1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

102997 Commits

Author SHA1 Message Date
Amitay Isaacs
63f7466490 ctdb-tests: Get rid of ctdb func tests
This tested parse_nodestring function from tools/ctdb.c.  However,
ctdb.c is soon going to be replaced with the code using new client API.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-05-10 22:51:22 +02:00
Douglas Bagnall
91f6439929 tests/dcerpc: add tests for string allocation and deletion
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 10 05:11:42 CEST 2016 on sn-devel-144
2016-05-10 05:11:42 +02:00
Douglas Bagnall
eab6796f5b selftest: Enable samba.tests.dcerpc.array test
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-10 01:43:15 +02:00
Douglas Bagnall
4c7a3fd567 tests/dcerpc/array.py: test deletion of arrays
We expect an AttributeError.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-10 01:43:15 +02:00
Douglas Bagnall
ed11ce8f12 Python pidl: avoid segfault with "del obj->attr"
Deleting an attribute in Python (using the "del" statement) is (at
some stages along a winding path, for C objects) converted into
setting the attribute to NULL. Not None, actual NULL. The way we
handled this NULL was to dereference it. This changes the behaviour to
raising an AttributeError, which is more or less what Python does in
similar situations with builtin objects.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-10 01:43:15 +02:00
Douglas Bagnall
2ba83ae49b pytalloc: avoid double 0x0x in repr strings
The %p format puts one in itself.

Before: <drsblobs.repsFromTo2 talloc based object at 0x0x1b551e0>
After:  <drsblobs.repsFromTo2 talloc based object at 0x1b551e0>

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-10 01:43:15 +02:00
Andrew Bartlett
f6c79072ca pidl: Correct string handling to use talloc and be in common
The previous string handling assumed the python variables referenced
by PyString_AS_STRING had infinite life.  When they were re-used
the C structure started to point at unexpected things.

We now check correctly for Unicode in every case, and we always
duplicate the string with talloc_strdup()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-10 01:43:15 +02:00
Andrew Bartlett
9e2c1f72e0 join.py: Fetch the remote DC NTDS GUID early
This avoids touching the LDAP connection after the long replicate cycle, as it may
have timed out

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-10 01:43:14 +02:00
Andrew Bartlett
bcace463b9 selftest: Include a few more details in selftest and samba startup.
This helps us understand failure modes in selftest

Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2016-05-10 01:43:14 +02:00
Andrew Bartlett
9084dae5aa repl_meta_data: Explain why time(NULL) is good enough here
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-10 01:43:14 +02:00
Andrew Bartlett
2f44f370d8 ldb: Fix error string when renaming to an DN that already exists
We were printing the DN renamed from, not the DN being renamed to.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-10 01:43:14 +02:00
Douglas Bagnall
891abcf78f source4/registry/local: avoid str_list_length() to check first element
We don't need to walk to the end of the list to find out if the first
one is NULL.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-10 01:43:14 +02:00
Douglas Bagnall
8a3c9056bd dsdb schema_query: reduce calls to str_list_length
We were calling str_list_length(new_attrs) three times when one is
enough.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-10 01:43:14 +02:00
Douglas Bagnall
dfa9a5c928 dsdb/common/util: be careful about zero length string lists
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-10 01:43:14 +02:00
Douglas Bagnall
cc6ed8f126 dsdb/common/util: remove some unnecessary str_list_length()s
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-10 01:43:14 +02:00
Douglas Bagnall
6bb577f254 source4/param/pyparam.c: fix strange indentation
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-10 01:43:14 +02:00
Douglas Bagnall
4456f38612 python/join.py: Avoid unchecked print in error path
In autobuild this print causes an IOError when stdout is dead,
which hides the exception you care about and prevents the actual
clean up.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-10 01:43:14 +02:00
Andrew Bartlett
e822b31238 dsdb: Improve debug messages in operational module
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-10 01:43:14 +02:00
Andrew Bartlett
d6cebedc01 dsdb: Clarify rename handling as to which record is being renamed
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-10 01:43:14 +02:00
Andrew Bartlett
90cbf4fb20 selftest: Wait 60 seconds for a RID alloc
This ensures we give it a reasonable enough chance to start up.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-10 01:43:14 +02:00
Andrew Bartlett
2855a30ecc selftest: Print a message when RID allocation fails
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-10 01:43:13 +02:00
Stefan Metzmacher
58a8323629 libcli/auth: let msrpc_parse() return talloc'ed empty strings
This make it more predictable for the callers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11912
BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1334356
BUG: https://launchpad.net/bugs/1578576

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon May  9 22:27:21 CEST 2016 on sn-devel-144
2016-05-09 22:27:21 +02:00
Volker Lendecke
a3f3a6c354 smbd: Remove an unused #define
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May  9 17:20:22 CEST 2016 on sn-devel-144
2016-05-09 17:20:22 +02:00
Uri Simchoni
6379737b7d heimdal: encode/decode kvno as signed integer
This patch changes the encoding/decoding of kvno (key version number)
in blobs and packets to signed integer, for compatibility with Windows.
Reportedly, MIT Kerberos does the same.

