1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

378 Commits

Author SHA1 Message Date
Andrew Bartlett
adb776149e s4-dsdb: Require that the NTDS object is an nTDSDSA objectclass
This should avoid a user being able to specify the GUID of a different
type of object.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-01-31 12:50:33 +00:00
Andrew Bartlett
d5a2af3fea s4-dsdb: Split samdb_get_ntds_obj_by_guid() out of samdb_is_rodc()
This will allow the logic here to be tighened up and shared
in the next few commits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-01-31 12:50:33 +00:00
Andrew Bartlett
8e1122420e s4-dsdb: Add dsdb_normalise_dn_and_find_nc_root() around dsdb_find_nc_root()
Reuse the search done for dsdb_find_nc_root() to normalise the DN.

This will allow a GUID-input DN to be compared safely with a RID Manager DN
or Naming Context.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-01-31 12:50:33 +00:00
Andrew Bartlett
0f501b2316 s4-dsdb: Add better debugging to dsdb_objects_have_same_nc()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-01-31 12:50:33 +00:00
Andrew Bartlett
d0444be4b7 s4-dsdb: Make dsdb_find_nc_root() first try and use DSDB_CONTROL_CURRENT_PARTITION_OID
This allows lookup of a DN with a GUID only or GUID and string,
possibly not yet in the database, yet still getting the correct result.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-01-31 12:50:33 +00:00
Andrew Bartlett
d43adae855 s4-dsdb: Rework dsdb_find_dn_by_guid() to use GUID_buf_string()
This avoids a talloc_strdup() and so a failure path.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-01-31 12:50:32 +00:00
Joseph Sutton
16b7c1f3d8 s4-dsdb: Make tdo_attrs static const
This follows the same with 'attrs' in the previous commit.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-10-21 03:57:33 +00:00
Joseph Sutton
fb1718094d s4-dsdb: Rename user_attrs to attrs to avoid conflict and add static const
This now local and static const list was otherwise a duplicate symbol
shadowing with the global user_attrs.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-10-21 03:57:33 +00:00
Joseph Sutton
7981cba87e CVE-2021-20251 dsdb/common: Remove transaction logic from samdb_set_password()
All of its callers, where necessary, take out a transaction covering the
entire password set or change operation, so a transaction is no longer
needed here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12 23:07:38 +00:00
Joseph Sutton
336e303cf1 CVE-2021-20251 auth4: Detect ACCOUNT_LOCKED_OUT error for password change
This is more specific than NT_STATUS_UNSUCCESSFUL, and for the SAMR
password change, matches the result the call to samdb_result_passwords()
would give.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12 23:07:37 +00:00
Gary Lockyer
2087b0cd98 CVE-2021-20251 auth4: split samdb_result_msds_LockoutObservationWindow() out
samdb_result_msds_LockoutObservationWindow() is split out of
samdb_result_effective_badPwdCount()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12 23:07:37 +00:00
Joseph Sutton
c2ab1f4696 CVE-2022-32743 dsdb/common: Add FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE control
Passing this control will grant the right to set validated values for
dNSHostName and servicePrincipalName, and non-validated values for other
attributes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14833

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-07-28 22:47:37 +00:00
Andreas Schneider
c4ef3dbf73 s4:dsdb: Burn the memory of hashes returned by samdb_result_hashes()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Andreas Schneider
56297449f9 s4:dsdb: Remove trailing whitespaces from util.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Joseph Sutton
0a3aa5f908 CVE-2022-32746 ldb: Make use of functions for appending to an ldb_message
This aims to minimise usage of the error-prone pattern of searching for
a just-added message element in order to make modifications to it (and
potentially finding the wrong element).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-27 10:52:36 +00:00
Joseph Sutton
a2bb5beee8 CVE-2022-32746 ldb: Ensure shallow copy modifications do not affect original message
Using the newly added ldb flag, we can now detect when a message has
been shallow-copied so that its elements share their values with the
original message elements. Then when adding values to the copied
message, we now make a copy of the shared values array first.

This should prevent a use-after-free that occurred in LDB modules when
new values were added to a shallow copy of a message by calling
talloc_realloc() on the original values array, invalidating the 'values'
pointer in the original message element. The original values pointer can
later be used in the database audit logging module which logs database
requests, and potentially cause a crash.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-27 10:52:36 +00:00
Joseph Sutton
48bff3c44f dsdb/common: Make some parameters const
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-06-14 07:21:29 +00:00
Joseph Sutton
3a8670c4ca dsdb/common: Add helper function for determining if account is in Protected Users group
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-18 11:55:30 +00:00
Andrew Bartlett
75c54d54ad dsdb: Remove LM hash parameter from samdb_set_password() and callers
This fixes the rpc.samr test because we no longer specify an LM hash
to the DSDB layer only to have it rejected by password_hash.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 01:57:38 +00:00
Andrew Bartlett
f161e3f18f dsdb: Remove parsing of LM password hash from "dBCSPwd" attribute
This means Samba will essentially ignore this attribute, not even attempting
to read it from the AD DC sam.ldb

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 01:57:38 +00:00
Andrew Bartlett
0a907c2f45 dsdb: Return dsdb_password_change control name to DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID
This makes it clearer that the purpose of this control is to indicate that the password
was already checked (by an out-of-band mechanism, eg kpasswd) and so can safely be changed
subject to ACLs etc.

