4 support macros
We require Python 2.6

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2016-01-07 23:33:10 +01:00
Andrew Bartlett
8bac96de82 ntvfs/python: Adjust to use of PY_SSIZE_T_CLEAN
This changes the type used for # arguments to PyArg_ParseTuple

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2016-01-07 23:33:10 +01:00
Andrew Bartlett
516ec3005a pyrpc: Adjust to use of PY_SSIZE_T_CLEAN
This changes the type used for # arguments to PyArg_ParseTupleAndKeywords

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2016-01-07 23:33:10 +01:00
Andrew Bartlett
5c7822a1e4 pyregistry: Adjust to use of PY_SSIZE_T_CLEAN
This changes the type used for # arguments to PyArg_ParseTuple

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2016-01-07 23:33:10 +01:00
Andrew Bartlett
6a6aec78c5 pymessaging: Adjust to use of PY_SSIZE_T_CLEAN
This changes the type used for # arguments to PyArg_ParseTupleAndKeywords

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2016-01-07 23:33:10 +01:00
Volker Lendecke
b7f0e29fd2 lib: Use asn1_current_ofs()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-06 00:54:18 +01:00
Volker Lendecke
a93946b2fe lib: Use asn1_extract_blob()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-06 00:54:18 +01:00
Volker Lendecke
8cfb6a3139 lib: Use asn1_set_error()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-06 00:54:18 +01:00
Volker Lendecke
57a0bc9a9f lib: Use asn1_has_error()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-06 00:54:18 +01:00
Stefan Metzmacher
1bc806a473 Happy New Year 2016!
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jan  1 03:23:14 CET 2016 on sn-devel-144
2016-01-01 03:23:14 +01:00
Michael Adam
73f01cd2f1 torture:smb2: fix copy'n'paste error in durable-open:open2:lease test
Checking against the correct smb2_create object also lets us
check the correct create action (EXISTED vs CREATED).

Observed when this showed up in flakey test results.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 29 08:34:03 CET 2015 on sn-devel-144
2015-12-29 08:34:03 +01:00
Douglas Bagnall
5b1a87e344 dsdb subnets: warn when an IPv6 address is in IPv4 embedding range
We fail on these ones, and it isn't immediately obvious why. Windows
also fails on *most* of them, but succeeds on "::ffff:0:0" which is a
bit strange but there you go.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Dec 24 07:16:25 CET 2015 on sn-devel-144
2015-12-24 07:16:25 +01:00
Douglas Bagnall
906a53f442 samldb: ensure subnets have proper net ranges
A subnet name needs to be a valid CIDR address range -- that's the
ones that look like 10.9.8.0/22, where the number after the /
determines how many bits are in the address suffix. It can be IPv4 or
IPv6. There are a few odd constraints (see MS-ADTS v20150630
6.1.1.2.2.2.1 "Subnet Object") -- for example, with IPv4, the implied
bit mask can't equal the address. That is, you can't have a subnet
named "255.255.255.0/24" in a Windows subnet. This rule does not apply
to IPv6.

Windows and Samba both make some ensure that subnets have a unique
valid name, though unfortunately Windows 2008R2 is rather slack when
it comes to IPv6. We follow Windows 2012R2, which roughly follows
RFC5952 -- with one caveat: Windows will allow an address like
"::ffff:0:1:2", which translates to the IPv4 address "0.1.0.2" using
the SIIT translation scheme, and which inet_ntop() would render as
"::ffff:0:0.1.0.2". In the Samba implementation we use an inet_pton()/
inet_ntop() round-trip to establish canonicality, so these addresses
fail. Windows wisely does not allow the SIIT style addresses (the
acronym is widely agreed to be off-by-one in the second letter), and
it will regard "::ffff:0:1:2" as simply "::ffff:0:1:2" and allow it.
We would like to do that too.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-12-24 04:09:29 +01:00
Douglas Bagnall
cbb93977cd samba-tool: add sites subnet subcommands
This allows you to add, remove, or shift subnets.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-12-24 04:09:29 +01:00
Douglas Bagnall
8e6f2d923c samba-tool tests: Add command line tests for sites
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-12-24 04:09:29 +01:00
Douglas Bagnall
dbcb13cb05 python.sites tests: remove excessive transaction management
These are atomic anyway.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-24 04:09:29 +01:00
Andrew Bartlett
bdb03c5229 selftest: Allow sites test to run against a remote ldap:// host
The previous code was just broken

