Gary Lockyer [Thu, 16 Feb 2017 21:49:16 +0000 (10:49 +1300)]
script: Add test data for traffic_summary.pl
This network capture summary tool will be added in the next commit
This sample is taken from make test under SOCKET_WRAPPER_PCAP_FILE
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Sun, 26 Feb 2017 12:06:05 +0000 (13:06 +0100)]
samdb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Feb 28 13:55:42 CET 2017 on sn-devel-144
Volker Lendecke [Sun, 26 Feb 2017 08:16:02 +0000 (09:16 +0100)]
auth4: Fix map_user_info_cracknames for domain==NULL
DsCrackNameOneName directly fails for DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
if the name passed in does not contain a \. The only caller of
map_user_info_cracknames (auth_check_password_send) passes in
lpcfg_workgroup(), which does not contain a \. Add in the \ also for
the default_domain case.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Mon, 13 Feb 2017 20:33:57 +0000 (21:33 +0100)]
auth3: Simplify get_system_info3
We have global_sid_System, so we don't need to dom_sid_parse("S-1-5-18");
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb 27 11:31:53 CET 2017 on sn-devel-144
Andrew Bartlett [Wed, 22 Feb 2017 02:46:18 +0000 (15:46 +1300)]
repl_meta_data: Remove handling of backlinks from replmd_prepare_commit()
This deferred handling was already removed, for performance, from
everything but the add case.
We now remove the normal local add case (an originating update), eg
LDAP add from the transaction commit and insted do it on the ADD
operation callback (replmd_op_callback()).
To keep things simple, we make up the extended DN with the GUID and
SID as the object does not actually exist in the DB at the time we
prepare backlink. This also allows us to avoid another search in the
(much more common) modify case.
We rely on transactions to clean up the add of the object if the
backlink fails, thankfully unlike in replication replmd_add() is
normally the only operation in a transaction, and we have alredy
confirmed the link target exists during get_parsed_dns().
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Feb 27 07:12:02 CET 2017 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Feb 25 06:33:33 CET 2017 on sn-devel-144
Aurelien Aptel [Thu, 23 Feb 2017 13:05:14 +0000 (14:05 +0100)]
s3/smbd: allow GET_DFS_REFERRAL fsctl on any smb2 connexion
This FSCTL should work on any non-IPC share.
According to [MS-SMB2]
> 3.2.4.20.3 Application Requests DFS Referral Information:
> The client MUST search for an existing Session and TreeConnect to any
> share on the server identified by ServerName for the user identified by
> UserCredentials. If no Session and TreeConnect are found, the client
> MUST establish a new Session and TreeConnect to IPC$ on the target
> server as described in section 3.2.4.2 using the supplied ServerName and
> UserCredentials.
Signed-off-by: Aurelien Aptel <aaptel@suse.com> Reviewed-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 25 02:38:28 CET 2017 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 24 22:34:48 CET 2017 on sn-devel-144
s3:winbindd: allow a fallback to NTLMSSP for LDAP connections
This matches the behaviour of pdb_get_trust_credentials() for
our machine account and allows us to fallback to NTLMSSP
when contacting trusted domains.
s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials()
Trust accounts can only use kerberos when contacting other AD domains,
using NTLMSSP will fail.
At the same time it doesn't make sense to try kerberos for NT4 domains,
still NTLMSSP will fail, but the callers has to deal with that
case and just fallback to an anonymous SMB connection.
In all cases we should be able to use NETLOGON SCHANNEL
over any anonymous smb or tcp transport.
s3:winbindd: try a NETLOGON connection with noauth over NCACN_NP against trusted domains.
We're using only NCACN_NP here as we rely on the smb signing restrictions
of cm_prepare_connection().
This should fix SMB authentication with a user of a domain
behind a transitive trust.
With this change winbindd is able to call
dcerpc_netr_DsrEnumerateDomainTrusts against the
dc of a trusted domain again. This only works
for two-way trusts.
The main problem is the usage of is_trusted_domain()
which doesn't know about the domain, if winbindd can't
enumerate the domains in the other forest.
is_trusted_domain() is used in make_user_info_map(),
which is called in auth3_check_password() before
auth_check_ntlm_password().
