Karolin Seeger [Tue, 19 Mar 2019 09:57:00 +0000 (10:57 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.10.0 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 19 Mar 2019 09:55:47 +0000 (10:55 +0100)]
VERSION: Bump version up to 4.10.0.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 19 Mar 2019 09:54:30 +0000 (10:54 +0100)]
WHATSNEW: Add release notes for Samba 4.10.0.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Andreas Schneider [Thu, 7 Mar 2019 11:31:42 +0000 (12:31 +0100)]
lib:util: Move debug message for mkdir failing to log level 1
If you connnect to a host with smbclient this gets always printed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13823
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
c71334ec0c92e791022a9b7c900aa0dd649226c2)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Wed Mar 13 12:15:10 UTC 2019 on sn-devel-144
Christof Schmitt [Tue, 5 Mar 2019 18:56:49 +0000 (11:56 -0700)]
lib/winbind_util: Add winbind_xid_to_sid for --without-winbind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13813
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 6 01:53:16 UTC 2019 on sn-devel-144
(cherry picked from commit
4125ff89e44a3e98882cfc38c06e559a6e1e56a5)
Christof Schmitt [Tue, 5 Mar 2019 18:50:48 +0000 (11:50 -0700)]
lib/winbind_util: Move include out of ifdef
This fixes compile errors about missing prototypes with
--picky-developer and --without-winbind
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4b1e4c22128bdefe549a58b181e9b755854f4c3e)
Christof Schmitt [Wed, 6 Mar 2019 19:55:32 +0000 (11:55 -0800)]
passdb: Update ABI to 0.27.2
This change is for the backport only. The change in master increased the
ABI version to 0.28.0 and removed some functions; this should not happen
in a backport.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 26 Feb 2019 14:17:36 +0000 (15:17 +0100)]
passdb: Make [ug]id_to_sid use xid_to_sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
40de67f1fcc46b7a64a7364c91dcedb474826d51)
Volker Lendecke [Tue, 26 Feb 2019 14:10:21 +0000 (15:10 +0100)]
passdb: Introduce xid_to_sid
This explicitly avoids the legacy_[ug]id_to_sid calls, which create
long-term cache entries to S-1-22-x-y if anthing fails. We can't do
this, because this will turn temporary winbind communication failures
into long-term problems: A short hickup in winbind_uid_to_sid will
create a mapping to S-1-22-1-uid for a week. It should be up to the
lower layers to do the caching.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
92f27ebb14c0c18b1d0fd49544ad851aeb14781c)
Volker Lendecke [Tue, 26 Feb 2019 13:45:32 +0000 (14:45 +0100)]
lib: Introduce winbind_xid_to_sid
This does not merge a winbind communication error into
"global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not
go along with is_null_sid(). Instead, this just touches the output sid
when winbind returned success. This success might well be a negative
mapping indicated by S-0-0, which *is* is_null_sid()...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
ef706a3e63b3e25edd27e0f99c3e2d8ff7209cb6)
Volker Lendecke [Tue, 26 Feb 2019 13:34:56 +0000 (14:34 +0100)]
winbind: Use idmap_cache_find_xid2sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
bc9824bd42d9370279819ea0d927e236f6041324)
Volker Lendecke [Wed, 27 Feb 2019 13:54:12 +0000 (14:54 +0100)]
torture: Add tests for idmap cache
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
e5a903bab6eda8f7ff2a7c8149d51022d9d8aede)
Volker Lendecke [Tue, 26 Feb 2019 13:32:52 +0000 (14:32 +0100)]
idmap_cache: Introduce idmap_cache_find_xid2sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
bb8122dd8c53bb307819a79b7888cc0940a7c13b)
Volker Lendecke [Mon, 25 Feb 2019 13:55:00 +0000 (14:55 +0100)]
winbind: Now we explicitly track if we got ids from cache
This now properly makes us use negative cache entries
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
95d33ca79cc315f1a2e41cd60859ef01d6548c77)
Volker Lendecke [Tue, 26 Feb 2019 11:52:28 +0000 (12:52 +0100)]
winbind: Initialize "expired" parameter to idmap_cache_xid2sid
The code in idmap_cache only touches its output parameters upon success
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
8c28c12702c0935a852c7fed6565987623f09fee)
Volker Lendecke [Tue, 26 Feb 2019 11:46:39 +0000 (12:46 +0100)]
idmap_cache: Only touch "sid" on success in find_xid_to_sid
Why? This makes the negative mapping condition (is_null_sid) more
explicit in the code.
The callers in lookup_sid initialized "psid" anyway before, and the ones
in wb_xids2sids now do as well. This is more in line with other APIs we
have: Only touch output parameters if you have something to say.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
4faf3e9f6da7515fc263d79f77226d105c2f8524)
Volker Lendecke [Mon, 25 Feb 2019 13:38:50 +0000 (14:38 +0100)]
lib: Make idmap_cache return negative mappings
Without this we'd query non-existent mappings over and over
again.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit
d9303e8eb90d48f09f2e2e8bdf01f4a7c3c21d11)
Ralph Boehme [Sun, 3 Mar 2019 21:09:26 +0000 (22:09 +0100)]
CI: don't use swap
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Mar 4 13:59:42 UTC 2019 on sn-devel-144
(adapted from from commit
7798bc14fbdae3461eb30421923d53978b3f781d
by Andrew Bartlett)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Mon Mar 11 11:50:37 UTC 2019 on sn-devel-144
Joe Guo [Wed, 30 Jan 2019 02:52:08 +0000 (15:52 +1300)]
s4/scripting/bin: open unicode files with utf8 encoding and write unicode string
In files like `libcli/util/werror_err_table.txt` and `libcli/util/ntstatus_err_table.txt`,
there were unicode quote symbols at line 6:
...(“this documentation”)...
