summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* s4-kdc: Add a MIT Kerberos KDC serviceAndreas Schneider2017-04-293-18/+179
| | | | | | | | This starts the krb5kdc binary shipped with MIT Kerberos. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: Add 'mit kdc command' to change the default.Andreas Schneider2017-04-296-1/+37
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* waf: Check for MIT KDC binaryAndreas Schneider2017-04-292-0/+18
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* mit-kdb: Update KDB vtable for DAL version 6Andreas Schneider2017-04-295-132/+63
| | | | | | | | | | This changed between 1.14 and 1.15. Also the 1.15 change removed the ability that the KDB module can free memory. This caused issues of serveral projects. It got fixed with 1.15.1. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* waf: Require MIT Kerberos 1.15.1 for Samba ADAndreas Schneider2017-04-292-11/+23
| | | | | | | | Are build without AD DC still only requried MIT Kerberos 1.9. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* mit-kdb: Zero the db principal when we allocate itAndreas Schneider2017-04-291-1/+1
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* samba_dnsupdate: Do not rewrite krb5.conf in selftestAndreas Schneider2017-04-291-4/+7
| | | | | | | | | | | | | | The samba_dnsupdate script is responsible to provision the DNS entries. The private krb5.conf uses dns lookups to find the KDC to acquire a Kerberos ticket. Obviously this will fail because currently we are are in the process of adding the DNS entries for the KDC. If we are inside of selftest we need to use the krb5.conf created by selftest itself. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-tests: Use common functions in test_smbclient_netbios_aliases.shAndreas Schneider2017-04-291-10/+10
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* testprogs: Add common kinit functionAndreas Schneider2017-04-291-0/+16
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:torture: Fix the remote_pac testAndreas Schneider2017-04-291-26/+46
| | | | | | | | | | | | All the Kerberos implementation do not expect an order of the pac buffer. The buffers are not processed in the oder they are sent but when required just located. I confirmed this with MS at the IO Lab. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:selftest: Only run auth_log tests with HeimdalAndreas Schneider2017-04-291-1/+1
| | | | | | | | They have only been created against Samba AD with Heimdal Kerberos. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lsa4_srv: Factor out dcesrc_lsa_valid_AccountRight()Volker Lendecke2017-04-291-6/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous code in dcesrv_lsa_AddRemoveAccountRights had the following snippet: if (sec_privilege_id(rights->names[i].string) == SEC_PRIV_INVALID) { if (sec_right_bit(rights->names[i].string) == 0) { talloc_free(msg); return NT_STATUS_NO_SUCH_PRIVILEGE; } talloc_free(msg); return NT_STATUS_NO_SUCH_PRIVILEGE; } If I'm not mistaken, the inner if-statement is essentially dead code, as regardless of the outcome of the if-condition we execute the same code. The effect of this is that you can't "net rpc rights grant" a right, for example SeInteractiveLogonRight. A quick test against a W2k12 server shows that W2k12 allows this call. This patch changes the semantics of dcesrv_lsa_AddRemoveAccountRights to also allow "rights" to be granted and revoked. At the same time, it centralizes the check for validity of user input from dcesrv_lsa_EnumAccountsWithUserRight into dcesrc_lsa_valid_AccountRight too. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Apr 29 09:20:02 CEST 2017 on sn-devel-144
* source3 smdb: fix null pointer dereferenceGary Lockyer2017-04-282-3/+1
| | | | | | | | | | | | Fix the null pointer dereference in smbd, introduced in the auth logging changes. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Apr 28 07:18:54 CEST 2017 on sn-devel-144
* source3 smbd: tests for null pointer dereferenceGary Lockyer2017-04-283-0/+64
| | | | | | | | | Test case to replicate null pointer dereference in smbd, introduced in the auth logging changes. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: smbd: inotify_map_mask_to_filter incorrectly indexes an array.Doug Nazar2017-04-281-1/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12760 Signed-off-by: Doug Nazar <nazard@nazar.ca> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* tdb: version 1.3.13tdb-1.3.13Stefan Metzmacher2017-04-272-1/+71