That means we're mapping the user of such a domain
to our own local sam, before calling our auth modules.
A much better fix, which removes the usage of is_trusted_domain()
in planed for master, but this should do the job for current releases.
We should avoid talking to DCs of other domains and always
go via our primary domain. As we should code with one-way trusts
also, we need to avoid relying on a complete list of
domains in future.
For now "wbinfo -m" lists domains behind a two-way transitive
trust again, but that is likely to change in future again!
Martin Schwenke [Tue, 7 Feb 2017 04:30:08 +0000 (15:30 +1100)]
ctdb-takeover: Don't release IPs from nodes where they are not known
This avoids confusing log messages like:
ctdbd[21635]: releaseip called for an ip '10.1.1.1' that is not a public address
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Feb 24 11:50:36 CET 2017 on sn-devel-144
Martin Schwenke [Tue, 7 Feb 2017 04:00:25 +0000 (15:00 +1100)]
ctdb-takeover: Fetch public IP addresses from all connected nodes
Redundant releases will be sent to all connected nodes anyway, so this
is no worse. This will facilitate an improvement to avoid sending
releases to nodes with no known IPs.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 3 Feb 2017 05:36:04 +0000 (16:36 +1100)]
ctdb-takeover: Generalise error handling for GET_PUBLIC_IPS
As with other controls, processes the errors by hand instead of using
ctdb_client_control_multi_error(). This will make it easier to add
banning credits for failures.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 3 Feb 2017 03:41:57 +0000 (14:41 +1100)]
ctdb-tests: Populate per-node known IPs inline
At the moment this is done as a post-processing step for any nodes
that have no known IPs. However, this doesn't allow testing of
scenarios where there no known IPs on one or more nodes.
Add relevant tests.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 27 Jan 2017 03:43:34 +0000 (14:43 +1100)]
ctdb-takeover: Short circuit if fetching IPs from no nodes
The current code will fetch IP from all connected and all active
nodes, so this can't happen. However, catch it anyway in case the
calling code changes.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 15 Feb 2017 08:33:02 +0000 (19:33 +1100)]
ctdb-tests: Add synchronisation points in reload IPs tests
"ctdb reloadips" use of ipreallocate() can result in a spurious
takeover runs. This can cause a subsequent "ctdb reloadips" to fail
to disable takeover runs (due to there being one already in progress).
There are various possible improvements but a proper fix probably
requires a protocol change. That would mean receiving an ACK for a
takeover run request to indicate that the request will be processes
and then a broadcast to indicate a completed takeover run.
There are various other partial fixes (e.g. de-duping queued takeover
run requests against those in the in-progess queue) and workarounds
(e.g. always do a double ipreallocate() in the tool, which should
absorb the spurious takeover run).
However, this is unlikely to be a real-world problem. Real use cases
should not involve repeatedly reloading the IP configuration.
Instead, work around the problem of flaky tests by manually adding
"ctdb sync" commands to cause extra no-op takeover runs. These should
not add spurious takeover runs and will create synchronisation points
to help avoid the issue.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 22 Feb 2017 03:44:09 +0000 (14:44 +1100)]
ctdb-doc: Fix shellcheck warning in example NFS ganesha call-out
In ctdb/doc/examples/nfs-ganesha-callout line 216:
for node in `ls ${GANSTATEDIR}`; do
^-- SC2045: Iterating over ls output is fragile. Use globs.
^-- SC2006: Use $(..) instead of legacy `..`.
^-- SC2086: Double quote to prevent globbing and word splitting.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
ldb/tools: only use LDB_FLG_SHOW_BINARY for 'ldbsearch'
--show-binary is only useful for ldbseach in all other cases
it will destroy data.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 24 03:59:01 CET 2017 on sn-devel-144
Garming Sam [Wed, 22 Feb 2017 02:42:46 +0000 (15:42 +1300)]
dbchecker: Stop ignoring linked cases where both objects are alive
Previously, this did nothing and the code was both untested and unused.