In `libcli/util/wscript_build`, it will run `gen_werror.py` and `gen_ntstatus.py`
to `open` above files, read content from them and write to other files.
When encoding not specified, `open` in both python 2/3 will guess encoding from locale.
When locale is not set, it defaults to POSIX or C, and then python will use
encoding `ANSI_X3.4-1968`.
So, on a system locale is not set, `make` will fail with encoding error
for both python 2 and 3:
File "/home/ubuntu/samba/source4/scripting/bin/gen_werror.py", line 139, in main
errors = parseErrorDescriptions(input_file, True, transformErrorName)
File "/home/ubuntu/samba/source4/scripting/bin/gen_error_common.py", line 52, in parseErrorDescriptions
for line in file_contents:
File "/usr/lib/python3.5/encodings/ascii.py", line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 318: ordinal not in range(128)
In this case, we have to use `io.open` with `encoding='utf8'`.
However, then we got unicode strs and try to write them with other strs
into new file, which means the new file must also open with utf-8 and
all other strs have to be unicode, too.
Instead of prefix `u` to all strs, a more easier/elegant way is to enable
unicode literals for the python scripts, which we normally didn't do in samba.
Since both `gen_werror.py` and `gen_ntstatus.py` are bin scripts and no
other modules import them, it should be ok for this case.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Feb 8 06:34:47 CET 2019 on sn-devel-144
(cherry picked from commit
87149445af26b8577566dfe5e311b32e3650c6e6)
Ralph Boehme [Fri, 1 Mar 2019 17:57:23 +0000 (18:57 +0100)]
libcli/security: fix handling of deny type ACEs in access_check_max_allowed()
Deny ACEs must always be evaluated against explicitly granted rights
from previous ACEs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
8d355dd9769e8990ce998b4c9f28977669b43616)
Ralph Boehme [Sun, 3 Mar 2019 07:33:51 +0000 (08:33 +0100)]
s4:torture: Add test_deny1().
Creates a 2-element ALLOW + DENY ACE showing that when calculating
effective permissions and maximum access already seen allow bits are not
removed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b205d695d769e910a91bec87451dec189ec33740)
Jeremy Allison [Thu, 28 Feb 2019 22:59:01 +0000 (14:59 -0800)]
s4:torture: Add test_owner_rights_deny1().
Creates a 3-element ALLOW + ALLOW + DENY ACE showing that when
calculating maximum access already seen allow bits are not removed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
0ebd8c99aed28a0ba43a22c429837f66f7e94409)
Ralph Boehme [Fri, 1 Mar 2019 17:20:35 +0000 (18:20 +0100)]
libcli/security: correct access check and maximum access calculation for Owner Rights ACEs
We basically must process the Owner Rights ACEs as any other ACE wrt to the
order of adding granted permissions and checking denied permissions. According
to MS-DTYP 2.5.3.2 Owner Rights ACEs must be evaluated in the main loop over
the ACEs in an ACL and the corresponding access_mask must be directly applied
to bits_remaining. We currently defer this to after the loop over the ACEs in
ACL, this is wrong.
We just have to do some initial magic to determine if an ACL contains and
Owner Rights ACEs, and in case it doesn't we grant SEC_STD_WRITE_DAC |
SEC_STD_READ_CONTROL at the *beginning*. MS-DTYP:
-- the owner of an object is always granted READ_CONTROL and WRITE_DAC.
CALL SidInToken(Token, SecurityDescriptor.Owner, PrincipalSelfSubst)
IF SidInToken returns True THEN
IF DACL does not contain ACEs from object owner THEN
Remove READ_CONTROL and WRITE_DAC from RemainingAccess
Set GrantedAccess to GrantedAccess or READ_CONTROL or WRITE_OWNER
END IF
END IF
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9722f75757c0e38c7f42c7cc310d56aa6eaf6392)
Jeremy Allison [Thu, 28 Feb 2019 22:37:09 +0000 (14:37 -0800)]
s4:torture: Add test_owner_rights_deny().
Shows that owner and SID_OWNER_RIGHTS ACE
entries interact in max permissions requests.
Tested against Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
fadc4c1bc5fcc3b2d9daea44ef8daf8a8ae0fbe2)
Jeremy Allison [Thu, 28 Feb 2019 21:55:31 +0000 (13:55 -0800)]
s4:torture: Fix the test_owner_rights() test to show permissions are additive.
