1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

94130 Commits

Author SHA1 Message Date
Felix Botner
5b1d6e722e samba-tool dbcheck: handle missing objectClass
In several cases we have seen objects without the objectClass attribute.
Here the suggestion for a patch to find such objects in "samba-tool dbcheck"
with the option to delete them.

(patch improved by Andrew Bartlett to suggest DRS re-replication)

Signed-off-by: Felix Botner <botner@univention.de>

Change-Id: I8eb0d191a2089271a9af5884d6bfbf173a5c85c6
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-03-27 00:36:31 +01:00
Andrew Bartlett
74a83be540 dsdb: Improve missing objectClass handling
This attempts to permit deletion of objects that have no objectClass
to allow dbcheck to clean up a corrupt database.  It is not complete,
the replmd_replPropertyMetaDataCtr1_sort_and_verify() call will still
fail, but this is as much as is safe to do without a way to replicate
the original issue.

Andrew Bartlett

Change-Id: If0b6c7f18e8aee587e6b3b4af878a0145f5eac37
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-03-27 00:36:31 +01:00
Andrew Bartlett
df2ef57584 dsdb: Improve errors and checks for missing objectClass values
Change-Id: I8c4ac679accc90748d20c9c86986b127c939fa75
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-03-27 00:36:31 +01:00
Andrew Bartlett
dac1411b9e dsdb: Clarify how the DSDB_REPL_FLAG_PRIORITISE_INCOMING flag works
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: Ib9f2f4ba417dbf0ee24b6e7db02d78a9bfe8850c
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-03-27 00:36:31 +01:00
Andrew Bartlett
20a665ae09 dsdb: Do not update notify_uSN until the transaction is genuinely committed to the DB
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: I734bc75ed348de8f0a5ff92e18e08de2340b8951
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-03-27 00:36:31 +01:00
Martin Schwenke
3d5b80f26a ctdb-tests: Add NAT gateway eventscript unit tests for static routes
Signed-off-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Mar 26 06:24:01 CET 2014 on sn-devel-104
2014-03-26 06:24:01 +01:00
Martin Schwenke
70bbbbe448 ctdb-eventscripts: CTDB_NATGW_STATIC_ROUTES can specify gateways
Extend CTDB_NATGW_STATIC_ROUTES so that each network can have an
optional gateway that overrides CTDB_NATGW_DEFAULT_GATEWAY.

Signed-off-by: Martin Schwenke <martin@meltin.net>
2014-03-26 04:21:42 +01:00
Martin Schwenke
34682affe9 ctdb-eventscripts: New configuration variable CTDB_NATGW_STATIC_ROUTES
This can be used to create more specific NATGW routes than the usual
NATGW default route.

Signed-off-by: Martin Schwenke <martin@meltin.net>
2014-03-26 04:21:42 +01:00
Martin Schwenke
7705efc355 ctdb-eventscripts: Clarify that CTDB_NATGW_DEFAULT_GATEWAY is optional
This has been implied since the command to add the route has had
errors redirected to /dev/null.  If infrastucture (e.g. ADS, DNS) is
on the same network as CTDB_NATGW_PUBLIC_IP then no route is
necessary.

Signed-off-by: Martin Schwenke <martin@meltin.net>
2014-03-26 04:21:42 +01:00
Martin Schwenke
8a3be1f1a9 ctdb-eventscripts: Improve check in NATGW "startup" event
Although the dots in $CTDB_NATGW_PUBLIC_IP could probably only help
match an invalid public IP address, this is only executed once so do
as exact a check as possible.

Use CTDB_BASE instead of hardcoding /etc/ctdb.

Make the error message less redundant.

Signed-off-by: Martin Schwenke <martin@meltin.net>
2014-03-26 04:21:42 +01:00
Martin Schwenke
e22a22b1f7 ctdb-eventscripts: Reformat natgw_clear()
Signed-off-by: Martin Schwenke <martin@meltin.net>
2014-03-26 04:21:42 +01:00
Martin Schwenke
3c839c60d1 ctdb-eventscripts: Rename some NAT gateway functions
delete_all() really needed renaming for clarity.  While doing this,
might as well rename some of the others that don't start with
"natgw_".