This patch effectively reverts commit 1124c4872dfb81bec9c4b527b8927ca35e39a599
in the heimdal tree.

According to the Kerberos spec (RFC 4120 5.2.9), the kvno field
in encrypted data object is an unsigned integer that fits in
32 bits. The Heimdal Kerberos component bundled with Samba
conforms to this. However, Windows deviates from the standard
and encodes kvno as a signed integer, and this creates
interoperability issues.

ASN.1 DER has no special encoding for unsigned integer. A 32-bit
unsigned integer is encoded as a signed integer, so while a signed
32-bit integer (covering the range of -0x80000000..0x7fffffff) is
encoded using up to 4 bytes, an unsigned integer (covering
0..0xffffffff) could require 5 bytes.

Normally, kvno for a given account starts at 1 and increments on
password changes. Kerberos defined this as unsigned because there's
no meaning for negative version numbers, so the standard writers figured
4 billion versions is better than 2 billion. It was not
expected for a kvno to really go past 0x7fffffff and the disctinction
usually does not matter. However, RODCs use kvnos which
have the most-significant bit set.

In Active Directory, RODCs have a private secret for the krbtgt,
because the assumption is that the RODC is less secure, and
recovering the domain krbtgt secret from the RODC would compromise
the security of the entire domain. The kvno field is being used
to identify the private krbtgt account that owns the key - the
upper 16 bits are the RODC id, and the lower 16 bits identify
the key version number for this specific RODC. It's common to
have an RODC id greater than 0x8000, and therefore to have a
kvno larger than 0x7fffffff, which would be DER-encoded using
5 bytes.

Windows encodes kvno as signed integer - basically taking the
32 bits and treating them as a signed integer rather than an
unsigned integer. This means that in Windows a kvno can
always be encoded using 4 bytes, and Windows DCs reject a kvno
encoded using more than 4 bytes without even generating an error
response (the DC assumes it's an attack).

Heimdal re-encodes the TGT when it creates a TGS request. Obviously
it cannot decode and encode the encrypted parts but it does re-encode
the plain parts, which include the kvno. That leads to a 5-byte
kvno in the TGS request, which is rejected without an error
response.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11900

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat May  7 21:14:21 CEST 2016 on sn-devel-144
2016-05-07 21:14:21 +02:00
Raghavendra Talur
ebd139c4db init: set core file size to unlimited by default
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11907

Signed-off-by: Raghavendra Talur <rtalur@redhat.com>

Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri May  6 19:15:17 CEST 2016 on sn-devel-144
2016-05-06 19:15:17 +02:00
Martin Schwenke
866ca591d4 ctdb-recoverd: Fold IP allocation house-keeping into IP verification
Now all the IP takeover code for non-master node is in this function.
The function can always be renamed to something more suitable.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri May  6 15:10:59 CEST 2016 on sn-devel-144
2016-05-06 15:10:59 +02:00
Martin Schwenke
4947789b2a ctdb-recoverd: Clean up local IP verification
Update log levels and messages, comments and wrapping of long lines.
No functional changes.

Note that interfaces_have_changed() already does adequate logging.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
bdcc796f3c ctdb-recoverd: Skip known IP address checking when it is disabled
When public IP checking is disabled, verify_local_ip_allocation()
still retrieves known IP addresses and runs through a loop that does
nothing.

Instead, completely skip the retrieval and checking loop.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
fc4cbf5528 ctdb-recoverd: Check that IP failover is active in IP verification
This makes verify_local_ip_allocation() self-contained and simplifies
main_loop().