This essentially reverts bbb9dc806e

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 01:57:38 +00:00
Andrew Bartlett
1144addec5 dsdb: No longer supply exact password hashes in a control to indicate password changes
This returns the API for password changes via (eg) kpasswd to the
previous design as at 7eebcebbab
where a control but no partiuclar values were specified.

This avoids the issues that were attempted to be addressed between
7eebcebbab and 786c41b095
by still keeping the ACL check from 23bd3a7417.

The purpose of this change is to move away from the NT hash (unicodePwd) being
the primary password in Samba, to allow installations to operate without this
unsalted hash.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 01:57:38 +00:00
Stefan Metzmacher
b5f71e25d4 dsdb/common: add dsdb_dc_functional_level() helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2021-12-24 02:16:33 +00:00
Nadezhda Ivanova
8da6d0bf6f CVE-2020-25722: s4-acl: Make sure Control Access Rights honor the Applies-to attribute
Validate Writes and Control Access Rights only grant access if the
object is of the type listed in the Right's appliesTo attribute. For
example, even though a Validated-SPN access may be granted to a user
object in the SD, it should only pass if the object is of class
computer This patch enforces the appliesTo attribute classes for
access checks from within the ldb stack.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14832

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-11-09 19:45:33 +00:00
Volker Lendecke
064eab8b25 dsdb: Avoid an unneeded #include
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
2021-01-28 16:58:35 +00:00
Alexander Bokovoy
234957a2e4 Fix build after removal of an extra safe_string.h
Move of strcasecmp redefine to lib/util/safe_string.h in
https://gitlab.com/samba-team/samba/-/merge_requests/1507 broke build on
Fedora 33 with GCC 10.2.1 for those compilation units that use
ldb_att_cmp().

The reason for that is that ldb_attr_cmp() defined as

   #define ldb_attr_cmp(a, b) strcasecmp(a, b)

because attribute names restricted to be ASCII by RFC2251 (LDAPv3 spec).

A solution is to add

   #undef strcasecmp

to all source code files which use ldb_attr_cmp().

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct  1 22:45:29 UTC 2020 on sn-devel-184
2020-10-01 22:45:29 +00:00
Matthew DeVore
232054c09b lib/util: remove extra safe_string.h file
lib/util/safe_string.h is similar to source3/include/safe_string.h, but
the former has fewer checks. It is missing bcopy, strcasecmp, and
strncasecmp.

Add the missing elements to lib/util/safe_string.h remove the other
safe_string.h which is in the source3-specific path. To accomodate
existing uses of str(n?)casecmp, add #undef lines to source files where
they are used.

Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 28 02:18:40 UTC 2020 on sn-devel-184
2020-08-28 02:18:40 +00:00
Ralph Boehme
2327471756 lib: relicense smb_strtoul(l) under LGPLv3
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug  3 22:21:04 UTC 2020 on sn-devel-184
2020-08-03 22:21:02 +00:00
Gary Lockyer
8c17b6f82f Fix clang 9 format-nonliteral warnings
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-05-08 09:31:31 +00:00
Volker Lendecke
b274bc698e dsdb: Use write_data() to write to the password check script
A simple write() might be interrupted or do short writes. Highly
unlikely, but if it happens, it will be impossible to diagnose.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-01-19 18:29:39 +00:00
Volker Lendecke
229518ec01 dsdb: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-01-19 18:29:39 +00:00
Ralph Boehme
12e97ee3e8 smbdotconf: mark "check password script" with substitution="1"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:34 +00:00
Björn Baumbach
ef58222616 CVE-2019-14833 dsdb: send full password to check password script
utf8_len represents the number of characters (not bytes) of the
password. If the password includes multi-byte characters it is required
to write the total number of bytes to the check password script.
Otherwise the last bytes of the password string would be ignored.

Therefore we rename utf8_len to be clear what it does and does
not represent.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438

Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Oct 29 11:58:45 UTC 2019 on sn-devel-184
2019-10-29 11:58:45 +00:00
Andrew Bartlett
af6799bf4f util: Remove unused NS_GUID_string() and NS_GUID_from_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14063
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-09-01 23:55:38 +00:00
Douglas Bagnall
a5ec857abe CID 1452109: dsdb/util: do not check for NULL after deref
This is all strictly unnecessary, as ret is always != LDB_SUCCESS when
res is NULL, but we want to make peace between clang and converity.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-31 02:50:24 +00:00
Noel Power
54af94ff21 s4/source4/common: clang: Fix 'Dereference of undefined pointer value'
Fixes:

source4/dsdb/common/util.c:3131:6: warning: Dereference of undefined pointer value <--[clang]
        if (res->count < 1) {
            ^