Signed-off-by: Martin Schwenke <martin@meltin.net>
2014-03-26 04:21:42 +01:00
Martin Schwenke
c0e239473b ctdb-tests: Add a test for NAT gateway sanity checking
Signed-off-by: Martin Schwenke <martin@meltin.net>
2014-03-26 04:21:42 +01:00
Martin Schwenke
4ee4925d41 ctdb-eventscripts: Sanity check NAT gateway configuration
NAT gateway really can't operate unless most of the configuration
variables are set.

A check in delete_all() can be removed - strange that this isn't also
done in the add case.

Signed-off-by: Martin Schwenke <martin@meltin.net>
2014-03-26 04:21:41 +01:00
Martin Schwenke
0953f5799c ctdb-eventscripts: Improve readability of NAT gateway update code
Put the code into a couple of usefully named functions.

Signed-off-by: Martin Schwenke <martin@meltin.net>
2014-03-26 04:21:41 +01:00
Martin Schwenke
7fdd6b7861 ctdb-tests: Add some tests for 11.natgw eventscript
This includes adding support for:

* Configuring fake NATGW state in the eventscript unit tests

* "natgwlist" and "setnatgwstate" in ctdb command stub

* ip command stub to default to "main table" when no table specified,
  allow routes to be added without "dev" option (just add a default
  dev), support "metric" option

Signed-off-by: Martin Schwenke <martin@meltin.net>
2014-03-26 04:21:41 +01:00
Martin Schwenke
feeb9843bf ctdb-eventscripts: Use set_proc() to update /proc
In case we want to write some unit tests in the future.

Signed-off-by: Martin Schwenke <martin@meltin.net>
2014-03-26 04:21:41 +01:00
Andrew Bartlett
233e3c9631 selftest: Remove print_smbtorture4_version and smbtorture4_possible check
smbtorture is now always the same version as the rest of Samba, and is strictly required.

Andrew Bartlett

Change-Id: I89d9c52275477177fa8a89050920ff8a2fec9288
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 26 04:20:16 CET 2014 on sn-devel-104
2014-03-26 04:20:16 +01:00
Andrew Bartlett
d3cd9f1575 dsdb: Do checks for invalid renames in samldb, before repl_meta_data
This ensures that conflict objects can be created in CN=System, and
that we do not stop replication just because some other DC allowed a
rename we do not like.

This is achived by doing the work in the samldb module, which is above
repl_meta_data in the stack.

Andrew Bartlett

Change-Id: I8c1a7d3e0fbd5a470cf1326cc055044ca885f7d9
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenter Kukkukk <kukks@samba.org>
Tested-by: Guenter Kukkukk <kukks@samba.org>
2014-03-26 02:21:24 +01:00
Björn Baumbach
a7df00c820 s3-nmbd: reset debug settings after reading config file (bug #10239)
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 25 18:29:06 CET 2014 on sn-devel-104
2014-03-25 18:29:06 +01:00
Jeremy Allison
a9fa09723b s3: smbd: Factor out code that calls getgroups_unix_user() into a separate function.
This code needs to special-case the guest user, as
this token can have the token_sid[0] set to the Guest
SID, not the mapping of UNIX uid -> SID.

Other users that may have a well-known SID
set in token_sid[0] (like SYSTEM) are usually
not mappable to UNIX users and can be ignored
when adding local groups from /etc/group.

Found by <linux@kukkukk.com>.

Second part of the bugfix for:

https://bugzilla.samba.org/show_bug.cgi?id=10508

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by:  Andrew Bartlett <abartlet@samba.org>
2014-03-25 16:24:13 +01:00
Stefan Metzmacher
547111b2cf s4:librpc/rpc: use dcerpc_binding_get_object() in order to pass the object to the epmapper
This way we'll be able to do epmapper lookups for the DFS-R (MS-FRS2) endpoint, by using
"5bc1ed07-f5f5-485f-9dfd-6fd0acf9a23c@ncacn_ip_tcp:hostname.exmple.com[krb5,seal]"
as binding.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 25 02:43:39 CET 2014 on sn-devel-104
2014-03-25 02:43:39 +01:00
Stefan Metzmacher
f17b5b2fe4 s4:librpc/tests: assert the the abstract syntax has the expected value (null)
This makes sure that it's not mixed with the object guid anymore.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:29 +01:00
Stefan Metzmacher
c25b5b3579 librpc/rpc: finally maintain only the object guid
This has nothing to do with ndr_syntax_id...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:29 +01:00
Stefan Metzmacher
5f402dcdf7 librpc/rpc: maintain "abstract_syntax" as string option of dcerpc_binding
This should not be mixed with the object guid! They are different things!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:29 +01:00
Stefan Metzmacher
a2ec73050c s4:librpc/tests: reset the object on the binding created from the tower
The tower doesn't contain information about the object only about
the abstract syntax.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:29 +01:00
Stefan Metzmacher
46eb9fa23c s4:torture/raw: fix debug message in torture_raw_qfileinfo_pipe()
We no longer use dcerpc_pipe_open_smb() there.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:29 +01:00
Stefan Metzmacher
df088041c8 s4:torture/rpc: make use of dcerpc_binding_handle_auth_info() in backupkey.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:29 +01:00
Stefan Metzmacher
1d819eda5c s4:torture/rpc: make use of dcerpc_binding_handle_auth_info() in lsa.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:29 +01:00
Stefan Metzmacher
08ec25555d s4:torture/rpc: fix altercontext test against windows
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
495a76b9f6 s4:torture/rpc: remove bogus rpc.multibind test
We can later add a more useful test that tests
security context multiplexing correctly.

And another one that demonstrates that only DCERPC_BIND
must be the first (and only the first) PDU on a connection.
Otherwise DCERPC_ALTER_CONTEXT is used.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
66624e475d s4:selftest: don't run rpc.multibind anymore
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
0e902b83b4 s4:dsdb/repl: make use of dcerpc_binding_handle_is_connected()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
70fc746235 s4:librpc/test: test ipv6 addresses in dcerpc_binding strings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
4c98f1651d librpc/rpc: handle ipv6 addresses without transport in dcerpc_parse_binding()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
9f5bf79341 librpc/rpc: add "schannel" => DCERPC_SCHANNEL as ncacn_option
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
0ecf01a137 s4:librpc/tests: add more no transport tests
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
8a66947073 lib/util: let is_ipaddress_v6() cope with "fe80::1234%3"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
dbf37008e0 s4:librpc/rpc: correctly map the fault code of alter context to NTSTATUS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
c2f731e324 s4:librpc/rpc: remove unused dcecli_connection->binding_string
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
983ec866af s4:torture/rpc: avoid using dcecli_connection->binding_string
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
002a0fb86e librpc/rpc: use dcerpc_binding_set_string_option(b, "endpoint", NULL) to reset the endpoint
We should always go through just one code path to [re]set a value.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
7782fbe12b librpc/rpc: let dcerpc_binding_set_transport() also reset the assoc_group_id
This is transport/endpoint specific.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
d6794ec2aa libcli/smb: reuse tstream_smbXcli_np_disconnect_send/recv as helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
5b1d9f7a82 libcli/smb: add tstream_smbXcli_np_disconnect_cleanup() to handle talloc_free(req)
If the tevent_req of tstream_smbXcli_np_disconnect_* is explicitly or
implicitly free'ed, we need to make sure we still deliver the
close request to the server! Otherwise the SMB signing sequence gets out of
sync.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
6260de7221 libcli/smb: make TSTREAM_SMBXCLI_NP_MAX_BUF_SIZE public
This should be used to negotiate the may fragment size
of DCERPC connections.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
96e1bcde2b libcli/smb: keep references to smbXcli_{conn,session,tcon} in tstream_smbXcli_np
This fixes some valgrind errors when the smbXcli_tcon disappears before the
smbXcli_conn.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
ea53ba15ee s4:torture/rpc: fix error path in torture_leave_domain()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
David Disseldorp
95d9f16362 librpc: inline CHECK_SYNTAX macro logic
The CHECK_SYNTAX macro is currently used to compare ndr_syntax_ids and
return false on mismatch. Macros affecting control flow are evil!

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar 24 21:46:39 CET 2014 on sn-devel-104
2014-03-24 21:46:39 +01:00
David Disseldorp
5ccecec3ca librpc: inline VT CHECK macro logic
The CHECK macro is currently used to dump error and return false on
VT condition check failure. Macros affecting control flow are evil!

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-03-24 19:45:12 +01:00