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-24 04:09:29 +01:00
Douglas Bagnall
358c0f20cc dsdb.tests.sites: don't use global database, tidy long lines
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-12-24 04:09:29 +01:00
Douglas Bagnall
f26b227041 dsdb.tests.sites: merge interdependent tests
The delete test deleted the site made by the create test, which worked
because "delete" sorts after "create" alphabetically.  By themselves,
"delete" would fail and "create" would neglect its duty to clean up.
This would be an issue if the order of tests changes, if one of the
tests is not run, or if another test appears in between. Everything is
fine if they give up the pretense of independence.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-12-24 04:09:29 +01:00
Douglas Bagnall
149c0756b4 torture/gentest time_skew(): don't use labs() on unsigned NTTIME
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-12-24 04:09:28 +01:00
Andrew Bartlett
d098e9c4ba repl: Skip new subdomains and partitions when replicating
These will need to be handled later, but probably via reading the cross-ref objects.

This avoids total failure when cloning a DC that has
subdomains.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-24 04:09:28 +01:00
Ralph Boehme
b165d52037 s4:torture:vfs_fruit: add test test_read_afpinfo
This works against any SMB server and test basic IO on the AFP_AfpInfo
stream.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:18 +01:00
Ralph Boehme
21d4b5cea8 s4:torture:vfs_fruit: add tests for AFP_Resource delete-on-close and eof
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:18 +01:00
Ralph Boehme
decde0b481 s4:torture:vfs_fruit: update AFP_AfpInfo IO tests
When reading from the AFP_AfpInfo stream, OS X ignores the offset from
the request and always reads from offset=0.

The offset bounds check has a off-by-1 bug in OS X, so a request
offset=60 (AFP_AfpInfo stream has a ficed size of 60 bytes), len=1
returns 1 byte from offset 0 insteaf of returning 0.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:18 +01:00
Ralph Boehme
666a55b706 s4:torture:vfs_fruit: test nulling out AFP_AfpInfo stream
This must delete the stream.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:18 +01:00
Ralph Boehme
e5588b463e s4:torture:vfs_fruit: add tests for AFP_AfpInfo delete-on-close and eof
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:18 +01:00
Ralph Boehme
6f8c188dfc s4:torture:vfs_fruit: file without AFP_AfpInfo
Opening the AFP_AfpInfo on a file that doesn't have that stream must
return ENOENT.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:17 +01:00
Ralph Boehme
ba00884e8a s4:torture:vfs_fruit: fix flakey test_write_atalk_rfork_io with OS X
Adjust desired_access to prevent flaky test with OS X SMB server.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:17 +01:00
Ralph Boehme
363260983f s4:torture:vfs_fruit: fix test_rename_dir_openfile() to work with OS X
OS X allows renaming of directories with open files regardless of AAPL
negotiation. Samba will only allow this after negotiating AAPL.

The first check in this test is that renaming fails without AAPL, so
skip this test if the server is OS X.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:17 +01:00
Ralph Boehme
0fc2ed8f01 s4:torture:vfs_fruit: fix test_aapl() to work with OS X
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:17 +01:00
Ralph Boehme
56bf27667c s4:torture:vfs_fruit: skip test_stream_names() without "localdir"
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:17 +01:00
Ralph Boehme
987e12b7a7 s4:torture:vfs_fruit: skip test_adouble_conversion() without "localdir"
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:17 +01:00
Ralph Boehme
0a9a7c2107 s4:torture:vfs_fruit: skip test test_read_atalk_metadata() without "localdir" and rename it
The test is Netatalk specific. Skip the test if "localdir" is not
specified.