Tested against Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
2e181e34c48c879235c5dc64bd7ab2b59781810c)
Ralph Boehme [Wed, 27 Feb 2019 17:07:03 +0000 (18:07 +0100)]
libcli/security: add "Owner Rights" calculation to access_check_max_allowed()
This was missing in
44590c1b70c0a24f853c02d5fcdb3c609401e2ca.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Feb 28 19:18:16 UTC 2019 on sn-devel-144
(cherry picked from commit
5cf0764bc4b65dbc59d8626760dbe946a2234833)
Ralph Boehme [Thu, 28 Feb 2019 13:48:02 +0000 (14:48 +0100)]
s4:torture: add a Maximum Access check with an Owner Rights ACE
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
3ca38d2cd1189a5040e13ddab016063280be2b4d)
Ralph Boehme [Thu, 28 Feb 2019 13:47:18 +0000 (14:47 +0100)]
s4:libcli: remember return code from maximum access
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit
9f4ee05295827c9a607e1f63694a17906f777176)
Andrew Bartlett [Mon, 11 Mar 2019 01:20:55 +0000 (14:20 +1300)]
autobuild: Add -py2 tests for new split backup/restore testenvs
This ensures Python2 coverage for this code while it remains supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13780
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Tue, 5 Feb 2019 02:17:03 +0000 (15:17 +1300)]
autobuild: Split backup/restore testenvs out into separate job
The samba-ad-dc-2 job was reaching its limits with the number of
testenvs and what the resource-limited CI machines can handle.
Samba processes were getting swapped out of memory, causing CI runs
to fail.
This patch splits the backup/restore testenv targets into a separate
autobuild job: samba-ad-dc-backup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13780
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Feb 5 12:23:31 CET 2019 on sn-devel-144
(cherry picked from commit
95b2c9d7751ae1e5a00e1fb096f045dd73c03d72)
Björn Jacke [Wed, 23 Jan 2019 13:01:26 +0000 (14:01 +0100)]
sambaundoguididx: use the right escaped oder unescaped sam ldb files
the correct filename is taken from the partition database before, we should not
unescape that because this can result in a new unescaped ldb file being created
and the script not to work at all.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13759
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
cd1ac3668cd164bd5f7cadf7b59df9541aaef83e)
Andrew Bartlett [Tue, 5 Mar 2019 01:38:41 +0000 (01:38 +0000)]
s4-server: Open and close a transaction on sam.ldb at startup
This fixes upgrading from 4.7 and earlier releases, and makes the DB
reindexing more transparent. It should also make it easier to handle
future normalisation rule changes, e.g. if we change the pack-format
of integer indexes in a future release.
Without this change, the should have still handled reindexing the
database. We don't know why exactly this wasn't happening correctly,
but opening a transaction early in the samba process startup should
now guarantee that the DB is correctly reindexed by the time the main
samba code runs.
An alternative fix would have been to open a transaction in the the
DSDB module stack every time we connect to the database. However, this
would add an extra write lock every time we open the DB, whereas
starting samba happens much more infrequently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13760
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 7 04:58:42 UTC 2019 on sn-devel-144
(cherry picked from commit
8b18da27cf261b0283fe66d2b827cab542488ac7)
Günther Deschner [Fri, 22 Feb 2019 14:44:59 +0000 (15:44 +0100)]
WHATSNEW: mention new vfs_glusterfs_fuse module
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Wed Mar 6 14:00:05 UTC 2019 on sn-devel-144
Karolin Seeger [Tue, 5 Mar 2019 10:21:02 +0000 (11:21 +0100)]
VERSION: Bump version up to 4.10.0rc5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Wed Mar 6 00:34:53 UTC 2019 on sn-devel-144
Karolin Seeger [Tue, 5 Mar 2019 10:20:16 +0000 (11:20 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.10.0rc4 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 5 Mar 2019 10:19:43 +0000 (11:19 +0100)]
WHATSNEW: Add release notes for Samba 4.10.0rc4.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Garming Sam [Thu, 28 Feb 2019 03:21:57 +0000 (16:21 +1300)]
WHATSNEW: Add some detail on the changes to paged results
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Denis Cardon [Fri, 15 Feb 2019 14:35:46 +0000 (15:35 +0100)]
fix samba-tool gpo backup syntax in WHATSNEW.txt
Signed-off-by: Denis Cardon <dcardon@tranquil.it>
David Disseldorp [Wed, 27 Feb 2019 10:52:42 +0000 (11:52 +0100)]
vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback
Both libcephfs functions are supported and capable of extending files,
so fallback can be dropped.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
155f1289ba7a4802fbb99fbc9ea90d8bc6cff0c9)
David Disseldorp [Tue, 26 Feb 2019 15:07:27 +0000 (16:07 +0100)]
vfs_ceph: fix strict_allocate_ftruncate()
The vfs_ceph "strict allocate = yes" ftruncate wrapper may attempt
*local* filesystem ftruncate(). Fix this.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
70329c36ed91dd0e50ff66f9b0a85c62ac8a621e)
David Disseldorp [Tue, 26 Feb 2019 20:26:27 +0000 (21:26 +0100)]
vfs_ceph: add missing fallocate hook
SMB_VFS_FALLOCATE() calls atop a vfs_ceph share currently fall through
to vfs_default, which results in a local filesystem I/O attempt using a
libcephfs file-descriptor. Add the missing fallocate hook to vfs_ceph.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
5a7e7280813559fb70a9fc8e4238cb6015ee3b53)
Jeremy Allison [Sun, 24 Feb 2019 16:15:23 +0000 (08:15 -0800)]
s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path.
Previous regression test ensures we still return the correct
error code for POSIX pathname operations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Feb 25 09:33:27 CET 2019 on sn-devel-144
(cherry picked from commit
3f1a13a94a753c5cb3b9f2cf795df5adb0f74205)
Jeremy Allison [Sun, 24 Feb 2019 16:03:32 +0000 (08:03 -0800)]
s3: torture: Add additional POSIX mkdir tests.
Ensure that if POSIX_foo exists as a file
we return the correct error code NT_STATUS_OBJECT_PATH_NOT_FOUND
if we try and traverse it as a directory.
