summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* nsswitch/winbind_nss_aix: reimplement fetching the SID of a userStefan Metzmacher2018-12-221-21/+26
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Bjoern Jacke <bj@sernet.de>
* winbind_nss_aix: support also S_GROUPSIDSBjörn Jacke2018-12-221-0/+3
| | | | | | | which is used by lsuser up to AIX 5.2, see also https://bugzilla.samba.org/show_bug.cgi?id=5157 Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* group_audit: Ensure we still log membership changes (with an error) where ↵Andrew Bartlett2018-12-221-8/+8
| | | | | | | | | | | | | | | | | | status != LDB_SUCCESS This restores the previous behaviour. It causes (only) the event ID to be omitted if status != LDB_SUCCESS or there was a problem getting the group type. Errors at this stage are exceedingly rare, because the values have already been checked by the repl_meta_data module, but this is cosistent with the rest of the module again. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Dec 22 01:58:48 CET 2018 on sn-devel-144
* tests group_audit: PEP8 cleanup.Gary Lockyer2018-12-211-1/+1
| | | | | | | Remove Flake8 warnings from the group audit JSON log tests. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4 group_audit: Add Windows Event Id's to Group membership changesGary Lockyer2018-12-216-158/+462
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Generate a GroupChange event when a user is created with a PrimaryGroup membership. Log the windows event id in the JSON GroupChange message. Event Id's supported are: 4728 A member was added to a security enabled global group 4729 A member was removed from a security enabled global group 4732 A member was added to a security enabled local group 4733 A member was removed from a security enabled local group 4746 A member was added to a security disabled local group 4747 A member was removed from a security disabled local group 4751 A member was added to a security disabled global group 4752 A member was removed from a security disabled global group 4756 A member was added to a security enabled universal group 4757 A member was removed from a security enabled universal group 4761 A member was added to a security disabled universal group 4762 A member was removed from a security disabled universal group Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* build: Remove --timestamp-dependencies (BROKEN)Andrew Bartlett2018-12-212-22/+0
| | | | | | | | Remove this code marked as broken, we do not need broken configure options making Samba appear to be more complex than it already is. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* paged results: testing suite for new paged results moduleAaron Haslett2018-12-212-3/+418
| | | | | | | | | | | Testing the new GUID list based paged results module Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Fri Dec 21 11:10:30 CET 2018 on sn-devel-144
* paged results: new paged results module using GUID listAaron Haslett2018-12-216-456/+806
| | | | | | | | | Replacing paged results module to use GUID list instead of storing result list in memory, in order to improve memory performance. Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* vlv: tests for delete, add, and modify casesAaron Haslett2018-12-212-0/+110
| | | | | | | | | More vlv testing for cases involving modifying, deleting, and adding records while observing the effect on already initialised views. Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-vfs-fruit: add close callGünther Deschner2018-12-211-0/+82
| | | | | | | | | | | | | | | | https://bugzilla.samba.org/show_bug.cgi?id=13725 We cannot always rely on vfs_default to close the fake fds. This mostly is relevant when used with another non-local VFS filesystem module such as gluster. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Dec 21 07:20:49 CET 2018 on sn-devel-144
* s4 messaging tests: Fix race condition in smbcontrol testsGary Lockyer2018-12-211-1/+9
| | | | | | | | | | | | | | The test for the smbcontrol sleep command and the inject fault command both used the "rpc_server" process as a target. As the inject fault command caused the process to restart there was a race condition between the process restarting and the sleep test running. To prevent this the tests now use different target processes. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Dec 21 03:39:24 CET 2018 on sn-devel-144
* tests (audit_auth)_log: PEP8 cleanup.Gary Lockyer2018-12-208-70/+74
| | | | | | | | Remove Flake8 warnings from the audit and authentication JSON log tests. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* WHATSNEW: JSON logging changesGary Lockyer2018-12-201-0/+29
| | | | | | | | Add details of the Windows Event Id's and Logon Types added to the Authorization qnd PasswordChange JSON messages. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dns: treating fully qualified and unqualified zone as identical.Aaron Haslett2018-12-203-5/+19
| | | | | | | | | | | | | "zone.com." and "zone.com" should be treated as the same zone. This patch picks the unqualified representation as standard and enforces it, in order to match BIND9 behaviour. Note: This fixes the failing test added previously, but that test still fails on the rodc test target so we modify the expected failure but don't remove it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13442 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dns: test for treating fully qualified zones same as unqualifiedAaron Haslett2018-12-202-2/+60