Due to indentation changes, this commit is most easily read when
ignoring whitespace.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
ff28cbb73d ctdb-recoverd: Call election when necessary in recovery master validation
There is no need to return one of several states and then trigger an
election for one of those return states.  Have the recovery master
validation trigger the election directly and just return whether
monitoring should continue.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
e8c33aa24a ctdb-recoverd: Simplify return values when updating local flags
Change this to return just 0 or -1.  It isn't monitoring anything.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
0a9401ff0e ctdb-recoverd: Drop unreachable code
update_local_flags() never returns MONITOR_ELECTION_NEEDED, so drop
this entire if-statement.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
e225fbd38c ctdb-protocol: Drop unused CTDB_SRVID_TAKEOVER_RUN_RESPONSE
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
4bef374e31 ctdb-daemon: Don't use CTDB_SRVID_TAKEOVER_RUN_RESPONSE
Nobody registers a handler for this message type.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Martin Schwenke
3e272e081f ctdb-recover: Avoid duplicate deferred attach processing
Deferred attach processing is done unconditionally at this point.  It
is then done again if recovery lock checking is done and completes
successfuly.  If the recovery lock checking fails then it should not
be done at all.

Move this processing so it is done with the early exit when the
recovery lock is not being used.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-05-06 11:39:09 +02:00
Garming Sam
f74f2e081e examples/crackcheck: allow compilation with current builds
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Fri May  6 08:32:52 CEST 2016 on sn-devel-144
2016-05-06 08:32:52 +02:00
Garming Sam
38e08d7174 typo: mplementation => implementation
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-06 05:03:16 +02:00
Garming Sam
d4b3cb0dd2 manpages: Markup led to missing space
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-06 05:03:16 +02:00
Uri Simchoni
25ac39268f WHATSNEW: Document "only user" removal
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May  6 05:02:08 CEST 2016 on sn-devel-144
2016-05-06 05:02:08 +02:00
Uri Simchoni
b51add1f3b smbd: remove "only user" and "username" parameters
These have long been superseded by "valid users"

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-06 01:32:24 +02:00
Uri Simchoni
dc3e224408 Reset WHATSNEW.txt for 4.5.x series
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-06 01:32:24 +02:00
Stefan Metzmacher
83b64ae64b talloc: version 2.1.7
* Fix memory leak when destructors reparent children. (bug #11901)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May  5 22:33:04 CEST 2016 on sn-devel-144
2016-05-05 22:33:04 +02:00
Saji VR
d4d14b15b6 lib:talloc. Fix memory leak when destructors reparent children.
If a destructor reparents a child, we shouldn't exit the
loop freeing children as there may be others to process.

https://bugzilla.samba.org/show_bug.cgi?id=11901

Signed-off-by: Saji VR <saji.vr@nutanix.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May  5 08:33:53 CEST 2016 on sn-devel-144
2016-05-05 08:33:53 +02:00
Garming Sam
2fe2e662db autobuild: fix typo in autobuild success subject line
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu May  5 04:15:16 CEST 2016 on sn-devel-144
2016-05-05 04:15:16 +02:00
Ralph Boehme
625dcef765 vfs_fruit: add an option that allows disabling POSIX rename behaviour
https://bugzilla.samba.org/show_bug.cgi?id=11721

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May  5 00:04:50 CEST 2016 on sn-devel-144
2016-05-05 00:04:50 +02:00
Robin McCorkell
2a872e2b66 Correctly set cli->raw_status for libsmbclient in SMB2 code
The SMB2 file handling code wasn't correctly setting raw_status, which
is used by libsmbclient to report file open errors etc.

https://bugzilla.samba.org/show_bug.cgi?id=11276

Signed-off-by: Robin McCorkell <robin@mccorkell.me.uk>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-05-04 20:35:07 +02:00
Ralph Boehme
0f6d51f34b s3:libnet:libnet_join: add netbios aliases as SPNs
Add all listed smb.conf netbios aliases as SPNs to the machine account:

  HOST/NETBIOS_ALIAS@REALM

and

  HOST/netbios_alias.dnsdomain.name@REALM

Bug: https://bugzilla.samba.org/show_bug.cgi?id=1703

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May  4 17:58:05 CEST 2016 on sn-devel-144
2016-05-04 17:58:05 +02:00
Christian Ambach
f85b30ae78 s3:smbd remove todo comments
as the service is set to be case insensitive for SMB2 now,
there is no need to set FLAG_CASELESS_PATHNAMES as flag

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May  4 05:00:36 CEST 2016 on sn-devel-144
2016-05-04 05:00:36 +02:00
Christian Ambach
c519cc8b98 selftest: test for case insensitivity over SMB2/SMB3
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-04 01:28:23 +02:00
Christian Ambach
a9ccd50b63 s3:smbd/filename remove smelly code
not sure how this chunk ended up there, but I agree with
the statement in the comment that behavior should not depend
on developer mode

make test does not seem to depend on it anymore.

This piece had some bad influence on the tests I wrote
for case insensitivite behavior of SMB2/3, so let us
remove this technical debt.

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-04 01:28:23 +02:00