Also ensure creation/deletion of POSIX_foo/foo fails
for directories and files with NT_STATUS_OBJECT_PATH_NOT_FOUND
if the directory POSIX_foo/ doesn't exist.
knownfail is back :-).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
632d0db8c42d50f5eecd002d9573f739cd945960)
Jeremy Allison [Sat, 23 Feb 2019 20:24:31 +0000 (12:24 -0800)]
smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths.
For posix_pathnames don't blunder into the name_has_wildcard OR
get_real_filename() codepaths as they may be doing case insensitive lookups.
So when creating a new POSIX directory 'Foo' they might
match on name 'foo'.
Remove POSIX-MKDIR from knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Feb 24 14:04:14 CET 2019 on sn-devel-144
(cherry picked from commit
12da33e2bbce657f25abe9bc4cb936ca4615b30f)
Jeremy Allison [Sat, 23 Feb 2019 20:26:01 +0000 (12:26 -0800)]
smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for UCF_UNIX_NAME_LOOKUP flag.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
980db8debde68f9edce13fc01bc45a904379cffd)
Jeremy Allison [Sun, 24 Feb 2019 01:52:34 +0000 (17:52 -0800)]
s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug.
Test does:
mkdir POSIX_foo
mkdir POSIX_Foo
mkdir POSIX_foo/Foo
mkdir POSIX_foo/foo
mkdir POSIX_Foo/Foo
mkdir POSIX_Foo/foo
Which should pass a SMB1 POSIX extensions server
as posix mkdir should always be case sensitive
no matter what the share is set to.
Mark as knownfail for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
f0decb31fff24ceb57d23bebbfb87aa0e5103947)
Ralph Boehme [Thu, 21 Feb 2019 15:55:09 +0000 (16:55 +0100)]
winbindd: set idmap cache entries as the last step in async wb_xids2sids
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Feb 23 09:23:22 CET 2019 on sn-devel-144
(cherry picked from commit
9b9565c3e69b92c298c7168e516387bb249c9e36)
Ralph Boehme [Fri, 22 Feb 2019 10:00:00 +0000 (11:00 +0100)]
winbindd: track whether a result from xid2sid was coming from the cache
This is needed in preparation of moving the step to update the idmap
cache from the per-idmap-domain callback wb_xids2sids_dom_done() to the
top-level callback wb_xids2sids_done().
Currently the sequence of action is:
* check cache, if not found:
* ask backends
* cache result from backend
* return results
Iow, if we got something from the cache, we don't write the cache.
The next commit defers updating the cache to the top-level callback, so
the sequence becomes
* check cache, if not found:
* ask backends
* cache results
* return results
This has two problems:
* it needlessly writes to the cache what we just got from it
* it possibly overwrites the ID_TYPE_BOTH for a SID-to-xid mapping in
the following case:
- existing ID_TYPE_BOTH mapping in the cache, eg:
IDMAP/SID2XID/S-1-5-21-
2180672342-
2513613279-
2566592647-512 -> Value:
3000000:B
- someone calls wb_xids2sids_send() with xid.id=
3000000,xid.type=ID_TYPE_GID
- cache lookup with idmap_cache_find_gid2sid() succeeds
- when caching results we'd call idmap_cache_set_sid2unixid() with the
callers xid.type=ID_TYPE_GID, so idmap_cache_set_sid2unixid() will
overwrite the SID-to-xid mapping with ID_TYPE_GID
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
62f54229fced20102e11ad1da02faef45c2a7c2e)
Ralph Boehme [Thu, 21 Feb 2019 15:52:21 +0000 (16:52 +0100)]
winbindd: switch send-next/done order
In preparation of adding more logic to the done step. No change in
behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
8e9c2a1f6ceb06d695a6572701b96a3e3821ac42)
Ralph Boehme [Thu, 21 Feb 2019 17:40:20 +0000 (18:40 +0100)]
winbindd: update xid in wb_xids2sids_state->xids with what we got
In preparation of priming the idmap cache in the top-level
wb_xids2sids_done(), not in the per-idmap-domain callback
wb_xids2sids_dom_done().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
7f23ef7b2cf7bd6e8dc087aa15137292b421a689)
Ralph Boehme [Thu, 21 Feb 2019 17:39:46 +0000 (18:39 +0100)]
winbindd: convert id to a pointer in wb_xids2sids_dom_done()
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
f8bf4fc608639695651f75c52b31f95e796a5a26)
Ralph Boehme [Fri, 22 Feb 2019 15:29:07 +0000 (16:29 +0100)]
winbindd: make xids a const argument to wb_xids2sids_send()
The previous commit made an internal copy of xids, this commit makes it
more obvious that we must not mess with the xids argument but treat it as
an in-parameter and don't write to it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
5d277ea7ea258676b9ea5081a451a5874af115f6)
Ralph Boehme [Thu, 21 Feb 2019 17:34:51 +0000 (18:34 +0100)]
winbindd: make a copy of xid's in wb_xids2sids_send()
This is in preparation of setting the result of the mapping in the top-
level callback wb_xids2sids_done(), not in the per-idmap-domain callback
wb_xids2sids_dom_done().