| | | | | | | | | | Failing test that checks if fully qualified zone names are treated the same as unqualified zone names by the dns zone creation RPC method. Fix to follow. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13214 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib: Remove sid_string_dbgVolker Lendecke2018-12-202-12/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* samr: Use dom_sid_str_bufVolker Lendecke2018-12-201-48/+91
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* lsasrv: Use dom_sid_str_bufVolker Lendecke2018-12-201-4/+9
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* spoolss: Use dom_sid_str_bufVolker Lendecke2018-12-201-4/+9
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* winbindd: Use dom_sid_str_bufVolker Lendecke2018-12-2025-59/+129
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* wkssvc: Use dom_sid_str_bufVolker Lendecke2018-12-201-5/+13
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* libnet: Use dom_sid_str_bufVolker Lendecke2018-12-201-23/+32
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* lib: Use dom_sid_str_bufVolker Lendecke2018-12-204-7/+17
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* lib: Avoid sid_string_dbgVolker Lendecke2018-12-201-2/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* auth3: Use dom_sid_str_bufVolker Lendecke2018-12-203-19/+31
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* vfs: Use dom_sid_str_bufVolker Lendecke2018-12-203-8/+18
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* lookup_sid: Use dom_sid_str_bufVolker Lendecke2018-12-201-19/+40
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* pdb_ldap: Use dom_sid_str_bufVolker Lendecke2018-12-201-16/+34
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* pdb_smbpasswd: Use dom_sid_str_bufVolker Lendecke2018-12-201-3/+6
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* passdb: Use dom_sid_str_bufVolker Lendecke2018-12-206-17/+36
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* groupdb: Use dom_sid_str_bufVolker Lendecke2018-12-202-2/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* winbind: Use dom_sid_str_bufVolker Lendecke2018-12-203-4/+11
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* libads: Use dom_sid_str_bufVolker Lendecke2018-12-201-2/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* smbd: Use dom_sid_str_bufVolker Lendecke2018-12-204-22/+40
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* smbcacls: Use dom_sid_str_bufVolker Lendecke2018-12-201-1/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* net: Use dom_sid_str_bufVolker Lendecke2018-12-202-5/+11
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* lib:util: Use memset_s() in data_blob_clear()Andreas Schneider2018-12-201-1/+1
| | | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Dec 20 16:11:03 CET 2018 on sn-devel-144
* libcli:smb: Avoid explicit ZERO_STRUCTAndreas Schneider2018-12-201-4/+2
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Use C99 initializers or ZERO_ARRAY instead of ZERO_STRUCTAndreas Schneider2018-12-201-9/+6
| | | | | | | | | | ZERO_STRUCT is not wrong here, it will give the same result, but better use macros with correct naming as it makes clear what happens when you read the code. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:util: Sync memory.h with replace.hAndreas Schneider2018-12-201-4/+8
| | | | | | | | | We can't remove memory.h as this is a public header file. So we need to duplicate them from replace.h Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:util: Cleanup comments in memory.hAndreas Schneider2018-12-201-18/+20
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* replace: Use memset_s for ZERO_* macrosAndreas Schneider2018-12-201-4/+8
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* replace: Cleanup comments for ZERO_*Andreas Schneider2018-12-201-11/+13
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* replace: Add memset_s to replacement functionsAndreas Schneider2018-12-202-1/+2
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wafsamba: Do not remove BUILTINS as duplicatesAndreas Schneider2018-12-201-0/+5
| | | | | | | | | | | | | | BUILTINS add object files to the target, so we can't remove them as duplicates. The issue e.g happens when tevent wants to link libreplace: 20:04:10 deps removing dups from tevent of type LIBRARY: {'replace'} also in LIBRARY talloc Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* waf: Add missing libreplace deps to pyldb*Andreas Schneider2018-12-201-2/+2
| | | | | | | | | This will require memset_s() because of a later commit moving ZERO_STRUCT to use memset_s(). Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:auth_winbind: ignore a missing winbindd as NT4 PDC/BDC without trustsStefan Metzmacher2018-12-201-1/+32
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Thu Dec 20 12:15:09 CET 2018 on sn-devel-144
* s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not availableStefan Metzmacher2018-12-201-1/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13723 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:auth_winbind: remove fallback to optional backendStefan Metzmacher2018-12-202-17/+1
| | | | | | | | | | | This is not possible anymore, as the trustdomain backend was removed in commit 75c152c0d764165a4a9dd0a85390af063dd0192a. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13723 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:auth: ignore create_builtin_guests() failing without a valid idmap ↵Stefan Metzmacher2018-12-201-1/+17
| | | | | | | | | | | | | | configuration This happens on standalone servers, where winbindd is automatically started by init scripts if it's installed. But it's not really used and may not have a valid idmap configuration ( "idmap config * : range" has no default!) BUG: https://bugzilla.samba.org/show_bug.cgi?id=13697 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
View Lorry Controller Status