Volker Lendecke [Fri, 2 Jun 2017 11:34:39 +0000 (13:34 +0200)]
password_hash: Fix the build on FreeBSD
This ditches a particular aspect of thread safety, but I doubt that
ldb is really thread safe. So in practice, I think we should not
see harm from this.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jun 13 05:06:49 CEST 2017 on sn-devel-144
Andrew Bartlett [Fri, 17 Feb 2017 05:23:23 +0000 (18:23 +1300)]
join.py Add DNS records at domain join time
This avoids issues getting replication going after the DC first starts
as the rest of the domain does not have to wait for samba_dnsupdate to
run successfully
We do not just run samba_dnsupdate as we want to strictly
operate against the DC we just joined:
- We do not want to query another DNS server
- We do not want to obtain a Kerberos ticket for the new DC
(as the KDC we select may not be the DC we just joined,
and so may not be in sync with the password we just set)
- We do not wish to set the _ldap records until we have started
- We do not wish to use NTLM (the --use-samba-tool mode forces
NTLM)
The downside to using DCE/RPC rather than DNS is that these will
be regarded as static entries, and (against windows) have a the ACL
assigned for static entries. However this is still better than no
DNS at all.
Because some tests want a DNS record matching their own name
this fixes some tests and removes entires from knownfail
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jun 11 02:04:52 CEST 2017 on sn-devel-144
Andrew Bartlett [Tue, 11 Apr 2017 00:43:22 +0000 (12:43 +1200)]
dns_server: clobber MNAME in the SOA
Otherwise, we always report the first server we created/provisioned the AD domain on
which does not match AD behaviour. AD is multi-master so all RW servers are a master.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 10 Apr 2017 04:10:00 +0000 (16:10 +1200)]
join.py: Do not expose the old machine password over NTLM if -k yes was set
This makes the test for a valid machine account stricter (as a kerberos error could
cause this to fail and so skip the validation), but we never wish to use NTLM
if the administrator disabled it on the command line
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 9 Jun 2017 04:05:31 +0000 (16:05 +1200)]
pydsdb_dns: Allow the partition DN to be specified into py_dsdb_dns_lookup
This allows lookups to be confined to one partition, which in turn avoids issues
when running this against MS Windows, which does not match Samba behaviour
for dns_common_zones()
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Volker Lendecke [Fri, 9 Jun 2017 06:41:49 +0000 (08:41 +0200)]
ctdbd_conn: Fix ctdbd_connection_destructor
clang had complained with
../source3/lib/ctdbd_conn.c:1784:34: warning: variable 'send_state' used in loop condition
not modified in loop body [-Wfor-loop-analysis]
for (send_state = c->send_list; send_state != NULL;) {
^~~~~~~~~~
../source3/lib/ctdbd_conn.c:1791:34: warning: variable 'recv_state' used in loop condition
not modified in loop body [-Wfor-loop-analysis]
for (recv_state = c->recv_list; recv_state != NULL;) {
^~~~~~~~~~
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Jun 10 03:33:13 CEST 2017 on sn-devel-144
Rowland Penny [Wed, 7 Jun 2017 14:57:53 +0000 (15:57 +0100)]
samba-tool: You cannot add members to a group if the member exists as a sAMAccountName and a CN.
Signed-off-by: Rowland Penny <rpenny@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Fri Jun 9 23:24:47 CEST 2017 on sn-devel-144
s4:rpc_server: Do some checks of LogonSamLogon flags
This matches a Windows Server, at least if it is itself a
DC of the forest root and the requested domain is the local domain of the DC.
Both constraints are true on a Samba AD DC, as we don't really support
trusts yet.
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 9 17:06:04 CEST 2017 on sn-devel-144
s3:winbindd: Send flags=0 in netr_LogonSamLogon{WithFlags,Ex}()
These extra flags are an [in,out] argument, so we have to initialize
them to 0. If we pass NETLOGON_SAMLOGON_FLAG_PASS_TO_FOREST_ROOT
or NETLOGON_SAMLOGON_FLAG_PASS_CROSS_FOREST_HOP, a Windows Server
will just return NT_STATUS_NO_SUCH_USER with authoritative=1
(at least if it is itself a DC of the forest root and the requested
domain is the local domain of the DC).