| | | | | | | | | | | | | | | * documentation for the tdbbackup -n option * correctly upgrade F_RDLCK to F_WRLCK locks * tdbtool: Add "storehex" command * fix robust mutex detection in threaded applications (bug #12593) * improve debugging of transaction lock failures Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Apr 27 18:50:10 CEST 2017 on sn-devel-144
* tdb: Improve debugging in _tdb_transaction_startAndrew Bartlett2017-04-271-0/+4
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* tdb: Improve debugging when the allrecord lock fails to upgradeAndrew Bartlett2017-04-272-1/+6
| | | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* tdb: runtime check for robust mutexes may hang in threaded programsRalph Boehme2017-04-271-46/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current runtime check for robust mutexes in tdb_runtime_check_for_robust_mutexes() is not thread-safe. When called in a multi-threaded program where any another thread doesn't have SIGCHLD blocked, we may end up hung in sigsuspend() waiting for a SIGCHLD of a child procecss and the signal was delivered to another thread. Revert to the previous behaviour of waiting for the child instead of waiting for the SIGCHLD signal. Ensure the pid we wait for is not reset to -1 in a toctou race with the signal handler. Check whether waitpid() returns ECHILD which can happen if the signal handler is run by more then one thread in parallel (yes, this can happen) or if tdb_robust_mutex_wait_for_child() and the signal handler are racing. Bug: https://bugzilla.samba.org/show_bug.cgi?id=12593 Pair-programmed-with: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* notify: Fix ordering of events in notifydShilpa Krishnareddy2017-04-261-1/+2
| | | | | | | | | | | | | | | | In notifyd_trigger_parser() while initializing notify_event_msg values from notify_trigger_msg, 'when' value is ignored. So the smbd process does not get correct 'when' value and this is causing issues during qsort in notify_marshall_changes(). Because of this issue, smb2.notify.dir test was failing. Bug: https://bugzilla.samba.org/show_bug.cgi?id=12756 Signed-off-by: Shilpa Krishnareddy <skrishnareddy@panzura.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Apr 26 17:02:58 CEST 2017 on sn-devel-144
* s4-messaging: Add helpful commentsAndrew Bartlett2017-04-261-0/+7
| | | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Apr 26 03:09:19 CEST 2017 on sn-devel-144
* process_standard: clean up messaging for children after exit()Andrew Bartlett2017-04-252-1/+4
| | | | | | | | This makes sure we remove any messaging sockets if a child dies or calls exit() without running the talloc destructor for messaging Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* lib: Fix CID 1405493 Error handling issues (CHECKED_RETURN)Volker Lendecke2017-04-251-1/+6
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Apr 25 23:07:25 CEST 2017 on sn-devel-144
* lib/util: fix a Coverity finding in tforkRalph Boehme2017-04-251-5/+18
| | | | | | | If dup2() fails, fd is -1 and is later used in sys_write(). Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-libgpo: Fix the build of the group policy CSEsGünther Deschner2017-04-243-3/+3
| | | | | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Apr 24 23:19:44 CEST 2017 on sn-devel-144
* tdbtool: Add "storehex" commandVolker Lendecke2017-04-222-0/+97
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Apr 22 09:16:16 CEST 2017 on sn-devel-144
* secrets: Protect against a non-0-terminated ldap passwordVolker Lendecke2017-04-221-0/+7
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org>
* vfs_fruit: lp_case_sensitive() does not return a boolRalph Boehme2017-04-222-5/+19
| | | | | | | | | | | | | | | | | | | lp_case_sensitive() returns an int, not a bool, so with the default setting of "Auto" by default we set the AAPL flag SMB2_CRTCTX_AAPL_CASE_SENSITIVE. This caused the client to believe the volume is case sensitive where it wasn't, leading to an error when trying to rename files changing only the case of the name. Also fix the existing torture test that verifies AAPL context negotiation and actually expected the server to return "case sensitive", while the Samba default is really "case insensitive". Bug: https://bugzilla.samba.org/show_bug.cgi?id=12749 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Do not enable inbound replication during replica_syncAndrew Bartlett2017-04-221-51/+0
| | | | | | | | | | | | | | Instead we should use the forced=True to only do a very specific replication, and so avoid noise from any other DC also live on the network. This extra replication in turn causes (and this patch fixes) flapping replica_sync tests. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12753 Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Apr 22 05:19:11 CEST 2017 on sn-devel-144
