1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

100558 Commits

Author SHA1 Message Date
Amitay Isaacs
42b1d30fbb ctdb-daemon: Keep protocol.h in sync with ctdb_protocol.h
ctdb_protocol.h was modified to update default capabilities without
corresponding changes in protocol.h.

(Patch dfc84fdd45)

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2015-10-27 04:15:14 +01:00
Thomas Nagy
84b7a9f939 build:wafsamba: dead code removal in gettext detection
Since the --gettext-location command-line option has no effect, the misleading
code is removed. The samba functions ADD_CFLAGS must also be used in the future

Signed-off-by: Thomas Nagy <tnagy@waf.io>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 27 03:34:28 CET 2015 on sn-devel-104
2015-10-27 03:34:28 +01:00
Uri Simchoni
f9d6be3b74 selftest: Avoid system krb5.conf in "none" test env
Some torture tests do not perform Kerberos activity and do not
run against a server (hence the "none" test env), but do create
a krb5 context, and that causes the Kerberos libs to read
krb5.conf and choke if they don't understand it.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-27 00:28:34 +01:00
Uri Simchoni
8d3106b1a4 selftest: Avoid system krb5.conf in some test envs that don't use kerberos
Some test envs don't use kerberos (e.g. nt4_dc). However, the client
tools are built with Kerberos support and may get upset if hitting
a krb5.conf file they don't understand.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-27 00:28:34 +01:00
Uri Simchoni
63c891938a selftest: Avoid system krb5.conf in testenv provisioning
Some provisioning commands don't necessarily need a krb5.conf,
but they still must cause samba's Kerberos libraries to avoid
looking at the system krb5.conf, as this file may not be understood
by samba's Kerberos libs and fail the env provisioning.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-27 00:28:34 +01:00
Scott Lovenberg
843cb8ec5b Documentation : Add GitHub notes to README.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-27 00:28:34 +01:00
Andreas Schneider
53509452db WHATSNEW: Describe nss_wins changes
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Oct 27 00:27:22 CET 2015 on sn-devel-104
2015-10-27 00:27:22 +01:00
Andreas Schneider
5ab1452436 nss_wins: Use libwbclient to query wins server
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11563

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2015-10-26 21:23:21 +01:00
Andreas Schneider
0abbfb2e4d nss_wins: Use lp_global_no_reinit()
This avoids that we run into use after free issues when we access memory
allocated on the globals and the global being reinitialized.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11563

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2015-10-26 21:23:21 +01:00
Andrew Bartlett
0d962e010e selftest: Confirm a demote of a real network works
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Oct 26 08:17:47 CET 2015 on sn-devel-104
2015-10-26 08:17:47 +01:00
Andrew Bartlett
be2e0e6ff7 selftest: Add sample provision of master-c596ac6 with multiple DCs
This will let us test demoting a DC from a multi-DC network

Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2015-10-26 05:11:23 +01:00
Andrew Bartlett
97577fd088 Add samba4.smb2.create.mkdir-dup(ad_dc_ntvfs) as flapping
This test sometimes succeeds, depending on the build environment.

(Corrects earlier patch to also remove from knownfail)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11486
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:22 +01:00
Andrew Bartlett
55a13e17b3 samba-tool domain demote: Add support for removing by NTDS GUID
This would help remove a DC that is a conflict record, for example

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:22 +01:00
Andrew Bartlett
e57dcddfe8 samba-tool domain demote: Add --verbose and --quiet options
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:22 +01:00
Andrew Bartlett
642de9193f samba-tool domain demote: Remove dns-SERVER object as well
This object is not in standard AD, but Marc Muehlfeld
correctly notes that Samba creates it for BIND9_DLZ

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:22 +01:00
Andrew Bartlett
145bb6fd7b samba-tool domain demote: Remove all references to the demoted host, even in DNS
We search the in-directory DNS records for entries that point to the
name or IP that the dead DC was using, and remove them

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:22 +01:00
Andrew Bartlett
3226077627 pydns: Add replace_by_dn()
This allows us to find a DNS record by searching LDB and unpacking the dnsRecord
but replace the record using the common code that will create a tombstone

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:22 +01:00
Andrew Bartlett
a3b92a50d1 samba-tool domain demote: Use dn.add_base/dn.add_child
This is done primarilly to set the pattern that we should manipulate ldb.Dn values
with the helper routines, not just by concatonation via format strings.

We also restrict our exception hadling to only the expected errors, not
all errors.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:22 +01:00
Andrew Bartlett
00ffb67be2 samba-tool domain demote: Remove correct DNs and from the correct locations
The previous code missed the CN=DFSR-GlobalSettings children and did
not cope with subdomains.  The root DN may not be the domain DN if
we are a subdomain.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:22 +01:00
Andrew Bartlett
fff09dae6d dns_server: Give WERR_DNS_ERROR_NAME_DOES_NOT_EXIST on empty records
When not looking for tombstones, a record without a dnsRecord value may as
well not be present, so just return WERR_DNS_ERROR_NAME_DOES_NOT_EXIST

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:22 +01:00
Andrew Bartlett
27039a7b1c selftest: Add tests confirming the demote actually removes objects
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:22 +01:00
Andrew Bartlett
e432c1b682 samba-tool domain demote: Refuse to remove ourself
This ensures that a different server is the one being demoted from the local database

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:22 +01:00
Andrew Bartlett
097435cfd9 selftest: Run samba-tool domain demote while we have a clone of the DB handy
This avoids needing to run the demote on the main replicated DB
of the selftest system

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:22 +01:00
Andrew Bartlett
1f88353713 samba-tool domain demote: Rework to allow cleanup of partial demotion, catch more errors
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:22 +01:00
Andrew Bartlett
8086900077 selftest: Make it clear that the first argument to KCC.run() is unused
This is unused because we have already provided a database via import_ldif

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:22 +01:00
Andrew Bartlett
6965c98159 selftest: Run demote test against the RODC environment also 2015-10-26 05:11:21 +01:00
Andrew Bartlett
cf075f2381 selftest: Reorder tests.py to ensure that demote, then dbcheck run last.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
f121173cbf samba-tool domain demote: Allow to operate on an RODC and a subdomain
On an RODC the local database cannot be modified, and the flags to remove
are different, we need instead to remove UF_PARTIAL_SECRETS_ACCOUNT.