When caching the mapping we need the id-type from the backend, so we
need a way to pass up that information from wb_xids2sids_dom_done() up
to wb_xids2sids_done()
The xids array copy gets passed from wb_xids2sids_send() to
wb_xids2sids_dom_send(), so wb_xids2sids_dom_done() can then directly
update the top-level copy.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
f5a8bc2f945be45cdade5f70d4f975bae8337f67)
Martin Schwenke [Mon, 21 Jan 2019 01:16:43 +0000 (12:16 +1100)]
ctdb-cluster-mutex: Separate out command and file handling
This code is difficult to read and there really is no common code
between the 2 cases. For example, there is no need to split a
filename into words. Separating each of the 2 cases into its own
function makes the logic much easier to understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Feb 25 03:40:16 CET 2019 on sn-devel-144
(cherry picked from commit
c93430fe8fe530a55b9a04cf6cc660c3d420e333)
Martin Schwenke [Mon, 21 Jan 2019 01:15:33 +0000 (12:15 +1100)]
ctdb-tests: Add a test for configuring the recovery lock as a command
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
ebc082122fb34ffb8cbcafde9ad39bcc241d33ed)
Martin Schwenke [Mon, 21 Jan 2019 01:13:29 +0000 (12:13 +1100)]
ctdb-tests: Add -R option for local daemons to use recovery lock command
Under the covers, a command is always used. However, there is no way
of testing of the code path where a command is explicitly configured.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
e74f5243fcb7594939769c16f3c79ab167dd1227)
Martin Schwenke [Mon, 21 Jan 2019 01:13:08 +0000 (12:13 +1100)]
ctdb-tests: Force test failure if local daemon setup fails
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
ce09d9c3e4c72ebec7a21686ae913398a5c9020f)
Martin Schwenke [Fri, 22 Feb 2019 04:09:33 +0000 (15:09 +1100)]
ctdb-recoverd: Time out attempt to take recovery lock after 120s
Currently this will wait forever. It really needs a timeout in case
the cluster filesystem (or other lock mechanism) is completely wedged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
13a1a4808935290dceb219daccd7aac3fda4e184)
Martin Schwenke [Thu, 10 Jan 2019 03:01:57 +0000 (14:01 +1100)]
ctdb-recoverd: Ban node on unknown error when taking recovery lock
We really shouldn't see unknown errors. They probably represent a
misconfigured recovery lock or similar.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
45a77d65b2e39b4af94da4ab99575f4ee08a7ebd)
Martin Schwenke [Thu, 10 Jan 2019 02:24:34 +0000 (13:24 +1100)]
ctdb-recoverd: Make recoverd context available in recovery lock handle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
c0fb62ed3954fc6e8667480aba92003fc270f257)
Martin Schwenke [Mon, 21 Jan 2019 05:36:13 +0000 (16:36 +1100)]
ctdb-recoverd: Clean up logging on failure to take recovery lock
Add an explicit case for a timeout and clean up the other messages.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
7e4aae6943291c3144c8a3ff97537e8d4c7dc7c9)
Martin Schwenke [Mon, 21 Jan 2019 05:28:28 +0000 (16:28 +1100)]
ctdb-recoverd: Free cluster mutex handler on failure to take lock
If nested events occur while the file descriptor handler is still
active then chaos can ensue. For example, if a node is banned and the
lock is explicitly cancelled (e.g. due to election loss) then
double-talloc-free()s abound.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
621658cbed5d91d7096fc208bac2ff93a1880e7d)
Christof Schmitt [Tue, 19 Feb 2019 20:59:05 +0000 (13:59 -0700)]
ctdb-tests: Add test for ctdb_io.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13791
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Feb 22 03:51:37 CET 2019 on sn-devel-144
(cherry picked from commit
92a90524373a0348c1912d5019254dd18c07e207)
Swen Schillig [Fri, 15 Feb 2019 13:34:05 +0000 (14:34 +0100)]
ctdb: buffer write beyond limits
In order to calculate the number of bytes correctly which
are to be read into the buffer, the buffer.offset must be taken
into account.
This patch fixes a regression introduced by
382705f495dd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13791
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
fa8e69ac9538980c441b7fbefe0979027ecc8eac)
Martin Schwenke [Thu, 10 Jan 2019 03:15:18 +0000 (14:15 +1100)]
ctdb-config: Change example recovery lock setting to one that fails
ctdbd will start without a recovery lock configured. It will log a
message saying that this is not optimal. However, a careless user may
overlook both this message and the importance of setting a recovery
lock. If the existing example configuration is uncommented then the
directory containing it will be created (by 01.reclock.script) and the
failure (i.e. multiple nodes able to take the lock) will be confusing.
Instead, change the example setting to one that will result in banned
nodes, encouraging users to consciously configure (or deconfigure) the
recovery lock. Tweak the corresponding comment.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13790
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
82e7f38214896c2c200132bc6dde3348cfac16cc)
Volker Lendecke [Thu, 7 Feb 2019 15:15:46 +0000 (16:15 +0100)]
messages_dgm: Properly handle receiver re-initialization
This only properly covers the small-message nonblocking case. Covering
the large-message and the blocking case is a much larger effort assuming
we want to re-send the failed message if parts of the message has gone
through properly. Don't do that for now.
This was found by sanba_dnsupdate constantly recreating its irpc handle to
winbindd in the RODC case.