Use torture_assert() to check the result from check_stream().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:17 +01:00
Ralph Boehme
155397e831 s4:torture:vfs_fruit: add explicit cleanup of testfiles
smb2_deltree() doesn't work with OS X (looks like OS X doesn't handle
FILE_NON_DIRECTORY_FILE correctly). As a workaround, use explicit
cleanup of all testfiles and directories.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:17 +01:00
Ralph Boehme
3c0ac9b389 s4:torture:vfs_fruit: add --option=torture:osx for enable_aapl()
Check if the server is OS X and don't check the AAPL context size if it
is.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:17 +01:00
Ralph Boehme
fdf937e77d s4:torture:vfs_fruit: enhance check_stream
Don't sleep when create fails and use torture_ macros.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:16 +01:00
Ralph Boehme
8694da4344 s4:torture:vfs_fruit: use AFPINFO_STREAM_NAME
I got erratic results from OS X SMB server with AFPINFO_STREAM
(":AFP_AfpInfo:$DATA") in some tests. Using AFPINFO_STREAM_NAME
(just the ":AFP_AfpInfo" part) instead fixed this.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:16 +01:00
Ralph Boehme
8e0cf77ee2 s4:torture:vfs_fruit: tweak check_stream_list()
Modify check_stream_list() to open the basefile (or directory) itself
insteaf of having the callers pass in a filehandle. Removes some code
duplication in the callers.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:16 +01:00
Ralph Boehme
1d13744547 s4:torture:vfs_fruit: rename tree1 -> tree
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:16 +01:00
Ralph Boehme
9d28f82484 s4:torture:vfs_fruit: remove unused tree2
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-21 23:21:16 +01:00
Günther Deschner
7ba9f8239d s4-torture: add a negoex ndr pullpush test.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Dec 21 01:37:29 CET 2015 on sn-devel-144
2015-12-21 01:37:29 +01:00
Adrian Cochrane
af16d52f7d ldb torture: test ldb_unpack_data_only_attr_list
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11602
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-17 03:23:21 +01:00
Andrew Bartlett
1595f56634 CVE-2015-8467: samdb: Match MS15-096 behaviour for userAccountControl
Swapping between account types is now restricted

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11552

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 16 16:03:18 CET 2015 on sn-devel-104
2015-12-16 16:03:18 +01:00
Volker Lendecke
5a72a2ed0d dns_server: Remove unused handle_question
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Tue Dec 15 17:50:32 CET 2015 on sn-devel-104
2015-12-15 17:50:32 +01:00
Volker Lendecke
6adec9339d dns_server: Add handle_authoritative_send()
An async version of handle_question

Bug: https://bugzilla.samba.org/show_bug.cgi?id=9409
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
2015-12-15 14:43:09 +01:00
Volker Lendecke
3b7f99e6f4 dns_server: Add add_dns_res_rec()
Same as add_response_rr(), but it copies over a dns_res_rec

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
2015-12-15 14:43:09 +01:00
Volker Lendecke
b6aaf77897 dns_server: Convert "ask_forwarder" params
Usually we have mem_ctx and ev first when doing a _send function

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
2015-12-15 14:43:09 +01:00
Volker Lendecke
4b54e14b7c dns_server: Simplify array length handling
talloc objects carry an implicit length

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
2015-12-15 14:43:09 +01:00
Volker Lendecke
3f2cbb616f dns_server: Simplify talloc handling
By making sure that the answers are always allocated, we don't have
to pass an explicit mem_ctx anymore

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
2015-12-15 14:43:09 +01:00
Volker Lendecke
9de59c7e3f dns_server: Consolidate talloc_realloc
This puts the talloc_realloc into add_response_rr instead of before
create_response_rr. It is a bit less efficient, but as we do not expect
hundreds of answers, I think this code is a bit easier to understand.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
2015-12-15 14:43:09 +01:00
Andrew Bartlett
dc20c307cc samba_upgradedns: Set correct permissions on secrets.keytab for BIND9
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-15 08:42:20 +01:00
Andrew Bartlett
308d645f34 samba_upgradedns: Improve search for existing accounts in secrets.ldb
We should actually check for the combination of both an account in secrets.ldb
and sam.ldb, but this is at least an improvement.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-15 08:42:20 +01:00
Andrew Bartlett
d38e22184e samba_dnsupdate: Simplify logic and add more verbose debugging
By reducing the intendation this code is a little clearer