/source4/dsdb/common/util.c:3207:6: warning: Dereference of undefined pointer value <--[clang]
        if (res->count < 1) {
            ^~~~~~~~~~
source4/dsdb/common/util.c:4004:39: warning: Dereference of undefined pointer value <--[clang]
        (*wkguid_dn) = talloc_steal(mem_ctx, res->msgs[0]->dn);
                                             ^
source4/dsdb/common/util.c:4191:35: warning: Dereference of undefined pointer value <--[clang]
        ouv_value = ldb_msg_find_ldb_val(r->msgs[0], "replUpToDateVector");

source4/dsdb/common/util.c:5757:13: warning: 1st function call argument is an uninitialized value <--[clang]
        same_nc = (ldb_dn_compare(source_nc, target_nc) == 0);
                   ^
This fix also fixes the associated 'Access to field 'xyx' results in a
dereference of a null pointer' warnings that also will happen when this
is fixed

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed Jul 24 05:49:14 UTC 2019 on sn-devel-184
2019-07-24 05:49:14 +00:00
Noel Power
c7c40e205d s4/dsdb/common: clang: Fix 'Value stored to 'cps_stdin' is never read'
Fixes:

source4/dsdb/common/util.c:2125:4: warning: Value stored to 'cps_stdin' is never read <--[clang]
                        cps_stdin = -1;

                        ^           ~~
source4/dsdb/common/util.c:2132:3: warning: Value stored to 'cps_stdin' is never read <--[clang]
                cps_stdin = -1;

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-24 04:19:27 +00:00
Noel Power
55f18757aa s4/dsdb/common: clang: Fix 'Access results in a deref of a null pointer'
Fixes:

source4/dsdb/common/util.c:2000:6: warning: Access to field 'count' results in a dereference of a null pointer (loaded from variable 'res') <--[clang]
        if (res->count != 1) {
            ^~~

source4/dsdb/common/util.c:3281:28: warning: Access to field 'msgs' results in a dereference of a null pointer (loaded from variable 'res') <--[clang]
        el = ldb_msg_find_element(res->msgs[0], attr);
                                  ^~~
source4/dsdb/common/util.c:3568:6: warning: Access to field 'count' results in a dereference of a null pointer (loaded from variable 'res') <--[clang]
        if (res->count != 1 || ret != LDB_SUCCESS) {
            ^~~

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-24 04:19:27 +00:00
Noel Power
bd86df913b s4/dsdb/common: clang: Fix 'The left operand of '&' is a garbage value'
Fixes:

source4/dsdb/common/util.c:1964:18: warning: The left operand of '&' is a garbage value <--[clang]
        return (options & DS_NTDSDSA_OPT_IS_GC) != 0;
                ~~~~~~~ ^

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-24 04:19:27 +00:00
Noel Power
79d585689e s4/dsdb/common: clang: Fix 'function call argument is an uninitialized value'
Fixes:

source4/dsdb/common/util.c:1804:8: warning: 3rd function call argument is an uninitialized value <--[clang]
        ret = samdb_reference_dn(ldb, mem_ctx, server_ref_dn, "rIDSetReferences", dn);

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-07-24 04:19:27 +00:00
Swen Schillig
3bc973c602 source4: Update all consumers of strtoul_err(), strtoull_err() to new API
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2019-06-30 11:32:18 +00:00
Douglas Bagnall
49048b245d dsdb/util: spell "equivalence"!
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-05-10 01:15:17 +00:00
Volker Lendecke
d7de2f7748 lib: Remove "struct sid_parse_ret" again
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-03-12 00:42:19 +00:00
Volker Lendecke
e18610a197 lib: Make sid_parse return the parsed length
Use a temporary struct as a return value to make the compiler catch all
callers. If we just changed bool->ssize_t, this would just generate a
warning. struct sid_parse_ret will go away in the next commit

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-03-12 00:42:19 +00:00
Andrew Bartlett
0c52a6bee7 dsdb: Unify samdb_{get,set}_ntds_{objectGUID,invocation_id}
The new unified versions have better debugging and ensure
that both functions continue to have the same control flow.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2019-03-07 03:50:20 +00:00
Swen Schillig
2b2ff12e70 source4: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-03-01 00:32:11 +00:00
Gary Lockyer
ea2de21dd8 s4 dsdb util: samdb_client_site_name clean up
* Initialise pointers to NULL
* replace talloc_free with TALLOC_FREE
* add goto exit to ensure memory deallocated correctly

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 14 06:53:14 CET 2019 on sn-devel-144
2019-02-14 06:53:14 +01:00
Gary Lockyer
f0e96d21b5 s4 dsdb util: remove samdb_search_count
All the uses have been replaced with calls to dsdb_domain_count, so it
is no longer needed.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-14 05:03:24 +01:00
Gary Lockyer
2546f26091 s4 dsdb util: samdb_client_site_name use dsdb_domain_count
Replace the call to samdb_search_count with dsdb_domain_count. As this
is the only remaining caller of samdb_search_count, replacing it will
allow the removal of samdb_search_count.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-14 05:03:24 +01:00
Gary Lockyer
12fcab1181 s4 dsdb util: add dsdb_domain_count
This counts the number of objects that are in the domain,
provided a domain SID was supplied (otherwise it just
counts all the objects).

This routine avoids allocating memory for the full
result set by using a callback.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-14 05:03:23 +01:00