The messaging_dgm code cached connected datagram sockets based on the
destination pid for 1 second. Which means the IRPC responses from
winbindd are never delivered to samba_dnsupdate,
which will then hit a timeout.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13786
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
2543bba0364d8054e9ad316f5611621841bc061d)
Volker Lendecke [Thu, 7 Feb 2019 16:48:34 +0000 (17:48 +0100)]
torture3: Extend read3 for the "messaging target re-inits" failure
Do ping_pong a hundred times, re-initializing the msg_ctx every time.
https://bugzilla.samba.org/show_bug.cgi?id=13786
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
8d8f62c4b9dea381ce9f5833bc794553ae358173)
Volker Lendecke [Thu, 7 Feb 2019 14:57:06 +0000 (15:57 +0100)]
messages_dgm: Use saved errno value
In this case this is just a cleanup, the value has just been set by
messaging_dgm_sendmsg. But as that already saves errno into a local
variable, use that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13786
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
c27afc098398274abaed6dc9bef2019091c1b635)
Gary Lockyer [Mon, 28 Jan 2019 22:34:31 +0000 (11:34 +1300)]
man pages: document prefork process model
Document the process model options -M
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13765
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Thu Jan 31 04:25:14 CET 2019 on sn-devel-144
(cherry picked from commit
4ecdcc4b462d03bec3ec36ba1b90f45d9977be8b)
Jiří Šašek [Thu, 6 Dec 2018 13:10:53 +0000 (14:10 +0100)]
notifyd: Fix SIGBUS on sparc
Problem is the structure "struct notify_instance" can lay in message buffer on
address not dividable by 8 but this structure begins by uint_64 (secs in
time-stamp). Structure should be re-packed to standalone buffer before the use.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13704
Signed-off-by: jiri.sasek@oracle.com
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Tue, 26 Feb 2019 11:29:13 +0000 (12:29 +0100)]
CVE-2019-3824 ldb: version 1.5.4
* Fix standalone build of ldb.
* C99 build fixes.
* CVE-2019-3824 out of bounds read in wildcard compare (bug 13773)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(v4-10-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-10-test): Tue Feb 26 16:09:12 CET 2019 on sn-devel-144
Gary Lockyer [Mon, 18 Feb 2019 21:24:38 +0000 (10:24 +1300)]
CVE-2019-3824 ldb: Add tests for ldb_wildcard_match
Add cmocka tests for ldb_wildcard_match.
Running test_wildcard_match under valgrind reproduces
CVE-2019-3824 out of bounds read in wildcard compare (bug 13773)
valgrind --suppressions=lib/ldb/tests/ldb_match_test.valgrind\
bin/ldb_match_test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
45b75db50f5c1a7c8c38af59a62fccee5401c845)
Gary Lockyer [Mon, 18 Feb 2019 21:26:56 +0000 (10:26 +1300)]
CVE-2019-3824 ldb: wildcard_match end of data check
ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0'
to the data, to make them safe to use the C string functions on.
However testing for the trailing '\0' is not the correct way to test for
the end of a value, the length should be checked instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
42f0f57eb819ce6b68a8c5b3b53123b83ec917e3)
Gary Lockyer [Mon, 18 Feb 2019 21:26:25 +0000 (10:26 +1300)]
CVE-2019-3824 ldb: wildcard_match check tree operation
Check the operation type of the passed parse tree, and return
LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING.
A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the
operation and failing ldb_wildcard_match should help prevent confusion
writing tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
34383981a0c40860f71a4451ff8fd752e1b67666)
Gary Lockyer [Mon, 18 Feb 2019 21:25:24 +0000 (10:25 +1300)]
CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero
Initialise the created ldb_parse_tree with talloc_zero, this ensures
that it is correctly initialised if inadvertently passed to a function
expecting a different operation type.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
8d34d172092f71baad0d777567e49aebfa07313d)
Andrew Bartlett [Sun, 3 Feb 2019 22:22:50 +0000 (11:22 +1300)]
CVE-2019-3824 ldb: Improve code style and layout in wildcard processing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from commit
9427806f7298d71bd7edfbdda7506ec63f15dda1)
Andrew Bartlett [Sun, 3 Feb 2019 22:22:34 +0000 (11:22 +1300)]
CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from commit
745b99fc6b75db33cdb0a58df1a3f2a5063bc76e)
Lukas Slebodnik [Fri, 18 Jan 2019 15:37:24 +0000 (16:37 +0100)]
CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare
There is valgrind error in few tests tests/test-generic.sh
91 echo "Test wildcard match"
92 $VALGRIND ldbadd $LDBDIR/tests/test-wildcard.ldif || exit 1
93 $VALGRIND ldbsearch '(cn=test*multi)' || exit 1
95 $VALGRIND ldbsearch '(cn=*test_multi)' || exit 1
97 $VALGRIND ldbsearch '(cn=test*multi*test*multi)' || exit 1
e.g.