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-15 08:42:20 +01:00
Andrew Bartlett
9bbb468dcb samba_dnsupdate: Expand output when --verbose is set
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-15 08:42:20 +01:00
Douglas Bagnall
ab1ebb1d1c password_lockout: test creds.get_kerberos_state()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Dec 15 03:17:52 CET 2015 on sn-devel-104
2015-12-15 03:17:52 +01:00
Douglas Bagnall
795f4729ca auth: keep track of lastLogon and lastLogonTimestamp
lastLogon is supposed to be updated for every interactive or kerberos
login, and (according to testing against Windows2012r2) when the bad
password count is non-zero but the lockout time is zero. It is not
replicated.

lastLogonTimestamp is updated if the old value is more than 14 -
random.choice([0, 1, 2, 3, 4, 5]) days old, and it is replicated. The
14 in this calculation is the default, stored as
"msDS-LogonTimeSyncInterval", which we offer no interface for
changing.

The authsam_zero_bad_pwd_count() function is a convenient place to
update these values, as it is called upon a successful logon however
that logon is performed. That makes the function's name inaccurate, so
we rename it authsam_logon_success_accounting(). It also needs to be
told whet5her the login is interactive.

The password_lockout tests are extended to test lastLogon and
lasLogonTimestamp.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
2015-12-15 00:08:57 +01:00
Douglas Bagnall
909ebe0191 password_lockout tests: add assertLoginFailure()
In a few places where a login should fail in a particular way, an
actual login success would not have triggered a test failure -- only
the wrong kind of login failure was caught.

This makes a helper function to deal with them all.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
2015-12-15 00:08:57 +01:00
Douglas Bagnall
d097e813ff auth: increase resolution for password grace period calculation
This changes the resolution of "now" from 1s to 100ns.

It should have little effect in practice, unless users are in the
habit of playing chicken with the grace period.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
2015-12-15 00:08:57 +01:00
Stefan Metzmacher
203f023382 s4:torture/winbind: add more debug output to samba4.winbind.struct.domain_info
With this we hopefully find the reason for the following flakey test:

  [1566(10157)/1882 at 1h47m18s] samba4.winbind.struct(ad_member:local)
  Running WINBINDD_DOMAIN_INFO (struct based)
  DOMAIN 'BUILTIN' => '' [ ] [S-1-5-32]
  DOMAIN 'LOCALADMEMBER' => '' [ ] [S-1-5-21-4121020324-2900821022-46155812]
  DOMAIN 'SAMBADOMAIN' => 'samba.example.com' [ PR AD NA ] [S-1-5-21-929009974-669086582-3038401809]
  DOMAIN 'TORTURE300' => 'torturedom300.samba._none_.example.com' [ AD NA ] [S-1-5-21-97398-379795-300]
  DOMAIN 'TORTURE301' => 'torturedom301.samba._none_.example.com' [ AD NA ] [S-1-5-21-97398-379795-301]
  DOMAIN 'TORTURE302' => 'torturedom302.samba._none_.example.com' [ AD NA ] [S-1-5-21-97398-379795-302]
  DOMAIN 'TORTURE303' => 'torturedom303.samba._none_.example.com' [ AD NA ] [S-0-0]
  UNEXPECTED(failure): samba4.winbind.struct.domain_info(ad_member:local)
  REASON: Exception: Exception: ../source4/torture/winbind/struct_based.c:460:
  Expression `ok' failed: SID's doesn't match

With the changes we get:

  [1566(10158)/1882 at 1h47m51s] samba4.winbind.struct(ad_member:local)
  Running WINBINDD_DOMAIN_INFO (struct based)
  LIST[0] 'BUILTIN' => '' [S-1-5-32]
  LIST[1] 'LOCALADMEMBER' => '' [S-1-5-21-734569583-677146317-1850798319]
  LIST[2] 'SAMBADOMAIN' => 'samba.example.com' [S-1-5-21-1870621479-3245899124-866531092]
  LIST[3] 'TORTURE300' => 'torturedom300.samba._none_.example.com' [S-1-5-21-97398-379795-300]
  LIST[4] 'TORTURE301' => 'torturedom301.samba._none_.example.com' [S-1-5-21-97398-379795-301]
  LIST[5] 'TORTURE302' => 'torturedom302.samba._none_.example.com' [S-1-5-21-97398-379795-302]
  LIST[6] 'TORTURE303' => 'torturedom303.samba._none_.example.com' [S-1-0-0]
  LIST[7] 'TORTURE304' => 'torturedom304.samba._none_.example.com' [S-1-0-0]
  LIST[8] 'TORTURE305' => 'torturedom305.samba._none_.example.com' [S-1-0-0]
  LIST[9] 'TORTURE306' => 'torturedom306.samba._none_.example.com' [S-1-5-21-97398-379795-306]
  LIST[10] 'TORTURE307' => 'torturedom307.samba._none_.example.com' [S-1-5-21-97398-379795-307]
  LIST[11] 'TORTURE308' => 'torturedom308.samba._none_.example.com' [S-1-5-21-97398-379795-308]
  LIST[12] 'TORTURE309' => 'torturedom309.samba._none_.example.com' [S-1-5-21-97398-379795-309]
  LIST[13] 'TORTURE310' => 'torturedom310.samba._none_.example.com' [S-1-5-21-97398-379795-310]
  LIST[14] 'TORTURE311' => 'torturedom311.samba._none_.example.com' [S-1-5-21-97398-379795-311]
  DOMAIN[0] 'BUILTIN' => '' [ ] [S-1-5-32]
  DOMAIN[1] 'LOCALADMEMBER' => '' [ ] [S-1-5-21-734569583-677146317-1850798319]
  DOMAIN[2] 'SAMBADOMAIN' => 'samba.example.com' [ PR AD NA ] [S-1-5-21-1870621479-3245899124-866531092]
  DOMAIN[3] 'TORTURE300' => 'torturedom300.samba._none_.example.com' [ AD NA ] [S-1-5-21-97398-379795-300]
  DOMAIN[4] 'TORTURE301' => 'torturedom301.samba._none_.example.com' [ AD NA ] [S-1-5-21-97398-379795-301]
  DOMAIN[5] 'TORTURE302' => 'torturedom302.samba._none_.example.com' [ AD NA ] [S-1-5-21-97398-379795-302]
  DOMAIN[6] 'TORTURE303' => 'torturedom303.samba._none_.example.com' [ AD NA ] [S-0-0]
  UNEXPECTED(failure): samba4.winbind.struct.domain_info(ad_member:local)
  REASON: Exception: Exception: ../source4/torture/winbind/struct_based.c:471: Expression `ok' failed: SID's doesn't match [S-1-0-0] != [S-0-0]

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 14 23:26:40 CET 2015 on sn-devel-104
2015-12-14 23:26:40 +01:00
Andreas Schneider
defa49e00c s4-torture: Remove obsolte code in backupkey_heimdal rpc test
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Dec 10 11:54:00 CET 2015 on sn-devel-104
2015-12-10 11:54:00 +01:00
Andreas Schneider
39bd6f0666 s4-torture: Improve backupkey test to validate the self signed cert
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-10 08:49:21 +01:00
Andreas Schneider
eb11fbaaf7 s4-torture: Add a GnuTLS based backupkey rpc test
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-10 08:49:21 +01:00
Andreas Schneider
59c11db03d s4-torture: Rename backupkey test to backupkey_heimdal
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-10 08:49:20 +01:00
Andreas Schneider
97765d48f6 s4-rpc_server: Add a GnuTLS based backupkey implementation
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-10 08:49:20 +01:00
Andreas Schneider
53e8feeb6a waf: Check for GnuTLS 3.4.7
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-10 08:49:20 +01:00
Andreas Schneider
8e096698af s4-rpc-bkrp: Do not set the ca status
Windows doesn't have any CA data set on the certificate.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-10 08:49:20 +01:00
Andreas Schneider
e8ce1f2477 s4-rpc_server: Rename dcesrv_backupkey to dcesrv_backupkey_heimdal
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-10 08:49:20 +01:00
Günther Deschner
39ec708622 s4-torture: make sure we always verify ndr pull and push of bkrp_exported_RSA_key_pair struct.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-10 08:49:20 +01:00
Volker Lendecke
dfceb51da8 libdns: Convert dns_udp_request to 0/errno
Replaces 5 calls to unix_to_werror with just one