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Gary Lockyer [Wed, 7 Jun 2017 19:21:05 +0000 (07:21 +1200)]
samba tool - tests: Fix shell metacharacters in generated password
Restrict the random password to [A-Za-z0-9] to ensure there are no shell
metacharacters in the generated password.
The tests use "samba-tool user create" to create the test user.
Occasionally the generated password contained shell metachatacters and
the command failed.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 9 09:50:28 CEST 2017 on sn-devel-144
Volker Lendecke [Wed, 24 May 2017 14:22:34 +0000 (16:22 +0200)]
tevent: Fix a race condition in tevent context rundown
We protect setting tctx->event_ctx=NULL with tctx->event_ctx_mutex.
But in _tevent_threaded_schedule_immediate we have the classic
TOCTOU race: After we checked "ev==NULL", looking at
tevent_common_context_destructor the event context can go after
_tevent_threaded_schedule_immediate checked. We need to serialize
things a bit by keeping tctx->event_ctx_mutex locked while we
reference "ev", in particular in the
DLIST_ADD_END(ev->scheduled_immediates,im);
I think the locking hierarchy is still maintained, tevent_atfork_prepare()
first locks all the tctx locks, and then the scheduled_mutex. Also,
I don't think this will impact parallelism too badly: event_ctx_mutex
is only used to protect setting tctx->ev.
Found by staring at code while fixing the FreeBSD memleak due to
not destroying scheduled_mutex.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 9 00:45:26 CEST 2017 on sn-devel-144
messaging: fix net command failure due to unhandled return code
messaging_init_internal() blanket returned NT_STATUS_INTERNAL_ERROR
instead of correctly changing the return code to an NTSTATUS code. Also
return more appropriate mem error.
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Jun 8 08:04:05 CEST 2017 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 8 00:27:24 CEST 2017 on sn-devel-144
Amitay Isaacs [Thu, 1 Jun 2017 06:03:43 +0000 (16:03 +1000)]
ctdb-client: Document ctdb client API
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Jun 7 20:19:06 CEST 2017 on sn-devel-144
Richard Sharpe [Tue, 6 Jun 2017 20:34:51 +0000 (13:34 -0700)]
Log the actual error returned when creating a pipe for client logging in CTDB fails. Helps with debugging issues.
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 7 09:22:29 CEST 2017 on sn-devel-144
Garming Sam [Wed, 15 Mar 2017 03:40:16 +0000 (16:40 +1300)]
selftest/rodc: Do not run in single mode, this causes deadlocks
Attempting to 'ls' the file server against a single process AD will get
stuck. This also appears as the KDC being busy.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Jun 7 05:14:17 CEST 2017 on sn-devel-144
Noel Power [Fri, 2 Jun 2017 14:50:48 +0000 (15:50 +0100)]
s3/utils: Add warning to testparm for "client ipc signing" param values
We should warn about security sensitive settings where we can,
client ipc signing has 2 values that can allow connections to proceed
without SMB signing. This may be unavoidable (e.g. connecting to legacy
systems) but nevertheless it is worthwhile to warn.