If we are in a subdomain, then db.get_root_basedn() points to the
forest root, not the root of our domain

If the removeDsServer() fails with WERR_DS_DRA_NO_REPLICA
this may be reasonably considered to be success in this case.

Finally, the remove_dc.remove_sysvol_references() is reused
for objects not under the computer account.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

domain demote

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
1874f59200 samba-tool domain demote: Add --remove-other-dead-server
The new version of this tool now can remove another DC that is
itself offline.  The --remove-other-dead-server removes
as many references to the DC as possible.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
2191fcaedc dns_server: Add python method to extract a DNS entry from a ldb.MessageElement
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
b48776d78b pydsdb: Also accept ldb.MessageElement values to dsdb routines
This shows the correct way to accept a value that may be a list of strings
or a proper ldb.MessageElement.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
87cd68c1dc dns_server: Add a python module directly accessing DNS records in sam.ldb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
0504065948 dns_server: Put more code in common
This will allow a python module to be written to modify DNS entries in sam.ldb directly

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
2715805f4c selftest: Add tests for samdb_to_ldif_file
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
dadfffb519 python/kcc: Write correct module list into the file during ldif_to_samdb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
1c02f2801e ldb: Fix python bindings to accept a string as a DN
This fixes add_base(), add_child() and is_child_of().

This removes a toally incorrect cast of struct ldb_dn to struct ldb_context.

A helper routine is used instead

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
ffe8090c89 samba-tool drs clone-dc-database: Require --targetdir
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
04512d1a9d repl: Use DSDB_REPL_FLAG_PRIORITISE_INCOMING in samba-tool drs replicate --local
Previously this would only be set when we did server-to-server replication

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
d1d5ec311a samba-tool drs clone-dc: Add --include-secrets option
This allows the creation of domain clones that have no secrets,
and so make it safer to examine databases that demonstrate issues

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
4b25650577 repl: Give an error if we get a secret when not expecting one
We should never get a secret from a server when we specify DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING

This asserts that this is the case.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
6d301ad1c9 samba-tool: Add new command 'samba-tool drs clone-dc-database'
This command makes a clone of an existing AD Domain, but does not
join the domain.  This allows us to test if the join would work
without adding objects to the target DC.

The server password will need to be reset for the clone to
be any use, see the source4/scripting/devel/chgtdcpass

(Based on patches written with Garming Sam)

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
80171ddcff samba-tool: Remove vampire subcommand and now unused libnet_Vampire()
This has been deprecated for a long time now

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Andrew Bartlett
6cd8e79257 repl_meta_data: Print more detail into the LDB error string, not just DEBUG()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-10-26 05:11:21 +01:00
Volker Lendecke
0a924d13cf smbd: Send SMB2 oplock breaks unencrypted
This is not what Windows server does, but it seems that Windows
clients expect.  Windows->Windows never runs into this issue, because
an encryption-enabled SMB3 connection will always use leases, and lease
breaks *are* unencrypted...

You can reproduce the issue Windows->Windows by disabling leases on the
Windows server. Disable leases using the registry key:

HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\DisableLeasing

Dochelp confirmed that this is a valid workaround for Windows clients
dropping encrypted oplock breaks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11570

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 24 05:01:32 CEST 2015 on sn-devel-104
2015-10-24 05:01:32 +02:00
Anoop C S
11620aefac smbd/quotas: Remove invalid quota status switch case
getquota_rslt structure from rquota.h defines the enum
named status whose values start from 1. But in quotas.c
we have an invalid check for status 0. This change is
to remove that particular switch case.

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 24 01:31:21 CEST 2015 on sn-devel-104
2015-10-24 01:31:21 +02:00
Andrew Bartlett
3e6af7109e autobuild: Confirm we can build without --enable-developer
We also confirm that such builds do not contain the NTVFS file server

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-10-23 22:27:30 +02:00
Andrew Bartlett
d7cc5d459c Add samba4.smb2.create.mkdir-dup(ad_dc_ntvfs) as flapping
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-10-23 22:27:30 +02:00
Andrew Bartlett
71dcc76b70 build: Enable NTVFS file server to be omitted
We now only build it by default with --enable-sefltest, or otherwise
if requested.

The NTVFS file server still has features not present in the smbd file
server, such as a CIFS/SMB proxy, and a radically different design,
but it is also not undergoing any ongoing development so this keeps it
in a safe state for care and maintaince, with less of a security risk
if such an issue were to come up.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-10-23 22:27:30 +02:00
Martin Schwenke
0ccf842e12 ctdb-scripts: Use "ctdb ip all" instead of "ctdb ip -n all"
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Oct 23 06:44:45 CEST 2015 on sn-devel-104
2015-10-23 06:44:45 +02:00
Martin Schwenke
94898dd5b0 ctdb-doc: Stop using "ctdb -n all ..."
This is deprecated.  For many commands it doesn't make sense.  Instead
of "ctdb ip -n all" use "ctdb ip all".

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2015-10-23 03:43:26 +02:00