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-08 23:01:27 +01:00
Adrian Cochrane
e153501474 ldb torture: Test ldb unpacking and printing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11602
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Fri Dec  4 09:16:22 CET 2015 on sn-devel-104
2015-12-04 09:16:22 +01:00
Ralph Boehme
0f0693d0fa s4:torture:vfs_fruit: add a test for POSIX rename
Signed-off-by: Ralph Boehme <slow@samba.org>
2015-12-01 20:45:20 +01:00
Anoop C S
d2a0806cbd s4:torture/basic: Fix misleading test case names in aliases test
Previously, "QFILEINFO aliases" was running qfsinfo_aliases and
"QFSINFO aliases" was running qfileinfo_aliases. This change
is to make sure that each of them point towards correct test cases.

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Dec  1 20:44:54 CET 2015 on sn-devel-104
2015-12-01 20:44:53 +01:00
Andreas Schneider
0733ce3c6e gensec: Fix picky unused variable errors
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-11-23 15:17:18 +01:00
Andreas Schneider
e0504a80dc s4-auth: Fix picky unused variable warning
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-11-23 15:17:18 +01:00
Andreas Schneider
5943f92d2a s4-backupkey: Don't use deprecated data structures
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Nov 17 19:52:33 CET 2015 on sn-devel-104
2015-11-17 19:52:33 +01:00
Andreas Schneider
f4da06803b s4-torture: Rename issuer unique id in backupkey test
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-11-17 16:48:24 +01:00
Andreas Schneider
f7e2399926 s4-param: Make sure newname is not used uninitialized
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-11-17 16:48:23 +01:00
Thomas Nagy
7c0575d7ba build:wafsamba: Install named.conf only once
The wildcard *.conf already lists named.conf. Adding files
more than once will cause unnecessary rebuilds and raise
errors in later Waf versions.

Signed-off-by: Thomas Nagy <tnagy@waf.io>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-11-16 11:48:14 +01:00
Günther Deschner
0137105c86 s4-auth: Fix some debugging and crash in error cases
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 13 01:43:36 CET 2015 on sn-devel-104
2015-11-13 01:43:35 +01:00
Volker Lendecke
609a92362e dns_server: Fix a clang warning
clang complains that '\0' is converted to a NULL pointer. This seems
to work fine, so make this pointer explicitly NULL. If instead we
need a "" here, we could of course do that too.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 10 10:13:18 CET 2015 on sn-devel-104
2015-11-10 10:13:18 +01:00
Mathieu Parent
c315fce17e Fix various spelling errors
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov  6 13:43:45 CET 2015 on sn-devel-104
2015-11-06 13:43:45 +01:00
Andreas Schneider
e821e4596a ntvfs: Add error debug statements for set_unix_security
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-11-05 09:23:15 +01:00
Andreas Schneider
3b7cbc2eeb s4-rpc_server: Get the real initial uid for selftest
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-11-05 09:23:15 +01:00
Andreas Schneider
c474173a83 tests: Add tests for net ads (join|leave)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Nov  4 15:35:57 CET 2015 on sn-devel-104
2015-11-04 15:35:56 +01:00
Volker Lendecke
d5cdfa0f82 backupkey: Fix CID 1338078 (RESOURCE_LEAK)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-11-03 21:43:18 +01:00
Anoop C S
af92f1b062 s4.torture.smb2/session : Replace CHECK_VAL with torture macros
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov  3 03:17:14 CET 2015 on sn-devel-104
2015-11-03 03:17:14 +01:00
Stefan Metzmacher
2f619066fb s4:heimdal_build: also use check_system_heimdal_lib() for "com_err"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2015-10-31 22:03:14 +01:00
Stefan Metzmacher
3cb1d6e7c5 s4:heimdal_build: handle CHECK_BUNDLED_SYSTEM returning False in check_system_heimdal_lib()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2015-10-31 22:03:14 +01:00
Anoop C S
f30a8a2832 s4.torture.smb2/session: Add torture assert for close
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sat Oct 31 15:52:22 CET 2015 on sn-devel-104
2015-10-31 15:52:22 +01:00
Anoop C S
e8a2ddafe4 s4.torture.smb2/session: Add torture assert for unlink
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-10-31 12:47:13 +01:00
Anoop C S
9582a484b4 s4.torture.smb2/session : Replace CHECK_STATUS with torture macros
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-10-31 12:47:13 +01:00
Douglas Bagnall
4346fe6a02 KCC: allow --test-all-reps-from to work with --import-ldif
The ldif files lack information that a normal database has, which means
the ldif import function has to use some trickery to set the local DSA.
Once the local DSA is thus set, the fake database is a bit useless from
the point of view of other DSAs. We get around this by re-importing it
each time.