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 6 22:40:12 CEST 2017 on sn-devel-144
Anoop C S [Mon, 5 Jun 2017 16:40:44 +0000 (22:10 +0530)]
wscript: Fix some typos
Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 6 05:26:37 CEST 2017 on sn-devel-144
Douglas Bagnall [Thu, 1 Jun 2017 03:26:48 +0000 (15:26 +1200)]
selftest: use an additional directory of knownfail/flapping files
This makes it easier to add a temporary knownfail to cover a patch
series.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jun 3 13:55:41 CEST 2017 on sn-devel-144
vfs_gpfs: Fix compile error in gpfsacl_sys_acl_set_fd
../source3/modules/vfs_gpfs.c: In function ‘gpfsacl_sys_acl_set_fd’:
../source3/modules/vfs_gpfs.c:1280:6: error: passing argument 2 of ‘gpfsacl_sys_acl_set_file’ from incompatible pointer type [-Werror]
SMB_ACL_TYPE_ACCESS, theacl);
^
../source3/modules/vfs_gpfs.c:1235:12: note: expected ‘const struct smb_filename *’ but argument is of type ‘char *’
static int gpfsacl_sys_acl_set_file(vfs_handle_struct *handle,
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 3 05:52:32 CEST 2017 on sn-devel-144
s4:torture: Fix comparison between pointer and zero character constant
Fixes building with GCC 7.1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 1 23:42:58 CEST 2017 on sn-devel-144
waf: Do not trhow a format-truncation error for test/snprintf.c
This fixes building with GCC 7.1
Error:
../lib/replace/test/testsuite.c:355:6: error: ‘%d’ directive output
truncated writing 1 byte into a region of size 0
[-Werror=format-truncation=]
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Garming Sam [Thu, 1 Jun 2017 02:36:07 +0000 (14:36 +1200)]
dnsserver: Stop dns_name_equal doing OOB read
This has been the cause of a large number of flakey autobuilds. Every
now and again dns_name_equal would not be equal between two empty
strings, thus causing failures.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12813
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 1 19:34:38 CEST 2017 on sn-devel-144
Martin Schwenke [Thu, 1 Jun 2017 04:37:40 +0000 (14:37 +1000)]
ctdb-common: Fix crash in logging initialisation
Setting CTDB_LOGGING to syslog:nonblocking or syslog:udp will cause
ctdbd to crash at startup due to NULL pointer dereference.
Refactoring in commit c9124a001f5abf7bb577a8f5341da4cc7411ed22
introduced this regression.
mit_samba: Fix the MIT KDC build with the latest changes
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Jun 1 07:12:47 CEST 2017 on sn-devel-144
Jeremy Allison [Thu, 25 May 2017 23:42:04 +0000 (16:42 -0700)]
s3: VFS: Change SMB_VFS_GETXATTR to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 1 02:58:53 CEST 2017 on sn-devel-144
Jeremy Allison [Tue, 30 May 2017 18:46:49 +0000 (11:46 -0700)]
s3: lib: Add new utility function cp_smb_filename_nostream().
Will be needed when we migrate lower-level VFS functions to
take an struct smb_filename *, especially the SYS_ACL and
XATTR modification modules, as these must ignore a passed-in
stream name.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Thu, 11 May 2017 23:55:45 +0000 (01:55 +0200)]
dsdb: Use ldb_handle_use_global_event_context for rootdse modifies
The modify operations on the rootDSE turn into IRPC messages, and these need
to be handled on the global event context, not the per-operation context
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 31 10:47:46 CEST 2017 on sn-devel-144
Andrew Bartlett [Thu, 30 Mar 2017 00:25:35 +0000 (13:25 +1300)]
schema: Use ldb_schema_set_override_indexlist for faster index selection
This allows Samba to provide a binary tree lookup for the existance of an index on the attribute
rather than the O(n) lookup that was being done for each attribute during a search or modify
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 30 Mar 2017 00:54:58 +0000 (13:54 +1300)]
ldb: Version 1.1.30
* let ldbdump parse the -i option
* don't allow the reveal_internals control for ldbedit
* only allow --show-binary for ldbsearch
* don't let ldbsearch create non-existing files
* fix ldb_tdb search inconsistencies
* add cmocka based tests
* provide an interface for improved indexing for callers
like Samba, which will allow much better performance.
* Makes ldb access to tdb:// databases use a private event context
rather than the global event context passed in by the caller.
This is because running other operations while locks are held
or a search is being conducted is not safe.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
projects / thirdparty / samba.git / log