Removes the knownfail entry for dbcheck.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600
Garming Sam [Wed, 22 Feb 2017 04:43:21 +0000 (17:43 +1300)]
tests/dbcheck: Add a test for two live objects, with a dangling forward link
Handling backlinks appears to be rather non-deterministic, so the
forward link hangs off of the RODC replication group (which has no other
valid forward links). In other situations, it either won't delete the
memberOf, or the expected output order will vary.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600
Garming Sam [Wed, 22 Feb 2017 02:43:34 +0000 (15:43 +1300)]
tests/dbcheck: Add a test for two live objects, with a dangling backlink
Adds dbcheck 4.5.0pre1 to the knownfail, to be removed later.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600
Jeremy Allison [Thu, 23 Feb 2017 17:41:03 +0000 (09:41 -0800)]
s3:winbind: work around coverity false positive.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 23 23:54:48 CET 2017 on sn-devel-144
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Feb 23 19:25:11 CET 2017 on sn-devel-144
Andrew Bartlett [Wed, 22 Feb 2017 22:02:07 +0000 (11:02 +1300)]
repl_meta_data: Clarify that replmd_private->la_list is only for DRS for replication
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 23 15:30:35 CET 2017 on sn-devel-144
Andrew Bartlett [Thu, 23 Feb 2017 00:00:19 +0000 (13:00 +1300)]
samba-tool drs replicate: Add --single-object
This may help when an object has been incorrectly locally removed from the NC
or there is an urgent need to replicate a specific object (say when full
replication is inoperable).
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
The modeling file has currently all macros for cmocka that Coverity
doesn't detect false positives. We could add torture assert macros if
needed too.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 23 07:11:18 CET 2017 on sn-devel-144
Volker Lendecke [Sat, 11 Feb 2017 08:34:17 +0000 (09:34 +0100)]
winbind: Use EnumDomainUsers in rpc_query_user_list
We changed the parent->child enumusers call so that we only return the
users' RIDs. QueryDisplayInfo tends to return a lot more info which we
throw away. This also aligns the code with the other rpc enumerating
functions.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Feb 23 03:17:41 CET 2017 on sn-devel-144
Edward Betts [Thu, 26 Jan 2017 21:41:12 +0000 (21:41 +0000)]
fix spelling of 'unchangeable'
Signed-off-by: Edward Betts <edward@4angle.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Feb 22 12:21:51 CET 2017 on sn-devel-144
Chris Lamb [Fri, 17 Feb 2017 20:02:23 +0000 (09:02 +1300)]
Correct "Openened" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 20:02:09 +0000 (09:02 +1300)]
Correct "allready" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 20:01:58 +0000 (09:01 +1300)]
Correct "heirarchy" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 20:01:50 +0000 (09:01 +1300)]
Correct "incluing" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 20:01:22 +0000 (09:01 +1300)]
Correct "initialze" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 20:01:10 +0000 (09:01 +1300)]
Correct "succeded" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 20:00:52 +0000 (09:00 +1300)]
Correct "hexidecimal" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 20:00:39 +0000 (09:00 +1300)]
Correct "updateing" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 20:00:31 +0000 (09:00 +1300)]
Correct "unavaible" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 20:00:26 +0000 (09:00 +1300)]
Correct "allignment" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 20:00:21 +0000 (09:00 +1300)]
Correct "paramaters" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 20:00:16 +0000 (09:00 +1300)]
Correct "explicity" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 20:00:10 +0000 (09:00 +1300)]
Correct "encyption" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 20:00:05 +0000 (09:00 +1300)]
Correct "relase" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 19:59:59 +0000 (08:59 +1300)]
Correct "intialise" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 19:59:54 +0000 (08:59 +1300)]
Correct "cleint" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 19:59:42 +0000 (08:59 +1300)]
Correct "somthing" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 19:59:36 +0000 (08:59 +1300)]
Correct "defered" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 19:59:19 +0000 (08:59 +1300)]
Correct "specifiy" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 19:59:08 +0000 (08:59 +1300)]
Correct "notifiying" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 19:57:55 +0000 (08:57 +1300)]
Correct "seperate" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 19:56:47 +0000 (08:56 +1300)]
Correct "follwing" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 19:56:18 +0000 (08:56 +1300)]
Correct "existence" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Chris Lamb [Fri, 17 Feb 2017 19:54:58 +0000 (08:54 +1300)]
Correct "formated" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
projects / thirdparty / samba.git / log