This is doing something slightly different than the normal samdb
--test-all-reps-from, in that the changes are not preserved between each
DSA's run. With the samdb database (unless using --readonly), the later
DSA's will see changes the early ones made. The ordering is arbitrary.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 29 08:11:54 CET 2015 on sn-devel-104
2015-10-29 08:11:54 +01:00
Douglas Bagnall
8bdfb256d6 KCC: samba_kcc --tmpdb X won't run if X already exists
Part of an ongoing safety campaign, making it harder to overwrite
your valuable things while keeping it easy enough to test crazy schemes.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29 05:08:16 +01:00
Douglas Bagnall
e29fba640b KCC: with --import-ldif, don't default to standard DB url
Before samba_kcc would always assume `-H /usr/local/whatever`, and this
interacted badly with the likes of `--test-all-reps-from` and
`--forget-intersite-links`.  When I say badly, I mean it crashed because
the file is absent on my dev machine.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29 05:08:16 +01:00
Douglas Bagnall
46ac3a5308 KCC: kcc.import_ldif doesn't need creds
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29 05:08:16 +01:00
Douglas Bagnall
b93205ebe4 KCC: whitespace for pep8
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29 05:08:16 +01:00
Douglas Bagnall
8fe9992cff KCC: load samdb before calling kcc.run()
kcc.run() is a mega-function that does nearly everything, including
loading the database. The --list-valid-dsas and --test-all-reps-from
tasks also want to load the database, but not do all that other run()
stuff, so it makes sense to pull it out. When the samdb has not been
loaded, run() will still load it -- this avoids having to change all
the tests.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29 05:08:15 +01:00
Douglas Bagnall
ad009be329 KCC: shift --test-all-reps-from call to after kcc loading
This is in an effort to allow --test-all-reps-from to work with
--import-ldif (though so far it doesn't for other reasons). Rather than
replicate all the ldif loading logic within test_all_reps_from, we just
wait delay the test_all_reps_from() call.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29 05:08:15 +01:00
Douglas Bagnall
a9ddca042c KCC: Simplify RNG seeding logic, dropping the default value
There is no particular justification for the previous default, other
than being deterministic makes testing more reliable. The algorithms
using randomness do not assume determinism.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29 05:08:15 +01:00
Douglas Bagnall
acd77283cc KCC: default to not loading new samdb when we already have one
This should make things simpler in the --import-ldif case.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29 05:08:15 +01:00
Michael Adam
6e3cb6b24f s4:torture: fix a comment typo.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Oct 29 00:42:49 CET 2015 on sn-devel-104
2015-10-29 00:42:49 +01:00
Andrew Bartlett
be2e0e6ff7 selftest: Add sample provision of master-c596ac6 with multiple DCs
This will let us test demoting a DC from a multi-DC network

Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2015-10-26 05:11:23 +01:00