==3098== Memcheck, a memory error detector
==3098== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==3098== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==3098== Command: ./bin/ldbsearch (cn=test*multi)
==3098==
==3098== Invalid read of size 1
==3098== at 0x483CEE7: memchr (vg_replace_strmem.c:890)
==3098== by 0x49A9073: memmem (in /usr/lib64/libc-2.28.9000.so)
==3098== by 0x485DFE9: ldb_wildcard_compare (ldb_match.c:313)
==3098== by 0x485DFE9: ldb_match_substring (ldb_match.c:360)
==3098== by 0x485DFE9: ldb_match_message (ldb_match.c:572)
==3098== by 0x558F8FA: search_func (ldb_kv_search.c:549)
==3098== by 0x48C78CA: ??? (in /usr/lib64/libtdb.so.1.3.17)
==3098== by 0x48C7A60: tdb_traverse_read (in /usr/lib64/libtdb.so.1.3.17)
==3098== by 0x557B7C4: ltdb_traverse_fn (ldb_tdb.c:274)
==3098== by 0x558FBFA: ldb_kv_search_full (ldb_kv_search.c:594)
==3098== by 0x558FBFA: ldb_kv_search (ldb_kv_search.c:854)
==3098== by 0x558E497: ldb_kv_callback (ldb_kv.c:1713)
==3098== by 0x48FCD58: tevent_common_invoke_timer_handler (in /usr/lib64/libtevent.so.0.9.38)
==3098== by 0x48FCEFD: tevent_common_loop_timer_delay (in /usr/lib64/libtevent.so.0.9.38)
==3098== by 0x48FE14A: ??? (in /usr/lib64/libtevent.so.0.9.38)
==3098== Address 0x4b4ab81 is 0 bytes after a block of size 129 alloc'd
==3098== at 0x483880B: malloc (vg_replace_malloc.c:309)
==3098== by 0x491048B: talloc_strndup (in /usr/lib64/libtalloc.so.2.1.15)
==3098== by 0x48593CA: ldb_casefold_default (ldb_utf8.c:59)
==3098== by 0x485F68D: ldb_handler_fold (attrib_handlers.c:64)
==3098== by 0x485DB88: ldb_wildcard_compare (ldb_match.c:257)
==3098== by 0x485DB88: ldb_match_substring (ldb_match.c:360)
==3098== by 0x485DB88: ldb_match_message (ldb_match.c:572)
==3098== by 0x558F8FA: search_func (ldb_kv_search.c:549)
==3098== by 0x48C78CA: ??? (in /usr/lib64/libtdb.so.1.3.17)
==3098== by 0x48C7A60: tdb_traverse_read (in /usr/lib64/libtdb.so.1.3.17)
==3098== by 0x557B7C4: ltdb_traverse_fn (ldb_tdb.c:274)
==3098== by 0x558FBFA: ldb_kv_search_full (ldb_kv_search.c:594)
==3098== by 0x558FBFA: ldb_kv_search (ldb_kv_search.c:854)
==3098== by 0x558E497: ldb_kv_callback (ldb_kv.c:1713)
==3098== by 0x48FCD58: tevent_common_invoke_timer_handler (in /usr/lib64/libtevent.so.0.9.38)
==3098==
# record 1
dn: cn=test_multi_test_multi_test_multi,o=University of Michigan,c=TEST
cn: test_multi_test_multi_test_multi
description: test multi wildcards matching
objectclass: person
sn: multi_test
name: test_multi_test_multi_test_multi
distinguishedName: cn=test_multi_test_multi_test_multi,o=University of Michiga
n,c=TEST
# returned 1 records
# 1 entries
# 0 referrals
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Lukas Slebodnik <lslebodn@fedoraproject.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from commit
3674b0891afb016c83763520b87e9f190dcfe884)
Lukas Slebodnik [Tue, 22 Jan 2019 09:04:02 +0000 (10:04 +0100)]
ldb: The test api.py should not rely on order of entries in dict
Test failed on s390x but there is a simple reproducer for any
architecture.
The built-in function repr returns the canonical string representation
of the object. We needn't care about order attributes in string
representation. Therefore test should pass for any order.
for i in {1..30}; do
PYTHONHASHSEED=random \
python2 -c 'import ldb; msg = ldb.Message(); msg.dn = ldb.Dn(ldb.Ldb(), "dc=foo29"); msg["dc"] = b"foo"; print(repr(msg)) '
done
======================================================================
FAIL: test_repr (__main__.LdbMsgTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "tests/python/api.py", line 2322, in test_repr
"Message({'dn': Dn('dc=foo29'), 'dc': MessageElement(['foo'])})")
AssertionError: "Message({'dc': MessageElement(['foo']), 'dn': Dn('dc=foo29')})" != "Message({'dn': Dn('dc=foo29'), 'dc': MessageElement(['foo'])})"
----------------------------------------------------------------------
Ran 1025 tests in 29.146s
FAILED (failures=1)
Signed-off-by: Lukas Slebodnik <lslebodn@fedoraproject.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
7a7a5ccf501f89c530970bde072509ed86d7bd89)
Andreas Schneider [Mon, 14 Jan 2019 11:10:34 +0000 (12:10 +0100)]
lib:ldb: Use correct C99 initializer for 'struct tm'
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
146ed0894e640fe1791f75fa8f50167b6cdfc06e)
Andreas Schneider [Thu, 13 Dec 2018 10:35:25 +0000 (11:35 +0100)]
lib:ldb: Use C99 initializer for tdb_logging_context
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
3cd5d4b39713559d2f88e21a24f8190fe9ce075c)
Andreas Schneider [Thu, 13 Dec 2018 10:34:37 +0000 (11:34 +0100)]
lib:ldb: Use C99 initializer for PyGetSetDef in pyldb
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
85a5dc56e34298a60d7ef96f4178ccff20d40c82)
Stefan Metzmacher [Tue, 26 Feb 2019 09:19:44 +0000 (10:19 +0100)]
tevent: version 0.9.39
* py_tevent: add_timer takes float argument
* C99 build fixes.