* lib: modules: Change XXX_init interface from XXX_init(void) to ↵Jeremy Allison2017-04-22205-335/+373
| | | | | | | | | | | | | | | | | | | | XXX_init(TALLOC_CTX *) Not currently used - no logic changes inside. This will make it possible to pass down a long-lived talloc context from the loading function for modules to use instead of having them internally all use talloc_autofree_context() which is a hidden global. Updated all known module interface numbers, and added a WHATSNEW. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
* pyrpc: Fix segfault in ClientConnectionGary Lockyer2017-04-212-0/+26
| | | | | | | | | | | | | Fix segfault when connecting over TCP, the endpoints list in dummy_table was not initialised this caused a segfault when attempting to connect over TCP. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Apr 21 16:10:12 CEST 2017 on sn-devel-144
* vfs_acl_xattr|tdb: ensure create mask is at least 0666 if ignore_system_acls ↵Ralph Boehme2017-04-202-6/+42
| | | | | | | | | | | | is set Bug: https://bugzilla.samba.org/show_bug.cgi?id=12562 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Thu Apr 20 20:50:10 CEST 2017 on sn-devel-144
* cleanupdb: Fix a memory read errorHanno Böck2017-04-201-1/+1
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=12748 Signed-off-by: Hanno Böck <hanno@hboeck.de> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* lib/util: add a test for samba_runcmd_send()Ralph Boehme2017-04-202-0/+51
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* wafsamba: add source directory define SRCDIR to config.hRalph Boehme2017-04-201-0/+2
| | | | | | | | This will be used in the next commit to prepare the path to a test script in a smbtorture test. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/util: make use of tfork in samba_runcmd_send()Ralph Boehme2017-04-202-48/+58
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/util: add a test for tfork()Ralph Boehme2017-04-203-0/+104
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/util: add tfork()Stefan Metzmacher2017-04-203-2/+380
| | | | | | | | | | | | | | | triple-fork to avoid handling SIGCHLD in the parent. This function is a workaround for the problem of using fork() in library code. In that case the library should avoid setting a global signal handler for SIGCHLD, because the application may wants to use its own handler. status_fd can be used to wait for the child to exit and get its exit status. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbldap: Bump version numberVolker Lendecke2017-04-202-1/+32
| | | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Apr 20 14:23:14 CEST 2017 on sn-devel-144
* smbldap: Privatize struct smbldap_stateVolker Lendecke2017-04-202-24/+27
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org>
* smbldap: Introduce "smbldap_get_paged_results"Volker Lendecke2017-04-203-1/+9
| | | | | | | | | This should be hidden inside smbldap.c, but this is a quick way to get smbldap_state private to smbldap.c Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org>
* smbldap: Introduce "smbldap_get_paged_results"Volker Lendecke2017-04-203-3/+9
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org>
* smbldap: Introduce "smbldap_get_ldap"Volker Lendecke2017-04-207-211/+343
| | | | | | | | | | This is a pretty big boiler-plate change. I've renamed the struct member temporarily to find all accessors. Not sure where this leads in the end, but the goal is to make struct smbldap_struct private to smbldap.c Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org>
* smbldap: Fix a typoVolker Lendecke2017-04-201-1/+1
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org>
* autobuild: Do not require cmocka to be installed for samba-libs to buildAndrew Bartlett2017-04-191-1/+1
| | | | | | | | | | cmocka does not have an install target, but is a depencency of ldb for the tests Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Apr 19 19:43:15 CEST 2017 on sn-devel-144
* ldb:tests: Unit test the ldb_rename() operationJakub Hrozek2017-04-191-38/+256
| | | | | | Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
* ldb:tests: Add tests for case insensitive searchesJakub Hrozek2017-04-191-0/+114
| | | | | | Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
* ldb:tests: unit test for ldb_search()Jakub Hrozek2017-04-191-13/+380
| | | | | | Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
* ldb:tests: Add a modify testJakub Hrozek2017-04-191-0/+423
| | | | | | Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
* ldb:tests: Add a test for ldb transactionsJakub Hrozek2017-04-191-0/+80
| | | | | | Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
View Lorry Controller Status