* Fix standalone build of tevent.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
db58a50296041ca57675daee15caea8850f1d3f8)
Douglas Bagnall [Thu, 7 Feb 2019 04:00:28 +0000 (17:00 +1300)]
py_tevent: add_timer takes float argument
We were already using it that way.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit
8294e68a4175e6116b38869866c42a1b7ba55b6a)
Andreas Schneider [Mon, 14 Jan 2019 10:59:59 +0000 (11:59 +0100)]
lib:tevent: Use correct C99 initializer for tevent_req
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
0da2e9c215f882ea4c331ac4f17738913beb7404)
Stefan Metzmacher [Tue, 26 Feb 2019 09:19:44 +0000 (10:19 +0100)]
talloc: version 2.1.16
* Fix standalone build of talloc.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
3fe1551b5347934a20b9161a23e6a16220c3aeb6)
Stefan Metzmacher [Tue, 26 Feb 2019 09:19:44 +0000 (10:19 +0100)]
tdb: version 1.3.18
* Fix build problems with older python versions.
* C99 build fixes.
* Fix standalone build of tdb.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
f0d26dd1816f35a00abf52b640f42547ffdfa01b)
Andreas Schneider [Thu, 13 Dec 2018 10:24:12 +0000 (11:24 +0100)]
lib:tdb: Use C99 initializer for tdb_logging_context
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
47b57a2fc87664366099913305dd8d3783734a1a)
Andreas Schneider [Wed, 12 Dec 2018 20:26:35 +0000 (21:26 +0100)]
lib:tdb: Use C99 initializer for tdb_header
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
a1ce666d68745a9bc65bd2709c581ed5105f656d)
Andreas Schneider [Thu, 13 Dec 2018 10:29:09 +0000 (11:29 +0100)]
lib:tdb: Use C99 initializer for PyGetSetDef in pytdb
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
651ee7f205f4a7e31c791f7bb235275816747463)
Lukas Slebodnik [Fri, 18 Jan 2019 15:38:03 +0000 (16:38 +0100)]
tdb: Fix compatibility of wscript with older python
Traceback (most recent call last):
File "tdb-1.3.17/third_party/waf/waflib/Scripting.py", line 158, in waf_entry_point
run_commands()
File "tdb-1.3.17/third_party/waf/waflib/Scripting.py", line 251, in run_commands
ctx = run_command(cmd_name)
File "tdb-1.3.17/third_party/waf/waflib/Scripting.py", line 235, in run_command
ctx.execute()
File "tdb-1.3.17/third_party/waf/waflib/Context.py", line 204, in execute
self.recurse([os.path.dirname(g_module.root_path)])
File "tdb-1.3.17/third_party/waf/waflib/Context.py", line 286, in recurse
user_function(self)
File "tdb-1.3.17/wscript", line 225, in testonly
cmd = "BINDIR={} {}".format(blddir, sh_test)
ValueError: zero length field name in format
Signed-off-by: Lukas Slebodnik <lslebodn@fedoraproject.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jan 20 03:49:59 CET 2019 on sn-devel-144
(cherry picked from commit
0628ca2a558871402f9a17cc7f7a0c69d857ae19)
David Mulder [Thu, 7 Feb 2019 17:47:47 +0000 (10:47 -0700)]
Search for location of waf script
When calling make from the ldb, talloc, tdb, and
tevent bundles, we need to first find the
location of the waf script. Currently the build
fails since it can't find waf.
Fixes regression caused by
a660b7f.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
8ecd7f756f0fafe5fd79dc4deb445883450c7cca)
Noel Power [Wed, 6 Feb 2019 15:27:41 +0000 (15:27 +0000)]
buildtools/wafsamba: Avoid decode when using python2
To avoid problematic type checking for 'str' types which fail
when result from str.decode is used.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13777
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
244e2a02796b2ee85b9db01cbea7043a7448a110)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Fri Feb 22 13:44:34 CET 2019 on sn-devel-144
Karolin Seeger [Fri, 22 Feb 2019 08:00:37 +0000 (09:00 +0100)]
VERSION: Bump version up to 4.10.0rc4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 22 Feb 2019 07:59:50 +0000 (08:59 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.10.0rc3 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 22 Feb 2019 07:59:15 +0000 (08:59 +0100)]
WHATSNEW: Add release notes for Samba 4.10.0rc3.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Christof Schmitt [Tue, 12 Feb 2019 19:28:32 +0000 (12:28 -0700)]
waf: Check for libnscd
The check was in the old autoconf, but not in waf. As the code is still
in source3/lib/util_nscd.c, add the check for libnscd to allow building
and using the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13787
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Feb 13 17:58:33 CET 2019 on sn-devel-144
(cherry picked from commit
3a793497796395ffa3efda5807bdb1ca8e09e35b)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Thu Feb 21 16:26:51 CET 2019 on sn-devel-144
Tim Beale [Tue, 12 Feb 2019 22:28:29 +0000 (11:28 +1300)]
WHATSNEW: Add note that python2 support will be dropped on v4.11
Add a warning to Samba users that v4.10 will be the last Samba release
with python2 support.
I've reworked the existing text describing the different python2 build
options for 4.10. Hopefully this makes it slightly clearer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13785
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Andreas Schneider [Wed, 13 Feb 2019 09:44:45 +0000 (10:44 +0100)]
waf: Do not install internal header
We should not install header files without an public API:
- memory.h
- safe_strings.h
- talloc_stack.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
6d232f3f7c64f9b01439326e0e9b6d9df9a0bcbb)
Andreas Schneider [Wed, 6 Feb 2019 15:05:48 +0000 (16:05 +0100)]
lib:util: Move discard_const(_p) to own header for libndr.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
96df6878ed521b7e744d703abb32a585500d3b94)